add a few defs
[ppp.git] / pppd / chap.c
index e0ea4afeee00e569bb28879fc4f32909043ae20d..b418f6f493f002a192b0d8699a3530dcd5becc02 100644 (file)
@@ -1,5 +1,20 @@
 /*
- * chap.c - Crytographic Handshake Authentication Protocol.
+ * chap.c - Challenge Handshake Authentication Protocol.
+ *
+ * Copyright (c) 1993 The Australian National University.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that the above copyright notice and this paragraph are
+ * duplicated in all such forms and that any documentation,
+ * advertising materials, and other materials related to such
+ * distribution and use acknowledge that the software was developed
+ * by the Australian National University.  The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
  * Copyright (c) 1991 Gregory M. Christy.
  * All rights reserved.
@@ -19,7 +34,7 @@
  */
 
 #ifndef lint
-static char rcsid[] = "$Id: chap.c,v 1.1 1993/11/11 03:54:25 paulus Exp $";
+static char rcsid[] = "$Id: chap.c,v 1.14 1997/04/30 05:51:08 paulus Exp $";
 #endif
 
 /*
@@ -27,35 +42,68 @@ static char rcsid[] = "$Id: chap.c,v 1.1 1993/11/11 03:54:25 paulus Exp $";
  */
 
 #include <stdio.h>
+#include <string.h>
 #include <sys/types.h>
 #include <sys/time.h>
 #include <syslog.h>
 
-#include "ppp.h"
 #include "pppd.h"
 #include "chap.h"
 #include "md5.h"
+#ifdef CHAPMS
+#include "chap_ms.h"
+#endif
 
-chap_state chap[NPPP];         /* CHAP state; one for each unit */
-
-static void ChapChallengeTimeout __ARGS((caddr_t));
-static void ChapResponseTimeout __ARGS((caddr_t));
-static void ChapReceiveChallenge __ARGS((chap_state *, u_char *, int, int));
-static void ChapReceiveResponse __ARGS((chap_state *, u_char *, int, int));
-static void ChapReceiveSuccess __ARGS((chap_state *, u_char *, int, int));
-static void ChapReceiveFailure __ARGS((chap_state *, u_char *, int, int));
-static void ChapSendStatus __ARGS((chap_state *, int));
-static void ChapSendChallenge __ARGS((chap_state *));
-static void ChapSendResponse __ARGS((chap_state *));
-static void ChapGenChallenge __ARGS((chap_state *));
-
-extern double drand48 __ARGS((void));
-extern void srand48 __ARGS((long));
+/*
+ * Protocol entry points.
+ */
+static void ChapInit __P((int));
+static void ChapLowerUp __P((int));
+static void ChapLowerDown __P((int));
+static void ChapInput __P((int, u_char *, int));
+static void ChapProtocolReject __P((int));
+static int  ChapPrintPkt __P((u_char *, int,
+                             void (*) __P((void *, char *, ...)), void *));
+
+struct protent chap_protent = {
+    PPP_CHAP,
+    ChapInit,
+    ChapInput,
+    ChapProtocolReject,
+    ChapLowerUp,
+    ChapLowerDown,
+    NULL,
+    NULL,
+    ChapPrintPkt,
+    NULL,
+    1,
+    "CHAP",
+    NULL,
+    NULL,
+    NULL
+};
+
+chap_state chap[NUM_PPP];              /* CHAP state; one for each unit */
+
+static void ChapChallengeTimeout __P((void *));
+static void ChapResponseTimeout __P((void *));
+static void ChapReceiveChallenge __P((chap_state *, u_char *, int, int));
+static void ChapRechallenge __P((void *));
+static void ChapReceiveResponse __P((chap_state *, u_char *, int, int));
+static void ChapReceiveSuccess __P((chap_state *, u_char *, int, int));
+static void ChapReceiveFailure __P((chap_state *, u_char *, int, int));
+static void ChapSendStatus __P((chap_state *, int));
+static void ChapSendChallenge __P((chap_state *));
+static void ChapSendResponse __P((chap_state *));
+static void ChapGenChallenge __P((chap_state *));
+
+extern double drand48 __P((void));
+extern void srand48 __P((long));
 
 /*
  * ChapInit - Initialize a CHAP unit.
  */
-void
+static void
 ChapInit(unit)
     int unit;
 {
@@ -67,7 +115,7 @@ ChapInit(unit)
     cstate->serverstate = CHAPSS_INITIAL;
     cstate->timeouttime = CHAP_DEFTIMEOUT;
     cstate->max_transmits = CHAP_DEFTRANSMITS;
-    srand48((long) time(NULL));        /* joggle random number generator */
+    /* random number generator is initialized in magic_init */
 }
 
 
@@ -134,7 +182,7 @@ ChapAuthPeer(unit, our_name, digest)
  */
 static void
 ChapChallengeTimeout(arg)
-    caddr_t arg;
+    void *arg;
 {
     chap_state *cstate = (chap_state *) arg;
   
@@ -148,7 +196,7 @@ ChapChallengeTimeout(arg)
        /* give up on peer */
        syslog(LOG_ERR, "Peer failed to respond to CHAP challenge");
        cstate->serverstate = CHAPSS_BADAUTH;
-       auth_peer_fail(cstate->unit, CHAP);
+       auth_peer_fail(cstate->unit, PPP_CHAP);
        return;
     }
 
@@ -161,7 +209,7 @@ ChapChallengeTimeout(arg)
  */
 static void
 ChapResponseTimeout(arg)
-    caddr_t arg;
+    void *arg;
 {
     chap_state *cstate = (chap_state *) arg;
 
@@ -178,7 +226,7 @@ ChapResponseTimeout(arg)
  */
 static void
 ChapRechallenge(arg)
-    caddr_t arg;
+    void *arg;
 {
     chap_state *cstate = (chap_state *) arg;
 
@@ -189,9 +237,6 @@ ChapRechallenge(arg)
     ChapGenChallenge(cstate);
     ChapSendChallenge(cstate);
     cstate->serverstate = CHAPSS_RECHALLENGE;
-
-    if (cstate->chal_interval != 0)
-       TIMEOUT(ChapRechallenge, (caddr_t) cstate, cstate->chal_interval);
 }
 
 
@@ -200,7 +245,7 @@ ChapRechallenge(arg)
  *
  * Start up if we have pending requests.
  */
-void
+static void
 ChapLowerUp(unit)
     int unit;
 {
@@ -226,7 +271,7 @@ ChapLowerUp(unit)
  *
  * Cancel all timeouts.
  */
-void
+static void
 ChapLowerDown(unit)
     int unit;
 {
@@ -235,12 +280,12 @@ ChapLowerDown(unit)
     /* Timeout(s) pending?  Cancel if so. */
     if (cstate->serverstate == CHAPSS_INITIAL_CHAL ||
        cstate->serverstate == CHAPSS_RECHALLENGE)
-       UNTIMEOUT(ChapChallengeTimeout, (caddr_t) cstate);
+       UNTIMEOUT(ChapChallengeTimeout, cstate);
     else if (cstate->serverstate == CHAPSS_OPEN
             && cstate->chal_interval != 0)
-       UNTIMEOUT(ChapRechallenge, (caddr_t) cstate);
+       UNTIMEOUT(ChapRechallenge, cstate);
     if (cstate->clientstate == CHAPCS_RESPONSE)
-       UNTIMEOUT(ChapResponseTimeout, (caddr_t) cstate);
+       UNTIMEOUT(ChapResponseTimeout, cstate);
 
     cstate->clientstate = CHAPCS_INITIAL;
     cstate->serverstate = CHAPSS_INITIAL;
@@ -250,7 +295,7 @@ ChapLowerDown(unit)
 /*
  * ChapProtocolReject - Peer doesn't grok CHAP.
  */
-void
+static void
 ChapProtocolReject(unit)
     int unit;
 {
@@ -258,10 +303,10 @@ ChapProtocolReject(unit)
 
     if (cstate->serverstate != CHAPSS_INITIAL &&
        cstate->serverstate != CHAPSS_CLOSED)
-       auth_peer_fail(unit, CHAP);
+       auth_peer_fail(unit, PPP_CHAP);
     if (cstate->clientstate != CHAPCS_INITIAL &&
        cstate->clientstate != CHAPCS_CLOSED)
-       auth_withpeer_fail(unit, CHAP);
+       auth_withpeer_fail(unit, PPP_CHAP);
     ChapLowerDown(unit);               /* shutdown chap */
 }
 
@@ -269,7 +314,7 @@ ChapProtocolReject(unit)
 /*
  * ChapInput - Input CHAP packet.
  */
-void
+static void
 ChapInput(unit, inpacket, packet_len)
     int unit;
     u_char *inpacket;
@@ -345,6 +390,7 @@ ChapReceiveChallenge(cstate, inp, id, len)
     char secret[MAXSECRETLEN];
     char rhostname[256];
     MD5_CTX mdContext;
+    u_char hash[MD5_SIGNATURE_SIZE];
  
     CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: Rcvd id %d.", id));
     if (cstate->clientstate == CHAPCS_CLOSED ||
@@ -373,9 +419,17 @@ ChapReceiveChallenge(cstate, inp, id, len)
     BCOPY(inp, rhostname, len);
     rhostname[len] = '\000';
 
-    CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: received name field: %s",
+    CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: received name field '%s'",
               rhostname));
 
+    /* Microsoft doesn't send their name back in the PPP packet */
+    if (remote_name[0] != 0 && (explicit_remote || rhostname[0] == 0)) {
+       strncpy(rhostname, remote_name, sizeof(rhostname));
+       rhostname[sizeof(rhostname) - 1] = 0;
+       CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: using '%s' as remote name",
+                  rhostname));
+    }
+
     /* get secret for authenticating ourselves with the specified host */
     if (!get_secret(cstate->unit, cstate->resp_name, rhostname,
                    secret, &secret_len, 0)) {
@@ -386,7 +440,7 @@ ChapReceiveChallenge(cstate, inp, id, len)
 
     /* cancel response send timeout if necessary */
     if (cstate->clientstate == CHAPCS_RESPONSE)
-       UNTIMEOUT(ChapResponseTimeout, (caddr_t) cstate);
+       UNTIMEOUT(ChapResponseTimeout, cstate);
 
     cstate->resp_id = id;
     cstate->resp_transmits = 0;
@@ -394,21 +448,28 @@ ChapReceiveChallenge(cstate, inp, id, len)
     /*  generate MD based on negotiated type */
     switch (cstate->resp_type) { 
 
-    case CHAP_DIGEST_MD5:              /* only MD5 is defined for now */
+    case CHAP_DIGEST_MD5:
        MD5Init(&mdContext);
        MD5Update(&mdContext, &cstate->resp_id, 1);
        MD5Update(&mdContext, secret, secret_len);
        MD5Update(&mdContext, rchallenge, rchallenge_len);
-       MD5Final(&mdContext);
-       BCOPY(mdContext.digest, cstate->response, MD5_SIGNATURE_SIZE);
+       MD5Final(hash, &mdContext);
+       BCOPY(hash, cstate->response, MD5_SIGNATURE_SIZE);
        cstate->resp_length = MD5_SIGNATURE_SIZE;
        break;
 
+#ifdef CHAPMS
+    case CHAP_MICROSOFT:
+       ChapMS(cstate, rchallenge, rchallenge_len, secret, secret_len);
+       break;
+#endif
+
     default:
        CHAPDEBUG((LOG_INFO, "unknown digest type %d", cstate->resp_type));
        return;
     }
 
+    BZERO(secret, sizeof(secret));
     ChapSendResponse(cstate);
 }
 
@@ -427,10 +488,9 @@ ChapReceiveResponse(cstate, inp, id, len)
     int secret_len, old_state;
     int code;
     char rhostname[256];
-    u_char buf[256];
     MD5_CTX mdContext;
-    u_char msg[256];
     char secret[MAXSECRETLEN];
+    u_char hash[MD5_SIGNATURE_SIZE];
 
     CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: Rcvd id %d.", id));
 
@@ -472,7 +532,7 @@ ChapReceiveResponse(cstate, inp, id, len)
        return;
     }
 
-    UNTIMEOUT(ChapChallengeTimeout, (caddr_t) cstate);
+    UNTIMEOUT(ChapChallengeTimeout, cstate);
 
     if (len >= sizeof(rhostname))
        len = sizeof(rhostname) - 1;
@@ -503,10 +563,10 @@ ChapReceiveResponse(cstate, inp, id, len)
            MD5Update(&mdContext, &cstate->chal_id, 1);
            MD5Update(&mdContext, secret, secret_len);
            MD5Update(&mdContext, cstate->challenge, cstate->chal_len);
-           MD5Final(&mdContext); 
+           MD5Final(hash, &mdContext); 
 
            /* compare local and remote MDs and send the appropriate status */
-           if (bcmp (mdContext.digest, remmd, MD5_SIGNATURE_SIZE) == 0)
+           if (memcmp (hash, remmd, MD5_SIGNATURE_SIZE) == 0)
                code = CHAP_SUCCESS;    /* they are the same! */
            break;
 
@@ -515,21 +575,22 @@ ChapReceiveResponse(cstate, inp, id, len)
        }
     }
 
+    BZERO(secret, sizeof(secret));
     ChapSendStatus(cstate, code);
 
     if (code == CHAP_SUCCESS) {
        old_state = cstate->serverstate;
        cstate->serverstate = CHAPSS_OPEN;
        if (old_state == CHAPSS_INITIAL_CHAL) {
-           auth_peer_success(cstate->unit, CHAP);
+           auth_peer_success(cstate->unit, PPP_CHAP, rhostname, len);
        }
        if (cstate->chal_interval != 0)
-           TIMEOUT(ChapRechallenge, (caddr_t) cstate, cstate->chal_interval);
+           TIMEOUT(ChapRechallenge, cstate, cstate->chal_interval);
 
     } else {
        syslog(LOG_ERR, "CHAP peer authentication failed");
        cstate->serverstate = CHAPSS_BADAUTH;
-       auth_peer_fail(cstate->unit, CHAP);
+       auth_peer_fail(cstate->unit, PPP_CHAP);
     }
 }
 
@@ -557,6 +618,8 @@ ChapReceiveSuccess(cstate, inp, id, len)
        return;
     }
 
+    UNTIMEOUT(ChapResponseTimeout, cstate);
+
     /*
      * Print message.
      */
@@ -565,7 +628,7 @@ ChapReceiveSuccess(cstate, inp, id, len)
 
     cstate->clientstate = CHAPCS_OPEN;
 
-    auth_withpeer_success(cstate->unit, CHAP);
+    auth_withpeer_success(cstate->unit, PPP_CHAP);
 }
 
 
@@ -579,9 +642,6 @@ ChapReceiveFailure(cstate, inp, id, len)
     u_char id;
     int len;
 {
-    u_char msglen;
-    u_char *msg;
-  
     CHAPDEBUG((LOG_INFO, "ChapReceiveFailure: Rcvd id %d.", id));
 
     if (cstate->clientstate != CHAPCS_RESPONSE) {
@@ -591,6 +651,8 @@ ChapReceiveFailure(cstate, inp, id, len)
        return;
     }
 
+    UNTIMEOUT(ChapResponseTimeout, cstate);
+
     /*
      * Print message.
      */
@@ -598,7 +660,7 @@ ChapReceiveFailure(cstate, inp, id, len)
        PRINTMSG(inp, len);
 
     syslog(LOG_ERR, "CHAP authentication failed");
-    auth_withpeer_fail(cstate->unit, CHAP);
+    auth_withpeer_fail(cstate->unit, PPP_CHAP);
 }
 
 
@@ -618,7 +680,7 @@ ChapSendChallenge(cstate)
     outlen = CHAP_HEADERLEN + sizeof (u_char) + chal_len + name_len;
     outp = outpacket_buf;
 
-    MAKEHEADER(outp, CHAP);            /* paste in a CHAP header */
+    MAKEHEADER(outp, PPP_CHAP);                /* paste in a CHAP header */
 
     PUTCHAR(CHAP_CHALLENGE, outp);
     PUTCHAR(cstate->chal_id, outp);
@@ -630,11 +692,11 @@ ChapSendChallenge(cstate)
 
     BCOPY(cstate->chal_name, outp, name_len);  /* append hostname */
 
-    output(cstate->unit, outpacket_buf, outlen + DLLHEADERLEN);
+    output(cstate->unit, outpacket_buf, outlen + PPP_HDRLEN);
   
     CHAPDEBUG((LOG_INFO, "ChapSendChallenge: Sent id %d.", cstate->chal_id));
 
-    TIMEOUT(ChapChallengeTimeout, (caddr_t) cstate, cstate->timeouttime);
+    TIMEOUT(ChapChallengeTimeout, cstate, cstate->timeouttime);
     ++cstate->chal_transmits;
 }
 
@@ -660,13 +722,13 @@ ChapSendStatus(cstate, code)
     outlen = CHAP_HEADERLEN + msglen;
     outp = outpacket_buf;
 
-    MAKEHEADER(outp, CHAP);    /* paste in a header */
+    MAKEHEADER(outp, PPP_CHAP);        /* paste in a header */
   
     PUTCHAR(code, outp);
     PUTCHAR(cstate->chal_id, outp);
     PUTSHORT(outlen, outp);
     BCOPY(msg, outp, msglen);
-    output(cstate->unit, outpacket_buf, outlen + DLLHEADERLEN);
+    output(cstate->unit, outpacket_buf, outlen + PPP_HDRLEN);
   
     CHAPDEBUG((LOG_INFO, "ChapSendStatus: Sent code %d, id %d.", code,
               cstate->chal_id));
@@ -718,7 +780,7 @@ ChapSendResponse(cstate)
     outlen = CHAP_HEADERLEN + sizeof (u_char) + md_len + name_len;
     outp = outpacket_buf;
 
-    MAKEHEADER(outp, CHAP);
+    MAKEHEADER(outp, PPP_CHAP);
 
     PUTCHAR(CHAP_RESPONSE, outp);      /* we are a response */
     PUTCHAR(cstate->resp_id, outp);    /* copy id from challenge packet */
@@ -731,24 +793,74 @@ ChapSendResponse(cstate)
     BCOPY(cstate->resp_name, outp, name_len); /* append our name */
 
     /* send the packet */
-    output(cstate->unit, outpacket_buf, outlen + DLLHEADERLEN);
+    output(cstate->unit, outpacket_buf, outlen + PPP_HDRLEN);
 
     cstate->clientstate = CHAPCS_RESPONSE;
-    TIMEOUT(ChapResponseTimeout, (caddr_t) cstate, cstate->timeouttime);
+    TIMEOUT(ChapResponseTimeout, cstate, cstate->timeouttime);
     ++cstate->resp_transmits;
 }
 
-#ifdef NO_DRAND48
-
-double drand48()
+/*
+ * ChapPrintPkt - print the contents of a CHAP packet.
+ */
+static char *ChapCodenames[] = {
+    "Challenge", "Response", "Success", "Failure"
+};
+
+static int
+ChapPrintPkt(p, plen, printer, arg)
+    u_char *p;
+    int plen;
+    void (*printer) __P((void *, char *, ...));
+    void *arg;
 {
-  return (double)random() / (double)0x7fffffffL; /* 2**31-1 */
-}
+    int code, id, len;
+    int clen, nlen;
+    u_char x;
+
+    if (plen < CHAP_HEADERLEN)
+       return 0;
+    GETCHAR(code, p);
+    GETCHAR(id, p);
+    GETSHORT(len, p);
+    if (len < CHAP_HEADERLEN || len > plen)
+       return 0;
+
+    if (code >= 1 && code <= sizeof(ChapCodenames) / sizeof(char *))
+       printer(arg, " %s", ChapCodenames[code-1]);
+    else
+       printer(arg, " code=0x%x", code);
+    printer(arg, " id=0x%x", id);
+    len -= CHAP_HEADERLEN;
+    switch (code) {
+    case CHAP_CHALLENGE:
+    case CHAP_RESPONSE:
+       if (len < 1)
+           break;
+       clen = p[0];
+       if (len < clen + 1)
+           break;
+       ++p;
+       nlen = len - clen - 1;
+       printer(arg, " <");
+       for (; clen > 0; --clen) {
+           GETCHAR(x, p);
+           printer(arg, "%.2x", x);
+       }
+       printer(arg, ">, name = ");
+       print_string((char *)p, nlen, printer, arg);
+       break;
+    case CHAP_FAILURE:
+    case CHAP_SUCCESS:
+       printer(arg, " ");
+       print_string((char *)p, len, printer, arg);
+       break;
+    default:
+       for (clen = len; clen > 0; --clen) {
+           GETCHAR(x, p);
+           printer(arg, " %.2x", x);
+       }
+    }
 
-void srand48(seedval)
-long seedval;
-{
-  srand((int)seedval);
+    return len + CHAP_HEADERLEN;
 }
-
-#endif