X-Git-Url: http://git.ozlabs.org/?p=ppp.git;a=blobdiff_plain;f=pppd%2Fchap.h;h=5372822eaa053643fafcbcf7f8d7271ab990966f;hp=e91d4fb524a064985f6fc0840fc4bb386b23359f;hb=fd25394d146bb83043189608d30dd0eeb983186d;hpb=0b63a24d54ba4708c88e31bdd74b0145956c1478

diff --git a/pppd/chap.h b/pppd/chap.h
index e91d4fb..5372822 100644
--- a/pppd/chap.h
+++ b/pppd/chap.h
@@ -1,6 +1,20 @@
 /*
- * chap.h - Cryptographic Handshake Authentication Protocol definitions.
- *          based on November 1991 draft of PPP Authentication RFC
+ * chap.h - Challenge Handshake Authentication Protocol definitions.
+ *
+ * Copyright (c) 1993 The Australian National University.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms are permitted
+ * provided that the above copyright notice and this paragraph are
+ * duplicated in all such forms and that any documentation,
+ * advertising materials, and other materials related to such
+ * distribution and use acknowledge that the software was developed
+ * by the Australian National University.  The name of the University
+ * may not be used to endorse or promote products derived from this
+ * software without specific prior written permission.
+ * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
  * Copyright (c) 1991 Gregory M. Christy
  * All rights reserved.
@@ -16,13 +30,13 @@
  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  *
- * $Id: chap.h,v 1.1 1993/11/11 03:54:25 paulus Exp $
+ * $Id: chap.h,v 1.14 2002/09/24 11:35:22 fcusack Exp $
  */
 
 #ifndef __CHAP_INCLUDE__
 
 /* Code + ID + length */
-#define CHAP_HEADERLEN	(sizeof (u_char) + sizeof (u_char) + sizeof (u_short))
+#define CHAP_HEADERLEN		4
 
 /*
  * CHAP codes.
@@ -30,6 +44,48 @@
 
 #define CHAP_DIGEST_MD5		5	/* use MD5 algorithm */
 #define MD5_SIGNATURE_SIZE	16	/* 16 bytes in a MD5 message digest */
+#define CHAP_MICROSOFT		0x80	/* use Microsoft-compatible alg. */
+#define CHAP_MICROSOFT_V2	0x81	/* use Microsoft-compatible alg. */
+
+/*
+ * Digest type and selection.
+ */
+
+/* bitmask of supported algorithms */
+#define MDTYPE_MICROSOFT_V2	0x1
+#define MDTYPE_MICROSOFT	0x2
+#define MDTYPE_MD5		0x4
+
+#ifdef CHAPMS
+#define MDTYPE_ALL (MDTYPE_MICROSOFT_V2 | MDTYPE_MICROSOFT | MDTYPE_MD5)
+#else
+#define MDTYPE_ALL (MDTYPE_MD5)
+#endif
+#define MDTYPE_NONE 0
+
+/* Return the digest alg. ID for the most preferred digest type. */
+#define CHAP_DIGEST(mdtype) \
+    ((mdtype) & MDTYPE_MICROSOFT_V2)? CHAP_MICROSOFT_V2: \
+    ((mdtype) & MDTYPE_MICROSOFT)? CHAP_MICROSOFT: \
+    ((mdtype) & MDTYPE_MD5)? CHAP_DIGEST_MD5: \
+    0
+
+/* Return the bit flag (lsb set) for our most preferred digest type. */
+#define CHAP_MDTYPE(mdtype) ((mdtype) ^ ((mdtype) - 1)) & (mdtype)
+
+/* Return the bit flag for a given digest algorithm ID. */
+#define CHAP_MDTYPE_D(digest) \
+    ((digest) == CHAP_MICROSOFT_V2)? MDTYPE_MICROSOFT_V2: \
+    ((digest) == CHAP_MICROSOFT)? MDTYPE_MICROSOFT: \
+    ((digest) == CHAP_DIGEST_MD5)? MDTYPE_MD5: \
+    0
+
+/* Can we do the requested digest? */
+#define CHAP_CANDIGEST(mdtype, digest) \
+    ((digest) == CHAP_MICROSOFT_V2)? (mdtype) & MDTYPE_MICROSOFT_V2: \
+    ((digest) == CHAP_MICROSOFT)? (mdtype) & MDTYPE_MICROSOFT: \
+    ((digest) == CHAP_DIGEST_MD5)? (mdtype) & MDTYPE_MD5: \
+    0
 
 #define CHAP_CHALLENGE		1
 #define CHAP_RESPONSE		2
@@ -39,9 +95,11 @@
 /*
  *  Challenge lengths (for challenges we send) and other limits.
  */
-#define MIN_CHALLENGE_LENGTH	32
-#define MAX_CHALLENGE_LENGTH	64
-#define MAX_RESPONSE_LENGTH	16	/* sufficient for MD5 */
+#define MIN_CHALLENGE_LENGTH	16
+#define MAX_CHALLENGE_LENGTH	24	/* sufficient for MS-CHAP Peer Chal. */
+#define MAX_RESPONSE_LENGTH	64	/* sufficient for MD5 or MS-CHAP */
+#define MS_AUTH_RESPONSE_LENGTH	40	/* MS-CHAPv2 authenticator response, */
+					/* as ASCII */
 
 /*
  * Each interface is described by a chap structure.
@@ -63,12 +121,19 @@ typedef struct chap_state {
     int chal_transmits;		/* Number of transmissions of challenge */
     int resp_transmits;		/* Number of transmissions of response */
     u_char response[MAX_RESPONSE_LENGTH];	/* Response to send */
+    char saresponse[MS_AUTH_RESPONSE_LENGTH+1];	/* Auth response to send */
+    char earesponse[MS_AUTH_RESPONSE_LENGTH+1];	/* Auth response expected */
+						/* +1 for null terminator */
+    u_char resp_flags;		/* flags from MS-CHAPv2 auth response */
     u_char resp_length;		/* length of response */
     u_char resp_id;		/* ID for response messages */
     u_char resp_type;		/* hash algorithm for responses */
     char *resp_name;		/* Our name to send with response */
 } chap_state;
 
+/* We need the declaration of chap_state to use this prototype */
+extern int (*chap_auth_hook) __P((char *user, u_char *remmd,
+				  int remmd_len, chap_state *cstate));
 
 /*
  * Client (peer) states.
@@ -99,13 +164,10 @@ typedef struct chap_state {
 
 extern chap_state chap[];
 
-void ChapInit __ARGS((int));
-void ChapAuthWithPeer __ARGS((int, char *, int));
-void ChapAuthPeer __ARGS((int, char *, int));
-void ChapLowerUp __ARGS((int));
-void ChapLowerDown __ARGS((int));
-void ChapInput __ARGS((int, u_char *, int));
-void ChapProtocolReject __ARGS((int));
+void ChapAuthWithPeer __P((int, char *, int));
+void ChapAuthPeer __P((int, char *, int));
+
+extern struct protent chap_protent;
 
 #define __CHAP_INCLUDE__
 #endif /* __CHAP_INCLUDE__ */