*
*/
-#define RCSID "$Id: chap_ms.c,v 1.33 2004/11/12 09:57:43 paulus Exp $"
+#define RCSID "$Id: chap_ms.c,v 1.34 2004/11/15 22:13:26 paulus Exp $"
#ifdef CHAPMS
static void NTPasswordHash __P((char *, int, u_char[MD4_SIGNATURE_SIZE]));
static void ChallengeResponse __P((u_char *, u_char *, u_char[24]));
static void ChapMS_NT __P((u_char *, char *, int, u_char[24]));
-static void ChapMS2_NT __P((char *, u_char[16], char *, char *, int,
+static void ChapMS2_NT __P((u_char *, u_char[16], char *, char *, int,
u_char[24]));
static void GenerateAuthenticatorResponsePlain
__P((char*, int, u_char[24], u_char[16], u_char *,
char *, u_char[41]));
#ifdef MSLANMAN
-static void ChapMS_LANMan __P((u_char *, char *, int, MS_ChapResponse *));
+static void ChapMS_LANMan __P((u_char *, char *, int, u_char *));
#endif
#ifdef MPPE
unsigned char *challenge, unsigned char *response,
char *message, int message_space)
{
- MS_ChapResponse *rmd;
- MS_ChapResponse md;
+ unsigned char md[MS_CHAP_RESPONSE_LEN];
int diff;
int challenge_len, response_len;
if (response_len != MS_CHAP_RESPONSE_LEN)
goto bad;
- rmd = (MS_ChapResponse *) response;
-
#ifndef MSLANMAN
- if (!rmd->UseNT[0]) {
+ if (!response[MS_CHAP_USENT]) {
/* Should really propagate this into the error packet. */
notice("Peer request for LANMAN auth not supported");
goto bad;
#endif
/* Generate the expected response. */
- ChapMS(challenge, (char *)secret, secret_len, &md);
+ ChapMS(challenge, (char *)secret, secret_len, md);
#ifdef MSLANMAN
/* Determine which part of response to verify against */
- if (!rmd->UseNT[0])
- diff = memcmp(&rmd->LANManResp, &md.LANManResp,
- sizeof(md.LANManResp));
+ if (!response[MS_CHAP_USENT])
+ diff = memcmp(&response[MS_CHAP_LANMANRESP],
+ &md[MS_CHAP_LANMANRESP], MS_CHAP_LANMANRESP_LEN);
else
#endif
- diff = memcmp(&rmd->NTResp, &md.NTResp, sizeof(md.NTResp));
+ diff = memcmp(&response[MS_CHAP_NTRESP], &md[MS_CHAP_NTRESP],
+ MS_CHAP_NTRESP_LEN);
if (diff == 0) {
slprintf(message, message_space, "Access granted");
unsigned char *challenge, unsigned char *response,
char *message, int message_space)
{
- MS_Chap2Response *rmd;
- MS_Chap2Response md;
+ unsigned char md[MS_CHAP2_RESPONSE_LEN];
char saresponse[MS_AUTH_RESPONSE_LENGTH+1];
int challenge_len, response_len;
if (response_len != MS_CHAP2_RESPONSE_LEN)
goto bad; /* not even the right length */
- rmd = (MS_Chap2Response *) response;
-
/* Generate the expected response and our mutual auth. */
- ChapMS2(challenge, rmd->PeerChallenge, name,
- (char *)secret, secret_len, &md,
+ ChapMS2(challenge, &response[MS_CHAP2_PEER_CHALLENGE], name,
+ (char *)secret, secret_len, md,
(unsigned char *)saresponse, MS_CHAP2_AUTHENTICATOR);
/* compare MDs and send the appropriate status */
* Special thanks to Alex Swiridov <say@real.kharkov.ua> for
* help debugging this.
*/
- if (memcmp(md.NTResp, rmd->NTResp, sizeof(md.NTResp)) == 0) {
- if (rmd->Flags[0])
+ if (memcmp(&md[MS_CHAP2_NTRESP], &response[MS_CHAP2_NTRESP],
+ MS_CHAP2_NTRESP_LEN) == 0) {
+ if (response[MS_CHAP2_FLAGS])
slprintf(message, message_space, "S=%s", saresponse);
else
slprintf(message, message_space, "S=%s M=%s",
{
challenge++; /* skip length, should be 8 */
*response++ = MS_CHAP_RESPONSE_LEN;
- ChapMS(challenge, secret, secret_len, (MS_ChapResponse *) response);
+ ChapMS(challenge, secret, secret_len, response);
}
static void
#else
NULL,
#endif
- our_name, secret, secret_len,
- (MS_Chap2Response *) response, private,
+ our_name, secret, secret_len, response, private,
MS_CHAP2_AUTHENTICATEE);
}
}
static void
-ChapMS2_NT(char *rchallenge, u_char PeerChallenge[16], char *username,
+ChapMS2_NT(u_char *rchallenge, u_char PeerChallenge[16], char *username,
char *secret, int secret_len, u_char NTResponse[24])
{
u_char unicodePassword[MAX_NT_PASSWORD * 2];
u_char PasswordHash[MD4_SIGNATURE_SIZE];
u_char Challenge[8];
- ChallengeHash(PeerChallenge, (unsigned char *)rchallenge, username,
- Challenge);
+ ChallengeHash(PeerChallenge, rchallenge, username, Challenge);
/* Hash the Unicode version of the secret (== password). */
ascii2unicode(secret, secret_len, unicodePassword);
static void
ChapMS_LANMan(u_char *rchallenge, char *secret, int secret_len,
- MS_ChapResponse *response)
+ unsigned char *response)
{
int i;
u_char UcasePassword[MAX_NT_PASSWORD]; /* max is actually 14 */
DesEncrypt( StdText, PasswordHash + 0 );
(void) DesSetkey(UcasePassword + 7);
DesEncrypt( StdText, PasswordHash + 8 );
- ChallengeResponse(rchallenge, PasswordHash, response->LANManResp);
+ ChallengeResponse(rchallenge, PasswordHash, &response[MS_CHAP_LANMANRESP]);
}
#endif
void
ChapMS(u_char *rchallenge, char *secret, int secret_len,
- MS_ChapResponse *response)
+ unsigned char *response)
{
- BZERO(response, sizeof(*response));
+ BZERO(response, MS_CHAP_RESPONSE_LEN);
- ChapMS_NT(rchallenge, secret, secret_len, response->NTResp);
+ ChapMS_NT(rchallenge, secret, secret_len, &response[MS_CHAP_NTRESP]);
#ifdef MSLANMAN
- ChapMS_LANMan(rchallenge, secret, secret_len, response);
+ ChapMS_LANMan(rchallenge, secret, secret_len, &response);
/* preferred method is set by option */
- response->UseNT[0] = !ms_lanman;
+ response[MS_CHAP_USENT] = !ms_lanman;
#else
- response->UseNT[0] = 1;
+ response[MS_CHAP_USENT] = 1;
#endif
#ifdef MPPE
/*
- * If PeerChallenge is NULL, one is generated and response->PeerChallenge
- * is filled in. Call this way when generating a response.
- * If PeerChallenge is supplied, it is copied into response->PeerChallenge.
+ * If PeerChallenge is NULL, one is generated and the PeerChallenge
+ * field of response is filled in. Call this way when generating a response.
+ * If PeerChallenge is supplied, it is copied into the PeerChallenge field.
* Call this way when verifying a response (or debugging).
- * Do not call with PeerChallenge = response->PeerChallenge.
+ * Do not call with PeerChallenge = response.
*
- * response->PeerChallenge is then used for calculation of the
+ * The PeerChallenge field of response is then used for calculation of the
* Authenticator Response.
*/
void
ChapMS2(u_char *rchallenge, u_char *PeerChallenge,
- char *user, char *secret, int secret_len, MS_Chap2Response *response,
+ char *user, char *secret, int secret_len, unsigned char *response,
u_char authResponse[], int authenticator)
{
/* ARGSUSED */
- u_char *p = response->PeerChallenge;
+ u_char *p = &response[MS_CHAP2_PEER_CHALLENGE];
int i;
BZERO(response, sizeof(*response));
/* Generate the Peer-Challenge if requested, or copy it if supplied. */
if (!PeerChallenge)
- for (i = 0; i < sizeof(response->PeerChallenge); i++)
+ for (i = 0; i < MS_CHAP2_PEER_CHAL_LEN; i++)
*p++ = (u_char) (drand48() * 0xff);
else
- BCOPY(PeerChallenge, response->PeerChallenge,
- sizeof(response->PeerChallenge));
+ BCOPY(PeerChallenge, &response[MS_CHAP2_PEER_CHALLENGE],
+ MS_CHAP2_PEER_CHAL_LEN);
/* Generate the NT-Response */
- ChapMS2_NT((char *)rchallenge, response->PeerChallenge, user,
- secret, secret_len, response->NTResp);
+ ChapMS2_NT(rchallenge, &response[MS_CHAP2_PEER_CHALLENGE], user,
+ secret, secret_len, &response[MS_CHAP2_NTRESP]);
/* Generate the Authenticator Response. */
- GenerateAuthenticatorResponsePlain(secret, secret_len, response->NTResp,
- response->PeerChallenge, rchallenge,
- user, authResponse);
+ GenerateAuthenticatorResponsePlain(secret, secret_len,
+ &response[MS_CHAP2_NTRESP],
+ &response[MS_CHAP2_PEER_CHALLENGE],
+ rchallenge, user, authResponse);
#ifdef MPPE
- SetMasterKeys(secret, secret_len, response->NTResp, authenticator);
+ SetMasterKeys(secret, secret_len,
+ &response[MS_CHAP2_NTRESP], authenticator);
#endif
}