X-Git-Url: https://git.ozlabs.org/?a=blobdiff_plain;f=pppd%2Fchap.h;h=21373bdbb07e8d83fc6a7908a7663c03d1ce8a2b;hb=4f3e40659fcccce45068473ae94cfead18260c77;hp=37d166566f19b6f8614279212d59115509ea081c;hpb=d95598c16f6a3feb4846db669601856bad15bb74;p=ppp.git diff --git a/pppd/chap.h b/pppd/chap.h index 37d1665..21373bd 100644 --- a/pppd/chap.h +++ b/pppd/chap.h @@ -1,127 +1,176 @@ /* - * chap.h - Challenge Handshake Authentication Protocol definitions. + * chap-new.c - New CHAP implementation. * - * Copyright (c) 1993 The Australian National University. - * All rights reserved. + * Copyright (c) 2003 Paul Mackerras. All rights reserved. * - * Redistribution and use in source and binary forms are permitted - * provided that the above copyright notice and this paragraph are - * duplicated in all such forms and that any documentation, - * advertising materials, and other materials related to such - * distribution and use acknowledge that the software was developed - * by the Australian National University. The name of the University - * may not be used to endorse or promote products derived from this - * software without specific prior written permission. - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * Copyright (c) 1991 Gregory M. Christy - * All rights reserved. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * Redistribution and use in source and binary forms are permitted - * provided that the above copyright notice and this paragraph are - * duplicated in all such forms and that any documentation, - * advertising materials, and other materials related to such - * distribution and use acknowledge that the software was developed - * by the author. + * 2. The name(s) of the authors of this software must not be used to + * endorse or promote products derived from this software without + * prior written permission. * - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. + * 3. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by Paul Mackerras + * ". * - * $Id: chap.h,v 1.9 2002/01/22 16:02:58 dfs Exp $ + * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO + * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY + * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN + * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#ifndef __CHAP_INCLUDE__ +#ifndef PPP_CHAP_NEW_H +#define PPP_CHAP_NEW_H -/* Code + ID + length */ -#define CHAP_HEADERLEN 4 +#include "pppdconf.h" + +#ifdef __cplusplus +extern "C" { +#endif /* - * CHAP codes. + * CHAP packets begin with a standard header with code, id, len (2 bytes). */ +#define CHAP_HDRLEN 4 -#define CHAP_DIGEST_MD5 5 /* use MD5 algorithm */ -#define MD5_SIGNATURE_SIZE 16 /* 16 bytes in a MD5 message digest */ -#define CHAP_MICROSOFT 0x80 /* use Microsoft-compatible alg. */ -#define MS_CHAP_RESPONSE_LEN 49 /* Response length for MS-CHAP */ - -#define CHAP_CHALLENGE 1 -#define CHAP_RESPONSE 2 -#define CHAP_SUCCESS 3 -#define CHAP_FAILURE 4 +/* + * Values for the code field. + */ +#define CHAP_CHALLENGE 1 +#define CHAP_RESPONSE 2 +#define CHAP_SUCCESS 3 +#define CHAP_FAILURE 4 /* - * Challenge lengths (for challenges we send) and other limits. + * CHAP digest codes. */ -#define MIN_CHALLENGE_LENGTH 16 -#define MAX_CHALLENGE_LENGTH 24 -#define MAX_RESPONSE_LENGTH 64 /* sufficient for MD5 or MS-CHAP */ +#define CHAP_MD5 5 +#define CHAP_MICROSOFT 0x80 +#define CHAP_MICROSOFT_V2 0x81 /* - * Each interface is described by a chap structure. + * Semi-arbitrary limits on challenge and response fields. */ +#define MAX_CHALLENGE_LEN 64 +#define MAX_RESPONSE_LEN 64 + +/* bitmask of supported algorithms */ +#define MDTYPE_MICROSOFT_V2 0x1 +#define MDTYPE_MICROSOFT 0x2 +#define MDTYPE_MD5 0x4 +#define MDTYPE_NONE 0 + +/* hashes supported by this instance of pppd */ +extern int chap_mdtype_all; + +/* Return the digest alg. ID for the most preferred digest type. */ +#define CHAP_DIGEST(mdtype) \ + ((mdtype) & MDTYPE_MD5)? CHAP_MD5: \ + ((mdtype) & MDTYPE_MICROSOFT_V2)? CHAP_MICROSOFT_V2: \ + ((mdtype) & MDTYPE_MICROSOFT)? CHAP_MICROSOFT: \ + 0 + +/* Return the bit flag (lsb set) for our most preferred digest type. */ +#define CHAP_MDTYPE(mdtype) ((mdtype) ^ ((mdtype) - 1)) & (mdtype) + +/* Return the bit flag for a given digest algorithm ID. */ +#define CHAP_MDTYPE_D(digest) \ + ((digest) == CHAP_MICROSOFT_V2)? MDTYPE_MICROSOFT_V2: \ + ((digest) == CHAP_MICROSOFT)? MDTYPE_MICROSOFT: \ + ((digest) == CHAP_MD5)? MDTYPE_MD5: \ + 0 + +/* Can we do the requested digest? */ +#define CHAP_CANDIGEST(mdtype, digest) \ + ((digest) == CHAP_MICROSOFT_V2)? (mdtype) & MDTYPE_MICROSOFT_V2: \ + ((digest) == CHAP_MICROSOFT)? (mdtype) & MDTYPE_MICROSOFT: \ + ((digest) == CHAP_MD5)? (mdtype) & MDTYPE_MD5: \ + 0 -typedef struct chap_state { - int unit; /* Interface unit number */ - int clientstate; /* Client state */ - int serverstate; /* Server state */ - u_char challenge[MAX_CHALLENGE_LENGTH]; /* last challenge string sent */ - u_char chal_len; /* challenge length */ - u_char chal_id; /* ID of last challenge */ - u_char chal_type; /* hash algorithm for challenges */ - u_char id; /* Current id */ - char *chal_name; /* Our name to use with challenge */ - int chal_interval; /* Time until we challenge peer again */ - int timeouttime; /* Timeout time in seconds */ - int max_transmits; /* Maximum # of challenge transmissions */ - int chal_transmits; /* Number of transmissions of challenge */ - int resp_transmits; /* Number of transmissions of response */ - u_char response[MAX_RESPONSE_LENGTH]; /* Response to send */ - u_char resp_length; /* length of response */ - u_char resp_id; /* ID for response messages */ - u_char resp_type; /* hash algorithm for responses */ - char *resp_name; /* Our name to send with response */ -} chap_state; - -/* We need the declaration of chap_state to use this prototype */ -extern int (*chap_auth_hook) __P((char *user, u_char *remmd, - int remmd_len, chap_state *cstate)); /* - * Client (peer) states. + * The code for each digest type has to supply one of these. */ -#define CHAPCS_INITIAL 0 /* Lower layer down, not opened */ -#define CHAPCS_CLOSED 1 /* Lower layer up, not opened */ -#define CHAPCS_PENDING 2 /* Auth us to peer when lower up */ -#define CHAPCS_LISTEN 3 /* Listening for a challenge */ -#define CHAPCS_RESPONSE 4 /* Sent response, waiting for status */ -#define CHAPCS_OPEN 5 /* We've received Success */ +struct chap_digest_type { + int code; + + /* + * Note: challenge and response arguments below are formatted as + * a length byte followed by the actual challenge/response data. + */ + void (*generate_challenge)(unsigned char *challenge); + int (*verify_response)(int id, char *name, + unsigned char *secret, int secret_len, + unsigned char *challenge, unsigned char *response, + char *message, int message_space); + void (*make_response)(unsigned char *response, int id, char *our_name, + unsigned char *challenge, char *secret, int secret_len, + unsigned char *priv); + int (*check_success)(int id, unsigned char *pkt, int len); + void (*handle_failure)(unsigned char *pkt, int len); + + struct chap_digest_type *next; +}; /* - * Server (authenticator) states. + * This function will return a value of 1 to indicate that a plugin intend to supply + * a username or a password to pppd through the chap_passwd_hook callback. + * + * Return a value > 0 to avoid parsing the chap-secrets file. */ -#define CHAPSS_INITIAL 0 /* Lower layer down, not opened */ -#define CHAPSS_CLOSED 1 /* Lower layer up, not opened */ -#define CHAPSS_PENDING 2 /* Auth peer when lower up */ -#define CHAPSS_INITIAL_CHAL 3 /* We've sent the first challenge */ -#define CHAPSS_OPEN 4 /* We've sent a Success msg */ -#define CHAPSS_RECHALLENGE 5 /* We've sent another challenge */ -#define CHAPSS_BADAUTH 6 /* We've sent a Failure msg */ +typedef int (chap_check_hook_fn)(void); +extern chap_check_hook_fn *chap_check_hook; /* - * Timeouts. + * A plugin can chose to supply its own user and password overriding whatever + * has been provided by the configuration. Hook is only valid when pppd is + * acting as a client. + * + * The maximum size of the user argument is always MAXNAMELEN + * The length of the password is always MAXWORDLEN, however; secrets can't be + * longer than MAXSECRETLEN + * + * Return a value < 0 to fail the connection. */ -#define CHAP_DEFTIMEOUT 3 /* Timeout time in seconds */ -#define CHAP_DEFTRANSMITS 10 /* max # times to send challenge */ +typedef int (chap_passwd_hook_fn)(char *user, char *password); +extern chap_passwd_hook_fn *chap_passwd_hook; -extern chap_state chap[]; +/* + * A plugin can chose to replace the default chap_verify_response function with + * one of their own. + */ +typedef int (chap_verify_hook_fn)(char *name, char *ourname, int id, + struct chap_digest_type *digest, + unsigned char *challenge, unsigned char *response, + char *message, int message_space); +extern chap_verify_hook_fn *chap_verify_hook; + +/* Called by digest code to register a digest type */ +extern void chap_register_digest(struct chap_digest_type *); -void ChapAuthWithPeer __P((int, char *, int)); -void ChapAuthPeer __P((int, char *, int)); +/* Lookup a digest handler by type */ +extern struct chap_digest_type *chap_find_digest(int digest_code); +/* Called by authentication code to start authenticating the peer. */ +extern void chap_auth_peer(int unit, char *our_name, int digest_code); + +/* Called by auth. code to start authenticating us to the peer. */ +extern void chap_auth_with_peer(int unit, char *our_name, int digest_code); + +/* Represents the CHAP protocol to the main pppd code */ extern struct protent chap_protent; -#define __CHAP_INCLUDE__ -#endif /* __CHAP_INCLUDE__ */ +#ifdef __cplusplus +} +#endif + +#endif // PPP_CHAP_NEW_H