pppd/chap.c

   1 /*
   2  * chap.c - Challenge Handshake Authentication Protocol.
   3  *
   4  * Copyright (c) 1993 The Australian National University.
   5  * All rights reserved.
   6  *
   7  * Redistribution and use in source and binary forms are permitted
   8  * provided that the above copyright notice and this paragraph are
   9  * duplicated in all such forms and that any documentation,
  10  * advertising materials, and other materials related to such
  11  * distribution and use acknowledge that the software was developed
  12  * by the Australian National University.  The name of the University
  13  * may not be used to endorse or promote products derived from this
  14  * software without specific prior written permission.
  15  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  16  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  17  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  18  *
  19  * Copyright (c) 1991 Gregory M. Christy.
  20  * All rights reserved.
  21  *
  22  * Redistribution and use in source and binary forms are permitted
  23  * provided that the above copyright notice and this paragraph are
  24  * duplicated in all such forms and that any documentation,
  25  * advertising materials, and other materials related to such
  26  * distribution and use acknowledge that the software was developed
  27  * by Gregory M. Christy.  The name of the author may not be used to
  28  * endorse or promote products derived from this software without
  29  * specific prior written permission.
  30  *
  31  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
  32  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
  33  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
  34  */
  35
  36 #ifndef lint
  37 static char rcsid[] = "$Id: chap.c,v 1.17 1999/02/26 10:38:51 paulus Exp $";
  38 #endif
  39
  40 /*
  41  * TODO:
  42  */
  43
  44 #include <stdio.h>
  45 #include <string.h>
  46 #include <sys/types.h>
  47 #include <sys/time.h>
  48 #include <syslog.h>
  49
  50 #include "pppd.h"
  51 #include "chap.h"
  52 #include "md5.h"
  53 #ifdef CHAPMS
  54 #include "chap_ms.h"
  55 #endif
  56
  57 /*
  58  * Command-line options.
  59  */
  60 static option_t chap_option_list[] = {
  61     { "chap-restart", o_int, &chap[0].timeouttime,
  62       "Set timeout for CHAP" },
  63     { "chap-max-challenge", o_int, &chap[0].max_transmits,
  64       "Set max #xmits for challenge" },
  65     { "chap-interval", o_int, &chap[0].chal_interval,
  66       "Set interval for rechallenge" },
  67 #ifdef MSLANMAN
  68     { "ms-lanman", o_bool, &ms_lanman,
  69       "Use LanMan passwd when using MS-CHAP", 1 },
  70 #endif
  71     { NULL }
  72 };
  73
  74 /*
  75  * Protocol entry points.
  76  */
  77 static void ChapInit __P((int));
  78 static void ChapLowerUp __P((int));
  79 static void ChapLowerDown __P((int));
  80 static void ChapInput __P((int, u_char *, int));
  81 static void ChapProtocolReject __P((int));
  82 static int  ChapPrintPkt __P((u_char *, int,
  83                               void (*) __P((void *, char *, ...)), void *));
  84
  85 struct protent chap_protent = {
  86     PPP_CHAP,
  87     ChapInit,
  88     ChapInput,
  89     ChapProtocolReject,
  90     ChapLowerUp,
  91     ChapLowerDown,
  92     NULL,
  93     NULL,
  94     ChapPrintPkt,
  95     NULL,
  96     1,
  97     "CHAP",
  98     chap_option_list,
  99     NULL,
 100     NULL,
 101     NULL
 102 };
 103
 104 chap_state chap[NUM_PPP];               /* CHAP state; one for each unit */
 105
 106 static void ChapChallengeTimeout __P((void *));
 107 static void ChapResponseTimeout __P((void *));
 108 static void ChapReceiveChallenge __P((chap_state *, u_char *, int, int));
 109 static void ChapRechallenge __P((void *));
 110 static void ChapReceiveResponse __P((chap_state *, u_char *, int, int));
 111 static void ChapReceiveSuccess __P((chap_state *, u_char *, int, int));
 112 static void ChapReceiveFailure __P((chap_state *, u_char *, int, int));
 113 static void ChapSendStatus __P((chap_state *, int));
 114 static void ChapSendChallenge __P((chap_state *));
 115 static void ChapSendResponse __P((chap_state *));
 116 static void ChapGenChallenge __P((chap_state *));
 117
 118 extern double drand48 __P((void));
 119 extern void srand48 __P((long));
 120
 121 /*
 122  * ChapInit - Initialize a CHAP unit.
 123  */
 124 static void
 125 ChapInit(unit)
 126     int unit;
 127 {
 128     chap_state *cstate = &chap[unit];
 129
 130     BZERO(cstate, sizeof(*cstate));
 131     cstate->unit = unit;
 132     cstate->clientstate = CHAPCS_INITIAL;
 133     cstate->serverstate = CHAPSS_INITIAL;
 134     cstate->timeouttime = CHAP_DEFTIMEOUT;
 135     cstate->max_transmits = CHAP_DEFTRANSMITS;
 136     /* random number generator is initialized in magic_init */
 137 }
 138
 139
 140 /*
 141  * ChapAuthWithPeer - Authenticate us with our peer (start client).
 142  *
 143  */
 144 void
 145 ChapAuthWithPeer(unit, our_name, digest)
 146     int unit;
 147     char *our_name;
 148     int digest;
 149 {
 150     chap_state *cstate = &chap[unit];
 151
 152     cstate->resp_name = our_name;
 153     cstate->resp_type = digest;
 154
 155     if (cstate->clientstate == CHAPCS_INITIAL ||
 156         cstate->clientstate == CHAPCS_PENDING) {
 157         /* lower layer isn't up - wait until later */
 158         cstate->clientstate = CHAPCS_PENDING;
 159         return;
 160     }
 161
 162     /*
 163      * We get here as a result of LCP coming up.
 164      * So even if CHAP was open before, we will
 165      * have to re-authenticate ourselves.
 166      */
 167     cstate->clientstate = CHAPCS_LISTEN;
 168 }
 169
 170
 171 /*
 172  * ChapAuthPeer - Authenticate our peer (start server).
 173  */
 174 void
 175 ChapAuthPeer(unit, our_name, digest)
 176     int unit;
 177     char *our_name;
 178     int digest;
 179 {
 180     chap_state *cstate = &chap[unit];
 181
 182     cstate->chal_name = our_name;
 183     cstate->chal_type = digest;
 184
 185     if (cstate->serverstate == CHAPSS_INITIAL ||
 186         cstate->serverstate == CHAPSS_PENDING) {
 187         /* lower layer isn't up - wait until later */
 188         cstate->serverstate = CHAPSS_PENDING;
 189         return;
 190     }
 191
 192     ChapGenChallenge(cstate);
 193     ChapSendChallenge(cstate);          /* crank it up dude! */
 194     cstate->serverstate = CHAPSS_INITIAL_CHAL;
 195 }
 196
 197
 198 /*
 199  * ChapChallengeTimeout - Timeout expired on sending challenge.
 200  */
 201 static void
 202 ChapChallengeTimeout(arg)
 203     void *arg;
 204 {
 205     chap_state *cstate = (chap_state *) arg;
 206
 207     /* if we aren't sending challenges, don't worry.  then again we */
 208     /* probably shouldn't be here either */
 209     if (cstate->serverstate != CHAPSS_INITIAL_CHAL &&
 210         cstate->serverstate != CHAPSS_RECHALLENGE)
 211         return;
 212
 213     if (cstate->chal_transmits >= cstate->max_transmits) {
 214         /* give up on peer */
 215         syslog(LOG_ERR, "Peer failed to respond to CHAP challenge");
 216         cstate->serverstate = CHAPSS_BADAUTH;
 217         auth_peer_fail(cstate->unit, PPP_CHAP);
 218         return;
 219     }
 220
 221     ChapSendChallenge(cstate);          /* Re-send challenge */
 222 }
 223
 224
 225 /*
 226  * ChapResponseTimeout - Timeout expired on sending response.
 227  */
 228 static void
 229 ChapResponseTimeout(arg)
 230     void *arg;
 231 {
 232     chap_state *cstate = (chap_state *) arg;
 233
 234     /* if we aren't sending a response, don't worry. */
 235     if (cstate->clientstate != CHAPCS_RESPONSE)
 236         return;
 237
 238     ChapSendResponse(cstate);           /* re-send response */
 239 }
 240
 241
 242 /*
 243  * ChapRechallenge - Time to challenge the peer again.
 244  */
 245 static void
 246 ChapRechallenge(arg)
 247     void *arg;
 248 {
 249     chap_state *cstate = (chap_state *) arg;
 250
 251     /* if we aren't sending a response, don't worry. */
 252     if (cstate->serverstate != CHAPSS_OPEN)
 253         return;
 254
 255     ChapGenChallenge(cstate);
 256     ChapSendChallenge(cstate);
 257     cstate->serverstate = CHAPSS_RECHALLENGE;
 258 }
 259
 260
 261 /*
 262  * ChapLowerUp - The lower layer is up.
 263  *
 264  * Start up if we have pending requests.
 265  */
 266 static void
 267 ChapLowerUp(unit)
 268     int unit;
 269 {
 270     chap_state *cstate = &chap[unit];
 271
 272     if (cstate->clientstate == CHAPCS_INITIAL)
 273         cstate->clientstate = CHAPCS_CLOSED;
 274     else if (cstate->clientstate == CHAPCS_PENDING)
 275         cstate->clientstate = CHAPCS_LISTEN;
 276
 277     if (cstate->serverstate == CHAPSS_INITIAL)
 278         cstate->serverstate = CHAPSS_CLOSED;
 279     else if (cstate->serverstate == CHAPSS_PENDING) {
 280         ChapGenChallenge(cstate);
 281         ChapSendChallenge(cstate);
 282         cstate->serverstate = CHAPSS_INITIAL_CHAL;
 283     }
 284 }
 285
 286
 287 /*
 288  * ChapLowerDown - The lower layer is down.
 289  *
 290  * Cancel all timeouts.
 291  */
 292 static void
 293 ChapLowerDown(unit)
 294     int unit;
 295 {
 296     chap_state *cstate = &chap[unit];
 297
 298     /* Timeout(s) pending?  Cancel if so. */
 299     if (cstate->serverstate == CHAPSS_INITIAL_CHAL ||
 300         cstate->serverstate == CHAPSS_RECHALLENGE)
 301         UNTIMEOUT(ChapChallengeTimeout, cstate);
 302     else if (cstate->serverstate == CHAPSS_OPEN
 303              && cstate->chal_interval != 0)
 304         UNTIMEOUT(ChapRechallenge, cstate);
 305     if (cstate->clientstate == CHAPCS_RESPONSE)
 306         UNTIMEOUT(ChapResponseTimeout, cstate);
 307
 308     cstate->clientstate = CHAPCS_INITIAL;
 309     cstate->serverstate = CHAPSS_INITIAL;
 310 }
 311
 312
 313 /*
 314  * ChapProtocolReject - Peer doesn't grok CHAP.
 315  */
 316 static void
 317 ChapProtocolReject(unit)
 318     int unit;
 319 {
 320     chap_state *cstate = &chap[unit];
 321
 322     if (cstate->serverstate != CHAPSS_INITIAL &&
 323         cstate->serverstate != CHAPSS_CLOSED)
 324         auth_peer_fail(unit, PPP_CHAP);
 325     if (cstate->clientstate != CHAPCS_INITIAL &&
 326         cstate->clientstate != CHAPCS_CLOSED)
 327         auth_withpeer_fail(unit, PPP_CHAP);
 328     ChapLowerDown(unit);                /* shutdown chap */
 329 }
 330
 331
 332 /*
 333  * ChapInput - Input CHAP packet.
 334  */
 335 static void
 336 ChapInput(unit, inpacket, packet_len)
 337     int unit;
 338     u_char *inpacket;
 339     int packet_len;
 340 {
 341     chap_state *cstate = &chap[unit];
 342     u_char *inp;
 343     u_char code, id;
 344     int len;
 345
 346     /*
 347      * Parse header (code, id and length).
 348      * If packet too short, drop it.
 349      */
 350     inp = inpacket;
 351     if (packet_len < CHAP_HEADERLEN) {
 352         CHAPDEBUG((LOG_INFO, "ChapInput: rcvd short header."));
 353         return;
 354     }
 355     GETCHAR(code, inp);
 356     GETCHAR(id, inp);
 357     GETSHORT(len, inp);
 358     if (len < CHAP_HEADERLEN) {
 359         CHAPDEBUG((LOG_INFO, "ChapInput: rcvd illegal length."));
 360         return;
 361     }
 362     if (len > packet_len) {
 363         CHAPDEBUG((LOG_INFO, "ChapInput: rcvd short packet."));
 364         return;
 365     }
 366     len -= CHAP_HEADERLEN;
 367
 368     /*
 369      * Action depends on code (as in fact it usually does :-).
 370      */
 371     switch (code) {
 372     case CHAP_CHALLENGE:
 373         ChapReceiveChallenge(cstate, inp, id, len);
 374         break;
 375
 376     case CHAP_RESPONSE:
 377         ChapReceiveResponse(cstate, inp, id, len);
 378         break;
 379
 380     case CHAP_FAILURE:
 381         ChapReceiveFailure(cstate, inp, id, len);
 382         break;
 383
 384     case CHAP_SUCCESS:
 385         ChapReceiveSuccess(cstate, inp, id, len);
 386         break;
 387
 388     default:                            /* Need code reject? */
 389         syslog(LOG_WARNING, "Unknown CHAP code (%d) received.", code);
 390         break;
 391     }
 392 }
 393
 394
 395 /*
 396  * ChapReceiveChallenge - Receive Challenge and send Response.
 397  */
 398 static void
 399 ChapReceiveChallenge(cstate, inp, id, len)
 400     chap_state *cstate;
 401     u_char *inp;
 402     int id;
 403     int len;
 404 {
 405     int rchallenge_len;
 406     u_char *rchallenge;
 407     int secret_len;
 408     char secret[MAXSECRETLEN];
 409     char rhostname[256];
 410     MD5_CTX mdContext;
 411     u_char hash[MD5_SIGNATURE_SIZE];
 412
 413     CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: Rcvd id %d.", id));
 414     if (cstate->clientstate == CHAPCS_CLOSED ||
 415         cstate->clientstate == CHAPCS_PENDING) {
 416         CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: in state %d",
 417                    cstate->clientstate));
 418         return;
 419     }
 420
 421     if (len < 2) {
 422         CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: rcvd short packet."));
 423         return;
 424     }
 425
 426     GETCHAR(rchallenge_len, inp);
 427     len -= sizeof (u_char) + rchallenge_len;    /* now name field length */
 428     if (len < 0) {
 429         CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: rcvd short packet."));
 430         return;
 431     }
 432     rchallenge = inp;
 433     INCPTR(rchallenge_len, inp);
 434
 435     if (len >= sizeof(rhostname))
 436         len = sizeof(rhostname) - 1;
 437     BCOPY(inp, rhostname, len);
 438     rhostname[len] = '\000';
 439
 440     CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: received name field '%s'",
 441                rhostname));
 442
 443     /* Microsoft doesn't send their name back in the PPP packet */
 444     if (remote_name[0] != 0 && (explicit_remote || rhostname[0] == 0)) {
 445         strncpy(rhostname, remote_name, sizeof(rhostname));
 446         rhostname[sizeof(rhostname) - 1] = 0;
 447         CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: using '%s' as remote name",
 448                    rhostname));
 449     }
 450
 451     /* get secret for authenticating ourselves with the specified host */
 452     if (!get_secret(cstate->unit, cstate->resp_name, rhostname,
 453                     secret, &secret_len, 0)) {
 454         secret_len = 0;         /* assume null secret if can't find one */
 455         syslog(LOG_WARNING, "No CHAP secret found for authenticating us to %s",
 456                rhostname);
 457     }
 458
 459     /* cancel response send timeout if necessary */
 460     if (cstate->clientstate == CHAPCS_RESPONSE)
 461         UNTIMEOUT(ChapResponseTimeout, cstate);
 462
 463     cstate->resp_id = id;
 464     cstate->resp_transmits = 0;
 465
 466     /*  generate MD based on negotiated type */
 467     switch (cstate->resp_type) {
 468
 469     case CHAP_DIGEST_MD5:
 470         MD5Init(&mdContext);
 471         MD5Update(&mdContext, &cstate->resp_id, 1);
 472         MD5Update(&mdContext, secret, secret_len);
 473         MD5Update(&mdContext, rchallenge, rchallenge_len);
 474         MD5Final(hash, &mdContext);
 475         BCOPY(hash, cstate->response, MD5_SIGNATURE_SIZE);
 476         cstate->resp_length = MD5_SIGNATURE_SIZE;
 477         break;
 478
 479 #ifdef CHAPMS
 480     case CHAP_MICROSOFT:
 481         ChapMS(cstate, rchallenge, rchallenge_len, secret, secret_len);
 482         break;
 483 #endif
 484
 485     default:
 486         CHAPDEBUG((LOG_INFO, "unknown digest type %d", cstate->resp_type));
 487         return;
 488     }
 489
 490     BZERO(secret, sizeof(secret));
 491     ChapSendResponse(cstate);
 492 }
 493
 494
 495 /*
 496  * ChapReceiveResponse - Receive and process response.
 497  */
 498 static void
 499 ChapReceiveResponse(cstate, inp, id, len)
 500     chap_state *cstate;
 501     u_char *inp;
 502     int id;
 503     int len;
 504 {
 505     u_char *remmd, remmd_len;
 506     int secret_len, old_state;
 507     int code;
 508     char rhostname[256];
 509     MD5_CTX mdContext;
 510     char secret[MAXSECRETLEN];
 511     u_char hash[MD5_SIGNATURE_SIZE];
 512
 513     CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: Rcvd id %d.", id));
 514
 515     if (cstate->serverstate == CHAPSS_CLOSED ||
 516         cstate->serverstate == CHAPSS_PENDING) {
 517         CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: in state %d",
 518                    cstate->serverstate));
 519         return;
 520     }
 521
 522     if (id != cstate->chal_id)
 523         return;                 /* doesn't match ID of last challenge */
 524
 525     /*
 526      * If we have received a duplicate or bogus Response,
 527      * we have to send the same answer (Success/Failure)
 528      * as we did for the first Response we saw.
 529      */
 530     if (cstate->serverstate == CHAPSS_OPEN) {
 531         ChapSendStatus(cstate, CHAP_SUCCESS);
 532         return;
 533     }
 534     if (cstate->serverstate == CHAPSS_BADAUTH) {
 535         ChapSendStatus(cstate, CHAP_FAILURE);
 536         return;
 537     }
 538
 539     if (len < 2) {
 540         CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: rcvd short packet."));
 541         return;
 542     }
 543     GETCHAR(remmd_len, inp);            /* get length of MD */
 544     remmd = inp;                        /* get pointer to MD */
 545     INCPTR(remmd_len, inp);
 546
 547     len -= sizeof (u_char) + remmd_len;
 548     if (len < 0) {
 549         CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: rcvd short packet."));
 550         return;
 551     }
 552
 553     UNTIMEOUT(ChapChallengeTimeout, cstate);
 554
 555     if (len >= sizeof(rhostname))
 556         len = sizeof(rhostname) - 1;
 557     BCOPY(inp, rhostname, len);
 558     rhostname[len] = '\000';
 559
 560     CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: received name field: %s",
 561                rhostname));
 562
 563     /*
 564      * Get secret for authenticating them with us,
 565      * do the hash ourselves, and compare the result.
 566      */
 567     code = CHAP_FAILURE;
 568     if (!get_secret(cstate->unit, rhostname, cstate->chal_name,
 569                    secret, &secret_len, 1)) {
 570         syslog(LOG_WARNING, "No CHAP secret found for authenticating %s",
 571                rhostname);
 572     } else {
 573
 574         /*  generate MD based on negotiated type */
 575         switch (cstate->chal_type) {
 576
 577         case CHAP_DIGEST_MD5:           /* only MD5 is defined for now */
 578             if (remmd_len != MD5_SIGNATURE_SIZE)
 579                 break;                  /* it's not even the right length */
 580             MD5Init(&mdContext);
 581             MD5Update(&mdContext, &cstate->chal_id, 1);
 582             MD5Update(&mdContext, secret, secret_len);
 583             MD5Update(&mdContext, cstate->challenge, cstate->chal_len);
 584             MD5Final(hash, &mdContext);
 585
 586             /* compare local and remote MDs and send the appropriate status */
 587             if (memcmp (hash, remmd, MD5_SIGNATURE_SIZE) == 0)
 588                 code = CHAP_SUCCESS;    /* they are the same! */
 589             break;
 590
 591         default:
 592             CHAPDEBUG((LOG_INFO, "unknown digest type %d", cstate->chal_type));
 593         }
 594     }
 595
 596     BZERO(secret, sizeof(secret));
 597     ChapSendStatus(cstate, code);
 598
 599     if (code == CHAP_SUCCESS) {
 600         old_state = cstate->serverstate;
 601         cstate->serverstate = CHAPSS_OPEN;
 602         if (old_state == CHAPSS_INITIAL_CHAL) {
 603             auth_peer_success(cstate->unit, PPP_CHAP, rhostname, len);
 604         }
 605         if (cstate->chal_interval != 0)
 606             TIMEOUT(ChapRechallenge, cstate, cstate->chal_interval);
 607         syslog(LOG_NOTICE, "CHAP peer authentication succeeded for %s",
 608                rhostname);
 609
 610     } else {
 611         syslog(LOG_ERR, "CHAP peer authentication failed for remote host %s",
 612                rhostname);
 613         cstate->serverstate = CHAPSS_BADAUTH;
 614         auth_peer_fail(cstate->unit, PPP_CHAP);
 615     }
 616 }
 617
 618 /*
 619  * ChapReceiveSuccess - Receive Success
 620  */
 621 static void
 622 ChapReceiveSuccess(cstate, inp, id, len)
 623     chap_state *cstate;
 624     u_char *inp;
 625     u_char id;
 626     int len;
 627 {
 628
 629     CHAPDEBUG((LOG_INFO, "ChapReceiveSuccess: Rcvd id %d.", id));
 630
 631     if (cstate->clientstate == CHAPCS_OPEN)
 632         /* presumably an answer to a duplicate response */
 633         return;
 634
 635     if (cstate->clientstate != CHAPCS_RESPONSE) {
 636         /* don't know what this is */
 637         CHAPDEBUG((LOG_INFO, "ChapReceiveSuccess: in state %d\n",
 638                    cstate->clientstate));
 639         return;
 640     }
 641
 642     UNTIMEOUT(ChapResponseTimeout, cstate);
 643
 644     /*
 645      * Print message.
 646      */
 647     if (len > 0)
 648         PRINTMSG(inp, len);
 649
 650     cstate->clientstate = CHAPCS_OPEN;
 651
 652     auth_withpeer_success(cstate->unit, PPP_CHAP);
 653 }
 654
 655
 656 /*
 657  * ChapReceiveFailure - Receive failure.
 658  */
 659 static void
 660 ChapReceiveFailure(cstate, inp, id, len)
 661     chap_state *cstate;
 662     u_char *inp;
 663     u_char id;
 664     int len;
 665 {
 666     CHAPDEBUG((LOG_INFO, "ChapReceiveFailure: Rcvd id %d.", id));
 667
 668     if (cstate->clientstate != CHAPCS_RESPONSE) {
 669         /* don't know what this is */
 670         CHAPDEBUG((LOG_INFO, "ChapReceiveFailure: in state %d\n",
 671                    cstate->clientstate));
 672         return;
 673     }
 674
 675     UNTIMEOUT(ChapResponseTimeout, cstate);
 676
 677     /*
 678      * Print message.
 679      */
 680     if (len > 0)
 681         PRINTMSG(inp, len);
 682
 683     syslog(LOG_ERR, "CHAP authentication failed");
 684     auth_withpeer_fail(cstate->unit, PPP_CHAP);
 685 }
 686
 687
 688 /*
 689  * ChapSendChallenge - Send an Authenticate challenge.
 690  */
 691 static void
 692 ChapSendChallenge(cstate)
 693     chap_state *cstate;
 694 {
 695     u_char *outp;
 696     int chal_len, name_len;
 697     int outlen;
 698
 699     chal_len = cstate->chal_len;
 700     name_len = strlen(cstate->chal_name);
 701     outlen = CHAP_HEADERLEN + sizeof (u_char) + chal_len + name_len;
 702     outp = outpacket_buf;
 703
 704     MAKEHEADER(outp, PPP_CHAP);         /* paste in a CHAP header */
 705
 706     PUTCHAR(CHAP_CHALLENGE, outp);
 707     PUTCHAR(cstate->chal_id, outp);
 708     PUTSHORT(outlen, outp);
 709
 710     PUTCHAR(chal_len, outp);            /* put length of challenge */
 711     BCOPY(cstate->challenge, outp, chal_len);
 712     INCPTR(chal_len, outp);
 713
 714     BCOPY(cstate->chal_name, outp, name_len);   /* append hostname */
 715
 716     output(cstate->unit, outpacket_buf, outlen + PPP_HDRLEN);
 717
 718     CHAPDEBUG((LOG_INFO, "ChapSendChallenge: Sent id %d.", cstate->chal_id));
 719
 720     TIMEOUT(ChapChallengeTimeout, cstate, cstate->timeouttime);
 721     ++cstate->chal_transmits;
 722 }
 723
 724
 725 /*
 726  * ChapSendStatus - Send a status response (ack or nak).
 727  */
 728 static void
 729 ChapSendStatus(cstate, code)
 730     chap_state *cstate;
 731     int code;
 732 {
 733     u_char *outp;
 734     int outlen, msglen;
 735     char msg[256];
 736
 737     if (code == CHAP_SUCCESS)
 738         sprintf(msg, "Welcome to %s.", hostname);
 739     else
 740         sprintf(msg, "I don't like you.  Go 'way.");
 741     msglen = strlen(msg);
 742
 743     outlen = CHAP_HEADERLEN + msglen;
 744     outp = outpacket_buf;
 745
 746     MAKEHEADER(outp, PPP_CHAP); /* paste in a header */
 747
 748     PUTCHAR(code, outp);
 749     PUTCHAR(cstate->chal_id, outp);
 750     PUTSHORT(outlen, outp);
 751     BCOPY(msg, outp, msglen);
 752     output(cstate->unit, outpacket_buf, outlen + PPP_HDRLEN);
 753
 754     CHAPDEBUG((LOG_INFO, "ChapSendStatus: Sent code %d, id %d.", code,
 755                cstate->chal_id));
 756 }
 757
 758 /*
 759  * ChapGenChallenge is used to generate a pseudo-random challenge string of
 760  * a pseudo-random length between min_len and max_len.  The challenge
 761  * string and its length are stored in *cstate, and various other fields of
 762  * *cstate are initialized.
 763  */
 764
 765 static void
 766 ChapGenChallenge(cstate)
 767     chap_state *cstate;
 768 {
 769     int chal_len;
 770     u_char *ptr = cstate->challenge;
 771     unsigned int i;
 772
 773     /* pick a random challenge length between MIN_CHALLENGE_LENGTH and
 774        MAX_CHALLENGE_LENGTH */
 775     chal_len =  (unsigned) ((drand48() *
 776                              (MAX_CHALLENGE_LENGTH - MIN_CHALLENGE_LENGTH)) +
 777                             MIN_CHALLENGE_LENGTH);
 778     cstate->chal_len = chal_len;
 779     cstate->chal_id = ++cstate->id;
 780     cstate->chal_transmits = 0;
 781
 782     /* generate a random string */
 783     for (i = 0; i < chal_len; i++ )
 784         *ptr++ = (char) (drand48() * 0xff);
 785 }
 786
 787 /*
 788  * ChapSendResponse - send a response packet with values as specified
 789  * in *cstate.
 790  */
 791 /* ARGSUSED */
 792 static void
 793 ChapSendResponse(cstate)
 794     chap_state *cstate;
 795 {
 796     u_char *outp;
 797     int outlen, md_len, name_len;
 798
 799     md_len = cstate->resp_length;
 800     name_len = strlen(cstate->resp_name);
 801     outlen = CHAP_HEADERLEN + sizeof (u_char) + md_len + name_len;
 802     outp = outpacket_buf;
 803
 804     MAKEHEADER(outp, PPP_CHAP);
 805
 806     PUTCHAR(CHAP_RESPONSE, outp);       /* we are a response */
 807     PUTCHAR(cstate->resp_id, outp);     /* copy id from challenge packet */
 808     PUTSHORT(outlen, outp);             /* packet length */
 809
 810     PUTCHAR(md_len, outp);              /* length of MD */
 811     BCOPY(cstate->response, outp, md_len);      /* copy MD to buffer */
 812     INCPTR(md_len, outp);
 813
 814     BCOPY(cstate->resp_name, outp, name_len); /* append our name */
 815
 816     /* send the packet */
 817     output(cstate->unit, outpacket_buf, outlen + PPP_HDRLEN);
 818
 819     cstate->clientstate = CHAPCS_RESPONSE;
 820     TIMEOUT(ChapResponseTimeout, cstate, cstate->timeouttime);
 821     ++cstate->resp_transmits;
 822 }
 823
 824 /*
 825  * ChapPrintPkt - print the contents of a CHAP packet.
 826  */
 827 static char *ChapCodenames[] = {
 828     "Challenge", "Response", "Success", "Failure"
 829 };
 830
 831 static int
 832 ChapPrintPkt(p, plen, printer, arg)
 833     u_char *p;
 834     int plen;
 835     void (*printer) __P((void *, char *, ...));
 836     void *arg;
 837 {
 838     int code, id, len;
 839     int clen, nlen;
 840     u_char x;
 841
 842     if (plen < CHAP_HEADERLEN)
 843         return 0;
 844     GETCHAR(code, p);
 845     GETCHAR(id, p);
 846     GETSHORT(len, p);
 847     if (len < CHAP_HEADERLEN || len > plen)
 848         return 0;
 849
 850     if (code >= 1 && code <= sizeof(ChapCodenames) / sizeof(char *))
 851         printer(arg, " %s", ChapCodenames[code-1]);
 852     else
 853         printer(arg, " code=0x%x", code);
 854     printer(arg, " id=0x%x", id);
 855     len -= CHAP_HEADERLEN;
 856     switch (code) {
 857     case CHAP_CHALLENGE:
 858     case CHAP_RESPONSE:
 859         if (len < 1)
 860             break;
 861         clen = p[0];
 862         if (len < clen + 1)
 863             break;
 864         ++p;
 865         nlen = len - clen - 1;
 866         printer(arg, " <");
 867         for (; clen > 0; --clen) {
 868             GETCHAR(x, p);
 869             printer(arg, "%.2x", x);
 870         }
 871         printer(arg, ">, name = ");
 872         print_string((char *)p, nlen, printer, arg);
 873         break;
 874     case CHAP_FAILURE:
 875     case CHAP_SUCCESS:
 876         printer(arg, " ");
 877         print_string((char *)p, len, printer, arg);
 878         break;
 879     default:
 880         for (clen = len; clen > 0; --clen) {
 881             GETCHAR(x, p);
 882             printer(arg, " %.2x", x);
 883         }
 884     }
 885
 886     return len + CHAP_HEADERLEN;
 887 }