priv: Narrow down privileges
[dragonfly.git] / usr.sbin / pppd / chap.c
blob0ac63e30ad05c09410fb8490f7a75154c418f788
1 /*
2 * chap.c - Challenge Handshake Authentication Protocol.
4 * Copyright (c) 1993 The Australian National University.
5 * All rights reserved.
7 * Redistribution and use in source and binary forms are permitted
8 * provided that the above copyright notice and this paragraph are
9 * duplicated in all such forms and that any documentation,
10 * advertising materials, and other materials related to such
11 * distribution and use acknowledge that the software was developed
12 * by the Australian National University. The name of the University
13 * may not be used to endorse or promote products derived from this
14 * software without specific prior written permission.
15 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
17 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
19 * Copyright (c) 1991 Gregory M. Christy.
20 * All rights reserved.
22 * Redistribution and use in source and binary forms are permitted
23 * provided that the above copyright notice and this paragraph are
24 * duplicated in all such forms and that any documentation,
25 * advertising materials, and other materials related to such
26 * distribution and use acknowledge that the software was developed
27 * by Gregory M. Christy. The name of the author may not be used to
28 * endorse or promote products derived from this software without
29 * specific prior written permission.
31 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
32 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
33 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
35 * $FreeBSD: src/usr.sbin/pppd/chap.c,v 1.10 1999/08/28 01:19:01 peter Exp $
36 * $DragonFly: src/usr.sbin/pppd/chap.c,v 1.4 2005/11/24 23:42:54 swildner Exp $
40 * TODO:
43 #include <stdio.h>
44 #include <string.h>
45 #include <sys/types.h>
46 #include <sys/time.h>
47 #include <syslog.h>
48 #include <md5.h>
50 #include "pppd.h"
51 #include "chap.h"
52 #include "md5.h"
53 #ifdef CHAPMS
54 #include "chap_ms.h"
55 #endif
58 * Protocol entry points.
60 static void ChapInit(int);
61 static void ChapLowerUp(int);
62 static void ChapLowerDown(int);
63 static void ChapInput(int, u_char *, int);
64 static void ChapProtocolReject(int);
65 static int ChapPrintPkt(u_char *, int,
66 void (*)(void *, char *, ...), void *);
68 struct protent chap_protent = {
69 PPP_CHAP,
70 ChapInit,
71 ChapInput,
72 ChapProtocolReject,
73 ChapLowerUp,
74 ChapLowerDown,
75 NULL,
76 NULL,
77 ChapPrintPkt,
78 NULL,
80 "CHAP",
81 NULL,
82 NULL,
83 NULL
86 chap_state chap[NUM_PPP]; /* CHAP state; one for each unit */
88 static void ChapChallengeTimeout(void *);
89 static void ChapResponseTimeout(void *);
90 static void ChapReceiveChallenge(chap_state *, u_char *, int, int);
91 static void ChapRechallenge(void *);
92 static void ChapReceiveResponse(chap_state *, u_char *, int, int);
93 static void ChapReceiveSuccess(chap_state *, u_char *, int, int);
94 static void ChapReceiveFailure(chap_state *, u_char *, int, int);
95 static void ChapSendStatus(chap_state *, int);
96 static void ChapSendChallenge(chap_state *);
97 static void ChapSendResponse(chap_state *);
98 static void ChapGenChallenge(chap_state *);
100 extern double drand48(void);
101 extern void srand48(long);
104 * ChapInit - Initialize a CHAP unit.
106 static void
107 ChapInit(int unit)
109 chap_state *cstate = &chap[unit];
111 BZERO(cstate, sizeof(*cstate));
112 cstate->unit = unit;
113 cstate->clientstate = CHAPCS_INITIAL;
114 cstate->serverstate = CHAPSS_INITIAL;
115 cstate->timeouttime = CHAP_DEFTIMEOUT;
116 cstate->max_transmits = CHAP_DEFTRANSMITS;
117 /* random number generator is initialized in magic_init */
122 * ChapAuthWithPeer - Authenticate us with our peer (start client).
125 void
126 ChapAuthWithPeer(int unit, char *our_name, int digest)
128 chap_state *cstate = &chap[unit];
130 cstate->resp_name = our_name;
131 cstate->resp_type = digest;
133 if (cstate->clientstate == CHAPCS_INITIAL ||
134 cstate->clientstate == CHAPCS_PENDING) {
135 /* lower layer isn't up - wait until later */
136 cstate->clientstate = CHAPCS_PENDING;
137 return;
141 * We get here as a result of LCP coming up.
142 * So even if CHAP was open before, we will
143 * have to re-authenticate ourselves.
145 cstate->clientstate = CHAPCS_LISTEN;
150 * ChapAuthPeer - Authenticate our peer (start server).
152 void
153 ChapAuthPeer(int unit, char *our_name, int digest)
155 chap_state *cstate = &chap[unit];
157 cstate->chal_name = our_name;
158 cstate->chal_type = digest;
160 if (cstate->serverstate == CHAPSS_INITIAL ||
161 cstate->serverstate == CHAPSS_PENDING) {
162 /* lower layer isn't up - wait until later */
163 cstate->serverstate = CHAPSS_PENDING;
164 return;
167 ChapGenChallenge(cstate);
168 ChapSendChallenge(cstate); /* crank it up dude! */
169 cstate->serverstate = CHAPSS_INITIAL_CHAL;
174 * ChapChallengeTimeout - Timeout expired on sending challenge.
176 static void
177 ChapChallengeTimeout(void *arg)
179 chap_state *cstate = (chap_state *) arg;
181 /* if we aren't sending challenges, don't worry. then again we */
182 /* probably shouldn't be here either */
183 if (cstate->serverstate != CHAPSS_INITIAL_CHAL &&
184 cstate->serverstate != CHAPSS_RECHALLENGE)
185 return;
187 if (cstate->chal_transmits >= cstate->max_transmits) {
188 /* give up on peer */
189 syslog(LOG_ERR, "Peer failed to respond to CHAP challenge");
190 cstate->serverstate = CHAPSS_BADAUTH;
191 auth_peer_fail(cstate->unit, PPP_CHAP);
192 return;
195 ChapSendChallenge(cstate); /* Re-send challenge */
200 * ChapResponseTimeout - Timeout expired on sending response.
202 static void
203 ChapResponseTimeout(void *arg)
205 chap_state *cstate = (chap_state *) arg;
207 /* if we aren't sending a response, don't worry. */
208 if (cstate->clientstate != CHAPCS_RESPONSE)
209 return;
211 ChapSendResponse(cstate); /* re-send response */
216 * ChapRechallenge - Time to challenge the peer again.
218 static void
219 ChapRechallenge(void *arg)
221 chap_state *cstate = (chap_state *) arg;
223 /* if we aren't sending a response, don't worry. */
224 if (cstate->serverstate != CHAPSS_OPEN)
225 return;
227 ChapGenChallenge(cstate);
228 ChapSendChallenge(cstate);
229 cstate->serverstate = CHAPSS_RECHALLENGE;
234 * ChapLowerUp - The lower layer is up.
236 * Start up if we have pending requests.
238 static void
239 ChapLowerUp(int unit)
241 chap_state *cstate = &chap[unit];
243 if (cstate->clientstate == CHAPCS_INITIAL)
244 cstate->clientstate = CHAPCS_CLOSED;
245 else if (cstate->clientstate == CHAPCS_PENDING)
246 cstate->clientstate = CHAPCS_LISTEN;
248 if (cstate->serverstate == CHAPSS_INITIAL)
249 cstate->serverstate = CHAPSS_CLOSED;
250 else if (cstate->serverstate == CHAPSS_PENDING) {
251 ChapGenChallenge(cstate);
252 ChapSendChallenge(cstate);
253 cstate->serverstate = CHAPSS_INITIAL_CHAL;
259 * ChapLowerDown - The lower layer is down.
261 * Cancel all timeouts.
263 static void
264 ChapLowerDown(int unit)
266 chap_state *cstate = &chap[unit];
268 /* Timeout(s) pending? Cancel if so. */
269 if (cstate->serverstate == CHAPSS_INITIAL_CHAL ||
270 cstate->serverstate == CHAPSS_RECHALLENGE)
271 UNTIMEOUT(ChapChallengeTimeout, cstate);
272 else if (cstate->serverstate == CHAPSS_OPEN
273 && cstate->chal_interval != 0)
274 UNTIMEOUT(ChapRechallenge, cstate);
275 if (cstate->clientstate == CHAPCS_RESPONSE)
276 UNTIMEOUT(ChapResponseTimeout, cstate);
278 cstate->clientstate = CHAPCS_INITIAL;
279 cstate->serverstate = CHAPSS_INITIAL;
284 * ChapProtocolReject - Peer doesn't grok CHAP.
286 static void
287 ChapProtocolReject(int unit)
289 chap_state *cstate = &chap[unit];
291 if (cstate->serverstate != CHAPSS_INITIAL &&
292 cstate->serverstate != CHAPSS_CLOSED)
293 auth_peer_fail(unit, PPP_CHAP);
294 if (cstate->clientstate != CHAPCS_INITIAL &&
295 cstate->clientstate != CHAPCS_CLOSED)
296 auth_withpeer_fail(unit, PPP_CHAP);
297 ChapLowerDown(unit); /* shutdown chap */
302 * ChapInput - Input CHAP packet.
304 static void
305 ChapInput(int unit, u_char *inpacket, int packet_len)
307 chap_state *cstate = &chap[unit];
308 u_char *inp;
309 u_char code, id;
310 int len;
313 * Parse header (code, id and length).
314 * If packet too short, drop it.
316 inp = inpacket;
317 if (packet_len < CHAP_HEADERLEN) {
318 CHAPDEBUG((LOG_INFO, "ChapInput: rcvd short header."));
319 return;
321 GETCHAR(code, inp);
322 GETCHAR(id, inp);
323 GETSHORT(len, inp);
324 if (len < CHAP_HEADERLEN) {
325 CHAPDEBUG((LOG_INFO, "ChapInput: rcvd illegal length."));
326 return;
328 if (len > packet_len) {
329 CHAPDEBUG((LOG_INFO, "ChapInput: rcvd short packet."));
330 return;
332 len -= CHAP_HEADERLEN;
335 * Action depends on code (as in fact it usually does :-).
337 switch (code) {
338 case CHAP_CHALLENGE:
339 ChapReceiveChallenge(cstate, inp, id, len);
340 break;
342 case CHAP_RESPONSE:
343 ChapReceiveResponse(cstate, inp, id, len);
344 break;
346 case CHAP_FAILURE:
347 ChapReceiveFailure(cstate, inp, id, len);
348 break;
350 case CHAP_SUCCESS:
351 ChapReceiveSuccess(cstate, inp, id, len);
352 break;
354 default: /* Need code reject? */
355 syslog(LOG_WARNING, "Unknown CHAP code (%d) received.", code);
356 break;
362 * ChapReceiveChallenge - Receive Challenge and send Response.
364 static void
365 ChapReceiveChallenge(chap_state *cstate, u_char *inp, int id, int len)
367 int rchallenge_len;
368 u_char *rchallenge;
369 int secret_len;
370 char secret[MAXSECRETLEN];
371 char rhostname[256];
372 MD5_CTX mdContext;
373 u_char hash[MD5_SIGNATURE_SIZE];
375 CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: Rcvd id %d.", id));
376 if (cstate->clientstate == CHAPCS_CLOSED ||
377 cstate->clientstate == CHAPCS_PENDING) {
378 CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: in state %d",
379 cstate->clientstate));
380 return;
383 if (len < 2) {
384 CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: rcvd short packet."));
385 return;
388 GETCHAR(rchallenge_len, inp);
389 len -= sizeof (u_char) + rchallenge_len; /* now name field length */
390 if (len < 0) {
391 CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: rcvd short packet."));
392 return;
394 rchallenge = inp;
395 INCPTR(rchallenge_len, inp);
397 if (len >= sizeof(rhostname))
398 len = sizeof(rhostname) - 1;
399 BCOPY(inp, rhostname, len);
400 rhostname[len] = '\000';
402 CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: received name field '%s'",
403 rhostname));
405 /* Microsoft doesn't send their name back in the PPP packet */
406 if (remote_name[0] != 0 && (explicit_remote || rhostname[0] == 0)) {
407 strncpy(rhostname, remote_name, sizeof(rhostname));
408 rhostname[sizeof(rhostname) - 1] = 0;
409 CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: using '%s' as remote name",
410 rhostname));
413 /* get secret for authenticating ourselves with the specified host */
414 if (!get_secret(cstate->unit, cstate->resp_name, rhostname,
415 secret, &secret_len, 0)) {
416 secret_len = 0; /* assume null secret if can't find one */
417 syslog(LOG_WARNING, "No CHAP secret found for authenticating us to %s",
418 rhostname);
421 /* cancel response send timeout if necessary */
422 if (cstate->clientstate == CHAPCS_RESPONSE)
423 UNTIMEOUT(ChapResponseTimeout, cstate);
425 cstate->resp_id = id;
426 cstate->resp_transmits = 0;
428 /* generate MD based on negotiated type */
429 switch (cstate->resp_type) {
431 case CHAP_DIGEST_MD5:
432 MD5Init(&mdContext);
433 MD5Update(&mdContext, &cstate->resp_id, 1);
434 MD5Update(&mdContext, secret, secret_len);
435 MD5Update(&mdContext, rchallenge, rchallenge_len);
436 MD5Final(hash, &mdContext);
437 BCOPY(hash, cstate->response, MD5_SIGNATURE_SIZE);
438 cstate->resp_length = MD5_SIGNATURE_SIZE;
439 break;
441 #ifdef CHAPMS
442 case CHAP_MICROSOFT:
443 ChapMS(cstate, rchallenge, rchallenge_len, secret, secret_len);
444 break;
445 #endif
447 default:
448 CHAPDEBUG((LOG_INFO, "unknown digest type %d", cstate->resp_type));
449 return;
452 BZERO(secret, sizeof(secret));
453 ChapSendResponse(cstate);
458 * ChapReceiveResponse - Receive and process response.
460 static void
461 ChapReceiveResponse(chap_state *cstate, u_char *inp, int id, int len)
463 u_char *remmd, remmd_len;
464 int secret_len, old_state;
465 int code;
466 char rhostname[256];
467 MD5_CTX mdContext;
468 char secret[MAXSECRETLEN];
469 u_char hash[MD5_SIGNATURE_SIZE];
471 CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: Rcvd id %d.", id));
473 if (cstate->serverstate == CHAPSS_CLOSED ||
474 cstate->serverstate == CHAPSS_PENDING) {
475 CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: in state %d",
476 cstate->serverstate));
477 return;
480 if (id != cstate->chal_id)
481 return; /* doesn't match ID of last challenge */
484 * If we have received a duplicate or bogus Response,
485 * we have to send the same answer (Success/Failure)
486 * as we did for the first Response we saw.
488 if (cstate->serverstate == CHAPSS_OPEN) {
489 ChapSendStatus(cstate, CHAP_SUCCESS);
490 return;
492 if (cstate->serverstate == CHAPSS_BADAUTH) {
493 ChapSendStatus(cstate, CHAP_FAILURE);
494 return;
497 if (len < 2) {
498 CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: rcvd short packet."));
499 return;
501 GETCHAR(remmd_len, inp); /* get length of MD */
502 remmd = inp; /* get pointer to MD */
503 INCPTR(remmd_len, inp);
505 len -= sizeof (u_char) + remmd_len;
506 if (len < 0) {
507 CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: rcvd short packet."));
508 return;
511 UNTIMEOUT(ChapChallengeTimeout, cstate);
513 if (len >= sizeof(rhostname))
514 len = sizeof(rhostname) - 1;
515 BCOPY(inp, rhostname, len);
516 rhostname[len] = '\000';
518 CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: received name field: %s",
519 rhostname));
522 * Get secret for authenticating them with us,
523 * do the hash ourselves, and compare the result.
525 code = CHAP_FAILURE;
526 if (!get_secret(cstate->unit, rhostname, cstate->chal_name,
527 secret, &secret_len, 1)) {
528 syslog(LOG_WARNING, "No CHAP secret found for authenticating %s",
529 rhostname);
530 } else {
532 /* generate MD based on negotiated type */
533 switch (cstate->chal_type) {
535 case CHAP_DIGEST_MD5: /* only MD5 is defined for now */
536 if (remmd_len != MD5_SIGNATURE_SIZE)
537 break; /* it's not even the right length */
538 MD5Init(&mdContext);
539 MD5Update(&mdContext, &cstate->chal_id, 1);
540 MD5Update(&mdContext, secret, secret_len);
541 MD5Update(&mdContext, cstate->challenge, cstate->chal_len);
542 MD5Final(hash, &mdContext);
544 /* compare local and remote MDs and send the appropriate status */
545 if (memcmp (hash, remmd, MD5_SIGNATURE_SIZE) == 0)
546 code = CHAP_SUCCESS; /* they are the same! */
547 break;
549 default:
550 CHAPDEBUG((LOG_INFO, "unknown digest type %d", cstate->chal_type));
554 BZERO(secret, sizeof(secret));
555 ChapSendStatus(cstate, code);
557 if (code == CHAP_SUCCESS) {
558 old_state = cstate->serverstate;
559 cstate->serverstate = CHAPSS_OPEN;
560 if (old_state == CHAPSS_INITIAL_CHAL) {
561 auth_peer_success(cstate->unit, PPP_CHAP, rhostname, len);
563 if (cstate->chal_interval != 0)
564 TIMEOUT(ChapRechallenge, cstate, cstate->chal_interval);
565 syslog(LOG_NOTICE, "CHAP peer authentication succeeded for %s",
566 rhostname);
568 } else {
569 syslog(LOG_ERR, "CHAP peer authentication failed for remote host %s",
570 rhostname);
571 cstate->serverstate = CHAPSS_BADAUTH;
572 auth_peer_fail(cstate->unit, PPP_CHAP);
577 * ChapReceiveSuccess - Receive Success
579 static void
580 ChapReceiveSuccess(chap_state *cstate, u_char *inp, int id, int len)
583 CHAPDEBUG((LOG_INFO, "ChapReceiveSuccess: Rcvd id %d.", id));
585 if (cstate->clientstate == CHAPCS_OPEN)
586 /* presumably an answer to a duplicate response */
587 return;
589 if (cstate->clientstate != CHAPCS_RESPONSE) {
590 /* don't know what this is */
591 CHAPDEBUG((LOG_INFO, "ChapReceiveSuccess: in state %d\n",
592 cstate->clientstate));
593 return;
596 UNTIMEOUT(ChapResponseTimeout, cstate);
599 * Print message.
601 if (len > 0)
602 PRINTMSG(inp, len);
604 cstate->clientstate = CHAPCS_OPEN;
606 auth_withpeer_success(cstate->unit, PPP_CHAP);
611 * ChapReceiveFailure - Receive failure.
613 static void
614 ChapReceiveFailure(chap_state *cstate, u_char *inp, int id, int len)
616 CHAPDEBUG((LOG_INFO, "ChapReceiveFailure: Rcvd id %d.", id));
618 if (cstate->clientstate != CHAPCS_RESPONSE) {
619 /* don't know what this is */
620 CHAPDEBUG((LOG_INFO, "ChapReceiveFailure: in state %d\n",
621 cstate->clientstate));
622 return;
625 UNTIMEOUT(ChapResponseTimeout, cstate);
628 * Print message.
630 if (len > 0)
631 PRINTMSG(inp, len);
633 syslog(LOG_ERR, "CHAP authentication failed");
634 auth_withpeer_fail(cstate->unit, PPP_CHAP);
639 * ChapSendChallenge - Send an Authenticate challenge.
641 static void
642 ChapSendChallenge(chap_state *cstate)
644 u_char *outp;
645 int chal_len, name_len;
646 int outlen;
648 chal_len = cstate->chal_len;
649 name_len = strlen(cstate->chal_name);
650 outlen = CHAP_HEADERLEN + sizeof (u_char) + chal_len + name_len;
651 outp = outpacket_buf;
653 MAKEHEADER(outp, PPP_CHAP); /* paste in a CHAP header */
655 PUTCHAR(CHAP_CHALLENGE, outp);
656 PUTCHAR(cstate->chal_id, outp);
657 PUTSHORT(outlen, outp);
659 PUTCHAR(chal_len, outp); /* put length of challenge */
660 BCOPY(cstate->challenge, outp, chal_len);
661 INCPTR(chal_len, outp);
663 BCOPY(cstate->chal_name, outp, name_len); /* append hostname */
665 output(cstate->unit, outpacket_buf, outlen + PPP_HDRLEN);
667 CHAPDEBUG((LOG_INFO, "ChapSendChallenge: Sent id %d.", cstate->chal_id));
669 TIMEOUT(ChapChallengeTimeout, cstate, cstate->timeouttime);
670 ++cstate->chal_transmits;
675 * ChapSendStatus - Send a status response (ack or nak).
677 static void
678 ChapSendStatus(chap_state *cstate, int code)
680 u_char *outp;
681 int outlen, msglen;
682 char msg[256];
684 if (code == CHAP_SUCCESS)
685 sprintf(msg, "Welcome to %s.", hostname);
686 else
687 sprintf(msg, "I don't like you. Go 'way.");
688 msglen = strlen(msg);
690 outlen = CHAP_HEADERLEN + msglen;
691 outp = outpacket_buf;
693 MAKEHEADER(outp, PPP_CHAP); /* paste in a header */
695 PUTCHAR(code, outp);
696 PUTCHAR(cstate->chal_id, outp);
697 PUTSHORT(outlen, outp);
698 BCOPY(msg, outp, msglen);
699 output(cstate->unit, outpacket_buf, outlen + PPP_HDRLEN);
701 CHAPDEBUG((LOG_INFO, "ChapSendStatus: Sent code %d, id %d.", code,
702 cstate->chal_id));
706 * ChapGenChallenge is used to generate a pseudo-random challenge string of
707 * a pseudo-random length between min_len and max_len. The challenge
708 * string and its length are stored in *cstate, and various other fields of
709 * *cstate are initialized.
712 static void
713 ChapGenChallenge(chap_state *cstate)
715 int chal_len;
716 u_char *ptr = cstate->challenge;
717 unsigned int i;
719 /* pick a random challenge length between MIN_CHALLENGE_LENGTH and
720 MAX_CHALLENGE_LENGTH */
721 chal_len = (unsigned) ((drand48() *
722 (MAX_CHALLENGE_LENGTH - MIN_CHALLENGE_LENGTH)) +
723 MIN_CHALLENGE_LENGTH);
724 cstate->chal_len = chal_len;
725 cstate->chal_id = ++cstate->id;
726 cstate->chal_transmits = 0;
728 /* generate a random string */
729 for (i = 0; i < chal_len; i++ )
730 *ptr++ = (char) (drand48() * 0xff);
734 * ChapSendResponse - send a response packet with values as specified
735 * in *cstate.
737 /* ARGSUSED */
738 static void
739 ChapSendResponse(chap_state *cstate)
741 u_char *outp;
742 int outlen, md_len, name_len;
744 md_len = cstate->resp_length;
745 name_len = strlen(cstate->resp_name);
746 outlen = CHAP_HEADERLEN + sizeof (u_char) + md_len + name_len;
747 outp = outpacket_buf;
749 MAKEHEADER(outp, PPP_CHAP);
751 PUTCHAR(CHAP_RESPONSE, outp); /* we are a response */
752 PUTCHAR(cstate->resp_id, outp); /* copy id from challenge packet */
753 PUTSHORT(outlen, outp); /* packet length */
755 PUTCHAR(md_len, outp); /* length of MD */
756 BCOPY(cstate->response, outp, md_len); /* copy MD to buffer */
757 INCPTR(md_len, outp);
759 BCOPY(cstate->resp_name, outp, name_len); /* append our name */
761 /* send the packet */
762 output(cstate->unit, outpacket_buf, outlen + PPP_HDRLEN);
764 cstate->clientstate = CHAPCS_RESPONSE;
765 TIMEOUT(ChapResponseTimeout, cstate, cstate->timeouttime);
766 ++cstate->resp_transmits;
770 * ChapPrintPkt - print the contents of a CHAP packet.
772 static char *ChapCodenames[] = {
773 "Challenge", "Response", "Success", "Failure"
776 static int
777 ChapPrintPkt(u_char *p, int plen, void (*printer)(void *, char *, ...),
778 void *arg)
780 int code, id, len;
781 int clen, nlen;
782 u_char x;
784 if (plen < CHAP_HEADERLEN)
785 return 0;
786 GETCHAR(code, p);
787 GETCHAR(id, p);
788 GETSHORT(len, p);
789 if (len < CHAP_HEADERLEN || len > plen)
790 return 0;
792 if (code >= 1 && code <= sizeof(ChapCodenames) / sizeof(char *))
793 printer(arg, " %s", ChapCodenames[code-1]);
794 else
795 printer(arg, " code=0x%x", code);
796 printer(arg, " id=0x%x", id);
797 len -= CHAP_HEADERLEN;
798 switch (code) {
799 case CHAP_CHALLENGE:
800 case CHAP_RESPONSE:
801 if (len < 1)
802 break;
803 clen = p[0];
804 if (len < clen + 1)
805 break;
806 ++p;
807 nlen = len - clen - 1;
808 printer(arg, " <");
809 for (; clen > 0; --clen) {
810 GETCHAR(x, p);
811 printer(arg, "%.2x", x);
813 printer(arg, ">, name = ");
814 print_string((char *)p, nlen, printer, arg);
815 break;
816 case CHAP_FAILURE:
817 case CHAP_SUCCESS:
818 printer(arg, " ");
819 print_string((char *)p, len, printer, arg);
820 break;
821 default:
822 for (clen = len; clen > 0; --clen) {
823 GETCHAR(x, p);
824 printer(arg, " %.2x", x);
828 return len + CHAP_HEADERLEN;