search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Renamed kern.ps_showallprocs to security.ps_showallprocs
[dragonfly.git] / usr.sbin / ppp / chap.c
blob257e5b085ca7d5bd071f0eaab53300c1d00c40d5
1 /*-
2 * Copyright (c) 1996 - 2001 Brian Somers <brian@Awfulhak.org>
3 * based on work by Toshiharu OHNO <tony-o@iij.ad.jp>
4 * Internet Initiative Japan, Inc (IIJ)
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 *
28 * $FreeBSD: src/usr.sbin/ppp/chap.c,v 1.61.2.7 2002/09/01 02:12:23 brian Exp $
29 * $DragonFly: src/usr.sbin/ppp/chap.c,v 1.2 2003/06/17 04:30:00 dillon Exp $
30 */
31
32 #include <sys/param.h>
33 #include <netinet/in.h>
34 #include <netinet/in_systm.h>
35 #include <netinet/ip.h>
36 #include <sys/socket.h>
37 #include <sys/un.h>
38
39 #include <errno.h>
40 #include <fcntl.h>
41 #ifndef NODES
42 #include <md4.h>
43 #endif
44 #include <md5.h>
45 #include <paths.h>
46 #include <signal.h>
47 #include <stdio.h>
48 #include <stdlib.h>
49 #include <string.h>
50 #include <sys/wait.h>
51 #include <termios.h>
52 #include <unistd.h>
53
54 #include "layer.h"
55 #include "mbuf.h"
56 #include "log.h"
57 #include "defs.h"
58 #include "timer.h"
59 #include "fsm.h"
60 #include "proto.h"
61 #include "lqr.h"
62 #include "hdlc.h"
63 #include "lcp.h"
64 #include "auth.h"
65 #include "async.h"
66 #include "throughput.h"
67 #include "descriptor.h"
68 #include "chap.h"
69 #include "iplist.h"
70 #include "slcompress.h"
71 #include "ncpaddr.h"
72 #include "ipcp.h"
73 #include "filter.h"
74 #include "ccp.h"
75 #include "link.h"
76 #include "physical.h"
77 #include "mp.h"
78 #ifndef NORADIUS
79 #include "radius.h"
80 #endif
81 #include "ipv6cp.h"
82 #include "ncp.h"
83 #include "bundle.h"
84 #include "chat.h"
85 #include "cbcp.h"
86 #include "command.h"
87 #include "datalink.h"
88 #ifndef NODES
89 #include "chap_ms.h"
90 #include "mppe.h"
91 #endif
92 #include "id.h"
93
94 static const char * const chapcodes[] = {
95 "???", "CHALLENGE", "RESPONSE", "SUCCESS", "FAILURE"
96 };
97 #define MAXCHAPCODE (sizeof chapcodes / sizeof chapcodes[0] - 1)
98
99 static void
100 ChapOutput(struct physical *physical, u_int code, u_int id,
101 const u_char *ptr, int count, const char *text)
102 {
103 int plen;
104 struct fsmheader lh;
105 struct mbuf *bp;
106
107 plen = sizeof(struct fsmheader) + count;
108 lh.code = code;
109 lh.id = id;
110 lh.length = htons(plen);
111 bp = m_get(plen, MB_CHAPOUT);
112 memcpy(MBUF_CTOP(bp), &lh, sizeof(struct fsmheader));
113 if (count)
114 memcpy(MBUF_CTOP(bp) + sizeof(struct fsmheader), ptr, count);
115 log_DumpBp(LogDEBUG, "ChapOutput", bp);
116 if (text == NULL)
117 log_Printf(LogPHASE, "Chap Output: %s\n", chapcodes[code]);
118 else
119 log_Printf(LogPHASE, "Chap Output: %s (%s)\n", chapcodes[code], text);
120 link_PushPacket(&physical->link, bp, physical->dl->bundle,
121 LINK_QUEUES(&physical->link) - 1, PROTO_CHAP);
122 }
123
124 static char *
125 chap_BuildAnswer(char *name, char *key, u_char id, char *challenge, u_char type
126 #ifndef NODES
127 , char *peerchallenge, char *authresponse, int lanman
128 #endif
129 )
130 {
131 char *result, *digest;
132 size_t nlen, klen;
133
134 nlen = strlen(name);
135 klen = strlen(key);
136
137 #ifndef NODES
138 if (type == 0x80) {
139 char expkey[AUTHLEN << 2];
140 MD4_CTX MD4context;
141 int f;
142
143 if ((result = malloc(1 + nlen + MS_CHAP_RESPONSE_LEN)) == NULL)
144 return result;
145
146 digest = result; /* the response */
147 *digest++ = MS_CHAP_RESPONSE_LEN; /* 49 */
148 memcpy(digest + MS_CHAP_RESPONSE_LEN, name, nlen);
149 if (lanman) {
150 memset(digest + 24, '\0', 25);
151 mschap_LANMan(digest, challenge + 1, key); /* LANMan response */
152 } else {
153 memset(digest, '\0', 25);
154 digest += 24;
155
156 for (f = 0; f < klen; f++) {
157 expkey[2*f] = key[f];
158 expkey[2*f+1] = '\0';
159 }
160 /*
161 * -----------
162 * expkey = | k\0e\0y\0 |
163 * -----------
164 */
165 MD4Init(&MD4context);
166 MD4Update(&MD4context, expkey, klen << 1);
167 MD4Final(digest, &MD4context);
168
169 /*
170 * ---- -------- ---------------- ------- ------
171 * result = | 49 | LANMan | 16 byte digest | 9 * ? | name |
172 * ---- -------- ---------------- ------- ------
173 */
174 mschap_NT(digest, challenge + 1);
175 }
176 /*
177 * ---- -------- ------------- ----- ------
178 * | | struct MS_ChapResponse24 | |
179 * result = | 49 | LANMan | NT digest | 0/1 | name |
180 * ---- -------- ------------- ----- ------
181 * where only one of LANMan & NT digest are set.
182 */
183 } else if (type == 0x81) {
184 char expkey[AUTHLEN << 2];
185 char pwdhash[CHAP81_HASH_LEN];
186 char pwdhashhash[CHAP81_HASH_LEN];
187 char *ntresponse;
188 int f;
189
190 if ((result = malloc(1 + nlen + CHAP81_RESPONSE_LEN)) == NULL)
191 return result;
192
193 memset(result, 0, 1 + nlen + CHAP81_RESPONSE_LEN);
194
195 digest = result;
196 *digest++ = CHAP81_RESPONSE_LEN; /* value size */
197
198 /* Copy our challenge */
199 memcpy(digest, peerchallenge + 1, CHAP81_CHALLENGE_LEN);
200
201 /* Expand password to Unicode XXX */
202 for (f = 0; f < klen; f++) {
203 expkey[2*f] = key[f];
204 expkey[2*f+1] = '\0';
205 }
206
207 ntresponse = digest + CHAP81_NTRESPONSE_OFF;
208
209 /* Get some needed hashes */
210 NtPasswordHash(expkey, klen * 2, pwdhash);
211 HashNtPasswordHash(pwdhash, pwdhashhash);
212
213 /* Generate NTRESPONSE to respond on challenge call */
214 GenerateNTResponse(challenge + 1, peerchallenge + 1, name, nlen,
215 expkey, klen * 2, ntresponse);
216
217 /* Generate MPPE MASTERKEY */
218 GetMasterKey(pwdhashhash, ntresponse, MPPE_MasterKey); /* XXX Global ! */
219
220 /* Generate AUTHRESPONSE to verify on auth success */
221 GenerateAuthenticatorResponse(expkey, klen * 2, ntresponse,
222 peerchallenge + 1, challenge + 1, name, nlen,
223 authresponse);
224
225 authresponse[CHAP81_AUTHRESPONSE_LEN] = 0;
226
227 memcpy(digest + CHAP81_RESPONSE_LEN, name, nlen);
228 } else
229 #endif
230 if ((result = malloc(nlen + 17)) != NULL) {
231 /* Normal MD5 stuff */
232 MD5_CTX MD5context;
233
234 digest = result;
235 *digest++ = 16; /* value size */
236
237 MD5Init(&MD5context);
238 MD5Update(&MD5context, &id, 1);
239 MD5Update(&MD5context, key, klen);
240 MD5Update(&MD5context, challenge + 1, *challenge);
241 MD5Final(digest, &MD5context);
242
243 memcpy(digest + 16, name, nlen);
244 /*
245 * ---- -------- ------
246 * result = | 16 | digest | name |
247 * ---- -------- ------
248 */
249 }
250
251 return result;
252 }
253
254 static void
255 chap_StartChild(struct chap *chap, char *prog, const char *name)
256 {
257 char *argv[MAXARGS], *nargv[MAXARGS];
258 int argc, fd;
259 int in[2], out[2];
260 pid_t pid;
261
262 if (chap->child.fd != -1) {
263 log_Printf(LogWARN, "Chap: %s: Program already running\n", prog);
264 return;
265 }
266
267 if (pipe(in) == -1) {
268 log_Printf(LogERROR, "Chap: pipe: %s\n", strerror(errno));
269 return;
270 }
271
272 if (pipe(out) == -1) {
273 log_Printf(LogERROR, "Chap: pipe: %s\n", strerror(errno));
274 close(in[0]);
275 close(in[1]);
276 return;
277 }
278
279 pid = getpid();
280 switch ((chap->child.pid = fork())) {
281 case -1:
282 log_Printf(LogERROR, "Chap: fork: %s\n", strerror(errno));
283 close(in[0]);
284 close(in[1]);
285 close(out[0]);
286 close(out[1]);
287 chap->child.pid = 0;
288 return;
289
290 case 0:
291 timer_TermService();
292
293 if ((argc = command_Interpret(prog, strlen(prog), argv)) <= 0) {
294 if (argc < 0) {
295 log_Printf(LogWARN, "CHAP: Invalid command syntax\n");
296 _exit(255);
297 }
298 _exit(0);
299 }
300
301 close(in[1]);
302 close(out[0]);
303 if (out[1] == STDIN_FILENO)
304 out[1] = dup(out[1]);
305 dup2(in[0], STDIN_FILENO);
306 dup2(out[1], STDOUT_FILENO);
307 close(STDERR_FILENO);
308 if (open(_PATH_DEVNULL, O_RDWR) != STDERR_FILENO) {
309 log_Printf(LogALERT, "Chap: Failed to open %s: %s\n",
310 _PATH_DEVNULL, strerror(errno));
311 exit(1);
312 }
313 for (fd = getdtablesize(); fd > STDERR_FILENO; fd--)
314 fcntl(fd, F_SETFD, 1);
315 #ifndef NOSUID
316 setuid(ID0realuid());
317 #endif
318 command_Expand(nargv, argc, (char const *const *)argv,
319 chap->auth.physical->dl->bundle, 0, pid);
320 execvp(nargv[0], nargv);
321 printf("exec() of %s failed: %s\n", nargv[0], strerror(errno));
322 _exit(255);
323
324 default:
325 close(in[0]);
326 close(out[1]);
327 chap->child.fd = out[0];
328 chap->child.buf.len = 0;
329 write(in[1], chap->auth.in.name, strlen(chap->auth.in.name));
330 write(in[1], "\n", 1);
331 write(in[1], chap->challenge.peer + 1, *chap->challenge.peer);
332 write(in[1], "\n", 1);
333 write(in[1], name, strlen(name));
334 write(in[1], "\n", 1);
335 close(in[1]);
336 break;
337 }
338 }
339
340 static void
341 chap_Cleanup(struct chap *chap, int sig)
342 {
343 if (chap->child.pid) {
344 int status;
345
346 close(chap->child.fd);
347 chap->child.fd = -1;
348 if (sig)
349 kill(chap->child.pid, SIGTERM);
350 chap->child.pid = 0;
351 chap->child.buf.len = 0;
352
353 if (wait(&status) == -1)
354 log_Printf(LogERROR, "Chap: wait: %s\n", strerror(errno));
355 else if (WIFSIGNALED(status))
356 log_Printf(LogWARN, "Chap: Child received signal %d\n", WTERMSIG(status));
357 else if (WIFEXITED(status) && WEXITSTATUS(status))
358 log_Printf(LogERROR, "Chap: Child exited %d\n", WEXITSTATUS(status));
359 }
360 *chap->challenge.local = *chap->challenge.peer = '\0';
361 #ifndef NODES
362 chap->peertries = 0;
363 #endif
364 }
365
366 static void
367 chap_Respond(struct chap *chap, char *name, char *key, u_char type
368 #ifndef NODES
369 , int lm
370 #endif
371 )
372 {
373 u_char *ans;
374
375 ans = chap_BuildAnswer(name, key, chap->auth.id, chap->challenge.peer, type
376 #ifndef NODES
377 , chap->challenge.local, chap->authresponse, lm
378 #endif
379 );
380
381 if (ans) {
382 ChapOutput(chap->auth.physical, CHAP_RESPONSE, chap->auth.id,
383 ans, *ans + 1 + strlen(name), name);
384 #ifndef NODES
385 chap->NTRespSent = !lm;
386 MPPE_IsServer = 0; /* XXX Global ! */
387 #endif
388 free(ans);
389 } else
390 ChapOutput(chap->auth.physical, CHAP_FAILURE, chap->auth.id,
391 "Out of memory!", 14, NULL);
392 }
393
394 static int
395 chap_UpdateSet(struct fdescriptor *d, fd_set *r, fd_set *w, fd_set *e, int *n)
396 {
397 struct chap *chap = descriptor2chap(d);
398
399 if (r && chap && chap->child.fd != -1) {
400 FD_SET(chap->child.fd, r);
401 if (*n < chap->child.fd + 1)
402 *n = chap->child.fd + 1;
403 log_Printf(LogTIMER, "Chap: fdset(r) %d\n", chap->child.fd);
404 return 1;
405 }
406
407 return 0;
408 }
409
410 static int
411 chap_IsSet(struct fdescriptor *d, const fd_set *fdset)
412 {
413 struct chap *chap = descriptor2chap(d);
414
415 return chap && chap->child.fd != -1 && FD_ISSET(chap->child.fd, fdset);
416 }
417
418 static void
419 chap_Read(struct fdescriptor *d, struct bundle *bundle, const fd_set *fdset)
420 {
421 struct chap *chap = descriptor2chap(d);
422 int got;
423
424 got = read(chap->child.fd, chap->child.buf.ptr + chap->child.buf.len,
425 sizeof chap->child.buf.ptr - chap->child.buf.len - 1);
426 if (got == -1) {
427 log_Printf(LogERROR, "Chap: Read: %s\n", strerror(errno));
428 chap_Cleanup(chap, SIGTERM);
429 } else if (got == 0) {
430 log_Printf(LogWARN, "Chap: Read: Child terminated connection\n");
431 chap_Cleanup(chap, SIGTERM);
432 } else {
433 char *name, *key, *end;
434
435 chap->child.buf.len += got;
436 chap->child.buf.ptr[chap->child.buf.len] = '\0';
437 name = chap->child.buf.ptr;
438 name += strspn(name, " \t");
439 if ((key = strchr(name, '\n')) == NULL)
440 end = NULL;
441 else
442 end = strchr(++key, '\n');
443
444 if (end == NULL) {
445 if (chap->child.buf.len == sizeof chap->child.buf.ptr - 1) {
446 log_Printf(LogWARN, "Chap: Read: Input buffer overflow\n");
447 chap_Cleanup(chap, SIGTERM);
448 }
449 } else {
450 #ifndef NODES
451 int lanman = chap->auth.physical->link.lcp.his_authtype == 0x80 &&
452 ((chap->NTRespSent &&
453 IsAccepted(chap->auth.physical->link.lcp.cfg.chap80lm)) ||
454 !IsAccepted(chap->auth.physical->link.lcp.cfg.chap80nt));
455 #endif
456
457 while (end >= name && strchr(" \t\r\n", *end))
458 *end-- = '\0';
459 end = key - 1;
460 while (end >= name && strchr(" \t\r\n", *end))
461 *end-- = '\0';
462 key += strspn(key, " \t");
463
464 chap_Respond(chap, name, key, chap->auth.physical->link.lcp.his_authtype
465 #ifndef NODES
466 , lanman
467 #endif
468 );
469 chap_Cleanup(chap, 0);
470 }
471 }
472 }
473
474 static int
475 chap_Write(struct fdescriptor *d, struct bundle *bundle, const fd_set *fdset)
476 {
477 /* We never want to write here ! */
478 log_Printf(LogALERT, "chap_Write: Internal error: Bad call !\n");
479 return 0;
480 }
481
482 static void
483 chap_ChallengeInit(struct authinfo *authp)
484 {
485 struct chap *chap = auth2chap(authp);
486 int len, i;
487 char *cp;
488
489 len = strlen(authp->physical->dl->bundle->cfg.auth.name);
490
491 if (!*chap->challenge.local) {
492 randinit();
493 cp = chap->challenge.local;
494
495 #ifndef NORADIUS
496 if (*authp->physical->dl->bundle->radius.cfg.file) {
497 /* For radius, our challenge is 16 readable NUL terminated bytes :*/
498 *cp++ = 16;
499 for (i = 0; i < 16; i++)
500 *cp++ = (random() % 10) + '0';
501 } else
502 #endif
503 {
504 #ifndef NODES
505 if (authp->physical->link.lcp.want_authtype == 0x80)
506 *cp++ = 8; /* MS does 8 byte callenges :-/ */
507 else if (authp->physical->link.lcp.want_authtype == 0x81)
508 *cp++ = 16; /* MS-CHAP-V2 does 16 bytes challenges */
509 else
510 #endif
511 *cp++ = random() % (CHAPCHALLENGELEN-16) + 16;
512 for (i = 0; i < *chap->challenge.local; i++)
513 *cp++ = random() & 0xff;
514 }
515 memcpy(cp, authp->physical->dl->bundle->cfg.auth.name, len);
516 }
517 }
518
519 static void
520 chap_Challenge(struct authinfo *authp)
521 {
522 struct chap *chap = auth2chap(authp);
523 int len;
524
525 log_Printf(LogDEBUG, "CHAP%02X: Challenge\n",
526 authp->physical->link.lcp.want_authtype);
527
528 len = strlen(authp->physical->dl->bundle->cfg.auth.name);
529
530 /* Generate new local challenge value */
531 if (!*chap->challenge.local)
532 chap_ChallengeInit(authp);
533
534 #ifndef NODES
535 if (authp->physical->link.lcp.want_authtype == 0x81)
536 ChapOutput(authp->physical, CHAP_CHALLENGE, authp->id,
537 chap->challenge.local, 1 + *chap->challenge.local, NULL);
538 else
539 #endif
540 ChapOutput(authp->physical, CHAP_CHALLENGE, authp->id,
541 chap->challenge.local, 1 + *chap->challenge.local + len, NULL);
542 }
543
544 static void
545 chap_Success(struct authinfo *authp)
546 {
547 struct bundle *bundle = authp->physical->dl->bundle;
548 const char *msg;
549
550 datalink_GotAuthname(authp->physical->dl, authp->in.name);
551 #ifndef NODES
552 if (authp->physical->link.lcp.want_authtype == 0x81) {
553 #ifndef NORADIUS
554 if (*bundle->radius.cfg.file && bundle->radius.msrepstr)
555 msg = bundle->radius.msrepstr;
556 else
557 #endif
558 msg = auth2chap(authp)->authresponse;
559 MPPE_MasterKeyValid = 1; /* XXX Global ! */
560 } else
561 #endif
562 #ifndef NORADIUS
563 if (*bundle->radius.cfg.file && bundle->radius.repstr)
564 msg = bundle->radius.repstr;
565 else
566 #endif
567 msg = "Welcome!!";
568
569 ChapOutput(authp->physical, CHAP_SUCCESS, authp->id, msg, strlen(msg),
570 NULL);
571
572 authp->physical->link.lcp.auth_ineed = 0;
573 if (Enabled(bundle, OPT_UTMP))
574 physical_Login(authp->physical, authp->in.name);
575
576 if (authp->physical->link.lcp.auth_iwait == 0)
577 /*
578 * Either I didn't need to authenticate, or I've already been
579 * told that I got the answer right.
580 */
581 datalink_AuthOk(authp->physical->dl);
582 }
583
584 static void
585 chap_Failure(struct authinfo *authp)
586 {
587 #ifndef NODES
588 char buf[1024], *ptr;
589 #endif
590 const char *msg;
591
592 #ifndef NORADIUS
593 struct bundle *bundle = authp->physical->link.lcp.fsm.bundle;
594 if (*bundle->radius.cfg.file && bundle->radius.errstr)
595 msg = bundle->radius.errstr;
596 else
597 #endif
598 #ifndef NODES
599 if (authp->physical->link.lcp.want_authtype == 0x80) {
600 sprintf(buf, "E=691 R=1 M=Invalid!");
601 msg = buf;
602 } else if (authp->physical->link.lcp.want_authtype == 0x81) {
603 int i;
604
605 ptr = buf;
606 ptr += sprintf(buf, "E=691 R=0 C=");
607 for (i=0; i<16; i++)
608 ptr += sprintf(ptr, "%02X", *(auth2chap(authp)->challenge.local+1+i));
609
610 sprintf(ptr, " V=3 M=Invalid!");
611 msg = buf;
612 } else
613 #endif
614 msg = "Invalid!!";
615
616 ChapOutput(authp->physical, CHAP_FAILURE, authp->id, msg, strlen(msg) + 1,
617 NULL);
618 datalink_AuthNotOk(authp->physical->dl);
619 }
620
621 static int
622 chap_Cmp(u_char type, char *myans, int mylen, char *hisans, int hislen
623 #ifndef NODES
624 , int lm
625 #endif
626 )
627 {
628 if (mylen != hislen)
629 return 0;
630 #ifndef NODES
631 else if (type == 0x80) {
632 int off = lm ? 0 : 24;
633
634 if (memcmp(myans + off, hisans + off, 24))
635 return 0;
636 }
637 #endif
638 else if (memcmp(myans, hisans, mylen))
639 return 0;
640
641 return 1;
642 }
643
644 #ifndef NODES
645 static int
646 chap_HaveAnotherGo(struct chap *chap)
647 {
648 if (++chap->peertries < 3) {
649 /* Give the peer another shot */
650 *chap->challenge.local = '\0';
651 chap_Challenge(&chap->auth);
652 return 1;
653 }
654
655 return 0;
656 }
657 #endif
658
659 void
660 chap_Init(struct chap *chap, struct physical *p)
661 {
662 chap->desc.type = CHAP_DESCRIPTOR;
663 chap->desc.UpdateSet = chap_UpdateSet;
664 chap->desc.IsSet = chap_IsSet;
665 chap->desc.Read = chap_Read;
666 chap->desc.Write = chap_Write;
667 chap->child.pid = 0;
668 chap->child.fd = -1;
669 auth_Init(&chap->auth, p, chap_Challenge, chap_Success, chap_Failure);
670 *chap->challenge.local = *chap->challenge.peer = '\0';
671 #ifndef NODES
672 chap->NTRespSent = 0;
673 chap->peertries = 0;
674 #endif
675 }
676
677 void
678 chap_ReInit(struct chap *chap)
679 {
680 chap_Cleanup(chap, SIGTERM);
681 }
682
683 struct mbuf *
684 chap_Input(struct bundle *bundle, struct link *l, struct mbuf *bp)
685 {
686 struct physical *p = link2physical(l);
687 struct chap *chap = &p->dl->chap;
688 char *name, *key, *ans;
689 int len, nlen;
690 u_char alen;
691 #ifndef NODES
692 int lanman;
693 #endif
694
695 if (p == NULL) {
696 log_Printf(LogERROR, "chap_Input: Not a physical link - dropped\n");
697 m_freem(bp);
698 return NULL;
699 }
700
701 if (bundle_Phase(bundle) != PHASE_NETWORK &&
702 bundle_Phase(bundle) != PHASE_AUTHENTICATE) {
703 log_Printf(LogPHASE, "Unexpected chap input - dropped !\n");
704 m_freem(bp);
705 return NULL;
706 }
707
708 m_settype(bp, MB_CHAPIN);
709 if ((bp = auth_ReadHeader(&chap->auth, bp)) == NULL &&
710 ntohs(chap->auth.in.hdr.length) == 0)
711 log_Printf(LogWARN, "Chap Input: Truncated header !\n");
712 else if (chap->auth.in.hdr.code == 0 || chap->auth.in.hdr.code > MAXCHAPCODE)
713 log_Printf(LogPHASE, "Chap Input: %d: Bad CHAP code !\n",
714 chap->auth.in.hdr.code);
715 else {
716 len = m_length(bp);
717 ans = NULL;
718
719 if (chap->auth.in.hdr.code != CHAP_CHALLENGE &&
720 chap->auth.id != chap->auth.in.hdr.id &&
721 Enabled(bundle, OPT_IDCHECK)) {
722 /* Wrong conversation dude ! */
723 log_Printf(LogPHASE, "Chap Input: %s dropped (got id %d, not %d)\n",
724 chapcodes[chap->auth.in.hdr.code], chap->auth.in.hdr.id,
725 chap->auth.id);
726 m_freem(bp);
727 return NULL;
728 }
729 chap->auth.id = chap->auth.in.hdr.id; /* We respond with this id */
730
731 #ifndef NODES
732 lanman = 0;
733 #endif
734 switch (chap->auth.in.hdr.code) {
735 case CHAP_CHALLENGE:
736 bp = mbuf_Read(bp, &alen, 1);
737 len -= alen + 1;
738 if (len < 0) {
739 log_Printf(LogERROR, "Chap Input: Truncated challenge !\n");
740 m_freem(bp);
741 return NULL;
742 }
743 *chap->challenge.peer = alen;
744 bp = mbuf_Read(bp, chap->challenge.peer + 1, alen);
745 bp = auth_ReadName(&chap->auth, bp, len);
746 #ifndef NODES
747 lanman = p->link.lcp.his_authtype == 0x80 &&
748 ((chap->NTRespSent && IsAccepted(p->link.lcp.cfg.chap80lm)) ||
749 !IsAccepted(p->link.lcp.cfg.chap80nt));
750
751 /* Generate local challenge value */
752 chap_ChallengeInit(&chap->auth);
753 #endif
754 break;
755
756 case CHAP_RESPONSE:
757 auth_StopTimer(&chap->auth);
758 bp = mbuf_Read(bp, &alen, 1);
759 len -= alen + 1;
760 if (len < 0) {
761 log_Printf(LogERROR, "Chap Input: Truncated response !\n");
762 m_freem(bp);
763 return NULL;
764 }
765 if ((ans = malloc(alen + 1)) == NULL) {
766 log_Printf(LogERROR, "Chap Input: Out of memory !\n");
767 m_freem(bp);
768 return NULL;
769 }
770 *ans = chap->auth.id;
771 bp = mbuf_Read(bp, ans + 1, alen);
772 bp = auth_ReadName(&chap->auth, bp, len);
773 #ifndef NODES
774 lanman = p->link.lcp.want_authtype == 0x80 &&
775 alen == 49 && ans[alen] == 0;
776 #endif
777 break;
778
779 case CHAP_SUCCESS:
780 case CHAP_FAILURE:
781 /* chap->auth.in.name is already set up at CHALLENGE time */
782 if ((ans = malloc(len + 1)) == NULL) {
783 log_Printf(LogERROR, "Chap Input: Out of memory !\n");
784 m_freem(bp);
785 return NULL;
786 }
787 bp = mbuf_Read(bp, ans, len);
788 ans[len] = '\0';
789 break;
790 }
791
792 switch (chap->auth.in.hdr.code) {
793 case CHAP_CHALLENGE:
794 case CHAP_RESPONSE:
795 if (*chap->auth.in.name)
796 log_Printf(LogPHASE, "Chap Input: %s (%d bytes from %s%s)\n",
797 chapcodes[chap->auth.in.hdr.code], alen,
798 chap->auth.in.name,
799 #ifndef NODES
800 lanman && chap->auth.in.hdr.code == CHAP_RESPONSE ?
801 " - lanman" :
802 #endif
803 "");
804 else
805 log_Printf(LogPHASE, "Chap Input: %s (%d bytes%s)\n",
806 chapcodes[chap->auth.in.hdr.code], alen,
807 #ifndef NODES
808 lanman && chap->auth.in.hdr.code == CHAP_RESPONSE ?
809 " - lanman" :
810 #endif
811 "");
812 break;
813
814 case CHAP_SUCCESS:
815 case CHAP_FAILURE:
816 if (*ans)
817 log_Printf(LogPHASE, "Chap Input: %s (%s)\n",
818 chapcodes[chap->auth.in.hdr.code], ans);
819 else
820 log_Printf(LogPHASE, "Chap Input: %s\n",
821 chapcodes[chap->auth.in.hdr.code]);
822 break;
823 }
824
825 switch (chap->auth.in.hdr.code) {
826 case CHAP_CHALLENGE:
827 if (*bundle->cfg.auth.key == '!' && bundle->cfg.auth.key[1] != '!')
828 chap_StartChild(chap, bundle->cfg.auth.key + 1,
829 bundle->cfg.auth.name);
830 else
831 chap_Respond(chap, bundle->cfg.auth.name, bundle->cfg.auth.key +
832 (*bundle->cfg.auth.key == '!' ? 1 : 0),
833 p->link.lcp.his_authtype
834 #ifndef NODES
835 , lanman
836 #endif
837 );
838 break;
839
840 case CHAP_RESPONSE:
841 name = chap->auth.in.name;
842 nlen = strlen(name);
843 #ifndef NODES
844 if (p->link.lcp.want_authtype == 0x81) {
845 struct MSCHAPv2_resp *resp = (struct MSCHAPv2_resp *)(ans + 1);
846
847 chap->challenge.peer[0] = sizeof resp->PeerChallenge;
848 memcpy(chap->challenge.peer + 1, resp->PeerChallenge,
849 sizeof resp->PeerChallenge);
850 }
851 #endif
852
853 #ifndef NORADIUS
854 if (*bundle->radius.cfg.file) {
855 if (!radius_Authenticate(&bundle->radius, &chap->auth,
856 chap->auth.in.name, ans, alen + 1,
857 chap->challenge.local + 1,
858 *chap->challenge.local))
859 chap_Failure(&chap->auth);
860 } else
861 #endif
862 {
863 if (p->link.lcp.want_authtype == 0x81 && ans[alen] != '\0' &&
864 alen == sizeof(struct MSCHAPv2_resp)) {
865 struct MSCHAPv2_resp *resp = (struct MSCHAPv2_resp *)(ans + 1);
866
867 log_Printf(LogWARN, "%s: Compensating for corrupt (Win98/WinME?) "
868 "CHAP81 RESPONSE\n", l->name);
869 resp->Flags = '\0'; /* rfc2759 says it *MUST* be zero */
870 }
871 key = auth_GetSecret(bundle, name, nlen, p);
872 if (key) {
873 #ifndef NODES
874 if (p->link.lcp.want_authtype == 0x80 &&
875 lanman && !IsEnabled(p->link.lcp.cfg.chap80lm)) {
876 log_Printf(LogPHASE, "Auth failure: LANMan not enabled\n");
877 if (chap_HaveAnotherGo(chap))
878 break;
879 key = NULL;
880 } else if (p->link.lcp.want_authtype == 0x80 &&
881 !lanman && !IsEnabled(p->link.lcp.cfg.chap80nt)) {
882 log_Printf(LogPHASE, "Auth failure: mschap not enabled\n");
883 if (chap_HaveAnotherGo(chap))
884 break;
885 key = NULL;
886 } else if (p->link.lcp.want_authtype == 0x81 &&
887 !IsEnabled(p->link.lcp.cfg.chap81)) {
888 log_Printf(LogPHASE, "Auth failure: CHAP81 not enabled\n");
889 key = NULL;
890 } else
891 #endif
892 {
893 char *myans = chap_BuildAnswer(name, key, chap->auth.id,
894 chap->challenge.local,
895 p->link.lcp.want_authtype
896 #ifndef NODES
897 , chap->challenge.peer,
898 chap->authresponse, lanman);
899 MPPE_IsServer = 1; /* XXX Global ! */
900 #else
901 );
902 #endif
903 if (myans == NULL)
904 key = NULL;
905 else {
906 if (!chap_Cmp(p->link.lcp.want_authtype, myans + 1, *myans,
907 ans + 1, alen
908 #ifndef NODES
909 , lanman
910 #endif
911 ))
912 key = NULL;
913 free(myans);
914 }
915 }
916 }
917
918 if (key)
919 chap_Success(&chap->auth);
920 else
921 chap_Failure(&chap->auth);
922 }
923
924 break;
925
926 case CHAP_SUCCESS:
927 if (p->link.lcp.auth_iwait == PROTO_CHAP) {
928 p->link.lcp.auth_iwait = 0;
929 if (p->link.lcp.auth_ineed == 0) {
930 #ifndef NODES
931 if (p->link.lcp.his_authtype == 0x81) {
932 if (strncasecmp(ans, chap->authresponse, 42)) {
933 datalink_AuthNotOk(p->dl);
934 log_Printf(LogWARN, "CHAP81: AuthenticatorResponse: (%.42s)"
935 " != ans: (%.42s)\n", chap->authresponse, ans);
936
937 } else {
938 /* Successful login */
939 MPPE_MasterKeyValid = 1; /* XXX Global ! */
940 datalink_AuthOk(p->dl);
941 }
942 } else
943 #endif
944 /*
945 * We've succeeded in our ``login''
946 * If we're not expecting the peer to authenticate (or he already
947 * has), proceed to network phase.
948 */
949 datalink_AuthOk(p->dl);
950 }
951 }
952 break;
953
954 case CHAP_FAILURE:
955 datalink_AuthNotOk(p->dl);
956 break;
957 }
958 free(ans);
959 }
960
961 m_freem(bp);
962 return NULL;
963 }
DragonFly BSD