search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
kernel - Revert part of the contig allocation work
[dragonfly.git] / usr.sbin / ppp / chap.c
blob76842df77ab2a6a5d5e5ae3a4fe8dc10c23eb138
1 /*-
2 * Copyright (c) 1996 - 2001 Brian Somers <brian@Awfulhak.org>
3 * based on work by Toshiharu OHNO <tony-o@iij.ad.jp>
4 * Internet Initiative Japan, Inc (IIJ)
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 *
28 * $FreeBSD: src/usr.sbin/ppp/chap.c,v 1.61.2.7 2002/09/01 02:12:23 brian Exp $
29 * $DragonFly: src/usr.sbin/ppp/chap.c,v 1.2 2003/06/17 04:30:00 dillon Exp $
30 */
31
32 #include <sys/param.h>
33 #include <netinet/in.h>
34 #include <netinet/in_systm.h>
35 #include <netinet/ip.h>
36 #include <sys/socket.h>
37 #include <sys/un.h>
38
39 #include <ctype.h>
40 #include <errno.h>
41 #include <fcntl.h>
42 #ifndef NODES
43 #include <md4.h>
44 #endif
45 #include <md5.h>
46 #include <paths.h>
47 #include <signal.h>
48 #include <stdio.h>
49 #include <stdlib.h>
50 #include <string.h>
51 #include <sys/wait.h>
52 #include <termios.h>
53 #include <unistd.h>
54
55 #include "layer.h"
56 #include "mbuf.h"
57 #include "log.h"
58 #include "defs.h"
59 #include "timer.h"
60 #include "fsm.h"
61 #include "proto.h"
62 #include "lqr.h"
63 #include "hdlc.h"
64 #include "lcp.h"
65 #include "auth.h"
66 #include "async.h"
67 #include "throughput.h"
68 #include "descriptor.h"
69 #include "chap.h"
70 #include "iplist.h"
71 #include "slcompress.h"
72 #include "ncpaddr.h"
73 #include "ipcp.h"
74 #include "filter.h"
75 #include "ccp.h"
76 #include "link.h"
77 #include "physical.h"
78 #include "mp.h"
79 #ifndef NORADIUS
80 #include "radius.h"
81 #endif
82 #include "ipv6cp.h"
83 #include "ncp.h"
84 #include "bundle.h"
85 #include "chat.h"
86 #include "cbcp.h"
87 #include "command.h"
88 #include "datalink.h"
89 #ifndef NODES
90 #include "chap_ms.h"
91 #include "mppe.h"
92 #endif
93 #include "id.h"
94
95 static const char * const chapcodes[] = {
96 "???", "CHALLENGE", "RESPONSE", "SUCCESS", "FAILURE"
97 };
98 #define MAXCHAPCODE (sizeof chapcodes / sizeof chapcodes[0] - 1)
99
100 static void
101 ChapOutput(struct physical *physical, u_int code, u_int id,
102 const u_char *ptr, int count, const char *text)
103 {
104 int plen;
105 struct fsmheader lh;
106 struct mbuf *bp;
107
108 plen = sizeof(struct fsmheader) + count;
109 lh.code = code;
110 lh.id = id;
111 lh.length = htons(plen);
112 bp = m_get(plen, MB_CHAPOUT);
113 memcpy(MBUF_CTOP(bp), &lh, sizeof(struct fsmheader));
114 if (count)
115 memcpy(MBUF_CTOP(bp) + sizeof(struct fsmheader), ptr, count);
116 log_DumpBp(LogDEBUG, "ChapOutput", bp);
117 if (text == NULL)
118 log_Printf(LogPHASE, "Chap Output: %s\n", chapcodes[code]);
119 else
120 log_Printf(LogPHASE, "Chap Output: %s (%s)\n", chapcodes[code], text);
121 link_PushPacket(&physical->link, bp, physical->dl->bundle,
122 LINK_QUEUES(&physical->link) - 1, PROTO_CHAP);
123 }
124
125 static char *
126 chap_BuildAnswer(char *name, char *key, u_char id, char *challenge
127 #ifndef NODES
128 , u_char type, char *peerchallenge, char *authresponse,
129 int lanman
130 #endif
131 )
132 {
133 char *result, *digest;
134 size_t nlen, klen;
135
136 nlen = strlen(name);
137 klen = strlen(key);
138
139 #ifndef NODES
140 if (type == 0x80) {
141 char expkey[AUTHLEN << 2];
142 MD4_CTX MD4context;
143 size_t f;
144
145 if ((result = malloc(1 + nlen + MS_CHAP_RESPONSE_LEN)) == NULL)
146 return result;
147
148 digest = result; /* the response */
149 *digest++ = MS_CHAP_RESPONSE_LEN; /* 49 */
150 memcpy(digest + MS_CHAP_RESPONSE_LEN, name, nlen);
151 if (lanman) {
152 memset(digest + 24, '\0', 25);
153 mschap_LANMan(digest, challenge + 1, key); /* LANMan response */
154 } else {
155 memset(digest, '\0', 25);
156 digest += 24;
157
158 for (f = 0; f < klen; f++) {
159 expkey[2*f] = key[f];
160 expkey[2*f+1] = '\0';
161 }
162 /*
163 * -----------
164 * expkey = | k\0e\0y\0 |
165 * -----------
166 */
167 MD4Init(&MD4context);
168 MD4Update(&MD4context, expkey, klen << 1);
169 MD4Final(digest, &MD4context);
170
171 /*
172 * ---- -------- ---------------- ------- ------
173 * result = | 49 | LANMan | 16 byte digest | 9 * ? | name |
174 * ---- -------- ---------------- ------- ------
175 */
176 mschap_NT(digest, challenge + 1);
177 }
178 /*
179 * ---- -------- ------------- ----- ------
180 * | | struct MS_ChapResponse24 | |
181 * result = | 49 | LANMan | NT digest | 0/1 | name |
182 * ---- -------- ------------- ----- ------
183 * where only one of LANMan & NT digest are set.
184 */
185 } else if (type == 0x81) {
186 char expkey[AUTHLEN << 2];
187 char pwdhash[CHAP81_HASH_LEN];
188 char pwdhashhash[CHAP81_HASH_LEN];
189 char *ntresponse;
190 size_t f;
191
192 if ((result = malloc(1 + nlen + CHAP81_RESPONSE_LEN)) == NULL)
193 return result;
194
195 memset(result, 0, 1 + nlen + CHAP81_RESPONSE_LEN);
196
197 digest = result;
198 *digest++ = CHAP81_RESPONSE_LEN; /* value size */
199
200 /* Copy our challenge */
201 memcpy(digest, peerchallenge + 1, CHAP81_CHALLENGE_LEN);
202
203 /* Expand password to Unicode XXX */
204 for (f = 0; f < klen; f++) {
205 expkey[2*f] = key[f];
206 expkey[2*f+1] = '\0';
207 }
208
209 ntresponse = digest + CHAP81_NTRESPONSE_OFF;
210
211 /* Get some needed hashes */
212 NtPasswordHash(expkey, klen * 2, pwdhash);
213 HashNtPasswordHash(pwdhash, pwdhashhash);
214
215 /* Generate NTRESPONSE to respond on challenge call */
216 GenerateNTResponse(challenge + 1, peerchallenge + 1, name,
217 expkey, klen * 2, ntresponse);
218
219 /* Generate MPPE MASTERKEY */
220 GetMasterKey(pwdhashhash, ntresponse, MPPE_MasterKey); /* XXX Global ! */
221
222 /* Generate AUTHRESPONSE to verify on auth success */
223 GenerateAuthenticatorResponse(expkey, klen * 2, ntresponse,
224 peerchallenge + 1, challenge + 1, name,
225 authresponse);
226
227 authresponse[CHAP81_AUTHRESPONSE_LEN] = 0;
228
229 memcpy(digest + CHAP81_RESPONSE_LEN, name, nlen);
230 } else
231 #endif
232 if ((result = malloc(nlen + 17)) != NULL) {
233 /* Normal MD5 stuff */
234 MD5_CTX MD5context;
235
236 digest = result;
237 *digest++ = 16; /* value size */
238
239 MD5Init(&MD5context);
240 MD5Update(&MD5context, &id, 1);
241 MD5Update(&MD5context, key, klen);
242 MD5Update(&MD5context, challenge + 1, *challenge);
243 MD5Final(digest, &MD5context);
244
245 memcpy(digest + 16, name, nlen);
246 /*
247 * ---- -------- ------
248 * result = | 16 | digest | name |
249 * ---- -------- ------
250 */
251 }
252
253 return result;
254 }
255
256 static void
257 chap_StartChild(struct chap *chap, char *prog, const char *name)
258 {
259 char *argv[MAXARGS], *nargv[MAXARGS];
260 int argc, fd;
261 int in[2], out[2];
262 pid_t pid;
263
264 if (chap->child.fd != -1) {
265 log_Printf(LogWARN, "Chap: %s: Program already running\n", prog);
266 return;
267 }
268
269 if (pipe(in) == -1) {
270 log_Printf(LogERROR, "Chap: pipe: %s\n", strerror(errno));
271 return;
272 }
273
274 if (pipe(out) == -1) {
275 log_Printf(LogERROR, "Chap: pipe: %s\n", strerror(errno));
276 close(in[0]);
277 close(in[1]);
278 return;
279 }
280
281 pid = getpid();
282 switch ((chap->child.pid = fork())) {
283 case -1:
284 log_Printf(LogERROR, "Chap: fork: %s\n", strerror(errno));
285 close(in[0]);
286 close(in[1]);
287 close(out[0]);
288 close(out[1]);
289 chap->child.pid = 0;
290 return;
291
292 case 0:
293 timer_TermService();
294
295 if ((argc = command_Interpret(prog, strlen(prog), argv)) <= 0) {
296 if (argc < 0) {
297 log_Printf(LogWARN, "CHAP: Invalid command syntax\n");
298 _exit(255);
299 }
300 _exit(0);
301 }
302
303 close(in[1]);
304 close(out[0]);
305 if (out[1] == STDIN_FILENO)
306 out[1] = dup(out[1]);
307 dup2(in[0], STDIN_FILENO);
308 dup2(out[1], STDOUT_FILENO);
309 close(STDERR_FILENO);
310 if (open(_PATH_DEVNULL, O_RDWR) != STDERR_FILENO) {
311 log_Printf(LogALERT, "Chap: Failed to open %s: %s\n",
312 _PATH_DEVNULL, strerror(errno));
313 exit(1);
314 }
315 for (fd = getdtablesize(); fd > STDERR_FILENO; fd--)
316 fcntl(fd, F_SETFD, 1);
317 #ifndef NOSUID
318 setuid(ID0realuid());
319 #endif
320 command_Expand(nargv, argc, (char const *const *)argv,
321 chap->auth.physical->dl->bundle, 0, pid);
322 execvp(nargv[0], nargv);
323 printf("exec() of %s failed: %s\n", nargv[0], strerror(errno));
324 _exit(255);
325
326 default:
327 close(in[0]);
328 close(out[1]);
329 chap->child.fd = out[0];
330 chap->child.buf.len = 0;
331 write(in[1], chap->auth.in.name, strlen(chap->auth.in.name));
332 write(in[1], "\n", 1);
333 write(in[1], chap->challenge.peer + 1, *chap->challenge.peer);
334 write(in[1], "\n", 1);
335 write(in[1], name, strlen(name));
336 write(in[1], "\n", 1);
337 close(in[1]);
338 break;
339 }
340 }
341
342 static void
343 chap_Cleanup(struct chap *chap, int sig)
344 {
345 if (chap->child.pid) {
346 int status;
347
348 close(chap->child.fd);
349 chap->child.fd = -1;
350 if (sig)
351 kill(chap->child.pid, SIGTERM);
352 chap->child.pid = 0;
353 chap->child.buf.len = 0;
354
355 if (wait(&status) == -1)
356 log_Printf(LogERROR, "Chap: wait: %s\n", strerror(errno));
357 else if (WIFSIGNALED(status))
358 log_Printf(LogWARN, "Chap: Child received signal %d\n", WTERMSIG(status));
359 else if (WIFEXITED(status) && WEXITSTATUS(status))
360 log_Printf(LogERROR, "Chap: Child exited %d\n", WEXITSTATUS(status));
361 }
362 *chap->challenge.local = *chap->challenge.peer = '\0';
363 #ifndef NODES
364 chap->peertries = 0;
365 #endif
366 }
367
368 static void
369 chap_Respond(struct chap *chap, char *name, char *key
370 #ifndef NODES
371 , u_char type, int lm
372 #endif
373 )
374 {
375 u_char *ans;
376
377 ans = chap_BuildAnswer(name, key, chap->auth.id, chap->challenge.peer
378 #ifndef NODES
379 , type, chap->challenge.local, chap->authresponse, lm
380 #endif
381 );
382
383 if (ans) {
384 ChapOutput(chap->auth.physical, CHAP_RESPONSE, chap->auth.id,
385 ans, *ans + 1 + strlen(name), name);
386 #ifndef NODES
387 chap->NTRespSent = !lm;
388 MPPE_IsServer = 0; /* XXX Global ! */
389 #endif
390 free(ans);
391 } else
392 ChapOutput(chap->auth.physical, CHAP_FAILURE, chap->auth.id,
393 "Out of memory!", 14, NULL);
394 }
395
396 static int
397 chap_UpdateSet(struct fdescriptor *d, fd_set *r, fd_set *w __unused,
398 fd_set *e __unused, int *n)
399 {
400 struct chap *chap = descriptor2chap(d);
401
402 if (r && chap && chap->child.fd != -1) {
403 FD_SET(chap->child.fd, r);
404 if (*n < chap->child.fd + 1)
405 *n = chap->child.fd + 1;
406 log_Printf(LogTIMER, "Chap: fdset(r) %d\n", chap->child.fd);
407 return 1;
408 }
409
410 return 0;
411 }
412
413 static int
414 chap_IsSet(struct fdescriptor *d, const fd_set *fdset)
415 {
416 struct chap *chap = descriptor2chap(d);
417
418 return chap && chap->child.fd != -1 && FD_ISSET(chap->child.fd, fdset);
419 }
420
421 static void
422 chap_Read(struct fdescriptor *d, struct bundle *bundle __unused,
423 const fd_set *fdset __unused)
424 {
425 struct chap *chap = descriptor2chap(d);
426 int got;
427
428 got = read(chap->child.fd, chap->child.buf.ptr + chap->child.buf.len,
429 sizeof chap->child.buf.ptr - chap->child.buf.len - 1);
430 if (got == -1) {
431 log_Printf(LogERROR, "Chap: Read: %s\n", strerror(errno));
432 chap_Cleanup(chap, SIGTERM);
433 } else if (got == 0) {
434 log_Printf(LogWARN, "Chap: Read: Child terminated connection\n");
435 chap_Cleanup(chap, SIGTERM);
436 } else {
437 char *name, *key, *end;
438
439 chap->child.buf.len += got;
440 chap->child.buf.ptr[chap->child.buf.len] = '\0';
441 name = chap->child.buf.ptr;
442 name += strspn(name, " \t");
443 if ((key = strchr(name, '\n')) == NULL)
444 end = NULL;
445 else
446 end = strchr(++key, '\n');
447
448 if (end == NULL) {
449 if (chap->child.buf.len == sizeof chap->child.buf.ptr - 1) {
450 log_Printf(LogWARN, "Chap: Read: Input buffer overflow\n");
451 chap_Cleanup(chap, SIGTERM);
452 }
453 } else {
454 #ifndef NODES
455 int lanman = chap->auth.physical->link.lcp.his_authtype == 0x80 &&
456 ((chap->NTRespSent &&
457 IsAccepted(chap->auth.physical->link.lcp.cfg.chap80lm)) ||
458 !IsAccepted(chap->auth.physical->link.lcp.cfg.chap80nt));
459 #endif
460
461 while (end >= name && strchr(" \t\r\n", *end))
462 *end-- = '\0';
463 end = key - 1;
464 while (end >= name && strchr(" \t\r\n", *end))
465 *end-- = '\0';
466 key += strspn(key, " \t");
467
468 chap_Respond(chap, name, key
469 #ifndef NODES
470 , chap->auth.physical->link.lcp.his_authtype, lanman
471 #endif
472 );
473 chap_Cleanup(chap, 0);
474 }
475 }
476 }
477
478 static int
479 chap_Write(struct fdescriptor *d __unused, struct bundle *bundle __unused,
480 const fd_set *fdset __unused)
481 {
482 /* We never want to write here ! */
483 log_Printf(LogALERT, "chap_Write: Internal error: Bad call !\n");
484 return 0;
485 }
486
487 static void
488 chap_ChallengeInit(struct authinfo *authp)
489 {
490 struct chap *chap = auth2chap(authp);
491 int len, i;
492 char *cp;
493
494 len = strlen(authp->physical->dl->bundle->cfg.auth.name);
495
496 if (!*chap->challenge.local) {
497 randinit();
498 cp = chap->challenge.local;
499
500 #ifndef NORADIUS
501 if (*authp->physical->dl->bundle->radius.cfg.file) {
502 /* For radius, our challenge is 16 readable NUL terminated bytes :*/
503 *cp++ = 16;
504 for (i = 0; i < 16; i++)
505 *cp++ = (random() % 10) + '0';
506 } else
507 #endif
508 {
509 #ifndef NODES
510 if (authp->physical->link.lcp.want_authtype == 0x80)
511 *cp++ = 8; /* MS does 8 byte callenges :-/ */
512 else if (authp->physical->link.lcp.want_authtype == 0x81)
513 *cp++ = 16; /* MS-CHAP-V2 does 16 bytes challenges */
514 else
515 #endif
516 *cp++ = random() % (CHAPCHALLENGELEN-16) + 16;
517 for (i = 0; i < *chap->challenge.local; i++)
518 *cp++ = random() & 0xff;
519 }
520 memcpy(cp, authp->physical->dl->bundle->cfg.auth.name, len);
521 }
522 }
523
524 static void
525 chap_Challenge(struct authinfo *authp)
526 {
527 struct chap *chap = auth2chap(authp);
528 int len;
529
530 log_Printf(LogDEBUG, "CHAP%02X: Challenge\n",
531 authp->physical->link.lcp.want_authtype);
532
533 len = strlen(authp->physical->dl->bundle->cfg.auth.name);
534
535 /* Generate new local challenge value */
536 if (!*chap->challenge.local)
537 chap_ChallengeInit(authp);
538
539 #ifndef NODES
540 if (authp->physical->link.lcp.want_authtype == 0x81)
541 ChapOutput(authp->physical, CHAP_CHALLENGE, authp->id,
542 chap->challenge.local, 1 + *chap->challenge.local, NULL);
543 else
544 #endif
545 ChapOutput(authp->physical, CHAP_CHALLENGE, authp->id,
546 chap->challenge.local, 1 + *chap->challenge.local + len, NULL);
547 }
548
549 static void
550 chap_Success(struct authinfo *authp)
551 {
552 struct bundle *bundle = authp->physical->dl->bundle;
553 const char *msg;
554
555 datalink_GotAuthname(authp->physical->dl, authp->in.name);
556 #ifndef NODES
557 if (authp->physical->link.lcp.want_authtype == 0x81) {
558 #ifndef NORADIUS
559 if (*bundle->radius.cfg.file && bundle->radius.msrepstr)
560 msg = bundle->radius.msrepstr;
561 else
562 #endif
563 msg = auth2chap(authp)->authresponse;
564 MPPE_MasterKeyValid = 1; /* XXX Global ! */
565 } else
566 #endif
567 #ifndef NORADIUS
568 if (*bundle->radius.cfg.file && bundle->radius.repstr)
569 msg = bundle->radius.repstr;
570 else
571 #endif
572 msg = "Welcome!!";
573
574 ChapOutput(authp->physical, CHAP_SUCCESS, authp->id, msg, strlen(msg),
575 NULL);
576
577 authp->physical->link.lcp.auth_ineed = 0;
578 if (Enabled(bundle, OPT_UTMP))
579 physical_Login(authp->physical, authp->in.name);
580
581 if (authp->physical->link.lcp.auth_iwait == 0)
582 /*
583 * Either I didn't need to authenticate, or I've already been
584 * told that I got the answer right.
585 */
586 datalink_AuthOk(authp->physical->dl);
587 }
588
589 static void
590 chap_Failure(struct authinfo *authp)
591 {
592 #ifndef NODES
593 char buf[1024], *ptr;
594 #endif
595 const char *msg;
596
597 #ifndef NORADIUS
598 struct bundle *bundle = authp->physical->link.lcp.fsm.bundle;
599 if (*bundle->radius.cfg.file && bundle->radius.errstr)
600 msg = bundle->radius.errstr;
601 else
602 #endif
603 #ifndef NODES
604 if (authp->physical->link.lcp.want_authtype == 0x80) {
605 sprintf(buf, "E=691 R=1 M=Invalid!");
606 msg = buf;
607 } else if (authp->physical->link.lcp.want_authtype == 0x81) {
608 int i;
609
610 ptr = buf;
611 ptr += sprintf(buf, "E=691 R=0 C=");
612 for (i=0; i<16; i++)
613 ptr += sprintf(ptr, "%02X", *(auth2chap(authp)->challenge.local+1+i));
614
615 sprintf(ptr, " V=3 M=Invalid!");
616 msg = buf;
617 } else
618 #endif
619 msg = "Invalid!!";
620
621 ChapOutput(authp->physical, CHAP_FAILURE, authp->id, msg, strlen(msg) + 1,
622 NULL);
623 datalink_AuthNotOk(authp->physical->dl);
624 }
625
626 static int
627 chap_Cmp(char *myans, int mylen, char *hisans, int hislen
628 #ifndef NODES
629 , u_char type, int lm
630 #endif
631 )
632 {
633 if (mylen != hislen)
634 return 0;
635 #ifndef NODES
636 else if (type == 0x80) {
637 int off = lm ? 0 : 24;
638
639 if (memcmp(myans + off, hisans + off, 24))
640 return 0;
641 }
642 #endif
643 else if (memcmp(myans, hisans, mylen))
644 return 0;
645
646 return 1;
647 }
648
649 #ifndef NODES
650 static int
651 chap_HaveAnotherGo(struct chap *chap)
652 {
653 if (++chap->peertries < 3) {
654 /* Give the peer another shot */
655 *chap->challenge.local = '\0';
656 chap_Challenge(&chap->auth);
657 return 1;
658 }
659
660 return 0;
661 }
662 #endif
663
664 void
665 chap_Init(struct chap *chap, struct physical *p)
666 {
667 chap->desc.type = CHAP_DESCRIPTOR;
668 chap->desc.UpdateSet = chap_UpdateSet;
669 chap->desc.IsSet = chap_IsSet;
670 chap->desc.Read = chap_Read;
671 chap->desc.Write = chap_Write;
672 chap->child.pid = 0;
673 chap->child.fd = -1;
674 auth_Init(&chap->auth, p, chap_Challenge, chap_Success, chap_Failure);
675 *chap->challenge.local = *chap->challenge.peer = '\0';
676 #ifndef NODES
677 chap->NTRespSent = 0;
678 chap->peertries = 0;
679 #endif
680 }
681
682 void
683 chap_ReInit(struct chap *chap)
684 {
685 chap_Cleanup(chap, SIGTERM);
686 }
687
688 struct mbuf *
689 chap_Input(struct bundle *bundle, struct link *l, struct mbuf *bp)
690 {
691 struct physical *p = link2physical(l);
692 struct chap *chap = &p->dl->chap;
693 char *name, *key, *ans;
694 int len;
695 size_t nlen;
696 u_char alen;
697 #ifndef NODES
698 int lanman;
699 #endif
700
701 if (p == NULL) {
702 log_Printf(LogERROR, "chap_Input: Not a physical link - dropped\n");
703 m_freem(bp);
704 return NULL;
705 }
706
707 if (bundle_Phase(bundle) != PHASE_NETWORK &&
708 bundle_Phase(bundle) != PHASE_AUTHENTICATE) {
709 log_Printf(LogPHASE, "Unexpected chap input - dropped !\n");
710 m_freem(bp);
711 return NULL;
712 }
713
714 m_settype(bp, MB_CHAPIN);
715 if ((bp = auth_ReadHeader(&chap->auth, bp)) == NULL &&
716 ntohs(chap->auth.in.hdr.length) == 0)
717 log_Printf(LogWARN, "Chap Input: Truncated header !\n");
718 else if (chap->auth.in.hdr.code == 0 || chap->auth.in.hdr.code > MAXCHAPCODE)
719 log_Printf(LogPHASE, "Chap Input: %d: Bad CHAP code !\n",
720 chap->auth.in.hdr.code);
721 else {
722 len = m_length(bp);
723 ans = NULL;
724
725 if (chap->auth.in.hdr.code != CHAP_CHALLENGE &&
726 chap->auth.id != chap->auth.in.hdr.id &&
727 Enabled(bundle, OPT_IDCHECK)) {
728 /* Wrong conversation dude ! */
729 log_Printf(LogPHASE, "Chap Input: %s dropped (got id %d, not %d)\n",
730 chapcodes[chap->auth.in.hdr.code], chap->auth.in.hdr.id,
731 chap->auth.id);
732 m_freem(bp);
733 return NULL;
734 }
735 chap->auth.id = chap->auth.in.hdr.id; /* We respond with this id */
736
737 #ifndef NODES
738 lanman = 0;
739 #endif
740 switch (chap->auth.in.hdr.code) {
741 case CHAP_CHALLENGE:
742 bp = mbuf_Read(bp, &alen, 1);
743 len -= alen + 1;
744 if (len < 0) {
745 log_Printf(LogERROR, "Chap Input: Truncated challenge !\n");
746 m_freem(bp);
747 return NULL;
748 }
749 *chap->challenge.peer = alen;
750 bp = mbuf_Read(bp, chap->challenge.peer + 1, alen);
751 bp = auth_ReadName(&chap->auth, bp, len);
752 #ifndef NODES
753 lanman = p->link.lcp.his_authtype == 0x80 &&
754 ((chap->NTRespSent && IsAccepted(p->link.lcp.cfg.chap80lm)) ||
755 !IsAccepted(p->link.lcp.cfg.chap80nt));
756
757 /* Generate local challenge value */
758 chap_ChallengeInit(&chap->auth);
759 #endif
760 break;
761
762 case CHAP_RESPONSE:
763 auth_StopTimer(&chap->auth);
764 bp = mbuf_Read(bp, &alen, 1);
765 len -= alen + 1;
766 if (len < 0) {
767 log_Printf(LogERROR, "Chap Input: Truncated response !\n");
768 m_freem(bp);
769 return NULL;
770 }
771 if ((ans = malloc(alen + 1)) == NULL) {
772 log_Printf(LogERROR, "Chap Input: Out of memory !\n");
773 m_freem(bp);
774 return NULL;
775 }
776 *ans = chap->auth.id;
777 bp = mbuf_Read(bp, ans + 1, alen);
778 bp = auth_ReadName(&chap->auth, bp, len);
779 #ifndef NODES
780 lanman = p->link.lcp.want_authtype == 0x80 &&
781 alen == 49 && ans[alen] == 0;
782 #endif
783 break;
784
785 case CHAP_SUCCESS:
786 case CHAP_FAILURE:
787 /* chap->auth.in.name is already set up at CHALLENGE time */
788 if ((ans = malloc(len + 1)) == NULL) {
789 log_Printf(LogERROR, "Chap Input: Out of memory !\n");
790 m_freem(bp);
791 return NULL;
792 }
793 bp = mbuf_Read(bp, ans, len);
794 ans[len] = '\0';
795 break;
796 }
797
798 switch (chap->auth.in.hdr.code) {
799 case CHAP_CHALLENGE:
800 case CHAP_RESPONSE:
801 if (*chap->auth.in.name)
802 log_Printf(LogPHASE, "Chap Input: %s (%d bytes from %s%s)\n",
803 chapcodes[chap->auth.in.hdr.code], alen,
804 chap->auth.in.name,
805 #ifndef NODES
806 lanman && chap->auth.in.hdr.code == CHAP_RESPONSE ?
807 " - lanman" :
808 #endif
809 "");
810 else
811 log_Printf(LogPHASE, "Chap Input: %s (%d bytes%s)\n",
812 chapcodes[chap->auth.in.hdr.code], alen,
813 #ifndef NODES
814 lanman && chap->auth.in.hdr.code == CHAP_RESPONSE ?
815 " - lanman" :
816 #endif
817 "");
818 break;
819
820 case CHAP_SUCCESS:
821 case CHAP_FAILURE:
822 if (*ans)
823 log_Printf(LogPHASE, "Chap Input: %s (%s)\n",
824 chapcodes[chap->auth.in.hdr.code], ans);
825 else
826 log_Printf(LogPHASE, "Chap Input: %s\n",
827 chapcodes[chap->auth.in.hdr.code]);
828 break;
829 }
830
831 switch (chap->auth.in.hdr.code) {
832 case CHAP_CHALLENGE:
833 if (*bundle->cfg.auth.key == '!' && bundle->cfg.auth.key[1] != '!')
834 chap_StartChild(chap, bundle->cfg.auth.key + 1,
835 bundle->cfg.auth.name);
836 else
837 chap_Respond(chap, bundle->cfg.auth.name, bundle->cfg.auth.key +
838 (*bundle->cfg.auth.key == '!' ? 1 : 0)
839
840 #ifndef NODES
841 , p->link.lcp.his_authtype, lanman
842 #endif
843 );
844 break;
845
846 case CHAP_RESPONSE:
847 name = chap->auth.in.name;
848 nlen = strlen(name);
849 #ifndef NODES
850 if (p->link.lcp.want_authtype == 0x81) {
851 struct MSCHAPv2_resp *resp = (struct MSCHAPv2_resp *)(ans + 1);
852
853 chap->challenge.peer[0] = sizeof resp->PeerChallenge;
854 memcpy(chap->challenge.peer + 1, resp->PeerChallenge,
855 sizeof resp->PeerChallenge);
856 }
857 #endif
858
859 #ifndef NORADIUS
860 if (*bundle->radius.cfg.file) {
861 if (!radius_Authenticate(&bundle->radius, &chap->auth,
862 chap->auth.in.name, ans, alen + 1,
863 chap->challenge.local + 1,
864 *chap->challenge.local))
865 chap_Failure(&chap->auth);
866 } else
867 #endif
868 {
869 if (p->link.lcp.want_authtype == 0x81 && ans[alen] != '\0' &&
870 alen == sizeof(struct MSCHAPv2_resp)) {
871 struct MSCHAPv2_resp *resp = (struct MSCHAPv2_resp *)(ans + 1);
872
873 log_Printf(LogWARN, "%s: Compensating for corrupt (Win98/WinME?) "
874 "CHAP81 RESPONSE\n", l->name);
875 resp->Flags = '\0'; /* rfc2759 says it *MUST* be zero */
876 }
877 key = auth_GetSecret(name, nlen);
878 if (key) {
879 #ifndef NODES
880 if (p->link.lcp.want_authtype == 0x80 &&
881 lanman && !IsEnabled(p->link.lcp.cfg.chap80lm)) {
882 log_Printf(LogPHASE, "Auth failure: LANMan not enabled\n");
883 if (chap_HaveAnotherGo(chap))
884 break;
885 key = NULL;
886 } else if (p->link.lcp.want_authtype == 0x80 &&
887 !lanman && !IsEnabled(p->link.lcp.cfg.chap80nt)) {
888 log_Printf(LogPHASE, "Auth failure: mschap not enabled\n");
889 if (chap_HaveAnotherGo(chap))
890 break;
891 key = NULL;
892 } else if (p->link.lcp.want_authtype == 0x81 &&
893 !IsEnabled(p->link.lcp.cfg.chap81)) {
894 log_Printf(LogPHASE, "Auth failure: CHAP81 not enabled\n");
895 key = NULL;
896 } else
897 #endif
898 {
899 char *myans = chap_BuildAnswer(name, key, chap->auth.id,
900 chap->challenge.local
901 #ifndef NODES
902 , p->link.lcp.want_authtype,
903 chap->challenge.peer,
904 chap->authresponse, lanman);
905 MPPE_IsServer = 1; /* XXX Global ! */
906 #else
907 );
908 #endif
909 if (myans == NULL)
910 key = NULL;
911 else {
912 if (!chap_Cmp(myans + 1, *myans, ans + 1, alen
913 #ifndef NODES
914 , p->link.lcp.want_authtype, lanman
915 #endif
916 ))
917 key = NULL;
918 free(myans);
919 }
920 }
921 }
922
923 if (key)
924 chap_Success(&chap->auth);
925 else
926 chap_Failure(&chap->auth);
927 }
928
929 break;
930
931 case CHAP_SUCCESS:
932 if (p->link.lcp.auth_iwait == PROTO_CHAP) {
933 p->link.lcp.auth_iwait = 0;
934 if (p->link.lcp.auth_ineed == 0) {
935 #ifndef NODES
936 if (p->link.lcp.his_authtype == 0x81) {
937 if (strncasecmp(ans, chap->authresponse, 42)) {
938 datalink_AuthNotOk(p->dl);
939 log_Printf(LogWARN, "CHAP81: AuthenticatorResponse: (%.42s)"
940 " != ans: (%.42s)\n", chap->authresponse, ans);
941
942 } else {
943 /* Successful login */
944 MPPE_MasterKeyValid = 1; /* XXX Global ! */
945 datalink_AuthOk(p->dl);
946 }
947 } else
948 #endif
949 /*
950 * We've succeeded in our ``login''
951 * If we're not expecting the peer to authenticate (or he already
952 * has), proceed to network phase.
953 */
954 datalink_AuthOk(p->dl);
955 }
956 }
957 break;
958
959 case CHAP_FAILURE:
960 datalink_AuthNotOk(p->dl);
961 break;
962 }
963 free(ans);
964 }
965
966 m_freem(bp);
967 return NULL;
968 }
DragonFly BSD