sbin/iscontrol/auth_subr.c

   1 /*-
   2  * Copyright (c) 2005-2010 Daniel Braniss <danny@cs.huji.ac.il>
   3  * All rights reserved.
   4  *
   5  * Redistribution and use in source and binary forms, with or without
   6  * modification, are permitted provided that the following conditions
   7  * are met:
   8  * 1. Redistributions of source code must retain the above copyright
   9  *    notice, this list of conditions and the following disclaimer.
  10  * 2. Redistributions in binary form must reproduce the above copyright
  11  *    notice, this list of conditions and the following disclaimer in the
  12  *    documentation and/or other materials provided with the distribution.
  13  *
  14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
  15  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  16  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  17  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  18  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  19  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  20  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  21  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  22  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  23  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  24  * SUCH DAMAGE.
  25  *
  26  */
  27
  28 /*
  29  | $Id: auth_subr.c,v 2.2 2007/06/01 08:09:37 danny Exp $
  30  */
  31
  32 #include <sys/cdefs.h>
  33 __FBSDID("$FreeBSD$");
  34
  35 #include <sys/param.h>
  36 #include <sys/types.h>
  37 #include <sys/socket.h>
  38 #include <sys/sysctl.h>
  39
  40 #include <netinet/in.h>
  41 #include <netinet/tcp.h>
  42 #include <arpa/inet.h>
  43 #include <unistd.h>
  44 #include <stdlib.h>
  45 #include <stdio.h>
  46 #include <string.h>
  47 #include <fcntl.h>
  48
  49 #include <md5.h>
  50 #include <sha.h>
  51
  52 #include <dev/iscsi_initiator/iscsi.h>
  53 #include "iscontrol.h"
  54
  55 static int
  56 chapMD5(char id, char *cp, char *chapSecret, unsigned char *digest)
  57 {
  58      MD5_CTX    ctx;
  59      char       *tmp;
  60      int        len;
  61
  62      debug_called(3);
  63
  64      MD5Init(&ctx);
  65
  66      MD5Update(&ctx, &id, 1);
  67
  68      if((len = str2bin(chapSecret, &tmp)) == 0) {
  69           // print error
  70           return -1;
  71      }
  72      MD5Update(&ctx, tmp, len);
  73      free(tmp);
  74
  75      if((len = str2bin(cp, &tmp)) == 0) {
  76           // print error
  77           return -1;
  78      }
  79      MD5Update(&ctx, tmp, len);
  80      free(tmp);
  81
  82      MD5Final(digest, &ctx);
  83
  84
  85      return 0;
  86 }
  87
  88 static int
  89 chapSHA1(char id, char *cp, char *chapSecret, unsigned char *digest)
  90 {
  91      SHA1_CTX   ctx;
  92      char       *tmp;
  93      int        len;
  94
  95      debug_called(3);
  96
  97      SHA1_Init(&ctx);
  98
  99      SHA1_Update(&ctx, &id, 1);
 100
 101      if((len = str2bin(chapSecret, &tmp)) == 0) {
 102           // print error
 103           return -1;
 104      }
 105      SHA1_Update(&ctx, tmp, len);
 106      free(tmp);
 107
 108      if((len = str2bin(cp, &tmp)) == 0) {
 109           // print error
 110           return -1;
 111      }
 112      SHA1_Update(&ctx, tmp, len);
 113      free(tmp);
 114
 115      SHA1_Final(digest, &ctx);
 116
 117      return 0;
 118
 119 }
 120 /*
 121  | the input text format can be anything that the rfc3270 defines
 122  | (see section 5.1 and str2bin)
 123  | digest length for md5 is 128bits, and for sha1 is 160bits.
 124  | digest is an ASCII string which represents the bits in
 125  | hexadecimal or base64 according to the challenge(cp) format
 126  */
 127 char *
 128 chapDigest(char *ap, char id, char *cp, char *chapSecret)
 129 {
 130      int        len;
 131      unsigned   char digest[20];
 132      char       encoding[3];
 133
 134      debug_called(3);
 135
 136      len = 0;
 137      if(strcmp(ap, "5") == 0 && chapMD5(id, cp, chapSecret, digest) == 0)
 138           len = 16;
 139      else
 140      if(strcmp(ap, "7") == 0 && chapSHA1(id, cp, chapSecret, digest) == 0)
 141           len = 20;
 142
 143      if(len) {
 144           sprintf(encoding, "%.2s", cp);
 145           return bin2str(encoding, digest, len);
 146      }
 147
 148      return NULL;
 149 }
 150
 151 char *
 152 genChapChallenge(char *encoding, uint len)
 153 {
 154      int        fd;
 155      unsigned   char tmp[1024];
 156
 157      if(len > sizeof(tmp))
 158           return NULL;
 159
 160      if((fd = open("/dev/random", O_RDONLY)) != -1) {
 161           read(fd, tmp, len);
 162           close(fd);
 163           return bin2str(encoding, tmp, len);
 164      }
 165      perror("/dev/random");
 166      // make up something ...
 167      return NULL;
 168 }
 169
 170 #ifdef TEST_AUTH
 171 static void
 172 puke(char *str, unsigned char *dg, int len)
 173 {
 174      printf("%3d] %s\n     0x", len, str);
 175      while(len-- > 0)
 176           printf("%02x", *dg++);
 177      printf("\n");
 178 }
 179
 180 main(int cc, char **vv)
 181 {
 182      char *p, *ap, *ip, *cp, *chapSecret, *digest;
 183      int len;
 184
 185 #if 0
 186      ap = "5";
 187      chapSecret = "0xa5aff013dd839b1edd31ee73a1df0b1b";
 188 //     chapSecret = "abcdefghijklmnop";
 189      len = str2bin(chapSecret, &cp);
 190      puke(chapSecret, cp, len);
 191
 192      ip = "238";
 193      cp = "0xbd456029";
 194
 195
 196      if((digest = chapDigest(ap, ip, cp, chapSecret)) != NULL) {
 197           len = str2bin(digest, &cp);
 198           puke(digest, cp, len);
 199      }
 200 #else
 201      printf("%d] %s\n", 24, genChallenge("0X", 24));
 202 #endif
 203 }
 204 #endif