[457] | 1 | /*
|
---|
| 2 | * chap-new.c - New CHAP implementation.
|
---|
| 3 | *
|
---|
| 4 | * Copyright (c) 2003 Paul Mackerras. All rights reserved.
|
---|
| 5 | *
|
---|
| 6 | * Redistribution and use in source and binary forms, with or without
|
---|
| 7 | * modification, are permitted provided that the following conditions
|
---|
| 8 | * are met:
|
---|
| 9 | *
|
---|
| 10 | * 1. Redistributions of source code must retain the above copyright
|
---|
| 11 | * notice, this list of conditions and the following disclaimer.
|
---|
| 12 | *
|
---|
| 13 | * 2. The name(s) of the authors of this software must not be used to
|
---|
| 14 | * endorse or promote products derived from this software without
|
---|
| 15 | * prior written permission.
|
---|
| 16 | *
|
---|
| 17 | * 3. Redistributions of any form whatsoever must retain the following
|
---|
| 18 | * acknowledgment:
|
---|
| 19 | * "This product includes software developed by Paul Mackerras
|
---|
| 20 | * <paulus@samba.org>".
|
---|
| 21 | *
|
---|
| 22 | * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
|
---|
| 23 | * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
|
---|
| 24 | * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
|
---|
| 25 | * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
---|
| 26 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
|
---|
| 27 | * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
|
---|
| 28 | * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
---|
| 29 | */
|
---|
| 30 |
|
---|
| 31 | #include "netif/ppp/ppp_opts.h"
|
---|
| 32 | #if PPP_SUPPORT && CHAP_SUPPORT /* don't build if not configured for use in lwipopts.h */
|
---|
| 33 |
|
---|
| 34 | #if 0 /* UNUSED */
|
---|
| 35 | #include <stdlib.h>
|
---|
| 36 | #include <string.h>
|
---|
| 37 | #endif /* UNUSED */
|
---|
| 38 |
|
---|
| 39 | #include "netif/ppp/ppp_impl.h"
|
---|
| 40 |
|
---|
| 41 | #if 0 /* UNUSED */
|
---|
| 42 | #include "session.h"
|
---|
| 43 | #endif /* UNUSED */
|
---|
| 44 |
|
---|
| 45 | #include "netif/ppp/chap-new.h"
|
---|
| 46 | #include "netif/ppp/chap-md5.h"
|
---|
| 47 | #if MSCHAP_SUPPORT
|
---|
| 48 | #include "netif/ppp/chap_ms.h"
|
---|
| 49 | #endif
|
---|
| 50 | #include "netif/ppp/magic.h"
|
---|
| 51 |
|
---|
| 52 | #if 0 /* UNUSED */
|
---|
| 53 | /* Hook for a plugin to validate CHAP challenge */
|
---|
| 54 | int (*chap_verify_hook)(const char *name, const char *ourname, int id,
|
---|
| 55 | const struct chap_digest_type *digest,
|
---|
| 56 | const unsigned char *challenge, const unsigned char *response,
|
---|
| 57 | char *message, int message_space) = NULL;
|
---|
| 58 | #endif /* UNUSED */
|
---|
| 59 |
|
---|
| 60 | #if PPP_OPTIONS
|
---|
| 61 | /*
|
---|
| 62 | * Command-line options.
|
---|
| 63 | */
|
---|
| 64 | static option_t chap_option_list[] = {
|
---|
| 65 | { "chap-restart", o_int, &chap_timeout_time,
|
---|
| 66 | "Set timeout for CHAP", OPT_PRIO },
|
---|
| 67 | { "chap-max-challenge", o_int, &pcb->settings.chap_max_transmits,
|
---|
| 68 | "Set max #xmits for challenge", OPT_PRIO },
|
---|
| 69 | { "chap-interval", o_int, &pcb->settings.chap_rechallenge_time,
|
---|
| 70 | "Set interval for rechallenge", OPT_PRIO },
|
---|
| 71 | { NULL }
|
---|
| 72 | };
|
---|
| 73 | #endif /* PPP_OPTIONS */
|
---|
| 74 |
|
---|
| 75 |
|
---|
| 76 | /* Values for flags in chap_client_state and chap_server_state */
|
---|
| 77 | #define LOWERUP 1
|
---|
| 78 | #define AUTH_STARTED 2
|
---|
| 79 | #define AUTH_DONE 4
|
---|
| 80 | #define AUTH_FAILED 8
|
---|
| 81 | #define TIMEOUT_PENDING 0x10
|
---|
| 82 | #define CHALLENGE_VALID 0x20
|
---|
| 83 |
|
---|
| 84 | /*
|
---|
| 85 | * Prototypes.
|
---|
| 86 | */
|
---|
| 87 | static void chap_init(ppp_pcb *pcb);
|
---|
| 88 | static void chap_lowerup(ppp_pcb *pcb);
|
---|
| 89 | static void chap_lowerdown(ppp_pcb *pcb);
|
---|
| 90 | #if PPP_SERVER
|
---|
| 91 | static void chap_timeout(void *arg);
|
---|
| 92 | static void chap_generate_challenge(ppp_pcb *pcb);
|
---|
| 93 | static void chap_handle_response(ppp_pcb *pcb, int code,
|
---|
| 94 | unsigned char *pkt, int len);
|
---|
| 95 | static int chap_verify_response(ppp_pcb *pcb, const char *name, const char *ourname, int id,
|
---|
| 96 | const struct chap_digest_type *digest,
|
---|
| 97 | const unsigned char *challenge, const unsigned char *response,
|
---|
| 98 | char *message, int message_space);
|
---|
| 99 | #endif /* PPP_SERVER */
|
---|
| 100 | static void chap_respond(ppp_pcb *pcb, int id,
|
---|
| 101 | unsigned char *pkt, int len);
|
---|
| 102 | static void chap_handle_status(ppp_pcb *pcb, int code, int id,
|
---|
| 103 | unsigned char *pkt, int len);
|
---|
| 104 | static void chap_protrej(ppp_pcb *pcb);
|
---|
| 105 | static void chap_input(ppp_pcb *pcb, unsigned char *pkt, int pktlen);
|
---|
| 106 | #if PRINTPKT_SUPPORT
|
---|
| 107 | static int chap_print_pkt(const unsigned char *p, int plen,
|
---|
| 108 | void (*printer) (void *, const char *, ...), void *arg);
|
---|
| 109 | #endif /* PRINTPKT_SUPPORT */
|
---|
| 110 |
|
---|
| 111 | /* List of digest types that we know about */
|
---|
| 112 | static const struct chap_digest_type* const chap_digests[] = {
|
---|
| 113 | &md5_digest,
|
---|
| 114 | #if MSCHAP_SUPPORT
|
---|
| 115 | &chapms_digest,
|
---|
| 116 | &chapms2_digest,
|
---|
| 117 | #endif /* MSCHAP_SUPPORT */
|
---|
| 118 | NULL
|
---|
| 119 | };
|
---|
| 120 |
|
---|
| 121 | /*
|
---|
| 122 | * chap_init - reset to initial state.
|
---|
| 123 | */
|
---|
| 124 | static void chap_init(ppp_pcb *pcb) {
|
---|
| 125 | LWIP_UNUSED_ARG(pcb);
|
---|
| 126 |
|
---|
| 127 | #if 0 /* Not necessary, everything is cleared in ppp_new() */
|
---|
| 128 | memset(&pcb->chap_client, 0, sizeof(chap_client_state));
|
---|
| 129 | #if PPP_SERVER
|
---|
| 130 | memset(&pcb->chap_server, 0, sizeof(chap_server_state));
|
---|
| 131 | #endif /* PPP_SERVER */
|
---|
| 132 | #endif /* 0 */
|
---|
| 133 | }
|
---|
| 134 |
|
---|
| 135 | /*
|
---|
| 136 | * chap_lowerup - we can start doing stuff now.
|
---|
| 137 | */
|
---|
| 138 | static void chap_lowerup(ppp_pcb *pcb) {
|
---|
| 139 |
|
---|
| 140 | pcb->chap_client.flags |= LOWERUP;
|
---|
| 141 | #if PPP_SERVER
|
---|
| 142 | pcb->chap_server.flags |= LOWERUP;
|
---|
| 143 | if (pcb->chap_server.flags & AUTH_STARTED)
|
---|
| 144 | chap_timeout(pcb);
|
---|
| 145 | #endif /* PPP_SERVER */
|
---|
| 146 | }
|
---|
| 147 |
|
---|
| 148 | static void chap_lowerdown(ppp_pcb *pcb) {
|
---|
| 149 |
|
---|
| 150 | pcb->chap_client.flags = 0;
|
---|
| 151 | #if PPP_SERVER
|
---|
| 152 | if (pcb->chap_server.flags & TIMEOUT_PENDING)
|
---|
| 153 | UNTIMEOUT(chap_timeout, pcb);
|
---|
| 154 | pcb->chap_server.flags = 0;
|
---|
| 155 | #endif /* PPP_SERVER */
|
---|
| 156 | }
|
---|
| 157 |
|
---|
| 158 | #if PPP_SERVER
|
---|
| 159 | /*
|
---|
| 160 | * chap_auth_peer - Start authenticating the peer.
|
---|
| 161 | * If the lower layer is already up, we start sending challenges,
|
---|
| 162 | * otherwise we wait for the lower layer to come up.
|
---|
| 163 | */
|
---|
| 164 | void chap_auth_peer(ppp_pcb *pcb, const char *our_name, int digest_code) {
|
---|
| 165 | const struct chap_digest_type *dp;
|
---|
| 166 | int i;
|
---|
| 167 |
|
---|
| 168 | if (pcb->chap_server.flags & AUTH_STARTED) {
|
---|
| 169 | ppp_error("CHAP: peer authentication already started!");
|
---|
| 170 | return;
|
---|
| 171 | }
|
---|
| 172 | for (i = 0; (dp = chap_digests[i]) != NULL; ++i)
|
---|
| 173 | if (dp->code == digest_code)
|
---|
| 174 | break;
|
---|
| 175 | if (dp == NULL)
|
---|
| 176 | ppp_fatal("CHAP digest 0x%x requested but not available",
|
---|
| 177 | digest_code);
|
---|
| 178 |
|
---|
| 179 | pcb->chap_server.digest = dp;
|
---|
| 180 | pcb->chap_server.name = our_name;
|
---|
| 181 | /* Start with a random ID value */
|
---|
| 182 | pcb->chap_server.id = magic();
|
---|
| 183 | pcb->chap_server.flags |= AUTH_STARTED;
|
---|
| 184 | if (pcb->chap_server.flags & LOWERUP)
|
---|
| 185 | chap_timeout(pcb);
|
---|
| 186 | }
|
---|
| 187 | #endif /* PPP_SERVER */
|
---|
| 188 |
|
---|
| 189 | /*
|
---|
| 190 | * chap_auth_with_peer - Prepare to authenticate ourselves to the peer.
|
---|
| 191 | * There isn't much to do until we receive a challenge.
|
---|
| 192 | */
|
---|
| 193 | void chap_auth_with_peer(ppp_pcb *pcb, const char *our_name, int digest_code) {
|
---|
| 194 | const struct chap_digest_type *dp;
|
---|
| 195 | int i;
|
---|
| 196 |
|
---|
| 197 | if(NULL == our_name)
|
---|
| 198 | return;
|
---|
| 199 |
|
---|
| 200 | if (pcb->chap_client.flags & AUTH_STARTED) {
|
---|
| 201 | ppp_error("CHAP: authentication with peer already started!");
|
---|
| 202 | return;
|
---|
| 203 | }
|
---|
| 204 | for (i = 0; (dp = chap_digests[i]) != NULL; ++i)
|
---|
| 205 | if (dp->code == digest_code)
|
---|
| 206 | break;
|
---|
| 207 |
|
---|
| 208 | if (dp == NULL)
|
---|
| 209 | ppp_fatal("CHAP digest 0x%x requested but not available",
|
---|
| 210 | digest_code);
|
---|
| 211 |
|
---|
| 212 | pcb->chap_client.digest = dp;
|
---|
| 213 | pcb->chap_client.name = our_name;
|
---|
| 214 | pcb->chap_client.flags |= AUTH_STARTED;
|
---|
| 215 | }
|
---|
| 216 |
|
---|
| 217 | #if PPP_SERVER
|
---|
| 218 | /*
|
---|
| 219 | * chap_timeout - It's time to send another challenge to the peer.
|
---|
| 220 | * This could be either a retransmission of a previous challenge,
|
---|
| 221 | * or a new challenge to start re-authentication.
|
---|
| 222 | */
|
---|
| 223 | static void chap_timeout(void *arg) {
|
---|
| 224 | ppp_pcb *pcb = (ppp_pcb*)arg;
|
---|
| 225 | struct pbuf *p;
|
---|
| 226 |
|
---|
| 227 | pcb->chap_server.flags &= ~TIMEOUT_PENDING;
|
---|
| 228 | if ((pcb->chap_server.flags & CHALLENGE_VALID) == 0) {
|
---|
| 229 | pcb->chap_server.challenge_xmits = 0;
|
---|
| 230 | chap_generate_challenge(pcb);
|
---|
| 231 | pcb->chap_server.flags |= CHALLENGE_VALID;
|
---|
| 232 | } else if (pcb->chap_server.challenge_xmits >= pcb->settings.chap_max_transmits) {
|
---|
| 233 | pcb->chap_server.flags &= ~CHALLENGE_VALID;
|
---|
| 234 | pcb->chap_server.flags |= AUTH_DONE | AUTH_FAILED;
|
---|
| 235 | auth_peer_fail(pcb, PPP_CHAP);
|
---|
| 236 | return;
|
---|
| 237 | }
|
---|
| 238 |
|
---|
| 239 | p = pbuf_alloc(PBUF_RAW, (u16_t)(pcb->chap_server.challenge_pktlen), PPP_CTRL_PBUF_TYPE);
|
---|
| 240 | if(NULL == p)
|
---|
| 241 | return;
|
---|
| 242 | if(p->tot_len != p->len) {
|
---|
| 243 | pbuf_free(p);
|
---|
| 244 | return;
|
---|
| 245 | }
|
---|
| 246 | MEMCPY(p->payload, pcb->chap_server.challenge, pcb->chap_server.challenge_pktlen);
|
---|
| 247 | ppp_write(pcb, p);
|
---|
| 248 | ++pcb->chap_server.challenge_xmits;
|
---|
| 249 | pcb->chap_server.flags |= TIMEOUT_PENDING;
|
---|
| 250 | TIMEOUT(chap_timeout, arg, pcb->settings.chap_timeout_time);
|
---|
| 251 | }
|
---|
| 252 |
|
---|
| 253 | /*
|
---|
| 254 | * chap_generate_challenge - generate a challenge string and format
|
---|
| 255 | * the challenge packet in pcb->chap_server.challenge_pkt.
|
---|
| 256 | */
|
---|
| 257 | static void chap_generate_challenge(ppp_pcb *pcb) {
|
---|
| 258 | int clen = 1, nlen, len;
|
---|
| 259 | unsigned char *p;
|
---|
| 260 |
|
---|
| 261 | p = pcb->chap_server.challenge;
|
---|
| 262 | MAKEHEADER(p, PPP_CHAP);
|
---|
| 263 | p += CHAP_HDRLEN;
|
---|
| 264 | pcb->chap_server.digest->generate_challenge(pcb, p);
|
---|
| 265 | clen = *p;
|
---|
| 266 | nlen = strlen(pcb->chap_server.name);
|
---|
| 267 | memcpy(p + 1 + clen, pcb->chap_server.name, nlen);
|
---|
| 268 |
|
---|
| 269 | len = CHAP_HDRLEN + 1 + clen + nlen;
|
---|
| 270 | pcb->chap_server.challenge_pktlen = PPP_HDRLEN + len;
|
---|
| 271 |
|
---|
| 272 | p = pcb->chap_server.challenge + PPP_HDRLEN;
|
---|
| 273 | p[0] = CHAP_CHALLENGE;
|
---|
| 274 | p[1] = ++pcb->chap_server.id;
|
---|
| 275 | p[2] = len >> 8;
|
---|
| 276 | p[3] = len;
|
---|
| 277 | }
|
---|
| 278 |
|
---|
| 279 | /*
|
---|
| 280 | * chap_handle_response - check the response to our challenge.
|
---|
| 281 | */
|
---|
| 282 | static void chap_handle_response(ppp_pcb *pcb, int id,
|
---|
| 283 | unsigned char *pkt, int len) {
|
---|
| 284 | int response_len, ok, mlen;
|
---|
| 285 | const unsigned char *response;
|
---|
| 286 | unsigned char *outp;
|
---|
| 287 | struct pbuf *p;
|
---|
| 288 | const char *name = NULL; /* initialized to shut gcc up */
|
---|
| 289 | #if 0 /* UNUSED */
|
---|
| 290 | int (*verifier)(const char *, const char *, int, const struct chap_digest_type *,
|
---|
| 291 | const unsigned char *, const unsigned char *, char *, int);
|
---|
| 292 | #endif /* UNUSED */
|
---|
| 293 | char rname[MAXNAMELEN+1];
|
---|
| 294 | char message[256];
|
---|
| 295 |
|
---|
| 296 | if ((pcb->chap_server.flags & LOWERUP) == 0)
|
---|
| 297 | return;
|
---|
| 298 | if (id != pcb->chap_server.challenge[PPP_HDRLEN+1] || len < 2)
|
---|
| 299 | return;
|
---|
| 300 | if (pcb->chap_server.flags & CHALLENGE_VALID) {
|
---|
| 301 | response = pkt;
|
---|
| 302 | GETCHAR(response_len, pkt);
|
---|
| 303 | len -= response_len + 1; /* length of name */
|
---|
| 304 | name = (char *)pkt + response_len;
|
---|
| 305 | if (len < 0)
|
---|
| 306 | return;
|
---|
| 307 |
|
---|
| 308 | if (pcb->chap_server.flags & TIMEOUT_PENDING) {
|
---|
| 309 | pcb->chap_server.flags &= ~TIMEOUT_PENDING;
|
---|
| 310 | UNTIMEOUT(chap_timeout, pcb);
|
---|
| 311 | }
|
---|
| 312 | #if PPP_REMOTENAME
|
---|
| 313 | if (pcb->settings.explicit_remote) {
|
---|
| 314 | name = pcb->remote_name;
|
---|
| 315 | } else
|
---|
| 316 | #endif /* PPP_REMOTENAME */
|
---|
| 317 | {
|
---|
| 318 | /* Null terminate and clean remote name. */
|
---|
| 319 | ppp_slprintf(rname, sizeof(rname), "%.*v", len, name);
|
---|
| 320 | name = rname;
|
---|
| 321 | }
|
---|
| 322 |
|
---|
| 323 | #if 0 /* UNUSED */
|
---|
| 324 | if (chap_verify_hook)
|
---|
| 325 | verifier = chap_verify_hook;
|
---|
| 326 | else
|
---|
| 327 | verifier = chap_verify_response;
|
---|
| 328 | ok = (*verifier)(name, pcb->chap_server.name, id, pcb->chap_server.digest,
|
---|
| 329 | pcb->chap_server.challenge + PPP_HDRLEN + CHAP_HDRLEN,
|
---|
| 330 | response, pcb->chap_server.message, sizeof(pcb->chap_server.message));
|
---|
| 331 | #endif /* UNUSED */
|
---|
| 332 | ok = chap_verify_response(pcb, name, pcb->chap_server.name, id, pcb->chap_server.digest,
|
---|
| 333 | pcb->chap_server.challenge + PPP_HDRLEN + CHAP_HDRLEN,
|
---|
| 334 | response, message, sizeof(message));
|
---|
| 335 | #if 0 /* UNUSED */
|
---|
| 336 | if (!ok || !auth_number()) {
|
---|
| 337 | #endif /* UNUSED */
|
---|
| 338 | if (!ok) {
|
---|
| 339 | pcb->chap_server.flags |= AUTH_FAILED;
|
---|
| 340 | ppp_warn("Peer %q failed CHAP authentication", name);
|
---|
| 341 | }
|
---|
| 342 | } else if ((pcb->chap_server.flags & AUTH_DONE) == 0)
|
---|
| 343 | return;
|
---|
| 344 |
|
---|
| 345 | /* send the response */
|
---|
| 346 | mlen = strlen(message);
|
---|
| 347 | len = CHAP_HDRLEN + mlen;
|
---|
| 348 | p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN +len), PPP_CTRL_PBUF_TYPE);
|
---|
| 349 | if(NULL == p)
|
---|
| 350 | return;
|
---|
| 351 | if(p->tot_len != p->len) {
|
---|
| 352 | pbuf_free(p);
|
---|
| 353 | return;
|
---|
| 354 | }
|
---|
| 355 |
|
---|
| 356 | outp = (unsigned char *)p->payload;
|
---|
| 357 | MAKEHEADER(outp, PPP_CHAP);
|
---|
| 358 |
|
---|
| 359 | outp[0] = (pcb->chap_server.flags & AUTH_FAILED)? CHAP_FAILURE: CHAP_SUCCESS;
|
---|
| 360 | outp[1] = id;
|
---|
| 361 | outp[2] = len >> 8;
|
---|
| 362 | outp[3] = len;
|
---|
| 363 | if (mlen > 0)
|
---|
| 364 | memcpy(outp + CHAP_HDRLEN, message, mlen);
|
---|
| 365 | ppp_write(pcb, p);
|
---|
| 366 |
|
---|
| 367 | if (pcb->chap_server.flags & CHALLENGE_VALID) {
|
---|
| 368 | pcb->chap_server.flags &= ~CHALLENGE_VALID;
|
---|
| 369 | if (!(pcb->chap_server.flags & AUTH_DONE) && !(pcb->chap_server.flags & AUTH_FAILED)) {
|
---|
| 370 |
|
---|
| 371 | #if 0 /* UNUSED */
|
---|
| 372 | /*
|
---|
| 373 | * Auth is OK, so now we need to check session restrictions
|
---|
| 374 | * to ensure everything is OK, but only if we used a
|
---|
| 375 | * plugin, and only if we're configured to check. This
|
---|
| 376 | * allows us to do PAM checks on PPP servers that
|
---|
| 377 | * authenticate against ActiveDirectory, and use AD for
|
---|
| 378 | * account info (like when using Winbind integrated with
|
---|
| 379 | * PAM).
|
---|
| 380 | */
|
---|
| 381 | if (session_mgmt &&
|
---|
| 382 | session_check(name, NULL, devnam, NULL) == 0) {
|
---|
| 383 | pcb->chap_server.flags |= AUTH_FAILED;
|
---|
| 384 | ppp_warn("Peer %q failed CHAP Session verification", name);
|
---|
| 385 | }
|
---|
| 386 | #endif /* UNUSED */
|
---|
| 387 |
|
---|
| 388 | }
|
---|
| 389 | if (pcb->chap_server.flags & AUTH_FAILED) {
|
---|
| 390 | auth_peer_fail(pcb, PPP_CHAP);
|
---|
| 391 | } else {
|
---|
| 392 | if ((pcb->chap_server.flags & AUTH_DONE) == 0)
|
---|
| 393 | auth_peer_success(pcb, PPP_CHAP,
|
---|
| 394 | pcb->chap_server.digest->code,
|
---|
| 395 | name, strlen(name));
|
---|
| 396 | if (pcb->settings.chap_rechallenge_time) {
|
---|
| 397 | pcb->chap_server.flags |= TIMEOUT_PENDING;
|
---|
| 398 | TIMEOUT(chap_timeout, pcb,
|
---|
| 399 | pcb->settings.chap_rechallenge_time);
|
---|
| 400 | }
|
---|
| 401 | }
|
---|
| 402 | pcb->chap_server.flags |= AUTH_DONE;
|
---|
| 403 | }
|
---|
| 404 | }
|
---|
| 405 |
|
---|
| 406 | /*
|
---|
| 407 | * chap_verify_response - check whether the peer's response matches
|
---|
| 408 | * what we think it should be. Returns 1 if it does (authentication
|
---|
| 409 | * succeeded), or 0 if it doesn't.
|
---|
| 410 | */
|
---|
| 411 | static int chap_verify_response(ppp_pcb *pcb, const char *name, const char *ourname, int id,
|
---|
| 412 | const struct chap_digest_type *digest,
|
---|
| 413 | const unsigned char *challenge, const unsigned char *response,
|
---|
| 414 | char *message, int message_space) {
|
---|
| 415 | int ok;
|
---|
| 416 | unsigned char secret[MAXSECRETLEN];
|
---|
| 417 | int secret_len;
|
---|
| 418 |
|
---|
| 419 | /* Get the secret that the peer is supposed to know */
|
---|
| 420 | if (!get_secret(pcb, name, ourname, (char *)secret, &secret_len, 1)) {
|
---|
| 421 | ppp_error("No CHAP secret found for authenticating %q", name);
|
---|
| 422 | return 0;
|
---|
| 423 | }
|
---|
| 424 | ok = digest->verify_response(pcb, id, name, secret, secret_len, challenge,
|
---|
| 425 | response, message, message_space);
|
---|
| 426 | memset(secret, 0, sizeof(secret));
|
---|
| 427 |
|
---|
| 428 | return ok;
|
---|
| 429 | }
|
---|
| 430 | #endif /* PPP_SERVER */
|
---|
| 431 |
|
---|
| 432 | /*
|
---|
| 433 | * chap_respond - Generate and send a response to a challenge.
|
---|
| 434 | */
|
---|
| 435 | static void chap_respond(ppp_pcb *pcb, int id,
|
---|
| 436 | unsigned char *pkt, int len) {
|
---|
| 437 | int clen, nlen;
|
---|
| 438 | int secret_len;
|
---|
| 439 | struct pbuf *p;
|
---|
| 440 | u_char *outp;
|
---|
| 441 | char rname[MAXNAMELEN+1];
|
---|
| 442 | char secret[MAXSECRETLEN+1];
|
---|
| 443 |
|
---|
| 444 | p = pbuf_alloc(PBUF_RAW, (u16_t)(RESP_MAX_PKTLEN), PPP_CTRL_PBUF_TYPE);
|
---|
| 445 | if(NULL == p)
|
---|
| 446 | return;
|
---|
| 447 | if(p->tot_len != p->len) {
|
---|
| 448 | pbuf_free(p);
|
---|
| 449 | return;
|
---|
| 450 | }
|
---|
| 451 |
|
---|
| 452 | if ((pcb->chap_client.flags & (LOWERUP | AUTH_STARTED)) != (LOWERUP | AUTH_STARTED))
|
---|
| 453 | return; /* not ready */
|
---|
| 454 | if (len < 2 || len < pkt[0] + 1)
|
---|
| 455 | return; /* too short */
|
---|
| 456 | clen = pkt[0];
|
---|
| 457 | nlen = len - (clen + 1);
|
---|
| 458 |
|
---|
| 459 | /* Null terminate and clean remote name. */
|
---|
| 460 | ppp_slprintf(rname, sizeof(rname), "%.*v", nlen, pkt + clen + 1);
|
---|
| 461 |
|
---|
| 462 | #if PPP_REMOTENAME
|
---|
| 463 | /* Microsoft doesn't send their name back in the PPP packet */
|
---|
| 464 | if (pcb->settings.explicit_remote || (pcb->settings.remote_name[0] != 0 && rname[0] == 0))
|
---|
| 465 | strlcpy(rname, pcb->settings.remote_name, sizeof(rname));
|
---|
| 466 | #endif /* PPP_REMOTENAME */
|
---|
| 467 |
|
---|
| 468 | /* get secret for authenticating ourselves with the specified host */
|
---|
| 469 | if (!get_secret(pcb, pcb->chap_client.name, rname, secret, &secret_len, 0)) {
|
---|
| 470 | secret_len = 0; /* assume null secret if can't find one */
|
---|
| 471 | ppp_warn("No CHAP secret found for authenticating us to %q", rname);
|
---|
| 472 | }
|
---|
| 473 |
|
---|
| 474 | outp = (u_char*)p->payload;
|
---|
| 475 | MAKEHEADER(outp, PPP_CHAP);
|
---|
| 476 | outp += CHAP_HDRLEN;
|
---|
| 477 |
|
---|
| 478 | pcb->chap_client.digest->make_response(pcb, outp, id, pcb->chap_client.name, pkt,
|
---|
| 479 | secret, secret_len, pcb->chap_client.priv);
|
---|
| 480 | memset(secret, 0, secret_len);
|
---|
| 481 |
|
---|
| 482 | clen = *outp;
|
---|
| 483 | nlen = strlen(pcb->chap_client.name);
|
---|
| 484 | memcpy(outp + clen + 1, pcb->chap_client.name, nlen);
|
---|
| 485 |
|
---|
| 486 | outp = (u_char*)p->payload + PPP_HDRLEN;
|
---|
| 487 | len = CHAP_HDRLEN + clen + 1 + nlen;
|
---|
| 488 | outp[0] = CHAP_RESPONSE;
|
---|
| 489 | outp[1] = id;
|
---|
| 490 | outp[2] = len >> 8;
|
---|
| 491 | outp[3] = len;
|
---|
| 492 |
|
---|
| 493 | pbuf_realloc(p, PPP_HDRLEN + len);
|
---|
| 494 | ppp_write(pcb, p);
|
---|
| 495 | }
|
---|
| 496 |
|
---|
| 497 | static void chap_handle_status(ppp_pcb *pcb, int code, int id,
|
---|
| 498 | unsigned char *pkt, int len) {
|
---|
| 499 | const char *msg = NULL;
|
---|
| 500 | LWIP_UNUSED_ARG(id);
|
---|
| 501 |
|
---|
| 502 | if ((pcb->chap_client.flags & (AUTH_DONE|AUTH_STARTED|LOWERUP))
|
---|
| 503 | != (AUTH_STARTED|LOWERUP))
|
---|
| 504 | return;
|
---|
| 505 | pcb->chap_client.flags |= AUTH_DONE;
|
---|
| 506 |
|
---|
| 507 | if (code == CHAP_SUCCESS) {
|
---|
| 508 | /* used for MS-CHAP v2 mutual auth, yuck */
|
---|
| 509 | if (pcb->chap_client.digest->check_success != NULL) {
|
---|
| 510 | if (!(*pcb->chap_client.digest->check_success)(pcb, pkt, len, pcb->chap_client.priv))
|
---|
| 511 | code = CHAP_FAILURE;
|
---|
| 512 | } else
|
---|
| 513 | msg = "CHAP authentication succeeded";
|
---|
| 514 | } else {
|
---|
| 515 | if (pcb->chap_client.digest->handle_failure != NULL)
|
---|
| 516 | (*pcb->chap_client.digest->handle_failure)(pcb, pkt, len);
|
---|
| 517 | else
|
---|
| 518 | msg = "CHAP authentication failed";
|
---|
| 519 | }
|
---|
| 520 | if (msg) {
|
---|
| 521 | if (len > 0)
|
---|
| 522 | ppp_info("%s: %.*v", msg, len, pkt);
|
---|
| 523 | else
|
---|
| 524 | ppp_info("%s", msg);
|
---|
| 525 | }
|
---|
| 526 | if (code == CHAP_SUCCESS)
|
---|
| 527 | auth_withpeer_success(pcb, PPP_CHAP, pcb->chap_client.digest->code);
|
---|
| 528 | else {
|
---|
| 529 | pcb->chap_client.flags |= AUTH_FAILED;
|
---|
| 530 | ppp_error("CHAP authentication failed");
|
---|
| 531 | auth_withpeer_fail(pcb, PPP_CHAP);
|
---|
| 532 | }
|
---|
| 533 | }
|
---|
| 534 |
|
---|
| 535 | static void chap_input(ppp_pcb *pcb, unsigned char *pkt, int pktlen) {
|
---|
| 536 | unsigned char code, id;
|
---|
| 537 | int len;
|
---|
| 538 |
|
---|
| 539 | if (pktlen < CHAP_HDRLEN)
|
---|
| 540 | return;
|
---|
| 541 | GETCHAR(code, pkt);
|
---|
| 542 | GETCHAR(id, pkt);
|
---|
| 543 | GETSHORT(len, pkt);
|
---|
| 544 | if (len < CHAP_HDRLEN || len > pktlen)
|
---|
| 545 | return;
|
---|
| 546 | len -= CHAP_HDRLEN;
|
---|
| 547 |
|
---|
| 548 | switch (code) {
|
---|
| 549 | case CHAP_CHALLENGE:
|
---|
| 550 | chap_respond(pcb, id, pkt, len);
|
---|
| 551 | break;
|
---|
| 552 | #if PPP_SERVER
|
---|
| 553 | case CHAP_RESPONSE:
|
---|
| 554 | chap_handle_response(pcb, id, pkt, len);
|
---|
| 555 | break;
|
---|
| 556 | #endif /* PPP_SERVER */
|
---|
| 557 | case CHAP_FAILURE:
|
---|
| 558 | case CHAP_SUCCESS:
|
---|
| 559 | chap_handle_status(pcb, code, id, pkt, len);
|
---|
| 560 | break;
|
---|
| 561 | default:
|
---|
| 562 | break;
|
---|
| 563 | }
|
---|
| 564 | }
|
---|
| 565 |
|
---|
| 566 | static void chap_protrej(ppp_pcb *pcb) {
|
---|
| 567 |
|
---|
| 568 | #if PPP_SERVER
|
---|
| 569 | if (pcb->chap_server.flags & TIMEOUT_PENDING) {
|
---|
| 570 | pcb->chap_server.flags &= ~TIMEOUT_PENDING;
|
---|
| 571 | UNTIMEOUT(chap_timeout, pcb);
|
---|
| 572 | }
|
---|
| 573 | if (pcb->chap_server.flags & AUTH_STARTED) {
|
---|
| 574 | pcb->chap_server.flags = 0;
|
---|
| 575 | auth_peer_fail(pcb, PPP_CHAP);
|
---|
| 576 | }
|
---|
| 577 | #endif /* PPP_SERVER */
|
---|
| 578 | if ((pcb->chap_client.flags & (AUTH_STARTED|AUTH_DONE)) == AUTH_STARTED) {
|
---|
| 579 | pcb->chap_client.flags &= ~AUTH_STARTED;
|
---|
| 580 | ppp_error("CHAP authentication failed due to protocol-reject");
|
---|
| 581 | auth_withpeer_fail(pcb, PPP_CHAP);
|
---|
| 582 | }
|
---|
| 583 | }
|
---|
| 584 |
|
---|
| 585 | #if PRINTPKT_SUPPORT
|
---|
| 586 | /*
|
---|
| 587 | * chap_print_pkt - print the contents of a CHAP packet.
|
---|
| 588 | */
|
---|
| 589 | static const char* const chap_code_names[] = {
|
---|
| 590 | "Challenge", "Response", "Success", "Failure"
|
---|
| 591 | };
|
---|
| 592 |
|
---|
| 593 | static int chap_print_pkt(const unsigned char *p, int plen,
|
---|
| 594 | void (*printer) (void *, const char *, ...), void *arg) {
|
---|
| 595 | int code, id, len;
|
---|
| 596 | int clen, nlen;
|
---|
| 597 | unsigned char x;
|
---|
| 598 |
|
---|
| 599 | if (plen < CHAP_HDRLEN)
|
---|
| 600 | return 0;
|
---|
| 601 | GETCHAR(code, p);
|
---|
| 602 | GETCHAR(id, p);
|
---|
| 603 | GETSHORT(len, p);
|
---|
| 604 | if (len < CHAP_HDRLEN || len > plen)
|
---|
| 605 | return 0;
|
---|
| 606 |
|
---|
| 607 | if (code >= 1 && code <= (int)LWIP_ARRAYSIZE(chap_code_names))
|
---|
| 608 | printer(arg, " %s", chap_code_names[code-1]);
|
---|
| 609 | else
|
---|
| 610 | printer(arg, " code=0x%x", code);
|
---|
| 611 | printer(arg, " id=0x%x", id);
|
---|
| 612 | len -= CHAP_HDRLEN;
|
---|
| 613 | switch (code) {
|
---|
| 614 | case CHAP_CHALLENGE:
|
---|
| 615 | case CHAP_RESPONSE:
|
---|
| 616 | if (len < 1)
|
---|
| 617 | break;
|
---|
| 618 | clen = p[0];
|
---|
| 619 | if (len < clen + 1)
|
---|
| 620 | break;
|
---|
| 621 | ++p;
|
---|
| 622 | nlen = len - clen - 1;
|
---|
| 623 | printer(arg, " <");
|
---|
| 624 | for (; clen > 0; --clen) {
|
---|
| 625 | GETCHAR(x, p);
|
---|
| 626 | printer(arg, "%.2x", x);
|
---|
| 627 | }
|
---|
| 628 | printer(arg, ">, name = ");
|
---|
| 629 | ppp_print_string(p, nlen, printer, arg);
|
---|
| 630 | break;
|
---|
| 631 | case CHAP_FAILURE:
|
---|
| 632 | case CHAP_SUCCESS:
|
---|
| 633 | printer(arg, " ");
|
---|
| 634 | ppp_print_string(p, len, printer, arg);
|
---|
| 635 | break;
|
---|
| 636 | default:
|
---|
| 637 | for (clen = len; clen > 0; --clen) {
|
---|
| 638 | GETCHAR(x, p);
|
---|
| 639 | printer(arg, " %.2x", x);
|
---|
| 640 | }
|
---|
| 641 | /* no break */
|
---|
| 642 | }
|
---|
| 643 |
|
---|
| 644 | return len + CHAP_HDRLEN;
|
---|
| 645 | }
|
---|
| 646 | #endif /* PRINTPKT_SUPPORT */
|
---|
| 647 |
|
---|
| 648 | const struct protent chap_protent = {
|
---|
| 649 | PPP_CHAP,
|
---|
| 650 | chap_init,
|
---|
| 651 | chap_input,
|
---|
| 652 | chap_protrej,
|
---|
| 653 | chap_lowerup,
|
---|
| 654 | chap_lowerdown,
|
---|
| 655 | NULL, /* open */
|
---|
| 656 | NULL, /* close */
|
---|
| 657 | #if PRINTPKT_SUPPORT
|
---|
| 658 | chap_print_pkt,
|
---|
| 659 | #endif /* PRINTPKT_SUPPORT */
|
---|
| 660 | #if PPP_DATAINPUT
|
---|
| 661 | NULL, /* datainput */
|
---|
| 662 | #endif /* PPP_DATAINPUT */
|
---|
| 663 | #if PRINTPKT_SUPPORT
|
---|
| 664 | "CHAP", /* name */
|
---|
| 665 | NULL, /* data_name */
|
---|
| 666 | #endif /* PRINTPKT_SUPPORT */
|
---|
| 667 | #if PPP_OPTIONS
|
---|
| 668 | chap_option_list,
|
---|
| 669 | NULL, /* check_options */
|
---|
| 670 | #endif /* PPP_OPTIONS */
|
---|
| 671 | #if DEMAND_SUPPORT
|
---|
| 672 | NULL,
|
---|
| 673 | NULL
|
---|
| 674 | #endif /* DEMAND_SUPPORT */
|
---|
| 675 | };
|
---|
| 676 |
|
---|
| 677 | #endif /* PPP_SUPPORT && CHAP_SUPPORT */
|
---|