Kenji Arai
/
mbed-os_TYBLE16
Important changes to repositories hosted on mbed.com
Mbed hosted mercurial repositories are deprecated and are due to be permanently deleted in July 2026.
To keep a copy of this software download the repository Zip archive or clone locally using Mercurial.
It is also possible to export all your personal repositories from the account settings page.
Dependents: TYBLE16_simple_data_logger TYBLE16_MP3_Air
Embed:
(wiki syntax)
Show/hide line numbers
chap-new.c
00001 /* 00002 * chap-new.c - New CHAP implementation. 00003 * 00004 * Copyright (c) 2003 Paul Mackerras. All rights reserved. 00005 * 00006 * Redistribution and use in source and binary forms, with or without 00007 * modification, are permitted provided that the following conditions 00008 * are met: 00009 * 00010 * 1. Redistributions of source code must retain the above copyright 00011 * notice, this list of conditions and the following disclaimer. 00012 * 00013 * 2. The name(s) of the authors of this software must not be used to 00014 * endorse or promote products derived from this software without 00015 * prior written permission. 00016 * 00017 * 3. Redistributions of any form whatsoever must retain the following 00018 * acknowledgment: 00019 * "This product includes software developed by Paul Mackerras 00020 * <paulus@samba.org>". 00021 * 00022 * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO 00023 * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 00024 * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY 00025 * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 00026 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN 00027 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING 00028 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 00029 */ 00030 00031 #include "ppp_opts.h" 00032 #if PPP_SUPPORT && CHAP_SUPPORT /* don't build if not configured for use in ppp_opts.h */ 00033 00034 #if 0 /* UNUSED */ 00035 #include <stdlib.h> 00036 #include <string.h> 00037 #endif /* UNUSED */ 00038 00039 #include "ppp_impl.h" 00040 00041 #if 0 /* UNUSED */ 00042 #include "session.h" 00043 #endif /* UNUSED */ 00044 00045 #include "chap-new.h" 00046 #include "chap-md5.h" 00047 #if MSCHAP_SUPPORT 00048 #include "chap_ms.h" 00049 #endif 00050 #include "magic.h" 00051 00052 #if 0 /* UNUSED */ 00053 /* Hook for a plugin to validate CHAP challenge */ 00054 int (*chap_verify_hook)(const char *name, const char *ourname, int id, 00055 const struct chap_digest_type *digest, 00056 const unsigned char *challenge, const unsigned char *response, 00057 char *message, int message_space) = NULL; 00058 #endif /* UNUSED */ 00059 00060 #if PPP_OPTIONS 00061 /* 00062 * Command-line options. 00063 */ 00064 static option_t chap_option_list[] = { 00065 { "chap-restart", o_int, &chap_timeout_time, 00066 "Set timeout for CHAP", OPT_PRIO }, 00067 { "chap-max-challenge", o_int, &pcb->settings.chap_max_transmits, 00068 "Set max #xmits for challenge", OPT_PRIO }, 00069 { "chap-interval", o_int, &pcb->settings.chap_rechallenge_time, 00070 "Set interval for rechallenge", OPT_PRIO }, 00071 { NULL } 00072 }; 00073 #endif /* PPP_OPTIONS */ 00074 00075 00076 /* Values for flags in chap_client_state and chap_server_state */ 00077 #define LOWERUP 1 00078 #define AUTH_STARTED 2 00079 #define AUTH_DONE 4 00080 #define AUTH_FAILED 8 00081 #define TIMEOUT_PENDING 0x10 00082 #define CHALLENGE_VALID 0x20 00083 00084 /* 00085 * Prototypes. 00086 */ 00087 static void chap_init(ppp_pcb *pcb); 00088 static void chap_lowerup(ppp_pcb *pcb); 00089 static void chap_lowerdown(ppp_pcb *pcb); 00090 #if PPP_SERVER 00091 static void chap_timeout(void *arg); 00092 static void chap_generate_challenge(ppp_pcb *pcb); 00093 static void chap_handle_response(ppp_pcb *pcb, int code, 00094 unsigned char *pkt, int len); 00095 static int chap_verify_response(ppp_pcb *pcb, const char *name, const char *ourname, int id, 00096 const struct chap_digest_type *digest, 00097 const unsigned char *challenge, const unsigned char *response, 00098 char *message, int message_space); 00099 #endif /* PPP_SERVER */ 00100 static void chap_respond(ppp_pcb *pcb, int id, 00101 unsigned char *pkt, int len); 00102 static void chap_handle_status(ppp_pcb *pcb, int code, int id, 00103 unsigned char *pkt, int len); 00104 static void chap_protrej(ppp_pcb *pcb); 00105 static void chap_input(ppp_pcb *pcb, unsigned char *pkt, int pktlen); 00106 #if PRINTPKT_SUPPORT 00107 static int chap_print_pkt(const unsigned char *p, int plen, 00108 void (*printer) (void *, const char *, ...), void *arg); 00109 #endif /* PRINTPKT_SUPPORT */ 00110 00111 /* List of digest types that we know about */ 00112 static const struct chap_digest_type* const chap_digests[] = { 00113 &md5_digest, 00114 #if MSCHAP_SUPPORT 00115 &chapms_digest, 00116 &chapms2_digest, 00117 #endif /* MSCHAP_SUPPORT */ 00118 NULL 00119 }; 00120 00121 /* 00122 * chap_init - reset to initial state. 00123 */ 00124 static void chap_init(ppp_pcb *pcb) { 00125 PPP_UNUSED_ARG(pcb); 00126 00127 #if 0 /* Not necessary, everything is cleared in ppp_new() */ 00128 memset(&pcb->chap_client, 0, sizeof(chap_client_state)); 00129 #if PPP_SERVER 00130 memset(&pcb->chap_server, 0, sizeof(chap_server_state)); 00131 #endif /* PPP_SERVER */ 00132 #endif /* 0 */ 00133 } 00134 00135 /* 00136 * chap_lowerup - we can start doing stuff now. 00137 */ 00138 static void chap_lowerup(ppp_pcb *pcb) { 00139 00140 pcb->chap_client.flags |= LOWERUP; 00141 #if PPP_SERVER 00142 pcb->chap_server.flags |= LOWERUP; 00143 if (pcb->chap_server.flags & AUTH_STARTED) 00144 chap_timeout(pcb); 00145 #endif /* PPP_SERVER */ 00146 } 00147 00148 static void chap_lowerdown(ppp_pcb *pcb) { 00149 00150 pcb->chap_client.flags = 0; 00151 #if PPP_SERVER 00152 if (pcb->chap_server.flags & TIMEOUT_PENDING) 00153 UNTIMEOUT(chap_timeout, pcb); 00154 pcb->chap_server.flags = 0; 00155 #endif /* PPP_SERVER */ 00156 } 00157 00158 #if PPP_SERVER 00159 /* 00160 * chap_auth_peer - Start authenticating the peer. 00161 * If the lower layer is already up, we start sending challenges, 00162 * otherwise we wait for the lower layer to come up. 00163 */ 00164 void chap_auth_peer(ppp_pcb *pcb, const char *our_name, int digest_code) { 00165 const struct chap_digest_type *dp; 00166 int i; 00167 00168 if (pcb->chap_server.flags & AUTH_STARTED) { 00169 ppp_error("CHAP: peer authentication already started!"); 00170 return; 00171 } 00172 for (i = 0; (dp = chap_digests[i]) != NULL; ++i) 00173 if (dp->code == digest_code) 00174 break; 00175 if (dp == NULL) 00176 ppp_fatal("CHAP digest 0x%x requested but not available", 00177 digest_code); 00178 00179 pcb->chap_server.digest = dp; 00180 pcb->chap_server.name = our_name; 00181 /* Start with a random ID value */ 00182 pcb->chap_server.id = magic(); 00183 pcb->chap_server.flags |= AUTH_STARTED; 00184 if (pcb->chap_server.flags & LOWERUP) 00185 chap_timeout(pcb); 00186 } 00187 #endif /* PPP_SERVER */ 00188 00189 /* 00190 * chap_auth_with_peer - Prepare to authenticate ourselves to the peer. 00191 * There isn't much to do until we receive a challenge. 00192 */ 00193 void chap_auth_with_peer(ppp_pcb *pcb, const char *our_name, int digest_code) { 00194 const struct chap_digest_type *dp; 00195 int i; 00196 00197 if(NULL == our_name) 00198 return; 00199 00200 if (pcb->chap_client.flags & AUTH_STARTED) { 00201 ppp_error("CHAP: authentication with peer already started!"); 00202 return; 00203 } 00204 for (i = 0; (dp = chap_digests[i]) != NULL; ++i) 00205 if (dp->code == digest_code) 00206 break; 00207 00208 if (dp == NULL) 00209 ppp_fatal("CHAP digest 0x%x requested but not available", 00210 digest_code); 00211 00212 pcb->chap_client.digest = dp; 00213 pcb->chap_client.name = our_name; 00214 pcb->chap_client.flags |= AUTH_STARTED; 00215 } 00216 00217 #if PPP_SERVER 00218 /* 00219 * chap_timeout - It's time to send another challenge to the peer. 00220 * This could be either a retransmission of a previous challenge, 00221 * or a new challenge to start re-authentication. 00222 */ 00223 static void chap_timeout(void *arg) { 00224 ppp_pcb *pcb = (ppp_pcb*)arg; 00225 struct pbuf *p; 00226 00227 pcb->chap_server.flags &= ~TIMEOUT_PENDING; 00228 if ((pcb->chap_server.flags & CHALLENGE_VALID) == 0) { 00229 pcb->chap_server.challenge_xmits = 0; 00230 chap_generate_challenge(pcb); 00231 pcb->chap_server.flags |= CHALLENGE_VALID; 00232 } else if (pcb->chap_server.challenge_xmits >= pcb->settings.chap_max_transmits) { 00233 pcb->chap_server.flags &= ~CHALLENGE_VALID; 00234 pcb->chap_server.flags |= AUTH_DONE | AUTH_FAILED; 00235 auth_peer_fail(pcb, PPP_CHAP); 00236 return; 00237 } 00238 00239 p = ppp_memory_buffer_allocate(pcb->netif->memory_manager, (u16_t)(pcb->chap_server.challenge_pktlen), PPP_BUF_HEAP); 00240 if(NULL == p) 00241 return; 00242 if(p->tot_len != p->len) { 00243 ppp_memory_buffer_free(p); 00244 return; 00245 } 00246 MEMCPY(p->payload, pcb->chap_server.challenge, pcb->chap_server.challenge_pktlen); 00247 ppp_write(pcb, p); 00248 ++pcb->chap_server.challenge_xmits; 00249 pcb->chap_server.flags |= TIMEOUT_PENDING; 00250 TIMEOUT(chap_timeout, arg, pcb->settings.chap_timeout_time); 00251 } 00252 00253 /* 00254 * chap_generate_challenge - generate a challenge string and format 00255 * the challenge packet in pcb->chap_server.challenge_pkt. 00256 */ 00257 static void chap_generate_challenge(ppp_pcb *pcb) { 00258 int clen = 1, nlen, len; 00259 unsigned char *p; 00260 00261 p = pcb->chap_server.challenge; 00262 MAKEHEADER(p, PPP_CHAP); 00263 p += CHAP_HDRLEN; 00264 pcb->chap_server.digest->generate_challenge(pcb, p); 00265 clen = *p; 00266 nlen = strlen(pcb->chap_server.name); 00267 memcpy(p + 1 + clen, pcb->chap_server.name, nlen); 00268 00269 len = CHAP_HDRLEN + 1 + clen + nlen; 00270 pcb->chap_server.challenge_pktlen = PPP_HDRLEN + len; 00271 00272 p = pcb->chap_server.challenge + PPP_HDRLEN; 00273 p[0] = CHAP_CHALLENGE; 00274 p[1] = ++pcb->chap_server.id; 00275 p[2] = len >> 8; 00276 p[3] = len; 00277 } 00278 00279 /* 00280 * chap_handle_response - check the response to our challenge. 00281 */ 00282 static void chap_handle_response(ppp_pcb *pcb, int id, 00283 unsigned char *pkt, int len) { 00284 int response_len, ok, mlen; 00285 const unsigned char *response; 00286 unsigned char *outp; 00287 struct pbuf *p; 00288 const char *name = NULL; /* initialized to shut gcc up */ 00289 #if 0 /* UNUSED */ 00290 int (*verifier)(const char *, const char *, int, const struct chap_digest_type *, 00291 const unsigned char *, const unsigned char *, char *, int); 00292 #endif /* UNUSED */ 00293 char rname[MAXNAMELEN+1]; 00294 char message[256]; 00295 00296 if ((pcb->chap_server.flags & LOWERUP) == 0) 00297 return; 00298 if (id != pcb->chap_server.challenge[PPP_HDRLEN+1] || len < 2) 00299 return; 00300 if (pcb->chap_server.flags & CHALLENGE_VALID) { 00301 response = pkt; 00302 GETCHAR(response_len, pkt); 00303 len -= response_len + 1; /* length of name */ 00304 name = (char *)pkt + response_len; 00305 if (len < 0) 00306 return; 00307 00308 if (pcb->chap_server.flags & TIMEOUT_PENDING) { 00309 pcb->chap_server.flags &= ~TIMEOUT_PENDING; 00310 UNTIMEOUT(chap_timeout, pcb); 00311 } 00312 #if PPP_REMOTENAME 00313 if (pcb->settings.explicit_remote) { 00314 name = pcb->remote_name; 00315 } else 00316 #endif /* PPP_REMOTENAME */ 00317 { 00318 /* Null terminate and clean remote name. */ 00319 ppp_slprintf(rname, sizeof(rname), "%.*v", len, name); 00320 name = rname; 00321 } 00322 00323 #if 0 /* UNUSED */ 00324 if (chap_verify_hook) 00325 verifier = chap_verify_hook; 00326 else 00327 verifier = chap_verify_response; 00328 ok = (*verifier)(name, pcb->chap_server.name, id, pcb->chap_server.digest, 00329 pcb->chap_server.challenge + PPP_HDRLEN + CHAP_HDRLEN, 00330 response, pcb->chap_server.message, sizeof(pcb->chap_server.message)); 00331 #endif /* UNUSED */ 00332 ok = chap_verify_response(pcb, name, pcb->chap_server.name, id, pcb->chap_server.digest, 00333 pcb->chap_server.challenge + PPP_HDRLEN + CHAP_HDRLEN, 00334 response, message, sizeof(message)); 00335 #if 0 /* UNUSED */ 00336 if (!ok || !auth_number()) { 00337 #endif /* UNUSED */ 00338 if (!ok) { 00339 pcb->chap_server.flags |= AUTH_FAILED; 00340 ppp_warn("Peer %q failed CHAP authentication", name); 00341 } 00342 } else if ((pcb->chap_server.flags & AUTH_DONE) == 0) 00343 return; 00344 00345 /* send the response */ 00346 mlen = strlen(message); 00347 len = CHAP_HDRLEN + mlen; 00348 p = ppp_memory_buffer_allocate(pcb->netif->memory_manager, (u16_t)(PPP_HDRLEN +len), PPP_BUF_HEAP); 00349 if(NULL == p) 00350 return; 00351 if(p->tot_len != p->len) { 00352 ppp_memory_buffer_free(p); 00353 return; 00354 } 00355 00356 outp = (unsigned char *)p->payload; 00357 MAKEHEADER(outp, PPP_CHAP); 00358 00359 outp[0] = (pcb->chap_server.flags & AUTH_FAILED)? CHAP_FAILURE: CHAP_SUCCESS; 00360 outp[1] = id; 00361 outp[2] = len >> 8; 00362 outp[3] = len; 00363 if (mlen > 0) 00364 memcpy(outp + CHAP_HDRLEN, message, mlen); 00365 ppp_write(pcb, p); 00366 00367 if (pcb->chap_server.flags & CHALLENGE_VALID) { 00368 pcb->chap_server.flags &= ~CHALLENGE_VALID; 00369 if (!(pcb->chap_server.flags & AUTH_DONE) && !(pcb->chap_server.flags & AUTH_FAILED)) { 00370 00371 #if 0 /* UNUSED */ 00372 /* 00373 * Auth is OK, so now we need to check session restrictions 00374 * to ensure everything is OK, but only if we used a 00375 * plugin, and only if we're configured to check. This 00376 * allows us to do PAM checks on PPP servers that 00377 * authenticate against ActiveDirectory, and use AD for 00378 * account info (like when using Winbind integrated with 00379 * PAM). 00380 */ 00381 if (session_mgmt && 00382 session_check(name, NULL, devnam, NULL) == 0) { 00383 pcb->chap_server.flags |= AUTH_FAILED; 00384 ppp_warn("Peer %q failed CHAP Session verification", name); 00385 } 00386 #endif /* UNUSED */ 00387 00388 } 00389 if (pcb->chap_server.flags & AUTH_FAILED) { 00390 auth_peer_fail(pcb, PPP_CHAP); 00391 } else { 00392 if ((pcb->chap_server.flags & AUTH_DONE) == 0) 00393 auth_peer_success(pcb, PPP_CHAP, 00394 pcb->chap_server.digest->code, 00395 name, strlen(name)); 00396 if (pcb->settings.chap_rechallenge_time) { 00397 pcb->chap_server.flags |= TIMEOUT_PENDING; 00398 TIMEOUT(chap_timeout, pcb, 00399 pcb->settings.chap_rechallenge_time); 00400 } 00401 } 00402 pcb->chap_server.flags |= AUTH_DONE; 00403 } 00404 } 00405 00406 /* 00407 * chap_verify_response - check whether the peer's response matches 00408 * what we think it should be. Returns 1 if it does (authentication 00409 * succeeded), or 0 if it doesn't. 00410 */ 00411 static int chap_verify_response(ppp_pcb *pcb, const char *name, const char *ourname, int id, 00412 const struct chap_digest_type *digest, 00413 const unsigned char *challenge, const unsigned char *response, 00414 char *message, int message_space) { 00415 int ok; 00416 unsigned char secret[MAXSECRETLEN]; 00417 int secret_len; 00418 00419 /* Get the secret that the peer is supposed to know */ 00420 if (!get_secret(pcb, name, ourname, (char *)secret, &secret_len, 1)) { 00421 ppp_error("No CHAP secret found for authenticating %q", name); 00422 return 0; 00423 } 00424 ok = digest->verify_response(pcb, id, name, secret, secret_len, challenge, 00425 response, message, message_space); 00426 memset(secret, 0, sizeof(secret)); 00427 00428 return ok; 00429 } 00430 #endif /* PPP_SERVER */ 00431 00432 /* 00433 * chap_respond - Generate and send a response to a challenge. 00434 */ 00435 static void chap_respond(ppp_pcb *pcb, int id, 00436 unsigned char *pkt, int len) { 00437 int clen, nlen; 00438 int secret_len; 00439 struct pbuf *p; 00440 u_char *outp; 00441 char rname[MAXNAMELEN+1]; 00442 char secret[MAXSECRETLEN+1]; 00443 00444 p = ppp_memory_buffer_allocate(pcb->netif->memory_manager, (u16_t)(RESP_MAX_PKTLEN), PPP_BUF_HEAP); 00445 if(NULL == p) 00446 return; 00447 if(p->tot_len != p->len) { 00448 ppp_memory_buffer_free(p); 00449 return; 00450 } 00451 00452 if ((pcb->chap_client.flags & (LOWERUP | AUTH_STARTED)) != (LOWERUP | AUTH_STARTED)) 00453 return; /* not ready */ 00454 if (len < 2 || len < pkt[0] + 1) 00455 return; /* too short */ 00456 clen = pkt[0]; 00457 nlen = len - (clen + 1); 00458 00459 /* Null terminate and clean remote name. */ 00460 ppp_slprintf(rname, sizeof(rname), "%.*v", nlen, pkt + clen + 1); 00461 00462 #if PPP_REMOTENAME 00463 /* Microsoft doesn't send their name back in the PPP packet */ 00464 if (pcb->settings.explicit_remote || (pcb->settings.remote_name[0] != 0 && rname[0] == 0)) 00465 strlcpy(rname, pcb->settings.remote_name, sizeof(rname)); 00466 #endif /* PPP_REMOTENAME */ 00467 00468 /* get secret for authenticating ourselves with the specified host */ 00469 if (!get_secret(pcb, pcb->chap_client.name, rname, secret, &secret_len, 0)) { 00470 secret_len = 0; /* assume null secret if can't find one */ 00471 ppp_warn("No CHAP secret found for authenticating us to %q", rname); 00472 } 00473 00474 outp = (u_char*)p->payload; 00475 MAKEHEADER(outp, PPP_CHAP); 00476 outp += CHAP_HDRLEN; 00477 00478 pcb->chap_client.digest->make_response(pcb, outp, id, pcb->chap_client.name, pkt, 00479 secret, secret_len, pcb->chap_client.priv); 00480 memset(secret, 0, secret_len); 00481 00482 clen = *outp; 00483 nlen = strlen(pcb->chap_client.name); 00484 memcpy(outp + clen + 1, pcb->chap_client.name, nlen); 00485 00486 outp = (u_char*)p->payload + PPP_HDRLEN; 00487 len = CHAP_HDRLEN + clen + 1 + nlen; 00488 outp[0] = CHAP_RESPONSE; 00489 outp[1] = id; 00490 outp[2] = len >> 8; 00491 outp[3] = len; 00492 00493 p->len = PPP_HDRLEN + len; 00494 //pbuf_realloc(p, PPP_HDRLEN + len); 00495 ppp_write(pcb, p); 00496 } 00497 00498 static void chap_handle_status(ppp_pcb *pcb, int code, int id, 00499 unsigned char *pkt, int len) { 00500 const char *msg = NULL; 00501 PPP_UNUSED_ARG(id); 00502 00503 if ((pcb->chap_client.flags & (AUTH_DONE|AUTH_STARTED|LOWERUP)) 00504 != (AUTH_STARTED|LOWERUP)) 00505 return; 00506 pcb->chap_client.flags |= AUTH_DONE; 00507 00508 if (code == CHAP_SUCCESS) { 00509 /* used for MS-CHAP v2 mutual auth, yuck */ 00510 if (pcb->chap_client.digest->check_success != NULL) { 00511 if (!(*pcb->chap_client.digest->check_success)(pcb, pkt, len, pcb->chap_client.priv)) 00512 code = CHAP_FAILURE; 00513 } else 00514 msg = "CHAP authentication succeeded"; 00515 } else { 00516 if (pcb->chap_client.digest->handle_failure != NULL) 00517 (*pcb->chap_client.digest->handle_failure)(pcb, pkt, len); 00518 else 00519 msg = "CHAP authentication failed"; 00520 } 00521 if (msg) { 00522 if (len > 0) 00523 ppp_info("%s: %.*v", msg, len, pkt); 00524 else 00525 ppp_info("%s", msg); 00526 } 00527 if (code == CHAP_SUCCESS) 00528 auth_withpeer_success(pcb, PPP_CHAP, pcb->chap_client.digest->code); 00529 else { 00530 pcb->chap_client.flags |= AUTH_FAILED; 00531 ppp_error("CHAP authentication failed"); 00532 auth_withpeer_fail(pcb, PPP_CHAP); 00533 } 00534 } 00535 00536 static void chap_input(ppp_pcb *pcb, unsigned char *pkt, int pktlen) { 00537 unsigned char code, id; 00538 int len; 00539 00540 if (pktlen < CHAP_HDRLEN) 00541 return; 00542 GETCHAR(code, pkt); 00543 GETCHAR(id, pkt); 00544 GETSHORT(len, pkt); 00545 if (len < CHAP_HDRLEN || len > pktlen) 00546 return; 00547 len -= CHAP_HDRLEN; 00548 00549 switch (code) { 00550 case CHAP_CHALLENGE: 00551 chap_respond(pcb, id, pkt, len); 00552 break; 00553 #if PPP_SERVER 00554 case CHAP_RESPONSE: 00555 chap_handle_response(pcb, id, pkt, len); 00556 break; 00557 #endif /* PPP_SERVER */ 00558 case CHAP_FAILURE: 00559 case CHAP_SUCCESS: 00560 chap_handle_status(pcb, code, id, pkt, len); 00561 break; 00562 default: 00563 break; 00564 } 00565 } 00566 00567 static void chap_protrej(ppp_pcb *pcb) { 00568 00569 #if PPP_SERVER 00570 if (pcb->chap_server.flags & TIMEOUT_PENDING) { 00571 pcb->chap_server.flags &= ~TIMEOUT_PENDING; 00572 UNTIMEOUT(chap_timeout, pcb); 00573 } 00574 if (pcb->chap_server.flags & AUTH_STARTED) { 00575 pcb->chap_server.flags = 0; 00576 auth_peer_fail(pcb, PPP_CHAP); 00577 } 00578 #endif /* PPP_SERVER */ 00579 if ((pcb->chap_client.flags & (AUTH_STARTED|AUTH_DONE)) == AUTH_STARTED) { 00580 pcb->chap_client.flags &= ~AUTH_STARTED; 00581 ppp_error("CHAP authentication failed due to protocol-reject"); 00582 auth_withpeer_fail(pcb, PPP_CHAP); 00583 } 00584 } 00585 00586 #if PRINTPKT_SUPPORT 00587 /* 00588 * chap_print_pkt - print the contents of a CHAP packet. 00589 */ 00590 static const char* const chap_code_names[] = { 00591 "Challenge", "Response", "Success", "Failure" 00592 }; 00593 00594 static int chap_print_pkt(const unsigned char *p, int plen, 00595 void (*printer) (void *, const char *, ...), void *arg) { 00596 int code, id, len; 00597 int clen, nlen; 00598 unsigned char x; 00599 00600 if (plen < CHAP_HDRLEN) 00601 return 0; 00602 GETCHAR(code, p); 00603 GETCHAR(id, p); 00604 GETSHORT(len, p); 00605 if (len < CHAP_HDRLEN || len > plen) 00606 return 0; 00607 00608 if (code >= 1 && code <= (int)PPP_ARRAYSIZE(chap_code_names)) 00609 printer(arg, " %s", chap_code_names[code-1]); 00610 else 00611 printer(arg, " code=0x%x", code); 00612 printer(arg, " id=0x%x", id); 00613 len -= CHAP_HDRLEN; 00614 switch (code) { 00615 case CHAP_CHALLENGE: 00616 case CHAP_RESPONSE: 00617 if (len < 1) 00618 break; 00619 clen = p[0]; 00620 if (len < clen + 1) 00621 break; 00622 ++p; 00623 nlen = len - clen - 1; 00624 printer(arg, " <"); 00625 for (; clen > 0; --clen) { 00626 GETCHAR(x, p); 00627 printer(arg, "%.2x", x); 00628 } 00629 printer(arg, ">, name = "); 00630 ppp_print_string(p, nlen, printer, arg); 00631 break; 00632 case CHAP_FAILURE: 00633 case CHAP_SUCCESS: 00634 printer(arg, " "); 00635 ppp_print_string(p, len, printer, arg); 00636 break; 00637 default: 00638 for (clen = len; clen > 0; --clen) { 00639 GETCHAR(x, p); 00640 printer(arg, " %.2x", x); 00641 } 00642 /* no break */ 00643 } 00644 00645 return len + CHAP_HDRLEN; 00646 } 00647 #endif /* PRINTPKT_SUPPORT */ 00648 00649 const struct protent chap_protent = { 00650 PPP_CHAP, 00651 chap_init, 00652 chap_input, 00653 chap_protrej, 00654 chap_lowerup, 00655 chap_lowerdown, 00656 NULL, /* open */ 00657 NULL, /* close */ 00658 #if PRINTPKT_SUPPORT 00659 chap_print_pkt, 00660 #endif /* PRINTPKT_SUPPORT */ 00661 #if PPP_DATAINPUT 00662 NULL, /* datainput */ 00663 #endif /* PPP_DATAINPUT */ 00664 #if PRINTPKT_SUPPORT 00665 "CHAP", /* name */ 00666 NULL, /* data_name */ 00667 #endif /* PRINTPKT_SUPPORT */ 00668 #if PPP_OPTIONS 00669 chap_option_list, 00670 NULL, /* check_options */ 00671 #endif /* PPP_OPTIONS */ 00672 #if DEMAND_SUPPORT 00673 NULL, 00674 NULL 00675 #endif /* DEMAND_SUPPORT */ 00676 }; 00677 00678 #endif /* PPP_SUPPORT && CHAP_SUPPORT */
Generated on Tue Jul 12 2022 13:54:06 by
1.7.2