孙 毅明
创建mbed
Dependencies: EthernetInterface SDFileSystem mbed-rtos mbed
EthernetInterface/lwip/netif/ppp/chap.c@1:6465a3f5c58a, 2018-03-06 (annotated)
- Committer:
- sunyiming
- Date:
- Tue Mar 06 08:53:46 2018 +0000
- Revision:
- 1:6465a3f5c58a
??OK
Who changed what in which revision?
| User | Revision | Line number | New contents of line |
|---|---|---|---|
| sunyiming | 1:6465a3f5c58a | 1 | /*** WARNING - THIS HAS NEVER BEEN FINISHED ***/ |
| sunyiming | 1:6465a3f5c58a | 2 | /***************************************************************************** |
| sunyiming | 1:6465a3f5c58a | 3 | * chap.c - Network Challenge Handshake Authentication Protocol program file. |
| sunyiming | 1:6465a3f5c58a | 4 | * |
| sunyiming | 1:6465a3f5c58a | 5 | * Copyright (c) 2003 by Marc Boucher, Services Informatiques (MBSI) inc. |
| sunyiming | 1:6465a3f5c58a | 6 | * portions Copyright (c) 1997 by Global Election Systems Inc. |
| sunyiming | 1:6465a3f5c58a | 7 | * |
| sunyiming | 1:6465a3f5c58a | 8 | * The authors hereby grant permission to use, copy, modify, distribute, |
| sunyiming | 1:6465a3f5c58a | 9 | * and license this software and its documentation for any purpose, provided |
| sunyiming | 1:6465a3f5c58a | 10 | * that existing copyright notices are retained in all copies and that this |
| sunyiming | 1:6465a3f5c58a | 11 | * notice and the following disclaimer are included verbatim in any |
| sunyiming | 1:6465a3f5c58a | 12 | * distributions. No written agreement, license, or royalty fee is required |
| sunyiming | 1:6465a3f5c58a | 13 | * for any of the authorized uses. |
| sunyiming | 1:6465a3f5c58a | 14 | * |
| sunyiming | 1:6465a3f5c58a | 15 | * THIS SOFTWARE IS PROVIDED BY THE CONTRIBUTORS *AS IS* AND ANY EXPRESS OR |
| sunyiming | 1:6465a3f5c58a | 16 | * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES |
| sunyiming | 1:6465a3f5c58a | 17 | * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
| sunyiming | 1:6465a3f5c58a | 18 | * IN NO EVENT SHALL THE CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, |
| sunyiming | 1:6465a3f5c58a | 19 | * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
| sunyiming | 1:6465a3f5c58a | 20 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
| sunyiming | 1:6465a3f5c58a | 21 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| sunyiming | 1:6465a3f5c58a | 22 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| sunyiming | 1:6465a3f5c58a | 23 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| sunyiming | 1:6465a3f5c58a | 24 | * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| sunyiming | 1:6465a3f5c58a | 25 | * |
| sunyiming | 1:6465a3f5c58a | 26 | ****************************************************************************** |
| sunyiming | 1:6465a3f5c58a | 27 | * REVISION HISTORY |
| sunyiming | 1:6465a3f5c58a | 28 | * |
| sunyiming | 1:6465a3f5c58a | 29 | * 03-01-01 Marc Boucher <marc@mbsi.ca> |
| sunyiming | 1:6465a3f5c58a | 30 | * Ported to lwIP. |
| sunyiming | 1:6465a3f5c58a | 31 | * 97-12-04 Guy Lancaster <lancasterg@acm.org>, Global Election Systems Inc. |
| sunyiming | 1:6465a3f5c58a | 32 | * Original based on BSD chap.c. |
| sunyiming | 1:6465a3f5c58a | 33 | *****************************************************************************/ |
| sunyiming | 1:6465a3f5c58a | 34 | /* |
| sunyiming | 1:6465a3f5c58a | 35 | * chap.c - Challenge Handshake Authentication Protocol. |
| sunyiming | 1:6465a3f5c58a | 36 | * |
| sunyiming | 1:6465a3f5c58a | 37 | * Copyright (c) 1993 The Australian National University. |
| sunyiming | 1:6465a3f5c58a | 38 | * All rights reserved. |
| sunyiming | 1:6465a3f5c58a | 39 | * |
| sunyiming | 1:6465a3f5c58a | 40 | * Redistribution and use in source and binary forms are permitted |
| sunyiming | 1:6465a3f5c58a | 41 | * provided that the above copyright notice and this paragraph are |
| sunyiming | 1:6465a3f5c58a | 42 | * duplicated in all such forms and that any documentation, |
| sunyiming | 1:6465a3f5c58a | 43 | * advertising materials, and other materials related to such |
| sunyiming | 1:6465a3f5c58a | 44 | * distribution and use acknowledge that the software was developed |
| sunyiming | 1:6465a3f5c58a | 45 | * by the Australian National University. The name of the University |
| sunyiming | 1:6465a3f5c58a | 46 | * may not be used to endorse or promote products derived from this |
| sunyiming | 1:6465a3f5c58a | 47 | * software without specific prior written permission. |
| sunyiming | 1:6465a3f5c58a | 48 | * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR |
| sunyiming | 1:6465a3f5c58a | 49 | * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED |
| sunyiming | 1:6465a3f5c58a | 50 | * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. |
| sunyiming | 1:6465a3f5c58a | 51 | * |
| sunyiming | 1:6465a3f5c58a | 52 | * Copyright (c) 1991 Gregory M. Christy. |
| sunyiming | 1:6465a3f5c58a | 53 | * All rights reserved. |
| sunyiming | 1:6465a3f5c58a | 54 | * |
| sunyiming | 1:6465a3f5c58a | 55 | * Redistribution and use in source and binary forms are permitted |
| sunyiming | 1:6465a3f5c58a | 56 | * provided that the above copyright notice and this paragraph are |
| sunyiming | 1:6465a3f5c58a | 57 | * duplicated in all such forms and that any documentation, |
| sunyiming | 1:6465a3f5c58a | 58 | * advertising materials, and other materials related to such |
| sunyiming | 1:6465a3f5c58a | 59 | * distribution and use acknowledge that the software was developed |
| sunyiming | 1:6465a3f5c58a | 60 | * by Gregory M. Christy. The name of the author may not be used to |
| sunyiming | 1:6465a3f5c58a | 61 | * endorse or promote products derived from this software without |
| sunyiming | 1:6465a3f5c58a | 62 | * specific prior written permission. |
| sunyiming | 1:6465a3f5c58a | 63 | * |
| sunyiming | 1:6465a3f5c58a | 64 | * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR |
| sunyiming | 1:6465a3f5c58a | 65 | * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED |
| sunyiming | 1:6465a3f5c58a | 66 | * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. |
| sunyiming | 1:6465a3f5c58a | 67 | */ |
| sunyiming | 1:6465a3f5c58a | 68 | |
| sunyiming | 1:6465a3f5c58a | 69 | #include "lwip/opt.h" |
| sunyiming | 1:6465a3f5c58a | 70 | |
| sunyiming | 1:6465a3f5c58a | 71 | #if PPP_SUPPORT /* don't build if not configured for use in lwipopts.h */ |
| sunyiming | 1:6465a3f5c58a | 72 | |
| sunyiming | 1:6465a3f5c58a | 73 | #if CHAP_SUPPORT /* don't build if not configured for use in lwipopts.h */ |
| sunyiming | 1:6465a3f5c58a | 74 | |
| sunyiming | 1:6465a3f5c58a | 75 | #include "ppp.h" |
| sunyiming | 1:6465a3f5c58a | 76 | #include "pppdebug.h" |
| sunyiming | 1:6465a3f5c58a | 77 | |
| sunyiming | 1:6465a3f5c58a | 78 | #include "magic.h" |
| sunyiming | 1:6465a3f5c58a | 79 | #include "randm.h" |
| sunyiming | 1:6465a3f5c58a | 80 | #include "auth.h" |
| sunyiming | 1:6465a3f5c58a | 81 | #include "md5.h" |
| sunyiming | 1:6465a3f5c58a | 82 | #include "chap.h" |
| sunyiming | 1:6465a3f5c58a | 83 | #include "chpms.h" |
| sunyiming | 1:6465a3f5c58a | 84 | |
| sunyiming | 1:6465a3f5c58a | 85 | #include <string.h> |
| sunyiming | 1:6465a3f5c58a | 86 | |
| sunyiming | 1:6465a3f5c58a | 87 | #if 0 /* UNUSED */ |
| sunyiming | 1:6465a3f5c58a | 88 | /* |
| sunyiming | 1:6465a3f5c58a | 89 | * Command-line options. |
| sunyiming | 1:6465a3f5c58a | 90 | */ |
| sunyiming | 1:6465a3f5c58a | 91 | static option_t chap_option_list[] = { |
| sunyiming | 1:6465a3f5c58a | 92 | { "chap-restart", o_int, &chap[0].timeouttime, |
| sunyiming | 1:6465a3f5c58a | 93 | "Set timeout for CHAP" }, |
| sunyiming | 1:6465a3f5c58a | 94 | { "chap-max-challenge", o_int, &chap[0].max_transmits, |
| sunyiming | 1:6465a3f5c58a | 95 | "Set max #xmits for challenge" }, |
| sunyiming | 1:6465a3f5c58a | 96 | { "chap-interval", o_int, &chap[0].chal_interval, |
| sunyiming | 1:6465a3f5c58a | 97 | "Set interval for rechallenge" }, |
| sunyiming | 1:6465a3f5c58a | 98 | #ifdef MSLANMAN |
| sunyiming | 1:6465a3f5c58a | 99 | { "ms-lanman", o_bool, &ms_lanman, |
| sunyiming | 1:6465a3f5c58a | 100 | "Use LanMan passwd when using MS-CHAP", 1 }, |
| sunyiming | 1:6465a3f5c58a | 101 | #endif |
| sunyiming | 1:6465a3f5c58a | 102 | { NULL } |
| sunyiming | 1:6465a3f5c58a | 103 | }; |
| sunyiming | 1:6465a3f5c58a | 104 | #endif /* UNUSED */ |
| sunyiming | 1:6465a3f5c58a | 105 | |
| sunyiming | 1:6465a3f5c58a | 106 | /* |
| sunyiming | 1:6465a3f5c58a | 107 | * Protocol entry points. |
| sunyiming | 1:6465a3f5c58a | 108 | */ |
| sunyiming | 1:6465a3f5c58a | 109 | static void ChapInit (int); |
| sunyiming | 1:6465a3f5c58a | 110 | static void ChapLowerUp (int); |
| sunyiming | 1:6465a3f5c58a | 111 | static void ChapLowerDown (int); |
| sunyiming | 1:6465a3f5c58a | 112 | static void ChapInput (int, u_char *, int); |
| sunyiming | 1:6465a3f5c58a | 113 | static void ChapProtocolReject (int); |
| sunyiming | 1:6465a3f5c58a | 114 | #if PPP_ADDITIONAL_CALLBACKS |
| sunyiming | 1:6465a3f5c58a | 115 | static int ChapPrintPkt (u_char *, int, void (*) (void *, char *, ...), void *); |
| sunyiming | 1:6465a3f5c58a | 116 | #endif |
| sunyiming | 1:6465a3f5c58a | 117 | |
| sunyiming | 1:6465a3f5c58a | 118 | struct protent chap_protent = { |
| sunyiming | 1:6465a3f5c58a | 119 | PPP_CHAP, |
| sunyiming | 1:6465a3f5c58a | 120 | ChapInit, |
| sunyiming | 1:6465a3f5c58a | 121 | ChapInput, |
| sunyiming | 1:6465a3f5c58a | 122 | ChapProtocolReject, |
| sunyiming | 1:6465a3f5c58a | 123 | ChapLowerUp, |
| sunyiming | 1:6465a3f5c58a | 124 | ChapLowerDown, |
| sunyiming | 1:6465a3f5c58a | 125 | NULL, |
| sunyiming | 1:6465a3f5c58a | 126 | NULL, |
| sunyiming | 1:6465a3f5c58a | 127 | #if PPP_ADDITIONAL_CALLBACKS |
| sunyiming | 1:6465a3f5c58a | 128 | ChapPrintPkt, |
| sunyiming | 1:6465a3f5c58a | 129 | NULL, |
| sunyiming | 1:6465a3f5c58a | 130 | #endif /* PPP_ADDITIONAL_CALLBACKS */ |
| sunyiming | 1:6465a3f5c58a | 131 | 1, |
| sunyiming | 1:6465a3f5c58a | 132 | "CHAP", |
| sunyiming | 1:6465a3f5c58a | 133 | #if PPP_ADDITIONAL_CALLBACKS |
| sunyiming | 1:6465a3f5c58a | 134 | NULL, |
| sunyiming | 1:6465a3f5c58a | 135 | NULL, |
| sunyiming | 1:6465a3f5c58a | 136 | NULL |
| sunyiming | 1:6465a3f5c58a | 137 | #endif /* PPP_ADDITIONAL_CALLBACKS */ |
| sunyiming | 1:6465a3f5c58a | 138 | }; |
| sunyiming | 1:6465a3f5c58a | 139 | |
| sunyiming | 1:6465a3f5c58a | 140 | chap_state chap[NUM_PPP]; /* CHAP state; one for each unit */ |
| sunyiming | 1:6465a3f5c58a | 141 | |
| sunyiming | 1:6465a3f5c58a | 142 | static void ChapChallengeTimeout (void *); |
| sunyiming | 1:6465a3f5c58a | 143 | static void ChapResponseTimeout (void *); |
| sunyiming | 1:6465a3f5c58a | 144 | static void ChapReceiveChallenge (chap_state *, u_char *, u_char, int); |
| sunyiming | 1:6465a3f5c58a | 145 | static void ChapRechallenge (void *); |
| sunyiming | 1:6465a3f5c58a | 146 | static void ChapReceiveResponse (chap_state *, u_char *, int, int); |
| sunyiming | 1:6465a3f5c58a | 147 | static void ChapReceiveSuccess(chap_state *cstate, u_char *inp, u_char id, int len); |
| sunyiming | 1:6465a3f5c58a | 148 | static void ChapReceiveFailure(chap_state *cstate, u_char *inp, u_char id, int len); |
| sunyiming | 1:6465a3f5c58a | 149 | static void ChapSendStatus (chap_state *, int); |
| sunyiming | 1:6465a3f5c58a | 150 | static void ChapSendChallenge (chap_state *); |
| sunyiming | 1:6465a3f5c58a | 151 | static void ChapSendResponse (chap_state *); |
| sunyiming | 1:6465a3f5c58a | 152 | static void ChapGenChallenge (chap_state *); |
| sunyiming | 1:6465a3f5c58a | 153 | |
| sunyiming | 1:6465a3f5c58a | 154 | /* |
| sunyiming | 1:6465a3f5c58a | 155 | * ChapInit - Initialize a CHAP unit. |
| sunyiming | 1:6465a3f5c58a | 156 | */ |
| sunyiming | 1:6465a3f5c58a | 157 | static void |
| sunyiming | 1:6465a3f5c58a | 158 | ChapInit(int unit) |
| sunyiming | 1:6465a3f5c58a | 159 | { |
| sunyiming | 1:6465a3f5c58a | 160 | chap_state *cstate = &chap[unit]; |
| sunyiming | 1:6465a3f5c58a | 161 | |
| sunyiming | 1:6465a3f5c58a | 162 | BZERO(cstate, sizeof(*cstate)); |
| sunyiming | 1:6465a3f5c58a | 163 | cstate->unit = unit; |
| sunyiming | 1:6465a3f5c58a | 164 | cstate->clientstate = CHAPCS_INITIAL; |
| sunyiming | 1:6465a3f5c58a | 165 | cstate->serverstate = CHAPSS_INITIAL; |
| sunyiming | 1:6465a3f5c58a | 166 | cstate->timeouttime = CHAP_DEFTIMEOUT; |
| sunyiming | 1:6465a3f5c58a | 167 | cstate->max_transmits = CHAP_DEFTRANSMITS; |
| sunyiming | 1:6465a3f5c58a | 168 | /* random number generator is initialized in magic_init */ |
| sunyiming | 1:6465a3f5c58a | 169 | } |
| sunyiming | 1:6465a3f5c58a | 170 | |
| sunyiming | 1:6465a3f5c58a | 171 | |
| sunyiming | 1:6465a3f5c58a | 172 | /* |
| sunyiming | 1:6465a3f5c58a | 173 | * ChapAuthWithPeer - Authenticate us with our peer (start client). |
| sunyiming | 1:6465a3f5c58a | 174 | * |
| sunyiming | 1:6465a3f5c58a | 175 | */ |
| sunyiming | 1:6465a3f5c58a | 176 | void |
| sunyiming | 1:6465a3f5c58a | 177 | ChapAuthWithPeer(int unit, char *our_name, u_char digest) |
| sunyiming | 1:6465a3f5c58a | 178 | { |
| sunyiming | 1:6465a3f5c58a | 179 | chap_state *cstate = &chap[unit]; |
| sunyiming | 1:6465a3f5c58a | 180 | |
| sunyiming | 1:6465a3f5c58a | 181 | cstate->resp_name = our_name; |
| sunyiming | 1:6465a3f5c58a | 182 | cstate->resp_type = digest; |
| sunyiming | 1:6465a3f5c58a | 183 | |
| sunyiming | 1:6465a3f5c58a | 184 | if (cstate->clientstate == CHAPCS_INITIAL || |
| sunyiming | 1:6465a3f5c58a | 185 | cstate->clientstate == CHAPCS_PENDING) { |
| sunyiming | 1:6465a3f5c58a | 186 | /* lower layer isn't up - wait until later */ |
| sunyiming | 1:6465a3f5c58a | 187 | cstate->clientstate = CHAPCS_PENDING; |
| sunyiming | 1:6465a3f5c58a | 188 | return; |
| sunyiming | 1:6465a3f5c58a | 189 | } |
| sunyiming | 1:6465a3f5c58a | 190 | |
| sunyiming | 1:6465a3f5c58a | 191 | /* |
| sunyiming | 1:6465a3f5c58a | 192 | * We get here as a result of LCP coming up. |
| sunyiming | 1:6465a3f5c58a | 193 | * So even if CHAP was open before, we will |
| sunyiming | 1:6465a3f5c58a | 194 | * have to re-authenticate ourselves. |
| sunyiming | 1:6465a3f5c58a | 195 | */ |
| sunyiming | 1:6465a3f5c58a | 196 | cstate->clientstate = CHAPCS_LISTEN; |
| sunyiming | 1:6465a3f5c58a | 197 | } |
| sunyiming | 1:6465a3f5c58a | 198 | |
| sunyiming | 1:6465a3f5c58a | 199 | |
| sunyiming | 1:6465a3f5c58a | 200 | /* |
| sunyiming | 1:6465a3f5c58a | 201 | * ChapAuthPeer - Authenticate our peer (start server). |
| sunyiming | 1:6465a3f5c58a | 202 | */ |
| sunyiming | 1:6465a3f5c58a | 203 | void |
| sunyiming | 1:6465a3f5c58a | 204 | ChapAuthPeer(int unit, char *our_name, u_char digest) |
| sunyiming | 1:6465a3f5c58a | 205 | { |
| sunyiming | 1:6465a3f5c58a | 206 | chap_state *cstate = &chap[unit]; |
| sunyiming | 1:6465a3f5c58a | 207 | |
| sunyiming | 1:6465a3f5c58a | 208 | cstate->chal_name = our_name; |
| sunyiming | 1:6465a3f5c58a | 209 | cstate->chal_type = digest; |
| sunyiming | 1:6465a3f5c58a | 210 | |
| sunyiming | 1:6465a3f5c58a | 211 | if (cstate->serverstate == CHAPSS_INITIAL || |
| sunyiming | 1:6465a3f5c58a | 212 | cstate->serverstate == CHAPSS_PENDING) { |
| sunyiming | 1:6465a3f5c58a | 213 | /* lower layer isn't up - wait until later */ |
| sunyiming | 1:6465a3f5c58a | 214 | cstate->serverstate = CHAPSS_PENDING; |
| sunyiming | 1:6465a3f5c58a | 215 | return; |
| sunyiming | 1:6465a3f5c58a | 216 | } |
| sunyiming | 1:6465a3f5c58a | 217 | |
| sunyiming | 1:6465a3f5c58a | 218 | ChapGenChallenge(cstate); |
| sunyiming | 1:6465a3f5c58a | 219 | ChapSendChallenge(cstate); /* crank it up dude! */ |
| sunyiming | 1:6465a3f5c58a | 220 | cstate->serverstate = CHAPSS_INITIAL_CHAL; |
| sunyiming | 1:6465a3f5c58a | 221 | } |
| sunyiming | 1:6465a3f5c58a | 222 | |
| sunyiming | 1:6465a3f5c58a | 223 | |
| sunyiming | 1:6465a3f5c58a | 224 | /* |
| sunyiming | 1:6465a3f5c58a | 225 | * ChapChallengeTimeout - Timeout expired on sending challenge. |
| sunyiming | 1:6465a3f5c58a | 226 | */ |
| sunyiming | 1:6465a3f5c58a | 227 | static void |
| sunyiming | 1:6465a3f5c58a | 228 | ChapChallengeTimeout(void *arg) |
| sunyiming | 1:6465a3f5c58a | 229 | { |
| sunyiming | 1:6465a3f5c58a | 230 | chap_state *cstate = (chap_state *) arg; |
| sunyiming | 1:6465a3f5c58a | 231 | |
| sunyiming | 1:6465a3f5c58a | 232 | /* if we aren't sending challenges, don't worry. then again we */ |
| sunyiming | 1:6465a3f5c58a | 233 | /* probably shouldn't be here either */ |
| sunyiming | 1:6465a3f5c58a | 234 | if (cstate->serverstate != CHAPSS_INITIAL_CHAL && |
| sunyiming | 1:6465a3f5c58a | 235 | cstate->serverstate != CHAPSS_RECHALLENGE) { |
| sunyiming | 1:6465a3f5c58a | 236 | return; |
| sunyiming | 1:6465a3f5c58a | 237 | } |
| sunyiming | 1:6465a3f5c58a | 238 | |
| sunyiming | 1:6465a3f5c58a | 239 | if (cstate->chal_transmits >= cstate->max_transmits) { |
| sunyiming | 1:6465a3f5c58a | 240 | /* give up on peer */ |
| sunyiming | 1:6465a3f5c58a | 241 | CHAPDEBUG(LOG_ERR, ("Peer failed to respond to CHAP challenge\n")); |
| sunyiming | 1:6465a3f5c58a | 242 | cstate->serverstate = CHAPSS_BADAUTH; |
| sunyiming | 1:6465a3f5c58a | 243 | auth_peer_fail(cstate->unit, PPP_CHAP); |
| sunyiming | 1:6465a3f5c58a | 244 | return; |
| sunyiming | 1:6465a3f5c58a | 245 | } |
| sunyiming | 1:6465a3f5c58a | 246 | |
| sunyiming | 1:6465a3f5c58a | 247 | ChapSendChallenge(cstate); /* Re-send challenge */ |
| sunyiming | 1:6465a3f5c58a | 248 | } |
| sunyiming | 1:6465a3f5c58a | 249 | |
| sunyiming | 1:6465a3f5c58a | 250 | |
| sunyiming | 1:6465a3f5c58a | 251 | /* |
| sunyiming | 1:6465a3f5c58a | 252 | * ChapResponseTimeout - Timeout expired on sending response. |
| sunyiming | 1:6465a3f5c58a | 253 | */ |
| sunyiming | 1:6465a3f5c58a | 254 | static void |
| sunyiming | 1:6465a3f5c58a | 255 | ChapResponseTimeout(void *arg) |
| sunyiming | 1:6465a3f5c58a | 256 | { |
| sunyiming | 1:6465a3f5c58a | 257 | chap_state *cstate = (chap_state *) arg; |
| sunyiming | 1:6465a3f5c58a | 258 | |
| sunyiming | 1:6465a3f5c58a | 259 | /* if we aren't sending a response, don't worry. */ |
| sunyiming | 1:6465a3f5c58a | 260 | if (cstate->clientstate != CHAPCS_RESPONSE) { |
| sunyiming | 1:6465a3f5c58a | 261 | return; |
| sunyiming | 1:6465a3f5c58a | 262 | } |
| sunyiming | 1:6465a3f5c58a | 263 | |
| sunyiming | 1:6465a3f5c58a | 264 | ChapSendResponse(cstate); /* re-send response */ |
| sunyiming | 1:6465a3f5c58a | 265 | } |
| sunyiming | 1:6465a3f5c58a | 266 | |
| sunyiming | 1:6465a3f5c58a | 267 | |
| sunyiming | 1:6465a3f5c58a | 268 | /* |
| sunyiming | 1:6465a3f5c58a | 269 | * ChapRechallenge - Time to challenge the peer again. |
| sunyiming | 1:6465a3f5c58a | 270 | */ |
| sunyiming | 1:6465a3f5c58a | 271 | static void |
| sunyiming | 1:6465a3f5c58a | 272 | ChapRechallenge(void *arg) |
| sunyiming | 1:6465a3f5c58a | 273 | { |
| sunyiming | 1:6465a3f5c58a | 274 | chap_state *cstate = (chap_state *) arg; |
| sunyiming | 1:6465a3f5c58a | 275 | |
| sunyiming | 1:6465a3f5c58a | 276 | /* if we aren't sending a response, don't worry. */ |
| sunyiming | 1:6465a3f5c58a | 277 | if (cstate->serverstate != CHAPSS_OPEN) { |
| sunyiming | 1:6465a3f5c58a | 278 | return; |
| sunyiming | 1:6465a3f5c58a | 279 | } |
| sunyiming | 1:6465a3f5c58a | 280 | |
| sunyiming | 1:6465a3f5c58a | 281 | ChapGenChallenge(cstate); |
| sunyiming | 1:6465a3f5c58a | 282 | ChapSendChallenge(cstate); |
| sunyiming | 1:6465a3f5c58a | 283 | cstate->serverstate = CHAPSS_RECHALLENGE; |
| sunyiming | 1:6465a3f5c58a | 284 | } |
| sunyiming | 1:6465a3f5c58a | 285 | |
| sunyiming | 1:6465a3f5c58a | 286 | |
| sunyiming | 1:6465a3f5c58a | 287 | /* |
| sunyiming | 1:6465a3f5c58a | 288 | * ChapLowerUp - The lower layer is up. |
| sunyiming | 1:6465a3f5c58a | 289 | * |
| sunyiming | 1:6465a3f5c58a | 290 | * Start up if we have pending requests. |
| sunyiming | 1:6465a3f5c58a | 291 | */ |
| sunyiming | 1:6465a3f5c58a | 292 | static void |
| sunyiming | 1:6465a3f5c58a | 293 | ChapLowerUp(int unit) |
| sunyiming | 1:6465a3f5c58a | 294 | { |
| sunyiming | 1:6465a3f5c58a | 295 | chap_state *cstate = &chap[unit]; |
| sunyiming | 1:6465a3f5c58a | 296 | |
| sunyiming | 1:6465a3f5c58a | 297 | if (cstate->clientstate == CHAPCS_INITIAL) { |
| sunyiming | 1:6465a3f5c58a | 298 | cstate->clientstate = CHAPCS_CLOSED; |
| sunyiming | 1:6465a3f5c58a | 299 | } else if (cstate->clientstate == CHAPCS_PENDING) { |
| sunyiming | 1:6465a3f5c58a | 300 | cstate->clientstate = CHAPCS_LISTEN; |
| sunyiming | 1:6465a3f5c58a | 301 | } |
| sunyiming | 1:6465a3f5c58a | 302 | |
| sunyiming | 1:6465a3f5c58a | 303 | if (cstate->serverstate == CHAPSS_INITIAL) { |
| sunyiming | 1:6465a3f5c58a | 304 | cstate->serverstate = CHAPSS_CLOSED; |
| sunyiming | 1:6465a3f5c58a | 305 | } else if (cstate->serverstate == CHAPSS_PENDING) { |
| sunyiming | 1:6465a3f5c58a | 306 | ChapGenChallenge(cstate); |
| sunyiming | 1:6465a3f5c58a | 307 | ChapSendChallenge(cstate); |
| sunyiming | 1:6465a3f5c58a | 308 | cstate->serverstate = CHAPSS_INITIAL_CHAL; |
| sunyiming | 1:6465a3f5c58a | 309 | } |
| sunyiming | 1:6465a3f5c58a | 310 | } |
| sunyiming | 1:6465a3f5c58a | 311 | |
| sunyiming | 1:6465a3f5c58a | 312 | |
| sunyiming | 1:6465a3f5c58a | 313 | /* |
| sunyiming | 1:6465a3f5c58a | 314 | * ChapLowerDown - The lower layer is down. |
| sunyiming | 1:6465a3f5c58a | 315 | * |
| sunyiming | 1:6465a3f5c58a | 316 | * Cancel all timeouts. |
| sunyiming | 1:6465a3f5c58a | 317 | */ |
| sunyiming | 1:6465a3f5c58a | 318 | static void |
| sunyiming | 1:6465a3f5c58a | 319 | ChapLowerDown(int unit) |
| sunyiming | 1:6465a3f5c58a | 320 | { |
| sunyiming | 1:6465a3f5c58a | 321 | chap_state *cstate = &chap[unit]; |
| sunyiming | 1:6465a3f5c58a | 322 | |
| sunyiming | 1:6465a3f5c58a | 323 | /* Timeout(s) pending? Cancel if so. */ |
| sunyiming | 1:6465a3f5c58a | 324 | if (cstate->serverstate == CHAPSS_INITIAL_CHAL || |
| sunyiming | 1:6465a3f5c58a | 325 | cstate->serverstate == CHAPSS_RECHALLENGE) { |
| sunyiming | 1:6465a3f5c58a | 326 | UNTIMEOUT(ChapChallengeTimeout, cstate); |
| sunyiming | 1:6465a3f5c58a | 327 | } else if (cstate->serverstate == CHAPSS_OPEN |
| sunyiming | 1:6465a3f5c58a | 328 | && cstate->chal_interval != 0) { |
| sunyiming | 1:6465a3f5c58a | 329 | UNTIMEOUT(ChapRechallenge, cstate); |
| sunyiming | 1:6465a3f5c58a | 330 | } |
| sunyiming | 1:6465a3f5c58a | 331 | if (cstate->clientstate == CHAPCS_RESPONSE) { |
| sunyiming | 1:6465a3f5c58a | 332 | UNTIMEOUT(ChapResponseTimeout, cstate); |
| sunyiming | 1:6465a3f5c58a | 333 | } |
| sunyiming | 1:6465a3f5c58a | 334 | cstate->clientstate = CHAPCS_INITIAL; |
| sunyiming | 1:6465a3f5c58a | 335 | cstate->serverstate = CHAPSS_INITIAL; |
| sunyiming | 1:6465a3f5c58a | 336 | } |
| sunyiming | 1:6465a3f5c58a | 337 | |
| sunyiming | 1:6465a3f5c58a | 338 | |
| sunyiming | 1:6465a3f5c58a | 339 | /* |
| sunyiming | 1:6465a3f5c58a | 340 | * ChapProtocolReject - Peer doesn't grok CHAP. |
| sunyiming | 1:6465a3f5c58a | 341 | */ |
| sunyiming | 1:6465a3f5c58a | 342 | static void |
| sunyiming | 1:6465a3f5c58a | 343 | ChapProtocolReject(int unit) |
| sunyiming | 1:6465a3f5c58a | 344 | { |
| sunyiming | 1:6465a3f5c58a | 345 | chap_state *cstate = &chap[unit]; |
| sunyiming | 1:6465a3f5c58a | 346 | |
| sunyiming | 1:6465a3f5c58a | 347 | if (cstate->serverstate != CHAPSS_INITIAL && |
| sunyiming | 1:6465a3f5c58a | 348 | cstate->serverstate != CHAPSS_CLOSED) { |
| sunyiming | 1:6465a3f5c58a | 349 | auth_peer_fail(unit, PPP_CHAP); |
| sunyiming | 1:6465a3f5c58a | 350 | } |
| sunyiming | 1:6465a3f5c58a | 351 | if (cstate->clientstate != CHAPCS_INITIAL && |
| sunyiming | 1:6465a3f5c58a | 352 | cstate->clientstate != CHAPCS_CLOSED) { |
| sunyiming | 1:6465a3f5c58a | 353 | auth_withpeer_fail(unit, PPP_CHAP); /* lwip: just sets the PPP error code on this unit to PPPERR_AUTHFAIL */ |
| sunyiming | 1:6465a3f5c58a | 354 | } |
| sunyiming | 1:6465a3f5c58a | 355 | ChapLowerDown(unit); /* shutdown chap */ |
| sunyiming | 1:6465a3f5c58a | 356 | } |
| sunyiming | 1:6465a3f5c58a | 357 | |
| sunyiming | 1:6465a3f5c58a | 358 | |
| sunyiming | 1:6465a3f5c58a | 359 | /* |
| sunyiming | 1:6465a3f5c58a | 360 | * ChapInput - Input CHAP packet. |
| sunyiming | 1:6465a3f5c58a | 361 | */ |
| sunyiming | 1:6465a3f5c58a | 362 | static void |
| sunyiming | 1:6465a3f5c58a | 363 | ChapInput(int unit, u_char *inpacket, int packet_len) |
| sunyiming | 1:6465a3f5c58a | 364 | { |
| sunyiming | 1:6465a3f5c58a | 365 | chap_state *cstate = &chap[unit]; |
| sunyiming | 1:6465a3f5c58a | 366 | u_char *inp; |
| sunyiming | 1:6465a3f5c58a | 367 | u_char code, id; |
| sunyiming | 1:6465a3f5c58a | 368 | int len; |
| sunyiming | 1:6465a3f5c58a | 369 | |
| sunyiming | 1:6465a3f5c58a | 370 | /* |
| sunyiming | 1:6465a3f5c58a | 371 | * Parse header (code, id and length). |
| sunyiming | 1:6465a3f5c58a | 372 | * If packet too short, drop it. |
| sunyiming | 1:6465a3f5c58a | 373 | */ |
| sunyiming | 1:6465a3f5c58a | 374 | inp = inpacket; |
| sunyiming | 1:6465a3f5c58a | 375 | if (packet_len < CHAP_HEADERLEN) { |
| sunyiming | 1:6465a3f5c58a | 376 | CHAPDEBUG(LOG_INFO, ("ChapInput: rcvd short header.\n")); |
| sunyiming | 1:6465a3f5c58a | 377 | return; |
| sunyiming | 1:6465a3f5c58a | 378 | } |
| sunyiming | 1:6465a3f5c58a | 379 | GETCHAR(code, inp); |
| sunyiming | 1:6465a3f5c58a | 380 | GETCHAR(id, inp); |
| sunyiming | 1:6465a3f5c58a | 381 | GETSHORT(len, inp); |
| sunyiming | 1:6465a3f5c58a | 382 | if (len < CHAP_HEADERLEN) { |
| sunyiming | 1:6465a3f5c58a | 383 | CHAPDEBUG(LOG_INFO, ("ChapInput: rcvd illegal length.\n")); |
| sunyiming | 1:6465a3f5c58a | 384 | return; |
| sunyiming | 1:6465a3f5c58a | 385 | } |
| sunyiming | 1:6465a3f5c58a | 386 | if (len > packet_len) { |
| sunyiming | 1:6465a3f5c58a | 387 | CHAPDEBUG(LOG_INFO, ("ChapInput: rcvd short packet.\n")); |
| sunyiming | 1:6465a3f5c58a | 388 | return; |
| sunyiming | 1:6465a3f5c58a | 389 | } |
| sunyiming | 1:6465a3f5c58a | 390 | len -= CHAP_HEADERLEN; |
| sunyiming | 1:6465a3f5c58a | 391 | |
| sunyiming | 1:6465a3f5c58a | 392 | /* |
| sunyiming | 1:6465a3f5c58a | 393 | * Action depends on code (as in fact it usually does :-). |
| sunyiming | 1:6465a3f5c58a | 394 | */ |
| sunyiming | 1:6465a3f5c58a | 395 | switch (code) { |
| sunyiming | 1:6465a3f5c58a | 396 | case CHAP_CHALLENGE: |
| sunyiming | 1:6465a3f5c58a | 397 | ChapReceiveChallenge(cstate, inp, id, len); |
| sunyiming | 1:6465a3f5c58a | 398 | break; |
| sunyiming | 1:6465a3f5c58a | 399 | |
| sunyiming | 1:6465a3f5c58a | 400 | case CHAP_RESPONSE: |
| sunyiming | 1:6465a3f5c58a | 401 | ChapReceiveResponse(cstate, inp, id, len); |
| sunyiming | 1:6465a3f5c58a | 402 | break; |
| sunyiming | 1:6465a3f5c58a | 403 | |
| sunyiming | 1:6465a3f5c58a | 404 | case CHAP_FAILURE: |
| sunyiming | 1:6465a3f5c58a | 405 | ChapReceiveFailure(cstate, inp, id, len); |
| sunyiming | 1:6465a3f5c58a | 406 | break; |
| sunyiming | 1:6465a3f5c58a | 407 | |
| sunyiming | 1:6465a3f5c58a | 408 | case CHAP_SUCCESS: |
| sunyiming | 1:6465a3f5c58a | 409 | ChapReceiveSuccess(cstate, inp, id, len); |
| sunyiming | 1:6465a3f5c58a | 410 | break; |
| sunyiming | 1:6465a3f5c58a | 411 | |
| sunyiming | 1:6465a3f5c58a | 412 | default: /* Need code reject? */ |
| sunyiming | 1:6465a3f5c58a | 413 | CHAPDEBUG(LOG_WARNING, ("Unknown CHAP code (%d) received.\n", code)); |
| sunyiming | 1:6465a3f5c58a | 414 | break; |
| sunyiming | 1:6465a3f5c58a | 415 | } |
| sunyiming | 1:6465a3f5c58a | 416 | } |
| sunyiming | 1:6465a3f5c58a | 417 | |
| sunyiming | 1:6465a3f5c58a | 418 | |
| sunyiming | 1:6465a3f5c58a | 419 | /* |
| sunyiming | 1:6465a3f5c58a | 420 | * ChapReceiveChallenge - Receive Challenge and send Response. |
| sunyiming | 1:6465a3f5c58a | 421 | */ |
| sunyiming | 1:6465a3f5c58a | 422 | static void |
| sunyiming | 1:6465a3f5c58a | 423 | ChapReceiveChallenge(chap_state *cstate, u_char *inp, u_char id, int len) |
| sunyiming | 1:6465a3f5c58a | 424 | { |
| sunyiming | 1:6465a3f5c58a | 425 | int rchallenge_len; |
| sunyiming | 1:6465a3f5c58a | 426 | u_char *rchallenge; |
| sunyiming | 1:6465a3f5c58a | 427 | int secret_len; |
| sunyiming | 1:6465a3f5c58a | 428 | char secret[MAXSECRETLEN]; |
| sunyiming | 1:6465a3f5c58a | 429 | char rhostname[256]; |
| sunyiming | 1:6465a3f5c58a | 430 | MD5_CTX mdContext; |
| sunyiming | 1:6465a3f5c58a | 431 | u_char hash[MD5_SIGNATURE_SIZE]; |
| sunyiming | 1:6465a3f5c58a | 432 | |
| sunyiming | 1:6465a3f5c58a | 433 | CHAPDEBUG(LOG_INFO, ("ChapReceiveChallenge: Rcvd id %d.\n", id)); |
| sunyiming | 1:6465a3f5c58a | 434 | if (cstate->clientstate == CHAPCS_CLOSED || |
| sunyiming | 1:6465a3f5c58a | 435 | cstate->clientstate == CHAPCS_PENDING) { |
| sunyiming | 1:6465a3f5c58a | 436 | CHAPDEBUG(LOG_INFO, ("ChapReceiveChallenge: in state %d\n", |
| sunyiming | 1:6465a3f5c58a | 437 | cstate->clientstate)); |
| sunyiming | 1:6465a3f5c58a | 438 | return; |
| sunyiming | 1:6465a3f5c58a | 439 | } |
| sunyiming | 1:6465a3f5c58a | 440 | |
| sunyiming | 1:6465a3f5c58a | 441 | if (len < 2) { |
| sunyiming | 1:6465a3f5c58a | 442 | CHAPDEBUG(LOG_INFO, ("ChapReceiveChallenge: rcvd short packet.\n")); |
| sunyiming | 1:6465a3f5c58a | 443 | return; |
| sunyiming | 1:6465a3f5c58a | 444 | } |
| sunyiming | 1:6465a3f5c58a | 445 | |
| sunyiming | 1:6465a3f5c58a | 446 | GETCHAR(rchallenge_len, inp); |
| sunyiming | 1:6465a3f5c58a | 447 | len -= sizeof (u_char) + rchallenge_len; /* now name field length */ |
| sunyiming | 1:6465a3f5c58a | 448 | if (len < 0) { |
| sunyiming | 1:6465a3f5c58a | 449 | CHAPDEBUG(LOG_INFO, ("ChapReceiveChallenge: rcvd short packet.\n")); |
| sunyiming | 1:6465a3f5c58a | 450 | return; |
| sunyiming | 1:6465a3f5c58a | 451 | } |
| sunyiming | 1:6465a3f5c58a | 452 | rchallenge = inp; |
| sunyiming | 1:6465a3f5c58a | 453 | INCPTR(rchallenge_len, inp); |
| sunyiming | 1:6465a3f5c58a | 454 | |
| sunyiming | 1:6465a3f5c58a | 455 | if (len >= (int)sizeof(rhostname)) { |
| sunyiming | 1:6465a3f5c58a | 456 | len = sizeof(rhostname) - 1; |
| sunyiming | 1:6465a3f5c58a | 457 | } |
| sunyiming | 1:6465a3f5c58a | 458 | BCOPY(inp, rhostname, len); |
| sunyiming | 1:6465a3f5c58a | 459 | rhostname[len] = '\000'; |
| sunyiming | 1:6465a3f5c58a | 460 | |
| sunyiming | 1:6465a3f5c58a | 461 | CHAPDEBUG(LOG_INFO, ("ChapReceiveChallenge: received name field '%s'\n", |
| sunyiming | 1:6465a3f5c58a | 462 | rhostname)); |
| sunyiming | 1:6465a3f5c58a | 463 | |
| sunyiming | 1:6465a3f5c58a | 464 | /* Microsoft doesn't send their name back in the PPP packet */ |
| sunyiming | 1:6465a3f5c58a | 465 | if (ppp_settings.remote_name[0] != 0 && (ppp_settings.explicit_remote || rhostname[0] == 0)) { |
| sunyiming | 1:6465a3f5c58a | 466 | strncpy(rhostname, ppp_settings.remote_name, sizeof(rhostname)); |
| sunyiming | 1:6465a3f5c58a | 467 | rhostname[sizeof(rhostname) - 1] = 0; |
| sunyiming | 1:6465a3f5c58a | 468 | CHAPDEBUG(LOG_INFO, ("ChapReceiveChallenge: using '%s' as remote name\n", |
| sunyiming | 1:6465a3f5c58a | 469 | rhostname)); |
| sunyiming | 1:6465a3f5c58a | 470 | } |
| sunyiming | 1:6465a3f5c58a | 471 | |
| sunyiming | 1:6465a3f5c58a | 472 | /* get secret for authenticating ourselves with the specified host */ |
| sunyiming | 1:6465a3f5c58a | 473 | if (!get_secret(cstate->unit, cstate->resp_name, rhostname, |
| sunyiming | 1:6465a3f5c58a | 474 | secret, &secret_len, 0)) { |
| sunyiming | 1:6465a3f5c58a | 475 | secret_len = 0; /* assume null secret if can't find one */ |
| sunyiming | 1:6465a3f5c58a | 476 | CHAPDEBUG(LOG_WARNING, ("No CHAP secret found for authenticating us to %s\n", |
| sunyiming | 1:6465a3f5c58a | 477 | rhostname)); |
| sunyiming | 1:6465a3f5c58a | 478 | } |
| sunyiming | 1:6465a3f5c58a | 479 | |
| sunyiming | 1:6465a3f5c58a | 480 | /* cancel response send timeout if necessary */ |
| sunyiming | 1:6465a3f5c58a | 481 | if (cstate->clientstate == CHAPCS_RESPONSE) { |
| sunyiming | 1:6465a3f5c58a | 482 | UNTIMEOUT(ChapResponseTimeout, cstate); |
| sunyiming | 1:6465a3f5c58a | 483 | } |
| sunyiming | 1:6465a3f5c58a | 484 | |
| sunyiming | 1:6465a3f5c58a | 485 | cstate->resp_id = id; |
| sunyiming | 1:6465a3f5c58a | 486 | cstate->resp_transmits = 0; |
| sunyiming | 1:6465a3f5c58a | 487 | |
| sunyiming | 1:6465a3f5c58a | 488 | /* generate MD based on negotiated type */ |
| sunyiming | 1:6465a3f5c58a | 489 | switch (cstate->resp_type) { |
| sunyiming | 1:6465a3f5c58a | 490 | |
| sunyiming | 1:6465a3f5c58a | 491 | case CHAP_DIGEST_MD5: |
| sunyiming | 1:6465a3f5c58a | 492 | MD5Init(&mdContext); |
| sunyiming | 1:6465a3f5c58a | 493 | MD5Update(&mdContext, &cstate->resp_id, 1); |
| sunyiming | 1:6465a3f5c58a | 494 | MD5Update(&mdContext, (u_char*)secret, secret_len); |
| sunyiming | 1:6465a3f5c58a | 495 | MD5Update(&mdContext, rchallenge, rchallenge_len); |
| sunyiming | 1:6465a3f5c58a | 496 | MD5Final(hash, &mdContext); |
| sunyiming | 1:6465a3f5c58a | 497 | BCOPY(hash, cstate->response, MD5_SIGNATURE_SIZE); |
| sunyiming | 1:6465a3f5c58a | 498 | cstate->resp_length = MD5_SIGNATURE_SIZE; |
| sunyiming | 1:6465a3f5c58a | 499 | break; |
| sunyiming | 1:6465a3f5c58a | 500 | |
| sunyiming | 1:6465a3f5c58a | 501 | #if MSCHAP_SUPPORT |
| sunyiming | 1:6465a3f5c58a | 502 | case CHAP_MICROSOFT: |
| sunyiming | 1:6465a3f5c58a | 503 | ChapMS(cstate, rchallenge, rchallenge_len, secret, secret_len); |
| sunyiming | 1:6465a3f5c58a | 504 | break; |
| sunyiming | 1:6465a3f5c58a | 505 | #endif |
| sunyiming | 1:6465a3f5c58a | 506 | |
| sunyiming | 1:6465a3f5c58a | 507 | default: |
| sunyiming | 1:6465a3f5c58a | 508 | CHAPDEBUG(LOG_INFO, ("unknown digest type %d\n", cstate->resp_type)); |
| sunyiming | 1:6465a3f5c58a | 509 | return; |
| sunyiming | 1:6465a3f5c58a | 510 | } |
| sunyiming | 1:6465a3f5c58a | 511 | |
| sunyiming | 1:6465a3f5c58a | 512 | BZERO(secret, sizeof(secret)); |
| sunyiming | 1:6465a3f5c58a | 513 | ChapSendResponse(cstate); |
| sunyiming | 1:6465a3f5c58a | 514 | } |
| sunyiming | 1:6465a3f5c58a | 515 | |
| sunyiming | 1:6465a3f5c58a | 516 | |
| sunyiming | 1:6465a3f5c58a | 517 | /* |
| sunyiming | 1:6465a3f5c58a | 518 | * ChapReceiveResponse - Receive and process response. |
| sunyiming | 1:6465a3f5c58a | 519 | */ |
| sunyiming | 1:6465a3f5c58a | 520 | static void |
| sunyiming | 1:6465a3f5c58a | 521 | ChapReceiveResponse(chap_state *cstate, u_char *inp, int id, int len) |
| sunyiming | 1:6465a3f5c58a | 522 | { |
| sunyiming | 1:6465a3f5c58a | 523 | u_char *remmd, remmd_len; |
| sunyiming | 1:6465a3f5c58a | 524 | int secret_len, old_state; |
| sunyiming | 1:6465a3f5c58a | 525 | int code; |
| sunyiming | 1:6465a3f5c58a | 526 | char rhostname[256]; |
| sunyiming | 1:6465a3f5c58a | 527 | MD5_CTX mdContext; |
| sunyiming | 1:6465a3f5c58a | 528 | char secret[MAXSECRETLEN]; |
| sunyiming | 1:6465a3f5c58a | 529 | u_char hash[MD5_SIGNATURE_SIZE]; |
| sunyiming | 1:6465a3f5c58a | 530 | |
| sunyiming | 1:6465a3f5c58a | 531 | CHAPDEBUG(LOG_INFO, ("ChapReceiveResponse: Rcvd id %d.\n", id)); |
| sunyiming | 1:6465a3f5c58a | 532 | |
| sunyiming | 1:6465a3f5c58a | 533 | if (cstate->serverstate == CHAPSS_CLOSED || |
| sunyiming | 1:6465a3f5c58a | 534 | cstate->serverstate == CHAPSS_PENDING) { |
| sunyiming | 1:6465a3f5c58a | 535 | CHAPDEBUG(LOG_INFO, ("ChapReceiveResponse: in state %d\n", |
| sunyiming | 1:6465a3f5c58a | 536 | cstate->serverstate)); |
| sunyiming | 1:6465a3f5c58a | 537 | return; |
| sunyiming | 1:6465a3f5c58a | 538 | } |
| sunyiming | 1:6465a3f5c58a | 539 | |
| sunyiming | 1:6465a3f5c58a | 540 | if (id != cstate->chal_id) { |
| sunyiming | 1:6465a3f5c58a | 541 | return; /* doesn't match ID of last challenge */ |
| sunyiming | 1:6465a3f5c58a | 542 | } |
| sunyiming | 1:6465a3f5c58a | 543 | |
| sunyiming | 1:6465a3f5c58a | 544 | /* |
| sunyiming | 1:6465a3f5c58a | 545 | * If we have received a duplicate or bogus Response, |
| sunyiming | 1:6465a3f5c58a | 546 | * we have to send the same answer (Success/Failure) |
| sunyiming | 1:6465a3f5c58a | 547 | * as we did for the first Response we saw. |
| sunyiming | 1:6465a3f5c58a | 548 | */ |
| sunyiming | 1:6465a3f5c58a | 549 | if (cstate->serverstate == CHAPSS_OPEN) { |
| sunyiming | 1:6465a3f5c58a | 550 | ChapSendStatus(cstate, CHAP_SUCCESS); |
| sunyiming | 1:6465a3f5c58a | 551 | return; |
| sunyiming | 1:6465a3f5c58a | 552 | } |
| sunyiming | 1:6465a3f5c58a | 553 | if (cstate->serverstate == CHAPSS_BADAUTH) { |
| sunyiming | 1:6465a3f5c58a | 554 | ChapSendStatus(cstate, CHAP_FAILURE); |
| sunyiming | 1:6465a3f5c58a | 555 | return; |
| sunyiming | 1:6465a3f5c58a | 556 | } |
| sunyiming | 1:6465a3f5c58a | 557 | |
| sunyiming | 1:6465a3f5c58a | 558 | if (len < 2) { |
| sunyiming | 1:6465a3f5c58a | 559 | CHAPDEBUG(LOG_INFO, ("ChapReceiveResponse: rcvd short packet.\n")); |
| sunyiming | 1:6465a3f5c58a | 560 | return; |
| sunyiming | 1:6465a3f5c58a | 561 | } |
| sunyiming | 1:6465a3f5c58a | 562 | GETCHAR(remmd_len, inp); /* get length of MD */ |
| sunyiming | 1:6465a3f5c58a | 563 | remmd = inp; /* get pointer to MD */ |
| sunyiming | 1:6465a3f5c58a | 564 | INCPTR(remmd_len, inp); |
| sunyiming | 1:6465a3f5c58a | 565 | |
| sunyiming | 1:6465a3f5c58a | 566 | len -= sizeof (u_char) + remmd_len; |
| sunyiming | 1:6465a3f5c58a | 567 | if (len < 0) { |
| sunyiming | 1:6465a3f5c58a | 568 | CHAPDEBUG(LOG_INFO, ("ChapReceiveResponse: rcvd short packet.\n")); |
| sunyiming | 1:6465a3f5c58a | 569 | return; |
| sunyiming | 1:6465a3f5c58a | 570 | } |
| sunyiming | 1:6465a3f5c58a | 571 | |
| sunyiming | 1:6465a3f5c58a | 572 | UNTIMEOUT(ChapChallengeTimeout, cstate); |
| sunyiming | 1:6465a3f5c58a | 573 | |
| sunyiming | 1:6465a3f5c58a | 574 | if (len >= (int)sizeof(rhostname)) { |
| sunyiming | 1:6465a3f5c58a | 575 | len = sizeof(rhostname) - 1; |
| sunyiming | 1:6465a3f5c58a | 576 | } |
| sunyiming | 1:6465a3f5c58a | 577 | BCOPY(inp, rhostname, len); |
| sunyiming | 1:6465a3f5c58a | 578 | rhostname[len] = '\000'; |
| sunyiming | 1:6465a3f5c58a | 579 | |
| sunyiming | 1:6465a3f5c58a | 580 | CHAPDEBUG(LOG_INFO, ("ChapReceiveResponse: received name field: %s\n", |
| sunyiming | 1:6465a3f5c58a | 581 | rhostname)); |
| sunyiming | 1:6465a3f5c58a | 582 | |
| sunyiming | 1:6465a3f5c58a | 583 | /* |
| sunyiming | 1:6465a3f5c58a | 584 | * Get secret for authenticating them with us, |
| sunyiming | 1:6465a3f5c58a | 585 | * do the hash ourselves, and compare the result. |
| sunyiming | 1:6465a3f5c58a | 586 | */ |
| sunyiming | 1:6465a3f5c58a | 587 | code = CHAP_FAILURE; |
| sunyiming | 1:6465a3f5c58a | 588 | if (!get_secret(cstate->unit, rhostname, cstate->chal_name, |
| sunyiming | 1:6465a3f5c58a | 589 | secret, &secret_len, 1)) { |
| sunyiming | 1:6465a3f5c58a | 590 | CHAPDEBUG(LOG_WARNING, ("No CHAP secret found for authenticating %s\n", |
| sunyiming | 1:6465a3f5c58a | 591 | rhostname)); |
| sunyiming | 1:6465a3f5c58a | 592 | } else { |
| sunyiming | 1:6465a3f5c58a | 593 | /* generate MD based on negotiated type */ |
| sunyiming | 1:6465a3f5c58a | 594 | switch (cstate->chal_type) { |
| sunyiming | 1:6465a3f5c58a | 595 | |
| sunyiming | 1:6465a3f5c58a | 596 | case CHAP_DIGEST_MD5: /* only MD5 is defined for now */ |
| sunyiming | 1:6465a3f5c58a | 597 | if (remmd_len != MD5_SIGNATURE_SIZE) { |
| sunyiming | 1:6465a3f5c58a | 598 | break; /* it's not even the right length */ |
| sunyiming | 1:6465a3f5c58a | 599 | } |
| sunyiming | 1:6465a3f5c58a | 600 | MD5Init(&mdContext); |
| sunyiming | 1:6465a3f5c58a | 601 | MD5Update(&mdContext, &cstate->chal_id, 1); |
| sunyiming | 1:6465a3f5c58a | 602 | MD5Update(&mdContext, (u_char*)secret, secret_len); |
| sunyiming | 1:6465a3f5c58a | 603 | MD5Update(&mdContext, cstate->challenge, cstate->chal_len); |
| sunyiming | 1:6465a3f5c58a | 604 | MD5Final(hash, &mdContext); |
| sunyiming | 1:6465a3f5c58a | 605 | |
| sunyiming | 1:6465a3f5c58a | 606 | /* compare local and remote MDs and send the appropriate status */ |
| sunyiming | 1:6465a3f5c58a | 607 | if (memcmp (hash, remmd, MD5_SIGNATURE_SIZE) == 0) { |
| sunyiming | 1:6465a3f5c58a | 608 | code = CHAP_SUCCESS; /* they are the same! */ |
| sunyiming | 1:6465a3f5c58a | 609 | } |
| sunyiming | 1:6465a3f5c58a | 610 | break; |
| sunyiming | 1:6465a3f5c58a | 611 | |
| sunyiming | 1:6465a3f5c58a | 612 | default: |
| sunyiming | 1:6465a3f5c58a | 613 | CHAPDEBUG(LOG_INFO, ("unknown digest type %d\n", cstate->chal_type)); |
| sunyiming | 1:6465a3f5c58a | 614 | } |
| sunyiming | 1:6465a3f5c58a | 615 | } |
| sunyiming | 1:6465a3f5c58a | 616 | |
| sunyiming | 1:6465a3f5c58a | 617 | BZERO(secret, sizeof(secret)); |
| sunyiming | 1:6465a3f5c58a | 618 | ChapSendStatus(cstate, code); |
| sunyiming | 1:6465a3f5c58a | 619 | |
| sunyiming | 1:6465a3f5c58a | 620 | if (code == CHAP_SUCCESS) { |
| sunyiming | 1:6465a3f5c58a | 621 | old_state = cstate->serverstate; |
| sunyiming | 1:6465a3f5c58a | 622 | cstate->serverstate = CHAPSS_OPEN; |
| sunyiming | 1:6465a3f5c58a | 623 | if (old_state == CHAPSS_INITIAL_CHAL) { |
| sunyiming | 1:6465a3f5c58a | 624 | auth_peer_success(cstate->unit, PPP_CHAP, rhostname, len); |
| sunyiming | 1:6465a3f5c58a | 625 | } |
| sunyiming | 1:6465a3f5c58a | 626 | if (cstate->chal_interval != 0) { |
| sunyiming | 1:6465a3f5c58a | 627 | TIMEOUT(ChapRechallenge, cstate, cstate->chal_interval); |
| sunyiming | 1:6465a3f5c58a | 628 | } |
| sunyiming | 1:6465a3f5c58a | 629 | } else { |
| sunyiming | 1:6465a3f5c58a | 630 | CHAPDEBUG(LOG_ERR, ("CHAP peer authentication failed\n")); |
| sunyiming | 1:6465a3f5c58a | 631 | cstate->serverstate = CHAPSS_BADAUTH; |
| sunyiming | 1:6465a3f5c58a | 632 | auth_peer_fail(cstate->unit, PPP_CHAP); |
| sunyiming | 1:6465a3f5c58a | 633 | } |
| sunyiming | 1:6465a3f5c58a | 634 | } |
| sunyiming | 1:6465a3f5c58a | 635 | |
| sunyiming | 1:6465a3f5c58a | 636 | /* |
| sunyiming | 1:6465a3f5c58a | 637 | * ChapReceiveSuccess - Receive Success |
| sunyiming | 1:6465a3f5c58a | 638 | */ |
| sunyiming | 1:6465a3f5c58a | 639 | static void |
| sunyiming | 1:6465a3f5c58a | 640 | ChapReceiveSuccess(chap_state *cstate, u_char *inp, u_char id, int len) |
| sunyiming | 1:6465a3f5c58a | 641 | { |
| sunyiming | 1:6465a3f5c58a | 642 | LWIP_UNUSED_ARG(id); |
| sunyiming | 1:6465a3f5c58a | 643 | LWIP_UNUSED_ARG(inp); |
| sunyiming | 1:6465a3f5c58a | 644 | |
| sunyiming | 1:6465a3f5c58a | 645 | CHAPDEBUG(LOG_INFO, ("ChapReceiveSuccess: Rcvd id %d.\n", id)); |
| sunyiming | 1:6465a3f5c58a | 646 | |
| sunyiming | 1:6465a3f5c58a | 647 | if (cstate->clientstate == CHAPCS_OPEN) { |
| sunyiming | 1:6465a3f5c58a | 648 | /* presumably an answer to a duplicate response */ |
| sunyiming | 1:6465a3f5c58a | 649 | return; |
| sunyiming | 1:6465a3f5c58a | 650 | } |
| sunyiming | 1:6465a3f5c58a | 651 | |
| sunyiming | 1:6465a3f5c58a | 652 | if (cstate->clientstate != CHAPCS_RESPONSE) { |
| sunyiming | 1:6465a3f5c58a | 653 | /* don't know what this is */ |
| sunyiming | 1:6465a3f5c58a | 654 | CHAPDEBUG(LOG_INFO, ("ChapReceiveSuccess: in state %d\n", |
| sunyiming | 1:6465a3f5c58a | 655 | cstate->clientstate)); |
| sunyiming | 1:6465a3f5c58a | 656 | return; |
| sunyiming | 1:6465a3f5c58a | 657 | } |
| sunyiming | 1:6465a3f5c58a | 658 | |
| sunyiming | 1:6465a3f5c58a | 659 | UNTIMEOUT(ChapResponseTimeout, cstate); |
| sunyiming | 1:6465a3f5c58a | 660 | |
| sunyiming | 1:6465a3f5c58a | 661 | /* |
| sunyiming | 1:6465a3f5c58a | 662 | * Print message. |
| sunyiming | 1:6465a3f5c58a | 663 | */ |
| sunyiming | 1:6465a3f5c58a | 664 | if (len > 0) { |
| sunyiming | 1:6465a3f5c58a | 665 | PRINTMSG(inp, len); |
| sunyiming | 1:6465a3f5c58a | 666 | } |
| sunyiming | 1:6465a3f5c58a | 667 | |
| sunyiming | 1:6465a3f5c58a | 668 | cstate->clientstate = CHAPCS_OPEN; |
| sunyiming | 1:6465a3f5c58a | 669 | |
| sunyiming | 1:6465a3f5c58a | 670 | auth_withpeer_success(cstate->unit, PPP_CHAP); |
| sunyiming | 1:6465a3f5c58a | 671 | } |
| sunyiming | 1:6465a3f5c58a | 672 | |
| sunyiming | 1:6465a3f5c58a | 673 | |
| sunyiming | 1:6465a3f5c58a | 674 | /* |
| sunyiming | 1:6465a3f5c58a | 675 | * ChapReceiveFailure - Receive failure. |
| sunyiming | 1:6465a3f5c58a | 676 | */ |
| sunyiming | 1:6465a3f5c58a | 677 | static void |
| sunyiming | 1:6465a3f5c58a | 678 | ChapReceiveFailure(chap_state *cstate, u_char *inp, u_char id, int len) |
| sunyiming | 1:6465a3f5c58a | 679 | { |
| sunyiming | 1:6465a3f5c58a | 680 | LWIP_UNUSED_ARG(id); |
| sunyiming | 1:6465a3f5c58a | 681 | LWIP_UNUSED_ARG(inp); |
| sunyiming | 1:6465a3f5c58a | 682 | |
| sunyiming | 1:6465a3f5c58a | 683 | CHAPDEBUG(LOG_INFO, ("ChapReceiveFailure: Rcvd id %d.\n", id)); |
| sunyiming | 1:6465a3f5c58a | 684 | |
| sunyiming | 1:6465a3f5c58a | 685 | if (cstate->clientstate != CHAPCS_RESPONSE) { |
| sunyiming | 1:6465a3f5c58a | 686 | /* don't know what this is */ |
| sunyiming | 1:6465a3f5c58a | 687 | CHAPDEBUG(LOG_INFO, ("ChapReceiveFailure: in state %d\n", |
| sunyiming | 1:6465a3f5c58a | 688 | cstate->clientstate)); |
| sunyiming | 1:6465a3f5c58a | 689 | return; |
| sunyiming | 1:6465a3f5c58a | 690 | } |
| sunyiming | 1:6465a3f5c58a | 691 | |
| sunyiming | 1:6465a3f5c58a | 692 | UNTIMEOUT(ChapResponseTimeout, cstate); |
| sunyiming | 1:6465a3f5c58a | 693 | |
| sunyiming | 1:6465a3f5c58a | 694 | /* |
| sunyiming | 1:6465a3f5c58a | 695 | * Print message. |
| sunyiming | 1:6465a3f5c58a | 696 | */ |
| sunyiming | 1:6465a3f5c58a | 697 | if (len > 0) { |
| sunyiming | 1:6465a3f5c58a | 698 | PRINTMSG(inp, len); |
| sunyiming | 1:6465a3f5c58a | 699 | } |
| sunyiming | 1:6465a3f5c58a | 700 | |
| sunyiming | 1:6465a3f5c58a | 701 | CHAPDEBUG(LOG_ERR, ("CHAP authentication failed\n")); |
| sunyiming | 1:6465a3f5c58a | 702 | auth_withpeer_fail(cstate->unit, PPP_CHAP); /* lwip: just sets the PPP error code on this unit to PPPERR_AUTHFAIL */ |
| sunyiming | 1:6465a3f5c58a | 703 | } |
| sunyiming | 1:6465a3f5c58a | 704 | |
| sunyiming | 1:6465a3f5c58a | 705 | |
| sunyiming | 1:6465a3f5c58a | 706 | /* |
| sunyiming | 1:6465a3f5c58a | 707 | * ChapSendChallenge - Send an Authenticate challenge. |
| sunyiming | 1:6465a3f5c58a | 708 | */ |
| sunyiming | 1:6465a3f5c58a | 709 | static void |
| sunyiming | 1:6465a3f5c58a | 710 | ChapSendChallenge(chap_state *cstate) |
| sunyiming | 1:6465a3f5c58a | 711 | { |
| sunyiming | 1:6465a3f5c58a | 712 | u_char *outp; |
| sunyiming | 1:6465a3f5c58a | 713 | int chal_len, name_len; |
| sunyiming | 1:6465a3f5c58a | 714 | int outlen; |
| sunyiming | 1:6465a3f5c58a | 715 | |
| sunyiming | 1:6465a3f5c58a | 716 | chal_len = cstate->chal_len; |
| sunyiming | 1:6465a3f5c58a | 717 | name_len = (int)strlen(cstate->chal_name); |
| sunyiming | 1:6465a3f5c58a | 718 | outlen = CHAP_HEADERLEN + sizeof (u_char) + chal_len + name_len; |
| sunyiming | 1:6465a3f5c58a | 719 | outp = outpacket_buf[cstate->unit]; |
| sunyiming | 1:6465a3f5c58a | 720 | |
| sunyiming | 1:6465a3f5c58a | 721 | MAKEHEADER(outp, PPP_CHAP); /* paste in a CHAP header */ |
| sunyiming | 1:6465a3f5c58a | 722 | |
| sunyiming | 1:6465a3f5c58a | 723 | PUTCHAR(CHAP_CHALLENGE, outp); |
| sunyiming | 1:6465a3f5c58a | 724 | PUTCHAR(cstate->chal_id, outp); |
| sunyiming | 1:6465a3f5c58a | 725 | PUTSHORT(outlen, outp); |
| sunyiming | 1:6465a3f5c58a | 726 | |
| sunyiming | 1:6465a3f5c58a | 727 | PUTCHAR(chal_len, outp); /* put length of challenge */ |
| sunyiming | 1:6465a3f5c58a | 728 | BCOPY(cstate->challenge, outp, chal_len); |
| sunyiming | 1:6465a3f5c58a | 729 | INCPTR(chal_len, outp); |
| sunyiming | 1:6465a3f5c58a | 730 | |
| sunyiming | 1:6465a3f5c58a | 731 | BCOPY(cstate->chal_name, outp, name_len); /* append hostname */ |
| sunyiming | 1:6465a3f5c58a | 732 | |
| sunyiming | 1:6465a3f5c58a | 733 | pppWrite(cstate->unit, outpacket_buf[cstate->unit], outlen + PPP_HDRLEN); |
| sunyiming | 1:6465a3f5c58a | 734 | |
| sunyiming | 1:6465a3f5c58a | 735 | CHAPDEBUG(LOG_INFO, ("ChapSendChallenge: Sent id %d.\n", cstate->chal_id)); |
| sunyiming | 1:6465a3f5c58a | 736 | |
| sunyiming | 1:6465a3f5c58a | 737 | TIMEOUT(ChapChallengeTimeout, cstate, cstate->timeouttime); |
| sunyiming | 1:6465a3f5c58a | 738 | ++cstate->chal_transmits; |
| sunyiming | 1:6465a3f5c58a | 739 | } |
| sunyiming | 1:6465a3f5c58a | 740 | |
| sunyiming | 1:6465a3f5c58a | 741 | |
| sunyiming | 1:6465a3f5c58a | 742 | /* |
| sunyiming | 1:6465a3f5c58a | 743 | * ChapSendStatus - Send a status response (ack or nak). |
| sunyiming | 1:6465a3f5c58a | 744 | */ |
| sunyiming | 1:6465a3f5c58a | 745 | static void |
| sunyiming | 1:6465a3f5c58a | 746 | ChapSendStatus(chap_state *cstate, int code) |
| sunyiming | 1:6465a3f5c58a | 747 | { |
| sunyiming | 1:6465a3f5c58a | 748 | u_char *outp; |
| sunyiming | 1:6465a3f5c58a | 749 | int outlen, msglen; |
| sunyiming | 1:6465a3f5c58a | 750 | char msg[256]; /* @todo: this can be a char*, no strcpy needed */ |
| sunyiming | 1:6465a3f5c58a | 751 | |
| sunyiming | 1:6465a3f5c58a | 752 | if (code == CHAP_SUCCESS) { |
| sunyiming | 1:6465a3f5c58a | 753 | strcpy(msg, "Welcome!"); |
| sunyiming | 1:6465a3f5c58a | 754 | } else { |
| sunyiming | 1:6465a3f5c58a | 755 | strcpy(msg, "I don't like you. Go 'way."); |
| sunyiming | 1:6465a3f5c58a | 756 | } |
| sunyiming | 1:6465a3f5c58a | 757 | msglen = (int)strlen(msg); |
| sunyiming | 1:6465a3f5c58a | 758 | |
| sunyiming | 1:6465a3f5c58a | 759 | outlen = CHAP_HEADERLEN + msglen; |
| sunyiming | 1:6465a3f5c58a | 760 | outp = outpacket_buf[cstate->unit]; |
| sunyiming | 1:6465a3f5c58a | 761 | |
| sunyiming | 1:6465a3f5c58a | 762 | MAKEHEADER(outp, PPP_CHAP); /* paste in a header */ |
| sunyiming | 1:6465a3f5c58a | 763 | |
| sunyiming | 1:6465a3f5c58a | 764 | PUTCHAR(code, outp); |
| sunyiming | 1:6465a3f5c58a | 765 | PUTCHAR(cstate->chal_id, outp); |
| sunyiming | 1:6465a3f5c58a | 766 | PUTSHORT(outlen, outp); |
| sunyiming | 1:6465a3f5c58a | 767 | BCOPY(msg, outp, msglen); |
| sunyiming | 1:6465a3f5c58a | 768 | pppWrite(cstate->unit, outpacket_buf[cstate->unit], outlen + PPP_HDRLEN); |
| sunyiming | 1:6465a3f5c58a | 769 | |
| sunyiming | 1:6465a3f5c58a | 770 | CHAPDEBUG(LOG_INFO, ("ChapSendStatus: Sent code %d, id %d.\n", code, |
| sunyiming | 1:6465a3f5c58a | 771 | cstate->chal_id)); |
| sunyiming | 1:6465a3f5c58a | 772 | } |
| sunyiming | 1:6465a3f5c58a | 773 | |
| sunyiming | 1:6465a3f5c58a | 774 | /* |
| sunyiming | 1:6465a3f5c58a | 775 | * ChapGenChallenge is used to generate a pseudo-random challenge string of |
| sunyiming | 1:6465a3f5c58a | 776 | * a pseudo-random length between min_len and max_len. The challenge |
| sunyiming | 1:6465a3f5c58a | 777 | * string and its length are stored in *cstate, and various other fields of |
| sunyiming | 1:6465a3f5c58a | 778 | * *cstate are initialized. |
| sunyiming | 1:6465a3f5c58a | 779 | */ |
| sunyiming | 1:6465a3f5c58a | 780 | |
| sunyiming | 1:6465a3f5c58a | 781 | static void |
| sunyiming | 1:6465a3f5c58a | 782 | ChapGenChallenge(chap_state *cstate) |
| sunyiming | 1:6465a3f5c58a | 783 | { |
| sunyiming | 1:6465a3f5c58a | 784 | int chal_len; |
| sunyiming | 1:6465a3f5c58a | 785 | u_char *ptr = cstate->challenge; |
| sunyiming | 1:6465a3f5c58a | 786 | int i; |
| sunyiming | 1:6465a3f5c58a | 787 | |
| sunyiming | 1:6465a3f5c58a | 788 | /* pick a random challenge length between MIN_CHALLENGE_LENGTH and |
| sunyiming | 1:6465a3f5c58a | 789 | MAX_CHALLENGE_LENGTH */ |
| sunyiming | 1:6465a3f5c58a | 790 | chal_len = (unsigned) |
| sunyiming | 1:6465a3f5c58a | 791 | ((((magic() >> 16) * |
| sunyiming | 1:6465a3f5c58a | 792 | (MAX_CHALLENGE_LENGTH - MIN_CHALLENGE_LENGTH)) >> 16) |
| sunyiming | 1:6465a3f5c58a | 793 | + MIN_CHALLENGE_LENGTH); |
| sunyiming | 1:6465a3f5c58a | 794 | LWIP_ASSERT("chal_len <= 0xff", chal_len <= 0xffff); |
| sunyiming | 1:6465a3f5c58a | 795 | cstate->chal_len = (u_char)chal_len; |
| sunyiming | 1:6465a3f5c58a | 796 | cstate->chal_id = ++cstate->id; |
| sunyiming | 1:6465a3f5c58a | 797 | cstate->chal_transmits = 0; |
| sunyiming | 1:6465a3f5c58a | 798 | |
| sunyiming | 1:6465a3f5c58a | 799 | /* generate a random string */ |
| sunyiming | 1:6465a3f5c58a | 800 | for (i = 0; i < chal_len; i++ ) { |
| sunyiming | 1:6465a3f5c58a | 801 | *ptr++ = (char) (magic() & 0xff); |
| sunyiming | 1:6465a3f5c58a | 802 | } |
| sunyiming | 1:6465a3f5c58a | 803 | } |
| sunyiming | 1:6465a3f5c58a | 804 | |
| sunyiming | 1:6465a3f5c58a | 805 | /* |
| sunyiming | 1:6465a3f5c58a | 806 | * ChapSendResponse - send a response packet with values as specified |
| sunyiming | 1:6465a3f5c58a | 807 | * in *cstate. |
| sunyiming | 1:6465a3f5c58a | 808 | */ |
| sunyiming | 1:6465a3f5c58a | 809 | /* ARGSUSED */ |
| sunyiming | 1:6465a3f5c58a | 810 | static void |
| sunyiming | 1:6465a3f5c58a | 811 | ChapSendResponse(chap_state *cstate) |
| sunyiming | 1:6465a3f5c58a | 812 | { |
| sunyiming | 1:6465a3f5c58a | 813 | u_char *outp; |
| sunyiming | 1:6465a3f5c58a | 814 | int outlen, md_len, name_len; |
| sunyiming | 1:6465a3f5c58a | 815 | |
| sunyiming | 1:6465a3f5c58a | 816 | md_len = cstate->resp_length; |
| sunyiming | 1:6465a3f5c58a | 817 | name_len = (int)strlen(cstate->resp_name); |
| sunyiming | 1:6465a3f5c58a | 818 | outlen = CHAP_HEADERLEN + sizeof (u_char) + md_len + name_len; |
| sunyiming | 1:6465a3f5c58a | 819 | outp = outpacket_buf[cstate->unit]; |
| sunyiming | 1:6465a3f5c58a | 820 | |
| sunyiming | 1:6465a3f5c58a | 821 | MAKEHEADER(outp, PPP_CHAP); |
| sunyiming | 1:6465a3f5c58a | 822 | |
| sunyiming | 1:6465a3f5c58a | 823 | PUTCHAR(CHAP_RESPONSE, outp); /* we are a response */ |
| sunyiming | 1:6465a3f5c58a | 824 | PUTCHAR(cstate->resp_id, outp); /* copy id from challenge packet */ |
| sunyiming | 1:6465a3f5c58a | 825 | PUTSHORT(outlen, outp); /* packet length */ |
| sunyiming | 1:6465a3f5c58a | 826 | |
| sunyiming | 1:6465a3f5c58a | 827 | PUTCHAR(md_len, outp); /* length of MD */ |
| sunyiming | 1:6465a3f5c58a | 828 | BCOPY(cstate->response, outp, md_len); /* copy MD to buffer */ |
| sunyiming | 1:6465a3f5c58a | 829 | INCPTR(md_len, outp); |
| sunyiming | 1:6465a3f5c58a | 830 | |
| sunyiming | 1:6465a3f5c58a | 831 | BCOPY(cstate->resp_name, outp, name_len); /* append our name */ |
| sunyiming | 1:6465a3f5c58a | 832 | |
| sunyiming | 1:6465a3f5c58a | 833 | /* send the packet */ |
| sunyiming | 1:6465a3f5c58a | 834 | pppWrite(cstate->unit, outpacket_buf[cstate->unit], outlen + PPP_HDRLEN); |
| sunyiming | 1:6465a3f5c58a | 835 | |
| sunyiming | 1:6465a3f5c58a | 836 | cstate->clientstate = CHAPCS_RESPONSE; |
| sunyiming | 1:6465a3f5c58a | 837 | TIMEOUT(ChapResponseTimeout, cstate, cstate->timeouttime); |
| sunyiming | 1:6465a3f5c58a | 838 | ++cstate->resp_transmits; |
| sunyiming | 1:6465a3f5c58a | 839 | } |
| sunyiming | 1:6465a3f5c58a | 840 | |
| sunyiming | 1:6465a3f5c58a | 841 | #if PPP_ADDITIONAL_CALLBACKS |
| sunyiming | 1:6465a3f5c58a | 842 | static char *ChapCodenames[] = { |
| sunyiming | 1:6465a3f5c58a | 843 | "Challenge", "Response", "Success", "Failure" |
| sunyiming | 1:6465a3f5c58a | 844 | }; |
| sunyiming | 1:6465a3f5c58a | 845 | /* |
| sunyiming | 1:6465a3f5c58a | 846 | * ChapPrintPkt - print the contents of a CHAP packet. |
| sunyiming | 1:6465a3f5c58a | 847 | */ |
| sunyiming | 1:6465a3f5c58a | 848 | static int |
| sunyiming | 1:6465a3f5c58a | 849 | ChapPrintPkt( u_char *p, int plen, void (*printer) (void *, char *, ...), void *arg) |
| sunyiming | 1:6465a3f5c58a | 850 | { |
| sunyiming | 1:6465a3f5c58a | 851 | int code, id, len; |
| sunyiming | 1:6465a3f5c58a | 852 | int clen, nlen; |
| sunyiming | 1:6465a3f5c58a | 853 | u_char x; |
| sunyiming | 1:6465a3f5c58a | 854 | |
| sunyiming | 1:6465a3f5c58a | 855 | if (plen < CHAP_HEADERLEN) { |
| sunyiming | 1:6465a3f5c58a | 856 | return 0; |
| sunyiming | 1:6465a3f5c58a | 857 | } |
| sunyiming | 1:6465a3f5c58a | 858 | GETCHAR(code, p); |
| sunyiming | 1:6465a3f5c58a | 859 | GETCHAR(id, p); |
| sunyiming | 1:6465a3f5c58a | 860 | GETSHORT(len, p); |
| sunyiming | 1:6465a3f5c58a | 861 | if (len < CHAP_HEADERLEN || len > plen) { |
| sunyiming | 1:6465a3f5c58a | 862 | return 0; |
| sunyiming | 1:6465a3f5c58a | 863 | } |
| sunyiming | 1:6465a3f5c58a | 864 | |
| sunyiming | 1:6465a3f5c58a | 865 | if (code >= 1 && code <= sizeof(ChapCodenames) / sizeof(char *)) { |
| sunyiming | 1:6465a3f5c58a | 866 | printer(arg, " %s", ChapCodenames[code-1]); |
| sunyiming | 1:6465a3f5c58a | 867 | } else { |
| sunyiming | 1:6465a3f5c58a | 868 | printer(arg, " code=0x%x", code); |
| sunyiming | 1:6465a3f5c58a | 869 | } |
| sunyiming | 1:6465a3f5c58a | 870 | printer(arg, " id=0x%x", id); |
| sunyiming | 1:6465a3f5c58a | 871 | len -= CHAP_HEADERLEN; |
| sunyiming | 1:6465a3f5c58a | 872 | switch (code) { |
| sunyiming | 1:6465a3f5c58a | 873 | case CHAP_CHALLENGE: |
| sunyiming | 1:6465a3f5c58a | 874 | case CHAP_RESPONSE: |
| sunyiming | 1:6465a3f5c58a | 875 | if (len < 1) { |
| sunyiming | 1:6465a3f5c58a | 876 | break; |
| sunyiming | 1:6465a3f5c58a | 877 | } |
| sunyiming | 1:6465a3f5c58a | 878 | clen = p[0]; |
| sunyiming | 1:6465a3f5c58a | 879 | if (len < clen + 1) { |
| sunyiming | 1:6465a3f5c58a | 880 | break; |
| sunyiming | 1:6465a3f5c58a | 881 | } |
| sunyiming | 1:6465a3f5c58a | 882 | ++p; |
| sunyiming | 1:6465a3f5c58a | 883 | nlen = len - clen - 1; |
| sunyiming | 1:6465a3f5c58a | 884 | printer(arg, " <"); |
| sunyiming | 1:6465a3f5c58a | 885 | for (; clen > 0; --clen) { |
| sunyiming | 1:6465a3f5c58a | 886 | GETCHAR(x, p); |
| sunyiming | 1:6465a3f5c58a | 887 | printer(arg, "%.2x", x); |
| sunyiming | 1:6465a3f5c58a | 888 | } |
| sunyiming | 1:6465a3f5c58a | 889 | printer(arg, ">, name = %.*Z", nlen, p); |
| sunyiming | 1:6465a3f5c58a | 890 | break; |
| sunyiming | 1:6465a3f5c58a | 891 | case CHAP_FAILURE: |
| sunyiming | 1:6465a3f5c58a | 892 | case CHAP_SUCCESS: |
| sunyiming | 1:6465a3f5c58a | 893 | printer(arg, " %.*Z", len, p); |
| sunyiming | 1:6465a3f5c58a | 894 | break; |
| sunyiming | 1:6465a3f5c58a | 895 | default: |
| sunyiming | 1:6465a3f5c58a | 896 | for (clen = len; clen > 0; --clen) { |
| sunyiming | 1:6465a3f5c58a | 897 | GETCHAR(x, p); |
| sunyiming | 1:6465a3f5c58a | 898 | printer(arg, " %.2x", x); |
| sunyiming | 1:6465a3f5c58a | 899 | } |
| sunyiming | 1:6465a3f5c58a | 900 | } |
| sunyiming | 1:6465a3f5c58a | 901 | |
| sunyiming | 1:6465a3f5c58a | 902 | return len + CHAP_HEADERLEN; |
| sunyiming | 1:6465a3f5c58a | 903 | } |
| sunyiming | 1:6465a3f5c58a | 904 | #endif /* PPP_ADDITIONAL_CALLBACKS */ |
| sunyiming | 1:6465a3f5c58a | 905 | |
| sunyiming | 1:6465a3f5c58a | 906 | #endif /* CHAP_SUPPORT */ |
| sunyiming | 1:6465a3f5c58a | 907 | |
| sunyiming | 1:6465a3f5c58a | 908 | #endif /* PPP_SUPPORT */ |