/* * fsm_rcoderej - Receive an Code-Reject. */ static void fsm_rcoderej(fsm *f, u_char *inp, int len) { u_char code, id; if (len < HEADERLEN) { FSMDEBUG(("fsm_rcoderej: Rcvd short Code-Reject packet!")); return; } GETCHAR(code, inp); GETCHAR(id, inp); ppp_warn("%s: Rcvd Code-Reject for code %d, id %d", PROTO_NAME(f), code, id); if( f->state == PPP_FSM_ACKRCVD ) f->state = PPP_FSM_REQSENT; }
/* * fsm_timeout - Timeout expired. */ static void fsm_timeout(void *arg) { fsm *f = (fsm *) arg; ppp_pcb *pcb = f->pcb; switch (f->state) { case PPP_FSM_CLOSING: case PPP_FSM_STOPPING: if( f->retransmits <= 0 ){ /* * We've waited for an ack long enough. Peer probably heard us. */ f->state = (f->state == PPP_FSM_CLOSING)? PPP_FSM_CLOSED: PPP_FSM_STOPPED; if( f->callbacks->finished ) (*f->callbacks->finished)(f); } else { /* Send Terminate-Request */ fsm_sdata(f, TERMREQ, f->reqid = ++f->id, (const u_char *) f->term_reason, f->term_reason_len); TIMEOUT(fsm_timeout, f, pcb->settings.fsm_timeout_time); --f->retransmits; } break; case PPP_FSM_REQSENT: case PPP_FSM_ACKRCVD: case PPP_FSM_ACKSENT: if (f->retransmits <= 0) { ppp_warn("%s: timeout sending Config-Requests", PROTO_NAME(f)); f->state = PPP_FSM_STOPPED; if( (f->flags & OPT_PASSIVE) == 0 && f->callbacks->finished ) (*f->callbacks->finished)(f); } else { /* Retransmit the configure-request */ if (f->callbacks->retransmit) (*f->callbacks->retransmit)(f); fsm_sconfreq(f, 1); /* Re-send Configure-Request */ if( f->state == PPP_FSM_ACKRCVD ) f->state = PPP_FSM_REQSENT; } break; default: FSMDEBUG(("%s: Timeout event in state %d!", PROTO_NAME(f), f->state)); /* no break */ } }
/* * chap_respond - Generate and send a response to a challenge. */ static void chap_respond(ppp_pcb *pcb, int id, unsigned char *pkt, int len) { int clen, nlen; int secret_len; struct pbuf *p; u_char *outp; char rname[MAXNAMELEN+1]; char secret[MAXSECRETLEN+1]; p = pbuf_alloc(PBUF_RAW, (u16_t)(RESP_MAX_PKTLEN), PPP_CTRL_PBUF_TYPE); if(NULL == p) return; if(p->tot_len != p->len) { pbuf_free(p); return; } if ((pcb->chap_client.flags & (LOWERUP | AUTH_STARTED)) != (LOWERUP | AUTH_STARTED)) return; /* not ready */ if (len < 2 || len < pkt[0] + 1) return; /* too short */ clen = pkt[0]; nlen = len - (clen + 1); /* Null terminate and clean remote name. */ ppp_slprintf(rname, sizeof(rname), "%.*v", nlen, pkt + clen + 1); #if PPP_REMOTENAME /* Microsoft doesn't send their name back in the PPP packet */ if (pcb->settings.explicit_remote || (pcb->settings.remote_name[0] != 0 && rname[0] == 0)) strlcpy(rname, pcb->settings.remote_name, sizeof(rname)); #endif /* PPP_REMOTENAME */ /* get secret for authenticating ourselves with the specified host */ if (!get_secret(pcb, pcb->chap_client.name, rname, secret, &secret_len, 0)) { secret_len = 0; /* assume null secret if can't find one */ ppp_warn("No CHAP secret found for authenticating us to %q", rname); } outp = (u_char*)p->payload; MAKEHEADER(outp, PPP_CHAP); outp += CHAP_HDRLEN; pcb->chap_client.digest->make_response(pcb, outp, id, pcb->chap_client.name, pkt, secret, secret_len, pcb->chap_client.priv); memset(secret, 0, secret_len); clen = *outp; nlen = strlen(pcb->chap_client.name); memcpy(outp + clen + 1, pcb->chap_client.name, nlen); outp = (u_char*)p->payload + PPP_HDRLEN; len = CHAP_HDRLEN + clen + 1 + nlen; outp[0] = CHAP_RESPONSE; outp[1] = id; outp[2] = len >> 8; outp[3] = len; pbuf_realloc(p, PPP_HDRLEN + len); ppp_write(pcb, p); }
/* * chap_handle_response - check the response to our challenge. */ static void chap_handle_response(ppp_pcb *pcb, int id, unsigned char *pkt, int len) { int response_len, ok, mlen; const unsigned char *response; unsigned char *outp; struct pbuf *p; const char *name = NULL; /* initialized to shut gcc up */ #if 0 /* UNUSED */ int (*verifier)(const char *, const char *, int, const struct chap_digest_type *, const unsigned char *, const unsigned char *, char *, int); #endif /* UNUSED */ char rname[MAXNAMELEN+1]; char message[256]; if ((pcb->chap_server.flags & LOWERUP) == 0) return; if (id != pcb->chap_server.challenge[PPP_HDRLEN+1] || len < 2) return; if (pcb->chap_server.flags & CHALLENGE_VALID) { response = pkt; GETCHAR(response_len, pkt); len -= response_len + 1; /* length of name */ name = (char *)pkt + response_len; if (len < 0) return; if (pcb->chap_server.flags & TIMEOUT_PENDING) { pcb->chap_server.flags &= ~TIMEOUT_PENDING; UNTIMEOUT(chap_timeout, pcb); } #if PPP_REMOTENAME if (pcb->settings.explicit_remote) { name = pcb->remote_name; } else #endif /* PPP_REMOTENAME */ { /* Null terminate and clean remote name. */ ppp_slprintf(rname, sizeof(rname), "%.*v", len, name); name = rname; } #if 0 /* UNUSED */ if (chap_verify_hook) verifier = chap_verify_hook; else verifier = chap_verify_response; ok = (*verifier)(name, pcb->chap_server.name, id, pcb->chap_server.digest, pcb->chap_server.challenge + PPP_HDRLEN + CHAP_HDRLEN, response, pcb->chap_server.message, sizeof(pcb->chap_server.message)); #endif /* UNUSED */ ok = chap_verify_response(pcb, name, pcb->chap_server.name, id, pcb->chap_server.digest, pcb->chap_server.challenge + PPP_HDRLEN + CHAP_HDRLEN, response, message, sizeof(message)); #if 0 /* UNUSED */ if (!ok || !auth_number()) { #endif /* UNUSED */ if (!ok) { pcb->chap_server.flags |= AUTH_FAILED; ppp_warn("Peer %q failed CHAP authentication", name); } } else if ((pcb->chap_server.flags & AUTH_DONE) == 0) return; /* send the response */ mlen = strlen(message); len = CHAP_HDRLEN + mlen; p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN +len), PPP_CTRL_PBUF_TYPE); if(NULL == p) return; if(p->tot_len != p->len) { pbuf_free(p); return; } outp = (unsigned char *)p->payload; MAKEHEADER(outp, PPP_CHAP); outp[0] = (pcb->chap_server.flags & AUTH_FAILED)? CHAP_FAILURE: CHAP_SUCCESS; outp[1] = id; outp[2] = len >> 8; outp[3] = len; if (mlen > 0) memcpy(outp + CHAP_HDRLEN, message, mlen); ppp_write(pcb, p); if (pcb->chap_server.flags & CHALLENGE_VALID) { pcb->chap_server.flags &= ~CHALLENGE_VALID; if (!(pcb->chap_server.flags & AUTH_DONE) && !(pcb->chap_server.flags & AUTH_FAILED)) { #if 0 /* UNUSED */ /* * Auth is OK, so now we need to check session restrictions * to ensure everything is OK, but only if we used a * plugin, and only if we're configured to check. This * allows us to do PAM checks on PPP servers that * authenticate against ActiveDirectory, and use AD for * account info (like when using Winbind integrated with * PAM). */ if (session_mgmt && session_check(name, NULL, devnam, NULL) == 0) { pcb->chap_server.flags |= AUTH_FAILED; ppp_warn("Peer %q failed CHAP Session verification", name); } #endif /* UNUSED */ } if (pcb->chap_server.flags & AUTH_FAILED) { auth_peer_fail(pcb, PPP_CHAP); } else { if ((pcb->chap_server.flags & AUTH_DONE) == 0) auth_peer_success(pcb, PPP_CHAP, pcb->chap_server.digest->code, name, strlen(name)); if (pcb->settings.chap_rechallenge_time) { pcb->chap_server.flags |= TIMEOUT_PENDING; TIMEOUT(chap_timeout, pcb, pcb->settings.chap_rechallenge_time); } } pcb->chap_server.flags |= AUTH_DONE; } }
/* * upap_rauth - Receive Authenticate. */ static void upap_rauthreq(ppp_pcb *pcb, u_char *inp, int id, int len) { u_char ruserlen, rpasswdlen; char *ruser; char *rpasswd; char rhostname[256]; int retcode; const char *msg; int msglen; if (pcb->upap.us_serverstate < UPAPSS_LISTEN) return; /* * If we receive a duplicate authenticate-request, we are * supposed to return the same status as for the first request. */ if (pcb->upap.us_serverstate == UPAPSS_OPEN) { upap_sresp(pcb, UPAP_AUTHACK, id, "", 0); /* return auth-ack */ return; } if (pcb->upap.us_serverstate == UPAPSS_BADAUTH) { upap_sresp(pcb, UPAP_AUTHNAK, id, "", 0); /* return auth-nak */ return; } /* * Parse user/passwd. */ if (len < 1) { UPAPDEBUG(("pap_rauth: rcvd short packet.")); return; } GETCHAR(ruserlen, inp); len -= sizeof (u_char) + ruserlen + sizeof (u_char); if (len < 0) { UPAPDEBUG(("pap_rauth: rcvd short packet.")); return; } ruser = (char *) inp; INCPTR(ruserlen, inp); GETCHAR(rpasswdlen, inp); if (len < rpasswdlen) { UPAPDEBUG(("pap_rauth: rcvd short packet.")); return; } rpasswd = (char *) inp; /* * Check the username and password given. */ retcode = UPAP_AUTHNAK; if (auth_check_passwd(pcb, ruser, ruserlen, rpasswd, rpasswdlen, &msg, &msglen)) { retcode = UPAP_AUTHACK; } BZERO(rpasswd, rpasswdlen); #if 0 /* UNUSED */ /* * Check remote number authorization. A plugin may have filled in * the remote number or added an allowed number, and rather than * return an authenticate failure, is leaving it for us to verify. */ if (retcode == UPAP_AUTHACK) { if (!auth_number()) { /* We do not want to leak info about the pap result. */ retcode = UPAP_AUTHNAK; /* XXX exit value will be "wrong" */ warn("calling number %q is not authorized", remote_number); } } msglen = strlen(msg); if (msglen > 255) msglen = 255; #endif /* UNUSED */ upap_sresp(pcb, retcode, id, msg, msglen); /* Null terminate and clean remote name. */ ppp_slprintf(rhostname, sizeof(rhostname), "%.*v", ruserlen, ruser); if (retcode == UPAP_AUTHACK) { pcb->upap.us_serverstate = UPAPSS_OPEN; ppp_notice("PAP peer authentication succeeded for %q", rhostname); auth_peer_success(pcb, PPP_PAP, 0, ruser, ruserlen); } else { pcb->upap.us_serverstate = UPAPSS_BADAUTH; ppp_warn("PAP peer authentication failed for %q", rhostname); auth_peer_fail(pcb, PPP_PAP); } if (pcb->settings.pap_req_timeout > 0) UNTIMEOUT(upap_reqtimeout, pcb); }