void
sendnaws()
{
long rows, cols;
unsigned char tmp[16];
unsigned char *cp;
if (my_state_is_wont(TELOPT_NAWS))
return;
#undef PUTSHORT
#define PUTSHORT(cp, x) { if ((*cp++ = ((x)>>8)&0xff) == IAC) *cp++ = IAC; \
if ((*cp++ = ((x))&0xff) == IAC) *cp++ = IAC; }
if (TerminalWindowSize(&rows, &cols) == 0) { /* Failed */
return;
}
cp = tmp;
*cp++ = IAC;
*cp++ = SB;
*cp++ = TELOPT_NAWS;
PUTSHORT(cp, cols);
PUTSHORT(cp, rows);
*cp++ = IAC;
*cp++ = SE;
if (NETROOM() >= cp - tmp) {
ring_supply_data(&netoring, tmp, cp-tmp);
printsub('>', tmp+2, cp - tmp - 2);
}
}
void
SendJoystick (int player, int x, int y, int buttons)
{
PUTHEAD (SJOYSTICK);
PUTSHORT (buffer + HEADSIZE, x);
PUTSHORT (buffer + HEADSIZE + 2, y);
PUTCHAR (buffer + HEADSIZE + 4, buttons);
PUTCHAR (buffer + HEADSIZE + 5, player);
csendreliable (buffer, HEADSIZE + 6);
}
void
SendMouse (int player, int x, int y, int buttons)
{
PUTHEAD (SMOUSE);
PUTSHORT (buffer + HEADSIZE, x);
PUTSHORT (buffer + HEADSIZE + 2, y);
PUTCHAR (buffer + HEADSIZE + 4, buttons);
PUTCHAR (buffer + HEADSIZE + 5, player);
csendreliable (buffer, HEADSIZE + 6);
}
int mesg_make_query (u_char *qname, uint16_t qtype, uint16_t qclass,
uint32_t id, int rd, u_char *buf, int buflen) {
char *fn = "mesg_make_query()";
u_char *ucp;
int i, written_len;
Mesg_Hdr *hdr;
if (T.debug > 4)
syslog (LOG_DEBUG, "%s: (qtype: %s, id: %d): start", fn,
string_rtype (qtype), id);
hdr = (Mesg_Hdr *) buf;
/* write header */
hdr->id = id;
hdr->opcode = OP_QUERY;
hdr->rcode = RC_OK;
hdr->rd = rd;
hdr->qr = hdr->aa = hdr->tc = hdr->ra = hdr->zero = 0;
hdr->qdcnt = ntohs (1);
hdr->ancnt = hdr->nscnt = hdr->arcnt = ntohs (0);
written_len = sizeof (Mesg_Hdr);
ucp = (u_char *) (hdr + 1);
/* write qname */
if (T.debug > 4)
syslog (LOG_DEBUG, "%s: qname offset = %d", fn, (int)(ucp - buf));
i = dname_copy (qname, ucp, buflen - written_len);
if (i < 0)
return -1;
written_len += i;
ucp += i;
/* write qtype / qclass */
if (T.debug > 4)
syslog (LOG_DEBUG, "%s: qtype/qclass offset = %d",
fn, (int)(ucp - buf));
written_len += sizeof (uint16_t) * 2;
if (written_len > buflen)
return -1;
PUTSHORT (qtype, ucp);
PUTSHORT (qclass, ucp);
return written_len;
}
/*
* ChapSendStatus - Send a status response (ack or nak).
*/
static void
ChapSendStatus(
chap_state *cstate,
int code)
{
u_char *outp;
int outlen, msglen;
char msg[256];
if (code == CHAP_SUCCESS)
slprintf(msg, sizeof(msg), "Welcome to %s.", hostname);
else
slprintf(msg, sizeof(msg), "I don't like you. Go 'way.");
msglen = strlen(msg);
outlen = CHAP_HEADERLEN + msglen;
outp = outpacket_buf;
MAKEHEADER(outp, PPP_CHAP); /* paste in a header */
PUTCHAR(code, outp);
PUTCHAR(cstate->chal_id, outp);
PUTSHORT(outlen, outp);
BCOPY(msg, outp, msglen);
output(cstate->unit, outpacket_buf, outlen + PPP_HDRLEN);
}
//******************************************************************************
// Generate PAP options ( username + password)
//******************************************************************************
void UPAPGenWapAuth(PAP_CnfgOptions_t *po, char * user, char * password)
{
char *us_user; /* User */
int us_userlen; /* User length */
char *us_passwd; /* Password */
int us_passwdlen; /* Password length */
int outlen;
u_char *outp;
/* Save the username and password we're given */
us_user = user;
us_userlen = strlen(user);
us_passwd = password;
us_passwdlen = strlen(password);
outlen = UPAP_HEADERLEN + 2 * sizeof (u_char) +
us_userlen + us_passwdlen;
outp = po->content;
PUTCHAR(UPAP_AUTHREQ, outp);
PUTCHAR(gChid, outp);
PUTSHORT(outlen, outp);
PUTCHAR(us_userlen, outp);
memcpy(outp, us_user, us_userlen);
INCPTR(us_userlen, outp);
PUTCHAR(us_passwdlen, outp);
memcpy(outp, us_passwd, us_passwdlen);
po->len = outlen;
po->flag = 1;
}
/*
* fsm_sdata - Send some data.
*
* Used for all packets sent to our peer by this module.
*/
void fsm_sdata(fsm *f, u_char code, u_char id, const u_char *data, int datalen) {
ppp_pcb *pcb = f->pcb;
struct pbuf *p;
u_char *outp;
int outlen;
/* Adjust length to be smaller than MTU */
if (datalen > pcb->peer_mru - HEADERLEN)
datalen = pcb->peer_mru - HEADERLEN;
outlen = datalen + HEADERLEN;
p = pbuf_alloc(PBUF_RAW, (u16_t)(outlen + PPP_HDRLEN), PPP_CTRL_PBUF_TYPE);
if(NULL == p)
return;
if(p->tot_len != p->len) {
pbuf_free(p);
return;
}
outp = (u_char*)p->payload;
if (datalen) /* && data != outp + PPP_HDRLEN + HEADERLEN) -- was only for fsm_sconfreq() */
MEMCPY(outp + PPP_HDRLEN + HEADERLEN, data, datalen);
MAKEHEADER(outp, f->protocol);
PUTCHAR(code, outp);
PUTCHAR(id, outp);
PUTSHORT(outlen, outp);
ppp_write(pcb, p);
}
/*
* upap_sresp - Send a response (ack or nak).
*/
static void upap_sresp(ppp_pcb *pcb, u_char code, u_char id, const char *msg, int msglen) {
struct pbuf *p;
u_char *outp;
int outlen;
outlen = UPAP_HEADERLEN + sizeof (u_char) + msglen;
p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN +outlen), PPP_CTRL_PBUF_TYPE);
if(NULL == p)
return;
if(p->tot_len != p->len) {
pbuf_free(p);
return;
}
outp = (u_char*)p->payload;
MAKEHEADER(outp, PPP_PAP);
PUTCHAR(code, outp);
PUTCHAR(id, outp);
PUTSHORT(outlen, outp);
PUTCHAR(msglen, outp);
MEMCPY(outp, msg, msglen);
ppp_write(pcb, p);
}
/*
* upap_sauthreq - Send an Authenticate-Request.
*/
static void
upap_sauthreq(upap_state *u)
{
u_char *outp;
int outlen;
outlen = UPAP_HEADERLEN + 2 * sizeof (u_char)
+ u->us_userlen + u->us_passwdlen;
outp = outpacket_buf[u->us_unit];
MAKEHEADER(outp, PPP_PAP);
PUTCHAR(UPAP_AUTHREQ, outp);
PUTCHAR(++u->us_id, outp);
PUTSHORT(outlen, outp);
PUTCHAR(u->us_userlen, outp);
BCOPY(u->us_user, outp, u->us_userlen);
INCPTR(u->us_userlen, outp);
PUTCHAR(u->us_passwdlen, outp);
BCOPY(u->us_passwd, outp, u->us_passwdlen);
pppWrite(u->us_unit, outpacket_buf[u->us_unit], outlen + PPP_HDRLEN);
UPAPDEBUG((LOG_INFO, "pap_sauth: Sent id %d\n", u->us_id));
TIMEOUT(upap_timeout, u, u->us_timeouttime);
++u->us_transmits;
u->us_clientstate = UPAPCS_AUTHREQ;
}
/*
* ChapSendChallenge - Send an Authenticate challenge.
*/
static void
ChapSendChallenge(
chap_state *cstate)
{
u_char *outp;
int chal_len, name_len;
int outlen;
chal_len = cstate->chal_len;
name_len = strlen(cstate->chal_name);
outlen = CHAP_HEADERLEN + sizeof (u_char) + chal_len + name_len;
outp = outpacket_buf;
MAKEHEADER(outp, PPP_CHAP); /* paste in a CHAP header */
PUTCHAR(CHAP_CHALLENGE, outp);
PUTCHAR(cstate->chal_id, outp);
PUTSHORT(outlen, outp);
PUTCHAR(chal_len, outp); /* put length of challenge */
BCOPY(cstate->challenge, outp, chal_len);
INCPTR(chal_len, outp);
BCOPY(cstate->chal_name, outp, name_len); /* append hostname */
output(cstate->unit, outpacket_buf, outlen + PPP_HDRLEN);
TIMEOUT(ChapChallengeTimeout, cstate, cstate->timeouttime);
++cstate->chal_transmits;
}
/*
* upap_sauthreq - Send an Authenticate-Request.
*/
static void upap_sauthreq(ppp_pcb *pcb) {
struct pbuf *p;
u_char *outp;
int outlen;
outlen = UPAP_HEADERLEN + 2 * sizeof (u_char) +
pcb->upap.us_userlen + pcb->upap.us_passwdlen;
p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN +outlen), PPP_CTRL_PBUF_TYPE);
if(NULL == p)
return;
if(p->tot_len != p->len) {
pbuf_free(p);
return;
}
outp = (u_char*)p->payload;
MAKEHEADER(outp, PPP_PAP);
PUTCHAR(UPAP_AUTHREQ, outp);
PUTCHAR(++pcb->upap.us_id, outp);
PUTSHORT(outlen, outp);
PUTCHAR(pcb->upap.us_userlen, outp);
MEMCPY(outp, pcb->upap.us_user, pcb->upap.us_userlen);
INCPTR(pcb->upap.us_userlen, outp);
PUTCHAR(pcb->upap.us_passwdlen, outp);
MEMCPY(outp, pcb->upap.us_passwd, pcb->upap.us_passwdlen);
ppp_write(pcb, p);
TIMEOUT(upap_timeout, pcb, pcb->settings.pap_timeout_time);
++pcb->upap.us_transmits;
pcb->upap.us_clientstate = UPAPCS_AUTHREQ;
}
/* ARGSUSED */
static void
ChapSendResponse(
chap_state *cstate)
{
u_char *outp;
int outlen, md_len, name_len;
md_len = cstate->resp_length;
name_len = strlen(cstate->resp_name);
outlen = CHAP_HEADERLEN + sizeof (u_char) + md_len + name_len;
outp = outpacket_buf;
MAKEHEADER(outp, PPP_CHAP);
PUTCHAR(CHAP_RESPONSE, outp); /* we are a response */
PUTCHAR(cstate->resp_id, outp); /* copy id from challenge packet */
PUTSHORT(outlen, outp); /* packet length */
PUTCHAR(md_len, outp); /* length of MD */
BCOPY(cstate->response, outp, md_len); /* copy MD to buffer */
INCPTR(md_len, outp);
BCOPY(cstate->resp_name, outp, name_len); /* append our name */
/* send the packet */
output(cstate->unit, outpacket_buf, outlen + PPP_HDRLEN);
cstate->clientstate = CHAPCS_RESPONSE;
TIMEOUT(ChapResponseTimeout, cstate, cstate->timeouttime);
++cstate->resp_transmits;
}
/**
* making ConfReq.
*/
static void
lcp_addci(fsm *f, u_char *ucp, int *lenp)
{
lcp *_this;
u_char *start_ucp = ucp;
LCP_ASSERT(f != NULL);
_this = &f->ppp->lcp;
if (!psm_opt_is_rejected(_this, mru)) {
PUTCHAR(PPP_LCP_MRU, ucp);
PUTCHAR(4, ucp);
if (_this->xxxmru > 0) { /* this value is got by Nak. */
PUTSHORT(_this->xxxmru, ucp);
} else {
PUTSHORT(f->ppp->mru, ucp);
}
psm_opt_set_requested(_this, mru, 1);
}
if (f->ppp->has_acf == 1) {
if (!psm_opt_is_rejected(_this, pfc)) {
PUTCHAR(PPP_LCP_PFC, ucp);
PUTCHAR(2, ucp);
psm_opt_set_requested(_this, pfc, 1);
}
if (!psm_opt_is_rejected(_this, acfc)) {
PUTCHAR(PPP_LCP_ACFC, ucp);
PUTCHAR(2, ucp);
psm_opt_set_requested(_this, acfc, 1);
}
}
PUTCHAR(PPP_LCP_MAGICNUMBER, ucp);
PUTCHAR(6, ucp);
PUTLONG(_this->magic_number, ucp);
if (f->ppp->peer_auth != 0) {
_this->auth_order[0] = f->ppp->peer_auth;
_this->auth_order[1] = -1;
} else if (_this->auth_order[0] < 0) {
lcp_load_authconfig(f);
}
lcp_add_auth(f, &ucp);
*lenp = ucp - start_ucp;
}
/*
* fsm_sconfreq - Send a Configure-Request.
*/
static void fsm_sconfreq(fsm *f, int retransmit) {
ppp_pcb *pcb = f->pcb;
struct pbuf *p;
u_char *outp;
int cilen;
if( f->state != PPP_FSM_REQSENT && f->state != PPP_FSM_ACKRCVD && f->state != PPP_FSM_ACKSENT ){
/* Not currently negotiating - reset options */
if( f->callbacks->resetci )
(*f->callbacks->resetci)(f);
f->nakloops = 0;
f->rnakloops = 0;
}
if( !retransmit ){
/* New request - reset retransmission counter, use new ID */
f->retransmits = pcb->settings.fsm_max_conf_req_transmits;
f->reqid = ++f->id;
}
f->seen_ack = 0;
/*
* Make up the request packet
*/
if( f->callbacks->cilen && f->callbacks->addci ){
cilen = (*f->callbacks->cilen)(f);
if( cilen > pcb->peer_mru - HEADERLEN )
cilen = pcb->peer_mru - HEADERLEN;
} else
cilen = 0;
p = pbuf_alloc(PBUF_RAW, (u16_t)(cilen + HEADERLEN + PPP_HDRLEN), PPP_CTRL_PBUF_TYPE);
if(NULL == p)
return;
if(p->tot_len != p->len) {
pbuf_free(p);
return;
}
/* send the request to our peer */
outp = (u_char*)p->payload;
MAKEHEADER(outp, f->protocol);
PUTCHAR(CONFREQ, outp);
PUTCHAR(f->reqid, outp);
PUTSHORT(cilen + HEADERLEN, outp);
if (cilen != 0) {
(*f->callbacks->addci)(f, outp, &cilen);
LWIP_ASSERT("cilen == p->len - HEADERLEN - PPP_HDRLEN", cilen == p->len - HEADERLEN - PPP_HDRLEN);
}
ppp_write(pcb, p);
/* start the retransmit timer */
--f->retransmits;
TIMEOUT(fsm_timeout, f, pcb->settings.fsm_timeout_time);
}
void
csend (unsigned char *message, int size)
{
if (obufferpos + size + 2 + 4 > BUFFERSIZE)
csendbuffer ();
PUTSHORT ((obuffer + obufferpos + 4), size + 2);
memcpy (obuffer + obufferpos + 6, message, size);
obufferpos += size + 2;
}
int infoleak_qry(char* buff)
{
HEADER* hdr;
int n, k;
char* ptr;
int qry_space = 12;
int dummy_names = 7;
int evil_size = 0xff;
memset(buff, 0, BUFFSIZE);
hdr = (HEADER*)buff;
hdr->id = htons(0xbeef);
hdr->opcode = IQUERY;
hdr->rd = 1;
hdr->ra = 1;
hdr->qdcount = htons(0);
hdr->nscount = htons(0);
hdr->ancount = htons(1);
hdr->arcount = htons(0);
ptr = buff + sizeof(HEADER);
printf("[d] HEADER is %d long\n", sizeof(HEADER));
n = 62;
for(k=0; k < dummy_names; k++)
{
*ptr++ = n;
ptr += n;
}
ptr += 1;
PUTSHORT(1/*ns_t_a*/, ptr); /* type */
PUTSHORT(T_A, ptr); /* class */
PUTLONG(1, ptr); /* ttl */
PUTSHORT(evil_size, ptr); /* our *evil* size */
return(ptr - buff + qry_space);
}
void
csendbegining (unsigned char *message, int size) /*send at more reliable beggining of packet */
{
if (obufferpos + size + 6 > BUFFERSIZE)
csendbuffer ();
memmove (obuffer + size + 6, obuffer + 4, obufferpos);
PUTSHORT ((obuffer + 4), size + 2);
memcpy (obuffer + 6, message, size);
obufferpos += size + 2;
}
int send_packet(int fd, char *buff, int len)
{
char tmp[2], *ptr=tmp;
PUTSHORT(len,ptr);
if(write(fd,tmp,2)!=2)
return(-1);
if(write(fd,buff,len)!=len)
return(-1);
return(1);
}
/**
* sending packet via MPPE.
*/
void
mppe_pkt_output(mppe *_this, uint16_t proto, u_char *pktp, int len)
{
int encrypt, flushed;
uint16_t coher_cnt;
u_char *outp, *outp0;
MPPE_ASSERT(proto == PPP_PROTO_IP);
flushed = 0;
encrypt = 1;
outp = ppp_packetbuf(_this->ppp, PPP_PROTO_MPPE);
outp0 = outp;
if (_this->send.stateless != 0) {
flushed = 1;
mppe_key_change(_this, &_this->send);
} else {
if ((_this->send.coher_cnt % 0x100) == 0xff) {
flushed = 1;
mppe_key_change(_this, &_this->send);
} else if (_this->send.resetreq != 0) {
flushed = 1;
_this->send.resetreq = 0;
}
}
if (flushed) {
mppe_rc4_setkey(_this, &_this->send);
}
MPPE_DBG((_this, DEBUG_LEVEL_2, "out coher_cnt=%03x %s%s",
_this->send.coher_cnt, (flushed)? "[flushed]" : "",
(encrypt)? "[encrypt]" : ""));
coher_cnt = _this->send.coher_cnt & COHERENCY_CNT_MASK;
if (flushed)
coher_cnt |= 0x8000;
if (encrypt)
coher_cnt |= 0x1000;
PUTSHORT(coher_cnt, outp);
proto = htons(proto);
mppe_rc4_encrypt(_this, &_this->send, 2, (u_char *)&proto, outp);
mppe_rc4_encrypt(_this, &_this->send, len, pktp, outp + 2);
ppp_output(_this->ppp, PPP_PROTO_MPPE, 0, 0, outp0, len + 4);
_this->send.coher_cnt++;
_this->send.coher_cnt &= COHERENCY_CNT_MASK;
}
void
csendreliable (unsigned char *message, int size)
{
if (size == 0)
return;
if (rposition + size + 6 > BUFFERSIZE)
{
printf ("Connection to server broken too long! Reliable buffer owerfllow\n"
"Game aborted\n");
exit (-1);
}
PUTLONG ((rbuffer + rposition), rcount);
rcount++;
PUTSHORT ((rbuffer + rposition + 4), (size + 6));
memcpy (rbuffer + rposition + 6, message, size);
rposition += size + 6;
timeout = 1;
}
/*
* upap_sresp - Send a response (ack or nak).
*/
static void
upap_sresp(upap_state *u, u_char code, u_char id, char *msg, int msglen)
{
u_char *outp;
int outlen;
outlen = UPAP_HEADERLEN + sizeof (u_char) + msglen;
outp = outpacket_buf[u->us_unit];
MAKEHEADER(outp, PPP_PAP);
PUTCHAR(code, outp);
PUTCHAR(id, outp);
PUTSHORT(outlen, outp);
PUTCHAR(msglen, outp);
BCOPY(msg, outp, msglen);
pppWrite(u->us_unit, outpacket_buf[u->us_unit], outlen + PPP_HDRLEN);
UPAPDEBUG((LOG_INFO, "pap_sresp: Sent code %d, id %d s=%d\n", code, id, u->us_clientstate));
}
int session_disconnect_ppp(){
struct pppoe_packet padt;
char buf[MAX_PAYLOAD + sizeof(struct pppoe_hdr)];
int data_len = sizeof(struct pppoe_hdr);
struct pppoe_hdr *ph = NULL;
char * ptr;
int i, error = 0;
unsigned char ppp_disconn[64];
unsigned char * outp;
memset(&padt,0,sizeof(struct pppoe_packet));
memcpy(&padt.addr, &old_ses.remote, sizeof(struct sockaddr_ll));
padt.addr.sll_protocol= ntohs(ETH_P_PPP_SES);
padt.hdr = (struct pppoe_hdr*) old_ses.curr_pkt.buf;
padt.hdr->ver = 1;
padt.hdr->type = 1;
padt.hdr->code = 0x00;
padt.hdr->sid = old_ses.sp.sa_addr.pppoe.sid;
padt.hdr->length = 6;
ph = (struct pppoe_hdr *) buf;
memcpy(ph, padt.hdr, sizeof(struct pppoe_hdr));
outp = ppp_disconn;
MAKEHEADER(outp, PPP_LCP); // 2 bytes
PUTCHAR(5, outp); // TERMREQ==5 // 1 byte
PUTCHAR(2, outp); // id=02 // 1 byte
PUTSHORT(4, outp); // HEADERLEN==4 in fsm.h // 2 byte
ptr = buf;
memcpy(ptr+6, ppp_disconn+2, 6);
error = sendto(disc_sock, buf, data_len+6, 0,
(struct sockaddr*) &padt.addr,
sizeof(struct sockaddr_ll));
if (error < 0)
return 0;
return 1;
}
static void
cbcp_send(cbcp_state *us, u_char code, u_char *buf, int len)
{
u_char *outp;
int outlen;
outp = outpacket_buf;
outlen = 4 + len;
MAKEHEADER(outp, PPP_CBCP);
PUTCHAR(code, outp);
PUTCHAR(us->us_id, outp);
PUTSHORT(outlen, outp);
if (len)
BCOPY(buf, outp, len);
output(us->us_unit, outpacket_buf, outlen + PPP_HDRLEN);
}
/*
* fsm_sdata - Send some data.
*
* Used for all packets sent to our peer by this module.
*/
void
fsm_sdata(fsm *f, int code, int id, u_char *data, int datalen)
{
u_char *outp;
int outlen;
/* Adjust length to be smaller than MTU */
outp = outpacket_buf;
if (datalen > peer_mru[f->unit] - HEADERLEN)
datalen = peer_mru[f->unit] - HEADERLEN;
if (datalen && data != outp + PPP_HDRLEN + HEADERLEN)
BCOPY(data, outp + PPP_HDRLEN + HEADERLEN, datalen);
outlen = datalen + HEADERLEN;
MAKEHEADER(outp, f->protocol);
PUTCHAR(code, outp);
PUTCHAR(id, outp);
PUTSHORT(outlen, outp);
output(f->unit, outpacket_buf, outlen + PPP_HDRLEN);
FSMDEBUG((LOG_INFO, "fsm_sdata(%s): Sent code %d, id %d.",
PROTO_NAME(f), code, id));
}
/*
* fsm_sdata - Send some data.
*
* Used for all packets sent to our peer by this module.
*/
void
fsm_sdata( fsm *f, u_char code, u_char id, u_char *data, int datalen)
{
u_char *outp;
int outlen;
/* Adjust length to be smaller than MTU */
outp = outpacket_buf[f->unit];
if (datalen > peer_mru[f->unit] - (int)HEADERLEN) {
datalen = peer_mru[f->unit] - HEADERLEN;
}
if (datalen && data != outp + PPP_HDRLEN + HEADERLEN) {
BCOPY(data, outp + PPP_HDRLEN + HEADERLEN, datalen);
}
outlen = datalen + HEADERLEN;
MAKEHEADER(outp, f->protocol);
PUTCHAR(code, outp);
PUTCHAR(id, outp);
PUTSHORT(outlen, outp);
pppWrite(f->unit, outpacket_buf[f->unit], outlen + PPP_HDRLEN);
FSMDEBUG(LOG_INFO, ("fsm_sdata(%s): Sent code %d,%d,%d.\n",
PROTO_NAME(f), code, id, outlen));
}
/*
* fsm_sdata - Send some data.
*
* Used for all packets sent to our peer by this module.
*/
void
fsm_sdata(
fsm *f,
u_char code, u_char id,
u_char *data,
int datalen)
{
u_char *outp;
int outlen;
/* Adjust length to be smaller than MTU */
outp = outpacket_buf;
if (datalen > peer_mru[f->unit] - HEADERLEN)
datalen = peer_mru[f->unit] - HEADERLEN;
if (datalen && data != outp + PPP_HDRLEN + HEADERLEN)
BCOPY(data, outp + PPP_HDRLEN + HEADERLEN, datalen);
outlen = datalen + HEADERLEN;
MAKEHEADER(outp, f->protocol);
PUTCHAR(code, outp);
PUTCHAR(id, outp);
PUTSHORT(outlen, outp);
output(f->unit, outpacket_buf, outlen + PPP_HDRLEN);
}
int
ns_sign2(u_char *msg, int *msglen, int msgsize, int error, void *k,
const u_char *querysig, int querysiglen, u_char *sig, int *siglen,
time_t in_timesigned, u_char **dnptrs, u_char **lastdnptr)
{
HEADER *hp = (HEADER *)msg;
DST_KEY *key = (DST_KEY *)k;
u_char *cp, *eob;
u_char *lenp;
u_char *alg;
int n;
time_t timesigned;
u_char name[NS_MAXCDNAME];
dst_init();
if (msg == NULL || msglen == NULL || sig == NULL || siglen == NULL)
return (-1);
cp = msg + *msglen;
eob = msg + msgsize;
/* Name. */
if (key != NULL && error != ns_r_badsig && error != ns_r_badkey) {
n = ns_name_pton(key->dk_key_name, name, sizeof name);
if (n != -1)
n = ns_name_pack(name, cp, eob - cp,
(const u_char **)dnptrs,
(const u_char **)lastdnptr);
} else {
n = ns_name_pton("", name, sizeof name);
if (n != -1)
n = ns_name_pack(name, cp, eob - cp, NULL, NULL);
}
if (n < 0)
return (NS_TSIG_ERROR_NO_SPACE);
cp += n;
/* Type, class, ttl, length (not filled in yet). */
BOUNDS_CHECK(cp, INT16SZ + INT16SZ + INT32SZ + INT16SZ);
PUTSHORT(ns_t_tsig, cp);
PUTSHORT(ns_c_any, cp);
PUTLONG(0, cp); /*%< TTL */
lenp = cp;
cp += 2;
/* Alg. */
if (key != NULL && error != ns_r_badsig && error != ns_r_badkey) {
if (key->dk_alg != KEY_HMAC_MD5)
return (-ns_r_badkey);
n = dn_comp(NS_TSIG_ALG_HMAC_MD5, cp, eob - cp, NULL, NULL);
}
else
n = dn_comp("", cp, eob - cp, NULL, NULL);
if (n < 0)
return (NS_TSIG_ERROR_NO_SPACE);
alg = cp;
cp += n;
/* Time. */
BOUNDS_CHECK(cp, INT16SZ + INT32SZ + INT16SZ);
PUTSHORT(0, cp);
timesigned = time(NULL);
if (error != ns_r_badtime)
PUTLONG(timesigned, cp);
else
PUTLONG(in_timesigned, cp);
PUTSHORT(NS_TSIG_FUDGE, cp);
/* Compute the signature. */
if (key != NULL && error != ns_r_badsig && error != ns_r_badkey) {
void *ctx;
u_char buf[NS_MAXCDNAME], *cp2;
int n;
dst_sign_data(SIG_MODE_INIT, key, &ctx, NULL, 0, NULL, 0);
/* Digest the query signature, if this is a response. */
if (querysiglen > 0 && querysig != NULL) {
u_int16_t len_n = htons(querysiglen);
dst_sign_data(SIG_MODE_UPDATE, key, &ctx,
(u_char *)&len_n, INT16SZ, NULL, 0);
dst_sign_data(SIG_MODE_UPDATE, key, &ctx,
querysig, querysiglen, NULL, 0);
}
/* Digest the message. */
dst_sign_data(SIG_MODE_UPDATE, key, &ctx, msg, *msglen,
NULL, 0);
/* Digest the key name. */
n = ns_name_ntol(name, buf, sizeof(buf));
INSIST(n > 0);
dst_sign_data(SIG_MODE_UPDATE, key, &ctx, buf, n, NULL, 0);
/* Digest the class and TTL. */
cp2 = buf;
PUTSHORT(ns_c_any, cp2);
PUTLONG(0, cp2);
dst_sign_data(SIG_MODE_UPDATE, key, &ctx, buf, cp2-buf,
NULL, 0);
/* Digest the algorithm. */
n = ns_name_ntol(alg, buf, sizeof(buf));
INSIST(n > 0);
dst_sign_data(SIG_MODE_UPDATE, key, &ctx, buf, n, NULL, 0);
/* Digest the time signed, fudge, error, and other data */
cp2 = buf;
PUTSHORT(0, cp2); /*%< Top 16 bits of time */
if (error != ns_r_badtime)
PUTLONG(timesigned, cp2);
else
PUTLONG(in_timesigned, cp2);
PUTSHORT(NS_TSIG_FUDGE, cp2);
PUTSHORT(error, cp2); /*%< Error */
if (error != ns_r_badtime)
PUTSHORT(0, cp2); /*%< Other data length */
else {
PUTSHORT(INT16SZ+INT32SZ, cp2); /*%< Other data length */
PUTSHORT(0, cp2); /*%< Top 16 bits of time */
PUTLONG(timesigned, cp2);
}
dst_sign_data(SIG_MODE_UPDATE, key, &ctx, buf, cp2-buf,
NULL, 0);
n = dst_sign_data(SIG_MODE_FINAL, key, &ctx, NULL, 0,
sig, *siglen);
if (n < 0)
return (-ns_r_badkey);
*siglen = n;
} else
*siglen = 0;
/* Add the signature. */
BOUNDS_CHECK(cp, INT16SZ + (*siglen));
PUTSHORT(*siglen, cp);
memcpy(cp, sig, *siglen);
cp += (*siglen);
/* The original message ID & error. */
BOUNDS_CHECK(cp, INT16SZ + INT16SZ);
PUTSHORT(ntohs(hp->id), cp); /*%< already in network order */
PUTSHORT(error, cp);
/* Other data. */
BOUNDS_CHECK(cp, INT16SZ);
if (error != ns_r_badtime)
PUTSHORT(0, cp); /*%< Other data length */
else {
PUTSHORT(INT16SZ+INT32SZ, cp); /*%< Other data length */
BOUNDS_CHECK(cp, INT32SZ+INT16SZ);
PUTSHORT(0, cp); /*%< Top 16 bits of time */
PUTLONG(timesigned, cp);
}
/* Go back and fill in the length. */
PUTSHORT(cp - lenp - INT16SZ, lenp);
hp->arcount = htons(ntohs(hp->arcount) + 1);
*msglen = (cp - msg);
return (0);
}
int
ns_sign_tcp2(u_char *msg, int *msglen, int msgsize, int error,
ns_tcp_tsig_state *state, int done,
u_char **dnptrs, u_char **lastdnptr)
{
u_char *cp, *eob, *lenp;
u_char buf[MAXDNAME], *cp2;
HEADER *hp = (HEADER *)msg;
time_t timesigned;
int n;
if (msg == NULL || msglen == NULL || state == NULL)
return (-1);
state->counter++;
if (state->counter == 0)
return (ns_sign2(msg, msglen, msgsize, error, state->key,
state->sig, state->siglen,
state->sig, &state->siglen, 0,
dnptrs, lastdnptr));
if (state->siglen > 0) {
u_int16_t siglen_n = htons(state->siglen);
dst_sign_data(SIG_MODE_INIT, state->key, &state->ctx,
NULL, 0, NULL, 0);
dst_sign_data(SIG_MODE_UPDATE, state->key, &state->ctx,
(u_char *)&siglen_n, INT16SZ, NULL, 0);
dst_sign_data(SIG_MODE_UPDATE, state->key, &state->ctx,
state->sig, state->siglen, NULL, 0);
state->siglen = 0;
}
dst_sign_data(SIG_MODE_UPDATE, state->key, &state->ctx, msg, *msglen,
NULL, 0);
if (done == 0 && (state->counter % 100 != 0))
return (0);
cp = msg + *msglen;
eob = msg + msgsize;
/* Name. */
n = dn_comp(state->key->dk_key_name, cp, eob - cp, dnptrs, lastdnptr);
if (n < 0)
return (NS_TSIG_ERROR_NO_SPACE);
cp += n;
/* Type, class, ttl, length (not filled in yet). */
BOUNDS_CHECK(cp, INT16SZ + INT16SZ + INT32SZ + INT16SZ);
PUTSHORT(ns_t_tsig, cp);
PUTSHORT(ns_c_any, cp);
PUTLONG(0, cp); /*%< TTL */
lenp = cp;
cp += 2;
/* Alg. */
n = dn_comp(NS_TSIG_ALG_HMAC_MD5, cp, eob - cp, NULL, NULL);
if (n < 0)
return (NS_TSIG_ERROR_NO_SPACE);
cp += n;
/* Time. */
BOUNDS_CHECK(cp, INT16SZ + INT32SZ + INT16SZ);
PUTSHORT(0, cp);
timesigned = time(NULL);
PUTLONG(timesigned, cp);
PUTSHORT(NS_TSIG_FUDGE, cp);
/*
* Compute the signature.
*/
/* Digest the time signed and fudge. */
cp2 = buf;
PUTSHORT(0, cp2); /*%< Top 16 bits of time */
PUTLONG(timesigned, cp2);
PUTSHORT(NS_TSIG_FUDGE, cp2);
dst_sign_data(SIG_MODE_UPDATE, state->key, &state->ctx,
buf, cp2 - buf, NULL, 0);
n = dst_sign_data(SIG_MODE_FINAL, state->key, &state->ctx, NULL, 0,
state->sig, sizeof(state->sig));
if (n < 0)
return (-ns_r_badkey);
state->siglen = n;
/* Add the signature. */
BOUNDS_CHECK(cp, INT16SZ + state->siglen);
PUTSHORT(state->siglen, cp);
memcpy(cp, state->sig, state->siglen);
cp += state->siglen;
/* The original message ID & error. */
BOUNDS_CHECK(cp, INT16SZ + INT16SZ);
PUTSHORT(ntohs(hp->id), cp); /*%< already in network order */
PUTSHORT(error, cp);
/* Other data. */
BOUNDS_CHECK(cp, INT16SZ);
PUTSHORT(0, cp);
/* Go back and fill in the length. */
PUTSHORT(cp - lenp - INT16SZ, lenp);
hp->arcount = htons(ntohs(hp->arcount) + 1);
*msglen = (cp - msg);
return (0);
}
static int
lcp_reqci(fsm *f, u_char *inp, int *lenp, int reject_if_disagree)
{
uint32_t magic;
int type, len, rcode, mru, lrej;
u_char *inp0, *rejbuf, *nakbuf, *nakbuf0;
lcp *_this;
_this = &f->ppp->lcp;
rejbuf = NULL;
rcode = -1;
inp0 = inp;
lrej = 0;
if ((rejbuf = malloc(*lenp)) == NULL)
return -1;
if ((nakbuf0 = malloc(*lenp)) == NULL) {
free(rejbuf);
return -1;
}
nakbuf = nakbuf0;
#define remlen() (*lenp - (inp - inp0))
#define LCP_OPT_PEER_ACCEPTED(opt) \
psm_peer_opt_set_accepted(&f->ppp->lcp, opt, 1);
f->ppp->lcp.recv_reqs++;
while (remlen() >= 2) {
GETCHAR(type, inp);
GETCHAR(len, inp);
if (len <= 0 || remlen() + 2 < len)
goto fail;
switch (type) {
case PPP_LCP_MRU:
if (len != 4)
goto fail;
GETSHORT(mru, inp);
f->ppp->peer_mru = mru;
if (mru < NPPPD_MIN_MRU) {
if (reject_if_disagree) {
inp -= 2;
goto reject;
}
if (lrej > 0) {
/* if there is a reject, will send Rej, not send Nak. */
} else {
inp -= 2;
memcpy(nakbuf, inp, len);
nakbuf += len;
inp += 2;
PUTSHORT(f->ppp->mru, nakbuf);
rcode = CONFNAK;
}
} else
LCP_OPT_PEER_ACCEPTED(mru);
break;
case PPP_LCP_MAGICNUMBER:
if (len != 6)
goto fail;
GETLONG(magic, inp);
if (magic == _this->magic_number) {
inp -= 4;
goto reject;
}
_this->peer_magic_number = magic;
break;
case PPP_LCP_PFC:
if (len != 2)
goto fail;
LCP_OPT_PEER_ACCEPTED(pfc);
break;
case PPP_LCP_ACFC:
if (len != 2)
goto fail;
LCP_OPT_PEER_ACCEPTED(acfc);
break;
case PPP_LCP_AUTH_PROTOCOL:
/* currently never authenticate. */
case PPP_LCP_QUALITY_PROTOCOL: /* not used */
default:
reject:
inp -= 2;
memcpy(rejbuf + lrej, inp, len);
lrej += len;
inp += len;
rcode = CONFREJ;
}
continue;
}
if (rcode == -1)
rcode = CONFACK;
fail:
switch (rcode) {
case CONFREJ:
memcpy(inp0, rejbuf, lrej);
*lenp = lrej;
break;
case CONFNAK:
memcpy(inp0, nakbuf0, nakbuf - nakbuf0);
*lenp = nakbuf - nakbuf0;
break;
}
if (rcode != CONFACK) {
psm_peer_opt_set_accepted(&f->ppp->lcp, mru, 0);
psm_peer_opt_set_accepted(&f->ppp->lcp, pfc, 0);
psm_peer_opt_set_accepted(&f->ppp->lcp, acfc, 0);
}
if (rejbuf != NULL)
free(rejbuf);
if (nakbuf0 != NULL)
free(nakbuf0);
return rcode;
#undef remlen
#undef LCP_OPT_PEER_ACCEPTED
}
/**
* selecting authentication protocols which is not rejected yet in order
* of auth_order, and adding Authentication-Protocol options in ConfReq
* packet area.
*/
static int
lcp_add_auth(fsm *f, u_char **ucpp)
{
int i;
u_char *ucp;
lcp *_this;
ucp = *ucpp;
_this = &f->ppp->lcp;
for (i = 0; _this->auth_order[i] > 0 &&
i < countof(_this->auth_order); i++) {
switch (_this->auth_order[i]) {
case PPP_AUTH_PAP:
if (psm_opt_is_rejected(_this, pap))
break;
PUTCHAR(PPP_LCP_AUTH_PROTOCOL, ucp);
PUTCHAR(4, ucp);
PUTSHORT(PPP_AUTH_PAP, ucp);
psm_opt_set_requested(_this, pap, 1);
_this->lastauth = PPP_AUTH_PAP;
goto end_loop;
case PPP_AUTH_CHAP_MD5:
if (psm_opt_is_rejected(_this, chap))
break;
PUTCHAR(PPP_LCP_AUTH_PROTOCOL, ucp);
PUTCHAR(5, ucp);
PUTSHORT(PPP_AUTH_CHAP, ucp);
PUTCHAR(PPP_AUTH_CHAP_MD5, ucp);
psm_opt_set_requested(_this, chap, 1);
_this->lastauth = PPP_AUTH_CHAP_MD5;
goto end_loop;
case PPP_AUTH_CHAP_MS:
if (psm_opt_is_rejected(_this, chapms))
break;
PUTCHAR(PPP_LCP_AUTH_PROTOCOL, ucp);
PUTCHAR(5, ucp);
PUTSHORT(PPP_AUTH_CHAP, ucp);
PUTCHAR(PPP_AUTH_CHAP_MS, ucp);
psm_opt_set_requested(_this, chapms, 1);
_this->lastauth = PPP_AUTH_CHAP_MS;
goto end_loop;
case PPP_AUTH_CHAP_MS_V2:
if (psm_opt_is_rejected(_this, chapms_v2))
break;
PUTCHAR(PPP_LCP_AUTH_PROTOCOL, ucp);
PUTCHAR(5, ucp);
PUTSHORT(PPP_AUTH_CHAP, ucp);
PUTCHAR(PPP_AUTH_CHAP_MS_V2, ucp);
psm_opt_set_requested(_this, chapms_v2,1);
_this->lastauth = PPP_AUTH_CHAP_MS_V2;
goto end_loop;
case PPP_AUTH_EAP:
if (psm_opt_is_rejected(_this, eap))
break;
PUTCHAR(PPP_LCP_AUTH_PROTOCOL, ucp);
PUTCHAR(4, ucp);
PUTSHORT(PPP_AUTH_EAP, ucp);
psm_opt_set_requested(_this, eap, 1);
_this->lastauth = PPP_AUTH_EAP;
goto end_loop;
}
}
_this->lastauth = -1;
return -1;
end_loop:
*ucpp = ucp;
return 0;
}
