int radius_get_vs_string_attr(const RADIUS_PACKET* packet, u_int32_t vendor,
u_int8_t vtype, char* str)
{
u_int8_t len;
if(radius_get_vs_raw_attr(packet, vendor, vtype, str, &len) != 0)
return 1;
str[len] = '\0';
return 0;
}
static void
radius_dump(FILE *out, RADIUS_PACKET *pkt, bool resp, const char *secret)
{
size_t len;
char buf[256], buf1[256];
uint32_t u32val;
struct in_addr ipv4;
fprintf(out,
" Id = %d\n"
" Code = %s(%d)\n",
(int)radius_get_id(pkt), radius_code_str((int)radius_get_code(pkt)),
(int)radius_get_code(pkt));
if (resp && secret)
fprintf(out, " Message-Authenticator = %s\n",
(radius_check_response_authenticator(pkt, secret) == 0)
? "Verified" : "NG");
if (radius_get_string_attr(pkt, RADIUS_TYPE_USER_NAME, buf,
sizeof(buf)) == 0)
fprintf(out, " User-Name = \"%s\"\n", buf);
if (secret &&
radius_get_user_password_attr(pkt, buf, sizeof(buf), secret) == 0)
fprintf(out, " User-Password = \"%s\"\n", buf);
memset(buf, 0, sizeof(buf));
len = sizeof(buf);
if (radius_get_raw_attr(pkt, RADIUS_TYPE_CHAP_PASSWORD, buf, &len)
== 0)
fprintf(out, " CHAP-Password = %s\n",
(hexstr(buf, len, buf1, sizeof(buf1)))
? buf1 : "(too long)");
memset(buf, 0, sizeof(buf));
len = sizeof(buf);
if (radius_get_raw_attr(pkt, RADIUS_TYPE_CHAP_CHALLENGE, buf, &len)
== 0)
fprintf(out, " CHAP-Challenge = %s\n",
(hexstr(buf, len, buf1, sizeof(buf1)))
? buf1 : "(too long)");
memset(buf, 0, sizeof(buf));
len = sizeof(buf);
if (radius_get_vs_raw_attr(pkt, RADIUS_VENDOR_MICROSOFT,
RADIUS_VTYPE_MS_CHAP_CHALLENGE, buf, &len) == 0)
fprintf(out, " MS-CHAP-Challenge = %s\n",
(hexstr(buf, len, buf1, sizeof(buf1)))
? buf1 : "(too long)");
memset(buf, 0, sizeof(buf));
len = sizeof(buf);
if (radius_get_vs_raw_attr(pkt, RADIUS_VENDOR_MICROSOFT,
RADIUS_VTYPE_MS_CHAP2_RESPONSE, buf, &len) == 0)
fprintf(out, " MS-CHAP2-Response = %s\n",
(hexstr(buf, len, buf1, sizeof(buf1)))
? buf1 : "(too long)");
memset(buf, 0, sizeof(buf));
len = sizeof(buf) - 1;
if (radius_get_vs_raw_attr(pkt, RADIUS_VENDOR_MICROSOFT,
RADIUS_VTYPE_MS_CHAP2_SUCCESS, buf, &len) == 0) {
fprintf(out, " MS-CHAP-Success = Id=%u \"%s\"\n",
(u_int)(u_char)buf[0], buf + 1);
}
memset(buf, 0, sizeof(buf));
len = sizeof(buf) - 1;
if (radius_get_vs_raw_attr(pkt, RADIUS_VENDOR_MICROSOFT,
RADIUS_VTYPE_MS_CHAP_ERROR, buf, &len) == 0) {
fprintf(out, " MS-CHAP-Error = Id=%u \"%s\"\n",
(u_int)(u_char)buf[0], buf + 1);
}
memset(buf, 0, sizeof(buf));
len = sizeof(buf);
if (radius_get_vs_raw_attr(pkt, RADIUS_VENDOR_MICROSOFT,
RADIUS_VTYPE_MPPE_SEND_KEY, buf, &len) == 0)
fprintf(out, " MS-MPPE-Send-Key = %s\n",
(hexstr(buf, len, buf1, sizeof(buf1)))
? buf1 : "(too long)");
memset(buf, 0, sizeof(buf));
len = sizeof(buf);
if (radius_get_vs_raw_attr(pkt, RADIUS_VENDOR_MICROSOFT,
RADIUS_VTYPE_MPPE_RECV_KEY, buf, &len) == 0)
fprintf(out, " MS-MPPE-Recv-Key = %s\n",
(hexstr(buf, len, buf1, sizeof(buf1)))
? buf1 : "(too long)");
memset(buf, 0, sizeof(buf));
len = sizeof(buf);
if (radius_get_vs_raw_attr(pkt, RADIUS_VENDOR_MICROSOFT,
RADIUS_VTYPE_MPPE_ENCRYPTION_POLICY, buf, &len) == 0)
fprintf(out, " MS-MPPE-Encryption-Policy = 0x%08x\n",
ntohl(*(u_long *)buf));
memset(buf, 0, sizeof(buf));
len = sizeof(buf);
if (radius_get_vs_raw_attr(pkt, RADIUS_VENDOR_MICROSOFT,
RADIUS_VTYPE_MPPE_ENCRYPTION_TYPES, buf, &len) == 0)
fprintf(out, " MS-MPPE-Encryption-Types = 0x%08x\n",
ntohl(*(u_long *)buf));
if (radius_get_string_attr(pkt, RADIUS_TYPE_REPLY_MESSAGE, buf,
sizeof(buf)) == 0)
fprintf(out, " Reply-Message = \"%s\"\n", buf);
memset(buf, 0, sizeof(buf));
len = sizeof(buf);
if (radius_get_uint32_attr(pkt, RADIUS_TYPE_NAS_PORT, &u32val) == 0)
fprintf(out, " NAS-Port = %lu\n",
(u_long)u32val);
memset(buf, 0, sizeof(buf));
len = sizeof(buf);
if (radius_get_ipv4_attr(pkt, RADIUS_TYPE_NAS_IP_ADDRESS, &ipv4) == 0)
fprintf(out, " NAS-IP-Address = %s\n",
inet_ntoa(ipv4));
memset(buf, 0, sizeof(buf));
len = sizeof(buf);
if (radius_get_raw_attr(pkt, RADIUS_TYPE_NAS_IPV6_ADDRESS, buf, &len)
== 0)
fprintf(out, " NAS-IPv6-Address = %s\n",
inet_ntop(AF_INET6, buf, buf1, len));
}
static void
chap_radius_response(void *context, RADIUS_PACKET *pkt, int flags,
RADIUS_REQUEST_CTX reqctx)
{
int code, lrespkt;
const char *secret, *reason = "";
chap *_this;
u_char *respkt, *respkt0;
int errorCode;
RADIUS_REQUEST_CTX radctx;
CHAP_ASSERT(context != NULL);
reason = "";
errorCode = ERROR_AUTH_SERVER_TIMEOUT;
_this = context;
secret = radius_get_server_secret(_this->radctx);
radctx = _this->radctx;
_this->radctx = NULL; /* IMPORTANT */
respkt = respkt0 = ppp_packetbuf(_this->ppp, PPP_PROTO_CHAP)
+ HEADERLEN;
lrespkt = _this->ppp->mru - HEADERLEN;
if (pkt == NULL) {
if (flags & RADIUS_REQUEST_TIMEOUT)
reason = "timeout";
else if (flags & RADIUS_REQUEST_ERROR)
reason = strerror(errno);
else
reason = "error";
goto auth_failed;
}
code = radius_get_code(pkt);
if (code == RADIUS_CODE_ACCESS_REJECT) {
reason="reject";
errorCode = ERROR_AUTHENTICATION_FAILURE;
/* Windows peer will reset the password by this error code */
goto auth_failed;
} else if (code != RADIUS_CODE_ACCESS_ACCEPT) {
reason="error";
goto auth_failed;
}
if ((flags & RADIUS_REQUEST_CHECK_AUTHENTICATOR_OK) == 0 &&
(flags & RADIUS_REQUEST_CHECK_AUTHENTICATOR_NO_CHECK) == 0) {
reason="bad_authenticator";
goto auth_failed;
}
/*
* Authetication OK
*/
switch (_this->type) {
case PPP_AUTH_CHAP_MD5:
chap_response(_this, 1, "OK", 2);
break;
case PPP_AUTH_CHAP_MS_V2:
{
struct RADIUS_MS_CHAP2_SUCCESS success;
#ifdef USE_NPPPD_MPPE
struct RADIUS_MPPE_KEY sendkey, recvkey;
#endif
size_t len;
len = sizeof(success);
if (radius_get_vs_raw_attr(pkt, RADIUS_VENDOR_MICROSOFT,
RADIUS_VTYPE_MS_CHAP2_SUCCESS, &success, &len) != 0) {
chap_log(_this, LOG_ERR, "no ms_chap2_success");
goto auth_failed;
}
#ifdef USE_NPPPD_MPPE
if (_this->ppp->mppe.enabled != 0) {
len = sizeof(sendkey);
if (radius_get_vs_raw_attr(pkt, RADIUS_VENDOR_MICROSOFT,
RADIUS_VTYPE_MPPE_SEND_KEY, &sendkey, &len) != 0) {
chap_log(_this, LOG_ERR, "no mppe_send_key");
goto auth_failed;
}
len = sizeof(recvkey);
if (radius_get_vs_raw_attr(pkt, RADIUS_VENDOR_MICROSOFT,
RADIUS_VTYPE_MPPE_RECV_KEY, &recvkey, &len) != 0) {
chap_log(_this, LOG_ERR, "no mppe_recv_key");
goto auth_failed;
}
mschap_radiuskey(_this->ppp->mppe.send.master_key,
sendkey.salt, _this->authenticator, secret);
mschap_radiuskey(_this->ppp->mppe.recv.master_key,
recvkey.salt, _this->authenticator, secret);
}
#endif
chap_response(_this, 1, success.str, sizeof(success.str));
break;
}
}
ppp_process_radius_framed_ip(_this->ppp, pkt);
return;
auth_failed:
chap_log(_this, LOG_WARNING, "Radius authentication request failed: %s",
reason);
/* No extra information */
chap_failure(_this, "FAILED", errorCode);
}
