/* * upap_rauthnak - Receive Authenticate-Nak. */ static void upap_rauthnak(ppp_pcb *pcb, u_char *inp, int id, int len) { u_char msglen; char *msg; LWIP_UNUSED_ARG(id); if (pcb->upap.us_clientstate != UPAPCS_AUTHREQ) /* XXX */ return; /* * Parse message. */ if (len < 1) { UPAPDEBUG(("pap_rauthnak: ignoring missing msg-length.")); } else { GETCHAR(msglen, inp); if (msglen > 0) { len -= sizeof (u_char); if (len < msglen) { UPAPDEBUG(("pap_rauthnak: rcvd short packet.")); return; } msg = (char *) inp; PRINTMSG(msg, msglen); } } pcb->upap.us_clientstate = UPAPCS_BADAUTH; ppp_error("PAP authentication failed"); auth_withpeer_fail(pcb, PPP_PAP); }
/* * upap_protrej - Peer doesn't speak this protocol. * * This shouldn't happen. In any case, pretend lower layer went down. */ static void upap_protrej(ppp_pcb *pcb) { if (pcb->upap.us_clientstate == UPAPCS_AUTHREQ) { ppp_error("PAP authentication failed due to protocol-reject"); auth_withpeer_fail(pcb, PPP_PAP); } #if PPP_SERVER if (pcb->upap.us_serverstate == UPAPSS_LISTEN) { ppp_error("PAP authentication of peer failed (protocol-reject)"); auth_peer_fail(pcb, PPP_PAP); } #endif /* PPP_SERVER */ upap_lowerdown(pcb); }
/* * ChapProtocolReject - Peer doesn't grok CHAP. */ static void ChapProtocolReject( int unit) { chap_state *cstate = &chap[unit]; if (cstate->serverstate != CHAPSS_INITIAL && cstate->serverstate != CHAPSS_CLOSED) auth_peer_fail(unit, PPP_CHAP); if (cstate->clientstate != CHAPCS_INITIAL && cstate->clientstate != CHAPCS_CLOSED) auth_withpeer_fail(unit, PPP_CHAP); ChapLowerDown(unit); /* shutdown chap */ }
/* * upap_protrej - Peer doesn't speak this protocol. * * This shouldn't happen. In any case, pretend lower layer went down. */ static void upap_protrej(int unit) { upap_state *u = &upap[unit]; if (u->us_clientstate == UPAPCS_AUTHREQ) { UPAPDEBUG((LOG_ERR, "PAP authentication failed due to protocol-reject\n")); auth_withpeer_fail(unit, PPP_PAP); } if (u->us_serverstate == UPAPSS_LISTEN) { UPAPDEBUG((LOG_ERR, "PAP authentication of peer failed (protocol-reject)\n")); auth_peer_fail(unit, PPP_PAP); } upap_lowerdown(unit); }
/* * upap_timeout - Retransmission timer for sending auth-reqs expired. */ static void upap_timeout(void *arg) { ppp_pcb *pcb = (ppp_pcb*)arg; if (pcb->upap.us_clientstate != UPAPCS_AUTHREQ) return; if (pcb->upap.us_transmits >= pcb->settings.pap_max_transmits) { /* give up in disgust */ ppp_error("No response to PAP authenticate-requests"); pcb->upap.us_clientstate = UPAPCS_BADAUTH; auth_withpeer_fail(pcb, PPP_PAP); return; } upap_sauthreq(pcb); /* Send Authenticate-Request */ }
static void chap_protrej(ppp_pcb *pcb) { #if PPP_SERVER if (pcb->chap_server.flags & TIMEOUT_PENDING) { pcb->chap_server.flags &= ~TIMEOUT_PENDING; UNTIMEOUT(chap_timeout, pcb); } if (pcb->chap_server.flags & AUTH_STARTED) { pcb->chap_server.flags = 0; auth_peer_fail(pcb, PPP_CHAP); } #endif /* PPP_SERVER */ if ((pcb->chap_client.flags & (AUTH_STARTED|AUTH_DONE)) == AUTH_STARTED) { pcb->chap_client.flags &= ~AUTH_STARTED; ppp_error("CHAP authentication failed due to protocol-reject"); auth_withpeer_fail(pcb, PPP_CHAP); } }
/* * upap_timeout - Retransmission timer for sending auth-reqs expired. */ static void upap_timeout(void *arg) { upap_state *u = (upap_state *) arg; UPAPDEBUG((LOG_INFO, "upap_timeout: %d timeout %d expired s=%d\n", u->us_unit, u->us_timeouttime, u->us_clientstate)); if (u->us_clientstate != UPAPCS_AUTHREQ) { return; } if (u->us_transmits >= u->us_maxtransmits) { /* give up in disgust */ UPAPDEBUG((LOG_ERR, "No response to PAP authenticate-requests\n")); u->us_clientstate = UPAPCS_BADAUTH; auth_withpeer_fail(u->us_unit, PPP_PAP); return; } upap_sauthreq(u); /* Send Authenticate-Request */ }
/* * upap_rauthnak - Receive Authenticate-Nakk. */ static void upap_rauthnak(upap_state *u, u_char *inp, int id, int len) { u_char msglen; char *msg; LWIP_UNUSED_ARG(id); UPAPDEBUG((LOG_INFO, "pap_rauthnak: Rcvd id %d s=%d\n", id, u->us_clientstate)); if (u->us_clientstate != UPAPCS_AUTHREQ) { /* XXX */ return; } /* * Parse message. */ if (len < sizeof (u_char)) { UPAPDEBUG((LOG_INFO, "pap_rauthnak: rcvd short packet.\n")); } else { GETCHAR(msglen, inp); if(msglen > 0) { len -= sizeof (u_char); if (len < msglen) { UPAPDEBUG((LOG_INFO, "pap_rauthnak: rcvd short packet.\n")); return; } msg = (char *) inp; PRINTMSG(msg, msglen); } } u->us_clientstate = UPAPCS_BADAUTH; UPAPDEBUG((LOG_ERR, "PAP authentication failed\n")); auth_withpeer_fail(u->us_unit, PPP_PAP); }
static void chap_handle_status(ppp_pcb *pcb, int code, int id, unsigned char *pkt, int len) { const char *msg = NULL; LWIP_UNUSED_ARG(id); if ((pcb->chap_client.flags & (AUTH_DONE|AUTH_STARTED|LOWERUP)) != (AUTH_STARTED|LOWERUP)) return; pcb->chap_client.flags |= AUTH_DONE; if (code == CHAP_SUCCESS) { /* used for MS-CHAP v2 mutual auth, yuck */ if (pcb->chap_client.digest->check_success != NULL) { if (!(*pcb->chap_client.digest->check_success)(pcb, pkt, len, pcb->chap_client.priv)) code = CHAP_FAILURE; } else msg = "CHAP authentication succeeded"; } else { if (pcb->chap_client.digest->handle_failure != NULL) (*pcb->chap_client.digest->handle_failure)(pcb, pkt, len); else msg = "CHAP authentication failed"; } if (msg) { if (len > 0) ppp_info("%s: %.*v", msg, len, pkt); else ppp_info("%s", msg); } if (code == CHAP_SUCCESS) auth_withpeer_success(pcb, PPP_CHAP, pcb->chap_client.digest->code); else { pcb->chap_client.flags |= AUTH_FAILED; ppp_error("CHAP authentication failed"); auth_withpeer_fail(pcb, PPP_CHAP); } }
/* * ChapReceiveFailure - Receive failure. */ static void ChapReceiveFailure( chap_state *cstate, u_char *inp, u_char id, int len) { if (cstate->clientstate != CHAPCS_RESPONSE) { /* don't know what this is */ CHAPDEBUG(("ChapReceiveFailure: in state %d\n", cstate->clientstate)); return; } UNTIMEOUT(ChapResponseTimeout, cstate); /* * Print message. */ if (len > 0) PRINTMSG(inp, len); error("CHAP authentication failed"); auth_withpeer_fail(cstate->unit, PPP_CHAP); }