static void
AuthTimeout(void *vauthp)
{
struct authinfo *authp = (struct authinfo *)vauthp;
timer_Stop(&authp->authtimer);
if (--authp->retry > 0) {
authp->id++;
(*authp->fn.req)(authp);
timer_Start(&authp->authtimer);
} else {
log_Printf(LogPHASE, "Auth: No response from server\n");
datalink_AuthNotOk(authp->physical->dl);
}
}
void
datalink_NCPUp(struct datalink *dl)
{
int ccpok = ccp_SetOpenMode(&dl->physical->link.ccp);
if (dl->physical->link.lcp.want_mrru && dl->physical->link.lcp.his_mrru) {
/* we've authenticated in multilink mode ! */
switch (mp_Up(&dl->bundle->ncp.mp, dl)) {
case MP_LINKSENT:
/* We've handed the link off to another ppp (well, we will soon) ! */
return;
case MP_UP:
/* First link in the bundle */
auth_Select(dl->bundle, dl->peer.authname);
bundle_CalculateBandwidth(dl->bundle);
/* FALLTHROUGH */
case MP_ADDED:
/* We're in multilink mode ! */
dl->physical->link.ccp.fsm.open_mode = OPEN_PASSIVE; /* override */
bundle_CalculateBandwidth(dl->bundle);
break;
case MP_FAILED:
datalink_AuthNotOk(dl);
return;
}
} else if (bundle_Phase(dl->bundle) == PHASE_NETWORK) {
log_Printf(LogPHASE, "%s: Already in NETWORK phase\n", dl->name);
datalink_NewState(dl, DATALINK_OPEN);
bundle_CalculateBandwidth(dl->bundle);
(*dl->parent->LayerUp)(dl->parent->object, &dl->physical->link.lcp.fsm);
return;
} else {
dl->bundle->ncp.mp.peer = dl->peer;
ncp_SetLink(&dl->bundle->ncp, &dl->physical->link);
auth_Select(dl->bundle, dl->peer.authname);
}
if (ccpok) {
fsm_Up(&dl->physical->link.ccp.fsm);
fsm_Open(&dl->physical->link.ccp.fsm);
}
datalink_NewState(dl, DATALINK_OPEN);
bundle_NewPhase(dl->bundle, PHASE_NETWORK);
(*dl->parent->LayerUp)(dl->parent->object, &dl->physical->link.lcp.fsm);
}
static void
chap_Failure(struct authinfo *authp)
{
#ifndef NODES
char buf[1024], *ptr;
#endif
const char *msg;
#ifndef NORADIUS
struct bundle *bundle = authp->physical->link.lcp.fsm.bundle;
if (*bundle->radius.cfg.file && bundle->radius.errstr)
msg = bundle->radius.errstr;
else
#endif
#ifndef NODES
if (authp->physical->link.lcp.want_authtype == 0x80) {
snprintf(buf, sizeof buf, "E=691 R=1 M=Invalid!");
msg = buf;
} else if (authp->physical->link.lcp.want_authtype == 0x81) {
int i;
ptr = buf;
snprintf(buf, sizeof(buf), "E=691 R=0 C=");
ptr += strlen(ptr);
for (i=0; i<16; i++) {
snprintf(ptr, buf + sizeof buf - ptr, "%02X", *(auth2chap(authp)->challenge.local+1+i));
ptr += strlen(ptr);
if (ptr > buf + sizeof buf)
break;
}
snprintf(ptr, buf + sizeof buf - ptr, " V=3 M=Invalid!");
msg = buf;
} else
#endif
msg = "Invalid!!";
ChapOutput(authp->physical, CHAP_FAILURE, authp->id, msg, strlen(msg) + 1,
NULL);
datalink_AuthNotOk(authp->physical->dl);
}
struct mbuf *
chap_Input_old(struct bundle *bundle, struct link *l, struct mbuf *bp)
{
struct physical *p = link2physical(l);
struct chap *chap = &p->dl->chap;
char *name, *key, *ans;
int len, nlen;
u_char alen;
#ifdef HAVE_DES
int lanman;
#endif
if (p == NULL) {
log_Printf(LogERROR, "chap_Input: Not a physical link - dropped\n");
m_freem(bp);
return NULL;
}
if (bundle_Phase(bundle) != PHASE_NETWORK &&
bundle_Phase(bundle) != PHASE_AUTHENTICATE) {
log_Printf(LogPHASE, "Unexpected chap input - dropped !\n");
m_freem(bp);
return NULL;
}
m_settype(bp, MB_CHAPIN);
if ((bp = auth_ReadHeader(&chap->auth, bp)) == NULL &&
ntohs(chap->auth.in.hdr.length) == 0)
log_Printf(LogWARN, "Chap Input: Truncated header !\n");
else if (chap->auth.in.hdr.code == 0 || chap->auth.in.hdr.code > MAXCHAPCODE)
log_Printf(LogPHASE, "Chap Input: %d: Bad CHAP code !\n",
chap->auth.in.hdr.code);
else {
len = m_length(bp);
ans = NULL;
if (chap->auth.in.hdr.code != CHAP_CHALLENGE &&
chap->auth.id != chap->auth.in.hdr.id &&
Enabled(bundle, OPT_IDCHECK)) {
/* Wrong conversation dude ! */
log_Printf(LogPHASE, "Chap Input: %s dropped (got id %d, not %d)\n",
chapcodes[chap->auth.in.hdr.code], chap->auth.in.hdr.id,
chap->auth.id);
m_freem(bp);
return NULL;
}
chap->auth.id = chap->auth.in.hdr.id; /* We respond with this id */
#ifdef HAVE_DES
lanman = 0;
#endif
switch (chap->auth.in.hdr.code) {
case CHAP_CHALLENGE:
bp = mbuf_Read(bp, &alen, 1);
len -= alen + 1; /* len -= (alen + 1); */
if (len < 0) {
log_Printf(LogERROR, "Chap Input: Truncated challenge !\n");
m_freem(bp);
return NULL;
}
*chap->challenge.peer = alen;
bp = mbuf_Read(bp, chap->challenge.peer + 1, alen);
bp = auth_ReadName(&chap->auth, bp, len);
#ifdef HAVE_DES
lanman = p->link.lcp.his_authtype == 0x80 &&
((chap->NTRespSent && IsAccepted(p->link.lcp.cfg.chap80lm)) ||
!IsAccepted(p->link.lcp.cfg.chap80nt));
#endif
break;
case CHAP_RESPONSE:
auth_StopTimer(&chap->auth);
bp = mbuf_Read(bp, &alen, 1); /* read HASH-Size */
len -= alen + 1; /* len -= (alen + 1);, len is length of Name Field */
if (len < 0) {
log_Printf(LogERROR, "Chap Input: Truncated response !\n");
m_freem(bp);
return NULL;
}
if ((ans = malloc(alen + 2)) == NULL) {
log_Printf(LogERROR, "Chap Input: Out of memory !\n");
m_freem(bp);
return NULL;
}
*ans = chap->auth.id;
bp = mbuf_Read(bp, ans + 1, alen); /* cut HASH value */
ans[alen+1] = '\0'; /* ans is (id, HASH, \0)*/
bp = auth_ReadName(&chap->auth, bp, len);
#ifdef HAVE_DES
lanman = alen == 49 && ans[alen] == 0;
#endif
break;
case CHAP_SUCCESS:
case CHAP_FAILURE:
/* chap->auth.in.name is already set up at CHALLENGE time */
if ((ans = malloc(len + 1)) == NULL) {
log_Printf(LogERROR, "Chap Input: Out of memory !\n");
m_freem(bp);
return NULL;
}
bp = mbuf_Read(bp, ans, len);
ans[len] = '\0';
break;
}
switch (chap->auth.in.hdr.code) {
case CHAP_CHALLENGE:
case CHAP_RESPONSE:
if (*chap->auth.in.name)
log_Printf(LogPHASE, "Chap Input: %s (%d bytes from %s%s)\n",
chapcodes[chap->auth.in.hdr.code], alen,
chap->auth.in.name,
#ifdef HAVE_DES
lanman && chap->auth.in.hdr.code == CHAP_RESPONSE ?
" - lanman" :
#endif
"");
else
log_Printf(LogPHASE, "Chap Input: %s (%d bytes%s)\n",
chapcodes[chap->auth.in.hdr.code], alen,
#ifdef HAVE_DES
lanman && chap->auth.in.hdr.code == CHAP_RESPONSE ?
" - lanman" :
#endif
"");
break;
case CHAP_SUCCESS:
case CHAP_FAILURE:
if (*ans)
log_Printf(LogPHASE, "Chap Input: %s (%s)\n",
chapcodes[chap->auth.in.hdr.code], ans);
else
log_Printf(LogPHASE, "Chap Input: %s\n",
chapcodes[chap->auth.in.hdr.code]);
break;
}
switch (chap->auth.in.hdr.code) {
case CHAP_CHALLENGE:
if (*bundle->cfg.auth.key == '!' && bundle->cfg.auth.key[1] != '!')
chap_StartChild(chap, bundle->cfg.auth.key + 1,
bundle->cfg.auth.name);
else
chap_Respond(chap, bundle->cfg.auth.name, bundle->cfg.auth.key +
(*bundle->cfg.auth.key == '!' ? 1 : 0),
p->link.lcp.his_authtype
#ifdef HAVE_DES
, lanman
#endif
);
break;
case CHAP_RESPONSE:
name = chap->auth.in.name;
nlen = strlen(name);
#ifndef NORADIUS
if (*bundle->radius.cfg.file) {
u_char end;
end = chap->challenge.local[*chap->challenge.local+1];
chap->challenge.local[*chap->challenge.local+1] = '\0';
radius_Authenticate(&bundle->radius, &chap->auth,
chap->auth.in.name, ans,
chap->challenge.local + 1);
chap->challenge.local[*chap->challenge.local+1] = end;
} else
#endif
{
key = auth_GetSecret(bundle, name, nlen, p);
if (key) {
char *myans;
#ifdef HAVE_DES
if (lanman && !IsEnabled(p->link.lcp.cfg.chap80lm)) {
log_Printf(LogPHASE, "Auth failure: LANMan not enabled\n");
if (chap_HaveAnotherGo(chap))
break;
key = NULL;
} else if (!lanman && !IsEnabled(p->link.lcp.cfg.chap80nt) &&
p->link.lcp.want_authtype == 0x80) {
log_Printf(LogPHASE, "Auth failure: mschap not enabled\n");
if (chap_HaveAnotherGo(chap))
break;
key = NULL;
} else
#endif
{
myans = chap_BuildAnswer(name, key, chap->auth.id,
chap->challenge.local,
p->link.lcp.want_authtype
#ifdef HAVE_DES
, lanman
#endif
);
if (myans == NULL)
key = NULL;
else {
if (!chap_Cmp(p->link.lcp.want_authtype, myans + 1, *myans,
ans + 1, alen
#ifdef HAVE_DES
, lanman
#endif
))
key = NULL;
free(myans);
}
}
}
if (key)
chap_Success(&chap->auth);
else
chap_Failure(&chap->auth);
}
break;
case CHAP_SUCCESS:
if (p->link.lcp.auth_iwait == PROTO_CHAP) {
p->link.lcp.auth_iwait = 0;
if (p->link.lcp.auth_ineed == 0)
/*
* We've succeeded in our ``login''
* If we're not expecting the peer to authenticate (or he already
* has), proceed to network phase.
*/
datalink_AuthOk(p->dl);
}
break;
case CHAP_FAILURE:
datalink_AuthNotOk(p->dl);
break;
}
free(ans);
}
m_freem(bp);
return NULL;
}
static void
chap_Failure_old(struct authinfo *authp)
{
ChapOutput(authp->physical, CHAP_FAILURE, authp->id, "Invalid!!", 9, NULL);
datalink_AuthNotOk(authp->physical->dl);
}
struct mbuf *
pap_Input(struct bundle *bundle, struct link *l, struct mbuf *bp)
{
struct physical *p = link2physical(l);
struct authinfo *authp = &p->dl->pap;
u_char nlen, klen, *key;
const char *txt;
int txtlen;
if (p == NULL) {
log_Printf(LogERROR, "pap_Input: Not a physical link - dropped\n");
m_freem(bp);
return NULL;
}
if (bundle_Phase(bundle) != PHASE_NETWORK &&
bundle_Phase(bundle) != PHASE_AUTHENTICATE) {
log_Printf(LogPHASE, "Unexpected pap input - dropped !\n");
m_freem(bp);
return NULL;
}
if ((bp = auth_ReadHeader(authp, bp)) == NULL &&
ntohs(authp->in.hdr.length) == 0) {
log_Printf(LogWARN, "Pap Input: Truncated header !\n");
return NULL;
}
if (authp->in.hdr.code == 0 || authp->in.hdr.code > MAXPAPCODE) {
log_Printf(LogPHASE, "Pap Input: %d: Bad PAP code !\n", authp->in.hdr.code);
m_freem(bp);
return NULL;
}
if (authp->in.hdr.code != PAP_REQUEST && authp->id != authp->in.hdr.id &&
Enabled(bundle, OPT_IDCHECK)) {
/* Wrong conversation dude ! */
log_Printf(LogPHASE, "Pap Input: %s dropped (got id %d, not %d)\n",
papcodes[authp->in.hdr.code], authp->in.hdr.id, authp->id);
m_freem(bp);
return NULL;
}
m_settype(bp, MB_PAPIN);
authp->id = authp->in.hdr.id; /* We respond with this id */
if (bp) {
bp = mbuf_Read(bp, &nlen, 1);
if (authp->in.hdr.code == PAP_ACK) {
/*
* Don't restrict the length of our acknowledgement freetext to
* nlen (a one-byte length). Show the rest of the ack packet
* instead. This isn't really part of the protocol.....
*/
bp = m_pullup(bp);
txt = MBUF_CTOP(bp);
txtlen = m_length(bp);
} else {
bp = auth_ReadName(authp, bp, nlen);
txt = authp->in.name;
txtlen = strlen(authp->in.name);
}
} else {
txt = "";
txtlen = 0;
}
log_Printf(LogPHASE, "Pap Input: %s (%.*s)\n",
papcodes[authp->in.hdr.code], txtlen, txt);
switch (authp->in.hdr.code) {
case PAP_REQUEST:
if (bp == NULL) {
log_Printf(LogPHASE, "Pap Input: No key given !\n");
break;
}
bp = mbuf_Read(bp, &klen, 1);
if (m_length(bp) < klen) {
log_Printf(LogERROR, "Pap Input: Truncated key !\n");
break;
}
if ((key = malloc(klen+1)) == NULL) {
log_Printf(LogERROR, "Pap Input: Out of memory !\n");
break;
}
bp = mbuf_Read(bp, key, klen);
key[klen] = '\0';
#ifndef NORADIUS
if (*bundle->radius.cfg.file) {
if (!radius_Authenticate(&bundle->radius, authp, authp->in.name,
key, strlen(key), NULL, 0))
pap_Failure(authp);
} else
#endif
if (auth_Validate(bundle, authp->in.name, key))
pap_Success(authp);
else
pap_Failure(authp);
free(key);
break;
case PAP_ACK:
auth_StopTimer(authp);
if (p->link.lcp.auth_iwait == PROTO_PAP) {
p->link.lcp.auth_iwait = 0;
if (p->link.lcp.auth_ineed == 0)
/*
* We've succeeded in our ``login''
* If we're not expecting the peer to authenticate (or he already
* has), proceed to network phase.
*/
datalink_AuthOk(p->dl);
}
break;
case PAP_NAK:
auth_StopTimer(authp);
datalink_AuthNotOk(p->dl);
break;
}
m_freem(bp);
return NULL;
}
static void
pap_Failure(struct authinfo *authp)
{
SendPapCode(authp, PAP_NAK, "Login incorrect");
datalink_AuthNotOk(authp->physical->dl);
}
PPP_ZC_STRU *
pap_Input(/*struct bundle *bundle,*/ struct link *l, PPP_ZC_STRU *pstMem)
{
/* struct physical *p = link2physical(l);*/
#if 0 /* delete for transplant */
VOS_CHAR nlen, *key;
#endif
struct authinfo *authp =/* &p->dl*/&(l->pap.auth);
VOS_CHAR nlen;
VOS_UINT8 klen;
const VOS_CHAR *txt;
VOS_INT32 txtlen;
struct ppp_mbuf *bp;
bp = ppp_m_get_from_ttfmem(pstMem);
PPP_MemFree(pstMem);
if (VOS_NULL_PTR == bp)
{
return VOS_NULL_PTR;
}
if (l == VOS_NULL_PTR) {
PPP_MNTN_LOG(PS_PID_APP_PPP, 0, PS_PRINT_WARNING, "pap input, Not a physical link - dropped\r\n");
ppp_m_freem(bp);
return VOS_NULL_PTR;
}
if (/*bundle_Phase(bundle)*/ l->phase!= PHASE_NETWORK &&
/*bundle_Phase(bundle)*/ l->phase!= PHASE_AUTHENTICATE) {
PPP_MNTN_LOG(PS_PID_APP_PPP, 0, PS_PRINT_NORMAL, "Unexpected pap input - dropped\r\n");
ppp_m_freem(bp);
return VOS_NULL_PTR;
}
if ((bp = auth_ReadHeader(authp, bp)) == VOS_NULL_PTR &&
VOS_NTOHS(authp->in.hdr.length) == 0) {
PPP_MNTN_LOG(PS_PID_APP_PPP, 0, PS_PRINT_WARNING, "Pap Input: Truncated header\r\n");
return VOS_NULL_PTR;
}
if (authp->in.hdr.code == 0 || authp->in.hdr.code > MAXPAPCODE) {
PPP_MNTN_LOG1(PS_PID_APP_PPP, 0, LOG_LEVEL_WARNING,
"Bad PAP code: %d", authp->in.hdr.code);
ppp_m_freem(bp);
return VOS_NULL_PTR;
}
if (authp->in.hdr.code != PAP_REQUEST && authp->id != authp->in.hdr.id)
{
/* Wrong conversation dude ! */
PPP_MNTN_LOG(PS_PID_APP_PPP, 0, PS_PRINT_WARNING, "pap input, dropped (got id not equal to previous id)\r\n");
ppp_m_freem(bp);
return VOS_NULL_PTR;
}
authp->id = authp->in.hdr.id; /* We respond with this id */
/*fanzhibin f49086 add it begin*/
if (authp->in.hdr.code == PAP_REQUEST)
{
/*将config req报文头部拷贝到缓存中*/
PS_MEM_CPY(l->pap.RecordData.BufRequest,&(authp->in.hdr),sizeof(authp->in.hdr));
ppp_mbuf_View(bp,(l->pap.RecordData.BufRequest + sizeof(authp->in.hdr)),
VOS_NTOHS(authp->in.hdr.length) - sizeof(authp->in.hdr));
l->pap.RecordData.LenOfRequest = VOS_NTOHS(authp->in.hdr.length);
}
/*fanzhibin f49086 add it end*/
if (bp) {
bp = ppp_mbuf_Read(bp, &nlen, 1);
if (authp->in.hdr.code == PAP_ACK) {
/*
* Don't restrict the length of our acknowledgement freetext to
* nlen (a one-byte length). Show the rest of the ack packet
* instead. This isn't really part of the protocol.....
*/
bp = ppp_m_pullup(bp);
txt = PPP_MBUF_CTOP(bp);
txtlen = ppp_m_length(bp);
} else {
bp = auth_ReadName(authp, bp, nlen);
txt = authp->in.name;
txtlen = VOS_StrNLen(authp->in.name,AUTHLEN);
PPP_MNTN_LOG(PS_PID_APP_PPP, 0, PS_PRINT_NORMAL, "username:"******"";
txtlen = 0;
}
PPP_MNTN_LOG(PS_PID_APP_PPP, 0, PS_PRINT_NORMAL, "\r\nPap Input\r\n");
switch (authp->in.hdr.code) {
case PAP_REQUEST:
if (bp == VOS_NULL_PTR) {
PPP_MNTN_LOG(PS_PID_APP_PPP, 0, PS_PRINT_NORMAL, "Pap Input: No key given !\r\n");
break;
}
bp = ppp_mbuf_Read(bp, &klen, 1);
if (ppp_m_length(bp) < klen) {
PPP_MNTN_LOG(PS_PID_APP_PPP, 0, PS_PRINT_WARNING, "Pap Input: Truncated key !\r\n");
break;
}
#if 0/*fanzhibin f49086 delete it*/
if ((key = VOS_MemAlloc(PS_PID_APP_PPP, DYNAMIC_DOPRA_MEM_PT,klen+1)) == VOS_NULL_PTR) {
PS_LOG(PS_PID_APP_PPP, 0, PS_PRINT_ERROR, "Pap Input: Out of memory !\n");
break;
}
bp = ppp_mbuf_Read(bp, key, klen);
key[klen] = '\0';
#ifndef NORADIUS
if (*bundle->radius.cfg.file) {
if (!radius_Authenticate(&bundle->radius, authp, authp->in.name,
key, strlen(key), VOS_NULL_PTR, 0))
pap_Failure(authp);
} else
#endif
/*下面这句在改造的时候要添进去*/
if (auth_Validate(bundle, authp->in.name, key, p))
pap_Success(authp);
else
pap_Failure(authp);
VOS_MemFree(PS_PID_APP_PPP,key);
#endif
/*fanzhibin f49086 add it begin*/
if (klen > sizeof l->pap.RecordData.password- 1)
{
PPP_MNTN_LOG1(PS_PID_APP_PPP, 0, LOG_LEVEL_WARNING,
"auth_ReadPassword: PassWord too long,len= %d", klen);
}
else {
if (klen > ppp_m_length(bp))
{
PPP_MNTN_LOG1(PS_PID_APP_PPP, 0, LOG_LEVEL_WARNING,
"auth_ReadPassword: Short packet, pass_len = %d", klen);
}
else {
bp = ppp_mbuf_Read(bp, l->pap.RecordData.password, klen);
l->pap.RecordData.password[klen] = '\0';
PPP_MNTN_LOG(PS_PID_APP_PPP, 0, PS_PRINT_NORMAL, "password:");
PPP_MNTN_LOG(PS_PID_APP_PPP, 0, PS_PRINT_NORMAL, l->pap.RecordData.password);
}
}
pap_Success(l);
/*fanzhibin f49086 add it end*/
break;
case PAP_ACK:
#if 0/*fanzhibin f49086 delete it*/
auth_StopTimer(authp);
if (p->link.lcp.auth_iwait == PROTO_PAP) {
p->link.lcp.auth_iwait = 0;
if (p->link.lcp.auth_ineed == 0)
/*
* We've succeeded in our ``login''
* If we're not expecting the peer to authenticate (or he already
* has), proceed to network phase.
*/
datalink_AuthOk(p->dl);
}
#endif
break;
case PAP_NAK:
#if 0/*fanzhibin f49086 delete it*/
auth_StopTimer(authp);
datalink_AuthNotOk(p->dl);
#endif
break;
}
ppp_m_freem(bp);
return VOS_NULL_PTR;
}
struct mbuf *
chap_Input(struct bundle *bundle, struct link *l, struct mbuf *bp)
{
struct physical *p = link2physical(l);
struct chap *chap = &p->dl->chap;
char *name, *key, *ans;
int len, nlen;
u_char alen;
#ifndef NODES
int lanman;
#endif
if (p == NULL) {
log_Printf(LogERROR, "chap_Input: Not a physical link - dropped\n");
m_freem(bp);
return NULL;
}
if (bundle_Phase(bundle) != PHASE_NETWORK &&
bundle_Phase(bundle) != PHASE_AUTHENTICATE) {
log_Printf(LogPHASE, "Unexpected chap input - dropped !\n");
m_freem(bp);
return NULL;
}
m_settype(bp, MB_CHAPIN);
if ((bp = auth_ReadHeader(&chap->auth, bp)) == NULL &&
ntohs(chap->auth.in.hdr.length) == 0)
log_Printf(LogWARN, "Chap Input: Truncated header !\n");
else if (chap->auth.in.hdr.code == 0 || chap->auth.in.hdr.code > MAXCHAPCODE)
log_Printf(LogPHASE, "Chap Input: %d: Bad CHAP code !\n",
chap->auth.in.hdr.code);
else {
len = m_length(bp);
ans = NULL;
if (chap->auth.in.hdr.code != CHAP_CHALLENGE &&
chap->auth.id != chap->auth.in.hdr.id &&
Enabled(bundle, OPT_IDCHECK)) {
/* Wrong conversation dude ! */
log_Printf(LogPHASE, "Chap Input: %s dropped (got id %d, not %d)\n",
chapcodes[chap->auth.in.hdr.code], chap->auth.in.hdr.id,
chap->auth.id);
m_freem(bp);
return NULL;
}
chap->auth.id = chap->auth.in.hdr.id; /* We respond with this id */
#ifndef NODES
lanman = 0;
#endif
switch (chap->auth.in.hdr.code) {
case CHAP_CHALLENGE:
bp = mbuf_Read(bp, &alen, 1);
len -= alen + 1;
if (len < 0) {
log_Printf(LogERROR, "Chap Input: Truncated challenge !\n");
m_freem(bp);
return NULL;
}
*chap->challenge.peer = alen;
bp = mbuf_Read(bp, chap->challenge.peer + 1, alen);
bp = auth_ReadName(&chap->auth, bp, len);
#ifndef NODES
lanman = p->link.lcp.his_authtype == 0x80 &&
((chap->NTRespSent && IsAccepted(p->link.lcp.cfg.chap80lm)) ||
!IsAccepted(p->link.lcp.cfg.chap80nt));
/* Generate local challenge value */
chap_ChallengeInit(&chap->auth);
#endif
break;
case CHAP_RESPONSE:
auth_StopTimer(&chap->auth);
bp = mbuf_Read(bp, &alen, 1);
len -= alen + 1;
if (len < 0) {
log_Printf(LogERROR, "Chap Input: Truncated response !\n");
m_freem(bp);
return NULL;
}
if ((ans = malloc(alen + 1)) == NULL) {
log_Printf(LogERROR, "Chap Input: Out of memory !\n");
m_freem(bp);
return NULL;
}
*ans = chap->auth.id;
bp = mbuf_Read(bp, ans + 1, alen);
bp = auth_ReadName(&chap->auth, bp, len);
#ifndef NODES
lanman = p->link.lcp.want_authtype == 0x80 &&
alen == 49 && ans[alen] == 0;
#endif
break;
case CHAP_SUCCESS:
case CHAP_FAILURE:
/* chap->auth.in.name is already set up at CHALLENGE time */
if ((ans = malloc(len + 1)) == NULL) {
log_Printf(LogERROR, "Chap Input: Out of memory !\n");
m_freem(bp);
return NULL;
}
bp = mbuf_Read(bp, ans, len);
ans[len] = '\0';
break;
}
switch (chap->auth.in.hdr.code) {
case CHAP_CHALLENGE:
case CHAP_RESPONSE:
if (*chap->auth.in.name)
log_Printf(LogPHASE, "Chap Input: %s (%d bytes from %s%s)\n",
chapcodes[chap->auth.in.hdr.code], alen,
chap->auth.in.name,
#ifndef NODES
lanman && chap->auth.in.hdr.code == CHAP_RESPONSE ?
" - lanman" :
#endif
"");
else
log_Printf(LogPHASE, "Chap Input: %s (%d bytes%s)\n",
chapcodes[chap->auth.in.hdr.code], alen,
#ifndef NODES
lanman && chap->auth.in.hdr.code == CHAP_RESPONSE ?
" - lanman" :
#endif
"");
break;
case CHAP_SUCCESS:
case CHAP_FAILURE:
if (*ans)
log_Printf(LogPHASE, "Chap Input: %s (%s)\n",
chapcodes[chap->auth.in.hdr.code], ans);
else
log_Printf(LogPHASE, "Chap Input: %s\n",
chapcodes[chap->auth.in.hdr.code]);
break;
}
switch (chap->auth.in.hdr.code) {
case CHAP_CHALLENGE:
if (*bundle->cfg.auth.key == '!' && bundle->cfg.auth.key[1] != '!')
chap_StartChild(chap, bundle->cfg.auth.key + 1,
bundle->cfg.auth.name);
else
chap_Respond(chap, bundle->cfg.auth.name, bundle->cfg.auth.key +
(*bundle->cfg.auth.key == '!' ? 1 : 0),
p->link.lcp.his_authtype
#ifndef NODES
, lanman
#endif
);
break;
case CHAP_RESPONSE:
name = chap->auth.in.name;
nlen = strlen(name);
#ifndef NODES
if (p->link.lcp.want_authtype == 0x81) {
struct MSCHAPv2_resp *resp = (struct MSCHAPv2_resp *)(ans + 1);
chap->challenge.peer[0] = sizeof resp->PeerChallenge;
memcpy(chap->challenge.peer + 1, resp->PeerChallenge,
sizeof resp->PeerChallenge);
}
#endif
#ifndef NORADIUS
if (*bundle->radius.cfg.file) {
if (!radius_Authenticate(&bundle->radius, &chap->auth,
chap->auth.in.name, ans, alen + 1,
chap->challenge.local + 1,
*chap->challenge.local))
chap_Failure(&chap->auth);
} else
#endif
{
if (p->link.lcp.want_authtype == 0x81 && ans[alen] != '\0' &&
alen == sizeof(struct MSCHAPv2_resp)) {
struct MSCHAPv2_resp *resp = (struct MSCHAPv2_resp *)(ans + 1);
log_Printf(LogWARN, "%s: Compensating for corrupt (Win98/WinME?) "
"CHAP81 RESPONSE\n", l->name);
resp->Flags = '\0'; /* rfc2759 says it *MUST* be zero */
}
key = auth_GetSecret(bundle, name, nlen, p);
if (key) {
#ifndef NODES
if (p->link.lcp.want_authtype == 0x80 &&
lanman && !IsEnabled(p->link.lcp.cfg.chap80lm)) {
log_Printf(LogPHASE, "Auth failure: LANMan not enabled\n");
if (chap_HaveAnotherGo(chap))
break;
key = NULL;
} else if (p->link.lcp.want_authtype == 0x80 &&
!lanman && !IsEnabled(p->link.lcp.cfg.chap80nt)) {
log_Printf(LogPHASE, "Auth failure: mschap not enabled\n");
if (chap_HaveAnotherGo(chap))
break;
key = NULL;
} else if (p->link.lcp.want_authtype == 0x81 &&
!IsEnabled(p->link.lcp.cfg.chap81)) {
log_Printf(LogPHASE, "Auth failure: CHAP81 not enabled\n");
key = NULL;
} else
#endif
{
char *myans = chap_BuildAnswer(name, key, chap->auth.id,
chap->challenge.local,
p->link.lcp.want_authtype
#ifndef NODES
, chap->challenge.peer,
chap->authresponse, lanman);
MPPE_IsServer = 1; /* XXX Global ! */
#else
);
#endif
if (myans == NULL)
key = NULL;
else {
if (!chap_Cmp(p->link.lcp.want_authtype, myans + 1, *myans,
ans + 1, alen
#ifndef NODES
, lanman
#endif
))
key = NULL;
free(myans);
}
}
}
if (key)
chap_Success(&chap->auth);
else
chap_Failure(&chap->auth);
}
break;
case CHAP_SUCCESS:
if (p->link.lcp.auth_iwait == PROTO_CHAP) {
p->link.lcp.auth_iwait = 0;
if (p->link.lcp.auth_ineed == 0) {
#ifndef NODES
if (p->link.lcp.his_authtype == 0x81) {
if (strncasecmp(ans, chap->authresponse, 42)) {
datalink_AuthNotOk(p->dl);
log_Printf(LogWARN, "CHAP81: AuthenticatorResponse: (%.42s)"
" != ans: (%.42s)\n", chap->authresponse, ans);
} else {
/* Successful login */
MPPE_MasterKeyValid = 1; /* XXX Global ! */
datalink_AuthOk(p->dl);
}
} else
#endif
/*
* We've succeeded in our ``login''
* If we're not expecting the peer to authenticate (or he already
* has), proceed to network phase.
*/
datalink_AuthOk(p->dl);
}
}
break;
case CHAP_FAILURE:
datalink_AuthNotOk(p->dl);
break;
}
free(ans);
}