static void
Despatch(struct bundle *bundle, struct link *l, struct mbuf *bp, u_short proto)
{
unsigned f;
for (f = 0; f < DSIZE; f++)
if (despatcher[f].proto == proto) {
bp = (*despatcher[f].fn)(bundle, l, bp);
break;
}
if (bp) {
struct physical *p = link2physical(l);
log_Printf(LogPHASE, "%s protocol 0x%04x (%s)\n",
f == DSIZE ? "Unknown" : "Unexpected", proto,
hdlc_Protocol2Nam(proto));
bp = m_pullup(proto_Prepend(bp, proto, 0, 0));
lcp_SendProtoRej(&l->lcp, MBUF_CTOP(bp), bp->m_len);
if (p) {
p->hdlc.lqm.SaveInDiscards++;
p->hdlc.stats.unknownproto++;
}
m_freem(bp);
}
}
void
lqr_reStart(struct lcp *lcp)
{
struct physical *p = link2physical(lcp->fsm.link);
lqr_Setup(lcp);
if (p->hdlc.lqm.timer.load)
timer_Start(&p->hdlc.lqm.timer);
}
void
lqr_Start(struct lcp *lcp)
{
struct physical *p = link2physical(lcp->fsm.link);
lqr_Setup(lcp);
if (p->hdlc.lqm.timer.load)
SendLqrReport(lcp);
}
static void
SendEchoReq(struct lcp *lcp)
{
struct hdlc *hdlc = &link2physical(lcp->fsm.link)->hdlc;
struct echolqr echo;
echo.magic = htonl(lcp->want_magic);
echo.signature = htonl(SIGNATURE);
echo.sequence = htonl(hdlc->lqm.echo.seq_sent);
fsm_Output(&lcp->fsm, CODE_ECHOREQ, hdlc->lqm.echo.seq_sent++,
(u_char *)&echo, sizeof echo, MB_ECHOOUT);
}
static void
ipv6cp_SendConfigReq(struct fsm *fp)
{
/* Send config REQ please */
struct physical *p = link2physical(fp->link);
struct ipv6cp *ipv6cp = fsm2ipv6cp(fp);
u_char buff[IPV6CP_IFIDLEN+2];
struct fsm_opt *o;
o = (struct fsm_opt *)buff;
if ((p && !physical_IsSync(p)) || !REJECTED(ipv6cp, TY_TOKEN)) {
memcpy(o->data, ipv6cp->my_ifid, IPV6CP_IFIDLEN);
INC_FSM_OPT(TY_TOKEN, IPV6CP_IFIDLEN + 2, o);
}
fsm_Output(fp, CODE_CONFIGREQ, fp->reqid, buff, (u_char *)o - buff,
MB_IPV6CPOUT);
}
static struct mbuf *
sync_LayerPull(struct bundle *b, struct link *l, struct mbuf *bp,
u_short *proto)
{
struct physical *p = link2physical(l);
if (!p)
log_Printf(LogERROR, "Can't Pull a sync packet from a logical link\n");
else {
log_DumpBp(LogSYNC, "Read", bp);
/* Either done here or by the HDLC layer */
p->hdlc.lqm.SaveInOctets += m_length(bp) + 1;
p->hdlc.lqm.SaveInPackets++;
m_settype(bp, MB_SYNCIN);
}
return bp;
}
static struct mbuf *
acf_LayerPull(struct bundle *b, struct link *l, struct mbuf *bp, u_short *proto)
{
struct physical *p = link2physical(l);
u_char cp[2];
if (!p) {
log_Printf(LogERROR, "Can't Pull an acf packet from a logical link\n");
return bp;
}
if (mbuf_View(bp, cp, 2) == 2) {
if (!p->link.lcp.want_acfcomp) {
/* We expect the packet not to be compressed */
bp = mbuf_Read(bp, cp, 2);
if (cp[0] != HDLC_ADDR) {
p->hdlc.lqm.ifInErrors++;
p->hdlc.stats.badaddr++;
log_Printf(LogDEBUG, "acf_LayerPull: addr 0x%02x\n", cp[0]);
m_freem(bp);
return NULL;
}
if (cp[1] != HDLC_UI) {
p->hdlc.lqm.ifInErrors++;
p->hdlc.stats.badcommand++;
log_Printf(LogDEBUG, "acf_LayerPull: control 0x%02x\n", cp[1]);
m_freem(bp);
return NULL;
}
m_settype(bp, MB_ACFIN);
} else if (cp[0] == HDLC_ADDR && cp[1] == HDLC_UI) {
/*
* We can receive compressed packets, but the peer still sends
* uncompressed packets (or maybe this is a PROTO_LCP packet) !
*/
bp = mbuf_Read(bp, cp, 2);
m_settype(bp, MB_ACFIN);
}
}
return bp;
}
/*
* When LCP is reached to opened state, We'll start LQM activity.
*/
static void
lqr_Setup(struct lcp *lcp)
{
struct physical *physical = link2physical(lcp->fsm.link);
int period;
physical->hdlc.lqm.lqr.resent = 0;
physical->hdlc.lqm.echo.seq_sent = 0;
physical->hdlc.lqm.echo.seq_recv = 0;
memset(&physical->hdlc.lqm.lqr.peer, '\0',
sizeof physical->hdlc.lqm.lqr.peer);
physical->hdlc.lqm.method = lcp->cfg.echo ? LQM_ECHO : 0;
if (IsEnabled(lcp->cfg.lqr) && !REJECTED(lcp, TY_QUALPROTO))
physical->hdlc.lqm.method |= LQM_LQR;
timer_Stop(&physical->hdlc.lqm.timer);
physical->hdlc.lqm.lqr.peer_timeout = lcp->his_lqrperiod;
if (lcp->his_lqrperiod)
log_Printf(LogLQM, "%s: Expecting LQR every %d.%02d secs\n",
physical->link.name, lcp->his_lqrperiod / 100,
lcp->his_lqrperiod % 100);
period = lcp->want_lqrperiod ?
lcp->want_lqrperiod : lcp->cfg.lqrperiod * 100;
physical->hdlc.lqm.timer.func = SendLqrReport;
physical->hdlc.lqm.timer.name = "lqm";
physical->hdlc.lqm.timer.arg = lcp;
if (lcp->want_lqrperiod || physical->hdlc.lqm.method & LQM_ECHO) {
log_Printf(LogLQM, "%s: Will send %s every %d.%02d secs\n",
physical->link.name, lcp->want_lqrperiod ? "LQR" : "LCP ECHO",
period / 100, period % 100);
physical->hdlc.lqm.timer.load = period * SECTICKS / 100;
} else {
physical->hdlc.lqm.timer.load = 0;
if (!lcp->his_lqrperiod)
log_Printf(LogLQM, "%s: LQR/LCP ECHO not negotiated\n",
physical->link.name);
}
}
struct mbuf *
lqr_RecvEcho(struct fsm *fp, struct mbuf *bp)
{
struct hdlc *hdlc = &link2physical(fp->link)->hdlc;
struct lcp *lcp = fsm2lcp(fp);
struct echolqr lqr;
if (m_length(bp) >= sizeof lqr) {
m_freem(mbuf_Read(bp, &lqr, sizeof lqr));
bp = NULL;
lqr.magic = ntohl(lqr.magic);
lqr.signature = ntohl(lqr.signature);
lqr.sequence = ntohl(lqr.sequence);
/* Tolerate echo replies with either magic number */
if (lqr.magic != 0 && lqr.magic != lcp->his_magic &&
lqr.magic != lcp->want_magic) {
log_Printf(LogWARN, "%s: lqr_RecvEcho: Bad magic: expected 0x%08x,"
" got 0x%08x\n", fp->link->name, lcp->his_magic, lqr.magic);
/*
* XXX: We should send a terminate request. But poor implementations may
* die as a result.
*/
}
if (lqr.signature == SIGNATURE
|| lqr.signature == lcp->want_magic) { /* some implementations return the wrong magic */
/* careful not to update lqm.echo.seq_recv with older values */
if ((hdlc->lqm.echo.seq_recv > (u_int32_t)0 - 5 && lqr.sequence < 5) ||
(hdlc->lqm.echo.seq_recv <= (u_int32_t)0 - 5 &&
lqr.sequence > hdlc->lqm.echo.seq_recv))
hdlc->lqm.echo.seq_recv = lqr.sequence;
} else
log_Printf(LogWARN, "lqr_RecvEcho: Got sig 0x%08lx, not 0x%08lx !\n",
(u_long)lqr.signature, (u_long)SIGNATURE);
} else
log_Printf(LogWARN, "lqr_RecvEcho: Got packet size %zd, expecting %ld !\n",
m_length(bp), (long)sizeof(struct echolqr));
return bp;
}
static void
SendLqrReport(void *v)
{
struct lcp *lcp = (struct lcp *)v;
struct physical *p = link2physical(lcp->fsm.link);
timer_Stop(&p->hdlc.lqm.timer);
if (p->hdlc.lqm.method & LQM_LQR) {
if (p->hdlc.lqm.lqr.resent > 5) {
/* XXX: Should implement LQM strategy */
log_Printf(LogPHASE, "%s: ** Too many LQR packets lost **\n",
lcp->fsm.link->name);
log_Printf(LogLQM, "%s: Too many LQR packets lost\n",
lcp->fsm.link->name);
p->hdlc.lqm.method = 0;
datalink_Down(p->dl, CLOSE_NORMAL);
} else {
SendLqrData(lcp);
p->hdlc.lqm.lqr.resent++;
}
} else if (p->hdlc.lqm.method & LQM_ECHO) {
if ((p->hdlc.lqm.echo.seq_sent > 5 &&
p->hdlc.lqm.echo.seq_sent - 5 > p->hdlc.lqm.echo.seq_recv) ||
(p->hdlc.lqm.echo.seq_sent <= 5 &&
p->hdlc.lqm.echo.seq_sent > p->hdlc.lqm.echo.seq_recv + 5)) {
log_Printf(LogPHASE, "%s: ** Too many LCP ECHO packets lost **\n",
lcp->fsm.link->name);
log_Printf(LogLQM, "%s: Too many LCP ECHO packets lost\n",
lcp->fsm.link->name);
p->hdlc.lqm.method = 0;
datalink_Down(p->dl, CLOSE_NORMAL);
} else
SendEchoReq(lcp);
}
if (p->hdlc.lqm.method && p->hdlc.lqm.timer.load)
timer_Start(&p->hdlc.lqm.timer);
}
struct mbuf *
chap_Input_old(struct bundle *bundle, struct link *l, struct mbuf *bp)
{
struct physical *p = link2physical(l);
struct chap *chap = &p->dl->chap;
char *name, *key, *ans;
int len, nlen;
u_char alen;
#ifdef HAVE_DES
int lanman;
#endif
if (p == NULL) {
log_Printf(LogERROR, "chap_Input: Not a physical link - dropped\n");
m_freem(bp);
return NULL;
}
if (bundle_Phase(bundle) != PHASE_NETWORK &&
bundle_Phase(bundle) != PHASE_AUTHENTICATE) {
log_Printf(LogPHASE, "Unexpected chap input - dropped !\n");
m_freem(bp);
return NULL;
}
m_settype(bp, MB_CHAPIN);
if ((bp = auth_ReadHeader(&chap->auth, bp)) == NULL &&
ntohs(chap->auth.in.hdr.length) == 0)
log_Printf(LogWARN, "Chap Input: Truncated header !\n");
else if (chap->auth.in.hdr.code == 0 || chap->auth.in.hdr.code > MAXCHAPCODE)
log_Printf(LogPHASE, "Chap Input: %d: Bad CHAP code !\n",
chap->auth.in.hdr.code);
else {
len = m_length(bp);
ans = NULL;
if (chap->auth.in.hdr.code != CHAP_CHALLENGE &&
chap->auth.id != chap->auth.in.hdr.id &&
Enabled(bundle, OPT_IDCHECK)) {
/* Wrong conversation dude ! */
log_Printf(LogPHASE, "Chap Input: %s dropped (got id %d, not %d)\n",
chapcodes[chap->auth.in.hdr.code], chap->auth.in.hdr.id,
chap->auth.id);
m_freem(bp);
return NULL;
}
chap->auth.id = chap->auth.in.hdr.id; /* We respond with this id */
#ifdef HAVE_DES
lanman = 0;
#endif
switch (chap->auth.in.hdr.code) {
case CHAP_CHALLENGE:
bp = mbuf_Read(bp, &alen, 1);
len -= alen + 1; /* len -= (alen + 1); */
if (len < 0) {
log_Printf(LogERROR, "Chap Input: Truncated challenge !\n");
m_freem(bp);
return NULL;
}
*chap->challenge.peer = alen;
bp = mbuf_Read(bp, chap->challenge.peer + 1, alen);
bp = auth_ReadName(&chap->auth, bp, len);
#ifdef HAVE_DES
lanman = p->link.lcp.his_authtype == 0x80 &&
((chap->NTRespSent && IsAccepted(p->link.lcp.cfg.chap80lm)) ||
!IsAccepted(p->link.lcp.cfg.chap80nt));
#endif
break;
case CHAP_RESPONSE:
auth_StopTimer(&chap->auth);
bp = mbuf_Read(bp, &alen, 1); /* read HASH-Size */
len -= alen + 1; /* len -= (alen + 1);, len is length of Name Field */
if (len < 0) {
log_Printf(LogERROR, "Chap Input: Truncated response !\n");
m_freem(bp);
return NULL;
}
if ((ans = malloc(alen + 2)) == NULL) {
log_Printf(LogERROR, "Chap Input: Out of memory !\n");
m_freem(bp);
return NULL;
}
*ans = chap->auth.id;
bp = mbuf_Read(bp, ans + 1, alen); /* cut HASH value */
ans[alen+1] = '\0'; /* ans is (id, HASH, \0)*/
bp = auth_ReadName(&chap->auth, bp, len);
#ifdef HAVE_DES
lanman = alen == 49 && ans[alen] == 0;
#endif
break;
case CHAP_SUCCESS:
case CHAP_FAILURE:
/* chap->auth.in.name is already set up at CHALLENGE time */
if ((ans = malloc(len + 1)) == NULL) {
log_Printf(LogERROR, "Chap Input: Out of memory !\n");
m_freem(bp);
return NULL;
}
bp = mbuf_Read(bp, ans, len);
ans[len] = '\0';
break;
}
switch (chap->auth.in.hdr.code) {
case CHAP_CHALLENGE:
case CHAP_RESPONSE:
if (*chap->auth.in.name)
log_Printf(LogPHASE, "Chap Input: %s (%d bytes from %s%s)\n",
chapcodes[chap->auth.in.hdr.code], alen,
chap->auth.in.name,
#ifdef HAVE_DES
lanman && chap->auth.in.hdr.code == CHAP_RESPONSE ?
" - lanman" :
#endif
"");
else
log_Printf(LogPHASE, "Chap Input: %s (%d bytes%s)\n",
chapcodes[chap->auth.in.hdr.code], alen,
#ifdef HAVE_DES
lanman && chap->auth.in.hdr.code == CHAP_RESPONSE ?
" - lanman" :
#endif
"");
break;
case CHAP_SUCCESS:
case CHAP_FAILURE:
if (*ans)
log_Printf(LogPHASE, "Chap Input: %s (%s)\n",
chapcodes[chap->auth.in.hdr.code], ans);
else
log_Printf(LogPHASE, "Chap Input: %s\n",
chapcodes[chap->auth.in.hdr.code]);
break;
}
switch (chap->auth.in.hdr.code) {
case CHAP_CHALLENGE:
if (*bundle->cfg.auth.key == '!' && bundle->cfg.auth.key[1] != '!')
chap_StartChild(chap, bundle->cfg.auth.key + 1,
bundle->cfg.auth.name);
else
chap_Respond(chap, bundle->cfg.auth.name, bundle->cfg.auth.key +
(*bundle->cfg.auth.key == '!' ? 1 : 0),
p->link.lcp.his_authtype
#ifdef HAVE_DES
, lanman
#endif
);
break;
case CHAP_RESPONSE:
name = chap->auth.in.name;
nlen = strlen(name);
#ifndef NORADIUS
if (*bundle->radius.cfg.file) {
u_char end;
end = chap->challenge.local[*chap->challenge.local+1];
chap->challenge.local[*chap->challenge.local+1] = '\0';
radius_Authenticate(&bundle->radius, &chap->auth,
chap->auth.in.name, ans,
chap->challenge.local + 1);
chap->challenge.local[*chap->challenge.local+1] = end;
} else
#endif
{
key = auth_GetSecret(bundle, name, nlen, p);
if (key) {
char *myans;
#ifdef HAVE_DES
if (lanman && !IsEnabled(p->link.lcp.cfg.chap80lm)) {
log_Printf(LogPHASE, "Auth failure: LANMan not enabled\n");
if (chap_HaveAnotherGo(chap))
break;
key = NULL;
} else if (!lanman && !IsEnabled(p->link.lcp.cfg.chap80nt) &&
p->link.lcp.want_authtype == 0x80) {
log_Printf(LogPHASE, "Auth failure: mschap not enabled\n");
if (chap_HaveAnotherGo(chap))
break;
key = NULL;
} else
#endif
{
myans = chap_BuildAnswer(name, key, chap->auth.id,
chap->challenge.local,
p->link.lcp.want_authtype
#ifdef HAVE_DES
, lanman
#endif
);
if (myans == NULL)
key = NULL;
else {
if (!chap_Cmp(p->link.lcp.want_authtype, myans + 1, *myans,
ans + 1, alen
#ifdef HAVE_DES
, lanman
#endif
))
key = NULL;
free(myans);
}
}
}
if (key)
chap_Success(&chap->auth);
else
chap_Failure(&chap->auth);
}
break;
case CHAP_SUCCESS:
if (p->link.lcp.auth_iwait == PROTO_CHAP) {
p->link.lcp.auth_iwait = 0;
if (p->link.lcp.auth_ineed == 0)
/*
* We've succeeded in our ``login''
* If we're not expecting the peer to authenticate (or he already
* has), proceed to network phase.
*/
datalink_AuthOk(p->dl);
}
break;
case CHAP_FAILURE:
datalink_AuthNotOk(p->dl);
break;
}
free(ans);
}
m_freem(bp);
return NULL;
}
struct mbuf *
pap_Input(struct bundle *bundle, struct link *l, struct mbuf *bp)
{
struct physical *p = link2physical(l);
struct authinfo *authp = &p->dl->pap;
u_char nlen, klen, *key;
const char *txt;
int txtlen;
if (p == NULL) {
log_Printf(LogERROR, "pap_Input: Not a physical link - dropped\n");
m_freem(bp);
return NULL;
}
if (bundle_Phase(bundle) != PHASE_NETWORK &&
bundle_Phase(bundle) != PHASE_AUTHENTICATE) {
log_Printf(LogPHASE, "Unexpected pap input - dropped !\n");
m_freem(bp);
return NULL;
}
if ((bp = auth_ReadHeader(authp, bp)) == NULL &&
ntohs(authp->in.hdr.length) == 0) {
log_Printf(LogWARN, "Pap Input: Truncated header !\n");
return NULL;
}
if (authp->in.hdr.code == 0 || authp->in.hdr.code > MAXPAPCODE) {
log_Printf(LogPHASE, "Pap Input: %d: Bad PAP code !\n", authp->in.hdr.code);
m_freem(bp);
return NULL;
}
if (authp->in.hdr.code != PAP_REQUEST && authp->id != authp->in.hdr.id &&
Enabled(bundle, OPT_IDCHECK)) {
/* Wrong conversation dude ! */
log_Printf(LogPHASE, "Pap Input: %s dropped (got id %d, not %d)\n",
papcodes[authp->in.hdr.code], authp->in.hdr.id, authp->id);
m_freem(bp);
return NULL;
}
m_settype(bp, MB_PAPIN);
authp->id = authp->in.hdr.id; /* We respond with this id */
if (bp) {
bp = mbuf_Read(bp, &nlen, 1);
if (authp->in.hdr.code == PAP_ACK) {
/*
* Don't restrict the length of our acknowledgement freetext to
* nlen (a one-byte length). Show the rest of the ack packet
* instead. This isn't really part of the protocol.....
*/
bp = m_pullup(bp);
txt = MBUF_CTOP(bp);
txtlen = m_length(bp);
} else {
bp = auth_ReadName(authp, bp, nlen);
txt = authp->in.name;
txtlen = strlen(authp->in.name);
}
} else {
txt = "";
txtlen = 0;
}
log_Printf(LogPHASE, "Pap Input: %s (%.*s)\n",
papcodes[authp->in.hdr.code], txtlen, txt);
switch (authp->in.hdr.code) {
case PAP_REQUEST:
if (bp == NULL) {
log_Printf(LogPHASE, "Pap Input: No key given !\n");
break;
}
bp = mbuf_Read(bp, &klen, 1);
if (m_length(bp) < klen) {
log_Printf(LogERROR, "Pap Input: Truncated key !\n");
break;
}
if ((key = malloc(klen+1)) == NULL) {
log_Printf(LogERROR, "Pap Input: Out of memory !\n");
break;
}
bp = mbuf_Read(bp, key, klen);
key[klen] = '\0';
#ifndef NORADIUS
if (*bundle->radius.cfg.file) {
if (!radius_Authenticate(&bundle->radius, authp, authp->in.name,
key, strlen(key), NULL, 0))
pap_Failure(authp);
} else
#endif
if (auth_Validate(bundle, authp->in.name, key))
pap_Success(authp);
else
pap_Failure(authp);
free(key);
break;
case PAP_ACK:
auth_StopTimer(authp);
if (p->link.lcp.auth_iwait == PROTO_PAP) {
p->link.lcp.auth_iwait = 0;
if (p->link.lcp.auth_ineed == 0)
/*
* We've succeeded in our ``login''
* If we're not expecting the peer to authenticate (or he already
* has), proceed to network phase.
*/
datalink_AuthOk(p->dl);
}
break;
case PAP_NAK:
auth_StopTimer(authp);
datalink_AuthNotOk(p->dl);
break;
}
m_freem(bp);
return NULL;
}
lcp->fsm.link->name);
log_Printf(LogLQM, "%s: Too many LCP ECHO packets lost\n",
lcp->fsm.link->name);
p->hdlc.lqm.method = 0;
datalink_Down(p->dl, CLOSE_NORMAL);
} else
SendEchoReq(lcp);
}
if (p->hdlc.lqm.method && p->hdlc.lqm.timer.load)
timer_Start(&p->hdlc.lqm.timer);
}
struct mbuf *
lqr_Input(struct bundle *bundle __unused, struct link *l, struct mbuf *bp)
{
struct physical *p = link2physical(l);
struct lcp *lcp = p->hdlc.lqm.owner;
int len;
if (p == NULL) {
log_Printf(LogERROR, "lqr_Input: Not a physical link - dropped\n");
m_freem(bp);
return NULL;
}
len = m_length(bp);
if (len != sizeof(struct lqrdata))
log_Printf(LogWARN, "lqr_Input: Got packet size %d, expecting %ld !\n",
len, (long)sizeof(struct lqrdata));
else if (!IsAccepted(l->lcp.cfg.lqr) && !(p->hdlc.lqm.method & LQM_LQR)) {
bp = m_pullup(proto_Prepend(bp, PROTO_LQR, 0, 0));
struct mbuf *
chap_Input(struct bundle *bundle, struct link *l, struct mbuf *bp)
{
struct physical *p = link2physical(l);
struct chap *chap = &p->dl->chap;
char *name, *key, *ans;
int len, nlen;
u_char alen;
#ifndef NODES
int lanman;
#endif
if (p == NULL) {
log_Printf(LogERROR, "chap_Input: Not a physical link - dropped\n");
m_freem(bp);
return NULL;
}
if (bundle_Phase(bundle) != PHASE_NETWORK &&
bundle_Phase(bundle) != PHASE_AUTHENTICATE) {
log_Printf(LogPHASE, "Unexpected chap input - dropped !\n");
m_freem(bp);
return NULL;
}
m_settype(bp, MB_CHAPIN);
if ((bp = auth_ReadHeader(&chap->auth, bp)) == NULL &&
ntohs(chap->auth.in.hdr.length) == 0)
log_Printf(LogWARN, "Chap Input: Truncated header !\n");
else if (chap->auth.in.hdr.code == 0 || chap->auth.in.hdr.code > MAXCHAPCODE)
log_Printf(LogPHASE, "Chap Input: %d: Bad CHAP code !\n",
chap->auth.in.hdr.code);
else {
len = m_length(bp);
ans = NULL;
if (chap->auth.in.hdr.code != CHAP_CHALLENGE &&
chap->auth.id != chap->auth.in.hdr.id &&
Enabled(bundle, OPT_IDCHECK)) {
/* Wrong conversation dude ! */
log_Printf(LogPHASE, "Chap Input: %s dropped (got id %d, not %d)\n",
chapcodes[chap->auth.in.hdr.code], chap->auth.in.hdr.id,
chap->auth.id);
m_freem(bp);
return NULL;
}
chap->auth.id = chap->auth.in.hdr.id; /* We respond with this id */
#ifndef NODES
lanman = 0;
#endif
switch (chap->auth.in.hdr.code) {
case CHAP_CHALLENGE:
bp = mbuf_Read(bp, &alen, 1);
len -= alen + 1;
if (len < 0) {
log_Printf(LogERROR, "Chap Input: Truncated challenge !\n");
m_freem(bp);
return NULL;
}
*chap->challenge.peer = alen;
bp = mbuf_Read(bp, chap->challenge.peer + 1, alen);
bp = auth_ReadName(&chap->auth, bp, len);
#ifndef NODES
lanman = p->link.lcp.his_authtype == 0x80 &&
((chap->NTRespSent && IsAccepted(p->link.lcp.cfg.chap80lm)) ||
!IsAccepted(p->link.lcp.cfg.chap80nt));
/* Generate local challenge value */
chap_ChallengeInit(&chap->auth);
#endif
break;
case CHAP_RESPONSE:
auth_StopTimer(&chap->auth);
bp = mbuf_Read(bp, &alen, 1);
len -= alen + 1;
if (len < 0) {
log_Printf(LogERROR, "Chap Input: Truncated response !\n");
m_freem(bp);
return NULL;
}
if ((ans = malloc(alen + 1)) == NULL) {
log_Printf(LogERROR, "Chap Input: Out of memory !\n");
m_freem(bp);
return NULL;
}
*ans = chap->auth.id;
bp = mbuf_Read(bp, ans + 1, alen);
bp = auth_ReadName(&chap->auth, bp, len);
#ifndef NODES
lanman = p->link.lcp.want_authtype == 0x80 &&
alen == 49 && ans[alen] == 0;
#endif
break;
case CHAP_SUCCESS:
case CHAP_FAILURE:
/* chap->auth.in.name is already set up at CHALLENGE time */
if ((ans = malloc(len + 1)) == NULL) {
log_Printf(LogERROR, "Chap Input: Out of memory !\n");
m_freem(bp);
return NULL;
}
bp = mbuf_Read(bp, ans, len);
ans[len] = '\0';
break;
}
switch (chap->auth.in.hdr.code) {
case CHAP_CHALLENGE:
case CHAP_RESPONSE:
if (*chap->auth.in.name)
log_Printf(LogPHASE, "Chap Input: %s (%d bytes from %s%s)\n",
chapcodes[chap->auth.in.hdr.code], alen,
chap->auth.in.name,
#ifndef NODES
lanman && chap->auth.in.hdr.code == CHAP_RESPONSE ?
" - lanman" :
#endif
"");
else
log_Printf(LogPHASE, "Chap Input: %s (%d bytes%s)\n",
chapcodes[chap->auth.in.hdr.code], alen,
#ifndef NODES
lanman && chap->auth.in.hdr.code == CHAP_RESPONSE ?
" - lanman" :
#endif
"");
break;
case CHAP_SUCCESS:
case CHAP_FAILURE:
if (*ans)
log_Printf(LogPHASE, "Chap Input: %s (%s)\n",
chapcodes[chap->auth.in.hdr.code], ans);
else
log_Printf(LogPHASE, "Chap Input: %s\n",
chapcodes[chap->auth.in.hdr.code]);
break;
}
switch (chap->auth.in.hdr.code) {
case CHAP_CHALLENGE:
if (*bundle->cfg.auth.key == '!' && bundle->cfg.auth.key[1] != '!')
chap_StartChild(chap, bundle->cfg.auth.key + 1,
bundle->cfg.auth.name);
else
chap_Respond(chap, bundle->cfg.auth.name, bundle->cfg.auth.key +
(*bundle->cfg.auth.key == '!' ? 1 : 0),
p->link.lcp.his_authtype
#ifndef NODES
, lanman
#endif
);
break;
case CHAP_RESPONSE:
name = chap->auth.in.name;
nlen = strlen(name);
#ifndef NODES
if (p->link.lcp.want_authtype == 0x81) {
struct MSCHAPv2_resp *resp = (struct MSCHAPv2_resp *)(ans + 1);
chap->challenge.peer[0] = sizeof resp->PeerChallenge;
memcpy(chap->challenge.peer + 1, resp->PeerChallenge,
sizeof resp->PeerChallenge);
}
#endif
#ifndef NORADIUS
if (*bundle->radius.cfg.file) {
if (!radius_Authenticate(&bundle->radius, &chap->auth,
chap->auth.in.name, ans, alen + 1,
chap->challenge.local + 1,
*chap->challenge.local))
chap_Failure(&chap->auth);
} else
#endif
{
if (p->link.lcp.want_authtype == 0x81 && ans[alen] != '\0' &&
alen == sizeof(struct MSCHAPv2_resp)) {
struct MSCHAPv2_resp *resp = (struct MSCHAPv2_resp *)(ans + 1);
log_Printf(LogWARN, "%s: Compensating for corrupt (Win98/WinME?) "
"CHAP81 RESPONSE\n", l->name);
resp->Flags = '\0'; /* rfc2759 says it *MUST* be zero */
}
key = auth_GetSecret(bundle, name, nlen, p);
if (key) {
#ifndef NODES
if (p->link.lcp.want_authtype == 0x80 &&
lanman && !IsEnabled(p->link.lcp.cfg.chap80lm)) {
log_Printf(LogPHASE, "Auth failure: LANMan not enabled\n");
if (chap_HaveAnotherGo(chap))
break;
key = NULL;
} else if (p->link.lcp.want_authtype == 0x80 &&
!lanman && !IsEnabled(p->link.lcp.cfg.chap80nt)) {
log_Printf(LogPHASE, "Auth failure: mschap not enabled\n");
if (chap_HaveAnotherGo(chap))
break;
key = NULL;
} else if (p->link.lcp.want_authtype == 0x81 &&
!IsEnabled(p->link.lcp.cfg.chap81)) {
log_Printf(LogPHASE, "Auth failure: CHAP81 not enabled\n");
key = NULL;
} else
#endif
{
char *myans = chap_BuildAnswer(name, key, chap->auth.id,
chap->challenge.local,
p->link.lcp.want_authtype
#ifndef NODES
, chap->challenge.peer,
chap->authresponse, lanman);
MPPE_IsServer = 1; /* XXX Global ! */
#else
);
#endif
if (myans == NULL)
key = NULL;
else {
if (!chap_Cmp(p->link.lcp.want_authtype, myans + 1, *myans,
ans + 1, alen
#ifndef NODES
, lanman
#endif
))
key = NULL;
free(myans);
}
}
}
if (key)
chap_Success(&chap->auth);
else
chap_Failure(&chap->auth);
}
break;
case CHAP_SUCCESS:
if (p->link.lcp.auth_iwait == PROTO_CHAP) {
p->link.lcp.auth_iwait = 0;
if (p->link.lcp.auth_ineed == 0) {
#ifndef NODES
if (p->link.lcp.his_authtype == 0x81) {
if (strncasecmp(ans, chap->authresponse, 42)) {
datalink_AuthNotOk(p->dl);
log_Printf(LogWARN, "CHAP81: AuthenticatorResponse: (%.42s)"
" != ans: (%.42s)\n", chap->authresponse, ans);
} else {
/* Successful login */
MPPE_MasterKeyValid = 1; /* XXX Global ! */
datalink_AuthOk(p->dl);
}
} else
#endif
/*
* We've succeeded in our ``login''
* If we're not expecting the peer to authenticate (or he already
* has), proceed to network phase.
*/
datalink_AuthOk(p->dl);
}
}
break;
case CHAP_FAILURE:
datalink_AuthNotOk(p->dl);
break;
}
free(ans);
}
static struct mbuf *
lqr_LayerPush(struct bundle *b, struct link *l, struct mbuf *bp,
int pri, u_short *proto)
{
struct physical *p = link2physical(l);
int len, layer;
if (!p) {
/* Oops - can't happen :-] */
m_freem(bp);
return NULL;
}
bp = m_pullup(bp);
len = m_length(bp);
/*-
* From rfc1989:
*
* All octets which are included in the FCS calculation MUST be counted,
* including the packet header, the information field, and any padding.
* The FCS octets MUST also be counted, and one flag octet per frame
* MUST be counted. All other octets (such as additional flag
* sequences, and escape bits or octets) MUST NOT be counted.
*
* As we're stacked higher than the HDLC layer (otherwise HDLC wouldn't be
* able to calculate the FCS), we must not forget about these additional
* bytes when we're asynchronous.
*
* We're also expecting to be stacked *before* the likes of the proto and
* acf layers (to avoid alignment issues), so deal with this too.
*/
p->hdlc.lqm.ifOutUniPackets++;
p->hdlc.lqm.ifOutOctets += len + 1; /* plus 1 flag octet! */
for (layer = 0; layer < l->nlayers; layer++)
switch (l->layer[layer]->type) {
case LAYER_ACF:
p->hdlc.lqm.ifOutOctets += acf_WrapperOctets(&l->lcp, *proto);
break;
case LAYER_ASYNC:
/* Not included - see rfc1989 */
break;
case LAYER_HDLC:
p->hdlc.lqm.ifOutOctets += hdlc_WrapperOctets(&l->lcp, *proto);
break;
case LAYER_LQR:
layer = l->nlayers;
break;
case LAYER_PROTO:
p->hdlc.lqm.ifOutOctets += proto_WrapperOctets(&l->lcp, *proto);
break;
case LAYER_SYNC:
/* Nothing to add on */
break;
default:
log_Printf(LogWARN, "Oops, don't know how to do octets for %s layer\n",
l->layer[layer]->name);
break;
}
if (*proto == PROTO_LQR) {
/* Overwrite the entire packet (created in SendLqrData()) */
struct lqrdata lqr;
size_t pending_pkts, pending_octets;
p->hdlc.lqm.lqr.OutLQRs++;
/*
* We need to compensate for the fact that we're pushing our data
* onto the highest priority queue by factoring out packet & octet
* values from other queues!
*/
link_PendingLowPriorityData(l, &pending_pkts, &pending_octets);
memset(&lqr, '\0', sizeof lqr);
lqr.MagicNumber = p->link.lcp.want_magic;
lqr.LastOutLQRs = p->hdlc.lqm.lqr.peer.PeerOutLQRs;
lqr.LastOutPackets = p->hdlc.lqm.lqr.peer.PeerOutPackets;
lqr.LastOutOctets = p->hdlc.lqm.lqr.peer.PeerOutOctets;
lqr.PeerInLQRs = p->hdlc.lqm.lqr.Save.InLQRs;
lqr.PeerInPackets = p->hdlc.lqm.lqr.Save.InPackets;
lqr.PeerInDiscards = p->hdlc.lqm.lqr.Save.InDiscards;
lqr.PeerInErrors = p->hdlc.lqm.lqr.Save.InErrors;
lqr.PeerInOctets = p->hdlc.lqm.lqr.Save.InOctets;
lqr.PeerOutLQRs = p->hdlc.lqm.lqr.OutLQRs;
lqr.PeerOutPackets = p->hdlc.lqm.ifOutUniPackets - pending_pkts;
/* Don't forget our ``flag'' octets.... */
lqr.PeerOutOctets = p->hdlc.lqm.ifOutOctets - pending_octets - pending_pkts;
lqr_Dump(l->name, "Output", &lqr);
lqr_ChangeOrder(&lqr, (struct lqrdata *)MBUF_CTOP(bp));
}
return bp;
}
struct mbuf *
lqr_Input(struct bundle *bundle, struct link *l, struct mbuf *bp)
{
struct physical *p = link2physical(l);
struct lcp *lcp = p->hdlc.lqm.owner;
int len;
if (p == NULL) {
log_Printf(LogERROR, "lqr_Input: Not a physical link - dropped\n");
m_freem(bp);
return NULL;
}
len = m_length(bp);
if (len != sizeof(struct lqrdata))
log_Printf(LogWARN, "lqr_Input: Got packet size %d, expecting %ld !\n",
len, (long)sizeof(struct lqrdata));
else if (!IsAccepted(l->lcp.cfg.lqr) && !(p->hdlc.lqm.method & LQM_LQR)) {
bp = m_pullup(proto_Prepend(bp, PROTO_LQR, 0, 0));
lcp_SendProtoRej(lcp, MBUF_CTOP(bp), bp->m_len);
} else {
struct lqrdata *lqr;
bp = m_pullup(bp);
lqr = (struct lqrdata *)MBUF_CTOP(bp);
if (ntohl(lqr->MagicNumber) != lcp->his_magic)
log_Printf(LogWARN, "lqr_Input: magic 0x%08lx is wrong,"
" expecting 0x%08lx\n",
(u_long)ntohl(lqr->MagicNumber), (u_long)lcp->his_magic);
else {
struct lqrdata lastlqr;
memcpy(&lastlqr, &p->hdlc.lqm.lqr.peer, sizeof lastlqr);
lqr_ChangeOrder(lqr, &p->hdlc.lqm.lqr.peer);
lqr_Dump(l->name, "Input", &p->hdlc.lqm.lqr.peer);
/* we have received an LQR from our peer */
p->hdlc.lqm.lqr.resent = 0;
/* Snapshot our state when the LQR packet was received */
memcpy(&p->hdlc.lqm.lqr.prevSave, &p->hdlc.lqm.lqr.Save,
sizeof p->hdlc.lqm.lqr.prevSave);
p->hdlc.lqm.lqr.Save.InLQRs = ++p->hdlc.lqm.lqr.InLQRs;
p->hdlc.lqm.lqr.Save.InPackets = p->hdlc.lqm.ifInUniPackets;
p->hdlc.lqm.lqr.Save.InDiscards = p->hdlc.lqm.ifInDiscards;
p->hdlc.lqm.lqr.Save.InErrors = p->hdlc.lqm.ifInErrors;
p->hdlc.lqm.lqr.Save.InOctets = p->hdlc.lqm.lqr.InGoodOctets;
lqr_Analyse(&p->hdlc, &lastlqr, &p->hdlc.lqm.lqr.peer);
/*
* Generate an LQR response if we're not running an LQR timer OR
* two successive LQR's PeerInLQRs are the same.
*/
if (p->hdlc.lqm.timer.load == 0 || !(p->hdlc.lqm.method & LQM_LQR) ||
(lastlqr.PeerInLQRs &&
lastlqr.PeerInLQRs == p->hdlc.lqm.lqr.peer.PeerInLQRs))
SendLqrData(lcp);
}
}
m_freem(bp);
return NULL;
}
