static void
chap_Respond_old(struct chap *chap, char *name, char *key, u_char type
#ifdef HAVE_DES
, int lm
#endif
)
{
u_char *ans;
ans = chap_BuildAnswer(name, key, chap->auth.id, chap->challenge.peer, type
#ifdef HAVE_DES
, lm
#endif
);
if (ans) {
ChapOutput(chap->auth.physical, CHAP_RESPONSE, chap->auth.id,
ans, *ans + 1 + strlen(name), name);
#ifdef HAVE_DES
chap->NTRespSent = !lm;
#endif
free(ans);
} else
ChapOutput(chap->auth.physical, CHAP_FAILURE, chap->auth.id,
"Out of memory!", 14, NULL);
}
static void
chap_Respond(struct chap *chap, char *name, char *key
#ifndef NODES
, u_char type, int lm
#endif
)
{
u_char *ans;
ans = chap_BuildAnswer(name, key, chap->auth.id, chap->challenge.peer
#ifndef NODES
, type, chap->challenge.local, chap->authresponse, lm
#endif
);
if (ans) {
ChapOutput(chap->auth.physical, CHAP_RESPONSE, chap->auth.id,
ans, *ans + 1 + strlen(name), name);
#ifndef NODES
chap->NTRespSent = !lm;
MPPE_IsServer = 0; /* XXX Global ! */
#endif
free(ans);
} else
ChapOutput(chap->auth.physical, CHAP_FAILURE, chap->auth.id,
"Out of memory!", 14, NULL);
}
/*****************************************************************************
函 数 名 : chap_Success
功能描述 : 构造Success帧并发送
输入参数 : l - PPP链接
输出参数 : 无
返 回 值 : 无
调用函数 :
被调函数 :
修改历史 :
1.日 期 : 2008年10月25日
作 者 : liukai
修改内容 : porting from BSD
*****************************************************************************/
static VOS_VOID chap_Success(struct link *l)
{
struct authinfo *authp = &(l->chap.auth);
const VOS_CHAR *pcMsg = "Welcome!!"; /* follow BSD use "Welcome!!" as message */
/* Success body: */
/*
* -------------
* | Message |
* -------------
*/
ChapOutput(l, CHAP_SUCCESS, authp->id, (VOS_UCHAR *)pcMsg, VOS_StrLen((VOS_CHAR *)pcMsg), VOS_NULL_PTR);
l->lcp.auth_ineed = 0; /* after Authentication, clear flag to authenticate peer */
if (0 == l->lcp.auth_iwait) /* auth_iwait: 0, authentication to peer is not complete or no need to authentication,
!0, authentication to peer is complete */
{
/*
* Either I didn't need to authenticate, or I've already been
* told that I got the answer right.
*/
chap_ReInit(&(l->chap));
if (PHASE_AUTHENTICATE == l->phase)
{
l->phase = PHASE_NETWORK;
l->ipcp.fsm.state = ST_CLOSED;
fsm_Open(&(l->ipcp.fsm));
PPP_MNTN_LOG(PS_PID_APP_PPP, 0, PS_PRINT_NORMAL, "goto ipcp stage!\r\n");
}
}
return;
} /* chap_Success */
/*****************************************************************************
函 数 名 : chap_Respond
功能描述 : 构造Response帧并发送
输入参数 : l - PPP链接
name - 待填写的Name值
输出参数 : 无
返 回 值 : 无
调用函数 :
被调函数 :
修改历史 :
1.日 期 : 2008年10月24日
作 者 : liukai
修改内容 : porting from BSD
*****************************************************************************/
static VOS_VOID chap_Respond(struct link *l, const VOS_CHAR *name)
{
VOS_UCHAR aucResponseBody[1+MD5DIGESTSIZE+AUTHLEN];
VOS_UINT32 len; /* length of Response body */
VOS_UINT32 ulHashValueLoop;
/* Response body: */
/*
* ------------------- --------------------- ----------
* | HASH-Size(1B) | HASH-Value(16B) | Name |
* ------------------- --------------------- ----------
*/
len = 1 + MD5DIGESTSIZE + VOS_StrLen((VOS_CHAR *)name); /* BSD always thinks user name is not beyong AUTHLEN octets */
aucResponseBody[0] = MD5DIGESTSIZE; /* as CHAP only support MD5, MD5 hash value is 16 octets */
/* in our product, when rx-ed Challenge from PC, just response hash value with zero */
for (ulHashValueLoop = 1; ulHashValueLoop <= MD5DIGESTSIZE; ulHashValueLoop ++)
{
aucResponseBody[ulHashValueLoop] = 0x00;
}
if ((VOS_NULL_PTR != name) && ('\0' != *name))
{
PS_MEM_CPY(&aucResponseBody[1+MD5DIGESTSIZE], name, VOS_StrLen((VOS_CHAR*)name));
}
ChapOutput(l, CHAP_RESPONSE, (l->chap.auth.id), aucResponseBody, len, name);
return;
} /* chap_Respond */
static void
chap_Challenge(struct authinfo *authp)
{
struct chap *chap = auth2chap(authp);
int len;
log_Printf(LogDEBUG, "CHAP%02X: Challenge\n",
authp->physical->link.lcp.want_authtype);
len = strlen(authp->physical->dl->bundle->cfg.auth.name);
/* Generate new local challenge value */
if (!*chap->challenge.local)
chap_ChallengeInit(authp);
#ifndef NODES
if (authp->physical->link.lcp.want_authtype == 0x81)
ChapOutput(authp->physical, CHAP_CHALLENGE, authp->id,
chap->challenge.local, 1 + *chap->challenge.local, NULL);
else
#endif
ChapOutput(authp->physical, CHAP_CHALLENGE, authp->id,
chap->challenge.local, 1 + *chap->challenge.local + len, NULL);
}
static void
chap_Success_old(struct authinfo *authp)
{
datalink_GotAuthname(authp->physical->dl, authp->in.name);
ChapOutput(authp->physical, CHAP_SUCCESS, authp->id, "Welcome!!", 10, NULL);
authp->physical->link.lcp.auth_ineed = 0;
if (Enabled(authp->physical->dl->bundle, OPT_UTMP))
physical_Login(authp->physical, authp->in.name);
if (authp->physical->link.lcp.auth_iwait == 0)
/*
* Either I didn't need to authenticate, or I've already been
* told that I got the answer right.
*/
datalink_AuthOk(authp->physical->dl);
}
/*****************************************************************************
函 数 名 : chap_Challenge
功能描述 : 构造Challenge帧并发送
输入参数 : l - PPP链接
输出参数 : 无
返 回 值 : 无
调用函数 :
被调函数 :
修改历史 :
1.日 期 : 2008年10月25日
作 者 : liukai
修改内容 : porting from BSD
*****************************************************************************/
VOS_VOID chap_Challenge(struct link *l)
{
struct chap *chap = &(l->chap);
VOS_UINT32 len, i;
VOS_UINT8 *cp;
VOS_UINT32 ulTick;
const VOS_CHAR acLocalChallenge[] = "HUAWEI_CHAP_SRVR"; /* we always use "HUAWEI_CHAP_SRVR" as Name of Challenge */
/* Challenge body: */
/*
* ------------------------ --------------------- ----------
* | Challenge-Size(1B) | Challenge-Value | Name |
* ------------------------ --------------------- ----------
*/
len = VOS_StrLen((VOS_CHAR *)acLocalChallenge);
if (0x0 == *(chap->challenge.local)) { /* as each time local[0] is 0x0, here is always true */
ulTick = VOS_GetTick();
VOS_SetSeed(ulTick); /* use current tick as seed of random algorithm */
cp = chap->challenge.local;
/*AT2D19295 测试组建议challenge中随机字符串长度固定为16,和标杆一致 */
*cp++ = (VOS_UINT8)(MD5DIGESTSIZE);
/*
*cp++ = (VOS_UINT8)(PS_RAND(CHAPCHALLENGELEN-MD5DIGESTSIZE) + MD5DIGESTSIZE);
随机字串长度本为任意长度, 存放在local的第一个字节,为了防止对端只支持MD5而要求长度为16, 特意保证长度至少16字节
*/
for (i = 0; i < *(chap->challenge.local); i++)
{
*cp++ = (VOS_UINT8)PS_RAND(PS_NULL_UINT8+1); /* 随机字串 */
}
/* use memcpy instead of strcpy, as "The Name should not be NUL or CR/LF terminated." in RFC1994 */
PS_MEM_CPY(cp, acLocalChallenge, len);
}
/* each time send challenge, record its packet */
ChapBufferChallengePacket(chap, chap->auth.id, chap->challenge.local,
1 + *(chap->challenge.local) + len);
ChapOutput(l, CHAP_CHALLENGE, chap->auth.id, chap->challenge.local,
1 + *(chap->challenge.local) + len, VOS_NULL_PTR); /* 1: challenge length, *local: 随机字串长度, len: Name length */
return;
} /* chap_Challenge */
static void
chap_Failure(struct authinfo *authp)
{
#ifndef NODES
char buf[1024], *ptr;
#endif
const char *msg;
#ifndef NORADIUS
struct bundle *bundle = authp->physical->link.lcp.fsm.bundle;
if (*bundle->radius.cfg.file && bundle->radius.errstr)
msg = bundle->radius.errstr;
else
#endif
#ifndef NODES
if (authp->physical->link.lcp.want_authtype == 0x80) {
snprintf(buf, sizeof buf, "E=691 R=1 M=Invalid!");
msg = buf;
} else if (authp->physical->link.lcp.want_authtype == 0x81) {
int i;
ptr = buf;
snprintf(buf, sizeof(buf), "E=691 R=0 C=");
ptr += strlen(ptr);
for (i=0; i<16; i++) {
snprintf(ptr, buf + sizeof buf - ptr, "%02X", *(auth2chap(authp)->challenge.local+1+i));
ptr += strlen(ptr);
if (ptr > buf + sizeof buf)
break;
}
snprintf(ptr, buf + sizeof buf - ptr, " V=3 M=Invalid!");
msg = buf;
} else
#endif
msg = "Invalid!!";
ChapOutput(authp->physical, CHAP_FAILURE, authp->id, msg, strlen(msg) + 1,
NULL);
datalink_AuthNotOk(authp->physical->dl);
}
static void
chap_Success(struct authinfo *authp)
{
struct bundle *bundle = authp->physical->dl->bundle;
const char *msg;
datalink_GotAuthname(authp->physical->dl, authp->in.name);
#ifndef NODES
if (authp->physical->link.lcp.want_authtype == 0x81) {
#ifndef NORADIUS
if (*bundle->radius.cfg.file && bundle->radius.msrepstr)
msg = bundle->radius.msrepstr;
else
#endif
msg = auth2chap(authp)->authresponse;
MPPE_MasterKeyValid = 1; /* XXX Global ! */
} else
#endif
#ifndef NORADIUS
if (*bundle->radius.cfg.file && bundle->radius.repstr)
msg = bundle->radius.repstr;
else
#endif
msg = "Welcome!!";
ChapOutput(authp->physical, CHAP_SUCCESS, authp->id, msg, strlen(msg),
NULL);
authp->physical->link.lcp.auth_ineed = 0;
if (Enabled(bundle, OPT_UTMP))
physical_Login(authp->physical, authp->in.name);
if (authp->physical->link.lcp.auth_iwait == 0)
/*
* Either I didn't need to authenticate, or I've already been
* told that I got the answer right.
*/
datalink_AuthOk(authp->physical->dl);
}
static void
chap_Challenge_old(struct authinfo *authp)
{
struct chap *chap = auth2chap(authp);
int len, i;
char *cp;
len = strlen(authp->physical->dl->bundle->cfg.auth.name);
if (!*chap->challenge.local) { /* as each time, local is NULL, here is always true */
randinit();
cp = chap->challenge.local;
#ifndef NORADIUS
if (*authp->physical->dl->bundle->radius.cfg.file) {
/* For radius, our challenge is 16 readable NUL terminated bytes :*/
*cp++ = 16;
for (i = 0; i < 16; i++)
*cp++ = (random() % 10) + '0';
} else
#endif
{
#ifdef HAVE_DES
if (authp->physical->link.lcp.want_authtype == 0x80)
*cp++ = 8; /* MS does 8 byte callenges :-/ */
else
#endif
*cp++ = random() % (CHAPCHALLENGELEN-16) + 16; /* 随机字串长度本身设为随机值, 放在local的第一个字节 */
for (i = 0; i < *chap->challenge.local; i++)
*cp++ = random() & 0xff; /* 随机字串 */
}
memcpy(cp, authp->physical->dl->bundle->cfg.auth.name, len);
}
ChapOutput(authp->physical, CHAP_CHALLENGE, authp->id, chap->challenge.local,
1 + *chap->challenge.local + len, NULL); /* 1: Value-Size, *local: 随机字串长度, len: Name length */
}
static void
chap_Failure_old(struct authinfo *authp)
{
ChapOutput(authp->physical, CHAP_FAILURE, authp->id, "Invalid!!", 9, NULL);
datalink_AuthNotOk(authp->physical->dl);
}
