int radius_get_vs_string_attr(const RADIUS_PACKET* packet, u_int32_t vendor, u_int8_t vtype, char* str) { u_int8_t len; if(radius_get_vs_raw_attr(packet, vendor, vtype, str, &len) != 0) return 1; str[len] = '\0'; return 0; }
static void radius_dump(FILE *out, RADIUS_PACKET *pkt, bool resp, const char *secret) { size_t len; char buf[256], buf1[256]; uint32_t u32val; struct in_addr ipv4; fprintf(out, " Id = %d\n" " Code = %s(%d)\n", (int)radius_get_id(pkt), radius_code_str((int)radius_get_code(pkt)), (int)radius_get_code(pkt)); if (resp && secret) fprintf(out, " Message-Authenticator = %s\n", (radius_check_response_authenticator(pkt, secret) == 0) ? "Verified" : "NG"); if (radius_get_string_attr(pkt, RADIUS_TYPE_USER_NAME, buf, sizeof(buf)) == 0) fprintf(out, " User-Name = \"%s\"\n", buf); if (secret && radius_get_user_password_attr(pkt, buf, sizeof(buf), secret) == 0) fprintf(out, " User-Password = \"%s\"\n", buf); memset(buf, 0, sizeof(buf)); len = sizeof(buf); if (radius_get_raw_attr(pkt, RADIUS_TYPE_CHAP_PASSWORD, buf, &len) == 0) fprintf(out, " CHAP-Password = %s\n", (hexstr(buf, len, buf1, sizeof(buf1))) ? buf1 : "(too long)"); memset(buf, 0, sizeof(buf)); len = sizeof(buf); if (radius_get_raw_attr(pkt, RADIUS_TYPE_CHAP_CHALLENGE, buf, &len) == 0) fprintf(out, " CHAP-Challenge = %s\n", (hexstr(buf, len, buf1, sizeof(buf1))) ? buf1 : "(too long)"); memset(buf, 0, sizeof(buf)); len = sizeof(buf); if (radius_get_vs_raw_attr(pkt, RADIUS_VENDOR_MICROSOFT, RADIUS_VTYPE_MS_CHAP_CHALLENGE, buf, &len) == 0) fprintf(out, " MS-CHAP-Challenge = %s\n", (hexstr(buf, len, buf1, sizeof(buf1))) ? buf1 : "(too long)"); memset(buf, 0, sizeof(buf)); len = sizeof(buf); if (radius_get_vs_raw_attr(pkt, RADIUS_VENDOR_MICROSOFT, RADIUS_VTYPE_MS_CHAP2_RESPONSE, buf, &len) == 0) fprintf(out, " MS-CHAP2-Response = %s\n", (hexstr(buf, len, buf1, sizeof(buf1))) ? buf1 : "(too long)"); memset(buf, 0, sizeof(buf)); len = sizeof(buf) - 1; if (radius_get_vs_raw_attr(pkt, RADIUS_VENDOR_MICROSOFT, RADIUS_VTYPE_MS_CHAP2_SUCCESS, buf, &len) == 0) { fprintf(out, " MS-CHAP-Success = Id=%u \"%s\"\n", (u_int)(u_char)buf[0], buf + 1); } memset(buf, 0, sizeof(buf)); len = sizeof(buf) - 1; if (radius_get_vs_raw_attr(pkt, RADIUS_VENDOR_MICROSOFT, RADIUS_VTYPE_MS_CHAP_ERROR, buf, &len) == 0) { fprintf(out, " MS-CHAP-Error = Id=%u \"%s\"\n", (u_int)(u_char)buf[0], buf + 1); } memset(buf, 0, sizeof(buf)); len = sizeof(buf); if (radius_get_vs_raw_attr(pkt, RADIUS_VENDOR_MICROSOFT, RADIUS_VTYPE_MPPE_SEND_KEY, buf, &len) == 0) fprintf(out, " MS-MPPE-Send-Key = %s\n", (hexstr(buf, len, buf1, sizeof(buf1))) ? buf1 : "(too long)"); memset(buf, 0, sizeof(buf)); len = sizeof(buf); if (radius_get_vs_raw_attr(pkt, RADIUS_VENDOR_MICROSOFT, RADIUS_VTYPE_MPPE_RECV_KEY, buf, &len) == 0) fprintf(out, " MS-MPPE-Recv-Key = %s\n", (hexstr(buf, len, buf1, sizeof(buf1))) ? buf1 : "(too long)"); memset(buf, 0, sizeof(buf)); len = sizeof(buf); if (radius_get_vs_raw_attr(pkt, RADIUS_VENDOR_MICROSOFT, RADIUS_VTYPE_MPPE_ENCRYPTION_POLICY, buf, &len) == 0) fprintf(out, " MS-MPPE-Encryption-Policy = 0x%08x\n", ntohl(*(u_long *)buf)); memset(buf, 0, sizeof(buf)); len = sizeof(buf); if (radius_get_vs_raw_attr(pkt, RADIUS_VENDOR_MICROSOFT, RADIUS_VTYPE_MPPE_ENCRYPTION_TYPES, buf, &len) == 0) fprintf(out, " MS-MPPE-Encryption-Types = 0x%08x\n", ntohl(*(u_long *)buf)); if (radius_get_string_attr(pkt, RADIUS_TYPE_REPLY_MESSAGE, buf, sizeof(buf)) == 0) fprintf(out, " Reply-Message = \"%s\"\n", buf); memset(buf, 0, sizeof(buf)); len = sizeof(buf); if (radius_get_uint32_attr(pkt, RADIUS_TYPE_NAS_PORT, &u32val) == 0) fprintf(out, " NAS-Port = %lu\n", (u_long)u32val); memset(buf, 0, sizeof(buf)); len = sizeof(buf); if (radius_get_ipv4_attr(pkt, RADIUS_TYPE_NAS_IP_ADDRESS, &ipv4) == 0) fprintf(out, " NAS-IP-Address = %s\n", inet_ntoa(ipv4)); memset(buf, 0, sizeof(buf)); len = sizeof(buf); if (radius_get_raw_attr(pkt, RADIUS_TYPE_NAS_IPV6_ADDRESS, buf, &len) == 0) fprintf(out, " NAS-IPv6-Address = %s\n", inet_ntop(AF_INET6, buf, buf1, len)); }
static void chap_radius_response(void *context, RADIUS_PACKET *pkt, int flags, RADIUS_REQUEST_CTX reqctx) { int code, lrespkt; const char *secret, *reason = ""; chap *_this; u_char *respkt, *respkt0; int errorCode; RADIUS_REQUEST_CTX radctx; CHAP_ASSERT(context != NULL); reason = ""; errorCode = ERROR_AUTH_SERVER_TIMEOUT; _this = context; secret = radius_get_server_secret(_this->radctx); radctx = _this->radctx; _this->radctx = NULL; /* IMPORTANT */ respkt = respkt0 = ppp_packetbuf(_this->ppp, PPP_PROTO_CHAP) + HEADERLEN; lrespkt = _this->ppp->mru - HEADERLEN; if (pkt == NULL) { if (flags & RADIUS_REQUEST_TIMEOUT) reason = "timeout"; else if (flags & RADIUS_REQUEST_ERROR) reason = strerror(errno); else reason = "error"; goto auth_failed; } code = radius_get_code(pkt); if (code == RADIUS_CODE_ACCESS_REJECT) { reason="reject"; errorCode = ERROR_AUTHENTICATION_FAILURE; /* Windows peer will reset the password by this error code */ goto auth_failed; } else if (code != RADIUS_CODE_ACCESS_ACCEPT) { reason="error"; goto auth_failed; } if ((flags & RADIUS_REQUEST_CHECK_AUTHENTICATOR_OK) == 0 && (flags & RADIUS_REQUEST_CHECK_AUTHENTICATOR_NO_CHECK) == 0) { reason="bad_authenticator"; goto auth_failed; } /* * Authetication OK */ switch (_this->type) { case PPP_AUTH_CHAP_MD5: chap_response(_this, 1, "OK", 2); break; case PPP_AUTH_CHAP_MS_V2: { struct RADIUS_MS_CHAP2_SUCCESS success; #ifdef USE_NPPPD_MPPE struct RADIUS_MPPE_KEY sendkey, recvkey; #endif size_t len; len = sizeof(success); if (radius_get_vs_raw_attr(pkt, RADIUS_VENDOR_MICROSOFT, RADIUS_VTYPE_MS_CHAP2_SUCCESS, &success, &len) != 0) { chap_log(_this, LOG_ERR, "no ms_chap2_success"); goto auth_failed; } #ifdef USE_NPPPD_MPPE if (_this->ppp->mppe.enabled != 0) { len = sizeof(sendkey); if (radius_get_vs_raw_attr(pkt, RADIUS_VENDOR_MICROSOFT, RADIUS_VTYPE_MPPE_SEND_KEY, &sendkey, &len) != 0) { chap_log(_this, LOG_ERR, "no mppe_send_key"); goto auth_failed; } len = sizeof(recvkey); if (radius_get_vs_raw_attr(pkt, RADIUS_VENDOR_MICROSOFT, RADIUS_VTYPE_MPPE_RECV_KEY, &recvkey, &len) != 0) { chap_log(_this, LOG_ERR, "no mppe_recv_key"); goto auth_failed; } mschap_radiuskey(_this->ppp->mppe.send.master_key, sendkey.salt, _this->authenticator, secret); mschap_radiuskey(_this->ppp->mppe.recv.master_key, recvkey.salt, _this->authenticator, secret); } #endif chap_response(_this, 1, success.str, sizeof(success.str)); break; } } ppp_process_radius_framed_ip(_this->ppp, pkt); return; auth_failed: chap_log(_this, LOG_WARNING, "Radius authentication request failed: %s", reason); /* No extra information */ chap_failure(_this, "FAILED", errorCode); }