d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
e4a5d947a3
freebsd-nq/usr.sbin/ppp/chap.c

406 lines
11 KiB
C
Raw Normal View History

1995-01-31 06:29:58 +00:00
/*
* PPP CHAP Module
*
* Written by Toshiharu OHNO (tony-o@iij.ad.jp)
*
* Copyright (C) 1993, Internet Initiative Japan, Inc. All rights reserverd.
*
* Redistribution and use in source and binary forms are permitted
* provided that the above copyright notice and this paragraph are
* duplicated in all such forms and that any documentation,
* advertising materials, and other materials related to such
* distribution and use acknowledge that the software was developed
* by the Internet Initiative Japan, Inc. The name of the
* IIJ may not be used to endorse or promote products derived
* from this software without specific prior written permission.
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
Remove trailing whitespace.
1995-05-30 03:57:47 +00:00
*
Correct server-side chap authentication comparison (broken with last commit).
1999-02-07 13:56:29 +00:00
* $Id: chap.c,v 1.41 1999/02/07 13:48:38 brian Exp $
Remove trailing whitespace.
1995-05-30 03:57:47 +00:00
*
1995-01-31 06:29:58 +00:00
* TODO:
*/
Initial RADIUS support (using libradius). See the man page for details. Compiling with -DNORADIUS (the default for `release') removes support. TODO: The functionality in libradius::rad_send_request() needs to be supplied as a set of routines so that ppp doesn't have to wait indefinitely for the radius server(s). Instead, we need to get a descriptor back, select() on the descriptor, and ask libradius to service it when necessary. For now, ppp blocks SIGALRM while in rad_send_request(), so it misses PAP/CHAP retries & timeouts if they occur. Only PAP is functional. When CHAP is attempted, libradius complains that no User-Password has been specified... rfc2138 says that it *mustn't* be used for CHAP :-( Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-01-28 01:56:34 +00:00
#include <sys/param.h>
Cosmetic (no functional changes): o Add missing $Id$s o Move extern decls from .c -> .h files o Staticize o Remove #includes from .h files o style(9)ify includes o bcopy -> memcpy bzero -> memset bcmp -> memcmp index -> strchr rindex -> strrchr o Move timeout.h -> timer.h (making it consistent w/ timer.c) o Add -Wmissing-prototypes
1997-10-26 01:04:02 +00:00
#include <netinet/in.h>
Move VJ compression state and stats into struct ipcp.
1998-03-16 22:54:35 +00:00
#include <netinet/in_systm.h>
#include <netinet/ip.h>
o Add the link name to modem diagnostics. o Create struct mpserver as part of struct mp. mpserver creates a unix-domain socket based on the peers auth name and endpoint discriminator. If it already exists, ppp will ``pass the link'' over to the owner of the socket, joining it into the bundle of another ppp invocation, otherwise ppp waits for other invocations to pass it links through this socket. The final piece of code will be the code that flattens our datalink info and passes it down this channel (not yet implemented).
1998-04-28 01:25:46 +00:00
#include <sys/un.h>
Cosmetic (no functional changes): o Add missing $Id$s o Move extern decls from .c -> .h files o Staticize o Remove #includes from .h files o style(9)ify includes o bcopy -> memcpy bzero -> memset bcmp -> memcmp index -> strchr rindex -> strrchr o Move timeout.h -> timer.h (making it consistent w/ timer.c) o Add -Wmissing-prototypes
1997-10-26 01:04:02 +00:00
Remove redundant includes
1998-06-27 14:18:15 +00:00
#ifdef HAVE_DES
o Add some missing #includes o Calculate base device name correctly.
1998-05-21 22:55:08 +00:00
#include <md4.h>
Decouple pap & chap output routines from the corresponding input routines and take advantage of the new init/continue interface in libradius. This allows a timely response on other links in an MP setup while RADIUS requests are in progress as well as the ability to handle other data from the peer in parallel. It should also make the future addition of PAM support trivial. While I'm in there, validate pap & chap header IDs if ``idcheck'' is enabled (the default) for other FSM packet types. NOTE: This involved integrating the generation of chap challenges and the validation of chap responses (and commenting what's going on in those routines). I currently have no way of testing ppps ability to respond to M$Chap CHALLENGEs correctly, so if someone could do the honours, it'd be much appreciated (it *looks* ok!). Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-02-06 02:54:47 +00:00
#include <string.h>
Remove redundant includes
1998-06-27 14:18:15 +00:00
#endif
Cosmetic (no functional changes): o Add missing $Id$s o Move extern decls from .c -> .h files o Staticize o Remove #includes from .h files o style(9)ify includes o bcopy -> memcpy bzero -> memset bcmp -> memcmp index -> strchr rindex -> strrchr o Move timeout.h -> timer.h (making it consistent w/ timer.c) o Add -Wmissing-prototypes
1997-10-26 01:04:02 +00:00
#include <md5.h>
#include <stdlib.h>
Create `struct async' and make it part of `struct physical'. This structure contains the asynchronous state of the physical link. Unfortunately, just about every .h file is included in every .c file now. Fixing this can be one of the last jobs.
1998-02-02 19:33:40 +00:00
#include <termios.h>
Allow Microsoft CHAP authentication. This is a combination of MD4 & DES. Submitted by: Gabor Kincses <gabor@acm.org>
1997-09-25 00:52:37 +00:00
Cosmetic (no functional changes): o Add missing $Id$s o Move extern decls from .c -> .h files o Staticize o Remove #includes from .h files o style(9)ify includes o bcopy -> memcpy bzero -> memset bcmp -> memcmp index -> strchr rindex -> strrchr o Move timeout.h -> timer.h (making it consistent w/ timer.c) o Add -Wmissing-prototypes
1997-10-26 01:04:02 +00:00
#include "mbuf.h"
#include "log.h"
#include "defs.h"
#include "timer.h"
1995-01-31 06:29:58 +00:00
#include "fsm.h"
#include "lcpproto.h"
#include "lcp.h"
De-staticise LQR information Increment OutPackets for any packet - not just LQRs MFC: o Fix a few comment typos. o Fix ``set timeout'' usage message and documentation. o Change ifOutPackets, ifOutOctets and ifOutLQRs to `u_int32_t's so that they wrap correctly. o Put the LQR in network byte order using the correct struct size (sizeof u_int32_t, not sizeof u_long). o Wrap LQR ECHO counters correctly. o Don't increment OutLQR count if the last LQR hasn't been replied to. o Initialise last received LQR in StartLqm. o Don't start the LQR timer if we're `disabled' and `accepted'. o Generate LQR responses when both sides are using a timer and we're not going to send our next LQR before the peers max timeout.
1998-03-13 00:44:26 +00:00
#include "lqr.h"
1995-01-31 06:29:58 +00:00
#include "hdlc.h"
New user Process PPP based on iij-ppp0.94beta2. o Supporting SYNC SIO device (But need a device driver) - add "set speed sync" o Fixing bug for Predictor-1 function. o Add new parameter that re-sent interval for set timeout commands. o Improving RTT (Round Trip Time) and reducing processor time. - Previous Timer service was using polling, and now using SIGALRM ;-) - A 0.94beta2 will not work correctly.... -- Follows are additinal feature not including 0.94beta2 o Support Proxy ARP - add "enable/disable proxy" commands o Marging common routine in CHAP/PAP. o Enhancing LCP/IPCP log information. o Support local Authfication connection on port 300x and tty. - You can set up pair of your "hostname -s" and password in ppp.secret. if either ppp.secret file nor your hostname line don't exist, It will notify a message and working as same as previous version.(Backword compatibility) - If you did set up them, It's allow connection but nothing to do except help and passwd command. - add "passwd yourpasswd" commands o Support afilter - keep Alive filter that a packet can send/receiving according to ifilter/ofilter but doesn't count it as preventing idle timer expires. - Same syntax of other filters. o Fixing bugs reported by current user for previous one. Thanks !! Reviewed by: Atsushi Murai (amurai@spec.co.jp)
1995-02-26 12:18:08 +00:00
#include "auth.h"
Do authentication at the datalink level, not the bundle level. The bundle doesn't get a LayerUp 'till we're authenticated. Introduce DATALINK_LCP and DATALINK_AUTH phases.
1998-03-01 01:07:49 +00:00
#include "chap.h"
Create `struct async' and make it part of `struct physical'. This structure contains the asynchronous state of the physical link. Unfortunately, just about every .h file is included in every .c file now. Fixing this can be one of the last jobs.
1998-02-02 19:33:40 +00:00
#include "async.h"
#include "throughput.h"
o Introduce struct descriptor. This will ultimately be a member of a list of descriptors and their handler functions on which we need to select() in the main loop. o Make struct physical into a `sort' of struct descriptor.
1998-02-09 19:21:11 +00:00
#include "descriptor.h"
Move the IPCP into struct bundle.
1998-03-13 21:07:46 +00:00
#include "iplist.h"
Move VJ compression state and stats into struct ipcp.
1998-03-16 22:54:35 +00:00
#include "slcompress.h"
Move the IPCP into struct bundle.
1998-03-13 21:07:46 +00:00
#include "ipcp.h"
Move filter sets into struct bundle.
1998-03-16 22:52:54 +00:00
#include "filter.h"
Do authentication at the datalink level, not the bundle level. The bundle doesn't get a LayerUp 'till we're authenticated. Introduce DATALINK_LCP and DATALINK_AUTH phases.
1998-03-01 01:07:49 +00:00
#include "ccp.h"
o Move struct lcp and struct ccp into struct link. o Remove bundle2lcp(), bundle2ccp() and bundle2link(). They're too resource-hungry and we have `owner pointers' to do their job. o Make our FSM understand LCPs that are always ST_OPENED (with a minimum code that != 1). o Send FSM code rejects for invalid codes. o Make our bundle fsm_parent deal with multiple links. o Make timer diagnostics pretty and allow access via ~t in `term' mode (not just when logging debug) and `show timers'. Only show timers every second in debug mode, otherwise we get too many diagnostics to be useful (we probably still do). Also, don't restrict ~m in term mode to depend on debug logging. o Rationalise our bundles' phases. o Create struct mp (multilink protocol). This is both an NCP and a type of struct link. It feeds off other NCPs for output, passing fragmented packets into the queues of available datalinks. It also gets PROTO_MP input, reassembles the fragments into ppp frames, and passes them back to the HDLC layer that the fragments were passed from. ** It's not yet possible to enter multilink mode :-( ** o Add `set weight' (requires context) for deciding on a links weighting in multilink mode. Weighting is simplistic (and probably badly implemented) for now. o Remove the function pointers in struct link. They ended up only applying to physical links. o Configure our tun device with an MTU equal to the MRU from struct mp's LCP and a speed equal to the sum of our link speeds. o `show {lcp,ccp,proto}' and `set deflate' now have optional context and use ChooseLink() to decide on which `struct link' to use. This allows behaviour as before when in non-multilink mode, and allows access to the MP logical link in multilink mode. o Ignore reconnect and redial values when in -direct mode and when cleaning up. Always redial when in -ddial or -dedicated mode (unless cleaning up). o Tell our links to `staydown' when we close them due to a signal. o Remove remaining `#ifdef SIGALRM's (ppp doesn't function without alarms). o Don't bother strdup()ing our physical link name. o Various other cosmetic changes.
1998-04-03 19:21:56 +00:00
#include "link.h"
#include "physical.h"
#include "mp.h"
Initial RADIUS support (using libradius). See the man page for details. Compiling with -DNORADIUS (the default for `release') removes support. TODO: The functionality in libradius::rad_send_request() needs to be supplied as a set of routines so that ppp doesn't have to wait indefinitely for the radius server(s). Instead, we need to get a descriptor back, select() on the descriptor, and ask libradius to service it when necessary. For now, ppp blocks SIGALRM while in rad_send_request(), so it misses PAP/CHAP retries & timeouts if they occur. Only PAP is functional. When CHAP is attempted, libradius complains that no User-Password has been specified... rfc2138 says that it *mustn't* be used for CHAP :-( Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-01-28 01:56:34 +00:00
#ifndef NORADIUS
#include "radius.h"
#endif
o Move struct lcp and struct ccp into struct link. o Remove bundle2lcp(), bundle2ccp() and bundle2link(). They're too resource-hungry and we have `owner pointers' to do their job. o Make our FSM understand LCPs that are always ST_OPENED (with a minimum code that != 1). o Send FSM code rejects for invalid codes. o Make our bundle fsm_parent deal with multiple links. o Make timer diagnostics pretty and allow access via ~t in `term' mode (not just when logging debug) and `show timers'. Only show timers every second in debug mode, otherwise we get too many diagnostics to be useful (we probably still do). Also, don't restrict ~m in term mode to depend on debug logging. o Rationalise our bundles' phases. o Create struct mp (multilink protocol). This is both an NCP and a type of struct link. It feeds off other NCPs for output, passing fragmented packets into the queues of available datalinks. It also gets PROTO_MP input, reassembles the fragments into ppp frames, and passes them back to the HDLC layer that the fragments were passed from. ** It's not yet possible to enter multilink mode :-( ** o Add `set weight' (requires context) for deciding on a links weighting in multilink mode. Weighting is simplistic (and probably badly implemented) for now. o Remove the function pointers in struct link. They ended up only applying to physical links. o Configure our tun device with an MTU equal to the MRU from struct mp's LCP and a speed equal to the sum of our link speeds. o `show {lcp,ccp,proto}' and `set deflate' now have optional context and use ChooseLink() to decide on which `struct link' to use. This allows behaviour as before when in non-multilink mode, and allows access to the MP logical link in multilink mode. o Ignore reconnect and redial values when in -direct mode and when cleaning up. Always redial when in -ddial or -dedicated mode (unless cleaning up). o Tell our links to `staydown' when we close them due to a signal. o Remove remaining `#ifdef SIGALRM's (ppp doesn't function without alarms). o Don't bother strdup()ing our physical link name. o Various other cosmetic changes.
1998-04-03 19:21:56 +00:00
#include "bundle.h"
Do authentication at the datalink level, not the bundle level. The bundle doesn't get a LayerUp 'till we're authenticated. Introduce DATALINK_LCP and DATALINK_AUTH phases.
1998-03-01 01:07:49 +00:00
#include "chat.h"
o Support callback types NONE, E.164, AUTH and CBCP. (see the new ``set callback'' and ``set cbcp'' commands) o Add a ``cbcp'' log level and mbuf type. o Don't dump core when \T is given in ``set login'' or ``set hangup''. o Allow ``*'' and blanks as placeholders in ppp.secret and allow a fifth field for specifying auth/cbcp dialback parameters. o Remove a few extraneous #includes o Define the default number of REQs (restart counter) in defs.h rather than hardcoding ``5'' all over the place. o Fix a few man page inconsistencies.
1998-08-07 18:42:51 +00:00
#include "cbcp.h"
Do authentication at the datalink level, not the bundle level. The bundle doesn't get a LayerUp 'till we're authenticated. Introduce DATALINK_LCP and DATALINK_AUTH phases.
1998-03-01 01:07:49 +00:00
#include "datalink.h"
Remove redundant includes
1998-06-27 14:18:15 +00:00
#ifdef HAVE_DES
o Add some missing #includes o Calculate base device name correctly.
1998-05-21 22:55:08 +00:00
#include "chap_ms.h"
Remove redundant includes
1998-06-27 14:18:15 +00:00
#endif
1995-01-31 06:29:58 +00:00
Fix prototypes. Remove extraneous decls. Add ``const'' to several places. Allow ``make NOALIAS=1'' to remove IP aliasing. Merge with OpenBSD - only the Makefiles vary. We can now survive a compile with -Wall -Wbad-function-cast -Wcast-align -Wcast-qual -Winline -Wmissing-declarations -Wmissing-prototypes -Wnested-externs -Wpointer-arith -Wredundant-decls -Wshadow -Wstrict-prototypes -Wwrite-strings -Wchar-subscripts (although the Makefile just contains -Wall).
1997-11-22 03:37:54 +00:00
static const char *chapcodes[] = {
typo
1996-11-19 11:08:27 +00:00
"???", "CHALLENGE", "RESPONSE", "SUCCESS", "FAILURE"
1995-01-31 06:29:58 +00:00
};
Decouple pap & chap output routines from the corresponding input routines and take advantage of the new init/continue interface in libradius. This allows a timely response on other links in an MP setup while RADIUS requests are in progress as well as the ability to handle other data from the peer in parallel. It should also make the future addition of PAM support trivial. While I'm in there, validate pap & chap header IDs if ``idcheck'' is enabled (the default) for other FSM packet types. NOTE: This involved integrating the generation of chap challenges and the validation of chap responses (and commenting what's going on in those routines). I currently have no way of testing ppps ability to respond to M$Chap CHALLENGEs correctly, so if someone could do the honours, it'd be much appreciated (it *looks* ok!). Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-02-06 02:54:47 +00:00
#define MAXCHAPCODE (sizeof chapcodes / sizeof chapcodes[0] - 1)
1995-01-31 06:29:58 +00:00
Cosmetic (no functional changes): o Add missing $Id$s o Move extern decls from .c -> .h files o Staticize o Remove #includes from .h files o style(9)ify includes o bcopy -> memcpy bzero -> memset bcmp -> memcmp index -> strchr rindex -> strrchr o Move timeout.h -> timer.h (making it consistent w/ timer.c) o Add -Wmissing-prototypes
1997-10-26 01:04:02 +00:00
static void
Create a new MP branch for `multilink protocol'. Do lots of initial shuffling and grouping. Submitted by: Eivind Eklund <perhaps@yes.no>
1998-01-29 00:49:32 +00:00
ChapOutput(struct physical *physical, u_int code, u_int id,
Decouple pap & chap output routines from the corresponding input routines and take advantage of the new init/continue interface in libradius. This allows a timely response on other links in an MP setup while RADIUS requests are in progress as well as the ability to handle other data from the peer in parallel. It should also make the future addition of PAM support trivial. While I'm in there, validate pap & chap header IDs if ``idcheck'' is enabled (the default) for other FSM packet types. NOTE: This involved integrating the generation of chap challenges and the validation of chap responses (and commenting what's going on in those routines). I currently have no way of testing ppps ability to respond to M$Chap CHALLENGEs correctly, so if someone could do the honours, it'd be much appreciated (it *looks* ok!). Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-02-06 02:54:47 +00:00
const u_char *ptr, int count, const char *text)
1995-01-31 06:29:58 +00:00
{
int plen;
struct fsmheader lh;
struct mbuf *bp;
Make the code format more in line with style(9). Update loadalias to use the new libalias api. Update to version 1.1.
1997-08-25 00:29:32 +00:00
plen = sizeof(struct fsmheader) + count;
1995-01-31 06:29:58 +00:00
lh.code = code;
lh.id = id;
lh.length = htons(plen);
Cosmetic: Make our external function names consistent.
1998-05-01 19:26:12 +00:00
bp = mbuf_Alloc(plen, MB_FSM);
Cosmetic (no functional changes): o Add missing $Id$s o Move extern decls from .c -> .h files o Staticize o Remove #includes from .h files o style(9)ify includes o bcopy -> memcpy bzero -> memset bcmp -> memcmp index -> strchr rindex -> strrchr o Move timeout.h -> timer.h (making it consistent w/ timer.c) o Add -Wmissing-prototypes
1997-10-26 01:04:02 +00:00
memcpy(MBUF_CTOP(bp), &lh, sizeof(struct fsmheader));
1995-01-31 06:29:58 +00:00
if (count)
Cosmetic (no functional changes): o Add missing $Id$s o Move extern decls from .c -> .h files o Staticize o Remove #includes from .h files o style(9)ify includes o bcopy -> memcpy bzero -> memset bcmp -> memcmp index -> strchr rindex -> strrchr o Move timeout.h -> timer.h (making it consistent w/ timer.c) o Add -Wmissing-prototypes
1997-10-26 01:04:02 +00:00
memcpy(MBUF_CTOP(bp) + sizeof(struct fsmheader), ptr, count);
Cosmetic: Make our external function names consistent.
1998-05-01 19:26:12 +00:00
log_DumpBp(LogDEBUG, "ChapOutput", bp);
o Tidy up PAP and CHAP diagnostics. They're now all logged as PHASE diagnostics (which are on by default). o Deal correctly with both sides wanting CHAP. o Output a warning if we're using an empty ``authname''. This is *not* what we want to do.
1998-07-28 21:54:30 +00:00
if (text == NULL)
log_Printf(LogPHASE, "Chap Output: %s\n", chapcodes[code]);
else
log_Printf(LogPHASE, "Chap Output: %s (%s)\n", chapcodes[code], text);
Cosmetic: Make our external function names consistent.
1998-05-01 19:26:12 +00:00
hdlc_Output(&physical->link, PRI_LINK, PROTO_CHAP, bp);
1995-01-31 06:29:58 +00:00
}
Decouple pap & chap output routines from the corresponding input routines and take advantage of the new init/continue interface in libradius. This allows a timely response on other links in an MP setup while RADIUS requests are in progress as well as the ability to handle other data from the peer in parallel. It should also make the future addition of PAM support trivial. While I'm in there, validate pap & chap header IDs if ``idcheck'' is enabled (the default) for other FSM packet types. NOTE: This involved integrating the generation of chap challenges and the validation of chap responses (and commenting what's going on in those routines). I currently have no way of testing ppps ability to respond to M$Chap CHALLENGEs correctly, so if someone could do the honours, it'd be much appreciated (it *looks* ok!). Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-02-06 02:54:47 +00:00
static char *
chap_BuildAnswer(char *name, char *key, u_char id, char *challenge, int MSChap)
1995-01-31 06:29:58 +00:00
{
Decouple pap & chap output routines from the corresponding input routines and take advantage of the new init/continue interface in libradius. This allows a timely response on other links in an MP setup while RADIUS requests are in progress as well as the ability to handle other data from the peer in parallel. It should also make the future addition of PAM support trivial. While I'm in there, validate pap & chap header IDs if ``idcheck'' is enabled (the default) for other FSM packet types. NOTE: This involved integrating the generation of chap challenges and the validation of chap responses (and commenting what's going on in those routines). I currently have no way of testing ppps ability to respond to M$Chap CHALLENGEs correctly, so if someone could do the honours, it'd be much appreciated (it *looks* ok!). Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-02-06 02:54:47 +00:00
char *result, *digest;
size_t nlen, klen;
nlen = strlen(name);
klen = strlen(key);
#ifdef HAVE_DES
if (MSChap) {
char expkey[AUTHLEN << 2];
MD4_CTX MD4context;
int f;
if ((result = malloc(1 + nlen + MS_CHAP_RESPONSE_LEN)) == NULL)
return result;
digest = result; /* this is the response */
*digest++ = MS_CHAP_RESPONSE_LEN; /* 49 */
memset(digest, '\0', 24);
digest += 24;
for (f = klen; f; f--) {
expkey[2*f-2] = key[f-1];
expkey[2*f-1] = 0;
}
/*
* -----------
* answer = | k\0e\0y\0 |
* -----------
*/
MD4Init(&MD4context);
MD4Update(&MD4context, expkey, klen << 1);
MD4Final(digest, &MD4context);
memcpy(digest + 25, name, nlen);
/*
* ``result'' is:
* ---- --------- -------------------- ------
* result = | 49 | 24 * \0 | digest (pad to 25) | name |
* ---- --------- -------------------- ------
*/
chap_MS(digest, challenge + 1, *challenge);
/*
* ---- --------- ---------------- --- ----------
* result = | 49 | 24 * \0 | 24 byte digest | 1 | authname |
* ---- --------- ---------------- --- ----------
*/
} else
#endif
if ((result = malloc(nlen + 17)) != NULL) {
/* Normal MD5 stuff */
MD5_CTX MD5context;
digest = result;
*digest++ = 16; /* value size */
MD5Init(&MD5context);
MD5Update(&MD5context, &id, 1);
MD5Update(&MD5context, key, klen);
MD5Update(&MD5context, challenge + 1, *challenge);
MD5Final(digest, &MD5context);
memcpy(digest + 16, name, nlen);
/*
* ---- -------- ------
* result = | 16 | digest | name |
* ---- -------- ------
*/
}
return result;
}
static void
chap_Challenge(struct authinfo *authp)
{
struct chap *chap = auth2chap(authp);
A random bunch of cleanup changes.
1996-01-10 21:28:04 +00:00
int len, i;
1995-01-31 06:29:58 +00:00
char *cp;
Cosmetic (no functional changes): o Add missing $Id$s o Move extern decls from .c -> .h files o Staticize o Remove #includes from .h files o style(9)ify includes o bcopy -> memcpy bzero -> memset bcmp -> memcmp index -> strchr rindex -> strrchr o Move timeout.h -> timer.h (making it consistent w/ timer.c) o Add -Wmissing-prototypes
1997-10-26 01:04:02 +00:00
randinit();
Decouple pap & chap output routines from the corresponding input routines and take advantage of the new init/continue interface in libradius. This allows a timely response on other links in an MP setup while RADIUS requests are in progress as well as the ability to handle other data from the peer in parallel. It should also make the future addition of PAM support trivial. While I'm in there, validate pap & chap header IDs if ``idcheck'' is enabled (the default) for other FSM packet types. NOTE: This involved integrating the generation of chap challenges and the validation of chap responses (and commenting what's going on in those routines). I currently have no way of testing ppps ability to respond to M$Chap CHALLENGEs correctly, so if someone could do the honours, it'd be much appreciated (it *looks* ok!). Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-02-06 02:54:47 +00:00
cp = chap->challenge;
o Send a CHAP challenge of 16 random digits when RADIUS is configured. This isn't strictly necessary according to the rfc, but it's suggested there.... o Don't forget to include our authname when sending a CHAP challenge when RADIUS is configured. o Don't supply the ``16'' representing the chap answer length to radius_Authenticate() - libradius does this for us. o When we successfully authenticate via radius_Authenticate(), continue with datalink_AuthOk() as expected. Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-01-29 22:46:31 +00:00
Initial RADIUS support (using libradius). See the man page for details. Compiling with -DNORADIUS (the default for `release') removes support. TODO: The functionality in libradius::rad_send_request() needs to be supplied as a set of routines so that ppp doesn't have to wait indefinitely for the radius server(s). Instead, we need to get a descriptor back, select() on the descriptor, and ask libradius to service it when necessary. For now, ppp blocks SIGALRM while in rad_send_request(), so it misses PAP/CHAP retries & timeouts if they occur. Only PAP is functional. When CHAP is attempted, libradius complains that no User-Password has been specified... rfc2138 says that it *mustn't* be used for CHAP :-( Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-01-28 01:56:34 +00:00
#ifndef NORADIUS
Decouple pap & chap output routines from the corresponding input routines and take advantage of the new init/continue interface in libradius. This allows a timely response on other links in an MP setup while RADIUS requests are in progress as well as the ability to handle other data from the peer in parallel. It should also make the future addition of PAM support trivial. While I'm in there, validate pap & chap header IDs if ``idcheck'' is enabled (the default) for other FSM packet types. NOTE: This involved integrating the generation of chap challenges and the validation of chap responses (and commenting what's going on in those routines). I currently have no way of testing ppps ability to respond to M$Chap CHALLENGEs correctly, so if someone could do the honours, it'd be much appreciated (it *looks* ok!). Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-02-06 02:54:47 +00:00
if (*authp->physical->dl->bundle->radius.cfg.file) {
Initial RADIUS support (using libradius). See the man page for details. Compiling with -DNORADIUS (the default for `release') removes support. TODO: The functionality in libradius::rad_send_request() needs to be supplied as a set of routines so that ppp doesn't have to wait indefinitely for the radius server(s). Instead, we need to get a descriptor back, select() on the descriptor, and ask libradius to service it when necessary. For now, ppp blocks SIGALRM while in rad_send_request(), so it misses PAP/CHAP retries & timeouts if they occur. Only PAP is functional. When CHAP is attempted, libradius complains that no User-Password has been specified... rfc2138 says that it *mustn't* be used for CHAP :-( Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-01-28 01:56:34 +00:00
/* For radius, our challenge is 16 readable NUL terminated bytes :*/
Decouple pap & chap output routines from the corresponding input routines and take advantage of the new init/continue interface in libradius. This allows a timely response on other links in an MP setup while RADIUS requests are in progress as well as the ability to handle other data from the peer in parallel. It should also make the future addition of PAM support trivial. While I'm in there, validate pap & chap header IDs if ``idcheck'' is enabled (the default) for other FSM packet types. NOTE: This involved integrating the generation of chap challenges and the validation of chap responses (and commenting what's going on in those routines). I currently have no way of testing ppps ability to respond to M$Chap CHALLENGEs correctly, so if someone could do the honours, it'd be much appreciated (it *looks* ok!). Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-02-06 02:54:47 +00:00
*cp++ = 16;
for (i = 0; i < 16; i++)
o Send a CHAP challenge of 16 random digits when RADIUS is configured. This isn't strictly necessary according to the rfc, but it's suggested there.... o Don't forget to include our authname when sending a CHAP challenge when RADIUS is configured. o Don't supply the ``16'' representing the chap answer length to radius_Authenticate() - libradius does this for us. o When we successfully authenticate via radius_Authenticate(), continue with datalink_AuthOk() as expected. Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-01-29 22:46:31 +00:00
*cp++ = (random() % 10) + '0';
} else
Initial RADIUS support (using libradius). See the man page for details. Compiling with -DNORADIUS (the default for `release') removes support. TODO: The functionality in libradius::rad_send_request() needs to be supplied as a set of routines so that ppp doesn't have to wait indefinitely for the radius server(s). Instead, we need to get a descriptor back, select() on the descriptor, and ask libradius to service it when necessary. For now, ppp blocks SIGALRM while in rad_send_request(), so it misses PAP/CHAP retries & timeouts if they occur. Only PAP is functional. When CHAP is attempted, libradius complains that no User-Password has been specified... rfc2138 says that it *mustn't* be used for CHAP :-( Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-01-28 01:56:34 +00:00
#endif
o Send a CHAP challenge of 16 random digits when RADIUS is configured. This isn't strictly necessary according to the rfc, but it's suggested there.... o Don't forget to include our authname when sending a CHAP challenge when RADIUS is configured. o Don't supply the ``16'' representing the chap answer length to radius_Authenticate() - libradius does this for us. o When we successfully authenticate via radius_Authenticate(), continue with datalink_AuthOk() as expected. Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-01-29 22:46:31 +00:00
{
Decouple pap & chap output routines from the corresponding input routines and take advantage of the new init/continue interface in libradius. This allows a timely response on other links in an MP setup while RADIUS requests are in progress as well as the ability to handle other data from the peer in parallel. It should also make the future addition of PAM support trivial. While I'm in there, validate pap & chap header IDs if ``idcheck'' is enabled (the default) for other FSM packet types. NOTE: This involved integrating the generation of chap challenges and the validation of chap responses (and commenting what's going on in those routines). I currently have no way of testing ppps ability to respond to M$Chap CHALLENGEs correctly, so if someone could do the honours, it'd be much appreciated (it *looks* ok!). Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-02-06 02:54:47 +00:00
*cp++ = random() % (CHAPCHALLENGELEN-16) + 16;
for (i = 0; i < *chap->challenge; i++)
Initial RADIUS support (using libradius). See the man page for details. Compiling with -DNORADIUS (the default for `release') removes support. TODO: The functionality in libradius::rad_send_request() needs to be supplied as a set of routines so that ppp doesn't have to wait indefinitely for the radius server(s). Instead, we need to get a descriptor back, select() on the descriptor, and ask libradius to service it when necessary. For now, ppp blocks SIGALRM while in rad_send_request(), so it misses PAP/CHAP retries & timeouts if they occur. Only PAP is functional. When CHAP is attempted, libradius complains that no User-Password has been specified... rfc2138 says that it *mustn't* be used for CHAP :-( Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-01-28 01:56:34 +00:00
*cp++ = random() & 0xff;
}
o Send a CHAP challenge of 16 random digits when RADIUS is configured. This isn't strictly necessary according to the rfc, but it's suggested there.... o Don't forget to include our authname when sending a CHAP challenge when RADIUS is configured. o Don't supply the ``16'' representing the chap answer length to radius_Authenticate() - libradius does this for us. o When we successfully authenticate via radius_Authenticate(), continue with datalink_AuthOk() as expected. Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-01-29 22:46:31 +00:00
Decouple pap & chap output routines from the corresponding input routines and take advantage of the new init/continue interface in libradius. This allows a timely response on other links in an MP setup while RADIUS requests are in progress as well as the ability to handle other data from the peer in parallel. It should also make the future addition of PAM support trivial. While I'm in there, validate pap & chap header IDs if ``idcheck'' is enabled (the default) for other FSM packet types. NOTE: This involved integrating the generation of chap challenges and the validation of chap responses (and commenting what's going on in those routines). I currently have no way of testing ppps ability to respond to M$Chap CHALLENGEs correctly, so if someone could do the honours, it'd be much appreciated (it *looks* ok!). Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-02-06 02:54:47 +00:00
len = strlen(authp->physical->dl->bundle->cfg.auth.name);
memcpy(cp, authp->physical->dl->bundle->cfg.auth.name, len);
o Send a CHAP challenge of 16 random digits when RADIUS is configured. This isn't strictly necessary according to the rfc, but it's suggested there.... o Don't forget to include our authname when sending a CHAP challenge when RADIUS is configured. o Don't supply the ``16'' representing the chap answer length to radius_Authenticate() - libradius does this for us. o When we successfully authenticate via radius_Authenticate(), continue with datalink_AuthOk() as expected. Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-01-29 22:46:31 +00:00
cp += len;
Decouple pap & chap output routines from the corresponding input routines and take advantage of the new init/continue interface in libradius. This allows a timely response on other links in an MP setup while RADIUS requests are in progress as well as the ability to handle other data from the peer in parallel. It should also make the future addition of PAM support trivial. While I'm in there, validate pap & chap header IDs if ``idcheck'' is enabled (the default) for other FSM packet types. NOTE: This involved integrating the generation of chap challenges and the validation of chap responses (and commenting what's going on in those routines). I currently have no way of testing ppps ability to respond to M$Chap CHALLENGEs correctly, so if someone could do the honours, it'd be much appreciated (it *looks* ok!). Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-02-06 02:54:47 +00:00
ChapOutput(authp->physical, CHAP_CHALLENGE, authp->id, chap->challenge,
cp - chap->challenge, NULL);
1995-01-31 06:29:58 +00:00
}
Cosmetic (no functional changes): o Add missing $Id$s o Move extern decls from .c -> .h files o Staticize o Remove #includes from .h files o style(9)ify includes o bcopy -> memcpy bzero -> memset bcmp -> memcmp index -> strchr rindex -> strrchr o Move timeout.h -> timer.h (making it consistent w/ timer.c) o Add -Wmissing-prototypes
1997-10-26 01:04:02 +00:00
static void
Decouple pap & chap output routines from the corresponding input routines and take advantage of the new init/continue interface in libradius. This allows a timely response on other links in an MP setup while RADIUS requests are in progress as well as the ability to handle other data from the peer in parallel. It should also make the future addition of PAM support trivial. While I'm in there, validate pap & chap header IDs if ``idcheck'' is enabled (the default) for other FSM packet types. NOTE: This involved integrating the generation of chap challenges and the validation of chap responses (and commenting what's going on in those routines). I currently have no way of testing ppps ability to respond to M$Chap CHALLENGEs correctly, so if someone could do the honours, it'd be much appreciated (it *looks* ok!). Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-02-06 02:54:47 +00:00
chap_Success(struct authinfo *authp)
1995-01-31 06:29:58 +00:00
{
Decouple pap & chap output routines from the corresponding input routines and take advantage of the new init/continue interface in libradius. This allows a timely response on other links in an MP setup while RADIUS requests are in progress as well as the ability to handle other data from the peer in parallel. It should also make the future addition of PAM support trivial. While I'm in there, validate pap & chap header IDs if ``idcheck'' is enabled (the default) for other FSM packet types. NOTE: This involved integrating the generation of chap challenges and the validation of chap responses (and commenting what's going on in those routines). I currently have no way of testing ppps ability to respond to M$Chap CHALLENGEs correctly, so if someone could do the honours, it'd be much appreciated (it *looks* ok!). Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-02-06 02:54:47 +00:00
datalink_GotAuthname(authp->physical->dl, authp->in.name);
ChapOutput(authp->physical, CHAP_SUCCESS, authp->id, "Welcome!!", 10, NULL);
authp->physical->link.lcp.auth_ineed = 0;
if (Enabled(authp->physical->dl->bundle, OPT_UTMP))
physical_Login(authp->physical, authp->in.name);
Allow Microsoft CHAP authentication. This is a combination of MD4 & DES. Submitted by: Gabor Kincses <gabor@acm.org>
1997-09-25 00:52:37 +00:00
Decouple pap & chap output routines from the corresponding input routines and take advantage of the new init/continue interface in libradius. This allows a timely response on other links in an MP setup while RADIUS requests are in progress as well as the ability to handle other data from the peer in parallel. It should also make the future addition of PAM support trivial. While I'm in there, validate pap & chap header IDs if ``idcheck'' is enabled (the default) for other FSM packet types. NOTE: This involved integrating the generation of chap challenges and the validation of chap responses (and commenting what's going on in those routines). I currently have no way of testing ppps ability to respond to M$Chap CHALLENGEs correctly, so if someone could do the honours, it'd be much appreciated (it *looks* ok!). Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-02-06 02:54:47 +00:00
if (authp->physical->link.lcp.auth_iwait == 0)
When responding to a CHAP challenge, don't try to use ppp.secret to get a key value based on the peers name, then send the value of AuthName with the encrypted result. This is *way* too confusing. Instead, always use AuthName and AuthKey as the documentation says.
1997-11-09 03:55:27 +00:00
/*
Decouple pap & chap output routines from the corresponding input routines and take advantage of the new init/continue interface in libradius. This allows a timely response on other links in an MP setup while RADIUS requests are in progress as well as the ability to handle other data from the peer in parallel. It should also make the future addition of PAM support trivial. While I'm in there, validate pap & chap header IDs if ``idcheck'' is enabled (the default) for other FSM packet types. NOTE: This involved integrating the generation of chap challenges and the validation of chap responses (and commenting what's going on in those routines). I currently have no way of testing ppps ability to respond to M$Chap CHALLENGEs correctly, so if someone could do the honours, it'd be much appreciated (it *looks* ok!). Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-02-06 02:54:47 +00:00
* Either I didn't need to authenticate, or I've already been
* told that I got the answer right.
When responding to a CHAP challenge, don't try to use ppp.secret to get a key value based on the peers name, then send the value of AuthName with the encrypted result. This is *way* too confusing. Instead, always use AuthName and AuthKey as the documentation says.
1997-11-09 03:55:27 +00:00
*/
Decouple pap & chap output routines from the corresponding input routines and take advantage of the new init/continue interface in libradius. This allows a timely response on other links in an MP setup while RADIUS requests are in progress as well as the ability to handle other data from the peer in parallel. It should also make the future addition of PAM support trivial. While I'm in there, validate pap & chap header IDs if ``idcheck'' is enabled (the default) for other FSM packet types. NOTE: This involved integrating the generation of chap challenges and the validation of chap responses (and commenting what's going on in those routines). I currently have no way of testing ppps ability to respond to M$Chap CHALLENGEs correctly, so if someone could do the honours, it'd be much appreciated (it *looks* ok!). Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-02-06 02:54:47 +00:00
datalink_AuthOk(authp->physical->dl);
1995-01-31 06:29:58 +00:00
}
Cosmetic (no functional changes): o Add missing $Id$s o Move extern decls from .c -> .h files o Staticize o Remove #includes from .h files o style(9)ify includes o bcopy -> memcpy bzero -> memset bcmp -> memcmp index -> strchr rindex -> strrchr o Move timeout.h -> timer.h (making it consistent w/ timer.c) o Add -Wmissing-prototypes
1997-10-26 01:04:02 +00:00
static void
Decouple pap & chap output routines from the corresponding input routines and take advantage of the new init/continue interface in libradius. This allows a timely response on other links in an MP setup while RADIUS requests are in progress as well as the ability to handle other data from the peer in parallel. It should also make the future addition of PAM support trivial. While I'm in there, validate pap & chap header IDs if ``idcheck'' is enabled (the default) for other FSM packet types. NOTE: This involved integrating the generation of chap challenges and the validation of chap responses (and commenting what's going on in those routines). I currently have no way of testing ppps ability to respond to M$Chap CHALLENGEs correctly, so if someone could do the honours, it'd be much appreciated (it *looks* ok!). Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-02-06 02:54:47 +00:00
chap_Failure(struct authinfo *authp)
1995-01-31 06:29:58 +00:00
{
Decouple pap & chap output routines from the corresponding input routines and take advantage of the new init/continue interface in libradius. This allows a timely response on other links in an MP setup while RADIUS requests are in progress as well as the ability to handle other data from the peer in parallel. It should also make the future addition of PAM support trivial. While I'm in there, validate pap & chap header IDs if ``idcheck'' is enabled (the default) for other FSM packet types. NOTE: This involved integrating the generation of chap challenges and the validation of chap responses (and commenting what's going on in those routines). I currently have no way of testing ppps ability to respond to M$Chap CHALLENGEs correctly, so if someone could do the honours, it'd be much appreciated (it *looks* ok!). Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-02-06 02:54:47 +00:00
ChapOutput(authp->physical, CHAP_FAILURE, authp->id, "Invalid!!", 9, NULL);
datalink_AuthNotOk(authp->physical->dl);
1995-01-31 06:29:58 +00:00
}
void
Decouple pap & chap output routines from the corresponding input routines and take advantage of the new init/continue interface in libradius. This allows a timely response on other links in an MP setup while RADIUS requests are in progress as well as the ability to handle other data from the peer in parallel. It should also make the future addition of PAM support trivial. While I'm in there, validate pap & chap header IDs if ``idcheck'' is enabled (the default) for other FSM packet types. NOTE: This involved integrating the generation of chap challenges and the validation of chap responses (and commenting what's going on in those routines). I currently have no way of testing ppps ability to respond to M$Chap CHALLENGEs correctly, so if someone could do the honours, it'd be much appreciated (it *looks* ok!). Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-02-06 02:54:47 +00:00
chap_Init(struct chap *chap, struct physical *p)
1995-01-31 06:29:58 +00:00
{
Decouple pap & chap output routines from the corresponding input routines and take advantage of the new init/continue interface in libradius. This allows a timely response on other links in an MP setup while RADIUS requests are in progress as well as the ability to handle other data from the peer in parallel. It should also make the future addition of PAM support trivial. While I'm in there, validate pap & chap header IDs if ``idcheck'' is enabled (the default) for other FSM packet types. NOTE: This involved integrating the generation of chap challenges and the validation of chap responses (and commenting what's going on in those routines). I currently have no way of testing ppps ability to respond to M$Chap CHALLENGEs correctly, so if someone could do the honours, it'd be much appreciated (it *looks* ok!). Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-02-06 02:54:47 +00:00
auth_Init(&chap->auth, p, chap_Challenge, chap_Success, chap_Failure);
*chap->challenge = 0;
chap->using_MSChap = 0;
}
void
chap_Input(struct physical *p, struct mbuf *bp)
{
struct chap *chap = &p->dl->chap;
char *name, *key, *ans, *myans;
int len, nlen;
u_char alen;
if ((bp = auth_ReadHeader(&chap->auth, bp)) == NULL)
log_Printf(LogERROR, "Chap Input: Truncated header !\n");
else if (chap->auth.in.hdr.code == 0 || chap->auth.in.hdr.code > MAXCHAPCODE)
log_Printf(LogPHASE, "Chap Input: %d: Bad CHAP code !\n",
chap->auth.in.hdr.code);
else {
len = mbuf_Length(bp);
ans = NULL;
if (chap->auth.in.hdr.code != CHAP_CHALLENGE &&
chap->auth.id != chap->auth.in.hdr.id &&
Enabled(p->dl->bundle, OPT_IDCHECK)) {
/* Wrong conversation dude ! */
log_Printf(LogPHASE, "Chap Input: %s dropped (got id %d, not %d)\n",
chapcodes[chap->auth.in.hdr.code], chap->auth.in.hdr.id,
chap->auth.id);
mbuf_Free(bp);
return;
}
chap->auth.id = chap->auth.in.hdr.id; /* We respond with this id */
switch (chap->auth.in.hdr.code) {
case CHAP_CHALLENGE:
bp = mbuf_Read(bp, chap->challenge, 1);
len -= *chap->challenge + 1;
if (len < 0) {
log_Printf(LogERROR, "Chap Input: Truncated challenge !\n");
mbuf_Free(bp);
return;
}
bp = mbuf_Read(bp, chap->challenge + 1, *chap->challenge);
bp = auth_ReadName(&chap->auth, bp, len);
break;
1995-01-31 06:29:58 +00:00
case CHAP_RESPONSE:
Decouple pap & chap output routines from the corresponding input routines and take advantage of the new init/continue interface in libradius. This allows a timely response on other links in an MP setup while RADIUS requests are in progress as well as the ability to handle other data from the peer in parallel. It should also make the future addition of PAM support trivial. While I'm in there, validate pap & chap header IDs if ``idcheck'' is enabled (the default) for other FSM packet types. NOTE: This involved integrating the generation of chap challenges and the validation of chap responses (and commenting what's going on in those routines). I currently have no way of testing ppps ability to respond to M$Chap CHALLENGEs correctly, so if someone could do the honours, it'd be much appreciated (it *looks* ok!). Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-02-06 02:54:47 +00:00
auth_StopTimer(&chap->auth);
bp = mbuf_Read(bp, &alen, 1);
len -= alen + 1;
if (len < 0) {
log_Printf(LogERROR, "Chap Input: Truncated response !\n");
mbuf_Free(bp);
return;
}
if ((ans = malloc(alen + 2)) == NULL) {
log_Printf(LogERROR, "Chap Input: Out of memory !\n");
mbuf_Free(bp);
return;
}
*ans = chap->auth.id;
bp = mbuf_Read(bp, ans + 1, alen);
ans[alen+1] = '\0';
bp = auth_ReadName(&chap->auth, bp, len);
break;
case CHAP_SUCCESS:
case CHAP_FAILURE:
/* chap->auth.in.name is already set up at CHALLENGE time */
if ((ans = malloc(len + 1)) == NULL) {
log_Printf(LogERROR, "Chap Input: Out of memory !\n");
mbuf_Free(bp);
return;
}
bp = mbuf_Read(bp, ans, len);
ans[len] = '\0';
break;
}
switch (chap->auth.in.hdr.code) {
New user Process PPP based on iij-ppp0.94beta2. o Supporting SYNC SIO device (But need a device driver) - add "set speed sync" o Fixing bug for Predictor-1 function. o Add new parameter that re-sent interval for set timeout commands. o Improving RTT (Round Trip Time) and reducing processor time. - Previous Timer service was using polling, and now using SIGALRM ;-) - A 0.94beta2 will not work correctly.... -- Follows are additinal feature not including 0.94beta2 o Support Proxy ARP - add "enable/disable proxy" commands o Marging common routine in CHAP/PAP. o Enhancing LCP/IPCP log information. o Support local Authfication connection on port 300x and tty. - You can set up pair of your "hostname -s" and password in ppp.secret. if either ppp.secret file nor your hostname line don't exist, It will notify a message and working as same as previous version.(Backword compatibility) - If you did set up them, It's allow connection but nothing to do except help and passwd command. - add "passwd yourpasswd" commands o Support afilter - keep Alive filter that a packet can send/receiving according to ifilter/ofilter but doesn't count it as preventing idle timer expires. - Same syntax of other filters. o Fixing bugs reported by current user for previous one. Thanks !! Reviewed by: Atsushi Murai (amurai@spec.co.jp)
1995-02-26 12:18:08 +00:00
case CHAP_CHALLENGE:
Decouple pap & chap output routines from the corresponding input routines and take advantage of the new init/continue interface in libradius. This allows a timely response on other links in an MP setup while RADIUS requests are in progress as well as the ability to handle other data from the peer in parallel. It should also make the future addition of PAM support trivial. While I'm in there, validate pap & chap header IDs if ``idcheck'' is enabled (the default) for other FSM packet types. NOTE: This involved integrating the generation of chap challenges and the validation of chap responses (and commenting what's going on in those routines). I currently have no way of testing ppps ability to respond to M$Chap CHALLENGEs correctly, so if someone could do the honours, it'd be much appreciated (it *looks* ok!). Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-02-06 02:54:47 +00:00
case CHAP_RESPONSE:
if (*chap->auth.in.name)
log_Printf(LogPHASE, "Chap Input: %s (from %s)\n",
chapcodes[chap->auth.in.hdr.code], chap->auth.in.name);
else
log_Printf(LogPHASE, "Chap Input: %s\n",
chapcodes[chap->auth.in.hdr.code]);
break;
1995-01-31 06:29:58 +00:00
case CHAP_SUCCESS:
case CHAP_FAILURE:
Decouple pap & chap output routines from the corresponding input routines and take advantage of the new init/continue interface in libradius. This allows a timely response on other links in an MP setup while RADIUS requests are in progress as well as the ability to handle other data from the peer in parallel. It should also make the future addition of PAM support trivial. While I'm in there, validate pap & chap header IDs if ``idcheck'' is enabled (the default) for other FSM packet types. NOTE: This involved integrating the generation of chap challenges and the validation of chap responses (and commenting what's going on in those routines). I currently have no way of testing ppps ability to respond to M$Chap CHALLENGEs correctly, so if someone could do the honours, it'd be much appreciated (it *looks* ok!). Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-02-06 02:54:47 +00:00
if (*ans)
log_Printf(LogPHASE, "Chap Input: %s (%s)\n",
chapcodes[chap->auth.in.hdr.code], ans);
else
log_Printf(LogPHASE, "Chap Input: %s\n",
chapcodes[chap->auth.in.hdr.code]);
break;
1995-01-31 06:29:58 +00:00
}
Decouple pap & chap output routines from the corresponding input routines and take advantage of the new init/continue interface in libradius. This allows a timely response on other links in an MP setup while RADIUS requests are in progress as well as the ability to handle other data from the peer in parallel. It should also make the future addition of PAM support trivial. While I'm in there, validate pap & chap header IDs if ``idcheck'' is enabled (the default) for other FSM packet types. NOTE: This involved integrating the generation of chap challenges and the validation of chap responses (and commenting what's going on in those routines). I currently have no way of testing ppps ability to respond to M$Chap CHALLENGEs correctly, so if someone could do the honours, it'd be much appreciated (it *looks* ok!). Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-02-06 02:54:47 +00:00
switch (chap->auth.in.hdr.code) {
case CHAP_CHALLENGE:
name = p->dl->bundle->cfg.auth.name;
nlen = strlen(name);
key = p->dl->bundle->cfg.auth.key;
myans = chap_BuildAnswer(name, key, chap->auth.id, chap->challenge, 0);
if (myans) {
ChapOutput(p, CHAP_RESPONSE, chap->auth.id, myans,
*myans + 1 + nlen, name);
free(myans);
} else
ChapOutput(p, CHAP_FAILURE, chap->auth.id, "Out of memory!",
14, NULL);
break;
case CHAP_RESPONSE:
name = chap->auth.in.name;
nlen = strlen(name);
#ifndef NORADIUS
if (*p->dl->bundle->radius.cfg.file) {
chap->challenge[*chap->challenge+1] = '\0';
radius_Authenticate(&p->dl->bundle->radius, &chap->auth,
chap->auth.in.name, ans, chap->challenge + 1);
} else
#endif
{
key = auth_GetSecret(p->dl->bundle, name, nlen, p);
if (key) {
myans = chap_BuildAnswer(name, key, chap->auth.id, chap->challenge,
chap->using_MSChap);
if (myans == NULL)
key = NULL;
else {
Correct server-side chap authentication comparison (broken with last commit).
1999-02-07 13:56:29 +00:00
if (*myans != alen || memcmp(myans + 1, ans + 1, *myans))
Decouple pap & chap output routines from the corresponding input routines and take advantage of the new init/continue interface in libradius. This allows a timely response on other links in an MP setup while RADIUS requests are in progress as well as the ability to handle other data from the peer in parallel. It should also make the future addition of PAM support trivial. While I'm in there, validate pap & chap header IDs if ``idcheck'' is enabled (the default) for other FSM packet types. NOTE: This involved integrating the generation of chap challenges and the validation of chap responses (and commenting what's going on in those routines). I currently have no way of testing ppps ability to respond to M$Chap CHALLENGEs correctly, so if someone could do the honours, it'd be much appreciated (it *looks* ok!). Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-02-06 02:54:47 +00:00
key = NULL;
free(myans);
}
}
if (key)
chap_Success(&chap->auth);
else
chap_Failure(&chap->auth);
}
break;
case CHAP_SUCCESS:
if (p->link.lcp.auth_iwait == PROTO_CHAP) {
p->link.lcp.auth_iwait = 0;
if (p->link.lcp.auth_ineed == 0)
/*
* We've succeeded in our ``login''
* If we're not expecting the peer to authenticate (or he already
* has), proceed to network phase.
*/
datalink_AuthOk(p->dl);
}
break;
case CHAP_FAILURE:
datalink_AuthNotOk(p->dl);
break;
}
free(ans);
1995-01-31 06:29:58 +00:00
}
Decouple pap & chap output routines from the corresponding input routines and take advantage of the new init/continue interface in libradius. This allows a timely response on other links in an MP setup while RADIUS requests are in progress as well as the ability to handle other data from the peer in parallel. It should also make the future addition of PAM support trivial. While I'm in there, validate pap & chap header IDs if ``idcheck'' is enabled (the default) for other FSM packet types. NOTE: This involved integrating the generation of chap challenges and the validation of chap responses (and commenting what's going on in those routines). I currently have no way of testing ppps ability to respond to M$Chap CHALLENGEs correctly, so if someone could do the honours, it'd be much appreciated (it *looks* ok!). Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-02-06 02:54:47 +00:00
Cosmetic: Make our external function names consistent.
1998-05-01 19:26:12 +00:00
mbuf_Free(bp);
1995-01-31 06:29:58 +00:00
}
Reference in New Issue Copy Permalink