1 /* 2 * chap-new.c - New CHAP implementation. 3 * 4 * Copyright (c) 2003 Paul Mackerras. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. The name(s) of the authors of this software must not be used to 14 * endorse or promote products derived from this software without 15 * prior written permission. 16 * 17 * 3. Redistributions of any form whatsoever must retain the following 18 * acknowledgment: 19 * "This product includes software developed by Paul Mackerras 20 * <paulus@samba.org>". 21 * 22 * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO 23 * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 24 * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY 25 * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 26 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN 27 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING 28 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 29 */ 30 31 #include "netif/ppp/ppp_opts.h" 32 #if PPP_SUPPORT && CHAP_SUPPORT /* don't build if not configured for use in lwipopts.h */ 33 34 #if 0 /* UNUSED */ 35 #include <stdlib.h> 36 #include <string.h> 37 #endif /* UNUSED */ 38 39 #include "netif/ppp/ppp_impl.h" 40 41 #if 0 /* UNUSED */ 42 #include "session.h" 43 #endif /* UNUSED */ 44 45 #include "netif/ppp/chap-new.h" 46 #include "netif/ppp/chap-md5.h" 47 #if MSCHAP_SUPPORT 48 #include "netif/ppp/chap_ms.h" 49 #endif 50 #include "netif/ppp/magic.h" 51 52 #if 0 /* UNUSED */ 53 /* Hook for a plugin to validate CHAP challenge */ 54 int (*chap_verify_hook)(const char *name, const char *ourname, int id, 55 const struct chap_digest_type *digest, 56 const unsigned char *challenge, const unsigned char *response, 57 char *message, int message_space) = NULL; 58 #endif /* UNUSED */ 59 60 #if PPP_OPTIONS 61 /* 62 * Command-line options. 63 */ 64 static option_t chap_option_list[] = { 65 { "chap-restart", o_int, &chap_timeout_time, 66 "Set timeout for CHAP", OPT_PRIO }, 67 { "chap-max-challenge", o_int, &pcb->settings.chap_max_transmits, 68 "Set max #xmits for challenge", OPT_PRIO }, 69 { "chap-interval", o_int, &pcb->settings.chap_rechallenge_time, 70 "Set interval for rechallenge", OPT_PRIO }, 71 { NULL } 72 }; 73 #endif /* PPP_OPTIONS */ 74 75 76 /* Values for flags in chap_client_state and chap_server_state */ 77 #define LOWERUP 1 78 #define AUTH_STARTED 2 79 #define AUTH_DONE 4 80 #define AUTH_FAILED 8 81 #define TIMEOUT_PENDING 0x10 82 #define CHALLENGE_VALID 0x20 83 84 /* 85 * Prototypes. 86 */ 87 static void chap_init(ppp_pcb *pcb); 88 static void chap_lowerup(ppp_pcb *pcb); 89 static void chap_lowerdown(ppp_pcb *pcb); 90 #if PPP_SERVER 91 static void chap_timeout(void *arg); 92 static void chap_generate_challenge(ppp_pcb *pcb); 93 static void chap_handle_response(ppp_pcb *pcb, int code, 94 unsigned char *pkt, int len); 95 static int chap_verify_response(ppp_pcb *pcb, const char *name, const char *ourname, int id, 96 const struct chap_digest_type *digest, 97 const unsigned char *challenge, const unsigned char *response, 98 char *message, int message_space); 99 #endif /* PPP_SERVER */ 100 static void chap_respond(ppp_pcb *pcb, int id, 101 unsigned char *pkt, int len); 102 static void chap_handle_status(ppp_pcb *pcb, int code, int id, 103 unsigned char *pkt, int len); 104 static void chap_protrej(ppp_pcb *pcb); 105 static void chap_input(ppp_pcb *pcb, unsigned char *pkt, int pktlen); 106 #if PRINTPKT_SUPPORT 107 static int chap_print_pkt(const unsigned char *p, int plen, 108 void (*printer) (void *, const char *, ...), void *arg); 109 #endif /* PRINTPKT_SUPPORT */ 110 111 /* List of digest types that we know about */ 112 static const struct chap_digest_type* const chap_digests[] = { 113 &md5_digest, 114 #if MSCHAP_SUPPORT 115 &chapms_digest, 116 &chapms2_digest, 117 #endif /* MSCHAP_SUPPORT */ 118 NULL 119 }; 120 121 /* 122 * chap_init - reset to initial state. 123 */ 124 static void chap_init(ppp_pcb *pcb) { 125 LWIP_UNUSED_ARG(pcb); 126 127 #if 0 /* Not necessary, everything is cleared in ppp_new() */ 128 memset(&pcb->chap_client, 0, sizeof(chap_client_state)); 129 #if PPP_SERVER 130 memset(&pcb->chap_server, 0, sizeof(chap_server_state)); 131 #endif /* PPP_SERVER */ 132 #endif /* 0 */ 133 } 134 135 /* 136 * chap_lowerup - we can start doing stuff now. 137 */ 138 static void chap_lowerup(ppp_pcb *pcb) { 139 140 pcb->chap_client.flags |= LOWERUP; 141 #if PPP_SERVER 142 pcb->chap_server.flags |= LOWERUP; 143 if (pcb->chap_server.flags & AUTH_STARTED) 144 chap_timeout(pcb); 145 #endif /* PPP_SERVER */ 146 } 147 148 static void chap_lowerdown(ppp_pcb *pcb) { 149 150 pcb->chap_client.flags = 0; 151 #if PPP_SERVER 152 if (pcb->chap_server.flags & TIMEOUT_PENDING) 153 UNTIMEOUT(chap_timeout, pcb); 154 pcb->chap_server.flags = 0; 155 #endif /* PPP_SERVER */ 156 } 157 158 #if PPP_SERVER 159 /* 160 * chap_auth_peer - Start authenticating the peer. 161 * If the lower layer is already up, we start sending challenges, 162 * otherwise we wait for the lower layer to come up. 163 */ 164 void chap_auth_peer(ppp_pcb *pcb, const char *our_name, int digest_code) { 165 const struct chap_digest_type *dp; 166 int i; 167 168 if (pcb->chap_server.flags & AUTH_STARTED) { 169 ppp_error("CHAP: peer authentication already started!"); 170 return; 171 } 172 for (i = 0; (dp = chap_digests[i]) != NULL; ++i) 173 if (dp->code == digest_code) 174 break; 175 if (dp == NULL) 176 ppp_fatal("CHAP digest 0x%x requested but not available", 177 digest_code); 178 179 pcb->chap_server.digest = dp; 180 pcb->chap_server.name = our_name; 181 /* Start with a random ID value */ 182 pcb->chap_server.id = magic(); 183 pcb->chap_server.flags |= AUTH_STARTED; 184 if (pcb->chap_server.flags & LOWERUP) 185 chap_timeout(pcb); 186 } 187 #endif /* PPP_SERVER */ 188 189 /* 190 * chap_auth_with_peer - Prepare to authenticate ourselves to the peer. 191 * There isn't much to do until we receive a challenge. 192 */ 193 void chap_auth_with_peer(ppp_pcb *pcb, const char *our_name, int digest_code) { 194 const struct chap_digest_type *dp; 195 int i; 196 197 if(NULL == our_name) 198 return; 199 200 if (pcb->chap_client.flags & AUTH_STARTED) { 201 ppp_error("CHAP: authentication with peer already started!"); 202 return; 203 } 204 for (i = 0; (dp = chap_digests[i]) != NULL; ++i) 205 if (dp->code == digest_code) 206 break; 207 208 if (dp == NULL) 209 ppp_fatal("CHAP digest 0x%x requested but not available", 210 digest_code); 211 212 pcb->chap_client.digest = dp; 213 pcb->chap_client.name = our_name; 214 pcb->chap_client.flags |= AUTH_STARTED; 215 } 216 217 #if PPP_SERVER 218 /* 219 * chap_timeout - It's time to send another challenge to the peer. 220 * This could be either a retransmission of a previous challenge, 221 * or a new challenge to start re-authentication. 222 */ 223 static void chap_timeout(void *arg) { 224 ppp_pcb *pcb = (ppp_pcb*)arg; 225 struct pbuf *p; 226 227 pcb->chap_server.flags &= ~TIMEOUT_PENDING; 228 if ((pcb->chap_server.flags & CHALLENGE_VALID) == 0) { 229 pcb->chap_server.challenge_xmits = 0; 230 chap_generate_challenge(pcb); 231 pcb->chap_server.flags |= CHALLENGE_VALID; 232 } else if (pcb->chap_server.challenge_xmits >= pcb->settings.chap_max_transmits) { 233 pcb->chap_server.flags &= ~CHALLENGE_VALID; 234 pcb->chap_server.flags |= AUTH_DONE | AUTH_FAILED; 235 auth_peer_fail(pcb, PPP_CHAP); 236 return; 237 } 238 239 p = pbuf_alloc(PBUF_RAW, (u16_t)(pcb->chap_server.challenge_pktlen), PPP_CTRL_PBUF_TYPE); 240 if(NULL == p) 241 return; 242 if(p->tot_len != p->len) { 243 pbuf_free(p); 244 return; 245 } 246 MEMCPY(p->payload, pcb->chap_server.challenge, pcb->chap_server.challenge_pktlen); 247 ppp_write(pcb, p); 248 ++pcb->chap_server.challenge_xmits; 249 pcb->chap_server.flags |= TIMEOUT_PENDING; 250 TIMEOUT(chap_timeout, arg, pcb->settings.chap_timeout_time); 251 } 252 253 /* 254 * chap_generate_challenge - generate a challenge string and format 255 * the challenge packet in pcb->chap_server.challenge_pkt. 256 */ 257 static void chap_generate_challenge(ppp_pcb *pcb) { 258 int clen = 1, nlen, len; 259 unsigned char *p; 260 261 p = pcb->chap_server.challenge; 262 MAKEHEADER(p, PPP_CHAP); 263 p += CHAP_HDRLEN; 264 pcb->chap_server.digest->generate_challenge(pcb, p); 265 clen = *p; 266 nlen = strlen(pcb->chap_server.name); 267 memcpy(p + 1 + clen, pcb->chap_server.name, nlen); 268 269 len = CHAP_HDRLEN + 1 + clen + nlen; 270 pcb->chap_server.challenge_pktlen = PPP_HDRLEN + len; 271 272 p = pcb->chap_server.challenge + PPP_HDRLEN; 273 p[0] = CHAP_CHALLENGE; 274 p[1] = ++pcb->chap_server.id; 275 p[2] = len >> 8; 276 p[3] = len; 277 } 278 279 /* 280 * chap_handle_response - check the response to our challenge. 281 */ 282 static void chap_handle_response(ppp_pcb *pcb, int id, 283 unsigned char *pkt, int len) { 284 int response_len, ok, mlen; 285 const unsigned char *response; 286 unsigned char *outp; 287 struct pbuf *p; 288 const char *name = NULL; /* initialized to shut gcc up */ 289 #if 0 /* UNUSED */ 290 int (*verifier)(const char *, const char *, int, const struct chap_digest_type *, 291 const unsigned char *, const unsigned char *, char *, int); 292 #endif /* UNUSED */ 293 char rname[MAXNAMELEN+1]; 294 char message[256]; 295 296 if ((pcb->chap_server.flags & LOWERUP) == 0) 297 return; 298 if (id != pcb->chap_server.challenge[PPP_HDRLEN+1] || len < 2) 299 return; 300 if (pcb->chap_server.flags & CHALLENGE_VALID) { 301 response = pkt; 302 GETCHAR(response_len, pkt); 303 len -= response_len + 1; /* length of name */ 304 name = (char *)pkt + response_len; 305 if (len < 0) 306 return; 307 308 if (pcb->chap_server.flags & TIMEOUT_PENDING) { 309 pcb->chap_server.flags &= ~TIMEOUT_PENDING; 310 UNTIMEOUT(chap_timeout, pcb); 311 } 312 #if PPP_REMOTENAME 313 if (pcb->settings.explicit_remote) { 314 name = pcb->remote_name; 315 } else 316 #endif /* PPP_REMOTENAME */ 317 { 318 /* Null terminate and clean remote name. */ 319 ppp_slprintf(rname, sizeof(rname), "%.*v", len, name); 320 name = rname; 321 } 322 323 #if 0 /* UNUSED */ 324 if (chap_verify_hook) 325 verifier = chap_verify_hook; 326 else 327 verifier = chap_verify_response; 328 ok = (*verifier)(name, pcb->chap_server.name, id, pcb->chap_server.digest, 329 pcb->chap_server.challenge + PPP_HDRLEN + CHAP_HDRLEN, 330 response, pcb->chap_server.message, sizeof(pcb->chap_server.message)); 331 #endif /* UNUSED */ 332 ok = chap_verify_response(pcb, name, pcb->chap_server.name, id, pcb->chap_server.digest, 333 pcb->chap_server.challenge + PPP_HDRLEN + CHAP_HDRLEN, 334 response, message, sizeof(message)); 335 #if 0 /* UNUSED */ 336 if (!ok || !auth_number()) { 337 #endif /* UNUSED */ 338 if (!ok) { 339 pcb->chap_server.flags |= AUTH_FAILED; 340 ppp_warn("Peer %q failed CHAP authentication", name); 341 } 342 } else if ((pcb->chap_server.flags & AUTH_DONE) == 0) 343 return; 344 345 /* send the response */ 346 mlen = strlen(message); 347 len = CHAP_HDRLEN + mlen; 348 p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN +len), PPP_CTRL_PBUF_TYPE); 349 if(NULL == p) 350 return; 351 if(p->tot_len != p->len) { 352 pbuf_free(p); 353 return; 354 } 355 356 outp = (unsigned char *)p->payload; 357 MAKEHEADER(outp, PPP_CHAP); 358 359 outp[0] = (pcb->chap_server.flags & AUTH_FAILED)? CHAP_FAILURE: CHAP_SUCCESS; 360 outp[1] = id; 361 outp[2] = len >> 8; 362 outp[3] = len; 363 if (mlen > 0) 364 memcpy(outp + CHAP_HDRLEN, message, mlen); 365 ppp_write(pcb, p); 366 367 if (pcb->chap_server.flags & CHALLENGE_VALID) { 368 pcb->chap_server.flags &= ~CHALLENGE_VALID; 369 if (!(pcb->chap_server.flags & AUTH_DONE) && !(pcb->chap_server.flags & AUTH_FAILED)) { 370 371 #if 0 /* UNUSED */ 372 /* 373 * Auth is OK, so now we need to check session restrictions 374 * to ensure everything is OK, but only if we used a 375 * plugin, and only if we're configured to check. This 376 * allows us to do PAM checks on PPP servers that 377 * authenticate against ActiveDirectory, and use AD for 378 * account info (like when using Winbind integrated with 379 * PAM). 380 */ 381 if (session_mgmt && 382 session_check(name, NULL, devnam, NULL) == 0) { 383 pcb->chap_server.flags |= AUTH_FAILED; 384 ppp_warn("Peer %q failed CHAP Session verification", name); 385 } 386 #endif /* UNUSED */ 387 388 } 389 if (pcb->chap_server.flags & AUTH_FAILED) { 390 auth_peer_fail(pcb, PPP_CHAP); 391 } else { 392 if ((pcb->chap_server.flags & AUTH_DONE) == 0) 393 auth_peer_success(pcb, PPP_CHAP, 394 pcb->chap_server.digest->code, 395 name, strlen(name)); 396 if (pcb->settings.chap_rechallenge_time) { 397 pcb->chap_server.flags |= TIMEOUT_PENDING; 398 TIMEOUT(chap_timeout, pcb, 399 pcb->settings.chap_rechallenge_time); 400 } 401 } 402 pcb->chap_server.flags |= AUTH_DONE; 403 } 404 } 405 406 /* 407 * chap_verify_response - check whether the peer's response matches 408 * what we think it should be. Returns 1 if it does (authentication 409 * succeeded), or 0 if it doesn't. 410 */ 411 static int chap_verify_response(ppp_pcb *pcb, const char *name, const char *ourname, int id, 412 const struct chap_digest_type *digest, 413 const unsigned char *challenge, const unsigned char *response, 414 char *message, int message_space) { 415 int ok; 416 unsigned char secret[MAXSECRETLEN]; 417 int secret_len; 418 419 /* Get the secret that the peer is supposed to know */ 420 if (!get_secret(pcb, name, ourname, (char *)secret, &secret_len, 1)) { 421 ppp_error("No CHAP secret found for authenticating %q", name); 422 return 0; 423 } 424 ok = digest->verify_response(pcb, id, name, secret, secret_len, challenge, 425 response, message, message_space); 426 memset(secret, 0, sizeof(secret)); 427 428 return ok; 429 } 430 #endif /* PPP_SERVER */ 431 432 /* 433 * chap_respond - Generate and send a response to a challenge. 434 */ 435 static void chap_respond(ppp_pcb *pcb, int id, 436 unsigned char *pkt, int len) { 437 int clen, nlen; 438 int secret_len; 439 struct pbuf *p; 440 u_char *outp; 441 char rname[MAXNAMELEN+1]; 442 char secret[MAXSECRETLEN+1]; 443 444 p = pbuf_alloc(PBUF_RAW, (u16_t)(RESP_MAX_PKTLEN), PPP_CTRL_PBUF_TYPE); 445 if(NULL == p) 446 return; 447 if(p->tot_len != p->len) { 448 pbuf_free(p); 449 return; 450 } 451 452 if ((pcb->chap_client.flags & (LOWERUP | AUTH_STARTED)) != (LOWERUP | AUTH_STARTED)) 453 return; /* not ready */ 454 if (len < 2 || len < pkt[0] + 1) 455 return; /* too short */ 456 clen = pkt[0]; 457 nlen = len - (clen + 1); 458 459 /* Null terminate and clean remote name. */ 460 ppp_slprintf(rname, sizeof(rname), "%.*v", nlen, pkt + clen + 1); 461 462 #if PPP_REMOTENAME 463 /* Microsoft doesn't send their name back in the PPP packet */ 464 if (pcb->settings.explicit_remote || (pcb->settings.remote_name[0] != 0 && rname[0] == 0)) 465 strlcpy(rname, pcb->settings.remote_name, sizeof(rname)); 466 #endif /* PPP_REMOTENAME */ 467 468 /* get secret for authenticating ourselves with the specified host */ 469 if (!get_secret(pcb, pcb->chap_client.name, rname, secret, &secret_len, 0)) { 470 secret_len = 0; /* assume null secret if can't find one */ 471 ppp_warn("No CHAP secret found for authenticating us to %q", rname); 472 } 473 474 outp = (u_char*)p->payload; 475 MAKEHEADER(outp, PPP_CHAP); 476 outp += CHAP_HDRLEN; 477 478 pcb->chap_client.digest->make_response(pcb, outp, id, pcb->chap_client.name, pkt, 479 secret, secret_len, pcb->chap_client.priv); 480 memset(secret, 0, secret_len); 481 482 clen = *outp; 483 nlen = strlen(pcb->chap_client.name); 484 memcpy(outp + clen + 1, pcb->chap_client.name, nlen); 485 486 outp = (u_char*)p->payload + PPP_HDRLEN; 487 len = CHAP_HDRLEN + clen + 1 + nlen; 488 outp[0] = CHAP_RESPONSE; 489 outp[1] = id; 490 outp[2] = len >> 8; 491 outp[3] = len; 492 493 pbuf_realloc(p, PPP_HDRLEN + len); 494 ppp_write(pcb, p); 495 } 496 497 static void chap_handle_status(ppp_pcb *pcb, int code, int id, 498 unsigned char *pkt, int len) { 499 const char *msg = NULL; 500 LWIP_UNUSED_ARG(id); 501 502 if ((pcb->chap_client.flags & (AUTH_DONE|AUTH_STARTED|LOWERUP)) 503 != (AUTH_STARTED|LOWERUP)) 504 return; 505 pcb->chap_client.flags |= AUTH_DONE; 506 507 if (code == CHAP_SUCCESS) { 508 /* used for MS-CHAP v2 mutual auth, yuck */ 509 if (pcb->chap_client.digest->check_success != NULL) { 510 if (!(*pcb->chap_client.digest->check_success)(pcb, pkt, len, pcb->chap_client.priv)) 511 code = CHAP_FAILURE; 512 } else 513 msg = "CHAP authentication succeeded"; 514 } else { 515 if (pcb->chap_client.digest->handle_failure != NULL) 516 (*pcb->chap_client.digest->handle_failure)(pcb, pkt, len); 517 else 518 msg = "CHAP authentication failed"; 519 } 520 if (msg) { 521 if (len > 0) 522 ppp_info("%s: %.*v", msg, len, pkt); 523 else 524 ppp_info("%s", msg); 525 } 526 if (code == CHAP_SUCCESS) 527 auth_withpeer_success(pcb, PPP_CHAP, pcb->chap_client.digest->code); 528 else { 529 pcb->chap_client.flags |= AUTH_FAILED; 530 ppp_error("CHAP authentication failed"); 531 auth_withpeer_fail(pcb, PPP_CHAP); 532 } 533 } 534 535 static void chap_input(ppp_pcb *pcb, unsigned char *pkt, int pktlen) { 536 unsigned char code, id; 537 int len; 538 539 if (pktlen < CHAP_HDRLEN) 540 return; 541 GETCHAR(code, pkt); 542 GETCHAR(id, pkt); 543 GETSHORT(len, pkt); 544 if (len < CHAP_HDRLEN || len > pktlen) 545 return; 546 len -= CHAP_HDRLEN; 547 548 switch (code) { 549 case CHAP_CHALLENGE: 550 chap_respond(pcb, id, pkt, len); 551 break; 552 #if PPP_SERVER 553 case CHAP_RESPONSE: 554 chap_handle_response(pcb, id, pkt, len); 555 break; 556 #endif /* PPP_SERVER */ 557 case CHAP_FAILURE: 558 case CHAP_SUCCESS: 559 chap_handle_status(pcb, code, id, pkt, len); 560 break; 561 default: 562 break; 563 } 564 } 565 566 static void chap_protrej(ppp_pcb *pcb) { 567 568 #if PPP_SERVER 569 if (pcb->chap_server.flags & TIMEOUT_PENDING) { 570 pcb->chap_server.flags &= ~TIMEOUT_PENDING; 571 UNTIMEOUT(chap_timeout, pcb); 572 } 573 if (pcb->chap_server.flags & AUTH_STARTED) { 574 pcb->chap_server.flags = 0; 575 auth_peer_fail(pcb, PPP_CHAP); 576 } 577 #endif /* PPP_SERVER */ 578 if ((pcb->chap_client.flags & (AUTH_STARTED|AUTH_DONE)) == AUTH_STARTED) { 579 pcb->chap_client.flags &= ~AUTH_STARTED; 580 ppp_error("CHAP authentication failed due to protocol-reject"); 581 auth_withpeer_fail(pcb, PPP_CHAP); 582 } 583 } 584 585 #if PRINTPKT_SUPPORT 586 /* 587 * chap_print_pkt - print the contents of a CHAP packet. 588 */ 589 static const char* const chap_code_names[] = { 590 "Challenge", "Response", "Success", "Failure" 591 }; 592 593 static int chap_print_pkt(const unsigned char *p, int plen, 594 void (*printer) (void *, const char *, ...), void *arg) { 595 int code, id, len; 596 int clen, nlen; 597 unsigned char x; 598 599 if (plen < CHAP_HDRLEN) 600 return 0; 601 GETCHAR(code, p); 602 GETCHAR(id, p); 603 GETSHORT(len, p); 604 if (len < CHAP_HDRLEN || len > plen) 605 return 0; 606 607 if (code >= 1 && code <= (int)LWIP_ARRAYSIZE(chap_code_names)) 608 printer(arg, " %s", chap_code_names[code-1]); 609 else 610 printer(arg, " code=0x%x", code); 611 printer(arg, " id=0x%x", id); 612 len -= CHAP_HDRLEN; 613 switch (code) { 614 case CHAP_CHALLENGE: 615 case CHAP_RESPONSE: 616 if (len < 1) 617 break; 618 clen = p[0]; 619 if (len < clen + 1) 620 break; 621 ++p; 622 nlen = len - clen - 1; 623 printer(arg, " <"); 624 for (; clen > 0; --clen) { 625 GETCHAR(x, p); 626 printer(arg, "%.2x", x); 627 } 628 printer(arg, ">, name = "); 629 ppp_print_string(p, nlen, printer, arg); 630 break; 631 case CHAP_FAILURE: 632 case CHAP_SUCCESS: 633 printer(arg, " "); 634 ppp_print_string(p, len, printer, arg); 635 break; 636 default: 637 for (clen = len; clen > 0; --clen) { 638 GETCHAR(x, p); 639 printer(arg, " %.2x", x); 640 } 641 /* no break */ 642 } 643 644 return len + CHAP_HDRLEN; 645 } 646 #endif /* PRINTPKT_SUPPORT */ 647 648 const struct protent chap_protent = { 649 PPP_CHAP, 650 chap_init, 651 chap_input, 652 chap_protrej, 653 chap_lowerup, 654 chap_lowerdown, 655 NULL, /* open */ 656 NULL, /* close */ 657 #if PRINTPKT_SUPPORT 658 chap_print_pkt, 659 #endif /* PRINTPKT_SUPPORT */ 660 #if PPP_DATAINPUT 661 NULL, /* datainput */ 662 #endif /* PPP_DATAINPUT */ 663 #if PRINTPKT_SUPPORT 664 "CHAP", /* name */ 665 NULL, /* data_name */ 666 #endif /* PRINTPKT_SUPPORT */ 667 #if PPP_OPTIONS 668 chap_option_list, 669 NULL, /* check_options */ 670 #endif /* PPP_OPTIONS */ 671 #if DEMAND_SUPPORT 672 NULL, 673 NULL 674 #endif /* DEMAND_SUPPORT */ 675 }; 676 677 #endif /* PPP_SUPPORT && CHAP_SUPPORT */ 678