xref: /dragonfly/sbin/iscontrol/auth_subr.c (revision 0ca59c34) 
1 /*-
2  * Copyright (c) 2005-2008 Daniel Braniss <danny@cs.huji.ac.il>
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
15  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
16  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
18  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
20  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
21  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
22  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
23  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
24  * SUCH DAMAGE.
25  *
26  */
27 
28 /*
29  | $Id: auth_subr.c,v 2.2 2007/06/01 08:09:37 danny Exp $
30  */
31 
32 #include <sys/param.h>
33 #include <sys/types.h>
34 #include <sys/socket.h>
35 #include <sys/sysctl.h>
36 
37 #include <netinet/in.h>
38 #include <netinet/tcp.h>
39 #include <arpa/inet.h>
40 #include <unistd.h>
41 #include <stdlib.h>
42 #include <stdio.h>
43 #include <string.h>
44 #include <fcntl.h>
45 
46 #include <md5.h>
47 #include <sha.h>
48 
49 #include "iscsi.h"
50 #include "iscontrol.h"
51 
52 static int
53 chapMD5(char id, char *cp, char *chapSecret, unsigned char *digest)
54 {
55      MD5_CTX	ctx;
56      char	*tmp;
57      int	len;
58 
59      debug_called(3);
60 
61      MD5Init(&ctx);
62 
63      MD5Update(&ctx, &id, 1);
64 
65      if((len = str2bin(chapSecret, &tmp)) == 0) {
66 	  // print error
67 	  return -1;
68      }
69      MD5Update(&ctx, tmp, len);
70      free(tmp);
71 
72      if((len = str2bin(cp, &tmp)) == 0) {
73 	  // print error
74 	  return -1;
75      }
76      MD5Update(&ctx, tmp, len);
77      free(tmp);
78 
79      MD5Final(digest, &ctx);
80 
81 
82      return 0;
83 }
84 
85 static int
86 chapSHA1(char id, char *cp, char *chapSecret, unsigned char *digest)
87 {
88      SHA1_CTX	ctx;
89      char	*tmp;
90      int	len;
91 
92      debug_called(3);
93 
94      SHA1_Init(&ctx);
95 
96      SHA1_Update(&ctx, &id, 1);
97 
98      if((len = str2bin(chapSecret, &tmp)) == 0) {
99 	  // print error
100 	  return -1;
101      }
102      SHA1_Update(&ctx, tmp, len);
103      free(tmp);
104 
105      if((len = str2bin(cp, &tmp)) == 0) {
106 	  // print error
107 	  return -1;
108      }
109      SHA1_Update(&ctx, tmp, len);
110      free(tmp);
111 
112      SHA1_Final(digest, &ctx);
113 
114      return 0;
115 
116 }
117 /*
118  | the input text format can be anything that the rfc3270 defines
119  | (see section 5.1 and str2bin)
120  | digest length for md5 is 128bits, and for sha1 is 160bits.
121  | digest is an ASCII string which represents the bits in
122  | hexadecimal or base64 according to the challenge(cp) format
123  */
124 char *
125 chapDigest(char *ap, char id, char *cp, char *chapSecret)
126 {
127      int	len;
128      unsigned	char digest[20];
129      char	encoding[3];
130 
131      debug_called(3);
132 
133      len = 0;
134      if(strcmp(ap, "5") == 0 && chapMD5(id, cp, chapSecret, digest) == 0)
135 	  len = 16;
136      else
137      if(strcmp(ap, "7") == 0 && chapSHA1(id, cp, chapSecret, digest) == 0)
138 	  len = 20;
139 
140      if(len) {
141 	  sprintf(encoding, "%.2s", cp);
142 	  return bin2str(encoding, digest, len);
143      }
144 
145      return NULL;
146 }
147 
148 char *
149 genChapChallenge(char *encoding, size_t len)
150 {
151      int	fd;
152      unsigned	char tmp[1024];
153 
154      if(len > sizeof(tmp))
155 	  return NULL;
156 
157      if((fd = open("/dev/random", O_RDONLY)) != -1) {
158 	  read(fd, tmp, len);
159 	  close(fd);
160 	  return bin2str(encoding, tmp, len);
161      }
162      perror("/dev/random");
163      // make up something ...
164      return NULL;
165 }
166 
167 #ifdef TEST_AUTH
168 static void
169 puke(char *str, unsigned char *dg, int len)
170 {
171      printf("%3d] %s\n     0x", len, str);
172      while(len-- > 0)
173 	  printf("%02x", *dg++);
174      printf("\n");
175 }
176 
177 main(int cc, char **vv)
178 {
179      char *p, *ap, *ip, *cp, *chapSecret, *digest;
180      int len;
181 
182 #if 0
183      ap = "5";
184      chapSecret = "0xa5aff013dd839b1edd31ee73a1df0b1b";
185 //     chapSecret = "abcdefghijklmnop";
186      len = str2bin(chapSecret, &cp);
187      puke(chapSecret, cp, len);
188 
189      ip = "238";
190      cp = "0xbd456029";
191 
192 
193      if((digest = chapDigest(ap, ip, cp, chapSecret)) != NULL) {
194 	  len = str2bin(digest, &cp);
195 	  puke(digest, cp, len);
196      }
197 #else
198      printf("%d] %s\n", 24, genChallenge("0X", 24));
199 #endif
200 }
201 #endif
202