1 /* 2 * PPP CHAP Module 3 * 4 * Written by Toshiharu OHNO (tony-o@iij.ad.jp) 5 * 6 * Copyright (C) 1993, Internet Initiative Japan, Inc. All rights reserverd. 7 * 8 * Redistribution and use in source and binary forms are permitted 9 * provided that the above copyright notice and this paragraph are 10 * duplicated in all such forms and that any documentation, 11 * advertising materials, and other materials related to such 12 * distribution and use acknowledge that the software was developed 13 * by the Internet Initiative Japan, Inc. The name of the 14 * IIJ may not be used to endorse or promote products derived 15 * from this software without specific prior written permission. 16 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 18 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 19 * 20 * $FreeBSD$ 21 * 22 * TODO: 23 */ 24 #include <sys/param.h> 25 #include <netinet/in.h> 26 #include <netinet/in_systm.h> 27 #include <netinet/ip.h> 28 #include <sys/un.h> 29 30 #include <errno.h> 31 #include <fcntl.h> 32 #ifdef HAVE_DES 33 #include <md4.h> 34 #endif 35 #include <md5.h> 36 #include <paths.h> 37 #include <signal.h> 38 #include <stdio.h> 39 #include <stdlib.h> 40 #include <string.h> 41 #include <sys/wait.h> 42 #include <termios.h> 43 #include <unistd.h> 44 45 #include "layer.h" 46 #include "mbuf.h" 47 #include "log.h" 48 #include "defs.h" 49 #include "timer.h" 50 #include "fsm.h" 51 #include "proto.h" 52 #include "lqr.h" 53 #include "hdlc.h" 54 #include "lcp.h" 55 #include "auth.h" 56 #include "async.h" 57 #include "throughput.h" 58 #include "descriptor.h" 59 #include "chap.h" 60 #include "iplist.h" 61 #include "slcompress.h" 62 #include "ipcp.h" 63 #include "filter.h" 64 #include "ccp.h" 65 #include "link.h" 66 #include "physical.h" 67 #include "mp.h" 68 #ifndef NORADIUS 69 #include "radius.h" 70 #endif 71 #include "bundle.h" 72 #include "chat.h" 73 #include "cbcp.h" 74 #include "command.h" 75 #include "datalink.h" 76 #ifdef HAVE_DES 77 #include "chap_ms.h" 78 #endif 79 #include "id.h" 80 81 static const char * const chapcodes[] = { 82 "???", "CHALLENGE", "RESPONSE", "SUCCESS", "FAILURE" 83 }; 84 #define MAXCHAPCODE (sizeof chapcodes / sizeof chapcodes[0] - 1) 85 86 static void 87 ChapOutput(struct physical *physical, u_int code, u_int id, 88 const u_char *ptr, int count, const char *text) 89 { 90 int plen; 91 struct fsmheader lh; 92 struct mbuf *bp; 93 94 plen = sizeof(struct fsmheader) + count; 95 lh.code = code; 96 lh.id = id; 97 lh.length = htons(plen); 98 bp = m_get(plen, MB_CHAPOUT); 99 memcpy(MBUF_CTOP(bp), &lh, sizeof(struct fsmheader)); 100 if (count) 101 memcpy(MBUF_CTOP(bp) + sizeof(struct fsmheader), ptr, count); 102 log_DumpBp(LogDEBUG, "ChapOutput", bp); 103 if (text == NULL) 104 log_Printf(LogPHASE, "Chap Output: %s\n", chapcodes[code]); 105 else 106 log_Printf(LogPHASE, "Chap Output: %s (%s)\n", chapcodes[code], text); 107 link_PushPacket(&physical->link, bp, physical->dl->bundle, 108 LINK_QUEUES(&physical->link) - 1, PROTO_CHAP); 109 } 110 111 static char * 112 chap_BuildAnswer(char *name, char *key, u_char id, char *challenge, u_char type 113 #ifdef HAVE_DES 114 , int lanman 115 #endif 116 ) 117 { 118 char *result, *digest; 119 size_t nlen, klen; 120 121 nlen = strlen(name); 122 klen = strlen(key); 123 124 #ifdef HAVE_DES 125 if (type == 0x80) { 126 char expkey[AUTHLEN << 2]; 127 MD4_CTX MD4context; 128 int f; 129 130 if ((result = malloc(1 + nlen + MS_CHAP_RESPONSE_LEN)) == NULL) 131 return result; 132 133 digest = result; /* the response */ 134 *digest++ = MS_CHAP_RESPONSE_LEN; /* 49 */ 135 memcpy(digest + MS_CHAP_RESPONSE_LEN, name, nlen); 136 if (lanman) { 137 memset(digest + 24, '\0', 25); 138 mschap_LANMan(digest, challenge + 1, key); /* LANMan response */ 139 } else { 140 memset(digest, '\0', 25); 141 digest += 24; 142 143 for (f = 0; f < klen; f++) { 144 expkey[2*f] = key[f]; 145 expkey[2*f+1] = '\0'; 146 } 147 /* 148 * ----------- 149 * expkey = | k\0e\0y\0 | 150 * ----------- 151 */ 152 MD4Init(&MD4context); 153 MD4Update(&MD4context, expkey, klen << 1); 154 MD4Final(digest, &MD4context); 155 156 /* 157 * ---- -------- ---------------- ------- ------ 158 * result = | 49 | LANMan | 16 byte digest | 9 * ? | name | 159 * ---- -------- ---------------- ------- ------ 160 */ 161 mschap_NT(digest, challenge + 1); 162 } 163 /* 164 * ---- -------- ------------- ----- ------ 165 * | | struct MS_ChapResponse24 | | 166 * result = | 49 | LANMan | NT digest | 0/1 | name | 167 * ---- -------- ------------- ----- ------ 168 * where only one of LANMan & NT digest are set. 169 */ 170 } else 171 #endif 172 if ((result = malloc(nlen + 17)) != NULL) { 173 /* Normal MD5 stuff */ 174 MD5_CTX MD5context; 175 176 digest = result; 177 *digest++ = 16; /* value size */ 178 179 MD5Init(&MD5context); 180 MD5Update(&MD5context, &id, 1); 181 MD5Update(&MD5context, key, klen); 182 MD5Update(&MD5context, challenge + 1, *challenge); 183 MD5Final(digest, &MD5context); 184 185 memcpy(digest + 16, name, nlen); 186 /* 187 * ---- -------- ------ 188 * result = | 16 | digest | name | 189 * ---- -------- ------ 190 */ 191 } 192 193 return result; 194 } 195 196 static void 197 chap_StartChild(struct chap *chap, char *prog, const char *name) 198 { 199 char *argv[MAXARGS], *nargv[MAXARGS]; 200 int argc, fd; 201 int in[2], out[2]; 202 pid_t pid; 203 204 if (chap->child.fd != -1) { 205 log_Printf(LogWARN, "Chap: %s: Program already running\n", prog); 206 return; 207 } 208 209 if (pipe(in) == -1) { 210 log_Printf(LogERROR, "Chap: pipe: %s\n", strerror(errno)); 211 return; 212 } 213 214 if (pipe(out) == -1) { 215 log_Printf(LogERROR, "Chap: pipe: %s\n", strerror(errno)); 216 close(in[0]); 217 close(in[1]); 218 return; 219 } 220 221 pid = getpid(); 222 switch ((chap->child.pid = fork())) { 223 case -1: 224 log_Printf(LogERROR, "Chap: fork: %s\n", strerror(errno)); 225 close(in[0]); 226 close(in[1]); 227 close(out[0]); 228 close(out[1]); 229 chap->child.pid = 0; 230 return; 231 232 case 0: 233 timer_TermService(); 234 235 if ((argc = command_Interpret(prog, strlen(prog), argv)) <= 0) { 236 if (argc < 0) { 237 log_Printf(LogWARN, "CHAP: Invalid command syntax\n"); 238 _exit(255); 239 } 240 _exit(0); 241 } 242 243 close(in[1]); 244 close(out[0]); 245 if (out[1] == STDIN_FILENO) 246 out[1] = dup(out[1]); 247 dup2(in[0], STDIN_FILENO); 248 dup2(out[1], STDOUT_FILENO); 249 close(STDERR_FILENO); 250 if (open(_PATH_DEVNULL, O_RDWR) != STDERR_FILENO) { 251 log_Printf(LogALERT, "Chap: Failed to open %s: %s\n", 252 _PATH_DEVNULL, strerror(errno)); 253 exit(1); 254 } 255 for (fd = getdtablesize(); fd > STDERR_FILENO; fd--) 256 fcntl(fd, F_SETFD, 1); 257 #ifndef NOSUID 258 setuid(ID0realuid()); 259 #endif 260 command_Expand(nargv, argc, (char const *const *)argv, 261 chap->auth.physical->dl->bundle, 0, pid); 262 execvp(nargv[0], nargv); 263 printf("exec() of %s failed: %s\n", nargv[0], strerror(errno)); 264 _exit(255); 265 266 default: 267 close(in[0]); 268 close(out[1]); 269 chap->child.fd = out[0]; 270 chap->child.buf.len = 0; 271 write(in[1], chap->auth.in.name, strlen(chap->auth.in.name)); 272 write(in[1], "\n", 1); 273 write(in[1], chap->challenge.peer + 1, *chap->challenge.peer); 274 write(in[1], "\n", 1); 275 write(in[1], name, strlen(name)); 276 write(in[1], "\n", 1); 277 close(in[1]); 278 break; 279 } 280 } 281 282 static void 283 chap_Cleanup(struct chap *chap, int sig) 284 { 285 if (chap->child.pid) { 286 int status; 287 288 close(chap->child.fd); 289 chap->child.fd = -1; 290 if (sig) 291 kill(chap->child.pid, SIGTERM); 292 chap->child.pid = 0; 293 chap->child.buf.len = 0; 294 295 if (wait(&status) == -1) 296 log_Printf(LogERROR, "Chap: wait: %s\n", strerror(errno)); 297 else if (WIFSIGNALED(status)) 298 log_Printf(LogWARN, "Chap: Child received signal %d\n", WTERMSIG(status)); 299 else if (WIFEXITED(status) && WEXITSTATUS(status)) 300 log_Printf(LogERROR, "Chap: Child exited %d\n", WEXITSTATUS(status)); 301 } 302 *chap->challenge.local = *chap->challenge.peer = '\0'; 303 #ifdef HAVE_DES 304 chap->peertries = 0; 305 #endif 306 } 307 308 static void 309 chap_Respond(struct chap *chap, char *name, char *key, u_char type 310 #ifdef HAVE_DES 311 , int lm 312 #endif 313 ) 314 { 315 u_char *ans; 316 317 ans = chap_BuildAnswer(name, key, chap->auth.id, chap->challenge.peer, type 318 #ifdef HAVE_DES 319 , lm 320 #endif 321 ); 322 323 if (ans) { 324 ChapOutput(chap->auth.physical, CHAP_RESPONSE, chap->auth.id, 325 ans, *ans + 1 + strlen(name), name); 326 #ifdef HAVE_DES 327 chap->NTRespSent = !lm; 328 #endif 329 free(ans); 330 } else 331 ChapOutput(chap->auth.physical, CHAP_FAILURE, chap->auth.id, 332 "Out of memory!", 14, NULL); 333 } 334 335 static int 336 chap_UpdateSet(struct fdescriptor *d, fd_set *r, fd_set *w, fd_set *e, int *n) 337 { 338 struct chap *chap = descriptor2chap(d); 339 340 if (r && chap && chap->child.fd != -1) { 341 FD_SET(chap->child.fd, r); 342 if (*n < chap->child.fd + 1) 343 *n = chap->child.fd + 1; 344 log_Printf(LogTIMER, "Chap: fdset(r) %d\n", chap->child.fd); 345 return 1; 346 } 347 348 return 0; 349 } 350 351 static int 352 chap_IsSet(struct fdescriptor *d, const fd_set *fdset) 353 { 354 struct chap *chap = descriptor2chap(d); 355 356 return chap && chap->child.fd != -1 && FD_ISSET(chap->child.fd, fdset); 357 } 358 359 static void 360 chap_Read(struct fdescriptor *d, struct bundle *bundle, const fd_set *fdset) 361 { 362 struct chap *chap = descriptor2chap(d); 363 int got; 364 365 got = read(chap->child.fd, chap->child.buf.ptr + chap->child.buf.len, 366 sizeof chap->child.buf.ptr - chap->child.buf.len - 1); 367 if (got == -1) { 368 log_Printf(LogERROR, "Chap: Read: %s\n", strerror(errno)); 369 chap_Cleanup(chap, SIGTERM); 370 } else if (got == 0) { 371 log_Printf(LogWARN, "Chap: Read: Child terminated connection\n"); 372 chap_Cleanup(chap, SIGTERM); 373 } else { 374 char *name, *key, *end; 375 376 chap->child.buf.len += got; 377 chap->child.buf.ptr[chap->child.buf.len] = '\0'; 378 name = chap->child.buf.ptr; 379 name += strspn(name, " \t"); 380 if ((key = strchr(name, '\n')) == NULL) 381 end = NULL; 382 else 383 end = strchr(++key, '\n'); 384 385 if (end == NULL) { 386 if (chap->child.buf.len == sizeof chap->child.buf.ptr - 1) { 387 log_Printf(LogWARN, "Chap: Read: Input buffer overflow\n"); 388 chap_Cleanup(chap, SIGTERM); 389 } 390 } else { 391 #ifdef HAVE_DES 392 int lanman = chap->auth.physical->link.lcp.his_authtype == 0x80 && 393 ((chap->NTRespSent && 394 IsAccepted(chap->auth.physical->link.lcp.cfg.chap80lm)) || 395 !IsAccepted(chap->auth.physical->link.lcp.cfg.chap80nt)); 396 #endif 397 398 while (end >= name && strchr(" \t\r\n", *end)) 399 *end-- = '\0'; 400 end = key - 1; 401 while (end >= name && strchr(" \t\r\n", *end)) 402 *end-- = '\0'; 403 key += strspn(key, " \t"); 404 405 chap_Respond(chap, name, key, chap->auth.physical->link.lcp.his_authtype 406 #ifdef HAVE_DES 407 , lanman 408 #endif 409 ); 410 chap_Cleanup(chap, 0); 411 } 412 } 413 } 414 415 static int 416 chap_Write(struct fdescriptor *d, struct bundle *bundle, const fd_set *fdset) 417 { 418 /* We never want to write here ! */ 419 log_Printf(LogALERT, "chap_Write: Internal error: Bad call !\n"); 420 return 0; 421 } 422 423 static void 424 chap_Challenge(struct authinfo *authp) 425 { 426 struct chap *chap = auth2chap(authp); 427 int len, i; 428 char *cp; 429 430 len = strlen(authp->physical->dl->bundle->cfg.auth.name); 431 432 if (!*chap->challenge.local) { 433 randinit(); 434 cp = chap->challenge.local; 435 436 #ifndef NORADIUS 437 if (*authp->physical->dl->bundle->radius.cfg.file) { 438 /* For radius, our challenge is 16 readable NUL terminated bytes :*/ 439 *cp++ = 16; 440 for (i = 0; i < 16; i++) 441 *cp++ = (random() % 10) + '0'; 442 } else 443 #endif 444 { 445 #ifdef HAVE_DES 446 if (authp->physical->link.lcp.want_authtype == 0x80) 447 *cp++ = 8; /* MS does 8 byte callenges :-/ */ 448 else 449 #endif 450 *cp++ = random() % (CHAPCHALLENGELEN-16) + 16; 451 for (i = 0; i < *chap->challenge.local; i++) 452 *cp++ = random() & 0xff; 453 } 454 memcpy(cp, authp->physical->dl->bundle->cfg.auth.name, len); 455 } 456 ChapOutput(authp->physical, CHAP_CHALLENGE, authp->id, chap->challenge.local, 457 1 + *chap->challenge.local + len, NULL); 458 } 459 460 static void 461 chap_Success(struct authinfo *authp) 462 { 463 datalink_GotAuthname(authp->physical->dl, authp->in.name); 464 ChapOutput(authp->physical, CHAP_SUCCESS, authp->id, "Welcome!!", 10, NULL); 465 authp->physical->link.lcp.auth_ineed = 0; 466 if (Enabled(authp->physical->dl->bundle, OPT_UTMP)) 467 physical_Login(authp->physical, authp->in.name); 468 469 if (authp->physical->link.lcp.auth_iwait == 0) 470 /* 471 * Either I didn't need to authenticate, or I've already been 472 * told that I got the answer right. 473 */ 474 datalink_AuthOk(authp->physical->dl); 475 } 476 477 static void 478 chap_Failure(struct authinfo *authp) 479 { 480 ChapOutput(authp->physical, CHAP_FAILURE, authp->id, "Invalid!!", 9, NULL); 481 datalink_AuthNotOk(authp->physical->dl); 482 } 483 484 static int 485 chap_Cmp(u_char type, char *myans, int mylen, char *hisans, int hislen 486 #ifdef HAVE_DES 487 , int lm 488 #endif 489 ) 490 { 491 if (mylen != hislen) 492 return 0; 493 #ifdef HAVE_DES 494 else if (type == 0x80) { 495 int off = lm ? 0 : 24; 496 497 if (memcmp(myans + off, hisans + off, 24)) 498 return 0; 499 } 500 #endif 501 else if (memcmp(myans, hisans, mylen)) 502 return 0; 503 504 return 1; 505 } 506 507 #ifdef HAVE_DES 508 static int 509 chap_HaveAnotherGo(struct chap *chap) 510 { 511 if (++chap->peertries < 3) { 512 /* Give the peer another shot */ 513 *chap->challenge.local = '\0'; 514 chap_Challenge(&chap->auth); 515 return 1; 516 } 517 518 return 0; 519 } 520 #endif 521 522 void 523 chap_Init(struct chap *chap, struct physical *p) 524 { 525 chap->desc.type = CHAP_DESCRIPTOR; 526 chap->desc.UpdateSet = chap_UpdateSet; 527 chap->desc.IsSet = chap_IsSet; 528 chap->desc.Read = chap_Read; 529 chap->desc.Write = chap_Write; 530 chap->child.pid = 0; 531 chap->child.fd = -1; 532 auth_Init(&chap->auth, p, chap_Challenge, chap_Success, chap_Failure); 533 *chap->challenge.local = *chap->challenge.peer = '\0'; 534 #ifdef HAVE_DES 535 chap->NTRespSent = 0; 536 chap->peertries = 0; 537 #endif 538 } 539 540 void 541 chap_ReInit(struct chap *chap) 542 { 543 chap_Cleanup(chap, SIGTERM); 544 } 545 546 struct mbuf * 547 chap_Input(struct bundle *bundle, struct link *l, struct mbuf *bp) 548 { 549 struct physical *p = link2physical(l); 550 struct chap *chap = &p->dl->chap; 551 char *name, *key, *ans; 552 int len, nlen; 553 u_char alen; 554 #ifdef HAVE_DES 555 int lanman; 556 #endif 557 558 if (p == NULL) { 559 log_Printf(LogERROR, "chap_Input: Not a physical link - dropped\n"); 560 m_freem(bp); 561 return NULL; 562 } 563 564 if (bundle_Phase(bundle) != PHASE_NETWORK && 565 bundle_Phase(bundle) != PHASE_AUTHENTICATE) { 566 log_Printf(LogPHASE, "Unexpected chap input - dropped !\n"); 567 m_freem(bp); 568 return NULL; 569 } 570 571 m_settype(bp, MB_CHAPIN); 572 if ((bp = auth_ReadHeader(&chap->auth, bp)) == NULL && 573 ntohs(chap->auth.in.hdr.length) == 0) 574 log_Printf(LogWARN, "Chap Input: Truncated header !\n"); 575 else if (chap->auth.in.hdr.code == 0 || chap->auth.in.hdr.code > MAXCHAPCODE) 576 log_Printf(LogPHASE, "Chap Input: %d: Bad CHAP code !\n", 577 chap->auth.in.hdr.code); 578 else { 579 len = m_length(bp); 580 ans = NULL; 581 582 if (chap->auth.in.hdr.code != CHAP_CHALLENGE && 583 chap->auth.id != chap->auth.in.hdr.id && 584 Enabled(bundle, OPT_IDCHECK)) { 585 /* Wrong conversation dude ! */ 586 log_Printf(LogPHASE, "Chap Input: %s dropped (got id %d, not %d)\n", 587 chapcodes[chap->auth.in.hdr.code], chap->auth.in.hdr.id, 588 chap->auth.id); 589 m_freem(bp); 590 return NULL; 591 } 592 chap->auth.id = chap->auth.in.hdr.id; /* We respond with this id */ 593 594 #ifdef HAVE_DES 595 lanman = 0; 596 #endif 597 switch (chap->auth.in.hdr.code) { 598 case CHAP_CHALLENGE: 599 bp = mbuf_Read(bp, &alen, 1); 600 len -= alen + 1; 601 if (len < 0) { 602 log_Printf(LogERROR, "Chap Input: Truncated challenge !\n"); 603 m_freem(bp); 604 return NULL; 605 } 606 *chap->challenge.peer = alen; 607 bp = mbuf_Read(bp, chap->challenge.peer + 1, alen); 608 bp = auth_ReadName(&chap->auth, bp, len); 609 #ifdef HAVE_DES 610 lanman = p->link.lcp.his_authtype == 0x80 && 611 ((chap->NTRespSent && IsAccepted(p->link.lcp.cfg.chap80lm)) || 612 !IsAccepted(p->link.lcp.cfg.chap80nt)); 613 #endif 614 break; 615 616 case CHAP_RESPONSE: 617 auth_StopTimer(&chap->auth); 618 bp = mbuf_Read(bp, &alen, 1); 619 len -= alen + 1; 620 if (len < 0) { 621 log_Printf(LogERROR, "Chap Input: Truncated response !\n"); 622 m_freem(bp); 623 return NULL; 624 } 625 if ((ans = malloc(alen + 2)) == NULL) { 626 log_Printf(LogERROR, "Chap Input: Out of memory !\n"); 627 m_freem(bp); 628 return NULL; 629 } 630 *ans = chap->auth.id; 631 bp = mbuf_Read(bp, ans + 1, alen); 632 ans[alen+1] = '\0'; 633 bp = auth_ReadName(&chap->auth, bp, len); 634 #ifdef HAVE_DES 635 lanman = alen == 49 && ans[alen] == 0; 636 #endif 637 break; 638 639 case CHAP_SUCCESS: 640 case CHAP_FAILURE: 641 /* chap->auth.in.name is already set up at CHALLENGE time */ 642 if ((ans = malloc(len + 1)) == NULL) { 643 log_Printf(LogERROR, "Chap Input: Out of memory !\n"); 644 m_freem(bp); 645 return NULL; 646 } 647 bp = mbuf_Read(bp, ans, len); 648 ans[len] = '\0'; 649 break; 650 } 651 652 switch (chap->auth.in.hdr.code) { 653 case CHAP_CHALLENGE: 654 case CHAP_RESPONSE: 655 if (*chap->auth.in.name) 656 log_Printf(LogPHASE, "Chap Input: %s (%d bytes from %s%s)\n", 657 chapcodes[chap->auth.in.hdr.code], alen, 658 chap->auth.in.name, 659 #ifdef HAVE_DES 660 lanman && chap->auth.in.hdr.code == CHAP_RESPONSE ? 661 " - lanman" : 662 #endif 663 ""); 664 else 665 log_Printf(LogPHASE, "Chap Input: %s (%d bytes%s)\n", 666 chapcodes[chap->auth.in.hdr.code], alen, 667 #ifdef HAVE_DES 668 lanman && chap->auth.in.hdr.code == CHAP_RESPONSE ? 669 " - lanman" : 670 #endif 671 ""); 672 break; 673 674 case CHAP_SUCCESS: 675 case CHAP_FAILURE: 676 if (*ans) 677 log_Printf(LogPHASE, "Chap Input: %s (%s)\n", 678 chapcodes[chap->auth.in.hdr.code], ans); 679 else 680 log_Printf(LogPHASE, "Chap Input: %s\n", 681 chapcodes[chap->auth.in.hdr.code]); 682 break; 683 } 684 685 switch (chap->auth.in.hdr.code) { 686 case CHAP_CHALLENGE: 687 if (*bundle->cfg.auth.key == '!' && bundle->cfg.auth.key[1] != '!') 688 chap_StartChild(chap, bundle->cfg.auth.key + 1, 689 bundle->cfg.auth.name); 690 else 691 chap_Respond(chap, bundle->cfg.auth.name, bundle->cfg.auth.key + 692 (*bundle->cfg.auth.key == '!' ? 1 : 0), 693 p->link.lcp.his_authtype 694 #ifdef HAVE_DES 695 , lanman 696 #endif 697 ); 698 break; 699 700 case CHAP_RESPONSE: 701 name = chap->auth.in.name; 702 nlen = strlen(name); 703 #ifndef NORADIUS 704 if (*bundle->radius.cfg.file) { 705 u_char end; 706 707 end = chap->challenge.local[*chap->challenge.local+1]; 708 chap->challenge.local[*chap->challenge.local+1] = '\0'; 709 radius_Authenticate(&bundle->radius, &chap->auth, 710 chap->auth.in.name, ans, 711 chap->challenge.local + 1); 712 chap->challenge.local[*chap->challenge.local+1] = end; 713 } else 714 #endif 715 { 716 key = auth_GetSecret(bundle, name, nlen, p); 717 if (key) { 718 char *myans; 719 #ifdef HAVE_DES 720 if (lanman && !IsEnabled(p->link.lcp.cfg.chap80lm)) { 721 log_Printf(LogPHASE, "Auth failure: LANMan not enabled\n"); 722 if (chap_HaveAnotherGo(chap)) 723 break; 724 key = NULL; 725 } else if (!lanman && !IsEnabled(p->link.lcp.cfg.chap80nt) && 726 p->link.lcp.want_authtype == 0x80) { 727 log_Printf(LogPHASE, "Auth failure: mschap not enabled\n"); 728 if (chap_HaveAnotherGo(chap)) 729 break; 730 key = NULL; 731 } else 732 #endif 733 { 734 myans = chap_BuildAnswer(name, key, chap->auth.id, 735 chap->challenge.local, 736 p->link.lcp.want_authtype 737 #ifdef HAVE_DES 738 , lanman 739 #endif 740 ); 741 if (myans == NULL) 742 key = NULL; 743 else { 744 if (!chap_Cmp(p->link.lcp.want_authtype, myans + 1, *myans, 745 ans + 1, alen 746 #ifdef HAVE_DES 747 , lanman 748 #endif 749 )) 750 key = NULL; 751 free(myans); 752 } 753 } 754 } 755 756 if (key) 757 chap_Success(&chap->auth); 758 else 759 chap_Failure(&chap->auth); 760 } 761 762 break; 763 764 case CHAP_SUCCESS: 765 if (p->link.lcp.auth_iwait == PROTO_CHAP) { 766 p->link.lcp.auth_iwait = 0; 767 if (p->link.lcp.auth_ineed == 0) 768 /* 769 * We've succeeded in our ``login'' 770 * If we're not expecting the peer to authenticate (or he already 771 * has), proceed to network phase. 772 */ 773 datalink_AuthOk(p->dl); 774 } 775 break; 776 777 case CHAP_FAILURE: 778 datalink_AuthNotOk(p->dl); 779 break; 780 } 781 free(ans); 782 } 783 784 m_freem(bp); 785 return NULL; 786 } 787