206 lines
5.6 KiB
Text
206 lines
5.6 KiB
Text
$NetBSD: patch-bf,v 1.1.1.1 1999/10/08 04:34:43 dbj Exp $
|
|
|
|
--- pppd/chap.c.orig Fri Aug 13 02:46:11 1999
|
|
+++ pppd/chap.c Sat Sep 25 13:23:26 1999
|
|
@@ -47,6 +47,8 @@
|
|
#include "pppd.h"
|
|
#include "chap.h"
|
|
#include "md5.h"
|
|
+#include "fsm.h"
|
|
+#include "lcp.h"
|
|
#ifdef CHAPMS
|
|
#include "chap_ms.h"
|
|
#endif
|
|
@@ -113,7 +115,7 @@
|
|
static void ChapSendStatus __P((chap_state *, int));
|
|
static void ChapSendChallenge __P((chap_state *));
|
|
static void ChapSendResponse __P((chap_state *));
|
|
-static void ChapGenChallenge __P((chap_state *));
|
|
+void ChapGenChallenge __P((chap_state *));
|
|
|
|
extern double drand48 __P((void));
|
|
extern void srand48 __P((long));
|
|
@@ -460,6 +462,7 @@
|
|
switch (cstate->resp_type) {
|
|
|
|
case CHAP_DIGEST_MD5:
|
|
+ CHAPDEBUG(("ChapReceiveChallenge: rcvd type CHAP-DIGEST-MD5"));
|
|
MD5Init(&mdContext);
|
|
MD5Update(&mdContext, &cstate->resp_id, 1);
|
|
MD5Update(&mdContext, secret, secret_len);
|
|
@@ -471,8 +474,24 @@
|
|
|
|
#ifdef CHAPMS
|
|
case CHAP_MICROSOFT:
|
|
+ CHAPDEBUG(("ChapReceiveChallenge: rcvd type MS-CHAP-V1."));
|
|
+ if(rchallenge_len != 8)
|
|
+ {
|
|
+ CHAPDEBUG(("Invalid challenge length for MS-CHAP-V1"));
|
|
+ return;
|
|
+ }
|
|
ChapMS(cstate, rchallenge, rchallenge_len, secret, secret_len);
|
|
break;
|
|
+
|
|
+ case CHAP_MICROSOFT_V2:
|
|
+ CHAPDEBUG(("ChapReceiveChallenge: rcvd type MS-CHAP-V2."));
|
|
+ if(rchallenge_len != 16)
|
|
+ {
|
|
+ CHAPDEBUG(("Invalid challenge length for MS-CHAP-V2"));
|
|
+ return;
|
|
+ }
|
|
+ ChapMS_v2(cstate, rchallenge, rchallenge_len, secret, secret_len);
|
|
+ break;
|
|
#endif
|
|
|
|
default:
|
|
@@ -560,7 +579,8 @@
|
|
/* generate MD based on negotiated type */
|
|
switch (cstate->chal_type) {
|
|
|
|
- case CHAP_DIGEST_MD5: /* only MD5 is defined for now */
|
|
+ case CHAP_DIGEST_MD5:
|
|
+ CHAPDEBUG(("ChapReceiveResponse: rcvd type CHAP-DIGEST-MD5"));
|
|
if (remmd_len != MD5_SIGNATURE_SIZE)
|
|
break; /* it's not even the right length */
|
|
MD5Init(&mdContext);
|
|
@@ -574,6 +594,27 @@
|
|
code = CHAP_SUCCESS; /* they are the same! */
|
|
break;
|
|
|
|
+#ifdef CHAPMS
|
|
+ case CHAP_MICROSOFT:
|
|
+ CHAPDEBUG(("ChapReceiveResponse: rcvd type MS-CHAP-V1"));
|
|
+ if(remmd_len != MS_CHAP_RESPONSE_LEN)
|
|
+ break;
|
|
+ if(ChapMS_Resp(cstate, secret, secret_len, remmd) == 0)
|
|
+ code = CHAP_SUCCESS;
|
|
+ break;
|
|
+
|
|
+ case CHAP_MICROSOFT_V2:
|
|
+ CHAPDEBUG(("ChapReceiveResponse: rcvd type MS-CHAP-V2"));
|
|
+ if(remmd_len != MS_CHAP_RESPONSE_LEN)
|
|
+ break;
|
|
+ if(ChapMS_v2_Resp(cstate,secret,secret_len,remmd,rhostname) == 0)
|
|
+ {
|
|
+ code = CHAP_SUCCESS_R;
|
|
+ ChapMS_v2_Auth(cstate, secret, secret_len, remmd, rhostname);
|
|
+ }
|
|
+ break;
|
|
+#endif
|
|
+
|
|
default:
|
|
CHAPDEBUG(("unknown digest type %d", cstate->chal_type));
|
|
}
|
|
@@ -582,7 +623,7 @@
|
|
BZERO(secret, sizeof(secret));
|
|
ChapSendStatus(cstate, code);
|
|
|
|
- if (code == CHAP_SUCCESS) {
|
|
+ if ((code == CHAP_SUCCESS) || (code == CHAP_SUCCESS_R)) {
|
|
old_state = cstate->serverstate;
|
|
cstate->serverstate = CHAPSS_OPEN;
|
|
if (old_state == CHAPSS_INITIAL_CHAL) {
|
|
@@ -590,10 +631,43 @@
|
|
}
|
|
if (cstate->chal_interval != 0)
|
|
TIMEOUT(ChapRechallenge, cstate, cstate->chal_interval);
|
|
- notice("CHAP peer authentication succeeded for %q", rhostname);
|
|
-
|
|
+ switch (cstate->chal_type) {
|
|
+ case CHAP_DIGEST_MD5:
|
|
+ notice("CHAP peer authentication succeeded for %q", rhostname);
|
|
+ break;
|
|
+#ifdef CHAPMS
|
|
+ case CHAP_MICROSOFT:
|
|
+ notice("MSCHAP peer authentication succeeded for %q", rhostname);
|
|
+ break;
|
|
+ case CHAP_MICROSOFT_V2:
|
|
+ notice("MSCHAP-v2 peer authentication succeeded for %q", rhostname);
|
|
+ break;
|
|
+#endif
|
|
+ default:
|
|
+ notice("CHAP (unknown) peer authentication succeeded for %q",
|
|
+ rhostname);
|
|
+ break;
|
|
+ }
|
|
} else {
|
|
- error("CHAP peer authentication failed for remote host %q", rhostname);
|
|
+ switch (cstate->chal_type) {
|
|
+ case CHAP_DIGEST_MD5:
|
|
+ error("CHAP peer authentication failed for remote host %q",
|
|
+ rhostname);
|
|
+ break;
|
|
+#ifdef CHAPMS
|
|
+ case CHAP_MICROSOFT:
|
|
+ error("MSCHAP peer authentication failed for remote host %q",
|
|
+ rhostname);
|
|
+ break;
|
|
+ case CHAP_MICROSOFT_V2:
|
|
+ error("MSCHAP-v2 peer authentication failed for remote host %q",
|
|
+ rhostname);
|
|
+ break;
|
|
+#endif
|
|
+ default:
|
|
+ error("CHAP (unknown) peer authentication failed for remote host %q", rhostname);
|
|
+ break;
|
|
+ }
|
|
cstate->serverstate = CHAPSS_BADAUTH;
|
|
auth_peer_fail(cstate->unit, PPP_CHAP);
|
|
}
|
|
@@ -712,6 +786,8 @@
|
|
|
|
if (code == CHAP_SUCCESS)
|
|
slprintf(msg, sizeof(msg), "Welcome to %s.", hostname);
|
|
+ else if(code == CHAP_SUCCESS_R)
|
|
+ strcpy(msg, cstate->response);
|
|
else
|
|
slprintf(msg, sizeof(msg), "I don't like you. Go 'way.");
|
|
msglen = strlen(msg);
|
|
@@ -721,7 +797,7 @@
|
|
|
|
MAKEHEADER(outp, PPP_CHAP); /* paste in a header */
|
|
|
|
- PUTCHAR(code, outp);
|
|
+ PUTCHAR(code == CHAP_SUCCESS_R ? CHAP_SUCCESS : code, outp);
|
|
PUTCHAR(cstate->chal_id, outp);
|
|
PUTSHORT(outlen, outp);
|
|
BCOPY(msg, outp, msglen);
|
|
@@ -735,7 +811,7 @@
|
|
* *cstate are initialized.
|
|
*/
|
|
|
|
-static void
|
|
+void
|
|
ChapGenChallenge(cstate)
|
|
chap_state *cstate;
|
|
{
|
|
@@ -743,6 +819,14 @@
|
|
u_char *ptr = cstate->challenge;
|
|
unsigned int i;
|
|
|
|
+#ifdef CHAPMS
|
|
+ if(cstate->chal_type == CHAP_MICROSOFT)
|
|
+ chal_len = 8;
|
|
+ else if(cstate->chal_type == CHAP_MICROSOFT_V2)
|
|
+ chal_len = 16;
|
|
+ else
|
|
+#endif
|
|
+
|
|
/* pick a random challenge length between MIN_CHALLENGE_LENGTH and
|
|
MAX_CHALLENGE_LENGTH */
|
|
chal_len = (unsigned) ((drand48() *
|
|
@@ -857,4 +941,14 @@
|
|
}
|
|
|
|
return len + CHAP_HEADERLEN;
|
|
+}
|
|
+
|
|
+int
|
|
+reqchap(argv)
|
|
+ char **argv;
|
|
+{
|
|
+ lcp_wantoptions[0].neg_chap = 1;
|
|
+ lcp_wantoptions[0].use_digest = 1;
|
|
+ auth_required = 1;
|
|
+ return 1;
|
|
}
|