[BACK]Return to ppp_auth.h CVS log [TXT] [DIR] Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / libpdel / ppp
File:  [ELWIX - Embedded LightWeight unIX -] / embedaddon / libpdel / ppp / ppp_auth.h
Revision 1.1: download - view: text, annotated - select for diffs - revision graph
Tue Feb 21 23:25:53 2012 UTC (12 years, 11 months ago) by misho
CVS tags: MAIN, HEAD
Initial revision


/*
 * Copyright (c) 2001-2002 Packet Design, LLC.
 * All rights reserved.
 * 
 * Subject to the following obligations and disclaimer of warranty,
 * use and redistribution of this software, in source or object code
 * forms, with or without modifications are expressly permitted by
 * Packet Design; provided, however, that:
 * 
 *    (i)  Any and all reproductions of the source or object code
 *         must include the copyright notice above and the following
 *         disclaimer of warranties; and
 *    (ii) No rights are granted, in any manner or form, to use
 *         Packet Design trademarks, including the mark "PACKET DESIGN"
 *         on advertising, endorsements, or otherwise except as such
 *         appears in the above copyright notice or in the software.
 * 
 * THIS SOFTWARE IS BEING PROVIDED BY PACKET DESIGN "AS IS", AND
 * TO THE MAXIMUM EXTENT PERMITTED BY LAW, PACKET DESIGN MAKES NO
 * REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, REGARDING
 * THIS SOFTWARE, INCLUDING WITHOUT LIMITATION, ANY AND ALL IMPLIED
 * WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
 * OR NON-INFRINGEMENT.  PACKET DESIGN DOES NOT WARRANT, GUARANTEE,
 * OR MAKE ANY REPRESENTATIONS REGARDING THE USE OF, OR THE RESULTS
 * OF THE USE OF THIS SOFTWARE IN TERMS OF ITS CORRECTNESS, ACCURACY,
 * RELIABILITY OR OTHERWISE.  IN NO EVENT SHALL PACKET DESIGN BE
 * LIABLE FOR ANY DAMAGES RESULTING FROM OR ARISING OUT OF ANY USE
 * OF THIS SOFTWARE, INCLUDING WITHOUT LIMITATION, ANY DIRECT,
 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, PUNITIVE, OR CONSEQUENTIAL
 * DAMAGES, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, LOSS OF
 * USE, DATA OR PROFITS, HOWEVER CAUSED AND UNDER ANY THEORY OF
 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
 * THE USE OF THIS SOFTWARE, EVEN IF PACKET DESIGN IS ADVISED OF
 * THE POSSIBILITY OF SUCH DAMAGE.
 *
 * Author: Archie Cobbs <archie@freebsd.org>
 */

#ifndef _PDEL_PPP_PPP_AUTH_H_
#define _PDEL_PPP_PPP_AUTH_H_

struct ppp_auth_config;
struct ppp_fsm_option;
struct ppp_link;
struct ppp_log;

/* Types of authentication (in reverse order of preference) */
enum ppp_auth_index {
	PPP_AUTH_NONE = 0,
	PPP_AUTH_PAP,
	PPP_AUTH_CHAP_MSV1,
	PPP_AUTH_CHAP_MSV2,
	PPP_AUTH_CHAP_MD5,
	PPP_AUTH_MAX
};

#ifndef MD5_DIGEST_LENGTH
#define MD5_DIGEST_LENGTH		16
#endif

/* Max authorization username and password length */
#define PPP_MAX_AUTHNAME		64
#define PPP_MAX_AUTHPASS		64

/* Max challenge/response data length */
#define PPP_MAX_AUTHVALUE		64

/* Microsoft stuff */
#define PPP_MSOFT_LM_HASH_LEN		24
#define PPP_MSOFT_NT_HASH_LEN		24
#define PPP_MSOFTV1_CHAL_LEN		8
#define PPP_MSOFTV2_CHAL_LEN		16
#define PPP_MSOFT_RESP_LEN		49
#define PPP_MSOFTV2_AUTHRESP_LEN	20

#define PPP_MPPE_DATA_MAX	MAX(PPP_MSOFTV1_CHAL_LEN, PPP_MSOFT_NT_HASH_LEN)

/***********************************************************************
			AUTHORIZATION CREDENTIALS
***********************************************************************/

/* Credentials for PAP */
struct ppp_auth_cred_pap {
	char		name[PPP_MAX_AUTHNAME];
	char		password[PPP_MAX_AUTHPASS];
};

/* Response data for MD5 CHAP */
struct ppp_auth_cred_chap_md5 {
	u_char		id;
	u_char		hash[MD5_DIGEST_LENGTH];
};

/* Response data for MSoft CHAPv1 */
struct ppp_auth_cred_chap_msv1 {
	u_char		lm_hash[PPP_MSOFT_LM_HASH_LEN];
	u_char		nt_hash[PPP_MSOFT_NT_HASH_LEN];
	u_char		use_nt;
};

/* Response data for MSoft CHAPv2 */
struct ppp_auth_cred_chap_msv2 {
	u_char		peer_chal[PPP_MSOFTV2_CHAL_LEN];
	u_char		reserved[8];
	u_char		nt_response[PPP_MSOFT_NT_HASH_LEN];
	u_char		flags;
};

/* Credentials for CHAP */
struct ppp_auth_cred_chap {
	char		name[PPP_MAX_AUTHNAME];
	u_char		chal_len;
	u_char		chal_data[PPP_MAX_AUTHVALUE];
	union {
		struct ppp_auth_cred_chap_md5	md5;
		struct ppp_auth_cred_chap_msv1	msv1;
		struct ppp_auth_cred_chap_msv2	msv2;
	}		u;
};

/* Authorization credentials info */
struct ppp_auth_cred {
	enum ppp_auth_index	type;
	union {
		struct ppp_auth_cred_pap	pap;
		struct ppp_auth_cred_chap	chap;
	}		u;
};

/***********************************************************************
			AUTHORIZATION RESPONSE
***********************************************************************/

/* Microsoft MPPE information derived from CHAP exchange */
struct ppp_auth_mppe_chapv1 {
	u_char		key_64[8];		/* lan-man hash (40, 56 bits) */
	u_char		key_128[16];		/* start key (128 bits) */
};

struct ppp_auth_mppe_chapv2 {
	u_char		keys[2][16];		/* server xmit key is first */
};

union ppp_auth_mppe {
	struct ppp_auth_mppe_chapv1	msv1;
	struct ppp_auth_mppe_chapv2	msv2;
};

/* Authorization response info */
struct ppp_auth_resp {
	u_char			authresp[PPP_MSOFTV2_AUTHRESP_LEN];
	union ppp_auth_mppe	mppe;		/* mppe keys */
	char			errmsg[64];	/* error message */
};

/***********************************************************************
			CREDENTIALS CALLBACKS
***********************************************************************/

/*
 * Function type for acquiring credentials. Any name and/or challenge
 * data will already be present in the credentials structure.
 *
 * Note: if type is PPP_AUTH_CHAP_MSV2, the caller MUST fill in the
 * "authresp" array with the 20 byte MS-CHAPv2 authenticator response.
 *
 * Note: if type is PPP_AUTH_CHAP_MSV1 or PPP_AUTH_CHAP_MSV2, the caller
 * SHOULD fill in the "mppe" structure with the MPPE key(s).
 *
 * Note: this function will be called in a separate thread that may
 * be canceled at any time; it should be prepared to clean up if so.
 *
 * Note: 'resp' has been zeroed out when this function is invoked.
 * The MPPE key fields should remain zeroed out unless valid keys
 * are present.
 *
 * Returns:
 *	 0	Credentials found
 *	-1	Credentials can't be found. Set errno or resp->errmsg.
 */
typedef int	ppp_auth_acquire_t(struct ppp_link *link,
			struct ppp_auth_cred *creds,
			struct ppp_auth_resp *resp);

/*
 * Function type for checking credentials.
 *
 * Note: if type is PPP_AUTH_CHAP_MSV2, the caller must fill in the
 * "authresp" array with the 20 byte MS-CHAPv2 authenticator response.
 *
 * Note: if type is PPP_AUTH_CHAP_MSV1 or PPP_AUTH_CHAP_MSV2, the caller
 * SHOULD fill in the "mppe" structure with the MPPE key(s).
 *
 * Note: this function will be called in a separate thread that may
 * be canceled at any time; it should be prepared to clean up if so.
 *
 * Note: 'resp' has been zeroed out when this function is invoked.
 * The MPPE key fields should remain zeroed out unless valid keys
 * are present.
 *
 * Returns:
 *	 0	Credentials are valid
 *	-1	Credentials can't be validated. Set errno or resp->errmsg.
 */
typedef int	ppp_auth_check_t(struct ppp_link *link,
			const struct ppp_auth_cred *creds,
			struct ppp_auth_resp *resp);

/*
 * Authorization information supplied by caller.
 */
struct ppp_auth_meth {
	ppp_auth_acquire_t	*acquire;
	ppp_auth_check_t	*check;
};

/* Authorization configuration for a link */
struct ppp_auth_config {
	struct ppp_auth_meth	*meth;		/* auth_config callbacks */
	u_int32_t		allow[2];	/* auth types allowed (bits) */
};

/***********************************************************************
			PPP PRIVATE STUFF
***********************************************************************/

#ifdef _PDEL_PPP_PRIVATE_H_

/*
 * Authorization type methods
 */
typedef void	*ppp_authtype_start_t(struct pevent_ctx *ev_ctx,
			struct ppp_link *link, pthread_mutex_t *mutex,
			int dir, u_int16_t *protop, struct ppp_log *log);
typedef void	ppp_authtype_cancel_t(void *arg);
typedef void	ppp_authtype_input_t(void *arg,
			int dir, void *data, size_t len);

/* Authorization type descriptor */
struct ppp_auth_type {
	const char		*name;		/* name */
	enum ppp_auth_index	index;		/* auth type index */
	ppp_authtype_start_t	*start;		/* start method */
	ppp_authtype_cancel_t	*cancel;	/* cancel method */
	ppp_authtype_input_t	*input;		/* input packet method */
	u_int			len;		/* length of option data */
	const u_char		data[8];	/* option data */
};

__BEGIN_DECLS

/* Authorization type functions */
extern const	struct ppp_auth_type *ppp_auth_by_option(
			const struct ppp_fsm_option *opt);
extern const	struct ppp_auth_type *ppp_auth_by_index(
			enum ppp_auth_index index);

extern opt_pr_t	ppp_auth_print;

__END_DECLS

#endif	/* _PDEL_PPP_PRIVATE_H_ */

#endif	/* _PDEL_PPP_PPP_AUTH_H_ */
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>