Annotation of embedaddon/libpdel/ppp/ppp_auth_chap.c, revision 1.1.1.1
1.1 misho 1:
2: /*
3: * Copyright (c) 2001-2002 Packet Design, LLC.
4: * All rights reserved.
5: *
6: * Subject to the following obligations and disclaimer of warranty,
7: * use and redistribution of this software, in source or object code
8: * forms, with or without modifications are expressly permitted by
9: * Packet Design; provided, however, that:
10: *
11: * (i) Any and all reproductions of the source or object code
12: * must include the copyright notice above and the following
13: * disclaimer of warranties; and
14: * (ii) No rights are granted, in any manner or form, to use
15: * Packet Design trademarks, including the mark "PACKET DESIGN"
16: * on advertising, endorsements, or otherwise except as such
17: * appears in the above copyright notice or in the software.
18: *
19: * THIS SOFTWARE IS BEING PROVIDED BY PACKET DESIGN "AS IS", AND
20: * TO THE MAXIMUM EXTENT PERMITTED BY LAW, PACKET DESIGN MAKES NO
21: * REPRESENTATIONS OR WARRANTIES, EXPRESS OR IMPLIED, REGARDING
22: * THIS SOFTWARE, INCLUDING WITHOUT LIMITATION, ANY AND ALL IMPLIED
23: * WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
24: * OR NON-INFRINGEMENT. PACKET DESIGN DOES NOT WARRANT, GUARANTEE,
25: * OR MAKE ANY REPRESENTATIONS REGARDING THE USE OF, OR THE RESULTS
26: * OF THE USE OF THIS SOFTWARE IN TERMS OF ITS CORRECTNESS, ACCURACY,
27: * RELIABILITY OR OTHERWISE. IN NO EVENT SHALL PACKET DESIGN BE
28: * LIABLE FOR ANY DAMAGES RESULTING FROM OR ARISING OUT OF ANY USE
29: * OF THIS SOFTWARE, INCLUDING WITHOUT LIMITATION, ANY DIRECT,
30: * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, PUNITIVE, OR CONSEQUENTIAL
31: * DAMAGES, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES, LOSS OF
32: * USE, DATA OR PROFITS, HOWEVER CAUSED AND UNDER ANY THEORY OF
33: * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
34: * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
35: * THE USE OF THIS SOFTWARE, EVEN IF PACKET DESIGN IS ADVISED OF
36: * THE POSSIBILITY OF SUCH DAMAGE.
37: *
38: * Author: Archie Cobbs <archie@freebsd.org>
39: */
40:
41: #include "ppp/ppp_defs.h"
42: #include "ppp/ppp_log.h"
43: #include "ppp/ppp_fsm_option.h"
44: #include "ppp/ppp_fsm.h"
45: #include "ppp/ppp_auth.h"
46: #include "ppp/ppp_link.h"
47: #include "ppp/ppp_util.h"
48: #include "ppp/ppp_auth_chap.h"
49:
50: #define CHAP_MTYPE "ppp_authtype.chap"
51:
52: #define CHAP_RETRY 3
53: #define CHAP_MAXTRY 5
54:
55: #define CHAP_CHALLENGE 1
56: #define CHAP_RESPONSE 2
57: #define CHAP_ACK 3
58: #define CHAP_NAK 4
59:
60: #define CHAP_MSG_ACK "Authorization successful"
61: #define CHAP_MSG_NAK "Authorization failed"
62: #define CHAP_MSG_BUFSIZE 256
63:
64: #define MSCHAPV1_MSG_ACK CHAP_MSG_ACK
65: #define MSCHAPV1_MSG_NAK "E=691 R=0"
66:
67: #define MSCHAPV2_MSG_ACK CHAP_MSG_ACK
68: #define MSCHAPV2_MSG_NAK CHAP_MSG_NAK
69:
70: /* CHAP info structure */
71: struct ppp_auth_chap {
72: struct ppp_link *link;
73: struct ppp_log *log;
74: struct ppp_auth_config aconf;
75: const struct ppp_auth_type *auth;
76: struct ppp_auth_cred cred;
77: struct ppp_auth_resp resp;
78: const struct ppp_auth_chap_type *type;
79: struct pevent_ctx *ev_ctx;
80: struct pevent *timer;
81: pthread_mutex_t *mutex;
82: int dir;
83: int retry;
84: u_char id;
85: };
86:
87: /* Internal functions */
88: static void ppp_auth_chap_send_challenge(struct ppp_auth_chap *chap);
89: static void ppp_auth_chap_send_response(struct ppp_auth_chap *chap);
90: static void ppp_auth_chap_send_result(struct ppp_auth_chap *chap,
91: u_char id, int ack);
92: static int ppp_chap_unpack(const u_char *data, size_t len,
93: char *name, u_char *value, int *vlenp);
94: static void ppp_chap_send_value(struct ppp_auth_chap *chap, u_char code,
95: const u_char *value, size_t vlen, const char *name);
96:
97: static ppp_link_auth_finish_t ppp_auth_chap_acquire_finish;
98: static ppp_link_auth_finish_t ppp_auth_chap_check_finish;
99:
100: static pevent_handler_t ppp_auth_chap_timeout;
101:
102: /* Internal variables */
103: static const char *chap_codes[] = {
104: "zero",
105: "challenge",
106: "response",
107: "ack",
108: "nak"
109: };
110:
111: /* Macro for logging */
112: #define LOG(sev, fmt, args...) PPP_LOG(chap->log, sev, fmt , ## args)
113:
114: /*
115: * Start CHAP
116: */
117: void *
118: ppp_auth_chap_start(struct pevent_ctx *ev_ctx, struct ppp_link *link,
119: pthread_mutex_t *mutex, int dir, u_int16_t *protop, struct ppp_log *log)
120: {
121: struct ppp_auth_chap *chap;
122:
123: /* Create info structure */
124: if ((chap = MALLOC(CHAP_MTYPE, sizeof(*chap))) == NULL)
125: return (NULL);
126: memset(chap, 0, sizeof(*chap));
127: chap->ev_ctx = ev_ctx;
128: chap->mutex = mutex;
129: chap->link = link;
130: chap->log = log;
131: chap->dir = dir;
132: chap->retry = CHAP_MAXTRY;
133:
134: /* Get link auth config and auth type */
135: chap->aconf = *ppp_link_auth_get_config(link);
136: chap->auth = ppp_link_get_auth(link, dir);
137: switch (chap->auth->index) {
138: case PPP_AUTH_CHAP_MD5:
139: chap->type = &ppp_auth_chap_md5;
140: break;
141: case PPP_AUTH_CHAP_MSV1:
142: chap->type = &ppp_auth_chap_msv1;
143: break;
144: case PPP_AUTH_CHAP_MSV2:
145: chap->type = &ppp_auth_chap_msv2;
146: break;
147: default:
148: errno = EPROTONOSUPPORT;
149: FREE(CHAP_MTYPE, chap);
150: return (NULL);
151: }
152: chap->cred.type = chap->auth->index;
153:
154: /* Return protocol */
155: *protop = PPP_PROTO_CHAP;
156:
157: /* If sending auth, wait for peer's challenge */
158: if (dir == PPP_PEER)
159: return (chap);
160:
161: /* If receiving auth, send first challenge */
162: ppp_auth_chap_send_challenge(chap);
163:
164: /* Done */
165: return (chap);
166: }
167:
168: /*
169: * Cancel CHAP
170: */
171: void
172: ppp_auth_chap_cancel(void *arg)
173: {
174: struct ppp_auth_chap *chap = arg;
175:
176: pevent_unregister(&chap->timer);
177: ppp_log_close(&chap->log);
178: FREE(CHAP_MTYPE, chap);
179: }
180:
181: /*
182: * Handle timeout event.
183: */
184: static void
185: ppp_auth_chap_timeout(void *arg)
186: {
187: struct ppp_auth_chap *chap = arg;
188:
189: /* Logging */
190: LOG(LOG_DEBUG, "%s timeout", chap->dir == PPP_SELF ?
191: chap_codes[CHAP_CHALLENGE] : chap_codes[CHAP_RESPONSE]);
192:
193: /* Cancel timeout event */
194: pevent_unregister(&chap->timer);
195:
196: /* Send another challenge or response? */
197: if (chap->retry <= 0) {
198: ppp_link_auth_complete(chap->link, chap->dir, NULL, NULL);
199: return;
200: }
201:
202: /* Send challenge or response again */
203: if (chap->dir == PPP_SELF)
204: ppp_auth_chap_send_challenge(chap);
205: else
206: ppp_auth_chap_send_response(chap);
207: }
208:
209: /*
210: * Handle CHAP input
211: */
212: void
213: ppp_auth_chap_input(void *arg, int dir, void *data, size_t len)
214: {
215: struct ppp_auth_chap *chap = arg;
216: struct ppp_fsm_pkt *const pkt = data;
217: u_char value[PPP_MAX_AUTHVALUE];
218: char name[PPP_MAX_AUTHNAME];
219: int vlen;
220:
221: if (len < sizeof(*pkt))
222: return;
223: memcpy(pkt, data, sizeof(*pkt));
224: pkt->length = ntohs(pkt->length);
225: if (pkt->length > len)
226: return;
227: if (pkt->length < len)
228: len = pkt->length;
229: len -= sizeof(*pkt);
230: switch (pkt->code) {
231: case CHAP_CHALLENGE:
232: {
233: struct ppp_auth_cred_chap *const cred = &chap->cred.u.chap;
234:
235: /* Check direction */
236: if (dir != PPP_PEER)
237: break;
238:
239: /* Logging */
240: LOG(LOG_DEBUG, "rec'd %s #%u", chap_codes[pkt->code], pkt->id);
241:
242: /* Parse out packet contents */
243: if (ppp_chap_unpack(pkt->data, len, name, value, &vlen) == -1) {
244: LOG(LOG_NOTICE, "rec'd malformed %s",
245: chap_codes[pkt->code]);
246: break;
247: }
248:
249: #ifdef notyet
250: /* Don't respond to our own outstanding challenge */
251: /*
252: * Don't respond to a challenge that looks like it came from
253: * us and has the wrong origination value embedded in it. This
254: * avoids a security hole associated with using the same CHAP
255: * password to authenticate in both directions on a link.
256: */
257: #endif
258:
259: /* Check challenge length (fixed for MS-CHAP types) */
260: if (chap->type->cfixed && vlen != chap->type->clen) {
261: LOG(LOG_NOTICE, "wrong %s length %u != %u"
262: " for %s", chap_codes[pkt->code],
263: vlen, chap->type->clen, chap->auth->name);
264: break;
265: }
266:
267: /* Ignore if already handling a previous challenge */
268: if (ppp_link_auth_in_progress(chap->link, chap->dir)) {
269: LOG(LOG_DEBUG, "ignoring packet, action pending");
270: break;
271: }
272:
273: /* Partially fill in credentials based on challenge info */
274: memset(cred, 0, sizeof(*cred));
275: strlcpy(cred->name, name, sizeof(cred->name)); /* XXX */
276: cred->chal_len = vlen;
277: memcpy(cred->chal_data, value, cred->chal_len);
278: if (chap->type->set_id != NULL)
279: (*chap->type->set_id)(cred, pkt->id);
280: if (chap->auth->index == PPP_AUTH_CHAP_MSV2) {
281: if (ppp_util_random(cred->u.msv2.peer_chal,
282: sizeof(cred->u.msv2.peer_chal)) == -1) {
283: LOG(LOG_NOTICE, "%s: %m", "ppp_util_random");
284: break;
285: }
286: }
287:
288: /* Acquire credentials */
289: if (ppp_link_authorize(chap->link, chap->dir,
290: &chap->cred, ppp_auth_chap_acquire_finish) == -1) {
291: ppp_link_auth_complete(chap->link,
292: chap->dir, NULL, NULL);
293: break;
294: }
295:
296: /* Save peer's id for my response */
297: chap->id = pkt->id;
298:
299: /* Now wait for credentials acquisition to finish */
300: break;
301: }
302: case CHAP_RESPONSE:
303: {
304: struct ppp_auth_cred_chap *const cred = &chap->cred.u.chap;
305: int pvlen;
306:
307: /* Check direction */
308: if (dir != PPP_SELF)
309: break;
310:
311: /* Logging */
312: LOG(LOG_DEBUG, "rec'd %s #%u", chap_codes[pkt->code], pkt->id);
313:
314: /* Stop timer */
315: pevent_unregister(&chap->timer);
316:
317: /* Ignore if already checking a previous response */
318: if (ppp_link_auth_in_progress(chap->link, chap->dir)) {
319: LOG(LOG_DEBUG, "ignoring packet, action pending");
320: break;
321: }
322:
323: /* Fill out peer credentials using response packet */
324: if (ppp_chap_unpack(pkt->data, len, cred->name,
325: (u_char *)&cred->u + chap->type->roff, &pvlen) == -1) {
326: LOG(LOG_NOTICE, "rec'd malformed %s",
327: chap_codes[pkt->code]);
328: break;
329: }
330: if (chap->type->set_id != NULL)
331: (*chap->type->set_id)(cred, pkt->id);
332:
333: /* Check credentials */
334: if (ppp_link_authorize(chap->link, chap->dir,
335: &chap->cred, ppp_auth_chap_check_finish) == -1) {
336: ppp_auth_chap_send_result(chap, pkt->id, 0);
337: ppp_link_auth_complete(chap->link,
338: chap->dir, NULL, NULL);
339: break;
340: }
341:
342: /* Save peer's id for my response */
343: chap->id = pkt->id;
344:
345: /* Now wait for check to finish */
346: break;
347: }
348: case CHAP_ACK:
349: case CHAP_NAK:
350: {
351: int valid = (pkt->code == CHAP_ACK);
352:
353: /* Check direction */
354: if (dir != PPP_PEER)
355: break;
356:
357: /* Logging */
358: LOG(LOG_DEBUG, "rec'd %s #%u", chap_codes[pkt->code], pkt->id);
359:
360: /* Stop timer */
361: pevent_unregister(&chap->timer);
362:
363: /* Do final stuff */
364: if ((*chap->type->final)(&chap->cred.u.chap, chap->log,
365: valid, pkt->data, len, chap->resp.authresp) == -1) {
366: LOG(LOG_NOTICE, "invalid CHAP %s",
367: chap_codes[pkt->code]);
368: valid = 0;
369: }
370:
371: /* Finish up */
372: if (valid) {
373: ppp_link_auth_complete(chap->link,
374: chap->dir, &chap->cred, &chap->resp.mppe);
375: } else {
376: ppp_link_auth_complete(chap->link,
377: chap->dir, NULL, NULL);
378: }
379: break;
380: }
381: default:
382: break;
383: }
384: }
385:
386: /*
387: * Continue after a successful credentials acquisition.
388: */
389: static void
390: ppp_auth_chap_acquire_finish(void *arg,
391: const struct ppp_auth_cred *creds, const struct ppp_auth_resp *resp)
392: {
393: struct ppp_auth_chap *const chap = arg;
394: struct ppp_auth_cred_chap *const cred = &chap->cred.u.chap;
395:
396: /* Copy credentials */
397: chap->cred = *creds;
398:
399: /* Sanitize credentials */
400: cred->name[sizeof(cred->name) - 1] = '\0';
401: cred->chal_len = MAX(cred->chal_len, sizeof(cred->chal_data));
402:
403: /* Send response */
404: ppp_auth_chap_send_response(chap);
405: }
406:
407: /*
408: * Continue after a successful credentials check.
409: */
410: static void
411: ppp_auth_chap_check_finish(void *arg,
412: const struct ppp_auth_cred *creds, const struct ppp_auth_resp *resp)
413: {
414: struct ppp_auth_chap *const chap = arg;
415: struct ppp_auth_cred_chap *const cred = &chap->cred.u.chap;
416: int valid = (*resp->errmsg == '\0');
417:
418: /* Copy response */
419: chap->resp = *resp;
420:
421: /* Report validity */
422: if (valid) {
423: LOG(LOG_INFO, "rec'd %s credentials for \"%s\"",
424: "valid", cred->name);
425: } else {
426: LOG(LOG_NOTICE, "rec'd %s credentials for \"%s\": %s",
427: "invalid", cred->name, resp->errmsg);
428: }
429:
430: /* Send result */
431: ppp_auth_chap_send_result(chap, chap->id, valid);
432:
433: /* Finish up */
434: ppp_link_auth_complete(chap->link,
435: chap->dir, valid ? &chap->cred : NULL, &chap->resp.mppe);
436: }
437:
438: /*
439: * Send a CHAP challenge
440: */
441: static void
442: ppp_auth_chap_send_challenge(struct ppp_auth_chap *chap)
443: {
444: struct ppp_auth_cred_chap *cred = &chap->cred.u.chap;
445:
446: /* Create a challenge (first time only) */
447: if (chap->retry == CHAP_MAXTRY) {
448:
449: /* Generate random challenge bytes */
450: if (ppp_util_random(cred->chal_data, chap->type->clen) == -1) {
451: LOG(LOG_ERR, "%s: %m", "ppp_util_random");
452: return;
453: }
454: cred->chal_len = chap->type->clen;
455:
456: /* Set id field (if appropriate) */
457: if (chap->type->set_id != NULL)
458: (*chap->type->set_id)(&chap->cred.u.chap, ++chap->id);
459: }
460:
461: /* Send packet */
462: ppp_chap_send_value(chap, CHAP_CHALLENGE,
463: cred->chal_data, cred->chal_len, cred->name);
464: }
465:
466: /*
467: * Send a CHAP response.
468: */
469: static void
470: ppp_auth_chap_send_response(struct ppp_auth_chap *chap)
471: {
472: struct ppp_auth_cred_chap *const cred = &chap->cred.u.chap;
473: u_char value[PPP_MAX_AUTHVALUE];
474:
475: /* Send response */
476: memcpy((u_char *)&cred->u + chap->type->roff,
477: value, chap->type->rlen);
478: ppp_chap_send_value(chap, CHAP_RESPONSE,
479: value, chap->type->rlen, cred->name);
480: }
481:
482: /*
483: * Send a challenge or response packet.
484: */
485: static void
486: ppp_chap_send_value(struct ppp_auth_chap *chap, u_char code,
487: const u_char *value, size_t vlen, const char *name)
488: {
489: union {
490: u_char buf[sizeof(struct ppp_fsm_pkt) + 1
491: + PPP_MAX_AUTHVALUE + PPP_MAX_AUTHNAME];
492: struct ppp_fsm_pkt pkt;
493: } u;
494: struct ppp_fsm_pkt *const pkt = &u.pkt;
495:
496: /* Cancel previous timeout event (if any) and start another */
497: pevent_unregister(&chap->timer);
498: if (pevent_register(chap->ev_ctx, &chap->timer, 0, chap->mutex,
499: ppp_auth_chap_timeout, chap, PEVENT_TIME, CHAP_RETRY * 1000) == -1)
500: LOG(LOG_ERR, "%s: %m", "pevent_register");
501:
502: /* Construct packet */
503: pkt->id = chap->id;
504: pkt->code = code;
505: pkt->length = htons(sizeof(*pkt) + 1 + vlen + strlen(name));
506: pkt->data[0] = vlen;
507: memcpy(pkt->data + 1, value, vlen);
508: memcpy(pkt->data + 1 + vlen, name, strlen(name));
509:
510: /* Logging */
511: LOG(LOG_DEBUG, "xmit %s #%u", chap_codes[code], chap->id);
512:
513: /* Send packet */
514: ppp_link_write(chap->link, PPP_PROTO_CHAP, pkt, ntohs(pkt->length));
515:
516: /* Decrement retry counter */
517: chap->retry--;
518: }
519:
520: /*
521: * Send a CHAP result
522: */
523: static void
524: ppp_auth_chap_send_result(struct ppp_auth_chap *chap, u_char id, int ack)
525: {
526: union {
527: u_char buf[sizeof(struct ppp_fsm_pkt) + CHAP_MSG_BUFSIZE];
528: struct ppp_fsm_pkt pkt;
529: } u;
530: struct ppp_fsm_pkt *const pkt = &u.pkt;
531: struct ppp_auth_cred_chap *cred = &chap->cred.u.chap;
532: int i;
533:
534: /* Construct packet */
535: pkt->id = id;
536: pkt->code = ack ? CHAP_ACK : CHAP_NAK;
537:
538: /* Add response string */
539: switch (chap->auth->index) {
540: case PPP_AUTH_CHAP_MSV1:
541: strlcpy(pkt->data, ack ? MSCHAPV1_MSG_ACK
542: : MSCHAPV1_MSG_NAK, CHAP_MSG_BUFSIZE);
543: break;
544: case PPP_AUTH_CHAP_MSV2:
545: if (ack) {
546: char hex[(PPP_MSOFTV2_AUTHRESP_LEN * 2) + 1];
547:
548: for (i = 0; i < PPP_MSOFTV2_AUTHRESP_LEN; i++) {
549: sprintf(hex + (i * 2),
550: "%02X", chap->resp.authresp[i]);
551: }
552: snprintf(pkt->data, CHAP_MSG_BUFSIZE, "S=%s", hex);
553: } else {
554: char cbuf[(2 * PPP_MSOFTV2_CHAL_LEN) + 1];
555:
556: for (i = 0; i < PPP_MSOFTV2_CHAL_LEN; i++) {
557: sprintf(cbuf + (2 * i),
558: "%02X", cred->u.msv2.peer_chal[i]);
559: }
560: snprintf(pkt->data, CHAP_MSG_BUFSIZE,
561: "E=691 R=0 C=%s V=3 M=%s", cbuf, MSCHAPV2_MSG_NAK);
562: }
563: break;
564: default:
565: strlcpy(pkt->data, ack ? CHAP_MSG_ACK
566: : CHAP_MSG_NAK, CHAP_MSG_BUFSIZE);
567: break;
568: }
569: pkt->length = htons(sizeof(*pkt) + strlen(pkt->data));
570:
571: /* Logging */
572: LOG(LOG_DEBUG, "xmit %s #%u", chap_codes[pkt->code], chap->id);
573:
574: /* Send packet */
575: ppp_link_write(chap->link, PPP_PROTO_CHAP, pkt, ntohs(pkt->length));
576: }
577:
578: /*
579: * Decode a CHAP challenge or response packet.
580: */
581: static int
582: ppp_chap_unpack(const u_char *data, size_t len,
583: char *name, u_char *value, int *vlenp)
584: {
585: int nlen;
586: int vlen;
587:
588: /* Check well-formedness */
589: if (len < 1
590: || (vlen = data[0]) < 1
591: || vlen > PPP_MAX_AUTHVALUE
592: || (nlen = len - vlen - 1) < 0
593: || nlen > PPP_MAX_AUTHNAME - 1)
594: return (-1);
595:
596: /* Get stuff */
597: memcpy(name, data + 1 + vlen, nlen);
598: name[nlen] = '\0';
599: memcpy(value, data + 1, vlen);
600: *vlenp = vlen;
601: return (0);
602: }
603:
604:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to ppp_auth_chap.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / libpdel / ppp