Lines Matching +full:child +full:- +full:nodes
1 /*-
2 * SPDX-License-Identifier: BSD-2-Clause
4 * Copyright (c) 1996 - 2001 Brian Somers <brian@Awfulhak.org>
5 * based on work by Toshiharu OHNO <tony-o@iij.ad.jp>
41 #ifndef NODES
88 #ifndef NODES
97 #define MAXCHAPCODE (sizeof chapcodes / sizeof chapcodes[0] - 1)
120 link_PushPacket(&physical->link, bp, physical->dl->bundle, in ChapOutput()
121 LINK_QUEUES(&physical->link) - 1, PROTO_CHAP); in ChapOutput()
126 #ifndef NODES in chap_BuildAnswer()
138 #ifndef NODES in chap_BuildAnswer()
162 * ----------- in chap_BuildAnswer()
164 * ----------- in chap_BuildAnswer()
171 * ---- -------- ---------------- ------- ------ in chap_BuildAnswer()
173 * ---- -------- ---------------- ------- ------ in chap_BuildAnswer()
178 * ---- -------- ------------- ----- ------ in chap_BuildAnswer()
181 * ---- -------- ------------- ----- ------ in chap_BuildAnswer()
246 * ---- -------- ------ in chap_BuildAnswer()
248 * ---- -------- ------ in chap_BuildAnswer()
263 if (chap->child.fd != -1) { in chap_StartChild()
268 if (pipe(in) == -1) { in chap_StartChild()
273 if (pipe(out) == -1) { in chap_StartChild()
281 switch ((chap->child.pid = fork())) { in chap_StartChild()
282 case -1: in chap_StartChild()
288 chap->child.pid = 0; in chap_StartChild()
314 for (fd = getdtablesize(); fd > STDERR_FILENO; fd--) in chap_StartChild()
320 chap->auth.physical->dl->bundle, 0, pid); in chap_StartChild()
328 chap->child.fd = out[0]; in chap_StartChild()
329 chap->child.buf.len = 0; in chap_StartChild()
330 write(in[1], chap->auth.in.name, strlen(chap->auth.in.name)); in chap_StartChild()
332 write(in[1], chap->challenge.peer + 1, *chap->challenge.peer); in chap_StartChild()
344 if (chap->child.pid) { in chap_Cleanup()
347 close(chap->child.fd); in chap_Cleanup()
348 chap->child.fd = -1; in chap_Cleanup()
350 kill(chap->child.pid, SIGTERM); in chap_Cleanup()
351 chap->child.pid = 0; in chap_Cleanup()
352 chap->child.buf.len = 0; in chap_Cleanup()
354 if (wait(&status) == -1) in chap_Cleanup()
357 log_Printf(LogWARN, "Chap: Child received signal %d\n", WTERMSIG(status)); in chap_Cleanup()
359 log_Printf(LogERROR, "Chap: Child exited %d\n", WEXITSTATUS(status)); in chap_Cleanup()
361 *chap->challenge.local = *chap->challenge.peer = '\0'; in chap_Cleanup()
362 #ifndef NODES in chap_Cleanup()
363 chap->peertries = 0; in chap_Cleanup()
369 #ifndef NODES in chap_Respond()
376 ans = chap_BuildAnswer(name, key, chap->auth.id, chap->challenge.peer in chap_Respond()
377 #ifndef NODES in chap_Respond()
378 , type, chap->challenge.local, chap->authresponse, lm in chap_Respond()
383 ChapOutput(chap->auth.physical, CHAP_RESPONSE, chap->auth.id, in chap_Respond()
385 #ifndef NODES in chap_Respond()
386 chap->NTRespSent = !lm; in chap_Respond()
391 ChapOutput(chap->auth.physical, CHAP_FAILURE, chap->auth.id, in chap_Respond()
401 if (r && chap && chap->child.fd != -1) { in chap_UpdateSet()
402 FD_SET(chap->child.fd, r); in chap_UpdateSet()
403 if (*n < chap->child.fd + 1) in chap_UpdateSet()
404 *n = chap->child.fd + 1; in chap_UpdateSet()
405 log_Printf(LogTIMER, "Chap: fdset(r) %d\n", chap->child.fd); in chap_UpdateSet()
417 return chap && chap->child.fd != -1 && FD_ISSET(chap->child.fd, fdset); in chap_IsSet()
427 got = read(chap->child.fd, chap->child.buf.ptr + chap->child.buf.len, in chap_Read()
428 sizeof chap->child.buf.ptr - chap->child.buf.len - 1); in chap_Read()
429 if (got == -1) { in chap_Read()
433 log_Printf(LogWARN, "Chap: Read: Child terminated connection\n"); in chap_Read()
438 chap->child.buf.len += got; in chap_Read()
439 chap->child.buf.ptr[chap->child.buf.len] = '\0'; in chap_Read()
440 name = chap->child.buf.ptr; in chap_Read()
448 if (chap->child.buf.len == sizeof chap->child.buf.ptr - 1) { in chap_Read()
453 #ifndef NODES in chap_Read()
454 int lanman = chap->auth.physical->link.lcp.his_authtype == 0x80 && in chap_Read()
455 ((chap->NTRespSent && in chap_Read()
456 IsAccepted(chap->auth.physical->link.lcp.cfg.chap80lm)) || in chap_Read()
457 !IsAccepted(chap->auth.physical->link.lcp.cfg.chap80nt)); in chap_Read()
461 *end-- = '\0'; in chap_Read()
462 end = key - 1; in chap_Read()
464 *end-- = '\0'; in chap_Read()
468 #ifndef NODES in chap_Read()
469 , chap->auth.physical->link.lcp.his_authtype, lanman in chap_Read()
493 len = strlen(authp->physical->dl->bundle->cfg.auth.name); in chap_ChallengeInit()
495 if (!*chap->challenge.local) { in chap_ChallengeInit()
497 cp = chap->challenge.local; in chap_ChallengeInit()
500 if (*authp->physical->dl->bundle->radius.cfg.file) { in chap_ChallengeInit()
508 #ifndef NODES in chap_ChallengeInit()
509 if (authp->physical->link.lcp.want_authtype == 0x80) in chap_ChallengeInit()
510 *cp++ = 8; /* MS does 8 byte callenges :-/ */ in chap_ChallengeInit()
511 else if (authp->physical->link.lcp.want_authtype == 0x81) in chap_ChallengeInit()
512 *cp++ = 16; /* MS-CHAP-V2 does 16 bytes challenges */ in chap_ChallengeInit()
515 *cp++ = random() % (CHAPCHALLENGELEN-16) + 16; in chap_ChallengeInit()
516 for (i = 0; i < *chap->challenge.local; i++) in chap_ChallengeInit()
519 memcpy(cp, authp->physical->dl->bundle->cfg.auth.name, len); in chap_ChallengeInit()
530 authp->physical->link.lcp.want_authtype); in chap_Challenge()
532 len = strlen(authp->physical->dl->bundle->cfg.auth.name); in chap_Challenge()
535 if (!*chap->challenge.local) in chap_Challenge()
538 #ifndef NODES in chap_Challenge()
539 if (authp->physical->link.lcp.want_authtype == 0x81) in chap_Challenge()
540 ChapOutput(authp->physical, CHAP_CHALLENGE, authp->id, in chap_Challenge()
541 chap->challenge.local, 1 + *chap->challenge.local, NULL); in chap_Challenge()
544 ChapOutput(authp->physical, CHAP_CHALLENGE, authp->id, in chap_Challenge()
545 chap->challenge.local, 1 + *chap->challenge.local + len, NULL); in chap_Challenge()
551 struct bundle *bundle = authp->physical->dl->bundle; in chap_Success()
554 datalink_GotAuthname(authp->physical->dl, authp->in.name); in chap_Success()
555 #ifndef NODES in chap_Success()
556 if (authp->physical->link.lcp.want_authtype == 0x81) { in chap_Success()
558 if (*bundle->radius.cfg.file && bundle->radius.msrepstr) in chap_Success()
559 msg = bundle->radius.msrepstr; in chap_Success()
562 msg = auth2chap(authp)->authresponse; in chap_Success()
567 if (*bundle->radius.cfg.file && bundle->radius.repstr) in chap_Success()
568 msg = bundle->radius.repstr; in chap_Success()
573 ChapOutput(authp->physical, CHAP_SUCCESS, authp->id, msg, strlen(msg), in chap_Success()
576 authp->physical->link.lcp.auth_ineed = 0; in chap_Success()
578 physical_Login(authp->physical, authp->in.name); in chap_Success()
580 if (authp->physical->link.lcp.auth_iwait == 0) in chap_Success()
585 datalink_AuthOk(authp->physical->dl); in chap_Success()
591 #ifndef NODES in chap_Failure()
597 struct bundle *bundle = authp->physical->link.lcp.fsm.bundle; in chap_Failure()
598 if (*bundle->radius.cfg.file && bundle->radius.errstr) in chap_Failure()
599 msg = bundle->radius.errstr; in chap_Failure()
602 #ifndef NODES in chap_Failure()
603 if (authp->physical->link.lcp.want_authtype == 0x80) { in chap_Failure()
606 } else if (authp->physical->link.lcp.want_authtype == 0x81) { in chap_Failure()
612 ptr += sprintf(ptr, "%02X", *(auth2chap(authp)->challenge.local+1+i)); in chap_Failure()
620 ChapOutput(authp->physical, CHAP_FAILURE, authp->id, msg, strlen(msg) + 1, in chap_Failure()
622 datalink_AuthNotOk(authp->physical->dl); in chap_Failure()
627 #ifndef NODES in chap_Cmp()
639 #ifndef NODES in chap_Cmp()
646 for (; mylen; off++, mylen--) in chap_Cmp()
653 #ifndef NODES
657 if (++chap->peertries < 3) { in chap_HaveAnotherGo()
659 *chap->challenge.local = '\0'; in chap_HaveAnotherGo()
660 chap_Challenge(&chap->auth); in chap_HaveAnotherGo()
671 chap->desc.type = CHAP_DESCRIPTOR; in chap_Init()
672 chap->desc.UpdateSet = chap_UpdateSet; in chap_Init()
673 chap->desc.IsSet = chap_IsSet; in chap_Init()
674 chap->desc.Read = chap_Read; in chap_Init()
675 chap->desc.Write = chap_Write; in chap_Init()
676 chap->child.pid = 0; in chap_Init()
677 chap->child.fd = -1; in chap_Init()
678 auth_Init(&chap->auth, p, chap_Challenge, chap_Success, chap_Failure); in chap_Init()
679 *chap->challenge.local = *chap->challenge.peer = '\0'; in chap_Init()
680 #ifndef NODES in chap_Init()
681 chap->NTRespSent = 0; in chap_Init()
682 chap->peertries = 0; in chap_Init()
696 struct chap *chap = &p->dl->chap; in chap_Input()
701 #ifndef NODES in chap_Input()
706 log_Printf(LogERROR, "chap_Input: Not a physical link - dropped\n"); in chap_Input()
713 log_Printf(LogPHASE, "Unexpected chap input - dropped !\n"); in chap_Input()
719 if ((bp = auth_ReadHeader(&chap->auth, bp)) == NULL && in chap_Input()
720 ntohs(chap->auth.in.hdr.length) == 0) in chap_Input()
722 else if (chap->auth.in.hdr.code == 0 || chap->auth.in.hdr.code > MAXCHAPCODE) in chap_Input()
724 chap->auth.in.hdr.code); in chap_Input()
729 if (chap->auth.in.hdr.code != CHAP_CHALLENGE && in chap_Input()
730 chap->auth.id != chap->auth.in.hdr.id && in chap_Input()
734 chapcodes[chap->auth.in.hdr.code], chap->auth.in.hdr.id, in chap_Input()
735 chap->auth.id); in chap_Input()
739 chap->auth.id = chap->auth.in.hdr.id; /* We respond with this id */ in chap_Input()
741 #ifndef NODES in chap_Input()
744 switch (chap->auth.in.hdr.code) { in chap_Input()
747 len -= alen + 1; in chap_Input()
753 *chap->challenge.peer = alen; in chap_Input()
754 bp = mbuf_Read(bp, chap->challenge.peer + 1, alen); in chap_Input()
755 bp = auth_ReadName(&chap->auth, bp, len); in chap_Input()
756 #ifndef NODES in chap_Input()
757 lanman = p->link.lcp.his_authtype == 0x80 && in chap_Input()
758 ((chap->NTRespSent && IsAccepted(p->link.lcp.cfg.chap80lm)) || in chap_Input()
759 !IsAccepted(p->link.lcp.cfg.chap80nt)); in chap_Input()
762 chap_ChallengeInit(&chap->auth); in chap_Input()
767 auth_StopTimer(&chap->auth); in chap_Input()
769 len -= alen + 1; in chap_Input()
780 *ans = chap->auth.id; in chap_Input()
782 bp = auth_ReadName(&chap->auth, bp, len); in chap_Input()
783 #ifndef NODES in chap_Input()
784 lanman = p->link.lcp.want_authtype == 0x80 && in chap_Input()
791 /* chap->auth.in.name is already set up at CHALLENGE time */ in chap_Input()
802 switch (chap->auth.in.hdr.code) { in chap_Input()
805 if (*chap->auth.in.name) in chap_Input()
807 chapcodes[chap->auth.in.hdr.code], alen, in chap_Input()
808 chap->auth.in.name, in chap_Input()
809 #ifndef NODES in chap_Input()
810 lanman && chap->auth.in.hdr.code == CHAP_RESPONSE ? in chap_Input()
811 " - lanman" : in chap_Input()
816 chapcodes[chap->auth.in.hdr.code], alen, in chap_Input()
817 #ifndef NODES in chap_Input()
818 lanman && chap->auth.in.hdr.code == CHAP_RESPONSE ? in chap_Input()
819 " - lanman" : in chap_Input()
828 chapcodes[chap->auth.in.hdr.code], ans); in chap_Input()
831 chapcodes[chap->auth.in.hdr.code]); in chap_Input()
835 switch (chap->auth.in.hdr.code) { in chap_Input()
837 if (*bundle->cfg.auth.key == '!' && bundle->cfg.auth.key[1] != '!') in chap_Input()
838 chap_StartChild(chap, bundle->cfg.auth.key + 1, in chap_Input()
839 bundle->cfg.auth.name); in chap_Input()
841 chap_Respond(chap, bundle->cfg.auth.name, bundle->cfg.auth.key + in chap_Input()
842 (*bundle->cfg.auth.key == '!' ? 1 : 0) in chap_Input()
844 #ifndef NODES in chap_Input()
845 , p->link.lcp.his_authtype, lanman in chap_Input()
851 name = chap->auth.in.name; in chap_Input()
853 #ifndef NODES in chap_Input()
854 if (p->link.lcp.want_authtype == 0x81) { in chap_Input()
857 chap->challenge.peer[0] = sizeof resp->PeerChallenge; in chap_Input()
858 memcpy(chap->challenge.peer + 1, resp->PeerChallenge, in chap_Input()
859 sizeof resp->PeerChallenge); in chap_Input()
864 if (*bundle->radius.cfg.file) { in chap_Input()
865 if (!radius_Authenticate(&bundle->radius, &chap->auth, in chap_Input()
866 chap->auth.in.name, ans, alen + 1, in chap_Input()
867 chap->challenge.local + 1, in chap_Input()
868 *chap->challenge.local)) in chap_Input()
869 chap_Failure(&chap->auth); in chap_Input()
873 if (p->link.lcp.want_authtype == 0x81 && ans[alen] != '\0' && in chap_Input()
878 "CHAP81 RESPONSE\n", l->name); in chap_Input()
879 resp->Flags = '\0'; /* rfc2759 says it *MUST* be zero */ in chap_Input()
883 #ifndef NODES in chap_Input()
884 if (p->link.lcp.want_authtype == 0x80 && in chap_Input()
885 lanman && !IsEnabled(p->link.lcp.cfg.chap80lm)) { in chap_Input()
890 } else if (p->link.lcp.want_authtype == 0x80 && in chap_Input()
891 !lanman && !IsEnabled(p->link.lcp.cfg.chap80nt)) { in chap_Input()
896 } else if (p->link.lcp.want_authtype == 0x81 && in chap_Input()
897 !IsEnabled(p->link.lcp.cfg.chap81)) { in chap_Input()
903 char *myans = chap_BuildAnswer(name, key, chap->auth.id, in chap_Input()
904 chap->challenge.local in chap_Input()
905 #ifndef NODES in chap_Input()
906 , p->link.lcp.want_authtype, in chap_Input()
907 chap->challenge.peer, in chap_Input()
908 chap->authresponse, lanman); in chap_Input()
917 #ifndef NODES in chap_Input()
918 , p->link.lcp.want_authtype, lanman in chap_Input()
928 chap_Success(&chap->auth); in chap_Input()
930 chap_Failure(&chap->auth); in chap_Input()
936 if (p->link.lcp.auth_iwait == PROTO_CHAP) { in chap_Input()
937 p->link.lcp.auth_iwait = 0; in chap_Input()
938 if (p->link.lcp.auth_ineed == 0) { in chap_Input()
939 #ifndef NODES in chap_Input()
940 if (p->link.lcp.his_authtype == 0x81) { in chap_Input()
941 if (strncasecmp(ans, chap->authresponse, 42)) { in chap_Input()
942 datalink_AuthNotOk(p->dl); in chap_Input()
944 " != ans: (%.42s)\n", chap->authresponse, ans); in chap_Input()
949 datalink_AuthOk(p->dl); in chap_Input()
958 datalink_AuthOk(p->dl); in chap_Input()
964 datalink_AuthNotOk(p->dl); in chap_Input()