1 /* 2 * PPP CHAP Module 3 * 4 * Written by Toshiharu OHNO (tony-o@iij.ad.jp) 5 * 6 * Copyright (C) 1993, Internet Initiative Japan, Inc. All rights reserverd. 7 * 8 * Redistribution and use in source and binary forms are permitted 9 * provided that the above copyright notice and this paragraph are 10 * duplicated in all such forms and that any documentation, 11 * advertising materials, and other materials related to such 12 * distribution and use acknowledge that the software was developed 13 * by the Internet Initiative Japan, Inc. The name of the 14 * IIJ may not be used to endorse or promote products derived 15 * from this software without specific prior written permission. 16 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 18 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 19 * 20 * $FreeBSD$ 21 * 22 * TODO: 23 */ 24 #include <sys/param.h> 25 #include <netinet/in.h> 26 #include <netinet/in_systm.h> 27 #include <netinet/ip.h> 28 #include <sys/un.h> 29 30 #include <errno.h> 31 #include <fcntl.h> 32 #ifdef HAVE_DES 33 #include <md4.h> 34 #endif 35 #include <md5.h> 36 #include <paths.h> 37 #include <signal.h> 38 #include <stdio.h> 39 #include <stdlib.h> 40 #include <string.h> 41 #include <sys/wait.h> 42 #include <termios.h> 43 #include <unistd.h> 44 45 #include "layer.h" 46 #include "mbuf.h" 47 #include "log.h" 48 #include "defs.h" 49 #include "timer.h" 50 #include "fsm.h" 51 #include "proto.h" 52 #include "lcp.h" 53 #include "lqr.h" 54 #include "hdlc.h" 55 #include "auth.h" 56 #include "async.h" 57 #include "throughput.h" 58 #include "descriptor.h" 59 #include "chap.h" 60 #include "iplist.h" 61 #include "slcompress.h" 62 #include "ipcp.h" 63 #include "filter.h" 64 #include "ccp.h" 65 #include "link.h" 66 #include "physical.h" 67 #include "mp.h" 68 #ifndef NORADIUS 69 #include "radius.h" 70 #endif 71 #include "bundle.h" 72 #include "chat.h" 73 #include "cbcp.h" 74 #include "command.h" 75 #include "datalink.h" 76 #ifdef HAVE_DES 77 #include "chap_ms.h" 78 #endif 79 80 static const char *chapcodes[] = { 81 "???", "CHALLENGE", "RESPONSE", "SUCCESS", "FAILURE" 82 }; 83 #define MAXCHAPCODE (sizeof chapcodes / sizeof chapcodes[0] - 1) 84 85 static void 86 ChapOutput(struct physical *physical, u_int code, u_int id, 87 const u_char *ptr, int count, const char *text) 88 { 89 int plen; 90 struct fsmheader lh; 91 struct mbuf *bp; 92 93 plen = sizeof(struct fsmheader) + count; 94 lh.code = code; 95 lh.id = id; 96 lh.length = htons(plen); 97 bp = m_get(plen, MB_CHAPOUT); 98 memcpy(MBUF_CTOP(bp), &lh, sizeof(struct fsmheader)); 99 if (count) 100 memcpy(MBUF_CTOP(bp) + sizeof(struct fsmheader), ptr, count); 101 log_DumpBp(LogDEBUG, "ChapOutput", bp); 102 if (text == NULL) 103 log_Printf(LogPHASE, "Chap Output: %s\n", chapcodes[code]); 104 else 105 log_Printf(LogPHASE, "Chap Output: %s (%s)\n", chapcodes[code], text); 106 link_PushPacket(&physical->link, bp, physical->dl->bundle, 107 LINK_QUEUES(&physical->link) - 1, PROTO_CHAP); 108 } 109 110 static char * 111 chap_BuildAnswer(char *name, char *key, u_char id, char *challenge, u_char type 112 #ifdef HAVE_DES 113 , int lanman 114 #endif 115 ) 116 { 117 char *result, *digest; 118 size_t nlen, klen; 119 120 nlen = strlen(name); 121 klen = strlen(key); 122 123 #ifdef HAVE_DES 124 if (type == 0x80) { 125 char expkey[AUTHLEN << 2]; 126 MD4_CTX MD4context; 127 int f; 128 129 if ((result = malloc(1 + nlen + MS_CHAP_RESPONSE_LEN)) == NULL) 130 return result; 131 132 digest = result; /* the response */ 133 *digest++ = MS_CHAP_RESPONSE_LEN; /* 49 */ 134 memcpy(digest + MS_CHAP_RESPONSE_LEN, name, nlen); 135 if (lanman) { 136 memset(digest + 24, '\0', 25); 137 mschap_LANMan(digest, challenge + 1, key); /* LANMan response */ 138 } else { 139 memset(digest, '\0', 25); 140 digest += 24; 141 142 for (f = 0; f < klen; f++) { 143 expkey[2*f] = key[f]; 144 expkey[2*f+1] = '\0'; 145 } 146 /* 147 * ----------- 148 * expkey = | k\0e\0y\0 | 149 * ----------- 150 */ 151 MD4Init(&MD4context); 152 MD4Update(&MD4context, expkey, klen << 1); 153 MD4Final(digest, &MD4context); 154 155 /* 156 * ---- -------- ---------------- ------- ------ 157 * result = | 49 | LANMan | 16 byte digest | 9 * ? | name | 158 * ---- -------- ---------------- ------- ------ 159 */ 160 mschap_NT(digest, challenge + 1); 161 } 162 /* 163 * ---- -------- ------------- ----- ------ 164 * | | struct MS_ChapResponse24 | | 165 * result = | 49 | LANMan | NT digest | 0/1 | name | 166 * ---- -------- ------------- ----- ------ 167 * where only one of LANMan & NT digest are set. 168 */ 169 } else 170 #endif 171 if ((result = malloc(nlen + 17)) != NULL) { 172 /* Normal MD5 stuff */ 173 MD5_CTX MD5context; 174 175 digest = result; 176 *digest++ = 16; /* value size */ 177 178 MD5Init(&MD5context); 179 MD5Update(&MD5context, &id, 1); 180 MD5Update(&MD5context, key, klen); 181 MD5Update(&MD5context, challenge + 1, *challenge); 182 MD5Final(digest, &MD5context); 183 184 memcpy(digest + 16, name, nlen); 185 /* 186 * ---- -------- ------ 187 * result = | 16 | digest | name | 188 * ---- -------- ------ 189 */ 190 } 191 192 return result; 193 } 194 195 static void 196 chap_StartChild(struct chap *chap, char *prog, const char *name) 197 { 198 char *argv[MAXARGS], *nargv[MAXARGS]; 199 int argc, fd; 200 int in[2], out[2]; 201 pid_t pid; 202 203 if (chap->child.fd != -1) { 204 log_Printf(LogWARN, "Chap: %s: Program already running\n", prog); 205 return; 206 } 207 208 if (pipe(in) == -1) { 209 log_Printf(LogERROR, "Chap: pipe: %s\n", strerror(errno)); 210 return; 211 } 212 213 if (pipe(out) == -1) { 214 log_Printf(LogERROR, "Chap: pipe: %s\n", strerror(errno)); 215 close(in[0]); 216 close(in[1]); 217 return; 218 } 219 220 pid = getpid(); 221 switch ((chap->child.pid = fork())) { 222 case -1: 223 log_Printf(LogERROR, "Chap: fork: %s\n", strerror(errno)); 224 close(in[0]); 225 close(in[1]); 226 close(out[0]); 227 close(out[1]); 228 chap->child.pid = 0; 229 return; 230 231 case 0: 232 timer_TermService(); 233 234 if ((argc = command_Interpret(prog, strlen(prog), argv)) <= 0) { 235 if (argc < 0) { 236 log_Printf(LogWARN, "CHAP: Invalid command syntax\n"); 237 _exit(255); 238 } 239 _exit(0); 240 } 241 242 close(in[1]); 243 close(out[0]); 244 if (out[1] == STDIN_FILENO) 245 out[1] = dup(out[1]); 246 dup2(in[0], STDIN_FILENO); 247 dup2(out[1], STDOUT_FILENO); 248 close(STDERR_FILENO); 249 if (open(_PATH_DEVNULL, O_RDWR) != STDERR_FILENO) { 250 log_Printf(LogALERT, "Chap: Failed to open %s: %s\n", 251 _PATH_DEVNULL, strerror(errno)); 252 exit(1); 253 } 254 for (fd = getdtablesize(); fd > STDERR_FILENO; fd--) 255 fcntl(fd, F_SETFD, 1); 256 setuid(geteuid()); 257 command_Expand(nargv, argc, (char const *const *)argv, 258 chap->auth.physical->dl->bundle, 0, pid); 259 execvp(nargv[0], nargv); 260 printf("exec() of %s failed: %s\n", nargv[0], strerror(errno)); 261 _exit(255); 262 263 default: 264 close(in[0]); 265 close(out[1]); 266 chap->child.fd = out[0]; 267 chap->child.buf.len = 0; 268 write(in[1], chap->auth.in.name, strlen(chap->auth.in.name)); 269 write(in[1], "\n", 1); 270 write(in[1], chap->challenge.peer + 1, *chap->challenge.peer); 271 write(in[1], "\n", 1); 272 write(in[1], name, strlen(name)); 273 write(in[1], "\n", 1); 274 close(in[1]); 275 break; 276 } 277 } 278 279 static void 280 chap_Cleanup(struct chap *chap, int sig) 281 { 282 if (chap->child.pid) { 283 int status; 284 285 close(chap->child.fd); 286 chap->child.fd = -1; 287 if (sig) 288 kill(chap->child.pid, SIGTERM); 289 chap->child.pid = 0; 290 chap->child.buf.len = 0; 291 292 if (wait(&status) == -1) 293 log_Printf(LogERROR, "Chap: wait: %s\n", strerror(errno)); 294 else if (WIFSIGNALED(status)) 295 log_Printf(LogWARN, "Chap: Child received signal %d\n", WTERMSIG(status)); 296 else if (WIFEXITED(status) && WEXITSTATUS(status)) 297 log_Printf(LogERROR, "Chap: Child exited %d\n", WEXITSTATUS(status)); 298 } 299 *chap->challenge.local = *chap->challenge.peer = '\0'; 300 #ifdef HAVE_DES 301 chap->peertries = 0; 302 #endif 303 } 304 305 static void 306 chap_Respond(struct chap *chap, char *name, char *key, u_char type 307 #ifdef HAVE_DES 308 , int lm 309 #endif 310 ) 311 { 312 u_char *ans; 313 314 ans = chap_BuildAnswer(name, key, chap->auth.id, chap->challenge.peer, type 315 #ifdef HAVE_DES 316 , lm 317 #endif 318 ); 319 320 if (ans) { 321 ChapOutput(chap->auth.physical, CHAP_RESPONSE, chap->auth.id, 322 ans, *ans + 1 + strlen(name), name); 323 #ifdef HAVE_DES 324 chap->NTRespSent = !lm; 325 #endif 326 free(ans); 327 } else 328 ChapOutput(chap->auth.physical, CHAP_FAILURE, chap->auth.id, 329 "Out of memory!", 14, NULL); 330 } 331 332 static int 333 chap_UpdateSet(struct descriptor *d, fd_set *r, fd_set *w, fd_set *e, int *n) 334 { 335 struct chap *chap = descriptor2chap(d); 336 337 if (r && chap && chap->child.fd != -1) { 338 FD_SET(chap->child.fd, r); 339 if (*n < chap->child.fd + 1) 340 *n = chap->child.fd + 1; 341 log_Printf(LogTIMER, "Chap: fdset(r) %d\n", chap->child.fd); 342 return 1; 343 } 344 345 return 0; 346 } 347 348 static int 349 chap_IsSet(struct descriptor *d, const fd_set *fdset) 350 { 351 struct chap *chap = descriptor2chap(d); 352 353 return chap && chap->child.fd != -1 && FD_ISSET(chap->child.fd, fdset); 354 } 355 356 static void 357 chap_Read(struct descriptor *d, struct bundle *bundle, const fd_set *fdset) 358 { 359 struct chap *chap = descriptor2chap(d); 360 int got; 361 362 got = read(chap->child.fd, chap->child.buf.ptr + chap->child.buf.len, 363 sizeof chap->child.buf.ptr - chap->child.buf.len - 1); 364 if (got == -1) { 365 log_Printf(LogERROR, "Chap: Read: %s\n", strerror(errno)); 366 chap_Cleanup(chap, SIGTERM); 367 } else if (got == 0) { 368 log_Printf(LogWARN, "Chap: Read: Child terminated connection\n"); 369 chap_Cleanup(chap, SIGTERM); 370 } else { 371 char *name, *key, *end; 372 373 chap->child.buf.len += got; 374 chap->child.buf.ptr[chap->child.buf.len] = '\0'; 375 name = chap->child.buf.ptr; 376 name += strspn(name, " \t"); 377 if ((key = strchr(name, '\n')) == NULL) 378 end = NULL; 379 else 380 end = strchr(++key, '\n'); 381 382 if (end == NULL) { 383 if (chap->child.buf.len == sizeof chap->child.buf.ptr - 1) { 384 log_Printf(LogWARN, "Chap: Read: Input buffer overflow\n"); 385 chap_Cleanup(chap, SIGTERM); 386 } 387 } else { 388 #ifdef HAVE_DES 389 int lanman = chap->auth.physical->link.lcp.his_authtype == 0x80 && 390 ((chap->NTRespSent && 391 IsAccepted(chap->auth.physical->link.lcp.cfg.chap80lm)) || 392 !IsAccepted(chap->auth.physical->link.lcp.cfg.chap80nt)); 393 #endif 394 395 while (end >= name && strchr(" \t\r\n", *end)) 396 *end-- = '\0'; 397 end = key - 1; 398 while (end >= name && strchr(" \t\r\n", *end)) 399 *end-- = '\0'; 400 key += strspn(key, " \t"); 401 402 chap_Respond(chap, name, key, chap->auth.physical->link.lcp.his_authtype 403 #ifdef HAVE_DES 404 , lanman 405 #endif 406 ); 407 chap_Cleanup(chap, 0); 408 } 409 } 410 } 411 412 static int 413 chap_Write(struct descriptor *d, struct bundle *bundle, const fd_set *fdset) 414 { 415 /* We never want to write here ! */ 416 log_Printf(LogALERT, "chap_Write: Internal error: Bad call !\n"); 417 return 0; 418 } 419 420 static void 421 chap_Challenge(struct authinfo *authp) 422 { 423 struct chap *chap = auth2chap(authp); 424 int len, i; 425 char *cp; 426 427 len = strlen(authp->physical->dl->bundle->cfg.auth.name); 428 429 if (!*chap->challenge.local) { 430 randinit(); 431 cp = chap->challenge.local; 432 433 #ifndef NORADIUS 434 if (*authp->physical->dl->bundle->radius.cfg.file) { 435 /* For radius, our challenge is 16 readable NUL terminated bytes :*/ 436 *cp++ = 16; 437 for (i = 0; i < 16; i++) 438 *cp++ = (random() % 10) + '0'; 439 } else 440 #endif 441 { 442 #ifdef HAVE_DES 443 if (authp->physical->link.lcp.want_authtype == 0x80) 444 *cp++ = 8; /* MS does 8 byte callenges :-/ */ 445 else 446 #endif 447 *cp++ = random() % (CHAPCHALLENGELEN-16) + 16; 448 for (i = 0; i < *chap->challenge.local; i++) 449 *cp++ = random() & 0xff; 450 } 451 memcpy(cp, authp->physical->dl->bundle->cfg.auth.name, len); 452 } 453 ChapOutput(authp->physical, CHAP_CHALLENGE, authp->id, chap->challenge.local, 454 1 + *chap->challenge.local + len, NULL); 455 } 456 457 static void 458 chap_Success(struct authinfo *authp) 459 { 460 datalink_GotAuthname(authp->physical->dl, authp->in.name); 461 ChapOutput(authp->physical, CHAP_SUCCESS, authp->id, "Welcome!!", 10, NULL); 462 authp->physical->link.lcp.auth_ineed = 0; 463 if (Enabled(authp->physical->dl->bundle, OPT_UTMP)) 464 physical_Login(authp->physical, authp->in.name); 465 466 if (authp->physical->link.lcp.auth_iwait == 0) 467 /* 468 * Either I didn't need to authenticate, or I've already been 469 * told that I got the answer right. 470 */ 471 datalink_AuthOk(authp->physical->dl); 472 } 473 474 static void 475 chap_Failure(struct authinfo *authp) 476 { 477 ChapOutput(authp->physical, CHAP_FAILURE, authp->id, "Invalid!!", 9, NULL); 478 datalink_AuthNotOk(authp->physical->dl); 479 } 480 481 static int 482 chap_Cmp(u_char type, char *myans, int mylen, char *hisans, int hislen 483 #ifdef HAVE_DES 484 , int lm 485 #endif 486 ) 487 { 488 if (mylen != hislen) 489 return 0; 490 #ifdef HAVE_DES 491 else if (type == 0x80) { 492 int off = lm ? 0 : 24; 493 494 if (memcmp(myans + off, hisans + off, 24)) 495 return 0; 496 } 497 #endif 498 else if (memcmp(myans, hisans, mylen)) 499 return 0; 500 501 return 1; 502 } 503 504 #ifdef HAVE_DES 505 static int 506 chap_HaveAnotherGo(struct chap *chap) 507 { 508 if (++chap->peertries < 3) { 509 /* Give the peer another shot */ 510 *chap->challenge.local = '\0'; 511 chap_Challenge(&chap->auth); 512 return 1; 513 } 514 515 return 0; 516 } 517 #endif 518 519 void 520 chap_Init(struct chap *chap, struct physical *p) 521 { 522 chap->desc.type = CHAP_DESCRIPTOR; 523 chap->desc.UpdateSet = chap_UpdateSet; 524 chap->desc.IsSet = chap_IsSet; 525 chap->desc.Read = chap_Read; 526 chap->desc.Write = chap_Write; 527 chap->child.pid = 0; 528 chap->child.fd = -1; 529 auth_Init(&chap->auth, p, chap_Challenge, chap_Success, chap_Failure); 530 *chap->challenge.local = *chap->challenge.peer = '\0'; 531 #ifdef HAVE_DES 532 chap->NTRespSent = 0; 533 chap->peertries = 0; 534 #endif 535 } 536 537 void 538 chap_ReInit(struct chap *chap) 539 { 540 chap_Cleanup(chap, SIGTERM); 541 } 542 543 struct mbuf * 544 chap_Input(struct bundle *bundle, struct link *l, struct mbuf *bp) 545 { 546 struct physical *p = link2physical(l); 547 struct chap *chap = &p->dl->chap; 548 char *name, *key, *ans; 549 int len, nlen; 550 u_char alen; 551 #ifdef HAVE_DES 552 int lanman; 553 #endif 554 555 if (p == NULL) { 556 log_Printf(LogERROR, "chap_Input: Not a physical link - dropped\n"); 557 m_freem(bp); 558 return NULL; 559 } 560 561 if (bundle_Phase(bundle) != PHASE_NETWORK && 562 bundle_Phase(bundle) != PHASE_AUTHENTICATE) { 563 log_Printf(LogPHASE, "Unexpected chap input - dropped !\n"); 564 m_freem(bp); 565 return NULL; 566 } 567 568 m_settype(bp, MB_CHAPIN); 569 if ((bp = auth_ReadHeader(&chap->auth, bp)) == NULL && 570 ntohs(chap->auth.in.hdr.length) == 0) 571 log_Printf(LogWARN, "Chap Input: Truncated header !\n"); 572 else if (chap->auth.in.hdr.code == 0 || chap->auth.in.hdr.code > MAXCHAPCODE) 573 log_Printf(LogPHASE, "Chap Input: %d: Bad CHAP code !\n", 574 chap->auth.in.hdr.code); 575 else { 576 len = m_length(bp); 577 ans = NULL; 578 579 if (chap->auth.in.hdr.code != CHAP_CHALLENGE && 580 chap->auth.id != chap->auth.in.hdr.id && 581 Enabled(bundle, OPT_IDCHECK)) { 582 /* Wrong conversation dude ! */ 583 log_Printf(LogPHASE, "Chap Input: %s dropped (got id %d, not %d)\n", 584 chapcodes[chap->auth.in.hdr.code], chap->auth.in.hdr.id, 585 chap->auth.id); 586 m_freem(bp); 587 return NULL; 588 } 589 chap->auth.id = chap->auth.in.hdr.id; /* We respond with this id */ 590 591 #ifdef HAVE_DES 592 lanman = 0; 593 #endif 594 switch (chap->auth.in.hdr.code) { 595 case CHAP_CHALLENGE: 596 bp = mbuf_Read(bp, &alen, 1); 597 len -= alen + 1; 598 if (len < 0) { 599 log_Printf(LogERROR, "Chap Input: Truncated challenge !\n"); 600 m_freem(bp); 601 return NULL; 602 } 603 *chap->challenge.peer = alen; 604 bp = mbuf_Read(bp, chap->challenge.peer + 1, alen); 605 bp = auth_ReadName(&chap->auth, bp, len); 606 #ifdef HAVE_DES 607 lanman = p->link.lcp.his_authtype == 0x80 && 608 ((chap->NTRespSent && IsAccepted(p->link.lcp.cfg.chap80lm)) || 609 !IsAccepted(p->link.lcp.cfg.chap80nt)); 610 #endif 611 break; 612 613 case CHAP_RESPONSE: 614 auth_StopTimer(&chap->auth); 615 bp = mbuf_Read(bp, &alen, 1); 616 len -= alen + 1; 617 if (len < 0) { 618 log_Printf(LogERROR, "Chap Input: Truncated response !\n"); 619 m_freem(bp); 620 return NULL; 621 } 622 if ((ans = malloc(alen + 2)) == NULL) { 623 log_Printf(LogERROR, "Chap Input: Out of memory !\n"); 624 m_freem(bp); 625 return NULL; 626 } 627 *ans = chap->auth.id; 628 bp = mbuf_Read(bp, ans + 1, alen); 629 ans[alen+1] = '\0'; 630 bp = auth_ReadName(&chap->auth, bp, len); 631 #ifdef HAVE_DES 632 lanman = alen == 49 && ans[alen] == 0; 633 #endif 634 break; 635 636 case CHAP_SUCCESS: 637 case CHAP_FAILURE: 638 /* chap->auth.in.name is already set up at CHALLENGE time */ 639 if ((ans = malloc(len + 1)) == NULL) { 640 log_Printf(LogERROR, "Chap Input: Out of memory !\n"); 641 m_freem(bp); 642 return NULL; 643 } 644 bp = mbuf_Read(bp, ans, len); 645 ans[len] = '\0'; 646 break; 647 } 648 649 switch (chap->auth.in.hdr.code) { 650 case CHAP_CHALLENGE: 651 case CHAP_RESPONSE: 652 if (*chap->auth.in.name) 653 log_Printf(LogPHASE, "Chap Input: %s (%d bytes from %s%s)\n", 654 chapcodes[chap->auth.in.hdr.code], alen, 655 chap->auth.in.name, 656 #ifdef HAVE_DES 657 lanman && chap->auth.in.hdr.code == CHAP_RESPONSE ? 658 " - lanman" : 659 #endif 660 ""); 661 else 662 log_Printf(LogPHASE, "Chap Input: %s (%d bytes%s)\n", 663 chapcodes[chap->auth.in.hdr.code], alen, 664 #ifdef HAVE_DES 665 lanman && chap->auth.in.hdr.code == CHAP_RESPONSE ? 666 " - lanman" : 667 #endif 668 ""); 669 break; 670 671 case CHAP_SUCCESS: 672 case CHAP_FAILURE: 673 if (*ans) 674 log_Printf(LogPHASE, "Chap Input: %s (%s)\n", 675 chapcodes[chap->auth.in.hdr.code], ans); 676 else 677 log_Printf(LogPHASE, "Chap Input: %s\n", 678 chapcodes[chap->auth.in.hdr.code]); 679 break; 680 } 681 682 switch (chap->auth.in.hdr.code) { 683 case CHAP_CHALLENGE: 684 if (*bundle->cfg.auth.key == '!') 685 chap_StartChild(chap, bundle->cfg.auth.key + 1, 686 bundle->cfg.auth.name); 687 else 688 chap_Respond(chap, bundle->cfg.auth.name, 689 bundle->cfg.auth.key, p->link.lcp.his_authtype 690 #ifdef HAVE_DES 691 , lanman 692 #endif 693 ); 694 break; 695 696 case CHAP_RESPONSE: 697 name = chap->auth.in.name; 698 nlen = strlen(name); 699 #ifndef NORADIUS 700 if (*bundle->radius.cfg.file) { 701 u_char end; 702 703 end = chap->challenge.local[*chap->challenge.local+1]; 704 chap->challenge.local[*chap->challenge.local+1] = '\0'; 705 radius_Authenticate(&bundle->radius, &chap->auth, 706 chap->auth.in.name, ans, 707 chap->challenge.local + 1); 708 chap->challenge.local[*chap->challenge.local+1] = end; 709 } else 710 #endif 711 { 712 key = auth_GetSecret(bundle, name, nlen, p); 713 if (key) { 714 char *myans; 715 #ifdef HAVE_DES 716 if (lanman && !IsEnabled(p->link.lcp.cfg.chap80lm)) { 717 log_Printf(LogPHASE, "Auth failure: LANMan not enabled\n"); 718 if (chap_HaveAnotherGo(chap)) 719 break; 720 key = NULL; 721 } else if (!lanman && !IsEnabled(p->link.lcp.cfg.chap80nt) && 722 p->link.lcp.want_authtype == 0x80) { 723 log_Printf(LogPHASE, "Auth failure: mschap not enabled\n"); 724 if (chap_HaveAnotherGo(chap)) 725 break; 726 key = NULL; 727 } else 728 #endif 729 { 730 myans = chap_BuildAnswer(name, key, chap->auth.id, 731 chap->challenge.local, 732 p->link.lcp.want_authtype 733 #ifdef HAVE_DES 734 , lanman 735 #endif 736 ); 737 if (myans == NULL) 738 key = NULL; 739 else { 740 if (!chap_Cmp(p->link.lcp.want_authtype, myans + 1, *myans, 741 ans + 1, alen 742 #ifdef HAVE_DES 743 , lanman 744 #endif 745 )) 746 key = NULL; 747 free(myans); 748 } 749 } 750 } 751 752 if (key) 753 chap_Success(&chap->auth); 754 else 755 chap_Failure(&chap->auth); 756 } 757 758 break; 759 760 case CHAP_SUCCESS: 761 if (p->link.lcp.auth_iwait == PROTO_CHAP) { 762 p->link.lcp.auth_iwait = 0; 763 if (p->link.lcp.auth_ineed == 0) 764 /* 765 * We've succeeded in our ``login'' 766 * If we're not expecting the peer to authenticate (or he already 767 * has), proceed to network phase. 768 */ 769 datalink_AuthOk(p->dl); 770 } 771 break; 772 773 case CHAP_FAILURE: 774 datalink_AuthNotOk(p->dl); 775 break; 776 } 777 free(ans); 778 } 779 780 m_freem(bp); 781 return NULL; 782 } 783