1 /* 2 * PPP CHAP Module 3 * 4 * Written by Toshiharu OHNO (tony-o@iij.ad.jp) 5 * 6 * Copyright (C) 1993, Internet Initiative Japan, Inc. All rights reserverd. 7 * 8 * Redistribution and use in source and binary forms are permitted 9 * provided that the above copyright notice and this paragraph are 10 * duplicated in all such forms and that any documentation, 11 * advertising materials, and other materials related to such 12 * distribution and use acknowledge that the software was developed 13 * by the Internet Initiative Japan, Inc. The name of the 14 * IIJ may not be used to endorse or promote products derived 15 * from this software without specific prior written permission. 16 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 18 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 19 * 20 * $Id: chap.c,v 1.51 1999/06/02 15:58:55 brian Exp $ 21 * 22 * TODO: 23 */ 24 #include <sys/param.h> 25 #include <netinet/in.h> 26 #include <netinet/in_systm.h> 27 #include <netinet/ip.h> 28 #include <sys/un.h> 29 30 #include <errno.h> 31 #include <fcntl.h> 32 #ifdef HAVE_DES 33 #include <md4.h> 34 #endif 35 #include <md5.h> 36 #include <paths.h> 37 #include <signal.h> 38 #include <stdlib.h> 39 #include <string.h> 40 #include <sys/wait.h> 41 #include <termios.h> 42 #include <unistd.h> 43 44 #include "layer.h" 45 #include "mbuf.h" 46 #include "log.h" 47 #include "defs.h" 48 #include "timer.h" 49 #include "fsm.h" 50 #include "proto.h" 51 #include "lcp.h" 52 #include "lqr.h" 53 #include "hdlc.h" 54 #include "auth.h" 55 #include "async.h" 56 #include "throughput.h" 57 #include "descriptor.h" 58 #include "chap.h" 59 #include "iplist.h" 60 #include "slcompress.h" 61 #include "ipcp.h" 62 #include "filter.h" 63 #include "ccp.h" 64 #include "link.h" 65 #include "physical.h" 66 #include "mp.h" 67 #ifndef NORADIUS 68 #include "radius.h" 69 #endif 70 #include "bundle.h" 71 #include "chat.h" 72 #include "cbcp.h" 73 #include "command.h" 74 #include "datalink.h" 75 #ifdef HAVE_DES 76 #include "chap_ms.h" 77 #endif 78 79 static const char *chapcodes[] = { 80 "???", "CHALLENGE", "RESPONSE", "SUCCESS", "FAILURE" 81 }; 82 #define MAXCHAPCODE (sizeof chapcodes / sizeof chapcodes[0] - 1) 83 84 static void 85 ChapOutput(struct physical *physical, u_int code, u_int id, 86 const u_char *ptr, int count, const char *text) 87 { 88 int plen; 89 struct fsmheader lh; 90 struct mbuf *bp; 91 92 plen = sizeof(struct fsmheader) + count; 93 lh.code = code; 94 lh.id = id; 95 lh.length = htons(plen); 96 bp = mbuf_Alloc(plen, MB_CHAPOUT); 97 memcpy(MBUF_CTOP(bp), &lh, sizeof(struct fsmheader)); 98 if (count) 99 memcpy(MBUF_CTOP(bp) + sizeof(struct fsmheader), ptr, count); 100 log_DumpBp(LogDEBUG, "ChapOutput", bp); 101 if (text == NULL) 102 log_Printf(LogPHASE, "Chap Output: %s\n", chapcodes[code]); 103 else 104 log_Printf(LogPHASE, "Chap Output: %s (%s)\n", chapcodes[code], text); 105 link_PushPacket(&physical->link, bp, physical->dl->bundle, 106 PRI_LINK, PROTO_CHAP); 107 } 108 109 static char * 110 chap_BuildAnswer(char *name, char *key, u_char id, char *challenge, u_char type 111 #ifdef HAVE_DES 112 , int lanman 113 #endif 114 ) 115 { 116 char *result, *digest; 117 size_t nlen, klen; 118 119 nlen = strlen(name); 120 klen = strlen(key); 121 122 #ifdef HAVE_DES 123 if (type == 0x80) { 124 char expkey[AUTHLEN << 2]; 125 MD4_CTX MD4context; 126 int f; 127 128 if ((result = malloc(1 + nlen + MS_CHAP_RESPONSE_LEN)) == NULL) 129 return result; 130 131 digest = result; /* the response */ 132 *digest++ = MS_CHAP_RESPONSE_LEN; /* 49 */ 133 memcpy(digest + MS_CHAP_RESPONSE_LEN, name, nlen); 134 if (lanman) { 135 memset(digest + 24, '\0', 25); 136 mschap_LANMan(digest, challenge + 1, key); /* LANMan response */ 137 } else { 138 memset(digest, '\0', 25); 139 digest += 24; 140 141 for (f = 0; f < klen; f++) { 142 expkey[2*f] = key[f]; 143 expkey[2*f+1] = '\0'; 144 } 145 /* 146 * ----------- 147 * expkey = | k\0e\0y\0 | 148 * ----------- 149 */ 150 MD4Init(&MD4context); 151 MD4Update(&MD4context, expkey, klen << 1); 152 MD4Final(digest, &MD4context); 153 154 /* 155 * ---- -------- ---------------- ------- ------ 156 * result = | 49 | LANMan | 16 byte digest | 9 * ? | name | 157 * ---- -------- ---------------- ------- ------ 158 */ 159 mschap_NT(digest, challenge + 1); 160 } 161 /* 162 * ---- -------- ------------- ----- ------ 163 * | | struct MS_ChapResponse24 | | 164 * result = | 49 | LANMan | NT digest | 0/1 | name | 165 * ---- -------- ------------- ----- ------ 166 * where only one of LANMan & NT digest are set. 167 */ 168 } else 169 #endif 170 if ((result = malloc(nlen + 17)) != NULL) { 171 /* Normal MD5 stuff */ 172 MD5_CTX MD5context; 173 174 digest = result; 175 *digest++ = 16; /* value size */ 176 177 MD5Init(&MD5context); 178 MD5Update(&MD5context, &id, 1); 179 MD5Update(&MD5context, key, klen); 180 MD5Update(&MD5context, challenge + 1, *challenge); 181 MD5Final(digest, &MD5context); 182 183 memcpy(digest + 16, name, nlen); 184 /* 185 * ---- -------- ------ 186 * result = | 16 | digest | name | 187 * ---- -------- ------ 188 */ 189 } 190 191 return result; 192 } 193 194 static void 195 chap_StartChild(struct chap *chap, char *prog, const char *name) 196 { 197 char *argv[MAXARGS], *nargv[MAXARGS]; 198 int argc, fd; 199 int in[2], out[2]; 200 pid_t pid; 201 202 if (chap->child.fd != -1) { 203 log_Printf(LogWARN, "Chap: %s: Program already running\n", prog); 204 return; 205 } 206 207 if (pipe(in) == -1) { 208 log_Printf(LogERROR, "Chap: pipe: %s\n", strerror(errno)); 209 return; 210 } 211 212 if (pipe(out) == -1) { 213 log_Printf(LogERROR, "Chap: pipe: %s\n", strerror(errno)); 214 close(in[0]); 215 close(in[1]); 216 return; 217 } 218 219 pid = getpid(); 220 switch ((chap->child.pid = fork())) { 221 case -1: 222 log_Printf(LogERROR, "Chap: fork: %s\n", strerror(errno)); 223 close(in[0]); 224 close(in[1]); 225 close(out[0]); 226 close(out[1]); 227 chap->child.pid = 0; 228 return; 229 230 case 0: 231 timer_TermService(); 232 close(in[1]); 233 close(out[0]); 234 if (out[1] == STDIN_FILENO) { 235 fd = dup(out[1]); 236 close(out[1]); 237 out[1] = fd; 238 } 239 dup2(in[0], STDIN_FILENO); 240 dup2(out[1], STDOUT_FILENO); 241 if ((fd = open(_PATH_DEVNULL, O_RDWR)) == -1) { 242 log_Printf(LogALERT, "Chap: Failed to open %s: %s\n", 243 _PATH_DEVNULL, strerror(errno)); 244 exit(1); 245 } 246 dup2(fd, STDERR_FILENO); 247 fcntl(3, F_SETFD, 1); /* Set close-on-exec flag */ 248 249 setuid(geteuid()); 250 argc = command_Interpret(prog, strlen(prog), argv); 251 command_Expand(nargv, argc, (char const *const *)argv, 252 chap->auth.physical->dl->bundle, 0, pid); 253 execvp(nargv[0], nargv); 254 255 log_Printf(LogWARN, "exec() of %s failed: %s\n", 256 nargv[0], strerror(errno)); 257 exit(255); 258 259 default: 260 close(in[0]); 261 close(out[1]); 262 chap->child.fd = out[0]; 263 chap->child.buf.len = 0; 264 write(in[1], chap->auth.in.name, strlen(chap->auth.in.name)); 265 write(in[1], "\n", 1); 266 write(in[1], chap->challenge.peer + 1, *chap->challenge.peer); 267 write(in[1], "\n", 1); 268 write(in[1], name, strlen(name)); 269 write(in[1], "\n", 1); 270 close(in[1]); 271 break; 272 } 273 } 274 275 static void 276 chap_Cleanup(struct chap *chap, int sig) 277 { 278 if (chap->child.pid) { 279 int status; 280 281 close(chap->child.fd); 282 chap->child.fd = -1; 283 if (sig) 284 kill(chap->child.pid, SIGTERM); 285 chap->child.pid = 0; 286 chap->child.buf.len = 0; 287 288 if (wait(&status) == -1) 289 log_Printf(LogERROR, "Chap: wait: %s\n", strerror(errno)); 290 else if (WIFSIGNALED(status)) 291 log_Printf(LogWARN, "Chap: Child received signal %d\n", WTERMSIG(status)); 292 else if (WIFEXITED(status) && WEXITSTATUS(status)) 293 log_Printf(LogERROR, "Chap: Child exited %d\n", WEXITSTATUS(status)); 294 } 295 *chap->challenge.local = *chap->challenge.peer = '\0'; 296 #ifdef HAVE_DES 297 chap->peertries = 0; 298 #endif 299 } 300 301 static void 302 chap_Respond(struct chap *chap, char *name, char *key, u_char type 303 #ifdef HAVE_DES 304 , int lm 305 #endif 306 ) 307 { 308 u_char *ans; 309 310 ans = chap_BuildAnswer(name, key, chap->auth.id, chap->challenge.peer, type 311 #ifdef HAVE_DES 312 , lm 313 #endif 314 ); 315 316 if (ans) { 317 ChapOutput(chap->auth.physical, CHAP_RESPONSE, chap->auth.id, 318 ans, *ans + 1 + strlen(name), name); 319 #ifdef HAVE_DES 320 chap->NTRespSent = !lm; 321 #endif 322 free(ans); 323 } else 324 ChapOutput(chap->auth.physical, CHAP_FAILURE, chap->auth.id, 325 "Out of memory!", 14, NULL); 326 } 327 328 static int 329 chap_UpdateSet(struct descriptor *d, fd_set *r, fd_set *w, fd_set *e, int *n) 330 { 331 struct chap *chap = descriptor2chap(d); 332 333 if (r && chap && chap->child.fd != -1) { 334 FD_SET(chap->child.fd, r); 335 if (*n < chap->child.fd + 1) 336 *n = chap->child.fd + 1; 337 log_Printf(LogTIMER, "Chap: fdset(r) %d\n", chap->child.fd); 338 return 1; 339 } 340 341 return 0; 342 } 343 344 static int 345 chap_IsSet(struct descriptor *d, const fd_set *fdset) 346 { 347 struct chap *chap = descriptor2chap(d); 348 349 return chap && chap->child.fd != -1 && FD_ISSET(chap->child.fd, fdset); 350 } 351 352 static void 353 chap_Read(struct descriptor *d, struct bundle *bundle, const fd_set *fdset) 354 { 355 struct chap *chap = descriptor2chap(d); 356 int got; 357 358 got = read(chap->child.fd, chap->child.buf.ptr + chap->child.buf.len, 359 sizeof chap->child.buf.ptr - chap->child.buf.len - 1); 360 if (got == -1) { 361 log_Printf(LogERROR, "Chap: Read: %s\n", strerror(errno)); 362 chap_Cleanup(chap, SIGTERM); 363 } else if (got == 0) { 364 log_Printf(LogWARN, "Chap: Read: Child terminated connection\n"); 365 chap_Cleanup(chap, SIGTERM); 366 } else { 367 char *name, *key, *end; 368 369 chap->child.buf.len += got; 370 chap->child.buf.ptr[chap->child.buf.len] = '\0'; 371 name = chap->child.buf.ptr; 372 name += strspn(name, " \t"); 373 if ((key = strchr(name, '\n')) == NULL) 374 end = NULL; 375 else 376 end = strchr(++key, '\n'); 377 378 if (end == NULL) { 379 if (chap->child.buf.len == sizeof chap->child.buf.ptr - 1) { 380 log_Printf(LogWARN, "Chap: Read: Input buffer overflow\n"); 381 chap_Cleanup(chap, SIGTERM); 382 } 383 } else { 384 #ifdef HAVE_DES 385 int lanman = chap->auth.physical->link.lcp.his_authtype == 0x80 && 386 ((chap->NTRespSent && 387 IsAccepted(chap->auth.physical->link.lcp.cfg.chap80lm)) || 388 !IsAccepted(chap->auth.physical->link.lcp.cfg.chap80nt)); 389 #endif 390 391 while (end >= name && strchr(" \t\r\n", *end)) 392 *end-- = '\0'; 393 end = key - 1; 394 while (end >= name && strchr(" \t\r\n", *end)) 395 *end-- = '\0'; 396 key += strspn(key, " \t"); 397 398 chap_Respond(chap, name, key, chap->auth.physical->link.lcp.his_authtype 399 #ifdef HAVE_DES 400 , lanman 401 #endif 402 ); 403 chap_Cleanup(chap, 0); 404 } 405 } 406 } 407 408 static int 409 chap_Write(struct descriptor *d, struct bundle *bundle, const fd_set *fdset) 410 { 411 /* We never want to write here ! */ 412 log_Printf(LogALERT, "chap_Write: Internal error: Bad call !\n"); 413 return 0; 414 } 415 416 static void 417 chap_Challenge(struct authinfo *authp) 418 { 419 struct chap *chap = auth2chap(authp); 420 int len, i; 421 char *cp; 422 423 len = strlen(authp->physical->dl->bundle->cfg.auth.name); 424 425 if (!*chap->challenge.local) { 426 randinit(); 427 cp = chap->challenge.local; 428 429 #ifndef NORADIUS 430 if (*authp->physical->dl->bundle->radius.cfg.file) { 431 /* For radius, our challenge is 16 readable NUL terminated bytes :*/ 432 *cp++ = 16; 433 for (i = 0; i < 16; i++) 434 *cp++ = (random() % 10) + '0'; 435 } else 436 #endif 437 { 438 #ifdef HAVE_DES 439 if (authp->physical->link.lcp.want_authtype == 0x80) 440 *cp++ = 8; /* MS does 8 byte callenges :-/ */ 441 else 442 #endif 443 *cp++ = random() % (CHAPCHALLENGELEN-16) + 16; 444 for (i = 0; i < *chap->challenge.local; i++) 445 *cp++ = random() & 0xff; 446 } 447 memcpy(cp, authp->physical->dl->bundle->cfg.auth.name, len); 448 } 449 ChapOutput(authp->physical, CHAP_CHALLENGE, authp->id, chap->challenge.local, 450 1 + *chap->challenge.local + len, NULL); 451 } 452 453 static void 454 chap_Success(struct authinfo *authp) 455 { 456 datalink_GotAuthname(authp->physical->dl, authp->in.name); 457 ChapOutput(authp->physical, CHAP_SUCCESS, authp->id, "Welcome!!", 10, NULL); 458 authp->physical->link.lcp.auth_ineed = 0; 459 if (Enabled(authp->physical->dl->bundle, OPT_UTMP)) 460 physical_Login(authp->physical, authp->in.name); 461 462 if (authp->physical->link.lcp.auth_iwait == 0) 463 /* 464 * Either I didn't need to authenticate, or I've already been 465 * told that I got the answer right. 466 */ 467 datalink_AuthOk(authp->physical->dl); 468 } 469 470 static void 471 chap_Failure(struct authinfo *authp) 472 { 473 ChapOutput(authp->physical, CHAP_FAILURE, authp->id, "Invalid!!", 9, NULL); 474 datalink_AuthNotOk(authp->physical->dl); 475 } 476 477 static int 478 chap_Cmp(u_char type, char *myans, int mylen, char *hisans, int hislen 479 #ifdef HAVE_DES 480 , int lm 481 #endif 482 ) 483 { 484 if (mylen != hislen) 485 return 0; 486 #ifdef HAVE_DES 487 else if (type == 0x80) { 488 int off = lm ? 0 : 24; 489 490 if (memcmp(myans + off, hisans + off, 24)) 491 return 0; 492 } 493 #endif 494 else if (memcmp(myans, hisans, mylen)) 495 return 0; 496 497 return 1; 498 } 499 500 #ifdef HAVE_DES 501 static int 502 chap_HaveAnotherGo(struct chap *chap) 503 { 504 if (++chap->peertries < 3) { 505 /* Give the peer another shot */ 506 *chap->challenge.local = '\0'; 507 chap_Challenge(&chap->auth); 508 return 1; 509 } 510 511 return 0; 512 } 513 #endif 514 515 void 516 chap_Init(struct chap *chap, struct physical *p) 517 { 518 chap->desc.type = CHAP_DESCRIPTOR; 519 chap->desc.UpdateSet = chap_UpdateSet; 520 chap->desc.IsSet = chap_IsSet; 521 chap->desc.Read = chap_Read; 522 chap->desc.Write = chap_Write; 523 chap->child.pid = 0; 524 chap->child.fd = -1; 525 auth_Init(&chap->auth, p, chap_Challenge, chap_Success, chap_Failure); 526 *chap->challenge.local = *chap->challenge.peer = '\0'; 527 #ifdef HAVE_DES 528 chap->NTRespSent = 0; 529 chap->peertries = 0; 530 #endif 531 } 532 533 void 534 chap_ReInit(struct chap *chap) 535 { 536 chap_Cleanup(chap, SIGTERM); 537 } 538 539 struct mbuf * 540 chap_Input(struct bundle *bundle, struct link *l, struct mbuf *bp) 541 { 542 struct physical *p = link2physical(l); 543 struct chap *chap = &p->dl->chap; 544 char *name, *key, *ans; 545 int len, nlen; 546 u_char alen, end; 547 #ifdef HAVE_DES 548 int lanman; 549 #endif 550 551 if (p == NULL) { 552 log_Printf(LogERROR, "chap_Input: Not a physical link - dropped\n"); 553 mbuf_Free(bp); 554 return NULL; 555 } 556 557 if (bundle_Phase(bundle) != PHASE_NETWORK && 558 bundle_Phase(bundle) != PHASE_AUTHENTICATE) { 559 log_Printf(LogPHASE, "Unexpected chap input - dropped !\n"); 560 mbuf_Free(bp); 561 return NULL; 562 } 563 564 mbuf_SetType(bp, MB_CHAPIN); 565 if ((bp = auth_ReadHeader(&chap->auth, bp)) == NULL && 566 ntohs(chap->auth.in.hdr.length) == 0) 567 log_Printf(LogWARN, "Chap Input: Truncated header !\n"); 568 else if (chap->auth.in.hdr.code == 0 || chap->auth.in.hdr.code > MAXCHAPCODE) 569 log_Printf(LogPHASE, "Chap Input: %d: Bad CHAP code !\n", 570 chap->auth.in.hdr.code); 571 else { 572 len = mbuf_Length(bp); 573 ans = NULL; 574 575 if (chap->auth.in.hdr.code != CHAP_CHALLENGE && 576 chap->auth.id != chap->auth.in.hdr.id && 577 Enabled(bundle, OPT_IDCHECK)) { 578 /* Wrong conversation dude ! */ 579 log_Printf(LogPHASE, "Chap Input: %s dropped (got id %d, not %d)\n", 580 chapcodes[chap->auth.in.hdr.code], chap->auth.in.hdr.id, 581 chap->auth.id); 582 mbuf_Free(bp); 583 return NULL; 584 } 585 chap->auth.id = chap->auth.in.hdr.id; /* We respond with this id */ 586 587 #ifdef HAVE_DES 588 lanman = 0; 589 #endif 590 switch (chap->auth.in.hdr.code) { 591 case CHAP_CHALLENGE: 592 bp = mbuf_Read(bp, &alen, 1); 593 len -= alen + 1; 594 if (len < 0) { 595 log_Printf(LogERROR, "Chap Input: Truncated challenge !\n"); 596 mbuf_Free(bp); 597 return NULL; 598 } 599 *chap->challenge.peer = alen; 600 bp = mbuf_Read(bp, chap->challenge.peer + 1, alen); 601 bp = auth_ReadName(&chap->auth, bp, len); 602 #ifdef HAVE_DES 603 lanman = p->link.lcp.his_authtype == 0x80 && 604 ((chap->NTRespSent && IsAccepted(p->link.lcp.cfg.chap80lm)) || 605 !IsAccepted(p->link.lcp.cfg.chap80nt)); 606 #endif 607 break; 608 609 case CHAP_RESPONSE: 610 auth_StopTimer(&chap->auth); 611 bp = mbuf_Read(bp, &alen, 1); 612 len -= alen + 1; 613 if (len < 0) { 614 log_Printf(LogERROR, "Chap Input: Truncated response !\n"); 615 mbuf_Free(bp); 616 return NULL; 617 } 618 if ((ans = malloc(alen + 2)) == NULL) { 619 log_Printf(LogERROR, "Chap Input: Out of memory !\n"); 620 mbuf_Free(bp); 621 return NULL; 622 } 623 *ans = chap->auth.id; 624 bp = mbuf_Read(bp, ans + 1, alen); 625 ans[alen+1] = '\0'; 626 bp = auth_ReadName(&chap->auth, bp, len); 627 #ifdef HAVE_DES 628 lanman = alen == 49 && ans[alen] == 0; 629 #endif 630 break; 631 632 case CHAP_SUCCESS: 633 case CHAP_FAILURE: 634 /* chap->auth.in.name is already set up at CHALLENGE time */ 635 if ((ans = malloc(len + 1)) == NULL) { 636 log_Printf(LogERROR, "Chap Input: Out of memory !\n"); 637 mbuf_Free(bp); 638 return NULL; 639 } 640 bp = mbuf_Read(bp, ans, len); 641 ans[len] = '\0'; 642 break; 643 } 644 645 switch (chap->auth.in.hdr.code) { 646 case CHAP_CHALLENGE: 647 case CHAP_RESPONSE: 648 if (*chap->auth.in.name) 649 log_Printf(LogPHASE, "Chap Input: %s (%d bytes from %s%s)\n", 650 chapcodes[chap->auth.in.hdr.code], alen, 651 chap->auth.in.name, 652 #ifdef HAVE_DES 653 lanman && chap->auth.in.hdr.code == CHAP_RESPONSE ? 654 " - lanman" : 655 #endif 656 ""); 657 else 658 log_Printf(LogPHASE, "Chap Input: %s (%d bytes%s)\n", 659 chapcodes[chap->auth.in.hdr.code], alen, 660 #ifdef HAVE_DES 661 lanman && chap->auth.in.hdr.code == CHAP_RESPONSE ? 662 " - lanman" : 663 #endif 664 ""); 665 break; 666 667 case CHAP_SUCCESS: 668 case CHAP_FAILURE: 669 if (*ans) 670 log_Printf(LogPHASE, "Chap Input: %s (%s)\n", 671 chapcodes[chap->auth.in.hdr.code], ans); 672 else 673 log_Printf(LogPHASE, "Chap Input: %s\n", 674 chapcodes[chap->auth.in.hdr.code]); 675 break; 676 } 677 678 switch (chap->auth.in.hdr.code) { 679 case CHAP_CHALLENGE: 680 if (*bundle->cfg.auth.key == '!') 681 chap_StartChild(chap, bundle->cfg.auth.key + 1, 682 bundle->cfg.auth.name); 683 else 684 chap_Respond(chap, bundle->cfg.auth.name, 685 bundle->cfg.auth.key, p->link.lcp.his_authtype 686 #ifdef HAVE_DES 687 , lanman 688 #endif 689 ); 690 break; 691 692 case CHAP_RESPONSE: 693 name = chap->auth.in.name; 694 nlen = strlen(name); 695 #ifndef NORADIUS 696 if (*bundle->radius.cfg.file) { 697 end = chap->challenge.local[*chap->challenge.local+1]; 698 chap->challenge.local[*chap->challenge.local+1] = '\0'; 699 radius_Authenticate(&bundle->radius, &chap->auth, 700 chap->auth.in.name, ans, 701 chap->challenge.local + 1); 702 chap->challenge.local[*chap->challenge.local+1] = end; 703 } else 704 #endif 705 { 706 key = auth_GetSecret(bundle, name, nlen, p); 707 if (key) { 708 char *myans; 709 #ifdef HAVE_DES 710 if (lanman && !IsEnabled(p->link.lcp.cfg.chap80lm)) { 711 log_Printf(LogPHASE, "Auth failure: LANMan not enabled\n"); 712 if (chap_HaveAnotherGo(chap)) 713 break; 714 key = NULL; 715 } else if (!lanman && !IsEnabled(p->link.lcp.cfg.chap80nt) && 716 p->link.lcp.want_authtype == 0x80) { 717 log_Printf(LogPHASE, "Auth failure: mschap not enabled\n"); 718 if (chap_HaveAnotherGo(chap)) 719 break; 720 key = NULL; 721 } else 722 #endif 723 { 724 myans = chap_BuildAnswer(name, key, chap->auth.id, 725 chap->challenge.local, 726 p->link.lcp.want_authtype 727 #ifdef HAVE_DES 728 , lanman 729 #endif 730 ); 731 if (myans == NULL) 732 key = NULL; 733 else { 734 if (!chap_Cmp(p->link.lcp.want_authtype, myans + 1, *myans, 735 ans + 1, alen 736 #ifdef HAVE_DES 737 , lanman 738 #endif 739 )) 740 key = NULL; 741 free(myans); 742 } 743 } 744 } 745 746 if (key) 747 chap_Success(&chap->auth); 748 else 749 chap_Failure(&chap->auth); 750 } 751 752 break; 753 754 case CHAP_SUCCESS: 755 if (p->link.lcp.auth_iwait == PROTO_CHAP) { 756 p->link.lcp.auth_iwait = 0; 757 if (p->link.lcp.auth_ineed == 0) 758 /* 759 * We've succeeded in our ``login'' 760 * If we're not expecting the peer to authenticate (or he already 761 * has), proceed to network phase. 762 */ 763 datalink_AuthOk(p->dl); 764 } 765 break; 766 767 case CHAP_FAILURE: 768 datalink_AuthNotOk(p->dl); 769 break; 770 } 771 free(ans); 772 } 773 774 mbuf_Free(bp); 775 return NULL; 776 } 777