xref: /freebsd/usr.sbin/ppp/chap.c (revision 7f3dea244c40159a41ab22da77a434d7c5b5e85a)
1 /*
2  *			PPP CHAP Module
3  *
4  *	    Written by Toshiharu OHNO (tony-o@iij.ad.jp)
5  *
6  *   Copyright (C) 1993, Internet Initiative Japan, Inc. All rights reserverd.
7  *
8  * Redistribution and use in source and binary forms are permitted
9  * provided that the above copyright notice and this paragraph are
10  * duplicated in all such forms and that any documentation,
11  * advertising materials, and other materials related to such
12  * distribution and use acknowledge that the software was developed
13  * by the Internet Initiative Japan, Inc.  The name of the
14  * IIJ may not be used to endorse or promote products derived
15  * from this software without specific prior written permission.
16  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
17  * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
18  * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
19  *
20  * $Id: chap.c,v 1.53 1999/07/15 02:02:51 brian Exp $
21  *
22  *	TODO:
23  */
24 #include <sys/param.h>
25 #include <netinet/in.h>
26 #include <netinet/in_systm.h>
27 #include <netinet/ip.h>
28 #include <sys/un.h>
29 
30 #include <errno.h>
31 #include <fcntl.h>
32 #ifdef HAVE_DES
33 #include <md4.h>
34 #endif
35 #include <md5.h>
36 #include <paths.h>
37 #include <signal.h>
38 #include <stdio.h>
39 #include <stdlib.h>
40 #include <string.h>
41 #include <sys/wait.h>
42 #include <termios.h>
43 #include <unistd.h>
44 
45 #include "layer.h"
46 #include "mbuf.h"
47 #include "log.h"
48 #include "defs.h"
49 #include "timer.h"
50 #include "fsm.h"
51 #include "proto.h"
52 #include "lcp.h"
53 #include "lqr.h"
54 #include "hdlc.h"
55 #include "auth.h"
56 #include "async.h"
57 #include "throughput.h"
58 #include "descriptor.h"
59 #include "chap.h"
60 #include "iplist.h"
61 #include "slcompress.h"
62 #include "ipcp.h"
63 #include "filter.h"
64 #include "ccp.h"
65 #include "link.h"
66 #include "physical.h"
67 #include "mp.h"
68 #ifndef NORADIUS
69 #include "radius.h"
70 #endif
71 #include "bundle.h"
72 #include "chat.h"
73 #include "cbcp.h"
74 #include "command.h"
75 #include "datalink.h"
76 #ifdef HAVE_DES
77 #include "chap_ms.h"
78 #endif
79 
80 static const char *chapcodes[] = {
81   "???", "CHALLENGE", "RESPONSE", "SUCCESS", "FAILURE"
82 };
83 #define MAXCHAPCODE (sizeof chapcodes / sizeof chapcodes[0] - 1)
84 
85 static void
86 ChapOutput(struct physical *physical, u_int code, u_int id,
87 	   const u_char *ptr, int count, const char *text)
88 {
89   int plen;
90   struct fsmheader lh;
91   struct mbuf *bp;
92 
93   plen = sizeof(struct fsmheader) + count;
94   lh.code = code;
95   lh.id = id;
96   lh.length = htons(plen);
97   bp = mbuf_Alloc(plen, MB_CHAPOUT);
98   memcpy(MBUF_CTOP(bp), &lh, sizeof(struct fsmheader));
99   if (count)
100     memcpy(MBUF_CTOP(bp) + sizeof(struct fsmheader), ptr, count);
101   log_DumpBp(LogDEBUG, "ChapOutput", bp);
102   if (text == NULL)
103     log_Printf(LogPHASE, "Chap Output: %s\n", chapcodes[code]);
104   else
105     log_Printf(LogPHASE, "Chap Output: %s (%s)\n", chapcodes[code], text);
106   link_PushPacket(&physical->link, bp, physical->dl->bundle,
107                   PRI_LINK, PROTO_CHAP);
108 }
109 
110 static char *
111 chap_BuildAnswer(char *name, char *key, u_char id, char *challenge, u_char type
112 #ifdef HAVE_DES
113                  , int lanman
114 #endif
115                 )
116 {
117   char *result, *digest;
118   size_t nlen, klen;
119 
120   nlen = strlen(name);
121   klen = strlen(key);
122 
123 #ifdef HAVE_DES
124   if (type == 0x80) {
125     char expkey[AUTHLEN << 2];
126     MD4_CTX MD4context;
127     int f;
128 
129     if ((result = malloc(1 + nlen + MS_CHAP_RESPONSE_LEN)) == NULL)
130       return result;
131 
132     digest = result;					/* the response */
133     *digest++ = MS_CHAP_RESPONSE_LEN;			/* 49 */
134     memcpy(digest + MS_CHAP_RESPONSE_LEN, name, nlen);
135     if (lanman) {
136       memset(digest + 24, '\0', 25);
137       mschap_LANMan(digest, challenge + 1, key);	/* LANMan response */
138     } else {
139       memset(digest, '\0', 25);
140       digest += 24;
141 
142       for (f = 0; f < klen; f++) {
143         expkey[2*f] = key[f];
144         expkey[2*f+1] = '\0';
145       }
146       /*
147        *           -----------
148        * expkey = | k\0e\0y\0 |
149        *           -----------
150        */
151       MD4Init(&MD4context);
152       MD4Update(&MD4context, expkey, klen << 1);
153       MD4Final(digest, &MD4context);
154 
155       /*
156        *           ---- -------- ---------------- ------- ------
157        * result = | 49 | LANMan | 16 byte digest | 9 * ? | name |
158        *           ---- -------- ---------------- ------- ------
159        */
160       mschap_NT(digest, challenge + 1);
161     }
162     /*
163      *           ---- -------- ------------- ----- ------
164      *          |    |  struct MS_ChapResponse24  |      |
165      * result = | 49 | LANMan  |  NT digest | 0/1 | name |
166      *           ---- -------- ------------- ----- ------
167      * where only one of LANMan & NT digest are set.
168      */
169   } else
170 #endif
171   if ((result = malloc(nlen + 17)) != NULL) {
172     /* Normal MD5 stuff */
173     MD5_CTX MD5context;
174 
175     digest = result;
176     *digest++ = 16;				/* value size */
177 
178     MD5Init(&MD5context);
179     MD5Update(&MD5context, &id, 1);
180     MD5Update(&MD5context, key, klen);
181     MD5Update(&MD5context, challenge + 1, *challenge);
182     MD5Final(digest, &MD5context);
183 
184     memcpy(digest + 16, name, nlen);
185     /*
186      *           ---- -------- ------
187      * result = | 16 | digest | name |
188      *           ---- -------- ------
189      */
190   }
191 
192   return result;
193 }
194 
195 static void
196 chap_StartChild(struct chap *chap, char *prog, const char *name)
197 {
198   char *argv[MAXARGS], *nargv[MAXARGS];
199   int argc, fd;
200   int in[2], out[2];
201   pid_t pid;
202 
203   if (chap->child.fd != -1) {
204     log_Printf(LogWARN, "Chap: %s: Program already running\n", prog);
205     return;
206   }
207 
208   if (pipe(in) == -1) {
209     log_Printf(LogERROR, "Chap: pipe: %s\n", strerror(errno));
210     return;
211   }
212 
213   if (pipe(out) == -1) {
214     log_Printf(LogERROR, "Chap: pipe: %s\n", strerror(errno));
215     close(in[0]);
216     close(in[1]);
217     return;
218   }
219 
220   pid = getpid();
221   switch ((chap->child.pid = fork())) {
222     case -1:
223       log_Printf(LogERROR, "Chap: fork: %s\n", strerror(errno));
224       close(in[0]);
225       close(in[1]);
226       close(out[0]);
227       close(out[1]);
228       chap->child.pid = 0;
229       return;
230 
231     case 0:
232       timer_TermService();
233       close(in[1]);
234       close(out[0]);
235       if (out[1] == STDIN_FILENO)
236         out[1] = dup(out[1]);
237       dup2(in[0], STDIN_FILENO);
238       dup2(out[1], STDOUT_FILENO);
239       close(STDERR_FILENO);
240       if (open(_PATH_DEVNULL, O_RDWR) != STDERR_FILENO) {
241         log_Printf(LogALERT, "Chap: Failed to open %s: %s\n",
242                   _PATH_DEVNULL, strerror(errno));
243         exit(1);
244       }
245       for (fd = getdtablesize(); fd > STDERR_FILENO; fd--)
246         fcntl(fd, F_SETFD, 1);
247       setuid(geteuid());
248       argc = command_Interpret(prog, strlen(prog), argv);
249       command_Expand(nargv, argc, (char const *const *)argv,
250                      chap->auth.physical->dl->bundle, 0, pid);
251       execvp(nargv[0], nargv);
252       printf("exec() of %s failed: %s\n", nargv[0], strerror(errno));
253       _exit(255);
254 
255     default:
256       close(in[0]);
257       close(out[1]);
258       chap->child.fd = out[0];
259       chap->child.buf.len = 0;
260       write(in[1], chap->auth.in.name, strlen(chap->auth.in.name));
261       write(in[1], "\n", 1);
262       write(in[1], chap->challenge.peer + 1, *chap->challenge.peer);
263       write(in[1], "\n", 1);
264       write(in[1], name, strlen(name));
265       write(in[1], "\n", 1);
266       close(in[1]);
267       break;
268   }
269 }
270 
271 static void
272 chap_Cleanup(struct chap *chap, int sig)
273 {
274   if (chap->child.pid) {
275     int status;
276 
277     close(chap->child.fd);
278     chap->child.fd = -1;
279     if (sig)
280       kill(chap->child.pid, SIGTERM);
281     chap->child.pid = 0;
282     chap->child.buf.len = 0;
283 
284     if (wait(&status) == -1)
285       log_Printf(LogERROR, "Chap: wait: %s\n", strerror(errno));
286     else if (WIFSIGNALED(status))
287       log_Printf(LogWARN, "Chap: Child received signal %d\n", WTERMSIG(status));
288     else if (WIFEXITED(status) && WEXITSTATUS(status))
289       log_Printf(LogERROR, "Chap: Child exited %d\n", WEXITSTATUS(status));
290   }
291   *chap->challenge.local = *chap->challenge.peer = '\0';
292 #ifdef HAVE_DES
293   chap->peertries = 0;
294 #endif
295 }
296 
297 static void
298 chap_Respond(struct chap *chap, char *name, char *key, u_char type
299 #ifdef HAVE_DES
300              , int lm
301 #endif
302             )
303 {
304   u_char *ans;
305 
306   ans = chap_BuildAnswer(name, key, chap->auth.id, chap->challenge.peer, type
307 #ifdef HAVE_DES
308                          , lm
309 #endif
310                         );
311 
312   if (ans) {
313     ChapOutput(chap->auth.physical, CHAP_RESPONSE, chap->auth.id,
314                ans, *ans + 1 + strlen(name), name);
315 #ifdef HAVE_DES
316     chap->NTRespSent = !lm;
317 #endif
318     free(ans);
319   } else
320     ChapOutput(chap->auth.physical, CHAP_FAILURE, chap->auth.id,
321                "Out of memory!", 14, NULL);
322 }
323 
324 static int
325 chap_UpdateSet(struct descriptor *d, fd_set *r, fd_set *w, fd_set *e, int *n)
326 {
327   struct chap *chap = descriptor2chap(d);
328 
329   if (r && chap && chap->child.fd != -1) {
330     FD_SET(chap->child.fd, r);
331     if (*n < chap->child.fd + 1)
332       *n = chap->child.fd + 1;
333     log_Printf(LogTIMER, "Chap: fdset(r) %d\n", chap->child.fd);
334     return 1;
335   }
336 
337   return 0;
338 }
339 
340 static int
341 chap_IsSet(struct descriptor *d, const fd_set *fdset)
342 {
343   struct chap *chap = descriptor2chap(d);
344 
345   return chap && chap->child.fd != -1 && FD_ISSET(chap->child.fd, fdset);
346 }
347 
348 static void
349 chap_Read(struct descriptor *d, struct bundle *bundle, const fd_set *fdset)
350 {
351   struct chap *chap = descriptor2chap(d);
352   int got;
353 
354   got = read(chap->child.fd, chap->child.buf.ptr + chap->child.buf.len,
355              sizeof chap->child.buf.ptr - chap->child.buf.len - 1);
356   if (got == -1) {
357     log_Printf(LogERROR, "Chap: Read: %s\n", strerror(errno));
358     chap_Cleanup(chap, SIGTERM);
359   } else if (got == 0) {
360     log_Printf(LogWARN, "Chap: Read: Child terminated connection\n");
361     chap_Cleanup(chap, SIGTERM);
362   } else {
363     char *name, *key, *end;
364 
365     chap->child.buf.len += got;
366     chap->child.buf.ptr[chap->child.buf.len] = '\0';
367     name = chap->child.buf.ptr;
368     name += strspn(name, " \t");
369     if ((key = strchr(name, '\n')) == NULL)
370       end = NULL;
371     else
372       end = strchr(++key, '\n');
373 
374     if (end == NULL) {
375       if (chap->child.buf.len == sizeof chap->child.buf.ptr - 1) {
376         log_Printf(LogWARN, "Chap: Read: Input buffer overflow\n");
377         chap_Cleanup(chap, SIGTERM);
378       }
379     } else {
380 #ifdef HAVE_DES
381       int lanman = chap->auth.physical->link.lcp.his_authtype == 0x80 &&
382                    ((chap->NTRespSent &&
383                      IsAccepted(chap->auth.physical->link.lcp.cfg.chap80lm)) ||
384                     !IsAccepted(chap->auth.physical->link.lcp.cfg.chap80nt));
385 #endif
386 
387       while (end >= name && strchr(" \t\r\n", *end))
388         *end-- = '\0';
389       end = key - 1;
390       while (end >= name && strchr(" \t\r\n", *end))
391         *end-- = '\0';
392       key += strspn(key, " \t");
393 
394       chap_Respond(chap, name, key, chap->auth.physical->link.lcp.his_authtype
395 #ifdef HAVE_DES
396                    , lanman
397 #endif
398                   );
399       chap_Cleanup(chap, 0);
400     }
401   }
402 }
403 
404 static int
405 chap_Write(struct descriptor *d, struct bundle *bundle, const fd_set *fdset)
406 {
407   /* We never want to write here ! */
408   log_Printf(LogALERT, "chap_Write: Internal error: Bad call !\n");
409   return 0;
410 }
411 
412 static void
413 chap_Challenge(struct authinfo *authp)
414 {
415   struct chap *chap = auth2chap(authp);
416   int len, i;
417   char *cp;
418 
419   len = strlen(authp->physical->dl->bundle->cfg.auth.name);
420 
421   if (!*chap->challenge.local) {
422     randinit();
423     cp = chap->challenge.local;
424 
425 #ifndef NORADIUS
426     if (*authp->physical->dl->bundle->radius.cfg.file) {
427       /* For radius, our challenge is 16 readable NUL terminated bytes :*/
428       *cp++ = 16;
429       for (i = 0; i < 16; i++)
430         *cp++ = (random() % 10) + '0';
431     } else
432 #endif
433     {
434 #ifdef HAVE_DES
435       if (authp->physical->link.lcp.want_authtype == 0x80)
436         *cp++ = 8;	/* MS does 8 byte callenges :-/ */
437       else
438 #endif
439         *cp++ = random() % (CHAPCHALLENGELEN-16) + 16;
440       for (i = 0; i < *chap->challenge.local; i++)
441         *cp++ = random() & 0xff;
442     }
443     memcpy(cp, authp->physical->dl->bundle->cfg.auth.name, len);
444   }
445   ChapOutput(authp->physical, CHAP_CHALLENGE, authp->id, chap->challenge.local,
446 	     1 + *chap->challenge.local + len, NULL);
447 }
448 
449 static void
450 chap_Success(struct authinfo *authp)
451 {
452   datalink_GotAuthname(authp->physical->dl, authp->in.name);
453   ChapOutput(authp->physical, CHAP_SUCCESS, authp->id, "Welcome!!", 10, NULL);
454   authp->physical->link.lcp.auth_ineed = 0;
455   if (Enabled(authp->physical->dl->bundle, OPT_UTMP))
456     physical_Login(authp->physical, authp->in.name);
457 
458   if (authp->physical->link.lcp.auth_iwait == 0)
459     /*
460      * Either I didn't need to authenticate, or I've already been
461      * told that I got the answer right.
462      */
463     datalink_AuthOk(authp->physical->dl);
464 }
465 
466 static void
467 chap_Failure(struct authinfo *authp)
468 {
469   ChapOutput(authp->physical, CHAP_FAILURE, authp->id, "Invalid!!", 9, NULL);
470   datalink_AuthNotOk(authp->physical->dl);
471 }
472 
473 static int
474 chap_Cmp(u_char type, char *myans, int mylen, char *hisans, int hislen
475 #ifdef HAVE_DES
476          , int lm
477 #endif
478         )
479 {
480   if (mylen != hislen)
481     return 0;
482 #ifdef HAVE_DES
483   else if (type == 0x80) {
484     int off = lm ? 0 : 24;
485 
486     if (memcmp(myans + off, hisans + off, 24))
487       return 0;
488   }
489 #endif
490   else if (memcmp(myans, hisans, mylen))
491     return 0;
492 
493   return 1;
494 }
495 
496 #ifdef HAVE_DES
497 static int
498 chap_HaveAnotherGo(struct chap *chap)
499 {
500   if (++chap->peertries < 3) {
501     /* Give the peer another shot */
502     *chap->challenge.local = '\0';
503     chap_Challenge(&chap->auth);
504     return 1;
505   }
506 
507   return 0;
508 }
509 #endif
510 
511 void
512 chap_Init(struct chap *chap, struct physical *p)
513 {
514   chap->desc.type = CHAP_DESCRIPTOR;
515   chap->desc.UpdateSet = chap_UpdateSet;
516   chap->desc.IsSet = chap_IsSet;
517   chap->desc.Read = chap_Read;
518   chap->desc.Write = chap_Write;
519   chap->child.pid = 0;
520   chap->child.fd = -1;
521   auth_Init(&chap->auth, p, chap_Challenge, chap_Success, chap_Failure);
522   *chap->challenge.local = *chap->challenge.peer = '\0';
523 #ifdef HAVE_DES
524   chap->NTRespSent = 0;
525   chap->peertries = 0;
526 #endif
527 }
528 
529 void
530 chap_ReInit(struct chap *chap)
531 {
532   chap_Cleanup(chap, SIGTERM);
533 }
534 
535 struct mbuf *
536 chap_Input(struct bundle *bundle, struct link *l, struct mbuf *bp)
537 {
538   struct physical *p = link2physical(l);
539   struct chap *chap = &p->dl->chap;
540   char *name, *key, *ans;
541   int len, nlen;
542   u_char alen;
543 #ifdef HAVE_DES
544   int lanman;
545 #endif
546 
547   if (p == NULL) {
548     log_Printf(LogERROR, "chap_Input: Not a physical link - dropped\n");
549     mbuf_Free(bp);
550     return NULL;
551   }
552 
553   if (bundle_Phase(bundle) != PHASE_NETWORK &&
554       bundle_Phase(bundle) != PHASE_AUTHENTICATE) {
555     log_Printf(LogPHASE, "Unexpected chap input - dropped !\n");
556     mbuf_Free(bp);
557     return NULL;
558   }
559 
560   mbuf_SetType(bp, MB_CHAPIN);
561   if ((bp = auth_ReadHeader(&chap->auth, bp)) == NULL &&
562       ntohs(chap->auth.in.hdr.length) == 0)
563     log_Printf(LogWARN, "Chap Input: Truncated header !\n");
564   else if (chap->auth.in.hdr.code == 0 || chap->auth.in.hdr.code > MAXCHAPCODE)
565     log_Printf(LogPHASE, "Chap Input: %d: Bad CHAP code !\n",
566                chap->auth.in.hdr.code);
567   else {
568     len = mbuf_Length(bp);
569     ans = NULL;
570 
571     if (chap->auth.in.hdr.code != CHAP_CHALLENGE &&
572         chap->auth.id != chap->auth.in.hdr.id &&
573         Enabled(bundle, OPT_IDCHECK)) {
574       /* Wrong conversation dude ! */
575       log_Printf(LogPHASE, "Chap Input: %s dropped (got id %d, not %d)\n",
576                  chapcodes[chap->auth.in.hdr.code], chap->auth.in.hdr.id,
577                  chap->auth.id);
578       mbuf_Free(bp);
579       return NULL;
580     }
581     chap->auth.id = chap->auth.in.hdr.id;	/* We respond with this id */
582 
583 #ifdef HAVE_DES
584     lanman = 0;
585 #endif
586     switch (chap->auth.in.hdr.code) {
587       case CHAP_CHALLENGE:
588         bp = mbuf_Read(bp, &alen, 1);
589         len -= alen + 1;
590         if (len < 0) {
591           log_Printf(LogERROR, "Chap Input: Truncated challenge !\n");
592           mbuf_Free(bp);
593           return NULL;
594         }
595         *chap->challenge.peer = alen;
596         bp = mbuf_Read(bp, chap->challenge.peer + 1, alen);
597         bp = auth_ReadName(&chap->auth, bp, len);
598 #ifdef HAVE_DES
599         lanman = p->link.lcp.his_authtype == 0x80 &&
600                  ((chap->NTRespSent && IsAccepted(p->link.lcp.cfg.chap80lm)) ||
601                   !IsAccepted(p->link.lcp.cfg.chap80nt));
602 #endif
603         break;
604 
605       case CHAP_RESPONSE:
606         auth_StopTimer(&chap->auth);
607         bp = mbuf_Read(bp, &alen, 1);
608         len -= alen + 1;
609         if (len < 0) {
610           log_Printf(LogERROR, "Chap Input: Truncated response !\n");
611           mbuf_Free(bp);
612           return NULL;
613         }
614         if ((ans = malloc(alen + 2)) == NULL) {
615           log_Printf(LogERROR, "Chap Input: Out of memory !\n");
616           mbuf_Free(bp);
617           return NULL;
618         }
619         *ans = chap->auth.id;
620         bp = mbuf_Read(bp, ans + 1, alen);
621         ans[alen+1] = '\0';
622         bp = auth_ReadName(&chap->auth, bp, len);
623 #ifdef HAVE_DES
624         lanman = alen == 49 && ans[alen] == 0;
625 #endif
626         break;
627 
628       case CHAP_SUCCESS:
629       case CHAP_FAILURE:
630         /* chap->auth.in.name is already set up at CHALLENGE time */
631         if ((ans = malloc(len + 1)) == NULL) {
632           log_Printf(LogERROR, "Chap Input: Out of memory !\n");
633           mbuf_Free(bp);
634           return NULL;
635         }
636         bp = mbuf_Read(bp, ans, len);
637         ans[len] = '\0';
638         break;
639     }
640 
641     switch (chap->auth.in.hdr.code) {
642       case CHAP_CHALLENGE:
643       case CHAP_RESPONSE:
644         if (*chap->auth.in.name)
645           log_Printf(LogPHASE, "Chap Input: %s (%d bytes from %s%s)\n",
646                      chapcodes[chap->auth.in.hdr.code], alen,
647                      chap->auth.in.name,
648 #ifdef HAVE_DES
649                      lanman && chap->auth.in.hdr.code == CHAP_RESPONSE ?
650                      " - lanman" :
651 #endif
652                      "");
653         else
654           log_Printf(LogPHASE, "Chap Input: %s (%d bytes%s)\n",
655                      chapcodes[chap->auth.in.hdr.code], alen,
656 #ifdef HAVE_DES
657                      lanman && chap->auth.in.hdr.code == CHAP_RESPONSE ?
658                      " - lanman" :
659 #endif
660                      "");
661         break;
662 
663       case CHAP_SUCCESS:
664       case CHAP_FAILURE:
665         if (*ans)
666           log_Printf(LogPHASE, "Chap Input: %s (%s)\n",
667                      chapcodes[chap->auth.in.hdr.code], ans);
668         else
669           log_Printf(LogPHASE, "Chap Input: %s\n",
670                      chapcodes[chap->auth.in.hdr.code]);
671         break;
672     }
673 
674     switch (chap->auth.in.hdr.code) {
675       case CHAP_CHALLENGE:
676         if (*bundle->cfg.auth.key == '!')
677           chap_StartChild(chap, bundle->cfg.auth.key + 1,
678                           bundle->cfg.auth.name);
679         else
680           chap_Respond(chap, bundle->cfg.auth.name,
681                        bundle->cfg.auth.key, p->link.lcp.his_authtype
682 #ifdef HAVE_DES
683                        , lanman
684 #endif
685                       );
686         break;
687 
688       case CHAP_RESPONSE:
689         name = chap->auth.in.name;
690         nlen = strlen(name);
691 #ifndef NORADIUS
692         if (*bundle->radius.cfg.file) {
693           u_char end;
694 
695           end = chap->challenge.local[*chap->challenge.local+1];
696           chap->challenge.local[*chap->challenge.local+1] = '\0';
697           radius_Authenticate(&bundle->radius, &chap->auth,
698                               chap->auth.in.name, ans,
699                               chap->challenge.local + 1);
700           chap->challenge.local[*chap->challenge.local+1] = end;
701         } else
702 #endif
703         {
704           key = auth_GetSecret(bundle, name, nlen, p);
705           if (key) {
706             char *myans;
707 #ifdef HAVE_DES
708             if (lanman && !IsEnabled(p->link.lcp.cfg.chap80lm)) {
709               log_Printf(LogPHASE, "Auth failure: LANMan not enabled\n");
710               if (chap_HaveAnotherGo(chap))
711                 break;
712               key = NULL;
713             } else if (!lanman && !IsEnabled(p->link.lcp.cfg.chap80nt) &&
714                        p->link.lcp.want_authtype == 0x80) {
715               log_Printf(LogPHASE, "Auth failure: mschap not enabled\n");
716               if (chap_HaveAnotherGo(chap))
717                 break;
718               key = NULL;
719             } else
720 #endif
721             {
722               myans = chap_BuildAnswer(name, key, chap->auth.id,
723                                        chap->challenge.local,
724                                        p->link.lcp.want_authtype
725 #ifdef HAVE_DES
726                                        , lanman
727 #endif
728                                       );
729               if (myans == NULL)
730                 key = NULL;
731               else {
732                 if (!chap_Cmp(p->link.lcp.want_authtype, myans + 1, *myans,
733                               ans + 1, alen
734 #ifdef HAVE_DES
735                               , lanman
736 #endif
737                              ))
738                   key = NULL;
739                 free(myans);
740               }
741             }
742           }
743 
744           if (key)
745             chap_Success(&chap->auth);
746           else
747             chap_Failure(&chap->auth);
748         }
749 
750         break;
751 
752       case CHAP_SUCCESS:
753         if (p->link.lcp.auth_iwait == PROTO_CHAP) {
754           p->link.lcp.auth_iwait = 0;
755           if (p->link.lcp.auth_ineed == 0)
756             /*
757              * We've succeeded in our ``login''
758              * If we're not expecting  the peer to authenticate (or he already
759              * has), proceed to network phase.
760              */
761             datalink_AuthOk(p->dl);
762         }
763         break;
764 
765       case CHAP_FAILURE:
766         datalink_AuthNotOk(p->dl);
767         break;
768     }
769     free(ans);
770   }
771 
772   mbuf_Free(bp);
773   return NULL;
774 }
775