diff options
author | Gabriel Jeanneau <gabriel.jeanneau@6wind.com> | 2022-01-21 13:59:49 +0100 |
---|---|---|
committer | Stéphane Gonauer <stephane.gonauer@6wind.com> | 2022-03-08 13:55:36 +0100 |
commit | 39a9eb807ade35cf60edc6f2e209ed74ba1d262f (patch) | |
tree | ee9cb6d8abf9634cd6d180df1dcf1e09840b74b3 /accel-pppd/auth | |
parent | c66678018c1f111bb361c8f2069c67c725ec9e1c (diff) | |
download | accel-ppp-39a9eb807ade35cf60edc6f2e209ed74ba1d262f.tar.gz accel-ppp-39a9eb807ade35cf60edc6f2e209ed74ba1d262f.zip |
auth: fix CHAP challenge with ixia
here is the structure of CHAP challenge message for PPP:
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Code | Identifier | Length |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Value-Size | Value ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Name ...
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
When sending a CHAP challenge, accel-ppp set NAME to NULL. According to
RFC 1994 (PPP CHAP), this field should neither be NULL nor be equal to
CR/LF. As ixia does not recognize AUthentication packet when this field
is NULL, we set it to "accel-ppp" by default.
In MS-CHAPv1 and MS-CHAPv2, authenticator does not provide information
in Name field.
Signed-off-by: Gabriel Jeanneau <gabriel.jeanneau@6wind.com>
Diffstat (limited to 'accel-pppd/auth')
-rw-r--r-- | accel-pppd/auth/auth_chap_md5.c | 25 |
1 files changed, 15 insertions, 10 deletions
diff --git a/accel-pppd/auth/auth_chap_md5.c b/accel-pppd/auth/auth_chap_md5.c index c0d78c8d..d3982334 100644 --- a/accel-pppd/auth/auth_chap_md5.c +++ b/accel-pppd/auth/auth_chap_md5.c @@ -220,26 +220,31 @@ static void chap_send_success(struct chap_auth_data *ad, int id) static void chap_send_challenge(struct chap_auth_data *ad, int new) { - struct chap_challenge msg = { - .hdr.proto = htons(PPP_CHAP), - .hdr.code = CHAP_CHALLENGE, - .hdr.id = ad->id, - .hdr.len = htons(sizeof(msg) - 2), - .val_size = VALUE_SIZE, +#define CHAP_CHALLENGE_NAME "accel-ppp" + struct { + struct chap_challenge m; + char name[sizeof(CHAP_CHALLENGE_NAME)]; + } __attribute__((packed)) msg = { + .m.hdr.proto = htons(PPP_CHAP), + .m.hdr.code = CHAP_CHALLENGE, + .m.hdr.id = ad->id, + .m.hdr.len = htons(sizeof(struct chap_challenge) - 2 + strlen(CHAP_CHALLENGE_NAME)), + .m.val_size = VALUE_SIZE, + .name = CHAP_CHALLENGE_NAME, }; if (new) read(urandom_fd, ad->val, VALUE_SIZE); - memcpy(msg.val, ad->val, VALUE_SIZE); + memcpy(msg.m.val, ad->val, VALUE_SIZE); if (conf_ppp_verbose) { - log_ppp_info2("send [CHAP Challenge id=%x <", msg.hdr.id); - print_buf(msg.val, VALUE_SIZE); + log_ppp_info2("send [CHAP Challenge id=%x <", msg.m.hdr.id); + print_buf(msg.m.val, VALUE_SIZE); log_ppp_info2(">]\n"); } - ppp_chan_send(ad->ppp, &msg, ntohs(msg.hdr.len) + 2); + ppp_chan_send(ad->ppp, &msg, ntohs(msg.m.hdr.len) + 2); if (conf_timeout && !ad->timeout.tpd) triton_timer_add(ad->ppp->ses.ctrl->ctx, &ad->timeout, 0); |