summaryrefslogtreecommitdiff
path: root/accel-pppd/auth/auth_mschap_v1.c
diff options
context:
space:
mode:
Diffstat (limited to 'accel-pppd/auth/auth_mschap_v1.c')
-rw-r--r--accel-pppd/auth/auth_mschap_v1.c100
1 files changed, 51 insertions, 49 deletions
diff --git a/accel-pppd/auth/auth_mschap_v1.c b/accel-pppd/auth/auth_mschap_v1.c
index 4308300..10d5fe8 100644
--- a/accel-pppd/auth/auth_mschap_v1.c
+++ b/accel-pppd/auth/auth_mschap_v1.c
@@ -31,15 +31,15 @@
#define VALUE_SIZE 8
#define RESPONSE_VALUE_SIZE (24+24+1)
-#define MSG_FAILURE "E=691 R=0"
-#define MSG_SUCCESS "Authentication successed"
-
#define HDR_LEN (sizeof(struct chap_hdr_t)-2)
static int conf_timeout = 5;
static int conf_interval = 0;
static int conf_max_failure = 3;
static int conf_any_login = 0;
+static char *conf_msg_failure = "E=691 R=0";
+static char *conf_msg_success = "Authentication successed";
+;
static int urandom_fd;
@@ -69,19 +69,6 @@ struct chap_response_t
char name[0];
} __attribute__((packed));
-struct chap_failure_t
-{
- struct chap_hdr_t hdr;
- char message[sizeof(MSG_FAILURE)];
-} __attribute__((packed));
-
-struct chap_success_t
-{
- struct chap_hdr_t hdr;
- char message[sizeof(MSG_SUCCESS)];
-} __attribute__((packed));
-
-
struct chap_auth_data_t
{
struct auth_data_t auth;
@@ -210,36 +197,38 @@ static int lcp_recv_conf_req(struct ppp_t *ppp, struct auth_data_t *d, uint8_t *
return LCP_OPT_NAK;
}
-static void chap_send_failure(struct chap_auth_data_t *ad)
+static void chap_send_failure(struct chap_auth_data_t *ad, char *mschap_error)
{
- struct chap_failure_t msg = {
- .hdr.proto = htons(PPP_CHAP),
- .hdr.code = CHAP_FAILURE,
- .hdr.id = ad->id,
- .hdr.len = htons(sizeof(msg)-1-2),
- .message = MSG_FAILURE,
- };
-
+ struct chap_hdr_t *hdr = _malloc(sizeof(*hdr) + strlen(mschap_error) + 1);
+ hdr->proto = htons(PPP_CHAP);
+ hdr->code = CHAP_FAILURE;
+ hdr->id = ad->id;
+ hdr->len = htons(HDR_LEN + strlen(mschap_error));
+ strcpy((char *)(hdr + 1), mschap_error);
+
if (conf_ppp_verbose)
- log_ppp_info2("send [MSCHAP-v1 Failure id=%x \"%s\"]\n", msg.hdr.id, MSG_FAILURE);
+ log_ppp_info2("send [MSCHAP-v1 Failure id=%x \"%s\"]\n", hdr->id, mschap_error);
- ppp_chan_send(ad->ppp,&msg,ntohs(msg.hdr.len)+2);
+ ppp_chan_send(ad->ppp, hdr, ntohs(hdr->len) + 2);
+
+ _free(hdr);
}
static void chap_send_success(struct chap_auth_data_t *ad)
{
- struct chap_success_t msg = {
- .hdr.proto = htons(PPP_CHAP),
- .hdr.code = CHAP_SUCCESS,
- .hdr.id = ad->id,
- .hdr.len = htons(sizeof(msg)-1-2),
- .message = MSG_SUCCESS,
- };
+ struct chap_hdr_t *hdr = _malloc(sizeof(*hdr) + strlen(conf_msg_success) + 1);
+ hdr->proto = htons(PPP_CHAP);
+ hdr->code = CHAP_SUCCESS;
+ hdr->id = ad->id;
+ hdr->len = htons(HDR_LEN + strlen(conf_msg_success));
+ strcpy((char *)(hdr + 1), conf_msg_success);
if (conf_ppp_verbose)
- log_ppp_info2("send [MSCHAP-v1 Success id=%x \"%s\"]\n", msg.hdr.id, MSG_SUCCESS);
+ log_ppp_info2("send [MSCHAP-v1 Success id=%x \"%s\"]\n", hdr->id, conf_msg_success);
- ppp_chan_send(ad->ppp, &msg, ntohs(msg.hdr.len) + 2);
+ ppp_chan_send(ad->ppp, hdr, ntohs(hdr->len) + 2);
+
+ _free(hdr);
}
static void chap_send_challenge(struct chap_auth_data_t *ad)
@@ -271,6 +260,7 @@ static void chap_recv_response(struct chap_auth_data_t *ad, struct chap_hdr_t *h
{
struct chap_response_t *msg = (struct chap_response_t*)hdr;
char *name;
+ char *mschap_error = conf_msg_failure;
int r;
if (ad->timeout.tpd)
@@ -312,33 +302,45 @@ static void chap_recv_response(struct chap_auth_data_t *ad, struct chap_hdr_t *h
}
if (conf_any_login) {
+ if (ppp_auth_successed(ad->ppp, name)) {
+ chap_send_failure(ad, mschap_error);
+ ppp_terminate(ad->ppp, TERM_AUTH_ERROR, 0);
+ _free(name);
+ return;
+ }
chap_send_success(ad);
ad->started = 1;
- ppp_auth_successed(ad->ppp, name);
return;
}
- r = pwdb_check(ad->ppp, name, PPP_CHAP, MSCHAP_V1, ad->id, ad->val, VALUE_SIZE, msg->lm_hash, msg->nt_hash, msg->flags);
+ r = pwdb_check(ad->ppp, name, PPP_CHAP, MSCHAP_V1, ad->id, ad->val, VALUE_SIZE, msg->lm_hash, msg->nt_hash, msg->flags, &mschap_error);
if (r == PWDB_NO_IMPL)
if (chap_check_response(ad, msg, name))
r = PWDB_DENIED;
if (r == PWDB_DENIED) {
- chap_send_failure(ad);
+ chap_send_failure(ad, mschap_error);
if (ad->started)
ppp_terminate(ad->ppp, TERM_AUTH_ERROR, 0);
else
ppp_auth_failed(ad->ppp, name);
_free(name);
} else {
- chap_send_success(ad);
if (!ad->started) {
- ad->started = 1;
- if (conf_interval)
- triton_timer_add(ad->ppp->ctrl->ctx, &ad->interval, 0);
- ppp_auth_successed(ad->ppp, name);
- } else
+ if (ppp_auth_successed(ad->ppp, name)) {
+ chap_send_failure(ad, mschap_error);
+ ppp_terminate(ad->ppp, TERM_AUTH_ERROR, 0);
+ _free(name);
+ } else {
+ chap_send_success(ad);
+ ad->started = 1;
+ if (conf_interval)
+ triton_timer_add(ad->ppp->ctrl->ctx, &ad->interval, 0);
+ }
+ } else {
+ chap_send_success(ad);
_free(name);
+ }
}
}
@@ -384,7 +386,7 @@ static int chap_check_response(struct chap_auth_data_t *ad, struct chap_response
if (!passwd) {
if (conf_ppp_verbose)
log_ppp_warn("mschap-v1: user not found\n");
- chap_send_failure(ad);
+ chap_send_failure(ad, conf_msg_failure);
return PWDB_DENIED;
}
@@ -424,8 +426,7 @@ static void set_mppe_keys(struct chap_auth_data_t *ad, uint8_t *z_hash)
struct ev_mppe_keys_t ev_mppe = {
.ppp = ad->ppp,
- .type = 1 << 2,
- .policy = 1,
+ .policy = -1,
.recv_key = digest,
.send_key = digest,
};
@@ -482,7 +483,7 @@ static void chap_recv(struct ppp_handler_t *h)
log_ppp_warn("mschap-v1: unknown code received %x\n", hdr->code);
}
-static void __init auth_mschap_v1_init()
+static void auth_mschap_v1_init()
{
char *opt;
@@ -511,3 +512,4 @@ static void __init auth_mschap_v1_init()
log_emerg("mschap-v1: failed to register handler\n");
}
+DEFINE_INIT(5, auth_mschap_v1_init);
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-13 12:15:36 +0000