From 2065efc2f718ddd29432e3fa9ef5b1afb308ba8c Mon Sep 17 00:00:00 2001 From: Kozlov Dmitry Date: Mon, 28 May 2012 12:18:10 +0400 Subject: auth_chap*: use previous challenge value in packet resend instead of generating new one --- accel-pppd/auth/auth_chap_md5.c | 16 +++++++++------- accel-pppd/auth/auth_mschap_v1.c | 16 +++++++++------- accel-pppd/auth/auth_mschap_v2.c | 20 +++++++++++++------- 3 files changed, 31 insertions(+), 21 deletions(-) (limited to 'accel-pppd') diff --git a/accel-pppd/auth/auth_chap_md5.c b/accel-pppd/auth/auth_chap_md5.c index f93e98c..4b8206b 100644 --- a/accel-pppd/auth/auth_chap_md5.c +++ b/accel-pppd/auth/auth_chap_md5.c @@ -79,7 +79,7 @@ struct chap_auth_data_t int started:1; }; -static void chap_send_challenge(struct chap_auth_data_t *ad); +static void chap_send_challenge(struct chap_auth_data_t *ad, int new); static void chap_recv(struct ppp_handler_t *h); static void chap_timeout_timer(struct triton_timer_t *t); static void chap_restart_timer(struct triton_timer_t *t); @@ -134,7 +134,7 @@ static int chap_start(struct ppp_t *ppp, struct auth_data_t *auth) ppp_register_chan_handler(ppp, &d->h); - chap_send_challenge(d); + chap_send_challenge(d, 1); return 0; } @@ -168,7 +168,7 @@ static void chap_timeout_timer(struct triton_timer_t *t) ppp_auth_failed(d->ppp, NULL); } else { --d->id; - chap_send_challenge(d); + chap_send_challenge(d, 0); } } @@ -176,7 +176,7 @@ static void chap_restart_timer(struct triton_timer_t *t) { struct chap_auth_data_t *d = container_of(t, typeof(*d), interval); - chap_send_challenge(d); + chap_send_challenge(d, 1); } static int lcp_send_conf_req(struct ppp_t *ppp, struct auth_data_t *d, uint8_t *ptr) @@ -224,7 +224,7 @@ static void chap_send_success(struct chap_auth_data_t *ad) ppp_chan_send(ad->ppp, &msg, ntohs(msg.hdr.len) + 2); } -static void chap_send_challenge(struct chap_auth_data_t *ad) +static void chap_send_challenge(struct chap_auth_data_t *ad, int new) { struct chap_challenge_t msg = { .hdr.proto = htons(PPP_CHAP), @@ -234,7 +234,9 @@ static void chap_send_challenge(struct chap_auth_data_t *ad) .val_size = VALUE_SIZE, }; - read(urandom_fd, ad->val, VALUE_SIZE); + if (new) + read(urandom_fd, ad->val, VALUE_SIZE); + memcpy(msg.val, ad->val, VALUE_SIZE); if (conf_ppp_verbose) { @@ -379,7 +381,7 @@ static int chap_restart(struct ppp_t *ppp, struct auth_data_t *auth) { struct chap_auth_data_t *d = container_of(auth, typeof(*d), auth); - chap_send_challenge(d); + chap_send_challenge(d, 1); return 0; } diff --git a/accel-pppd/auth/auth_mschap_v1.c b/accel-pppd/auth/auth_mschap_v1.c index b8dd6cc..f0b58f4 100644 --- a/accel-pppd/auth/auth_mschap_v1.c +++ b/accel-pppd/auth/auth_mschap_v1.c @@ -78,7 +78,7 @@ struct chap_auth_data_t int started:1; }; -static void chap_send_challenge(struct chap_auth_data_t *ad); +static void chap_send_challenge(struct chap_auth_data_t *ad, int new); static void chap_recv(struct ppp_handler_t *h); static int chap_check_response(struct chap_auth_data_t *ad, struct chap_response_t *res, const char *name); static void chap_timeout_timer(struct triton_timer_t *t); @@ -135,7 +135,7 @@ static int chap_start(struct ppp_t *ppp, struct auth_data_t *auth) ppp_register_chan_handler(ppp, &d->h); - chap_send_challenge(d); + chap_send_challenge(d, 1); return 0; } @@ -169,7 +169,7 @@ static void chap_timeout_timer(struct triton_timer_t *t) ppp_auth_failed(d->ppp, NULL); } else { --d->id; - chap_send_challenge(d); + chap_send_challenge(d, 0); } } @@ -177,7 +177,7 @@ static void chap_restart_timer(struct triton_timer_t *t) { struct chap_auth_data_t *d = container_of(t, typeof(*d), interval); - chap_send_challenge(d); + chap_send_challenge(d, 1); } static int lcp_send_conf_req(struct ppp_t *ppp, struct auth_data_t *d, uint8_t *ptr) @@ -227,7 +227,7 @@ static void chap_send_success(struct chap_auth_data_t *ad) _free(hdr); } -static void chap_send_challenge(struct chap_auth_data_t *ad) +static void chap_send_challenge(struct chap_auth_data_t *ad, int new) { struct chap_challenge_t msg = { .hdr.proto = htons(PPP_CHAP), @@ -237,7 +237,9 @@ static void chap_send_challenge(struct chap_auth_data_t *ad) .val_size = VALUE_SIZE, }; - read(urandom_fd, ad->val, VALUE_SIZE); + if (new) + read(urandom_fd, ad->val, VALUE_SIZE); + memcpy(msg.val, ad->val, VALUE_SIZE); if (conf_ppp_verbose) { @@ -446,7 +448,7 @@ static int chap_restart(struct ppp_t *ppp, struct auth_data_t *auth) { struct chap_auth_data_t *d = container_of(auth, typeof(*d), auth); - chap_send_challenge(d); + chap_send_challenge(d, 1); return 0; } diff --git a/accel-pppd/auth/auth_mschap_v2.c b/accel-pppd/auth/auth_mschap_v2.c index d067f0b..24272e7 100644 --- a/accel-pppd/auth/auth_mschap_v2.c +++ b/accel-pppd/auth/auth_mschap_v2.c @@ -78,7 +78,7 @@ struct chap_auth_data_t int started:1; }; -static void chap_send_challenge(struct chap_auth_data_t *ad); +static void chap_send_challenge(struct chap_auth_data_t *ad, int new); static void chap_recv(struct ppp_handler_t *h); static int chap_check_response(struct chap_auth_data_t *ad, struct chap_response_t *msg, const char *name); static void chap_timeout_timer(struct triton_timer_t *t); @@ -136,7 +136,7 @@ static int chap_start(struct ppp_t *ppp, struct auth_data_t *auth) ppp_register_chan_handler(ppp, &d->h); - chap_send_challenge(d); + chap_send_challenge(d, 1); return 0; } @@ -170,7 +170,7 @@ static void chap_timeout_timer(struct triton_timer_t *t) ppp_auth_failed(d->ppp, NULL); } else { --d->id; - chap_send_challenge(d); + chap_send_challenge(d, 0); } } @@ -178,7 +178,7 @@ static void chap_restart_timer(struct triton_timer_t *t) { struct chap_auth_data_t *d = container_of(t, typeof(*d), interval); - chap_send_challenge(d); + chap_send_challenge(d, 1); } static int lcp_send_conf_req(struct ppp_t *ppp, struct auth_data_t *d, uint8_t *ptr) @@ -300,7 +300,7 @@ static int generate_response(struct chap_auth_data_t *ad, struct chap_response_t return 0; } -static void chap_send_challenge(struct chap_auth_data_t *ad) +static void chap_send_challenge(struct chap_auth_data_t *ad, int new) { struct chap_challenge_t msg = { .hdr.proto = htons(PPP_CHAP), @@ -310,7 +310,9 @@ static void chap_send_challenge(struct chap_auth_data_t *ad) .val_size = VALUE_SIZE, }; - read(urandom_fd, ad->val, VALUE_SIZE); + if (new) + read(urandom_fd, ad->val, VALUE_SIZE); + memcpy(msg.val, ad->val, VALUE_SIZE); if (conf_ppp_verbose) { @@ -582,7 +584,7 @@ static int chap_restart(struct ppp_t *ppp, struct auth_data_t *auth) { struct chap_auth_data_t *d = container_of(auth, typeof(*d), auth); - chap_send_challenge(d); + chap_send_challenge(d, 1); return 0; } @@ -604,12 +606,16 @@ static void chap_recv(struct ppp_handler_t *h) { struct chap_auth_data_t *d = container_of(h, typeof(*d), h); struct chap_hdr_t *hdr = (struct chap_hdr_t *)d->ppp->buf; + static int drop=1; if (d->ppp->buf_size < sizeof(*hdr) || ntohs(hdr->len) < HDR_LEN || ntohs(hdr->len) < d->ppp->buf_size - 2) { log_ppp_warn("mschap-v2: short packet received\n"); return; } + if (drop-- == 1) + return; + if (hdr->code == CHAP_RESPONSE) chap_recv_response(d, hdr); else -- cgit v1.2.3