summaryrefslogtreecommitdiff
path: root/accel-pppd/auth
diff options
context:
space:
mode:
authorKozlov Dmitry <xeb@mail.ru>2012-05-28 12:18:10 +0400
committerKozlov Dmitry <xeb@mail.ru>2012-05-28 12:18:10 +0400
commit2065efc2f718ddd29432e3fa9ef5b1afb308ba8c (patch)
treeedd61ada9c36f6ae8df84061dbdbab659e7d275d /accel-pppd/auth
parent0d19e3bbe4ed663c3cdd4aeb666df782cd81c35c (diff)
downloadaccel-ppp-2065efc2f718ddd29432e3fa9ef5b1afb308ba8c.tar.gz
accel-ppp-2065efc2f718ddd29432e3fa9ef5b1afb308ba8c.zip
auth_chap*: use previous challenge value in packet resend instead of generating new one
Diffstat (limited to 'accel-pppd/auth')
-rw-r--r--accel-pppd/auth/auth_chap_md5.c16
-rw-r--r--accel-pppd/auth/auth_mschap_v1.c16
-rw-r--r--accel-pppd/auth/auth_mschap_v2.c20
3 files changed, 31 insertions, 21 deletions
diff --git a/accel-pppd/auth/auth_chap_md5.c b/accel-pppd/auth/auth_chap_md5.c
index f93e98c..4b8206b 100644
--- a/accel-pppd/auth/auth_chap_md5.c
+++ b/accel-pppd/auth/auth_chap_md5.c
@@ -79,7 +79,7 @@ struct chap_auth_data_t
int started:1;
};
-static void chap_send_challenge(struct chap_auth_data_t *ad);
+static void chap_send_challenge(struct chap_auth_data_t *ad, int new);
static void chap_recv(struct ppp_handler_t *h);
static void chap_timeout_timer(struct triton_timer_t *t);
static void chap_restart_timer(struct triton_timer_t *t);
@@ -134,7 +134,7 @@ static int chap_start(struct ppp_t *ppp, struct auth_data_t *auth)
ppp_register_chan_handler(ppp, &d->h);
- chap_send_challenge(d);
+ chap_send_challenge(d, 1);
return 0;
}
@@ -168,7 +168,7 @@ static void chap_timeout_timer(struct triton_timer_t *t)
ppp_auth_failed(d->ppp, NULL);
} else {
--d->id;
- chap_send_challenge(d);
+ chap_send_challenge(d, 0);
}
}
@@ -176,7 +176,7 @@ static void chap_restart_timer(struct triton_timer_t *t)
{
struct chap_auth_data_t *d = container_of(t, typeof(*d), interval);
- chap_send_challenge(d);
+ chap_send_challenge(d, 1);
}
static int lcp_send_conf_req(struct ppp_t *ppp, struct auth_data_t *d, uint8_t *ptr)
@@ -224,7 +224,7 @@ static void chap_send_success(struct chap_auth_data_t *ad)
ppp_chan_send(ad->ppp, &msg, ntohs(msg.hdr.len) + 2);
}
-static void chap_send_challenge(struct chap_auth_data_t *ad)
+static void chap_send_challenge(struct chap_auth_data_t *ad, int new)
{
struct chap_challenge_t msg = {
.hdr.proto = htons(PPP_CHAP),
@@ -234,7 +234,9 @@ static void chap_send_challenge(struct chap_auth_data_t *ad)
.val_size = VALUE_SIZE,
};
- read(urandom_fd, ad->val, VALUE_SIZE);
+ if (new)
+ read(urandom_fd, ad->val, VALUE_SIZE);
+
memcpy(msg.val, ad->val, VALUE_SIZE);
if (conf_ppp_verbose) {
@@ -379,7 +381,7 @@ static int chap_restart(struct ppp_t *ppp, struct auth_data_t *auth)
{
struct chap_auth_data_t *d = container_of(auth, typeof(*d), auth);
- chap_send_challenge(d);
+ chap_send_challenge(d, 1);
return 0;
}
diff --git a/accel-pppd/auth/auth_mschap_v1.c b/accel-pppd/auth/auth_mschap_v1.c
index b8dd6cc..f0b58f4 100644
--- a/accel-pppd/auth/auth_mschap_v1.c
+++ b/accel-pppd/auth/auth_mschap_v1.c
@@ -78,7 +78,7 @@ struct chap_auth_data_t
int started:1;
};
-static void chap_send_challenge(struct chap_auth_data_t *ad);
+static void chap_send_challenge(struct chap_auth_data_t *ad, int new);
static void chap_recv(struct ppp_handler_t *h);
static int chap_check_response(struct chap_auth_data_t *ad, struct chap_response_t *res, const char *name);
static void chap_timeout_timer(struct triton_timer_t *t);
@@ -135,7 +135,7 @@ static int chap_start(struct ppp_t *ppp, struct auth_data_t *auth)
ppp_register_chan_handler(ppp, &d->h);
- chap_send_challenge(d);
+ chap_send_challenge(d, 1);
return 0;
}
@@ -169,7 +169,7 @@ static void chap_timeout_timer(struct triton_timer_t *t)
ppp_auth_failed(d->ppp, NULL);
} else {
--d->id;
- chap_send_challenge(d);
+ chap_send_challenge(d, 0);
}
}
@@ -177,7 +177,7 @@ static void chap_restart_timer(struct triton_timer_t *t)
{
struct chap_auth_data_t *d = container_of(t, typeof(*d), interval);
- chap_send_challenge(d);
+ chap_send_challenge(d, 1);
}
static int lcp_send_conf_req(struct ppp_t *ppp, struct auth_data_t *d, uint8_t *ptr)
@@ -227,7 +227,7 @@ static void chap_send_success(struct chap_auth_data_t *ad)
_free(hdr);
}
-static void chap_send_challenge(struct chap_auth_data_t *ad)
+static void chap_send_challenge(struct chap_auth_data_t *ad, int new)
{
struct chap_challenge_t msg = {
.hdr.proto = htons(PPP_CHAP),
@@ -237,7 +237,9 @@ static void chap_send_challenge(struct chap_auth_data_t *ad)
.val_size = VALUE_SIZE,
};
- read(urandom_fd, ad->val, VALUE_SIZE);
+ if (new)
+ read(urandom_fd, ad->val, VALUE_SIZE);
+
memcpy(msg.val, ad->val, VALUE_SIZE);
if (conf_ppp_verbose) {
@@ -446,7 +448,7 @@ static int chap_restart(struct ppp_t *ppp, struct auth_data_t *auth)
{
struct chap_auth_data_t *d = container_of(auth, typeof(*d), auth);
- chap_send_challenge(d);
+ chap_send_challenge(d, 1);
return 0;
}
diff --git a/accel-pppd/auth/auth_mschap_v2.c b/accel-pppd/auth/auth_mschap_v2.c
index d067f0b..24272e7 100644
--- a/accel-pppd/auth/auth_mschap_v2.c
+++ b/accel-pppd/auth/auth_mschap_v2.c
@@ -78,7 +78,7 @@ struct chap_auth_data_t
int started:1;
};
-static void chap_send_challenge(struct chap_auth_data_t *ad);
+static void chap_send_challenge(struct chap_auth_data_t *ad, int new);
static void chap_recv(struct ppp_handler_t *h);
static int chap_check_response(struct chap_auth_data_t *ad, struct chap_response_t *msg, const char *name);
static void chap_timeout_timer(struct triton_timer_t *t);
@@ -136,7 +136,7 @@ static int chap_start(struct ppp_t *ppp, struct auth_data_t *auth)
ppp_register_chan_handler(ppp, &d->h);
- chap_send_challenge(d);
+ chap_send_challenge(d, 1);
return 0;
}
@@ -170,7 +170,7 @@ static void chap_timeout_timer(struct triton_timer_t *t)
ppp_auth_failed(d->ppp, NULL);
} else {
--d->id;
- chap_send_challenge(d);
+ chap_send_challenge(d, 0);
}
}
@@ -178,7 +178,7 @@ static void chap_restart_timer(struct triton_timer_t *t)
{
struct chap_auth_data_t *d = container_of(t, typeof(*d), interval);
- chap_send_challenge(d);
+ chap_send_challenge(d, 1);
}
static int lcp_send_conf_req(struct ppp_t *ppp, struct auth_data_t *d, uint8_t *ptr)
@@ -300,7 +300,7 @@ static int generate_response(struct chap_auth_data_t *ad, struct chap_response_t
return 0;
}
-static void chap_send_challenge(struct chap_auth_data_t *ad)
+static void chap_send_challenge(struct chap_auth_data_t *ad, int new)
{
struct chap_challenge_t msg = {
.hdr.proto = htons(PPP_CHAP),
@@ -310,7 +310,9 @@ static void chap_send_challenge(struct chap_auth_data_t *ad)
.val_size = VALUE_SIZE,
};
- read(urandom_fd, ad->val, VALUE_SIZE);
+ if (new)
+ read(urandom_fd, ad->val, VALUE_SIZE);
+
memcpy(msg.val, ad->val, VALUE_SIZE);
if (conf_ppp_verbose) {
@@ -582,7 +584,7 @@ static int chap_restart(struct ppp_t *ppp, struct auth_data_t *auth)
{
struct chap_auth_data_t *d = container_of(auth, typeof(*d), auth);
- chap_send_challenge(d);
+ chap_send_challenge(d, 1);
return 0;
}
@@ -604,12 +606,16 @@ static void chap_recv(struct ppp_handler_t *h)
{
struct chap_auth_data_t *d = container_of(h, typeof(*d), h);
struct chap_hdr_t *hdr = (struct chap_hdr_t *)d->ppp->buf;
+ static int drop=1;
if (d->ppp->buf_size < sizeof(*hdr) || ntohs(hdr->len) < HDR_LEN || ntohs(hdr->len) < d->ppp->buf_size - 2) {
log_ppp_warn("mschap-v2: short packet received\n");
return;
}
+ if (drop-- == 1)
+ return;
+
if (hdr->code == CHAP_RESPONSE)
chap_recv_response(d, hdr);
else