1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-15 10:17:20 +00:00

Split the recorded chap challenge into two - one for the

receiver and one for the sender.  This allows two simultaneous
chap conversations - something that I *thought* I was already
doing on a daily basis myself until the existence of the
problem was
Beaten into me by: sos
This commit is contained in:
Brian Somers 1999-04-21 08:03:51 +00:00
parent 1599fce5c6
commit a38cc90182
Notes: svn2git 2020-12-20 02:59:44 +00:00
svn path=/head/; revision=45907
2 changed files with 25 additions and 19 deletions

View File

@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
* *
* $Id: chap.c,v 1.47 1999/02/20 01:12:45 brian Exp $ * $Id: chap.c,v 1.48 1999/04/01 11:05:22 brian Exp $
* *
* TODO: * TODO:
*/ */
@ -259,7 +259,7 @@ chap_StartChild(struct chap *chap, char *prog, const char *name)
chap->child.buf.len = 0; chap->child.buf.len = 0;
write(in[1], chap->auth.in.name, strlen(chap->auth.in.name)); write(in[1], chap->auth.in.name, strlen(chap->auth.in.name));
write(in[1], "\n", 1); write(in[1], "\n", 1);
write(in[1], chap->challenge + 1, *chap->challenge); write(in[1], chap->challenge.peer + 1, *chap->challenge.peer);
write(in[1], "\n", 1); write(in[1], "\n", 1);
write(in[1], name, strlen(name)); write(in[1], name, strlen(name));
write(in[1], "\n", 1); write(in[1], "\n", 1);
@ -288,7 +288,7 @@ chap_Cleanup(struct chap *chap, int sig)
else if (WIFEXITED(status) && WEXITSTATUS(status)) else if (WIFEXITED(status) && WEXITSTATUS(status))
log_Printf(LogERROR, "Chap: Child exited %d\n", WEXITSTATUS(status)); log_Printf(LogERROR, "Chap: Child exited %d\n", WEXITSTATUS(status));
} }
*chap->challenge = 0; *chap->challenge.local = *chap->challenge.peer = '\0';
#ifdef HAVE_DES #ifdef HAVE_DES
chap->peertries = 0; chap->peertries = 0;
#endif #endif
@ -303,7 +303,7 @@ chap_Respond(struct chap *chap, char *name, char *key, u_char type
{ {
u_char *ans; u_char *ans;
ans = chap_BuildAnswer(name, key, chap->auth.id, chap->challenge, type ans = chap_BuildAnswer(name, key, chap->auth.id, chap->challenge.peer, type
#ifdef HAVE_DES #ifdef HAVE_DES
, lm , lm
#endif #endif
@ -418,9 +418,9 @@ chap_Challenge(struct authinfo *authp)
len = strlen(authp->physical->dl->bundle->cfg.auth.name); len = strlen(authp->physical->dl->bundle->cfg.auth.name);
if (!*chap->challenge) { if (!*chap->challenge.local) {
randinit(); randinit();
cp = chap->challenge; cp = chap->challenge.local;
#ifndef NORADIUS #ifndef NORADIUS
if (*authp->physical->dl->bundle->radius.cfg.file) { if (*authp->physical->dl->bundle->radius.cfg.file) {
@ -437,13 +437,13 @@ chap_Challenge(struct authinfo *authp)
else else
#endif #endif
*cp++ = random() % (CHAPCHALLENGELEN-16) + 16; *cp++ = random() % (CHAPCHALLENGELEN-16) + 16;
for (i = 0; i < *chap->challenge; i++) for (i = 0; i < *chap->challenge.local; i++)
*cp++ = random() & 0xff; *cp++ = random() & 0xff;
} }
memcpy(cp, authp->physical->dl->bundle->cfg.auth.name, len); memcpy(cp, authp->physical->dl->bundle->cfg.auth.name, len);
} }
ChapOutput(authp->physical, CHAP_CHALLENGE, authp->id, chap->challenge, ChapOutput(authp->physical, CHAP_CHALLENGE, authp->id, chap->challenge.local,
1 + *chap->challenge + len, NULL); 1 + *chap->challenge.local + len, NULL);
} }
static void static void
@ -499,7 +499,7 @@ chap_HaveAnotherGo(struct chap *chap)
{ {
if (++chap->peertries < 3) { if (++chap->peertries < 3) {
/* Give the peer another shot */ /* Give the peer another shot */
*chap->challenge = '\0'; *chap->challenge.local = '\0';
chap_Challenge(&chap->auth); chap_Challenge(&chap->auth);
return 1; return 1;
} }
@ -519,7 +519,7 @@ chap_Init(struct chap *chap, struct physical *p)
chap->child.pid = 0; chap->child.pid = 0;
chap->child.fd = -1; chap->child.fd = -1;
auth_Init(&chap->auth, p, chap_Challenge, chap_Success, chap_Failure); auth_Init(&chap->auth, p, chap_Challenge, chap_Success, chap_Failure);
*chap->challenge = 0; *chap->challenge.local = *chap->challenge.peer = '\0';
#ifdef HAVE_DES #ifdef HAVE_DES
chap->NTRespSent = 0; chap->NTRespSent = 0;
chap->peertries = 0; chap->peertries = 0;
@ -538,7 +538,7 @@ chap_Input(struct physical *p, struct mbuf *bp)
struct chap *chap = &p->dl->chap; struct chap *chap = &p->dl->chap;
char *name, *key, *ans; char *name, *key, *ans;
int len, nlen; int len, nlen;
u_char alen; u_char alen, end;
#ifdef HAVE_DES #ifdef HAVE_DES
int lanman; int lanman;
#endif #endif
@ -584,8 +584,8 @@ chap_Input(struct physical *p, struct mbuf *bp)
mbuf_Free(bp); mbuf_Free(bp);
return; return;
} }
*chap->challenge = alen; *chap->challenge.peer = alen;
bp = mbuf_Read(bp, chap->challenge + 1, alen); bp = mbuf_Read(bp, chap->challenge.peer + 1, alen);
bp = auth_ReadName(&chap->auth, bp, len); bp = auth_ReadName(&chap->auth, bp, len);
#ifdef HAVE_DES #ifdef HAVE_DES
lanman = p->link.lcp.his_authtype == 0x80 && lanman = p->link.lcp.his_authtype == 0x80 &&
@ -682,9 +682,12 @@ chap_Input(struct physical *p, struct mbuf *bp)
nlen = strlen(name); nlen = strlen(name);
#ifndef NORADIUS #ifndef NORADIUS
if (*p->dl->bundle->radius.cfg.file) { if (*p->dl->bundle->radius.cfg.file) {
chap->challenge[*chap->challenge+1] = '\0'; end = chap->challenge.local[*chap->challenge.local+1];
chap->challenge.local[*chap->challenge.local+1] = '\0';
radius_Authenticate(&p->dl->bundle->radius, &chap->auth, radius_Authenticate(&p->dl->bundle->radius, &chap->auth,
chap->auth.in.name, ans, chap->challenge + 1); chap->auth.in.name, ans,
chap->challenge.local + 1);
chap->challenge.local[*chap->challenge.local+1] = end;
} else } else
#endif #endif
{ {
@ -707,7 +710,7 @@ chap_Input(struct physical *p, struct mbuf *bp)
#endif #endif
{ {
myans = chap_BuildAnswer(name, key, chap->auth.id, myans = chap_BuildAnswer(name, key, chap->auth.id,
chap->challenge, chap->challenge.local,
p->link.lcp.want_authtype p->link.lcp.want_authtype
#ifdef HAVE_DES #ifdef HAVE_DES
, lanman , lanman

View File

@ -15,7 +15,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
* *
* $Id: chap.h,v 1.13 1999/02/18 00:52:12 brian Exp $ * $Id: chap.h,v 1.14 1999/02/18 19:45:06 brian Exp $
* *
* TODO: * TODO:
*/ */
@ -39,7 +39,10 @@ struct chap {
} buf; } buf;
} child; } child;
struct authinfo auth; struct authinfo auth;
u_char challenge[CHAPCHALLENGELEN + AUTHLEN]; struct {
u_char local[CHAPCHALLENGELEN + AUTHLEN]; /* I invented this one */
u_char peer[CHAPCHALLENGELEN + AUTHLEN]; /* Peer gave us this one */
} challenge;
#ifdef HAVE_DES #ifdef HAVE_DES
unsigned NTRespSent : 1; /* Our last response */ unsigned NTRespSent : 1; /* Our last response */
int peertries; int peertries;