diff options
author | brian <brian@FreeBSD.org> | 1999-01-28 01:56:34 +0000 |
---|---|---|
committer | brian <brian@FreeBSD.org> | 1999-01-28 01:56:34 +0000 |
commit | c970e06ccf646c8d420b2216f605eefeef3cdc0d (patch) | |
tree | bb4ef8e30fe918a76dda062613ff6dce7f4acf28 /usr.sbin/ppp/chap.c | |
parent | bada4b37ff3f7d5effb75895357b4276798f82de (diff) | |
download | FreeBSD-src-c970e06ccf646c8d420b2216f605eefeef3cdc0d.zip FreeBSD-src-c970e06ccf646c8d420b2216f605eefeef3cdc0d.tar.gz |
Initial RADIUS support (using libradius). See the man page for
details. Compiling with -DNORADIUS (the default for `release')
removes support.
TODO: The functionality in libradius::rad_send_request() needs
to be supplied as a set of routines so that ppp doesn't
have to wait indefinitely for the radius server(s). Instead,
we need to get a descriptor back, select() on the descriptor,
and ask libradius to service it when necessary.
For now, ppp blocks SIGALRM while in rad_send_request(), so
it misses PAP/CHAP retries & timeouts if they occur.
Only PAP is functional. When CHAP is attempted, libradius
complains that no User-Password has been specified... rfc2138
says that it *mustn't* be used for CHAP :-(
Sponsored by: Internet Business Solutions Ltd., Switzerland
Diffstat (limited to 'usr.sbin/ppp/chap.c')
-rw-r--r-- | usr.sbin/ppp/chap.c | 57 |
1 files changed, 43 insertions, 14 deletions
diff --git a/usr.sbin/ppp/chap.c b/usr.sbin/ppp/chap.c index c2652d6..21d1898 100644 --- a/usr.sbin/ppp/chap.c +++ b/usr.sbin/ppp/chap.c @@ -17,11 +17,11 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: chap.c,v 1.36 1998/08/07 18:42:47 brian Exp $ + * $Id: chap.c,v 1.37 1998/08/26 18:07:56 brian Exp $ * * TODO: */ -#include <sys/types.h> +#include <sys/param.h> #include <netinet/in.h> #include <netinet/in_systm.h> #include <netinet/ip.h> @@ -57,6 +57,9 @@ #include "link.h" #include "physical.h" #include "mp.h" +#ifndef NORADIUS +#include "radius.h" +#endif #include "bundle.h" #include "chat.h" #include "cbcp.h" @@ -102,12 +105,24 @@ chap_SendChallenge(struct authinfo *auth, int chapid, struct physical *physical) randinit(); cp = chap->challenge_data; - *cp++ = chap->challenge_len = random() % 32 + 16; - for (i = 0; i < chap->challenge_len; i++) - *cp++ = random() & 0xff; - len = strlen(physical->dl->bundle->cfg.auth.name); - memcpy(cp, physical->dl->bundle->cfg.auth.name, len); - cp += len; +#ifndef NORADIUS + if (*physical->dl->bundle->radius.cfg.file) { + /* For radius, our challenge is 16 readable NUL terminated bytes :*/ + *cp++ = chap->challenge_len = 16; + for (i = 0; i < chap->challenge_len; i++) + *cp++ = (random() & (0x7f - 0x20)) + 0x20; + *cp = '\0'; + } else { +#endif + *cp++ = chap->challenge_len = random() % (CHAPCHALLENGELEN-16) + 16; + for (i = 0; i < chap->challenge_len; i++) + *cp++ = random() & 0xff; + len = strlen(physical->dl->bundle->cfg.auth.name); + memcpy(cp, physical->dl->bundle->cfg.auth.name, len); + cp += len; +#ifndef NORADIUS + } +#endif ChapOutput(physical, CHAP_CHALLENGE, chapid, chap->challenge_data, cp - chap->challenge_data, NULL); } @@ -121,7 +136,7 @@ RecvChapTalk(struct bundle *bundle, struct fsmheader *chp, struct mbuf *bp, char *cp, *argp, *ap, *name, *digest; char *keyp; MD5_CTX MD5context; /* context for MD5 */ - char answer[100]; + char answer[CHAPDIGESTLEN]; char cdigest[16]; #ifdef HAVE_DES int ix; @@ -214,11 +229,25 @@ RecvChapTalk(struct bundle *bundle, struct fsmheader *chp, struct mbuf *bp, /* * Get a secret key corresponds to the peer */ - keyp = auth_GetSecret(bundle, name, namelen, physical); - if (keyp) { - /* - * Compute correct digest value - */ +#ifndef NORADIUS + if (*bundle->radius.cfg.file) { + char chapname[AUTHLEN]; + + if (namelen > AUTHLEN - 1) + namelen = AUTHLEN - 1; + strncpy(chapname, name, namelen); + chapname[namelen] = '\0'; + strncpy(answer, cp-1, 17); + answer[17] = '\0'; + + if (radius_Authenticate(&bundle->radius, bundle, chapname, answer, + physical->dl->chap.challenge_data + 1)) + break; /* And there was much rejoicing ! */ + + } else +#endif + if ((keyp = auth_GetSecret(bundle, name, namelen, physical))) { + /* Compute correct digest value */ keylen = strlen(keyp); ap = answer; *ap++ = chp->id; |