diff options
| -rw-r--r-- | usr.sbin/ppp/chap.c | 32 | ||||
| -rw-r--r-- | usr.sbin/ppp/chap.h | 7 | ||||
| -rw-r--r-- | usr.sbin/ppp/pap.c | 2 | ||||
| -rw-r--r-- | usr.sbin/ppp/radius.c | 20 | ||||
| -rw-r--r-- | usr.sbin/ppp/radius.h | 2 |
5 files changed, 34 insertions, 29 deletions
diff --git a/usr.sbin/ppp/chap.c b/usr.sbin/ppp/chap.c index 33c8493..20ad528 100644 --- a/usr.sbin/ppp/chap.c +++ b/usr.sbin/ppp/chap.c @@ -761,19 +761,13 @@ chap_Input(struct bundle *bundle, struct link *l, struct mbuf *bp) m_freem(bp); return NULL; } - if ((ans = malloc(alen + 2)) == NULL) { + if ((ans = malloc(alen + 1)) == NULL) { log_Printf(LogERROR, "Chap Input: Out of memory !\n"); m_freem(bp); return NULL; } *ans = chap->auth.id; bp = mbuf_Read(bp, ans + 1, alen); - if (p->link.lcp.want_authtype == 0x81 && ans[alen] != '\0') { - log_Printf(LogWARN, "%s: Compensating for corrupt (Win98/WinME?) " - "CHAP81 RESPONSE\n", l->name); - ans[alen] = '\0'; - } - ans[alen+1] = '\0'; bp = auth_ReadName(&chap->auth, bp, len); #ifndef NODES lanman = p->link.lcp.want_authtype == 0x80 && @@ -847,8 +841,11 @@ chap_Input(struct bundle *bundle, struct link *l, struct mbuf *bp) nlen = strlen(name); #ifndef NODES if (p->link.lcp.want_authtype == 0x81) { - chap->challenge.peer[0] = CHAP81_CHALLENGE_LEN; - memcpy(chap->challenge.peer + 1, ans + 1, CHAP81_CHALLENGE_LEN); + struct MSCHAPv2_resp *resp = (struct MSCHAPv2_resp *)(ans + 1); + + chap->challenge.peer[0] = sizeof resp->PeerChallenge; + memcpy(chap->challenge.peer + 1, resp->PeerChallenge, + sizeof resp->PeerChallenge); } #endif @@ -857,16 +854,21 @@ chap_Input(struct bundle *bundle, struct link *l, struct mbuf *bp) if (!radius_Authenticate(&bundle->radius, &chap->auth, chap->auth.in.name, ans, alen + 1, chap->challenge.local + 1, - *chap->challenge.local, - chap->challenge.peer + 1, - *chap->challenge.peer)) + *chap->challenge.local)) chap_Failure(&chap->auth); } else #endif { + if (p->link.lcp.want_authtype == 0x81 && ans[alen] != '\0' && + alen == sizeof(struct MSCHAPv2_resp)) { + struct MSCHAPv2_resp *resp = (struct MSCHAPv2_resp *)(ans + 1); + + log_Printf(LogWARN, "%s: Compensating for corrupt (Win98/WinME?) " + "CHAP81 RESPONSE\n", l->name); + resp->Flags = '\0'; /* rfc2759 says it *MUST* be zero */ + } key = auth_GetSecret(bundle, name, nlen, p); if (key) { - char *myans; #ifndef NODES if (p->link.lcp.want_authtype == 0x80 && lanman && !IsEnabled(p->link.lcp.cfg.chap80lm)) { @@ -887,8 +889,8 @@ chap_Input(struct bundle *bundle, struct link *l, struct mbuf *bp) } else #endif { - myans = chap_BuildAnswer(name, key, chap->auth.id, - chap->challenge.local, + char *myans = chap_BuildAnswer(name, key, chap->auth.id, + chap->challenge.local, p->link.lcp.want_authtype #ifndef NODES , chap->challenge.peer, diff --git a/usr.sbin/ppp/chap.h b/usr.sbin/ppp/chap.h index 33a5b99..617555d 100644 --- a/usr.sbin/ppp/chap.h +++ b/usr.sbin/ppp/chap.h @@ -63,6 +63,13 @@ struct chap { #define auth2chap(a) \ ((struct chap *)((char *)a - (int)&((struct chap *)0)->auth)) +struct MSCHAPv2_resp { /* rfc2759 */ + char PeerChallenge[16]; + char Reserved[8]; + char NTResponse[24]; + char Flags; +}; + extern void chap_Init(struct chap *, struct physical *); extern void chap_ReInit(struct chap *); extern struct mbuf *chap_Input(struct bundle *, struct link *, struct mbuf *); diff --git a/usr.sbin/ppp/pap.c b/usr.sbin/ppp/pap.c index c604831..8a1d112 100644 --- a/usr.sbin/ppp/pap.c +++ b/usr.sbin/ppp/pap.c @@ -266,7 +266,7 @@ pap_Input(struct bundle *bundle, struct link *l, struct mbuf *bp) #ifndef NORADIUS if (*bundle->radius.cfg.file) { if (!radius_Authenticate(&bundle->radius, authp, authp->in.name, - key, strlen(key), NULL, 0, NULL, 0)) + key, strlen(key), NULL, 0)) pap_Failure(authp); } else #endif diff --git a/usr.sbin/ppp/radius.c b/usr.sbin/ppp/radius.c index 99abb2a..be6953a 100644 --- a/usr.sbin/ppp/radius.c +++ b/usr.sbin/ppp/radius.c @@ -700,7 +700,7 @@ radius_put_physical_details(struct rad_handle *rad, struct physical *p) int radius_Authenticate(struct radius *r, struct authinfo *authp, const char *name, const char *key, int klen, const char *nchallenge, - int nclen, const char *pchallenge, int pclen) + int nclen) { struct timeval tv; int got; @@ -712,6 +712,7 @@ radius_Authenticate(struct radius *r, struct authinfo *authp, const char *name, #ifndef NODES struct mschap_response msresp; struct mschap2_response msresp2; + const struct MSCHAPv2_resp *keyv2; #endif if (!*r->cfg.file) @@ -794,26 +795,21 @@ radius_Authenticate(struct radius *r, struct authinfo *authp, const char *name, break; case 0x81: - if (klen != 50) { + if (klen != sizeof(*keyv2) + 1) { log_Printf(LogERROR, "CHAP81: Unrecognised key length %d\n", klen); rad_close(r->cx.rad); return 0; } - if (pclen != sizeof msresp2.pchallenge) { - log_Printf(LogERROR, "CHAP81: Unrecognised peer challenge length %d\n", - pclen); - rad_close(r->cx.rad); - return 0; - } - + keyv2 = (const struct MSCHAPv2_resp *)(key + 1); rad_put_vendor_attr(r->cx.rad, RAD_VENDOR_MICROSOFT, RAD_MICROSOFT_MS_CHAP_CHALLENGE, nchallenge, nclen); msresp2.ident = *key; - msresp2.flags = 0x00; - memcpy(msresp2.response, key + 25, 24); + msresp2.flags = keyv2->Flags; + memcpy(msresp2.response, keyv2->NTResponse, sizeof msresp2.response); memset(msresp2.reserved, '\0', sizeof msresp2.reserved); - memcpy(msresp2.pchallenge, pchallenge, pclen); + memcpy(msresp2.pchallenge, keyv2->PeerChallenge, + sizeof msresp2.pchallenge); rad_put_vendor_attr(r->cx.rad, RAD_VENDOR_MICROSOFT, RAD_MICROSOFT_MS_CHAP2_RESPONSE, &msresp2, sizeof msresp2); diff --git a/usr.sbin/ppp/radius.h b/usr.sbin/ppp/radius.h index f7d6fae..5e9586d 100644 --- a/usr.sbin/ppp/radius.h +++ b/usr.sbin/ppp/radius.h @@ -85,7 +85,7 @@ extern void radius_Destroy(struct radius *); extern void radius_Show(struct radius *, struct prompt *); extern int radius_Authenticate(struct radius *, struct authinfo *, const char *, const char *, int, - const char *, int, const char *, int); + const char *, int); extern void radius_Account(struct radius *, struct radacct *, struct datalink *, int, struct in_addr *, struct in_addr *, struct pppThroughput *); |
