chap.c revision 44123
1/* 2 * PPP CHAP Module 3 * 4 * Written by Toshiharu OHNO (tony-o@iij.ad.jp) 5 * 6 * Copyright (C) 1993, Internet Initiative Japan, Inc. All rights reserverd. 7 * 8 * Redistribution and use in source and binary forms are permitted 9 * provided that the above copyright notice and this paragraph are 10 * duplicated in all such forms and that any documentation, 11 * advertising materials, and other materials related to such 12 * distribution and use acknowledge that the software was developed 13 * by the Internet Initiative Japan, Inc. The name of the 14 * IIJ may not be used to endorse or promote products derived 15 * from this software without specific prior written permission. 16 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 18 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 19 * 20 * $Id: chap.c,v 1.45 1999/02/18 19:11:46 brian Exp $ 21 * 22 * TODO: 23 */ 24#include <sys/param.h> 25#include <netinet/in.h> 26#include <netinet/in_systm.h> 27#include <netinet/ip.h> 28#include <sys/un.h> 29 30#include <errno.h> 31#include <fcntl.h> 32#ifdef HAVE_DES 33#include <md4.h> 34#endif 35#include <md5.h> 36#include <paths.h> 37#include <signal.h> 38#include <stdlib.h> 39#include <string.h> 40#include <sys/wait.h> 41#include <termios.h> 42#include <unistd.h> 43 44#include "mbuf.h" 45#include "log.h" 46#include "defs.h" 47#include "timer.h" 48#include "fsm.h" 49#include "lcpproto.h" 50#include "lcp.h" 51#include "lqr.h" 52#include "hdlc.h" 53#include "auth.h" 54#include "async.h" 55#include "throughput.h" 56#include "descriptor.h" 57#include "chap.h" 58#include "iplist.h" 59#include "slcompress.h" 60#include "ipcp.h" 61#include "filter.h" 62#include "ccp.h" 63#include "link.h" 64#include "physical.h" 65#include "mp.h" 66#ifndef NORADIUS 67#include "radius.h" 68#endif 69#include "bundle.h" 70#include "chat.h" 71#include "cbcp.h" 72#include "command.h" 73#include "datalink.h" 74#ifdef HAVE_DES 75#include "chap_ms.h" 76#endif 77 78static const char *chapcodes[] = { 79 "???", "CHALLENGE", "RESPONSE", "SUCCESS", "FAILURE" 80}; 81#define MAXCHAPCODE (sizeof chapcodes / sizeof chapcodes[0] - 1) 82 83static void 84ChapOutput(struct physical *physical, u_int code, u_int id, 85 const u_char *ptr, int count, const char *text) 86{ 87 int plen; 88 struct fsmheader lh; 89 struct mbuf *bp; 90 91 plen = sizeof(struct fsmheader) + count; 92 lh.code = code; 93 lh.id = id; 94 lh.length = htons(plen); 95 bp = mbuf_Alloc(plen, MB_FSM); 96 memcpy(MBUF_CTOP(bp), &lh, sizeof(struct fsmheader)); 97 if (count) 98 memcpy(MBUF_CTOP(bp) + sizeof(struct fsmheader), ptr, count); 99 log_DumpBp(LogDEBUG, "ChapOutput", bp); 100 if (text == NULL) 101 log_Printf(LogPHASE, "Chap Output: %s\n", chapcodes[code]); 102 else 103 log_Printf(LogPHASE, "Chap Output: %s (%s)\n", chapcodes[code], text); 104 hdlc_Output(&physical->link, PRI_LINK, PROTO_CHAP, bp); 105} 106 107static char * 108chap_BuildAnswer(char *name, char *key, u_char id, char *challenge, u_char type 109#ifdef HAVE_DES 110 , int lanman 111#endif 112 ) 113{ 114 char *result, *digest; 115 size_t nlen, klen; 116 117 nlen = strlen(name); 118 klen = strlen(key); 119 120#ifdef HAVE_DES 121 if (type == 0x80) { 122 char expkey[AUTHLEN << 2]; 123 MD4_CTX MD4context; 124 int f; 125 126 if ((result = malloc(1 + nlen + MS_CHAP_RESPONSE_LEN)) == NULL) 127 return result; 128 129 digest = result; /* the response */ 130 *digest++ = MS_CHAP_RESPONSE_LEN; /* 49 */ 131 memcpy(digest + MS_CHAP_RESPONSE_LEN, name, nlen); 132 if (lanman) { 133 memset(digest + 24, '\0', 25); 134 mschap_LANMan(digest, challenge + 1, key); /* LANMan response */ 135 } else { 136 memset(digest, '\0', 25); 137 digest += 24; 138 139 for (f = 0; f < klen; f++) { 140 expkey[2*f] = key[f]; 141 expkey[2*f+1] = '\0'; 142 } 143 /* 144 * ----------- 145 * expkey = | k\0e\0y\0 | 146 * ----------- 147 */ 148 MD4Init(&MD4context); 149 MD4Update(&MD4context, expkey, klen << 1); 150 MD4Final(digest, &MD4context); 151 152 /* 153 * ---- -------- ---------------- ------- ------ 154 * result = | 49 | LANMan | 16 byte digest | 9 * ? | name | 155 * ---- -------- ---------------- ------- ------ 156 */ 157 mschap_NT(digest, challenge + 1); 158 } 159 /* 160 * ---- -------- ------------- ----- ------ 161 * | | struct MS_ChapResponse24 | | 162 * result = | 49 | LANMan | NT digest | 0/1 | name | 163 * ---- -------- ------------- ----- ------ 164 * where only one of LANMan & NT digest are set. 165 */ 166 } else 167#endif 168 if ((result = malloc(nlen + 17)) != NULL) { 169 /* Normal MD5 stuff */ 170 MD5_CTX MD5context; 171 172 digest = result; 173 *digest++ = 16; /* value size */ 174 175 MD5Init(&MD5context); 176 MD5Update(&MD5context, &id, 1); 177 MD5Update(&MD5context, key, klen); 178 MD5Update(&MD5context, challenge + 1, *challenge); 179 MD5Final(digest, &MD5context); 180 181 memcpy(digest + 16, name, nlen); 182 /* 183 * ---- -------- ------ 184 * result = | 16 | digest | name | 185 * ---- -------- ------ 186 */ 187 } 188 189 return result; 190} 191 192static void 193chap_StartChild(struct chap *chap, char *prog, const char *name) 194{ 195 char *argv[MAXARGS], *nargv[MAXARGS]; 196 int argc, fd; 197 int in[2], out[2]; 198 199 if (chap->child.fd != -1) { 200 log_Printf(LogWARN, "Chap: %s: Program already running\n", prog); 201 return; 202 } 203 204 if (pipe(in) == -1) { 205 log_Printf(LogERROR, "Chap: pipe: %s\n", strerror(errno)); 206 return; 207 } 208 209 if (pipe(out) == -1) { 210 log_Printf(LogERROR, "Chap: pipe: %s\n", strerror(errno)); 211 close(in[0]); 212 close(in[1]); 213 return; 214 } 215 216 switch ((chap->child.pid = fork())) { 217 case -1: 218 log_Printf(LogERROR, "Chap: fork: %s\n", strerror(errno)); 219 close(in[0]); 220 close(in[1]); 221 close(out[0]); 222 close(out[1]); 223 chap->child.pid = 0; 224 return; 225 226 case 0: 227 timer_TermService(); 228 close(in[1]); 229 close(out[0]); 230 if (out[1] == STDIN_FILENO) { 231 fd = dup(out[1]); 232 close(out[1]); 233 out[1] = fd; 234 } 235 dup2(in[0], STDIN_FILENO); 236 dup2(out[1], STDOUT_FILENO); 237 if ((fd = open(_PATH_DEVNULL, O_RDWR)) == -1) { 238 log_Printf(LogALERT, "Chap: Failed to open %s: %s\n", 239 _PATH_DEVNULL, strerror(errno)); 240 exit(1); 241 } 242 dup2(fd, STDERR_FILENO); 243 fcntl(3, F_SETFD, 1); /* Set close-on-exec flag */ 244 245 setuid(geteuid()); 246 argc = command_Interpret(prog, strlen(prog), argv); 247 command_Expand(nargv, argc, (char const *const *)argv, 248 chap->auth.physical->dl->bundle, 0); 249 execvp(nargv[0], nargv); 250 251 log_Printf(LogWARN, "exec() of %s failed: %s\n", 252 nargv[0], strerror(errno)); 253 exit(255); 254 255 default: 256 close(in[0]); 257 close(out[1]); 258 chap->child.fd = out[0]; 259 chap->child.buf.len = 0; 260 write(in[1], chap->auth.in.name, strlen(chap->auth.in.name)); 261 write(in[1], "\n", 1); 262 write(in[1], chap->challenge + 1, *chap->challenge); 263 write(in[1], "\n", 1); 264 write(in[1], name, strlen(name)); 265 write(in[1], "\n", 1); 266 close(in[1]); 267 break; 268 } 269} 270 271static void 272chap_Cleanup(struct chap *chap, int sig) 273{ 274 if (chap->child.pid) { 275 int status; 276 277 close(chap->child.fd); 278 chap->child.fd = -1; 279 if (sig) 280 kill(chap->child.pid, SIGTERM); 281 chap->child.pid = 0; 282 chap->child.buf.len = 0; 283 284 if (wait(&status) == -1) 285 log_Printf(LogERROR, "Chap: wait: %s\n", strerror(errno)); 286 else if (WIFSIGNALED(status)) 287 log_Printf(LogWARN, "Chap: Child received signal %d\n", WTERMSIG(status)); 288 else if (WIFEXITED(status) && WEXITSTATUS(status)) 289 log_Printf(LogERROR, "Chap: Child exited %d\n", WEXITSTATUS(status)); 290 } 291 *chap->challenge = 0; 292#ifdef HAVE_DES 293 chap->peertries = 0; 294#endif 295} 296 297static void 298chap_Respond(struct chap *chap, char *name, char *key, u_char type 299#ifdef HAVE_DES 300 , int lm 301#endif 302 ) 303{ 304 u_char *ans; 305 306 ans = chap_BuildAnswer(name, key, chap->auth.id, chap->challenge, type 307#ifdef HAVE_DES 308 , lm 309#endif 310 ); 311 312 if (ans) { 313 ChapOutput(chap->auth.physical, CHAP_RESPONSE, chap->auth.id, 314 ans, *ans + 1 + strlen(name), name); 315#ifdef HAVE_DES 316 chap->NTRespSent = !lm; 317#endif 318 free(ans); 319 } else 320 ChapOutput(chap->auth.physical, CHAP_FAILURE, chap->auth.id, 321 "Out of memory!", 14, NULL); 322} 323 324static int 325chap_UpdateSet(struct descriptor *d, fd_set *r, fd_set *w, fd_set *e, int *n) 326{ 327 struct chap *chap = descriptor2chap(d); 328 329 if (r && chap && chap->child.fd != -1) { 330 FD_SET(chap->child.fd, r); 331 if (*n < chap->child.fd + 1) 332 *n = chap->child.fd + 1; 333 log_Printf(LogTIMER, "Chap: fdset(r) %d\n", chap->child.fd); 334 return 1; 335 } 336 337 return 0; 338} 339 340static int 341chap_IsSet(struct descriptor *d, const fd_set *fdset) 342{ 343 struct chap *chap = descriptor2chap(d); 344 345 return chap && chap->child.fd != -1 && FD_ISSET(chap->child.fd, fdset); 346} 347 348static void 349chap_Read(struct descriptor *d, struct bundle *bundle, const fd_set *fdset) 350{ 351 struct chap *chap = descriptor2chap(d); 352 int got; 353 354 got = read(chap->child.fd, chap->child.buf.ptr + chap->child.buf.len, 355 sizeof chap->child.buf.ptr - chap->child.buf.len - 1); 356 if (got == -1) { 357 log_Printf(LogERROR, "Chap: Read: %s\n", strerror(errno)); 358 chap_Cleanup(chap, SIGTERM); 359 } else if (got == 0) { 360 log_Printf(LogWARN, "Chap: Read: Child terminated connection\n"); 361 chap_Cleanup(chap, SIGTERM); 362 } else { 363 char *name, *key, *end; 364 365 chap->child.buf.len += got; 366 chap->child.buf.ptr[chap->child.buf.len] = '\0'; 367 name = chap->child.buf.ptr; 368 name += strspn(name, " \t"); 369 if ((key = strchr(name, '\n')) == NULL) 370 end = NULL; 371 else 372 end = strchr(++key, '\n'); 373 374 if (end == NULL) { 375 if (chap->child.buf.len == sizeof chap->child.buf.ptr - 1) { 376 log_Printf(LogWARN, "Chap: Read: Input buffer overflow\n"); 377 chap_Cleanup(chap, SIGTERM); 378 } 379 } else { 380#ifdef HAVE_DES 381 int lanman = chap->auth.physical->link.lcp.his_authtype == 0x80 && 382 ((chap->NTRespSent && 383 IsAccepted(chap->auth.physical->link.lcp.cfg.chap80lm)) || 384 !IsAccepted(chap->auth.physical->link.lcp.cfg.chap80nt)); 385#endif 386 387 while (end >= name && strchr(" \t\r\n", *end)) 388 *end-- = '\0'; 389 end = key - 1; 390 while (end >= name && strchr(" \t\r\n", *end)) 391 *end-- = '\0'; 392 key += strspn(key, " \t"); 393 394 chap_Respond(chap, name, key, chap->auth.physical->link.lcp.his_authtype 395#ifdef HAVE_DES 396 , lanman 397#endif 398 ); 399 chap_Cleanup(chap, 0); 400 } 401 } 402} 403 404static int 405chap_Write(struct descriptor *d, struct bundle *bundle, const fd_set *fdset) 406{ 407 /* We never want to write here ! */ 408 log_Printf(LogALERT, "chap_Write: Internal error: Bad call !\n"); 409 return 0; 410} 411 412static void 413chap_Challenge(struct authinfo *authp) 414{ 415 struct chap *chap = auth2chap(authp); 416 int len, i; 417 char *cp; 418 419 len = strlen(authp->physical->dl->bundle->cfg.auth.name); 420 421 if (!*chap->challenge) { 422 randinit(); 423 cp = chap->challenge; 424 425#ifndef NORADIUS 426 if (*authp->physical->dl->bundle->radius.cfg.file) { 427 /* For radius, our challenge is 16 readable NUL terminated bytes :*/ 428 *cp++ = 16; 429 for (i = 0; i < 16; i++) 430 *cp++ = (random() % 10) + '0'; 431 } else 432#endif 433 { 434#ifdef HAVE_DES 435 if (authp->physical->link.lcp.want_authtype == 0x80) 436 *cp++ = 8; /* MS does 8 byte callenges :-/ */ 437 else 438#endif 439 *cp++ = random() % (CHAPCHALLENGELEN-16) + 16; 440 for (i = 0; i < *chap->challenge; i++) 441 *cp++ = random() & 0xff; 442 } 443 memcpy(cp, authp->physical->dl->bundle->cfg.auth.name, len); 444 } 445 ChapOutput(authp->physical, CHAP_CHALLENGE, authp->id, chap->challenge, 446 1 + *chap->challenge + len, NULL); 447} 448 449static void 450chap_Success(struct authinfo *authp) 451{ 452 datalink_GotAuthname(authp->physical->dl, authp->in.name); 453 ChapOutput(authp->physical, CHAP_SUCCESS, authp->id, "Welcome!!", 10, NULL); 454 authp->physical->link.lcp.auth_ineed = 0; 455 if (Enabled(authp->physical->dl->bundle, OPT_UTMP)) 456 physical_Login(authp->physical, authp->in.name); 457 458 if (authp->physical->link.lcp.auth_iwait == 0) 459 /* 460 * Either I didn't need to authenticate, or I've already been 461 * told that I got the answer right. 462 */ 463 datalink_AuthOk(authp->physical->dl); 464} 465 466static void 467chap_Failure(struct authinfo *authp) 468{ 469 ChapOutput(authp->physical, CHAP_FAILURE, authp->id, "Invalid!!", 9, NULL); 470 datalink_AuthNotOk(authp->physical->dl); 471} 472 473static int 474chap_Cmp(u_char type, char *myans, int mylen, char *hisans, int hislen 475#ifdef HAVE_DES 476 , int lm 477#endif 478 ) 479{ 480 if (mylen != hislen) 481 return 0; 482#ifdef HAVE_DES 483 else if (type == 0x80) { 484 int off = lm ? 0 : 24; 485 486 if (memcmp(myans + off, hisans + off, 24)) 487 return 0; 488 } 489#endif 490 else if (memcmp(myans, hisans, mylen)) 491 return 0; 492 493 return 1; 494} 495 496#ifdef HAVE_DES 497static int 498chap_HaveAnotherGo(struct chap *chap) 499{ 500 if (++chap->peertries < 3) { 501 /* Give the peer another shot */ 502 *chap->challenge = '\0'; 503 chap_Challenge(&chap->auth); 504 return 1; 505 } 506 507 return 0; 508} 509#endif 510 511void 512chap_Init(struct chap *chap, struct physical *p) 513{ 514 chap->desc.type = CHAP_DESCRIPTOR; 515 chap->desc.UpdateSet = chap_UpdateSet; 516 chap->desc.IsSet = chap_IsSet; 517 chap->desc.Read = chap_Read; 518 chap->desc.Write = chap_Write; 519 chap->child.pid = 0; 520 chap->child.fd = -1; 521 auth_Init(&chap->auth, p, chap_Challenge, chap_Success, chap_Failure); 522 *chap->challenge = 0; 523#ifdef HAVE_DES 524 chap->NTRespSent = 0; 525 chap->peertries = 0; 526#endif 527} 528 529void 530chap_ReInit(struct chap *chap) 531{ 532 chap_Cleanup(chap, SIGTERM); 533} 534 535void 536chap_Input(struct physical *p, struct mbuf *bp) 537{ 538 struct chap *chap = &p->dl->chap; 539 char *name, *key, *ans; 540 int len, nlen; 541 u_char alen; 542#ifdef HAVE_DES 543 int lanman; 544#endif 545 546 if ((bp = auth_ReadHeader(&chap->auth, bp)) == NULL) 547 log_Printf(LogERROR, "Chap Input: Truncated header !\n"); 548 else if (chap->auth.in.hdr.code == 0 || chap->auth.in.hdr.code > MAXCHAPCODE) 549 log_Printf(LogPHASE, "Chap Input: %d: Bad CHAP code !\n", 550 chap->auth.in.hdr.code); 551 else { 552 len = mbuf_Length(bp); 553 ans = NULL; 554 555 if (chap->auth.in.hdr.code != CHAP_CHALLENGE && 556 chap->auth.id != chap->auth.in.hdr.id && 557 Enabled(p->dl->bundle, OPT_IDCHECK)) { 558 /* Wrong conversation dude ! */ 559 log_Printf(LogPHASE, "Chap Input: %s dropped (got id %d, not %d)\n", 560 chapcodes[chap->auth.in.hdr.code], chap->auth.in.hdr.id, 561 chap->auth.id); 562 mbuf_Free(bp); 563 return; 564 } 565 chap->auth.id = chap->auth.in.hdr.id; /* We respond with this id */ 566 567#ifdef HAVE_DES 568 lanman = 0; 569#endif 570 switch (chap->auth.in.hdr.code) { 571 case CHAP_CHALLENGE: 572 bp = mbuf_Read(bp, &alen, 1); 573 len -= alen + 1; 574 if (len < 0) { 575 log_Printf(LogERROR, "Chap Input: Truncated challenge !\n"); 576 mbuf_Free(bp); 577 return; 578 } 579 *chap->challenge = alen; 580 bp = mbuf_Read(bp, chap->challenge + 1, alen); 581 bp = auth_ReadName(&chap->auth, bp, len); 582#ifdef HAVE_DES 583 lanman = p->link.lcp.his_authtype == 0x80 && 584 ((chap->NTRespSent && IsAccepted(p->link.lcp.cfg.chap80lm)) || 585 !IsAccepted(p->link.lcp.cfg.chap80nt)); 586#endif 587 break; 588 589 case CHAP_RESPONSE: 590 auth_StopTimer(&chap->auth); 591 bp = mbuf_Read(bp, &alen, 1); 592 len -= alen + 1; 593 if (len < 0) { 594 log_Printf(LogERROR, "Chap Input: Truncated response !\n"); 595 mbuf_Free(bp); 596 return; 597 } 598 if ((ans = malloc(alen + 2)) == NULL) { 599 log_Printf(LogERROR, "Chap Input: Out of memory !\n"); 600 mbuf_Free(bp); 601 return; 602 } 603 *ans = chap->auth.id; 604 bp = mbuf_Read(bp, ans + 1, alen); 605 ans[alen+1] = '\0'; 606 bp = auth_ReadName(&chap->auth, bp, len); 607#ifdef HAVE_DES 608 lanman = alen == 49 && ans[alen] == 0; 609#endif 610 break; 611 612 case CHAP_SUCCESS: 613 case CHAP_FAILURE: 614 /* chap->auth.in.name is already set up at CHALLENGE time */ 615 if ((ans = malloc(len + 1)) == NULL) { 616 log_Printf(LogERROR, "Chap Input: Out of memory !\n"); 617 mbuf_Free(bp); 618 return; 619 } 620 bp = mbuf_Read(bp, ans, len); 621 ans[len] = '\0'; 622 break; 623 } 624 625 switch (chap->auth.in.hdr.code) { 626 case CHAP_CHALLENGE: 627 case CHAP_RESPONSE: 628 if (*chap->auth.in.name) 629 log_Printf(LogPHASE, "Chap Input: %s (%d bytes from %s%s)\n", 630 chapcodes[chap->auth.in.hdr.code], alen, 631 chap->auth.in.name, 632#ifdef HAVE_DES 633 lanman && chap->auth.in.hdr.code == CHAP_RESPONSE ? 634 " - lanman" : 635#endif 636 ""); 637 else 638 log_Printf(LogPHASE, "Chap Input: %s (%d bytes%s)\n", 639 chapcodes[chap->auth.in.hdr.code], alen, 640#ifdef HAVE_DES 641 lanman && chap->auth.in.hdr.code == CHAP_RESPONSE ? 642 " - lanman" : 643#endif 644 ""); 645 break; 646 647 case CHAP_SUCCESS: 648 case CHAP_FAILURE: 649 if (*ans) 650 log_Printf(LogPHASE, "Chap Input: %s (%s)\n", 651 chapcodes[chap->auth.in.hdr.code], ans); 652 else 653 log_Printf(LogPHASE, "Chap Input: %s\n", 654 chapcodes[chap->auth.in.hdr.code]); 655 break; 656 } 657 658 switch (chap->auth.in.hdr.code) { 659 case CHAP_CHALLENGE: 660 if (*p->dl->bundle->cfg.auth.key == '!') 661 chap_StartChild(chap, p->dl->bundle->cfg.auth.key + 1, 662 p->dl->bundle->cfg.auth.name); 663 else 664 chap_Respond(chap, p->dl->bundle->cfg.auth.name, 665 p->dl->bundle->cfg.auth.key, p->link.lcp.his_authtype 666#ifdef HAVE_DES 667 , lanman 668#endif 669 ); 670 break; 671 672 case CHAP_RESPONSE: 673 name = chap->auth.in.name; 674 nlen = strlen(name); 675#ifndef NORADIUS 676 if (*p->dl->bundle->radius.cfg.file) { 677 chap->challenge[*chap->challenge+1] = '\0'; 678 radius_Authenticate(&p->dl->bundle->radius, &chap->auth, 679 chap->auth.in.name, ans, chap->challenge + 1); 680 } else 681#endif 682 { 683 key = auth_GetSecret(p->dl->bundle, name, nlen, p); 684 if (key) { 685 char *myans; 686#ifdef HAVE_DES 687 if (lanman && !IsEnabled(p->link.lcp.cfg.chap80lm)) { 688 log_Printf(LogPHASE, "Auth failure: LANMan not enabled\n"); 689 if (chap_HaveAnotherGo(chap)) 690 break; 691 key = NULL; 692 } else if (!lanman && !IsEnabled(p->link.lcp.cfg.chap80nt) && 693 p->link.lcp.want_authtype == 0x80) { 694 log_Printf(LogPHASE, "Auth failure: mschap not enabled\n"); 695 if (chap_HaveAnotherGo(chap)) 696 break; 697 key = NULL; 698 } else 699#endif 700 { 701 myans = chap_BuildAnswer(name, key, chap->auth.id, 702 chap->challenge, 703 p->link.lcp.want_authtype 704#ifdef HAVE_DES 705 , lanman 706#endif 707 ); 708 if (myans == NULL) 709 key = NULL; 710 else { 711 if (!chap_Cmp(p->link.lcp.want_authtype, myans + 1, *myans, 712 ans + 1, alen 713#ifdef HAVE_DES 714 , lanman 715#endif 716 )) 717 key = NULL; 718 free(myans); 719 } 720 } 721 } 722 723 if (key) 724 chap_Success(&chap->auth); 725 else 726 chap_Failure(&chap->auth); 727 } 728 729 break; 730 731 case CHAP_SUCCESS: 732 if (p->link.lcp.auth_iwait == PROTO_CHAP) { 733 p->link.lcp.auth_iwait = 0; 734 if (p->link.lcp.auth_ineed == 0) 735 /* 736 * We've succeeded in our ``login'' 737 * If we're not expecting the peer to authenticate (or he already 738 * has), proceed to network phase. 739 */ 740 datalink_AuthOk(p->dl); 741 } 742 break; 743 744 case CHAP_FAILURE: 745 datalink_AuthNotOk(p->dl); 746 break; 747 } 748 free(ans); 749 } 750 751 mbuf_Free(bp); 752} 753