chap.c revision 44159
1/* 2 * PPP CHAP Module 3 * 4 * Written by Toshiharu OHNO (tony-o@iij.ad.jp) 5 * 6 * Copyright (C) 1993, Internet Initiative Japan, Inc. All rights reserverd. 7 * 8 * Redistribution and use in source and binary forms are permitted 9 * provided that the above copyright notice and this paragraph are 10 * duplicated in all such forms and that any documentation, 11 * advertising materials, and other materials related to such 12 * distribution and use acknowledge that the software was developed 13 * by the Internet Initiative Japan, Inc. The name of the 14 * IIJ may not be used to endorse or promote products derived 15 * from this software without specific prior written permission. 16 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR 17 * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED 18 * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. 19 * 20 * $Id: chap.c,v 1.46 1999/02/18 19:45:06 brian Exp $ 21 * 22 * TODO: 23 */ 24#include <sys/param.h> 25#include <netinet/in.h> 26#include <netinet/in_systm.h> 27#include <netinet/ip.h> 28#include <sys/un.h> 29 30#include <errno.h> 31#include <fcntl.h> 32#ifdef HAVE_DES 33#include <md4.h> 34#endif 35#include <md5.h> 36#include <paths.h> 37#include <signal.h> 38#include <stdlib.h> 39#include <string.h> 40#include <sys/wait.h> 41#include <termios.h> 42#include <unistd.h> 43 44#include "mbuf.h" 45#include "log.h" 46#include "defs.h" 47#include "timer.h" 48#include "fsm.h" 49#include "lcpproto.h" 50#include "lcp.h" 51#include "lqr.h" 52#include "hdlc.h" 53#include "auth.h" 54#include "async.h" 55#include "throughput.h" 56#include "descriptor.h" 57#include "chap.h" 58#include "iplist.h" 59#include "slcompress.h" 60#include "ipcp.h" 61#include "filter.h" 62#include "ccp.h" 63#include "link.h" 64#include "physical.h" 65#include "mp.h" 66#ifndef NORADIUS 67#include "radius.h" 68#endif 69#include "bundle.h" 70#include "chat.h" 71#include "cbcp.h" 72#include "command.h" 73#include "datalink.h" 74#ifdef HAVE_DES 75#include "chap_ms.h" 76#endif 77 78static const char *chapcodes[] = { 79 "???", "CHALLENGE", "RESPONSE", "SUCCESS", "FAILURE" 80}; 81#define MAXCHAPCODE (sizeof chapcodes / sizeof chapcodes[0] - 1) 82 83static void 84ChapOutput(struct physical *physical, u_int code, u_int id, 85 const u_char *ptr, int count, const char *text) 86{ 87 int plen; 88 struct fsmheader lh; 89 struct mbuf *bp; 90 91 plen = sizeof(struct fsmheader) + count; 92 lh.code = code; 93 lh.id = id; 94 lh.length = htons(plen); 95 bp = mbuf_Alloc(plen, MB_FSM); 96 memcpy(MBUF_CTOP(bp), &lh, sizeof(struct fsmheader)); 97 if (count) 98 memcpy(MBUF_CTOP(bp) + sizeof(struct fsmheader), ptr, count); 99 log_DumpBp(LogDEBUG, "ChapOutput", bp); 100 if (text == NULL) 101 log_Printf(LogPHASE, "Chap Output: %s\n", chapcodes[code]); 102 else 103 log_Printf(LogPHASE, "Chap Output: %s (%s)\n", chapcodes[code], text); 104 hdlc_Output(&physical->link, PRI_LINK, PROTO_CHAP, bp); 105} 106 107static char * 108chap_BuildAnswer(char *name, char *key, u_char id, char *challenge, u_char type 109#ifdef HAVE_DES 110 , int lanman 111#endif 112 ) 113{ 114 char *result, *digest; 115 size_t nlen, klen; 116 117 nlen = strlen(name); 118 klen = strlen(key); 119 120#ifdef HAVE_DES 121 if (type == 0x80) { 122 char expkey[AUTHLEN << 2]; 123 MD4_CTX MD4context; 124 int f; 125 126 if ((result = malloc(1 + nlen + MS_CHAP_RESPONSE_LEN)) == NULL) 127 return result; 128 129 digest = result; /* the response */ 130 *digest++ = MS_CHAP_RESPONSE_LEN; /* 49 */ 131 memcpy(digest + MS_CHAP_RESPONSE_LEN, name, nlen); 132 if (lanman) { 133 memset(digest + 24, '\0', 25); 134 mschap_LANMan(digest, challenge + 1, key); /* LANMan response */ 135 } else { 136 memset(digest, '\0', 25); 137 digest += 24; 138 139 for (f = 0; f < klen; f++) { 140 expkey[2*f] = key[f]; 141 expkey[2*f+1] = '\0'; 142 } 143 /* 144 * ----------- 145 * expkey = | k\0e\0y\0 | 146 * ----------- 147 */ 148 MD4Init(&MD4context); 149 MD4Update(&MD4context, expkey, klen << 1); 150 MD4Final(digest, &MD4context); 151 152 /* 153 * ---- -------- ---------------- ------- ------ 154 * result = | 49 | LANMan | 16 byte digest | 9 * ? | name | 155 * ---- -------- ---------------- ------- ------ 156 */ 157 mschap_NT(digest, challenge + 1); 158 } 159 /* 160 * ---- -------- ------------- ----- ------ 161 * | | struct MS_ChapResponse24 | | 162 * result = | 49 | LANMan | NT digest | 0/1 | name | 163 * ---- -------- ------------- ----- ------ 164 * where only one of LANMan & NT digest are set. 165 */ 166 } else 167#endif 168 if ((result = malloc(nlen + 17)) != NULL) { 169 /* Normal MD5 stuff */ 170 MD5_CTX MD5context; 171 172 digest = result; 173 *digest++ = 16; /* value size */ 174 175 MD5Init(&MD5context); 176 MD5Update(&MD5context, &id, 1); 177 MD5Update(&MD5context, key, klen); 178 MD5Update(&MD5context, challenge + 1, *challenge); 179 MD5Final(digest, &MD5context); 180 181 memcpy(digest + 16, name, nlen); 182 /* 183 * ---- -------- ------ 184 * result = | 16 | digest | name | 185 * ---- -------- ------ 186 */ 187 } 188 189 return result; 190} 191 192static void 193chap_StartChild(struct chap *chap, char *prog, const char *name) 194{ 195 char *argv[MAXARGS], *nargv[MAXARGS]; 196 int argc, fd; 197 int in[2], out[2]; 198 199 if (chap->child.fd != -1) { 200 log_Printf(LogWARN, "Chap: %s: Program already running\n", prog); 201 return; 202 } 203 204 if (pipe(in) == -1) { 205 log_Printf(LogERROR, "Chap: pipe: %s\n", strerror(errno)); 206 return; 207 } 208 209 if (pipe(out) == -1) { 210 log_Printf(LogERROR, "Chap: pipe: %s\n", strerror(errno)); 211 close(in[0]); 212 close(in[1]); 213 return; 214 } 215 216 switch ((chap->child.pid = fork())) { 217 case -1: 218 log_Printf(LogERROR, "Chap: fork: %s\n", strerror(errno)); 219 close(in[0]); 220 close(in[1]); 221 close(out[0]); 222 close(out[1]); 223 chap->child.pid = 0; 224 return; 225 226 case 0: 227 timer_TermService(); 228 close(in[1]); 229 close(out[0]); 230 if (out[1] == STDIN_FILENO) { 231 fd = dup(out[1]); 232 close(out[1]); 233 out[1] = fd; 234 } 235 dup2(in[0], STDIN_FILENO); 236 dup2(out[1], STDOUT_FILENO); 237 if ((fd = open(_PATH_DEVNULL, O_RDWR)) == -1) { 238 log_Printf(LogALERT, "Chap: Failed to open %s: %s\n", 239 _PATH_DEVNULL, strerror(errno)); 240 exit(1); 241 } 242 dup2(fd, STDERR_FILENO); 243 fcntl(3, F_SETFD, 1); /* Set close-on-exec flag */ 244 245 setuid(geteuid()); 246 argc = command_Interpret(prog, strlen(prog), argv); 247 command_Expand(nargv, argc, (char const *const *)argv, 248 chap->auth.physical->dl->bundle, 0); 249 execvp(nargv[0], nargv); 250 251 log_Printf(LogWARN, "exec() of %s failed: %s\n", 252 nargv[0], strerror(errno)); 253 exit(255); 254 255 default: 256 close(in[0]); 257 close(out[1]); 258 chap->child.fd = out[0]; 259 chap->child.buf.len = 0; 260 write(in[1], chap->auth.in.name, strlen(chap->auth.in.name)); 261 write(in[1], "\n", 1); 262 write(in[1], chap->challenge + 1, *chap->challenge); 263 write(in[1], "\n", 1); 264 write(in[1], name, strlen(name)); 265 write(in[1], "\n", 1); 266 close(in[1]); 267 break; 268 } 269} 270 271static void 272chap_Cleanup(struct chap *chap, int sig) 273{ 274 if (chap->child.pid) { 275 int status; 276 277 close(chap->child.fd); 278 chap->child.fd = -1; 279 if (sig) 280 kill(chap->child.pid, SIGTERM); 281 chap->child.pid = 0; 282 chap->child.buf.len = 0; 283 284 if (wait(&status) == -1) 285 log_Printf(LogERROR, "Chap: wait: %s\n", strerror(errno)); 286 else if (WIFSIGNALED(status)) 287 log_Printf(LogWARN, "Chap: Child received signal %d\n", WTERMSIG(status)); 288 else if (WIFEXITED(status) && WEXITSTATUS(status)) 289 log_Printf(LogERROR, "Chap: Child exited %d\n", WEXITSTATUS(status)); 290 } 291 *chap->challenge = 0; 292#ifdef HAVE_DES 293 chap->peertries = 0; 294#endif 295} 296 297static void 298chap_Respond(struct chap *chap, char *name, char *key, u_char type 299#ifdef HAVE_DES 300 , int lm 301#endif 302 ) 303{ 304 u_char *ans; 305 306 ans = chap_BuildAnswer(name, key, chap->auth.id, chap->challenge, type 307#ifdef HAVE_DES 308 , lm 309#endif 310 ); 311 312 if (ans) { 313 ChapOutput(chap->auth.physical, CHAP_RESPONSE, chap->auth.id, 314 ans, *ans + 1 + strlen(name), name); 315#ifdef HAVE_DES 316 chap->NTRespSent = !lm; 317#endif 318 free(ans); 319 } else 320 ChapOutput(chap->auth.physical, CHAP_FAILURE, chap->auth.id, 321 "Out of memory!", 14, NULL); 322} 323 324static int 325chap_UpdateSet(struct descriptor *d, fd_set *r, fd_set *w, fd_set *e, int *n) 326{ 327 struct chap *chap = descriptor2chap(d); 328 329 if (r && chap && chap->child.fd != -1) { 330 FD_SET(chap->child.fd, r); 331 if (*n < chap->child.fd + 1) 332 *n = chap->child.fd + 1; 333 log_Printf(LogTIMER, "Chap: fdset(r) %d\n", chap->child.fd); 334 return 1; 335 } 336 337 return 0; 338} 339 340static int 341chap_IsSet(struct descriptor *d, const fd_set *fdset) 342{ 343 struct chap *chap = descriptor2chap(d); 344 345 return chap && chap->child.fd != -1 && FD_ISSET(chap->child.fd, fdset); 346} 347 348static void 349chap_Read(struct descriptor *d, struct bundle *bundle, const fd_set *fdset) 350{ 351 struct chap *chap = descriptor2chap(d); 352 int got; 353 354 got = read(chap->child.fd, chap->child.buf.ptr + chap->child.buf.len, 355 sizeof chap->child.buf.ptr - chap->child.buf.len - 1); 356 if (got == -1) { 357 log_Printf(LogERROR, "Chap: Read: %s\n", strerror(errno)); 358 chap_Cleanup(chap, SIGTERM); 359 } else if (got == 0) { 360 log_Printf(LogWARN, "Chap: Read: Child terminated connection\n"); 361 chap_Cleanup(chap, SIGTERM); 362 } else { 363 char *name, *key, *end; 364 365 chap->child.buf.len += got; 366 chap->child.buf.ptr[chap->child.buf.len] = '\0'; 367 name = chap->child.buf.ptr; 368 name += strspn(name, " \t"); 369 if ((key = strchr(name, '\n')) == NULL) 370 end = NULL; 371 else 372 end = strchr(++key, '\n'); 373 374 if (end == NULL) { 375 if (chap->child.buf.len == sizeof chap->child.buf.ptr - 1) { 376 log_Printf(LogWARN, "Chap: Read: Input buffer overflow\n"); 377 chap_Cleanup(chap, SIGTERM); 378 } 379 } else { 380#ifdef HAVE_DES 381 int lanman = chap->auth.physical->link.lcp.his_authtype == 0x80 && 382 ((chap->NTRespSent && 383 IsAccepted(chap->auth.physical->link.lcp.cfg.chap80lm)) || 384 !IsAccepted(chap->auth.physical->link.lcp.cfg.chap80nt)); 385#endif 386 387 while (end >= name && strchr(" \t\r\n", *end)) 388 *end-- = '\0'; 389 end = key - 1; 390 while (end >= name && strchr(" \t\r\n", *end)) 391 *end-- = '\0'; 392 key += strspn(key, " \t"); 393 394 chap_Respond(chap, name, key, chap->auth.physical->link.lcp.his_authtype 395#ifdef HAVE_DES 396 , lanman 397#endif 398 ); 399 chap_Cleanup(chap, 0); 400 } 401 } 402} 403 404static int 405chap_Write(struct descriptor *d, struct bundle *bundle, const fd_set *fdset) 406{ 407 /* We never want to write here ! */ 408 log_Printf(LogALERT, "chap_Write: Internal error: Bad call !\n"); 409 return 0; 410} 411 412static void 413chap_Challenge(struct authinfo *authp) 414{ 415 struct chap *chap = auth2chap(authp); 416 int len, i; 417 char *cp; 418 419 len = strlen(authp->physical->dl->bundle->cfg.auth.name); 420 421 if (!*chap->challenge) { 422 randinit(); 423 cp = chap->challenge; 424 425#ifndef NORADIUS 426 if (*authp->physical->dl->bundle->radius.cfg.file) { 427 /* For radius, our challenge is 16 readable NUL terminated bytes :*/ 428 *cp++ = 16; 429 for (i = 0; i < 16; i++) 430 *cp++ = (random() % 10) + '0'; 431 } else 432#endif 433 { 434#ifdef HAVE_DES 435 if (authp->physical->link.lcp.want_authtype == 0x80) 436 *cp++ = 8; /* MS does 8 byte callenges :-/ */ 437 else 438#endif 439 *cp++ = random() % (CHAPCHALLENGELEN-16) + 16; 440 for (i = 0; i < *chap->challenge; i++) 441 *cp++ = random() & 0xff; 442 } 443 memcpy(cp, authp->physical->dl->bundle->cfg.auth.name, len); 444 } 445 ChapOutput(authp->physical, CHAP_CHALLENGE, authp->id, chap->challenge, 446 1 + *chap->challenge + len, NULL); 447} 448 449static void 450chap_Success(struct authinfo *authp) 451{ 452 datalink_GotAuthname(authp->physical->dl, authp->in.name); 453 ChapOutput(authp->physical, CHAP_SUCCESS, authp->id, "Welcome!!", 10, NULL); 454 authp->physical->link.lcp.auth_ineed = 0; 455 if (Enabled(authp->physical->dl->bundle, OPT_UTMP)) 456 physical_Login(authp->physical, authp->in.name); 457 458 if (authp->physical->link.lcp.auth_iwait == 0) 459 /* 460 * Either I didn't need to authenticate, or I've already been 461 * told that I got the answer right. 462 */ 463 datalink_AuthOk(authp->physical->dl); 464} 465 466static void 467chap_Failure(struct authinfo *authp) 468{ 469 ChapOutput(authp->physical, CHAP_FAILURE, authp->id, "Invalid!!", 9, NULL); 470 datalink_AuthNotOk(authp->physical->dl); 471} 472 473static int 474chap_Cmp(u_char type, char *myans, int mylen, char *hisans, int hislen 475#ifdef HAVE_DES 476 , int lm 477#endif 478 ) 479{ 480 if (mylen != hislen) 481 return 0; 482#ifdef HAVE_DES 483 else if (type == 0x80) { 484 int off = lm ? 0 : 24; 485 486 if (memcmp(myans + off, hisans + off, 24)) 487 return 0; 488 } 489#endif 490 else if (memcmp(myans, hisans, mylen)) 491 return 0; 492 493 return 1; 494} 495 496#ifdef HAVE_DES 497static int 498chap_HaveAnotherGo(struct chap *chap) 499{ 500 if (++chap->peertries < 3) { 501 /* Give the peer another shot */ 502 *chap->challenge = '\0'; 503 chap_Challenge(&chap->auth); 504 return 1; 505 } 506 507 return 0; 508} 509#endif 510 511void 512chap_Init(struct chap *chap, struct physical *p) 513{ 514 chap->desc.type = CHAP_DESCRIPTOR; 515 chap->desc.UpdateSet = chap_UpdateSet; 516 chap->desc.IsSet = chap_IsSet; 517 chap->desc.Read = chap_Read; 518 chap->desc.Write = chap_Write; 519 chap->child.pid = 0; 520 chap->child.fd = -1; 521 auth_Init(&chap->auth, p, chap_Challenge, chap_Success, chap_Failure); 522 *chap->challenge = 0; 523#ifdef HAVE_DES 524 chap->NTRespSent = 0; 525 chap->peertries = 0; 526#endif 527} 528 529void 530chap_ReInit(struct chap *chap) 531{ 532 chap_Cleanup(chap, SIGTERM); 533} 534 535void 536chap_Input(struct physical *p, struct mbuf *bp) 537{ 538 struct chap *chap = &p->dl->chap; 539 char *name, *key, *ans; 540 int len, nlen; 541 u_char alen; 542#ifdef HAVE_DES 543 int lanman; 544#endif 545 546 if ((bp = auth_ReadHeader(&chap->auth, bp)) == NULL && 547 ntohs(chap->auth.in.hdr.length) == 0) 548 log_Printf(LogWARN, "Chap Input: Truncated header !\n"); 549 else if (chap->auth.in.hdr.code == 0 || chap->auth.in.hdr.code > MAXCHAPCODE) 550 log_Printf(LogPHASE, "Chap Input: %d: Bad CHAP code !\n", 551 chap->auth.in.hdr.code); 552 else { 553 len = mbuf_Length(bp); 554 ans = NULL; 555 556 if (chap->auth.in.hdr.code != CHAP_CHALLENGE && 557 chap->auth.id != chap->auth.in.hdr.id && 558 Enabled(p->dl->bundle, OPT_IDCHECK)) { 559 /* Wrong conversation dude ! */ 560 log_Printf(LogPHASE, "Chap Input: %s dropped (got id %d, not %d)\n", 561 chapcodes[chap->auth.in.hdr.code], chap->auth.in.hdr.id, 562 chap->auth.id); 563 mbuf_Free(bp); 564 return; 565 } 566 chap->auth.id = chap->auth.in.hdr.id; /* We respond with this id */ 567 568#ifdef HAVE_DES 569 lanman = 0; 570#endif 571 switch (chap->auth.in.hdr.code) { 572 case CHAP_CHALLENGE: 573 bp = mbuf_Read(bp, &alen, 1); 574 len -= alen + 1; 575 if (len < 0) { 576 log_Printf(LogERROR, "Chap Input: Truncated challenge !\n"); 577 mbuf_Free(bp); 578 return; 579 } 580 *chap->challenge = alen; 581 bp = mbuf_Read(bp, chap->challenge + 1, alen); 582 bp = auth_ReadName(&chap->auth, bp, len); 583#ifdef HAVE_DES 584 lanman = p->link.lcp.his_authtype == 0x80 && 585 ((chap->NTRespSent && IsAccepted(p->link.lcp.cfg.chap80lm)) || 586 !IsAccepted(p->link.lcp.cfg.chap80nt)); 587#endif 588 break; 589 590 case CHAP_RESPONSE: 591 auth_StopTimer(&chap->auth); 592 bp = mbuf_Read(bp, &alen, 1); 593 len -= alen + 1; 594 if (len < 0) { 595 log_Printf(LogERROR, "Chap Input: Truncated response !\n"); 596 mbuf_Free(bp); 597 return; 598 } 599 if ((ans = malloc(alen + 2)) == NULL) { 600 log_Printf(LogERROR, "Chap Input: Out of memory !\n"); 601 mbuf_Free(bp); 602 return; 603 } 604 *ans = chap->auth.id; 605 bp = mbuf_Read(bp, ans + 1, alen); 606 ans[alen+1] = '\0'; 607 bp = auth_ReadName(&chap->auth, bp, len); 608#ifdef HAVE_DES 609 lanman = alen == 49 && ans[alen] == 0; 610#endif 611 break; 612 613 case CHAP_SUCCESS: 614 case CHAP_FAILURE: 615 /* chap->auth.in.name is already set up at CHALLENGE time */ 616 if ((ans = malloc(len + 1)) == NULL) { 617 log_Printf(LogERROR, "Chap Input: Out of memory !\n"); 618 mbuf_Free(bp); 619 return; 620 } 621 bp = mbuf_Read(bp, ans, len); 622 ans[len] = '\0'; 623 break; 624 } 625 626 switch (chap->auth.in.hdr.code) { 627 case CHAP_CHALLENGE: 628 case CHAP_RESPONSE: 629 if (*chap->auth.in.name) 630 log_Printf(LogPHASE, "Chap Input: %s (%d bytes from %s%s)\n", 631 chapcodes[chap->auth.in.hdr.code], alen, 632 chap->auth.in.name, 633#ifdef HAVE_DES 634 lanman && chap->auth.in.hdr.code == CHAP_RESPONSE ? 635 " - lanman" : 636#endif 637 ""); 638 else 639 log_Printf(LogPHASE, "Chap Input: %s (%d bytes%s)\n", 640 chapcodes[chap->auth.in.hdr.code], alen, 641#ifdef HAVE_DES 642 lanman && chap->auth.in.hdr.code == CHAP_RESPONSE ? 643 " - lanman" : 644#endif 645 ""); 646 break; 647 648 case CHAP_SUCCESS: 649 case CHAP_FAILURE: 650 if (*ans) 651 log_Printf(LogPHASE, "Chap Input: %s (%s)\n", 652 chapcodes[chap->auth.in.hdr.code], ans); 653 else 654 log_Printf(LogPHASE, "Chap Input: %s\n", 655 chapcodes[chap->auth.in.hdr.code]); 656 break; 657 } 658 659 switch (chap->auth.in.hdr.code) { 660 case CHAP_CHALLENGE: 661 if (*p->dl->bundle->cfg.auth.key == '!') 662 chap_StartChild(chap, p->dl->bundle->cfg.auth.key + 1, 663 p->dl->bundle->cfg.auth.name); 664 else 665 chap_Respond(chap, p->dl->bundle->cfg.auth.name, 666 p->dl->bundle->cfg.auth.key, p->link.lcp.his_authtype 667#ifdef HAVE_DES 668 , lanman 669#endif 670 ); 671 break; 672 673 case CHAP_RESPONSE: 674 name = chap->auth.in.name; 675 nlen = strlen(name); 676#ifndef NORADIUS 677 if (*p->dl->bundle->radius.cfg.file) { 678 chap->challenge[*chap->challenge+1] = '\0'; 679 radius_Authenticate(&p->dl->bundle->radius, &chap->auth, 680 chap->auth.in.name, ans, chap->challenge + 1); 681 } else 682#endif 683 { 684 key = auth_GetSecret(p->dl->bundle, name, nlen, p); 685 if (key) { 686 char *myans; 687#ifdef HAVE_DES 688 if (lanman && !IsEnabled(p->link.lcp.cfg.chap80lm)) { 689 log_Printf(LogPHASE, "Auth failure: LANMan not enabled\n"); 690 if (chap_HaveAnotherGo(chap)) 691 break; 692 key = NULL; 693 } else if (!lanman && !IsEnabled(p->link.lcp.cfg.chap80nt) && 694 p->link.lcp.want_authtype == 0x80) { 695 log_Printf(LogPHASE, "Auth failure: mschap not enabled\n"); 696 if (chap_HaveAnotherGo(chap)) 697 break; 698 key = NULL; 699 } else 700#endif 701 { 702 myans = chap_BuildAnswer(name, key, chap->auth.id, 703 chap->challenge, 704 p->link.lcp.want_authtype 705#ifdef HAVE_DES 706 , lanman 707#endif 708 ); 709 if (myans == NULL) 710 key = NULL; 711 else { 712 if (!chap_Cmp(p->link.lcp.want_authtype, myans + 1, *myans, 713 ans + 1, alen 714#ifdef HAVE_DES 715 , lanman 716#endif 717 )) 718 key = NULL; 719 free(myans); 720 } 721 } 722 } 723 724 if (key) 725 chap_Success(&chap->auth); 726 else 727 chap_Failure(&chap->auth); 728 } 729 730 break; 731 732 case CHAP_SUCCESS: 733 if (p->link.lcp.auth_iwait == PROTO_CHAP) { 734 p->link.lcp.auth_iwait = 0; 735 if (p->link.lcp.auth_ineed == 0) 736 /* 737 * We've succeeded in our ``login'' 738 * If we're not expecting the peer to authenticate (or he already 739 * has), proceed to network phase. 740 */ 741 datalink_AuthOk(p->dl); 742 } 743 break; 744 745 case CHAP_FAILURE: 746 datalink_AuthNotOk(p->dl); 747 break; 748 } 749 free(ans); 750 } 751 752 mbuf_Free(bp); 753} 754