2 * Copyright (c) 1996 - 2001 Brian Somers <brian@Awfulhak.org>
3 * based on work by Toshiharu OHNO <tony-o@iij.ad.jp>
4 * Internet Initiative Japan, Inc (IIJ)
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
17 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
18 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
20 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
22 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
23 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
24 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
25 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28 * $FreeBSD: src/usr.sbin/ppp/chap.c,v 1.61.2.7 2002/09/01 02:12:23 brian Exp $
31 #include <sys/param.h>
32 #include <netinet/in.h>
33 #include <netinet/in_systm.h>
34 #include <netinet/ip.h>
35 #include <sys/socket.h>
65 #include "throughput.h"
66 #include "descriptor.h"
69 #include "slcompress.h"
93 static const char * const chapcodes[] = {
94 "???", "CHALLENGE", "RESPONSE", "SUCCESS", "FAILURE"
96 #define MAXCHAPCODE (sizeof chapcodes / sizeof chapcodes[0] - 1)
99 ChapOutput(struct physical *physical, u_int code, u_int id,
100 const u_char *ptr, int count, const char *text)
106 plen = sizeof(struct fsmheader) + count;
109 lh.length = htons(plen);
110 bp = m_get(plen, MB_CHAPOUT);
111 memcpy(MBUF_CTOP(bp), &lh, sizeof(struct fsmheader));
113 memcpy(MBUF_CTOP(bp) + sizeof(struct fsmheader), ptr, count);
114 log_DumpBp(LogDEBUG, "ChapOutput", bp);
116 log_Printf(LogPHASE, "Chap Output: %s\n", chapcodes[code]);
118 log_Printf(LogPHASE, "Chap Output: %s (%s)\n", chapcodes[code], text);
119 link_PushPacket(&physical->link, bp, physical->dl->bundle,
120 LINK_QUEUES(&physical->link) - 1, PROTO_CHAP);
124 chap_BuildAnswer(char *name, char *key, u_char id, char *challenge, u_char type
126 , char *peerchallenge, char *authresponse, int lanman
130 char *result, *digest;
138 char expkey[AUTHLEN << 2];
142 if ((result = malloc(1 + nlen + MS_CHAP_RESPONSE_LEN)) == NULL)
145 digest = result; /* the response */
146 *digest++ = MS_CHAP_RESPONSE_LEN; /* 49 */
147 memcpy(digest + MS_CHAP_RESPONSE_LEN, name, nlen);
149 memset(digest + 24, '\0', 25);
150 mschap_LANMan(digest, challenge + 1, key); /* LANMan response */
152 memset(digest, '\0', 25);
155 for (f = 0; f < klen; f++) {
156 expkey[2*f] = key[f];
157 expkey[2*f+1] = '\0';
161 * expkey = | k\0e\0y\0 |
164 MD4Init(&MD4context);
165 MD4Update(&MD4context, expkey, klen << 1);
166 MD4Final(digest, &MD4context);
169 * ---- -------- ---------------- ------- ------
170 * result = | 49 | LANMan | 16 byte digest | 9 * ? | name |
171 * ---- -------- ---------------- ------- ------
173 mschap_NT(digest, challenge + 1);
176 * ---- -------- ------------- ----- ------
177 * | | struct MS_ChapResponse24 | |
178 * result = | 49 | LANMan | NT digest | 0/1 | name |
179 * ---- -------- ------------- ----- ------
180 * where only one of LANMan & NT digest are set.
182 } else if (type == 0x81) {
183 char expkey[AUTHLEN << 2];
184 char pwdhash[CHAP81_HASH_LEN];
185 char pwdhashhash[CHAP81_HASH_LEN];
189 if ((result = malloc(1 + nlen + CHAP81_RESPONSE_LEN)) == NULL)
192 memset(result, 0, 1 + nlen + CHAP81_RESPONSE_LEN);
195 *digest++ = CHAP81_RESPONSE_LEN; /* value size */
197 /* Copy our challenge */
198 memcpy(digest, peerchallenge + 1, CHAP81_CHALLENGE_LEN);
200 /* Expand password to Unicode XXX */
201 for (f = 0; f < klen; f++) {
202 expkey[2*f] = key[f];
203 expkey[2*f+1] = '\0';
206 ntresponse = digest + CHAP81_NTRESPONSE_OFF;
208 /* Get some needed hashes */
209 NtPasswordHash(expkey, klen * 2, pwdhash);
210 HashNtPasswordHash(pwdhash, pwdhashhash);
212 /* Generate NTRESPONSE to respond on challenge call */
213 GenerateNTResponse(challenge + 1, peerchallenge + 1, name, nlen,
214 expkey, klen * 2, ntresponse);
216 /* Generate MPPE MASTERKEY */
217 GetMasterKey(pwdhashhash, ntresponse, MPPE_MasterKey); /* XXX Global ! */
219 /* Generate AUTHRESPONSE to verify on auth success */
220 GenerateAuthenticatorResponse(expkey, klen * 2, ntresponse,
221 peerchallenge + 1, challenge + 1, name, nlen,
224 authresponse[CHAP81_AUTHRESPONSE_LEN] = 0;
226 memcpy(digest + CHAP81_RESPONSE_LEN, name, nlen);
229 if ((result = malloc(nlen + 17)) != NULL) {
230 /* Normal MD5 stuff */
234 *digest++ = 16; /* value size */
236 MD5Init(&MD5context);
237 MD5Update(&MD5context, &id, 1);
238 MD5Update(&MD5context, key, klen);
239 MD5Update(&MD5context, challenge + 1, *challenge);
240 MD5Final(digest, &MD5context);
242 memcpy(digest + 16, name, nlen);
244 * ---- -------- ------
245 * result = | 16 | digest | name |
246 * ---- -------- ------
254 chap_StartChild(struct chap *chap, char *prog, const char *name)
256 char *argv[MAXARGS], *nargv[MAXARGS];
261 if (chap->child.fd != -1) {
262 log_Printf(LogWARN, "Chap: %s: Program already running\n", prog);
266 if (pipe(in) == -1) {
267 log_Printf(LogERROR, "Chap: pipe: %s\n", strerror(errno));
271 if (pipe(out) == -1) {
272 log_Printf(LogERROR, "Chap: pipe: %s\n", strerror(errno));
279 switch ((chap->child.pid = fork())) {
281 log_Printf(LogERROR, "Chap: fork: %s\n", strerror(errno));
292 if ((argc = command_Interpret(prog, strlen(prog), argv)) <= 0) {
294 log_Printf(LogWARN, "CHAP: Invalid command syntax\n");
302 if (out[1] == STDIN_FILENO)
303 out[1] = dup(out[1]);
304 dup2(in[0], STDIN_FILENO);
305 dup2(out[1], STDOUT_FILENO);
306 close(STDERR_FILENO);
307 if (open(_PATH_DEVNULL, O_RDWR) != STDERR_FILENO) {
308 log_Printf(LogALERT, "Chap: Failed to open %s: %s\n",
309 _PATH_DEVNULL, strerror(errno));
312 for (fd = getdtablesize(); fd > STDERR_FILENO; fd--)
313 fcntl(fd, F_SETFD, 1);
315 setuid(ID0realuid());
317 command_Expand(nargv, argc, (char const *const *)argv,
318 chap->auth.physical->dl->bundle, 0, pid);
319 execvp(nargv[0], nargv);
320 printf("exec() of %s failed: %s\n", nargv[0], strerror(errno));
326 chap->child.fd = out[0];
327 chap->child.buf.len = 0;
328 write(in[1], chap->auth.in.name, strlen(chap->auth.in.name));
329 write(in[1], "\n", 1);
330 write(in[1], chap->challenge.peer + 1, *chap->challenge.peer);
331 write(in[1], "\n", 1);
332 write(in[1], name, strlen(name));
333 write(in[1], "\n", 1);
340 chap_Cleanup(struct chap *chap, int sig)
342 if (chap->child.pid) {
345 close(chap->child.fd);
348 kill(chap->child.pid, SIGTERM);
350 chap->child.buf.len = 0;
352 if (wait(&status) == -1)
353 log_Printf(LogERROR, "Chap: wait: %s\n", strerror(errno));
354 else if (WIFSIGNALED(status))
355 log_Printf(LogWARN, "Chap: Child received signal %d\n", WTERMSIG(status));
356 else if (WIFEXITED(status) && WEXITSTATUS(status))
357 log_Printf(LogERROR, "Chap: Child exited %d\n", WEXITSTATUS(status));
359 *chap->challenge.local = *chap->challenge.peer = '\0';
366 chap_Respond(struct chap *chap, char *name, char *key, u_char type
374 ans = chap_BuildAnswer(name, key, chap->auth.id, chap->challenge.peer, type
376 , chap->challenge.local, chap->authresponse, lm
381 ChapOutput(chap->auth.physical, CHAP_RESPONSE, chap->auth.id,
382 ans, *ans + 1 + strlen(name), name);
384 chap->NTRespSent = !lm;
385 MPPE_IsServer = 0; /* XXX Global ! */
389 ChapOutput(chap->auth.physical, CHAP_FAILURE, chap->auth.id,
390 "Out of memory!", 14, NULL);
394 chap_UpdateSet(struct fdescriptor *d, fd_set *r, fd_set *w, fd_set *e, int *n)
396 struct chap *chap = descriptor2chap(d);
398 if (r && chap && chap->child.fd != -1) {
399 FD_SET(chap->child.fd, r);
400 if (*n < chap->child.fd + 1)
401 *n = chap->child.fd + 1;
402 log_Printf(LogTIMER, "Chap: fdset(r) %d\n", chap->child.fd);
410 chap_IsSet(struct fdescriptor *d, const fd_set *fdset)
412 struct chap *chap = descriptor2chap(d);
414 return chap && chap->child.fd != -1 && FD_ISSET(chap->child.fd, fdset);
418 chap_Read(struct fdescriptor *d, struct bundle *bundle, const fd_set *fdset)
420 struct chap *chap = descriptor2chap(d);
423 got = read(chap->child.fd, chap->child.buf.ptr + chap->child.buf.len,
424 sizeof chap->child.buf.ptr - chap->child.buf.len - 1);
426 log_Printf(LogERROR, "Chap: Read: %s\n", strerror(errno));
427 chap_Cleanup(chap, SIGTERM);
428 } else if (got == 0) {
429 log_Printf(LogWARN, "Chap: Read: Child terminated connection\n");
430 chap_Cleanup(chap, SIGTERM);
432 char *name, *key, *end;
434 chap->child.buf.len += got;
435 chap->child.buf.ptr[chap->child.buf.len] = '\0';
436 name = chap->child.buf.ptr;
437 name += strspn(name, " \t");
438 if ((key = strchr(name, '\n')) == NULL)
441 end = strchr(++key, '\n');
444 if (chap->child.buf.len == sizeof chap->child.buf.ptr - 1) {
445 log_Printf(LogWARN, "Chap: Read: Input buffer overflow\n");
446 chap_Cleanup(chap, SIGTERM);
450 int lanman = chap->auth.physical->link.lcp.his_authtype == 0x80 &&
451 ((chap->NTRespSent &&
452 IsAccepted(chap->auth.physical->link.lcp.cfg.chap80lm)) ||
453 !IsAccepted(chap->auth.physical->link.lcp.cfg.chap80nt));
456 while (end >= name && strchr(" \t\r\n", *end))
459 while (end >= name && strchr(" \t\r\n", *end))
461 key += strspn(key, " \t");
463 chap_Respond(chap, name, key, chap->auth.physical->link.lcp.his_authtype
468 chap_Cleanup(chap, 0);
474 chap_Write(struct fdescriptor *d, struct bundle *bundle, const fd_set *fdset)
476 /* We never want to write here ! */
477 log_Printf(LogALERT, "chap_Write: Internal error: Bad call !\n");
482 chap_ChallengeInit(struct authinfo *authp)
484 struct chap *chap = auth2chap(authp);
488 len = strlen(authp->physical->dl->bundle->cfg.auth.name);
490 if (!*chap->challenge.local) {
492 cp = chap->challenge.local;
495 if (*authp->physical->dl->bundle->radius.cfg.file) {
496 /* For radius, our challenge is 16 readable NUL terminated bytes :*/
498 for (i = 0; i < 16; i++)
499 *cp++ = (random() % 10) + '0';
504 if (authp->physical->link.lcp.want_authtype == 0x80)
505 *cp++ = 8; /* MS does 8 byte callenges :-/ */
506 else if (authp->physical->link.lcp.want_authtype == 0x81)
507 *cp++ = 16; /* MS-CHAP-V2 does 16 bytes challenges */
510 *cp++ = random() % (CHAPCHALLENGELEN-16) + 16;
511 for (i = 0; i < *chap->challenge.local; i++)
512 *cp++ = random() & 0xff;
514 memcpy(cp, authp->physical->dl->bundle->cfg.auth.name, len);
519 chap_Challenge(struct authinfo *authp)
521 struct chap *chap = auth2chap(authp);
524 log_Printf(LogDEBUG, "CHAP%02X: Challenge\n",
525 authp->physical->link.lcp.want_authtype);
527 len = strlen(authp->physical->dl->bundle->cfg.auth.name);
529 /* Generate new local challenge value */
530 if (!*chap->challenge.local)
531 chap_ChallengeInit(authp);
534 if (authp->physical->link.lcp.want_authtype == 0x81)
535 ChapOutput(authp->physical, CHAP_CHALLENGE, authp->id,
536 chap->challenge.local, 1 + *chap->challenge.local, NULL);
539 ChapOutput(authp->physical, CHAP_CHALLENGE, authp->id,
540 chap->challenge.local, 1 + *chap->challenge.local + len, NULL);
544 chap_Success(struct authinfo *authp)
546 struct bundle *bundle = authp->physical->dl->bundle;
549 datalink_GotAuthname(authp->physical->dl, authp->in.name);
551 if (authp->physical->link.lcp.want_authtype == 0x81) {
553 if (*bundle->radius.cfg.file && bundle->radius.msrepstr)
554 msg = bundle->radius.msrepstr;
557 msg = auth2chap(authp)->authresponse;
558 MPPE_MasterKeyValid = 1; /* XXX Global ! */
562 if (*bundle->radius.cfg.file && bundle->radius.repstr)
563 msg = bundle->radius.repstr;
568 ChapOutput(authp->physical, CHAP_SUCCESS, authp->id, msg, strlen(msg),
571 authp->physical->link.lcp.auth_ineed = 0;
572 if (Enabled(bundle, OPT_UTMP))
573 physical_Login(authp->physical, authp->in.name);
575 if (authp->physical->link.lcp.auth_iwait == 0)
577 * Either I didn't need to authenticate, or I've already been
578 * told that I got the answer right.
580 datalink_AuthOk(authp->physical->dl);
584 chap_Failure(struct authinfo *authp)
587 char buf[1024], *ptr;
592 struct bundle *bundle = authp->physical->link.lcp.fsm.bundle;
593 if (*bundle->radius.cfg.file && bundle->radius.errstr)
594 msg = bundle->radius.errstr;
598 if (authp->physical->link.lcp.want_authtype == 0x80) {
599 sprintf(buf, "E=691 R=1 M=Invalid!");
601 } else if (authp->physical->link.lcp.want_authtype == 0x81) {
605 ptr += sprintf(buf, "E=691 R=0 C=");
607 ptr += sprintf(ptr, "%02X", *(auth2chap(authp)->challenge.local+1+i));
609 sprintf(ptr, " V=3 M=Invalid!");
615 ChapOutput(authp->physical, CHAP_FAILURE, authp->id, msg, strlen(msg) + 1,
617 datalink_AuthNotOk(authp->physical->dl);
621 chap_Cmp(u_char type, char *myans, int mylen, char *hisans, int hislen
630 else if (type == 0x80) {
631 int off = lm ? 0 : 24;
633 if (memcmp(myans + off, hisans + off, 24))
637 else if (memcmp(myans, hisans, mylen))
645 chap_HaveAnotherGo(struct chap *chap)
647 if (++chap->peertries < 3) {
648 /* Give the peer another shot */
649 *chap->challenge.local = '\0';
650 chap_Challenge(&chap->auth);
659 chap_Init(struct chap *chap, struct physical *p)
661 chap->desc.type = CHAP_DESCRIPTOR;
662 chap->desc.UpdateSet = chap_UpdateSet;
663 chap->desc.IsSet = chap_IsSet;
664 chap->desc.Read = chap_Read;
665 chap->desc.Write = chap_Write;
668 auth_Init(&chap->auth, p, chap_Challenge, chap_Success, chap_Failure);
669 *chap->challenge.local = *chap->challenge.peer = '\0';
671 chap->NTRespSent = 0;
677 chap_ReInit(struct chap *chap)
679 chap_Cleanup(chap, SIGTERM);
683 chap_Input(struct bundle *bundle, struct link *l, struct mbuf *bp)
685 struct physical *p = link2physical(l);
686 struct chap *chap = &p->dl->chap;
687 char *name, *key, *ans;
695 log_Printf(LogERROR, "chap_Input: Not a physical link - dropped\n");
700 if (bundle_Phase(bundle) != PHASE_NETWORK &&
701 bundle_Phase(bundle) != PHASE_AUTHENTICATE) {
702 log_Printf(LogPHASE, "Unexpected chap input - dropped !\n");
707 m_settype(bp, MB_CHAPIN);
708 if ((bp = auth_ReadHeader(&chap->auth, bp)) == NULL &&
709 ntohs(chap->auth.in.hdr.length) == 0)
710 log_Printf(LogWARN, "Chap Input: Truncated header !\n");
711 else if (chap->auth.in.hdr.code == 0 || chap->auth.in.hdr.code > MAXCHAPCODE)
712 log_Printf(LogPHASE, "Chap Input: %d: Bad CHAP code !\n",
713 chap->auth.in.hdr.code);
718 if (chap->auth.in.hdr.code != CHAP_CHALLENGE &&
719 chap->auth.id != chap->auth.in.hdr.id &&
720 Enabled(bundle, OPT_IDCHECK)) {
721 /* Wrong conversation dude ! */
722 log_Printf(LogPHASE, "Chap Input: %s dropped (got id %d, not %d)\n",
723 chapcodes[chap->auth.in.hdr.code], chap->auth.in.hdr.id,
728 chap->auth.id = chap->auth.in.hdr.id; /* We respond with this id */
733 switch (chap->auth.in.hdr.code) {
735 bp = mbuf_Read(bp, &alen, 1);
738 log_Printf(LogERROR, "Chap Input: Truncated challenge !\n");
742 *chap->challenge.peer = alen;
743 bp = mbuf_Read(bp, chap->challenge.peer + 1, alen);
744 bp = auth_ReadName(&chap->auth, bp, len);
746 lanman = p->link.lcp.his_authtype == 0x80 &&
747 ((chap->NTRespSent && IsAccepted(p->link.lcp.cfg.chap80lm)) ||
748 !IsAccepted(p->link.lcp.cfg.chap80nt));
750 /* Generate local challenge value */
751 chap_ChallengeInit(&chap->auth);
756 auth_StopTimer(&chap->auth);
757 bp = mbuf_Read(bp, &alen, 1);
760 log_Printf(LogERROR, "Chap Input: Truncated response !\n");
764 if ((ans = malloc(alen + 1)) == NULL) {
765 log_Printf(LogERROR, "Chap Input: Out of memory !\n");
769 *ans = chap->auth.id;
770 bp = mbuf_Read(bp, ans + 1, alen);
771 bp = auth_ReadName(&chap->auth, bp, len);
773 lanman = p->link.lcp.want_authtype == 0x80 &&
774 alen == 49 && ans[alen] == 0;
780 /* chap->auth.in.name is already set up at CHALLENGE time */
781 if ((ans = malloc(len + 1)) == NULL) {
782 log_Printf(LogERROR, "Chap Input: Out of memory !\n");
786 bp = mbuf_Read(bp, ans, len);
791 switch (chap->auth.in.hdr.code) {
794 if (*chap->auth.in.name)
795 log_Printf(LogPHASE, "Chap Input: %s (%d bytes from %s%s)\n",
796 chapcodes[chap->auth.in.hdr.code], alen,
799 lanman && chap->auth.in.hdr.code == CHAP_RESPONSE ?
804 log_Printf(LogPHASE, "Chap Input: %s (%d bytes%s)\n",
805 chapcodes[chap->auth.in.hdr.code], alen,
807 lanman && chap->auth.in.hdr.code == CHAP_RESPONSE ?
816 log_Printf(LogPHASE, "Chap Input: %s (%s)\n",
817 chapcodes[chap->auth.in.hdr.code], ans);
819 log_Printf(LogPHASE, "Chap Input: %s\n",
820 chapcodes[chap->auth.in.hdr.code]);
824 switch (chap->auth.in.hdr.code) {
826 if (*bundle->cfg.auth.key == '!' && bundle->cfg.auth.key[1] != '!')
827 chap_StartChild(chap, bundle->cfg.auth.key + 1,
828 bundle->cfg.auth.name);
830 chap_Respond(chap, bundle->cfg.auth.name, bundle->cfg.auth.key +
831 (*bundle->cfg.auth.key == '!' ? 1 : 0),
832 p->link.lcp.his_authtype
840 name = chap->auth.in.name;
843 if (p->link.lcp.want_authtype == 0x81) {
844 struct MSCHAPv2_resp *resp = (struct MSCHAPv2_resp *)(ans + 1);
846 chap->challenge.peer[0] = sizeof resp->PeerChallenge;
847 memcpy(chap->challenge.peer + 1, resp->PeerChallenge,
848 sizeof resp->PeerChallenge);
853 if (*bundle->radius.cfg.file) {
854 if (!radius_Authenticate(&bundle->radius, &chap->auth,
855 chap->auth.in.name, ans, alen + 1,
856 chap->challenge.local + 1,
857 *chap->challenge.local))
858 chap_Failure(&chap->auth);
862 if (p->link.lcp.want_authtype == 0x81 && ans[alen] != '\0' &&
863 alen == sizeof(struct MSCHAPv2_resp)) {
864 struct MSCHAPv2_resp *resp = (struct MSCHAPv2_resp *)(ans + 1);
866 log_Printf(LogWARN, "%s: Compensating for corrupt (Win98/WinME?) "
867 "CHAP81 RESPONSE\n", l->name);
868 resp->Flags = '\0'; /* rfc2759 says it *MUST* be zero */
870 key = auth_GetSecret(bundle, name, nlen, p);
873 if (p->link.lcp.want_authtype == 0x80 &&
874 lanman && !IsEnabled(p->link.lcp.cfg.chap80lm)) {
875 log_Printf(LogPHASE, "Auth failure: LANMan not enabled\n");
876 if (chap_HaveAnotherGo(chap))
879 } else if (p->link.lcp.want_authtype == 0x80 &&
880 !lanman && !IsEnabled(p->link.lcp.cfg.chap80nt)) {
881 log_Printf(LogPHASE, "Auth failure: mschap not enabled\n");
882 if (chap_HaveAnotherGo(chap))
885 } else if (p->link.lcp.want_authtype == 0x81 &&
886 !IsEnabled(p->link.lcp.cfg.chap81)) {
887 log_Printf(LogPHASE, "Auth failure: CHAP81 not enabled\n");
892 char *myans = chap_BuildAnswer(name, key, chap->auth.id,
893 chap->challenge.local,
894 p->link.lcp.want_authtype
896 , chap->challenge.peer,
897 chap->authresponse, lanman);
898 MPPE_IsServer = 1; /* XXX Global ! */
905 if (!chap_Cmp(p->link.lcp.want_authtype, myans + 1, *myans,
918 chap_Success(&chap->auth);
920 chap_Failure(&chap->auth);
926 if (p->link.lcp.auth_iwait == PROTO_CHAP) {
927 p->link.lcp.auth_iwait = 0;
928 if (p->link.lcp.auth_ineed == 0) {
930 if (p->link.lcp.his_authtype == 0x81) {
931 if (strncasecmp(ans, chap->authresponse, 42)) {
932 datalink_AuthNotOk(p->dl);
933 log_Printf(LogWARN, "CHAP81: AuthenticatorResponse: (%.42s)"
934 " != ans: (%.42s)\n", chap->authresponse, ans);
937 /* Successful login */
938 MPPE_MasterKeyValid = 1; /* XXX Global ! */
939 datalink_AuthOk(p->dl);
944 * We've succeeded in our ``login''
945 * If we're not expecting the peer to authenticate (or he already
946 * has), proceed to network phase.
948 datalink_AuthOk(p->dl);
954 datalink_AuthNotOk(p->dl);