BadVPN – Blame information for rev 1

Subversion Repositories:
Rev:
Rev Author Line No. Line
1 office 1 /*
2 * chap-new.c - New CHAP implementation.
3 *
4 * Copyright (c) 2003 Paul Mackerras. All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 *
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 *
13 * 2. The name(s) of the authors of this software must not be used to
14 * endorse or promote products derived from this software without
15 * prior written permission.
16 *
17 * 3. Redistributions of any form whatsoever must retain the following
18 * acknowledgment:
19 * "This product includes software developed by Paul Mackerras
20 * <paulus@samba.org>".
21 *
22 * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
23 * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
24 * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
25 * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
26 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
27 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
28 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
29 */
30  
31 #include "netif/ppp/ppp_opts.h"
32 #if PPP_SUPPORT && CHAP_SUPPORT /* don't build if not configured for use in lwipopts.h */
33  
34 #if 0 /* UNUSED */
35 #include <stdlib.h>
36 #include <string.h>
37 #endif /* UNUSED */
38  
39 #include "netif/ppp/ppp_impl.h"
40  
41 #if 0 /* UNUSED */
42 #include "session.h"
43 #endif /* UNUSED */
44  
45 #include "netif/ppp/chap-new.h"
46 #include "netif/ppp/chap-md5.h"
47 #if MSCHAP_SUPPORT
48 #include "netif/ppp/chap_ms.h"
49 #endif
50 #include "netif/ppp/magic.h"
51  
52 #if 0 /* UNUSED */
53 /* Hook for a plugin to validate CHAP challenge */
54 int (*chap_verify_hook)(const char *name, const char *ourname, int id,
55 const struct chap_digest_type *digest,
56 const unsigned char *challenge, const unsigned char *response,
57 char *message, int message_space) = NULL;
58 #endif /* UNUSED */
59  
60 #if PPP_OPTIONS
61 /*
62 * Command-line options.
63 */
64 static option_t chap_option_list[] = {
65 { "chap-restart", o_int, &chap_timeout_time,
66 "Set timeout for CHAP", OPT_PRIO },
67 { "chap-max-challenge", o_int, &pcb->settings.chap_max_transmits,
68 "Set max #xmits for challenge", OPT_PRIO },
69 { "chap-interval", o_int, &pcb->settings.chap_rechallenge_time,
70 "Set interval for rechallenge", OPT_PRIO },
71 { NULL }
72 };
73 #endif /* PPP_OPTIONS */
74  
75  
76 /* Values for flags in chap_client_state and chap_server_state */
77 #define LOWERUP 1
78 #define AUTH_STARTED 2
79 #define AUTH_DONE 4
80 #define AUTH_FAILED 8
81 #define TIMEOUT_PENDING 0x10
82 #define CHALLENGE_VALID 0x20
83  
84 /*
85 * Prototypes.
86 */
87 static void chap_init(ppp_pcb *pcb);
88 static void chap_lowerup(ppp_pcb *pcb);
89 static void chap_lowerdown(ppp_pcb *pcb);
90 #if PPP_SERVER
91 static void chap_timeout(void *arg);
92 static void chap_generate_challenge(ppp_pcb *pcb);
93 static void chap_handle_response(ppp_pcb *pcb, int code,
94 unsigned char *pkt, int len);
95 static int chap_verify_response(ppp_pcb *pcb, const char *name, const char *ourname, int id,
96 const struct chap_digest_type *digest,
97 const unsigned char *challenge, const unsigned char *response,
98 char *message, int message_space);
99 #endif /* PPP_SERVER */
100 static void chap_respond(ppp_pcb *pcb, int id,
101 unsigned char *pkt, int len);
102 static void chap_handle_status(ppp_pcb *pcb, int code, int id,
103 unsigned char *pkt, int len);
104 static void chap_protrej(ppp_pcb *pcb);
105 static void chap_input(ppp_pcb *pcb, unsigned char *pkt, int pktlen);
106 #if PRINTPKT_SUPPORT
107 static int chap_print_pkt(const unsigned char *p, int plen,
108 void (*printer) (void *, const char *, ...), void *arg);
109 #endif /* PRINTPKT_SUPPORT */
110  
111 /* List of digest types that we know about */
112 static const struct chap_digest_type* const chap_digests[] = {
113 &md5_digest,
114 #if MSCHAP_SUPPORT
115 &chapms_digest,
116 &chapms2_digest,
117 #endif /* MSCHAP_SUPPORT */
118 NULL
119 };
120  
121 /*
122 * chap_init - reset to initial state.
123 */
124 static void chap_init(ppp_pcb *pcb) {
125 LWIP_UNUSED_ARG(pcb);
126  
127 #if 0 /* Not necessary, everything is cleared in ppp_new() */
128 memset(&pcb->chap_client, 0, sizeof(chap_client_state));
129 #if PPP_SERVER
130 memset(&pcb->chap_server, 0, sizeof(chap_server_state));
131 #endif /* PPP_SERVER */
132 #endif /* 0 */
133 }
134  
135 /*
136 * chap_lowerup - we can start doing stuff now.
137 */
138 static void chap_lowerup(ppp_pcb *pcb) {
139  
140 pcb->chap_client.flags |= LOWERUP;
141 #if PPP_SERVER
142 pcb->chap_server.flags |= LOWERUP;
143 if (pcb->chap_server.flags & AUTH_STARTED)
144 chap_timeout(pcb);
145 #endif /* PPP_SERVER */
146 }
147  
148 static void chap_lowerdown(ppp_pcb *pcb) {
149  
150 pcb->chap_client.flags = 0;
151 #if PPP_SERVER
152 if (pcb->chap_server.flags & TIMEOUT_PENDING)
153 UNTIMEOUT(chap_timeout, pcb);
154 pcb->chap_server.flags = 0;
155 #endif /* PPP_SERVER */
156 }
157  
158 #if PPP_SERVER
159 /*
160 * chap_auth_peer - Start authenticating the peer.
161 * If the lower layer is already up, we start sending challenges,
162 * otherwise we wait for the lower layer to come up.
163 */
164 void chap_auth_peer(ppp_pcb *pcb, const char *our_name, int digest_code) {
165 const struct chap_digest_type *dp;
166 int i;
167  
168 if (pcb->chap_server.flags & AUTH_STARTED) {
169 ppp_error("CHAP: peer authentication already started!");
170 return;
171 }
172 for (i = 0; (dp = chap_digests[i]) != NULL; ++i)
173 if (dp->code == digest_code)
174 break;
175 if (dp == NULL)
176 ppp_fatal("CHAP digest 0x%x requested but not available",
177 digest_code);
178  
179 pcb->chap_server.digest = dp;
180 pcb->chap_server.name = our_name;
181 /* Start with a random ID value */
182 pcb->chap_server.id = magic();
183 pcb->chap_server.flags |= AUTH_STARTED;
184 if (pcb->chap_server.flags & LOWERUP)
185 chap_timeout(pcb);
186 }
187 #endif /* PPP_SERVER */
188  
189 /*
190 * chap_auth_with_peer - Prepare to authenticate ourselves to the peer.
191 * There isn't much to do until we receive a challenge.
192 */
193 void chap_auth_with_peer(ppp_pcb *pcb, const char *our_name, int digest_code) {
194 const struct chap_digest_type *dp;
195 int i;
196  
197 if(NULL == our_name)
198 return;
199  
200 if (pcb->chap_client.flags & AUTH_STARTED) {
201 ppp_error("CHAP: authentication with peer already started!");
202 return;
203 }
204 for (i = 0; (dp = chap_digests[i]) != NULL; ++i)
205 if (dp->code == digest_code)
206 break;
207  
208 if (dp == NULL)
209 ppp_fatal("CHAP digest 0x%x requested but not available",
210 digest_code);
211  
212 pcb->chap_client.digest = dp;
213 pcb->chap_client.name = our_name;
214 pcb->chap_client.flags |= AUTH_STARTED;
215 }
216  
217 #if PPP_SERVER
218 /*
219 * chap_timeout - It's time to send another challenge to the peer.
220 * This could be either a retransmission of a previous challenge,
221 * or a new challenge to start re-authentication.
222 */
223 static void chap_timeout(void *arg) {
224 ppp_pcb *pcb = (ppp_pcb*)arg;
225 struct pbuf *p;
226  
227 pcb->chap_server.flags &= ~TIMEOUT_PENDING;
228 if ((pcb->chap_server.flags & CHALLENGE_VALID) == 0) {
229 pcb->chap_server.challenge_xmits = 0;
230 chap_generate_challenge(pcb);
231 pcb->chap_server.flags |= CHALLENGE_VALID;
232 } else if (pcb->chap_server.challenge_xmits >= pcb->settings.chap_max_transmits) {
233 pcb->chap_server.flags &= ~CHALLENGE_VALID;
234 pcb->chap_server.flags |= AUTH_DONE | AUTH_FAILED;
235 auth_peer_fail(pcb, PPP_CHAP);
236 return;
237 }
238  
239 p = pbuf_alloc(PBUF_RAW, (u16_t)(pcb->chap_server.challenge_pktlen), PPP_CTRL_PBUF_TYPE);
240 if(NULL == p)
241 return;
242 if(p->tot_len != p->len) {
243 pbuf_free(p);
244 return;
245 }
246 MEMCPY(p->payload, pcb->chap_server.challenge, pcb->chap_server.challenge_pktlen);
247 ppp_write(pcb, p);
248 ++pcb->chap_server.challenge_xmits;
249 pcb->chap_server.flags |= TIMEOUT_PENDING;
250 TIMEOUT(chap_timeout, arg, pcb->settings.chap_timeout_time);
251 }
252  
253 /*
254 * chap_generate_challenge - generate a challenge string and format
255 * the challenge packet in pcb->chap_server.challenge_pkt.
256 */
257 static void chap_generate_challenge(ppp_pcb *pcb) {
258 int clen = 1, nlen, len;
259 unsigned char *p;
260  
261 p = pcb->chap_server.challenge;
262 MAKEHEADER(p, PPP_CHAP);
263 p += CHAP_HDRLEN;
264 pcb->chap_server.digest->generate_challenge(pcb, p);
265 clen = *p;
266 nlen = strlen(pcb->chap_server.name);
267 memcpy(p + 1 + clen, pcb->chap_server.name, nlen);
268  
269 len = CHAP_HDRLEN + 1 + clen + nlen;
270 pcb->chap_server.challenge_pktlen = PPP_HDRLEN + len;
271  
272 p = pcb->chap_server.challenge + PPP_HDRLEN;
273 p[0] = CHAP_CHALLENGE;
274 p[1] = ++pcb->chap_server.id;
275 p[2] = len >> 8;
276 p[3] = len;
277 }
278  
279 /*
280 * chap_handle_response - check the response to our challenge.
281 */
282 static void chap_handle_response(ppp_pcb *pcb, int id,
283 unsigned char *pkt, int len) {
284 int response_len, ok, mlen;
285 const unsigned char *response;
286 unsigned char *outp;
287 struct pbuf *p;
288 const char *name = NULL; /* initialized to shut gcc up */
289 #if 0 /* UNUSED */
290 int (*verifier)(const char *, const char *, int, const struct chap_digest_type *,
291 const unsigned char *, const unsigned char *, char *, int);
292 #endif /* UNUSED */
293 char rname[MAXNAMELEN+1];
294 char message[256];
295  
296 if ((pcb->chap_server.flags & LOWERUP) == 0)
297 return;
298 if (id != pcb->chap_server.challenge[PPP_HDRLEN+1] || len < 2)
299 return;
300 if (pcb->chap_server.flags & CHALLENGE_VALID) {
301 response = pkt;
302 GETCHAR(response_len, pkt);
303 len -= response_len + 1; /* length of name */
304 name = (char *)pkt + response_len;
305 if (len < 0)
306 return;
307  
308 if (pcb->chap_server.flags & TIMEOUT_PENDING) {
309 pcb->chap_server.flags &= ~TIMEOUT_PENDING;
310 UNTIMEOUT(chap_timeout, pcb);
311 }
312 #if PPP_REMOTENAME
313 if (pcb->settings.explicit_remote) {
314 name = pcb->remote_name;
315 } else
316 #endif /* PPP_REMOTENAME */
317 {
318 /* Null terminate and clean remote name. */
319 ppp_slprintf(rname, sizeof(rname), "%.*v", len, name);
320 name = rname;
321 }
322  
323 #if 0 /* UNUSED */
324 if (chap_verify_hook)
325 verifier = chap_verify_hook;
326 else
327 verifier = chap_verify_response;
328 ok = (*verifier)(name, pcb->chap_server.name, id, pcb->chap_server.digest,
329 pcb->chap_server.challenge + PPP_HDRLEN + CHAP_HDRLEN,
330 response, pcb->chap_server.message, sizeof(pcb->chap_server.message));
331 #endif /* UNUSED */
332 ok = chap_verify_response(pcb, name, pcb->chap_server.name, id, pcb->chap_server.digest,
333 pcb->chap_server.challenge + PPP_HDRLEN + CHAP_HDRLEN,
334 response, message, sizeof(message));
335 #if 0 /* UNUSED */
336 if (!ok || !auth_number()) {
337 #endif /* UNUSED */
338 if (!ok) {
339 pcb->chap_server.flags |= AUTH_FAILED;
340 ppp_warn("Peer %q failed CHAP authentication", name);
341 }
342 } else if ((pcb->chap_server.flags & AUTH_DONE) == 0)
343 return;
344  
345 /* send the response */
346 mlen = strlen(message);
347 len = CHAP_HDRLEN + mlen;
348 p = pbuf_alloc(PBUF_RAW, (u16_t)(PPP_HDRLEN +len), PPP_CTRL_PBUF_TYPE);
349 if(NULL == p)
350 return;
351 if(p->tot_len != p->len) {
352 pbuf_free(p);
353 return;
354 }
355  
356 outp = (unsigned char *)p->payload;
357 MAKEHEADER(outp, PPP_CHAP);
358  
359 outp[0] = (pcb->chap_server.flags & AUTH_FAILED)? CHAP_FAILURE: CHAP_SUCCESS;
360 outp[1] = id;
361 outp[2] = len >> 8;
362 outp[3] = len;
363 if (mlen > 0)
364 memcpy(outp + CHAP_HDRLEN, message, mlen);
365 ppp_write(pcb, p);
366  
367 if (pcb->chap_server.flags & CHALLENGE_VALID) {
368 pcb->chap_server.flags &= ~CHALLENGE_VALID;
369 if (!(pcb->chap_server.flags & AUTH_DONE) && !(pcb->chap_server.flags & AUTH_FAILED)) {
370  
371 #if 0 /* UNUSED */
372 /*
373 * Auth is OK, so now we need to check session restrictions
374 * to ensure everything is OK, but only if we used a
375 * plugin, and only if we're configured to check. This
376 * allows us to do PAM checks on PPP servers that
377 * authenticate against ActiveDirectory, and use AD for
378 * account info (like when using Winbind integrated with
379 * PAM).
380 */
381 if (session_mgmt &&
382 session_check(name, NULL, devnam, NULL) == 0) {
383 pcb->chap_server.flags |= AUTH_FAILED;
384 ppp_warn("Peer %q failed CHAP Session verification", name);
385 }
386 #endif /* UNUSED */
387  
388 }
389 if (pcb->chap_server.flags & AUTH_FAILED) {
390 auth_peer_fail(pcb, PPP_CHAP);
391 } else {
392 if ((pcb->chap_server.flags & AUTH_DONE) == 0)
393 auth_peer_success(pcb, PPP_CHAP,
394 pcb->chap_server.digest->code,
395 name, strlen(name));
396 if (pcb->settings.chap_rechallenge_time) {
397 pcb->chap_server.flags |= TIMEOUT_PENDING;
398 TIMEOUT(chap_timeout, pcb,
399 pcb->settings.chap_rechallenge_time);
400 }
401 }
402 pcb->chap_server.flags |= AUTH_DONE;
403 }
404 }
405  
406 /*
407 * chap_verify_response - check whether the peer's response matches
408 * what we think it should be. Returns 1 if it does (authentication
409 * succeeded), or 0 if it doesn't.
410 */
411 static int chap_verify_response(ppp_pcb *pcb, const char *name, const char *ourname, int id,
412 const struct chap_digest_type *digest,
413 const unsigned char *challenge, const unsigned char *response,
414 char *message, int message_space) {
415 int ok;
416 unsigned char secret[MAXSECRETLEN];
417 int secret_len;
418  
419 /* Get the secret that the peer is supposed to know */
420 if (!get_secret(pcb, name, ourname, (char *)secret, &secret_len, 1)) {
421 ppp_error("No CHAP secret found for authenticating %q", name);
422 return 0;
423 }
424 ok = digest->verify_response(pcb, id, name, secret, secret_len, challenge,
425 response, message, message_space);
426 memset(secret, 0, sizeof(secret));
427  
428 return ok;
429 }
430 #endif /* PPP_SERVER */
431  
432 /*
433 * chap_respond - Generate and send a response to a challenge.
434 */
435 static void chap_respond(ppp_pcb *pcb, int id,
436 unsigned char *pkt, int len) {
437 int clen, nlen;
438 int secret_len;
439 struct pbuf *p;
440 u_char *outp;
441 char rname[MAXNAMELEN+1];
442 char secret[MAXSECRETLEN+1];
443  
444 p = pbuf_alloc(PBUF_RAW, (u16_t)(RESP_MAX_PKTLEN), PPP_CTRL_PBUF_TYPE);
445 if(NULL == p)
446 return;
447 if(p->tot_len != p->len) {
448 pbuf_free(p);
449 return;
450 }
451  
452 if ((pcb->chap_client.flags & (LOWERUP | AUTH_STARTED)) != (LOWERUP | AUTH_STARTED))
453 return; /* not ready */
454 if (len < 2 || len < pkt[0] + 1)
455 return; /* too short */
456 clen = pkt[0];
457 nlen = len - (clen + 1);
458  
459 /* Null terminate and clean remote name. */
460 ppp_slprintf(rname, sizeof(rname), "%.*v", nlen, pkt + clen + 1);
461  
462 #if PPP_REMOTENAME
463 /* Microsoft doesn't send their name back in the PPP packet */
464 if (pcb->settings.explicit_remote || (pcb->settings.remote_name[0] != 0 && rname[0] == 0))
465 strlcpy(rname, pcb->settings.remote_name, sizeof(rname));
466 #endif /* PPP_REMOTENAME */
467  
468 /* get secret for authenticating ourselves with the specified host */
469 if (!get_secret(pcb, pcb->chap_client.name, rname, secret, &secret_len, 0)) {
470 secret_len = 0; /* assume null secret if can't find one */
471 ppp_warn("No CHAP secret found for authenticating us to %q", rname);
472 }
473  
474 outp = (u_char*)p->payload;
475 MAKEHEADER(outp, PPP_CHAP);
476 outp += CHAP_HDRLEN;
477  
478 pcb->chap_client.digest->make_response(pcb, outp, id, pcb->chap_client.name, pkt,
479 secret, secret_len, pcb->chap_client.priv);
480 memset(secret, 0, secret_len);
481  
482 clen = *outp;
483 nlen = strlen(pcb->chap_client.name);
484 memcpy(outp + clen + 1, pcb->chap_client.name, nlen);
485  
486 outp = (u_char*)p->payload + PPP_HDRLEN;
487 len = CHAP_HDRLEN + clen + 1 + nlen;
488 outp[0] = CHAP_RESPONSE;
489 outp[1] = id;
490 outp[2] = len >> 8;
491 outp[3] = len;
492  
493 pbuf_realloc(p, PPP_HDRLEN + len);
494 ppp_write(pcb, p);
495 }
496  
497 static void chap_handle_status(ppp_pcb *pcb, int code, int id,
498 unsigned char *pkt, int len) {
499 const char *msg = NULL;
500 LWIP_UNUSED_ARG(id);
501  
502 if ((pcb->chap_client.flags & (AUTH_DONE|AUTH_STARTED|LOWERUP))
503 != (AUTH_STARTED|LOWERUP))
504 return;
505 pcb->chap_client.flags |= AUTH_DONE;
506  
507 if (code == CHAP_SUCCESS) {
508 /* used for MS-CHAP v2 mutual auth, yuck */
509 if (pcb->chap_client.digest->check_success != NULL) {
510 if (!(*pcb->chap_client.digest->check_success)(pcb, pkt, len, pcb->chap_client.priv))
511 code = CHAP_FAILURE;
512 } else
513 msg = "CHAP authentication succeeded";
514 } else {
515 if (pcb->chap_client.digest->handle_failure != NULL)
516 (*pcb->chap_client.digest->handle_failure)(pcb, pkt, len);
517 else
518 msg = "CHAP authentication failed";
519 }
520 if (msg) {
521 if (len > 0)
522 ppp_info("%s: %.*v", msg, len, pkt);
523 else
524 ppp_info("%s", msg);
525 }
526 if (code == CHAP_SUCCESS)
527 auth_withpeer_success(pcb, PPP_CHAP, pcb->chap_client.digest->code);
528 else {
529 pcb->chap_client.flags |= AUTH_FAILED;
530 ppp_error("CHAP authentication failed");
531 auth_withpeer_fail(pcb, PPP_CHAP);
532 }
533 }
534  
535 static void chap_input(ppp_pcb *pcb, unsigned char *pkt, int pktlen) {
536 unsigned char code, id;
537 int len;
538  
539 if (pktlen < CHAP_HDRLEN)
540 return;
541 GETCHAR(code, pkt);
542 GETCHAR(id, pkt);
543 GETSHORT(len, pkt);
544 if (len < CHAP_HDRLEN || len > pktlen)
545 return;
546 len -= CHAP_HDRLEN;
547  
548 switch (code) {
549 case CHAP_CHALLENGE:
550 chap_respond(pcb, id, pkt, len);
551 break;
552 #if PPP_SERVER
553 case CHAP_RESPONSE:
554 chap_handle_response(pcb, id, pkt, len);
555 break;
556 #endif /* PPP_SERVER */
557 case CHAP_FAILURE:
558 case CHAP_SUCCESS:
559 chap_handle_status(pcb, code, id, pkt, len);
560 break;
561 default:
562 break;
563 }
564 }
565  
566 static void chap_protrej(ppp_pcb *pcb) {
567  
568 #if PPP_SERVER
569 if (pcb->chap_server.flags & TIMEOUT_PENDING) {
570 pcb->chap_server.flags &= ~TIMEOUT_PENDING;
571 UNTIMEOUT(chap_timeout, pcb);
572 }
573 if (pcb->chap_server.flags & AUTH_STARTED) {
574 pcb->chap_server.flags = 0;
575 auth_peer_fail(pcb, PPP_CHAP);
576 }
577 #endif /* PPP_SERVER */
578 if ((pcb->chap_client.flags & (AUTH_STARTED|AUTH_DONE)) == AUTH_STARTED) {
579 pcb->chap_client.flags &= ~AUTH_STARTED;
580 ppp_error("CHAP authentication failed due to protocol-reject");
581 auth_withpeer_fail(pcb, PPP_CHAP);
582 }
583 }
584  
585 #if PRINTPKT_SUPPORT
586 /*
587 * chap_print_pkt - print the contents of a CHAP packet.
588 */
589 static const char* const chap_code_names[] = {
590 "Challenge", "Response", "Success", "Failure"
591 };
592  
593 static int chap_print_pkt(const unsigned char *p, int plen,
594 void (*printer) (void *, const char *, ...), void *arg) {
595 int code, id, len;
596 int clen, nlen;
597 unsigned char x;
598  
599 if (plen < CHAP_HDRLEN)
600 return 0;
601 GETCHAR(code, p);
602 GETCHAR(id, p);
603 GETSHORT(len, p);
604 if (len < CHAP_HDRLEN || len > plen)
605 return 0;
606  
607 if (code >= 1 && code <= (int)LWIP_ARRAYSIZE(chap_code_names))
608 printer(arg, " %s", chap_code_names[code-1]);
609 else
610 printer(arg, " code=0x%x", code);
611 printer(arg, " id=0x%x", id);
612 len -= CHAP_HDRLEN;
613 switch (code) {
614 case CHAP_CHALLENGE:
615 case CHAP_RESPONSE:
616 if (len < 1)
617 break;
618 clen = p[0];
619 if (len < clen + 1)
620 break;
621 ++p;
622 nlen = len - clen - 1;
623 printer(arg, " <");
624 for (; clen > 0; --clen) {
625 GETCHAR(x, p);
626 printer(arg, "%.2x", x);
627 }
628 printer(arg, ">, name = ");
629 ppp_print_string(p, nlen, printer, arg);
630 break;
631 case CHAP_FAILURE:
632 case CHAP_SUCCESS:
633 printer(arg, " ");
634 ppp_print_string(p, len, printer, arg);
635 break;
636 default:
637 for (clen = len; clen > 0; --clen) {
638 GETCHAR(x, p);
639 printer(arg, " %.2x", x);
640 }
641 /* no break */
642 }
643  
644 return len + CHAP_HDRLEN;
645 }
646 #endif /* PRINTPKT_SUPPORT */
647  
648 const struct protent chap_protent = {
649 PPP_CHAP,
650 chap_init,
651 chap_input,
652 chap_protrej,
653 chap_lowerup,
654 chap_lowerdown,
655 NULL, /* open */
656 NULL, /* close */
657 #if PRINTPKT_SUPPORT
658 chap_print_pkt,
659 #endif /* PRINTPKT_SUPPORT */
660 #if PPP_DATAINPUT
661 NULL, /* datainput */
662 #endif /* PPP_DATAINPUT */
663 #if PRINTPKT_SUPPORT
664 "CHAP", /* name */
665 NULL, /* data_name */
666 #endif /* PRINTPKT_SUPPORT */
667 #if PPP_OPTIONS
668 chap_option_list,
669 NULL, /* check_options */
670 #endif /* PPP_OPTIONS */
671 #if DEMAND_SUPPORT
672 NULL,
673 NULL
674 #endif /* DEMAND_SUPPORT */
675 };
676  
677 #endif /* PPP_SUPPORT && CHAP_SUPPORT */