1 /* 2 * chap.h - New CHAP implementation. 3 * 4 * Copyright (c) 2003-2024 Paul Mackerras. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * 1. Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * 13 * 2. Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in 15 * the documentation and/or other materials provided with the 16 * distribution. 17 * 18 * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO 19 * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 20 * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY 21 * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 22 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN 23 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING 24 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 25 */ 26 27 #ifndef PPP_CHAP_NEW_H 28 #define PPP_CHAP_NEW_H 29 30 #include "pppdconf.h" 31 32 #ifdef __cplusplus 33 extern "C" { 34 #endif 35 36 /* 37 * CHAP packets begin with a standard header with code, id, len (2 bytes). 38 */ 39 #define CHAP_HDRLEN 4 40 41 /* 42 * Values for the code field. 43 */ 44 #define CHAP_CHALLENGE 1 45 #define CHAP_RESPONSE 2 46 #define CHAP_SUCCESS 3 47 #define CHAP_FAILURE 4 48 49 /* 50 * CHAP digest codes. 51 */ 52 #define CHAP_MD5 5 53 #define CHAP_MICROSOFT 0x80 54 #define CHAP_MICROSOFT_V2 0x81 55 56 /* 57 * Semi-arbitrary limits on challenge and response fields. 58 */ 59 #define MAX_CHALLENGE_LEN 64 60 #define MAX_RESPONSE_LEN 64 61 62 /* bitmask of supported algorithms */ 63 #define MDTYPE_MICROSOFT_V2 0x1 64 #define MDTYPE_MICROSOFT 0x2 65 #define MDTYPE_MD5 0x4 66 #define MDTYPE_NONE 0 67 68 /* hashes supported by this instance of pppd */ 69 extern int chap_mdtype_all; 70 71 /* Return the digest alg. ID for the most preferred digest type. */ 72 #define CHAP_DIGEST(mdtype) \ 73 ((mdtype) & MDTYPE_MD5)? CHAP_MD5: \ 74 ((mdtype) & MDTYPE_MICROSOFT_V2)? CHAP_MICROSOFT_V2: \ 75 ((mdtype) & MDTYPE_MICROSOFT)? CHAP_MICROSOFT: \ 76 0 77 78 /* Return the bit flag (lsb set) for our most preferred digest type. */ 79 #define CHAP_MDTYPE(mdtype) ((mdtype) ^ ((mdtype) - 1)) & (mdtype) 80 81 /* Return the bit flag for a given digest algorithm ID. */ 82 #define CHAP_MDTYPE_D(digest) \ 83 ((digest) == CHAP_MICROSOFT_V2)? MDTYPE_MICROSOFT_V2: \ 84 ((digest) == CHAP_MICROSOFT)? MDTYPE_MICROSOFT: \ 85 ((digest) == CHAP_MD5)? MDTYPE_MD5: \ 86 0 87 88 /* Can we do the requested digest? */ 89 #define CHAP_CANDIGEST(mdtype, digest) \ 90 ((digest) == CHAP_MICROSOFT_V2)? (mdtype) & MDTYPE_MICROSOFT_V2: \ 91 ((digest) == CHAP_MICROSOFT)? (mdtype) & MDTYPE_MICROSOFT: \ 92 ((digest) == CHAP_MD5)? (mdtype) & MDTYPE_MD5: \ 93 0 94 95 96 /* 97 * The code for each digest type has to supply one of these. 98 */ 99 struct chap_digest_type { 100 int code; 101 102 /* 103 * Note: challenge and response arguments below are formatted as 104 * a length byte followed by the actual challenge/response data. 105 */ 106 void (*generate_challenge)(unsigned char *challenge); 107 int (*verify_response)(int id, char *name, 108 unsigned char *secret, int secret_len, 109 unsigned char *challenge, unsigned char *response, 110 char *message, int message_space); 111 void (*make_response)(unsigned char *response, int id, char *our_name, 112 unsigned char *challenge, char *secret, int secret_len, 113 unsigned char *priv); 114 int (*check_success)(int id, unsigned char *pkt, int len); 115 void (*handle_failure)(unsigned char *pkt, int len); 116 117 struct chap_digest_type *next; 118 }; 119 120 /* 121 * This function will return a value of 1 to indicate that a plugin intend to supply 122 * a username or a password to pppd through the chap_passwd_hook callback. 123 * 124 * Return a value > 0 to avoid parsing the chap-secrets file. 125 */ 126 typedef int (chap_check_hook_fn)(void); 127 extern chap_check_hook_fn *chap_check_hook; 128 129 /* 130 * A plugin can chose to supply its own user and password overriding whatever 131 * has been provided by the configuration. Hook is only valid when pppd is 132 * acting as a client. 133 * 134 * The maximum size of the user argument is always MAXNAMELEN 135 * The length of the password is always MAXWORDLEN, however; secrets can't be 136 * longer than MAXSECRETLEN 137 * 138 * Return a value < 0 to fail the connection. 139 */ 140 typedef int (chap_passwd_hook_fn)(char *user, char *password); 141 extern chap_passwd_hook_fn *chap_passwd_hook; 142 143 /* 144 * A plugin can chose to replace the default chap_verify_response function with 145 * one of their own. 146 */ 147 typedef int (chap_verify_hook_fn)(char *name, char *ourname, int id, 148 struct chap_digest_type *digest, 149 unsigned char *challenge, unsigned char *response, 150 char *message, int message_space); 151 extern chap_verify_hook_fn *chap_verify_hook; 152 153 /* Called by digest code to register a digest type */ 154 extern void chap_register_digest(struct chap_digest_type *); 155 156 /* Lookup a digest handler by type */ 157 extern struct chap_digest_type *chap_find_digest(int digest_code); 158 159 /* Called by authentication code to start authenticating the peer. */ 160 extern void chap_auth_peer(int unit, char *our_name, int digest_code); 161 162 /* Called by auth. code to start authenticating us to the peer. */ 163 extern void chap_auth_with_peer(int unit, char *our_name, int digest_code); 164 165 /* Represents the CHAP protocol to the main pppd code */ 166 extern struct protent chap_protent; 167 168 #ifdef __cplusplus 169 } 170 #endif 171 172 #endif // PPP_CHAP_NEW_H 173