2 6e527fbc 2005-02-13 devnull * CHAP, MSCHAP
4 6e527fbc 2005-02-13 devnull * The client does not authenticate the server, hence no CAI
6 6e527fbc 2005-02-13 devnull * Protocol:
8 6e527fbc 2005-02-13 devnull * S -> C: random 8-byte challenge
9 6e527fbc 2005-02-13 devnull * C -> S: user in UTF-8
10 6e527fbc 2005-02-13 devnull * C -> S: Chapreply or MSchapreply structure
11 6e527fbc 2005-02-13 devnull * S -> C: ok or 'bad why'
13 6e527fbc 2005-02-13 devnull * The chap protocol requires the client to give it id=%d, the id of
14 6e527fbc 2005-02-13 devnull * the PPP message containing the challenge, which is used
15 6e527fbc 2005-02-13 devnull * as part of the response. Because the client protocol is message-id
16 6e527fbc 2005-02-13 devnull * specific, there is no point in looping to try multiple keys.
18 6e527fbc 2005-02-13 devnull * The MS chap protocol actually uses two different hashes, an
19 6e527fbc 2005-02-13 devnull * older insecure one called the LM (Lan Manager) hash, and a newer
20 6e527fbc 2005-02-13 devnull * more secure one called the NT hash. By default we send back only
21 6e527fbc 2005-02-13 devnull * the NT hash, because the LM hash can help an eavesdropper run
22 6e527fbc 2005-02-13 devnull * a brute force attack. If the key has an lm attribute, then we send only the
23 6e527fbc 2005-02-13 devnull * LM hash.
26 6e527fbc 2005-02-13 devnull #include "std.h"
27 6e527fbc 2005-02-13 devnull #include "dat.h"
29 6e527fbc 2005-02-13 devnull extern Proto chap, mschap;
32 6e527fbc 2005-02-13 devnull ChapChallen = 8,
34 6e527fbc 2005-02-13 devnull MShashlen = 16,
35 6e527fbc 2005-02-13 devnull MSchallen = 8,
36 cbeb0b26 2006-04-01 devnull MSresplen = 24
39 6e527fbc 2005-02-13 devnull static int
40 6e527fbc 2005-02-13 devnull chapcheck(Key *k)
42 6e527fbc 2005-02-13 devnull if(!strfindattr(k->attr, "user") || !strfindattr(k->privattr, "!password")){
43 6e527fbc 2005-02-13 devnull werrstr("need user and !password attributes");
44 6e527fbc 2005-02-13 devnull return -1;
46 6e527fbc 2005-02-13 devnull return 0;
49 6e527fbc 2005-02-13 devnull static void
50 6e527fbc 2005-02-13 devnull nthash(uchar hash[MShashlen], char *passwd)
52 6e527fbc 2005-02-13 devnull uchar buf[512];
55 6e527fbc 2005-02-13 devnull for(i=0; *passwd && i<sizeof(buf); passwd++) {
56 6e527fbc 2005-02-13 devnull buf[i++] = *passwd;
57 6e527fbc 2005-02-13 devnull buf[i++] = 0;
60 6e527fbc 2005-02-13 devnull memset(hash, 0, 16);
62 6e527fbc 2005-02-13 devnull md4(buf, i, hash, 0);
65 6e527fbc 2005-02-13 devnull static void
66 6e527fbc 2005-02-13 devnull desencrypt(uchar data[8], uchar key[7])
68 6e527fbc 2005-02-13 devnull ulong ekey[32];
70 6e527fbc 2005-02-13 devnull key_setup(key, ekey);
71 6e527fbc 2005-02-13 devnull block_cipher(ekey, data, 0);
74 6e527fbc 2005-02-13 devnull static void
75 6e527fbc 2005-02-13 devnull lmhash(uchar hash[MShashlen], char *passwd)
77 6e527fbc 2005-02-13 devnull uchar buf[14];
78 6e527fbc 2005-02-13 devnull char *stdtext = "KGS!@#$%";
81 6e527fbc 2005-02-13 devnull strncpy((char*)buf, passwd, sizeof(buf));
82 6e527fbc 2005-02-13 devnull for(i=0; i<sizeof(buf); i++)
83 6e527fbc 2005-02-13 devnull if(buf[i] >= 'a' && buf[i] <= 'z')
84 6e527fbc 2005-02-13 devnull buf[i] += 'A' - 'a';
86 6e527fbc 2005-02-13 devnull memset(hash, 0, 16);
87 6e527fbc 2005-02-13 devnull memcpy(hash, stdtext, 8);
88 6e527fbc 2005-02-13 devnull memcpy(hash+8, stdtext, 8);
90 6e527fbc 2005-02-13 devnull desencrypt(hash, buf);
91 6e527fbc 2005-02-13 devnull desencrypt(hash+8, buf+7);
94 6e527fbc 2005-02-13 devnull static void
95 6e527fbc 2005-02-13 devnull mschalresp(uchar resp[MSresplen], uchar hash[MShashlen], uchar chal[MSchallen])
98 6e527fbc 2005-02-13 devnull uchar buf[21];
100 6e527fbc 2005-02-13 devnull memset(buf, 0, sizeof(buf));
101 6e527fbc 2005-02-13 devnull memcpy(buf, hash, MShashlen);
103 6e527fbc 2005-02-13 devnull for(i=0; i<3; i++) {
104 6e527fbc 2005-02-13 devnull memmove(resp+i*MSchallen, chal, MSchallen);
105 6e527fbc 2005-02-13 devnull desencrypt(resp+i*MSchallen, buf+i*7);
109 6e527fbc 2005-02-13 devnull static int
110 6e527fbc 2005-02-13 devnull chapclient(Conv *c)
112 6e527fbc 2005-02-13 devnull int id, astype, nchal, npw, ret;
113 6e527fbc 2005-02-13 devnull uchar *chal;
114 6e527fbc 2005-02-13 devnull char *s, *pw, *user, *res;
115 6e527fbc 2005-02-13 devnull Attr *attr;
117 6e527fbc 2005-02-13 devnull Chapreply cr;
118 6e527fbc 2005-02-13 devnull MSchapreply mscr;
119 6e527fbc 2005-02-13 devnull DigestState *ds;
121 6e527fbc 2005-02-13 devnull ret = -1;
122 6e527fbc 2005-02-13 devnull chal = nil;
123 6e527fbc 2005-02-13 devnull k = nil;
124 6e527fbc 2005-02-13 devnull attr = c->attr;
127 6e527fbc 2005-02-13 devnull if(c->proto == &chap){
128 6e527fbc 2005-02-13 devnull astype = AuthChap;
129 6e527fbc 2005-02-13 devnull s = strfindattr(attr, "id");
130 6e527fbc 2005-02-13 devnull if(s == nil || *s == 0){
131 6e527fbc 2005-02-13 devnull werrstr("need id=n attr in start message");
132 6e527fbc 2005-02-13 devnull goto out;
134 6e527fbc 2005-02-13 devnull id = strtol(s, &s, 10);
135 6e527fbc 2005-02-13 devnull if(*s != 0 || id < 0 || id >= 256){
136 6e527fbc 2005-02-13 devnull werrstr("bad id=n attr in start message");
137 6e527fbc 2005-02-13 devnull goto out;
139 6e527fbc 2005-02-13 devnull cr.id = id;
140 6e527fbc 2005-02-13 devnull }else if(c->proto == &mschap)
141 6e527fbc 2005-02-13 devnull astype = AuthMSchap;
143 6e527fbc 2005-02-13 devnull werrstr("bad proto");
144 6e527fbc 2005-02-13 devnull goto out;
147 6e527fbc 2005-02-13 devnull c->state = "find key";
148 6e527fbc 2005-02-13 devnull k = keyfetch(c, "%A %s", attr, c->proto->keyprompt);
149 6e527fbc 2005-02-13 devnull if(k == nil)
150 6e527fbc 2005-02-13 devnull goto out;
152 6e527fbc 2005-02-13 devnull c->attr = addattrs(copyattr(attr), k->attr);
154 6e527fbc 2005-02-13 devnull c->state = "read challenge";
155 6e527fbc 2005-02-13 devnull if((nchal = convreadm(c, (char**)(void*)&chal)) < 0)
156 6e527fbc 2005-02-13 devnull goto out;
157 6e527fbc 2005-02-13 devnull if(astype == AuthMSchap && nchal != MSchallen)
158 6e527fbc 2005-02-13 devnull c->state = "write user";
159 6e527fbc 2005-02-13 devnull if((user = strfindattr(k->attr, "user")) == nil){
160 6e527fbc 2005-02-13 devnull werrstr("key has no user (cannot happen?)");
161 6e527fbc 2005-02-13 devnull goto out;
163 6e527fbc 2005-02-13 devnull if(convprint(c, "%s", user) < 0)
164 6e527fbc 2005-02-13 devnull goto out;
166 6e527fbc 2005-02-13 devnull c->state = "write response";
167 6e527fbc 2005-02-13 devnull if((pw = strfindattr(k->privattr, "!password")) == nil){
168 6e527fbc 2005-02-13 devnull werrstr("key has no password (cannot happen?)");
169 6e527fbc 2005-02-13 devnull goto out;
171 6e527fbc 2005-02-13 devnull npw = strlen(pw);
173 6e527fbc 2005-02-13 devnull if(astype == AuthChap){
174 6e527fbc 2005-02-13 devnull ds = md5(&cr.id, 1, 0, 0);
175 6e527fbc 2005-02-13 devnull md5((uchar*)pw, npw, 0, ds);
176 6e527fbc 2005-02-13 devnull md5(chal, nchal, (uchar*)cr.resp, ds);
177 6e527fbc 2005-02-13 devnull if(convwrite(c, &cr, sizeof cr) < 0)
178 6e527fbc 2005-02-13 devnull goto out;
180 6e527fbc 2005-02-13 devnull uchar hash[MShashlen];
182 6e527fbc 2005-02-13 devnull memset(&mscr, 0, sizeof mscr);
183 6e527fbc 2005-02-13 devnull if(strfindattr(k->attr, "lm")){
184 6e527fbc 2005-02-13 devnull lmhash(hash, pw);
185 6e527fbc 2005-02-13 devnull mschalresp((uchar*)mscr.LMresp, hash, chal);
187 6e527fbc 2005-02-13 devnull nthash(hash, pw);
188 6e527fbc 2005-02-13 devnull mschalresp((uchar*)mscr.NTresp, hash, chal);
190 6e527fbc 2005-02-13 devnull if(convwrite(c, &mscr, sizeof mscr) < 0)
191 6e527fbc 2005-02-13 devnull goto out;
194 6e527fbc 2005-02-13 devnull c->state = "read result";
195 6e527fbc 2005-02-13 devnull if(convreadm(c, &res) < 0)
196 6e527fbc 2005-02-13 devnull goto out;
197 6e527fbc 2005-02-13 devnull if(strcmp(res, "ok") == 0){
198 6e527fbc 2005-02-13 devnull ret = 0;
199 6e527fbc 2005-02-13 devnull werrstr("succeeded");
200 6e527fbc 2005-02-13 devnull goto out;
202 6e527fbc 2005-02-13 devnull if(strncmp(res, "bad ", 4) != 0){
203 6e527fbc 2005-02-13 devnull werrstr("bad result: %s", res);
204 6e527fbc 2005-02-13 devnull goto out;
207 6e527fbc 2005-02-13 devnull c->state = "replace key";
208 6e527fbc 2005-02-13 devnull keyevict(c, k, "%s", res+4);
209 6e527fbc 2005-02-13 devnull werrstr("%s", res+4);
212 6e527fbc 2005-02-13 devnull free(res);
213 6e527fbc 2005-02-13 devnull keyclose(k);
214 6e527fbc 2005-02-13 devnull free(chal);
215 6e527fbc 2005-02-13 devnull if(c->attr != attr)
216 6e527fbc 2005-02-13 devnull freeattr(attr);
217 6e527fbc 2005-02-13 devnull return ret;
220 6e527fbc 2005-02-13 devnull /* shared with auth dialing routines */
221 6e527fbc 2005-02-13 devnull typedef struct ServerState ServerState;
222 6e527fbc 2005-02-13 devnull struct ServerState
224 6e527fbc 2005-02-13 devnull int asfd;
226 6e527fbc 2005-02-13 devnull Ticketreq tr;
227 6e527fbc 2005-02-13 devnull Ticket t;
228 6e527fbc 2005-02-13 devnull char *dom;
229 6e527fbc 2005-02-13 devnull char *hostid;
232 6e527fbc 2005-02-13 devnull static int chapchal(ServerState*, int, char[ChapChallen]);
233 6e527fbc 2005-02-13 devnull static int chapresp(ServerState*, char*, char*);
235 6e527fbc 2005-02-13 devnull static int
236 6e527fbc 2005-02-13 devnull chapserver(Conv *c)
238 6e527fbc 2005-02-13 devnull char chal[ChapChallen], *user, *resp;
239 6e527fbc 2005-02-13 devnull ServerState s;
240 6e527fbc 2005-02-13 devnull int astype, ret;
241 6e527fbc 2005-02-13 devnull Attr *a;
243 6e527fbc 2005-02-13 devnull ret = -1;
244 6e527fbc 2005-02-13 devnull user = nil;
245 6e527fbc 2005-02-13 devnull resp = nil;
246 6e527fbc 2005-02-13 devnull memset(&s, 0, sizeof s);
247 6e527fbc 2005-02-13 devnull s.asfd = -1;
249 6e527fbc 2005-02-13 devnull if(c->proto == &chap)
250 6e527fbc 2005-02-13 devnull astype = AuthChap;
251 6e527fbc 2005-02-13 devnull else if(c->proto == &mschap)
252 6e527fbc 2005-02-13 devnull astype = AuthMSchap;
254 6e527fbc 2005-02-13 devnull werrstr("bad proto");
255 6e527fbc 2005-02-13 devnull goto out;
258 6e527fbc 2005-02-13 devnull c->state = "find key";
259 6e527fbc 2005-02-13 devnull if((s.k = plan9authkey(c->attr)) == nil)
260 6e527fbc 2005-02-13 devnull goto out;
262 6e527fbc 2005-02-13 devnull a = copyattr(s.k->attr);
263 6e527fbc 2005-02-13 devnull a = delattr(a, "proto");
264 6e527fbc 2005-02-13 devnull c->attr = addattrs(c->attr, a);
265 6e527fbc 2005-02-13 devnull freeattr(a);
267 6e527fbc 2005-02-13 devnull c->state = "authdial";
268 6e527fbc 2005-02-13 devnull s.hostid = strfindattr(s.k->attr, "user");
269 6e527fbc 2005-02-13 devnull s.dom = strfindattr(s.k->attr, "dom");
270 6e527fbc 2005-02-13 devnull if((s.asfd = xioauthdial(nil, s.dom)) < 0){
271 6e527fbc 2005-02-13 devnull werrstr("authdial %s: %r", s.dom);
272 6e527fbc 2005-02-13 devnull goto out;
275 6e527fbc 2005-02-13 devnull c->state = "authchal";
276 6e527fbc 2005-02-13 devnull if(chapchal(&s, astype, chal) < 0)
277 6e527fbc 2005-02-13 devnull goto out;
279 6e527fbc 2005-02-13 devnull c->state = "write challenge";
280 6e527fbc 2005-02-13 devnull if(convprint(c, "%s", chal) < 0)
281 6e527fbc 2005-02-13 devnull goto out;
283 6e527fbc 2005-02-13 devnull c->state = "read user";
284 6e527fbc 2005-02-13 devnull if(convreadm(c, &user) < 0)
285 6e527fbc 2005-02-13 devnull goto out;
287 6e527fbc 2005-02-13 devnull c->state = "read response";
288 6e527fbc 2005-02-13 devnull if(convreadm(c, &resp) < 0)
289 6e527fbc 2005-02-13 devnull goto out;
291 6e527fbc 2005-02-13 devnull c->state = "authwrite";
292 6e527fbc 2005-02-13 devnull switch(chapresp(&s, user, resp)){
293 6e527fbc 2005-02-13 devnull default:
294 6e527fbc 2005-02-13 devnull fprint(2, "factotum: bad result from chapresp\n");
295 6e527fbc 2005-02-13 devnull goto out;
296 6e527fbc 2005-02-13 devnull case -1:
297 6e527fbc 2005-02-13 devnull goto out;
299 6e527fbc 2005-02-13 devnull c->state = "write status";
300 6e527fbc 2005-02-13 devnull if(convprint(c, "bad authentication failed") < 0)
301 6e527fbc 2005-02-13 devnull goto out;
302 6e527fbc 2005-02-13 devnull goto out;
305 6e527fbc 2005-02-13 devnull c->state = "write status";
306 6e527fbc 2005-02-13 devnull if(convprint(c, "ok") < 0)
307 6e527fbc 2005-02-13 devnull goto out;
308 6e527fbc 2005-02-13 devnull goto ok;
312 6e527fbc 2005-02-13 devnull ret = 0;
313 6e527fbc 2005-02-13 devnull c->attr = addcap(c->attr, c->sysuser, &s.t);
316 6e527fbc 2005-02-13 devnull keyclose(s.k);
317 6e527fbc 2005-02-13 devnull free(user);
318 6e527fbc 2005-02-13 devnull free(resp);
319 cbeb0b26 2006-04-01 devnull /* xioclose(s.asfd); */
320 6e527fbc 2005-02-13 devnull return ret;
323 6e527fbc 2005-02-13 devnull static int
324 6e527fbc 2005-02-13 devnull chapchal(ServerState *s, int astype, char chal[ChapChallen])
326 6e527fbc 2005-02-13 devnull char trbuf[TICKREQLEN];
327 6e527fbc 2005-02-13 devnull Ticketreq tr;
329 6e527fbc 2005-02-13 devnull memset(&tr, 0, sizeof tr);
331 6e527fbc 2005-02-13 devnull tr.type = astype;
333 6e527fbc 2005-02-13 devnull if(strlen(s->hostid) >= sizeof tr.hostid){
334 6e527fbc 2005-02-13 devnull werrstr("hostid too long");
335 6e527fbc 2005-02-13 devnull return -1;
337 6e527fbc 2005-02-13 devnull strcpy(tr.hostid, s->hostid);
339 6e527fbc 2005-02-13 devnull if(strlen(s->dom) >= sizeof tr.authdom){
340 6e527fbc 2005-02-13 devnull werrstr("domain too long");
341 6e527fbc 2005-02-13 devnull return -1;
343 6e527fbc 2005-02-13 devnull strcpy(tr.authdom, s->dom);
345 6e527fbc 2005-02-13 devnull convTR2M(&tr, trbuf);
346 6e527fbc 2005-02-13 devnull if(xiowrite(s->asfd, trbuf, TICKREQLEN) != TICKREQLEN)
347 6e527fbc 2005-02-13 devnull return -1;
349 6e527fbc 2005-02-13 devnull if(xioasrdresp(s->asfd, chal, ChapChallen) <= 5)
350 6e527fbc 2005-02-13 devnull return -1;
352 6e527fbc 2005-02-13 devnull s->tr = tr;
353 6e527fbc 2005-02-13 devnull return 0;
356 6e527fbc 2005-02-13 devnull static int
357 6e527fbc 2005-02-13 devnull chapresp(ServerState *s, char *user, char *resp)
359 6e527fbc 2005-02-13 devnull char tabuf[TICKETLEN+AUTHENTLEN];
360 6e527fbc 2005-02-13 devnull char trbuf[TICKREQLEN];
361 6e527fbc 2005-02-13 devnull int len;
362 6e527fbc 2005-02-13 devnull Authenticator a;
363 6e527fbc 2005-02-13 devnull Ticket t;
364 6e527fbc 2005-02-13 devnull Ticketreq tr;
366 6e527fbc 2005-02-13 devnull tr = s->tr;
367 6e527fbc 2005-02-13 devnull if(memrandom(tr.chal, CHALLEN) < 0)
368 6e527fbc 2005-02-13 devnull return -1;
370 6e527fbc 2005-02-13 devnull if(strlen(user) >= sizeof tr.uid){
371 6e527fbc 2005-02-13 devnull werrstr("uid too long");
372 6e527fbc 2005-02-13 devnull return -1;
374 6e527fbc 2005-02-13 devnull strcpy(tr.uid, user);
376 6e527fbc 2005-02-13 devnull convTR2M(&tr, trbuf);
377 6e527fbc 2005-02-13 devnull if(xiowrite(s->asfd, trbuf, TICKREQLEN) != TICKREQLEN)
378 6e527fbc 2005-02-13 devnull return -1;
380 6e527fbc 2005-02-13 devnull len = strlen(resp);
381 6e527fbc 2005-02-13 devnull if(xiowrite(s->asfd, resp, len) != len)
382 6e527fbc 2005-02-13 devnull return -1;
384 6e527fbc 2005-02-13 devnull if(xioasrdresp(s->asfd, tabuf, TICKETLEN+AUTHENTLEN) != TICKETLEN+AUTHENTLEN)
385 6e527fbc 2005-02-13 devnull return 0;
387 6e527fbc 2005-02-13 devnull convM2T(tabuf, &t, s->k->priv);
388 6e527fbc 2005-02-13 devnull if(t.num != AuthTs
389 6e527fbc 2005-02-13 devnull || memcmp(t.chal, tr.chal, sizeof tr.chal) != 0){
390 6e527fbc 2005-02-13 devnull werrstr("key mismatch with auth server");
391 6e527fbc 2005-02-13 devnull return -1;
394 6e527fbc 2005-02-13 devnull convM2A(tabuf+TICKETLEN, &a, t.key);
395 6e527fbc 2005-02-13 devnull if(a.num != AuthAc
396 6e527fbc 2005-02-13 devnull || memcmp(a.chal, tr.chal, sizeof a.chal) != 0
397 6e527fbc 2005-02-13 devnull || a.id != 0){
398 6e527fbc 2005-02-13 devnull werrstr("key2 mismatch with auth server");
399 6e527fbc 2005-02-13 devnull return -1;
402 6e527fbc 2005-02-13 devnull s->t = t;
403 6e527fbc 2005-02-13 devnull return 1;
406 6e527fbc 2005-02-13 devnull static Role
407 fa325e9b 2020-01-10 cross chaproles[] =
409 6e527fbc 2005-02-13 devnull "client", chapclient,
410 6e527fbc 2005-02-13 devnull "server", chapserver,
414 6e527fbc 2005-02-13 devnull Proto chap = {
416 cbeb0b26 2006-04-01 devnull chaproles,
417 cbeb0b26 2006-04-01 devnull "user? !password?",
418 cbeb0b26 2006-04-01 devnull chapcheck
421 6e527fbc 2005-02-13 devnull Proto mschap = {
422 cbeb0b26 2006-04-01 devnull "mschap",
423 cbeb0b26 2006-04-01 devnull chaproles,
424 cbeb0b26 2006-04-01 devnull "user? !password?",
425 cbeb0b26 2006-04-01 devnull chapcheck