changelog shortlog tags branches files raw gz bz2 help

Mercurial > hg > plan9front / changeset: factotum: implement proto=mschapv2 client role

changeset 4225: 7780917b503d
parent 4224: f97fb43134f1
child 4226: 76e57c8daa02
author: cinap_lenrek@felloff.net
date: Sun, 25 Jan 2015 07:49:50 +0100
files: sys/src/cmd/auth/factotum/chap.c sys/src/cmd/auth/factotum/dat.h sys/src/cmd/auth/factotum/fs.c
description: factotum: implement proto=mschapv2 client role

this is used for wpa2 enterprise peap/mschapv2. server role
is not implemented as that would require changing the
wire format on the auth server.

the naming is unfortunate as we already have proto=mschap2 which
really refers to ntlmv2.
     1.1--- a/sys/src/cmd/auth/factotum/chap.c
     1.2+++ b/sys/src/cmd/auth/factotum/chap.c
     1.3@@ -24,6 +24,7 @@ enum {
     1.4 	MShashlen = 16,
     1.5 	MSchallen = 8,
     1.6 	MSresplen = 24,
     1.7+	MSchallenv2 = 16,
     1.8 
     1.9 	Chapreplylen = MD5LEN+1,
    1.10 	MSchapreplylen = 24+24,
    1.11@@ -86,13 +87,16 @@ chapinit(Proto *p, Fsstate *fss)
    1.12 	if((iscli = isclient(_strfindattr(fss->attr, "role"))) < 0)
    1.13 		return failure(fss, nil);
    1.14 
    1.15+	if(!iscli && p == &mschapv2)
    1.16+		return failure(fss, "role must be client");
    1.17+
    1.18 	s = emalloc(sizeof *s);
    1.19 	s->nresp = 0;
    1.20 	s->nsecret = 0;
    1.21 	fss->phasename = phasenames;
    1.22 	fss->maxphase = Maxphase;
    1.23 	s->asfd = -1;
    1.24-	if(p == &mschap || p == &mschap2){
    1.25+	if(p == &mschap || p == &mschapv2 || p == &mschap2){
    1.26 		s->astype = AuthMSchap;
    1.27 	}else {
    1.28 		s->astype = AuthChap;
    1.29@@ -173,8 +177,35 @@ chapwrite(Fsstate *fss, void *va, uint n
    1.30 				if(dom == nil)
    1.31 					dom = "";
    1.32 				s->nresp = domschap2(v, user, dom, (uchar*)a, s->resp, sizeof(s->resp));
    1.33-			} else
    1.34+			}
    1.35+			else if(fss->proto == &mschapv2 || n == MSchallenv2){
    1.36+				uchar pchal[MSchallenv2];
    1.37+				DigestState *ds;
    1.38+
    1.39+				if(n < MSchallenv2)
    1.40+					break;
    1.41+				user = _strfindattr(fss->attr, "user");
    1.42+				if(user == nil)
    1.43+					break;
    1.44+
    1.45+				memrandom(pchal, MSchallenv2);
    1.46+
    1.47+				/* ChallengeHash() */
    1.48+				ds = sha1(pchal, MSchallenv2, nil, nil);
    1.49+				ds = sha1((uchar*)a, MSchallenv2, nil, ds);
    1.50+				sha1((uchar*)user, strlen(user), reply, ds);
    1.51+
    1.52+				s->nresp = domschap(v, reply, s->resp, sizeof(s->resp));
    1.53+				if(s->nresp <= 0)
    1.54+					break;
    1.55+
    1.56+				mcr = (MSchapreply*)s->resp;
    1.57+				memset(mcr->LMresp, 0, sizeof(mcr->LMresp));
    1.58+				memmove(mcr->LMresp, pchal, MSchallenv2);
    1.59+			}
    1.60+			else {
    1.61 				s->nresp = domschap(v, (uchar*)a, s->resp, sizeof(s->resp));
    1.62+			}
    1.63 			break;
    1.64 		case AuthChap:
    1.65 			if(n < ChapChallen+1)
    1.66@@ -379,8 +410,18 @@ Proto mschap = {
    1.67 .keyprompt= "!password?"
    1.68 };
    1.69 
    1.70+Proto mschapv2 = {
    1.71+.name=	"mschapv2",
    1.72+.init=	chapinit,
    1.73+.write=	chapwrite,
    1.74+.read=	chapread,
    1.75+.close=	chapclose,
    1.76+.addkey= replacekey,
    1.77+.keyprompt= "user? !password?"
    1.78+};
    1.79+
    1.80 Proto mschap2 = {
    1.81-.name=	"mschap2",
    1.82+.name=	"mschap2",	/* really NTLMv2 */
    1.83 .init=	chapinit,
    1.84 .write=	chapwrite,
    1.85 .read=	chapread,
     2.1--- a/sys/src/cmd/auth/factotum/dat.h
     2.2+++ b/sys/src/cmd/auth/factotum/dat.h
     2.3@@ -225,7 +225,7 @@ void		writehostowner(char*);
     2.4 /* protocols */
     2.5 extern Proto apop, cram;		/* apop.c */
     2.6 extern Proto p9any, p9sk1, p9sk2;	/* p9sk.c */
     2.7-extern Proto chap, mschap, mschap2;	/* chap.c */
     2.8+extern Proto chap, mschap, mschapv2, mschap2;	/* chap.c */
     2.9 extern Proto p9cr, vnc;			/* p9cr.c */
    2.10 extern Proto pass;			/* pass.c */
    2.11 extern Proto rsa;			/* rsa.c */
     3.1--- a/sys/src/cmd/auth/factotum/fs.c
     3.2+++ b/sys/src/cmd/auth/factotum/fs.c
     3.3@@ -31,6 +31,7 @@ prototab[] =
     3.4 	&cram,
     3.5 	&httpdigest,
     3.6 	&mschap,
     3.7+	&mschapv2,
     3.8 	&mschap2,
     3.9 	&p9any,
    3.10 	&p9cr,