// SoftEther VPN Source Code // Cedar Communication Module // // SoftEther VPN Server, Client and Bridge are free software under GPLv2. // // Copyright (c) 2012-2015 Daiyuu Nobori. // Copyright (c) 2012-2015 SoftEther VPN Project, University of Tsukuba, Japan. // Copyright (c) 2012-2015 SoftEther Corporation. // // All Rights Reserved. // // http://www.softether.org/ // // Author: Daiyuu Nobori // Comments: Tetsuo Sugiyama, Ph.D. // // This program is free software; you can redistribute it and/or // modify it under the terms of the GNU General Public License // version 2 as published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // // You should have received a copy of the GNU General Public License version 2 // along with this program; if not, write to the Free Software // Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. // // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. // IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY // CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, // TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE // SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. // // THE LICENSE AGREEMENT IS ATTACHED ON THE SOURCE-CODE PACKAGE // AS "LICENSE.TXT" FILE. READ THE TEXT FILE IN ADVANCE TO USE THE SOFTWARE. // // // THIS SOFTWARE IS DEVELOPED IN JAPAN, AND DISTRIBUTED FROM JAPAN, // UNDER JAPANESE LAWS. YOU MUST AGREE IN ADVANCE TO USE, COPY, MODIFY, // MERGE, PUBLISH, DISTRIBUTE, SUBLICENSE, AND/OR SELL COPIES OF THIS // SOFTWARE, THAT ANY JURIDICAL DISPUTES WHICH ARE CONCERNED TO THIS // SOFTWARE OR ITS CONTENTS, AGAINST US (SOFTETHER PROJECT, SOFTETHER // CORPORATION, DAIYUU NOBORI OR OTHER SUPPLIERS), OR ANY JURIDICAL // DISPUTES AGAINST US WHICH ARE CAUSED BY ANY KIND OF USING, COPYING, // MODIFYING, MERGING, PUBLISHING, DISTRIBUTING, SUBLICENSING, AND/OR // SELLING COPIES OF THIS SOFTWARE SHALL BE REGARDED AS BE CONSTRUED AND // CONTROLLED BY JAPANESE LAWS, AND YOU MUST FURTHER CONSENT TO // EXCLUSIVE JURISDICTION AND VENUE IN THE COURTS SITTING IN TOKYO, // JAPAN. YOU MUST WAIVE ALL DEFENSES OF LACK OF PERSONAL JURISDICTION // AND FORUM NON CONVENIENS. PROCESS MAY BE SERVED ON EITHER PARTY IN // THE MANNER AUTHORIZED BY APPLICABLE LAW OR COURT RULE. // // USE ONLY IN JAPAN. DO NOT USE THIS SOFTWARE IN ANOTHER COUNTRY UNLESS // YOU HAVE A CONFIRMATION THAT THIS SOFTWARE DOES NOT VIOLATE ANY // CRIMINAL LAWS OR CIVIL RIGHTS IN THAT PARTICULAR COUNTRY. USING THIS // SOFTWARE IN OTHER COUNTRIES IS COMPLETELY AT YOUR OWN RISK. THE // SOFTETHER VPN PROJECT HAS DEVELOPED AND DISTRIBUTED THIS SOFTWARE TO // COMPLY ONLY WITH THE JAPANESE LAWS AND EXISTING CIVIL RIGHTS INCLUDING // PATENTS WHICH ARE SUBJECTS APPLY IN JAPAN. OTHER COUNTRIES' LAWS OR // CIVIL RIGHTS ARE NONE OF OUR CONCERNS NOR RESPONSIBILITIES. WE HAVE // NEVER INVESTIGATED ANY CRIMINAL REGULATIONS, CIVIL LAWS OR // INTELLECTUAL PROPERTY RIGHTS INCLUDING PATENTS IN ANY OF OTHER 200+ // COUNTRIES AND TERRITORIES. BY NATURE, THERE ARE 200+ REGIONS IN THE // WORLD, WITH DIFFERENT LAWS. IT IS IMPOSSIBLE TO VERIFY EVERY // COUNTRIES' LAWS, REGULATIONS AND CIVIL RIGHTS TO MAKE THE SOFTWARE // COMPLY WITH ALL COUNTRIES' LAWS BY THE PROJECT. EVEN IF YOU WILL BE // SUED BY A PRIVATE ENTITY OR BE DAMAGED BY A PUBLIC SERVANT IN YOUR // COUNTRY, THE DEVELOPERS OF THIS SOFTWARE WILL NEVER BE LIABLE TO // RECOVER OR COMPENSATE SUCH DAMAGES, CRIMINAL OR CIVIL // RESPONSIBILITIES. NOTE THAT THIS LINE IS NOT LICENSE RESTRICTION BUT // JUST A STATEMENT FOR WARNING AND DISCLAIMER. // // // SOURCE CODE CONTRIBUTION // ------------------------ // // Your contribution to SoftEther VPN Project is much appreciated. // Please send patches to us through GitHub. // Read the SoftEther VPN Patch Acceptance Policy in advance: // http://www.softether.org/5-download/src/9.patch // // // DEAR SECURITY EXPERTS // --------------------- // // If you find a bug or a security vulnerability please kindly inform us // about the problem immediately so that we can fix the security problem // to protect a lot of users around the world as soon as possible. // // Our e-mail address for security reports is: // softether-vpn-security [at] softether.org // // Please note that the above e-mail address is not a technical support // inquiry address. If you need technical assistance, please visit // http://www.softether.org/ and ask your question on the users forum. // // Thank you for your cooperation. // // // NO MEMORY OR RESOURCE LEAKS // --------------------------- // // The memory-leaks and resource-leaks verification under the stress // test has been passed before release this source code. // Radius.c // Radius authentication module #include "CedarPch.h" ////////// Modern implementation // send PEAP-MSCHAPv2 auth client response bool PeapClientSendMsChapv2AuthClientResponse(EAP_CLIENT *e, UCHAR *client_response, UCHAR *client_challenge) { bool ret = false; EAP_MSCHAPV2_RESPONSE msg1; EAP_MESSAGE msg2; EAP_MESSAGE msg4; if (e == NULL || client_response == NULL || client_challenge == NULL) { return false; } Zero(&msg1, sizeof(msg1)); Zero(&msg2, sizeof(msg2)); Zero(&msg4, sizeof(msg4)); msg1.Type = EAP_TYPE_MS_AUTH; msg1.Chap_Opcode = EAP_MSCHAPV2_OP_RESPONSE; msg1.Chap_Id = e->MsChapV2Challenge.Chap_Id; msg1.Chap_Len = Endian16(54 + StrLen(e->Username)); msg1.Chap_ValueSize = 49; Copy(msg1.Chap_PeerChallange, client_challenge, 16); Copy(msg1.Chap_NtResponse, client_response, 24); Copy(msg1.Chap_Name, e->Username, MIN(StrLen(e->Username), 255)); if (SendPeapPacket(e, &msg1, 59 + StrLen(e->Username)) && GetRecvPeapMessage(e, &msg2)) { if (msg2.Type == EAP_TYPE_MS_AUTH && ((EAP_MSCHAPV2_GENERAL *)&msg2)->Chap_Opcode == EAP_MSCHAPV2_OP_SUCCESS) { EAP_MSCHAPV2_SUCCESS_SERVER *eaps = (EAP_MSCHAPV2_SUCCESS_SERVER *)&msg2; if (StartWith(eaps->Message, "S=")) { BUF *buf = StrToBin(eaps->Message + 2); if (buf && buf->Size == 20) { Copy(&e->MsChapV2Success, eaps, sizeof(EAP_MSCHAPV2_SUCCESS_SERVER)); Copy(e->ServerResponse, buf->Buf, 20); if (true) { EAP_MSCHAPV2_SUCCESS_CLIENT msg3; Zero(&msg3, sizeof(msg3)); msg3.Type = EAP_TYPE_MS_AUTH; msg3.Chap_Opcode = EAP_MSCHAPV2_OP_SUCCESS; if (SendPeapPacket(e, &msg3, 6) && GetRecvPeapMessage(e, &msg4)) { UCHAR *rd = ((UCHAR *)&msg4); if (rd[4] == 0x01 && rd[8] == 0x21 && rd[9] == 0x80 && rd[10] == 0x03 && rd[11] == 0x00 && rd[12] == 0x02 && rd[13] == 0x00 && rd[14] == 0x01) { UCHAR reply[15]; Zero(reply, sizeof(reply)); reply[4] = 0x02; reply[5] = rd[5]; reply[6] = 0x00; reply[7] = 0x0b; reply[8] = 0x21; reply[9] = 0x80; reply[10] = 0x03; reply[11] = 0x00; reply[12] = 0x02; reply[13] = 0x00; reply[14] = 0x01; if (SendPeapPacket(e, reply, sizeof(reply))) { if (e->RecvLastCode == RADIUS_CODE_ACCESS_ACCEPT) { ret = true; } } } } } } FreeBuf(buf); } } } return ret; } // send PEAP-MSCHAPv2 auth request bool PeapClientSendMsChapv2AuthRequest(EAP_CLIENT *eap) { bool ret = false; UINT num_retry = 0; if (eap == NULL) { return false; } if (StartPeapClient(eap)) { if (StartPeapSslClient(eap)) { EAP_MESSAGE recv_msg; EAP_MESSAGE send_msg; if (GetRecvPeapMessage(eap, &recv_msg) && recv_msg.Type == EAP_TYPE_IDENTITY) { LABEL_RETRY: num_retry++; if (num_retry >= 10) { return false; } Zero(&send_msg, sizeof(send_msg)); send_msg.Type = EAP_TYPE_IDENTITY; send_msg.Len = Endian16(5 + StrLen(eap->Username)); Copy(send_msg.Data, eap->Username, StrLen(eap->Username)); if (SendPeapPacket(eap, &send_msg, 5 + StrLen(eap->Username)) && GetRecvPeapMessage(eap, &recv_msg)) { LABEL_RETRY2: num_retry++; if (num_retry >= 10) { return false; } if (recv_msg.Type == EAP_TYPE_MS_AUTH && ((EAP_MSCHAPV2_GENERAL *)&recv_msg)->Chap_Opcode == EAP_MSCHAPV2_OP_CHALLENGE) { EAP_MSCHAPV2_CHALLENGE *svr_challenge = (EAP_MSCHAPV2_CHALLENGE *)&recv_msg; Copy(&eap->MsChapV2Challenge, svr_challenge, sizeof(EAP_MSCHAPV2_CHALLENGE)); ret = true; eap->PeapMode = true; } else if (recv_msg.Type == EAP_TYPE_IDENTITY) { UCHAR *rd = ((UCHAR *)&recv_msg); if (rd[4] == 0x01 && rd[8] == 0x21 && rd[9] == 0x80 && rd[10] == 0x03 && rd[11] == 0x00 && rd[12] == 0x02 && rd[13] == 0x00) { if (rd[14] == 0x02) { // Fail return false; } } goto LABEL_RETRY; } else { EAP_MESSAGE nak; Zero(&nak, sizeof(nak)); nak.Type = EAP_TYPE_LEGACY_NAK; nak.Data[0] = EAP_TYPE_MS_AUTH; if (SendPeapPacket(eap, &nak, 6) && GetRecvPeapMessage(eap, &recv_msg)) { goto LABEL_RETRY2; } } } } } } return ret; } // Send a PEAP packet (encrypted) bool SendPeapRawPacket(EAP_CLIENT *e, UCHAR *peap_data, UINT peap_size) { LIST *fragments = NULL; bool ret = false; BUF *buf = NULL; UINT i; UINT num; bool send_empty = false; bool include_len = false; if (e == NULL) { return false; } // divide into 1024 bytes buf = NewBuf(); // size if ((peap_size + 6 + 2) >= 256) { WriteBufInt(buf, peap_size); include_len = true; } // data WriteBuf(buf, peap_data, peap_size); if (peap_data == NULL) { send_empty = true; } SeekBufToBegin(buf); fragments = NewListFast(NULL); for (num = 0;;num++) { UCHAR tmp[1024]; EAP_PEAP *send_peap_message; UINT sz; sz = ReadBuf(buf, tmp, 1024); if (sz == 0) { break; } // add header send_peap_message = ZeroMalloc(sizeof(EAP_PEAP) + sz); send_peap_message->Code = EAP_CODE_RESPONSE; send_peap_message->Id = e->LastRecvEapId + num; send_peap_message->Len = Endian16((UINT)(((UINT)sizeof(EAP_PEAP) + (UINT)sz))); send_peap_message->Type = EAP_TYPE_PEAP; send_peap_message->TlsFlags = 0; if (num == 0 && include_len) { send_peap_message->TlsFlags |= EAP_TLS_FLAGS_LEN; } if (ReadBufRemainSize(buf) != 0) { send_peap_message->TlsFlags |= EAP_TLS_FLAGS_MORE_FRAGMENTS; } Copy(((UCHAR *)send_peap_message) + sizeof(EAP_PEAP), tmp, sz); Add(fragments, MemToBuf(send_peap_message, sizeof(EAP_PEAP) + sz)); Free(send_peap_message); } if (num == 0 && send_empty) { Add(fragments, MemToBuf("\0", 1)); } // send each of packets for (i = 0;i < LIST_NUM(fragments);i++) { BUF *b = LIST_DATA(fragments, i); RADIUS_AVP *eap_avp; RADIUS_PACKET *response_packet; RADIUS_PACKET *send_packet = NewRadiusPacket(RADIUS_CODE_ACCESS_REQUEST, e->NextRadiusPacketId++); EapSetRadiusGeneralAttributes(send_packet, e); if (e->LastStateSize != 0) { Add(send_packet->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_STATE, 0, 0, e->LastState, e->LastStateSize)); } if (send_empty == false) { eap_avp = NewRadiusAvp(RADIUS_ATTRIBUTE_EAP_MESSAGE, 0, 0, b->Buf, b->Size); } else { EAP_PEAP empty_peap; Zero(&empty_peap, sizeof(empty_peap)); empty_peap.Code = EAP_CODE_RESPONSE; empty_peap.Id = e->LastRecvEapId; empty_peap.Len = Endian16(sizeof(EAP_PEAP)); empty_peap.Type = EAP_TYPE_PEAP; eap_avp = NewRadiusAvp(RADIUS_ATTRIBUTE_EAP_MESSAGE, 0, 0, &empty_peap, sizeof(EAP_PEAP)); } Add(send_packet->AvpList, eap_avp); response_packet = EapSendPacketAndRecvResponse(e, send_packet); if (response_packet != NULL) { e->RecvLastCode = response_packet->Code; if (response_packet->Parse_EapMessage != NULL && response_packet->Parse_EapMessage_DataSize >= sizeof(EAP_PEAP)) { // Received SSL stream EAP_PEAP *peap_msg = (EAP_PEAP *)response_packet->Parse_EapMessage; if (peap_msg->Type == EAP_TYPE_PEAP) { if (peap_msg->TlsFlags & EAP_TLS_FLAGS_LEN) { UINT total_size = READ_UINT(((UCHAR *)peap_msg) + sizeof(EAP_PEAP)); if (total_size <= (response_packet->Parse_EapMessage_DataSize - sizeof(EAP_PEAP) - sizeof(UINT))) { WriteFifo(e->SslPipe->RawIn->SendFifo, ((UCHAR *)peap_msg) + sizeof(EAP_PEAP) + sizeof(UINT), total_size); } } else { WriteFifo(e->SslPipe->RawIn->SendFifo, ((UCHAR *)peap_msg) + sizeof(EAP_PEAP), response_packet->Parse_EapMessage_DataSize - sizeof(EAP_PEAP)); } } } } FreeRadiusPacket(send_packet); FreeRadiusPacket(response_packet); } FreeBuf(buf); if (fragments != NULL) { for (i = 0;i < LIST_NUM(fragments);i++) { BUF *b = LIST_DATA(fragments, i); FreeBuf(b); } ReleaseList(fragments); } SyncSslPipe(e->SslPipe); return ret; } // Send an encrypted message of PEAP bool SendPeapPacket(EAP_CLIENT *e, void *msg, UINT msg_size) { bool ret = false; FIFO *send_fifo; FIFO *recv_fifo; BUF *buf; EAP_MESSAGE tmpmsg; if (e == NULL || msg == NULL || msg_size == 0) { return false; } if (e->SslPipe == NULL) { return false; } send_fifo = e->SslPipe->RawOut->RecvFifo; recv_fifo = e->SslPipe->RawIn->SendFifo; Zero(&tmpmsg, sizeof(tmpmsg)); Copy(&tmpmsg, msg, MIN(msg_size, sizeof(EAP_MESSAGE))); WriteFifo(e->SslPipe->SslInOut->SendFifo, &tmpmsg.Type, msg_size - 4); SyncSslPipe(e->SslPipe); buf = ReadFifoAll(send_fifo); while (true) { ret = SendPeapRawPacket(e, buf->Buf, buf->Size); FreeBuf(buf); if (send_fifo->size == 0) { break; } buf = ReadFifoAll(send_fifo); } return !e->SslPipe->IsDisconnected; } // Start a PEAP SSL client bool StartPeapSslClient(EAP_CLIENT *e) { bool ret = false; FIFO *send_fifo; FIFO *recv_fifo; BUF *buf; if (e == NULL) { return false; } if (e->SslPipe != NULL) { return false; } e->SslPipe = NewSslPipe(false, NULL, NULL, NULL); send_fifo = e->SslPipe->RawOut->RecvFifo; recv_fifo = e->SslPipe->RawIn->SendFifo; SyncSslPipe(e->SslPipe); buf = ReadFifoAll(send_fifo); while (true) { ret = SendPeapRawPacket(e, buf->Buf, buf->Size); FreeBuf(buf); if (send_fifo->size == 0) { break; } buf = ReadFifoAll(send_fifo); } SendPeapRawPacket(e, NULL, 0); return !e->SslPipe->IsDisconnected; } // Get a received PEAP message (unencrypted) bool GetRecvPeapMessage(EAP_CLIENT *e, EAP_MESSAGE *msg) { BUF *b; bool ret = false; if (e == NULL) { return false; } if (e->SslPipe == NULL) { return false; } b = ReadFifoAll(e->SslPipe->SslInOut->RecvFifo); if (b->Size >= 1) { Zero(msg, sizeof(EAP_MESSAGE)); msg->Len = Endian16(b->Size + 4); Copy(&msg->Type, b->Buf, MIN(b->Size, 1501)); ret = true; } FreeBuf(b); return ret; } // Start a PEAP client bool StartPeapClient(EAP_CLIENT *e) { bool ret = false; RADIUS_PACKET *request1 = NULL; RADIUS_PACKET *response1 = NULL; RADIUS_PACKET *request2 = NULL; RADIUS_PACKET *response2 = NULL; EAP_MESSAGE *eap1 = NULL; EAP_MESSAGE *eap2 = NULL; if (e == NULL) { return false; } if (e->SslPipe != NULL) { return false; } request1 = NewRadiusPacket(RADIUS_CODE_ACCESS_REQUEST, e->NextRadiusPacketId++); EapSetRadiusGeneralAttributes(request1, e); eap1 = ZeroMalloc(sizeof(EAP_MESSAGE)); eap1->Code = EAP_CODE_RESPONSE; eap1->Id = e->LastRecvEapId; eap1->Len = Endian16(StrLen(e->Username) + 5); eap1->Type = EAP_TYPE_IDENTITY; Copy(eap1->Data, e->Username, StrLen(e->Username)); Add(request1->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_EAP_MESSAGE, 0, 0, eap1, StrLen(e->Username) + 5)); response1 = EapSendPacketAndRecvResponse(e, request1); if (response1 != NULL) { if (response1->Parse_EapMessage_DataSize != 0 && response1->Parse_EapMessage != NULL) { EAP_MESSAGE *eap = response1->Parse_EapMessage; if (eap->Code == EAP_CODE_REQUEST) { if (eap->Type != EAP_TYPE_PEAP) { // Unsupported auth type. Request PEAP. request2 = NewRadiusPacket(RADIUS_CODE_ACCESS_REQUEST, e->NextRadiusPacketId++); EapSetRadiusGeneralAttributes(request2, e); if (response1->Parse_StateSize != 0) { Add(request2->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_STATE, 0, 0, response1->Parse_State, response1->Parse_StateSize)); } eap2 = ZeroMalloc(sizeof(EAP_MESSAGE)); eap2->Code = EAP_CODE_RESPONSE; eap2->Id = e->LastRecvEapId; eap2->Len = Endian16(6); eap2->Type = EAP_TYPE_LEGACY_NAK; eap2->Data[0] = EAP_TYPE_PEAP; Add(request2->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_EAP_MESSAGE, 0, 0, eap2, 6)); response2 = EapSendPacketAndRecvResponse(e, request2); if (response2 != NULL && response2->Parse_EapMessage_DataSize != 0 && response2->Parse_EapMessage != NULL) { eap = response2->Parse_EapMessage; if (eap->Code == EAP_CODE_REQUEST && eap->Type == EAP_TYPE_PEAP) { goto LABEL_PARSE_PEAP; } } } else { EAP_PEAP *peap; LABEL_PARSE_PEAP: peap = (EAP_PEAP *)eap; if (peap->TlsFlags == 0x20) { ret = true; } } } } } FreeRadiusPacket(request1); FreeRadiusPacket(request2); FreeRadiusPacket(response1); FreeRadiusPacket(response2); Free(eap1); Free(eap2); return ret; } // Set RADIUS general attributes void EapSetRadiusGeneralAttributes(RADIUS_PACKET *r, EAP_CLIENT *e) { UINT ui; char *str; if (r == NULL || e == NULL) { return; } ui = Endian32(2); Add(r->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_SERVICE_TYPE, 0, 0, &ui, sizeof(UINT))); ui = Endian32(1); Add(r->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_FRAMED_PROTOCOL, 0, 0, &ui, sizeof(UINT))); ui = Endian32(5); Add(r->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_NAS_PORT_TYPE, 0, 0, &ui, sizeof(UINT))); Add(r->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_CALLING_STATION_ID, 0, 0, e->ClientIpStr, StrLen(e->ClientIpStr))); Add(r->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_TUNNEL_CLIENT_ENDPOINT, 0, 0, e->ClientIpStr, StrLen(e->ClientIpStr))); Add(r->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_USER_NAME, 0, 0, e->Username, StrLen(e->Username))); Add(r->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_NAS_ID, 0, 0, CEDAR_SERVER_STR, StrLen(CEDAR_SERVER_STR))); ui = Endian32(2); Add(r->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_VENDOR_SPECIFIC, RADIUS_VENDOR_MICROSOFT, RADIUS_MS_NETWORK_ACCESS_SERVER_TYPE, &ui, sizeof(UINT))); ui = Endian32(RADIUS_VENDOR_MICROSOFT); Add(r->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_VENDOR_SPECIFIC, RADIUS_VENDOR_MICROSOFT, RADIUS_MS_RAS_VENDOR, &ui, sizeof(UINT))); str = "MSRASV5.20"; Add(r->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_VENDOR_SPECIFIC, RADIUS_VENDOR_MICROSOFT, RADIUS_MS_VERSION, str, StrLen(str))); str = "{5DC53D72-9815-4E97-AC91-339BAFEA6C48}"; Add(r->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_VENDOR_SPECIFIC, RADIUS_VENDOR_MICROSOFT, RADIUS_MS_RAS_CORRELATION, str, StrLen(str))); str = "MSRASV5.20"; Add(r->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_VENDOR_SPECIFIC, RADIUS_VENDOR_MICROSOFT, RADIUS_MS_RAS_CLIENT_VERSION, str, StrLen(str))); str = "MSRASV5.20"; Add(r->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_VENDOR_SPECIFIC, RADIUS_VENDOR_MICROSOFT, RADIUS_MS_RAS_CLIENT_NAME, str, StrLen(str))); } // Send a MSCHAPv2 client auth response1 bool EapClientSendMsChapv2AuthClientResponse(EAP_CLIENT *e, UCHAR *client_response, UCHAR *client_challenge) { bool ret = false; RADIUS_PACKET *request1 = NULL; RADIUS_PACKET *response1 = NULL; RADIUS_PACKET *request2 = NULL; RADIUS_PACKET *response2 = NULL; EAP_MSCHAPV2_RESPONSE *eap1 = NULL; EAP_MSCHAPV2_SUCCESS_CLIENT *eap2 = NULL; if (e == NULL || client_response == NULL || client_challenge == NULL) { return false; } request1 = NewRadiusPacket(RADIUS_CODE_ACCESS_REQUEST, e->NextRadiusPacketId++); EapSetRadiusGeneralAttributes(request1, e); if (e->LastStateSize != 0) { Add(request1->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_STATE, 0, 0, e->LastState, e->LastStateSize)); } eap1 = ZeroMalloc(sizeof(EAP_MSCHAPV2_RESPONSE)); eap1->Code = EAP_CODE_RESPONSE; eap1->Id = e->NextEapId++; eap1->Len = Endian16(59 + StrLen(e->Username)); eap1->Type = EAP_TYPE_MS_AUTH; eap1->Chap_Opcode = EAP_MSCHAPV2_OP_RESPONSE; eap1->Chap_Id = e->MsChapV2Challenge.Chap_Id; eap1->Chap_Len = Endian16(54 + StrLen(e->Username)); eap1->Chap_ValueSize = 49; Copy(eap1->Chap_PeerChallange, client_challenge, 16); Copy(eap1->Chap_NtResponse, client_response, 24); Copy(eap1->Chap_Name, e->Username, MIN(StrLen(e->Username), 255)); Add(request1->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_EAP_MESSAGE, 0, 0, eap1, StrLen(e->Username) + 59)); response1 = EapSendPacketAndRecvResponse(e, request1); if (response1 != NULL) { if (response1->Parse_EapMessage_DataSize != 0 && response1->Parse_EapMessage != NULL) { EAP_MESSAGE *eap = response1->Parse_EapMessage; if (eap->Code == EAP_CODE_REQUEST) { if (eap->Type == EAP_TYPE_MS_AUTH) { if (((EAP_MSCHAPV2_GENERAL *)eap)->Chap_Opcode != EAP_MSCHAPV2_OP_SUCCESS) { // Auth fail } else { // Auth ok EAP_MSCHAPV2_SUCCESS_SERVER *eaps = (EAP_MSCHAPV2_SUCCESS_SERVER *)eap; if (StartWith(eaps->Message, "S=")) { BUF *buf = StrToBin(eaps->Message + 2); if (buf && buf->Size == 20) { Copy(&e->MsChapV2Success, eaps, sizeof(EAP_MSCHAPV2_SUCCESS_SERVER)); Copy(e->ServerResponse, buf->Buf, 20); if (true) { // Send the final packet request2 = NewRadiusPacket(RADIUS_CODE_ACCESS_REQUEST, e->NextRadiusPacketId++); EapSetRadiusGeneralAttributes(request2, e); if (e->LastStateSize != 0) { Add(request2->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_STATE, 0, 0, e->LastState, e->LastStateSize)); } eap2 = ZeroMalloc(sizeof(EAP_MSCHAPV2_SUCCESS_CLIENT)); eap2->Code = EAP_CODE_RESPONSE; eap2->Id = e->NextEapId++; eap2->Len = Endian16(6); eap2->Type = EAP_TYPE_MS_AUTH; eap2->Chap_Opcode = EAP_MSCHAPV2_OP_SUCCESS; Add(request2->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_EAP_MESSAGE, 0, 0, eap2, 6)); response2 = EapSendPacketAndRecvResponse(e, request2); if (response2 != NULL) { if (response2->Code == RADIUS_CODE_ACCESS_ACCEPT) { ret = true; } } } } FreeBuf(buf); } } } } } } FreeRadiusPacket(request1); FreeRadiusPacket(request2); FreeRadiusPacket(response1); FreeRadiusPacket(response2); Free(eap1); Free(eap2); return ret; } // Send a MSCHAPv2 client auth request bool EapClientSendMsChapv2AuthRequest(EAP_CLIENT *e) { bool ret = false; RADIUS_PACKET *request1 = NULL; RADIUS_PACKET *response1 = NULL; RADIUS_PACKET *request2 = NULL; RADIUS_PACKET *response2 = NULL; EAP_MESSAGE *eap1 = NULL; EAP_MESSAGE *eap2 = NULL; if (e == NULL) { return false; } request1 = NewRadiusPacket(RADIUS_CODE_ACCESS_REQUEST, e->NextRadiusPacketId++); EapSetRadiusGeneralAttributes(request1, e); eap1 = ZeroMalloc(sizeof(EAP_MESSAGE)); eap1->Code = EAP_CODE_RESPONSE; eap1->Id = e->NextEapId++; eap1->Len = Endian16(StrLen(e->Username) + 5); eap1->Type = EAP_TYPE_IDENTITY; Copy(eap1->Data, e->Username, StrLen(e->Username)); Add(request1->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_EAP_MESSAGE, 0, 0, eap1, StrLen(e->Username) + 5)); response1 = EapSendPacketAndRecvResponse(e, request1); if (response1 != NULL) { if (response1->Parse_EapMessage_DataSize != 0 && response1->Parse_EapMessage != NULL) { EAP_MESSAGE *eap = response1->Parse_EapMessage; if (eap->Code == EAP_CODE_REQUEST) { if (eap->Type != EAP_TYPE_MS_AUTH) { // Unsupported auth type. Request MS-CHAP-v2. request2 = NewRadiusPacket(RADIUS_CODE_ACCESS_REQUEST, e->NextRadiusPacketId++); EapSetRadiusGeneralAttributes(request2, e); if (response1->Parse_StateSize != 0) { Add(request2->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_STATE, 0, 0, response1->Parse_State, response1->Parse_StateSize)); } eap2 = ZeroMalloc(sizeof(EAP_MESSAGE)); eap2->Code = EAP_CODE_RESPONSE; eap2->Id = e->NextEapId++; eap2->Len = Endian16(6); eap2->Type = EAP_TYPE_LEGACY_NAK; eap2->Data[0] = EAP_TYPE_MS_AUTH; Add(request2->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_EAP_MESSAGE, 0, 0, eap2, 6)); response2 = EapSendPacketAndRecvResponse(e, request2); if (response2 != NULL && response2->Parse_EapMessage_DataSize != 0 && response2->Parse_EapMessage != NULL) { eap = response2->Parse_EapMessage; if (eap->Code == EAP_CODE_REQUEST && eap->Type == EAP_TYPE_MS_AUTH) { goto LABEL_PARSE_EAP; } } } else { EAP_MSCHAPV2_GENERAL *ms_g; LABEL_PARSE_EAP: ms_g = (EAP_MSCHAPV2_GENERAL *)eap; if (ms_g->Chap_Opcode == EAP_MSCHAPV2_OP_CHALLENGE) { EAP_MSCHAPV2_CHALLENGE *ms_c = (EAP_MSCHAPV2_CHALLENGE *)eap; if (ms_c->Chap_ValueSize == 16) { Copy(&e->MsChapV2Challenge, ms_c, sizeof(EAP_MSCHAPV2_CHALLENGE)); ret = true; } } } } } } FreeRadiusPacket(request1); FreeRadiusPacket(request2); FreeRadiusPacket(response1); FreeRadiusPacket(response2); Free(eap1); Free(eap2); return ret; } // Send a packet and recv a response RADIUS_PACKET *EapSendPacketAndRecvResponse(EAP_CLIENT *e, RADIUS_PACKET *r) { SOCKSET set; UINT64 giveup_tick = 0; UINT64 next_send_tick = 0; bool select_inited = false; bool free_r = false; RADIUS_PACKET *ret = NULL; if (e == NULL || r == NULL) { return NULL; } ClearBuf(e->PEAP_CurrentReceivingMsg); e->PEAP_CurrentReceivingTotalSize = 0; InitSockSet(&set); AddSockSet(&set, e->UdpSock); while (true) { UINT64 now = Tick64(); UINT wait_time = INFINITE; bool is_finish = false; if (giveup_tick == 0) { giveup_tick = now + (UINT64)e->GiveupTimeout; } if (giveup_tick <= now) { break; } if (select_inited) { UINT num_error = 0; while (true) { IP from_ip; UINT from_port; UINT size; UCHAR *tmp = e->TmpBuffer; size = RecvFrom(e->UdpSock, &from_ip, &from_port, tmp, sizeof(e->TmpBuffer)); if (size == 0 && e->UdpSock->IgnoreRecvErr == false) { // UDP socket error is_finish = true; break; } else if (size == SOCK_LATER) { break; } if (size == 0 && e->UdpSock->IgnoreRecvErr) { num_error++; if (num_error >= 100) { is_finish = true; break; } } // Receive a response packet if (size != SOCK_LATER && size >= 1) { if (CmpIpAddr(&from_ip, &e->ServerIp) == 0 && from_port == e->ServerPort) { RADIUS_PACKET *rp = ParseRadiusPacket(tmp, size); if (rp != NULL) { RADIUS_AVP *eap_msg = GetRadiusAvp(rp, RADIUS_ATTRIBUTE_EAP_MESSAGE); RADIUS_AVP *vlan_avp = GetRadiusAvp(rp, RADIUS_ATTRIBUTE_VLAN_ID); if (eap_msg != NULL) { e->LastRecvEapId = ((EAP_MESSAGE *)(eap_msg->Data))->Id; } if (vlan_avp != NULL) { // VLAN ID UINT vlan_id = 0; char tmp[32]; Zero(tmp, sizeof(tmp)); Copy(tmp, vlan_avp->Data, MIN(vlan_avp->DataSize, sizeof(tmp) - 1)); vlan_id = ToInt(tmp); e->LastRecvVLanId = vlan_id; } // Validate the received packet if (rp->Parse_EapAuthMessagePos != 0 && rp->Parse_AuthenticatorPos != 0) { UCHAR *tmp_buffer = Clone(tmp, size); UCHAR auth1[16]; UCHAR auth2[16]; Copy(auth1, &tmp_buffer[rp->Parse_EapAuthMessagePos], 16); Zero(&tmp_buffer[rp->Parse_EapAuthMessagePos], 16); Copy(&tmp_buffer[rp->Parse_AuthenticatorPos], r->Authenticator, 16); HMacMd5(auth2, e->SharedSecret, StrLen(e->SharedSecret), tmp_buffer, size); if (Cmp(auth1, auth2, 16) == 0) { bool send_ack_packet = false; // ok Copy(e->LastState, rp->Parse_State, rp->Parse_StateSize); e->LastStateSize = rp->Parse_StateSize; if (rp->Parse_EapMessage_DataSize != 0 && rp->Parse_EapMessage != NULL) { EAP_MESSAGE *eap_msg = (EAP_MESSAGE *)rp->Parse_EapMessage; if (eap_msg->Type == EAP_TYPE_PEAP) { EAP_PEAP *peap_message = (EAP_PEAP *)eap_msg; if (peap_message->TlsFlags & EAP_TLS_FLAGS_MORE_FRAGMENTS || e->PEAP_CurrentReceivingTotalSize != 0) { // more fragments: reply ack RADIUS_PACKET *ack_packet = NewRadiusPacket(RADIUS_CODE_ACCESS_REQUEST, e->NextRadiusPacketId++); EAP_PEAP *ack_msg = ZeroMalloc(sizeof(EAP_PEAP)); EapSetRadiusGeneralAttributes(ack_packet, e); if (e->LastStateSize != 0) { Add(ack_packet->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_STATE, 0, 0, e->LastState, e->LastStateSize)); } ack_msg->Code = EAP_CODE_RESPONSE; ack_msg->Id = e->LastRecvEapId; ack_msg->Len = Endian16(6); ack_msg->Type = EAP_TYPE_PEAP; ack_msg->TlsFlags = 0; Add(ack_packet->AvpList, NewRadiusAvp(RADIUS_ATTRIBUTE_EAP_MESSAGE, 0, 0, ack_msg, sizeof(EAP_PEAP))); next_send_tick = 0; if (free_r) { FreeRadiusPacket(r); } r = ack_packet; free_r = true; Free(ack_msg); send_ack_packet = true; if (e->PEAP_CurrentReceivingTotalSize == 0) { if (peap_message->TlsFlags & EAP_TLS_FLAGS_LEN) { if (Endian16(peap_message->Len) >= 9) { UINT total_size = READ_UINT(((UCHAR *)peap_message) + sizeof(EAP_PEAP)); if (total_size < 65536) { if (rp->Parse_EapMessage_DataSize >= 1) { e->PEAP_CurrentReceivingTotalSize = total_size; WriteBuf(e->PEAP_CurrentReceivingMsg, ((UCHAR *)peap_message), rp->Parse_EapMessage_DataSize); } } } } } else { if ((!(peap_message->TlsFlags & EAP_TLS_FLAGS_LEN)) && rp->Parse_EapMessage_DataSize >= sizeof(EAP_PEAP)) { WriteBuf(e->PEAP_CurrentReceivingMsg, ((UCHAR *)peap_message) + sizeof(EAP_PEAP), rp->Parse_EapMessage_DataSize - sizeof(EAP_PEAP)); if (e->PEAP_CurrentReceivingTotalSize <= e->PEAP_CurrentReceivingMsg->Size) { // all fragmented segments are arrived send_ack_packet = false; is_finish = true; Free(rp->Parse_EapMessage); rp->Parse_EapMessage = Clone(e->PEAP_CurrentReceivingMsg->Buf, e->PEAP_CurrentReceivingMsg->Size); rp->Parse_EapMessage_DataSize = e->PEAP_CurrentReceivingMsg->Size; } } } } } } if (send_ack_packet == false) { ret = rp; } } Free(tmp_buffer); } if (ret != NULL) { is_finish = true; break; } else { FreeRadiusPacket(rp); } } } } } } if (is_finish) { break; } if (next_send_tick == 0 || next_send_tick <= now) { next_send_tick = now + (UINT64)e->ResendTimeout; if (EapSendPacket(e, r) == false) { is_finish = true; } } wait_time = MIN(wait_time, (UINT)(next_send_tick - now)); wait_time = MIN(wait_time, (UINT)(giveup_tick - now)); wait_time = MAX(wait_time, 1); if (is_finish) { break; } Select(&set, wait_time, NULL, NULL); select_inited = true; } if (free_r) { FreeRadiusPacket(r); } return ret; } // Send a RADIUS packet bool EapSendPacket(EAP_CLIENT *e, RADIUS_PACKET *r) { BUF *b; bool ret = false; if (e == NULL || r == NULL) { return false; } b = GenerateRadiusPacket(r, e->SharedSecret); if (b != NULL) { UINT r = SendTo(e->UdpSock, &e->ServerIp, e->ServerPort, b->Buf, b->Size); if (!(r == 0 && e->UdpSock->IgnoreSendErr == false)) { ret = true; } FreeBuf(b); } return ret; } // New EAP client EAP_CLIENT *NewEapClient(IP *server_ip, UINT server_port, char *shared_secret, UINT resend_timeout, UINT giveup_timeout, char *client_ip_str, char *username) { EAP_CLIENT *e; if (server_ip == NULL) { return NULL; } if (resend_timeout == 0) { resend_timeout = RADIUS_RETRY_INTERVAL; } if (giveup_timeout == 0) { giveup_timeout = RADIUS_RETRY_TIMEOUT; } e = ZeroMalloc(sizeof(EAP_CLIENT)); e->Ref = NewRef(); e->NextRadiusPacketId = 1; e->UdpSock = NewUDPEx(0, IsIP6(server_ip)); Copy(&e->ServerIp, server_ip, sizeof(IP)); e->ServerPort = server_port; e->ResendTimeout = resend_timeout; e->GiveupTimeout = giveup_timeout; StrCpy(e->SharedSecret, sizeof(e->SharedSecret), shared_secret); StrCpy(e->ClientIpStr, sizeof(e->ClientIpStr), client_ip_str); StrCpy(e->Username, sizeof(e->Username), username); e->LastRecvEapId = 0; e->PEAP_CurrentReceivingMsg = NewBuf(); return e; } // Free a EAP client void ReleaseEapClient(EAP_CLIENT *e) { if (e == NULL) { return; } if (Release(e->Ref) == 0) { CleanupEapClient(e); } } void CleanupEapClient(EAP_CLIENT *e) { if (e == NULL) { return; } Disconnect(e->UdpSock); ReleaseSock(e->UdpSock); FreeSslPipe(e->SslPipe); FreeBuf(e->PEAP_CurrentReceivingMsg); Free(e); } // New RADIUS AVP value RADIUS_AVP *NewRadiusAvp(UCHAR type, UINT vendor_id, UCHAR vendor_code, void *data, UINT size) { RADIUS_AVP *p = ZeroMalloc(sizeof(RADIUS_AVP)); p->Type = type; p->VendorId = vendor_id; p->VendorCode = vendor_code; p->DataSize = (UCHAR)size; Copy(p->Data, data, (UCHAR)size); if (size >= 256) { Debug("!! size = %u\n", size); } return p; } // New RADIUS packet RADIUS_PACKET *NewRadiusPacket(UCHAR code, UCHAR packet_id) { RADIUS_PACKET *r = ZeroMalloc(sizeof(RADIUS_PACKET)); r->Code = code; r->PacketId = packet_id; r->AvpList = NewListFast(NULL); return r; } // Get RADIUS AVP RADIUS_AVP *GetRadiusAvp(RADIUS_PACKET *p, UCHAR type) { UINT i; if (p == NULL) { return NULL; } for (i = 0;i < LIST_NUM(p->AvpList);i++) { RADIUS_AVP *avp = LIST_DATA(p->AvpList, i); if (avp->Type == type) { return avp; } } return NULL; } // Free a RADIUS packet void FreeRadiusPacket(RADIUS_PACKET *p) { UINT i; if (p == NULL) { return; } if (p->AvpList != NULL) { for (i = 0;i < LIST_NUM(p->AvpList);i++) { RADIUS_AVP *a = LIST_DATA(p->AvpList, i); Free(a); } ReleaseList(p->AvpList); } Free(p->Parse_EapMessage); Free(p); } // Generate a RADIUS packet BUF *GenerateRadiusPacket(RADIUS_PACKET *p, char *shared_secret) { BUF *b; UINT i; UCHAR zero16[16]; UINT len_pos = 0; UINT eap_auth_pos = 0; bool exist_eap_msg = false; bool exist_eap_auth = false; if (p == NULL) { return NULL; } Zero(zero16, sizeof(zero16)); // Add EAP message auth packet for (i = 0;i < LIST_NUM(p->AvpList);i++) { RADIUS_AVP *a = (RADIUS_AVP *)LIST_DATA(p->AvpList, i); if (a->Type == RADIUS_ATTRIBUTE_EAP_MESSAGE) { exist_eap_msg = true; } if (a->Type == RADIUS_ATTRIBUTE_EAP_AUTHENTICATOR) { exist_eap_auth = true; } } if (exist_eap_msg && exist_eap_auth == false) { RADIUS_AVP *a = NewRadiusAvp(RADIUS_ATTRIBUTE_EAP_AUTHENTICATOR, 0, 0, zero16, sizeof(zero16)); Add(p->AvpList, a); } if (IsZero(p->Authenticator, 16)) { UCHAR rand16[16]; Rand(rand16, sizeof(rand16)); Copy(p->Authenticator, rand16, 16); } b = NewBuf(); WriteBufChar(b, p->Code); WriteBufChar(b, p->PacketId); len_pos = b->Current; WriteBufShort(b, 0); WriteBuf(b, p->Authenticator, 16); for (i = 0;i < LIST_NUM(p->AvpList);i++) { RADIUS_AVP *a = (RADIUS_AVP *)LIST_DATA(p->AvpList, i); WriteBufChar(b, a->Type); if (a->Type != RADIUS_ATTRIBUTE_VENDOR_SPECIFIC) { WriteBufChar(b, (UCHAR)((UINT)a->DataSize + 2)); if (a->Type == RADIUS_ATTRIBUTE_EAP_AUTHENTICATOR) { eap_auth_pos = b->Current; if (a->DataSize == 16) { Zero(a->Data, sizeof(a->Data)); } } WriteBuf(b, a->Data, a->DataSize); } else { WriteBufChar(b, (UCHAR)((UINT)a->DataSize + 8)); WriteBufInt(b, a->VendorId); WriteBufChar(b, a->VendorCode); WriteBufChar(b, (UCHAR)((UINT)a->DataSize + 2)); WriteBuf(b, a->Data, a->DataSize); } } WRITE_USHORT(((UCHAR *)b->Buf) + len_pos, b->Size); if (eap_auth_pos != 0) { UCHAR eap_auth[16]; HMacMd5(eap_auth, shared_secret, StrLen(shared_secret), b->Buf, b->Size); Copy(((UCHAR *)b->Buf) + eap_auth_pos, eap_auth, 16); } SeekBufToBegin(b); return b; } // Parse a RADIUS packet RADIUS_PACKET *ParseRadiusPacket(void *data, UINT size) { RADIUS_PACKET *p = NULL; BUF *buf = NULL; USHORT len; UCHAR auth[16]; if (data == NULL || size == 0) { return NULL; } p = ZeroMalloc(sizeof(RADIUS_PACKET)); p->AvpList = NewListFast(NULL); buf = MemToBuf(data, size); // Code p->Code = ReadBufChar(buf); p->PacketId = ReadBufChar(buf); len = ReadBufShort(buf); p->Parse_AuthenticatorPos = buf->Current; if (ReadBuf(buf, auth, 16) != 16) { goto LABEL_ERROR; } if ((UINT)len < 20) { goto LABEL_ERROR; } if ((UINT)len > buf->Size) { goto LABEL_ERROR; } else if ((UINT)len < buf->Size) { buf->Size = len; } while (true) { RADIUS_AVP a; UCHAR uc; UINT data_size; Zero(&a, sizeof(a)); if (ReadBuf(buf, &a.Type, 1) == 0) { break; } if (a.Type != RADIUS_ATTRIBUTE_VENDOR_SPECIFIC) { if (ReadBuf(buf, &uc, 1) == 0) { break; } data_size = (UINT)uc; if (data_size < 2) { goto LABEL_ERROR; } data_size -= 2; a.DataSize = (UCHAR)data_size; if (a.Type == RADIUS_ATTRIBUTE_EAP_AUTHENTICATOR && a.DataSize == 16) { p->Parse_EapAuthMessagePos = buf->Current; } if (ReadBuf(buf, a.Data, a.DataSize) != a.DataSize) { goto LABEL_ERROR; } if (a.Type == RADIUS_ATTRIBUTE_EAP_MESSAGE && a.DataSize >= 5 && a.DataSize <= 1500) { UINT sz_tmp = Endian16(((EAP_MESSAGE *)a.Data)->Len); if (sz_tmp >= 5 && sz_tmp <= a.DataSize) { if (p->Parse_EapMessage == NULL) { EAP_MESSAGE *eap = Clone(a.Data, a.DataSize); p->Parse_EapMessage_DataSize = sz_tmp; p->Parse_EapMessage = eap; } } } } else { if (ReadBuf(buf, &uc, 1) == 0) { break; } data_size = (UINT)uc; if (data_size < 8) { goto LABEL_ERROR; } data_size -= 8; a.VendorId = ReadBufInt(buf); a.VendorCode = ReadBufChar(buf); if (ReadBuf(buf, &uc, 1) == 0) { break; } if (((UINT)uc - 2) != data_size) { goto LABEL_ERROR; } a.DataSize = (UINT)data_size; if (ReadBuf(buf, a.Data, a.DataSize) != a.DataSize) { goto LABEL_ERROR; } } Add(p->AvpList, Clone(&a, sizeof(RADIUS_AVP))); } FreeBuf(buf); if (true) { UINT num, i; RADIUS_AVP *avp = GetRadiusAvp(p, RADIUS_ATTRIBUTE_STATE); if (avp != NULL) { Copy(p->Parse_State, avp->Data, avp->DataSize); p->Parse_StateSize = avp->DataSize; } num = 0; for (i = 0;i < LIST_NUM(p->AvpList);i++) { RADIUS_AVP *avp = LIST_DATA(p->AvpList, i); if (avp->Type == RADIUS_ATTRIBUTE_EAP_MESSAGE) { num++; } } if (num >= 2) { // Reassemble multiple EAP messages BUF *b = NewBuf(); for (i = 0;i < LIST_NUM(p->AvpList);i++) { RADIUS_AVP *avp = LIST_DATA(p->AvpList, i); if (avp->Type == RADIUS_ATTRIBUTE_EAP_MESSAGE) { WriteBuf(b, avp->Data, avp->DataSize); } } if (Endian16(((EAP_MESSAGE *)b->Buf)->Len) <= b->Size) { if (p->Parse_EapMessage != NULL) { Free(p->Parse_EapMessage); } p->Parse_EapMessage_DataSize = b->Size; p->Parse_EapMessage_DataSize = MIN(p->Parse_EapMessage_DataSize, 1500); p->Parse_EapMessage = Clone(b->Buf, p->Parse_EapMessage_DataSize); } FreeBuf(b); } } return p; LABEL_ERROR: if (p != NULL) { FreeRadiusPacket(p); } if (buf != NULL) { FreeBuf(buf); } return NULL; } ////////// Classical implementation // Attempts Radius authentication (with specifying retry interval and multiple server) bool RadiusLogin(CONNECTION *c, char *server, UINT port, UCHAR *secret, UINT secret_size, wchar_t *username, char *password, UINT interval, UCHAR *mschap_v2_server_response_20, RADIUS_LOGIN_OPTION *opt) { UCHAR random[MD5_SIZE]; UCHAR id; BUF *encrypted_password = NULL; BUF *user_name = NULL; //IP ip; bool ret = false; TOKEN_LIST *token; UINT i; LIST *ip_list; IPC_MSCHAP_V2_AUTHINFO mschap; bool is_mschap; char client_ip_str[MAX_SIZE]; RADIUS_LOGIN_OPTION opt_dummy; static UINT packet_id = 0; // Validate arguments if (server == NULL || port == 0 || (secret_size != 0 && secret == NULL) || username == NULL || password == NULL) { return false; } if (opt == NULL) { Zero(&opt_dummy, sizeof(opt_dummy)); opt = &opt_dummy; } opt->Out_VLanId = 0; Zero(client_ip_str, sizeof(client_ip_str)); if (c != NULL && c->FirstSock != NULL) { IPToStr(client_ip_str, sizeof(client_ip_str), &c->FirstSock->RemoteIP); } // Parse the MS-CHAP v2 authentication data Zero(&mschap, sizeof(mschap)); is_mschap = ParseAndExtractMsChapV2InfoFromPassword(&mschap, password); if (is_mschap && mschap.MsChapV2_EapClient != NULL) { // Try the EAP authentication for RADIUS first EAP_CLIENT *eap = mschap.MsChapV2_EapClient; if (eap->PeapMode == false) { ret = EapClientSendMsChapv2AuthClientResponse(eap, mschap.MsChapV2_ClientResponse, mschap.MsChapV2_ClientChallenge); } else { ret = PeapClientSendMsChapv2AuthClientResponse(eap, mschap.MsChapV2_ClientResponse, mschap.MsChapV2_ClientChallenge); } if (ret) { Copy(mschap_v2_server_response_20, eap->ServerResponse, 20); if (opt->In_CheckVLanId) { opt->Out_VLanId = eap->LastRecvVLanId; } return true; } else { return false; } } // Split the server into tokens token = ParseToken(server, " ,;\t"); // Get the IP address of the server ip_list = NewListFast(NULL); for(i = 0; i < token->NumTokens; i++) { IP *tmp_ip = Malloc(sizeof(IP)); if (GetIP(tmp_ip, token->Token[i])) { Add(ip_list, tmp_ip); } else if (GetIPEx(tmp_ip, token->Token[i], true)) { Add(ip_list, tmp_ip); } else { Free(tmp_ip); } } FreeToken(token); if(LIST_NUM(ip_list) == 0) { ReleaseList(ip_list); return false; } // Random number generation Rand(random, sizeof(random)); // ID generation id = (UCHAR)(packet_id % 254 + 1); packet_id++; if (is_mschap == false) { // Encrypt the password encrypted_password = RadiusEncryptPassword(password, random, secret, secret_size); if (encrypted_password == NULL) { // Encryption failure ReleaseList(ip_list); return false; } } // Generate the user name packet user_name = RadiusCreateUserName(username); if (user_name != NULL) { // Generate a password packet BUF *user_password = (is_mschap ? NULL : RadiusCreateUserPassword(encrypted_password->Buf, encrypted_password->Size)); BUF *nas_id = RadiusCreateNasId(CEDAR_SERVER_STR); if (is_mschap || user_password != NULL) { UINT64 start; UINT64 next_send_time; UCHAR tmp[MAX_SIZE]; UINT recv_buf_size = 32768; UCHAR *recv_buf = MallocEx(recv_buf_size, true); // Generate an UDP packet BUF *p = NewBuf(); UCHAR type = 1; SOCK *sock; USHORT sz = 0; UINT pos = 0; BOOL *finish = ZeroMallocEx(sizeof(BOOL) * LIST_NUM(ip_list), true); Zero(tmp, sizeof(tmp)); WriteBuf(p, &type, 1); WriteBuf(p, &id, 1); WriteBuf(p, &sz, 2); WriteBuf(p, random, 16); WriteBuf(p, user_name->Buf, user_name->Size); if (is_mschap == false) { UINT ui; // PAP WriteBuf(p, user_password->Buf, user_password->Size); WriteBuf(p, nas_id->Buf, nas_id->Size); // Service-Type ui = Endian32(2); RadiusAddValue(p, 6, 0, 0, &ui, sizeof(ui)); // NAS-Port-Type ui = Endian32(5); RadiusAddValue(p, 61, 0, 0, &ui, sizeof(ui)); // Tunnel-Type ui = Endian32(1); RadiusAddValue(p, 64, 0, 0, &ui, sizeof(ui)); // Tunnel-Medium-Type ui = Endian32(1); RadiusAddValue(p, 65, 0, 0, &ui, sizeof(ui)); // Calling-Station-Id RadiusAddValue(p, 31, 0, 0, client_ip_str, StrLen(client_ip_str)); // Tunnel-Client-Endpoint RadiusAddValue(p, 66, 0, 0, client_ip_str, StrLen(client_ip_str)); } else { // MS-CHAP v2 static UINT session_id = 0; USHORT us; UINT ui; char *ms_ras_version = "MSRASV5.20"; UCHAR ms_chapv2_response[50]; // Acct-Session-Id us = Endian16(session_id % 254 + 1); session_id++; RadiusAddValue(p, 44, 0, 0, &us, sizeof(us)); // NAS-IP-Address if (c != NULL && c->FirstSock != NULL && c->FirstSock->IPv6 == false) { ui = IPToUINT(&c->FirstSock->LocalIP); RadiusAddValue(p, 4, 0, 0, &ui, sizeof(ui)); } // Service-Type ui = Endian32(2); RadiusAddValue(p, 6, 0, 0, &ui, sizeof(ui)); // MS-RAS-Vendor ui = Endian32(311); RadiusAddValue(p, 26, 311, 9, &ui, sizeof(ui)); // MS-RAS-Version RadiusAddValue(p, 26, 311, 18, ms_ras_version, StrLen(ms_ras_version)); // NAS-Port-Type ui = Endian32(5); RadiusAddValue(p, 61, 0, 0, &ui, sizeof(ui)); // Tunnel-Type ui = Endian32(1); RadiusAddValue(p, 64, 0, 0, &ui, sizeof(ui)); // Tunnel-Medium-Type ui = Endian32(1); RadiusAddValue(p, 65, 0, 0, &ui, sizeof(ui)); // Calling-Station-Id RadiusAddValue(p, 31, 0, 0, client_ip_str, StrLen(client_ip_str)); // Tunnel-Client-Endpoint RadiusAddValue(p, 66, 0, 0, client_ip_str, StrLen(client_ip_str)); // MS-RAS-Client-Version RadiusAddValue(p, 26, 311, 35, ms_ras_version, StrLen(ms_ras_version)); // MS-RAS-Client-Name RadiusAddValue(p, 26, 311, 34, client_ip_str, StrLen(client_ip_str)); // MS-CHAP-Challenge RadiusAddValue(p, 26, 311, 11, mschap.MsChapV2_ServerChallenge, sizeof(mschap.MsChapV2_ServerChallenge)); // MS-CHAP2-Response Zero(ms_chapv2_response, sizeof(ms_chapv2_response)); Copy(ms_chapv2_response + 2, mschap.MsChapV2_ClientChallenge, 16); Copy(ms_chapv2_response + 2 + 16 + 8, mschap.MsChapV2_ClientResponse, 24); RadiusAddValue(p, 26, 311, 25, ms_chapv2_response, sizeof(ms_chapv2_response)); // NAS-ID WriteBuf(p, nas_id->Buf, nas_id->Size); } SeekBuf(p, 0, 0); WRITE_USHORT(((UCHAR *)p->Buf) + 2, (USHORT)p->Size); // Create a socket sock = NewUDPEx(0, IsIP6(LIST_DATA(ip_list, pos))); // Transmission process start start = Tick64(); if(interval < RADIUS_RETRY_INTERVAL) { interval = RADIUS_RETRY_INTERVAL; } else if(interval > RADIUS_RETRY_TIMEOUT) { interval = RADIUS_RETRY_TIMEOUT; } next_send_time = start + (UINT64)interval; while (true) { UINT server_port; UINT recv_size; //IP server_ip; SOCKSET set; UINT64 now; SEND_RETRY: //SendTo(sock, &ip, port, p->Buf, p->Size); SendTo(sock, LIST_DATA(ip_list, pos), port, p->Buf, p->Size); Debug("send to host:%u\n", pos); next_send_time = Tick64() + (UINT64)interval; RECV_RETRY: now = Tick64(); if (next_send_time <= now) { // Switch the host to refer pos++; pos = pos % LIST_NUM(ip_list); goto SEND_RETRY; } if ((start + RADIUS_RETRY_TIMEOUT) < now) { // Time-out break; } InitSockSet(&set); AddSockSet(&set, sock); Select(&set, (UINT)(next_send_time - now), NULL, NULL); recv_size = RecvFrom(sock, LIST_DATA(ip_list, pos), &server_port, recv_buf, recv_buf_size); if (recv_size == 0) { Debug("Radius recv_size 0\n"); finish[pos] = TRUE; for(i = 0; i < LIST_NUM(ip_list); i++) { if(finish[i] == FALSE) { // Switch the host to refer pos++; pos = pos % LIST_NUM(ip_list); goto SEND_RETRY; } } // Failure break; } else if (recv_size == SOCK_LATER) { // Waiting goto RECV_RETRY; } else { // Check such as the IP address if (/*Cmp(&server_ip, &ip, sizeof(IP)) != 0 || */server_port != port) { goto RECV_RETRY; } // Success if (recv_buf[0] == 2) { ret = true; if (is_mschap && mschap_v2_server_response_20 != NULL) { // Cutting corners Zurukko UCHAR signature[] = {0x1A, 0x33, 0x00, 0x00, 0x01, 0x37, 0x1A, 0x2D, 0x00, 0x53, 0x3D, }; UINT i = SearchBin(recv_buf, 0, recv_buf_size, signature, sizeof(signature)); if (i == INFINITE || ((i + sizeof(signature) + 40) > recv_buf_size)) { ret = false; } else { char tmp[MAX_SIZE]; BUF *b; Zero(tmp, sizeof(tmp)); Copy(tmp, recv_buf + i + sizeof(signature), 40); b = StrToBin(tmp); if (b != NULL && b->Size == 20) { WHERE; Copy(mschap_v2_server_response_20, b->Buf, 20); } else { WHERE; ret = false; } FreeBuf(b); } } if (opt->In_CheckVLanId) { BUF *buf = NewBufFromMemory(recv_buf, recv_size); LIST *o = RadiusParseOptions(buf); if (o != NULL) { DHCP_OPTION *vlan_option = GetDhcpOption(o, RADIUS_ATTRIBUTE_VLAN_ID); if (vlan_option != NULL) { UINT vlan_id = 0; char tmp[32]; Zero(tmp, sizeof(tmp)); Copy(tmp, vlan_option->Data, MIN(vlan_option->Size, sizeof(tmp) - 1)); vlan_id = ToInt(tmp); opt->Out_VLanId = vlan_id; } } FreeBuf(buf); FreeDhcpOptions(o); } } break; } } Free(finish); // Release the socket ReleaseSock(sock); FreeBuf(p); FreeBuf(user_password); Free(recv_buf); } FreeBuf(nas_id); FreeBuf(user_name); } // Release the ip_list for(i = 0; i < LIST_NUM(ip_list); i++) { IP *tmp_ip = LIST_DATA(ip_list, i); Free(tmp_ip); } ReleaseList(ip_list); // Release the memory FreeBuf(encrypted_password); return ret; } // Parse RADIUS attributes LIST *RadiusParseOptions(BUF *b) { LIST *o; UCHAR code; UCHAR id; USHORT len; UCHAR auth[16]; // Validate arguments if (b == NULL) { return NULL; } o = NewList(NULL); ReadBuf(b, &code, 1); ReadBuf(b, &id, 1); len = 0; ReadBuf(b, &len, 2); len = Endian16(len); ReadBuf(b, auth, 16); while (true) { UCHAR attribute_id; UCHAR size; UCHAR data[256]; DHCP_OPTION *d; if (ReadBuf(b, &attribute_id, 1) != 1) { break; } if (ReadBuf(b, &size, 1) != 1) { break; } if (size <= 2) { break; } size -= 2; if (ReadBuf(b, data, size) != size) { break; } d = ZeroMalloc(sizeof(DHCP_OPTION)); d->Id = attribute_id; d->Size = size; d->Data = Clone(data, d->Size); Add(o, d); } return o; } // Adding Attributes void RadiusAddValue(BUF *b, UCHAR t, UINT v, UCHAR vt, void *data, UINT size) { UINT len; // Validate arguments if (b == NULL || (data == NULL && size != 0)) { return; } // type WriteBufChar(b, t); // length len = 2 + size; if (t == 26) { len += 6; } WriteBufChar(b, (UCHAR)len); if (t != 26) { // value WriteBuf(b, data, size); } else { // vendor WriteBufInt(b, v); // vendor type WriteBufChar(b, vt); // length2 len = size + 2; WriteBufChar(b, (UCHAR)len); // value WriteBuf(b, data, size); } } // Create a password attribute for Radius BUF *RadiusCreateUserPassword(void *data, UINT size) { BUF *b; UCHAR code, sz; // Validate arguments if (size != 0 && data == NULL || size >= 253) { return NULL; } b = NewBuf(); code = 2; sz = 2 + (UCHAR)size; WriteBuf(b, &code, 1); WriteBuf(b, &sz, 1); WriteBuf(b, data, size); return b; } // Generate an ID attribute of Nas BUF *RadiusCreateNasId(char *name) { BUF *b; UCHAR code, size; // Validate arguments if (name == NULL) { return NULL; } if (StrLen(name) == 0 || StrLen(name) >= 128) { return NULL; } b = NewBuf(); code = 32; size = 2 + (UCHAR)StrLen(name); WriteBuf(b, &code, 1); WriteBuf(b, &size, 1); WriteBuf(b, name, StrLen(name)); return b; } // Create a user name attribute for Radius BUF *RadiusCreateUserName(wchar_t *username) { BUF *b; UCHAR code, size; UCHAR utf8[254]; // Validate arguments if (username == NULL) { return NULL; } // Convert the user name to a Unicode string UniToStr(utf8, sizeof(utf8), username); utf8[253] = 0; b = NewBuf(); code = 1; size = 2 + (UCHAR)StrLen(utf8); WriteBuf(b, &code, 1); WriteBuf(b, &size, 1); WriteBuf(b, utf8, StrLen(utf8)); return b; } // Encrypt the password for the Radius BUF *RadiusEncryptPassword(char *password, UCHAR *random, UCHAR *secret, UINT secret_size) { UINT n, i; BUF *buf; UCHAR c[16][16]; // Result UCHAR b[16][16]; // Result UCHAR p[16][16]; // Password // Validate arguments if (password == NULL || random == NULL || (secret_size != 0 && secret == NULL)) { return NULL; } if (StrLen(password) > 256) { // Password is too long return NULL; } // Initialize Zero(c, sizeof(c)); Zero(p, sizeof(p)); Zero(b, sizeof(b)); // Divide the password per 16 characters Copy(p, password, StrLen(password)); // Calculate the number of blocks n = StrLen(password) / 16; if ((StrLen(password) % 16) != 0) { n++; } // Encryption processing for (i = 0;i < n;i++) { // Calculation of b[i] UINT j; BUF *tmp = NewBuf(); WriteBuf(tmp, secret, secret_size); if (i == 0) { WriteBuf(tmp, random, 16); } else { WriteBuf(tmp, c[i - 1], 16); } Hash(b[i], tmp->Buf, tmp->Size, false); FreeBuf(tmp); // Calculation of c[i] for (j = 0;j < 16;j++) { c[i][j] = p[i][j] ^ b[i][j]; } } // Return the results buf = NewBuf(); WriteBuf(buf, c, n * 16); return buf; } // Developed by SoftEther VPN Project at University of Tsukuba in Japan. // Department of Computer Science has dozens of overly-enthusiastic geeks. // Join us: http://www.tsukuba.ac.jp/english/admission/