From 1ece33e79a8a46e0d1ba773aa3c1107dd40d7cdf Mon Sep 17 00:00:00 2001 From: Sylvain Rochet Date: Fri, 15 Jun 2012 00:24:39 +0200 Subject: [PATCH] PAP and CHAP are now using ppp_pcb* --- src/netif/ppp/auth.c | 7 +- src/netif/ppp/chap-new.c | 311 +++++++++++++++------------------------ src/netif/ppp/chap-new.h | 4 +- src/netif/ppp/ppp.h | 58 ++++++++ src/netif/ppp/upap.c | 291 ++++++++++++++---------------------- src/netif/ppp/upap.h | 35 ++--- 6 files changed, 301 insertions(+), 405 deletions(-) diff --git a/src/netif/ppp/auth.c b/src/netif/ppp/auth.c index b516ad23..12b5e896 100644 --- a/src/netif/ppp/auth.c +++ b/src/netif/ppp/auth.c @@ -795,7 +795,7 @@ void link_established(ppp_pcb *pcb) { #endif /* EAP_SUPPORT */ #if CHAP_SUPPORT if (go->neg_chap) { - chap_auth_peer(unit, pcb->settings.our_name, CHAP_DIGEST(go->chap_mdtype)); + chap_auth_peer(pcb, pcb->settings.our_name, CHAP_DIGEST(go->chap_mdtype)); auth |= CHAP_PEER; } else #endif /* CHAP_SUPPORT */ @@ -816,13 +816,13 @@ void link_established(ppp_pcb *pcb) { #endif /* EAP_SUPPORT */ #if CHAP_SUPPORT if (ho->neg_chap) { - chap_auth_with_peer(pcb->unit, pcb->settings.user, CHAP_DIGEST(ho->chap_mdtype)); + chap_auth_with_peer(pcb, pcb->settings.user, CHAP_DIGEST(ho->chap_mdtype)); auth |= CHAP_WITHPEER; } else #endif /* CHAP_SUPPORT */ #if PAP_SUPPORT if (ho->neg_upap) { - upap_authwithpeer(pcb->unit, pcb->settings.user, pcb->settings.passwd); + upap_authwithpeer(pcb, pcb->settings.user, pcb->settings.passwd); auth |= PAP_WITHPEER; } else #endif /* PAP_SUPPORT */ @@ -832,6 +832,7 @@ void link_established(ppp_pcb *pcb) { pcb->auth_done = 0; if (!auth) + network_phase(pcb); } diff --git a/src/netif/ppp/chap-new.c b/src/netif/ppp/chap-new.c index 2cf2ab74..a70e5bdb 100644 --- a/src/netif/ppp/chap-new.c +++ b/src/netif/ppp/chap-new.c @@ -82,17 +82,6 @@ static option_t chap_option_list[] = { }; #endif /* PPP_OPTIONS */ -/* - * Internal state. - */ -/* FIXME: one client struct per ppp session */ -static struct chap_client_state { - int flags; - char *name; - struct chap_digest_type *digest; - unsigned char priv[64]; /* private area for digest's use */ -} client; - /* * These limits apply to challenge and response packets we send. * The +4 is the +1 that we actually need rounded up. @@ -100,20 +89,6 @@ static struct chap_client_state { #define CHAL_MAX_PKTLEN (PPP_HDRLEN + CHAP_HDRLEN + 4 + MAX_CHALLENGE_LEN + MAXNAMELEN) #define RESP_MAX_PKTLEN (PPP_HDRLEN + CHAP_HDRLEN + 4 + MAX_RESPONSE_LEN + MAXNAMELEN) -#if PPP_SERVER -/* FIXME: one server struct per ppp session */ -static struct chap_server_state { - int flags; - int id; - char *name; - struct chap_digest_type *digest; - int challenge_xmits; - int challenge_pktlen; - unsigned char challenge[CHAL_MAX_PKTLEN]; - char message[256]; -} server; -#endif /* PPP_SERVER */ - /* Values for flags in chap_client_state and chap_server_state */ #define LOWERUP 1 #define AUTH_STARTED 2 @@ -130,17 +105,17 @@ static void chap_lowerup(int unit); static void chap_lowerdown(int unit); #if PPP_SERVER static void chap_timeout(void *arg); -static void chap_generate_challenge(struct chap_server_state *ss); -static void chap_handle_response(struct chap_server_state *ss, int code, +static void chap_generate_challenge(ppp_pcb *pcb); +static void chap_handle_response(ppp_pcb *pcb, int code, unsigned char *pkt, int len); static int chap_verify_response(char *name, char *ourname, int id, struct chap_digest_type *digest, unsigned char *challenge, unsigned char *response, char *message, int message_space); #endif /* PPP_SERVER */ -static void chap_respond(struct chap_client_state *cs, int id, +static void chap_respond(ppp_pcb *pcb, int id, unsigned char *pkt, int len); -static void chap_handle_status(struct chap_client_state *cs, int code, int id, +static void chap_handle_status(ppp_pcb *pcb, int code, int id, unsigned char *pkt, int len); static void chap_protrej(int unit); static void chap_input(int unit, unsigned char *pkt, int pktlen); @@ -155,12 +130,12 @@ static struct chap_digest_type *chap_digests; /* * chap_init - reset to initial state. */ -static void -chap_init(int unit) -{ - memset(&client, 0, sizeof(client)); +static void chap_init(int unit) { + ppp_pcb *pcb = &ppp_pcb_list[unit]; + + memset(&pcb->chap_client, 0, sizeof(chap_client_state)); #if PPP_SERVER - memset(&server, 0, sizeof(server)); + memset(&pcb->chap_server, 0, sizeof(chap_server_state)); #endif /* PPP_SERVER */ chap_md5_init(); @@ -172,9 +147,7 @@ chap_init(int unit) /* * Add a new digest type to the list. */ -void -chap_register_digest(struct chap_digest_type *dp) -{ +void chap_register_digest(struct chap_digest_type *dp) { dp->next = chap_digests; chap_digests = dp; } @@ -182,35 +155,25 @@ chap_register_digest(struct chap_digest_type *dp) /* * chap_lowerup - we can start doing stuff now. */ -static void -chap_lowerup(int unit) -{ - struct chap_client_state *cs = &client; -#if PPP_SERVER - struct chap_server_state *ss = &server; -#endif /* PPP_SERVER */ +static void chap_lowerup(int unit) { + ppp_pcb *pcb = &ppp_pcb_list[unit]; - cs->flags |= LOWERUP; + pcb->chap_client.flags |= LOWERUP; #if PPP_SERVER - ss->flags |= LOWERUP; - if (ss->flags & AUTH_STARTED) - chap_timeout(ss); + pcb->chap_server.flags |= LOWERUP; + if (pcb->chap_server.flags & AUTH_STARTED) + chap_timeout(pcb); #endif /* PPP_SERVER */ } -static void -chap_lowerdown(int unit) -{ - struct chap_client_state *cs = &client; -#if PPP_SERVER - struct chap_server_state *ss = &server; -#endif /* PPP_SERVER */ +static void chap_lowerdown(int unit) { + ppp_pcb *pcb = &ppp_pcb_list[unit]; - cs->flags = 0; + pcb->chap_client.flags = 0; #if PPP_SERVER - if (ss->flags & TIMEOUT_PENDING) - UNTIMEOUT(chap_timeout, ss); - ss->flags = 0; + if (pcb->chap_server.flags & TIMEOUT_PENDING) + UNTIMEOUT(chap_timeout, pcb); + pcb->chap_server.flags = 0; #endif /* PPP_SERVER */ } @@ -220,13 +183,11 @@ chap_lowerdown(int unit) * If the lower layer is already up, we start sending challenges, * otherwise we wait for the lower layer to come up. */ -void -chap_auth_peer(int unit, char *our_name, int digest_code) -{ +void chap_auth_peer(ppp_pcb *pcb, char *our_name, int digest_code) { struct chap_server_state *ss = &server; struct chap_digest_type *dp; - if (ss->flags & AUTH_STARTED) { + if (pcb->chap_server.flags & AUTH_STARTED) { error("CHAP: peer authentication already started!"); return; } @@ -237,12 +198,12 @@ chap_auth_peer(int unit, char *our_name, int digest_code) fatal("CHAP digest 0x%x requested but not available", digest_code); - ss->digest = dp; - ss->name = our_name; + pcb->chap_server.digest = dp; + pcb->chap_server.name = our_name; /* Start with a random ID value */ - ss->id = (unsigned char)(drand48() * 256); - ss->flags |= AUTH_STARTED; - if (ss->flags & LOWERUP) + pcb->chap_server.id = (unsigned char)(drand48() * 256); + pcb->chap_server.flags |= AUTH_STARTED; + if (pcb->chap_server.flags & LOWERUP) chap_timeout(ss); } #endif /* PPP_SERVER */ @@ -251,13 +212,10 @@ chap_auth_peer(int unit, char *our_name, int digest_code) * chap_auth_with_peer - Prepare to authenticate ourselves to the peer. * There isn't much to do until we receive a challenge. */ -void -chap_auth_with_peer(int unit, char *our_name, int digest_code) -{ - struct chap_client_state *cs = &client; +void chap_auth_with_peer(ppp_pcb *pcb, char *our_name, int digest_code) { struct chap_digest_type *dp; - if (cs->flags & AUTH_STARTED) { + if (pcb->chap_client.flags & AUTH_STARTED) { error("CHAP: authentication with peer already started!"); return; } @@ -268,9 +226,9 @@ chap_auth_with_peer(int unit, char *our_name, int digest_code) fatal("CHAP digest 0x%x requested but not available", digest_code); - cs->digest = dp; - cs->name = our_name; - cs->flags |= AUTH_STARTED; + pcb->chap_client.digest = dp; + pcb->chap_client.name = our_name; + pcb->chap_client.flags |= AUTH_STARTED; } # if PPP_SERVER @@ -279,55 +237,49 @@ chap_auth_with_peer(int unit, char *our_name, int digest_code) * This could be either a retransmission of a previous challenge, * or a new challenge to start re-authentication. */ -static void -chap_timeout(void *arg) -{ - /* FIXME: fix forced unit 0 */ - ppp_pcb *pcb = &ppp_pcb_list[0]; - struct chap_server_state *ss = arg; +static void chap_timeout(void *arg) { + ppp_pcb *pcb = (ppp_pcb*)arg; - ss->flags &= ~TIMEOUT_PENDING; - if ((ss->flags & CHALLENGE_VALID) == 0) { - ss->challenge_xmits = 0; - chap_generate_challenge(ss); - ss->flags |= CHALLENGE_VALID; - } else if (ss->challenge_xmits >= chap_max_transmits) { - ss->flags &= ~CHALLENGE_VALID; - ss->flags |= AUTH_DONE | AUTH_FAILED; + pcb->chap_server.flags &= ~TIMEOUT_PENDING; + if ((pcb->chap_server.flags & CHALLENGE_VALID) == 0) { + pcb->chap_server.challenge_xmits = 0; + chap_generate_challenge(pcb); + pcb->chap_server.flags |= CHALLENGE_VALID; + } else if (pcb->chap_server.challenge_xmits >= chap_max_transmits) { + pcb->chap_server.flags &= ~CHALLENGE_VALID; + pcb->chap_server.flags |= AUTH_DONE | AUTH_FAILED; auth_peer_fail(pcb, PPP_CHAP); return; } - ppp_write(pcb, ss->challenge, ss->challenge_pktlen); - ++ss->challenge_xmits; - ss->flags |= TIMEOUT_PENDING; + ppp_write(pcb, pcb->chap_server.challenge, pcb->chap_server.challenge_pktlen); + ++pcb->chap_server.challenge_xmits; + pcb->chap_server.flags |= TIMEOUT_PENDING; TIMEOUT(chap_timeout, arg, chap_timeout_time); } /* * chap_generate_challenge - generate a challenge string and format - * the challenge packet in ss->challenge_pkt. + * the challenge packet in pcb->chap_server.challenge_pkt. */ -static void -chap_generate_challenge(struct chap_server_state *ss) -{ +static void chap_generate_challenge(ppp_pcb *pcb) { int clen = 1, nlen, len; unsigned char *p; - p = ss->challenge; + p = pcb->chap_server.challenge; MAKEHEADER(p, PPP_CHAP); p += CHAP_HDRLEN; - ss->digest->generate_challenge(p); + pcb->chap_server.digest->generate_challenge(p); clen = *p; - nlen = strlen(ss->name); - memcpy(p + 1 + clen, ss->name, nlen); + nlen = strlen(pcb->chap_server.name); + memcpy(p + 1 + clen, pcb->chap_server.name, nlen); len = CHAP_HDRLEN + 1 + clen + nlen; - ss->challenge_pktlen = PPP_HDRLEN + len; + pcb->chap_server.challenge_pktlen = PPP_HDRLEN + len; - p = ss->challenge + PPP_HDRLEN; + p = pcb->chap_server.challenge + PPP_HDRLEN; p[0] = CHAP_CHALLENGE; - p[1] = ++ss->id; + p[1] = ++pcb->chap_server.id; p[2] = len >> 8; p[3] = len; } @@ -335,12 +287,8 @@ chap_generate_challenge(struct chap_server_state *ss) /* * chap_handle_response - check the response to our challenge. */ -static void -chap_handle_response(struct chap_server_state *ss, int id, - unsigned char *pkt, int len) -{ - /* FIXME: fix forced unit 0 */ - ppp_pcb *pcb = &ppp_pcb_list[0]; +static void chap_handle_response(ppp_pcb *pcb, int id, + unsigned char *pkt, int len) { int response_len, ok, mlen; unsigned char *response, *p; char *name = NULL; /* initialized to shut gcc up */ @@ -348,11 +296,11 @@ chap_handle_response(struct chap_server_state *ss, int id, unsigned char *, unsigned char *, char *, int); char rname[MAXNAMELEN+1]; - if ((ss->flags & LOWERUP) == 0) + if ((pcb->chap_server.flags & LOWERUP) == 0) return; - if (id != ss->challenge[PPP_HDRLEN+1] || len < 2) + if (id != pcb->chap_server.challenge[PPP_HDRLEN+1] || len < 2) return; - if (ss->flags & CHALLENGE_VALID) { + if (pcb->chap_server.flags & CHALLENGE_VALID) { response = pkt; GETCHAR(response_len, pkt); len -= response_len + 1; /* length of name */ @@ -360,9 +308,9 @@ chap_handle_response(struct chap_server_state *ss, int id, if (len < 0) return; - if (ss->flags & TIMEOUT_PENDING) { - ss->flags &= ~TIMEOUT_PENDING; - UNTIMEOUT(chap_timeout, ss); + if (pcb->chap_server.flags & TIMEOUT_PENDING) { + pcb->chap_server.flags &= ~TIMEOUT_PENDING; + UNTIMEOUT(chap_timeout, pcb); } if (explicit_remote) { @@ -377,35 +325,35 @@ chap_handle_response(struct chap_server_state *ss, int id, verifier = chap_verify_hook; else verifier = chap_verify_response; - ok = (*verifier)(name, ss->name, id, ss->digest, - ss->challenge + PPP_HDRLEN + CHAP_HDRLEN, - response, ss->message, sizeof(ss->message)); + ok = (*verifier)(name, pcb->chap_server.name, id, pcb->chap_server.digest, + pcb->chap_server.challenge + PPP_HDRLEN + CHAP_HDRLEN, + response, pcb->chap_server.message, sizeof(pcb->chap_server.message)); #if 0 /* UNUSED */ if (!ok || !auth_number()) { #endif /* UNUSED */ if (!ok) { - ss->flags |= AUTH_FAILED; + pcb->chap_server.flags |= AUTH_FAILED; warn("Peer %q failed CHAP authentication", name); } - } else if ((ss->flags & AUTH_DONE) == 0) + } else if ((pcb->chap_server.flags & AUTH_DONE) == 0) return; /* send the response */ p = outpacket_buf; MAKEHEADER(p, PPP_CHAP); - mlen = strlen(ss->message); + mlen = strlen(pcb->chap_server.message); len = CHAP_HDRLEN + mlen; - p[0] = (ss->flags & AUTH_FAILED)? CHAP_FAILURE: CHAP_SUCCESS; + p[0] = (pcb->chap_server.flags & AUTH_FAILED)? CHAP_FAILURE: CHAP_SUCCESS; p[1] = id; p[2] = len >> 8; p[3] = len; if (mlen > 0) - memcpy(p + CHAP_HDRLEN, ss->message, mlen); + memcpy(p + CHAP_HDRLEN, pcb->chap_server.message, mlen); ppp_write(pcb, outpacket_buf, PPP_HDRLEN + len); - if (ss->flags & CHALLENGE_VALID) { - ss->flags &= ~CHALLENGE_VALID; - if (!(ss->flags & AUTH_DONE) && !(ss->flags & AUTH_FAILED)) { + if (pcb->chap_server.flags & CHALLENGE_VALID) { + pcb->chap_server.flags &= ~CHALLENGE_VALID; + if (!(pcb->chap_server.flags & AUTH_DONE) && !(pcb->chap_server.flags & AUTH_FAILED)) { #if 0 /* UNUSED */ /* @@ -419,26 +367,26 @@ chap_handle_response(struct chap_server_state *ss, int id, */ if (session_mgmt && session_check(name, NULL, devnam, NULL) == 0) { - ss->flags |= AUTH_FAILED; + pcb->chap_server.flags |= AUTH_FAILED; warn("Peer %q failed CHAP Session verification", name); } #endif /* UNUSED */ } - if (ss->flags & AUTH_FAILED) { + if (pcb->chap_server.flags & AUTH_FAILED) { auth_peer_fail(pcb, PPP_CHAP); } else { - if ((ss->flags & AUTH_DONE) == 0) + if ((pcb->chap_server.flags & AUTH_DONE) == 0) auth_peer_success(pcb, PPP_CHAP, - ss->digest->code, + pcb->chap_server.digest->code, name, strlen(name)); if (chap_rechallenge_time) { - ss->flags |= TIMEOUT_PENDING; - TIMEOUT(chap_timeout, ss, + pcb->chap_server.flags |= TIMEOUT_PENDING; + TIMEOUT(chap_timeout, pcb, chap_rechallenge_time); } } - ss->flags |= AUTH_DONE; + pcb->chap_server.flags |= AUTH_DONE; } } @@ -447,12 +395,10 @@ chap_handle_response(struct chap_server_state *ss, int id, * what we think it should be. Returns 1 if it does (authentication * succeeded), or 0 if it doesn't. */ -static int -chap_verify_response(char *name, char *ourname, int id, +static int chap_verify_response(char *name, char *ourname, int id, struct chap_digest_type *digest, unsigned char *challenge, unsigned char *response, - char *message, int message_space) -{ + char *message, int message_space) { int ok; unsigned char secret[MAXSECRETLEN]; int secret_len; @@ -474,12 +420,8 @@ chap_verify_response(char *name, char *ourname, int id, /* * chap_respond - Generate and send a response to a challenge. */ -static void -chap_respond(struct chap_client_state *cs, int id, - unsigned char *pkt, int len) -{ - /* FIXME: fix forced unit 0 */ - ppp_pcb *pcb = &ppp_pcb_list[0]; +static void chap_respond(ppp_pcb *pcb, int id, + unsigned char *pkt, int len) { int clen, nlen; int secret_len; unsigned char *p; @@ -488,7 +430,7 @@ chap_respond(struct chap_client_state *cs, int id, char secret[MAXSECRETLEN+1]; ppp_pcb *pc = &ppp_pcb_list[0]; - if ((cs->flags & (LOWERUP | AUTH_STARTED)) != (LOWERUP | AUTH_STARTED)) + if ((pcb->chap_client.flags & (LOWERUP | AUTH_STARTED)) != (LOWERUP | AUTH_STARTED)) return; /* not ready */ if (len < 2 || len < pkt[0] + 1) return; /* too short */ @@ -503,7 +445,7 @@ chap_respond(struct chap_client_state *cs, int id, strlcpy(rname, pc->settings.remote_name, sizeof(rname)); /* get secret for authenticating ourselves with the specified host */ - if (!get_secret(pcb, cs->name, rname, secret, &secret_len, 0)) { + if (!get_secret(pcb, pcb->chap_client.name, rname, secret, &secret_len, 0)) { secret_len = 0; /* assume null secret if can't find one */ warn("No CHAP secret found for authenticating us to %q", rname); } @@ -512,13 +454,13 @@ chap_respond(struct chap_client_state *cs, int id, MAKEHEADER(p, PPP_CHAP); p += CHAP_HDRLEN; - cs->digest->make_response(p, id, cs->name, pkt, - secret, secret_len, cs->priv); + pcb->chap_client.digest->make_response(p, id, pcb->chap_client.name, pkt, + secret, secret_len, pcb->chap_client.priv); memset(secret, 0, secret_len); clen = *p; - nlen = strlen(cs->name); - memcpy(p + clen + 1, cs->name, nlen); + nlen = strlen(pcb->chap_client.name); + memcpy(p + clen + 1, pcb->chap_client.name, nlen); p = response + PPP_HDRLEN; len = CHAP_HDRLEN + clen + 1 + nlen; @@ -530,29 +472,25 @@ chap_respond(struct chap_client_state *cs, int id, ppp_write(pcb, response, PPP_HDRLEN + len); } -static void -chap_handle_status(struct chap_client_state *cs, int code, int id, - unsigned char *pkt, int len) -{ - /* FIXME: fix forced unit 0 */ - ppp_pcb *pcb = &ppp_pcb_list[0]; +static void chap_handle_status(ppp_pcb *pcb, int code, int id, + unsigned char *pkt, int len) { const char *msg = NULL; - if ((cs->flags & (AUTH_DONE|AUTH_STARTED|LOWERUP)) + if ((pcb->chap_client.flags & (AUTH_DONE|AUTH_STARTED|LOWERUP)) != (AUTH_STARTED|LOWERUP)) return; - cs->flags |= AUTH_DONE; + pcb->chap_client.flags |= AUTH_DONE; if (code == CHAP_SUCCESS) { /* used for MS-CHAP v2 mutual auth, yuck */ - if (cs->digest->check_success != NULL) { - if (!(*cs->digest->check_success)(pkt, len, cs->priv)) + if (pcb->chap_client.digest->check_success != NULL) { + if (!(*pcb->chap_client.digest->check_success)(pkt, len, pcb->chap_client.priv)) code = CHAP_FAILURE; } else msg = "CHAP authentication succeeded"; } else { - if (cs->digest->handle_failure != NULL) - (*cs->digest->handle_failure)(pkt, len); + if (pcb->chap_client.digest->handle_failure != NULL) + (*pcb->chap_client.digest->handle_failure)(pkt, len); else msg = "CHAP authentication failed"; } @@ -563,22 +501,16 @@ chap_handle_status(struct chap_client_state *cs, int code, int id, info("%s", msg); } if (code == CHAP_SUCCESS) - auth_withpeer_success(pcb, PPP_CHAP, cs->digest->code); + auth_withpeer_success(pcb, PPP_CHAP, pcb->chap_client.digest->code); else { - cs->flags |= AUTH_FAILED; + pcb->chap_client.flags |= AUTH_FAILED; error("CHAP authentication failed"); auth_withpeer_fail(pcb, PPP_CHAP); } } -static void -chap_input(int unit, unsigned char *pkt, int pktlen) -{ - struct chap_client_state *cs = &client; -#if PPP_SERVER - struct chap_server_state *ss = &server; -#endif /* PPP_SERVER */ - +static void chap_input(int unit, unsigned char *pkt, int pktlen) { + ppp_pcb *pcb = &ppp_pcb_list[unit]; unsigned char code, id; int len; @@ -593,39 +525,35 @@ chap_input(int unit, unsigned char *pkt, int pktlen) switch (code) { case CHAP_CHALLENGE: - chap_respond(cs, id, pkt, len); + chap_respond(pcb, id, pkt, len); break; #if PPP_SERVER case CHAP_RESPONSE: - chap_handle_response(ss, id, pkt, len); + chap_handle_response(pcb, id, pkt, len); break; #endif /* PPP_SERVER */ case CHAP_FAILURE: case CHAP_SUCCESS: - chap_handle_status(cs, code, id, pkt, len); + chap_handle_status(pcb, code, id, pkt, len); break; } } -static void -chap_protrej(int unit) -{ +static void chap_protrej(int unit) { ppp_pcb *pcb = &ppp_pcb_list[unit]; - struct chap_client_state *cs = &client; -#if PPP_SERVER - struct chap_server_state *ss = &server; - if (ss->flags & TIMEOUT_PENDING) { - ss->flags &= ~TIMEOUT_PENDING; - UNTIMEOUT(chap_timeout, ss); +#if PPP_SERVER + if (pcb->chap_server.flags & TIMEOUT_PENDING) { + pcb->chap_server.flags &= ~TIMEOUT_PENDING; + UNTIMEOUT(chap_timeout, pcb); } - if (ss->flags & AUTH_STARTED) { - ss->flags = 0; + if (pcb->chap_server.flags & AUTH_STARTED) { + pcb->chap_server.flags = 0; auth_peer_fail(pcb, PPP_CHAP); } #endif /* PPP_SERVER */ - if ((cs->flags & (AUTH_STARTED|AUTH_DONE)) == AUTH_STARTED) { - cs->flags &= ~AUTH_STARTED; + if ((pcb->chap_client.flags & (AUTH_STARTED|AUTH_DONE)) == AUTH_STARTED) { + pcb->chap_client.flags &= ~AUTH_STARTED; error("CHAP authentication failed due to protocol-reject"); auth_withpeer_fail(pcb, PPP_CHAP); } @@ -639,10 +567,8 @@ static char *chap_code_names[] = { "Challenge", "Response", "Success", "Failure" }; -static int -chap_print_pkt(unsigned char *p, int plen, - void (*printer) (void *, char *, ...), void *arg) -{ +static int chap_print_pkt(unsigned char *p, int plen, + void (*printer) (void *, char *, ...), void *arg) { int code, id, len; int clen, nlen; unsigned char x; @@ -689,6 +615,7 @@ chap_print_pkt(unsigned char *p, int plen, GETCHAR(x, p); printer(arg, " %.2x", x); } + /* no break */ } return len + CHAP_HDRLEN; diff --git a/src/netif/ppp/chap-new.h b/src/netif/ppp/chap-new.h index 0713dca8..902fed7e 100644 --- a/src/netif/ppp/chap-new.h +++ b/src/netif/ppp/chap-new.h @@ -151,11 +151,11 @@ extern void chap_register_digest(struct chap_digest_type *); #if PPP_SERVER /* Called by authentication code to start authenticating the peer. */ -extern void chap_auth_peer(int unit, char *our_name, int digest_code); +extern void chap_auth_peer(ppp_pcb *pcb, char *our_name, int digest_code); #endif /* PPP_SERVER */ /* Called by auth. code to start authenticating us to the peer. */ -extern void chap_auth_with_peer(int unit, char *our_name, int digest_code); +extern void chap_auth_with_peer(ppp_pcb *pcb, char *our_name, int digest_code); /* Represents the CHAP protocol to the main pppd code */ extern struct protent chap_protent; diff --git a/src/netif/ppp/ppp.h b/src/netif/ppp/ppp.h index a524e117..dde28bf5 100644 --- a/src/netif/ppp/ppp.h +++ b/src/netif/ppp/ppp.h @@ -214,6 +214,53 @@ typedef struct ppp_pcb_rx_s { } ppp_pcb_rx; #endif /* PPPOS_SUPPORT */ +/* + * Each interface is described by upap structure. + */ +#if PAP_SUPPORT +typedef struct upap_state { + int us_unit; /* Interface unit number */ + char *us_user; /* User */ + int us_userlen; /* User length */ + char *us_passwd; /* Password */ + int us_passwdlen; /* Password length */ + int us_clientstate; /* Client state */ +#if PPP_SERVER + int us_serverstate; /* Server state */ +#endif /* PPP_SERVER */ + u_char us_id; /* Current id */ + int us_timeouttime; /* Timeout (seconds) for auth-req retrans. */ + int us_transmits; /* Number of auth-reqs sent */ + int us_maxtransmits; /* Maximum number of auth-reqs to send */ + int us_reqtimeout; /* Time to wait for auth-req from peer */ +} upap_state; +#endif /* PAP_SUPPORT */ + +/* + * Each interface is described by chap structure. + */ +#if CHAP_SUPPORT +typedef struct chap_client_state { + int flags; + char *name; + struct chap_digest_type *digest; + unsigned char priv[64]; /* private area for digest's use */ +} chap_client_state; + +#if PPP_SERVER +static struct chap_server_state { + int flags; + int id; + char *name; + struct chap_digest_type *digest; + int challenge_xmits; + int challenge_pktlen; + unsigned char challenge[CHAL_MAX_PKTLEN]; + char message[256]; +} chap_server_state; +#endif /* PPP_SERVER */ +#endif /* CHAP_SUPPORT */ + /* * PPP interface control block. */ @@ -262,6 +309,17 @@ typedef struct ppp_pcb_s { int auth_done; /* Records which authentication operations have been completed. */ int num_np_open; /* Number of network protocols which we have opened. */ int num_np_up; /* Number of network protocols which have come up. */ + +#if PAP_SUPPORT + upap_state upap; /* PAP data */ +#endif /* PAP_SUPPORT */ + +#if CHAP_SUPPORT + chap_client_state chap_client; +#if PPP_SERVER + chap_server_state chap_server; +#endif /* PPP_SERVER */ +#endif /* CHAP_SUPPORT */ } ppp_pcb; /************************ diff --git a/src/netif/ppp/upap.c b/src/netif/ppp/upap.c index df6ea1fe..f498044f 100644 --- a/src/netif/ppp/upap.c +++ b/src/netif/ppp/upap.c @@ -80,14 +80,13 @@ static option_t pap_option_list[] = { /* * Protocol entry points. */ -static void upap_init (int); -static void upap_lowerup (int); -static void upap_lowerdown (int); -static void upap_input (int, u_char *, int); -static void upap_protrej (int); +static void upap_init(int unit); +static void upap_lowerup(int unit); +static void upap_lowerdown(int unit); +static void upap_input(int unit, u_char *inpacket, int l); +static void upap_protrej(int unit); #if PRINTPKT_SUPPORT -static int upap_printpkt (u_char *, int, - void (*) (void *, char *, ...), void *); +static int upap_printpkt(u_char *p, int plen, void (*printer) (void *, char *, ...), void *arg); #endif /* PRINTPKT_SUPPORT */ struct protent pap_protent = { @@ -118,45 +117,40 @@ struct protent pap_protent = { #endif /* DEMAND_SUPPORT */ }; -upap_state upap[NUM_PPP]; /* UPAP state; one for each unit */ - -static void upap_timeout (void *); +static void upap_timeout(void *arg); #if PPP_SERVER -static void upap_reqtimeout (void *); +static void upap_reqtimeout(void *arg); #endif /* PPP_SERVER */ #if 0 /* UNUSED */ -static void upap_rauthreq (upap_state *, u_char *, int, int); +static void upap_rauthreq(ppp_pcb *pcb, u_char *inp, int id, int len); #endif /* UNUSED */ -static void upap_rauthack (upap_state *, u_char *, int, int); -static void upap_rauthnak (upap_state *, u_char *, int, int); -static void upap_sauthreq (upap_state *); +static void upap_rauthack(ppp_pcb *pcb, u_char *inp, int id, int len); +static void upap_rauthnak(ppp_pcb *pcb, u_char *inp, int id, int len); +static void upap_sauthreq(ppp_pcb *pcb); #if 0 /* UNUSED */ -static void upap_sresp (upap_state *, int, int, char *, int); +static void upap_sresp(ppp_pcb *pcb, u_char code, u_char id, char *msg, int msglen); #endif /* UNUSED */ /* * upap_init - Initialize a UPAP unit. */ -static void -upap_init(unit) - int unit; -{ - upap_state *u = &upap[unit]; +static void upap_init(int unit) { + ppp_pcb *pcb = &ppp_pcb_list[unit]; - u->us_unit = unit; - u->us_user = NULL; - u->us_userlen = 0; - u->us_passwd = NULL; - u->us_passwdlen = 0; - u->us_clientstate = UPAPCS_INITIAL; + pcb->upap.us_unit = unit; + pcb->upap.us_user = NULL; + pcb->upap.us_userlen = 0; + pcb->upap.us_passwd = NULL; + pcb->upap.us_passwdlen = 0; + pcb->upap.us_clientstate = UPAPCS_INITIAL; #if PPP_SERVER - u->us_serverstate = UPAPSS_INITIAL; + pcb->upap.us_serverstate = UPAPSS_INITIAL; #endif /* PPP_SERVER */ - u->us_id = 0; - u->us_timeouttime = UPAP_DEFTIMEOUT; - u->us_maxtransmits = 10; - u->us_reqtimeout = UPAP_DEFREQTIME; + pcb->upap.us_id = 0; + pcb->upap.us_timeouttime = UPAP_DEFTIMEOUT; + pcb->upap.us_maxtransmits = 10; + pcb->upap.us_reqtimeout = UPAP_DEFREQTIME; } @@ -165,28 +159,22 @@ upap_init(unit) * * Set new state and send authenticate's. */ -void -upap_authwithpeer(unit, user, password) - int unit; - char *user, *password; -{ - upap_state *u = &upap[unit]; - +void upap_authwithpeer(ppp_pcb *pcb, char *user, char *password) { /* Save the username and password we're given */ - u->us_user = user; - u->us_userlen = strlen(user); - u->us_passwd = password; - u->us_passwdlen = strlen(password); - u->us_transmits = 0; + pcb->upap.us_user = user; + pcb->upap.us_userlen = strlen(user); + pcb->upap.us_passwd = password; + pcb->upap.us_passwdlen = strlen(password); + pcb->upap.us_transmits = 0; /* Lower layer up yet? */ - if (u->us_clientstate == UPAPCS_INITIAL || - u->us_clientstate == UPAPCS_PENDING) { - u->us_clientstate = UPAPCS_PENDING; + if (pcb->upap.us_clientstate == UPAPCS_INITIAL || + pcb->upap.us_clientstate == UPAPCS_PENDING) { + pcb->upap.us_clientstate = UPAPCS_PENDING; return; } - upap_sauthreq(u); /* Start protocol */ + upap_sauthreq(pcb); /* Start protocol */ } #if PPP_SERVER @@ -195,47 +183,39 @@ upap_authwithpeer(unit, user, password) * * Set new state. */ -void -upap_authpeer(unit) - int unit; -{ - upap_state *u = &upap[unit]; +void upap_authpeer(ppp_pcb *pcb) { /* Lower layer up yet? */ - if (u->us_serverstate == UPAPSS_INITIAL || - u->us_serverstate == UPAPSS_PENDING) { - u->us_serverstate = UPAPSS_PENDING; + if (pcb->upap.us_serverstate == UPAPSS_INITIAL || + pcb->upap.us_serverstate == UPAPSS_PENDING) { + pcb->upap.us_serverstate = UPAPSS_PENDING; return; } - u->us_serverstate = UPAPSS_LISTEN; - if (u->us_reqtimeout > 0) - TIMEOUT(upap_reqtimeout, u, u->us_reqtimeout); + pcb->upap.us_serverstate = UPAPSS_LISTEN; + if (pcb->upap.us_reqtimeout > 0) + TIMEOUT(upap_reqtimeout, pcb, pcb->upap.us_reqtimeout); } #endif /* PPP_SERVER */ /* * upap_timeout - Retransmission timer for sending auth-reqs expired. */ -static void -upap_timeout(arg) - void *arg; -{ - upap_state *u = (upap_state *) arg; - ppp_pcb *pcb = &ppp_pcb_list[u->us_unit]; +static void upap_timeout(void *arg) { + ppp_pcb *pcb = (ppp_pcb*)arg; - if (u->us_clientstate != UPAPCS_AUTHREQ) + if (pcb->upap.us_clientstate != UPAPCS_AUTHREQ) return; - if (u->us_transmits >= u->us_maxtransmits) { + if (pcb->upap.us_transmits >= pcb->upap.us_maxtransmits) { /* give up in disgust */ error("No response to PAP authenticate-requests"); - u->us_clientstate = UPAPCS_BADAUTH; + pcb->upap.us_clientstate = UPAPCS_BADAUTH; auth_withpeer_fail(pcb, PPP_PAP); return; } - upap_sauthreq(u); /* Send Authenticate-Request */ + upap_sauthreq(pcb); /* Send Authenticate-Request */ } @@ -243,17 +223,14 @@ upap_timeout(arg) /* * upap_reqtimeout - Give up waiting for the peer to send an auth-req. */ -static void -upap_reqtimeout(arg) - void *arg; -{ - upap_state *u = (upap_state *) arg; +static void upap_reqtimeout(void *arg) { + ppp_pcb *pcb = (ppp_pcb*)arg; - if (u->us_serverstate != UPAPSS_LISTEN) + if (pcb->upap.us_serverstate != UPAPSS_LISTEN) return; /* huh?? */ auth_peer_fail(pcb, PPP_PAP); - u->us_serverstate = UPAPSS_BADAUTH; + pcb->upap.us_serverstate = UPAPSS_BADAUTH; } #endif /* PPP_SERVER */ @@ -263,25 +240,22 @@ upap_reqtimeout(arg) * * Start authenticating if pending. */ -static void -upap_lowerup(unit) - int unit; -{ - upap_state *u = &upap[unit]; +static void upap_lowerup(int unit) { + ppp_pcb *pcb = &ppp_pcb_list[unit]; - if (u->us_clientstate == UPAPCS_INITIAL) - u->us_clientstate = UPAPCS_CLOSED; - else if (u->us_clientstate == UPAPCS_PENDING) { - upap_sauthreq(u); /* send an auth-request */ + if (pcb->upap.us_clientstate == UPAPCS_INITIAL) + pcb->upap.us_clientstate = UPAPCS_CLOSED; + else if (pcb->upap.us_clientstate == UPAPCS_PENDING) { + upap_sauthreq(pcb); /* send an auth-request */ } #if PPP_SERVER - if (u->us_serverstate == UPAPSS_INITIAL) - u->us_serverstate = UPAPSS_CLOSED; - else if (u->us_serverstate == UPAPSS_PENDING) { - u->us_serverstate = UPAPSS_LISTEN; - if (u->us_reqtimeout > 0) - TIMEOUT(upap_reqtimeout, u, u->us_reqtimeout); + if (pcb->upap.us_serverstate == UPAPSS_INITIAL) + pcb->upap.us_serverstate = UPAPSS_CLOSED; + else if (pcb->upap.us_serverstate == UPAPSS_PENDING) { + pcb->upap.us_serverstate = UPAPSS_LISTEN; + if (pcb->upap.us_reqtimeout > 0) + TIMEOUT(upap_reqtimeout, u, pcb->upap.us_reqtimeout); } #endif /* PPP_SERVER */ } @@ -292,22 +266,19 @@ upap_lowerup(unit) * * Cancel all timeouts. */ -static void -upap_lowerdown(unit) - int unit; -{ - upap_state *u = &upap[unit]; +static void upap_lowerdown(int unit) { + ppp_pcb *pcb = &ppp_pcb_list[unit]; - if (u->us_clientstate == UPAPCS_AUTHREQ) /* Timeout pending? */ - UNTIMEOUT(upap_timeout, u); /* Cancel timeout */ + if (pcb->upap.us_clientstate == UPAPCS_AUTHREQ) /* Timeout pending? */ + UNTIMEOUT(upap_timeout, pcb); /* Cancel timeout */ #if PPP_SERVER - if (u->us_serverstate == UPAPSS_LISTEN && u->us_reqtimeout > 0) + if (pcb->upap.us_serverstate == UPAPSS_LISTEN && pcb->upap.us_reqtimeout > 0) UNTIMEOUT(upap_reqtimeout, u); #endif /* PPP_SERVER */ - u->us_clientstate = UPAPCS_INITIAL; + pcb->upap.us_clientstate = UPAPCS_INITIAL; #if PPP_SERVER - u->us_serverstate = UPAPSS_INITIAL; + pcb->upap.us_serverstate = UPAPSS_INITIAL; #endif /* PPP_SERVER */ } @@ -317,19 +288,15 @@ upap_lowerdown(unit) * * This shouldn't happen. In any case, pretend lower layer went down. */ -static void -upap_protrej(unit) - int unit; -{ - upap_state *u = &upap[unit]; - ppp_pcb *pcb = &ppp_pcb_list[u->us_unit]; +static void upap_protrej(int unit) { + ppp_pcb *pcb = &ppp_pcb_list[unit]; - if (u->us_clientstate == UPAPCS_AUTHREQ) { + if (pcb->upap.us_clientstate == UPAPCS_AUTHREQ) { error("PAP authentication failed due to protocol-reject"); auth_withpeer_fail(pcb, PPP_PAP); } #if PPP_SERVER - if (u->us_serverstate == UPAPSS_LISTEN) { + if (pcb->upap.us_serverstate == UPAPSS_LISTEN) { error("PAP authentication of peer failed (protocol-reject)"); auth_peer_fail(pcb, PPP_PAP); } @@ -341,13 +308,8 @@ upap_protrej(unit) /* * upap_input - Input UPAP packet. */ -static void -upap_input(unit, inpacket, l) - int unit; - u_char *inpacket; - int l; -{ - upap_state *u = &upap[unit]; +static void upap_input(int unit, u_char *inpacket, int l) { + ppp_pcb *pcb = &ppp_pcb_list[unit]; u_char *inp; u_char code, id; int len; @@ -380,16 +342,16 @@ upap_input(unit, inpacket, l) switch (code) { case UPAP_AUTHREQ: #if 0 /* UNUSED */ - upap_rauthreq(u, inp, id, len); + upap_rauthreq(pcb, inp, id, len); #endif /* UNUSED */ break; case UPAP_AUTHACK: - upap_rauthack(u, inp, id, len); + upap_rauthack(pcb, inp, id, len); break; case UPAP_AUTHNAK: - upap_rauthnak(u, inp, id, len); + upap_rauthnak(pcb, inp, id, len); break; default: /* XXX Need code reject */ @@ -401,13 +363,7 @@ upap_input(unit, inpacket, l) /* * upap_rauth - Receive Authenticate. */ -static void -upap_rauthreq(u, inp, id, len) - upap_state *u; - u_char *inp; - int id; - int len; -{ +static void upap_rauthreq(ppp_pcb *pcb, u_char *inp, int id, int len) { u_char ruserlen, rpasswdlen; char *ruser, *rpasswd; char rhostname[256]; @@ -415,18 +371,18 @@ upap_rauthreq(u, inp, id, len) char *msg; int msglen; - if (u->us_serverstate < UPAPSS_LISTEN) + if (pcb->upap.us_serverstate < UPAPSS_LISTEN) return; /* * If we receive a duplicate authenticate-request, we are * supposed to return the same status as for the first request. */ - if (u->us_serverstate == UPAPSS_OPEN) { + if (pcb->upap.us_serverstate == UPAPSS_OPEN) { upap_sresp(u, UPAP_AUTHACK, id, "", 0); /* return auth-ack */ return; } - if (u->us_serverstate == UPAPSS_BADAUTH) { + if (pcb->upap.us_serverstate == UPAPSS_BADAUTH) { upap_sresp(u, UPAP_AUTHNAK, id, "", 0); /* return auth-nak */ return; } @@ -456,7 +412,7 @@ upap_rauthreq(u, inp, id, len) /* * Check the username and password given. */ - retcode = check_passwd(u->us_unit, ruser, ruserlen, rpasswd, + retcode = check_passwd(pcb->upap.us_unit, ruser, ruserlen, rpasswd, rpasswdlen, &msg); BZERO(rpasswd, rpasswdlen); @@ -484,16 +440,16 @@ upap_rauthreq(u, inp, id, len) slprintf(rhostname, sizeof(rhostname), "%.*v", ruserlen, ruser); if (retcode == UPAP_AUTHACK) { - u->us_serverstate = UPAPSS_OPEN; + pcb->upap.us_serverstate = UPAPSS_OPEN; notice("PAP peer authentication succeeded for %q", rhostname); auth_peer_success(pcb, PPP_PAP, 0, ruser, ruserlen); } else { - u->us_serverstate = UPAPSS_BADAUTH; + pcb->upap.us_serverstate = UPAPSS_BADAUTH; warn("PAP peer authentication failed for %q", rhostname); auth_peer_fail(pcb, PPP_PAP); } - if (u->us_reqtimeout > 0) + if (pcb->upap.us_reqtimeout > 0) UNTIMEOUT(upap_reqtimeout, u); } #endif /* UNUSED */ @@ -501,18 +457,11 @@ upap_rauthreq(u, inp, id, len) /* * upap_rauthack - Receive Authenticate-Ack. */ -static void -upap_rauthack(u, inp, id, len) - upap_state *u; - u_char *inp; - int id; - int len; -{ - ppp_pcb *pcb = &ppp_pcb_list[u->us_unit]; +static void upap_rauthack(ppp_pcb *pcb, u_char *inp, int id, int len) { u_char msglen; char *msg; - if (u->us_clientstate != UPAPCS_AUTHREQ) /* XXX */ + if (pcb->upap.us_clientstate != UPAPCS_AUTHREQ) /* XXX */ return; /* @@ -533,7 +482,7 @@ upap_rauthack(u, inp, id, len) } } - u->us_clientstate = UPAPCS_OPEN; + pcb->upap.us_clientstate = UPAPCS_OPEN; auth_withpeer_success(pcb, PPP_PAP, 0); } @@ -542,18 +491,11 @@ upap_rauthack(u, inp, id, len) /* * upap_rauthnak - Receive Authenticate-Nak. */ -static void -upap_rauthnak(u, inp, id, len) - upap_state *u; - u_char *inp; - int id; - int len; -{ - ppp_pcb *pcb = &ppp_pcb_list[u->us_unit]; +static void upap_rauthnak(ppp_pcb *pcb, u_char *inp, int id, int len) { u_char msglen; char *msg; - if (u->us_clientstate != UPAPCS_AUTHREQ) /* XXX */ + if (pcb->upap.us_clientstate != UPAPCS_AUTHREQ) /* XXX */ return; /* @@ -574,7 +516,7 @@ upap_rauthnak(u, inp, id, len) } } - u->us_clientstate = UPAPCS_BADAUTH; + pcb->upap.us_clientstate = UPAPCS_BADAUTH; error("PAP authentication failed"); auth_withpeer_fail(pcb, PPP_PAP); @@ -584,48 +526,37 @@ upap_rauthnak(u, inp, id, len) /* * upap_sauthreq - Send an Authenticate-Request. */ -static void -upap_sauthreq(u) - upap_state *u; -{ - ppp_pcb *pcb = &ppp_pcb_list[u->us_unit]; +static void upap_sauthreq(ppp_pcb *pcb) { u_char *outp; int outlen; outlen = UPAP_HEADERLEN + 2 * sizeof (u_char) + - u->us_userlen + u->us_passwdlen; + pcb->upap.us_userlen + pcb->upap.us_passwdlen; outp = outpacket_buf; MAKEHEADER(outp, PPP_PAP); PUTCHAR(UPAP_AUTHREQ, outp); - PUTCHAR(++u->us_id, outp); + PUTCHAR(++pcb->upap.us_id, outp); PUTSHORT(outlen, outp); - PUTCHAR(u->us_userlen, outp); - MEMCPY(outp, u->us_user, u->us_userlen); - INCPTR(u->us_userlen, outp); - PUTCHAR(u->us_passwdlen, outp); - MEMCPY(outp, u->us_passwd, u->us_passwdlen); + PUTCHAR(pcb->upap.us_userlen, outp); + MEMCPY(outp, pcb->upap.us_user, pcb->upap.us_userlen); + INCPTR(pcb->upap.us_userlen, outp); + PUTCHAR(pcb->upap.us_passwdlen, outp); + MEMCPY(outp, pcb->upap.us_passwd, pcb->upap.us_passwdlen); ppp_write(pcb, outpacket_buf, outlen + PPP_HDRLEN); - TIMEOUT(upap_timeout, u, u->us_timeouttime); - ++u->us_transmits; - u->us_clientstate = UPAPCS_AUTHREQ; + TIMEOUT(upap_timeout, pcb, pcb->upap.us_timeouttime); + ++pcb->upap.us_transmits; + pcb->upap.us_clientstate = UPAPCS_AUTHREQ; } #if 0 /* UNUSED */ /* * upap_sresp - Send a response (ack or nak). */ -static void -upap_sresp(u, code, id, msg, msglen) - upap_state *u; - u_char code, id; - char *msg; - int msglen; -{ - ppp_pcb *pcb = &ppp_pcb_list[u->us_unit]; +static void upap_sresp(ppp_pcb *pcb, u_char code, u_char id, char *msg, int msglen) { u_char *outp; int outlen; @@ -650,13 +581,7 @@ static char *upap_codenames[] = { "AuthReq", "AuthAck", "AuthNak" }; -static int -upap_printpkt(p, plen, printer, arg) - u_char *p; - int plen; - void (*printer) (void *, char *, ...); - void *arg; -{ +static int upap_printpkt(u_char *p, int plen, void (*printer) (void *, char *, ...), void *arg) { int code, id, len; int mlen, ulen, wlen; char *user, *pwd, *msg; diff --git a/src/netif/ppp/upap.h b/src/netif/ppp/upap.h index c0bdae99..18aaa6d1 100644 --- a/src/netif/ppp/upap.h +++ b/src/netif/ppp/upap.h @@ -45,6 +45,11 @@ #include "lwip/opt.h" #if PPP_SUPPORT && PAP_SUPPORT /* don't build if not configured for use in lwipopts.h */ +#ifndef UPAP_H +#define UPAP_H + +#include "ppp.h" + /* * Packet header = Code, id, length. */ @@ -59,27 +64,6 @@ #define UPAP_AUTHNAK 3 /* Authenticate-Nak */ -/* - * Each interface is described by upap structure. - */ -typedef struct upap_state { - int us_unit; /* Interface unit number */ - char *us_user; /* User */ - int us_userlen; /* User length */ - char *us_passwd; /* Password */ - int us_passwdlen; /* Password length */ - int us_clientstate; /* Client state */ -#if PPP_SERVER - int us_serverstate; /* Server state */ -#endif /* PPP_SERVER */ - u_char us_id; /* Current id */ - int us_timeouttime; /* Timeout (seconds) for auth-req retrans. */ - int us_transmits; /* Number of auth-reqs sent */ - int us_maxtransmits; /* Maximum number of auth-reqs to send */ - int us_reqtimeout; /* Time to wait for auth-req from peer */ -} upap_state; - - /* * Client states. */ @@ -109,11 +93,12 @@ typedef struct upap_state { #endif /* moved to opt.h */ #define UPAP_DEFREQTIME 30 /* Time to wait for auth-req from peer */ -extern upap_state upap[]; - -void upap_authwithpeer (int, char *, char *); -void upap_authpeer (int); +void upap_authwithpeer(ppp_pcb *pcb, char *user, char *password); +#if PPP_SERVER +void upap_authpeer(ppp_pcb *pcb); +#endif /* PPP_SERVER */ extern struct protent pap_protent; +#endif /* UPAP_H */ #endif /* PPP_SUPPORT && PAP_SUPPORT */