mirror/lwip
1
0
Fork 0
mirror of https://github.com/lwip-tcpip/lwip.git synced 2024-09-13 02:05:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

MSCHAP is now an optional compile-time feature

Browse Source
This commit is contained in:
Sylvain Rochet 2012-05-23 23:29:19 +02:00
parent 49bb62d221
commit 28360a7f26
10 changed files with 64 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/include/lwip/opt.h
View File

@ -1717,7 +1717,7 @@
#endif
/**
* MSCHAP_SUPPORT==1: Support MSCHAP. CURRENTLY NOT SUPPORTED! DO NOT SET!
* MSCHAP_SUPPORT==1: Support MSCHAP.
*/
#ifndef MSCHAP_SUPPORT
#define MSCHAP_SUPPORT 0

26
src/netif/ppp/auth.c
View File

@ -222,13 +222,13 @@ bool cryptpap = 0; /* Passwords in pap-secrets are encrypted */
//bool refuse_pap = 0; /* Don't wanna auth. ourselves with PAP */
//bool refuse_chap = 0; /* Don't wanna auth. ourselves with CHAP */
//bool refuse_eap = 0; /* Don't wanna auth. ourselves with EAP */
#ifdef CHAPMS
#if MSCHAP_SUPPORT
//bool refuse_mschap = 0; /* Don't wanna auth. ourselves with MS-CHAP */
//bool refuse_mschap_v2 = 0; /* Don't wanna auth. oif 0 /* UNUSED */urselves with MS-CHAPv2 */
#else
#else /* MSCHAP_SUPPORT */
//bool refuse_mschap = 1; /* Don't wanna auth. ourselves with MS-CHAP */
//bool refuse_mschap_v2 = 1; /* Don't wanna auth. ourselves with MS-CHAPv2 */
#endif
#endif /* MSCHAP_SUPPORT */
#endif /* MOVED TO ppp_settings */
#if 0 /* UNUSED */
bool usehostname = 0; /* Use hostname for our_name */
@ -301,7 +301,7 @@ option_t auth_options[] = {
"Require CHAP authentication from peer",
OPT_ALIAS | OPT_PRIOSUB | OPT_A2OR | MDTYPE_MD5,
&lcp_wantoptions[0].chap_mdtype },
#ifdef CHAPMS
#if MSCHAP_SUPPORT
{ "require-mschap", o_bool, &auth_required,
"Require MS-CHAP authentication from peer",
OPT_PRIOSUB | OPT_A2OR | MDTYPE_MICROSOFT,
@ -318,7 +318,7 @@ option_t auth_options[] = {
"Require MS-CHAPv2 authentication from peer",
OPT_ALIAS | OPT_PRIOSUB | OPT_A2OR | MDTYPE_MICROSOFT_V2,
&lcp_wantoptions[0].chap_mdtype },
#endif
#endif /* MSCHAP_SUPPORT */
#if 0
{ "refuse-pap", o_bool, &refuse_pap,
"Don't agree to auth to peer with PAP", 1 },
@ -333,7 +333,7 @@ option_t auth_options[] = {
OPT_ALIAS | OPT_A2CLRB | MDTYPE_MD5,
&lcp_allowoptions[0].chap_mdtype },
#endif
#ifdef CHAPMS
#if MSCHAP_SUPPORT
#if 0
{ "refuse-mschap", o_bool, &refuse_mschap,
"Don't agree to auth to peer with MS-CHAP",
@ -352,7 +352,7 @@ option_t auth_options[] = {
OPT_ALIAS | OPT_A2CLRB | MDTYPE_MICROSOFT_V2,
&lcp_allowoptions[0].chap_mdtype },
#endif
#endif
#endif /* MSCHAP_SUPPORT*/
#if EAP_SUPPORT
{ "require-eap", o_bool, &lcp_wantoptions[0].neg_eap,
"Require EAP authentication from peer", OPT_PRIOSUB | 1,
@ -973,14 +973,14 @@ auth_peer_success(unit, protocol, prot_flavor, name, namelen)
case CHAP_MD5:
bit |= CHAP_MD5_PEER;
break;
#ifdef CHAPMS
#if MSCHAP_SUPPORT
case CHAP_MICROSOFT:
bit |= CHAP_MS_PEER;
break;
case CHAP_MICROSOFT_V2:
bit |= CHAP_MS2_PEER;
break;
#endif
#endif /* MSCHAP_SUPPORT */
}
break;
case PPP_PAP:
@ -1049,14 +1049,14 @@ auth_withpeer_success(unit, protocol, prot_flavor)
case CHAP_MD5:
bit |= CHAP_MD5_WITHPEER;
break;
#ifdef CHAPMS
#if MSCHAP_SUPPORT
case CHAP_MICROSOFT:
bit |= CHAP_MS_WITHPEER;
break;
case CHAP_MICROSOFT_V2:
bit |= CHAP_MS2_WITHPEER;
break;
#endif
#endif /* MSCHAP_SUPPORT */
}
break;
case PPP_PAP:
@ -1381,10 +1381,12 @@ auth_reset(unit)
ao->chap_mdtype = MDTYPE_NONE;
if(!ppp_settings.refuse_chap)
ao->chap_mdtype |= MDTYPE_MD5;
#if MSCHAP_SUPPORT
if(!ppp_settings.refuse_mschap)
ao->chap_mdtype |= MDTYPE_MICROSOFT;
if(!ppp_settings.refuse_mschap_v2)
ao->chap_mdtype |= MDTYPE_MICROSOFT_V2;
#endif /* MSCHAP_SUPPORT */
ao->neg_chap = (ao->chap_mdtype != MDTYPE_NONE);
@ -1401,8 +1403,10 @@ auth_reset(unit)
printf("neg_upap: %d\n", ao->neg_upap);
printf("neg_chap: %d\n", ao->neg_chap);
printf("neg_chap_md5: %d\n", !!(ao->chap_mdtype&MDTYPE_MD5) );
#if MSCHAP_SUPPORT
printf("neg_chap_ms: %d\n", !!(ao->chap_mdtype&MDTYPE_MICROSOFT) );
printf("neg_chap_ms2: %d\n", !!(ao->chap_mdtype&MDTYPE_MICROSOFT_V2) );
#endif /* MSCHAP_SUPPORT */
#if EAP_SUPPORT
printf("neg_eap: %d\n", ao->neg_eap);
#endif /* EAP_SUPPORT */

4
src/netif/ppp/chap-new.c
View File

@ -40,7 +40,7 @@
#include "chap-new.h"
#include "chap-md5.h"
#ifdef CHAPMS
#if MSCHAP_SUPPORT
#include "chap_ms.h"
#define MDTYPE_ALL (MDTYPE_MICROSOFT_V2 | MDTYPE_MICROSOFT | MDTYPE_MD5)
#else
@ -149,7 +149,7 @@ chap_init(int unit)
memset(&server, 0, sizeof(server));
chap_md5_init();
#ifdef CHAPMS
#if MSCHAP_SUPPORT
chapms_init();
#endif
}

24
src/netif/ppp/chap-new.h
View File

@ -28,6 +28,8 @@
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "lwip/opt.h"
/*
* CHAP packets begin with a standard header with code, id, len (2 bytes).
*/
@ -45,8 +47,10 @@
* CHAP digest codes.
*/
#define CHAP_MD5 5
#if MSCHAP_SUPPORT
#define CHAP_MICROSOFT 0x80
#define CHAP_MICROSOFT_V2 0x81
#endif /* MSCHAP_SUPPORT */
/*
* Semi-arbitrary limits on challenge and response fields.
@ -55,37 +59,57 @@
#define MAX_RESPONSE_LEN 64
/* bitmask of supported algorithms */
#if MSCHAP_SUPPORT
#define MDTYPE_MICROSOFT_V2 0x1
#define MDTYPE_MICROSOFT 0x2
#endif /* MSCHAP_SUPPORT */
#define MDTYPE_MD5 0x4
#define MDTYPE_NONE 0
/* hashes supported by this instance of pppd */
extern int chap_mdtype_all;
#if MSCHAP_SUPPORT
/* Return the digest alg. ID for the most preferred digest type. */
#define CHAP_DIGEST(mdtype) \
((mdtype) & MDTYPE_MD5)? CHAP_MD5: \
((mdtype) & MDTYPE_MICROSOFT_V2)? CHAP_MICROSOFT_V2: \
((mdtype) & MDTYPE_MICROSOFT)? CHAP_MICROSOFT: \
0
#else /* !MSCHAP_SUPPORT */
#define CHAP_DIGEST(mdtype) \
((mdtype) & MDTYPE_MD5)? CHAP_MD5: \
0
#endif /* MSCHAP_SUPPORT */
/* Return the bit flag (lsb set) for our most preferred digest type. */
#define CHAP_MDTYPE(mdtype) ((mdtype) ^ ((mdtype) - 1)) & (mdtype)
/* Return the bit flag for a given digest algorithm ID. */
#if MSCHAP_SUPPORT
#define CHAP_MDTYPE_D(digest) \
((digest) == CHAP_MICROSOFT_V2)? MDTYPE_MICROSOFT_V2: \
((digest) == CHAP_MICROSOFT)? MDTYPE_MICROSOFT: \
((digest) == CHAP_MD5)? MDTYPE_MD5: \
0
#else /* !MSCHAP_SUPPORT */
#define CHAP_MDTYPE_D(digest) \
((digest) == CHAP_MD5)? MDTYPE_MD5: \
0
#endif /* MSCHAP_SUPPORT */
/* Can we do the requested digest? */
#if MSCHAP_SUPPORT
#define CHAP_CANDIGEST(mdtype, digest) \
((digest) == CHAP_MICROSOFT_V2)? (mdtype) & MDTYPE_MICROSOFT_V2: \
((digest) == CHAP_MICROSOFT)? (mdtype) & MDTYPE_MICROSOFT: \
((digest) == CHAP_MD5)? (mdtype) & MDTYPE_MD5: \
0
#else /* !MSCHAP_SUPPORT */
#define CHAP_CANDIGEST(mdtype, digest) \
((digest) == CHAP_MD5)? (mdtype) & MDTYPE_MD5: \
0
#endif /* MSCHAP_SUPPORT */
/*
* The code for each digest type has to supply one of these.

9
src/netif/ppp/chap_ms.c
View File

@ -75,10 +75,7 @@
*/
#include "lwip/opt.h"
#define RCSID "$Id: chap_ms.c,v 1.38 2007/12/01 20:10:51 carlsonj Exp $"
#ifdef CHAPMS
#if PPP_SUPPORT && MSCHAP_SUPPORT /* don't build if not configured for use in lwipopts.h */
#include <stdio.h>
#include <stdlib.h>
@ -97,8 +94,6 @@
#include "pppcrypt.h"
#include "magic.h"
static const char rcsid[] = RCSID;
#define SHA1_SIGNATURE_SIZE 20
static void ascii2unicode __P((char[], int, u_char[]));
@ -947,4 +942,4 @@ chapms_init(void)
#endif /* PPP_OPTIONS */
}
#endif /* CHAPMS */
#endif /* PPP_SUPPORT && MSCHAP_SUPPORT */

5
src/netif/ppp/chap_ms.h
View File

@ -30,6 +30,9 @@
* $Id: chap_ms.h,v 1.13 2004/11/15 22:13:26 paulus Exp $
*/
#include "lwip/opt.h"
#if PPP_SUPPORT && MSCHAP_SUPPORT /* don't build if not configured for use in lwipopts.h */
#ifndef __CHAPMS_INCLUDE__
#define MD4_SIGNATURE_SIZE 16 /* 16 bytes in a MD4 message digest */
@ -107,3 +110,5 @@ void chapms_init(void);
#define __CHAPMS_INCLUDE__
#endif /* __CHAPMS_INCLUDE__ */
#endif /* PPP_SUPPORT && MSCHAP_SUPPORT */

2
src/netif/ppp/lcp.c
View File

@ -2177,6 +2177,7 @@ lcp_printpkt(p, plen, printer, arg)
printer(arg, " MD5");
++p;
break;
#if MSCHAP_SUPPORT
case CHAP_MICROSOFT:
printer(arg, " MS");
++p;
@ -2186,6 +2187,7 @@ lcp_printpkt(p, plen, printer, arg)
printer(arg, " MS-v2");
++p;
break;
#endif /* MSCHAP_SUPPORT */
}
}
break;

2
src/netif/ppp/pppd.h
View File

@ -365,11 +365,13 @@ extern bool ms_lanman; /* Use LanMan password instead of NT */
/* Values for auth_done only */
#define CHAP_MD5_WITHPEER 0x40
#define CHAP_MD5_PEER 0x80
#if MSCHAP_SUPPORT
#define CHAP_MS_SHIFT 8 /* LSB position for MS auths */
#define CHAP_MS_WITHPEER 0x100
#define CHAP_MS_PEER 0x200
#define CHAP_MS2_WITHPEER 0x400
#define CHAP_MS2_PEER 0x800
#endif /* MSCHAP_SUPPORT */
extern char *current_option; /* the name of the option being parsed */
extern int privileged_option; /* set iff the current option came from root */

7
src/netif/ppp/pppmy.c
View File

@ -435,10 +435,17 @@ int ppp_init(void) {
void
pppSetAuth(enum pppAuthType authType, const char *user, const char *passwd)
{
/* FIXME: the following may look stupid, but this is just an easy way
* to check different auth by changing compile time option
*/
ppp_settings.refuse_pap = 1;
ppp_settings.refuse_chap = 0;
#if MSCHAP_SUPPORT
ppp_settings.refuse_pap = 1;
ppp_settings.refuse_chap = 1;
ppp_settings.refuse_mschap = 1;
ppp_settings.refuse_mschap_v2 = 0;
#endif /* MSCHAP_SUPPORT */
#if EAP_SUPPORT
ppp_settings.refuse_pap = 1;
ppp_settings.refuse_chap = 1;

4
src/netif/ppp/pppmy.h
View File

@ -5,6 +5,8 @@
* Author: gradator
*/
#include "lwip/opt.h"
#ifndef PPPMY_H_
#define PPPMY_H_
@ -46,8 +48,10 @@ struct ppp_settings {
u_int explicit_remote : 1; /* remote_name specified with remotename opt */
u_int refuse_pap : 1; /* Don't wanna auth. ourselves with PAP */
u_int refuse_chap : 1; /* Don't wanna auth. ourselves with CHAP */
#if MSCHAP_SUPPORT
u_int refuse_mschap : 1; /* Don't wanna auth. ourselves with MS-CHAP */
u_int refuse_mschap_v2 : 1; /* Don't wanna auth. ourselves with MS-CHAPv2 */
#endif /* MSCHAP_SUPPORT */
#if EAP_SUPPORT
u_int refuse_eap : 1; /* Don't wanna auth. ourselves with EAP */
#endif /* EAP_SUPPORT */