EAP is now using ppp_pcb as well

2024-08-25 07:33:11 +00:00 · 2012-06-15 01:06:27 +02:00 · 2012-06-15 01:06:27 +02:00 · 2deb13df43
commit 2deb13df43
parent 1ece33e79a
8 changed files with 448 additions and 590 deletions
--- a/src/netif/ppp/auth.c
+++ b/src/netif/ppp/auth.c
@ -789,7 +789,7 @@ void link_established(ppp_pcb *pcb) {
 #if PPP_SERVER
 #if EAP_SUPPORT
    if (go->neg_eap) {
-	eap_authpeer(unit, pcb->settings.our_name);
+	eap_authpeer(pcb, pcb->settings.our_name);
 	auth |= EAP_PEER;
    } else
 #endif /* EAP_SUPPORT */
@ -801,7 +801,7 @@ void link_established(ppp_pcb *pcb) {
 #endif /* CHAP_SUPPORT */
 #if PAP_SUPPORT
    if (go->neg_upap) {
-	upap_authpeer(unit);
+	upap_authpeer(pcb);
 	auth |= PAP_PEER;
    } else
 #endif /* PAP_SUPPORT */
@ -810,7 +810,7 @@ void link_established(ppp_pcb *pcb) {

 #if EAP_SUPPORT
    if (ho->neg_eap) {
-	eap_authwithpeer(pcb->unit, pcb->settings.user);
+	eap_authwithpeer(pcb, pcb->settings.user);
 	auth |= EAP_WITHPEER;
    } else
 #endif /* EAP_SUPPORT */
--- a/src/netif/ppp/chap-md5.c
+++ b/src/netif/ppp/chap-md5.c
@ -48,9 +48,7 @@
 #define MD5_MAX_CHALLENGE	24

 #if PPP_SERVER
-static void
-chap_md5_generate_challenge(unsigned char *cp)
-{
+static void chap_md5_generate_challenge(unsigned char *cp) {
 	int clen;

 	clen = (int)(drand48() * (MD5_MAX_CHALLENGE - MD5_MIN_CHALLENGE))
@ -59,12 +57,10 @@ chap_md5_generate_challenge(unsigned char *cp)
 	random_bytes(cp, clen);
 }

-static int
-chap_md5_verify_response(int id, char *name,
+static int chap_md5_verify_response(int id, char *name,
 			 unsigned char *secret, int secret_len,
 			 unsigned char *challenge, unsigned char *response,
-			 char *message, int message_space)
-{
+			 char *message, int message_space) {
 	md5_context ctx;
 	unsigned char idbyte = id;
 	unsigned char hash[MD5_HASH_SIZE];
@ -91,11 +87,9 @@ chap_md5_verify_response(int id, char *name,
 }
 #endif /* PPP_SERVER */

-static void
-chap_md5_make_response(unsigned char *response, int id, char *our_name,
+static void chap_md5_make_response(unsigned char *response, int id, char *our_name,
 		       unsigned char *challenge, char *secret, int secret_len,
-		       unsigned char *private)
-{
+		       unsigned char *private) {
 	md5_context ctx;
 	unsigned char idbyte = id;
 	int challenge_len = *challenge++;
@ -119,9 +113,7 @@ static struct chap_digest_type md5_digest = {
 	NULL,			/* handle_failure */
 };

-void
-chap_md5_init(void)
-{
+void chap_md5_init(void) {
 	chap_register_digest(&md5_digest);
 }

--- a/src/netif/ppp/chap_ms.c
+++ b/src/netif/ppp/chap_ms.c
@ -166,9 +166,7 @@ static option_t chapms_option_list[] = {
 * The length goes in challenge[0] and the actual challenge starts
 * at challenge[1].
 */
-static void
-chapms_generate_challenge(unsigned char *challenge)
-{
+static void chapms_generate_challenge(unsigned char *challenge) {
 	*challenge++ = 8;
 #ifdef DEBUGMPPEKEY
 	if (mschap_challenge && strlen(mschap_challenge) == 8)
@ -178,9 +176,7 @@ chapms_generate_challenge(unsigned char *challenge)
 		random_bytes(challenge, 8);
 }

-static void
-chapms2_generate_challenge(unsigned char *challenge)
-{
+static void chapms2_generate_challenge(unsigned char *challenge) {
 	*challenge++ = 16;
 #ifdef DEBUGMPPEKEY
 	if (mschap_challenge && strlen(mschap_challenge) == 16)
@ -190,12 +186,10 @@ chapms2_generate_challenge(unsigned char *challenge)
 		random_bytes(challenge, 16);
 }

-static int
-chapms_verify_response(int id, char *name,
+static int chapms_verify_response(int id, char *name,
 		       unsigned char *secret, int secret_len,
 		       unsigned char *challenge, unsigned char *response,
-		       char *message, int message_space)
-{
+		       char *message, int message_space) {
 	unsigned char md[MS_CHAP_RESPONSE_LEN];
 	int diff;
 	int challenge_len, response_len;
@ -238,12 +232,10 @@ chapms_verify_response(int id, char *name,
 	return 0;
 }

-static int
-chapms2_verify_response(int id, char *name,
+static int chapms2_verify_response(int id, char *name,
 			unsigned char *secret, int secret_len,
 			unsigned char *challenge, unsigned char *response,
-			char *message, int message_space)
-{
+			char *message, int message_space) {
 	unsigned char md[MS_CHAP2_RESPONSE_LEN];
 	char saresponse[MS_AUTH_RESPONSE_LENGTH+1];
 	int challenge_len, response_len;
@ -316,21 +308,17 @@ chapms2_verify_response(int id, char *name,
 }
 #endif /* PPP_SERVER */

-static void
-chapms_make_response(unsigned char *response, int id, char *our_name,
+static void chapms_make_response(unsigned char *response, int id, char *our_name,
 		     unsigned char *challenge, char *secret, int secret_len,
-		     unsigned char *private)
-{
+		     unsigned char *private) {
 	challenge++;	/* skip length, should be 8 */
 	*response++ = MS_CHAP_RESPONSE_LEN;
 	ChapMS(challenge, secret, secret_len, response);
 }

-static void
-chapms2_make_response(unsigned char *response, int id, char *our_name,
+static void chapms2_make_response(unsigned char *response, int id, char *our_name,
 		      unsigned char *challenge, char *secret, int secret_len,
-		      unsigned char *private)
-{
+		      unsigned char *private) {
 	challenge++;	/* skip length, should be 16 */
 	*response++ = MS_CHAP2_RESPONSE_LEN;
 	ChapMS2(challenge,
@ -343,9 +331,7 @@ chapms2_make_response(unsigned char *response, int id, char *our_name,
 		MS_CHAP2_AUTHENTICATEE);
 }

-static int
-chapms2_check_success(unsigned char *msg, int len, unsigned char *private)
-{
+static int chapms2_check_success(unsigned char *msg, int len, unsigned char *private) {
 	if ((len < MS_AUTH_RESPONSE_LENGTH + 2) ||
 	    strncmp((char *)msg, "S=", 2) != 0) {
 		/* Packet does not start with "S=" */
@ -373,9 +359,7 @@ chapms2_check_success(unsigned char *msg, int len, unsigned char *private)
 	return 1;
 }

-static void
-chapms_handle_failure(unsigned char *inp, int len)
-{
+static void chapms_handle_failure(unsigned char *inp, int len) {
 	int err;
 	char *p, msg[64];

@ -438,11 +422,9 @@ print_msg:
 		error("MS-CHAP authentication failed: %v", p);
 }

-static void
-ChallengeResponse(u_char *challenge,
+static void ChallengeResponse(u_char *challenge,
 		  u_char PasswordHash[MD4_SIGNATURE_SIZE],
-		  u_char response[24])
-{
+		  u_char response[24]) {
    u_char    ZPasswordHash[21];
    des_context des;
    u_char des_key[8];
@ -472,11 +454,8 @@ ChallengeResponse(u_char *challenge,
 #endif
 }

-void
-ChallengeHash(u_char PeerChallenge[16], u_char *rchallenge,
-	      char *username, u_char Challenge[8])
-    
-{
+void ChallengeHash(u_char PeerChallenge[16], u_char *rchallenge,
+	      char *username, u_char Challenge[8]) {
    sha1_context	sha1Context;
    u_char	sha1Hash[SHA1_SIGNATURE_SIZE];
    char	*user;
@ -503,9 +482,7 @@ ChallengeHash(u_char PeerChallenge[16], u_char *rchallenge,
 * is assumed by all M$ CHAP RFCs.  (Unicode byte ordering
 * is machine-dependent.)
 */
-static void
-ascii2unicode(char ascii[], int ascii_len, u_char unicode[])
-{
+static void ascii2unicode(char ascii[], int ascii_len, u_char unicode[]) {
    int i;

    BZERO(unicode, ascii_len * 2);
@ -513,9 +490,7 @@ ascii2unicode(char ascii[], int ascii_len, u_char unicode[])
 	unicode[i * 2] = (u_char) ascii[i];
 }

-static void
-NTPasswordHash(u_char *secret, int secret_len, u_char hash[MD4_SIGNATURE_SIZE])
-{
+static void NTPasswordHash(u_char *secret, int secret_len, u_char hash[MD4_SIGNATURE_SIZE]) {
    md4_context		md4Context;

    md4_starts(&md4Context);
@ -523,10 +498,8 @@ NTPasswordHash(u_char *secret, int secret_len, u_char hash[MD4_SIGNATURE_SIZE])
    md4_finish(&md4Context, hash);
 }

-static void
-ChapMS_NT(u_char *rchallenge, char *secret, int secret_len,
-	  u_char NTResponse[24])
-{
+static void ChapMS_NT(u_char *rchallenge, char *secret, int secret_len,
+	  u_char NTResponse[24]) {
    u_char	unicodePassword[MAX_NT_PASSWORD * 2];
    u_char	PasswordHash[MD4_SIGNATURE_SIZE];

@ -537,10 +510,8 @@ ChapMS_NT(u_char *rchallenge, char *secret, int secret_len,
    ChallengeResponse(rchallenge, PasswordHash, NTResponse);
 }

-static void
-ChapMS2_NT(u_char *rchallenge, u_char PeerChallenge[16], char *username,
-	   char *secret, int secret_len, u_char NTResponse[24])
-{
+static void ChapMS2_NT(u_char *rchallenge, u_char PeerChallenge[16], char *username,
+	   char *secret, int secret_len, u_char NTResponse[24]) {
    u_char	unicodePassword[MAX_NT_PASSWORD * 2];
    u_char	PasswordHash[MD4_SIGNATURE_SIZE];
    u_char	Challenge[8];
@ -557,10 +528,8 @@ ChapMS2_NT(u_char *rchallenge, u_char PeerChallenge[16], char *username,
 #ifdef MSLANMAN
 static u_char *StdText = (u_char *)"KGS!@#$%"; /* key from rasapi32.dll */

-static void
-ChapMS_LANMan(u_char *rchallenge, char *secret, int secret_len,
-	      unsigned char *response)
-{
+static void ChapMS_LANMan(u_char *rchallenge, char *secret, int secret_len,
+	      unsigned char *response) {
    int			i;
    u_char		UcasePassword[MAX_NT_PASSWORD]; /* max is actually 14 */
    u_char		PasswordHash[MD4_SIGNATURE_SIZE];
@ -585,12 +554,10 @@ ChapMS_LANMan(u_char *rchallenge, char *secret, int secret_len,
 #endif


-void
-GenerateAuthenticatorResponse(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
+void GenerateAuthenticatorResponse(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
 			      u_char NTResponse[24], u_char PeerChallenge[16],
 			      u_char *rchallenge, char *username,
-			      u_char authResponse[MS_AUTH_RESPONSE_LENGTH+1])
-{
+			      u_char authResponse[MS_AUTH_RESPONSE_LENGTH+1]) {
    /*
     * "Magic" constants used in response generation, from RFC 2759.
     */
@ -631,13 +598,11 @@ GenerateAuthenticatorResponse(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
 }


-static void
-GenerateAuthenticatorResponsePlain
+static void GenerateAuthenticatorResponsePlain
 		(char *secret, int secret_len,
 		 u_char NTResponse[24], u_char PeerChallenge[16],
 		 u_char *rchallenge, char *username,
-		 u_char authResponse[MS_AUTH_RESPONSE_LENGTH+1])
-{
+		 u_char authResponse[MS_AUTH_RESPONSE_LENGTH+1]) {
    u_char	unicodePassword[MAX_NT_PASSWORD * 2];
    u_char	PasswordHash[MD4_SIGNATURE_SIZE];
    u_char	PasswordHashHash[MD4_SIGNATURE_SIZE];
@ -658,9 +623,7 @@ GenerateAuthenticatorResponsePlain
 * Set mppe_xxxx_key from the NTPasswordHashHash.
 * RFC 2548 (RADIUS support) requires us to export this function (ugh).
 */
-void
-mppe_set_keys(u_char *rchallenge, u_char PasswordHashHash[MD4_SIGNATURE_SIZE])
-{
+void mppe_set_keys(u_char *rchallenge, u_char PasswordHashHash[MD4_SIGNATURE_SIZE]) {
    sha1_context	sha1Context;
    u_char	Digest[SHA1_SIGNATURE_SIZE];	/* >= MPPE_MAX_KEY_LEN */

@ -680,9 +643,7 @@ mppe_set_keys(u_char *rchallenge, u_char PasswordHashHash[MD4_SIGNATURE_SIZE])
 /*
 * Set mppe_xxxx_key from MS-CHAP credentials. (see RFC 3079)
 */
-static void
-Set_Start_Key(u_char *rchallenge, char *secret, int secret_len)
-{
+static void Set_Start_Key(u_char *rchallenge, char *secret, int secret_len) {
    u_char	unicodePassword[MAX_NT_PASSWORD * 2];
    u_char	PasswordHash[MD4_SIGNATURE_SIZE];
    u_char	PasswordHashHash[MD4_SIGNATURE_SIZE];
@ -701,10 +662,8 @@ Set_Start_Key(u_char *rchallenge, char *secret, int secret_len)
 * This helper function used in the Winbind module, which gets the
 * NTHashHash from the server.
 */
-void
-mppe_set_keys2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
-	       u_char NTResponse[24], int IsServer)
-{
+void mppe_set_keys2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
+	       u_char NTResponse[24], int IsServer) {
    sha1_context	sha1Context;
    u_char	MasterKey[SHA1_SIGNATURE_SIZE];	/* >= MPPE_MAX_KEY_LEN */
    u_char	Digest[SHA1_SIGNATURE_SIZE];	/* >= MPPE_MAX_KEY_LEN */
@ -795,9 +754,7 @@ mppe_set_keys2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
 /*
 * Set mppe_xxxx_key from MS-CHAPv2 credentials. (see RFC 3079)
 */
-static void
-SetMasterKeys(char *secret, int secret_len, u_char NTResponse[24], int IsServer)
-{
+static void SetMasterKeys(char *secret, int secret_len, u_char NTResponse[24], int IsServer) {
    u_char	unicodePassword[MAX_NT_PASSWORD * 2];
    u_char	PasswordHash[MD4_SIGNATURE_SIZE];
    u_char	PasswordHashHash[MD4_SIGNATURE_SIZE];
@ -811,10 +768,8 @@ SetMasterKeys(char *secret, int secret_len, u_char NTResponse[24], int IsServer)
 #endif /* MPPE */


-void
-ChapMS(u_char *rchallenge, char *secret, int secret_len,
-       unsigned char *response)
-{
+void ChapMS(u_char *rchallenge, char *secret, int secret_len,
+       unsigned char *response) {
    BZERO(response, MS_CHAP_RESPONSE_LEN);

    ChapMS_NT(rchallenge, secret, secret_len, &response[MS_CHAP_NTRESP]);
@ -845,11 +800,9 @@ ChapMS(u_char *rchallenge, char *secret, int secret_len,
 * The PeerChallenge field of response is then used for calculation of the
 * Authenticator Response.
 */
-void
-ChapMS2(u_char *rchallenge, u_char *PeerChallenge,
+void ChapMS2(u_char *rchallenge, u_char *PeerChallenge,
 	char *user, char *secret, int secret_len, unsigned char *response,
-	u_char authResponse[], int authenticator)
-{
+	u_char authResponse[], int authenticator) {
    /* ARGSUSED */
    u_char *p = &response[MS_CHAP2_PEER_CHALLENGE];
    int i;
@ -884,9 +837,7 @@ ChapMS2(u_char *rchallenge, u_char *PeerChallenge,
 /*
 * Set MPPE options from plugins.
 */
-void
-set_mppe_enc_types(int policy, int types)
-{
+void set_mppe_enc_types(int policy, int types) {
    /* Early exit for unknown policies. */
    if (policy != MPPE_ENC_POL_ENC_ALLOWED ||
 	policy != MPPE_ENC_POL_ENC_REQUIRED)
@ -935,9 +886,7 @@ static struct chap_digest_type chapms2_digest = {
 	chapms_handle_failure,
 };

-void
-chapms_init(void)
-{
+void chapms_init(void) {
 	chap_register_digest(&chapms_digest);
 	chap_register_digest(&chapms2_digest);
 #if PPP_OPTIONS
--- a/src/netif/ppp/chap_ms.h
+++ b/src/netif/ppp/chap_ms.h
@ -43,7 +43,7 @@
 #define MS_AUTH_RESPONSE_LENGTH	40	/* MS-CHAPv2 authenticator response, */
 					/* as ASCII */

-/* E=eeeeeeeeee error codes for MS-CHAP failure messages. */
+/* Error codes for MS-CHAP failure messages. */
 #define MS_CHAP_ERROR_RESTRICTED_LOGON_HOURS	646
 #define MS_CHAP_ERROR_ACCT_DISABLED		647
 #define MS_CHAP_ERROR_PASSWD_EXPIRED		648
--- a/src/netif/ppp/eap.c
+++ b/src/netif/ppp/eap.c
--- a/src/netif/ppp/eap.h
+++ b/src/netif/ppp/eap.h
@ -78,70 +78,20 @@ extern "C" {
 #define	SRP_PSEUDO_LEN	7

 #define MD5_SIGNATURE_SIZE	16
-#define MIN_CHALLENGE_LENGTH	16
-#define MAX_CHALLENGE_LENGTH	24
-
-enum eap_state_code {
-	eapInitial = 0,	/* No EAP authentication yet requested */
-	eapPending,	/* Waiting for LCP (no timer) */
-	eapClosed,	/* Authentication not in use */
-	eapListen,	/* Client ready (and timer running) */
-	eapIdentify,	/* EAP Identify sent */
-	eapSRP1,	/* Sent EAP SRP-SHA1 Subtype 1 */
-	eapSRP2,	/* Sent EAP SRP-SHA1 Subtype 2 */
-	eapSRP3,	/* Sent EAP SRP-SHA1 Subtype 3 */
-	eapMD5Chall,	/* Sent MD5-Challenge */
-	eapOpen,	/* Completed authentication */
-	eapSRP4,	/* Sent EAP SRP-SHA1 Subtype 4 */
-	eapBadAuth	/* Failed authentication */
-};
+#define EAP_MIN_CHALLENGE_LENGTH	16
+#define EAP_MAX_CHALLENGE_LENGTH	24

 #define	EAP_STATES	\
 	"Initial", "Pending", "Closed", "Listen", "Identify", \
 	"SRP1", "SRP2", "SRP3", "MD5Chall", "Open", "SRP4", "BadAuth"

-#define	eap_client_active(esp)	((esp)->es_client.ea_state == eapListen)
+#define	eap_client_active(pcb)	((pcb)->eap.es_client.ea_state == eapListen)
 #if PPP_SERVER
-#define	eap_server_active(esp)	\
-	((esp)->es_server.ea_state >= eapIdentify && \
-	 (esp)->es_server.ea_state <= eapMD5Chall)
+#define	eap_server_active(pcb)	\
+	((pcb)->eap.es_server.ea_state >= eapIdentify && \
+	 (pcb)->eap.es_server.ea_state <= eapMD5Chall)
 #endif /* PPP_SERVER */

-struct eap_auth {
-	char *ea_name;		/* Our name */
-	char *ea_peer;		/* Peer's name */
-	void *ea_session;	/* Authentication library linkage */
-	u_char *ea_skey;	/* Shared encryption key */
-	int ea_timeout;		/* Time to wait (for retransmit/fail) */
-	int ea_maxrequests;	/* Max Requests allowed */
-	u_short ea_namelen;	/* Length of our name */
-	u_short ea_peerlen;	/* Length of peer's name */
-	enum eap_state_code ea_state;
-	u_char ea_id;		/* Current id */
-	u_char ea_requests;	/* Number of Requests sent/received */
-	u_char ea_responses;	/* Number of Responses */
-	u_char ea_type;		/* One of EAPT_* */
-	u_int32_t ea_keyflags;	/* SRP shared key usage flags */
-};
-
-/*
- * Complete EAP state for one PPP session.
- */
-typedef struct eap_state {
-	int es_unit;			/* Interface unit number */
-	struct eap_auth es_client;	/* Client (authenticatee) data */
-#if PPP_SERVER
-	struct eap_auth es_server;	/* Server (authenticator) data */
-#endif /* PPP_SERVER */
-	int es_savedtime;		/* Saved timeout */
-	int es_rechallenge;		/* EAP rechallenge interval */
-	int es_lwrechallenge;		/* SRP lightweight rechallenge inter */
-	bool es_usepseudo;		/* Use SRP Pseudonym if offered one */
-	int es_usedpseudo;		/* Set if we already sent PN */
-	int es_challen;			/* Length of challenge string */
-	u_char es_challenge[MAX_CHALLENGE_LENGTH];
-} eap_state;
-
 /*
 * Timeouts.
 */
@ -150,10 +100,8 @@ typedef struct eap_state {
 #define	EAP_DEFREQTIME		20	/* Time to wait for peer request */
 #define	EAP_DEFALLOWREQ		20	/* max # times to accept requests */

-extern eap_state eap_states[];
-
-void eap_authwithpeer (int unit, char *localname);
-void eap_authpeer (int unit, char *localname);
+void eap_authwithpeer(ppp_pcb *pcb, char *localname);
+void eap_authpeer(ppp_pcb *pcb, char *localname);

 extern struct protent eap_protent;

--- a/src/netif/ppp/ppp.h
+++ b/src/netif/ppp/ppp.h
@ -85,6 +85,10 @@ typedef unsigned char  u_char;

 #endif

+#ifndef bool
+typedef unsigned char	bool;
+#endif
+

 /*************************
 *** PUBLIC DEFINITIONS ***
@ -261,6 +265,61 @@ static struct chap_server_state {
 #endif /* PPP_SERVER */
 #endif /* CHAP_SUPPORT */

+#if EAP_SUPPORT
+/*
+ * Complete EAP state for one PPP session.
+ */
+enum eap_state_code {
+	eapInitial = 0,	/* No EAP authentication yet requested */
+	eapPending,	/* Waiting for LCP (no timer) */
+	eapClosed,	/* Authentication not in use */
+	eapListen,	/* Client ready (and timer running) */
+	eapIdentify,	/* EAP Identify sent */
+	eapSRP1,	/* Sent EAP SRP-SHA1 Subtype 1 */
+	eapSRP2,	/* Sent EAP SRP-SHA1 Subtype 2 */
+	eapSRP3,	/* Sent EAP SRP-SHA1 Subtype 3 */
+	eapMD5Chall,	/* Sent MD5-Challenge */
+	eapOpen,	/* Completed authentication */
+	eapSRP4,	/* Sent EAP SRP-SHA1 Subtype 4 */
+	eapBadAuth	/* Failed authentication */
+};
+
+struct eap_auth {
+	char *ea_name;		/* Our name */
+	char *ea_peer;		/* Peer's name */
+	void *ea_session;	/* Authentication library linkage */
+	u_char *ea_skey;	/* Shared encryption key */
+	int ea_timeout;		/* Time to wait (for retransmit/fail) */
+	int ea_maxrequests;	/* Max Requests allowed */
+	u_short ea_namelen;	/* Length of our name */
+	u_short ea_peerlen;	/* Length of peer's name */
+	enum eap_state_code ea_state;
+	u_char ea_id;		/* Current id */
+	u_char ea_requests;	/* Number of Requests sent/received */
+	u_char ea_responses;	/* Number of Responses */
+	u_char ea_type;		/* One of EAPT_* */
+	u_int32_t ea_keyflags;	/* SRP shared key usage flags */
+};
+
+#ifndef EAP_MAX_CHALLENGE_LENGTH
+#define EAP_MAX_CHALLENGE_LENGTH	24
+#endif
+typedef struct eap_state {
+	int es_unit;			/* Interface unit number */
+	struct eap_auth es_client;	/* Client (authenticatee) data */
+#if PPP_SERVER
+	struct eap_auth es_server;	/* Server (authenticator) data */
+#endif /* PPP_SERVER */
+	int es_savedtime;		/* Saved timeout */
+	int es_rechallenge;		/* EAP rechallenge interval */
+	int es_lwrechallenge;		/* SRP lightweight rechallenge inter */
+	bool es_usepseudo;		/* Use SRP Pseudonym if offered one */
+	int es_usedpseudo;		/* Set if we already sent PN */
+	int es_challen;			/* Length of challenge string */
+	u_char es_challenge[EAP_MAX_CHALLENGE_LENGTH];
+} eap_state;
+#endif /* EAP_SUPPORT */
+
 /*
 * PPP interface control block.
 */
@ -320,6 +379,10 @@ typedef struct ppp_pcb_s {
  chap_server_state chap_server;
 #endif /* PPP_SERVER */
 #endif /* CHAP_SUPPORT */
+
+#if EAP_SUPPORT
+  eap_state eap;
+#endif /* EAP_SUPPORT */
 } ppp_pcb;

 /************************
--- a/src/netif/ppp/ppp_impl.h
+++ b/src/netif/ppp/ppp_impl.h
@ -40,10 +40,6 @@
 #include <stdio.h> /* formats */
 #include <stdarg.h>

-#ifndef bool
-typedef unsigned char	bool;
-#endif
-
 #include "lwip/netif.h"
 #include "lwip/def.h"
 #include "lwip/timers.h"