PPP, SERVER: added PAP authentication support

New ppp auth function: auth_check_passwd() which check the user name and
passwd against configuration.

PAP: check remote user and password

src/include/netif/ppp/ppp_impl.h

@@ -550,6 +550,8 @@ void start_networks(ppp_pcb *pcb);    /* start all the network control protos */
 void continue_networks(ppp_pcb *pcb); /* start network [ip, etc] control protos */
 #if PPP_AUTH_SUPPORT
 #if PPP_SERVER
+int auth_check_passwd(ppp_pcb *pcb, char *auser, int userlen, char *apasswd, int passwdlen, const char **msg, int *msglen);
+                                /* check the user name and passwd against configuration */
 void auth_peer_fail(ppp_pcb *pcb, int protocol);
 				/* peer failed to authenticate itself */
 void auth_peer_success(ppp_pcb *pcb, int protocol, int prot_flavor, const char *name, int namelen);

src/netif/ppp/auth.c

@@ -995,6 +995,36 @@ void continue_networks(ppp_pcb *pcb) {
 
 #if PPP_AUTH_SUPPORT
 #if PPP_SERVER
+/*
+ * auth_check_passwd - Check the user name and passwd against configuration.
+ *
+ * returns:
+ *      0: Authentication failed.
+ *      1: Authentication succeeded.
+ * In either case, msg points to an appropriate message and msglen to the message len.
+ */
+int auth_check_passwd(ppp_pcb *pcb, char *auser, int userlen, char *apasswd, int passwdlen, const char **msg, int *msglen) {
+  int secretuserlen;
+  int secretpasswdlen;
+
+  if (pcb->settings.user && pcb->settings.passwd) {
+    secretuserlen = strlen(pcb->settings.user);
+    secretpasswdlen = strlen(pcb->settings.passwd);
+    if (secretuserlen == userlen
+        && secretpasswdlen == passwdlen
+        && !memcmp(auser, pcb->settings.user, userlen)
+        && !memcmp(apasswd, pcb->settings.passwd, passwdlen) ) {
+      *msg = "Login ok";
+      *msglen = sizeof("Login ok")-1;
+      return 1;
+    }
+  }
+
+  *msg = "Login incorrect";
+  *msglen = sizeof("Login incorrect")-1;
+  return 0;
+}
+
 /*
  * The peer has failed to authenticate himself using `protocol'.
  */

src/netif/ppp/upap.c

@@ -359,9 +359,7 @@ static void upap_input(ppp_pcb *pcb, u_char *inpacket, int l) {
 static void upap_rauthreq(ppp_pcb *pcb, u_char *inp, int id, int len) {
     u_char ruserlen, rpasswdlen;
     char *ruser;
-#if 0
     char *rpasswd;
-#endif
     char rhostname[256];
     int retcode;
     const char *msg;
@@ -404,17 +402,18 @@ static void upap_rauthreq(ppp_pcb *pcb, u_char *inp, int id, int len) {
 	return;
     }
 
-    /* FIXME: we need a way to check peer secret */
-#if 0
     rpasswd = (char *) inp;
 
     /*
      * Check the username and password given.
      */
-    retcode = check_passwd(pcb->upap.us_unit, ruser, ruserlen, rpasswd,
+    retcode = UPAP_AUTHNAK;
-			   rpasswdlen, &msg);
+    if (auth_check_passwd(pcb, ruser, ruserlen, rpasswd, rpasswdlen, &msg, &msglen)) {
+      retcode = UPAP_AUTHACK;
+    }
     BZERO(rpasswd, rpasswdlen);
 
+#if 0 /* UNUSED */
     /*
      * Check remote number authorization.  A plugin may have filled in
      * the remote number or added an allowed number, and rather than
@@ -431,12 +430,7 @@ static void upap_rauthreq(ppp_pcb *pcb, u_char *inp, int id, int len) {
     msglen = strlen(msg);
     if (msglen > 255)
 	msglen = 255;
-#else
+#endif /* UNUSED */
-    /* only here to clean compiler warnings */
-    retcode = UPAP_AUTHNAK;
-    msg = NULL;
-    msglen = 0;
-#endif /* 0 */
 
     upap_sresp(pcb, retcode, id, msg, msglen);