mirror/lwip
1
0
Fork 0
mirror of https://github.com/lwip-tcpip/lwip.git synced 2024-09-13 02:05:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

CHAP support is now an optional compile-time feature

Browse Source
This commit is contained in:
Sylvain Rochet 2012-05-24 00:52:20 +02:00
parent 28360a7f26
commit 339925e835
10 changed files with 193 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
src/netif/ppp/auth.c
View File

@ -108,7 +108,9 @@
#include "ecp.h"
#include "ipcp.h"
#include "upap.h"
#if CHAP_SUPPORT
#include "chap-new.h"
#endif /* CHAP_SUPPORT */
#if EAP_SUPPORT
#include "eap.h"
#endif /* EAP_SUPPORT */
@ -763,7 +765,10 @@ link_established(unit)
set_allowed_addrs(unit, NULL, NULL);
#endif /* PPP_ALLOWED_ADDRS */
if (auth_required && !(go->neg_upap || go->neg_chap
if (auth_required && !(go->neg_upap
#if CHAP_SUPPORT
|| go->neg_chap
#endif /* CHAP_SUPPORT */
#if EAP_SUPPORT
|| go->neg_eap
#endif /* EAP_SUPPORT */
@ -798,10 +803,13 @@ link_established(unit)
auth |= EAP_PEER;
} else
#endif /* EAP_SUPPORT */
#if CHAP_SUPPORT
if (go->neg_chap) {
chap_auth_peer(unit, our_name, CHAP_DIGEST(go->chap_mdtype));
auth |= CHAP_PEER;
} else if (go->neg_upap) {
} else
#endif /* CHAP_SUPPORT */
if (go->neg_upap) {
upap_authpeer(unit);
auth |= PAP_PEER;
}
@ -811,10 +819,13 @@ link_established(unit)
auth |= EAP_WITHPEER;
} else
#endif /* EAP_SUPPORT */
#if CHAP_SUPPORT
if (ho->neg_chap) {
chap_auth_with_peer(unit, ppp_settings.user, CHAP_DIGEST(ho->chap_mdtype));
auth |= CHAP_WITHPEER;
} else if (ho->neg_upap) {
} else
#endif /* CHAP_SUPPORT */
if (ho->neg_upap) {
upap_authwithpeer(unit, ppp_settings.user, ppp_settings.passwd);
auth |= PAP_WITHPEER;
}
@ -844,7 +855,11 @@ network_phase(unit)
/*
* If the peer had to authenticate, run the auth-up script now.
*/
if (go->neg_chap || go->neg_upap
if (0
#if CHAP_SUPPORT
|| go->neg_chap
#endif /* CHAP_SUPPORT */
|| go->neg_upap
#if EAP_SUPPORT
|| go->neg_eap
#endif /* EAP_SUPPORT */
@ -967,6 +982,7 @@ auth_peer_success(unit, protocol, prot_flavor, name, namelen)
int bit;
switch (protocol) {
#if CHAP_SUPPORT
case PPP_CHAP:
bit = CHAP_PEER;
switch (prot_flavor) {
@ -983,6 +999,7 @@ auth_peer_success(unit, protocol, prot_flavor, name, namelen)
#endif /* MSCHAP_SUPPORT */
}
break;
#endif /* CHAP_SUPPORT */
case PPP_PAP:
bit = PAP_PEER;
break;
@ -1042,6 +1059,7 @@ auth_withpeer_success(unit, protocol, prot_flavor)
const char *prot = "";
switch (protocol) {
#if CHAP_SUPPORT
case PPP_CHAP:
bit = CHAP_WITHPEER;
prot = "CHAP";
@ -1059,6 +1077,7 @@ auth_withpeer_success(unit, protocol, prot_flavor)
#endif /* MSCHAP_SUPPORT */
}
break;
#endif /* CHAP_SUPPORT */
case PPP_PAP:
bit = PAP_WITHPEER;
prot = "PAP";
@ -1274,28 +1293,38 @@ auth_check_options()
default_auth = 1;
}
#if CHAP_SUPPORT
/* If we selected any CHAP flavors, we should probably negotiate it. :-) */
if (wo->chap_mdtype)
wo->neg_chap = 1;
#endif /* CHAP_SUPPORT */
/* If authentication is required, ask peer for CHAP, PAP, or EAP. */
if (auth_required) {
allow_any_ip = 0;
if (!wo->neg_chap && !wo->neg_upap
if (1
#if CHAP_SUPPORT
&& !wo->neg_chap
#endif /* CHAP_SUPPORT */
&& !wo->neg_upap
#if EAP_SUPPORT
&& !wo->neg_eap
#endif /* EAP_SUPPORT */
) {
#if CHAP_SUPPORT
wo->neg_chap = chap_mdtype_all != MDTYPE_NONE;
wo->chap_mdtype = chap_mdtype_all;
#endif /* CHAP_SUPPORT */
wo->neg_upap = 1;
#if EAP_SUPPORT
wo->neg_eap = 1;
#endif /* EAP_SUPPORT */
}
} else {
#if CHAP_SUPPORT
wo->neg_chap = 0;
wo->chap_mdtype = MDTYPE_NONE;
#endif /* CHAP_SUPPORT */
wo->neg_upap = 0;
#if EAP_SUPPORT
wo->neg_eap = 0;
@ -1309,13 +1338,20 @@ auth_check_options()
*/
lacks_ip = 0;
can_auth = wo->neg_upap && (uselogin || have_pap_secret(&lacks_ip));
if (!can_auth && (wo->neg_chap
if (!can_auth && (0
#if CHAP_SUPPORT
|| wo->neg_chap
#endif /* CHAP_SUPPORT */
#if EAP_SUPPORT
|| wo->neg_eap
#endif /* EAP_SUPPORT */
)) {
#if CHAP_SUPPORT
can_auth = have_chap_secret((explicit_remote? remote_name: NULL),
our_name, 1, &lacks_ip);
#else
can_auth = 0;
#endif
}
if (!can_auth
#if EAP_SUPPORT
@ -1378,6 +1414,7 @@ auth_reset(unit)
ao->neg_eap = !ppp_settings.refuse_eap;
#endif /* EAP_SUPPORT */
#if CHAP_SUPPORT
ao->chap_mdtype = MDTYPE_NONE;
if(!ppp_settings.refuse_chap)
ao->chap_mdtype |= MDTYPE_MD5;
@ -1389,24 +1426,29 @@ auth_reset(unit)
#endif /* MSCHAP_SUPPORT */
ao->neg_chap = (ao->chap_mdtype != MDTYPE_NONE);
#endif /* CHAP_SUPPORT */
} else {
ao->neg_upap = 0;
#if CHAP_SUPPORT
ao->neg_chap = 0;
ao->chap_mdtype = MDTYPE_NONE;
#endif /* CHAP_SUPPORT */
#if EAP_SUPPORT
ao->neg_eap = 0;
#endif /* EAP_SUPPORT */
ao->chap_mdtype = MDTYPE_NONE;
}
printf("neg_upap: %d\n", ao->neg_upap);
#if CHAP_SUPPORT
printf("neg_chap: %d\n", ao->neg_chap);
printf("neg_chap_md5: %d\n", !!(ao->chap_mdtype&MDTYPE_MD5) );
#if MSCHAP_SUPPORT
printf("neg_chap_ms: %d\n", !!(ao->chap_mdtype&MDTYPE_MICROSOFT) );
printf("neg_chap_ms2: %d\n", !!(ao->chap_mdtype&MDTYPE_MICROSOFT_V2) );
#endif /* MSCHAP_SUPPORT */
#endif /* CHAP_SUPPORT */
#if EAP_SUPPORT
printf("neg_eap: %d\n", ao->neg_eap);
#endif /* EAP_SUPPORT */
@ -1428,11 +1470,13 @@ auth_reset(unit)
#endif /* OLD CODE */
go->neg_upap = 0;
#if CHAP_SUPPORT
go->neg_chap = 0;
go->chap_mdtype = MDTYPE_NONE;
#endif /* CHAP_SUPPORT */
#if EAP_SUPPORT
go->neg_eap = 0;
#endif /* EAP_SUPPORT */
go->chap_mdtype = MDTYPE_NONE;
return;
#if 0
/* FIXME: find what the below stuff do */

5
src/netif/ppp/chap-md5.c
View File

@ -29,8 +29,7 @@
*/
#include "lwip/opt.h"
#define RCSID "$Id: chap-md5.c,v 1.4 2004/11/09 22:39:25 paulus Exp $"
#if PPP_SUPPORT && CHAP_SUPPORT /* don't build if not configured for use in lwipopts.h */
#include <stdlib.h>
#include <string.h>
@ -117,3 +116,5 @@ chap_md5_init(void)
{
chap_register_digest(&md5_digest);
}
#endif /* PPP_SUPPORT && CHAP_SUPPORT */

5
src/netif/ppp/chap-md5.h
View File

@ -28,4 +28,9 @@
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include "lwip/opt.h"
#if PPP_SUPPORT && CHAP_SUPPORT /* don't build if not configured for use in lwipopts.h */
extern void chap_md5_init(void);
#endif /* PPP_SUPPORT && CHAP_SUPPORT */

4
src/netif/ppp/chap-new.c
View File

@ -29,6 +29,8 @@
*/
#include "lwip/opt.h"
#if PPP_SUPPORT && CHAP_SUPPORT /* don't build if not configured for use in lwipopts.h */
#include "pppmy.h"
#define RCSID "$Id: chap-new.c,v 1.9 2007/06/19 02:08:35 carlsonj Exp $"
@ -670,3 +672,5 @@ struct protent chap_protent = {
NULL,
NULL
};
#endif /* PPP_SUPPORT && CHAP_SUPPORT */

3
src/netif/ppp/chap-new.h
View File

@ -29,6 +29,7 @@
*/
#include "lwip/opt.h"
#if PPP_SUPPORT && CHAP_SUPPORT /* don't build if not configured for use in lwipopts.h */
/*
* CHAP packets begin with a standard header with code, id, len (2 bytes).
@ -152,3 +153,5 @@ extern void chap_auth_with_peer(int unit, char *our_name, int digest_code);
/* Represents the CHAP protocol to the main pppd code */
extern struct protent chap_protent;
#endif /* PPP_SUPPORT && CHAP_SUPPORT */

116
src/netif/ppp/lcp.c
View File

@ -42,8 +42,6 @@
#include "lwip/opt.h"
#define RCSID "$Id: lcp.c,v 1.76 2006/05/22 00:04:07 paulus Exp $"
/*
* TODO:
*/
@ -56,11 +54,11 @@
#include "pppmy.h"
#include "fsm.h"
#include "lcp.h"
#if CHAP_SUPPORT
#include "chap-new.h"
#endif /* CHAP_SUPPORT */
#include "magic.h"
static const char rcsid[] = RCSID;
/*
* When the link comes up we want to be able to wait for a short while,
* or until seeing some input from the peer, before starting to send
@ -299,7 +297,9 @@ int lcp_loopbackfail = DEFLOOPBACKFAIL;
#define CILEN_VOID 2
#define CILEN_CHAR 3
#define CILEN_SHORT 4 /* CILEN_VOID + 2 */
#if CHAP_SUPPORT
#define CILEN_CHAP 5 /* CILEN_VOID + 2 + 1 */
#endif /* CHAP_SUPPORT */
#define CILEN_LONG 6 /* CILEN_VOID + 4 */
#define CILEN_LQR 8 /* CILEN_VOID + 2 + 4 */
#define CILEN_CBCP 3
@ -372,8 +372,10 @@ lcp_init(unit)
ao->neg_mru = 1;
ao->mru = MAXMRU;
ao->neg_asyncmap = 1;
#if CHAP_SUPPORT
ao->neg_chap = 1;
ao->chap_mdtype = chap_mdtype_all;
#endif /* CHAP_SUPPORT */
ao->neg_upap = 1;
#if EAP_SUPPORT
ao->neg_eap = 1;
@ -690,7 +692,9 @@ lcp_cilen(f)
lcp_options *go = &lcp_gotoptions[f->unit];
#define LENCIVOID(neg) ((neg) ? CILEN_VOID : 0)
#if CHAP_SUPPORT
#define LENCICHAP(neg) ((neg) ? CILEN_CHAP : 0)
#endif /* CHAP_SUPPORT */
#define LENCISHORT(neg) ((neg) ? CILEN_SHORT : 0)
#define LENCILONG(neg) ((neg) ? CILEN_LONG : 0)
#define LENCILQR(neg) ((neg) ? CILEN_LQR: 0)
@ -705,16 +709,21 @@ lcp_cilen(f)
#if EAP_SUPPORT
LENCISHORT(go->neg_eap) +
#endif /* EAP_SUPPORT */
#if CHAP_SUPPORT
LENCICHAP(
#if EAP_SUPPORT
!go->neg_eap &&
#endif /* EAP_SUPPORT */
go->neg_chap) +
#endif /* CHAP_SUPPORT */
LENCISHORT(
#if EAP_SUPPORT
!go->neg_eap &&
#endif /* EAP_SUPPORT */
!go->neg_chap && go->neg_upap) +
#if CHAP_SUPPORT
!go->neg_chap &&
#endif /* CHAP_SUPPORT */
go->neg_upap) +
LENCILQR(go->neg_lqr) +
LENCICBCP(go->neg_cbcp) +
LENCILONG(go->neg_magicnumber) +
@ -749,6 +758,7 @@ lcp_addci(f, ucp, lenp)
PUTCHAR(CILEN_SHORT, ucp); \
PUTSHORT(val, ucp); \
}
#if CHAP_SUPPORT
#define ADDCICHAP(opt, neg, val) \
if (neg) { \
PUTCHAR((opt), ucp); \
@ -756,6 +766,7 @@ lcp_addci(f, ucp, lenp)
PUTSHORT(PPP_CHAP, ucp); \
PUTCHAR((CHAP_DIGEST(val)), ucp); \
}
#endif /* CHAP_SUPPORT */
#define ADDCILONG(opt, neg, val) \
if (neg) { \
PUTCHAR(opt, ucp); \
@ -791,16 +802,21 @@ lcp_addci(f, ucp, lenp)
#if EAP_SUPPORT
ADDCISHORT(CI_AUTHTYPE, go->neg_eap, PPP_EAP);
#endif /* EAP_SUPPORT */
#if CHAP_SUPPORT
ADDCICHAP(CI_AUTHTYPE,
#if EAP_SUPPORT
!go->neg_eap &&
#endif /* EAP_SUPPORT */
go->neg_chap, go->chap_mdtype);
#endif /* CHAP_SUPPORT */
ADDCISHORT(CI_AUTHTYPE,
#if EAP_SUPPORT
!go->neg_eap &&
#endif /* EAP_SUPPORT */
!go->neg_chap && go->neg_upap, PPP_PAP);
#if CHAP_SUPPORT
!go->neg_chap &&
#endif /* CHAP_SUPPORT */
go->neg_upap, PPP_PAP);
ADDCILQR(CI_QUALITY, go->neg_lqr, go->lqr_period);
ADDCICHAR(CI_CALLBACK, go->neg_cbcp, CBCP_OPT);
ADDCILONG(CI_MAGICNUMBER, go->neg_magicnumber, go->magicnumber);
@ -878,6 +894,7 @@ lcp_ackci(f, p, len)
if (cichar != val) \
goto bad; \
}
#if CHAP_SUPPORT
#define ACKCICHAP(opt, neg, val) \
if (neg) { \
if ((len -= CILEN_CHAP) < 0) \
@ -894,6 +911,7 @@ lcp_ackci(f, p, len)
if (cichar != (CHAP_DIGEST(val))) \
goto bad; \
}
#endif /* CHAP_SUPPORT */
#define ACKCILONG(opt, neg, val) \
if (neg) { \
if ((len -= CILEN_LONG) < 0) \
@ -949,16 +967,21 @@ lcp_ackci(f, p, len)
#if EAP_SUPPORT
ACKCISHORT(CI_AUTHTYPE, go->neg_eap, PPP_EAP);
#endif /* EAP_SUPPORT */
#if CHAP_SUPPORT
ACKCICHAP(CI_AUTHTYPE,
#if EAP_SUPPORT
!go->neg_eap &&
#endif /* EAP_SUPPORT */
go->neg_chap, go->chap_mdtype);
#endif /* CHAP_SUPPORT */
ACKCISHORT(CI_AUTHTYPE,
#if EAP_SUPPORT
!go->neg_eap &&
#endif /* EAP_SUPPORT */
!go->neg_chap && go->neg_upap, PPP_PAP);
#if CHAP_SUPPORT
!go->neg_chap &&
#endif /* CHAP_SUPPORT */
go->neg_upap, PPP_PAP);
ACKCILQR(CI_QUALITY, go->neg_lqr, go->lqr_period);
ACKCICHAR(CI_CALLBACK, go->neg_cbcp, CBCP_OPT);
ACKCILONG(CI_MAGICNUMBER, go->neg_magicnumber, go->magicnumber);
@ -1025,6 +1048,7 @@ lcp_nakci(f, p, len, treat_as_reject)
no.neg = 1; \
try.neg = 0; \
}
#if CHAP_SUPPORT
#define NAKCICHAP(opt, neg, code) \
if (go->neg && \
len >= CILEN_CHAP && \
@ -1037,6 +1061,7 @@ lcp_nakci(f, p, len, treat_as_reject)
no.neg = 1; \
code \
}
#endif /* CHAP_SUPPORT */
#define NAKCICHAR(opt, neg, code) \
if (go->neg && \
len >= CILEN_CHAR && \
@ -1126,7 +1151,11 @@ lcp_nakci(f, p, len, treat_as_reject)
* they are proposing a different protocol, or a different
* hash algorithm for CHAP.
*/
if ((go->neg_chap || go->neg_upap
if ((0
#if CHAP_SUPPORT
|| go->neg_chap
#endif /* CHAP_SUPPORT */
|| go->neg_upap
#if EAP_SUPPORT
|| go->neg_eap
#endif /* EAP_SUPPORT */
@ -1135,7 +1164,9 @@ lcp_nakci(f, p, len, treat_as_reject)
&& p[0] == CI_AUTHTYPE && p[1] >= CILEN_SHORT && p[1] <= len) {
cilen = p[1];
len -= cilen;
#if CHAP_SUPPORT
no.neg_chap = go->neg_chap;
#endif /* CHAP_SUPPORT */
no.neg_upap = go->neg_upap;
#if EAP_SUPPORT
no.neg_eap = go->neg_eap;
@ -1150,17 +1181,21 @@ lcp_nakci(f, p, len, treat_as_reject)
else
#endif /* EAP_SUPPORT */
#if CHAP_SUPPORT
/* If we were asking for CHAP, then we need to stop that. */
if (go->neg_chap)
try.neg_chap = 0;
else
#endif /* CHAP_SUPPORT */
/*
* If we weren't asking for CHAP or EAP, then we were asking for
* PAP, in which case this Nak is bad.
*/
else
goto bad;
} else if (cishort == PPP_CHAP && cilen == CILEN_CHAP) {
}
#if CHAP_SUPPORT
else if (cishort == PPP_CHAP && cilen == CILEN_CHAP) {
GETCHAR(cichar, p);
#if EAP_SUPPORT
/* Stop asking for EAP, if we were. */
@ -1200,7 +1235,9 @@ lcp_nakci(f, p, len, treat_as_reject)
try.neg_upap = 0;
}
} else {
}
#endif /* CHAP_SUPPORT */
else {
#if EAP_SUPPORT
/*
@ -1218,9 +1255,12 @@ lcp_nakci(f, p, len, treat_as_reject)
try.neg_eap = 0;
else
#endif /* EAP_SUPPORT */
#if CHAP_SUPPORT
if (go->neg_chap)
try.neg_chap = 0;
else
#endif /* CHAP_SUPPORT */
try.neg_upap = 0;
p += cilen - CILEN_SHORT;
}
@ -1326,7 +1366,11 @@ lcp_nakci(f, p, len, treat_as_reject)
goto bad;
break;
case CI_AUTHTYPE:
if (go->neg_chap || no.neg_chap || go->neg_upap || no.neg_upap
if (0
#if CHAP_SUPPORT
|| go->neg_chap || no.neg_chap
#endif /* CHAP_SUPPORT */
|| go->neg_upap || no.neg_upap
#if EAP_SUPPORT
|| go->neg_eap || no.neg_eap
#endif /* EAP_SUPPORT */
@ -1443,7 +1487,8 @@ lcp_rejci(f, p, len)
goto bad; \
try.neg = 0; \
}
#if EAP_SUPPORT
#if CHAP_SUPPORT && EAP_SUPPORT
#define REJCICHAP(opt, neg, val) \
if (go->neg && \
len >= CILEN_CHAP && \
@ -1459,8 +1504,9 @@ lcp_rejci(f, p, len)
try.neg = 0; \
try.neg_eap = try.neg_upap = 0; \
}
#endif /* EAP_SUPPORT */
#if !EAP_SUPPORT
#endif /* CHAP_SUPPORT && EAP_SUPPORT */
#if CHAP_SUPPORT && !EAP_SUPPORT
#define REJCICHAP(opt, neg, val) \
if (go->neg && \
len >= CILEN_CHAP && \
@ -1476,7 +1522,8 @@ lcp_rejci(f, p, len)
try.neg = 0; \
try.neg_upap = 0; \
}
#endif /* !EAP_SUPPORT */
#endif /* CHAP_SUPPORT && !EAP_SUPPORT */
#define REJCILONG(opt, neg, val) \
if (go->neg && \
len >= CILEN_LONG && \
@ -1542,10 +1589,14 @@ lcp_rejci(f, p, len)
REJCISHORT(CI_AUTHTYPE, neg_eap, PPP_EAP);
if (!go->neg_eap) {
#endif /* EAP_SUPPORT */
#if CHAP_SUPPORT
REJCICHAP(CI_AUTHTYPE, neg_chap, go->chap_mdtype);
if (!go->neg_chap) {
#endif /* CHAP_SUPPORT */
REJCISHORT(CI_AUTHTYPE, neg_upap, PPP_PAP);
#if CHAP_SUPPORT
}
#endif /* CHAP_SUPPORT */
#if EAP_SUPPORT
}
#endif /* EAP_SUPPORT */
@ -1684,7 +1735,10 @@ lcp_reqci(f, inp, lenp, reject_if_disagree)
case CI_AUTHTYPE:
if (cilen < CILEN_SHORT ||
!(ao->neg_upap || ao->neg_chap
!(ao->neg_upap
#if CHAP_SUPPORT
|| ao->neg_chap
#endif /* CHAP_SUPPORT */
#if EAP_SUPPORT
|| ao->neg_eap
#endif /* EAP_SUPPORT */
@ -1711,7 +1765,10 @@ lcp_reqci(f, inp, lenp, reject_if_disagree)
if (cishort == PPP_PAP) {
/* we've already accepted CHAP or EAP */
if (ho->neg_chap
if (0
#if CHAP_SUPPORT
|| ho->neg_chap
#endif /* CHAP_SUPPORT */
#if EAP_SUPPORT
|| ho->neg_eap
#endif /* EAP_SUPPORT */
@ -1729,9 +1786,11 @@ lcp_reqci(f, inp, lenp, reject_if_disagree)
PUTSHORT(PPP_EAP, nakp);
} else {
#endif /* EAP_SUPPORT */
#if CHAP_SUPPORT
PUTCHAR(CILEN_CHAP, nakp);
PUTSHORT(PPP_CHAP, nakp);
PUTCHAR(CHAP_DIGEST(ao->chap_mdtype), nakp);
#endif /* CHAP_SUPPORT */
#if EAP_SUPPORT
}
#endif /* EAP_SUPPORT */
@ -1740,6 +1799,7 @@ lcp_reqci(f, inp, lenp, reject_if_disagree)
ho->neg_upap = 1;
break;
}
#if CHAP_SUPPORT
if (cishort == PPP_CHAP) {
/* we've already accepted PAP or EAP */
if (ho->neg_upap
@ -1783,10 +1843,15 @@ lcp_reqci(f, inp, lenp, reject_if_disagree)
ho->neg_chap = 1;
break;
}
#endif /* CHAP_SUPPORT */
#if EAP_SUPPORT
if (cishort == PPP_EAP) {
/* we've already accepted CHAP or PAP */
if (ho->neg_chap || ho->neg_upap || cilen != CILEN_SHORT) {
if (
#if CHAP_SUPPORT
ho->neg_chap ||
#endif /* CHAP_SUPPORT */
ho->neg_upap || cilen != CILEN_SHORT) {
LCPDEBUG(("lcp_reqci: rcvd AUTHTYPE EAP, rejecting..."));
orc = CONFREJ;
break;
@ -1794,14 +1859,18 @@ lcp_reqci(f, inp, lenp, reject_if_disagree)
if (!ao->neg_eap) { /* we don't want to do EAP */
orc = CONFNAK; /* NAK it and suggest CHAP or PAP */
PUTCHAR(CI_AUTHTYPE, nakp);
#if CHAP_SUPPORT
if (ao->neg_chap) {
PUTCHAR(CILEN_CHAP, nakp);
PUTSHORT(PPP_CHAP, nakp);
PUTCHAR(CHAP_DIGEST(ao->chap_mdtype), nakp);
} else {
#endif /* CHAP_SUPPORT */
PUTCHAR(CILEN_SHORT, nakp);
PUTSHORT(PPP_PAP, nakp);
#if CHAP_SUPPORT
}
#endif /* CHAP_SUPPORT */
break;
}
ho->neg_eap = 1;
@ -1824,11 +1893,14 @@ lcp_reqci(f, inp, lenp, reject_if_disagree)
PUTSHORT(PPP_EAP, nakp);
} else
#endif /* EAP_SUPPORT */
#if CHAP_SUPPORT
if (ao->neg_chap) {
PUTCHAR(CILEN_CHAP, nakp);
PUTSHORT(PPP_CHAP, nakp);
PUTCHAR(CHAP_DIGEST(ao->chap_mdtype), nakp);
} else {
} else
#endif CHAP_SUPPORT
{
PUTCHAR(CILEN_SHORT, nakp);
PUTSHORT(PPP_PAP, nakp);
}
@ -2169,6 +2241,7 @@ lcp_printpkt(p, plen, printer, arg)
case PPP_PAP:
printer(arg, "pap");
break;
#if CHAP_SUPPORT
case PPP_CHAP:
printer(arg, "chap");
if (p < optend) {
@ -2191,6 +2264,7 @@ lcp_printpkt(p, plen, printer, arg)
}
}
break;
#endif /* CHAP_SUPPORT */
case PPP_EAP:
printer(arg, "eap");
break;

4
src/netif/ppp/lcp.h
View File

@ -92,7 +92,9 @@ typedef struct lcp_options {
bool neg_mru; /* Negotiate the MRU? */
bool neg_asyncmap; /* Negotiate the async map? */
bool neg_upap; /* Ask for UPAP authentication? */
#if CHAP_SUPPORT
bool neg_chap; /* Ask for CHAP authentication? */
#endif /* CHAP_SUPPORT */
#if EAP_SUPPORT
bool neg_eap; /* Ask for EAP authentication? */
#endif /* EAP_SUPPORT */
@ -106,7 +108,9 @@ typedef struct lcp_options {
bool neg_endpoint; /* negotiate endpoint discriminator */
int mru; /* Value of MRU */
int mrru; /* Value of MRRU, and multilink enable */
#if CHAP_SUPPORT
u_char chap_mdtype; /* which MD types (hashing algorithm) */
#endif /* CHAP_SUPPORT */
u_int32_t asyncmap; /* Value of async map */
u_int32_t magicnumber;
int numloops; /* Number of loops during magic number neg. */

14
src/netif/ppp/ppp.c
View File

@ -103,7 +103,9 @@
#include "ipv6cp.h"
#endif
#include "upap.h"
#if CHAP_SUPPORT
#include "chap-new.h"
#endif /* CHAP_SUPPORT */
#if EAP_SUPPORT
#include "eap.h"
#endif /* EAP_SUPPORT */
@ -267,7 +269,9 @@ extern char *getlogin __P((void));
struct protent *protocols[] = {
&lcp_protent,
&pap_protent,
#if CHAP_SUPPORT
&chap_protent,
#endif /* CHAP_SUPPORT */
#if CBCP_SUPPORT
&cbcp_protent,
#endif
@ -1056,8 +1060,14 @@ get_input()
*/
if (phase <= PHASE_AUTHENTICATE
&& !(protocol == PPP_LCP || protocol == PPP_LQR
|| protocol == PPP_PAP || protocol == PPP_CHAP ||
protocol == PPP_EAP)) {
|| protocol == PPP_PAP
#if CHAP_SUPPORT
|| protocol == PPP_CHAP
#endif /* CHAP_SUPPORT */
#if EAP_SUPPORT
|| protocol == PPP_EAP
#endif /* EAP_SUPPORT */
)) {
dbglog("discarding proto 0x%x in phase %d",
protocol, phase);
return;

10
src/netif/ppp/pppmy.c
View File

@ -438,19 +438,29 @@ pppSetAuth(enum pppAuthType authType, const char *user, const char *passwd)
/* FIXME: the following may look stupid, but this is just an easy way
* to check different auth by changing compile time option
*/
ppp_settings.refuse_pap = 0;
#if CHAP_SUPPORT
ppp_settings.refuse_pap = 1;
ppp_settings.refuse_chap = 0;
#endif /* CHAP_SUPPORT */
#if MSCHAP_SUPPORT
ppp_settings.refuse_pap = 1;
ppp_settings.refuse_chap = 1;
ppp_settings.refuse_mschap = 1;
ppp_settings.refuse_mschap_v2 = 0;
#endif /* MSCHAP_SUPPORT */
#if EAP_SUPPORT
ppp_settings.refuse_pap = 1;
#if CHAP_SUPPORT
ppp_settings.refuse_chap = 1;
#if MSCHAP_SUPPORT
ppp_settings.refuse_mschap = 1;
ppp_settings.refuse_mschap_v2 = 1;
#endif /* MSCHAP_SUPPORT */
#endif /* CHAP_SUPPORT */
ppp_settings.refuse_eap = 0;
#endif /* EAP_SUPPORT */

6
src/netif/ppp/pppmy.h
View File

@ -47,7 +47,9 @@ struct ppp_settings {
u_int auth_required : 1; /* Peer is required to authenticate */
u_int explicit_remote : 1; /* remote_name specified with remotename opt */
u_int refuse_pap : 1; /* Don't wanna auth. ourselves with PAP */
#if CHAP_SUPPORT
u_int refuse_chap : 1; /* Don't wanna auth. ourselves with CHAP */
#endif /* CHAP_SUPPORT */
#if MSCHAP_SUPPORT
u_int refuse_mschap : 1; /* Don't wanna auth. ourselves with MS-CHAP */
u_int refuse_mschap_v2 : 1; /* Don't wanna auth. ourselves with MS-CHAPv2 */
@ -112,7 +114,9 @@ enum pppAuthType {
PPPAUTHTYPE_NONE,
PPPAUTHTYPE_ANY,
PPPAUTHTYPE_PAP,
PPPAUTHTYPE_CHAP
#if CHAP_SUPPORT
PPPAUTHTYPE_CHAP,
#endif /* CHAP_SUPPORT */
};
void pppSetAuth(enum pppAuthType authType, const char *user, const char *passwd);