From 482a18e6ded1e060d89acd7a090846062203277e Mon Sep 17 00:00:00 2001 From: Sylvain Rochet Date: Wed, 24 Dec 2014 17:17:00 +0100 Subject: [PATCH] PPP, added const modifier on auth strings --- src/include/netif/ppp/chap-new.h | 20 +++++++++---------- src/include/netif/ppp/eap.h | 8 ++++---- src/include/netif/ppp/ppp.h | 6 +++--- src/include/netif/ppp/ppp_impl.h | 4 ++-- src/include/netif/ppp/upap.h | 6 +++--- src/netif/ppp/auth.c | 4 ++-- src/netif/ppp/chap-md5.c | 18 ++++++++--------- src/netif/ppp/chap-new.c | 25 ++++++++++++----------- src/netif/ppp/chap_ms.c | 34 ++++++++++++++++---------------- src/netif/ppp/eap.c | 6 +++--- src/netif/ppp/ppp.c | 2 +- src/netif/ppp/upap.c | 2 +- 12 files changed, 68 insertions(+), 67 deletions(-) diff --git a/src/include/netif/ppp/chap-new.h b/src/include/netif/ppp/chap-new.h index 6846bbf7..5753fb60 100644 --- a/src/include/netif/ppp/chap-new.h +++ b/src/include/netif/ppp/chap-new.h @@ -133,14 +133,14 @@ struct chap_digest_type { * a length byte followed by the actual challenge/response data. */ void (*generate_challenge)(unsigned char *challenge); - int (*verify_response)(int id, char *name, - unsigned char *secret, int secret_len, - unsigned char *challenge, unsigned char *response, + int (*verify_response)(int id, const char *name, + const unsigned char *secret, int secret_len, + const unsigned char *challenge, const unsigned char *response, char *message, int message_space); #endif /* PPP_SERVER */ - void (*make_response)(unsigned char *response, int id, char *our_name, - unsigned char *challenge, char *secret, int secret_len, - unsigned char *priv); + void (*make_response)(unsigned char *response, int id, const char *our_name, + const unsigned char *challenge, const char *secret, int secret_len, + const unsigned char *priv); int (*check_success)(unsigned char *pkt, int len, unsigned char *priv); void (*handle_failure)(unsigned char *pkt, int len); }; @@ -151,7 +151,7 @@ struct chap_digest_type { #if CHAP_SUPPORT typedef struct chap_client_state { u8_t flags; - char *name; + const char *name; const struct chap_digest_type *digest; unsigned char priv[64]; /* private area for digest's use */ } chap_client_state; @@ -160,7 +160,7 @@ typedef struct chap_client_state { typedef struct chap_server_state { u8_t flags; int id; - char *name; + const char *name; const struct chap_digest_type *digest; int challenge_xmits; int challenge_pktlen; @@ -180,11 +180,11 @@ extern int (*chap_verify_hook)(char *name, char *ourname, int id, #if PPP_SERVER /* Called by authentication code to start authenticating the peer. */ -extern void chap_auth_peer(ppp_pcb *pcb, char *our_name, int digest_code); +extern void chap_auth_peer(ppp_pcb *pcb, const char *our_name, int digest_code); #endif /* PPP_SERVER */ /* Called by auth. code to start authenticating us to the peer. */ -extern void chap_auth_with_peer(ppp_pcb *pcb, char *our_name, int digest_code); +extern void chap_auth_with_peer(ppp_pcb *pcb, const char *our_name, int digest_code); /* Represents the CHAP protocol to the main pppd code */ extern const struct protent chap_protent; diff --git a/src/include/netif/ppp/eap.h b/src/include/netif/ppp/eap.h index c92f2dc0..cab69018 100644 --- a/src/include/netif/ppp/eap.h +++ b/src/include/netif/ppp/eap.h @@ -113,8 +113,8 @@ enum eap_state_code { }; struct eap_auth { - char *ea_name; /* Our name */ - char *ea_peer; /* Peer's name */ + const char *ea_name; /* Our name */ + char *ea_peer; /* Peer's name */ void *ea_session; /* Authentication library linkage */ u_char *ea_skey; /* Shared encryption key */ u_short ea_namelen; /* Length of our name */ @@ -154,8 +154,8 @@ typedef struct eap_state { #define EAP_DEFALLOWREQ 20 /* max # times to accept requests */ #endif /* moved to opt.h */ -void eap_authwithpeer(ppp_pcb *pcb, char *localname); -void eap_authpeer(ppp_pcb *pcb, char *localname); +void eap_authwithpeer(ppp_pcb *pcb, const char *localname); +void eap_authpeer(ppp_pcb *pcb, const char *localname); extern const struct protent eap_protent; diff --git a/src/include/netif/ppp/ppp.h b/src/include/netif/ppp/ppp.h index 49a45867..2a25a7f9 100644 --- a/src/include/netif/ppp/ppp.h +++ b/src/include/netif/ppp/ppp.h @@ -250,8 +250,8 @@ typedef struct ppp_settings_s { #endif /* PPP_MAXCONNECT */ /* auth data */ - char *user; /* Username for PAP */ - char *passwd; /* Password for PAP, secret for CHAP */ + const char *user; /* Username for PAP */ + const char *passwd; /* Password for PAP, secret for CHAP */ #if PPP_SERVER char our_name [MAXNAMELEN + 1]; /* Our name for authentication purposes */ #endif /* PPP_SERVER */ @@ -515,7 +515,7 @@ void ppp_set_default(ppp_pcb *pcb); #define PPPAUTHTYPE_EAP 0x08 #define PPPAUTHTYPE_ANY 0xff -void ppp_set_auth(ppp_pcb *pcb, u8_t authtype, char *user, char *passwd); +void ppp_set_auth(ppp_pcb *pcb, u8_t authtype, const char *user, const char *passwd); #if PPP_NOTIFY_PHASE /* diff --git a/src/include/netif/ppp/ppp_impl.h b/src/include/netif/ppp/ppp_impl.h index 1030eb85..8833ee7a 100644 --- a/src/include/netif/ppp/ppp_impl.h +++ b/src/include/netif/ppp/ppp_impl.h @@ -508,7 +508,7 @@ void continue_networks(ppp_pcb *pcb); /* start network [ip, etc] control protos #if PPP_SERVER void auth_peer_fail(ppp_pcb *pcb, int protocol); /* peer failed to authenticate itself */ -void auth_peer_success(ppp_pcb *pcb, int protocol, int prot_flavor, char *name, int namelen); +void auth_peer_success(ppp_pcb *pcb, int protocol, int prot_flavor, const char *name, int namelen); /* peer successfully authenticated itself */ #endif /* PPP_SERVER */ void auth_withpeer_fail(ppp_pcb *pcb, int protocol); @@ -519,7 +519,7 @@ void np_up(ppp_pcb *pcb, int proto); /* a network protocol has come up */ void np_down(ppp_pcb *pcb, int proto); /* a network protocol has gone down */ void np_finished(ppp_pcb *pcb, int proto); /* a network protocol no longer needs link */ void auth_reset(ppp_pcb *pcb); /* check what secrets we have */ -int get_secret(ppp_pcb *pcb, char *client, char *server, char *secret, int *secret_len, int am_server); +int get_secret(ppp_pcb *pcb, const char *client, const char *server, char *secret, int *secret_len, int am_server); /* get "secret" for chap */ /* Procedures exported from ipcp.c */ diff --git a/src/include/netif/ppp/upap.h b/src/include/netif/ppp/upap.h index edd3bf45..bb9309bd 100644 --- a/src/include/netif/ppp/upap.h +++ b/src/include/netif/ppp/upap.h @@ -98,9 +98,9 @@ */ #if PAP_SUPPORT typedef struct upap_state { - char *us_user; /* User */ + const char *us_user; /* User */ u8_t us_userlen; /* User length */ - char *us_passwd; /* Password */ + const char *us_passwd; /* Password */ u8_t us_passwdlen; /* Password length */ u8_t us_clientstate; /* Client state */ #if PPP_SERVER @@ -112,7 +112,7 @@ typedef struct upap_state { #endif /* PAP_SUPPORT */ -void upap_authwithpeer(ppp_pcb *pcb, char *user, char *password); +void upap_authwithpeer(ppp_pcb *pcb, const char *user, const char *password); #if PPP_SERVER void upap_authpeer(ppp_pcb *pcb); #endif /* PPP_SERVER */ diff --git a/src/netif/ppp/auth.c b/src/netif/ppp/auth.c index bc16270a..b98691e3 100644 --- a/src/netif/ppp/auth.c +++ b/src/netif/ppp/auth.c @@ -1018,7 +1018,7 @@ void auth_peer_fail(ppp_pcb *pcb, int protocol) { /* * The peer has been successfully authenticated using `protocol'. */ -void auth_peer_success(ppp_pcb *pcb, int protocol, int prot_flavor, char *name, int namelen) { +void auth_peer_success(ppp_pcb *pcb, int protocol, int prot_flavor, const char *name, int namelen) { int bit; switch (protocol) { @@ -1943,7 +1943,7 @@ have_srp_secret(client, server, need_ip, lacks_ipp) * for authenticating the given client on the given server. * (We could be either client or server). */ -int get_secret(ppp_pcb *pcb, char *client, char *server, char *secret, int *secret_len, int am_server) { +int get_secret(ppp_pcb *pcb, const char *client, const char *server, char *secret, int *secret_len, int am_server) { int len; LWIP_UNUSED_ARG(server); diff --git a/src/netif/ppp/chap-md5.c b/src/netif/ppp/chap-md5.c index 22fdc81d..70b879a1 100644 --- a/src/netif/ppp/chap-md5.c +++ b/src/netif/ppp/chap-md5.c @@ -62,9 +62,9 @@ static void chap_md5_generate_challenge(unsigned char *cp) { random_bytes(cp, clen); } -static int chap_md5_verify_response(int id, char *name, - unsigned char *secret, int secret_len, - unsigned char *challenge, unsigned char *response, +static int chap_md5_verify_response(int id, const char *name, + const unsigned char *secret, int secret_len, + const unsigned char *challenge, const unsigned char *response, char *message, int message_space) { md5_context ctx; unsigned char idbyte = id; @@ -78,8 +78,8 @@ static int chap_md5_verify_response(int id, char *name, /* Generate hash of ID, secret, challenge */ md5_starts(&ctx); md5_update(&ctx, &idbyte, 1); - md5_update(&ctx, secret, secret_len); - md5_update(&ctx, challenge, challenge_len); + md5_update(&ctx, (unsigned char*)secret, secret_len); + md5_update(&ctx, (unsigned char*)challenge, challenge_len); md5_finish(&ctx, hash); /* Test if our hash matches the peer's response */ @@ -93,9 +93,9 @@ static int chap_md5_verify_response(int id, char *name, } #endif /* PPP_SERVER */ -static void chap_md5_make_response(unsigned char *response, int id, char *our_name, - unsigned char *challenge, char *secret, int secret_len, - unsigned char *private_) { +static void chap_md5_make_response(unsigned char *response, int id, const char *our_name, + const unsigned char *challenge, const char *secret, int secret_len, + const unsigned char *private_) { md5_context ctx; unsigned char idbyte = id; int challenge_len = *challenge++; @@ -105,7 +105,7 @@ static void chap_md5_make_response(unsigned char *response, int id, char *our_na md5_starts(&ctx); md5_update(&ctx, &idbyte, 1); md5_update(&ctx, (u_char *)secret, secret_len); - md5_update(&ctx, challenge, challenge_len); + md5_update(&ctx, (unsigned char *)challenge, challenge_len); md5_finish(&ctx, &response[1]); response[0] = MD5_HASH_SIZE; } diff --git a/src/netif/ppp/chap-new.c b/src/netif/ppp/chap-new.c index 8d339506..8432dac2 100644 --- a/src/netif/ppp/chap-new.c +++ b/src/netif/ppp/chap-new.c @@ -49,9 +49,9 @@ #endif /* Hook for a plugin to validate CHAP challenge */ -int (*chap_verify_hook)(char *name, char *ourname, int id, +int (*chap_verify_hook)(const char *name, const char *ourname, int id, const struct chap_digest_type *digest, - unsigned char *challenge, unsigned char *response, + const unsigned char *challenge, const unsigned char *response, char *message, int message_space) = NULL; #if PPP_OPTIONS @@ -89,9 +89,9 @@ static void chap_timeout(void *arg); static void chap_generate_challenge(ppp_pcb *pcb); static void chap_handle_response(ppp_pcb *pcb, int code, unsigned char *pkt, int len); -static int chap_verify_response(char *name, char *ourname, int id, +static int chap_verify_response(const char *name, const char *ourname, int id, const struct chap_digest_type *digest, - unsigned char *challenge, unsigned char *response, + const unsigned char *challenge, const unsigned char *response, char *message, int message_space); #endif /* PPP_SERVER */ static void chap_respond(ppp_pcb *pcb, int id, @@ -155,7 +155,7 @@ static void chap_lowerdown(ppp_pcb *pcb) { * If the lower layer is already up, we start sending challenges, * otherwise we wait for the lower layer to come up. */ -void chap_auth_peer(ppp_pcb *pcb, char *our_name, int digest_code) { +void chap_auth_peer(ppp_pcb *pcb, const char *our_name, int digest_code) { struct chap_server_state *ss = &pcb->chap_server; const struct chap_digest_type *dp; int i; @@ -185,7 +185,7 @@ void chap_auth_peer(ppp_pcb *pcb, char *our_name, int digest_code) { * chap_auth_with_peer - Prepare to authenticate ourselves to the peer. * There isn't much to do until we receive a challenge. */ -void chap_auth_with_peer(ppp_pcb *pcb, char *our_name, int digest_code) { +void chap_auth_with_peer(ppp_pcb *pcb, const char *our_name, int digest_code) { const struct chap_digest_type *dp; int i; @@ -277,11 +277,12 @@ static void chap_generate_challenge(ppp_pcb *pcb) { static void chap_handle_response(ppp_pcb *pcb, int id, unsigned char *pkt, int len) { int response_len, ok, mlen; - unsigned char *response, *outp; + const unsigned char *response; + unsigned char *outp; struct pbuf *p; - char *name = NULL; /* initialized to shut gcc up */ - int (*verifier)(char *, char *, int, const struct chap_digest_type *, - unsigned char *, unsigned char *, char *, int); + const char *name = NULL; /* initialized to shut gcc up */ + int (*verifier)(const char *, const char *, int, const struct chap_digest_type *, + const unsigned char *, const unsigned char *, char *, int); char rname[MAXNAMELEN+1]; if ((pcb->chap_server.flags & LOWERUP) == 0) @@ -394,9 +395,9 @@ static void chap_handle_response(ppp_pcb *pcb, int id, * what we think it should be. Returns 1 if it does (authentication * succeeded), or 0 if it doesn't. */ -static int chap_verify_response(char *name, char *ourname, int id, +static int chap_verify_response(const char *name, const char *ourname, int id, const struct chap_digest_type *digest, - unsigned char *challenge, unsigned char *response, + const unsigned char *challenge, const unsigned char *response, char *message, int message_space) { int ok; unsigned char secret[MAXSECRETLEN]; diff --git a/src/netif/ppp/chap_ms.c b/src/netif/ppp/chap_ms.c index e921b1e5..e0b67d43 100644 --- a/src/netif/ppp/chap_ms.c +++ b/src/netif/ppp/chap_ms.c @@ -201,9 +201,9 @@ static void chapms2_generate_challenge(unsigned char *challenge) { random_bytes(challenge, 16); } -static int chapms_verify_response(int id, char *name, - unsigned char *secret, int secret_len, - unsigned char *challenge, unsigned char *response, +static int chapms_verify_response(int id, const char *name, + const unsigned char *secret, int secret_len, + const unsigned char *challenge, const unsigned char *response, char *message, int message_space) { unsigned char md[MS_CHAP_RESPONSE_LEN]; int diff; @@ -225,7 +225,7 @@ static int chapms_verify_response(int id, char *name, #endif /* Generate the expected response. */ - ChapMS(challenge, (char *)secret, secret_len, md); + ChapMS((u_char *)challenge, (char *)secret, secret_len, md); #ifdef MSLANMAN /* Determine which part of response to verify against */ @@ -249,9 +249,9 @@ static int chapms_verify_response(int id, char *name, return 0; } -static int chapms2_verify_response(int id, char *name, - unsigned char *secret, int secret_len, - unsigned char *challenge, unsigned char *response, +static int chapms2_verify_response(int id, const char *name, + const unsigned char *secret, int secret_len, + const unsigned char *challenge, const unsigned char *response, char *message, int message_space) { unsigned char md[MS_CHAP2_RESPONSE_LEN]; char saresponse[MS_AUTH_RESPONSE_LENGTH+1]; @@ -264,7 +264,7 @@ static int chapms2_verify_response(int id, char *name, goto bad; /* not even the right length */ /* Generate the expected response and our mutual auth. */ - ChapMS2(challenge, &response[MS_CHAP2_PEER_CHALLENGE], name, + ChapMS2((u_char*)challenge, (u_char*)&response[MS_CHAP2_PEER_CHALLENGE], (char*)name, (char *)secret, secret_len, md, (unsigned char *)saresponse, MS_CHAP2_AUTHENTICATOR); @@ -326,30 +326,30 @@ static int chapms2_verify_response(int id, char *name, } #endif /* PPP_SERVER */ -static void chapms_make_response(unsigned char *response, int id, char *our_name, - unsigned char *challenge, char *secret, int secret_len, - unsigned char *private_) { +static void chapms_make_response(unsigned char *response, int id, const char *our_name, + const unsigned char *challenge, const char *secret, int secret_len, + const unsigned char *private_) { LWIP_UNUSED_ARG(id); LWIP_UNUSED_ARG(our_name); LWIP_UNUSED_ARG(private_); challenge++; /* skip length, should be 8 */ *response++ = MS_CHAP_RESPONSE_LEN; - ChapMS(challenge, secret, secret_len, response); + ChapMS((u_char*)challenge, (char*)secret, secret_len, response); } -static void chapms2_make_response(unsigned char *response, int id, char *our_name, - unsigned char *challenge, char *secret, int secret_len, - unsigned char *private_) { +static void chapms2_make_response(unsigned char *response, int id, const char *our_name, + const unsigned char *challenge, const char *secret, int secret_len, + const unsigned char *private_) { LWIP_UNUSED_ARG(id); challenge++; /* skip length, should be 16 */ *response++ = MS_CHAP2_RESPONSE_LEN; - ChapMS2(challenge, + ChapMS2((u_char*)challenge, #ifdef DEBUGMPPEKEY mschap2_peer_challenge, #else NULL, #endif - our_name, secret, secret_len, response, private_, + (char*)our_name, (char*)secret, secret_len, response, (u_char*)private_, MS_CHAP2_AUTHENTICATEE); } diff --git a/src/netif/ppp/eap.c b/src/netif/ppp/eap.c index 1c7013f5..5016eac5 100644 --- a/src/netif/ppp/eap.c +++ b/src/netif/ppp/eap.c @@ -227,7 +227,7 @@ static void eap_client_timeout(void *arg) { * Start client state and wait for requests. This is called only * after eap_lowerup. */ -void eap_authwithpeer(ppp_pcb *pcb, char *localname) { +void eap_authwithpeer(ppp_pcb *pcb, const char *localname) { if(NULL == localname) return; @@ -886,7 +886,7 @@ static void eap_send_request(ppp_pcb *pcb) { * Start server state and send first request. This is called only * after eap_lowerup. */ -void eap_authpeer(ppp_pcb *pcb, char *localname) { +void eap_authpeer(ppp_pcb *pcb, const char *localname) { /* Save the name we're given. */ pcb->eap.es_server.ea_name = localname; @@ -1073,7 +1073,7 @@ static void eap_send_response(ppp_pcb *pcb, u_char id, u_char typenum, u_char *s /* * Format and send an MD5-Challenge EAP Response message. */ -static void eap_chap_response(ppp_pcb *pcb, u_char id, u_char *hash, char *name, int namelen) { +static void eap_chap_response(ppp_pcb *pcb, u_char id, u_char *hash, const char *name, int namelen) { struct pbuf *p; u_char *outp; int msglen; diff --git a/src/netif/ppp/ppp.c b/src/netif/ppp/ppp.c index 7693258d..acbe99d3 100644 --- a/src/netif/ppp/ppp.c +++ b/src/netif/ppp/ppp.c @@ -302,7 +302,7 @@ void ppp_set_default(ppp_pcb *pcb) { netif_set_default(&pcb->netif); } -void ppp_set_auth(ppp_pcb *pcb, u8_t authtype, char *user, char *passwd) { +void ppp_set_auth(ppp_pcb *pcb, u8_t authtype, const char *user, const char *passwd) { #if PAP_SUPPORT if (authtype & PPPAUTHTYPE_PAP) { diff --git a/src/netif/ppp/upap.c b/src/netif/ppp/upap.c index 1bdbdefa..14f80b6d 100644 --- a/src/netif/ppp/upap.c +++ b/src/netif/ppp/upap.c @@ -151,7 +151,7 @@ static void upap_init(ppp_pcb *pcb) { * * Set new state and send authenticate's. */ -void upap_authwithpeer(ppp_pcb *pcb, char *user, char *password) { +void upap_authwithpeer(ppp_pcb *pcb, const char *user, const char *password) { if(!user || !password) return;