mirror/lwip
1
0
Fork 0
mirror of https://github.com/lwip-tcpip/lwip.git synced 2024-07-07 21:38:50 +00:00
Code Issues Packages Projects Releases Wiki Activity

PPP, CCP, various fix if MPPE is enabled

Browse Source
This commit is contained in:
Sylvain Rochet 2015-03-19 01:25:52 +01:00
parent 794c93b540
commit 5937932370
7 changed files with 162 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/include/netif/ppp/chap_ms.h
View File

@ -76,6 +76,7 @@ extern u_char mppe_send_key[MPPE_MAX_KEY_LEN];
extern u_char mppe_recv_key[MPPE_MAX_KEY_LEN];
extern int mppe_keys_set;
#if 0 /* UNUSED */
/* These values are the RADIUS attribute values--see RFC 2548. */
#define MPPE_ENC_POL_ENC_ALLOWED 1
#define MPPE_ENC_POL_ENC_REQUIRED 2
@ -84,6 +85,7 @@ extern int mppe_keys_set;
/* used by plugins (using above values) */
extern void set_mppe_enc_types(int, int);
#endif /* UNUSED */
#endif
/* Are we the authenticator or authenticatee? For MS-CHAPv2 key derivation. */

121
src/include/netif/ppp/mppe.h Normal file
View File

@ -0,0 +1,121 @@
/*
* mppe.h - Definitions for MPPE
*
* Copyright (c) 2008 Paul Mackerras. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* 3. The name(s) of the authors of this software must not be used to
* endorse or promote products derived from this software without
* prior written permission.
*
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
* <paulus@samba.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
* SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#define MPPE_PAD 4 /* MPPE growth per frame */
#define MPPE_MAX_KEY_LEN 16 /* largest key length (128-bit) */
/* option bits for ccp_options.mppe */
#define MPPE_OPT_40 0x01 /* 40 bit */
#define MPPE_OPT_128 0x02 /* 128 bit */
#define MPPE_OPT_STATEFUL 0x04 /* stateful mode */
/* unsupported opts */
#define MPPE_OPT_56 0x08 /* 56 bit */
#define MPPE_OPT_MPPC 0x10 /* MPPC compression */
#define MPPE_OPT_D 0x20 /* Unknown */
#define MPPE_OPT_UNSUPPORTED (MPPE_OPT_56|MPPE_OPT_MPPC|MPPE_OPT_D)
#define MPPE_OPT_UNKNOWN 0x40 /* Bits !defined in RFC 3078 were set */
/*
* This is not nice ... the alternative is a bitfield struct though.
* And unfortunately, we cannot share the same bits for the option
* names above since C and H are the same bit. We could do a u_int32
* but then we have to do a htonl() all the time and/or we still need
* to know which octet is which.
*/
#define MPPE_C_BIT 0x01 /* MPPC */
#define MPPE_D_BIT 0x10 /* Obsolete, usage unknown */
#define MPPE_L_BIT 0x20 /* 40-bit */
#define MPPE_S_BIT 0x40 /* 128-bit */
#define MPPE_M_BIT 0x80 /* 56-bit, not supported */
#define MPPE_H_BIT 0x01 /* Stateless (in a different byte) */
/* Does not include H bit; used for least significant octet only. */
#define MPPE_ALL_BITS (MPPE_D_BIT|MPPE_L_BIT|MPPE_S_BIT|MPPE_M_BIT|MPPE_H_BIT)
/* Build a CI from mppe opts (see RFC 3078) */
#define MPPE_OPTS_TO_CI(opts, ci) \
do { \
u_char *ptr = ci; /* u_char[4] */ \
\
/* H bit */ \
if (opts & MPPE_OPT_STATEFUL) \
*ptr++ = 0x0; \
else \
*ptr++ = MPPE_H_BIT; \
*ptr++ = 0; \
*ptr++ = 0; \
\
/* S,L bits */ \
*ptr = 0; \
if (opts & MPPE_OPT_128) \
*ptr |= MPPE_S_BIT; \
if (opts & MPPE_OPT_40) \
*ptr |= MPPE_L_BIT; \
/* M,D,C bits not supported */ \
} while (/* CONSTCOND */ 0)
/* The reverse of the above */
#define MPPE_CI_TO_OPTS(ci, opts) \
do { \
u_char *ptr = ci; /* u_char[4] */ \
\
opts = 0; \
\
/* H bit */ \
if (!(ptr[0] & MPPE_H_BIT)) \
opts |= MPPE_OPT_STATEFUL; \
\
/* S,L bits */ \
if (ptr[3] & MPPE_S_BIT) \
opts |= MPPE_OPT_128; \
if (ptr[3] & MPPE_L_BIT) \
opts |= MPPE_OPT_40; \
\
/* M,D,C bits */ \
if (ptr[3] & MPPE_M_BIT) \
opts |= MPPE_OPT_56; \
if (ptr[3] & MPPE_D_BIT) \
opts |= MPPE_OPT_D; \
if (ptr[3] & MPPE_C_BIT) \
opts |= MPPE_OPT_MPPC; \
\
/* Other bits */ \
if (ptr[0] & ~MPPE_H_BIT) \
opts |= MPPE_OPT_UNKNOWN; \
if (ptr[1] || ptr[2]) \
opts |= MPPE_OPT_UNKNOWN; \
if (ptr[3] & ~MPPE_ALL_BITS) \
opts |= MPPE_OPT_UNKNOWN; \
} while (/* CONSTCOND */ 0)

54
src/include/netif/ppp/ppp.h
View File

@ -184,57 +184,61 @@ typedef void (*ppp_link_status_cb_fn)(ppp_pcb *pcb, int err_code, void *ctx);
typedef struct ppp_settings_s {
#if PPP_SERVER && PPP_AUTH_SUPPORT
unsigned int auth_required :1; /* Peer is required to authenticate */
unsigned int null_login :1; /* Username of "" and a password of "" are acceptable */
unsigned int auth_required :1; /* Peer is required to authenticate */
unsigned int null_login :1; /* Username of "" and a password of "" are acceptable */
#else
unsigned int :2; /* 2 bits of padding */
unsigned int :2; /* 2 bits of padding */
#endif /* PPP_SERVER && PPP_AUTH_SUPPORT */
#if PPP_REMOTENAME
unsigned int explicit_remote :1; /* remote_name specified with remotename opt */
unsigned int explicit_remote :1; /* remote_name specified with remotename opt */
#else
unsigned int :1; /* 1 bit of padding */
unsigned int :1; /* 1 bit of padding */
#endif /* PPP_REMOTENAME */
#if PAP_SUPPORT
unsigned int refuse_pap :1; /* Don't proceed auth. with PAP */
unsigned int refuse_pap :1; /* Don't proceed auth. with PAP */
#else
unsigned int :1; /* 1 bit of padding */
unsigned int :1; /* 1 bit of padding */
#endif /* PAP_SUPPORT */
#if CHAP_SUPPORT
unsigned int refuse_chap :1; /* Don't proceed auth. with CHAP */
unsigned int refuse_chap :1; /* Don't proceed auth. with CHAP */
#else
unsigned int :1; /* 1 bit of padding */
unsigned int :1; /* 1 bit of padding */
#endif /* CHAP_SUPPORT */
#if MSCHAP_SUPPORT
unsigned int refuse_mschap :1; /* Don't proceed auth. with MS-CHAP */
unsigned int refuse_mschap_v2 :1; /* Don't proceed auth. with MS-CHAPv2 */
unsigned int refuse_mschap :1; /* Don't proceed auth. with MS-CHAP */
unsigned int refuse_mschap_v2 :1; /* Don't proceed auth. with MS-CHAPv2 */
#else
unsigned int :2; /* 2 bits of padding */
unsigned int :2; /* 2 bits of padding */
#endif /* MSCHAP_SUPPORT */
#if EAP_SUPPORT
unsigned int refuse_eap :1; /* Don't proceed auth. with EAP */
unsigned int refuse_eap :1; /* Don't proceed auth. with EAP */
#else
unsigned int :1; /* 1 bit of padding */
unsigned int :1; /* 1 bit of padding */
#endif /* EAP_SUPPORT */
#if LWIP_DNS
unsigned int usepeerdns :1; /* Ask peer for DNS adds */
unsigned int usepeerdns :1; /* Ask peer for DNS adds */
#else
unsigned int :1; /* 1 bit of padding */
unsigned int :1; /* 1 bit of padding */
#endif /* LWIP_DNS */
unsigned int persist :1; /* Persist mode, always try to open the connection */
unsigned int persist :1; /* Persist mode, always try to open the connection */
#if PRINTPKT_SUPPORT
unsigned int hide_password :1; /* Hide password in dumped packets */
unsigned int hide_password :1; /* Hide password in dumped packets */
#else
unsigned int :1; /* 1 bit of padding */
unsigned int :1; /* 1 bit of padding */
#endif /* PRINTPKT_SUPPORT */
unsigned int noremoteip :1; /* Let him have no IP address */
unsigned int lax_recv :1; /* accept control chars in asyncmap */
unsigned int noendpoint :1; /* don't send/accept endpoint discriminator */
unsigned int noremoteip :1; /* Let him have no IP address */
unsigned int lax_recv :1; /* accept control chars in asyncmap */
unsigned int noendpoint :1; /* don't send/accept endpoint discriminator */
#if PPP_LCP_ADAPTIVE
unsigned int lcp_echo_adaptive :1; /* request echo only if the link was idle */
unsigned int lcp_echo_adaptive :1; /* request echo only if the link was idle */
#else
unsigned int :1; /* 1 bit of padding */
unsigned int :1; /* 1 bit of padding */
#endif
#ifdef MPPE
unsigned int refuse_mppe_stateful :1; /* Allow MPPE stateful mode? */
#else
unsigned int :1; /* 1 bit of padding */
#endif
unsigned int :1; /* 1 bit of padding to round out to 16 bits */
u16_t listen_time; /* time to listen first (ms), waiting for peer to send LCP packet */

2
src/netif/ppp/auth.c
View File

@ -954,7 +954,7 @@ void start_networks(ppp_pcb *pcb) {
ecp_required = ecp_gotoptions[unit].required;
#endif /* ECP_SUPPORT */
#ifdef MPPE
mppe_required = ccp_gotoptions[unit].mppe;
mppe_required = pcb->ccp_gotoptions.mppe;
#endif /* MPPE */
if (1

8
src/netif/ppp/ccp.c
View File

@ -62,7 +62,6 @@ static int setbsdcomp (char **);
static int setdeflate (char **);
static char bsd_value[8];
static char deflate_value[8];
#endif /* PPP_OPTIONS */
/*
* Option variables.
@ -71,7 +70,6 @@ static char deflate_value[8];
bool refuse_mppe_stateful = 1; /* Allow stateful mode? */
#endif
#if PPP_OPTIONS
static option_t ccp_option_list[] = {
{ "noccp", o_bool, &ccp_protent.enabled_flag,
"Disable CCP negotiation" },
@ -896,7 +894,7 @@ static int ccp_nakci(fsm *f, u_char *p, int len, int treat_as_reject) {
* Fail if we aren't willing to use his suggestion.
*/
MPPE_CI_TO_OPTS(&p[2], try_.mppe);
if ((try_.mppe & MPPE_OPT_STATEFUL) && refuse_mppe_stateful) {
if ((try_.mppe & MPPE_OPT_STATEFUL) && pcb->settings.refuse_mppe_stateful) {
ppp_error("Refusing MPPE stateful mode offered by peer");
try_.mppe = 0;
} else if (((go->mppe | MPPE_OPT_STATEFUL) & try_.mppe) != try_.mppe) {
@ -1049,7 +1047,7 @@ static int ccp_reqci(fsm *f, u_char *p, int *lenp, int dont_nak) {
u_char *p0, *retp;
int len, clen, type, nb;
#ifdef MPPE
bool rej_for_ci_mppe = 1; /* Are we rejecting based on a bad/missing */
u8_t rej_for_ci_mppe = 1; /* Are we rejecting based on a bad/missing */
/* CI_MPPE, or due to other options? */
#endif
@ -1098,7 +1096,7 @@ static int ccp_reqci(fsm *f, u_char *p, int *lenp, int dont_nak) {
* it if he can do it; stateful mode is bad over
* the Internet -- which is where we expect MPPE.
*/
if (refuse_mppe_stateful) {
if (pcb->settings.refuse_mppe_stateful) {
ppp_error("Refusing MPPE stateful mode offered by peer");
newret = CONFREJ;
break;

2
src/netif/ppp/chap_ms.c
View File

@ -857,6 +857,7 @@ void ChapMS2(u_char *rchallenge, u_char *PeerChallenge,
#endif
}
#if 0 /* UNUSED */
#ifdef MPPE
/*
* Set MPPE options from plugins.
@ -887,6 +888,7 @@ void set_mppe_enc_types(int policy, int types) {
}
}
#endif /* MPPE */
#endif /* UNUSED */
const struct chap_digest_type chapms_digest = {
CHAP_MICROSOFT, /* code */

4
src/netif/ppp/ppp.c
View File

@ -542,6 +542,10 @@ ppp_pcb *ppp_new(struct netif *pppif, ppp_link_status_cb_fn link_status_cb, void
#endif /* PPP_SERVER */
#endif /* EAP_SUPPORT */
#ifdef MPPE
pcb->settings.refuse_mppe_stateful = 1;
#endif /* MPPE */
pcb->settings.lcp_loopbackfail = LCP_DEFLOOPBACKFAIL;
pcb->settings.lcp_echo_interval = LCP_ECHOINTERVAL;
pcb->settings.lcp_echo_fails = LCP_MAXECHOFAILS;