mirror of
https://github.com/lwip-tcpip/lwip.git
synced 2024-10-05 22:29:49 +00:00
PPP, CCP, various fix if MPPE is enabled
This commit is contained in:
parent
794c93b540
commit
5937932370
@ -76,6 +76,7 @@ extern u_char mppe_send_key[MPPE_MAX_KEY_LEN];
|
||||
extern u_char mppe_recv_key[MPPE_MAX_KEY_LEN];
|
||||
extern int mppe_keys_set;
|
||||
|
||||
#if 0 /* UNUSED */
|
||||
/* These values are the RADIUS attribute values--see RFC 2548. */
|
||||
#define MPPE_ENC_POL_ENC_ALLOWED 1
|
||||
#define MPPE_ENC_POL_ENC_REQUIRED 2
|
||||
@ -84,6 +85,7 @@ extern int mppe_keys_set;
|
||||
|
||||
/* used by plugins (using above values) */
|
||||
extern void set_mppe_enc_types(int, int);
|
||||
#endif /* UNUSED */
|
||||
#endif
|
||||
|
||||
/* Are we the authenticator or authenticatee? For MS-CHAPv2 key derivation. */
|
||||
|
121
src/include/netif/ppp/mppe.h
Normal file
121
src/include/netif/ppp/mppe.h
Normal file
@ -0,0 +1,121 @@
|
||||
/*
|
||||
* mppe.h - Definitions for MPPE
|
||||
*
|
||||
* Copyright (c) 2008 Paul Mackerras. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
*
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
*
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in
|
||||
* the documentation and/or other materials provided with the
|
||||
* distribution.
|
||||
*
|
||||
* 3. The name(s) of the authors of this software must not be used to
|
||||
* endorse or promote products derived from this software without
|
||||
* prior written permission.
|
||||
*
|
||||
* 4. Redistributions of any form whatsoever must retain the following
|
||||
* acknowledgment:
|
||||
* "This product includes software developed by Paul Mackerras
|
||||
* <paulus@samba.org>".
|
||||
*
|
||||
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
|
||||
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
|
||||
* AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
|
||||
* SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
|
||||
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
|
||||
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
#define MPPE_PAD 4 /* MPPE growth per frame */
|
||||
#define MPPE_MAX_KEY_LEN 16 /* largest key length (128-bit) */
|
||||
|
||||
/* option bits for ccp_options.mppe */
|
||||
#define MPPE_OPT_40 0x01 /* 40 bit */
|
||||
#define MPPE_OPT_128 0x02 /* 128 bit */
|
||||
#define MPPE_OPT_STATEFUL 0x04 /* stateful mode */
|
||||
/* unsupported opts */
|
||||
#define MPPE_OPT_56 0x08 /* 56 bit */
|
||||
#define MPPE_OPT_MPPC 0x10 /* MPPC compression */
|
||||
#define MPPE_OPT_D 0x20 /* Unknown */
|
||||
#define MPPE_OPT_UNSUPPORTED (MPPE_OPT_56|MPPE_OPT_MPPC|MPPE_OPT_D)
|
||||
#define MPPE_OPT_UNKNOWN 0x40 /* Bits !defined in RFC 3078 were set */
|
||||
|
||||
/*
|
||||
* This is not nice ... the alternative is a bitfield struct though.
|
||||
* And unfortunately, we cannot share the same bits for the option
|
||||
* names above since C and H are the same bit. We could do a u_int32
|
||||
* but then we have to do a htonl() all the time and/or we still need
|
||||
* to know which octet is which.
|
||||
*/
|
||||
#define MPPE_C_BIT 0x01 /* MPPC */
|
||||
#define MPPE_D_BIT 0x10 /* Obsolete, usage unknown */
|
||||
#define MPPE_L_BIT 0x20 /* 40-bit */
|
||||
#define MPPE_S_BIT 0x40 /* 128-bit */
|
||||
#define MPPE_M_BIT 0x80 /* 56-bit, not supported */
|
||||
#define MPPE_H_BIT 0x01 /* Stateless (in a different byte) */
|
||||
|
||||
/* Does not include H bit; used for least significant octet only. */
|
||||
#define MPPE_ALL_BITS (MPPE_D_BIT|MPPE_L_BIT|MPPE_S_BIT|MPPE_M_BIT|MPPE_H_BIT)
|
||||
|
||||
/* Build a CI from mppe opts (see RFC 3078) */
|
||||
#define MPPE_OPTS_TO_CI(opts, ci) \
|
||||
do { \
|
||||
u_char *ptr = ci; /* u_char[4] */ \
|
||||
\
|
||||
/* H bit */ \
|
||||
if (opts & MPPE_OPT_STATEFUL) \
|
||||
*ptr++ = 0x0; \
|
||||
else \
|
||||
*ptr++ = MPPE_H_BIT; \
|
||||
*ptr++ = 0; \
|
||||
*ptr++ = 0; \
|
||||
\
|
||||
/* S,L bits */ \
|
||||
*ptr = 0; \
|
||||
if (opts & MPPE_OPT_128) \
|
||||
*ptr |= MPPE_S_BIT; \
|
||||
if (opts & MPPE_OPT_40) \
|
||||
*ptr |= MPPE_L_BIT; \
|
||||
/* M,D,C bits not supported */ \
|
||||
} while (/* CONSTCOND */ 0)
|
||||
|
||||
/* The reverse of the above */
|
||||
#define MPPE_CI_TO_OPTS(ci, opts) \
|
||||
do { \
|
||||
u_char *ptr = ci; /* u_char[4] */ \
|
||||
\
|
||||
opts = 0; \
|
||||
\
|
||||
/* H bit */ \
|
||||
if (!(ptr[0] & MPPE_H_BIT)) \
|
||||
opts |= MPPE_OPT_STATEFUL; \
|
||||
\
|
||||
/* S,L bits */ \
|
||||
if (ptr[3] & MPPE_S_BIT) \
|
||||
opts |= MPPE_OPT_128; \
|
||||
if (ptr[3] & MPPE_L_BIT) \
|
||||
opts |= MPPE_OPT_40; \
|
||||
\
|
||||
/* M,D,C bits */ \
|
||||
if (ptr[3] & MPPE_M_BIT) \
|
||||
opts |= MPPE_OPT_56; \
|
||||
if (ptr[3] & MPPE_D_BIT) \
|
||||
opts |= MPPE_OPT_D; \
|
||||
if (ptr[3] & MPPE_C_BIT) \
|
||||
opts |= MPPE_OPT_MPPC; \
|
||||
\
|
||||
/* Other bits */ \
|
||||
if (ptr[0] & ~MPPE_H_BIT) \
|
||||
opts |= MPPE_OPT_UNKNOWN; \
|
||||
if (ptr[1] || ptr[2]) \
|
||||
opts |= MPPE_OPT_UNKNOWN; \
|
||||
if (ptr[3] & ~MPPE_ALL_BITS) \
|
||||
opts |= MPPE_OPT_UNKNOWN; \
|
||||
} while (/* CONSTCOND */ 0)
|
@ -184,57 +184,61 @@ typedef void (*ppp_link_status_cb_fn)(ppp_pcb *pcb, int err_code, void *ctx);
|
||||
typedef struct ppp_settings_s {
|
||||
|
||||
#if PPP_SERVER && PPP_AUTH_SUPPORT
|
||||
unsigned int auth_required :1; /* Peer is required to authenticate */
|
||||
unsigned int null_login :1; /* Username of "" and a password of "" are acceptable */
|
||||
unsigned int auth_required :1; /* Peer is required to authenticate */
|
||||
unsigned int null_login :1; /* Username of "" and a password of "" are acceptable */
|
||||
#else
|
||||
unsigned int :2; /* 2 bits of padding */
|
||||
unsigned int :2; /* 2 bits of padding */
|
||||
#endif /* PPP_SERVER && PPP_AUTH_SUPPORT */
|
||||
#if PPP_REMOTENAME
|
||||
unsigned int explicit_remote :1; /* remote_name specified with remotename opt */
|
||||
unsigned int explicit_remote :1; /* remote_name specified with remotename opt */
|
||||
#else
|
||||
unsigned int :1; /* 1 bit of padding */
|
||||
unsigned int :1; /* 1 bit of padding */
|
||||
#endif /* PPP_REMOTENAME */
|
||||
#if PAP_SUPPORT
|
||||
unsigned int refuse_pap :1; /* Don't proceed auth. with PAP */
|
||||
unsigned int refuse_pap :1; /* Don't proceed auth. with PAP */
|
||||
#else
|
||||
unsigned int :1; /* 1 bit of padding */
|
||||
unsigned int :1; /* 1 bit of padding */
|
||||
#endif /* PAP_SUPPORT */
|
||||
#if CHAP_SUPPORT
|
||||
unsigned int refuse_chap :1; /* Don't proceed auth. with CHAP */
|
||||
unsigned int refuse_chap :1; /* Don't proceed auth. with CHAP */
|
||||
#else
|
||||
unsigned int :1; /* 1 bit of padding */
|
||||
unsigned int :1; /* 1 bit of padding */
|
||||
#endif /* CHAP_SUPPORT */
|
||||
#if MSCHAP_SUPPORT
|
||||
unsigned int refuse_mschap :1; /* Don't proceed auth. with MS-CHAP */
|
||||
unsigned int refuse_mschap_v2 :1; /* Don't proceed auth. with MS-CHAPv2 */
|
||||
unsigned int refuse_mschap :1; /* Don't proceed auth. with MS-CHAP */
|
||||
unsigned int refuse_mschap_v2 :1; /* Don't proceed auth. with MS-CHAPv2 */
|
||||
#else
|
||||
unsigned int :2; /* 2 bits of padding */
|
||||
unsigned int :2; /* 2 bits of padding */
|
||||
#endif /* MSCHAP_SUPPORT */
|
||||
#if EAP_SUPPORT
|
||||
unsigned int refuse_eap :1; /* Don't proceed auth. with EAP */
|
||||
unsigned int refuse_eap :1; /* Don't proceed auth. with EAP */
|
||||
#else
|
||||
unsigned int :1; /* 1 bit of padding */
|
||||
unsigned int :1; /* 1 bit of padding */
|
||||
#endif /* EAP_SUPPORT */
|
||||
#if LWIP_DNS
|
||||
unsigned int usepeerdns :1; /* Ask peer for DNS adds */
|
||||
unsigned int usepeerdns :1; /* Ask peer for DNS adds */
|
||||
#else
|
||||
unsigned int :1; /* 1 bit of padding */
|
||||
unsigned int :1; /* 1 bit of padding */
|
||||
#endif /* LWIP_DNS */
|
||||
unsigned int persist :1; /* Persist mode, always try to open the connection */
|
||||
unsigned int persist :1; /* Persist mode, always try to open the connection */
|
||||
#if PRINTPKT_SUPPORT
|
||||
unsigned int hide_password :1; /* Hide password in dumped packets */
|
||||
unsigned int hide_password :1; /* Hide password in dumped packets */
|
||||
#else
|
||||
unsigned int :1; /* 1 bit of padding */
|
||||
unsigned int :1; /* 1 bit of padding */
|
||||
#endif /* PRINTPKT_SUPPORT */
|
||||
unsigned int noremoteip :1; /* Let him have no IP address */
|
||||
unsigned int lax_recv :1; /* accept control chars in asyncmap */
|
||||
unsigned int noendpoint :1; /* don't send/accept endpoint discriminator */
|
||||
unsigned int noremoteip :1; /* Let him have no IP address */
|
||||
unsigned int lax_recv :1; /* accept control chars in asyncmap */
|
||||
unsigned int noendpoint :1; /* don't send/accept endpoint discriminator */
|
||||
#if PPP_LCP_ADAPTIVE
|
||||
unsigned int lcp_echo_adaptive :1; /* request echo only if the link was idle */
|
||||
unsigned int lcp_echo_adaptive :1; /* request echo only if the link was idle */
|
||||
#else
|
||||
unsigned int :1; /* 1 bit of padding */
|
||||
unsigned int :1; /* 1 bit of padding */
|
||||
#endif
|
||||
#ifdef MPPE
|
||||
unsigned int refuse_mppe_stateful :1; /* Allow MPPE stateful mode? */
|
||||
#else
|
||||
unsigned int :1; /* 1 bit of padding */
|
||||
#endif
|
||||
unsigned int :1; /* 1 bit of padding to round out to 16 bits */
|
||||
|
||||
u16_t listen_time; /* time to listen first (ms), waiting for peer to send LCP packet */
|
||||
|
||||
|
@ -954,7 +954,7 @@ void start_networks(ppp_pcb *pcb) {
|
||||
ecp_required = ecp_gotoptions[unit].required;
|
||||
#endif /* ECP_SUPPORT */
|
||||
#ifdef MPPE
|
||||
mppe_required = ccp_gotoptions[unit].mppe;
|
||||
mppe_required = pcb->ccp_gotoptions.mppe;
|
||||
#endif /* MPPE */
|
||||
|
||||
if (1
|
||||
|
@ -62,7 +62,6 @@ static int setbsdcomp (char **);
|
||||
static int setdeflate (char **);
|
||||
static char bsd_value[8];
|
||||
static char deflate_value[8];
|
||||
#endif /* PPP_OPTIONS */
|
||||
|
||||
/*
|
||||
* Option variables.
|
||||
@ -71,7 +70,6 @@ static char deflate_value[8];
|
||||
bool refuse_mppe_stateful = 1; /* Allow stateful mode? */
|
||||
#endif
|
||||
|
||||
#if PPP_OPTIONS
|
||||
static option_t ccp_option_list[] = {
|
||||
{ "noccp", o_bool, &ccp_protent.enabled_flag,
|
||||
"Disable CCP negotiation" },
|
||||
@ -896,7 +894,7 @@ static int ccp_nakci(fsm *f, u_char *p, int len, int treat_as_reject) {
|
||||
* Fail if we aren't willing to use his suggestion.
|
||||
*/
|
||||
MPPE_CI_TO_OPTS(&p[2], try_.mppe);
|
||||
if ((try_.mppe & MPPE_OPT_STATEFUL) && refuse_mppe_stateful) {
|
||||
if ((try_.mppe & MPPE_OPT_STATEFUL) && pcb->settings.refuse_mppe_stateful) {
|
||||
ppp_error("Refusing MPPE stateful mode offered by peer");
|
||||
try_.mppe = 0;
|
||||
} else if (((go->mppe | MPPE_OPT_STATEFUL) & try_.mppe) != try_.mppe) {
|
||||
@ -1049,7 +1047,7 @@ static int ccp_reqci(fsm *f, u_char *p, int *lenp, int dont_nak) {
|
||||
u_char *p0, *retp;
|
||||
int len, clen, type, nb;
|
||||
#ifdef MPPE
|
||||
bool rej_for_ci_mppe = 1; /* Are we rejecting based on a bad/missing */
|
||||
u8_t rej_for_ci_mppe = 1; /* Are we rejecting based on a bad/missing */
|
||||
/* CI_MPPE, or due to other options? */
|
||||
#endif
|
||||
|
||||
@ -1098,7 +1096,7 @@ static int ccp_reqci(fsm *f, u_char *p, int *lenp, int dont_nak) {
|
||||
* it if he can do it; stateful mode is bad over
|
||||
* the Internet -- which is where we expect MPPE.
|
||||
*/
|
||||
if (refuse_mppe_stateful) {
|
||||
if (pcb->settings.refuse_mppe_stateful) {
|
||||
ppp_error("Refusing MPPE stateful mode offered by peer");
|
||||
newret = CONFREJ;
|
||||
break;
|
||||
|
@ -857,6 +857,7 @@ void ChapMS2(u_char *rchallenge, u_char *PeerChallenge,
|
||||
#endif
|
||||
}
|
||||
|
||||
#if 0 /* UNUSED */
|
||||
#ifdef MPPE
|
||||
/*
|
||||
* Set MPPE options from plugins.
|
||||
@ -887,6 +888,7 @@ void set_mppe_enc_types(int policy, int types) {
|
||||
}
|
||||
}
|
||||
#endif /* MPPE */
|
||||
#endif /* UNUSED */
|
||||
|
||||
const struct chap_digest_type chapms_digest = {
|
||||
CHAP_MICROSOFT, /* code */
|
||||
|
@ -542,6 +542,10 @@ ppp_pcb *ppp_new(struct netif *pppif, ppp_link_status_cb_fn link_status_cb, void
|
||||
#endif /* PPP_SERVER */
|
||||
#endif /* EAP_SUPPORT */
|
||||
|
||||
#ifdef MPPE
|
||||
pcb->settings.refuse_mppe_stateful = 1;
|
||||
#endif /* MPPE */
|
||||
|
||||
pcb->settings.lcp_loopbackfail = LCP_DEFLOOPBACKFAIL;
|
||||
pcb->settings.lcp_echo_interval = LCP_ECHOINTERVAL;
|
||||
pcb->settings.lcp_echo_fails = LCP_MAXECHOFAILS;
|
||||
|
Loading…
Reference in New Issue
Block a user