PPP, SERVER: added CHAP authentication support

2025-03-12 22:14:25 +00:00 · 2015-02-28 17:40:07 +01:00 · 2015-02-28 17:40:07 +01:00 · 5ae7ee5276
commit 5ae7ee5276
parent 65493b421a
3 changed files with 14 additions and 12 deletions
--- a/src/include/lwip/opt.h
+++ b/src/include/lwip/opt.h
@ -2182,8 +2182,8 @@
 #endif

 #if PPP_SERVER
-#ifndef CHAP_DEFREQTIME
-#define CHAP_DEFREQTIME                 30      /* Time to wait for auth-req from peer */
+#ifndef CHAP_DEFRECHALLENGETIME
+#define CHAP_DEFRECHALLENGETIME         0       /* If this option is > 0, rechallenge the peer every n seconds */
 #endif
 #endif /* PPP_SERVER */

--- a/src/netif/ppp/chap-new.c
+++ b/src/netif/ppp/chap-new.c
@ -48,11 +48,13 @@
 #include "netif/ppp/chap_ms.h"
 #endif

+#if 0 /* UNUSED */
 /* Hook for a plugin to validate CHAP challenge */
 int (*chap_verify_hook)(const char *name, const char *ourname, int id,
 			const struct chap_digest_type *digest,
 			const unsigned char *challenge, const unsigned char *response,
 			char *message, int message_space) = NULL;
+#endif /* UNUSED */

 #if PPP_OPTIONS
 /*
@ -89,7 +91,7 @@ static void chap_timeout(void *arg);
 static void chap_generate_challenge(ppp_pcb *pcb);
 static void chap_handle_response(ppp_pcb *pcb, int code,
 		unsigned char *pkt, int len);
-static int chap_verify_response(const char *name, const char *ourname, int id,
+static int chap_verify_response(ppp_pcb *pcb, const char *name, const char *ourname, int id,
 		const struct chap_digest_type *digest,
 		const unsigned char *challenge, const unsigned char *response,
 		char *message, int message_space);
@ -280,8 +282,10 @@ static void  chap_handle_response(ppp_pcb *pcb, int id,
 	unsigned char *outp;
 	struct pbuf *p;
 	const char *name = NULL;	/* initialized to shut gcc up */
+#if 0 /* UNUSED */
 	int (*verifier)(const char *, const char *, int, const struct chap_digest_type *,
 		const unsigned char *, const unsigned char *, char *, int);
+#endif /* UNUSED */
 	char rname[MAXNAMELEN+1];

 	if ((pcb->chap_server.flags & LOWERUP) == 0)
@ -311,6 +315,7 @@ static void  chap_handle_response(ppp_pcb *pcb, int id,
 			name = rname;
 		}

+#if 0 /* UNUSED */
 		if (chap_verify_hook)
 			verifier = chap_verify_hook;
 		else
@ -318,6 +323,10 @@ static void  chap_handle_response(ppp_pcb *pcb, int id,
 		ok = (*verifier)(name, pcb->chap_server.name, id, pcb->chap_server.digest,
 				 pcb->chap_server.challenge + PPP_HDRLEN + CHAP_HDRLEN,
 				 response, pcb->chap_server.message, sizeof(pcb->chap_server.message));
+#endif /* UNUSED */
+		ok = chap_verify_response(pcb, name, pcb->chap_server.name, id, pcb->chap_server.digest,
+                    pcb->chap_server.challenge + PPP_HDRLEN + CHAP_HDRLEN,
+                    response, pcb->chap_server.message, sizeof(pcb->chap_server.message));
 #if 0 /* UNUSED */
 		if (!ok || !auth_number()) {
 #endif /* UNUSED */
@ -394,7 +403,7 @@ static void  chap_handle_response(ppp_pcb *pcb, int id,
 * what we think it should be.  Returns 1 if it does (authentication
 * succeeded), or 0 if it doesn't.
 */
-static int chap_verify_response(const char *name, const char *ourname, int id,
+static int chap_verify_response(ppp_pcb *pcb, const char *name, const char *ourname, int id,
 		     const struct chap_digest_type *digest,
 		     const unsigned char *challenge, const unsigned char *response,
 		     char *message, int message_space) {
@ -402,18 +411,11 @@ static int chap_verify_response(const char *name, const char *ourname, int id,
 	unsigned char secret[MAXSECRETLEN];
 	int secret_len;

-/* FIXME: we need a way to check peer secret */
-#if 0
 	/* Get the secret that the peer is supposed to know */
 	if (!get_secret(pcb, name, ourname, (char *)secret, &secret_len, 1)) {
 		ppp_error("No CHAP secret found for authenticating %q", name);
 		return 0;
 	}
-#else
-	/* only here to clean compiler warnings */
-	LWIP_UNUSED_ARG(ourname);
-	secret_len = 0;
-#endif /* 0 */
 	ok = digest->verify_response(id, name, secret, secret_len, challenge,
 				     response, message, message_space);
 	memset(secret, 0, sizeof(secret));
--- a/src/netif/ppp/ppp.c
+++ b/src/netif/ppp/ppp.c
@ -500,7 +500,7 @@ ppp_pcb *ppp_new(struct netif *pppif, ppp_link_status_cb_fn link_status_cb, void
  pcb->settings.chap_timeout_time = CHAP_DEFTIMEOUT;
  pcb->settings.chap_max_transmits = CHAP_DEFTRANSMITS;
 #if PPP_SERVER
-  pcb->settings.chap_rechallenge_time = CHAP_DEFREQTIME;
+  pcb->settings.chap_rechallenge_time = CHAP_DEFRECHALLENGETIME;
 #endif /* PPP_SERVER */
 #endif /* CHAP_SUPPPORT */