mirror of
https://github.com/lwip-tcpip/lwip.git
synced 2024-08-24 23:25:58 +00:00
PPP, SERVER: added CHAP authentication support
This commit is contained in:
Sylvain Rochet
parent
65493b421a
commit
5ae7ee5276
@ -2182,8 +2182,8 @@
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if PPP_SERVER
|
#if PPP_SERVER
|
||||||
#ifndef CHAP_DEFREQTIME
|
#ifndef CHAP_DEFRECHALLENGETIME
|
||||||
#define CHAP_DEFREQTIME 30 /* Time to wait for auth-req from peer */
|
#define CHAP_DEFRECHALLENGETIME 0 /* If this option is > 0, rechallenge the peer every n seconds */
|
||||||
#endif
|
#endif
|
||||||
#endif /* PPP_SERVER */
|
#endif /* PPP_SERVER */
|
||||||
|
|
||||||
|
|||||||
@ -48,11 +48,13 @@
|
|||||||
#include "netif/ppp/chap_ms.h"
|
#include "netif/ppp/chap_ms.h"
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#if 0 /* UNUSED */
|
||||||
/* Hook for a plugin to validate CHAP challenge */
|
/* Hook for a plugin to validate CHAP challenge */
|
||||||
int (*chap_verify_hook)(const char *name, const char *ourname, int id,
|
int (*chap_verify_hook)(const char *name, const char *ourname, int id,
|
||||||
const struct chap_digest_type *digest,
|
const struct chap_digest_type *digest,
|
||||||
const unsigned char *challenge, const unsigned char *response,
|
const unsigned char *challenge, const unsigned char *response,
|
||||||
char *message, int message_space) = NULL;
|
char *message, int message_space) = NULL;
|
||||||
|
#endif /* UNUSED */
|
||||||
|
|
||||||
#if PPP_OPTIONS
|
#if PPP_OPTIONS
|
||||||
/*
|
/*
|
||||||
@ -89,7 +91,7 @@ static void chap_timeout(void *arg);
|
|||||||
static void chap_generate_challenge(ppp_pcb *pcb);
|
static void chap_generate_challenge(ppp_pcb *pcb);
|
||||||
static void chap_handle_response(ppp_pcb *pcb, int code,
|
static void chap_handle_response(ppp_pcb *pcb, int code,
|
||||||
unsigned char *pkt, int len);
|
unsigned char *pkt, int len);
|
||||||
static int chap_verify_response(const char *name, const char *ourname, int id,
|
static int chap_verify_response(ppp_pcb *pcb, const char *name, const char *ourname, int id,
|
||||||
const struct chap_digest_type *digest,
|
const struct chap_digest_type *digest,
|
||||||
const unsigned char *challenge, const unsigned char *response,
|
const unsigned char *challenge, const unsigned char *response,
|
||||||
char *message, int message_space);
|
char *message, int message_space);
|
||||||
@ -280,8 +282,10 @@ static void chap_handle_response(ppp_pcb *pcb, int id,
|
|||||||
unsigned char *outp;
|
unsigned char *outp;
|
||||||
struct pbuf *p;
|
struct pbuf *p;
|
||||||
const char *name = NULL; /* initialized to shut gcc up */
|
const char *name = NULL; /* initialized to shut gcc up */
|
||||||
|
#if 0 /* UNUSED */
|
||||||
int (*verifier)(const char *, const char *, int, const struct chap_digest_type *,
|
int (*verifier)(const char *, const char *, int, const struct chap_digest_type *,
|
||||||
const unsigned char *, const unsigned char *, char *, int);
|
const unsigned char *, const unsigned char *, char *, int);
|
||||||
|
#endif /* UNUSED */
|
||||||
char rname[MAXNAMELEN+1];
|
char rname[MAXNAMELEN+1];
|
||||||
|
|
||||||
if ((pcb->chap_server.flags & LOWERUP) == 0)
|
if ((pcb->chap_server.flags & LOWERUP) == 0)
|
||||||
@ -311,6 +315,7 @@ static void chap_handle_response(ppp_pcb *pcb, int id,
|
|||||||
name = rname;
|
name = rname;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if 0 /* UNUSED */
|
||||||
if (chap_verify_hook)
|
if (chap_verify_hook)
|
||||||
verifier = chap_verify_hook;
|
verifier = chap_verify_hook;
|
||||||
else
|
else
|
||||||
@ -318,6 +323,10 @@ static void chap_handle_response(ppp_pcb *pcb, int id,
|
|||||||
ok = (*verifier)(name, pcb->chap_server.name, id, pcb->chap_server.digest,
|
ok = (*verifier)(name, pcb->chap_server.name, id, pcb->chap_server.digest,
|
||||||
pcb->chap_server.challenge + PPP_HDRLEN + CHAP_HDRLEN,
|
pcb->chap_server.challenge + PPP_HDRLEN + CHAP_HDRLEN,
|
||||||
response, pcb->chap_server.message, sizeof(pcb->chap_server.message));
|
response, pcb->chap_server.message, sizeof(pcb->chap_server.message));
|
||||||
|
#endif /* UNUSED */
|
||||||
|
ok = chap_verify_response(pcb, name, pcb->chap_server.name, id, pcb->chap_server.digest,
|
||||||
|
pcb->chap_server.challenge + PPP_HDRLEN + CHAP_HDRLEN,
|
||||||
|
response, pcb->chap_server.message, sizeof(pcb->chap_server.message));
|
||||||
#if 0 /* UNUSED */
|
#if 0 /* UNUSED */
|
||||||
if (!ok || !auth_number()) {
|
if (!ok || !auth_number()) {
|
||||||
#endif /* UNUSED */
|
#endif /* UNUSED */
|
||||||
@ -394,7 +403,7 @@ static void chap_handle_response(ppp_pcb *pcb, int id,
|
|||||||
* what we think it should be. Returns 1 if it does (authentication
|
* what we think it should be. Returns 1 if it does (authentication
|
||||||
* succeeded), or 0 if it doesn't.
|
* succeeded), or 0 if it doesn't.
|
||||||
*/
|
*/
|
||||||
static int chap_verify_response(const char *name, const char *ourname, int id,
|
static int chap_verify_response(ppp_pcb *pcb, const char *name, const char *ourname, int id,
|
||||||
const struct chap_digest_type *digest,
|
const struct chap_digest_type *digest,
|
||||||
const unsigned char *challenge, const unsigned char *response,
|
const unsigned char *challenge, const unsigned char *response,
|
||||||
char *message, int message_space) {
|
char *message, int message_space) {
|
||||||
@ -402,18 +411,11 @@ static int chap_verify_response(const char *name, const char *ourname, int id,
|
|||||||
unsigned char secret[MAXSECRETLEN];
|
unsigned char secret[MAXSECRETLEN];
|
||||||
int secret_len;
|
int secret_len;
|
||||||
|
|
||||||
/* FIXME: we need a way to check peer secret */
|
|
||||||
#if 0
|
|
||||||
/* Get the secret that the peer is supposed to know */
|
/* Get the secret that the peer is supposed to know */
|
||||||
if (!get_secret(pcb, name, ourname, (char *)secret, &secret_len, 1)) {
|
if (!get_secret(pcb, name, ourname, (char *)secret, &secret_len, 1)) {
|
||||||
ppp_error("No CHAP secret found for authenticating %q", name);
|
ppp_error("No CHAP secret found for authenticating %q", name);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
#else
|
|
||||||
/* only here to clean compiler warnings */
|
|
||||||
LWIP_UNUSED_ARG(ourname);
|
|
||||||
secret_len = 0;
|
|
||||||
#endif /* 0 */
|
|
||||||
ok = digest->verify_response(id, name, secret, secret_len, challenge,
|
ok = digest->verify_response(id, name, secret, secret_len, challenge,
|
||||||
response, message, message_space);
|
response, message, message_space);
|
||||||
memset(secret, 0, sizeof(secret));
|
memset(secret, 0, sizeof(secret));
|
||||||
|
|||||||
@ -500,7 +500,7 @@ ppp_pcb *ppp_new(struct netif *pppif, ppp_link_status_cb_fn link_status_cb, void
|
|||||||
pcb->settings.chap_timeout_time = CHAP_DEFTIMEOUT;
|
pcb->settings.chap_timeout_time = CHAP_DEFTIMEOUT;
|
||||||
pcb->settings.chap_max_transmits = CHAP_DEFTRANSMITS;
|
pcb->settings.chap_max_transmits = CHAP_DEFTRANSMITS;
|
||||||
#if PPP_SERVER
|
#if PPP_SERVER
|
||||||
pcb->settings.chap_rechallenge_time = CHAP_DEFREQTIME;
|
pcb->settings.chap_rechallenge_time = CHAP_DEFRECHALLENGETIME;
|
||||||
#endif /* PPP_SERVER */
|
#endif /* PPP_SERVER */
|
||||||
#endif /* CHAP_SUPPPORT */
|
#endif /* CHAP_SUPPPORT */
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user