From 795d5807b5f7a4031b5b54184d83d4d413e21d4d Mon Sep 17 00:00:00 2001 From: Sylvain Rochet Date: Mon, 21 May 2012 01:18:36 +0200 Subject: [PATCH] EAP support is now optional --- src/netif/ppp/auth.c | 60 ++++++++++++++++--- src/netif/ppp/eap.c | 10 +--- src/netif/ppp/eap.h | 4 ++ src/netif/ppp/lcp.c | 135 +++++++++++++++++++++++++++++++++++------- src/netif/ppp/lcp.h | 2 + src/netif/ppp/ppp.c | 4 ++ src/netif/ppp/pppmy.c | 6 +- src/netif/ppp/pppmy.h | 2 + 8 files changed, 185 insertions(+), 38 deletions(-) diff --git a/src/netif/ppp/auth.c b/src/netif/ppp/auth.c index 020d53ce..17756f11 100644 --- a/src/netif/ppp/auth.c +++ b/src/netif/ppp/auth.c @@ -109,7 +109,9 @@ #include "ipcp.h" #include "upap.h" #include "chap-new.h" +#if EAP_SUPPORT #include "eap.h" +#endif /* EAP_SUPPORT */ #include "pathnames.h" #include "session.h" @@ -329,7 +331,7 @@ option_t auth_options[] = { &lcp_allowoptions[0].chap_mdtype }, #endif #endif - +#if EAP_SUPPORT { "require-eap", o_bool, &lcp_wantoptions[0].neg_eap, "Require EAP authentication from peer", OPT_PRIOSUB | 1, &auth_required }, @@ -337,6 +339,7 @@ option_t auth_options[] = { { "refuse-eap", o_bool, &refuse_eap, "Don't agree to authenticate to peer with EAP", 1 }, #endif +#endif /* EAP_SUPPORT */ { "name", o_string, our_name, "Set local name for authentication", OPT_PRIO | OPT_PRIV | OPT_STATIC, NULL, MAXNAMELEN }, @@ -732,7 +735,11 @@ link_established(unit) if (!auth_required && noauth_addrs != NULL) set_allowed_addrs(unit, NULL, NULL); - if (auth_required && !(go->neg_upap || go->neg_chap || go->neg_eap)) { + if (auth_required && !(go->neg_upap || go->neg_chap +#if EAP_SUPPORT + || go->neg_eap +#endif /* EAP_SUPPORT */ + )) { /* * We wanted the peer to authenticate itself, and it refused: * if we have some address(es) it can use without auth, fine, @@ -752,20 +759,26 @@ link_established(unit) new_phase(PHASE_AUTHENTICATE); auth = 0; +#if EAP_SUPPORT if (go->neg_eap) { eap_authpeer(unit, our_name); auth |= EAP_PEER; - } else if (go->neg_chap) { + } else +#endif /* EAP_SUPPORT */ + if (go->neg_chap) { chap_auth_peer(unit, our_name, CHAP_DIGEST(go->chap_mdtype)); auth |= CHAP_PEER; } else if (go->neg_upap) { upap_authpeer(unit); auth |= PAP_PEER; } +#if EAP_SUPPORT if (ho->neg_eap) { eap_authwithpeer(unit, ppp_settings.user); auth |= EAP_WITHPEER; - } else if (ho->neg_chap) { + } else +#endif /* EAP_SUPPORT */ + if (ho->neg_chap) { chap_auth_with_peer(unit, ppp_settings.user, CHAP_DIGEST(ho->chap_mdtype)); auth |= CHAP_WITHPEER; } else if (ho->neg_upap) { @@ -795,7 +808,11 @@ network_phase(unit) /* * If the peer had to authenticate, run the auth-up script now. */ - if (go->neg_chap || go->neg_upap || go->neg_eap) { + if (go->neg_chap || go->neg_upap +#if EAP_SUPPORT + || go->neg_eap +#endif /* EAP_SUPPORT */ + ) { notify(auth_up_notifier, 0); } @@ -1179,17 +1196,25 @@ auth_check_options() /* If authentication is required, ask peer for CHAP, PAP, or EAP. */ if (auth_required) { allow_any_ip = 0; - if (!wo->neg_chap && !wo->neg_upap && !wo->neg_eap) { + if (!wo->neg_chap && !wo->neg_upap +#if EAP_SUPPORT + && !wo->neg_eap +#endif /* EAP_SUPPORT */ + ) { wo->neg_chap = chap_mdtype_all != MDTYPE_NONE; wo->chap_mdtype = chap_mdtype_all; wo->neg_upap = 1; +#if EAP_SUPPORT wo->neg_eap = 1; +#endif /* EAP_SUPPORT */ } } else { wo->neg_chap = 0; wo->chap_mdtype = MDTYPE_NONE; wo->neg_upap = 0; +#if EAP_SUPPORT wo->neg_eap = 0; +#endif /* EAP_SUPPORT */ } /* @@ -1199,11 +1224,19 @@ auth_check_options() */ lacks_ip = 0; can_auth = wo->neg_upap && (uselogin || have_pap_secret(&lacks_ip)); - if (!can_auth && (wo->neg_chap || wo->neg_eap)) { + if (!can_auth && (wo->neg_chap +#if EAP_SUPPORT + || wo->neg_eap +#endif /* EAP_SUPPORT */ + )) { can_auth = have_chap_secret((explicit_remote? remote_name: NULL), our_name, 1, &lacks_ip); } - if (!can_auth && wo->neg_eap) { + if (!can_auth +#if EAP_SUPPORT + && wo->neg_eap +#endif /* EAP_SUPPORT */ + ) { can_auth = have_srp_secret((explicit_remote? remote_name: NULL), our_name, 1, &lacks_ip); } @@ -1255,7 +1288,9 @@ auth_reset(unit) ao->neg_upap = !ppp_settings.refuse_pap; +#if EAP_SUPPORT ao->neg_eap = !ppp_settings.refuse_eap; +#endif /* EAP_SUPPORT */ if(!ppp_settings.refuse_chap) { ao->chap_mdtype = MDTYPE_MD5; @@ -1265,7 +1300,9 @@ auth_reset(unit) } else { ao->neg_upap = 0; ao->neg_chap = 0; +#if EAP_SUPPORT ao->neg_eap = 0; +#endif /* EAP_SUPPORT */ ao->chap_mdtype = MDTYPE_NONE; } @@ -1274,7 +1311,9 @@ auth_reset(unit) printf("neg_chap_md5: %d\n", !!(ao->chap_mdtype&MDTYPE_MD5) ); printf("neg_chap_ms: %d\n", !!(ao->chap_mdtype&MDTYPE_MICROSOFT) ); printf("neg_chap_ms2: %d\n", !!(ao->chap_mdtype&MDTYPE_MICROSOFT_V2) ); +#if EAP_SUPPORT printf("neg_eap: %d\n", ao->neg_eap); +#endif /* EAP_SUPPORT */ //ao->neg_upap = !ppp_settings.refuse_pap && (ppp_settings.passwd[0] != 0 || get_pap_passwd(NULL)); @@ -1292,10 +1331,12 @@ auth_reset(unit) go->neg_upap = 0; go->neg_chap = 0; +#if EAP_SUPPORT go->neg_eap = 0; +#endif /* EAP_SUPPORT */ go->chap_mdtype = MDTYPE_NONE; return; - +#if 0 /* FIXME: find what the below stuff do */ int hadchap; hadchap = -1; @@ -1317,6 +1358,7 @@ auth_reset(unit) !have_srp_secret((explicit_remote? remote_name: NULL), our_name, 1, NULL)) go->neg_eap = 0; +#endif } /* diff --git a/src/netif/ppp/eap.c b/src/netif/ppp/eap.c index c5f5844d..ecbcf046 100644 --- a/src/netif/ppp/eap.c +++ b/src/netif/ppp/eap.c @@ -44,12 +44,7 @@ */ #include "lwip/opt.h" - -#define RCSID "$Id: eap.c,v 1.4 2004/11/09 22:39:25 paulus Exp $" - -/* - * TODO: - */ +#if PPP_SUPPORT && EAP_SUPPORT /* don't build if not configured for use in lwipopts.h */ #include "pppd.h" #include "pathnames.h" @@ -67,8 +62,6 @@ #define SHA_DIGESTSIZE 20 #endif -static const char rcsid[] = RCSID; - eap_state eap_states[NUM_PPP]; /* EAP state; one for each unit */ #ifdef USE_SRP static char *pn_secret = NULL; /* Pseudonym generating secret */ @@ -2419,3 +2412,4 @@ void *arg; return (inp - pstart); } +#endif /* PPP_SUPPORT && EAP_SUPPORT */ diff --git a/src/netif/ppp/eap.h b/src/netif/ppp/eap.h index 199d1849..ea0147ec 100644 --- a/src/netif/ppp/eap.h +++ b/src/netif/ppp/eap.h @@ -20,6 +20,9 @@ * $Id: eap.h,v 1.2 2003/06/11 23:56:26 paulus Exp $ */ +#include "lwip/opt.h" +#if PPP_SUPPORT && EAP_SUPPORT /* don't build if not configured for use in lwipopts.h */ + #ifndef PPP_EAP_H #define PPP_EAP_H @@ -156,3 +159,4 @@ extern struct protent eap_protent; #endif /* PPP_EAP_H */ +#endif /* PPP_SUPPORT && EAP_SUPPORT */ diff --git a/src/netif/ppp/lcp.c b/src/netif/ppp/lcp.c index 89250e01..7fff01a5 100644 --- a/src/netif/ppp/lcp.c +++ b/src/netif/ppp/lcp.c @@ -371,7 +371,9 @@ lcp_init(unit) ao->neg_chap = 1; ao->chap_mdtype = chap_mdtype_all; ao->neg_upap = 1; +#if EAP_SUPPORT ao->neg_eap = 1; +#endif /* EAP_SUPPORT */ ao->neg_magicnumber = 1; ao->neg_pcompression = 1; ao->neg_accompression = 1; @@ -696,9 +698,19 @@ lcp_cilen(f) */ return (LENCISHORT(go->neg_mru && go->mru != DEFMRU) + LENCILONG(go->neg_asyncmap && go->asyncmap != 0xFFFFFFFF) + +#if EAP_SUPPORT LENCISHORT(go->neg_eap) + - LENCICHAP(!go->neg_eap && go->neg_chap) + - LENCISHORT(!go->neg_eap && !go->neg_chap && go->neg_upap) + +#endif /* EAP_SUPPORT */ + LENCICHAP( +#if EAP_SUPPORT + !go->neg_eap && +#endif /* EAP_SUPPORT */ + go->neg_chap) + + LENCISHORT( +#if EAP_SUPPORT + !go->neg_eap && +#endif /* EAP_SUPPORT */ + !go->neg_chap && go->neg_upap) + LENCILQR(go->neg_lqr) + LENCICBCP(go->neg_cbcp) + LENCILONG(go->neg_magicnumber) + @@ -772,10 +784,19 @@ lcp_addci(f, ucp, lenp) ADDCISHORT(CI_MRU, go->neg_mru && go->mru != DEFMRU, go->mru); ADDCILONG(CI_ASYNCMAP, go->neg_asyncmap && go->asyncmap != 0xFFFFFFFF, go->asyncmap); +#if EAP_SUPPORT ADDCISHORT(CI_AUTHTYPE, go->neg_eap, PPP_EAP); - ADDCICHAP(CI_AUTHTYPE, !go->neg_eap && go->neg_chap, go->chap_mdtype); - ADDCISHORT(CI_AUTHTYPE, !go->neg_eap && !go->neg_chap && go->neg_upap, - PPP_PAP); +#endif /* EAP_SUPPORT */ + ADDCICHAP(CI_AUTHTYPE, +#if EAP_SUPPORT + !go->neg_eap && +#endif /* EAP_SUPPORT */ + go->neg_chap, go->chap_mdtype); + ADDCISHORT(CI_AUTHTYPE, +#if EAP_SUPPORT + !go->neg_eap && +#endif /* EAP_SUPPORT */ + !go->neg_chap && go->neg_upap, PPP_PAP); ADDCILQR(CI_QUALITY, go->neg_lqr, go->lqr_period); ADDCICHAR(CI_CALLBACK, go->neg_cbcp, CBCP_OPT); ADDCILONG(CI_MAGICNUMBER, go->neg_magicnumber, go->magicnumber); @@ -921,10 +942,19 @@ lcp_ackci(f, p, len) ACKCISHORT(CI_MRU, go->neg_mru && go->mru != DEFMRU, go->mru); ACKCILONG(CI_ASYNCMAP, go->neg_asyncmap && go->asyncmap != 0xFFFFFFFF, go->asyncmap); +#if EAP_SUPPORT ACKCISHORT(CI_AUTHTYPE, go->neg_eap, PPP_EAP); - ACKCICHAP(CI_AUTHTYPE, !go->neg_eap && go->neg_chap, go->chap_mdtype); - ACKCISHORT(CI_AUTHTYPE, !go->neg_eap && !go->neg_chap && go->neg_upap, - PPP_PAP); +#endif /* EAP_SUPPORT */ + ACKCICHAP(CI_AUTHTYPE, +#if EAP_SUPPORT + !go->neg_eap && +#endif /* EAP_SUPPORT */ + go->neg_chap, go->chap_mdtype); + ACKCISHORT(CI_AUTHTYPE, +#if EAP_SUPPORT + !go->neg_eap && +#endif /* EAP_SUPPORT */ + !go->neg_chap && go->neg_upap, PPP_PAP); ACKCILQR(CI_QUALITY, go->neg_lqr, go->lqr_period); ACKCICHAR(CI_CALLBACK, go->neg_cbcp, CBCP_OPT); ACKCILONG(CI_MAGICNUMBER, go->neg_magicnumber, go->magicnumber); @@ -1092,23 +1122,32 @@ lcp_nakci(f, p, len, treat_as_reject) * they are proposing a different protocol, or a different * hash algorithm for CHAP. */ - if ((go->neg_chap || go->neg_upap || go->neg_eap) + if ((go->neg_chap || go->neg_upap +#if EAP_SUPPORT + || go->neg_eap +#endif /* EAP_SUPPORT */ + ) && len >= CILEN_SHORT && p[0] == CI_AUTHTYPE && p[1] >= CILEN_SHORT && p[1] <= len) { cilen = p[1]; len -= cilen; no.neg_chap = go->neg_chap; no.neg_upap = go->neg_upap; +#if EAP_SUPPORT no.neg_eap = go->neg_eap; +#endif /* EAP_SUPPORT */ INCPTR(2, p); GETSHORT(cishort, p); if (cishort == PPP_PAP && cilen == CILEN_SHORT) { +#if EAP_SUPPORT /* If we were asking for EAP, then we need to stop that. */ if (go->neg_eap) try.neg_eap = 0; + else +#endif /* EAP_SUPPORT */ /* If we were asking for CHAP, then we need to stop that. */ - else if (go->neg_chap) + if (go->neg_chap) try.neg_chap = 0; /* * If we weren't asking for CHAP or EAP, then we were asking for @@ -1119,13 +1158,16 @@ lcp_nakci(f, p, len, treat_as_reject) } else if (cishort == PPP_CHAP && cilen == CILEN_CHAP) { GETCHAR(cichar, p); +#if EAP_SUPPORT /* Stop asking for EAP, if we were. */ if (go->neg_eap) { try.neg_eap = 0; /* Try to set up to use their suggestion, if possible */ if (CHAP_CANDIGEST(go->chap_mdtype, cichar)) try.chap_mdtype = CHAP_MDTYPE_D(cichar); - } else if (go->neg_chap) { + } else +#endif /* EAP_SUPPORT */ + if (go->neg_chap) { /* * We were asking for our preferred algorithm, they must * want something different. @@ -1156,6 +1198,7 @@ lcp_nakci(f, p, len, treat_as_reject) } else { +#if EAP_SUPPORT /* * If we were asking for EAP, and they're Conf-Naking EAP, * well, that's just strange. Nobody should do that. @@ -1169,7 +1212,9 @@ lcp_nakci(f, p, len, treat_as_reject) */ if (go->neg_eap) try.neg_eap = 0; - else if (go->neg_chap) + else +#endif /* EAP_SUPPORT */ + if (go->neg_chap) try.neg_chap = 0; else try.neg_upap = 0; @@ -1277,8 +1322,11 @@ lcp_nakci(f, p, len, treat_as_reject) goto bad; break; case CI_AUTHTYPE: - if (go->neg_chap || no.neg_chap || go->neg_upap || no.neg_upap || - go->neg_eap || no.neg_eap) + if (go->neg_chap || no.neg_chap || go->neg_upap || no.neg_upap +#if EAP_SUPPORT + || go->neg_eap || no.neg_eap +#endif /* EAP_SUPPORT */ + ) goto bad; break; case CI_MAGICNUMBER: @@ -1391,6 +1439,7 @@ lcp_rejci(f, p, len) goto bad; \ try.neg = 0; \ } +#if EAP_SUPPORT #define REJCICHAP(opt, neg, val) \ if (go->neg && \ len >= CILEN_CHAP && \ @@ -1406,6 +1455,24 @@ lcp_rejci(f, p, len) try.neg = 0; \ try.neg_eap = try.neg_upap = 0; \ } +#endif /* EAP_SUPPORT */ +#if !EAP_SUPPORT +#define REJCICHAP(opt, neg, val) \ + if (go->neg && \ + len >= CILEN_CHAP && \ + p[1] == CILEN_CHAP && \ + p[0] == opt) { \ + len -= CILEN_CHAP; \ + INCPTR(2, p); \ + GETSHORT(cishort, p); \ + GETCHAR(cichar, p); \ + /* Check rejected value. */ \ + if ((cishort != PPP_CHAP) || (cichar != (CHAP_DIGEST(val)))) \ + goto bad; \ + try.neg = 0; \ + try.neg_upap = 0; \ + } +#endif /* !EAP_SUPPORT */ #define REJCILONG(opt, neg, val) \ if (go->neg && \ len >= CILEN_LONG && \ @@ -1467,13 +1534,17 @@ lcp_rejci(f, p, len) REJCISHORT(CI_MRU, neg_mru, go->mru); REJCILONG(CI_ASYNCMAP, neg_asyncmap, go->asyncmap); +#if EAP_SUPPORT REJCISHORT(CI_AUTHTYPE, neg_eap, PPP_EAP); if (!go->neg_eap) { +#endif /* EAP_SUPPORT */ REJCICHAP(CI_AUTHTYPE, neg_chap, go->chap_mdtype); if (!go->neg_chap) { REJCISHORT(CI_AUTHTYPE, neg_upap, PPP_PAP); } +#if EAP_SUPPORT } +#endif /* EAP_SUPPORT */ REJCILQR(CI_QUALITY, neg_lqr, go->lqr_period); REJCICBCP(CI_CALLBACK, neg_cbcp, CBCP_OPT); REJCILONG(CI_MAGICNUMBER, neg_magicnumber, go->magicnumber); @@ -1609,7 +1680,11 @@ lcp_reqci(f, inp, lenp, reject_if_disagree) case CI_AUTHTYPE: if (cilen < CILEN_SHORT || - !(ao->neg_upap || ao->neg_chap || ao->neg_eap)) { + !(ao->neg_upap || ao->neg_chap +#if EAP_SUPPORT + || ao->neg_eap +#endif /* EAP_SUPPORT */ + )) { /* * Reject the option if we're not willing to authenticate. */ @@ -1632,8 +1707,11 @@ lcp_reqci(f, inp, lenp, reject_if_disagree) if (cishort == PPP_PAP) { /* we've already accepted CHAP or EAP */ - if (ho->neg_chap || ho->neg_eap || - cilen != CILEN_SHORT) { + if (ho->neg_chap +#if EAP_SUPPORT + || ho->neg_eap +#endif /* EAP_SUPPORT */ + || cilen != CILEN_SHORT) { LCPDEBUG(("lcp_reqci: rcvd AUTHTYPE PAP, rejecting...")); orc = CONFREJ; break; @@ -1641,14 +1719,18 @@ lcp_reqci(f, inp, lenp, reject_if_disagree) if (!ao->neg_upap) { /* we don't want to do PAP */ orc = CONFNAK; /* NAK it and suggest CHAP or EAP */ PUTCHAR(CI_AUTHTYPE, nakp); +#if EAP_SUPPORT if (ao->neg_eap) { PUTCHAR(CILEN_SHORT, nakp); PUTSHORT(PPP_EAP, nakp); } else { +#endif /* EAP_SUPPORT */ PUTCHAR(CILEN_CHAP, nakp); PUTSHORT(PPP_CHAP, nakp); PUTCHAR(CHAP_DIGEST(ao->chap_mdtype), nakp); +#if EAP_SUPPORT } +#endif /* EAP_SUPPORT */ break; } ho->neg_upap = 1; @@ -1656,8 +1738,11 @@ lcp_reqci(f, inp, lenp, reject_if_disagree) } if (cishort == PPP_CHAP) { /* we've already accepted PAP or EAP */ - if (ho->neg_upap || ho->neg_eap || - cilen != CILEN_CHAP) { + if (ho->neg_upap +#if EAP_SUPPORT + || ho->neg_eap +#endif /* EAP_SUPPORT */ + || cilen != CILEN_CHAP) { LCPDEBUG(("lcp_reqci: rcvd AUTHTYPE CHAP, rejecting...")); orc = CONFREJ; break; @@ -1666,11 +1751,15 @@ lcp_reqci(f, inp, lenp, reject_if_disagree) orc = CONFNAK; /* NAK it and suggest EAP or PAP */ PUTCHAR(CI_AUTHTYPE, nakp); PUTCHAR(CILEN_SHORT, nakp); +#if EAP_SUPPORT if (ao->neg_eap) { PUTSHORT(PPP_EAP, nakp); } else { +#endif /* EAP_SUPPORT */ PUTSHORT(PPP_PAP, nakp); +#if EAP_SUPPORT } +#endif /* EAP_SUPPORT */ break; } GETCHAR(cichar, p); /* get digest type */ @@ -1690,6 +1779,7 @@ lcp_reqci(f, inp, lenp, reject_if_disagree) ho->neg_chap = 1; break; } +#if EAP_SUPPORT if (cishort == PPP_EAP) { /* we've already accepted CHAP or PAP */ if (ho->neg_chap || ho->neg_upap || cilen != CILEN_SHORT) { @@ -1713,6 +1803,7 @@ lcp_reqci(f, inp, lenp, reject_if_disagree) ho->neg_eap = 1; break; } +#endif /* EAP_SUPPORT */ /* * We don't recognize the protocol they're asking for. @@ -1722,10 +1813,14 @@ lcp_reqci(f, inp, lenp, reject_if_disagree) */ orc = CONFNAK; PUTCHAR(CI_AUTHTYPE, nakp); + +#if EAP_SUPPORT if (ao->neg_eap) { PUTCHAR(CILEN_SHORT, nakp); PUTSHORT(PPP_EAP, nakp); - } else if (ao->neg_chap) { + } else +#endif /* EAP_SUPPORT */ + if (ao->neg_chap) { PUTCHAR(CILEN_CHAP, nakp); PUTSHORT(PPP_CHAP, nakp); PUTCHAR(CHAP_DIGEST(ao->chap_mdtype), nakp); diff --git a/src/netif/ppp/lcp.h b/src/netif/ppp/lcp.h index d5f8aee0..b440da97 100644 --- a/src/netif/ppp/lcp.h +++ b/src/netif/ppp/lcp.h @@ -93,7 +93,9 @@ typedef struct lcp_options { bool neg_asyncmap; /* Negotiate the async map? */ bool neg_upap; /* Ask for UPAP authentication? */ bool neg_chap; /* Ask for CHAP authentication? */ +#if EAP_SUPPORT bool neg_eap; /* Ask for EAP authentication? */ +#endif /* EAP_SUPPORT */ bool neg_magicnumber; /* Ask for magic number? */ bool neg_pcompression; /* HDLC Protocol Field Compression? */ bool neg_accompression; /* HDLC Address/Control Field Compression? */ diff --git a/src/netif/ppp/ppp.c b/src/netif/ppp/ppp.c index 826771e0..8364f02f 100644 --- a/src/netif/ppp/ppp.c +++ b/src/netif/ppp/ppp.c @@ -104,7 +104,9 @@ #endif #include "upap.h" #include "chap-new.h" +#if EAP_SUPPORT #include "eap.h" +#endif /* EAP_SUPPORT */ #include "pathnames.h" #ifdef AT_CHANGE @@ -266,7 +268,9 @@ struct protent *protocols[] = { #ifdef AT_CHANGE &atcp_protent, #endif +#if EAP_SUPPORT &eap_protent, +#endif /* EAP_SUPPORT */ NULL }; diff --git a/src/netif/ppp/pppmy.c b/src/netif/ppp/pppmy.c index 30a49fe3..06009361 100644 --- a/src/netif/ppp/pppmy.c +++ b/src/netif/ppp/pppmy.c @@ -437,7 +437,11 @@ pppSetAuth(enum pppAuthType authType, const char *user, const char *passwd) { ppp_settings.refuse_pap = 1; ppp_settings.refuse_chap = 0; - ppp_settings.refuse_eap = 1; +#if EAP_SUPPORT + ppp_settings.refuse_pap = 1; + ppp_settings.refuse_chap = 1; + ppp_settings.refuse_eap = 0; +#endif /* EAP_SUPPORT */ /* FIXME: re-enable that */ #if 0 diff --git a/src/netif/ppp/pppmy.h b/src/netif/ppp/pppmy.h index 4084414b..a7eb11b4 100644 --- a/src/netif/ppp/pppmy.h +++ b/src/netif/ppp/pppmy.h @@ -46,7 +46,9 @@ struct ppp_settings { u_int explicit_remote : 1; /* remote_name specified with remotename opt */ u_int refuse_pap : 1; /* Don't wanna auth. ourselves with PAP */ u_int refuse_chap : 1; /* Don't wanna auth. ourselves with CHAP */ +#if EAP_SUPPORT u_int refuse_eap : 1; /* Don't wanna auth. ourselves with EAP */ +#endif /* EAP_SUPPORT */ u_int usehostname : 1; /* Use hostname for our_name */ u_int usepeerdns : 1; /* Ask peer for DNS adds */