mirror/lwip
1
0
Fork 0
mirror of https://github.com/lwip-tcpip/lwip.git synced 2025-03-29 22:20:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

EAP support is now optional

Browse Source
This commit is contained in:
Sylvain Rochet 2012-05-21 01:18:36 +02:00
parent 7d43f4a1f4
commit 795d5807b5
8 changed files with 185 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
src/netif/ppp/auth.c
View File

@ -109,7 +109,9 @@
#include "ipcp.h" #include "ipcp.h"
#include "upap.h" #include "upap.h"
#include "chap-new.h" #include "chap-new.h"
#if EAP_SUPPORT
#include "eap.h" #include "eap.h"
#endif /* EAP_SUPPORT */
#include "pathnames.h" #include "pathnames.h"
#include "session.h" #include "session.h"
@ -329,7 +331,7 @@ option_t auth_options[] = {
&lcp_allowoptions[0].chap_mdtype }, &lcp_allowoptions[0].chap_mdtype },
#endif #endif
#endif #endif
#if EAP_SUPPORT
{ "require-eap", o_bool, &lcp_wantoptions[0].neg_eap, { "require-eap", o_bool, &lcp_wantoptions[0].neg_eap,
"Require EAP authentication from peer", OPT_PRIOSUB | 1, "Require EAP authentication from peer", OPT_PRIOSUB | 1,
&auth_required }, &auth_required },
@ -337,6 +339,7 @@ option_t auth_options[] = {
{ "refuse-eap", o_bool, &refuse_eap, { "refuse-eap", o_bool, &refuse_eap,
"Don't agree to authenticate to peer with EAP", 1 }, "Don't agree to authenticate to peer with EAP", 1 },
#endif #endif
#endif /* EAP_SUPPORT */
{ "name", o_string, our_name, { "name", o_string, our_name,
"Set local name for authentication", "Set local name for authentication",
OPT_PRIO | OPT_PRIV | OPT_STATIC, NULL, MAXNAMELEN }, OPT_PRIO | OPT_PRIV | OPT_STATIC, NULL, MAXNAMELEN },
@ -732,7 +735,11 @@ link_established(unit)
if (!auth_required && noauth_addrs != NULL) if (!auth_required && noauth_addrs != NULL)
set_allowed_addrs(unit, NULL, NULL); set_allowed_addrs(unit, NULL, NULL);
if (auth_required && !(go->neg_upap || go->neg_chap || go->neg_eap)) { if (auth_required && !(go->neg_upap || go->neg_chap
#if EAP_SUPPORT
|| go->neg_eap
#endif /* EAP_SUPPORT */
)) {
/* /*
* We wanted the peer to authenticate itself, and it refused: * We wanted the peer to authenticate itself, and it refused:
* if we have some address(es) it can use without auth, fine, * if we have some address(es) it can use without auth, fine,
@ -752,20 +759,26 @@ link_established(unit)
new_phase(PHASE_AUTHENTICATE); new_phase(PHASE_AUTHENTICATE);
auth = 0; auth = 0;
#if EAP_SUPPORT
if (go->neg_eap) { if (go->neg_eap) {
eap_authpeer(unit, our_name); eap_authpeer(unit, our_name);
auth |= EAP_PEER; auth |= EAP_PEER;
} else if (go->neg_chap) { } else
#endif /* EAP_SUPPORT */
if (go->neg_chap) {
chap_auth_peer(unit, our_name, CHAP_DIGEST(go->chap_mdtype)); chap_auth_peer(unit, our_name, CHAP_DIGEST(go->chap_mdtype));
auth |= CHAP_PEER; auth |= CHAP_PEER;
} else if (go->neg_upap) { } else if (go->neg_upap) {
upap_authpeer(unit); upap_authpeer(unit);
auth |= PAP_PEER; auth |= PAP_PEER;
} }
#if EAP_SUPPORT
if (ho->neg_eap) { if (ho->neg_eap) {
eap_authwithpeer(unit, ppp_settings.user); eap_authwithpeer(unit, ppp_settings.user);
auth |= EAP_WITHPEER; auth |= EAP_WITHPEER;
} else if (ho->neg_chap) { } else
#endif /* EAP_SUPPORT */
if (ho->neg_chap) {
chap_auth_with_peer(unit, ppp_settings.user, CHAP_DIGEST(ho->chap_mdtype)); chap_auth_with_peer(unit, ppp_settings.user, CHAP_DIGEST(ho->chap_mdtype));
auth |= CHAP_WITHPEER; auth |= CHAP_WITHPEER;
} else if (ho->neg_upap) { } else if (ho->neg_upap) {
@ -795,7 +808,11 @@ network_phase(unit)
/* /*
* If the peer had to authenticate, run the auth-up script now. * If the peer had to authenticate, run the auth-up script now.
*/ */
if (go->neg_chap || go->neg_upap || go->neg_eap) { if (go->neg_chap || go->neg_upap
#if EAP_SUPPORT
|| go->neg_eap
#endif /* EAP_SUPPORT */
) {
notify(auth_up_notifier, 0); notify(auth_up_notifier, 0);
} }
@ -1179,17 +1196,25 @@ auth_check_options()
/* If authentication is required, ask peer for CHAP, PAP, or EAP. */ /* If authentication is required, ask peer for CHAP, PAP, or EAP. */
if (auth_required) { if (auth_required) {
allow_any_ip = 0; allow_any_ip = 0;
if (!wo->neg_chap && !wo->neg_upap && !wo->neg_eap) { if (!wo->neg_chap && !wo->neg_upap
#if EAP_SUPPORT
&& !wo->neg_eap
#endif /* EAP_SUPPORT */
) {
wo->neg_chap = chap_mdtype_all != MDTYPE_NONE; wo->neg_chap = chap_mdtype_all != MDTYPE_NONE;
wo->chap_mdtype = chap_mdtype_all; wo->chap_mdtype = chap_mdtype_all;
wo->neg_upap = 1; wo->neg_upap = 1;
#if EAP_SUPPORT
wo->neg_eap = 1; wo->neg_eap = 1;
#endif /* EAP_SUPPORT */
} }
} else { } else {
wo->neg_chap = 0; wo->neg_chap = 0;
wo->chap_mdtype = MDTYPE_NONE; wo->chap_mdtype = MDTYPE_NONE;
wo->neg_upap = 0; wo->neg_upap = 0;
#if EAP_SUPPORT
wo->neg_eap = 0; wo->neg_eap = 0;
#endif /* EAP_SUPPORT */
} }
/* /*
@ -1199,11 +1224,19 @@ auth_check_options()
*/ */
lacks_ip = 0; lacks_ip = 0;
can_auth = wo->neg_upap && (uselogin || have_pap_secret(&lacks_ip)); can_auth = wo->neg_upap && (uselogin || have_pap_secret(&lacks_ip));
if (!can_auth && (wo->neg_chap || wo->neg_eap)) { if (!can_auth && (wo->neg_chap
#if EAP_SUPPORT
|| wo->neg_eap
#endif /* EAP_SUPPORT */
)) {
can_auth = have_chap_secret((explicit_remote? remote_name: NULL), can_auth = have_chap_secret((explicit_remote? remote_name: NULL),
our_name, 1, &lacks_ip); our_name, 1, &lacks_ip);
} }
if (!can_auth && wo->neg_eap) { if (!can_auth
#if EAP_SUPPORT
&& wo->neg_eap
#endif /* EAP_SUPPORT */
) {
can_auth = have_srp_secret((explicit_remote? remote_name: NULL), can_auth = have_srp_secret((explicit_remote? remote_name: NULL),
our_name, 1, &lacks_ip); our_name, 1, &lacks_ip);
} }
@ -1255,7 +1288,9 @@ auth_reset(unit)
ao->neg_upap = !ppp_settings.refuse_pap; ao->neg_upap = !ppp_settings.refuse_pap;
#if EAP_SUPPORT
ao->neg_eap = !ppp_settings.refuse_eap; ao->neg_eap = !ppp_settings.refuse_eap;
#endif /* EAP_SUPPORT */
if(!ppp_settings.refuse_chap) { if(!ppp_settings.refuse_chap) {
ao->chap_mdtype = MDTYPE_MD5; ao->chap_mdtype = MDTYPE_MD5;
@ -1265,7 +1300,9 @@ auth_reset(unit)
} else { } else {
ao->neg_upap = 0; ao->neg_upap = 0;
ao->neg_chap = 0; ao->neg_chap = 0;
#if EAP_SUPPORT
ao->neg_eap = 0; ao->neg_eap = 0;
#endif /* EAP_SUPPORT */
ao->chap_mdtype = MDTYPE_NONE; ao->chap_mdtype = MDTYPE_NONE;
} }
@ -1274,7 +1311,9 @@ auth_reset(unit)
printf("neg_chap_md5: %d\n", !!(ao->chap_mdtype&MDTYPE_MD5) ); printf("neg_chap_md5: %d\n", !!(ao->chap_mdtype&MDTYPE_MD5) );
printf("neg_chap_ms: %d\n", !!(ao->chap_mdtype&MDTYPE_MICROSOFT) ); printf("neg_chap_ms: %d\n", !!(ao->chap_mdtype&MDTYPE_MICROSOFT) );
printf("neg_chap_ms2: %d\n", !!(ao->chap_mdtype&MDTYPE_MICROSOFT_V2) ); printf("neg_chap_ms2: %d\n", !!(ao->chap_mdtype&MDTYPE_MICROSOFT_V2) );
#if EAP_SUPPORT
printf("neg_eap: %d\n", ao->neg_eap); printf("neg_eap: %d\n", ao->neg_eap);
#endif /* EAP_SUPPORT */
//ao->neg_upap = !ppp_settings.refuse_pap && (ppp_settings.passwd[0] != 0 || get_pap_passwd(NULL)); //ao->neg_upap = !ppp_settings.refuse_pap && (ppp_settings.passwd[0] != 0 || get_pap_passwd(NULL));
@ -1292,10 +1331,12 @@ auth_reset(unit)
go->neg_upap = 0; go->neg_upap = 0;
go->neg_chap = 0; go->neg_chap = 0;
#if EAP_SUPPORT
go->neg_eap = 0; go->neg_eap = 0;
#endif /* EAP_SUPPORT */
go->chap_mdtype = MDTYPE_NONE; go->chap_mdtype = MDTYPE_NONE;
return; return;
#if 0
/* FIXME: find what the below stuff do */ /* FIXME: find what the below stuff do */
int hadchap; int hadchap;
hadchap = -1; hadchap = -1;
@ -1317,6 +1358,7 @@ auth_reset(unit)
!have_srp_secret((explicit_remote? remote_name: NULL), our_name, 1, !have_srp_secret((explicit_remote? remote_name: NULL), our_name, 1,
NULL)) NULL))
go->neg_eap = 0; go->neg_eap = 0;
#endif
} }
/* /*

10
src/netif/ppp/eap.c
View File

@ -44,12 +44,7 @@
*/ */
#include "lwip/opt.h" #include "lwip/opt.h"
#if PPP_SUPPORT && EAP_SUPPORT /* don't build if not configured for use in lwipopts.h */
#define RCSID "$Id: eap.c,v 1.4 2004/11/09 22:39:25 paulus Exp $"
/*
* TODO:
*/
#include "pppd.h" #include "pppd.h"
#include "pathnames.h" #include "pathnames.h"
@ -67,8 +62,6 @@
#define SHA_DIGESTSIZE 20 #define SHA_DIGESTSIZE 20
#endif #endif
static const char rcsid[] = RCSID;
eap_state eap_states[NUM_PPP]; /* EAP state; one for each unit */ eap_state eap_states[NUM_PPP]; /* EAP state; one for each unit */
#ifdef USE_SRP #ifdef USE_SRP
static char *pn_secret = NULL; /* Pseudonym generating secret */ static char *pn_secret = NULL; /* Pseudonym generating secret */
@ -2419,3 +2412,4 @@ void *arg;
return (inp - pstart); return (inp - pstart);
} }
#endif /* PPP_SUPPORT && EAP_SUPPORT */

4
src/netif/ppp/eap.h
View File

@ -20,6 +20,9 @@
* $Id: eap.h,v 1.2 2003/06/11 23:56:26 paulus Exp $ * $Id: eap.h,v 1.2 2003/06/11 23:56:26 paulus Exp $
*/ */
#include "lwip/opt.h"
#if PPP_SUPPORT && EAP_SUPPORT /* don't build if not configured for use in lwipopts.h */
#ifndef PPP_EAP_H #ifndef PPP_EAP_H
#define PPP_EAP_H #define PPP_EAP_H
@ -156,3 +159,4 @@ extern struct protent eap_protent;
#endif /* PPP_EAP_H */ #endif /* PPP_EAP_H */
#endif /* PPP_SUPPORT && EAP_SUPPORT */

135
src/netif/ppp/lcp.c
View File

@ -371,7 +371,9 @@ lcp_init(unit)
ao->neg_chap = 1; ao->neg_chap = 1;
ao->chap_mdtype = chap_mdtype_all; ao->chap_mdtype = chap_mdtype_all;
ao->neg_upap = 1; ao->neg_upap = 1;
#if EAP_SUPPORT
ao->neg_eap = 1; ao->neg_eap = 1;
#endif /* EAP_SUPPORT */
ao->neg_magicnumber = 1; ao->neg_magicnumber = 1;
ao->neg_pcompression = 1; ao->neg_pcompression = 1;
ao->neg_accompression = 1; ao->neg_accompression = 1;
@ -696,9 +698,19 @@ lcp_cilen(f)
*/ */
return (LENCISHORT(go->neg_mru && go->mru != DEFMRU) + return (LENCISHORT(go->neg_mru && go->mru != DEFMRU) +
LENCILONG(go->neg_asyncmap && go->asyncmap != 0xFFFFFFFF) + LENCILONG(go->neg_asyncmap && go->asyncmap != 0xFFFFFFFF) +
#if EAP_SUPPORT
LENCISHORT(go->neg_eap) + LENCISHORT(go->neg_eap) +
LENCICHAP(!go->neg_eap && go->neg_chap) + #endif /* EAP_SUPPORT */
LENCISHORT(!go->neg_eap && !go->neg_chap && go->neg_upap) + LENCICHAP(
#if EAP_SUPPORT
!go->neg_eap &&
#endif /* EAP_SUPPORT */
go->neg_chap) +
LENCISHORT(
#if EAP_SUPPORT
!go->neg_eap &&
#endif /* EAP_SUPPORT */
!go->neg_chap && go->neg_upap) +
LENCILQR(go->neg_lqr) + LENCILQR(go->neg_lqr) +
LENCICBCP(go->neg_cbcp) + LENCICBCP(go->neg_cbcp) +
LENCILONG(go->neg_magicnumber) + LENCILONG(go->neg_magicnumber) +
@ -772,10 +784,19 @@ lcp_addci(f, ucp, lenp)
ADDCISHORT(CI_MRU, go->neg_mru && go->mru != DEFMRU, go->mru); ADDCISHORT(CI_MRU, go->neg_mru && go->mru != DEFMRU, go->mru);
ADDCILONG(CI_ASYNCMAP, go->neg_asyncmap && go->asyncmap != 0xFFFFFFFF, ADDCILONG(CI_ASYNCMAP, go->neg_asyncmap && go->asyncmap != 0xFFFFFFFF,
go->asyncmap); go->asyncmap);
#if EAP_SUPPORT
ADDCISHORT(CI_AUTHTYPE, go->neg_eap, PPP_EAP); ADDCISHORT(CI_AUTHTYPE, go->neg_eap, PPP_EAP);
ADDCICHAP(CI_AUTHTYPE, !go->neg_eap && go->neg_chap, go->chap_mdtype); #endif /* EAP_SUPPORT */
ADDCISHORT(CI_AUTHTYPE, !go->neg_eap && !go->neg_chap && go->neg_upap, ADDCICHAP(CI_AUTHTYPE,
PPP_PAP); #if EAP_SUPPORT
!go->neg_eap &&
#endif /* EAP_SUPPORT */
go->neg_chap, go->chap_mdtype);
ADDCISHORT(CI_AUTHTYPE,
#if EAP_SUPPORT
!go->neg_eap &&
#endif /* EAP_SUPPORT */
!go->neg_chap && go->neg_upap, PPP_PAP);
ADDCILQR(CI_QUALITY, go->neg_lqr, go->lqr_period); ADDCILQR(CI_QUALITY, go->neg_lqr, go->lqr_period);
ADDCICHAR(CI_CALLBACK, go->neg_cbcp, CBCP_OPT); ADDCICHAR(CI_CALLBACK, go->neg_cbcp, CBCP_OPT);
ADDCILONG(CI_MAGICNUMBER, go->neg_magicnumber, go->magicnumber); ADDCILONG(CI_MAGICNUMBER, go->neg_magicnumber, go->magicnumber);
@ -921,10 +942,19 @@ lcp_ackci(f, p, len)
ACKCISHORT(CI_MRU, go->neg_mru && go->mru != DEFMRU, go->mru); ACKCISHORT(CI_MRU, go->neg_mru && go->mru != DEFMRU, go->mru);
ACKCILONG(CI_ASYNCMAP, go->neg_asyncmap && go->asyncmap != 0xFFFFFFFF, ACKCILONG(CI_ASYNCMAP, go->neg_asyncmap && go->asyncmap != 0xFFFFFFFF,
go->asyncmap); go->asyncmap);
#if EAP_SUPPORT
ACKCISHORT(CI_AUTHTYPE, go->neg_eap, PPP_EAP); ACKCISHORT(CI_AUTHTYPE, go->neg_eap, PPP_EAP);
ACKCICHAP(CI_AUTHTYPE, !go->neg_eap && go->neg_chap, go->chap_mdtype); #endif /* EAP_SUPPORT */
ACKCISHORT(CI_AUTHTYPE, !go->neg_eap && !go->neg_chap && go->neg_upap, ACKCICHAP(CI_AUTHTYPE,
PPP_PAP); #if EAP_SUPPORT
!go->neg_eap &&
#endif /* EAP_SUPPORT */
go->neg_chap, go->chap_mdtype);
ACKCISHORT(CI_AUTHTYPE,
#if EAP_SUPPORT
!go->neg_eap &&
#endif /* EAP_SUPPORT */
!go->neg_chap && go->neg_upap, PPP_PAP);
ACKCILQR(CI_QUALITY, go->neg_lqr, go->lqr_period); ACKCILQR(CI_QUALITY, go->neg_lqr, go->lqr_period);
ACKCICHAR(CI_CALLBACK, go->neg_cbcp, CBCP_OPT); ACKCICHAR(CI_CALLBACK, go->neg_cbcp, CBCP_OPT);
ACKCILONG(CI_MAGICNUMBER, go->neg_magicnumber, go->magicnumber); ACKCILONG(CI_MAGICNUMBER, go->neg_magicnumber, go->magicnumber);
@ -1092,23 +1122,32 @@ lcp_nakci(f, p, len, treat_as_reject)
* they are proposing a different protocol, or a different * they are proposing a different protocol, or a different
* hash algorithm for CHAP. * hash algorithm for CHAP.
*/ */
if ((go->neg_chap || go->neg_upap || go->neg_eap) if ((go->neg_chap || go->neg_upap
#if EAP_SUPPORT
|| go->neg_eap
#endif /* EAP_SUPPORT */
)
&& len >= CILEN_SHORT && len >= CILEN_SHORT
&& p[0] == CI_AUTHTYPE && p[1] >= CILEN_SHORT && p[1] <= len) { && p[0] == CI_AUTHTYPE && p[1] >= CILEN_SHORT && p[1] <= len) {
cilen = p[1]; cilen = p[1];
len -= cilen; len -= cilen;
no.neg_chap = go->neg_chap; no.neg_chap = go->neg_chap;
no.neg_upap = go->neg_upap; no.neg_upap = go->neg_upap;
#if EAP_SUPPORT
no.neg_eap = go->neg_eap; no.neg_eap = go->neg_eap;
#endif /* EAP_SUPPORT */
INCPTR(2, p); INCPTR(2, p);
GETSHORT(cishort, p); GETSHORT(cishort, p);
if (cishort == PPP_PAP && cilen == CILEN_SHORT) { if (cishort == PPP_PAP && cilen == CILEN_SHORT) {
#if EAP_SUPPORT
/* If we were asking for EAP, then we need to stop that. */ /* If we were asking for EAP, then we need to stop that. */
if (go->neg_eap) if (go->neg_eap)
try.neg_eap = 0; try.neg_eap = 0;
else
#endif /* EAP_SUPPORT */
/* If we were asking for CHAP, then we need to stop that. */ /* If we were asking for CHAP, then we need to stop that. */
else if (go->neg_chap) if (go->neg_chap)
try.neg_chap = 0; try.neg_chap = 0;
/* /*
* If we weren't asking for CHAP or EAP, then we were asking for * If we weren't asking for CHAP or EAP, then we were asking for
@ -1119,13 +1158,16 @@ lcp_nakci(f, p, len, treat_as_reject)
} else if (cishort == PPP_CHAP && cilen == CILEN_CHAP) { } else if (cishort == PPP_CHAP && cilen == CILEN_CHAP) {
GETCHAR(cichar, p); GETCHAR(cichar, p);
#if EAP_SUPPORT
/* Stop asking for EAP, if we were. */ /* Stop asking for EAP, if we were. */
if (go->neg_eap) { if (go->neg_eap) {
try.neg_eap = 0; try.neg_eap = 0;
/* Try to set up to use their suggestion, if possible */ /* Try to set up to use their suggestion, if possible */
if (CHAP_CANDIGEST(go->chap_mdtype, cichar)) if (CHAP_CANDIGEST(go->chap_mdtype, cichar))
try.chap_mdtype = CHAP_MDTYPE_D(cichar); try.chap_mdtype = CHAP_MDTYPE_D(cichar);
} else if (go->neg_chap) { } else
#endif /* EAP_SUPPORT */
if (go->neg_chap) {
/* /*
* We were asking for our preferred algorithm, they must * We were asking for our preferred algorithm, they must
* want something different. * want something different.
@ -1156,6 +1198,7 @@ lcp_nakci(f, p, len, treat_as_reject)
} else { } else {
#if EAP_SUPPORT
/* /*
* If we were asking for EAP, and they're Conf-Naking EAP, * If we were asking for EAP, and they're Conf-Naking EAP,
* well, that's just strange. Nobody should do that. * well, that's just strange. Nobody should do that.
@ -1169,7 +1212,9 @@ lcp_nakci(f, p, len, treat_as_reject)
*/ */
if (go->neg_eap) if (go->neg_eap)
try.neg_eap = 0; try.neg_eap = 0;
else if (go->neg_chap) else
#endif /* EAP_SUPPORT */
if (go->neg_chap)
try.neg_chap = 0; try.neg_chap = 0;
else else
try.neg_upap = 0; try.neg_upap = 0;
@ -1277,8 +1322,11 @@ lcp_nakci(f, p, len, treat_as_reject)
goto bad; goto bad;
break; break;
case CI_AUTHTYPE: case CI_AUTHTYPE:
if (go->neg_chap || no.neg_chap || go->neg_upap || no.neg_upap || if (go->neg_chap || no.neg_chap || go->neg_upap || no.neg_upap
go->neg_eap || no.neg_eap) #if EAP_SUPPORT
|| go->neg_eap || no.neg_eap
#endif /* EAP_SUPPORT */
)
goto bad; goto bad;
break; break;
case CI_MAGICNUMBER: case CI_MAGICNUMBER:
@ -1391,6 +1439,7 @@ lcp_rejci(f, p, len)
goto bad; \ goto bad; \
try.neg = 0; \ try.neg = 0; \
} }
#if EAP_SUPPORT
#define REJCICHAP(opt, neg, val) \ #define REJCICHAP(opt, neg, val) \
if (go->neg && \ if (go->neg && \
len >= CILEN_CHAP && \ len >= CILEN_CHAP && \
@ -1406,6 +1455,24 @@ lcp_rejci(f, p, len)
try.neg = 0; \ try.neg = 0; \
try.neg_eap = try.neg_upap = 0; \ try.neg_eap = try.neg_upap = 0; \
} }
#endif /* EAP_SUPPORT */
#if !EAP_SUPPORT
#define REJCICHAP(opt, neg, val) \
if (go->neg && \
len >= CILEN_CHAP && \
p[1] == CILEN_CHAP && \
p[0] == opt) { \
len -= CILEN_CHAP; \
INCPTR(2, p); \
GETSHORT(cishort, p); \
GETCHAR(cichar, p); \
/* Check rejected value. */ \
if ((cishort != PPP_CHAP) || (cichar != (CHAP_DIGEST(val)))) \
goto bad; \
try.neg = 0; \
try.neg_upap = 0; \
}
#endif /* !EAP_SUPPORT */
#define REJCILONG(opt, neg, val) \ #define REJCILONG(opt, neg, val) \
if (go->neg && \ if (go->neg && \
len >= CILEN_LONG && \ len >= CILEN_LONG && \
@ -1467,13 +1534,17 @@ lcp_rejci(f, p, len)
REJCISHORT(CI_MRU, neg_mru, go->mru); REJCISHORT(CI_MRU, neg_mru, go->mru);
REJCILONG(CI_ASYNCMAP, neg_asyncmap, go->asyncmap); REJCILONG(CI_ASYNCMAP, neg_asyncmap, go->asyncmap);
#if EAP_SUPPORT
REJCISHORT(CI_AUTHTYPE, neg_eap, PPP_EAP); REJCISHORT(CI_AUTHTYPE, neg_eap, PPP_EAP);
if (!go->neg_eap) { if (!go->neg_eap) {
#endif /* EAP_SUPPORT */
REJCICHAP(CI_AUTHTYPE, neg_chap, go->chap_mdtype); REJCICHAP(CI_AUTHTYPE, neg_chap, go->chap_mdtype);
if (!go->neg_chap) { if (!go->neg_chap) {
REJCISHORT(CI_AUTHTYPE, neg_upap, PPP_PAP); REJCISHORT(CI_AUTHTYPE, neg_upap, PPP_PAP);
} }
#if EAP_SUPPORT
} }
#endif /* EAP_SUPPORT */
REJCILQR(CI_QUALITY, neg_lqr, go->lqr_period); REJCILQR(CI_QUALITY, neg_lqr, go->lqr_period);
REJCICBCP(CI_CALLBACK, neg_cbcp, CBCP_OPT); REJCICBCP(CI_CALLBACK, neg_cbcp, CBCP_OPT);
REJCILONG(CI_MAGICNUMBER, neg_magicnumber, go->magicnumber); REJCILONG(CI_MAGICNUMBER, neg_magicnumber, go->magicnumber);
@ -1609,7 +1680,11 @@ lcp_reqci(f, inp, lenp, reject_if_disagree)
case CI_AUTHTYPE: case CI_AUTHTYPE:
if (cilen < CILEN_SHORT || if (cilen < CILEN_SHORT ||
!(ao->neg_upap || ao->neg_chap || ao->neg_eap)) { !(ao->neg_upap || ao->neg_chap
#if EAP_SUPPORT
|| ao->neg_eap
#endif /* EAP_SUPPORT */
)) {
/* /*
* Reject the option if we're not willing to authenticate. * Reject the option if we're not willing to authenticate.
*/ */
@ -1632,8 +1707,11 @@ lcp_reqci(f, inp, lenp, reject_if_disagree)
if (cishort == PPP_PAP) { if (cishort == PPP_PAP) {
/* we've already accepted CHAP or EAP */ /* we've already accepted CHAP or EAP */
if (ho->neg_chap || ho->neg_eap || if (ho->neg_chap
cilen != CILEN_SHORT) { #if EAP_SUPPORT
|| ho->neg_eap
#endif /* EAP_SUPPORT */
|| cilen != CILEN_SHORT) {
LCPDEBUG(("lcp_reqci: rcvd AUTHTYPE PAP, rejecting...")); LCPDEBUG(("lcp_reqci: rcvd AUTHTYPE PAP, rejecting..."));
orc = CONFREJ; orc = CONFREJ;
break; break;
@ -1641,14 +1719,18 @@ lcp_reqci(f, inp, lenp, reject_if_disagree)
if (!ao->neg_upap) { /* we don't want to do PAP */ if (!ao->neg_upap) { /* we don't want to do PAP */
orc = CONFNAK; /* NAK it and suggest CHAP or EAP */ orc = CONFNAK; /* NAK it and suggest CHAP or EAP */
PUTCHAR(CI_AUTHTYPE, nakp); PUTCHAR(CI_AUTHTYPE, nakp);
#if EAP_SUPPORT
if (ao->neg_eap) { if (ao->neg_eap) {
PUTCHAR(CILEN_SHORT, nakp); PUTCHAR(CILEN_SHORT, nakp);
PUTSHORT(PPP_EAP, nakp); PUTSHORT(PPP_EAP, nakp);
} else { } else {
#endif /* EAP_SUPPORT */
PUTCHAR(CILEN_CHAP, nakp); PUTCHAR(CILEN_CHAP, nakp);
PUTSHORT(PPP_CHAP, nakp); PUTSHORT(PPP_CHAP, nakp);
PUTCHAR(CHAP_DIGEST(ao->chap_mdtype), nakp); PUTCHAR(CHAP_DIGEST(ao->chap_mdtype), nakp);
#if EAP_SUPPORT
} }
#endif /* EAP_SUPPORT */
break; break;
} }
ho->neg_upap = 1; ho->neg_upap = 1;
@ -1656,8 +1738,11 @@ lcp_reqci(f, inp, lenp, reject_if_disagree)
} }
if (cishort == PPP_CHAP) { if (cishort == PPP_CHAP) {
/* we've already accepted PAP or EAP */ /* we've already accepted PAP or EAP */
if (ho->neg_upap || ho->neg_eap || if (ho->neg_upap
cilen != CILEN_CHAP) { #if EAP_SUPPORT
|| ho->neg_eap
#endif /* EAP_SUPPORT */
|| cilen != CILEN_CHAP) {
LCPDEBUG(("lcp_reqci: rcvd AUTHTYPE CHAP, rejecting...")); LCPDEBUG(("lcp_reqci: rcvd AUTHTYPE CHAP, rejecting..."));
orc = CONFREJ; orc = CONFREJ;
break; break;
@ -1666,11 +1751,15 @@ lcp_reqci(f, inp, lenp, reject_if_disagree)
orc = CONFNAK; /* NAK it and suggest EAP or PAP */ orc = CONFNAK; /* NAK it and suggest EAP or PAP */
PUTCHAR(CI_AUTHTYPE, nakp); PUTCHAR(CI_AUTHTYPE, nakp);
PUTCHAR(CILEN_SHORT, nakp); PUTCHAR(CILEN_SHORT, nakp);
#if EAP_SUPPORT
if (ao->neg_eap) { if (ao->neg_eap) {
PUTSHORT(PPP_EAP, nakp); PUTSHORT(PPP_EAP, nakp);
} else { } else {
#endif /* EAP_SUPPORT */
PUTSHORT(PPP_PAP, nakp); PUTSHORT(PPP_PAP, nakp);
#if EAP_SUPPORT
} }
#endif /* EAP_SUPPORT */
break; break;
} }
GETCHAR(cichar, p); /* get digest type */ GETCHAR(cichar, p); /* get digest type */
@ -1690,6 +1779,7 @@ lcp_reqci(f, inp, lenp, reject_if_disagree)
ho->neg_chap = 1; ho->neg_chap = 1;
break; break;
} }
#if EAP_SUPPORT
if (cishort == PPP_EAP) { if (cishort == PPP_EAP) {
/* we've already accepted CHAP or PAP */ /* we've already accepted CHAP or PAP */
if (ho->neg_chap || ho->neg_upap || cilen != CILEN_SHORT) { if (ho->neg_chap || ho->neg_upap || cilen != CILEN_SHORT) {
@ -1713,6 +1803,7 @@ lcp_reqci(f, inp, lenp, reject_if_disagree)
ho->neg_eap = 1; ho->neg_eap = 1;
break; break;
} }
#endif /* EAP_SUPPORT */
/* /*
* We don't recognize the protocol they're asking for. * We don't recognize the protocol they're asking for.
@ -1722,10 +1813,14 @@ lcp_reqci(f, inp, lenp, reject_if_disagree)
*/ */
orc = CONFNAK; orc = CONFNAK;
PUTCHAR(CI_AUTHTYPE, nakp); PUTCHAR(CI_AUTHTYPE, nakp);
#if EAP_SUPPORT
if (ao->neg_eap) { if (ao->neg_eap) {
PUTCHAR(CILEN_SHORT, nakp); PUTCHAR(CILEN_SHORT, nakp);
PUTSHORT(PPP_EAP, nakp); PUTSHORT(PPP_EAP, nakp);
} else if (ao->neg_chap) { } else
#endif /* EAP_SUPPORT */
if (ao->neg_chap) {
PUTCHAR(CILEN_CHAP, nakp); PUTCHAR(CILEN_CHAP, nakp);
PUTSHORT(PPP_CHAP, nakp); PUTSHORT(PPP_CHAP, nakp);
PUTCHAR(CHAP_DIGEST(ao->chap_mdtype), nakp); PUTCHAR(CHAP_DIGEST(ao->chap_mdtype), nakp);

2
src/netif/ppp/lcp.h
View File

@ -93,7 +93,9 @@ typedef struct lcp_options {
bool neg_asyncmap; /* Negotiate the async map? */ bool neg_asyncmap; /* Negotiate the async map? */
bool neg_upap; /* Ask for UPAP authentication? */ bool neg_upap; /* Ask for UPAP authentication? */
bool neg_chap; /* Ask for CHAP authentication? */ bool neg_chap; /* Ask for CHAP authentication? */
#if EAP_SUPPORT
bool neg_eap; /* Ask for EAP authentication? */ bool neg_eap; /* Ask for EAP authentication? */
#endif /* EAP_SUPPORT */
bool neg_magicnumber; /* Ask for magic number? */ bool neg_magicnumber; /* Ask for magic number? */
bool neg_pcompression; /* HDLC Protocol Field Compression? */ bool neg_pcompression; /* HDLC Protocol Field Compression? */
bool neg_accompression; /* HDLC Address/Control Field Compression? */ bool neg_accompression; /* HDLC Address/Control Field Compression? */

4
src/netif/ppp/ppp.c
View File

@ -104,7 +104,9 @@
#endif #endif
#include "upap.h" #include "upap.h"
#include "chap-new.h" #include "chap-new.h"
#if EAP_SUPPORT
#include "eap.h" #include "eap.h"
#endif /* EAP_SUPPORT */
#include "pathnames.h" #include "pathnames.h"
#ifdef AT_CHANGE #ifdef AT_CHANGE
@ -266,7 +268,9 @@ struct protent *protocols[] = {
#ifdef AT_CHANGE #ifdef AT_CHANGE
&atcp_protent, &atcp_protent,
#endif #endif
#if EAP_SUPPORT
&eap_protent, &eap_protent,
#endif /* EAP_SUPPORT */
NULL NULL
}; };

6
src/netif/ppp/pppmy.c
View File

@ -437,7 +437,11 @@ pppSetAuth(enum pppAuthType authType, const char *user, const char *passwd)
{ {
ppp_settings.refuse_pap = 1; ppp_settings.refuse_pap = 1;
ppp_settings.refuse_chap = 0; ppp_settings.refuse_chap = 0;
ppp_settings.refuse_eap = 1; #if EAP_SUPPORT
ppp_settings.refuse_pap = 1;
ppp_settings.refuse_chap = 1;
ppp_settings.refuse_eap = 0;
#endif /* EAP_SUPPORT */
/* FIXME: re-enable that */ /* FIXME: re-enable that */
#if 0 #if 0

2
src/netif/ppp/pppmy.h
View File

@ -46,7 +46,9 @@ struct ppp_settings {
u_int explicit_remote : 1; /* remote_name specified with remotename opt */ u_int explicit_remote : 1; /* remote_name specified with remotename opt */
u_int refuse_pap : 1; /* Don't wanna auth. ourselves with PAP */ u_int refuse_pap : 1; /* Don't wanna auth. ourselves with PAP */
u_int refuse_chap : 1; /* Don't wanna auth. ourselves with CHAP */ u_int refuse_chap : 1; /* Don't wanna auth. ourselves with CHAP */
#if EAP_SUPPORT
u_int refuse_eap : 1; /* Don't wanna auth. ourselves with EAP */ u_int refuse_eap : 1; /* Don't wanna auth. ourselves with EAP */
#endif /* EAP_SUPPORT */
u_int usehostname : 1; /* Use hostname for our_name */ u_int usehostname : 1; /* Use hostname for our_name */
u_int usepeerdns : 1; /* Ask peer for DNS adds */ u_int usepeerdns : 1; /* Ask peer for DNS adds */