From 972ca9e6c13e635844699e69c083bedfb7f24745 Mon Sep 17 00:00:00 2001 From: goldsimon Date: Mon, 18 Jan 2010 20:49:43 +0000 Subject: [PATCH] reorganised PPP sourcecode to 2.3.11 including some bugfix backports from 2.4.x. --- CHANGELOG | 4 + src/netif/ppp/auth.c | 687 +++++++++++++++++++++++++++++++----------- src/netif/ppp/chap.c | 62 ++-- src/netif/ppp/chpms.c | 1 + src/netif/ppp/fsm.c | 22 +- src/netif/ppp/ipcp.h | 24 +- src/netif/ppp/lcp.c | 81 ++++- src/netif/ppp/lcp.h | 20 +- src/netif/ppp/magic.c | 4 +- src/netif/ppp/magic.h | 6 +- src/netif/ppp/pap.c | 36 ++- src/netif/ppp/pap.h | 4 - 12 files changed, 688 insertions(+), 263 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 4e786c8c..7cff4a7b 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -50,6 +50,10 @@ HISTORY ++ Bugfixes: + 2010-01-18: Iordan Neshev/Simon Goldschmidt + * src/netif/ppp: reorganised PPP sourcecode to 2.3.11 including some + bugfix backports from 2.4.x. + 2010-01-18: Simon Goldschmidt * mem.c: Fixed bug #28679: mem_realloc calculates mem_stats wrong diff --git a/src/netif/ppp/auth.c b/src/netif/ppp/auth.c index f57c9702..9974a114 100644 --- a/src/netif/ppp/auth.c +++ b/src/netif/ppp/auth.c @@ -84,63 +84,14 @@ #include -/*************************/ -/*** LOCAL DEFINITIONS ***/ -/*************************/ +#if 0 /* UNUSED */ +/* Bits in scan_authfile return value */ +#define NONWILD_SERVER 1 +#define NONWILD_CLIENT 2 -/* Bits in auth_pending[] */ -#define PAP_WITHPEER 1 -#define PAP_PEER 2 -#define CHAP_WITHPEER 4 -#define CHAP_PEER 8 +#define ISWILD(word) (word[0] == '*' && word[1] == 0) +#endif /* UNUSED */ - -/************************/ -/*** LOCAL DATA TYPES ***/ -/************************/ -/* Used for storing a sequence of words. Usually malloced. */ -struct wordlist { - struct wordlist *next; - char word[1]; -}; - - -/***********************************/ -/*** LOCAL FUNCTION DECLARATIONS ***/ -/***********************************/ -extern char *crypt (const char *, const char *); - -/* Prototypes for procedures local to this file. */ - -static void network_phase (int); -static void check_idle (void *); -static void connect_time_expired (void *); -#if 0 -static int login (char *, char *, char **, int *); -#endif -static void logout (void); -static int null_login (int); -static int get_pap_passwd (int, char *, char *); -static int have_pap_secret (void); -static int have_chap_secret (char *, char *, u32_t); -static int ip_addr_check (u32_t, struct wordlist *); -#if 0 /* PAP_SUPPORT || CHAP_SUPPORT */ -static void set_allowed_addrs(int unit, struct wordlist *addrs); -static void free_wordlist (struct wordlist *); -#endif /* 0 */ /* PAP_SUPPORT || CHAP_SUPPORT */ -#if CBCP_SUPPORT -static void callback_phase (int); -#endif /* CBCP_SUPPORT */ - - -/******************************/ -/*** PUBLIC DATA STRUCTURES ***/ -/******************************/ - - -/*****************************/ -/*** LOCAL DATA STRUCTURES ***/ -/*****************************/ #if PAP_SUPPORT || CHAP_SUPPORT /* The name by which the peer authenticated itself to us. */ static char peer_authname[MAXNAMELEN]; @@ -149,15 +100,24 @@ static char peer_authname[MAXNAMELEN]; /* Records which authentication operations haven't completed yet. */ static int auth_pending[NUM_PPP]; -/* Set if we have successfully called login() */ +/* Set if we have successfully called plogin() */ static int logged_in; /* Set if we have run the /etc/ppp/auth-up script. */ -static int did_authup; +static int did_authup; /* @todo, we don't need this in lwip*/ /* List of addresses which the peer may use. */ static struct wordlist *addresses[NUM_PPP]; +#if 0 /* UNUSED */ +/* Wordlist giving addresses which the peer may use + without authenticating itself. */ +static struct wordlist *noauth_addrs; + +/* Extra options to apply, from the secrets file entry for the peer. */ +static struct wordlist *extra_options; +#endif /* UNUSED */ + /* Number of network protocols which we have opened. */ static int num_np_open; @@ -169,10 +129,244 @@ static int num_np_up; static int passwd_from_file; #endif /* PAP_SUPPORT || CHAP_SUPPORT */ +#if 0 /* UNUSED */ +/* Set if we require authentication only because we have a default route. */ +static bool default_auth; + +/* Hook to enable a plugin to control the idle time limit */ +int (*idle_time_hook) __P((struct ppp_idle *)) = NULL; + +/* Hook for a plugin to say whether we can possibly authenticate any peer */ +int (*pap_check_hook) __P((void)) = NULL; + +/* Hook for a plugin to check the PAP user and password */ +int (*pap_auth_hook) __P((char *user, char *passwd, char **msgp, + struct wordlist **paddrs, + struct wordlist **popts)) = NULL; + +/* Hook for a plugin to know about the PAP user logout */ +void (*pap_logout_hook) __P((void)) = NULL; + +/* Hook for a plugin to get the PAP password for authenticating us */ +int (*pap_passwd_hook) __P((char *user, char *passwd)) = NULL; + +/* + * This is used to ensure that we don't start an auth-up/down + * script while one is already running. + */ +enum script_state { + s_down, + s_up +}; + +static enum script_state auth_state = s_down; +static enum script_state auth_script_state = s_down; +static pid_t auth_script_pid = 0; + +/* + * Option variables. + * lwip: some of these are present in the ppp_settings structure + */ +bool uselogin = 0; /* Use /etc/passwd for checking PAP */ +bool cryptpap = 0; /* Passwords in pap-secrets are encrypted */ +bool refuse_pap = 0; /* Don't wanna auth. ourselves with PAP */ +bool refuse_chap = 0; /* Don't wanna auth. ourselves with CHAP */ +bool usehostname = 0; /* Use hostname for our_name */ +bool auth_required = 0; /* Always require authentication from peer */ +bool allow_any_ip = 0; /* Allow peer to use any IP address */ +bool explicit_remote = 0; /* User specified explicit remote name */ +char remote_name[MAXNAMELEN]; /* Peer's name for authentication */ + +#endif /* UNUSED */ + +/* Bits in auth_pending[] */ +#define PAP_WITHPEER 1 +#define PAP_PEER 2 +#define CHAP_WITHPEER 4 +#define CHAP_PEER 8 + +/* @todo, move this somewhere */ +/* Used for storing a sequence of words. Usually malloced. */ +struct wordlist { + struct wordlist *next; + char word[1]; +}; + + +extern char *crypt (const char *, const char *); + +/* Prototypes for procedures local to this file. */ + +static void network_phase (int); +static void check_idle (void *); +static void connect_time_expired (void *); +#if 0 +static int plogin (char *, char *, char **, int *); +#endif +static void plogout (void); +static int null_login (int); +static int get_pap_passwd (int, char *, char *); +static int have_pap_secret (void); +static int have_chap_secret (char *, char *, u32_t); +static int ip_addr_check (u32_t, struct wordlist *); + +#if 0 /* PAP_SUPPORT || CHAP_SUPPORT */ +static int scan_authfile (FILE *, char *, char *, char *, + struct wordlist **, struct wordlist **, + char *); +static void free_wordlist (struct wordlist *); +static void auth_script (char *); +static void auth_script_done (void *); +static void set_allowed_addrs (int unit, struct wordlist *addrs); +static int some_ip_ok (struct wordlist *); +static int setupapfile (char **); +static int privgroup (char **); +static int set_noauth_addr (char **); +static void check_access (FILE *, char *); +#endif /* 0 */ /* PAP_SUPPORT || CHAP_SUPPORT */ + +#if 0 /* UNUSED */ +/* + * Authentication-related options. + */ +option_t auth_options[] = { + { "require-pap", o_bool, &lcp_wantoptions[0].neg_upap, + "Require PAP authentication from peer", 1, &auth_required }, + { "+pap", o_bool, &lcp_wantoptions[0].neg_upap, + "Require PAP authentication from peer", 1, &auth_required }, + { "refuse-pap", o_bool, &refuse_pap, + "Don't agree to auth to peer with PAP", 1 }, + { "-pap", o_bool, &refuse_pap, + "Don't allow PAP authentication with peer", 1 }, + { "require-chap", o_bool, &lcp_wantoptions[0].neg_chap, + "Require CHAP authentication from peer", 1, &auth_required }, + { "+chap", o_bool, &lcp_wantoptions[0].neg_chap, + "Require CHAP authentication from peer", 1, &auth_required }, + { "refuse-chap", o_bool, &refuse_chap, + "Don't agree to auth to peer with CHAP", 1 }, + { "-chap", o_bool, &refuse_chap, + "Don't allow CHAP authentication with peer", 1 }, + { "name", o_string, our_name, + "Set local name for authentication", + OPT_PRIV|OPT_STATIC, NULL, MAXNAMELEN }, + { "user", o_string, user, + "Set name for auth with peer", OPT_STATIC, NULL, MAXNAMELEN }, + { "usehostname", o_bool, &usehostname, + "Must use hostname for authentication", 1 }, + { "remotename", o_string, remote_name, + "Set remote name for authentication", OPT_STATIC, + &explicit_remote, MAXNAMELEN }, + { "auth", o_bool, &auth_required, + "Require authentication from peer", 1 }, + { "noauth", o_bool, &auth_required, + "Don't require peer to authenticate", OPT_PRIV, &allow_any_ip }, + { "login", o_bool, &uselogin, + "Use system password database for PAP", 1 }, + { "papcrypt", o_bool, &cryptpap, + "PAP passwords are encrypted", 1 }, + { "+ua", o_special, (void *)setupapfile, + "Get PAP user and password from file" }, + { "password", o_string, passwd, + "Password for authenticating us to the peer", OPT_STATIC, + NULL, MAXSECRETLEN }, + { "privgroup", o_special, (void *)privgroup, + "Allow group members to use privileged options", OPT_PRIV }, + { "allow-ip", o_special, (void *)set_noauth_addr, + "Set IP address(es) which can be used without authentication", + OPT_PRIV }, + { NULL } +}; +#endif /* UNUSED */ +#if 0 /* UNUSED */ +/* + * setupapfile - specifies UPAP info for authenticating with peer. + */ +static int +setupapfile(char **argv) +{ + FILE * ufile; + int l; + + lcp_allowoptions[0].neg_upap = 1; + + /* open user info file */ + seteuid(getuid()); + ufile = fopen(*argv, "r"); + seteuid(0); + if (ufile == NULL) { + option_error("unable to open user login data file %s", *argv); + return 0; + } + check_access(ufile, *argv); + + /* get username */ + if (fgets(user, MAXNAMELEN - 1, ufile) == NULL + || fgets(passwd, MAXSECRETLEN - 1, ufile) == NULL){ + option_error("unable to read user login data file %s", *argv); + return 0; + } + fclose(ufile); + + /* get rid of newlines */ + l = strlen(user); + if (l > 0 && user[l-1] == '\n') + user[l-1] = 0; + l = strlen(passwd); + if (l > 0 && passwd[l-1] == '\n') + passwd[l-1] = 0; + + return (1); +} +#endif /* UNUSED */ + +#if 0 /* UNUSED */ +/* + * privgroup - allow members of the group to have privileged access. + */ +static int +privgroup(char **argv) +{ + struct group *g; + int i; + + g = getgrnam(*argv); + if (g == 0) { + option_error("group %s is unknown", *argv); + return 0; + } + for (i = 0; i < ngroups; ++i) { + if (groups[i] == g->gr_gid) { + privileged = 1; + break; + } + } + return 1; +} +#endif + +#if 0 /* UNUSED */ +/* + * set_noauth_addr - set address(es) that can be used without authentication. + * Equivalent to specifying an entry like `"" * "" addr' in pap-secrets. + */ +static int +set_noauth_addr(char **argv) +{ + char *addr = *argv; + int l = strlen(addr); + struct wordlist *wp; + + wp = (struct wordlist *) malloc(sizeof(struct wordlist) + l + 1); + if (wp == NULL) + novm("allow-ip argument"); + wp->word = (char *) (wp + 1); + wp->next = noauth_addrs; + BCOPY(addr, wp->word, l); + noauth_addrs = wp; + return 1; +} +#endif /* UNUSED */ -/***********************************/ -/*** PUBLIC FUNCTION DEFINITIONS ***/ -/***********************************/ /* * An Open on LCP has requested a change from Dead to Establish phase. * Do what's necessary to bring the physical layer up. @@ -197,7 +391,7 @@ link_terminated(int unit) return; } if (logged_in) { - logout(); + plogout(); } lcp_phase[unit] = PHASE_DEAD; AUTHDEBUG((LOG_NOTICE, "Connection terminated.\n")); @@ -212,8 +406,9 @@ link_down(int unit) { int i; struct protent *protp; - + AUTHDEBUG((LOG_INFO, "link_down: %d\n", unit)); + if (did_authup) { /* XXX Do link down processing. */ did_authup = 0; @@ -229,8 +424,9 @@ link_down(int unit) (*protp->close)(unit, "LCP down"); } } - num_np_open = 0; - num_np_up = 0; + num_np_open = 0; /* number of network protocols we have opened */ + num_np_up = 0; /* Number of network protocols which have come up */ + if (lcp_phase[unit] != PHASE_DEAD) { lcp_phase[unit] = PHASE_TERMINATE; } @@ -253,7 +449,7 @@ link_established(int unit) lcp_options *ho = &lcp_hisoptions[unit]; #endif /* PAP_SUPPORT || CHAP_SUPPORT */ - AUTHDEBUG((LOG_INFO, "link_established: %d\n", unit)); + AUTHDEBUG((LOG_INFO, "link_established: unit %d; Lowering up all protocols...\n", unit)); /* * Tell higher-level protocols that LCP is up. */ @@ -274,7 +470,7 @@ link_established(int unit) return; } } - + lcp_phase[unit] = PHASE_AUTHENTICATE; auth = 0; #if CHAP_SUPPORT @@ -329,7 +525,7 @@ network_phase(int unit) int i; struct protent *protp; lcp_options *go = &lcp_gotoptions[unit]; - + /* * If the peer had to authenticate, run the auth-up script now. */ @@ -364,6 +560,7 @@ network_phase(int unit) lcp_close(0, "No network protocols running"); } } +/* @todo: add void start_networks(void) here (pppd 2.3.11) */ /* * The peer has failed to authenticate himself using `protocol'. @@ -389,7 +586,7 @@ void auth_peer_success(int unit, u16_t protocol, char *name, int namelen) { int pbit; - + AUTHDEBUG((LOG_INFO, "auth_peer_success: %d proto=%X\n", unit, protocol)); switch (protocol) { case PPP_CHAP: @@ -402,7 +599,7 @@ auth_peer_success(int unit, u16_t protocol, char *name, int namelen) AUTHDEBUG((LOG_WARNING, "auth_peer_success: unknown protocol %x\n", protocol)); return; } - + /* * Save the authenticated name of the peer for later. */ @@ -428,7 +625,7 @@ void auth_withpeer_fail(int unit, u16_t protocol) { int errCode = PPPERR_AUTHFAIL; - + LWIP_UNUSED_ARG(protocol); AUTHDEBUG((LOG_INFO, "auth_withpeer_fail: %d proto=%X\n", unit, protocol)); @@ -458,7 +655,7 @@ void auth_withpeer_success(int unit, u16_t protocol) { int pbit; - + AUTHDEBUG((LOG_INFO, "auth_withpeer_success: %d proto=%X\n", unit, protocol)); switch (protocol) { case PPP_CHAP: @@ -474,7 +671,7 @@ auth_withpeer_success(int unit, u16_t protocol) AUTHDEBUG((LOG_WARNING, "auth_peer_success: unknown protocol %x\n", protocol)); pbit = 0; } - + /* * If there is no more authentication still being done, * proceed to the network (or callback) phase. @@ -504,7 +701,7 @@ np_up(int unit, u16_t proto) if (ppp_settings.idle_time_limit > 0) { TIMEOUT(check_idle, NULL, ppp_settings.idle_time_limit); } - + /* * Set a timeout to close the connection once the maximum * connect time has expired. @@ -624,7 +821,7 @@ auth_check_options(void) ppp_panic("No auth secret"); } } -#endif +#endif /* UNUSED */ /* * auth_reset - called when LCP is starting negotiations to recheck @@ -736,14 +933,149 @@ check_passwd( int unit, char *auser, int userlen, char *apasswd, int passwdlen, } #endif /* PAP_SUPPORT */ +#if 0 /* UNUSED */ +/* + * This function is needed for PAM. + */ +#ifdef USE_PAM + +/* lwip does not support PAM*/ + +#endif /* USE_PAM */ + +#endif /* UNUSED */ + + +#if 0 /* UNUSED */ +/* + * plogin - Check the user name and password against the system + * password database, and login the user if OK. + * + * returns: + * UPAP_AUTHNAK: Login failed. + * UPAP_AUTHACK: Login succeeded. + * In either case, msg points to an appropriate message. + */ +static int +plogin(char *user, char *passwd, char **msg, int *msglen) +{ + + LWIP_UNUSED_ARG(user); + LWIP_UNUSED_ARG(passwd); + LWIP_UNUSED_ARG(msg); + LWIP_UNUSED_ARG(msglen); + + + /* The new lines are here align the file when + * compared against the pppd 2.3.11 code */ + + + + + + + + + + + + + + + + + /* XXX Fail until we decide that we want to support logins. */ + return (UPAP_AUTHNAK); +} +#endif + + + +/* + * plogout - Logout the user. + */ +static void +plogout(void) +{ + logged_in = 0; +} + +/* + * null_login - Check if a username of "" and a password of "" are + * acceptable, and iff so, set the list of acceptable IP addresses + * and return 1. + */ +static int +null_login(int unit) +{ + LWIP_UNUSED_ARG(unit); + /* XXX Fail until we decide that we want to support logins. */ + return 0; +} + + +/* + * get_pap_passwd - get a password for authenticating ourselves with + * our peer using PAP. Returns 1 on success, 0 if no suitable password + * could be found. + */ +static int +get_pap_passwd(int unit, char *user, char *passwd) +{ + LWIP_UNUSED_ARG(unit); +/* normally we would reject PAP if no password is provided, + but this causes problems with some providers (like CHT in Taiwan) + who incorrectly request PAP and expect a bogus/empty password, so + always provide a default user/passwd of "none"/"none" + + @todo: This should be configured by the user, instead of being hardcoded here! +*/ + if(user) { + strcpy(user, "none"); + } + if(passwd) { + strcpy(passwd, "none"); + } + return 1; +} + +/* + * have_pap_secret - check whether we have a PAP file with any + * secrets that we could possibly use for authenticating the peer. + */ +static int +have_pap_secret(void) +{ + /* XXX Fail until we set up our passwords. */ + return 0; +} + +/* + * have_chap_secret - check whether we have a CHAP file with a + * secret that we could possibly use for authenticating `client' + * on `server'. Either can be the null string, meaning we don't + * know the identity yet. + */ +static int +have_chap_secret(char *client, char *server, u32_t remote) +{ + LWIP_UNUSED_ARG(client); + LWIP_UNUSED_ARG(server); + LWIP_UNUSED_ARG(remote); + + /* XXX Fail until we set up our passwords. */ + return 0; +} #if CHAP_SUPPORT + /* * get_secret - open the CHAP secret file and return the secret * for authenticating the given client on the given server. * (We could be either client or server). */ -int get_secret( int unit, char *client, char *server, char *secret, int *secret_len, int save_addrs) +int +get_secret(int unit, char *client, char *server, char *secret, int *secret_len, int save_addrs) { #if 1 int len; @@ -801,97 +1133,6 @@ int get_secret( int unit, char *client, char *server, char *secret, int *secret_ } #endif /* CHAP_SUPPORT */ -#if 0 -/* - * login - Check the user name and password against the system - * password database, and login the user if OK. - * - * returns: - * UPAP_AUTHNAK: Login failed. - * UPAP_AUTHACK: Login succeeded. - * In either case, msg points to an appropriate message. - */ -static int -login(char *user, char *passwd, char **msg, int *msglen) -{ - /* XXX Fail until we decide that we want to support logins. */ - return (UPAP_AUTHNAK); -} -#endif - -/* - * logout - Logout the user. - */ -static void -logout(void) -{ - logged_in = 0; -} - -/* - * null_login - Check if a username of "" and a password of "" are - * acceptable, and iff so, set the list of acceptable IP addresses - * and return 1. - */ -static int -null_login(int unit) -{ - LWIP_UNUSED_ARG(unit); - /* XXX Fail until we decide that we want to support logins. */ - return 0; -} - -/* - * get_pap_passwd - get a password for authenticating ourselves with - * our peer using PAP. Returns 1 on success, 0 if no suitable password - * could be found. - */ -static int -get_pap_passwd(int unit, char *user, char *passwd) -{ - LWIP_UNUSED_ARG(unit); -/* normally we would reject PAP if no password is provided, - but this causes problems with some providers (like CHT in Taiwan) - who incorrectly request PAP and expect a bogus/empty password, so - always provide a default user/passwd of "none"/"none" - - @todo: This should be configured by the user, instead of being hardcoded here! -*/ - if(user) { - strcpy(user, "none"); - } - if(passwd) { - strcpy(passwd, "none"); - } - return 1; -} - -/* - * have_pap_secret - check whether we have a PAP file with any - * secrets that we could possibly use for authenticating the peer. - */ -static int -have_pap_secret(void) -{ - /* XXX Fail until we set up our passwords. */ - return 0; -} - -/* - * have_chap_secret - check whether we have a CHAP file with a - * secret that we could possibly use for authenticating `client' - * on `server'. Either can be the null string, meaning we don't - * know the identity yet. - */ -static int -have_chap_secret(char *client, char *server, u32_t remote) -{ - LWIP_UNUSED_ARG(client); - LWIP_UNUSED_ARG(server); - LWIP_UNUSED_ARG(remote); - /* XXX Fail until we set up our passwords. */ - return 0; -} #if 0 /* PAP_SUPPORT || CHAP_SUPPORT */ /* @@ -942,7 +1183,7 @@ auth_ip_addr(int unit, u32_t addr) return ip_addr_check(addr, addresses[unit]); } -static int +static int /* @todo: integrate this funtion into auth_ip_addr()*/ ip_addr_check(u32_t addr, struct wordlist *addrs) { /* don't allow loopback or multicast address */ @@ -971,7 +1212,58 @@ bad_ip_adrs(u32_t addr) || IN_MULTICAST(addr) || IN_BADCLASS(addr); } -#if 0 /* PAP_SUPPORT || CHAP_SUPPORT */ +#if 0 /* UNUSED */ /* PAP_SUPPORT || CHAP_SUPPORT */ +/* + * some_ip_ok - check a wordlist to see if it authorizes any + * IP address(es). + */ +static int +some_ip_ok(struct wordlist *addrs) +{ + for (; addrs != 0; addrs = addrs->next) { + if (addrs->word[0] == '-') + break; + if (addrs->word[0] != '!') + return 1; /* some IP address is allowed */ + } + return 0; +} + +/* + * check_access - complain if a secret file has too-liberal permissions. + */ +static void +check_access(FILE *f, char *filename) +{ + struct stat sbuf; + + if (fstat(fileno(f), &sbuf) < 0) { + warn("cannot stat secret file %s: %m", filename); + } else if ((sbuf.st_mode & (S_IRWXG | S_IRWXO)) != 0) { + warn("Warning - secret file %s has world and/or group access", + filename); + } +} + + +/* + * scan_authfile - Scan an authorization file for a secret suitable + * for authenticating `client' on `server'. The return value is -1 + * if no secret is found, otherwise >= 0. The return value has + * NONWILD_CLIENT set if the secret didn't have "*" for the client, and + * NONWILD_SERVER set if the secret didn't have "*" for the server. + * Any following words on the line up to a "--" (i.e. address authorization + * info) are placed in a wordlist and returned in *addrs. Any + * following words (extra options) are placed in a wordlist and + * returned in *opts. + * We assume secret is NULL or points to MAXWORDLEN bytes of space. + */ +static int +scan_authfile(FILE *f, char *client, char *server, char *secret, struct wordlist **addrs, struct wordlist **opts, char *filename) +{ + /* We do not (currently) need this in lwip */ + return 0; /* dummy */ +} /* * free_wordlist - release memory allocated for a wordlist. */ @@ -979,13 +1271,68 @@ static void free_wordlist(struct wordlist *wp) { struct wordlist *next; - + while (wp != NULL) { next = wp->next; free(wp); wp = next; } } -#endif /* 0 */ /* PAP_SUPPORT || CHAP_SUPPORT */ +/* + * auth_script_done - called when the auth-up or auth-down script + * has finished. + */ +static void +auth_script_done(void *arg) +{ + auth_script_pid = 0; + switch (auth_script_state) { + case s_up: + if (auth_state == s_down) { + auth_script_state = s_down; + auth_script(_PATH_AUTHDOWN); + } + break; + case s_down: + if (auth_state == s_up) { + auth_script_state = s_up; + auth_script(_PATH_AUTHUP); + } + break; + } +} + +/* + * auth_script - execute a script with arguments + * interface-name peer-name real-user tty speed + */ +static void +auth_script(char *script) +{ + char strspeed[32]; + struct passwd *pw; + char struid[32]; + char *user_name; + char *argv[8]; + + if ((pw = getpwuid(getuid())) != NULL && pw->pw_name != NULL) + user_name = pw->pw_name; + else { + slprintf(struid, sizeof(struid), "%d", getuid()); + user_name = struid; + } + slprintf(strspeed, sizeof(strspeed), "%d", baud_rate); + + argv[0] = script; + argv[1] = ifname; + argv[2] = peer_authname; + argv[3] = user_name; + argv[4] = devnam; + argv[5] = strspeed; + argv[6] = NULL; + + auth_script_pid = run_program(script, argv, 0, auth_script_done, NULL); +} +#endif /* 0 */ /* PAP_SUPPORT || CHAP_SUPPORT */ #endif /* PPP_SUPPORT */ diff --git a/src/netif/ppp/chap.c b/src/netif/ppp/chap.c index 95005979..8161e58e 100644 --- a/src/netif/ppp/chap.c +++ b/src/netif/ppp/chap.c @@ -84,6 +84,25 @@ #include +#if 0 /* UNUSED */ +/* + * Command-line options. + */ +static option_t chap_option_list[] = { + { "chap-restart", o_int, &chap[0].timeouttime, + "Set timeout for CHAP" }, + { "chap-max-challenge", o_int, &chap[0].max_transmits, + "Set max #xmits for challenge" }, + { "chap-interval", o_int, &chap[0].chal_interval, + "Set interval for rechallenge" }, +#ifdef MSLANMAN + { "ms-lanman", o_bool, &ms_lanman, + "Use LanMan passwd when using MS-CHAP", 1 }, +#endif + { NULL } +}; +#endif /* UNUSED */ + /* * Protocol entry points. */ @@ -331,7 +350,7 @@ ChapProtocolReject(int unit) } if (cstate->clientstate != CHAPCS_INITIAL && cstate->clientstate != CHAPCS_CLOSED) { - auth_withpeer_fail(unit, PPP_CHAP); + auth_withpeer_fail(unit, PPP_CHAP); /* lwip: just sets the PPP error code on this unit to PPPERR_AUTHFAIL */ } ChapLowerDown(unit); /* shutdown chap */ } @@ -410,7 +429,7 @@ ChapReceiveChallenge(chap_state *cstate, u_char *inp, int id, int len) char rhostname[256]; MD5_CTX mdContext; u_char hash[MD5_SIGNATURE_SIZE]; - + CHAPDEBUG((LOG_INFO, "ChapReceiveChallenge: Rcvd id %d.\n", id)); if (cstate->clientstate == CHAPCS_CLOSED || cstate->clientstate == CHAPCS_PENDING) { @@ -508,7 +527,7 @@ ChapReceiveResponse(chap_state *cstate, u_char *inp, int id, int len) MD5_CTX mdContext; char secret[MAXSECRETLEN]; u_char hash[MD5_SIGNATURE_SIZE]; - + CHAPDEBUG((LOG_INFO, "ChapReceiveResponse: Rcvd id %d.\n", id)); if (cstate->serverstate == CHAPSS_CLOSED || @@ -680,7 +699,7 @@ ChapReceiveFailure(chap_state *cstate, u_char *inp, u_char id, int len) } CHAPDEBUG((LOG_ERR, "CHAP authentication failed\n")); - auth_withpeer_fail(cstate->unit, PPP_CHAP); + auth_withpeer_fail(cstate->unit, PPP_CHAP); /* lwip: just sets the PPP error code on this unit to PPPERR_AUTHFAIL */ } @@ -698,21 +717,21 @@ ChapSendChallenge(chap_state *cstate) name_len = strlen(cstate->chal_name); outlen = CHAP_HEADERLEN + sizeof (u_char) + chal_len + name_len; outp = outpacket_buf[cstate->unit]; - + MAKEHEADER(outp, PPP_CHAP); /* paste in a CHAP header */ - + PUTCHAR(CHAP_CHALLENGE, outp); PUTCHAR(cstate->chal_id, outp); PUTSHORT(outlen, outp); - + PUTCHAR(chal_len, outp); /* put length of challenge */ BCOPY(cstate->challenge, outp, chal_len); INCPTR(chal_len, outp); - + BCOPY(cstate->chal_name, outp, name_len); /* append hostname */ pppWrite(cstate->unit, outpacket_buf[cstate->unit], outlen + PPP_HDRLEN); - + CHAPDEBUG((LOG_INFO, "ChapSendChallenge: Sent id %d.\n", cstate->chal_id)); TIMEOUT(ChapChallengeTimeout, cstate, cstate->timeouttime); @@ -729,17 +748,17 @@ ChapSendStatus(chap_state *cstate, int code) u_char *outp; int outlen, msglen; char msg[256]; /* @todo: this can be a char*, no strcpy needed */ - + if (code == CHAP_SUCCESS) { strcpy(msg, "Welcome!"); } else { strcpy(msg, "I don't like you. Go 'way."); } msglen = strlen(msg); - + outlen = CHAP_HEADERLEN + msglen; outp = outpacket_buf[cstate->unit]; - + MAKEHEADER(outp, PPP_CHAP); /* paste in a header */ PUTCHAR(code, outp); @@ -747,7 +766,7 @@ ChapSendStatus(chap_state *cstate, int code) PUTSHORT(outlen, outp); BCOPY(msg, outp, msglen); pppWrite(cstate->unit, outpacket_buf[cstate->unit], outlen + PPP_HDRLEN); - + CHAPDEBUG((LOG_INFO, "ChapSendStatus: Sent code %d, id %d.\n", code, cstate->chal_id)); } @@ -765,7 +784,7 @@ ChapGenChallenge(chap_state *cstate) int chal_len; u_char *ptr = cstate->challenge; int i; - + /* pick a random challenge length between MIN_CHALLENGE_LENGTH and MAX_CHALLENGE_LENGTH */ chal_len = (unsigned) @@ -775,7 +794,7 @@ ChapGenChallenge(chap_state *cstate) cstate->chal_len = chal_len; cstate->chal_id = ++cstate->id; cstate->chal_transmits = 0; - + /* generate a random string */ for (i = 0; i < chal_len; i++ ) { *ptr++ = (char) (magic() & 0xff); @@ -792,12 +811,12 @@ ChapSendResponse(chap_state *cstate) { u_char *outp; int outlen, md_len, name_len; - + md_len = cstate->resp_length; name_len = strlen(cstate->resp_name); outlen = CHAP_HEADERLEN + sizeof (u_char) + md_len + name_len; outp = outpacket_buf[cstate->unit]; - + MAKEHEADER(outp, PPP_CHAP); PUTCHAR(CHAP_RESPONSE, outp); /* we are a response */ @@ -807,12 +826,12 @@ ChapSendResponse(chap_state *cstate) PUTCHAR(md_len, outp); /* length of MD */ BCOPY(cstate->response, outp, md_len); /* copy MD to buffer */ INCPTR(md_len, outp); - + BCOPY(cstate->resp_name, outp, name_len); /* append our name */ - + /* send the packet */ pppWrite(cstate->unit, outpacket_buf[cstate->unit], outlen + PPP_HDRLEN); - + cstate->clientstate = CHAPCS_RESPONSE; TIMEOUT(ChapResponseTimeout, cstate, cstate->timeouttime); ++cstate->resp_transmits; @@ -831,7 +850,7 @@ ChapPrintPkt( u_char *p, int plen, void (*printer) (void *, char *, ...), void * int code, id, len; int clen, nlen; u_char x; - + if (plen < CHAP_HEADERLEN) { return 0; } @@ -841,6 +860,7 @@ ChapPrintPkt( u_char *p, int plen, void (*printer) (void *, char *, ...), void * if (len < CHAP_HEADERLEN || len > plen) { return 0; } + if (code >= 1 && code <= sizeof(ChapCodenames) / sizeof(char *)) { printer(arg, " %s", ChapCodenames[code-1]); } else { diff --git a/src/netif/ppp/chpms.c b/src/netif/ppp/chpms.c index 295a43ce..a999e80f 100644 --- a/src/netif/ppp/chpms.c +++ b/src/netif/ppp/chpms.c @@ -328,6 +328,7 @@ ChapMS_NT( char *rchallenge, low_byte_first = (htons((unsigned short int)1) != 1); } if (low_byte_first == 0) { + /* @todo: arg type - u_long* or u_int* ? */ MDreverse((unsigned int*)&md4Context); /* sfb 961105 */ } diff --git a/src/netif/ppp/fsm.c b/src/netif/ppp/fsm.c index c998534a..eb1e03f4 100644 --- a/src/netif/ppp/fsm.c +++ b/src/netif/ppp/fsm.c @@ -143,7 +143,7 @@ fsm_lowerup(fsm *f) FSMDEBUG((LOG_INFO, "%s: Up event in state %d (%s)!\n", PROTO_NAME(f), f->state, ppperr_strerr[f->state])); } - + FSMDEBUG((LOG_INFO, "%s: lowerup state %d (%s) -> %d (%s)\n", PROTO_NAME(f), oldState, ppperr_strerr[oldState], f->state, ppperr_strerr[f->state])); } @@ -247,6 +247,19 @@ fsm_open(fsm *f) PROTO_NAME(f), oldState, ppperr_strerr[oldState], f->state, ppperr_strerr[f->state])); } +#if 0 /* backport pppd 2.4.4b1; */ +/* + * terminate_layer - Start process of shutting down the FSM + * + * Cancel any timeout running, notify upper layers we're done, and + * send a terminate-request message as configured. + */ +static void +terminate_layer(fsm *f, int nextstate) +{ + /* @todo */ +} +#endif /* * fsm_close - Start closing connection. @@ -432,6 +445,7 @@ fsm_input(fsm *f, u_char *inpacket, int l) break; default: + FSMDEBUG((LOG_INFO, "fsm_input(%s): default: \n", PROTO_NAME(f))); if( !f->callbacks->extcode || !(*f->callbacks->extcode)(f, code, id, inp, len) ) { fsm_sdata(f, CODEREJ, ++f->id, inpacket, len + HEADERLEN); @@ -705,6 +719,9 @@ fsm_rtermack(fsm *f) } fsm_sconfreq(f, 0); break; + default: + FSMDEBUG((LOG_INFO, "fsm_rtermack(%s): UNHANDLED state=%d (%s)!!!\n", + PROTO_NAME(f), f->state, ppperr_strerr[f->state])); } } @@ -777,7 +794,7 @@ fsm_protreject(fsm *f) (u_char *) f->term_reason, f->term_reason_len); TIMEOUT(fsm_timeout, f, f->timeouttime); --f->retransmits; - + f->state = LS_STOPPING; break; @@ -840,6 +857,7 @@ fsm_sconfreq(fsm *f, int retransmit) PROTO_NAME(f), f->reqid)); } + /* * fsm_sdata - Send some data. * diff --git a/src/netif/ppp/ipcp.h b/src/netif/ppp/ipcp.h index dfcf4fba..de03f460 100644 --- a/src/netif/ppp/ipcp.h +++ b/src/netif/ppp/ipcp.h @@ -48,15 +48,12 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: ipcp.h,v 1.3 2007/12/19 20:47:23 fbernon Exp $ + * $Id: ipcp.h,v 1.4 2010/01/18 20:49:43 goldsimon Exp $ */ #ifndef IPCP_H #define IPCP_H -/************************* -*** PUBLIC DEFINITIONS *** -*************************/ /* * Options. */ @@ -64,10 +61,10 @@ #define CI_COMPRESSTYPE 2 /* Compression Type */ #define CI_ADDR 3 -#define CI_MS_WINS1 128 /* Primary WINS value */ #define CI_MS_DNS1 129 /* Primary DNS value */ -#define CI_MS_WINS2 130 /* Secondary WINS value */ +#define CI_MS_WINS1 128 /* Primary WINS value */ #define CI_MS_DNS2 131 /* Secondary DNS value */ +#define CI_MS_WINS2 130 /* Secondary WINS value */ #define IPCP_VJMODE_OLD 1 /* "old" mode (option # = 0x0037) */ #define IPCP_VJMODE_RFC1172 2 /* "old-rfc"mode (option # = 0x002d) */ @@ -78,11 +75,6 @@ #define IPCP_VJ_COMP_OLD 0x0037 /* "old" (i.e, broken) value for VJ */ /* compression option */ - -/************************ -*** PUBLIC DATA TYPES *** -************************/ - typedef struct ipcp_options { u_int neg_addr : 1; /* Negotiate IP Address? */ u_int old_addrs : 1; /* Use old (IP-Addresses) option? */ @@ -103,11 +95,6 @@ typedef struct ipcp_options { u32_t winsaddr[2]; /* Primary and secondary MS WINS entries */ } ipcp_options; - -/***************************** -*** PUBLIC DATA STRUCTURES *** -*****************************/ - extern fsm ipcp_fsm[]; extern ipcp_options ipcp_wantoptions[]; extern ipcp_options ipcp_gotoptions[]; @@ -116,9 +103,4 @@ extern ipcp_options ipcp_hisoptions[]; extern struct protent ipcp_protent; - -/*********************** -*** PUBLIC FUNCTIONS *** -***********************/ - #endif /* IPCP_H */ diff --git a/src/netif/ppp/lcp.c b/src/netif/ppp/lcp.c index e6c0da7b..3a8da24e 100644 --- a/src/netif/ppp/lcp.c +++ b/src/netif/ppp/lcp.c @@ -72,6 +72,23 @@ #define PPPOE_MAXMTU PPP_MAXMRU #endif +#if 0 /* UNUSED */ +/* + * LCP-related command-line options. + */ +int lcp_echo_interval = 0; /* Interval between LCP echo-requests */ +int lcp_echo_fails = 0; /* Tolerance to unanswered echo-requests */ +bool lax_recv = 0; /* accept control chars in asyncmap */ + +static int setescape (char **); + +static option_t lcp_option_list[] = { + /* LCP options */ + /* list stripped for simplicity */ + {NULL} +}; +#endif /* UNUSED */ + /* options */ LinkPhase lcp_phase[NUM_PPP]; /* Phase of link session (RFC 1661) */ static u_int lcp_echo_interval = LCP_ECHOINTERVAL; /* Interval between LCP echo-requests */ @@ -89,7 +106,8 @@ static u32_t lcp_echos_pending = 0; /* Number of outstanding static u32_t lcp_echo_number = 0; /* ID number of next echo frame */ static u32_t lcp_echo_timer_running = 0; /* TRUE if a timer is running */ -static u_char nak_buffer[PPP_MRU]; /* where we construct a nak packet */ +/* @todo: do we really need such a large buffer? The typical 1500 bytes seem too much. */ +static u_char nak_buffer[PPP_MRU]; /* where we construct a nak packet */ /* * Callbacks for fsm code. (CI = Configuration Information) @@ -142,6 +160,7 @@ static fsm_callbacks lcp_callbacks = { /* LCP callback routines */ * Protocol entry points. * Some of these are called directly. */ + static void lcp_input (int, u_char *, int); static void lcp_protrej (int); @@ -180,8 +199,40 @@ int lcp_loopbackfail = DEFLOOPBACKFAIL; #define CILEN_LQR 8 /* CILEN_VOID + sizeof(short) + sizeof(long) */ #define CILEN_CBCP 3 -#define CODENAME(x) ((x) == CONFACK ? "ACK" : (x) == CONFNAK ? "NAK" : "REJ") +#define CODENAME(x) ((x) == CONFACK ? "ACK" : (x) == CONFNAK ? "NAK" : "REJ") +#if 0 /* UNUSED */ +/* + * setescape - add chars to the set we escape on transmission. + */ +static int +setescape(argv) + char **argv; +{ + int n, ret; + char *p, *endp; + + p = *argv; + ret = 1; + while (*p) { + n = strtol(p, &endp, 16); + if (p == endp) { + option_error("escape parameter contains invalid hex number '%s'", + p); + return 0; + } + p = endp; + if (n < 0 || n == 0x5E || n > 0xFF) { + option_error("can't escape character 0x%x", n); + ret = 0; + } else + xmit_accm[0][n >> 5] |= 1 << (n & 0x1F); + while (*p == ',' || *p == ' ') + ++p; + } + return ret; +} +#endif /* UNUSED */ /* * lcp_init - Initialize LCP. @@ -196,9 +247,9 @@ lcp_init(int unit) f->unit = unit; f->protocol = PPP_LCP; f->callbacks = &lcp_callbacks; - + fsm_init(f); - + wo->passive = 0; wo->silent = 0; wo->restart = 0; /* Set to 1 in kernels or multi-line implementations */ @@ -214,7 +265,7 @@ lcp_init(int unit) wo->neg_accompression = 1; wo->neg_lqr = 0; /* no LQR implementation yet */ wo->neg_cbcp = 0; - + ao->neg_mru = 1; ao->mru = PPP_MAXMRU; ao->neg_asyncmap = 1; @@ -291,7 +342,7 @@ lcp_close(int unit, char *reason) f->state = LS_CLOSED; lcp_finished(f); } else { - fsm_close(&lcp_fsm[unit], reason); + fsm_close(f, reason); } } @@ -338,9 +389,6 @@ lcp_lowerdown(int unit) } -/**********************************/ -/*** LOCAL FUNCTION DEFINITIONS ***/ -/**********************************/ /* * lcp_input - Input LCP packet. */ @@ -379,10 +427,10 @@ lcp_extcode(fsm *f, int code, u_char id, u_char *inp, int len) case ECHOREP: lcp_received_echo_reply(f, id, inp, len); break; - + case DISCREQ: break; - + default: return 0; } @@ -481,7 +529,8 @@ lcp_resetci(fsm *f) /* * lcp_cilen - Return length of our CI. */ -static int lcp_cilen(fsm *f) +static int +lcp_cilen(fsm *f) { lcp_options *go = &lcp_gotoptions[f->unit]; @@ -1626,7 +1675,7 @@ lcp_up(fsm *f) lcp_echo_lowerup(f->unit); /* Enable echo messages */ - link_established(f->unit); + link_established(f->unit); /* The link is up; authenticate now */ } @@ -1658,7 +1707,7 @@ lcp_down(fsm *f) static void lcp_starting(fsm *f) { - link_required(f->unit); + link_required(f->unit); /* lwip: currently does nothing */ } @@ -1668,7 +1717,7 @@ lcp_starting(fsm *f) static void lcp_finished(fsm *f) { - link_terminated(f->unit); + link_terminated(f->unit); /* we are finished with the link */ } @@ -1943,7 +1992,7 @@ lcp_received_echo_reply (fsm *f, int id, u_char *inp, int len) LCPDEBUG((LOG_WARNING, "appear to have received our own echo-reply!\n")); return; } - + /* Reset the number of outstanding echo frames */ lcp_echos_pending = 0; } diff --git a/src/netif/ppp/lcp.h b/src/netif/ppp/lcp.h index 1a5e5a4c..b9201eeb 100644 --- a/src/netif/ppp/lcp.h +++ b/src/netif/ppp/lcp.h @@ -48,15 +48,11 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: lcp.h,v 1.3 2007/12/19 20:47:23 fbernon Exp $ + * $Id: lcp.h,v 1.4 2010/01/18 20:49:43 goldsimon Exp $ */ #ifndef LCP_H #define LCP_H - -/************************* -*** PUBLIC DEFINITIONS *** -*************************/ /* * Options. */ @@ -73,7 +69,7 @@ #define CI_EPDISC 19 /* endpoint discriminator */ /* - * LCP-specific packet types. + * LCP-specific packet types (code numbers). */ #define PROTREJ 8 /* Protocol Reject */ #define ECHOREQ 9 /* Echo Request */ @@ -81,11 +77,6 @@ #define DISCREQ 11 /* Discard Request */ #define CBCP_OPT 6 /* Use callback control protocol */ - -/************************ -*** PUBLIC DATA TYPES *** -************************/ - /* * The state of options is described by an lcp_options structure. */ @@ -135,9 +126,6 @@ typedef enum { } LinkPhase; -/***************************** -*** PUBLIC DATA STRUCTURES *** -*****************************/ extern LinkPhase lcp_phase[NUM_PPP]; /* Phase of link session (RFC 1661) */ extern lcp_options lcp_wantoptions[]; @@ -147,10 +135,6 @@ extern lcp_options lcp_hisoptions[]; extern ext_accm xmit_accm[]; -/*********************** -*** PUBLIC FUNCTIONS *** -***********************/ - void lcp_init (int); void lcp_open (int); void lcp_close (int, char *); diff --git a/src/netif/ppp/magic.c b/src/netif/ppp/magic.c index d3922bb5..39013308 100644 --- a/src/netif/ppp/magic.c +++ b/src/netif/ppp/magic.c @@ -57,9 +57,7 @@ #include "randm.h" #include "magic.h" -/***********************************/ -/*** PUBLIC FUNCTION DEFINITIONS ***/ -/***********************************/ + /* * magicInit - Initialize the magic number generator. * diff --git a/src/netif/ppp/magic.h b/src/netif/ppp/magic.h index bc517499..eba70d20 100644 --- a/src/netif/ppp/magic.h +++ b/src/netif/ppp/magic.h @@ -48,16 +48,12 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: magic.h,v 1.2 2007/12/02 22:35:55 fbernon Exp $ + * $Id: magic.h,v 1.3 2010/01/18 20:49:43 goldsimon Exp $ */ #ifndef MAGIC_H #define MAGIC_H -/***************************************************************************** -************************** PUBLIC FUNCTIONS ********************************** -*****************************************************************************/ - /* Initialize the magic number generator */ void magicInit(void); diff --git a/src/netif/ppp/pap.c b/src/netif/ppp/pap.c index 28600635..0b88d6b5 100644 --- a/src/netif/ppp/pap.c +++ b/src/netif/ppp/pap.c @@ -63,6 +63,27 @@ #include +#if 0 /* UNUSED */ +static bool hide_password = 1; + +/* + * Command-line options. + */ +static option_t pap_option_list[] = { + { "hide-password", o_bool, &hide_password, + "Don't output passwords to log", 1 }, + { "show-password", o_bool, &hide_password, + "Show password string in debug log messages", 0 }, + { "pap-restart", o_int, &upap[0].us_timeouttime, + "Set retransmit timeout for PAP" }, + { "pap-max-authreq", o_int, &upap[0].us_maxtransmits, + "Set max number of transmissions for auth-reqs" }, + { "pap-timeout", o_int, &upap[0].us_reqtimeout, + "Set time limit for peer PAP authentication" }, + { NULL } +}; +#endif + /* * Protocol entry points. */ @@ -71,6 +92,9 @@ static void upap_lowerup (int); static void upap_lowerdown (int); static void upap_input (int, u_char *, int); static void upap_protrej (int); +#if PPP_ADDITIONAL_CALLBACKS +static int upap_printpkt (u_char *, int, void (*)(void *, char *, ...), void *); +#endif /* PPP_ADDITIONAL_CALLBACKS */ struct protent pap_protent = { PPP_PAP, @@ -205,7 +229,7 @@ upap_timeout(void *arg) return; } - upap_sauthreq(u); /* Send Authenticate-Request */ + upap_sauthreq(u); /* Send Authenticate-Request and set upap timeout*/ } @@ -236,12 +260,13 @@ upap_lowerup(int unit) { upap_state *u = &upap[unit]; - UPAPDEBUG((LOG_INFO, "upap_lowerup: %d s=%d\n", unit, u->us_clientstate)); + UPAPDEBUG((LOG_INFO, "upap_lowerup: init %d clientstate s=%d\n", unit, u->us_clientstate)); if (u->us_clientstate == UPAPCS_INITIAL) { u->us_clientstate = UPAPCS_CLOSED; } else if (u->us_clientstate == UPAPCS_PENDING) { upap_sauthreq(u); /* send an auth-request */ + /* now client state is UPAPCS__AUTHREQ */ } if (u->us_serverstate == UPAPSS_INITIAL) { @@ -413,6 +438,7 @@ upap_rauthreq(upap_state *u, u_char *inp, int id, int len) * Check the username and password given. */ retcode = check_passwd(u->us_unit, ruser, ruserlen, rpasswd, rpasswdlen, &msg, &msglen); + /* lwip: currently retcode is always UPAP_AUTHACK */ BZERO(rpasswd, rpasswdlen); upap_sresp(u, retcode, id, msg, msglen); @@ -473,7 +499,7 @@ upap_rauthack(upap_state *u, u_char *inp, int id, int len) /* - * upap_rauthnak - Receive Authenticate-Nakk. + * upap_rauthnak - Receive Authenticate-Nak. */ static void upap_rauthnak(upap_state *u, u_char *inp, int id, int len) @@ -572,6 +598,10 @@ upap_sresp(upap_state *u, u_char code, u_char id, char *msg, int msglen) } #if PPP_ADDITIONAL_CALLBACKS +static char *upap_codenames[] = { + "AuthReq", "AuthAck", "AuthNak" +}; + /* * upap_printpkt - print the contents of a PAP packet. */ diff --git a/src/netif/ppp/pap.h b/src/netif/ppp/pap.h index 770312d5..c99a2040 100644 --- a/src/netif/ppp/pap.h +++ b/src/netif/ppp/pap.h @@ -54,9 +54,6 @@ #if PAP_SUPPORT /* don't build if not configured for use in lwipopts.h */ -/************************* -*** PUBLIC DEFINITIONS *** -*************************/ /* * Packet header = Code, id, length. */ @@ -111,7 +108,6 @@ typedef struct upap_state { extern upap_state upap[]; -void upap_setloginpasswd(int unit, const char *luser, const char *lpassword); void upap_authwithpeer (int, char *, char *); void upap_authpeer (int);