ppp_set_auth() modified to handle new handled authtype (mschap + eap)

2025-02-21 18:40:12 +00:00 · 2012-06-09 23:32:31 +02:00 · 2012-06-09 23:32:31 +02:00 · a3cfbfc6ba
commit a3cfbfc6ba
parent 444646b65e
2 changed files with 29 additions and 92 deletions
--- a/src/netif/ppp/ppp.c
+++ b/src/netif/ppp/ppp.c
@ -327,108 +327,47 @@ ppp_pcb *ppp_new(void) {
    return pcb;
 }

-void ppp_set_auth(ppp_pcb *pcb, enum ppp_auth_type authtype, const char *user, const char *passwd) {
+void ppp_set_auth(ppp_pcb *pcb, u8_t authtype, const char *user, const char *passwd) {

-  /* FIXME: the following may look stupid, but this is just an easy way
-   * to check different auth by changing compile time option
-   */
 #if PAP_SUPPORT
-  pcb->settings.refuse_pap = 0;
+  if(authtype & PPPAUTHTYPE_PAP)
+    pcb->settings.refuse_pap = 0;
+  else
+    pcb->settings.refuse_pap = 1;
 #endif /* PAP_SUPPORT */

 #if CHAP_SUPPORT
-#if PAP_SUPPORT
-  pcb->settings.refuse_pap = 1;
-#endif /* PAP_SUPPORT */
-  pcb->settings.refuse_chap = 0;
+  if(authtype & PPPAUTHTYPE_CHAP)
+    pcb->settings.refuse_chap = 0;
+  else
+    pcb->settings.refuse_chap = 1;
 #endif /* CHAP_SUPPORT */

 #if MSCHAP_SUPPORT
-#if PAP_SUPPORT
-  pcb->settings.refuse_pap = 1;
-#endif /* PAP_SUPPORT */
-  pcb->settings.refuse_chap = 1;
-  pcb->settings.refuse_mschap = 1;
-  pcb->settings.refuse_mschap_v2 = 0;
+  if(authtype & PPPAUTHTYPE_MSCHAP)
+    pcb->settings.refuse_mschap = 0;
+  else
+    pcb->settings.refuse_mschap = 1;
 #endif /* MSCHAP_SUPPORT */

 #if EAP_SUPPORT
-#if PAP_SUPPORT
-  pcb->settings.refuse_pap = 1;
-#endif/* PAP_SUPPORT */
-#if CHAP_SUPPORT
-  pcb->settings.refuse_chap = 1;
-#if MSCHAP_SUPPORT
-  pcb->settings.refuse_mschap = 1;
-  pcb->settings.refuse_mschap_v2 = 1;
-#endif /* MSCHAP_SUPPORT */
-#endif /* CHAP_SUPPORT */
-  pcb->settings.refuse_eap = 0;
+  if(authtype & PPPAUTHTYPE_EAP)
+    pcb->settings.refuse_eap = 0;
+  else
+    pcb->settings.refuse_eap = 1;
 #endif /* EAP_SUPPORT */

-/* FIXME: re-enable that */
-#if 0
-  switch(authtype) {
-    case PPPAUTHTYPE_NONE:
-    default:
-#ifdef LWIP_PPP_STRICT_PAP_REJECT
-      ppp_settings.refuse_pap = 1;
-#else  /* LWIP_PPP_STRICT_PAP_REJECT */
-      /* some providers request pap and accept an empty login/pw */
-      ppp_settings.refuse_pap = 0;
-#endif /* LWIP_PPP_STRICT_PAP_REJECT */
-      ppp_settings.refuse_chap = 1;
-      break;
-
-    case PPPAUTHTYPE_ANY:
-      /* Warning: Using PPPAUTHTYPE_ANY might have security consequences.
-       * RFC 1994 says:
-       *
-       * In practice, within or associated with each PPP server, there is a
-       * database which associates "user" names with authentication
-       * information ("secrets").  It is not anticipated that a particular
-       * named user would be authenticated by multiple methods.  This would
-       * make the user vulnerable to attacks which negotiate the least secure
-       * method from among a set (such as PAP rather than CHAP).  If the same
-       * secret was used, PAP would reveal the secret to be used later with
-       * CHAP.
-       *
-       * Instead, for each user name there should be an indication of exactly
-       * one method used to authenticate that user name.  If a user needs to
-       * make use of different authentication methods under different
-       * circumstances, then distinct user names SHOULD be employed, each of
-       * which identifies exactly one authentication method.
-       *
-       */
-      ppp_settings.refuse_pap = 0;
-      ppp_settings.refuse_chap = 0;
-      break;
-
-    case PPPAUTHTYPE_PAP:
-      ppp_settings.refuse_pap = 0;
-      ppp_settings.refuse_chap = 1;
-      break;
-
-    case PPPAUTHTYPE_CHAP:
-      ppp_settings.refuse_pap = 1;
-      ppp_settings.refuse_chap = 0;
-      break;
-  }
-#endif
-
  if(user) {
    strncpy(pcb->settings.user, user, sizeof(pcb->settings.user)-1);
    pcb->settings.user[sizeof(pcb->settings.user)-1] = '\0';
-  } else {
-	  pcb->settings.user[0] = '\0';
-  }
+  } else
+    pcb->settings.user[0] = '\0';

  if(passwd) {
    strncpy(pcb->settings.passwd, passwd, sizeof(pcb->settings.passwd)-1);
    pcb->settings.passwd[sizeof(pcb->settings.passwd)-1] = '\0';
-  } else {
+  } else
    pcb->settings.passwd[0] = '\0';
-  }
 }

 #if PPPOS_SUPPORT
--- a/src/netif/ppp/ppp.h
+++ b/src/netif/ppp/ppp.h
@ -211,6 +211,8 @@ int ppp_init(void);
 /* Create a new PPP session, returns a PPP PCB structure. */
 ppp_pcb *ppp_new(void);

+/* Set auth helper, optional, you can either fill ppp_pcb->settings. */
+
 /* Warning: Using PPPAUTHTYPE_ANY might have security consequences.
 * RFC 1994 says:
 *
@ -230,18 +232,14 @@ ppp_pcb *ppp_new(void);
 * which identifies exactly one authentication method.
 *
 */
-enum ppp_auth_type {
-#if CHAP_SUPPORT
-    PPPAUTHTYPE_CHAP,
-#endif /* CHAP_SUPPORT */
-#if PAP_SUPPORT
-    PPPAUTHTYPE_PAP,
-#endif /* PAP_SUPPORT */
-    PPPAUTHTYPE_ANY,
-    PPPAUTHTYPE_NONE
-};
+#define PPPAUTHTYPE_NONE   0x00
+#define PPPAUTHTYPE_PAP    0x01
+#define PPPAUTHTYPE_CHAP   0x02
+#define PPPAUTHTYPE_MSCHAP 0x04
+#define PPPAUTHTYPE_EAP    0x08
+#define PPPAUTHTYPE_ANY    0xff

-void ppp_set_auth(ppp_pcb *pcb, enum ppp_auth_type authtype, const char *user, const char *passwd);
+void ppp_set_auth(ppp_pcb *pcb, u8_t authtype, const char *user, const char *passwd);

 /* Link status callback function prototype */
 typedef void (*ppp_link_status_cb_fn)(void *ctx, int errcode, void *arg);