diff --git a/src/netif/ppp/ppp.c b/src/netif/ppp/ppp.c index 6b5ea415..21129137 100644 --- a/src/netif/ppp/ppp.c +++ b/src/netif/ppp/ppp.c @@ -327,108 +327,47 @@ ppp_pcb *ppp_new(void) { return pcb; } -void ppp_set_auth(ppp_pcb *pcb, enum ppp_auth_type authtype, const char *user, const char *passwd) { +void ppp_set_auth(ppp_pcb *pcb, u8_t authtype, const char *user, const char *passwd) { - /* FIXME: the following may look stupid, but this is just an easy way - * to check different auth by changing compile time option - */ #if PAP_SUPPORT - pcb->settings.refuse_pap = 0; + if(authtype & PPPAUTHTYPE_PAP) + pcb->settings.refuse_pap = 0; + else + pcb->settings.refuse_pap = 1; #endif /* PAP_SUPPORT */ #if CHAP_SUPPORT -#if PAP_SUPPORT - pcb->settings.refuse_pap = 1; -#endif /* PAP_SUPPORT */ - pcb->settings.refuse_chap = 0; + if(authtype & PPPAUTHTYPE_CHAP) + pcb->settings.refuse_chap = 0; + else + pcb->settings.refuse_chap = 1; #endif /* CHAP_SUPPORT */ #if MSCHAP_SUPPORT -#if PAP_SUPPORT - pcb->settings.refuse_pap = 1; -#endif /* PAP_SUPPORT */ - pcb->settings.refuse_chap = 1; - pcb->settings.refuse_mschap = 1; - pcb->settings.refuse_mschap_v2 = 0; + if(authtype & PPPAUTHTYPE_MSCHAP) + pcb->settings.refuse_mschap = 0; + else + pcb->settings.refuse_mschap = 1; #endif /* MSCHAP_SUPPORT */ #if EAP_SUPPORT -#if PAP_SUPPORT - pcb->settings.refuse_pap = 1; -#endif/* PAP_SUPPORT */ -#if CHAP_SUPPORT - pcb->settings.refuse_chap = 1; -#if MSCHAP_SUPPORT - pcb->settings.refuse_mschap = 1; - pcb->settings.refuse_mschap_v2 = 1; -#endif /* MSCHAP_SUPPORT */ -#endif /* CHAP_SUPPORT */ - pcb->settings.refuse_eap = 0; + if(authtype & PPPAUTHTYPE_EAP) + pcb->settings.refuse_eap = 0; + else + pcb->settings.refuse_eap = 1; #endif /* EAP_SUPPORT */ -/* FIXME: re-enable that */ -#if 0 - switch(authtype) { - case PPPAUTHTYPE_NONE: - default: -#ifdef LWIP_PPP_STRICT_PAP_REJECT - ppp_settings.refuse_pap = 1; -#else /* LWIP_PPP_STRICT_PAP_REJECT */ - /* some providers request pap and accept an empty login/pw */ - ppp_settings.refuse_pap = 0; -#endif /* LWIP_PPP_STRICT_PAP_REJECT */ - ppp_settings.refuse_chap = 1; - break; - - case PPPAUTHTYPE_ANY: - /* Warning: Using PPPAUTHTYPE_ANY might have security consequences. - * RFC 1994 says: - * - * In practice, within or associated with each PPP server, there is a - * database which associates "user" names with authentication - * information ("secrets"). It is not anticipated that a particular - * named user would be authenticated by multiple methods. This would - * make the user vulnerable to attacks which negotiate the least secure - * method from among a set (such as PAP rather than CHAP). If the same - * secret was used, PAP would reveal the secret to be used later with - * CHAP. - * - * Instead, for each user name there should be an indication of exactly - * one method used to authenticate that user name. If a user needs to - * make use of different authentication methods under different - * circumstances, then distinct user names SHOULD be employed, each of - * which identifies exactly one authentication method. - * - */ - ppp_settings.refuse_pap = 0; - ppp_settings.refuse_chap = 0; - break; - - case PPPAUTHTYPE_PAP: - ppp_settings.refuse_pap = 0; - ppp_settings.refuse_chap = 1; - break; - - case PPPAUTHTYPE_CHAP: - ppp_settings.refuse_pap = 1; - ppp_settings.refuse_chap = 0; - break; - } -#endif - if(user) { strncpy(pcb->settings.user, user, sizeof(pcb->settings.user)-1); pcb->settings.user[sizeof(pcb->settings.user)-1] = '\0'; - } else { - pcb->settings.user[0] = '\0'; - } + } else + pcb->settings.user[0] = '\0'; if(passwd) { strncpy(pcb->settings.passwd, passwd, sizeof(pcb->settings.passwd)-1); pcb->settings.passwd[sizeof(pcb->settings.passwd)-1] = '\0'; - } else { + } else pcb->settings.passwd[0] = '\0'; - } } #if PPPOS_SUPPORT diff --git a/src/netif/ppp/ppp.h b/src/netif/ppp/ppp.h index 2ecef6a8..53264232 100644 --- a/src/netif/ppp/ppp.h +++ b/src/netif/ppp/ppp.h @@ -211,6 +211,8 @@ int ppp_init(void); /* Create a new PPP session, returns a PPP PCB structure. */ ppp_pcb *ppp_new(void); +/* Set auth helper, optional, you can either fill ppp_pcb->settings. */ + /* Warning: Using PPPAUTHTYPE_ANY might have security consequences. * RFC 1994 says: * @@ -230,18 +232,14 @@ ppp_pcb *ppp_new(void); * which identifies exactly one authentication method. * */ -enum ppp_auth_type { -#if CHAP_SUPPORT - PPPAUTHTYPE_CHAP, -#endif /* CHAP_SUPPORT */ -#if PAP_SUPPORT - PPPAUTHTYPE_PAP, -#endif /* PAP_SUPPORT */ - PPPAUTHTYPE_ANY, - PPPAUTHTYPE_NONE -}; +#define PPPAUTHTYPE_NONE 0x00 +#define PPPAUTHTYPE_PAP 0x01 +#define PPPAUTHTYPE_CHAP 0x02 +#define PPPAUTHTYPE_MSCHAP 0x04 +#define PPPAUTHTYPE_EAP 0x08 +#define PPPAUTHTYPE_ANY 0xff -void ppp_set_auth(ppp_pcb *pcb, enum ppp_auth_type authtype, const char *user, const char *passwd); +void ppp_set_auth(ppp_pcb *pcb, u8_t authtype, const char *user, const char *passwd); /* Link status callback function prototype */ typedef void (*ppp_link_status_cb_fn)(void *ctx, int errcode, void *arg);