mirror of
https://github.com/lwip-tcpip/lwip.git
synced 2024-09-13 02:05:43 +00:00
ppp_set_auth() modified to handle new handled authtype (mschap + eap)
This commit is contained in:
parent
444646b65e
commit
a3cfbfc6ba
@ -327,108 +327,47 @@ ppp_pcb *ppp_new(void) {
|
|||||||
return pcb;
|
return pcb;
|
||||||
}
|
}
|
||||||
|
|
||||||
void ppp_set_auth(ppp_pcb *pcb, enum ppp_auth_type authtype, const char *user, const char *passwd) {
|
void ppp_set_auth(ppp_pcb *pcb, u8_t authtype, const char *user, const char *passwd) {
|
||||||
|
|
||||||
/* FIXME: the following may look stupid, but this is just an easy way
|
|
||||||
* to check different auth by changing compile time option
|
|
||||||
*/
|
|
||||||
#if PAP_SUPPORT
|
#if PAP_SUPPORT
|
||||||
pcb->settings.refuse_pap = 0;
|
if(authtype & PPPAUTHTYPE_PAP)
|
||||||
|
pcb->settings.refuse_pap = 0;
|
||||||
|
else
|
||||||
|
pcb->settings.refuse_pap = 1;
|
||||||
#endif /* PAP_SUPPORT */
|
#endif /* PAP_SUPPORT */
|
||||||
|
|
||||||
#if CHAP_SUPPORT
|
#if CHAP_SUPPORT
|
||||||
#if PAP_SUPPORT
|
if(authtype & PPPAUTHTYPE_CHAP)
|
||||||
pcb->settings.refuse_pap = 1;
|
pcb->settings.refuse_chap = 0;
|
||||||
#endif /* PAP_SUPPORT */
|
else
|
||||||
pcb->settings.refuse_chap = 0;
|
pcb->settings.refuse_chap = 1;
|
||||||
#endif /* CHAP_SUPPORT */
|
#endif /* CHAP_SUPPORT */
|
||||||
|
|
||||||
#if MSCHAP_SUPPORT
|
#if MSCHAP_SUPPORT
|
||||||
#if PAP_SUPPORT
|
if(authtype & PPPAUTHTYPE_MSCHAP)
|
||||||
pcb->settings.refuse_pap = 1;
|
pcb->settings.refuse_mschap = 0;
|
||||||
#endif /* PAP_SUPPORT */
|
else
|
||||||
pcb->settings.refuse_chap = 1;
|
pcb->settings.refuse_mschap = 1;
|
||||||
pcb->settings.refuse_mschap = 1;
|
|
||||||
pcb->settings.refuse_mschap_v2 = 0;
|
|
||||||
#endif /* MSCHAP_SUPPORT */
|
#endif /* MSCHAP_SUPPORT */
|
||||||
|
|
||||||
#if EAP_SUPPORT
|
#if EAP_SUPPORT
|
||||||
#if PAP_SUPPORT
|
if(authtype & PPPAUTHTYPE_EAP)
|
||||||
pcb->settings.refuse_pap = 1;
|
pcb->settings.refuse_eap = 0;
|
||||||
#endif/* PAP_SUPPORT */
|
else
|
||||||
#if CHAP_SUPPORT
|
pcb->settings.refuse_eap = 1;
|
||||||
pcb->settings.refuse_chap = 1;
|
|
||||||
#if MSCHAP_SUPPORT
|
|
||||||
pcb->settings.refuse_mschap = 1;
|
|
||||||
pcb->settings.refuse_mschap_v2 = 1;
|
|
||||||
#endif /* MSCHAP_SUPPORT */
|
|
||||||
#endif /* CHAP_SUPPORT */
|
|
||||||
pcb->settings.refuse_eap = 0;
|
|
||||||
#endif /* EAP_SUPPORT */
|
#endif /* EAP_SUPPORT */
|
||||||
|
|
||||||
/* FIXME: re-enable that */
|
|
||||||
#if 0
|
|
||||||
switch(authtype) {
|
|
||||||
case PPPAUTHTYPE_NONE:
|
|
||||||
default:
|
|
||||||
#ifdef LWIP_PPP_STRICT_PAP_REJECT
|
|
||||||
ppp_settings.refuse_pap = 1;
|
|
||||||
#else /* LWIP_PPP_STRICT_PAP_REJECT */
|
|
||||||
/* some providers request pap and accept an empty login/pw */
|
|
||||||
ppp_settings.refuse_pap = 0;
|
|
||||||
#endif /* LWIP_PPP_STRICT_PAP_REJECT */
|
|
||||||
ppp_settings.refuse_chap = 1;
|
|
||||||
break;
|
|
||||||
|
|
||||||
case PPPAUTHTYPE_ANY:
|
|
||||||
/* Warning: Using PPPAUTHTYPE_ANY might have security consequences.
|
|
||||||
* RFC 1994 says:
|
|
||||||
*
|
|
||||||
* In practice, within or associated with each PPP server, there is a
|
|
||||||
* database which associates "user" names with authentication
|
|
||||||
* information ("secrets"). It is not anticipated that a particular
|
|
||||||
* named user would be authenticated by multiple methods. This would
|
|
||||||
* make the user vulnerable to attacks which negotiate the least secure
|
|
||||||
* method from among a set (such as PAP rather than CHAP). If the same
|
|
||||||
* secret was used, PAP would reveal the secret to be used later with
|
|
||||||
* CHAP.
|
|
||||||
*
|
|
||||||
* Instead, for each user name there should be an indication of exactly
|
|
||||||
* one method used to authenticate that user name. If a user needs to
|
|
||||||
* make use of different authentication methods under different
|
|
||||||
* circumstances, then distinct user names SHOULD be employed, each of
|
|
||||||
* which identifies exactly one authentication method.
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
ppp_settings.refuse_pap = 0;
|
|
||||||
ppp_settings.refuse_chap = 0;
|
|
||||||
break;
|
|
||||||
|
|
||||||
case PPPAUTHTYPE_PAP:
|
|
||||||
ppp_settings.refuse_pap = 0;
|
|
||||||
ppp_settings.refuse_chap = 1;
|
|
||||||
break;
|
|
||||||
|
|
||||||
case PPPAUTHTYPE_CHAP:
|
|
||||||
ppp_settings.refuse_pap = 1;
|
|
||||||
ppp_settings.refuse_chap = 0;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
if(user) {
|
if(user) {
|
||||||
strncpy(pcb->settings.user, user, sizeof(pcb->settings.user)-1);
|
strncpy(pcb->settings.user, user, sizeof(pcb->settings.user)-1);
|
||||||
pcb->settings.user[sizeof(pcb->settings.user)-1] = '\0';
|
pcb->settings.user[sizeof(pcb->settings.user)-1] = '\0';
|
||||||
} else {
|
} else
|
||||||
pcb->settings.user[0] = '\0';
|
pcb->settings.user[0] = '\0';
|
||||||
}
|
|
||||||
|
|
||||||
if(passwd) {
|
if(passwd) {
|
||||||
strncpy(pcb->settings.passwd, passwd, sizeof(pcb->settings.passwd)-1);
|
strncpy(pcb->settings.passwd, passwd, sizeof(pcb->settings.passwd)-1);
|
||||||
pcb->settings.passwd[sizeof(pcb->settings.passwd)-1] = '\0';
|
pcb->settings.passwd[sizeof(pcb->settings.passwd)-1] = '\0';
|
||||||
} else {
|
} else
|
||||||
pcb->settings.passwd[0] = '\0';
|
pcb->settings.passwd[0] = '\0';
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#if PPPOS_SUPPORT
|
#if PPPOS_SUPPORT
|
||||||
|
@ -211,6 +211,8 @@ int ppp_init(void);
|
|||||||
/* Create a new PPP session, returns a PPP PCB structure. */
|
/* Create a new PPP session, returns a PPP PCB structure. */
|
||||||
ppp_pcb *ppp_new(void);
|
ppp_pcb *ppp_new(void);
|
||||||
|
|
||||||
|
/* Set auth helper, optional, you can either fill ppp_pcb->settings. */
|
||||||
|
|
||||||
/* Warning: Using PPPAUTHTYPE_ANY might have security consequences.
|
/* Warning: Using PPPAUTHTYPE_ANY might have security consequences.
|
||||||
* RFC 1994 says:
|
* RFC 1994 says:
|
||||||
*
|
*
|
||||||
@ -230,18 +232,14 @@ ppp_pcb *ppp_new(void);
|
|||||||
* which identifies exactly one authentication method.
|
* which identifies exactly one authentication method.
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
enum ppp_auth_type {
|
#define PPPAUTHTYPE_NONE 0x00
|
||||||
#if CHAP_SUPPORT
|
#define PPPAUTHTYPE_PAP 0x01
|
||||||
PPPAUTHTYPE_CHAP,
|
#define PPPAUTHTYPE_CHAP 0x02
|
||||||
#endif /* CHAP_SUPPORT */
|
#define PPPAUTHTYPE_MSCHAP 0x04
|
||||||
#if PAP_SUPPORT
|
#define PPPAUTHTYPE_EAP 0x08
|
||||||
PPPAUTHTYPE_PAP,
|
#define PPPAUTHTYPE_ANY 0xff
|
||||||
#endif /* PAP_SUPPORT */
|
|
||||||
PPPAUTHTYPE_ANY,
|
|
||||||
PPPAUTHTYPE_NONE
|
|
||||||
};
|
|
||||||
|
|
||||||
void ppp_set_auth(ppp_pcb *pcb, enum ppp_auth_type authtype, const char *user, const char *passwd);
|
void ppp_set_auth(ppp_pcb *pcb, u8_t authtype, const char *user, const char *passwd);
|
||||||
|
|
||||||
/* Link status callback function prototype */
|
/* Link status callback function prototype */
|
||||||
typedef void (*ppp_link_status_cb_fn)(void *ctx, int errcode, void *arg);
|
typedef void (*ppp_link_status_cb_fn)(void *ctx, int errcode, void *arg);
|
||||||
|
Loading…
Reference in New Issue
Block a user