diff --git a/src/netif/ppp/auth.c b/src/netif/ppp/auth.c index 39950350..5ec3f75d 100644 --- a/src/netif/ppp/auth.c +++ b/src/netif/ppp/auth.c @@ -1292,21 +1292,42 @@ void auth_reset(unit) int unit; { - lcp_options *go = &lcp_gotoptions[unit]; - lcp_options *ao = &lcp_allowoptions[unit]; - int hadchap; - hadchap = -1; + lcp_options *go = &lcp_gotoptions[unit]; + lcp_options *ao = &lcp_allowoptions[unit]; + + if( ppp_settings.passwd[0] ) { + + ao->neg_upap = !ppp_settings.refuse_pap; + + ao->neg_eap = !ppp_settings.refuse_eap; + + ao->chap_mdtype = MDTYPE_NONE; + if(!ppp_settings.refuse_chap) + ao->chap_mdtype |= MDTYPE_MD5; + if(!ppp_settings.refuse_mschap) + ao->chap_mdtype |= MDTYPE_MICROSOFT; + if(!ppp_settings.refuse_mschap_v2) + ao->chap_mdtype |= MDTYPE_MICROSOFT_V2; + + ao->neg_chap = (ao->chap_mdtype != MDTYPE_NONE); + + } else { + ao->neg_upap = 0; + ao->neg_chap = 0; + ao->neg_eap = 0; + ao->chap_mdtype = MDTYPE_NONE; + } + + + printf("neg_upap: %d\n", ao->neg_upap); + printf("neg_chap: %d\n", ao->neg_chap); + printf("neg_chap_md5: %d\n", !!(ao->chap_mdtype&MDTYPE_MD5) ); + printf("neg_chap_ms: %d\n", !!(ao->chap_mdtype&MDTYPE_MICROSOFT) ); + printf("neg_chap_ms2: %d\n", !!(ao->chap_mdtype&MDTYPE_MICROSOFT_V2) ); + printf("neg_eap: %d\n", ao->neg_eap); //ao->neg_upap = !ppp_settings.refuse_pap && (ppp_settings.passwd[0] != 0 || get_pap_passwd(NULL)); - ao->neg_upap = !ppp_settings.refuse_pap && ppp_settings.passwd[0] != 0; - - ao->neg_chap = (!ppp_settings.refuse_chap || !ppp_settings.refuse_mschap || !ppp_settings.refuse_mschap_v2) && ppp_settings.passwd[0]; - - ao->neg_eap = !ppp_settings.refuse_eap && ppp_settings.passwd[0] != 0; - - return; - /* ao->neg_chap = (!ppp_settings.refuse_chap || !refuse_mschap || !refuse_mschap_v2) && (passwd[0] != 0 || @@ -1319,15 +1340,26 @@ auth_reset(unit) (explicit_remote? remote_name: NULL), 0, NULL))) || have_srp_secret(ppp_settings.user, (explicit_remote? remote_name: NULL), 0, NULL)); */ + go->neg_upap = 0; + go->neg_chap = 0; + go->neg_eap = 0; + go->chap_mdtype = MDTYPE_NONE; + return; + /* FIXME: find what the below stuff do */ + int hadchap; + hadchap = -1; + hadchap = -1; if (go->neg_upap && !uselogin && !have_pap_secret(NULL)) go->neg_upap = 0; + if (go->neg_chap) { if (!(hadchap = have_chap_secret((explicit_remote? remote_name: NULL), our_name, 1, NULL))) go->neg_chap = 0; } + if (go->neg_eap && (hadchap == 0 || (hadchap == -1 && !have_chap_secret((explicit_remote? remote_name: NULL), our_name, @@ -1728,6 +1760,8 @@ get_secret(unit, client, server, secret, secret_len, am_server) *secret_len = len; return 1; + +/* FIXME: clean that */ #if 0 // strlcpy(rname, ppp_settings.user, sizeof(rname)); diff --git a/src/netif/ppp/chap-new.c b/src/netif/ppp/chap-new.c index 5fe183f8..7d773537 100644 --- a/src/netif/ppp/chap-new.c +++ b/src/netif/ppp/chap-new.c @@ -456,14 +456,8 @@ chap_respond(struct chap_client_state *cs, int id, slprintf(rname, sizeof(rname), "%.*v", nlen, pkt + clen + 1); /* Microsoft doesn't send their name back in the PPP packet */ - if (ppp_settings.remote_name[0] != 0 && (ppp_settings.explicit_remote || rname[0] == 0)) { - strncpy(rname, ppp_settings.remote_name, sizeof(rname)); - rname[sizeof(rname) - 1] = 0; - } - -// /* Microsoft doesn't send their name back in the PPP packet */ -// if (explicit_remote || (remote_name[0] != 0 && rname[0] == 0)) -// strlcpy(rname, remote_name, sizeof(rname)); + if (explicit_remote || (remote_name[0] != 0 && rname[0] == 0)) + strlcpy(rname, remote_name, sizeof(rname)); /* get secret for authenticating ourselves with the specified host */ if (!get_secret(0, cs->name, rname, secret, &secret_len, 0)) { diff --git a/src/netif/ppp/chap_ms.c b/src/netif/ppp/chap_ms.c index 9efa2066..188e721b 100644 --- a/src/netif/ppp/chap_ms.c +++ b/src/netif/ppp/chap_ms.c @@ -512,24 +512,11 @@ ascii2unicode(char ascii[], int ascii_len, u_char unicode[]) static void NTPasswordHash(u_char *secret, int secret_len, u_char hash[MD4_SIGNATURE_SIZE]) { -#ifdef __NetBSD__ - /* NetBSD uses the libc md4 routines which take bytes instead of bits */ - int mdlen = secret_len; -#else - int mdlen = secret_len * 8; -#endif md4_context md4Context; md4_starts(&md4Context); - /* MD4Update can take at most 64 bytes at a time */ - while (mdlen > 512) { - md4_update(&md4Context, secret, 512); - secret += 64; - mdlen -= 512; - } - md4_update(&md4Context, secret, mdlen); + md4_update(&md4Context, secret, secret_len); md4_finish(&md4Context, hash); - } static void diff --git a/src/netif/ppp/pppmy.c b/src/netif/ppp/pppmy.c index 8085741b..3352b2ba 100644 --- a/src/netif/ppp/pppmy.c +++ b/src/netif/ppp/pppmy.c @@ -435,6 +435,14 @@ int ppp_init(void) { void pppSetAuth(enum pppAuthType authType, const char *user, const char *passwd) { + ppp_settings.refuse_pap = 1; + ppp_settings.refuse_chap = 1; + ppp_settings.refuse_mschap = 1; + ppp_settings.refuse_mschap_v2 = 0; + ppp_settings.refuse_eap = 1; + +/* FIXME: re-enable that */ +#if 0 switch(authType) { case PPPAUTHTYPE_NONE: default: @@ -481,6 +489,7 @@ pppSetAuth(enum pppAuthType authType, const char *user, const char *passwd) ppp_settings.refuse_chap = 0; break; } +#endif if(user) { strncpy(ppp_settings.user, user, sizeof(ppp_settings.user)-1); diff --git a/src/netif/ppp/pppmy.h b/src/netif/ppp/pppmy.h index e79f43fa..07099ecd 100644 --- a/src/netif/ppp/pppmy.h +++ b/src/netif/ppp/pppmy.h @@ -58,7 +58,8 @@ struct ppp_settings { char user [MAXNAMELEN + 1]; /* Username for PAP */ char passwd [MAXSECRETLEN + 1]; /* Password for PAP, secret for CHAP */ char our_name [MAXNAMELEN + 1]; /* Our name for authentication purposes */ - char remote_name[MAXNAMELEN + 1]; /* Peer's name for authentication */ + // FIXME: re-enable that + // char remote_name[MAXNAMELEN + 1]; /* Peer's name for authentication */ }; struct ppp_settings ppp_settings;