diff --git a/src/include/lwip/opt.h b/src/include/lwip/opt.h index e51f8e55..3b7222e8 100644 --- a/src/include/lwip/opt.h +++ b/src/include/lwip/opt.h @@ -1717,7 +1717,7 @@ #endif /** - * MSCHAP_SUPPORT==1: Support MSCHAP. CURRENTLY NOT SUPPORTED! DO NOT SET! + * MSCHAP_SUPPORT==1: Support MSCHAP. */ #ifndef MSCHAP_SUPPORT #define MSCHAP_SUPPORT 0 diff --git a/src/netif/ppp/auth.c b/src/netif/ppp/auth.c index 39f8aab9..af43c0d2 100644 --- a/src/netif/ppp/auth.c +++ b/src/netif/ppp/auth.c @@ -222,13 +222,13 @@ bool cryptpap = 0; /* Passwords in pap-secrets are encrypted */ //bool refuse_pap = 0; /* Don't wanna auth. ourselves with PAP */ //bool refuse_chap = 0; /* Don't wanna auth. ourselves with CHAP */ //bool refuse_eap = 0; /* Don't wanna auth. ourselves with EAP */ -#ifdef CHAPMS +#if MSCHAP_SUPPORT //bool refuse_mschap = 0; /* Don't wanna auth. ourselves with MS-CHAP */ //bool refuse_mschap_v2 = 0; /* Don't wanna auth. oif 0 /* UNUSED */urselves with MS-CHAPv2 */ -#else +#else /* MSCHAP_SUPPORT */ //bool refuse_mschap = 1; /* Don't wanna auth. ourselves with MS-CHAP */ //bool refuse_mschap_v2 = 1; /* Don't wanna auth. ourselves with MS-CHAPv2 */ -#endif +#endif /* MSCHAP_SUPPORT */ #endif /* MOVED TO ppp_settings */ #if 0 /* UNUSED */ bool usehostname = 0; /* Use hostname for our_name */ @@ -301,7 +301,7 @@ option_t auth_options[] = { "Require CHAP authentication from peer", OPT_ALIAS | OPT_PRIOSUB | OPT_A2OR | MDTYPE_MD5, &lcp_wantoptions[0].chap_mdtype }, -#ifdef CHAPMS +#if MSCHAP_SUPPORT { "require-mschap", o_bool, &auth_required, "Require MS-CHAP authentication from peer", OPT_PRIOSUB | OPT_A2OR | MDTYPE_MICROSOFT, @@ -318,7 +318,7 @@ option_t auth_options[] = { "Require MS-CHAPv2 authentication from peer", OPT_ALIAS | OPT_PRIOSUB | OPT_A2OR | MDTYPE_MICROSOFT_V2, &lcp_wantoptions[0].chap_mdtype }, -#endif +#endif /* MSCHAP_SUPPORT */ #if 0 { "refuse-pap", o_bool, &refuse_pap, "Don't agree to auth to peer with PAP", 1 }, @@ -333,7 +333,7 @@ option_t auth_options[] = { OPT_ALIAS | OPT_A2CLRB | MDTYPE_MD5, &lcp_allowoptions[0].chap_mdtype }, #endif -#ifdef CHAPMS +#if MSCHAP_SUPPORT #if 0 { "refuse-mschap", o_bool, &refuse_mschap, "Don't agree to auth to peer with MS-CHAP", @@ -352,7 +352,7 @@ option_t auth_options[] = { OPT_ALIAS | OPT_A2CLRB | MDTYPE_MICROSOFT_V2, &lcp_allowoptions[0].chap_mdtype }, #endif -#endif +#endif /* MSCHAP_SUPPORT*/ #if EAP_SUPPORT { "require-eap", o_bool, &lcp_wantoptions[0].neg_eap, "Require EAP authentication from peer", OPT_PRIOSUB | 1, @@ -973,14 +973,14 @@ auth_peer_success(unit, protocol, prot_flavor, name, namelen) case CHAP_MD5: bit |= CHAP_MD5_PEER; break; -#ifdef CHAPMS +#if MSCHAP_SUPPORT case CHAP_MICROSOFT: bit |= CHAP_MS_PEER; break; case CHAP_MICROSOFT_V2: bit |= CHAP_MS2_PEER; break; -#endif +#endif /* MSCHAP_SUPPORT */ } break; case PPP_PAP: @@ -1049,14 +1049,14 @@ auth_withpeer_success(unit, protocol, prot_flavor) case CHAP_MD5: bit |= CHAP_MD5_WITHPEER; break; -#ifdef CHAPMS +#if MSCHAP_SUPPORT case CHAP_MICROSOFT: bit |= CHAP_MS_WITHPEER; break; case CHAP_MICROSOFT_V2: bit |= CHAP_MS2_WITHPEER; break; -#endif +#endif /* MSCHAP_SUPPORT */ } break; case PPP_PAP: @@ -1381,10 +1381,12 @@ auth_reset(unit) ao->chap_mdtype = MDTYPE_NONE; if(!ppp_settings.refuse_chap) ao->chap_mdtype |= MDTYPE_MD5; +#if MSCHAP_SUPPORT if(!ppp_settings.refuse_mschap) ao->chap_mdtype |= MDTYPE_MICROSOFT; if(!ppp_settings.refuse_mschap_v2) ao->chap_mdtype |= MDTYPE_MICROSOFT_V2; +#endif /* MSCHAP_SUPPORT */ ao->neg_chap = (ao->chap_mdtype != MDTYPE_NONE); @@ -1401,8 +1403,10 @@ auth_reset(unit) printf("neg_upap: %d\n", ao->neg_upap); printf("neg_chap: %d\n", ao->neg_chap); printf("neg_chap_md5: %d\n", !!(ao->chap_mdtype&MDTYPE_MD5) ); +#if MSCHAP_SUPPORT printf("neg_chap_ms: %d\n", !!(ao->chap_mdtype&MDTYPE_MICROSOFT) ); printf("neg_chap_ms2: %d\n", !!(ao->chap_mdtype&MDTYPE_MICROSOFT_V2) ); +#endif /* MSCHAP_SUPPORT */ #if EAP_SUPPORT printf("neg_eap: %d\n", ao->neg_eap); #endif /* EAP_SUPPORT */ diff --git a/src/netif/ppp/chap-new.c b/src/netif/ppp/chap-new.c index 90d9e289..f3b612e8 100644 --- a/src/netif/ppp/chap-new.c +++ b/src/netif/ppp/chap-new.c @@ -40,7 +40,7 @@ #include "chap-new.h" #include "chap-md5.h" -#ifdef CHAPMS +#if MSCHAP_SUPPORT #include "chap_ms.h" #define MDTYPE_ALL (MDTYPE_MICROSOFT_V2 | MDTYPE_MICROSOFT | MDTYPE_MD5) #else @@ -149,7 +149,7 @@ chap_init(int unit) memset(&server, 0, sizeof(server)); chap_md5_init(); -#ifdef CHAPMS +#if MSCHAP_SUPPORT chapms_init(); #endif } diff --git a/src/netif/ppp/chap-new.h b/src/netif/ppp/chap-new.h index 48235d40..02e9b06a 100644 --- a/src/netif/ppp/chap-new.h +++ b/src/netif/ppp/chap-new.h @@ -28,6 +28,8 @@ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#include "lwip/opt.h" + /* * CHAP packets begin with a standard header with code, id, len (2 bytes). */ @@ -45,8 +47,10 @@ * CHAP digest codes. */ #define CHAP_MD5 5 +#if MSCHAP_SUPPORT #define CHAP_MICROSOFT 0x80 #define CHAP_MICROSOFT_V2 0x81 +#endif /* MSCHAP_SUPPORT */ /* * Semi-arbitrary limits on challenge and response fields. @@ -55,37 +59,57 @@ #define MAX_RESPONSE_LEN 64 /* bitmask of supported algorithms */ +#if MSCHAP_SUPPORT #define MDTYPE_MICROSOFT_V2 0x1 #define MDTYPE_MICROSOFT 0x2 +#endif /* MSCHAP_SUPPORT */ #define MDTYPE_MD5 0x4 #define MDTYPE_NONE 0 /* hashes supported by this instance of pppd */ extern int chap_mdtype_all; +#if MSCHAP_SUPPORT /* Return the digest alg. ID for the most preferred digest type. */ #define CHAP_DIGEST(mdtype) \ ((mdtype) & MDTYPE_MD5)? CHAP_MD5: \ ((mdtype) & MDTYPE_MICROSOFT_V2)? CHAP_MICROSOFT_V2: \ ((mdtype) & MDTYPE_MICROSOFT)? CHAP_MICROSOFT: \ 0 +#else /* !MSCHAP_SUPPORT */ +#define CHAP_DIGEST(mdtype) \ + ((mdtype) & MDTYPE_MD5)? CHAP_MD5: \ + 0 +#endif /* MSCHAP_SUPPORT */ /* Return the bit flag (lsb set) for our most preferred digest type. */ #define CHAP_MDTYPE(mdtype) ((mdtype) ^ ((mdtype) - 1)) & (mdtype) /* Return the bit flag for a given digest algorithm ID. */ +#if MSCHAP_SUPPORT #define CHAP_MDTYPE_D(digest) \ ((digest) == CHAP_MICROSOFT_V2)? MDTYPE_MICROSOFT_V2: \ ((digest) == CHAP_MICROSOFT)? MDTYPE_MICROSOFT: \ ((digest) == CHAP_MD5)? MDTYPE_MD5: \ 0 +#else /* !MSCHAP_SUPPORT */ +#define CHAP_MDTYPE_D(digest) \ + ((digest) == CHAP_MD5)? MDTYPE_MD5: \ + 0 +#endif /* MSCHAP_SUPPORT */ /* Can we do the requested digest? */ +#if MSCHAP_SUPPORT #define CHAP_CANDIGEST(mdtype, digest) \ ((digest) == CHAP_MICROSOFT_V2)? (mdtype) & MDTYPE_MICROSOFT_V2: \ ((digest) == CHAP_MICROSOFT)? (mdtype) & MDTYPE_MICROSOFT: \ ((digest) == CHAP_MD5)? (mdtype) & MDTYPE_MD5: \ 0 +#else /* !MSCHAP_SUPPORT */ +#define CHAP_CANDIGEST(mdtype, digest) \ + ((digest) == CHAP_MD5)? (mdtype) & MDTYPE_MD5: \ + 0 +#endif /* MSCHAP_SUPPORT */ /* * The code for each digest type has to supply one of these. diff --git a/src/netif/ppp/chap_ms.c b/src/netif/ppp/chap_ms.c index e19b2a16..f3691bd3 100644 --- a/src/netif/ppp/chap_ms.c +++ b/src/netif/ppp/chap_ms.c @@ -75,10 +75,7 @@ */ #include "lwip/opt.h" - -#define RCSID "$Id: chap_ms.c,v 1.38 2007/12/01 20:10:51 carlsonj Exp $" - -#ifdef CHAPMS +#if PPP_SUPPORT && MSCHAP_SUPPORT /* don't build if not configured for use in lwipopts.h */ #include #include @@ -97,8 +94,6 @@ #include "pppcrypt.h" #include "magic.h" -static const char rcsid[] = RCSID; - #define SHA1_SIGNATURE_SIZE 20 static void ascii2unicode __P((char[], int, u_char[])); @@ -947,4 +942,4 @@ chapms_init(void) #endif /* PPP_OPTIONS */ } -#endif /* CHAPMS */ +#endif /* PPP_SUPPORT && MSCHAP_SUPPORT */ diff --git a/src/netif/ppp/chap_ms.h b/src/netif/ppp/chap_ms.h index 040d80ad..ffff9b66 100644 --- a/src/netif/ppp/chap_ms.h +++ b/src/netif/ppp/chap_ms.h @@ -30,6 +30,9 @@ * $Id: chap_ms.h,v 1.13 2004/11/15 22:13:26 paulus Exp $ */ +#include "lwip/opt.h" +#if PPP_SUPPORT && MSCHAP_SUPPORT /* don't build if not configured for use in lwipopts.h */ + #ifndef __CHAPMS_INCLUDE__ #define MD4_SIGNATURE_SIZE 16 /* 16 bytes in a MD4 message digest */ @@ -107,3 +110,5 @@ void chapms_init(void); #define __CHAPMS_INCLUDE__ #endif /* __CHAPMS_INCLUDE__ */ + +#endif /* PPP_SUPPORT && MSCHAP_SUPPORT */ diff --git a/src/netif/ppp/lcp.c b/src/netif/ppp/lcp.c index ab922637..7dfc6a74 100644 --- a/src/netif/ppp/lcp.c +++ b/src/netif/ppp/lcp.c @@ -2177,6 +2177,7 @@ lcp_printpkt(p, plen, printer, arg) printer(arg, " MD5"); ++p; break; +#if MSCHAP_SUPPORT case CHAP_MICROSOFT: printer(arg, " MS"); ++p; @@ -2186,6 +2187,7 @@ lcp_printpkt(p, plen, printer, arg) printer(arg, " MS-v2"); ++p; break; +#endif /* MSCHAP_SUPPORT */ } } break; diff --git a/src/netif/ppp/pppd.h b/src/netif/ppp/pppd.h index 374f4319..3ac8ceb4 100644 --- a/src/netif/ppp/pppd.h +++ b/src/netif/ppp/pppd.h @@ -365,11 +365,13 @@ extern bool ms_lanman; /* Use LanMan password instead of NT */ /* Values for auth_done only */ #define CHAP_MD5_WITHPEER 0x40 #define CHAP_MD5_PEER 0x80 +#if MSCHAP_SUPPORT #define CHAP_MS_SHIFT 8 /* LSB position for MS auths */ #define CHAP_MS_WITHPEER 0x100 #define CHAP_MS_PEER 0x200 #define CHAP_MS2_WITHPEER 0x400 #define CHAP_MS2_PEER 0x800 +#endif /* MSCHAP_SUPPORT */ extern char *current_option; /* the name of the option being parsed */ extern int privileged_option; /* set iff the current option came from root */ diff --git a/src/netif/ppp/pppmy.c b/src/netif/ppp/pppmy.c index c0b20570..4efcc982 100644 --- a/src/netif/ppp/pppmy.c +++ b/src/netif/ppp/pppmy.c @@ -435,10 +435,17 @@ int ppp_init(void) { void pppSetAuth(enum pppAuthType authType, const char *user, const char *passwd) { + /* FIXME: the following may look stupid, but this is just an easy way + * to check different auth by changing compile time option + */ + ppp_settings.refuse_pap = 1; + ppp_settings.refuse_chap = 0; +#if MSCHAP_SUPPORT ppp_settings.refuse_pap = 1; ppp_settings.refuse_chap = 1; ppp_settings.refuse_mschap = 1; ppp_settings.refuse_mschap_v2 = 0; +#endif /* MSCHAP_SUPPORT */ #if EAP_SUPPORT ppp_settings.refuse_pap = 1; ppp_settings.refuse_chap = 1; diff --git a/src/netif/ppp/pppmy.h b/src/netif/ppp/pppmy.h index 042410df..f082f460 100644 --- a/src/netif/ppp/pppmy.h +++ b/src/netif/ppp/pppmy.h @@ -5,6 +5,8 @@ * Author: gradator */ +#include "lwip/opt.h" + #ifndef PPPMY_H_ #define PPPMY_H_ @@ -46,8 +48,10 @@ struct ppp_settings { u_int explicit_remote : 1; /* remote_name specified with remotename opt */ u_int refuse_pap : 1; /* Don't wanna auth. ourselves with PAP */ u_int refuse_chap : 1; /* Don't wanna auth. ourselves with CHAP */ +#if MSCHAP_SUPPORT u_int refuse_mschap : 1; /* Don't wanna auth. ourselves with MS-CHAP */ u_int refuse_mschap_v2 : 1; /* Don't wanna auth. ourselves with MS-CHAPv2 */ +#endif /* MSCHAP_SUPPORT */ #if EAP_SUPPORT u_int refuse_eap : 1; /* Don't wanna auth. ourselves with EAP */ #endif /* EAP_SUPPORT */