From 339925e8358828fe412188d1dc351e59c9e35fe9 Mon Sep 17 00:00:00 2001 From: Sylvain Rochet Date: Thu, 24 May 2012 00:52:20 +0200 Subject: [PATCH] CHAP support is now an optional compile-time feature --- src/netif/ppp/auth.c | 60 +++++++++++++++++--- src/netif/ppp/chap-md5.c | 5 +- src/netif/ppp/chap-md5.h | 5 ++ src/netif/ppp/chap-new.c | 4 ++ src/netif/ppp/chap-new.h | 3 + src/netif/ppp/lcp.c | 116 ++++++++++++++++++++++++++++++++------- src/netif/ppp/lcp.h | 4 ++ src/netif/ppp/ppp.c | 14 ++++- src/netif/ppp/pppmy.c | 10 ++++ src/netif/ppp/pppmy.h | 6 +- 10 files changed, 193 insertions(+), 34 deletions(-) diff --git a/src/netif/ppp/auth.c b/src/netif/ppp/auth.c index af43c0d2..dcc075d6 100644 --- a/src/netif/ppp/auth.c +++ b/src/netif/ppp/auth.c @@ -108,7 +108,9 @@ #include "ecp.h" #include "ipcp.h" #include "upap.h" +#if CHAP_SUPPORT #include "chap-new.h" +#endif /* CHAP_SUPPORT */ #if EAP_SUPPORT #include "eap.h" #endif /* EAP_SUPPORT */ @@ -763,7 +765,10 @@ link_established(unit) set_allowed_addrs(unit, NULL, NULL); #endif /* PPP_ALLOWED_ADDRS */ - if (auth_required && !(go->neg_upap || go->neg_chap + if (auth_required && !(go->neg_upap +#if CHAP_SUPPORT + || go->neg_chap +#endif /* CHAP_SUPPORT */ #if EAP_SUPPORT || go->neg_eap #endif /* EAP_SUPPORT */ @@ -798,10 +803,13 @@ link_established(unit) auth |= EAP_PEER; } else #endif /* EAP_SUPPORT */ +#if CHAP_SUPPORT if (go->neg_chap) { chap_auth_peer(unit, our_name, CHAP_DIGEST(go->chap_mdtype)); auth |= CHAP_PEER; - } else if (go->neg_upap) { + } else +#endif /* CHAP_SUPPORT */ + if (go->neg_upap) { upap_authpeer(unit); auth |= PAP_PEER; } @@ -811,10 +819,13 @@ link_established(unit) auth |= EAP_WITHPEER; } else #endif /* EAP_SUPPORT */ +#if CHAP_SUPPORT if (ho->neg_chap) { chap_auth_with_peer(unit, ppp_settings.user, CHAP_DIGEST(ho->chap_mdtype)); auth |= CHAP_WITHPEER; - } else if (ho->neg_upap) { + } else +#endif /* CHAP_SUPPORT */ + if (ho->neg_upap) { upap_authwithpeer(unit, ppp_settings.user, ppp_settings.passwd); auth |= PAP_WITHPEER; } @@ -844,7 +855,11 @@ network_phase(unit) /* * If the peer had to authenticate, run the auth-up script now. */ - if (go->neg_chap || go->neg_upap + if (0 +#if CHAP_SUPPORT + || go->neg_chap +#endif /* CHAP_SUPPORT */ + || go->neg_upap #if EAP_SUPPORT || go->neg_eap #endif /* EAP_SUPPORT */ @@ -967,6 +982,7 @@ auth_peer_success(unit, protocol, prot_flavor, name, namelen) int bit; switch (protocol) { +#if CHAP_SUPPORT case PPP_CHAP: bit = CHAP_PEER; switch (prot_flavor) { @@ -983,6 +999,7 @@ auth_peer_success(unit, protocol, prot_flavor, name, namelen) #endif /* MSCHAP_SUPPORT */ } break; +#endif /* CHAP_SUPPORT */ case PPP_PAP: bit = PAP_PEER; break; @@ -1042,6 +1059,7 @@ auth_withpeer_success(unit, protocol, prot_flavor) const char *prot = ""; switch (protocol) { +#if CHAP_SUPPORT case PPP_CHAP: bit = CHAP_WITHPEER; prot = "CHAP"; @@ -1059,6 +1077,7 @@ auth_withpeer_success(unit, protocol, prot_flavor) #endif /* MSCHAP_SUPPORT */ } break; +#endif /* CHAP_SUPPORT */ case PPP_PAP: bit = PAP_WITHPEER; prot = "PAP"; @@ -1274,28 +1293,38 @@ auth_check_options() default_auth = 1; } +#if CHAP_SUPPORT /* If we selected any CHAP flavors, we should probably negotiate it. :-) */ if (wo->chap_mdtype) wo->neg_chap = 1; +#endif /* CHAP_SUPPORT */ /* If authentication is required, ask peer for CHAP, PAP, or EAP. */ if (auth_required) { allow_any_ip = 0; - if (!wo->neg_chap && !wo->neg_upap + if (1 +#if CHAP_SUPPORT + && !wo->neg_chap +#endif /* CHAP_SUPPORT */ + && !wo->neg_upap #if EAP_SUPPORT && !wo->neg_eap #endif /* EAP_SUPPORT */ ) { +#if CHAP_SUPPORT wo->neg_chap = chap_mdtype_all != MDTYPE_NONE; wo->chap_mdtype = chap_mdtype_all; +#endif /* CHAP_SUPPORT */ wo->neg_upap = 1; #if EAP_SUPPORT wo->neg_eap = 1; #endif /* EAP_SUPPORT */ } } else { +#if CHAP_SUPPORT wo->neg_chap = 0; wo->chap_mdtype = MDTYPE_NONE; +#endif /* CHAP_SUPPORT */ wo->neg_upap = 0; #if EAP_SUPPORT wo->neg_eap = 0; @@ -1309,13 +1338,20 @@ auth_check_options() */ lacks_ip = 0; can_auth = wo->neg_upap && (uselogin || have_pap_secret(&lacks_ip)); - if (!can_auth && (wo->neg_chap + if (!can_auth && (0 +#if CHAP_SUPPORT + || wo->neg_chap +#endif /* CHAP_SUPPORT */ #if EAP_SUPPORT || wo->neg_eap #endif /* EAP_SUPPORT */ )) { +#if CHAP_SUPPORT can_auth = have_chap_secret((explicit_remote? remote_name: NULL), our_name, 1, &lacks_ip); +#else + can_auth = 0; +#endif } if (!can_auth #if EAP_SUPPORT @@ -1378,6 +1414,7 @@ auth_reset(unit) ao->neg_eap = !ppp_settings.refuse_eap; #endif /* EAP_SUPPORT */ +#if CHAP_SUPPORT ao->chap_mdtype = MDTYPE_NONE; if(!ppp_settings.refuse_chap) ao->chap_mdtype |= MDTYPE_MD5; @@ -1389,24 +1426,29 @@ auth_reset(unit) #endif /* MSCHAP_SUPPORT */ ao->neg_chap = (ao->chap_mdtype != MDTYPE_NONE); +#endif /* CHAP_SUPPORT */ } else { ao->neg_upap = 0; +#if CHAP_SUPPORT ao->neg_chap = 0; + ao->chap_mdtype = MDTYPE_NONE; +#endif /* CHAP_SUPPORT */ #if EAP_SUPPORT ao->neg_eap = 0; #endif /* EAP_SUPPORT */ - ao->chap_mdtype = MDTYPE_NONE; } printf("neg_upap: %d\n", ao->neg_upap); +#if CHAP_SUPPORT printf("neg_chap: %d\n", ao->neg_chap); printf("neg_chap_md5: %d\n", !!(ao->chap_mdtype&MDTYPE_MD5) ); #if MSCHAP_SUPPORT printf("neg_chap_ms: %d\n", !!(ao->chap_mdtype&MDTYPE_MICROSOFT) ); printf("neg_chap_ms2: %d\n", !!(ao->chap_mdtype&MDTYPE_MICROSOFT_V2) ); #endif /* MSCHAP_SUPPORT */ +#endif /* CHAP_SUPPORT */ #if EAP_SUPPORT printf("neg_eap: %d\n", ao->neg_eap); #endif /* EAP_SUPPORT */ @@ -1428,11 +1470,13 @@ auth_reset(unit) #endif /* OLD CODE */ go->neg_upap = 0; +#if CHAP_SUPPORT go->neg_chap = 0; + go->chap_mdtype = MDTYPE_NONE; +#endif /* CHAP_SUPPORT */ #if EAP_SUPPORT go->neg_eap = 0; #endif /* EAP_SUPPORT */ - go->chap_mdtype = MDTYPE_NONE; return; #if 0 /* FIXME: find what the below stuff do */ diff --git a/src/netif/ppp/chap-md5.c b/src/netif/ppp/chap-md5.c index dec34cfd..19756937 100644 --- a/src/netif/ppp/chap-md5.c +++ b/src/netif/ppp/chap-md5.c @@ -29,8 +29,7 @@ */ #include "lwip/opt.h" - -#define RCSID "$Id: chap-md5.c,v 1.4 2004/11/09 22:39:25 paulus Exp $" +#if PPP_SUPPORT && CHAP_SUPPORT /* don't build if not configured for use in lwipopts.h */ #include #include @@ -117,3 +116,5 @@ chap_md5_init(void) { chap_register_digest(&md5_digest); } + +#endif /* PPP_SUPPORT && CHAP_SUPPORT */ diff --git a/src/netif/ppp/chap-md5.h b/src/netif/ppp/chap-md5.h index 30d06588..cb6c56e3 100644 --- a/src/netif/ppp/chap-md5.h +++ b/src/netif/ppp/chap-md5.h @@ -28,4 +28,9 @@ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#include "lwip/opt.h" +#if PPP_SUPPORT && CHAP_SUPPORT /* don't build if not configured for use in lwipopts.h */ + extern void chap_md5_init(void); + +#endif /* PPP_SUPPORT && CHAP_SUPPORT */ diff --git a/src/netif/ppp/chap-new.c b/src/netif/ppp/chap-new.c index f3b612e8..34a45898 100644 --- a/src/netif/ppp/chap-new.c +++ b/src/netif/ppp/chap-new.c @@ -29,6 +29,8 @@ */ #include "lwip/opt.h" +#if PPP_SUPPORT && CHAP_SUPPORT /* don't build if not configured for use in lwipopts.h */ + #include "pppmy.h" #define RCSID "$Id: chap-new.c,v 1.9 2007/06/19 02:08:35 carlsonj Exp $" @@ -670,3 +672,5 @@ struct protent chap_protent = { NULL, NULL }; + +#endif /* PPP_SUPPORT && CHAP_SUPPORT */ diff --git a/src/netif/ppp/chap-new.h b/src/netif/ppp/chap-new.h index 02e9b06a..bb21fe22 100644 --- a/src/netif/ppp/chap-new.h +++ b/src/netif/ppp/chap-new.h @@ -29,6 +29,7 @@ */ #include "lwip/opt.h" +#if PPP_SUPPORT && CHAP_SUPPORT /* don't build if not configured for use in lwipopts.h */ /* * CHAP packets begin with a standard header with code, id, len (2 bytes). @@ -152,3 +153,5 @@ extern void chap_auth_with_peer(int unit, char *our_name, int digest_code); /* Represents the CHAP protocol to the main pppd code */ extern struct protent chap_protent; + +#endif /* PPP_SUPPORT && CHAP_SUPPORT */ diff --git a/src/netif/ppp/lcp.c b/src/netif/ppp/lcp.c index 7dfc6a74..d5722ece 100644 --- a/src/netif/ppp/lcp.c +++ b/src/netif/ppp/lcp.c @@ -42,8 +42,6 @@ #include "lwip/opt.h" -#define RCSID "$Id: lcp.c,v 1.76 2006/05/22 00:04:07 paulus Exp $" - /* * TODO: */ @@ -56,11 +54,11 @@ #include "pppmy.h" #include "fsm.h" #include "lcp.h" +#if CHAP_SUPPORT #include "chap-new.h" +#endif /* CHAP_SUPPORT */ #include "magic.h" -static const char rcsid[] = RCSID; - /* * When the link comes up we want to be able to wait for a short while, * or until seeing some input from the peer, before starting to send @@ -299,7 +297,9 @@ int lcp_loopbackfail = DEFLOOPBACKFAIL; #define CILEN_VOID 2 #define CILEN_CHAR 3 #define CILEN_SHORT 4 /* CILEN_VOID + 2 */ +#if CHAP_SUPPORT #define CILEN_CHAP 5 /* CILEN_VOID + 2 + 1 */ +#endif /* CHAP_SUPPORT */ #define CILEN_LONG 6 /* CILEN_VOID + 4 */ #define CILEN_LQR 8 /* CILEN_VOID + 2 + 4 */ #define CILEN_CBCP 3 @@ -372,8 +372,10 @@ lcp_init(unit) ao->neg_mru = 1; ao->mru = MAXMRU; ao->neg_asyncmap = 1; +#if CHAP_SUPPORT ao->neg_chap = 1; ao->chap_mdtype = chap_mdtype_all; +#endif /* CHAP_SUPPORT */ ao->neg_upap = 1; #if EAP_SUPPORT ao->neg_eap = 1; @@ -690,7 +692,9 @@ lcp_cilen(f) lcp_options *go = &lcp_gotoptions[f->unit]; #define LENCIVOID(neg) ((neg) ? CILEN_VOID : 0) +#if CHAP_SUPPORT #define LENCICHAP(neg) ((neg) ? CILEN_CHAP : 0) +#endif /* CHAP_SUPPORT */ #define LENCISHORT(neg) ((neg) ? CILEN_SHORT : 0) #define LENCILONG(neg) ((neg) ? CILEN_LONG : 0) #define LENCILQR(neg) ((neg) ? CILEN_LQR: 0) @@ -705,16 +709,21 @@ lcp_cilen(f) #if EAP_SUPPORT LENCISHORT(go->neg_eap) + #endif /* EAP_SUPPORT */ +#if CHAP_SUPPORT LENCICHAP( #if EAP_SUPPORT !go->neg_eap && #endif /* EAP_SUPPORT */ go->neg_chap) + +#endif /* CHAP_SUPPORT */ LENCISHORT( #if EAP_SUPPORT !go->neg_eap && #endif /* EAP_SUPPORT */ - !go->neg_chap && go->neg_upap) + +#if CHAP_SUPPORT + !go->neg_chap && +#endif /* CHAP_SUPPORT */ + go->neg_upap) + LENCILQR(go->neg_lqr) + LENCICBCP(go->neg_cbcp) + LENCILONG(go->neg_magicnumber) + @@ -749,6 +758,7 @@ lcp_addci(f, ucp, lenp) PUTCHAR(CILEN_SHORT, ucp); \ PUTSHORT(val, ucp); \ } +#if CHAP_SUPPORT #define ADDCICHAP(opt, neg, val) \ if (neg) { \ PUTCHAR((opt), ucp); \ @@ -756,6 +766,7 @@ lcp_addci(f, ucp, lenp) PUTSHORT(PPP_CHAP, ucp); \ PUTCHAR((CHAP_DIGEST(val)), ucp); \ } +#endif /* CHAP_SUPPORT */ #define ADDCILONG(opt, neg, val) \ if (neg) { \ PUTCHAR(opt, ucp); \ @@ -791,16 +802,21 @@ lcp_addci(f, ucp, lenp) #if EAP_SUPPORT ADDCISHORT(CI_AUTHTYPE, go->neg_eap, PPP_EAP); #endif /* EAP_SUPPORT */ +#if CHAP_SUPPORT ADDCICHAP(CI_AUTHTYPE, #if EAP_SUPPORT !go->neg_eap && #endif /* EAP_SUPPORT */ go->neg_chap, go->chap_mdtype); +#endif /* CHAP_SUPPORT */ ADDCISHORT(CI_AUTHTYPE, #if EAP_SUPPORT !go->neg_eap && #endif /* EAP_SUPPORT */ - !go->neg_chap && go->neg_upap, PPP_PAP); +#if CHAP_SUPPORT + !go->neg_chap && +#endif /* CHAP_SUPPORT */ + go->neg_upap, PPP_PAP); ADDCILQR(CI_QUALITY, go->neg_lqr, go->lqr_period); ADDCICHAR(CI_CALLBACK, go->neg_cbcp, CBCP_OPT); ADDCILONG(CI_MAGICNUMBER, go->neg_magicnumber, go->magicnumber); @@ -878,6 +894,7 @@ lcp_ackci(f, p, len) if (cichar != val) \ goto bad; \ } +#if CHAP_SUPPORT #define ACKCICHAP(opt, neg, val) \ if (neg) { \ if ((len -= CILEN_CHAP) < 0) \ @@ -894,6 +911,7 @@ lcp_ackci(f, p, len) if (cichar != (CHAP_DIGEST(val))) \ goto bad; \ } +#endif /* CHAP_SUPPORT */ #define ACKCILONG(opt, neg, val) \ if (neg) { \ if ((len -= CILEN_LONG) < 0) \ @@ -949,16 +967,21 @@ lcp_ackci(f, p, len) #if EAP_SUPPORT ACKCISHORT(CI_AUTHTYPE, go->neg_eap, PPP_EAP); #endif /* EAP_SUPPORT */ +#if CHAP_SUPPORT ACKCICHAP(CI_AUTHTYPE, #if EAP_SUPPORT !go->neg_eap && #endif /* EAP_SUPPORT */ go->neg_chap, go->chap_mdtype); +#endif /* CHAP_SUPPORT */ ACKCISHORT(CI_AUTHTYPE, #if EAP_SUPPORT !go->neg_eap && #endif /* EAP_SUPPORT */ - !go->neg_chap && go->neg_upap, PPP_PAP); +#if CHAP_SUPPORT + !go->neg_chap && +#endif /* CHAP_SUPPORT */ + go->neg_upap, PPP_PAP); ACKCILQR(CI_QUALITY, go->neg_lqr, go->lqr_period); ACKCICHAR(CI_CALLBACK, go->neg_cbcp, CBCP_OPT); ACKCILONG(CI_MAGICNUMBER, go->neg_magicnumber, go->magicnumber); @@ -1025,6 +1048,7 @@ lcp_nakci(f, p, len, treat_as_reject) no.neg = 1; \ try.neg = 0; \ } +#if CHAP_SUPPORT #define NAKCICHAP(opt, neg, code) \ if (go->neg && \ len >= CILEN_CHAP && \ @@ -1037,6 +1061,7 @@ lcp_nakci(f, p, len, treat_as_reject) no.neg = 1; \ code \ } +#endif /* CHAP_SUPPORT */ #define NAKCICHAR(opt, neg, code) \ if (go->neg && \ len >= CILEN_CHAR && \ @@ -1126,7 +1151,11 @@ lcp_nakci(f, p, len, treat_as_reject) * they are proposing a different protocol, or a different * hash algorithm for CHAP. */ - if ((go->neg_chap || go->neg_upap + if ((0 +#if CHAP_SUPPORT + || go->neg_chap +#endif /* CHAP_SUPPORT */ + || go->neg_upap #if EAP_SUPPORT || go->neg_eap #endif /* EAP_SUPPORT */ @@ -1135,7 +1164,9 @@ lcp_nakci(f, p, len, treat_as_reject) && p[0] == CI_AUTHTYPE && p[1] >= CILEN_SHORT && p[1] <= len) { cilen = p[1]; len -= cilen; +#if CHAP_SUPPORT no.neg_chap = go->neg_chap; +#endif /* CHAP_SUPPORT */ no.neg_upap = go->neg_upap; #if EAP_SUPPORT no.neg_eap = go->neg_eap; @@ -1150,17 +1181,21 @@ lcp_nakci(f, p, len, treat_as_reject) else #endif /* EAP_SUPPORT */ +#if CHAP_SUPPORT /* If we were asking for CHAP, then we need to stop that. */ if (go->neg_chap) try.neg_chap = 0; + else +#endif /* CHAP_SUPPORT */ + /* * If we weren't asking for CHAP or EAP, then we were asking for * PAP, in which case this Nak is bad. */ - else goto bad; - - } else if (cishort == PPP_CHAP && cilen == CILEN_CHAP) { + } +#if CHAP_SUPPORT + else if (cishort == PPP_CHAP && cilen == CILEN_CHAP) { GETCHAR(cichar, p); #if EAP_SUPPORT /* Stop asking for EAP, if we were. */ @@ -1200,7 +1235,9 @@ lcp_nakci(f, p, len, treat_as_reject) try.neg_upap = 0; } - } else { + } +#endif /* CHAP_SUPPORT */ + else { #if EAP_SUPPORT /* @@ -1218,9 +1255,12 @@ lcp_nakci(f, p, len, treat_as_reject) try.neg_eap = 0; else #endif /* EAP_SUPPORT */ + +#if CHAP_SUPPORT if (go->neg_chap) try.neg_chap = 0; else +#endif /* CHAP_SUPPORT */ try.neg_upap = 0; p += cilen - CILEN_SHORT; } @@ -1326,7 +1366,11 @@ lcp_nakci(f, p, len, treat_as_reject) goto bad; break; case CI_AUTHTYPE: - if (go->neg_chap || no.neg_chap || go->neg_upap || no.neg_upap + if (0 +#if CHAP_SUPPORT + || go->neg_chap || no.neg_chap +#endif /* CHAP_SUPPORT */ + || go->neg_upap || no.neg_upap #if EAP_SUPPORT || go->neg_eap || no.neg_eap #endif /* EAP_SUPPORT */ @@ -1443,7 +1487,8 @@ lcp_rejci(f, p, len) goto bad; \ try.neg = 0; \ } -#if EAP_SUPPORT + +#if CHAP_SUPPORT && EAP_SUPPORT #define REJCICHAP(opt, neg, val) \ if (go->neg && \ len >= CILEN_CHAP && \ @@ -1459,8 +1504,9 @@ lcp_rejci(f, p, len) try.neg = 0; \ try.neg_eap = try.neg_upap = 0; \ } -#endif /* EAP_SUPPORT */ -#if !EAP_SUPPORT +#endif /* CHAP_SUPPORT && EAP_SUPPORT */ + +#if CHAP_SUPPORT && !EAP_SUPPORT #define REJCICHAP(opt, neg, val) \ if (go->neg && \ len >= CILEN_CHAP && \ @@ -1476,7 +1522,8 @@ lcp_rejci(f, p, len) try.neg = 0; \ try.neg_upap = 0; \ } -#endif /* !EAP_SUPPORT */ +#endif /* CHAP_SUPPORT && !EAP_SUPPORT */ + #define REJCILONG(opt, neg, val) \ if (go->neg && \ len >= CILEN_LONG && \ @@ -1542,10 +1589,14 @@ lcp_rejci(f, p, len) REJCISHORT(CI_AUTHTYPE, neg_eap, PPP_EAP); if (!go->neg_eap) { #endif /* EAP_SUPPORT */ +#if CHAP_SUPPORT REJCICHAP(CI_AUTHTYPE, neg_chap, go->chap_mdtype); if (!go->neg_chap) { +#endif /* CHAP_SUPPORT */ REJCISHORT(CI_AUTHTYPE, neg_upap, PPP_PAP); +#if CHAP_SUPPORT } +#endif /* CHAP_SUPPORT */ #if EAP_SUPPORT } #endif /* EAP_SUPPORT */ @@ -1684,7 +1735,10 @@ lcp_reqci(f, inp, lenp, reject_if_disagree) case CI_AUTHTYPE: if (cilen < CILEN_SHORT || - !(ao->neg_upap || ao->neg_chap + !(ao->neg_upap +#if CHAP_SUPPORT + || ao->neg_chap +#endif /* CHAP_SUPPORT */ #if EAP_SUPPORT || ao->neg_eap #endif /* EAP_SUPPORT */ @@ -1711,7 +1765,10 @@ lcp_reqci(f, inp, lenp, reject_if_disagree) if (cishort == PPP_PAP) { /* we've already accepted CHAP or EAP */ - if (ho->neg_chap + if (0 +#if CHAP_SUPPORT + || ho->neg_chap +#endif /* CHAP_SUPPORT */ #if EAP_SUPPORT || ho->neg_eap #endif /* EAP_SUPPORT */ @@ -1729,9 +1786,11 @@ lcp_reqci(f, inp, lenp, reject_if_disagree) PUTSHORT(PPP_EAP, nakp); } else { #endif /* EAP_SUPPORT */ +#if CHAP_SUPPORT PUTCHAR(CILEN_CHAP, nakp); PUTSHORT(PPP_CHAP, nakp); PUTCHAR(CHAP_DIGEST(ao->chap_mdtype), nakp); +#endif /* CHAP_SUPPORT */ #if EAP_SUPPORT } #endif /* EAP_SUPPORT */ @@ -1740,6 +1799,7 @@ lcp_reqci(f, inp, lenp, reject_if_disagree) ho->neg_upap = 1; break; } +#if CHAP_SUPPORT if (cishort == PPP_CHAP) { /* we've already accepted PAP or EAP */ if (ho->neg_upap @@ -1783,10 +1843,15 @@ lcp_reqci(f, inp, lenp, reject_if_disagree) ho->neg_chap = 1; break; } +#endif /* CHAP_SUPPORT */ #if EAP_SUPPORT if (cishort == PPP_EAP) { /* we've already accepted CHAP or PAP */ - if (ho->neg_chap || ho->neg_upap || cilen != CILEN_SHORT) { + if ( +#if CHAP_SUPPORT + ho->neg_chap || +#endif /* CHAP_SUPPORT */ + ho->neg_upap || cilen != CILEN_SHORT) { LCPDEBUG(("lcp_reqci: rcvd AUTHTYPE EAP, rejecting...")); orc = CONFREJ; break; @@ -1794,14 +1859,18 @@ lcp_reqci(f, inp, lenp, reject_if_disagree) if (!ao->neg_eap) { /* we don't want to do EAP */ orc = CONFNAK; /* NAK it and suggest CHAP or PAP */ PUTCHAR(CI_AUTHTYPE, nakp); +#if CHAP_SUPPORT if (ao->neg_chap) { PUTCHAR(CILEN_CHAP, nakp); PUTSHORT(PPP_CHAP, nakp); PUTCHAR(CHAP_DIGEST(ao->chap_mdtype), nakp); } else { +#endif /* CHAP_SUPPORT */ PUTCHAR(CILEN_SHORT, nakp); PUTSHORT(PPP_PAP, nakp); +#if CHAP_SUPPORT } +#endif /* CHAP_SUPPORT */ break; } ho->neg_eap = 1; @@ -1824,11 +1893,14 @@ lcp_reqci(f, inp, lenp, reject_if_disagree) PUTSHORT(PPP_EAP, nakp); } else #endif /* EAP_SUPPORT */ +#if CHAP_SUPPORT if (ao->neg_chap) { PUTCHAR(CILEN_CHAP, nakp); PUTSHORT(PPP_CHAP, nakp); PUTCHAR(CHAP_DIGEST(ao->chap_mdtype), nakp); - } else { + } else +#endif CHAP_SUPPORT + { PUTCHAR(CILEN_SHORT, nakp); PUTSHORT(PPP_PAP, nakp); } @@ -2169,6 +2241,7 @@ lcp_printpkt(p, plen, printer, arg) case PPP_PAP: printer(arg, "pap"); break; +#if CHAP_SUPPORT case PPP_CHAP: printer(arg, "chap"); if (p < optend) { @@ -2191,6 +2264,7 @@ lcp_printpkt(p, plen, printer, arg) } } break; +#endif /* CHAP_SUPPORT */ case PPP_EAP: printer(arg, "eap"); break; diff --git a/src/netif/ppp/lcp.h b/src/netif/ppp/lcp.h index b440da97..524e9738 100644 --- a/src/netif/ppp/lcp.h +++ b/src/netif/ppp/lcp.h @@ -92,7 +92,9 @@ typedef struct lcp_options { bool neg_mru; /* Negotiate the MRU? */ bool neg_asyncmap; /* Negotiate the async map? */ bool neg_upap; /* Ask for UPAP authentication? */ +#if CHAP_SUPPORT bool neg_chap; /* Ask for CHAP authentication? */ +#endif /* CHAP_SUPPORT */ #if EAP_SUPPORT bool neg_eap; /* Ask for EAP authentication? */ #endif /* EAP_SUPPORT */ @@ -106,7 +108,9 @@ typedef struct lcp_options { bool neg_endpoint; /* negotiate endpoint discriminator */ int mru; /* Value of MRU */ int mrru; /* Value of MRRU, and multilink enable */ +#if CHAP_SUPPORT u_char chap_mdtype; /* which MD types (hashing algorithm) */ +#endif /* CHAP_SUPPORT */ u_int32_t asyncmap; /* Value of async map */ u_int32_t magicnumber; int numloops; /* Number of loops during magic number neg. */ diff --git a/src/netif/ppp/ppp.c b/src/netif/ppp/ppp.c index 192d00b5..3e528466 100644 --- a/src/netif/ppp/ppp.c +++ b/src/netif/ppp/ppp.c @@ -103,7 +103,9 @@ #include "ipv6cp.h" #endif #include "upap.h" +#if CHAP_SUPPORT #include "chap-new.h" +#endif /* CHAP_SUPPORT */ #if EAP_SUPPORT #include "eap.h" #endif /* EAP_SUPPORT */ @@ -267,7 +269,9 @@ extern char *getlogin __P((void)); struct protent *protocols[] = { &lcp_protent, &pap_protent, +#if CHAP_SUPPORT &chap_protent, +#endif /* CHAP_SUPPORT */ #if CBCP_SUPPORT &cbcp_protent, #endif @@ -1056,8 +1060,14 @@ get_input() */ if (phase <= PHASE_AUTHENTICATE && !(protocol == PPP_LCP || protocol == PPP_LQR - || protocol == PPP_PAP || protocol == PPP_CHAP || - protocol == PPP_EAP)) { + || protocol == PPP_PAP +#if CHAP_SUPPORT + || protocol == PPP_CHAP +#endif /* CHAP_SUPPORT */ +#if EAP_SUPPORT + || protocol == PPP_EAP +#endif /* EAP_SUPPORT */ + )) { dbglog("discarding proto 0x%x in phase %d", protocol, phase); return; diff --git a/src/netif/ppp/pppmy.c b/src/netif/ppp/pppmy.c index 4efcc982..4a4d8fe0 100644 --- a/src/netif/ppp/pppmy.c +++ b/src/netif/ppp/pppmy.c @@ -438,19 +438,29 @@ pppSetAuth(enum pppAuthType authType, const char *user, const char *passwd) /* FIXME: the following may look stupid, but this is just an easy way * to check different auth by changing compile time option */ + ppp_settings.refuse_pap = 0; + +#if CHAP_SUPPORT ppp_settings.refuse_pap = 1; ppp_settings.refuse_chap = 0; +#endif /* CHAP_SUPPORT */ + #if MSCHAP_SUPPORT ppp_settings.refuse_pap = 1; ppp_settings.refuse_chap = 1; ppp_settings.refuse_mschap = 1; ppp_settings.refuse_mschap_v2 = 0; #endif /* MSCHAP_SUPPORT */ + #if EAP_SUPPORT ppp_settings.refuse_pap = 1; +#if CHAP_SUPPORT ppp_settings.refuse_chap = 1; +#if MSCHAP_SUPPORT ppp_settings.refuse_mschap = 1; ppp_settings.refuse_mschap_v2 = 1; +#endif /* MSCHAP_SUPPORT */ +#endif /* CHAP_SUPPORT */ ppp_settings.refuse_eap = 0; #endif /* EAP_SUPPORT */ diff --git a/src/netif/ppp/pppmy.h b/src/netif/ppp/pppmy.h index f082f460..4206947d 100644 --- a/src/netif/ppp/pppmy.h +++ b/src/netif/ppp/pppmy.h @@ -47,7 +47,9 @@ struct ppp_settings { u_int auth_required : 1; /* Peer is required to authenticate */ u_int explicit_remote : 1; /* remote_name specified with remotename opt */ u_int refuse_pap : 1; /* Don't wanna auth. ourselves with PAP */ +#if CHAP_SUPPORT u_int refuse_chap : 1; /* Don't wanna auth. ourselves with CHAP */ +#endif /* CHAP_SUPPORT */ #if MSCHAP_SUPPORT u_int refuse_mschap : 1; /* Don't wanna auth. ourselves with MS-CHAP */ u_int refuse_mschap_v2 : 1; /* Don't wanna auth. ourselves with MS-CHAPv2 */ @@ -112,7 +114,9 @@ enum pppAuthType { PPPAUTHTYPE_NONE, PPPAUTHTYPE_ANY, PPPAUTHTYPE_PAP, - PPPAUTHTYPE_CHAP +#if CHAP_SUPPORT + PPPAUTHTYPE_CHAP, +#endif /* CHAP_SUPPORT */ }; void pppSetAuth(enum pppAuthType authType, const char *user, const char *passwd);