abc/lwip
1
0
Fork 0
mirror of https://git.savannah.nongnu.org/git/lwip.git synced 2025-12-10 08:46:40 +08:00
Code Issues Packages Projects Releases Wiki Activity

Added PPPAUTHTYPE_ANY

Browse Source
This commit is contained in:
marcbou 2003-07-04 15:55:11 +00:00
parent d400f77dea
commit f70d30b91d
2 changed files with 43 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/netif/ppp/ppp.c
View File

@ -326,6 +326,29 @@ void pppSetAuth(enum pppAuthType authType, const char *user, const char *passwd)
#endif #endif
ppp_settings.refuse_chap = 1; ppp_settings.refuse_chap = 1;
break; break;
case PPPAUTHTYPE_ANY:
/* Warning: Using PPPAUTHTYPE_ANY might have security consequences.
* RFC 1994 says:
*
* In practice, within or associated with each PPP server, there is a
* database which associates "user" names with authentication
* information ("secrets"). It is not anticipated that a particular
* named user would be authenticated by multiple methods. This would
* make the user vulnerable to attacks which negotiate the least secure
* method from among a set (such as PAP rather than CHAP). If the same
* secret was used, PAP would reveal the secret to be used later with
* CHAP.
*
* Instead, for each user name there should be an indication of exactly
* one method used to authenticate that user name. If a user needs to
* make use of different authentication methods under different
* circumstances, then distinct user names SHOULD be employed, each of
* which identifies exactly one authentication method.
*
*/
ppp_settings.refuse_pap = 0;
ppp_settings.refuse_chap = 0;
break;
case PPPAUTHTYPE_PAP: case PPPAUTHTYPE_PAP:
ppp_settings.refuse_pap = 0; ppp_settings.refuse_pap = 0;
ppp_settings.refuse_chap = 1; ppp_settings.refuse_chap = 1;

20
src/netif/ppp/ppp.h
View File

@ -340,8 +340,28 @@ extern struct protent *ppp_protocols[];/* Table of pointers to supported protoco
/* Initialize the PPP subsystem. */ /* Initialize the PPP subsystem. */
void pppInit(void); void pppInit(void);
/* Warning: Using PPPAUTHTYPE_ANY might have security consequences.
* RFC 1994 says:
*
* In practice, within or associated with each PPP server, there is a
* database which associates "user" names with authentication
* information ("secrets"). It is not anticipated that a particular
* named user would be authenticated by multiple methods. This would
* make the user vulnerable to attacks which negotiate the least secure
* method from among a set (such as PAP rather than CHAP). If the same
* secret was used, PAP would reveal the secret to be used later with
* CHAP.
*
* Instead, for each user name there should be an indication of exactly
* one method used to authenticate that user name. If a user needs to
* make use of different authentication methods under different
* circumstances, then distinct user names SHOULD be employed, each of
* which identifies exactly one authentication method.
*
*/
enum pppAuthType { enum pppAuthType {
PPPAUTHTYPE_NONE, PPPAUTHTYPE_NONE,
PPPAUTHTYPE_ANY,
PPPAUTHTYPE_PAP, PPPAUTHTYPE_PAP,
PPPAUTHTYPE_CHAP PPPAUTHTYPE_CHAP
}; };