X-Git-Url: http://git.ozlabs.org/?a=blobdiff_plain;f=pppd%2Fccp.c;h=440ddc8f3cb8d14141daf6fbe5bdab14523130fe;hb=39c06d616dd4c9443ed390969e58cd53ca1e314d;hp=378749e1a6463c43ea01592fbaaa3cb2f56c32f6;hpb=cdf190cec5f5b656df4adf841e3a08d0caf2f5a2;p=ppp.git diff --git a/pppd/ccp.c b/pppd/ccp.c index 378749e..440ddc8 100644 --- a/pppd/ccp.c +++ b/pppd/ccp.c @@ -1,31 +1,39 @@ /* * ccp.c - PPP Compression Control Protocol. * - * Copyright (c) 1994 The Australian National University. - * All rights reserved. + * Copyright (c) 1994-2002 Paul Mackerras. All rights reserved. * - * Permission to use, copy, modify, and distribute this software and its - * documentation is hereby granted, provided that the above copyright - * notice appears in all copies. This software is provided without any - * warranty, express or implied. The Australian National University - * makes no representations about the suitability of this software for - * any purpose. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * IN NO EVENT SHALL THE AUSTRALIAN NATIONAL UNIVERSITY BE LIABLE TO ANY - * PARTY FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES - * ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN IF - * THE AUSTRALIAN NATIONAL UNIVERSITY HAVE BEEN ADVISED OF THE POSSIBILITY - * OF SUCH DAMAGE. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * THE AUSTRALIAN NATIONAL UNIVERSITY SPECIFICALLY DISCLAIMS ANY WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS - * ON AN "AS IS" BASIS, AND THE AUSTRALIAN NATIONAL UNIVERSITY HAS NO - * OBLIGATION TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, - * OR MODIFICATIONS. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. The name(s) of the authors of this software must not be used to + * endorse or promote products derived from this software without + * prior written permission. + * + * 4. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by Paul Mackerras + * ". + * + * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO + * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY + * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN + * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#define RCSID "$Id: ccp.c,v 1.40 2002/10/27 11:46:24 fcusack Exp $" +#define RCSID "$Id: ccp.c,v 1.44 2003/03/05 23:01:28 fcusack Exp $" #include #include @@ -36,7 +44,7 @@ #include #ifdef MPPE -#include "chap_ms.h" /* mppe_xxxx_key */ +#include "chap_ms.h" /* mppe_xxxx_key, mppe_keys_set */ #include "lcp.h" /* lcp_close(), lcp_fsm */ #endif @@ -570,6 +578,14 @@ ccp_resetci(f) return; } + /* A plugin (eg radius) may not have obtained key material. */ + if (!mppe_keys_set) { + error("MPPE required, but keys are not available. " + "Possible plugin problem?"); + lcp_close(f->unit, "MPPE required but not available"); + return; + } + /* LM auth not supported for MPPE */ if (auth_done[f->unit] & (CHAP_MS_WITHPEER | CHAP_MS_PEER)) { /* This might be noise */ @@ -902,7 +918,7 @@ ccp_nakci(f, p, len) MPPE_CI_TO_OPTS(&p[2], try.mppe); if ((try.mppe & MPPE_OPT_STATEFUL) && refuse_mppe_stateful) try.mppe = 0; - else if ((go->mppe & try.mppe) != try.mppe) + else if (((go->mppe | MPPE_OPT_STATEFUL) & try.mppe) != try.mppe) /* Peer must have set options we didn't request (suggest) */ try.mppe = 0; @@ -1065,7 +1081,8 @@ ccp_reqci(f, p, lenp, dont_nak) ccp_options *ho = &ccp_hisoptions[f->unit]; ccp_options *ao = &ccp_allowoptions[f->unit]; #ifdef MPPE - bool seen_ci_mppe = 0; + bool rej_for_ci_mppe = 1; /* Are we rejecting based on a bad/missing */ + /* CI_MPPE, or due to other options? */ #endif ret = CONFACK; @@ -1093,7 +1110,6 @@ ccp_reqci(f, p, lenp, dont_nak) newret = CONFREJ; break; } - seen_ci_mppe = 1; MPPE_CI_TO_OPTS(&p[2], ho->mppe); /* Nak if anything unsupported or unknown are set. */ @@ -1108,17 +1124,15 @@ ccp_reqci(f, p, lenp, dont_nak) /* Check state opt */ if (ho->mppe & MPPE_OPT_STATEFUL) { + /* + * We can Nak and request stateless, but it's a + * lot easier to just assume the peer will request + * it if he can do it; stateful mode is bad over + * the Internet -- which is where we expect MPPE. + */ if (refuse_mppe_stateful) { - /* - * We can Nak and request stateless, but it's a - * lot easier to just assume the peer will request - * it if he can do it; stateful mode is bad over - * the Internet -- which is where we expect MPPE. - */ newret = CONFREJ; break; - } else { - newret = CONFNAK; } } @@ -1180,6 +1194,12 @@ ccp_reqci(f, p, lenp, dont_nak) newret = CONFREJ; } + /* + * We have accepted MPPE or are willing to negotiate + * MPPE parameters. A CONFREJ is due to subsequent + * (non-MPPE) processing. + */ + rej_for_ci_mppe = 0; break; #endif /* MPPE */ case CI_DEFLATE: @@ -1324,7 +1344,7 @@ ccp_reqci(f, p, lenp, dont_nak) *lenp = retp - p0; } #ifdef MPPE - if (ret == CONFREJ && ao->mppe && !seen_ci_mppe) { + if (ret == CONFREJ && ao->mppe && rej_for_ci_mppe) { error("MPPE required but peer negotiation failed"); lcp_close(f->unit, "MPPE required but peer negotiation failed"); }