X-Git-Url: http://git.ozlabs.org/?a=blobdiff_plain;f=pppd%2Fccp.c;h=cdfb2cf6324762ee779cd5921461d9803df57dfb;hb=5116fdc189652e3c39e2581a01b7ff5b4cefd514;hp=18f2dc0cdbd871e6f6b613b7a7e3f185c943cc20;hpb=f53a48eb9d74db3c71938e114b7f489c339bc003;p=ppp.git

diff --git a/pppd/ccp.c b/pppd/ccp.c
index 18f2dc0..cdfb2cf 100644
--- a/pppd/ccp.c
+++ b/pppd/ccp.c
@@ -33,7 +33,7 @@
  * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-#define RCSID	"$Id: ccp.c,v 1.41 2002/12/04 23:03:32 paulus Exp $"
+#define RCSID	"$Id: ccp.c,v 1.43 2002/12/24 00:34:13 fcusack Exp $"
 
 #include <stdlib.h>
 #include <string.h>
@@ -44,7 +44,7 @@
 #include <net/ppp-comp.h>
 
 #ifdef MPPE
-#include "chap_ms.h"	/* mppe_xxxx_key */
+#include "chap_ms.h"	/* mppe_xxxx_key, mppe_keys_set */
 #include "lcp.h"	/* lcp_close(), lcp_fsm */
 #endif
 
@@ -578,6 +578,14 @@ ccp_resetci(f)
 	    return;
 	}
 
+	/* A plugin (eg radius) may not have obtained key material. */
+	if (!mppe_keys_set) {
+	    error("MPPE required, but keys are not available.  "
+		  "Possible plugin problem?");
+	    lcp_close(f->unit, "MPPE required but not available");
+	    return;
+	}
+
 	/* LM auth not supported for MPPE */
 	if (auth_done[f->unit] & (CHAP_MS_WITHPEER | CHAP_MS_PEER)) {
 	    /* This might be noise */
@@ -1073,7 +1081,8 @@ ccp_reqci(f, p, lenp, dont_nak)
     ccp_options *ho = &ccp_hisoptions[f->unit];
     ccp_options *ao = &ccp_allowoptions[f->unit];
 #ifdef MPPE
-    bool seen_ci_mppe = 0;
+    bool rej_for_ci_mppe = 1;	/* Are we rejecting based on a bad/missing */
+				/* CI_MPPE, or due to other options?       */
 #endif
 
     ret = CONFACK;
@@ -1101,7 +1110,6 @@ ccp_reqci(f, p, lenp, dont_nak)
 		    newret = CONFREJ;
 		    break;
 		}
-		seen_ci_mppe = 1;
 		MPPE_CI_TO_OPTS(&p[2], ho->mppe);
 
 		/* Nak if anything unsupported or unknown are set. */
@@ -1188,6 +1196,12 @@ ccp_reqci(f, p, lenp, dont_nak)
 			newret = CONFREJ;
 		}
 
+		/*
+		 * We have accepted MPPE or are willing to negotiate
+		 * MPPE parameters.  A CONFREJ is due to subsequent
+		 * (non-MPPE) processing.
+		 */
+		rej_for_ci_mppe = 0;
 		break;
 #endif /* MPPE */
 	    case CI_DEFLATE:
@@ -1332,7 +1346,7 @@ ccp_reqci(f, p, lenp, dont_nak)
 	    *lenp = retp - p0;
     }
 #ifdef MPPE
-    if (ret == CONFREJ && ao->mppe && !seen_ci_mppe) {
+    if (ret == CONFREJ && ao->mppe && rej_for_ci_mppe) {
 	error("MPPE required but peer negotiation failed");
 	lcp_close(f->unit, "MPPE required but peer negotiation failed");
     }