* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-#define RCSID "$Id: ccp.c,v 1.41 2002/12/04 23:03:32 paulus Exp $"
+#define RCSID "$Id: ccp.c,v 1.44 2003/03/05 23:01:28 fcusack Exp $"
#include <stdlib.h>
#include <string.h>
#include <net/ppp-comp.h>
#ifdef MPPE
-#include "chap_ms.h" /* mppe_xxxx_key */
+#include "chap_ms.h" /* mppe_xxxx_key, mppe_keys_set */
#include "lcp.h" /* lcp_close(), lcp_fsm */
#endif
return;
}
+ /* A plugin (eg radius) may not have obtained key material. */
+ if (!mppe_keys_set) {
+ error("MPPE required, but keys are not available. "
+ "Possible plugin problem?");
+ lcp_close(f->unit, "MPPE required but not available");
+ return;
+ }
+
/* LM auth not supported for MPPE */
if (auth_done[f->unit] & (CHAP_MS_WITHPEER | CHAP_MS_PEER)) {
/* This might be noise */
MPPE_CI_TO_OPTS(&p[2], try.mppe);
if ((try.mppe & MPPE_OPT_STATEFUL) && refuse_mppe_stateful)
try.mppe = 0;
- else if ((go->mppe & try.mppe) != try.mppe)
+ else if (((go->mppe | MPPE_OPT_STATEFUL) & try.mppe) != try.mppe)
/* Peer must have set options we didn't request (suggest) */
try.mppe = 0;
ccp_options *ho = &ccp_hisoptions[f->unit];
ccp_options *ao = &ccp_allowoptions[f->unit];
#ifdef MPPE
- bool seen_ci_mppe = 0;
+ bool rej_for_ci_mppe = 1; /* Are we rejecting based on a bad/missing */
+ /* CI_MPPE, or due to other options? */
#endif
ret = CONFACK;
newret = CONFREJ;
break;
}
- seen_ci_mppe = 1;
MPPE_CI_TO_OPTS(&p[2], ho->mppe);
/* Nak if anything unsupported or unknown are set. */
/* Check state opt */
if (ho->mppe & MPPE_OPT_STATEFUL) {
+ /*
+ * We can Nak and request stateless, but it's a
+ * lot easier to just assume the peer will request
+ * it if he can do it; stateful mode is bad over
+ * the Internet -- which is where we expect MPPE.
+ */
if (refuse_mppe_stateful) {
- /*
- * We can Nak and request stateless, but it's a
- * lot easier to just assume the peer will request
- * it if he can do it; stateful mode is bad over
- * the Internet -- which is where we expect MPPE.
- */
newret = CONFREJ;
break;
- } else {
- newret = CONFNAK;
}
}
newret = CONFREJ;
}
+ /*
+ * We have accepted MPPE or are willing to negotiate
+ * MPPE parameters. A CONFREJ is due to subsequent
+ * (non-MPPE) processing.
+ */
+ rej_for_ci_mppe = 0;
break;
#endif /* MPPE */
case CI_DEFLATE:
*lenp = retp - p0;
}
#ifdef MPPE
- if (ret == CONFREJ && ao->mppe && !seen_ci_mppe) {
+ if (ret == CONFREJ && ao->mppe && rej_for_ci_mppe) {
error("MPPE required but peer negotiation failed");
lcp_close(f->unit, "MPPE required but peer negotiation failed");
}
projects / ppp.git / blobdiff