X-Git-Url: http://git.ozlabs.org/?p=ppp.git;a=blobdiff_plain;f=pppd%2Fccp.c;h=61947d96992c55872874253a5a8219372b66c59b;hp=fa8a5a0cb950f6993ebe51d008c98b556b1c5272;hb=b6b4d28e0c38320ca6753af40845df991118cd11;hpb=b38527fb14af5ebe3d2559e2f861575c722a1ce9 diff --git a/pppd/ccp.c b/pppd/ccp.c index fa8a5a0..61947d9 100644 --- a/pppd/ccp.c +++ b/pppd/ccp.c @@ -1,31 +1,34 @@ /* * ccp.c - PPP Compression Control Protocol. * - * Copyright (c) 1994 The Australian National University. - * All rights reserved. + * Copyright (c) 1994-2002 Paul Mackerras. All rights reserved. * - * Permission to use, copy, modify, and distribute this software and its - * documentation is hereby granted, provided that the above copyright - * notice appears in all copies. This software is provided without any - * warranty, express or implied. The Australian National University - * makes no representations about the suitability of this software for - * any purpose. + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: * - * IN NO EVENT SHALL THE AUSTRALIAN NATIONAL UNIVERSITY BE LIABLE TO ANY - * PARTY FOR DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES - * ARISING OUT OF THE USE OF THIS SOFTWARE AND ITS DOCUMENTATION, EVEN IF - * THE AUSTRALIAN NATIONAL UNIVERSITY HAVE BEEN ADVISED OF THE POSSIBILITY - * OF SUCH DAMAGE. + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. * - * THE AUSTRALIAN NATIONAL UNIVERSITY SPECIFICALLY DISCLAIMS ANY WARRANTIES, - * INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE PROVIDED HEREUNDER IS - * ON AN "AS IS" BASIS, AND THE AUSTRALIAN NATIONAL UNIVERSITY HAS NO - * OBLIGATION TO PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, - * OR MODIFICATIONS. + * 2. The name(s) of the authors of this software must not be used to + * endorse or promote products derived from this software without + * prior written permission. + * + * 3. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by Paul Mackerras + * ". + * + * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO + * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY + * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN + * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#define RCSID "$Id: ccp.c,v 1.34 2002/04/02 13:54:59 dfs Exp $" +#define RCSID "$Id: ccp.c,v 1.50 2005/06/26 19:34:41 carlsonj Exp $" #include #include @@ -36,11 +39,10 @@ #include #ifdef MPPE -#include "chap_ms.h" /* mppe_xx_key */ -#include "lcp.h" /* lcp_close() */ +#include "chap_ms.h" /* mppe_xxxx_key, mppe_keys_set */ +#include "lcp.h" /* lcp_close(), lcp_fsm */ #endif -static const char rcsid[] = RCSID; /* * Unfortunately there is a bug in zlib which means that using a @@ -206,7 +208,7 @@ static void ccp_resetci __P((fsm *)); static int ccp_cilen __P((fsm *)); static void ccp_addci __P((fsm *, u_char *, int *)); static int ccp_ackci __P((fsm *, u_char *, int)); -static int ccp_nakci __P((fsm *, u_char *, int)); +static int ccp_nakci __P((fsm *, u_char *, int, int)); static int ccp_rejci __P((fsm *, u_char *, int)); static int ccp_reqci __P((fsm *, u_char *, int *, int)); static void ccp_up __P((fsm *)); @@ -453,7 +455,7 @@ ccp_input(unit, p, len) notice("Compression disabled by peer."); #ifdef MPPE if (ccp_gotoptions[unit].mppe) { - notice("MPPE disabled, closing LCP"); + error("MPPE disabled, closing LCP"); lcp_close(unit, "MPPE disabled by peer"); } #endif @@ -510,6 +512,14 @@ ccp_protrej(unit) { ccp_flags_set(unit, 0, 0); fsm_lowerdown(&ccp_fsm[unit]); + +#ifdef MPPE + if (ccp_gotoptions[unit].mppe) { + error("MPPE required but peer negotiation failed"); + lcp_close(unit, "MPPE required but peer negotiation failed"); + } +#endif + } /* @@ -542,10 +552,10 @@ ccp_resetci(f) */ /* Leave only the mschap auth bits set */ - auth_mschap_bits &= ~(PAP_WITHPEER | PAP_PEER | - CHAP_WITHPEER | CHAP_PEER | - CHAP_MD5_WITHPEER | CHAP_MD5_PEER); + auth_mschap_bits &= (CHAP_MS_WITHPEER | CHAP_MS_PEER | + CHAP_MS2_WITHPEER | CHAP_MS2_PEER); /* Count the mschap auths */ + auth_mschap_bits >>= CHAP_MS_SHIFT; numbits = 0; do { numbits += auth_mschap_bits & 1; @@ -562,12 +572,21 @@ ccp_resetci(f) return; } + /* A plugin (eg radius) may not have obtained key material. */ + if (!mppe_keys_set) { + error("MPPE required, but keys are not available. " + "Possible plugin problem?"); + lcp_close(f->unit, "MPPE required but not available"); + return; + } + /* LM auth not supported for MPPE */ if (auth_done[f->unit] & (CHAP_MS_WITHPEER | CHAP_MS_PEER)) { /* This might be noise */ if (go->mppe & MPPE_OPT_40) { notice("Disabling 40-bit MPPE; MS-CHAP LM not supported"); go->mppe &= ~MPPE_OPT_40; + ccp_wantoptions[f->unit].mppe &= ~MPPE_OPT_40; } } @@ -656,7 +675,8 @@ ccp_cilen(f) ccp_options *go = &ccp_gotoptions[f->unit]; return (go->bsd_compress? CILEN_BSD_COMPRESS: 0) - + (go->deflate? CILEN_DEFLATE: 0) + + (go->deflate && go->deflate_correct? CILEN_DEFLATE: 0) + + (go->deflate && go->deflate_draft? CILEN_DEFLATE: 0) + (go->predictor_1? CILEN_PREDICTOR_1: 0) + (go->predictor_2? CILEN_PREDICTOR_2: 0) + (go->mppe? CILEN_MPPE: 0); @@ -677,7 +697,8 @@ ccp_addci(f, p, lenp) /* * Add the compression types that we can receive, in decreasing - * preference order. + * preference order. Get the kernel to allocate the first one + * in case it gets Acked. */ #ifdef MPPE if (go->mppe) { @@ -701,21 +722,25 @@ ccp_addci(f, p, lenp) p[1] = CILEN_DEFLATE; p[2] = DEFLATE_MAKE_OPT(go->deflate_size); p[3] = DEFLATE_CHK_SEQUENCE; - for (;;) { - if (go->deflate_size < DEFLATE_MIN_WORKS) { - go->deflate = 0; - break; - } - res = ccp_test(f->unit, p, CILEN_DEFLATE, 0); - if (res > 0) { - p += CILEN_DEFLATE; - break; - } else if (res < 0) { - go->deflate = 0; - break; + if (p != p0) { + p += CILEN_DEFLATE; + } else { + for (;;) { + if (go->deflate_size < DEFLATE_MIN_WORKS) { + go->deflate = 0; + break; + } + res = ccp_test(f->unit, p, CILEN_DEFLATE, 0); + if (res > 0) { + p += CILEN_DEFLATE; + break; + } else if (res < 0) { + go->deflate = 0; + break; + } + --go->deflate_size; + p[2] = DEFLATE_MAKE_OPT(go->deflate_size); } - --go->deflate_size; - p[2] = DEFLATE_MAKE_OPT(go->deflate_size); } if (p != p0 && go->deflate_correct && go->deflate_draft) { p[0] = CI_DEFLATE_DRAFT; @@ -729,21 +754,25 @@ ccp_addci(f, p, lenp) p[0] = CI_BSD_COMPRESS; p[1] = CILEN_BSD_COMPRESS; p[2] = BSD_MAKE_OPT(BSD_CURRENT_VERSION, go->bsd_bits); - for (;;) { - if (go->bsd_bits < BSD_MIN_BITS) { - go->bsd_compress = 0; - break; - } - res = ccp_test(f->unit, p, CILEN_BSD_COMPRESS, 0); - if (res > 0) { - p += CILEN_BSD_COMPRESS; - break; - } else if (res < 0) { - go->bsd_compress = 0; - break; + if (p != p0) { + p += CILEN_BSD_COMPRESS; /* not the first option */ + } else { + for (;;) { + if (go->bsd_bits < BSD_MIN_BITS) { + go->bsd_compress = 0; + break; + } + res = ccp_test(f->unit, p, CILEN_BSD_COMPRESS, 0); + if (res > 0) { + p += CILEN_BSD_COMPRESS; + break; + } else if (res < 0) { + go->bsd_compress = 0; + break; + } + --go->bsd_bits; + p[2] = BSD_MAKE_OPT(BSD_CURRENT_VERSION, go->bsd_bits); } - --go->bsd_bits; - p[2] = BSD_MAKE_OPT(BSD_CURRENT_VERSION, go->bsd_bits); } } /* XXX Should Predictor 2 be preferable to Predictor 1? */ @@ -865,10 +894,11 @@ ccp_ackci(f, p, len) * Returns 1 iff the nak was OK. */ static int -ccp_nakci(f, p, len) +ccp_nakci(f, p, len, treat_as_reject) fsm *f; u_char *p; int len; + int treat_as_reject; { ccp_options *go = &ccp_gotoptions[f->unit]; ccp_options no; /* options we've seen already */ @@ -886,14 +916,18 @@ ccp_nakci(f, p, len) * Fail if we aren't willing to use his suggestion. */ MPPE_CI_TO_OPTS(&p[2], try.mppe); - if ((try.mppe & MPPE_OPT_STATEFUL) && refuse_mppe_stateful) + if ((try.mppe & MPPE_OPT_STATEFUL) && refuse_mppe_stateful) { + error("Refusing MPPE stateful mode offered by peer"); try.mppe = 0; - else if ((go->mppe & try.mppe) != try.mppe) + } else if (((go->mppe | MPPE_OPT_STATEFUL) & try.mppe) != try.mppe) { /* Peer must have set options we didn't request (suggest) */ try.mppe = 0; + } - if (!try.mppe) + if (!try.mppe) { + error("MPPE required but peer negotiation failed"); lcp_close(f->unit, "MPPE required but peer negotiation failed"); + } } #endif /* MPPE */ if (go->deflate && len >= CILEN_DEFLATE @@ -970,36 +1004,32 @@ ccp_rejci(f, p, len) #ifdef MPPE if (go->mppe && len >= CILEN_MPPE && p[0] == CI_MPPE && p[1] == CILEN_MPPE) { + error("MPPE required but peer refused"); lcp_close(f->unit, "MPPE required but peer refused"); p += CILEN_MPPE; len -= CILEN_MPPE; } #endif - if (go->deflate && len >= CILEN_DEFLATE - && p[0] == (go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT) - && p[1] == CILEN_DEFLATE) { + if (go->deflate_correct && len >= CILEN_DEFLATE + && p[0] == CI_DEFLATE && p[1] == CILEN_DEFLATE) { if (p[2] != DEFLATE_MAKE_OPT(go->deflate_size) || p[3] != DEFLATE_CHK_SEQUENCE) return 0; /* Rej is bad */ - if (go->deflate_correct) - try.deflate_correct = 0; - else - try.deflate_draft = 0; + try.deflate_correct = 0; p += CILEN_DEFLATE; len -= CILEN_DEFLATE; - if (go->deflate_correct && go->deflate_draft - && len >= CILEN_DEFLATE && p[0] == CI_DEFLATE_DRAFT - && p[1] == CILEN_DEFLATE) { - if (p[2] != DEFLATE_MAKE_OPT(go->deflate_size) - || p[3] != DEFLATE_CHK_SEQUENCE) - return 0; /* Rej is bad */ - try.deflate_draft = 0; - p += CILEN_DEFLATE; - len -= CILEN_DEFLATE; - } - if (!try.deflate_correct && !try.deflate_draft) - try.deflate = 0; } + if (go->deflate_draft && len >= CILEN_DEFLATE + && p[0] == CI_DEFLATE_DRAFT && p[1] == CILEN_DEFLATE) { + if (p[2] != DEFLATE_MAKE_OPT(go->deflate_size) + || p[3] != DEFLATE_CHK_SEQUENCE) + return 0; /* Rej is bad */ + try.deflate_draft = 0; + p += CILEN_DEFLATE; + len -= CILEN_DEFLATE; + } + if (!try.deflate_correct && !try.deflate_draft) + try.deflate = 0; if (go->bsd_compress && len >= CILEN_BSD_COMPRESS && p[0] == CI_BSD_COMPRESS && p[1] == CILEN_BSD_COMPRESS) { if (p[2] != BSD_MAKE_OPT(BSD_CURRENT_VERSION, go->bsd_bits)) @@ -1047,6 +1077,10 @@ ccp_reqci(f, p, lenp, dont_nak) int len, clen, type, nb; ccp_options *ho = &ccp_hisoptions[f->unit]; ccp_options *ao = &ccp_allowoptions[f->unit]; +#ifdef MPPE + bool rej_for_ci_mppe = 1; /* Are we rejecting based on a bad/missing */ + /* CI_MPPE, or due to other options? */ +#endif ret = CONFACK; retp = p0 = p; @@ -1087,17 +1121,16 @@ ccp_reqci(f, p, lenp, dont_nak) /* Check state opt */ if (ho->mppe & MPPE_OPT_STATEFUL) { + /* + * We can Nak and request stateless, but it's a + * lot easier to just assume the peer will request + * it if he can do it; stateful mode is bad over + * the Internet -- which is where we expect MPPE. + */ if (refuse_mppe_stateful) { - /* - * We can Nak and request stateless, but it's a - * lot easier to just assume the peer will request - * it if he can do it; stateful mode is bad over - * the Internet -- which is where we expect MPPE. - */ + error("Refusing MPPE stateful mode offered by peer"); newret = CONFREJ; break; - } else { - newret = CONFNAK; } } @@ -1126,8 +1159,11 @@ ccp_reqci(f, p, lenp, dont_nak) } } else { /* Neither are set. */ - newret = CONFREJ; - break; + /* We cannot accept this. */ + newret = CONFNAK; + /* Give the peer our idea of what can be used, + so it can choose and confirm */ + ho->mppe = ao->mppe; } /* rebuild the opts */ @@ -1159,6 +1195,12 @@ ccp_reqci(f, p, lenp, dont_nak) newret = CONFREJ; } + /* + * We have accepted MPPE or are willing to negotiate + * MPPE parameters. A CONFREJ is due to subsequent + * (non-MPPE) processing. + */ + rej_for_ci_mppe = 0; break; #endif /* MPPE */ case CI_DEFLATE: @@ -1302,8 +1344,12 @@ ccp_reqci(f, p, lenp, dont_nak) else *lenp = retp - p0; } - if (ret == CONFREJ && ao->mppe) +#ifdef MPPE + if (ret == CONFREJ && ao->mppe && rej_for_ci_mppe) { + error("MPPE required but peer negotiation failed"); lcp_close(f->unit, "MPPE required but peer negotiation failed"); + } +#endif return ret; } @@ -1397,6 +1443,13 @@ ccp_up(f) notice("%s receive compression enabled", method_name(go, NULL)); } else if (ANY_COMPRESS(*ho)) notice("%s transmit compression enabled", method_name(ho, NULL)); +#ifdef MPPE + if (go->mppe) { + BZERO(mppe_recv_key, MPPE_MAX_KEY_LEN); + BZERO(mppe_send_key, MPPE_MAX_KEY_LEN); + continue_networks(f->unit); /* Bring up IP et al */ + } +#endif } /* @@ -1410,6 +1463,16 @@ ccp_down(f) UNTIMEOUT(ccp_rack_timeout, f); ccp_localstate[f->unit] = 0; ccp_flags_set(f->unit, 1, 0); +#ifdef MPPE + if (ccp_gotoptions[f->unit].mppe) { + ccp_gotoptions[f->unit].mppe = 0; + if (lcp_fsm[f->unit].state == OPENED) { + /* If LCP is not already going down, make sure it does. */ + error("MPPE disabled"); + lcp_close(f->unit, "MPPE disabled"); + } + } +#endif } /* @@ -1480,6 +1543,9 @@ ccp_printpkt(p, plen, printer, arg) (p[5] & MPPE_D_BIT)? "+D": "-D", (p[5] & MPPE_C_BIT)? "+C": "-C", (mppe_opts & MPPE_OPT_UNKNOWN)? " +U": ""); + if (mppe_opts & MPPE_OPT_UNKNOWN) + printer(arg, " (%.2x %.2x %.2x %.2x)", + p[2], p[3], p[4], p[5]); p += CILEN_MPPE; } break;