X-Git-Url: http://git.ozlabs.org/?p=ppp.git;a=blobdiff_plain;f=pppd%2Feap.h;h=50c652acfb110147e3eb4c207d2821a82c118cb9;hp=087baad83eed8ca2dd4a2405626165d7e3ca66f7;hb=HEAD;hpb=e87fe1bbd37a1486c5223f110e9ce3ef75971f93

diff --git a/pppd/eap.h b/pppd/eap.h
index 087baad..50c652a 100644
--- a/pppd/eap.h
+++ b/pppd/eap.h
@@ -23,10 +23,18 @@
 #ifndef PPP_EAP_H
 #define	PPP_EAP_H
 
+#include "pppdconf.h"
+
 #ifdef	__cplusplus
 extern "C" {
 #endif
 
+
+#ifndef PPP_EAP
+#define PPP_EAP 0xc227
+#endif
+
+
 /*
  * Packet header = Code, id, length.
  */
@@ -59,6 +67,18 @@ extern "C" {
 #define	EAPT_NOKIACARD		18	/* Nokia IP smart card */
 #define	EAPT_SRP		19	/* Secure Remote Password */
 /* 20 is deprecated */
+#define	EAPT_TTLS		21	/* EAP Tunneled TLS Authentication Protocol RFC5281 */
+#define	EAPT_RAS		22	/* Remote Access Service */
+#define	EAPT_AKA		23	/* EAP method for 3rd Generation Authentication and Key Agreement RFC4187 */
+#define	EAPT_3COM		24	/* EAP-3Com Wireless */
+#define	EAPT_PEAP		25	/* Protected EAP */
+#define	EAPT_MSCHAPV2		26	/* EAP-MSCHAPv2 RFC-draft-kamath-pppext-eap-mschapv2-02 */
+
+/* OpCodes for MSCHAPv2 */
+#define CHAP_CHALLENGE		1
+#define CHAP_RESPONSE		2
+#define CHAP_SUCCESS		3
+#define CHAP_FAILURE		4
 
 /* EAP SRP-SHA1 Subtypes */
 #define	EAPSRP_CHALLENGE	1	/* Request 1 - Challenge */
@@ -74,7 +94,6 @@ extern "C" {
 #define	SRP_PSEUDO_ID	"pseudo_"
 #define	SRP_PSEUDO_LEN	7
 
-#define MD5_SIGNATURE_SIZE	16
 #define MIN_CHALLENGE_LENGTH	16
 #define MAX_CHALLENGE_LENGTH	24
 
@@ -98,6 +117,7 @@ enum eap_state_code {
 	eapSRP2,	/* Sent EAP SRP-SHA1 Subtype 2 */
 	eapSRP3,	/* Sent EAP SRP-SHA1 Subtype 3 */
 	eapMD5Chall,	/* Sent MD5-Challenge */
+	eapMSCHAPv2Chall,	/* Sent MSCHAPv2-Challenge */
 	eapOpen,	/* Completed authentication */
 	eapSRP4,	/* Sent EAP SRP-SHA1 Subtype 4 */
 	eapBadAuth	/* Failed authentication */
@@ -107,15 +127,15 @@ enum eap_state_code {
 	"Initial", "Pending", "Closed", "Listen", "Identify", \
 	"TlsStart", "TlsRecv", "TlsSendAck", "TlsSend", "TlsRecvAck", "TlsRecvClient",\
 	"TlsSendAlert", "TlsRecvAlertAck" , "TlsRecvSuccess", "TlsRecvFailure", \
-	"SRP1", "SRP2", "SRP3", "MD5Chall", "Open", "SRP4", "BadAuth"
+	"SRP1", "SRP2", "SRP3", "MD5Chall", "MSCHAPv2Chall", "Open", "SRP4", "BadAuth"
 
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
 #define	eap_client_active(esp)	((esp)->es_client.ea_state != eapInitial &&\
 				 (esp)->es_client.ea_state != eapPending &&\
 				 (esp)->es_client.ea_state != eapClosed)
 #else
 #define eap_client_active(esp)	((esp)->es_client.ea_state == eapListen)
-#endif /* USE_EAPTLS */
+#endif /* PPP_WITH_EAPTLS */
 
 #define	eap_server_active(esp)	\
 	((esp)->es_server.ea_state >= eapIdentify && \
@@ -125,21 +145,24 @@ struct eap_auth {
 	char *ea_name;		/* Our name */
 	char *ea_peer;		/* Peer's name */
 	void *ea_session;	/* Authentication library linkage */
-	u_char *ea_skey;	/* Shared encryption key */
+	unsigned char *ea_skey;	/* Shared encryption key */
 	int ea_timeout;		/* Time to wait (for retransmit/fail) */
 	int ea_maxrequests;	/* Max Requests allowed */
-	u_short ea_namelen;	/* Length of our name */
-	u_short ea_peerlen;	/* Length of peer's name */
+	unsigned short ea_namelen;	/* Length of our name */
+	unsigned short ea_peerlen;	/* Length of peer's name */
 	enum eap_state_code ea_state;
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
 	enum eap_state_code ea_prev_state;
 #endif
-	u_char ea_id;		/* Current id */
-	u_char ea_requests;	/* Number of Requests sent/received */
-	u_char ea_responses;	/* Number of Responses */
-	u_char ea_type;		/* One of EAPT_* */
-	u_int32_t ea_keyflags;	/* SRP shared key usage flags */
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_CHAPMS
+        struct chap_digest_type *digest;
+#endif
+	unsigned char ea_id;		/* Current id */
+	unsigned char ea_requests;	/* Number of Requests sent/received */
+	unsigned char ea_responses;	/* Number of Responses */
+	unsigned char ea_type;		/* One of EAPT_* */
+	uint32_t ea_keyflags;	/* SRP shared key usage flags */
+#ifdef PPP_WITH_EAPTLS
 	bool ea_using_eaptls;
 #endif
 };
@@ -151,35 +174,43 @@ typedef struct eap_state {
 	int es_unit;			/* Interface unit number */
 	struct eap_auth es_client;	/* Client (authenticatee) data */
 	struct eap_auth es_server;	/* Server (authenticator) data */
+#ifdef PPP_WITH_PEAP
+	struct peap_state *ea_peap;	/* Client PEAP (authenticator) data */
+#endif
 	int es_savedtime;		/* Saved timeout */
 	int es_rechallenge;		/* EAP rechallenge interval */
 	int es_lwrechallenge;		/* SRP lightweight rechallenge inter */
 	bool es_usepseudo;		/* Use SRP Pseudonym if offered one */
 	int es_usedpseudo;		/* Set if we already sent PN */
 	int es_challen;			/* Length of challenge string */
-	u_char es_challenge[MAX_CHALLENGE_LENGTH];
+	unsigned char es_challenge[MAX_CHALLENGE_LENGTH];
 } eap_state;
 
 /*
  * Timeouts.
  */
 #define	EAP_DEFTIMEOUT		3	/* Timeout (seconds) for rexmit */
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
 #define	EAP_DEFTRANSMITS	30	/* max # times to transmit */
 					/* certificates can be long ... */
 #else
 #define	EAP_DEFTRANSMITS	10	/* max # times to transmit */
-#endif /* USE_EAPTLS */
+#endif /* PPP_WITH_EAPTLS */
 #define	EAP_DEFREQTIME		20	/* Time to wait for peer request */
 #define	EAP_DEFALLOWREQ		20	/* max # times to accept requests */
 
 extern eap_state eap_states[];
 
-void eap_authwithpeer __P((int unit, char *localname));
-void eap_authpeer __P((int unit, char *localname));
+void eap_authwithpeer (int unit, char *localname);
+void eap_authpeer (int unit, char *localname);
 
 extern struct protent eap_protent;
 
+#ifdef PPP_WITH_EAPTLS
+typedef int (eaptls_passwd_hook_fn)(char *user, char *passwd);
+extern eaptls_passwd_hook_fn *eaptls_passwd_hook;
+#endif
+
 #ifdef	__cplusplus
 }
 #endif