/* Hook for a plugin to get the CHAP password for authenticating us */
int (*chap_passwd_hook)(char *user, char *passwd) = NULL;
/* Hook for a plugin to get the CHAP password for authenticating us */
int (*chap_passwd_hook)(char *user, char *passwd) = NULL;
/* Hook for a plugin to get the EAP-TLS password for authenticating us */
int (*eaptls_passwd_hook)(char *user, char *passwd) = NULL;
#endif
/* Hook for a plugin to get the EAP-TLS password for authenticating us */
int (*eaptls_passwd_hook)(char *user, char *passwd) = NULL;
#endif
bool explicit_passwd = 0; /* Set if "password" option supplied */
char remote_name[MAXNAMELEN]; /* Peer's name for authentication */
bool explicit_passwd = 0; /* Set if "password" option supplied */
char remote_name[MAXNAMELEN]; /* Peer's name for authentication */
char *cacert_file = NULL; /* CA certificate file (pem format) */
char *ca_path = NULL; /* Directory with CA certificates */
char *crl_dir = NULL; /* Directory containing CRL files */
char *cacert_file = NULL; /* CA certificate file (pem format) */
char *ca_path = NULL; /* Directory with CA certificates */
char *crl_dir = NULL; /* Directory containing CRL files */
char *cert_file = NULL; /* Client certificate file (pem format) */
char *privkey_file = NULL; /* Client private key file (pem format) */
char *pkcs12_file = NULL; /* Client private key envelope file (pkcs12 format) */
char *cert_file = NULL; /* Client certificate file (pem format) */
char *privkey_file = NULL; /* Client private key file (pem format) */
char *pkcs12_file = NULL; /* Client private key envelope file (pkcs12 format) */
static int have_srp_secret(char *client, char *server, int need_ip,
int *lacks_ipp);
static int have_srp_secret(char *client, char *server, int need_ip,
int *lacks_ipp);
static int have_eaptls_secret_server
(char *client, char *server, int need_ip, int *lacks_ipp);
static int have_eaptls_secret_client (char *client, char *server);
static int have_eaptls_secret_server
(char *client, char *server, int need_ip, int *lacks_ipp);
static int have_eaptls_secret_client (char *client, char *server);
{ "ca", o_string, &cacert_file, "CA certificate in PEM format" },
{ "capath", o_string, &ca_path, "TLS CA certificate directory" },
{ "crl-dir", o_string, &crl_dir, "Use CRLs in directory" },
{ "ca", o_string, &cacert_file, "CA certificate in PEM format" },
{ "capath", o_string, &ca_path, "TLS CA certificate directory" },
{ "crl-dir", o_string, &crl_dir, "Use CRLs in directory" },
{ "cert", o_string, &cert_file, "client certificate in PEM format" },
{ "key", o_string, &privkey_file, "client private key in PEM format" },
{ "pkcs12", o_string, &pkcs12_file, "EAP-TLS client credentials in PKCS12 format" },
{ "need-peer-eap", o_bool, &need_peer_eap,
"Require the peer to authenticate us", 1 },
{ "cert", o_string, &cert_file, "client certificate in PEM format" },
{ "key", o_string, &privkey_file, "client private key in PEM format" },
{ "pkcs12", o_string, &pkcs12_file, "EAP-TLS client credentials in PKCS12 format" },
{ "need-peer-eap", o_bool, &need_peer_eap,
"Require the peer to authenticate us", 1 },
lcp_options *wo = &lcp_wantoptions[unit];
lcp_options *go = &lcp_gotoptions[unit];
lcp_options *ho = &lcp_hisoptions[unit];
lcp_options *wo = &lcp_wantoptions[unit];
lcp_options *go = &lcp_gotoptions[unit];
lcp_options *ho = &lcp_hisoptions[unit];
if (need_peer_eap && !ao->neg_eap) {
warn("eap required to authenticate us but no suitable secrets");
lcp_close(unit, "couldn't negotiate eap");
if (need_peer_eap && !ao->neg_eap) {
warn("eap required to authenticate us but no suitable secrets");
lcp_close(unit, "couldn't negotiate eap");
(hadchap == 1 || (hadchap == -1 && have_chap_secret(user,
(explicit_remote? remote_name: NULL), 0, NULL))) ||
have_srp_secret(user, (explicit_remote? remote_name: NULL), 0, NULL)
(hadchap == 1 || (hadchap == -1 && have_chap_secret(user,
(explicit_remote? remote_name: NULL), 0, NULL))) ||
have_srp_secret(user, (explicit_remote? remote_name: NULL), 0, NULL)
1, NULL))) &&
!have_srp_secret((explicit_remote? remote_name: NULL), our_name, 1,
NULL)
1, NULL))) &&
!have_srp_secret((explicit_remote? remote_name: NULL), our_name, 1,
NULL)
static int
have_eaptls_secret_server(char *client, char *server,
int need_ip, int *lacks_ipp)
static int
have_eaptls_secret_server(char *client, char *server,
int need_ip, int *lacks_ipp)