From: Frank Cusack Date: Tue, 24 Sep 2002 11:35:22 +0000 (+0000) Subject: Lose the poorly thought out OPT_A3OR option flag. Fix a CHAP negotiation bug X-Git-Tag: ppp-2.4.7~382 X-Git-Url: http://git.ozlabs.org/?p=ppp.git;a=commitdiff_plain;h=d192a0b4b5afa7f6c0741a3bd41f417a055225a7 Lose the poorly thought out OPT_A3OR option flag. Fix a CHAP negotiation bug along the way -- if the peer nak'd with an chap digest we didn't support, we would continue to offer our first choice digest. --- diff --git a/pppd/auth.c b/pppd/auth.c index 1858a06..5af2ee0 100644 --- a/pppd/auth.c +++ b/pppd/auth.c @@ -32,7 +32,7 @@ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ -#define RCSID "$Id: auth.c,v 1.83 2002/09/15 12:51:05 paulus Exp $" +#define RCSID "$Id: auth.c,v 1.84 2002/09/24 11:35:22 fcusack Exp $" #include #include @@ -236,31 +236,31 @@ option_t auth_options[] = { { "+pap", o_bool, &lcp_wantoptions[0].neg_upap, "Require PAP authentication from peer", OPT_ALIAS | OPT_PRIOSUB | 1, &auth_required }, - { "require-chap", o_bool, &lcp_wantoptions[0].neg_chap, + { "require-chap", o_bool, &auth_required, "Require CHAP authentication from peer", - OPT_PRIOSUB | OPT_A2COPY | OPT_A3OR | MDTYPE_MD5, - &auth_required, 0, 0, NULL, 0, 0, &lcp_wantoptions[0].chap_mdtype }, - { "+chap", o_bool, &lcp_wantoptions[0].neg_chap, + OPT_PRIOSUB | OPT_A2OR | MDTYPE_MD5, + &lcp_wantoptions[0].chap_mdtype }, + { "+chap", o_bool, &auth_required, "Require CHAP authentication from peer", - OPT_ALIAS | OPT_PRIOSUB | OPT_A2COPY | OPT_A3OR | MDTYPE_MD5, - &auth_required, 0, 0, NULL, 0, 0, &lcp_wantoptions[0].chap_mdtype }, + OPT_ALIAS | OPT_PRIOSUB | OPT_A2OR | MDTYPE_MD5, + &lcp_wantoptions[0].chap_mdtype }, #ifdef CHAPMS - { "require-mschap", o_bool, &lcp_wantoptions[0].neg_chap, + { "require-mschap", o_bool, &auth_required, "Require MS-CHAP authentication from peer", - OPT_PRIOSUB | OPT_A2COPY | OPT_A3OR | MDTYPE_MICROSOFT, - &auth_required, 0, 0, NULL, 0, 0, &lcp_wantoptions[0].chap_mdtype }, - { "+mschap", o_bool, &lcp_wantoptions[0].neg_chap, + OPT_PRIOSUB | OPT_A2OR | MDTYPE_MICROSOFT, + &lcp_wantoptions[0].chap_mdtype }, + { "+mschap", o_bool, &auth_required, "Require MS-CHAP authentication from peer", - OPT_ALIAS | OPT_PRIOSUB | OPT_A2COPY | OPT_A3OR | MDTYPE_MICROSOFT, - &auth_required, 0, 0, NULL, 0, 0, &lcp_wantoptions[0].chap_mdtype }, - { "require-mschap-v2", o_bool, &lcp_wantoptions[0].neg_chap, + OPT_ALIAS | OPT_PRIOSUB | OPT_A2OR | MDTYPE_MICROSOFT, + &lcp_wantoptions[0].chap_mdtype }, + { "require-mschap-v2", o_bool, &auth_required, "Require MS-CHAPv2 authentication from peer", - OPT_PRIOSUB | OPT_A2COPY | OPT_A3OR | MDTYPE_MICROSOFT_V2, - &auth_required, 0, 0, NULL, 0, 0, &lcp_wantoptions[0].chap_mdtype }, - { "+mschap-v2", o_bool, &lcp_wantoptions[0].neg_chap, + OPT_PRIOSUB | OPT_A2OR | MDTYPE_MICROSOFT_V2, + &lcp_wantoptions[0].chap_mdtype }, + { "+mschap-v2", o_bool, &auth_required, "Require MS-CHAPv2 authentication from peer", - OPT_ALIAS | OPT_PRIOSUB | OPT_A2COPY | OPT_A3OR | MDTYPE_MICROSOFT_V2, - &auth_required, 0, 0, NULL, 0, 0, &lcp_wantoptions[0].chap_mdtype }, + OPT_ALIAS | OPT_PRIOSUB | OPT_A2OR | MDTYPE_MICROSOFT_V2, + &lcp_wantoptions[0].chap_mdtype }, #endif { "refuse-pap", o_bool, &refuse_pap, @@ -268,7 +268,8 @@ option_t auth_options[] = { { "-pap", o_bool, &refuse_pap, "Don't allow PAP authentication with peer", OPT_ALIAS | 1 }, { "refuse-chap", o_bool, &refuse_chap, - "Don't agree to auth to peer with CHAP", OPT_A2CLRB | MDTYPE_MD5, + "Don't agree to auth to peer with CHAP", + OPT_A2CLRB | MDTYPE_MD5, &lcp_allowoptions[0].chap_mdtype }, { "-chap", o_bool, &refuse_chap, "Don't allow CHAP authentication with peer", @@ -277,14 +278,16 @@ option_t auth_options[] = { #ifdef CHAPMS { "refuse-mschap", o_bool, &refuse_mschap, "Don't agree to auth to peer with MS-CHAP", - OPT_A2CLRB | MDTYPE_MICROSOFT, &lcp_allowoptions[0].chap_mdtype }, + OPT_A2CLRB | MDTYPE_MICROSOFT, + &lcp_allowoptions[0].chap_mdtype }, { "-mschap", o_bool, &refuse_mschap, "Don't allow MS-CHAP authentication with peer", OPT_ALIAS | OPT_A2CLRB | MDTYPE_MICROSOFT, &lcp_allowoptions[0].chap_mdtype }, { "refuse-mschap-v2", o_bool, &refuse_mschap_v2, "Don't agree to auth to peer with MS-CHAPv2", - OPT_A2CLRB | MDTYPE_MICROSOFT_V2, &lcp_allowoptions[0].chap_mdtype }, + OPT_A2CLRB | MDTYPE_MICROSOFT_V2, + &lcp_allowoptions[0].chap_mdtype }, { "-mschap-v2", o_bool, &refuse_mschap_v2, "Don't allow MS-CHAPv2 authentication with peer", OPT_ALIAS | OPT_A2CLRB | MDTYPE_MICROSOFT_V2, @@ -984,6 +987,10 @@ auth_check_options() default_auth = 1; } + /* If we selected any CHAP flavors, we should probably negotiate it. :-) */ + if (wo->chap_mdtype) + wo->neg_chap = 1; + /* If authentication is required, ask peer for CHAP or PAP. */ if (auth_required) { allow_any_ip = 0; diff --git a/pppd/chap.h b/pppd/chap.h index ae42379..5372822 100644 --- a/pppd/chap.h +++ b/pppd/chap.h @@ -30,7 +30,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: chap.h,v 1.13 2002/05/21 17:26:49 dfs Exp $ + * $Id: chap.h,v 1.14 2002/09/24 11:35:22 fcusack Exp $ */ #ifndef __CHAP_INCLUDE__ @@ -57,7 +57,7 @@ #define MDTYPE_MD5 0x4 #ifdef CHAPMS -#define MDTYPE_ALL (MDTYPE_MICROSOFT_V2 | MDTYPE_MICROSOFT |MDTYPE_MD5) +#define MDTYPE_ALL (MDTYPE_MICROSOFT_V2 | MDTYPE_MICROSOFT | MDTYPE_MD5) #else #define MDTYPE_ALL (MDTYPE_MD5) #endif diff --git a/pppd/lcp.c b/pppd/lcp.c index d67a741..1923c6d 100644 --- a/pppd/lcp.c +++ b/pppd/lcp.c @@ -17,7 +17,7 @@ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ -#define RCSID "$Id: lcp.c,v 1.61 2002/09/12 22:51:06 paulus Exp $" +#define RCSID "$Id: lcp.c,v 1.62 2002/09/24 11:35:22 fcusack Exp $" /* * TODO: @@ -676,12 +676,12 @@ lcp_addci(f, ucp, lenp) PUTCHAR(CILEN_SHORT, ucp); \ PUTSHORT(val, ucp); \ } -#define ADDCICHAP(opt, neg, val, digest) \ +#define ADDCICHAP(opt, neg, val) \ if (neg) { \ PUTCHAR((opt), ucp); \ PUTCHAR(CILEN_CHAP, ucp); \ - PUTSHORT((val), ucp); \ - PUTCHAR((digest), ucp); \ + PUTSHORT(PPP_CHAP, ucp); \ + PUTCHAR((CHAP_DIGEST(val)), ucp); \ } #define ADDCILONG(opt, neg, val) \ if (neg) { \ @@ -715,7 +715,7 @@ lcp_addci(f, ucp, lenp) ADDCISHORT(CI_MRU, go->neg_mru && go->mru != DEFMRU, go->mru); ADDCILONG(CI_ASYNCMAP, go->neg_asyncmap && go->asyncmap != 0xFFFFFFFF, go->asyncmap); - ADDCICHAP(CI_AUTHTYPE, go->neg_chap, PPP_CHAP,CHAP_DIGEST(go->chap_mdtype)); + ADDCICHAP(CI_AUTHTYPE, go->neg_chap, go->chap_mdtype); ADDCISHORT(CI_AUTHTYPE, !go->neg_chap && go->neg_upap, PPP_PAP); ADDCILQR(CI_QUALITY, go->neg_lqr, go->lqr_period); ADDCICHAR(CI_CALLBACK, go->neg_cbcp, CBCP_OPT); @@ -794,7 +794,7 @@ lcp_ackci(f, p, len) if (cichar != val) \ goto bad; \ } -#define ACKCICHAP(opt, neg, val, digest) \ +#define ACKCICHAP(opt, neg, val) \ if (neg) { \ if ((len -= CILEN_CHAP) < 0) \ goto bad; \ @@ -804,10 +804,10 @@ lcp_ackci(f, p, len) citype != (opt)) \ goto bad; \ GETSHORT(cishort, p); \ - if (cishort != (val)) \ + if (cishort != PPP_CHAP) \ goto bad; \ GETCHAR(cichar, p); \ - if (cichar != (digest)) \ + if (cichar != (CHAP_DIGEST(val))) \ goto bad; \ } #define ACKCILONG(opt, neg, val) \ @@ -862,7 +862,7 @@ lcp_ackci(f, p, len) ACKCISHORT(CI_MRU, go->neg_mru && go->mru != DEFMRU, go->mru); ACKCILONG(CI_ASYNCMAP, go->neg_asyncmap && go->asyncmap != 0xFFFFFFFF, go->asyncmap); - ACKCICHAP(CI_AUTHTYPE, go->neg_chap, PPP_CHAP,CHAP_DIGEST(go->chap_mdtype)); + ACKCICHAP(CI_AUTHTYPE, go->neg_chap, go->chap_mdtype); ACKCISHORT(CI_AUTHTYPE, !go->neg_chap && go->neg_upap, PPP_PAP); ACKCILQR(CI_QUALITY, go->neg_lqr, go->lqr_period); ACKCICHAR(CI_CALLBACK, go->neg_cbcp, CBCP_OPT); @@ -1058,8 +1058,8 @@ lcp_nakci(f, p, len) go->chap_mdtype = CHAP_MDTYPE_D(cichar); } else { /* ... otherwise, try our next-preferred algorithm. */ - go->chap_mdtype &= ~(CHAP_MDTYPE(go->chap_mdtype)); - if (go->chap_mdtype == MDTYPE_NONE) /* out of algos */ + try.chap_mdtype &= ~(CHAP_MDTYPE(try.chap_mdtype)); + if (try.chap_mdtype == MDTYPE_NONE) /* out of algos */ try.neg_chap = 0; } } else { @@ -1300,7 +1300,7 @@ lcp_rejci(f, p, len) goto bad; \ try.neg = 0; \ } -#define REJCICHAP(opt, neg, val, digest) \ +#define REJCICHAP(opt, neg, val) \ if (go->neg && \ len >= CILEN_CHAP && \ p[1] == CILEN_CHAP && \ @@ -1310,7 +1310,7 @@ lcp_rejci(f, p, len) GETSHORT(cishort, p); \ GETCHAR(cichar, p); \ /* Check rejected value. */ \ - if ((cishort != (val)) || (cichar != (digest))) \ + if ((cishort != PPP_CHAP) || (cichar != (CHAP_DIGEST(val)))) \ goto bad; \ try.neg = 0; \ try.neg_upap = 0; \ @@ -1376,7 +1376,7 @@ lcp_rejci(f, p, len) REJCISHORT(CI_MRU, neg_mru, go->mru); REJCILONG(CI_ASYNCMAP, neg_asyncmap, go->asyncmap); - REJCICHAP(CI_AUTHTYPE, neg_chap, PPP_CHAP, CHAP_DIGEST(go->chap_mdtype)); + REJCICHAP(CI_AUTHTYPE, neg_chap, go->chap_mdtype); if (!go->neg_chap) { REJCISHORT(CI_AUTHTYPE, neg_upap, PPP_PAP); } diff --git a/pppd/options.c b/pppd/options.c index 09a2db1..109bfa6 100644 --- a/pppd/options.c +++ b/pppd/options.c @@ -17,7 +17,7 @@ * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. */ -#define RCSID "$Id: options.c,v 1.87 2002/09/14 08:05:27 etbe Exp $" +#define RCSID "$Id: options.c,v 1.88 2002/09/24 11:35:22 fcusack Exp $" #include #include @@ -653,8 +653,6 @@ process_option(opt, cmd, argv) *(u_char *)(opt->addr2) &= ~v; else if (opt->addr2 && (opt->flags & OPT_A2OR)) *(u_char *)(opt->addr2) |= v; - if (opt->addr3 && (opt->flags & OPT_A3OR)) - *(u_char *)(opt->addr3) |= v; break; case o_int: diff --git a/pppd/pppd.h b/pppd/pppd.h index fde104b..493f86e 100644 --- a/pppd/pppd.h +++ b/pppd/pppd.h @@ -16,7 +16,7 @@ * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. * - * $Id: pppd.h,v 1.73 2002/09/07 05:15:25 carlsonj Exp $ + * $Id: pppd.h,v 1.74 2002/09/24 11:35:22 fcusack Exp $ */ /* @@ -120,7 +120,6 @@ typedef struct { #define OPT_A2PRINTER 0x10000000 /* *addr2 is a fn for printing option */ #define OPT_A2STRVAL 0x20000000 /* *addr2 points to current string value */ #define OPT_NOPRINT 0x40000000 /* don't print this option at all */ -#define OPT_A3OR 0x80000000u /* addr3 -> third location to rcv | value */ #define OPT_VAL(x) ((x) & OPT_VALUE)