int (*pap_check_hook)(void);
int (*pap_passwd_hook)(char *user, char *passwd);
-int (*pap_auth_hook)(char *user, int userlen,
- char *passwd, int passlen,
- char **msgp, int *msglenp,
+int (*pap_auth_hook)(char *user, char *passwd, char **msgp,
struct wordlist **paddrs,
struct wordlist **popts);
void (*pap_logout_hook)(void);
purposes. This hook is deprecated and will be replaced by a notifier.
+int (*chap_check_hook)(void);
+int (*chap_passwd_hook)(char *user, char *passwd);
+int (*chap_verify_hook)(char *name, char *ourname, int id,
+ struct chap_digest_type *digest,
+ unsigned char *challenge, unsigned char *response,
+ char *message, int message_space)
+
+These hooks are designed to allow a plugin to replace the normal CHAP
+password processing in pppd with something different (e.g. contacting
+an external server).
+
+The chap_check_hook is called to check whether there is any possibility
+that the peer could authenticate itself to us. If it returns 1, pppd
+will ask the peer to authenticate itself. If it returns 0, pppd will
+not ask the peer to authenticate itself (but if authentication is
+required, pppd may exit, or terminate the link before network protocol
+negotiation). If it returns -1, pppd will look in the chap-secrets
+file as it would normally.
+
+The chap_passwd_hook is called to determine what password
+pppd should use in authenticating itself to the peer with CHAP. The
+user string will already be initialized, by the `user' option, the
+`name' option, or from the hostname, but can be changed if necessary.
+This hook is called only if pppd is a client, not if it is a server.
+
+MAXSECRETLEN bytes of space are available at *passwd. If this hook
+returns 0, pppd will use the value *passwd; if it returns -1, pppd
+will fail to authenticate.
+
+The chap_verify_hook is called to determine whether the peer's
+response to our CHAP challenge is valid -- it should return 1 if valid
+or 0 if not. The parameters are:
+
+* name points to a null-terminated string containing the username
+ supplied by the peer, or the remote name specified with the
+ "remotename" option.
+* ourname points to a null-terminated string containing the name of
+ the local machine (the hostname, or the name specified with the
+ "name" option).
+* id is the value of the id field from the challenge.
+* digest points to a chap_digest_type struct, which contains an
+ identifier for the type of digest in use plus function pointers for
+ functions for dealing with digests of that type.
+* challenge points to the challenge as a counted string (length byte
+ followed by the actual challenge bytes).
+* response points to the response as a counted string.
+* message points to an area of message_space bytes in which to store
+ any message that should be returned to the peer.
+
+
int (*null_auth_hook)(struct wordlist **paddrs,
struct wordlist **popts);
determine the peer's address in the usual manner.
+int (*allowed_address_hook)(u_int32_t addr)
+
+This hook is called to see if a peer is allowed to use the specified
+address. If the hook returns 1, the address is accepted. If it returns
+0, the address is rejected. If it returns -1, the address is verified
+in the normal away against the appropriate options and secrets files.
+
+
+void (*snoop_recv_hook)(unsigned char *p, int len)
+void (*snoop_send_hook)(unsigned char *p, int len)
+
+These hooks are called whenever pppd receives or sends a packet. The
+packet is in p; its length is len. This allows plugins to "snoop in"
+on the pppd conversation. The hooks may prove useful in implmenting
+L2TP.
+
A plugin registers itself with a notifier by declaring a procedure of
the form:
-## $Id: PLUGINS,v 1.3 2001/05/21 08:34:33 paulus Exp $ ##
+## $Id: PLUGINS,v 1.7 2005/07/12 08:56:07 paulus Exp $ ##