/* Hook for a plugin to get the CHAP password for authenticating us */
int (*chap_passwd_hook)(char *user, char *passwd) = NULL;
/* Hook for a plugin to get the CHAP password for authenticating us */
int (*chap_passwd_hook)(char *user, char *passwd) = NULL;
/* Hook for a plugin to get the EAP-TLS password for authenticating us */
int (*eaptls_passwd_hook)(char *user, char *passwd) = NULL;
#endif
/* Hook for a plugin to get the EAP-TLS password for authenticating us */
int (*eaptls_passwd_hook)(char *user, char *passwd) = NULL;
#endif
/* Hook for plugin to hear when an interface joins a multilink bundle */
void (*multilink_join_hook)(void) = NULL;
#endif
/* Hook for plugin to hear when an interface joins a multilink bundle */
void (*multilink_join_hook)(void) = NULL;
#endif
bool refuse_pap = 0; /* Don't wanna auth. ourselves with PAP */
bool refuse_chap = 0; /* Don't wanna auth. ourselves with CHAP */
bool refuse_eap = 0; /* Don't wanna auth. ourselves with EAP */
bool refuse_pap = 0; /* Don't wanna auth. ourselves with PAP */
bool refuse_chap = 0; /* Don't wanna auth. ourselves with CHAP */
bool refuse_eap = 0; /* Don't wanna auth. ourselves with EAP */
bool refuse_mschap = 0; /* Don't wanna auth. ourselves with MS-CHAP */
bool refuse_mschap_v2 = 0; /* Don't wanna auth. ourselves with MS-CHAPv2 */
#else
bool refuse_mschap = 0; /* Don't wanna auth. ourselves with MS-CHAP */
bool refuse_mschap_v2 = 0; /* Don't wanna auth. ourselves with MS-CHAPv2 */
#else
bool explicit_passwd = 0; /* Set if "password" option supplied */
char remote_name[MAXNAMELEN]; /* Peer's name for authentication */
bool explicit_passwd = 0; /* Set if "password" option supplied */
char remote_name[MAXNAMELEN]; /* Peer's name for authentication */
char *cacert_file = NULL; /* CA certificate file (pem format) */
char *ca_path = NULL; /* Directory with CA certificates */
char *crl_dir = NULL; /* Directory containing CRL files */
char *cacert_file = NULL; /* CA certificate file (pem format) */
char *ca_path = NULL; /* Directory with CA certificates */
char *crl_dir = NULL; /* Directory containing CRL files */
char *cert_file = NULL; /* Client certificate file (pem format) */
char *privkey_file = NULL; /* Client private key file (pem format) */
char *pkcs12_file = NULL; /* Client private key envelope file (pkcs12 format) */
char *cert_file = NULL; /* Client certificate file (pem format) */
char *privkey_file = NULL; /* Client private key file (pem format) */
char *pkcs12_file = NULL; /* Client private key envelope file (pkcs12 format) */
static int have_srp_secret(char *client, char *server, int need_ip,
int *lacks_ipp);
static int have_srp_secret(char *client, char *server, int need_ip,
int *lacks_ipp);
static int have_eaptls_secret_server
(char *client, char *server, int need_ip, int *lacks_ipp);
static int have_eaptls_secret_client (char *client, char *server);
static int have_eaptls_secret_server
(char *client, char *server, int need_ip, int *lacks_ipp);
static int have_eaptls_secret_client (char *client, char *server);
static int set_permitted_number (char **);
static void check_access (FILE *, char *);
static int wordlist_count (struct wordlist *);
static int set_permitted_number (char **);
static void check_access (FILE *, char *);
static int wordlist_count (struct wordlist *);
"Require CHAP authentication from peer",
OPT_ALIAS | OPT_PRIOSUB | OPT_A2OR | MDTYPE_MD5,
&lcp_wantoptions[0].chap_mdtype },
"Require CHAP authentication from peer",
OPT_ALIAS | OPT_PRIOSUB | OPT_A2OR | MDTYPE_MD5,
&lcp_wantoptions[0].chap_mdtype },
{ "require-mschap", o_bool, &auth_required,
"Require MS-CHAP authentication from peer",
OPT_PRIOSUB | OPT_A2OR | MDTYPE_MICROSOFT,
{ "require-mschap", o_bool, &auth_required,
"Require MS-CHAP authentication from peer",
OPT_PRIOSUB | OPT_A2OR | MDTYPE_MICROSOFT,
"Don't allow CHAP authentication with peer",
OPT_ALIAS | OPT_A2CLRB | MDTYPE_MD5,
&lcp_allowoptions[0].chap_mdtype },
"Don't allow CHAP authentication with peer",
OPT_ALIAS | OPT_A2CLRB | MDTYPE_MD5,
&lcp_allowoptions[0].chap_mdtype },
{ "refuse-mschap", o_bool, &refuse_mschap,
"Don't agree to auth to peer with MS-CHAP",
OPT_A2CLRB | MDTYPE_MICROSOFT,
{ "refuse-mschap", o_bool, &refuse_mschap,
"Don't agree to auth to peer with MS-CHAP",
OPT_A2CLRB | MDTYPE_MICROSOFT,
{ "ca", o_string, &cacert_file, "CA certificate in PEM format" },
{ "capath", o_string, &ca_path, "TLS CA certificate directory" },
{ "crl-dir", o_string, &crl_dir, "Use CRLs in directory" },
{ "ca", o_string, &cacert_file, "CA certificate in PEM format" },
{ "capath", o_string, &ca_path, "TLS CA certificate directory" },
{ "crl-dir", o_string, &crl_dir, "Use CRLs in directory" },
{ "cert", o_string, &cert_file, "client certificate in PEM format" },
{ "key", o_string, &privkey_file, "client private key in PEM format" },
{ "pkcs12", o_string, &pkcs12_file, "EAP-TLS client credentials in PKCS12 format" },
{ "need-peer-eap", o_bool, &need_peer_eap,
"Require the peer to authenticate us", 1 },
{ "cert", o_string, &cert_file, "client certificate in PEM format" },
{ "key", o_string, &privkey_file, "client private key in PEM format" },
{ "pkcs12", o_string, &pkcs12_file, "EAP-TLS client credentials in PKCS12 format" },
{ "need-peer-eap", o_bool, &need_peer_eap,
"Require the peer to authenticate us", 1 },
lcp_options *wo = &lcp_wantoptions[unit];
lcp_options *go = &lcp_gotoptions[unit];
lcp_options *ho = &lcp_hisoptions[unit];
lcp_options *wo = &lcp_wantoptions[unit];
lcp_options *go = &lcp_gotoptions[unit];
lcp_options *ho = &lcp_hisoptions[unit];
if (need_peer_eap && !ao->neg_eap) {
warn("eap required to authenticate us but no suitable secrets");
lcp_close(unit, "couldn't negotiate eap");
if (need_peer_eap && !ao->neg_eap) {
warn("eap required to authenticate us but no suitable secrets");
lcp_close(unit, "couldn't negotiate eap");
if (--num_np_up == 0) {
UNTIMEOUT(check_idle, NULL);
UNTIMEOUT(connect_time_expired, NULL);
if (--num_np_up == 0) {
UNTIMEOUT(check_idle, NULL);
UNTIMEOUT(connect_time_expired, NULL);
(hadchap == 1 || (hadchap == -1 && have_chap_secret(user,
(explicit_remote? remote_name: NULL), 0, NULL))) ||
have_srp_secret(user, (explicit_remote? remote_name: NULL), 0, NULL)
(hadchap == 1 || (hadchap == -1 && have_chap_secret(user,
(explicit_remote? remote_name: NULL), 0, NULL))) ||
have_srp_secret(user, (explicit_remote? remote_name: NULL), 0, NULL)
1, NULL))) &&
!have_srp_secret((explicit_remote? remote_name: NULL), our_name, 1,
NULL)
1, NULL))) &&
!have_srp_secret((explicit_remote? remote_name: NULL), our_name, 1,
NULL)
if (!am_server && passwd[0] != '\0') {
strlcpy(secret, passwd, MAXWORDLEN);
} else {
if (!am_server && passwd[0] != '\0') {
strlcpy(secret, passwd, MAXWORDLEN);
} else {
auth_script_pid = run_program(script, argv, 0, auth_script_done, NULL, 0);
}
auth_script_pid = run_program(script, argv, 0, auth_script_done, NULL, 0);
}
static int
have_eaptls_secret_server(char *client, char *server,
int need_ip, int *lacks_ipp)
static int
have_eaptls_secret_server(char *client, char *server,
int need_ip, int *lacks_ipp)