*
***********************************************************************/
static char const RCSID[] =
-"$Id: radius.c,v 1.18 2002/11/13 18:19:26 fcusack Exp $";
+"$Id: radius.c,v 1.20 2002/12/24 03:43:35 fcusack Exp $";
#include "pppd.h"
#include "chap.h"
{
u_int32_t remote;
int ms_chap2_success = 0;
+#ifdef MPPE
+ int mppe_enc_keys = 0; /* whether or not these were received */
+ int mppe_enc_policy = 0;
+ int mppe_enc_types = 0;
+#endif
/* Send RADIUS attributes to anyone else who might be interested */
if (radius_attributes_hook) {
"RADIUS: bad MS-CHAP-MPPE-Keys attribute");
return -1;
}
+ mppe_enc_keys = 1;
break;
case PW_MS_MPPE_SEND_KEY:
"Send": "Recv");
return -1;
}
+ mppe_enc_keys = 1;
break;
-#endif /* MPPE */
-#if 0
+
case PW_MS_MPPE_ENCRYPTION_POLICY:
+ mppe_enc_policy = vp->lvalue; /* save for later */
+ break;
+
case PW_MS_MPPE_ENCRYPTION_TYPES:
+ mppe_enc_types = vp->lvalue; /* save for later */
+ break;
+
+#endif /* MPPE */
+#if 0
case PW_MS_PRIMARY_DNS_SERVER:
case PW_MS_SECONDARY_DNS_SERVER:
case PW_MS_PRIMARY_NBNS_SERVER:
if (cstate && (cstate->chal_type == CHAP_MICROSOFT_V2) && !ms_chap2_success)
return -1;
+#ifdef MPPE
+ /*
+ * Require both policy and key attributes to indicate a valid key.
+ * Note that if the policy value was '0' we don't set the key!
+ */
+ if (mppe_enc_policy && mppe_enc_keys) {
+ mppe_keys_set = 1;
+ /* Set/modify allowed encryption types. */
+ if (mppe_enc_types)
+ set_mppe_enc_types(mppe_enc_policy, mppe_enc_types);
+ }
+#endif
+
return 0;
}