X-Git-Url: https://git.ozlabs.org/?a=blobdiff_plain;f=pppd%2Fccp.c;h=088a163c3f68370623b09ee3ecf61ea6436ca419;hb=509f04959ad891d7f981f035ed461d51bd1f74b0;hp=7d7922afcfc0b2d4178319dc903dc3c19427c1c3;hpb=094cb8ae4c61db225e67fedadb4964f846dd0c27;p=ppp.git diff --git a/pppd/ccp.c b/pppd/ccp.c index 7d7922a..088a163 100644 --- a/pppd/ccp.c +++ b/pppd/ccp.c @@ -28,22 +28,28 @@ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + #define RCSID "$Id: ccp.c,v 1.50 2005/06/26 19:34:41 carlsonj Exp $" #include #include +#if defined(SOL2) +#include +#else +#include +#endif #include "pppd.h" #include "fsm.h" #include "ccp.h" -#include -#ifdef MPPE -#include "chap_ms.h" /* mppe_xxxx_key, mppe_keys_set */ +#include "chap_ms.h" +#include "mppe.h" #include "lcp.h" /* lcp_close(), lcp_fsm */ -#endif -static const char rcsid[] = RCSID; /* * Unfortunately there is a bug in zlib which means that using a @@ -57,15 +63,15 @@ static const char rcsid[] = RCSID; /* * Command-line options. */ -static int setbsdcomp __P((char **)); -static int setdeflate __P((char **)); +static int setbsdcomp (char **); +static int setdeflate (char **); static char bsd_value[8]; static char deflate_value[8]; /* * Option variables. */ -#ifdef MPPE +#ifdef PPP_WITH_MPPE bool refuse_mppe_stateful = 1; /* Allow stateful mode? */ #endif @@ -108,7 +114,7 @@ static option_t ccp_option_list[] = { "don't allow Predictor-1", OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLR, &ccp_allowoptions[0].predictor_1 }, -#ifdef MPPE +#ifdef PPP_WITH_MPPE /* MPPE options are symmetrical ... we only set wantoptions here */ { "require-mppe", o_bool, &ccp_wantoptions[0].mppe, "require MPPE encryption", @@ -164,17 +170,17 @@ static option_t ccp_option_list[] = { /* * Protocol entry points from main code. */ -static void ccp_init __P((int unit)); -static void ccp_open __P((int unit)); -static void ccp_close __P((int unit, char *)); -static void ccp_lowerup __P((int unit)); -static void ccp_lowerdown __P((int)); -static void ccp_input __P((int unit, u_char *pkt, int len)); -static void ccp_protrej __P((int unit)); -static int ccp_printpkt __P((u_char *pkt, int len, - void (*printer) __P((void *, char *, ...)), - void *arg)); -static void ccp_datainput __P((int unit, u_char *pkt, int len)); +static void ccp_init (int unit); +static void ccp_open (int unit); +static void ccp_close (int unit, char *); +static void ccp_lowerup (int unit); +static void ccp_lowerdown (int); +static void ccp_input (int unit, u_char *pkt, int len); +static void ccp_protrej (int unit); +static int ccp_printpkt (u_char *pkt, int len, + void (*printer)(void *, char *, ...), + void *arg); +static void ccp_datainput (int unit, u_char *pkt, int len); struct protent ccp_protent = { PPP_CCP, @@ -205,18 +211,18 @@ ccp_options ccp_hisoptions[NUM_PPP]; /* what we agreed to do */ /* * Callbacks for fsm code. */ -static void ccp_resetci __P((fsm *)); -static int ccp_cilen __P((fsm *)); -static void ccp_addci __P((fsm *, u_char *, int *)); -static int ccp_ackci __P((fsm *, u_char *, int)); -static int ccp_nakci __P((fsm *, u_char *, int, int)); -static int ccp_rejci __P((fsm *, u_char *, int)); -static int ccp_reqci __P((fsm *, u_char *, int *, int)); -static void ccp_up __P((fsm *)); -static void ccp_down __P((fsm *)); -static int ccp_extcode __P((fsm *, int, int, u_char *, int)); -static void ccp_rack_timeout __P((void *)); -static char *method_name __P((ccp_options *, ccp_options *)); +static void ccp_resetci (fsm *); +static int ccp_cilen (fsm *); +static void ccp_addci (fsm *, u_char *, int *); +static int ccp_ackci (fsm *, u_char *, int); +static int ccp_nakci (fsm *, u_char *, int, int); +static int ccp_rejci (fsm *, u_char *, int); +static int ccp_reqci (fsm *, u_char *, int *, int); +static void ccp_up (fsm *); +static void ccp_down (fsm *); +static int ccp_extcode (fsm *, int, int, u_char *, int); +static void ccp_rack_timeout (void *); +static char *method_name (ccp_options *, ccp_options *); static fsm_callbacks ccp_callbacks = { ccp_resetci, @@ -258,8 +264,7 @@ static int all_rejected[NUM_PPP]; /* we rejected all peer's options */ * Option parsing. */ static int -setbsdcomp(argv) - char **argv; +setbsdcomp(char **argv) { int rbits, abits; char *str, *endp; @@ -297,8 +302,7 @@ setbsdcomp(argv) } static int -setdeflate(argv) - char **argv; +setdeflate(char **argv) { int rbits, abits; char *str, *endp; @@ -348,8 +352,7 @@ setdeflate(argv) * ccp_init - initialize CCP. */ static void -ccp_init(unit) - int unit; +ccp_init(int unit) { fsm *f = &ccp_fsm[unit]; @@ -384,8 +387,7 @@ ccp_init(unit) * ccp_open - CCP is allowed to come up. */ static void -ccp_open(unit) - int unit; +ccp_open(int unit) { fsm *f = &ccp_fsm[unit]; @@ -407,9 +409,7 @@ ccp_open(unit) * ccp_close - Terminate CCP. */ static void -ccp_close(unit, reason) - int unit; - char *reason; +ccp_close(int unit, char *reason) { ccp_flags_set(unit, 0, 0); fsm_close(&ccp_fsm[unit], reason); @@ -419,8 +419,7 @@ ccp_close(unit, reason) * ccp_lowerup - we may now transmit CCP packets. */ static void -ccp_lowerup(unit) - int unit; +ccp_lowerup(int unit) { fsm_lowerup(&ccp_fsm[unit]); } @@ -429,8 +428,7 @@ ccp_lowerup(unit) * ccp_lowerdown - we may not transmit CCP packets. */ static void -ccp_lowerdown(unit) - int unit; +ccp_lowerdown(int unit) { fsm_lowerdown(&ccp_fsm[unit]); } @@ -439,10 +437,7 @@ ccp_lowerdown(unit) * ccp_input - process a received CCP packet. */ static void -ccp_input(unit, p, len) - int unit; - u_char *p; - int len; +ccp_input(int unit, u_char *p, int len) { fsm *f = &ccp_fsm[unit]; int oldstate; @@ -454,7 +449,7 @@ ccp_input(unit, p, len) fsm_input(f, p, len); if (oldstate == OPENED && p[0] == TERMREQ && f->state != OPENED) { notice("Compression disabled by peer."); -#ifdef MPPE +#ifdef PPP_WITH_MPPE if (ccp_gotoptions[unit].mppe) { error("MPPE disabled, closing LCP"); lcp_close(unit, "MPPE disabled by peer"); @@ -475,11 +470,7 @@ ccp_input(unit, p, len) * Handle a CCP-specific code. */ static int -ccp_extcode(f, code, id, p, len) - fsm *f; - int code, id; - u_char *p; - int len; +ccp_extcode(fsm *f, int code, int id, u_char *p, int len) { switch (code) { case CCP_RESETREQ: @@ -508,13 +499,12 @@ ccp_extcode(f, code, id, p, len) * ccp_protrej - peer doesn't talk CCP. */ static void -ccp_protrej(unit) - int unit; +ccp_protrej(int unit) { ccp_flags_set(unit, 0, 0); fsm_lowerdown(&ccp_fsm[unit]); -#ifdef MPPE +#ifdef PPP_WITH_MPPE if (ccp_gotoptions[unit].mppe) { error("MPPE required but peer negotiation failed"); lcp_close(unit, "MPPE required but peer negotiation failed"); @@ -527,8 +517,7 @@ ccp_protrej(unit) * ccp_resetci - initialize at start of negotiation. */ static void -ccp_resetci(f) - fsm *f; +ccp_resetci(fsm *f) { ccp_options *go = &ccp_gotoptions[f->unit]; u_char opt_buf[CCP_MAX_OPTION_LENGTH]; @@ -536,10 +525,13 @@ ccp_resetci(f) *go = ccp_wantoptions[f->unit]; all_rejected[f->unit] = 0; -#ifdef MPPE +#ifdef PPP_WITH_MPPE if (go->mppe) { ccp_options *ao = &ccp_allowoptions[f->unit]; int auth_mschap_bits = auth_done[f->unit]; +#ifdef PPP_WITH_EAPTLS + int auth_eap_bits = auth_done[f->unit]; +#endif int numbits; /* @@ -567,14 +559,29 @@ ccp_resetci(f) lcp_close(f->unit, "MPPE required but not available"); return; } + +#ifdef PPP_WITH_EAPTLS + /* + * MPPE is also possible in combination with EAP-TLS. + * It is not possible to detect if we're doing EAP or EAP-TLS + * at this stage, hence we accept all forms of EAP. If TLS is + * not used then the MPPE keys will not be derived anyway. + */ + /* Leave only the eap auth bits set */ + auth_eap_bits &= (EAP_WITHPEER | EAP_PEER ); + + if ((numbits == 0) && (auth_eap_bits == 0)) { + error("MPPE required, but MS-CHAP[v2] nor EAP-TLS auth are performed."); +#else if (!numbits) { error("MPPE required, but MS-CHAP[v2] auth not performed."); +#endif lcp_close(f->unit, "MPPE required but not available"); return; } /* A plugin (eg radius) may not have obtained key material. */ - if (!mppe_keys_set) { + if (!mppe_keys_isset()) { error("MPPE required, but keys are not available. " "Possible plugin problem?"); lcp_close(f->unit, "MPPE required but not available"); @@ -607,13 +614,11 @@ ccp_resetci(f) ao->predictor_2 = go->predictor_2 = 0; ao->deflate = go->deflate = 0; } -#endif /* MPPE */ /* * Check whether the kernel knows about the various * compression methods we might request. */ -#ifdef MPPE if (go->mppe) { opt_buf[0] = CI_MPPE; opt_buf[1] = CILEN_MPPE; @@ -624,7 +629,7 @@ ccp_resetci(f) lcp_close(f->unit, "MPPE required but not available"); } } -#endif +#endif /* PPP_WITH_MPPE */ if (go->bsd_compress) { opt_buf[0] = CI_BSD_COMPRESS; opt_buf[1] = CILEN_BSD_COMPRESS; @@ -670,8 +675,7 @@ ccp_resetci(f) * ccp_cilen - Return total length of our configuration info. */ static int -ccp_cilen(f) - fsm *f; + ccp_cilen(fsm *f) { ccp_options *go = &ccp_gotoptions[f->unit]; @@ -687,10 +691,7 @@ ccp_cilen(f) * ccp_addci - put our requests in a packet. */ static void -ccp_addci(f, p, lenp) - fsm *f; - u_char *p; - int *lenp; + ccp_addci(fsm *f, u_char *p, int *lenp) { int res; ccp_options *go = &ccp_gotoptions[f->unit]; @@ -701,7 +702,7 @@ ccp_addci(f, p, lenp) * preference order. Get the kernel to allocate the first one * in case it gets Acked. */ -#ifdef MPPE +#ifdef PPP_WITH_MPPE if (go->mppe) { u_char opt_buf[CILEN_MPPE + MPPE_MAX_KEY_LEN]; @@ -709,7 +710,7 @@ ccp_addci(f, p, lenp) p[1] = opt_buf[1] = CILEN_MPPE; MPPE_OPTS_TO_CI(go->mppe, &p[2]); MPPE_OPTS_TO_CI(go->mppe, &opt_buf[2]); - BCOPY(mppe_recv_key, &opt_buf[CILEN_MPPE], MPPE_MAX_KEY_LEN); + mppe_get_recv_key(&opt_buf[CILEN_MPPE], MPPE_MAX_KEY_LEN); res = ccp_test(f->unit, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN, 0); if (res > 0) p += CILEN_MPPE; @@ -806,15 +807,12 @@ ccp_addci(f, p, lenp) * 1 iff the packet was OK. */ static int -ccp_ackci(f, p, len) - fsm *f; - u_char *p; - int len; + ccp_ackci(fsm *f, u_char *p, int len) { ccp_options *go = &ccp_gotoptions[f->unit]; u_char *p0 = p; -#ifdef MPPE +#ifdef PPP_WITH_MPPE if (go->mppe) { u_char opt_buf[CILEN_MPPE]; @@ -895,11 +893,7 @@ ccp_ackci(f, p, len) * Returns 1 iff the nak was OK. */ static int -ccp_nakci(f, p, len, treat_as_reject) - fsm *f; - u_char *p; - int len; - int treat_as_reject; + ccp_nakci(fsm *f, u_char *p, int len, int treat_as_reject) { ccp_options *go = &ccp_gotoptions[f->unit]; ccp_options no; /* options we've seen already */ @@ -908,7 +902,7 @@ ccp_nakci(f, p, len, treat_as_reject) memset(&no, 0, sizeof(no)); try = *go; -#ifdef MPPE +#ifdef PPP_WITH_MPPE if (go->mppe && len >= CILEN_MPPE && p[0] == CI_MPPE && p[1] == CILEN_MPPE) { no.mppe = 1; @@ -930,7 +924,7 @@ ccp_nakci(f, p, len, treat_as_reject) lcp_close(f->unit, "MPPE required but peer negotiation failed"); } } -#endif /* MPPE */ +#endif /* PPP_WITH_MPPE */ if (go->deflate && len >= CILEN_DEFLATE && p[0] == (go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT) && p[1] == CILEN_DEFLATE) { @@ -985,10 +979,7 @@ ccp_nakci(f, p, len, treat_as_reject) * ccp_rejci - reject some of our suggested compression methods. */ static int -ccp_rejci(f, p, len) - fsm *f; - u_char *p; - int len; +ccp_rejci(fsm *f, u_char *p, int len) { ccp_options *go = &ccp_gotoptions[f->unit]; ccp_options try; /* options to request next time */ @@ -1002,7 +993,7 @@ ccp_rejci(f, p, len) if (len == 0 && all_rejected[f->unit]) return -1; -#ifdef MPPE +#ifdef PPP_WITH_MPPE if (go->mppe && len >= CILEN_MPPE && p[0] == CI_MPPE && p[1] == CILEN_MPPE) { error("MPPE required but peer refused"); @@ -1067,18 +1058,14 @@ ccp_rejci(f, p, len) * appropriately. */ static int -ccp_reqci(f, p, lenp, dont_nak) - fsm *f; - u_char *p; - int *lenp; - int dont_nak; +ccp_reqci(fsm *f, u_char *p, int *lenp, int dont_nak) { int ret, newret, res; u_char *p0, *retp; int len, clen, type, nb; ccp_options *ho = &ccp_hisoptions[f->unit]; ccp_options *ao = &ccp_allowoptions[f->unit]; -#ifdef MPPE +#ifdef PPP_WITH_MPPE bool rej_for_ci_mppe = 1; /* Are we rejecting based on a bad/missing */ /* CI_MPPE, or due to other options? */ #endif @@ -1102,7 +1089,7 @@ ccp_reqci(f, p, lenp, dont_nak) clen = p[1]; switch (type) { -#ifdef MPPE +#ifdef PPP_WITH_MPPE case CI_MPPE: if (!ao->mppe || clen != CILEN_MPPE) { newret = CONFREJ; @@ -1174,8 +1161,7 @@ ccp_reqci(f, p, lenp, dont_nak) int mtu; BCOPY(p, opt_buf, CILEN_MPPE); - BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE], - MPPE_MAX_KEY_LEN); + mppe_get_send_key(&opt_buf[CILEN_MPPE], MPPE_MAX_KEY_LEN); if (ccp_test(f->unit, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN, 1) <= 0) { /* This shouldn't happen, we've already tested it! */ @@ -1203,7 +1189,7 @@ ccp_reqci(f, p, lenp, dont_nak) */ rej_for_ci_mppe = 0; break; -#endif /* MPPE */ +#endif /* PPP_WITH_MPPE */ case CI_DEFLATE: case CI_DEFLATE_DRAFT: if (!ao->deflate || clen != CILEN_DEFLATE @@ -1345,7 +1331,7 @@ ccp_reqci(f, p, lenp, dont_nak) else *lenp = retp - p0; } -#ifdef MPPE +#ifdef PPP_WITH_MPPE if (ret == CONFREJ && ao->mppe && rej_for_ci_mppe) { error("MPPE required but peer negotiation failed"); lcp_close(f->unit, "MPPE required but peer negotiation failed"); @@ -1358,15 +1344,14 @@ ccp_reqci(f, p, lenp, dont_nak) * Make a string name for a compression method (or 2). */ static char * -method_name(opt, opt2) - ccp_options *opt, *opt2; +method_name(ccp_options *opt, ccp_options *opt2) { static char result[64]; if (!ANY_COMPRESS(*opt)) return "(none)"; switch (opt->method) { -#ifdef MPPE +#ifdef PPP_WITH_MPPE case CI_MPPE: { char *p = result; @@ -1423,8 +1408,7 @@ method_name(opt, opt2) * CCP has come up - inform the kernel driver and log a message. */ static void -ccp_up(f) - fsm *f; +ccp_up(fsm *f) { ccp_options *go = &ccp_gotoptions[f->unit]; ccp_options *ho = &ccp_hisoptions[f->unit]; @@ -1444,10 +1428,9 @@ ccp_up(f) notice("%s receive compression enabled", method_name(go, NULL)); } else if (ANY_COMPRESS(*ho)) notice("%s transmit compression enabled", method_name(ho, NULL)); -#ifdef MPPE +#ifdef PPP_WITH_MPPE if (go->mppe) { - BZERO(mppe_recv_key, MPPE_MAX_KEY_LEN); - BZERO(mppe_send_key, MPPE_MAX_KEY_LEN); + mppe_clear_keys(); continue_networks(f->unit); /* Bring up IP et al */ } #endif @@ -1457,14 +1440,13 @@ ccp_up(f) * CCP has gone down - inform the kernel driver. */ static void -ccp_down(f) - fsm *f; +ccp_down(fsm *f) { if (ccp_localstate[f->unit] & RACK_PENDING) UNTIMEOUT(ccp_rack_timeout, f); ccp_localstate[f->unit] = 0; ccp_flags_set(f->unit, 1, 0); -#ifdef MPPE +#ifdef PPP_WITH_MPPE if (ccp_gotoptions[f->unit].mppe) { ccp_gotoptions[f->unit].mppe = 0; if (lcp_fsm[f->unit].state == OPENED) { @@ -1487,11 +1469,8 @@ static char *ccp_codenames[] = { }; static int -ccp_printpkt(p, plen, printer, arg) - u_char *p; - int plen; - void (*printer) __P((void *, char *, ...)); - void *arg; +ccp_printpkt(u_char *p, int plen, + void (*printer) (void *, char *, ...), void *arg) { u_char *p0, *optend; int code, id, len; @@ -1530,7 +1509,7 @@ ccp_printpkt(p, plen, printer, arg) len -= optlen; optend = p + optlen; switch (code) { -#ifdef MPPE +#ifdef PPP_WITH_MPPE case CI_MPPE: if (optlen >= CILEN_MPPE) { u_char mppe_opts; @@ -1620,10 +1599,7 @@ ccp_printpkt(p, plen, printer, arg) * compression :-(, otherwise we issue the reset-request. */ static void -ccp_datainput(unit, pkt, len) - int unit; - u_char *pkt; - int len; +ccp_datainput(int unit, u_char *pkt, int len) { fsm *f; @@ -1635,7 +1611,7 @@ ccp_datainput(unit, pkt, len) */ error("Lost compression sync: disabling compression"); ccp_close(unit, "Lost compression sync"); -#ifdef MPPE +#ifdef PPP_WITH_MPPE /* * If we were doing MPPE, we must also take the link down. */ @@ -1664,8 +1640,7 @@ ccp_datainput(unit, pkt, len) * Timeout waiting for reset-ack. */ static void -ccp_rack_timeout(arg) - void *arg; +ccp_rack_timeout(void *arg) { fsm *f = arg;