* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-#define RCSID "$Id: ccp.c,v 1.49 2005/03/22 09:53:53 paulus Exp $"
+#define RCSID "$Id: ccp.c,v 1.50 2005/06/26 19:34:41 carlsonj Exp $"
#include <stdlib.h>
#include <string.h>
#include "lcp.h" /* lcp_close(), lcp_fsm */
#endif
-static const char rcsid[] = RCSID;
/*
* Unfortunately there is a bug in zlib which means that using a
if (go->mppe) {
ccp_options *ao = &ccp_allowoptions[f->unit];
int auth_mschap_bits = auth_done[f->unit];
+#ifdef USE_EAPTLS
+ int auth_eap_bits = auth_done[f->unit];
+#endif
int numbits;
/*
lcp_close(f->unit, "MPPE required but not available");
return;
}
+
+#ifdef USE_EAPTLS
+ /*
+ * MPPE is also possible in combination with EAP-TLS.
+ * It is not possible to detect if we're doing EAP or EAP-TLS
+ * at this stage, hence we accept all forms of EAP. If TLS is
+ * not used then the MPPE keys will not be derived anyway.
+ */
+ /* Leave only the eap auth bits set */
+ auth_eap_bits &= (EAP_WITHPEER | EAP_PEER );
+
+ if ((numbits == 0) && (auth_eap_bits == 0)) {
+ error("MPPE required, but MS-CHAP[v2] nor EAP-TLS auth are performed.");
+#else
if (!numbits) {
error("MPPE required, but MS-CHAP[v2] auth not performed.");
+#endif
lcp_close(f->unit, "MPPE required but not available");
return;
}
ccp_options *go = &ccp_gotoptions[f->unit];
return (go->bsd_compress? CILEN_BSD_COMPRESS: 0)
- + (go->deflate? CILEN_DEFLATE: 0)
+ + (go->deflate && go->deflate_correct? CILEN_DEFLATE: 0)
+ + (go->deflate && go->deflate_draft? CILEN_DEFLATE: 0)
+ (go->predictor_1? CILEN_PREDICTOR_1: 0)
+ (go->predictor_2? CILEN_PREDICTOR_2: 0)
+ (go->mppe? CILEN_MPPE: 0);
fsm *f;
u_char *p;
int len;
+ int treat_as_reject;
{
ccp_options *go = &ccp_gotoptions[f->unit];
ccp_options no; /* options we've seen already */