X-Git-Url: https://git.ozlabs.org/?p=ppp.git;a=blobdiff_plain;f=pppd%2Fccp.c;h=052c4c61081bdc74489ea282e8e0df46ed1891fc;hp=440ddc8f3cb8d14141daf6fbe5bdab14523130fe;hb=f1e3aa2dc7e7772d8491c6ff61e4e6d28af33d4b;hpb=2b0e2bf8aaac3ffd240cd797d28b7058502ac05e diff --git a/pppd/ccp.c b/pppd/ccp.c index 440ddc8..052c4c6 100644 --- a/pppd/ccp.c +++ b/pppd/ccp.c @@ -10,16 +10,11 @@ * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The name(s) of the authors of this software must not be used to + * 2. The name(s) of the authors of this software must not be used to * endorse or promote products derived from this software without * prior written permission. * - * 4. Redistributions of any form whatsoever must retain the following + * 3. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Paul Mackerras * ". @@ -33,7 +28,7 @@ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#define RCSID "$Id: ccp.c,v 1.44 2003/03/05 23:01:28 fcusack Exp $" +#define RCSID "$Id: ccp.c,v 1.50 2005/06/26 19:34:41 carlsonj Exp $" #include #include @@ -48,7 +43,6 @@ #include "lcp.h" /* lcp_close(), lcp_fsm */ #endif -static const char rcsid[] = RCSID; /* * Unfortunately there is a bug in zlib which means that using a @@ -62,8 +56,8 @@ static const char rcsid[] = RCSID; /* * Command-line options. */ -static int setbsdcomp __P((char **)); -static int setdeflate __P((char **)); +static int setbsdcomp (char **); +static int setdeflate (char **); static char bsd_value[8]; static char deflate_value[8]; @@ -169,17 +163,17 @@ static option_t ccp_option_list[] = { /* * Protocol entry points from main code. */ -static void ccp_init __P((int unit)); -static void ccp_open __P((int unit)); -static void ccp_close __P((int unit, char *)); -static void ccp_lowerup __P((int unit)); -static void ccp_lowerdown __P((int)); -static void ccp_input __P((int unit, u_char *pkt, int len)); -static void ccp_protrej __P((int unit)); -static int ccp_printpkt __P((u_char *pkt, int len, - void (*printer) __P((void *, char *, ...)), - void *arg)); -static void ccp_datainput __P((int unit, u_char *pkt, int len)); +static void ccp_init (int unit); +static void ccp_open (int unit); +static void ccp_close (int unit, char *); +static void ccp_lowerup (int unit); +static void ccp_lowerdown (int); +static void ccp_input (int unit, u_char *pkt, int len); +static void ccp_protrej (int unit); +static int ccp_printpkt (u_char *pkt, int len, + void (*printer)(void *, char *, ...), + void *arg); +static void ccp_datainput (int unit, u_char *pkt, int len); struct protent ccp_protent = { PPP_CCP, @@ -210,18 +204,18 @@ ccp_options ccp_hisoptions[NUM_PPP]; /* what we agreed to do */ /* * Callbacks for fsm code. */ -static void ccp_resetci __P((fsm *)); -static int ccp_cilen __P((fsm *)); -static void ccp_addci __P((fsm *, u_char *, int *)); -static int ccp_ackci __P((fsm *, u_char *, int)); -static int ccp_nakci __P((fsm *, u_char *, int)); -static int ccp_rejci __P((fsm *, u_char *, int)); -static int ccp_reqci __P((fsm *, u_char *, int *, int)); -static void ccp_up __P((fsm *)); -static void ccp_down __P((fsm *)); -static int ccp_extcode __P((fsm *, int, int, u_char *, int)); -static void ccp_rack_timeout __P((void *)); -static char *method_name __P((ccp_options *, ccp_options *)); +static void ccp_resetci (fsm *); +static int ccp_cilen (fsm *); +static void ccp_addci (fsm *, u_char *, int *); +static int ccp_ackci (fsm *, u_char *, int); +static int ccp_nakci (fsm *, u_char *, int, int); +static int ccp_rejci (fsm *, u_char *, int); +static int ccp_reqci (fsm *, u_char *, int *, int); +static void ccp_up (fsm *); +static void ccp_down (fsm *); +static int ccp_extcode (fsm *, int, int, u_char *, int); +static void ccp_rack_timeout (void *); +static char *method_name (ccp_options *, ccp_options *); static fsm_callbacks ccp_callbacks = { ccp_resetci, @@ -263,8 +257,7 @@ static int all_rejected[NUM_PPP]; /* we rejected all peer's options */ * Option parsing. */ static int -setbsdcomp(argv) - char **argv; +setbsdcomp(char **argv) { int rbits, abits; char *str, *endp; @@ -302,8 +295,7 @@ setbsdcomp(argv) } static int -setdeflate(argv) - char **argv; +setdeflate(char **argv) { int rbits, abits; char *str, *endp; @@ -353,8 +345,7 @@ setdeflate(argv) * ccp_init - initialize CCP. */ static void -ccp_init(unit) - int unit; +ccp_init(int unit) { fsm *f = &ccp_fsm[unit]; @@ -389,8 +380,7 @@ ccp_init(unit) * ccp_open - CCP is allowed to come up. */ static void -ccp_open(unit) - int unit; +ccp_open(int unit) { fsm *f = &ccp_fsm[unit]; @@ -412,9 +402,7 @@ ccp_open(unit) * ccp_close - Terminate CCP. */ static void -ccp_close(unit, reason) - int unit; - char *reason; +ccp_close(int unit, char *reason) { ccp_flags_set(unit, 0, 0); fsm_close(&ccp_fsm[unit], reason); @@ -424,8 +412,7 @@ ccp_close(unit, reason) * ccp_lowerup - we may now transmit CCP packets. */ static void -ccp_lowerup(unit) - int unit; +ccp_lowerup(int unit) { fsm_lowerup(&ccp_fsm[unit]); } @@ -434,8 +421,7 @@ ccp_lowerup(unit) * ccp_lowerdown - we may not transmit CCP packets. */ static void -ccp_lowerdown(unit) - int unit; +ccp_lowerdown(int unit) { fsm_lowerdown(&ccp_fsm[unit]); } @@ -444,10 +430,7 @@ ccp_lowerdown(unit) * ccp_input - process a received CCP packet. */ static void -ccp_input(unit, p, len) - int unit; - u_char *p; - int len; +ccp_input(int unit, u_char *p, int len) { fsm *f = &ccp_fsm[unit]; int oldstate; @@ -480,11 +463,7 @@ ccp_input(unit, p, len) * Handle a CCP-specific code. */ static int -ccp_extcode(f, code, id, p, len) - fsm *f; - int code, id; - u_char *p; - int len; +ccp_extcode(fsm *f, int code, int id, u_char *p, int len) { switch (code) { case CCP_RESETREQ: @@ -513,8 +492,7 @@ ccp_extcode(f, code, id, p, len) * ccp_protrej - peer doesn't talk CCP. */ static void -ccp_protrej(unit) - int unit; +ccp_protrej(int unit) { ccp_flags_set(unit, 0, 0); fsm_lowerdown(&ccp_fsm[unit]); @@ -532,8 +510,7 @@ ccp_protrej(unit) * ccp_resetci - initialize at start of negotiation. */ static void -ccp_resetci(f) - fsm *f; +ccp_resetci(fsm *f) { ccp_options *go = &ccp_gotoptions[f->unit]; u_char opt_buf[CCP_MAX_OPTION_LENGTH]; @@ -545,6 +522,9 @@ ccp_resetci(f) if (go->mppe) { ccp_options *ao = &ccp_allowoptions[f->unit]; int auth_mschap_bits = auth_done[f->unit]; +#ifdef USE_EAPTLS + int auth_eap_bits = auth_done[f->unit]; +#endif int numbits; /* @@ -572,8 +552,23 @@ ccp_resetci(f) lcp_close(f->unit, "MPPE required but not available"); return; } + +#ifdef USE_EAPTLS + /* + * MPPE is also possible in combination with EAP-TLS. + * It is not possible to detect if we're doing EAP or EAP-TLS + * at this stage, hence we accept all forms of EAP. If TLS is + * not used then the MPPE keys will not be derived anyway. + */ + /* Leave only the eap auth bits set */ + auth_eap_bits &= (EAP_WITHPEER | EAP_PEER ); + + if ((numbits == 0) && (auth_eap_bits == 0)) { + error("MPPE required, but MS-CHAP[v2] nor EAP-TLS auth are performed."); +#else if (!numbits) { error("MPPE required, but MS-CHAP[v2] auth not performed."); +#endif lcp_close(f->unit, "MPPE required but not available"); return; } @@ -675,13 +670,13 @@ ccp_resetci(f) * ccp_cilen - Return total length of our configuration info. */ static int -ccp_cilen(f) - fsm *f; + ccp_cilen(fsm *f) { ccp_options *go = &ccp_gotoptions[f->unit]; return (go->bsd_compress? CILEN_BSD_COMPRESS: 0) - + (go->deflate? CILEN_DEFLATE: 0) + + (go->deflate && go->deflate_correct? CILEN_DEFLATE: 0) + + (go->deflate && go->deflate_draft? CILEN_DEFLATE: 0) + (go->predictor_1? CILEN_PREDICTOR_1: 0) + (go->predictor_2? CILEN_PREDICTOR_2: 0) + (go->mppe? CILEN_MPPE: 0); @@ -691,10 +686,7 @@ ccp_cilen(f) * ccp_addci - put our requests in a packet. */ static void -ccp_addci(f, p, lenp) - fsm *f; - u_char *p; - int *lenp; + ccp_addci(fsm *f, u_char *p, int *lenp) { int res; ccp_options *go = &ccp_gotoptions[f->unit]; @@ -727,21 +719,25 @@ ccp_addci(f, p, lenp) p[1] = CILEN_DEFLATE; p[2] = DEFLATE_MAKE_OPT(go->deflate_size); p[3] = DEFLATE_CHK_SEQUENCE; - for (;;) { - if (go->deflate_size < DEFLATE_MIN_WORKS) { - go->deflate = 0; - break; - } - res = ccp_test(f->unit, p, CILEN_DEFLATE, 0); - if (res > 0) { - p += CILEN_DEFLATE; - break; - } else if (res < 0) { - go->deflate = 0; - break; + if (p != p0) { + p += CILEN_DEFLATE; + } else { + for (;;) { + if (go->deflate_size < DEFLATE_MIN_WORKS) { + go->deflate = 0; + break; + } + res = ccp_test(f->unit, p, CILEN_DEFLATE, 0); + if (res > 0) { + p += CILEN_DEFLATE; + break; + } else if (res < 0) { + go->deflate = 0; + break; + } + --go->deflate_size; + p[2] = DEFLATE_MAKE_OPT(go->deflate_size); } - --go->deflate_size; - p[2] = DEFLATE_MAKE_OPT(go->deflate_size); } if (p != p0 && go->deflate_correct && go->deflate_draft) { p[0] = CI_DEFLATE_DRAFT; @@ -806,10 +802,7 @@ ccp_addci(f, p, lenp) * 1 iff the packet was OK. */ static int -ccp_ackci(f, p, len) - fsm *f; - u_char *p; - int len; + ccp_ackci(fsm *f, u_char *p, int len) { ccp_options *go = &ccp_gotoptions[f->unit]; u_char *p0 = p; @@ -895,10 +888,7 @@ ccp_ackci(f, p, len) * Returns 1 iff the nak was OK. */ static int -ccp_nakci(f, p, len) - fsm *f; - u_char *p; - int len; + ccp_nakci(fsm *f, u_char *p, int len, int treat_as_reject) { ccp_options *go = &ccp_gotoptions[f->unit]; ccp_options no; /* options we've seen already */ @@ -916,11 +906,13 @@ ccp_nakci(f, p, len) * Fail if we aren't willing to use his suggestion. */ MPPE_CI_TO_OPTS(&p[2], try.mppe); - if ((try.mppe & MPPE_OPT_STATEFUL) && refuse_mppe_stateful) + if ((try.mppe & MPPE_OPT_STATEFUL) && refuse_mppe_stateful) { + error("Refusing MPPE stateful mode offered by peer"); try.mppe = 0; - else if (((go->mppe | MPPE_OPT_STATEFUL) & try.mppe) != try.mppe) + } else if (((go->mppe | MPPE_OPT_STATEFUL) & try.mppe) != try.mppe) { /* Peer must have set options we didn't request (suggest) */ try.mppe = 0; + } if (!try.mppe) { error("MPPE required but peer negotiation failed"); @@ -982,10 +974,7 @@ ccp_nakci(f, p, len) * ccp_rejci - reject some of our suggested compression methods. */ static int -ccp_rejci(f, p, len) - fsm *f; - u_char *p; - int len; +ccp_rejci(fsm *f, u_char *p, int len) { ccp_options *go = &ccp_gotoptions[f->unit]; ccp_options try; /* options to request next time */ @@ -1008,31 +997,26 @@ ccp_rejci(f, p, len) len -= CILEN_MPPE; } #endif - if (go->deflate && len >= CILEN_DEFLATE - && p[0] == (go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT) - && p[1] == CILEN_DEFLATE) { + if (go->deflate_correct && len >= CILEN_DEFLATE + && p[0] == CI_DEFLATE && p[1] == CILEN_DEFLATE) { if (p[2] != DEFLATE_MAKE_OPT(go->deflate_size) || p[3] != DEFLATE_CHK_SEQUENCE) return 0; /* Rej is bad */ - if (go->deflate_correct) - try.deflate_correct = 0; - else - try.deflate_draft = 0; + try.deflate_correct = 0; + p += CILEN_DEFLATE; + len -= CILEN_DEFLATE; + } + if (go->deflate_draft && len >= CILEN_DEFLATE + && p[0] == CI_DEFLATE_DRAFT && p[1] == CILEN_DEFLATE) { + if (p[2] != DEFLATE_MAKE_OPT(go->deflate_size) + || p[3] != DEFLATE_CHK_SEQUENCE) + return 0; /* Rej is bad */ + try.deflate_draft = 0; p += CILEN_DEFLATE; len -= CILEN_DEFLATE; - if (go->deflate_correct && go->deflate_draft - && len >= CILEN_DEFLATE && p[0] == CI_DEFLATE_DRAFT - && p[1] == CILEN_DEFLATE) { - if (p[2] != DEFLATE_MAKE_OPT(go->deflate_size) - || p[3] != DEFLATE_CHK_SEQUENCE) - return 0; /* Rej is bad */ - try.deflate_draft = 0; - p += CILEN_DEFLATE; - len -= CILEN_DEFLATE; - } - if (!try.deflate_correct && !try.deflate_draft) - try.deflate = 0; } + if (!try.deflate_correct && !try.deflate_draft) + try.deflate = 0; if (go->bsd_compress && len >= CILEN_BSD_COMPRESS && p[0] == CI_BSD_COMPRESS && p[1] == CILEN_BSD_COMPRESS) { if (p[2] != BSD_MAKE_OPT(BSD_CURRENT_VERSION, go->bsd_bits)) @@ -1069,11 +1053,7 @@ ccp_rejci(f, p, len) * appropriately. */ static int -ccp_reqci(f, p, lenp, dont_nak) - fsm *f; - u_char *p; - int *lenp; - int dont_nak; +ccp_reqci(fsm *f, u_char *p, int *lenp, int dont_nak) { int ret, newret, res; u_char *p0, *retp; @@ -1131,6 +1111,7 @@ ccp_reqci(f, p, lenp, dont_nak) * the Internet -- which is where we expect MPPE. */ if (refuse_mppe_stateful) { + error("Refusing MPPE stateful mode offered by peer"); newret = CONFREJ; break; } @@ -1161,8 +1142,11 @@ ccp_reqci(f, p, lenp, dont_nak) } } else { /* Neither are set. */ - newret = CONFREJ; - break; + /* We cannot accept this. */ + newret = CONFNAK; + /* Give the peer our idea of what can be used, + so it can choose and confirm */ + ho->mppe = ao->mppe; } /* rebuild the opts */ @@ -1356,8 +1340,7 @@ ccp_reqci(f, p, lenp, dont_nak) * Make a string name for a compression method (or 2). */ static char * -method_name(opt, opt2) - ccp_options *opt, *opt2; +method_name(ccp_options *opt, ccp_options *opt2) { static char result[64]; @@ -1421,8 +1404,7 @@ method_name(opt, opt2) * CCP has come up - inform the kernel driver and log a message. */ static void -ccp_up(f) - fsm *f; +ccp_up(fsm *f) { ccp_options *go = &ccp_gotoptions[f->unit]; ccp_options *ho = &ccp_hisoptions[f->unit]; @@ -1455,8 +1437,7 @@ ccp_up(f) * CCP has gone down - inform the kernel driver. */ static void -ccp_down(f) - fsm *f; +ccp_down(fsm *f) { if (ccp_localstate[f->unit] & RACK_PENDING) UNTIMEOUT(ccp_rack_timeout, f); @@ -1485,11 +1466,8 @@ static char *ccp_codenames[] = { }; static int -ccp_printpkt(p, plen, printer, arg) - u_char *p; - int plen; - void (*printer) __P((void *, char *, ...)); - void *arg; +ccp_printpkt(u_char *p, int plen, + void (*printer) (void *, char *, ...), void *arg) { u_char *p0, *optend; int code, id, len; @@ -1618,10 +1596,7 @@ ccp_printpkt(p, plen, printer, arg) * compression :-(, otherwise we issue the reset-request. */ static void -ccp_datainput(unit, pkt, len) - int unit; - u_char *pkt; - int len; +ccp_datainput(int unit, u_char *pkt, int len) { fsm *f; @@ -1662,8 +1637,7 @@ ccp_datainput(unit, pkt, len) * Timeout waiting for reset-ack. */ static void -ccp_rack_timeout(arg) - void *arg; +ccp_rack_timeout(void *arg) { fsm *f = arg;