X-Git-Url: https://git.ozlabs.org/?p=ppp.git;a=blobdiff_plain;f=pppd%2Fccp.c;h=dbc567e3c037b608b62a44039f1a66b547dd0dd5;hp=6be16b85f11dc4558831a0230832e986e56b245b;hb=505ec5cbd15ec23ed84282462ae9e451a1978133;hpb=6e3ab9c1ce33f6b3be82bbe5fe087fbeef0ebff7

diff --git a/pppd/ccp.c b/pppd/ccp.c
index 6be16b8..dbc567e 100644
--- a/pppd/ccp.c
+++ b/pppd/ccp.c
@@ -10,16 +10,11 @@
  * 1. Redistributions of source code must retain the above copyright
  *    notice, this list of conditions and the following disclaimer.
  *
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in
- *    the documentation and/or other materials provided with the
- *    distribution.
- *
- * 3. The name(s) of the authors of this software must not be used to
+ * 2. The name(s) of the authors of this software must not be used to
  *    endorse or promote products derived from this software without
  *    prior written permission.
  *
- * 4. Redistributions of any form whatsoever must retain the following
+ * 3. Redistributions of any form whatsoever must retain the following
  *    acknowledgment:
  *    "This product includes software developed by Paul Mackerras
  *     <paulus@samba.org>".
@@ -33,7 +28,7 @@
  * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-#define RCSID	"$Id: ccp.c,v 1.45 2003/04/25 09:41:58 fcusack Exp $"
+#define RCSID	"$Id: ccp.c,v 1.50 2005/06/26 19:34:41 carlsonj Exp $"
 
 #include <stdlib.h>
 #include <string.h>
@@ -48,7 +43,6 @@
 #include "lcp.h"	/* lcp_close(), lcp_fsm */
 #endif
 
-static const char rcsid[] = RCSID;
 
 /*
  * Unfortunately there is a bug in zlib which means that using a
@@ -214,7 +208,7 @@ static void ccp_resetci __P((fsm *));
 static int  ccp_cilen __P((fsm *));
 static void ccp_addci __P((fsm *, u_char *, int *));
 static int  ccp_ackci __P((fsm *, u_char *, int));
-static int  ccp_nakci __P((fsm *, u_char *, int));
+static int  ccp_nakci __P((fsm *, u_char *, int, int));
 static int  ccp_rejci __P((fsm *, u_char *, int));
 static int  ccp_reqci __P((fsm *, u_char *, int *, int));
 static void ccp_up __P((fsm *));
@@ -545,6 +539,9 @@ ccp_resetci(f)
     if (go->mppe) {
 	ccp_options *ao = &ccp_allowoptions[f->unit];
 	int auth_mschap_bits = auth_done[f->unit];
+#ifdef USE_EAPTLS
+	int auth_eap_bits = auth_done[f->unit];
+#endif
 	int numbits;
 
 	/*
@@ -572,8 +569,23 @@ ccp_resetci(f)
 	    lcp_close(f->unit, "MPPE required but not available");
 	    return;
 	}
+
+#ifdef USE_EAPTLS
+    /*
+     * MPPE is also possible in combination with EAP-TLS.
+     * It is not possible to detect if we're doing EAP or EAP-TLS
+     * at this stage, hence we accept all forms of EAP. If TLS is
+     * not used then the MPPE keys will not be derived anyway.
+     */
+	/* Leave only the eap auth bits set */
+	auth_eap_bits &= (EAP_WITHPEER | EAP_PEER );
+
+	if ((numbits == 0) && (auth_eap_bits == 0)) {
+	    error("MPPE required, but MS-CHAP[v2] nor EAP-TLS auth are performed.");
+#else
 	if (!numbits) {
 	    error("MPPE required, but MS-CHAP[v2] auth not performed.");
+#endif
 	    lcp_close(f->unit, "MPPE required but not available");
 	    return;
 	}
@@ -681,7 +693,8 @@ ccp_cilen(f)
     ccp_options *go = &ccp_gotoptions[f->unit];
 
     return (go->bsd_compress? CILEN_BSD_COMPRESS: 0)
-	+ (go->deflate? CILEN_DEFLATE: 0)
+	+ (go->deflate && go->deflate_correct? CILEN_DEFLATE: 0)
+	+ (go->deflate && go->deflate_draft? CILEN_DEFLATE: 0)
 	+ (go->predictor_1? CILEN_PREDICTOR_1: 0)
 	+ (go->predictor_2? CILEN_PREDICTOR_2: 0)
 	+ (go->mppe? CILEN_MPPE: 0);
@@ -727,21 +740,25 @@ ccp_addci(f, p, lenp)
 	p[1] = CILEN_DEFLATE;
 	p[2] = DEFLATE_MAKE_OPT(go->deflate_size);
 	p[3] = DEFLATE_CHK_SEQUENCE;
-	for (;;) {
-	    if (go->deflate_size < DEFLATE_MIN_WORKS) {
-		go->deflate = 0;
-		break;
-	    }
-	    res = ccp_test(f->unit, p, CILEN_DEFLATE, 0);
-	    if (res > 0) {
-		p += CILEN_DEFLATE;
-		break;
-	    } else if (res < 0) {
-		go->deflate = 0;
-		break;
+	if (p != p0) {
+	    p += CILEN_DEFLATE;
+	} else {
+	    for (;;) {
+		if (go->deflate_size < DEFLATE_MIN_WORKS) {
+		    go->deflate = 0;
+		    break;
+		}
+		res = ccp_test(f->unit, p, CILEN_DEFLATE, 0);
+		if (res > 0) {
+		    p += CILEN_DEFLATE;
+		    break;
+		} else if (res < 0) {
+		    go->deflate = 0;
+		    break;
+		}
+		--go->deflate_size;
+		p[2] = DEFLATE_MAKE_OPT(go->deflate_size);
 	    }
-	    --go->deflate_size;
-	    p[2] = DEFLATE_MAKE_OPT(go->deflate_size);
 	}
 	if (p != p0 && go->deflate_correct && go->deflate_draft) {
 	    p[0] = CI_DEFLATE_DRAFT;
@@ -895,10 +912,11 @@ ccp_ackci(f, p, len)
  * Returns 1 iff the nak was OK.
  */
 static int
-ccp_nakci(f, p, len)
+ccp_nakci(f, p, len, treat_as_reject)
     fsm *f;
     u_char *p;
     int len;
+    int treat_as_reject;
 {
     ccp_options *go = &ccp_gotoptions[f->unit];
     ccp_options no;		/* options we've seen already */
@@ -1010,31 +1028,26 @@ ccp_rejci(f, p, len)
 	len -= CILEN_MPPE;
     }
 #endif
-    if (go->deflate && len >= CILEN_DEFLATE
-	&& p[0] == (go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT)
-	&& p[1] == CILEN_DEFLATE) {
+    if (go->deflate_correct && len >= CILEN_DEFLATE
+	&& p[0] == CI_DEFLATE && p[1] == CILEN_DEFLATE) {
 	if (p[2] != DEFLATE_MAKE_OPT(go->deflate_size)
 	    || p[3] != DEFLATE_CHK_SEQUENCE)
 	    return 0;		/* Rej is bad */
-	if (go->deflate_correct)
-	    try.deflate_correct = 0;
-	else
-	    try.deflate_draft = 0;
+	try.deflate_correct = 0;
 	p += CILEN_DEFLATE;
 	len -= CILEN_DEFLATE;
-	if (go->deflate_correct && go->deflate_draft
-	    && len >= CILEN_DEFLATE && p[0] == CI_DEFLATE_DRAFT
-	    && p[1] == CILEN_DEFLATE) {
-	    if (p[2] != DEFLATE_MAKE_OPT(go->deflate_size)
-		|| p[3] != DEFLATE_CHK_SEQUENCE)
-		return 0;		/* Rej is bad */
-	    try.deflate_draft = 0;
-	    p += CILEN_DEFLATE;
-	    len -= CILEN_DEFLATE;
-	}
-	if (!try.deflate_correct && !try.deflate_draft)
-	    try.deflate = 0;
     }
+    if (go->deflate_draft && len >= CILEN_DEFLATE
+	&& p[0] == CI_DEFLATE_DRAFT && p[1] == CILEN_DEFLATE) {
+	if (p[2] != DEFLATE_MAKE_OPT(go->deflate_size)
+	    || p[3] != DEFLATE_CHK_SEQUENCE)
+	    return 0;		/* Rej is bad */
+	try.deflate_draft = 0;
+	p += CILEN_DEFLATE;
+	len -= CILEN_DEFLATE;
+    }
+    if (!try.deflate_correct && !try.deflate_draft)
+	try.deflate = 0;
     if (go->bsd_compress && len >= CILEN_BSD_COMPRESS
 	&& p[0] == CI_BSD_COMPRESS && p[1] == CILEN_BSD_COMPRESS) {
 	if (p[2] != BSD_MAKE_OPT(BSD_CURRENT_VERSION, go->bsd_bits))
@@ -1164,8 +1177,11 @@ ccp_reqci(f, p, lenp, dont_nak)
 		    }
 		} else {
 		    /* Neither are set. */
-		    newret = CONFREJ;
-		    break;
+		    /* We cannot accept this.  */
+		    newret = CONFNAK;
+		    /* Give the peer our idea of what can be used,
+		       so it can choose and confirm */
+		    ho->mppe = ao->mppe;
 		}
 
 		/* rebuild the opts */