BUILDING THE PPPD
-The userland component of PPPD has no additional requirements above those
-for MS-CHAP and MS-CHAPv2. The kernel, however, requires SHA-1 and ARCFOUR.
-Public domain implementations of these are provided. Until such time as
-MPPE support ships with kernels, you can use the Linux-2.2 implementation
-that comes with PPPD. Run the linux/mppe/mppeinstall.sh script, then
-rebuild your kernel. The ppp_mppe.o module is added, and the ppp.o module
-is modified (unfortunately). You'll need the new ppp.o since it does the
-right thing for the 4 extra bytes problem discussed above.
+The userland component of PPPD has no additional requirements above
+those for MS-CHAP and MS-CHAPv2. The kernel, however, requires SHA-1
+and ARCFOUR. Public domain implementations of these are provided. Until
+such time as MPPE support ships with kernels, you can use the Linux-2.2
+implementation that comes with PPPD. Run the linux/mppe/mppeinstall.sh
+script, then rebuild your kernel. The ppp_mppe.o module is added, and the
+ppp.o module (2.2) or ppp_generic.o (2.4) is modified (unfortunately).
+You'll need the new ppp.o/ppp_generic.o since it does the right thing
+for the 4 extra bytes problem discussed above.
CONFIGURATION
You'll see these in your pppd log as a line similar to:
- Remote message: No dialin permission
+ Remote message: E=649 No dialin permission
Previously, pppd would log this as:
-/* $Id: ppp_defs.h,v 1.9 2000/03/27 06:03:36 paulus Exp $ */
+/* $Id: ppp_defs.h,v 1.10 2002/05/21 17:26:48 dfs Exp $ */
/*
* ppp_defs.h - PPP definitions.
*/
/*
- * ==FILEVERSION 20000114==
+ * ==FILEVERSION 20020521==
*
* NOTE TO MAINTAINERS:
* If you modify this file at all, please set the above date.
#define PPP_IPV6CP 0x8057 /* IPv6 Control Protocol */
#define PPP_CCPFRAG 0x80fb /* CCP at link level (below MP bundle) */
#define PPP_CCP 0x80fd /* Compression Control Protocol */
+#define PPP_ECPFRAG 0x8055 /* ECP at link level (below MP bundle) */
+#define PPP_ECP 0x8053 /* Encryption Control Protocol */
#define PPP_LCP 0xc021 /* Link Control Protocol */
#define PPP_PAP 0xc023 /* Password Authentication Protocol */
#define PPP_LQR 0xc025 /* Link Quality Report protocol */
-/* $Id: ppp_defs.h,v 1.14 1999/08/13 01:55:40 paulus Exp $ */
+/* $Id: ppp_defs.h,v 1.15 2002/05/21 17:26:48 dfs Exp $ */
/*
* ppp_defs.h - PPP definitions.
#define PPP_IPXCP 0x802b /* IPX Control Protocol */
#define PPP_IPV6CP 0x8057 /* IPv6 Control Protocol */
#define PPP_CCP 0x80fd /* Compression Control Protocol */
+#define PPP_ECP 0x8053 /* Encryption Control Protocol */
#define PPP_LCP 0xc021 /* Link Control Protocol */
#define PPP_PAP 0xc023 /* Password Authentication Protocol */
#define PPP_LQR 0xc025 /* Link Quality Report protocol */
/*
- * ==FILEVERSION 20020320==
+ * ==FILEVERSION 20020521==
*
* ppp_mppe_compress.c - interface MPPE to the PPP code.
* This version is for use with Linux kernel 2.2.19+ and 2.4.x.
#define MPPE_CCOUNT(p) ((((p)[4] & 0x0f) << 8) + (p)[5])
#define MPPE_CCOUNT_SPACE 0x1000 /* The size of the ccount space */
-/*
- * MPPE overhead/packet.
- * Note that we use this differently than other compressors.
- */
#define MPPE_OVHD 2 /* MPPE overhead/packet */
-/* Max bogon factor we will tolerate */
-#define SANITY_MAX 1600
+#define SANITY_MAX 1600 /* Max bogon factor we will tolerate */
static void GetNewKeyFromSHA __P((unsigned char *StartKey,
unsigned char *SessionKey,
if (debug) {
int i;
- char mkey[sizeof(state->master_key) * 3 + 1];
- char skey[sizeof(state->session_key) * 3 + 1];
+ char mkey[sizeof(state->master_key) * 2 + 1];
+ char skey[sizeof(state->session_key) * 2 + 1];
printk(KERN_DEBUG "%s[%d]: initialized with %d-bit %s mode\n", debugstr,
unit, (state->keylen == 16)? 128: 40,
(state->stateful)? "stateful": "stateless");
for (i = 0; i < sizeof(state->master_key); i++)
- sprintf(mkey + i * 2, "%.2x ", state->master_key[i]);
+ sprintf(mkey + i * 2, "%.2x", state->master_key[i]);
for (i = 0; i < sizeof(state->session_key); i++)
- sprintf(skey + i * 2, "%.2x ", state->session_key[i]);
+ sprintf(skey + i * 2, "%.2x", state->session_key[i]);
printk(KERN_DEBUG "%s[%d]: keys: master: %s initial session: %s\n",
debugstr, unit, mkey, skey);
}
{
ppp_mppe_state *state = (ppp_mppe_state *) arg;
+/* XXX */
if (state->debug &&
(PPP_PROTOCOL(ibuf) >= 0x0021 && PPP_PROTOCOL(ibuf) <= 0x00fa))
printk(KERN_DEBUG "mppe_incomp[%d]: incompressible (unencrypted) data! "
# pppd makefile for NeXT
#
# $Orignial: Makefile.ultrix,v 1.4 1994/09/01 00:40:40 paulus Exp $
-# $Id: Makefile.NeXT,v 1.6 1999/04/12 06:24:44 paulus Exp $
+# $Id: Makefile.NeXT,v 1.7 2002/05/21 17:26:48 dfs Exp $
#
ARCHFLAGS =
MANDIR = /usr/local/ppp/man
OBJS = main.o magic.o fsm.o lcp.o ipcp.o upap.o chap.o md5.o ccp.o \
- auth.o options.o demand.o utils.o sys-NeXT.o
+ ecp.o auth.o options.o demand.o utils.o sys-NeXT.o
#
# For HPPA and SPARC, define FIXSIGS to get around posix bugs in
#
# pppd makefile for AIX 4.1
-# $Id: Makefile.aix4,v 1.4 1999/04/12 06:24:44 paulus Exp $
+# $Id: Makefile.aix4,v 1.5 2002/05/21 17:26:48 dfs Exp $
#
#ifndef BINDIR
BINDIR = /usr/sbin
#ENDIF
PPPDSRCS = main.c magic.c fsm.c lcp.c ipcp.c upap.c chap.c md5.c ccp.c \
- auth.c options.c demand.c utils.c sys-aix4.c \
+ ecp.c auth.c options.c demand.c utils.c sys-aix4.c \
gencode.c grammar.c scanner.c nametoaddr.c optimize.c
PPPDOBJS = main.o magic.o fsm.o lcp.o ipcp.o upap.o chap.o md5.o ccp.o \
- auth.o options.o demand.o utils.o sys-aix4.o \
+ ecp.o auth.o options.o demand.o utils.o sys-aix4.o \
gencode.o grammar.o scanner.o nametoaddr.o optimize.o
CC = xlc
-# $Id: Makefile.bsd,v 1.15 1999/04/12 06:24:44 paulus Exp $
+# $Id: Makefile.bsd,v 1.16 2002/05/21 17:26:48 dfs Exp $
BINDIR?= /usr/sbin
# -D_BITYPES is for FreeBSD, which doesn't define anything to
PROG= pppd
SRCS= main.c magic.c fsm.c lcp.c ipcp.c upap.c chap.c md5.c ccp.c \
- demand.c auth.c options.c utils.c sys-bsd.c
+ ecp.c demand.c auth.c options.c utils.c sys-bsd.c
MAN= pppd.cat8
MAN8= pppd.8
BINMODE=4555
#
# pppd makefile for Linux
-# $Id: Makefile.linux,v 1.47 2002/04/02 13:54:59 dfs Exp $
+# $Id: Makefile.linux,v 1.48 2002/05/21 17:26:48 dfs Exp $
#
# Default installation locations
BINDIR = /usr/sbin
MANDIR = /usr/man
-PPPDSRCS = main.c magic.c fsm.c lcp.c ipcp.c upap.c chap.c md5.c ccp.c \
+PPPDSRCS = main.c magic.c fsm.c lcp.c ipcp.c upap.c chap.c md5.c ccp.c ecp.c \
ipxcp.c auth.c options.c sys-linux.c md4.c chap_ms.c cbcp.c \
demand.c utils.c tty.c sha1.c
HEADERS = callout.h pathnames.h patchlevel.h chap.h md5.h chap_ms.h md4.h \
ipxcp.h cbcp.h tdb.h sha1.h
MANPAGES = pppd.8
-PPPDOBJS = main.o magic.o fsm.o lcp.o ipcp.o upap.o chap.o md5.o ccp.o \
+PPPDOBJS = main.o magic.o fsm.o lcp.o ipcp.o upap.o chap.o md5.o ccp.o ecp.o \
auth.o options.o demand.o utils.o sys-linux.o ipxcp.o tty.o sha1.o
all: pppd
PCAPDIR=${.CURDIR}/../../lib/libpcap
PROG= pppd
-SRCS= auth.c cbcp.c ccp.c chap.c chap_ms.c demand.c fsm.c ipcp.c \
+SRCS= auth.c cbcp.c ccp.c ecp.c chap.c chap_ms.c demand.c fsm.c ipcp.c \
ipxcp.c lcp.c magic.c main.c options.c sys-bsd.c upap.c
.PATH: ${PCAPDIR} ${.CURDIR}/../../sys/net
#
# pppd makefile for OSF/1 on DEC Alpha
-# $Id: Makefile.osf,v 1.11 2002/03/05 15:14:04 dfs Exp $
+# $Id: Makefile.osf,v 1.12 2002/05/21 17:26:48 dfs Exp $
#
BINDIR = /usr/local/etc
MANDIR = /usr/local/man
-PPPDSRCS = main.c magic.c fsm.c lcp.c ipcp.c upap.c chap.c md5.c ccp.c \
+PPPDSRCS = main.c magic.c fsm.c lcp.c ipcp.c upap.c chap.c md5.c ccp.c ecp.c \
auth.c options.c demand.c utils.c sys-osf.c md4.c chap_ms.c sha1.c
-PPPDOBJS = main.o magic.o fsm.o lcp.o ipcp.o upap.o chap.o md5.o ccp.o \
+PPPDOBJS = main.o magic.o fsm.o lcp.o ipcp.o upap.o chap.o md5.o ccp.o ecp.o \
auth.o options.o demand.o utils.o sys-osf.o md4.o chap_ms.o sha1.o
CC = cc
#
# Makefile for pppd under Solaris 2.
-# $Id: Makefile.sol2,v 1.20 2001/03/08 05:01:03 paulus Exp $
+# $Id: Makefile.sol2,v 1.21 2002/05/21 17:26:48 dfs Exp $
#
include ../solaris/Makedefs
LIBS = -lsocket -lnsl
OBJS = main.o magic.o fsm.o lcp.o ipcp.o upap.o chap.o md5.o tty.o \
- ccp.o auth.o options.o demand.o utils.o sys-solaris.o tdb.o
+ ccp.o ecp.o auth.o options.o demand.o utils.o sys-solaris.o tdb.o
#
# uncomment the following to enable plugins
#
# Makefile for pppd under SunOS 4.
-# $Id: Makefile.sunos4,v 1.11 2001/03/08 05:01:03 paulus Exp $
+# $Id: Makefile.sunos4,v 1.12 2002/05/21 17:26:48 dfs Exp $
#
include ../sunos4/Makedefs
all: pppd
-OBJS = main.o magic.o fsm.o lcp.o ipcp.o upap.o chap.o md5.o ccp.o \
+OBJS = main.o magic.o fsm.o lcp.o ipcp.o upap.o chap.o md5.o ccp.o ecp.o \
auth.o options.o demand.o utils.o sys-sunos4.o tty.o
pppd: $(OBJS)
#
# Makefile for pppd under Solaris 2.
-# $Id: Makefile.svr4,v 1.14 1999/04/12 06:24:44 paulus Exp $
+# $Id: Makefile.svr4,v 1.15 2002/05/21 17:26:48 dfs Exp $
#
include ../svr4/Makedefs
all: pppd
-OBJS = main.o magic.o fsm.o lcp.o ipcp.o upap.o chap.o md5.o ccp.o \
+OBJS = main.o magic.o fsm.o lcp.o ipcp.o upap.o chap.o md5.o ccp.o ecp.o \
auth.o options.o demand.o utils.o sys-svr4.o
pppd: $(OBJS)
#
# pppd makefile for Ultrix
-# $Id: Makefile.ultrix,v 1.11 1999/04/12 06:24:44 paulus Exp $
+# $Id: Makefile.ultrix,v 1.12 2002/05/21 17:26:49 dfs Exp $
#
BINDIR = /usr/local/etc
MANDIR = /usr/local/man
-PPPDSRCS = main.c magic.c fsm.c lcp.c ipcp.c upap.c chap.c md5.c ccp.c \
+PPPDSRCS = main.c magic.c fsm.c lcp.c ipcp.c upap.c chap.c md5.c ccp.c ecp.c \
auth.c options.c demand.c utils.c sys-ultrix.c
-PPPDOBJS = main.o magic.o fsm.o lcp.o ipcp.o upap.o chap.o md5.o ccp.o \
+PPPDOBJS = main.o magic.o fsm.o lcp.o ipcp.o upap.o chap.o md5.o ccp.o ecp.o \
auth.o options.o demand.o utils.o sys-ultrix.o
# CC = gcc
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*/
-#define RCSID "$Id: auth.c,v 1.76 2002/04/02 13:54:59 dfs Exp $"
+#define RCSID "$Id: auth.c,v 1.77 2002/05/21 17:26:49 dfs Exp $"
#include <stdio.h>
#include <stddef.h>
#include "pppd.h"
#include "fsm.h"
#include "lcp.h"
+#include "ccp.h"
+#include "ecp.h"
#include "ipcp.h"
#include "upap.h"
#include "chap.h"
free_wordlist(extra_options);
extra_options = 0;
}
- start_networks();
+ start_networks(unit);
}
void
-start_networks()
+start_networks(unit)
+ int unit;
{
+ static int started = 0;
int i;
struct protent *protp;
+ int ecp_required, mppe_required;
- new_phase(PHASE_NETWORK);
+ if (!started) {
+ started = 1;
+ new_phase(PHASE_NETWORK);
#ifdef HAVE_MULTILINK
- if (multilink) {
- if (mp_join_bundle()) {
- if (updetach && !nodetach)
- detach();
- return;
+ if (multilink) {
+ if (mp_join_bundle()) {
+ if (updetach && !nodetach)
+ detach();
+ return;
+ }
}
- }
#endif /* HAVE_MULTILINK */
#ifdef PPP_FILTER
- if (!demand)
- set_filters(&pass_filter, &active_filter);
+ if (!demand)
+ set_filters(&pass_filter, &active_filter);
#endif
- for (i = 0; (protp = protocols[i]) != NULL; ++i)
- if (protp->protocol < 0xC000 && protp->enabled_flag
- && protp->open != NULL) {
- (*protp->open)(0);
- if (protp->protocol != PPP_CCP)
+ /* Start CCP and ECP */
+ for (i = 0; (protp = protocols[i]) != NULL; ++i)
+ if ((protp->protocol == PPP_ECP || protp->protocol == PPP_CCP)
+ && protp->enabled_flag && protp->open != NULL)
+ (*protp->open)(0);
+ }
+
+ /*
+ * Bring up other network protocols after encryption has completed.
+ * OPENED here merely means that negotiation has completed. It is
+ * up to the protocol to correctly terminate or disable LCP/NCP
+ * based on the result of the negotiation.
+ */
+ ecp_required = ecp_gotoptions[unit].required;
+ mppe_required = ccp_gotoptions[unit].mppe;
+ if ((!ecp_required && !mppe_required)
+ || (ecp_required && ecp_fsm[unit].state == OPENED)
+ || (mppe_required && ccp_fsm[unit].state == OPENED)) {
+ for (i = 0; (protp = protocols[i]) != NULL; ++i)
+ if (protp->protocol < 0xC000
+ && protp->protocol != PPP_CCP && protp->protocol != PPP_ECP
+ && protp->enabled_flag && protp->open != NULL) {
+ (*protp->open)(0);
++num_np_open;
- }
+ }
- if (num_np_open == 0)
- /* nothing to do */
- lcp_close(0, "No network protocols running");
+ if (num_np_open == 0)
+ /* nothing to do */
+ lcp_close(0, "No network protocols running");
+ }
}
/*
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*/
-#define RCSID "$Id: cbcp.c,v 1.11 2001/03/08 05:11:10 paulus Exp $"
+#define RCSID "$Id: cbcp.c,v 1.12 2002/05/21 17:26:49 dfs Exp $"
#include <stdio.h>
#include <string.h>
PUTCHAR(len , bufp);
PUTCHAR(0, bufp);
cbcp_send(us, CBCP_RESP, buf, len);
- start_networks();
+ start_networks(us->us_unit);
return;
}
}
* OR MODIFICATIONS.
*/
-#define RCSID "$Id: ccp.c,v 1.34 2002/04/02 13:54:59 dfs Exp $"
+#define RCSID "$Id: ccp.c,v 1.35 2002/05/21 17:26:49 dfs Exp $"
#include <stdlib.h>
#include <string.h>
#include <net/ppp-comp.h>
#ifdef MPPE
-#include "chap_ms.h" /* mppe_xx_key */
+#include "chap_ms.h" /* mppe_xxxx_key */
#include "lcp.h" /* lcp_close() */
#endif
{
ccp_flags_set(unit, 0, 0);
fsm_lowerdown(&ccp_fsm[unit]);
+
+#ifdef MPPE
+ if (ccp_gotoptions[unit].mppe)
+ lcp_close(unit, "MPPE required but peer negotiation failed");
+#endif
+
}
/*
*/
/* Leave only the mschap auth bits set */
- auth_mschap_bits &= ~(PAP_WITHPEER | PAP_PEER |
- CHAP_WITHPEER | CHAP_PEER |
- CHAP_MD5_WITHPEER | CHAP_MD5_PEER);
+ auth_mschap_bits &= (CHAP_MS_WITHPEER | CHAP_MS_PEER |
+ CHAP_MS2_WITHPEER | CHAP_MS2_PEER);
/* Count the mschap auths */
+ auth_mschap_bits >>= CHAP_MS_SHIFT;
numbits = 0;
do {
numbits += auth_mschap_bits & 1;
if (go->mppe & MPPE_OPT_40) {
notice("Disabling 40-bit MPPE; MS-CHAP LM not supported");
go->mppe &= ~MPPE_OPT_40;
+ ccp_wantoptions[f->unit].mppe &= ~MPPE_OPT_40;
}
}
int len, clen, type, nb;
ccp_options *ho = &ccp_hisoptions[f->unit];
ccp_options *ao = &ccp_allowoptions[f->unit];
+#ifdef MPPE
+ bool seen_ci_mppe = 0;
+#endif
ret = CONFACK;
retp = p0 = p;
newret = CONFREJ;
break;
}
+ seen_ci_mppe = 1;
MPPE_CI_TO_OPTS(&p[2], ho->mppe);
/* Nak if anything unsupported or unknown are set. */
else
*lenp = retp - p0;
}
- if (ret == CONFREJ && ao->mppe)
+#ifdef MPPE
+ if (ret == CONFREJ && ao->mppe && !seen_ci_mppe)
lcp_close(f->unit, "MPPE required but peer negotiation failed");
+#endif
return ret;
}
notice("%s receive compression enabled", method_name(go, NULL));
} else if (ANY_COMPRESS(*ho))
notice("%s transmit compression enabled", method_name(ho, NULL));
+#ifdef MPPE
+ if (go->mppe) {
+ BZERO(mppe_recv_key, MPPE_MAX_KEY_LEN);
+ BZERO(mppe_send_key, MPPE_MAX_KEY_LEN);
+ start_networks(f->unit); /* Bring up IP et al */
+ }
+#endif
}
/*
UNTIMEOUT(ccp_rack_timeout, f);
ccp_localstate[f->unit] = 0;
ccp_flags_set(f->unit, 1, 0);
+#ifdef MPPE
+ if (ccp_gotoptions[f->unit].mppe)
+ lcp_close(f->unit, "MPPE disabled");
+#endif
}
/*
(p[5] & MPPE_D_BIT)? "+D": "-D",
(p[5] & MPPE_C_BIT)? "+C": "-C",
(mppe_opts & MPPE_OPT_UNKNOWN)? " +U": "");
+ if (mppe_opts & MPPE_OPT_UNKNOWN)
+ printer(arg, " (%.2x %.2x %.2x %.2x)",
+ p[2], p[3], p[4], p[5]);
p += CILEN_MPPE;
}
break;
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*/
-#define RCSID "$Id: chap.c,v 1.31 2002/04/02 14:15:07 dfs Exp $"
+#define RCSID "$Id: chap.c,v 1.32 2002/05/21 17:26:49 dfs Exp $"
/*
* TODO:
BCOPY(inp, rhostname, len);
rhostname[len] = '\000';
+#ifdef CHAPMS
+ /* copy the flags into cstate for use elsewhere */
+ if (cstate->chal_type == CHAP_MICROSOFT_V2)
+ cstate->resp_flags = ((MS_Chap2Response *) remmd)->Flags[0];
+#endif /* CHAPMS */
/*
* Get secret for authenticating them with us,
* do the hash ourselves, and compare the result.
/* No M=<message>; use the error code. */
switch(error) {
case MS_CHAP_ERROR_RESTRICTED_LOGON_HOURS:
- p = "Restricted logon hours";
+ p = "E=646 Restricted logon hours";
break;
case MS_CHAP_ERROR_ACCT_DISABLED:
- p = "Account disabled";
+ p = "E=647 Account disabled";
break;
case MS_CHAP_ERROR_PASSWD_EXPIRED:
- p = "Password expired";
+ p = "E=648 Password expired";
break;
case MS_CHAP_ERROR_NO_DIALIN_PERMISSION:
- p = "No dialin permission";
+ p = "E=649 No dialin permission";
break;
case MS_CHAP_ERROR_AUTHENTICATION_FAILURE:
- p = "Authentication failure";
+ p = "E=691 Authentication failure";
break;
case MS_CHAP_ERROR_CHANGING_PASSWORD:
/* Should never see this, we don't support Change Password. */
- p = "Error changing password";
+ p = "E=709 Error changing password";
break;
default:
free(msg);
p = msg = malloc(len + 33);
if (!msg) {
- notice("Out of memory in ChapReceiveFailure");
+ novm("ChapReceiveFailure");
goto print_msg;
}
slprintf(p, len + 33, "Unknown authentication failure: %.*s",
#ifdef CHAPMS
if (cstate->chal_type == CHAP_MICROSOFT_V2) {
/*
- * Success message must be formatted as
+ * Per RFC 2759, success message must be formatted as
* "S=<auth_string> M=<message>"
* where
* <auth_string> is the Authenticator Response (mutual auth)
* <message> is a text message
+ *
+ * However, some versions of Windows (win98 tested) do not know
+ * about the M=<message> part (required per RFC 2759) and flag
+ * it as an error (reported incorrectly as an encryption error
+ * to the user). Since the RFC requires it, and it can be
+ * useful information, we supply it if the peer is a conforming
+ * system. Luckily (?), win98 sets the Flags field to 0x04
+ * (contrary to RFC requirements) so we can use that to
+ * distinguish between conforming and non-conforming systems.
+ *
+ * Special thanks to Alex Swiridov <say@real.kharkov.ua> for
+ * help debugging this.
*/
slprintf(p, q - p, "S=");
p += 2;
slprintf(p, q - p, "%s", cstate->saresponse);
p += strlen(cstate->saresponse);
+ if (cstate->resp_flags != 0)
+ goto msgdone;
slprintf(p, q - p, " M=");
p += 3;
}
*
* The M=m part is only for MS-CHAPv2, but MS-CHAP should ignore
* any extra text according to RFC 2433. So we'll go the easy
- * (read: lazy) route and include it always.
+ * (read: lazy) route and include it always. Neither win2k nor
+ * win98 (others untested) display the message to the user anyway.
+ * They also both ignore the E=e code.
+ *
+ * Note that it's safe to reuse the same challenge as we don't
+ * actually accept another response based on the error message
+ * (and no clients try to resend a response anyway).
+ *
+ * Basically, this whole bit is useless code, even the small
+ * implementation here is only because of overspecification.
*/
slprintf(p, q - p, "E=691 R=1 C=");
p += 12;
slprintf(p, q - p, "I don't like you. Go 'way.");
}
+msgdone:
msglen = strlen(msg);
outlen = CHAP_HEADERLEN + msglen;
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: chap.h,v 1.12 2002/04/02 13:54:59 dfs Exp $
+ * $Id: chap.h,v 1.13 2002/05/21 17:26:49 dfs Exp $
*/
#ifndef __CHAP_INCLUDE__
*/
/* bitmask of supported algorithms */
-#define MDTYPE_MD5 0x1
-#define MDTYPE_MICROSOFT_V2 0x2
-#define MDTYPE_MICROSOFT 0x4
+#define MDTYPE_MICROSOFT_V2 0x1
+#define MDTYPE_MICROSOFT 0x2
+#define MDTYPE_MD5 0x4
#ifdef CHAPMS
-#define MDTYPE_ALL (MDTYPE_MD5 | MDTYPE_MICROSOFT_V2 | MDTYPE_MICROSOFT)
+#define MDTYPE_ALL (MDTYPE_MICROSOFT_V2 | MDTYPE_MICROSOFT |MDTYPE_MD5)
#else
#define MDTYPE_ALL (MDTYPE_MD5)
#endif
/* Return the digest alg. ID for the most preferred digest type. */
#define CHAP_DIGEST(mdtype) \
- ((mdtype) & MDTYPE_MD5)? CHAP_DIGEST_MD5: \
((mdtype) & MDTYPE_MICROSOFT_V2)? CHAP_MICROSOFT_V2: \
((mdtype) & MDTYPE_MICROSOFT)? CHAP_MICROSOFT: \
+ ((mdtype) & MDTYPE_MD5)? CHAP_DIGEST_MD5: \
0
/* Return the bit flag (lsb set) for our most preferred digest type. */
/* Return the bit flag for a given digest algorithm ID. */
#define CHAP_MDTYPE_D(digest) \
- ((digest) == CHAP_DIGEST_MD5)? MDTYPE_MD5: \
((digest) == CHAP_MICROSOFT_V2)? MDTYPE_MICROSOFT_V2: \
((digest) == CHAP_MICROSOFT)? MDTYPE_MICROSOFT: \
+ ((digest) == CHAP_DIGEST_MD5)? MDTYPE_MD5: \
0
/* Can we do the requested digest? */
#define CHAP_CANDIGEST(mdtype, digest) \
- ((digest) == CHAP_DIGEST_MD5)? (mdtype) & MDTYPE_MD5: \
((digest) == CHAP_MICROSOFT_V2)? (mdtype) & MDTYPE_MICROSOFT_V2: \
((digest) == CHAP_MICROSOFT)? (mdtype) & MDTYPE_MICROSOFT: \
+ ((digest) == CHAP_DIGEST_MD5)? (mdtype) & MDTYPE_MD5: \
0
#define CHAP_CHALLENGE 1
char saresponse[MS_AUTH_RESPONSE_LENGTH+1]; /* Auth response to send */
char earesponse[MS_AUTH_RESPONSE_LENGTH+1]; /* Auth response expected */
/* +1 for null terminator */
+ u_char resp_flags; /* flags from MS-CHAPv2 auth response */
u_char resp_length; /* length of response */
u_char resp_id; /* ID for response messages */
u_char resp_type; /* hash algorithm for responses */
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*/
-#define RCSID "$Id: main.c,v 1.112 2002/02/12 20:07:09 dfs Exp $"
+#define RCSID "$Id: main.c,v 1.113 2002/05/21 17:26:49 dfs Exp $"
#include <stdio.h>
#include <ctype.h>
#include "upap.h"
#include "chap.h"
#include "ccp.h"
+#include "ecp.h"
#include "pathnames.h"
#ifdef USE_TDB
&ipv6cp_protent,
#endif
&ccp_protent,
+ &ecp_protent,
#ifdef IPX_CHANGE
&ipxcp_protent,
#endif
}
/*
- * notify - call a set of functions registered with add_notify.
+ * notify - call a set of functions registered with add_notifier.
*/
void
notify(notif, val)
.\" manual page [] for pppd 2.4
-.\" $Id: pppd.8,v 1.62 2002/04/02 13:54:59 dfs Exp $
+.\" $Id: pppd.8,v 1.63 2002/05/21 17:26:49 dfs Exp $
.\" SH section heading
.\" SS subsection heading
.\" LP paragraph
option disables all other compression types. This option enables
both 40\-bit and 128\-bit encryption. In order for MPPE to successfully
come up, you must have authenticated with either MS-CHAP or MS-CHAPv2.
+This option is presently only supported under Linux, and only if your
+kernel has been configured to include MPPE support.
.TP
.B require-mppe-40
Require the use of MPPE, with 40\-bit encryption.
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
- * $Id: pppd.h,v 1.67 2002/04/02 13:54:59 dfs Exp $
+ * $Id: pppd.h,v 1.68 2002/05/21 17:26:49 dfs Exp $
*/
/*
#define CHAP_MD5_WITHPEER 0x10
#define CHAP_MD5_PEER 0x20
#ifdef CHAPMS
+#define CHAP_MS_SHIFT 6 /* LSB position for MS auths */
#define CHAP_MS_WITHPEER 0x40
#define CHAP_MS_PEER 0x80
#define CHAP_MS2_WITHPEER 0x100
void link_terminated __P((int)); /* we are finished with the link */
void link_down __P((int)); /* the LCP layer has left the Opened state */
void link_established __P((int)); /* the link is up; authenticate now */
-void start_networks __P((void)); /* start all the network control protos */
+void start_networks __P((int)); /* start all the network control protos */
void np_up __P((int, int)); /* a network protocol has come up */
void np_down __P((int, int)); /* a network protocol has gone down */
void np_finished __P((int, int)); /* a network protocol no longer needs link */
projects / ppp.git / commitdiff