From 06792c58d5296e43c29af28744e2aa418b29c02c Mon Sep 17 00:00:00 2001 From: brian Date: Mon, 30 Oct 2000 00:15:04 +0000 Subject: Add MPPE and MSChap v2 support (denied and disabled by default) Submitted by: Ustimenko Semen --- usr.sbin/ppp/lcp.c | 37 ++++++++++++++++++++++++++++++++----- 1 file changed, 32 insertions(+), 5 deletions(-) (limited to 'usr.sbin/ppp/lcp.c') diff --git a/usr.sbin/ppp/lcp.c b/usr.sbin/ppp/lcp.c index b2b56e0..096b59b 100644 --- a/usr.sbin/ppp/lcp.c +++ b/usr.sbin/ppp/lcp.c @@ -193,6 +193,8 @@ lcp_ReportStatus(struct cmdargs const *arg) command_ShowNegval(lcp->cfg.chap80nt)); prompt_Printf(arg->prompt, " LANMan = %s\n", command_ShowNegval(lcp->cfg.chap80lm)); + prompt_Printf(arg->prompt, " CHAP81 = %s\n", + command_ShowNegval(lcp->cfg.chap81)); #endif prompt_Printf(arg->prompt, " LQR = %s\n", command_ShowNegval(lcp->cfg.lqr)); @@ -244,6 +246,7 @@ lcp_Init(struct lcp *lcp, struct bundle *bundle, struct link *l, #ifdef HAVE_DES lcp->cfg.chap80nt = NEG_ACCEPTED; lcp->cfg.chap80lm = NEG_ACCEPTED; + lcp->cfg.chap81 = 0; #endif lcp->cfg.lqr = NEG_ACCEPTED; lcp->cfg.pap = NEG_ACCEPTED; @@ -292,6 +295,9 @@ lcp_Setup(struct lcp *lcp, int openmode) IsEnabled(lcp->cfg.chap80lm)) { lcp->want_auth = PROTO_CHAP; lcp->want_authtype = 0x80; + } else if (IsEnabled(lcp->cfg.chap81)) { + lcp->want_auth = PROTO_CHAP; + lcp->want_authtype = 0x81; #endif } else if (IsEnabled(lcp->cfg.pap)) { lcp->want_auth = PROTO_PAP; @@ -733,6 +739,12 @@ LcpDecodeConfig(struct fsm *fp, u_char *cp, int plen, int mode_type, *dec->nakend++ = (unsigned char) (PROTO_CHAP >> 8); *dec->nakend++ = (unsigned char) PROTO_CHAP; *dec->nakend++ = 0x80; + } else if (IsAccepted(lcp->cfg.chap81)) { + *dec->nakend++ = *cp; + *dec->nakend++ = 5; + *dec->nakend++ = (unsigned char) (PROTO_CHAP >> 8); + *dec->nakend++ = (unsigned char) PROTO_CHAP; + *dec->nakend++ = 0x81; #endif } else goto reqreject; @@ -747,6 +759,7 @@ LcpDecodeConfig(struct fsm *fp, u_char *cp, int plen, int mode_type, #ifdef HAVE_DES || (cp[4] == 0x80 && (IsAccepted(lcp->cfg.chap80nt) || (IsAccepted(lcp->cfg.chap80lm)))) + || (cp[4] == 0x81 && IsAccepted(lcp->cfg.chap81)) #endif ) { lcp->his_auth = proto; @@ -755,9 +768,11 @@ LcpDecodeConfig(struct fsm *fp, u_char *cp, int plen, int mode_type, dec->ackend += length; } else { #ifndef HAVE_DES - if (cp[4] == 0x80) + if (cp[4] == 0x80) { log_Printf(LogWARN, "CHAP 0x80 not available without DES\n"); - else + } else if (cp[4] == 0x81) { + log_Printf(LogWARN, "CHAP 0x81 not available without DES\n"); + } else #endif if (cp[4] != 0x05) log_Printf(LogWARN, "%s not supported\n", @@ -777,6 +792,12 @@ LcpDecodeConfig(struct fsm *fp, u_char *cp, int plen, int mode_type, *dec->nakend++ = (unsigned char) (PROTO_CHAP >> 8); *dec->nakend++ = (unsigned char) PROTO_CHAP; *dec->nakend++ = 0x80; + } else if (IsAccepted(lcp->cfg.chap81)) { + *dec->nakend++ = *cp; + *dec->nakend++ = 5; + *dec->nakend++ = (unsigned char) (PROTO_CHAP >> 8); + *dec->nakend++ = (unsigned char) PROTO_CHAP; + *dec->nakend++ = 0x81; #endif } else if (IsAccepted(lcp->cfg.pap)) { *dec->nakend++ = *cp; @@ -816,18 +837,24 @@ LcpDecodeConfig(struct fsm *fp, u_char *cp, int plen, int mode_type, IsEnabled(lcp->cfg.chap80lm))) { lcp->want_auth = PROTO_CHAP; lcp->want_authtype = 0x80; + } else if (cp[4] == 0x81 && IsEnabled(lcp->cfg.chap81)) { + lcp->want_auth = PROTO_CHAP; + lcp->want_authtype = 0x81; #endif } else { #ifndef HAVE_DES - if (cp[4] == 0x80) + if (cp[4] == 0x80) { log_Printf(LogLCP, "Peer will only send MSCHAP (not available" " without DES)\n"); - else + } else if (cp[4] == 0x81) { + log_Printf(LogLCP, "Peer will only send MSCHAPV2 (not available" + " without DES)\n"); + } else #endif log_Printf(LogLCP, "Peer will only send %s (not %s)\n", Auth2Nam(PROTO_CHAP, cp[4]), #ifdef HAVE_DES - cp[4] == 0x80 ? "configured" : + (cp[4] == 0x80 || cp[4] == 0x81) ? "configured" : #endif "supported"); lcp->his_reject |= (1 << type); -- cgit v1.1