// Copyright (c) 2002 FireBrick (Andrews & Arnold Ltd / Watchfront Ltd) - GPL licenced
// vim: sw=8 ts=8
-char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.97 2005/05/07 08:53:23 bodea Exp $";
+char const *cvs_id_l2tpns = "$Id: l2tpns.c,v 1.98 2005/05/07 11:57:53 bodea Exp $";
#include <arpa/inet.h>
#include <assert.h>
uint16_t message = 0xFFFF; // message type
uint8_t fatal = 0;
uint8_t mandatory = 0;
- uint8_t chap = 0; // if CHAP being used
+ uint8_t authtype = 0; // proxy auth type
uint16_t asession = 0; // assigned session
uint32_t amagic = 0; // magic number
uint8_t aflags = 0; // flags from last LCF
uint16_t version = 0x0100; // protocol version (we handle 0.0 as well and send that back just in case)
- int requestchap = 0; // do we request PAP instead of original CHAP request?
char called[MAXTEL] = ""; // called number
char calling[MAXTEL] = ""; // calling number
{
uint16_t atype = ntohs(*(uint16_t *)b);
LOG(4, s, t, " Proxy Auth Type %d (%s)\n", atype, auth_type(atype));
- requestchap = (atype == 2);
+ if (atype = 2)
+ authtype = AUTHCHAP;
+ else if (atype == 3)
+ authtype = AUTHPAP;
+
break;
}
case 30: // Proxy Authentication Name
{
if (*p == 5 && p[1] == 6) // Magic-Number
amagic = ntohl(*(uint32_t *) (p + 2));
- else if (*p == 3 && p[1] == 5 && *(uint16_t *) (p + 2) == htons(PPPCHAP) && p[4] == 5) // Authentication-Protocol
- chap = 1;
+ else if (*p == 3 && p[1] == 4 && *(uint16_t *) (p + 2) == htons(PPPPAP)) // Authentication-Protocol (PAP)
+ authtype = AUTHPAP;
+ else if (*p == 3 && p[1] == 5 && *(uint16_t *) (p + 2) == htons(PPPCHAP) && p[4] == 5) // Authentication-Protocol (CHAP)
+ authtype = AUTHCHAP;
else if (*p == 7) // Protocol-Field-Compression
aflags |= SESSIONPFC;
else if (*p == 8) // Address-and-Control-Field-Compression
session[s].l2tp_flags = aflags; // set flags received
LOG(3, s, t, "Magic %X Flags %X\n", amagic, aflags);
controlnull(t); // ack
- // In CHAP state, request PAP instead
- if (requestchap)
+ // proxy authentication type is not supported
+ if (authtype && !(config->radius_authtypes & authtype))
initlcp(t, s);
break;
case 14: // CDN
// L2TPNS PPP Stuff
-char const *cvs_id_ppp = "$Id: ppp.c,v 1.50 2005/05/07 08:53:23 bodea Exp $";
+char const *cvs_id_ppp = "$Id: ppp.c,v 1.51 2005/05/07 11:57:53 bodea Exp $";
#include <stdio.h>
#include <string.h>
return b;
}
-// Send initial LCP ConfigReq for PAP, set magic no.
+// Send initial LCP ConfigReq for preferred authentication type, set magic no and MRU
void initlcp(tunnelidt t, sessionidt s)
{
- char b[500], *q;
- int size;
+ char b[500], *q, *l;
if (!(q = makeppp(b, sizeof(b), NULL, 0, t, s, PPPLCP)))
return;
- LOG(4, s, t, "Sending LCP ConfigReq for PAP\n");
- *q = ConfigReq;
- *(uint8_t *)(q + 1) = (time_now % 255) + 1; // ID
- *(uint16_t *)(q + 2) = htons(14); // Length
- *(uint8_t *)(q + 4) = 5;
- *(uint8_t *)(q + 5) = 6;
- *(uint32_t *)(q + 6) = htonl(session[s].magic);
- *(uint8_t *)(q + 10) = 3;
+ LOG(4, s, t, "Sending LCP ConfigReq for %s\n",
+ config->radius_authprefer == AUTHCHAP ? "CHAP" : "PAP");
+
+ if (!session[s].mru)
+ session[s].mru = DEFAULT_MRU;
+
+ l = q;
+ *l++ = ConfigReq;
+ *l++ = (time_now % 255) + 1; // ID
+
+ *l++ = 1; *l++ = 4; // Maximum-Receive-Unit (length 4)
+ *(uint16_t *) l = htons(session[s].mru); l += 2;
+
+ *l++ = 3; // Authentication-Protocol
if (config->radius_authprefer == AUTHCHAP)
{
- *(uint8_t *)(q + 11) = 5;
- *(uint16_t *)(q + 12) = htons(PPPCHAP);
- *(uint8_t *)(q + 14) = 5; // MD5
- size = 15;
+ *l++ = 5; // length
+ *(uint16_t *) l = htons(PPPCHAP); l += 2;
+ *l++ = 5; // MD5
}
else
{
- *(uint8_t *)(q + 11) = 4;
- *(uint16_t *)(q + 12) = htons(PPPPAP);
- size = 14;
+ *l++ = 4; // length
+ *(uint16_t *) l = htons(PPPPAP); l += 2;
}
- LOG_HEX(5, "PPPLCP", q, size);
- tunnelsend(b, (q - b) + size, t);
+ *l++ = 5; *l++ = 6; // Magic-Number (length 6)
+ *(uint32_t *) l = htonl(session[s].magic);
+ l += 4;
+
+ *(uint16_t *)(q + 2) = htons(l - q); // Length
+
+ LOG_HEX(5, "PPPLCP", q, l - q);
+ tunnelsend(b, (l - b), t);
}
// Send CCP request for no compression
projects / l2tpns.git / commitdiff