summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorbrian <brian@cvs.openbsd.org>2002-07-01 11:14:36 +0000
committerbrian <brian@cvs.openbsd.org>2002-07-01 11:14:36 +0000
commit1eb03a3f38899a980ed15cc6acecdd7a79cbf742 (patch)
tree3d71adc1b1472f0bb3b9a96d6626528458ea5d73
parent1ebb95776d0f2c3bb000e1c1e08bb06d4b9021b6 (diff)
Don't allow the use of MPPE with RADIUS unless the RADIUS server has provided
keys.
-rw-r--r--usr.sbin/ppp/ppp/mppe.c27
1 files changed, 20 insertions, 7 deletions
diff --git a/usr.sbin/ppp/ppp/mppe.c b/usr.sbin/ppp/ppp/mppe.c
index 7d6f2f219db..3f599ad957f 100644
--- a/usr.sbin/ppp/ppp/mppe.c
+++ b/usr.sbin/ppp/ppp/mppe.c
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $OpenBSD: mppe.c,v 1.14 2002/06/15 01:33:23 brian Exp $
+ * $OpenBSD: mppe.c,v 1.15 2002/07/01 11:14:35 brian Exp $
*/
#include <sys/param.h>
@@ -427,14 +427,27 @@ MPPEDispOpts(struct fsm_opt *o)
static int
MPPEUsable(struct fsm *fp)
{
- struct lcp *lcp;
int ok;
+#ifndef NORADIUS
+ struct radius *r = &fp->bundle->radius;
- lcp = &fp->link->lcp;
- ok = (lcp->want_auth == PROTO_CHAP && lcp->want_authtype == 0x81) ||
- (lcp->his_auth == PROTO_CHAP && lcp->his_authtype == 0x81);
- if (!ok)
- log_Printf(LogCCP, "MPPE: Not usable without CHAP81\n");
+ /*
+ * If the radius server gave us RAD_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES,
+ * use that instead of our configuration value.
+ */
+ if (*r->cfg.file) {
+ ok = r->mppe.sendkeylen && r->mppe.recvkeylen;
+ if (!ok)
+ log_Printf(LogCCP, "MPPE: Not permitted by RADIUS server\n");
+ } else
+#endif
+ {
+ struct lcp *lcp = &fp->link->lcp;
+ ok = (lcp->want_auth == PROTO_CHAP && lcp->want_authtype == 0x81) ||
+ (lcp->his_auth == PROTO_CHAP && lcp->his_authtype == 0x81);
+ if (!ok)
+ log_Printf(LogCCP, "MPPE: Not usable without CHAP81\n");
+ }
return ok;
}