in net/ip/lwip_base/src/netif/ppp/auth.c [251:408]
static int have_srp_secret (char *client, char *server, int need_ip,
int *lacks_ipp);
static int ip_addr_check (u32_t, struct permitted_ip *);
static int scan_authfile (FILE *, char *, char *, char *,
struct wordlist **, struct wordlist **,
char *, int);
static void free_wordlist (struct wordlist *);
static void set_allowed_addrs (int, struct wordlist *, struct wordlist *);
static int some_ip_ok (struct wordlist *);
static int setupapfile (char **);
static int privgroup (char **);
static int set_noauth_addr (char **);
static int set_permitted_number (char **);
static void check_access (FILE *, char *);
static int wordlist_count (struct wordlist *);
#endif /* UNUSED */
#ifdef MAXOCTETS
static void check_maxoctets (void *);
#endif
#if PPP_OPTIONS
/*
* Authentication-related options.
*/
option_t auth_options[] = {
{ "auth", o_bool, &auth_required,
"Require authentication from peer", OPT_PRIO | 1 },
{ "noauth", o_bool, &auth_required,
"Don't require peer to authenticate", OPT_PRIOSUB | OPT_PRIV,
&allow_any_ip },
{ "require-pap", o_bool, &lcp_wantoptions[0].neg_upap,
"Require PAP authentication from peer",
OPT_PRIOSUB | 1, &auth_required },
{ "+pap", o_bool, &lcp_wantoptions[0].neg_upap,
"Require PAP authentication from peer",
OPT_ALIAS | OPT_PRIOSUB | 1, &auth_required },
{ "require-chap", o_bool, &auth_required,
"Require CHAP authentication from peer",
OPT_PRIOSUB | OPT_A2OR | MDTYPE_MD5,
&lcp_wantoptions[0].chap_mdtype },
{ "+chap", o_bool, &auth_required,
"Require CHAP authentication from peer",
OPT_ALIAS | OPT_PRIOSUB | OPT_A2OR | MDTYPE_MD5,
&lcp_wantoptions[0].chap_mdtype },
#if MSCHAP_SUPPORT
{ "require-mschap", o_bool, &auth_required,
"Require MS-CHAP authentication from peer",
OPT_PRIOSUB | OPT_A2OR | MDTYPE_MICROSOFT,
&lcp_wantoptions[0].chap_mdtype },
{ "+mschap", o_bool, &auth_required,
"Require MS-CHAP authentication from peer",
OPT_ALIAS | OPT_PRIOSUB | OPT_A2OR | MDTYPE_MICROSOFT,
&lcp_wantoptions[0].chap_mdtype },
{ "require-mschap-v2", o_bool, &auth_required,
"Require MS-CHAPv2 authentication from peer",
OPT_PRIOSUB | OPT_A2OR | MDTYPE_MICROSOFT_V2,
&lcp_wantoptions[0].chap_mdtype },
{ "+mschap-v2", o_bool, &auth_required,
"Require MS-CHAPv2 authentication from peer",
OPT_ALIAS | OPT_PRIOSUB | OPT_A2OR | MDTYPE_MICROSOFT_V2,
&lcp_wantoptions[0].chap_mdtype },
#endif /* MSCHAP_SUPPORT */
#if 0
{ "refuse-pap", o_bool, &refuse_pap,
"Don't agree to auth to peer with PAP", 1 },
{ "-pap", o_bool, &refuse_pap,
"Don't allow PAP authentication with peer", OPT_ALIAS | 1 },
{ "refuse-chap", o_bool, &refuse_chap,
"Don't agree to auth to peer with CHAP",
OPT_A2CLRB | MDTYPE_MD5,
&lcp_allowoptions[0].chap_mdtype },
{ "-chap", o_bool, &refuse_chap,
"Don't allow CHAP authentication with peer",
OPT_ALIAS | OPT_A2CLRB | MDTYPE_MD5,
&lcp_allowoptions[0].chap_mdtype },
#endif
#if MSCHAP_SUPPORT
#if 0
{ "refuse-mschap", o_bool, &refuse_mschap,
"Don't agree to auth to peer with MS-CHAP",
OPT_A2CLRB | MDTYPE_MICROSOFT,
&lcp_allowoptions[0].chap_mdtype },
{ "-mschap", o_bool, &refuse_mschap,
"Don't allow MS-CHAP authentication with peer",
OPT_ALIAS | OPT_A2CLRB | MDTYPE_MICROSOFT,
&lcp_allowoptions[0].chap_mdtype },
{ "refuse-mschap-v2", o_bool, &refuse_mschap_v2,
"Don't agree to auth to peer with MS-CHAPv2",
OPT_A2CLRB | MDTYPE_MICROSOFT_V2,
&lcp_allowoptions[0].chap_mdtype },
{ "-mschap-v2", o_bool, &refuse_mschap_v2,
"Don't allow MS-CHAPv2 authentication with peer",
OPT_ALIAS | OPT_A2CLRB | MDTYPE_MICROSOFT_V2,
&lcp_allowoptions[0].chap_mdtype },
#endif
#endif /* MSCHAP_SUPPORT*/
#if EAP_SUPPORT
{ "require-eap", o_bool, &lcp_wantoptions[0].neg_eap,
"Require EAP authentication from peer", OPT_PRIOSUB | 1,
&auth_required },
#if 0
{ "refuse-eap", o_bool, &refuse_eap,
"Don't agree to authenticate to peer with EAP", 1 },
#endif
#endif /* EAP_SUPPORT */
{ "name", o_string, our_name,
"Set local name for authentication",
OPT_PRIO | OPT_PRIV | OPT_STATIC, NULL, MAXNAMELEN },
{ "+ua", o_special, (void *)setupapfile,
"Get PAP user and password from file",
OPT_PRIO | OPT_A2STRVAL, &uafname },
#if 0
{ "user", o_string, user,
"Set name for auth with peer", OPT_PRIO | OPT_STATIC,
&explicit_user, MAXNAMELEN },
{ "password", o_string, passwd,
"Password for authenticating us to the peer",
OPT_PRIO | OPT_STATIC | OPT_HIDE,
&explicit_passwd, MAXSECRETLEN },
#endif
{ "usehostname", o_bool, &usehostname,
"Must use hostname for authentication", 1 },
{ "remotename", o_string, remote_name,
"Set remote name for authentication", OPT_PRIO | OPT_STATIC,
&explicit_remote, MAXNAMELEN },
{ "login", o_bool, &uselogin,
"Use system password database for PAP", OPT_A2COPY | 1 ,
&session_mgmt },
{ "enable-session", o_bool, &session_mgmt,
"Enable session accounting for remote peers", OPT_PRIV | 1 },
{ "papcrypt", o_bool, &cryptpap,
"PAP passwords are encrypted", 1 },
{ "privgroup", o_special, (void *)privgroup,
"Allow group members to use privileged options", OPT_PRIV | OPT_A2LIST },
{ "allow-ip", o_special, (void *)set_noauth_addr,
"Set IP address(es) which can be used without authentication",
OPT_PRIV | OPT_A2LIST },
{ "remotenumber", o_string, remote_number,
"Set remote telephone number for authentication", OPT_PRIO | OPT_STATIC,
NULL, MAXNAMELEN },
{ "allow-number", o_special, (void *)set_permitted_number,
"Set telephone number(s) which are allowed to connect",
OPT_PRIV | OPT_A2LIST },
{ NULL }
};