summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--accel-pppd/accel-ppp.conf1
-rw-r--r--accel-pppd/accel-ppp.conf.513
-rw-r--r--accel-pppd/ppp/ccp_mppe.c29
3 files changed, 41 insertions, 2 deletions
diff --git a/accel-pppd/accel-ppp.conf b/accel-pppd/accel-ppp.conf
index a549a557..ecef5076 100644
--- a/accel-pppd/accel-ppp.conf
+++ b/accel-pppd/accel-ppp.conf
@@ -30,6 +30,7 @@ mru=1400
#sid-case=upper
#check-ip=0
#single-session=replace
+#mppe=require
[lcp]
echo-interval=30
diff --git a/accel-pppd/accel-ppp.conf.5 b/accel-pppd/accel-ppp.conf.5
index 0180f5ec..dc6ff971 100644
--- a/accel-pppd/accel-ppp.conf.5
+++ b/accel-pppd/accel-ppp.conf.5
@@ -115,6 +115,19 @@ If this option is
.B deny
then accel-ppp will deny second session authorization.
.TP
+.BI "mppe=" allow|prefere|require
+Specifies mppe negotioation preference.
+.br
+.B allow
+- allow mppe negotiation if client requests it.
+.br
+.B prefere
+- ask client for mppe, if it rejects don't fail.
+.br
+.B require
+- ask client for mppe, if it rejects drop connection
+Please note that RADIUS may override this option by MS-MPPE-Encryption-Policy.
+.TP
.SH [lcp]
.br
PPP LCP module configuration
diff --git a/accel-pppd/ppp/ccp_mppe.c b/accel-pppd/ppp/ccp_mppe.c
index 0952aa01..436f7108 100644
--- a/accel-pppd/ppp/ccp_mppe.c
+++ b/accel-pppd/ppp/ccp_mppe.c
@@ -29,6 +29,8 @@ static int mppe_recv_conf_nak(struct ppp_ccp_t *ccp, struct ccp_option_t *opt, u
static int mppe_recv_conf_rej(struct ppp_ccp_t *ccp, struct ccp_option_t *opt, uint8_t *ptr);
static void mppe_print(void (*print)(const char *fmt,...),struct ccp_option_t*, uint8_t *ptr);
+static int conf_mppe = -1;
+
struct mppe_option_t
{
struct ccp_option_t opt;
@@ -53,7 +55,11 @@ static struct ccp_option_t *mppe_init(struct ppp_ccp_t *ccp)
{
struct mppe_option_t *mppe_opt = _malloc(sizeof(*mppe_opt));
memset(mppe_opt, 0, sizeof(*mppe_opt));
- mppe_opt->mppe = -1;
+ mppe_opt->policy = conf_mppe;
+ if (conf_mppe)
+ mppe_opt->mppe = conf_mppe;
+ else
+ mppe_opt->mppe = -1;
mppe_opt->opt.id = CI_MPPE;
mppe_opt->opt.len = 6;
@@ -245,15 +251,34 @@ static void ev_mppe_keys(struct ev_mppe_keys_t *ev)
memcpy(mppe_opt->recv_key, ev->recv_key, 16);
memcpy(mppe_opt->send_key, ev->send_key, 16);
- mppe_opt->policy = ev->policy;
+ //mppe_opt->policy = ev->policy;
if (ev->policy == 2)
mppe_opt->mppe = 1;
}
+static void load_config(void)
+{
+ const char *opt;
+
+ opt = conf_get_opt("ppp", "mppe");
+ if (opt) {
+ if (!strcmp(opt,"require"))
+ conf_mppe = 2;
+ else if (!strcmp(opt,"prefere"))
+ conf_mppe = 1;
+ else if (!strcmp(opt,"deny"))
+ conf_mppe = 0;
+ } else
+ conf_mppe = -1;
+}
+
static void __init mppe_opt_init()
{
ccp_option_register(&mppe_opt_hnd);
triton_event_register_handler(EV_MPPE_KEYS, (triton_event_func)ev_mppe_keys);
+
+ load_config();
+ triton_event_register_handler(EV_CONFIG_RELOAD, (triton_event_func)load_config);
}