diff options
| author | David F. Skoll <dfs@roaringpenguin.com> | 2002-01-22 16:03:05 +0000 |
|---|---|---|
| committer | David F. Skoll <dfs@roaringpenguin.com> | 2002-01-22 16:03:05 +0000 |
| commit | d95598c16f6a3feb4846db669601856bad15bb74 (patch) | |
| tree | 7b1ecc0021454fbb609d4d30d97b66bc822cadc3 /PLUGINS | |
| parent | 14768a012e45353cde5b60896ccc6b7528d90c69 (diff) | |
| download | ppp-d95598c16f6a3feb4846db669601856bad15bb74.tar.gz | |
Added RADIUS suppport.
Diffstat (limited to 'PLUGINS')
| -rw-r--r-- | PLUGINS | 47 |
1 files changed, 46 insertions, 1 deletions
@@ -147,6 +147,42 @@ pppd's internal `plogout' function. It can be used for accounting purposes. This hook is deprecated and will be replaced by a notifier. +int (*chap_check_hook)(void); +int (*chap_passwd_hook)(char *user, char *passwd); +int (*chap_auth_hook)(char *user, u_char *remmd, + int remmd_len, chap_state *cstate); + +These hooks are designed to allow a plugin to replace the normal CHAP +password processing in pppd with something different (e.g. contacting +an external server). + +The chap_check_hook is called to check whether there is any possibility +that the peer could authenticate itself to us. If it returns 1, pppd +will ask the peer to authenticate itself. If it returns 0, pppd will +not ask the peer to authenticate itself (but if authentication is +required, pppd may exit, or terminate the link before network protocol +negotiation). If it returns -1, pppd will look in the chap-secrets +file as it would normally. + +The chap_passwd_hook is called to determine what password +pppd should use in authenticating itself to the peer with CHAP. The +user string will already be initialized, by the `user' option, the +`name' option, or from the hostname, but can be changed if necessary. +This hook is called only if pppd is a client, not if it is a server. + +MAXSECRETLEN bytes of space are available at *passwd. If this hook +returns 0, pppd will use the value *passwd; if it returns -1, pppd +will fail to authenticate. + +The chap_auth_hook is called to determine whether the response +to a CHAP challenge provided by the peer is valid. user points to +a null-terminated string containing the username supplied +by the peer. remmd points to the response provided by the peer, of +length remmd_len bytes. cstate is the internal CHAP state structure +maintained by pppd. chap_auth_hook is expected to return one of +CHAP_SUCCESS or CHAP_FAILURE. + + int (*null_auth_hook)(struct wordlist **paddrs, struct wordlist **popts); @@ -167,6 +203,15 @@ should be stored in *addrp. If nothing is stored in *addrp, pppd will determine the peer's address in the usual manner. +int (*allowed_address_hook)(u_int32_t addr) + +This hook is called to see if a peer is allowed to use the specified +address. If the hook returns 1, the address is accepted. If it returns +0, the address is rejected. If it returns -1, the address is verified +in the normal away against the appropriate options and secrets files. + + + A plugin registers itself with a notifier by declaring a procedure of the form: @@ -213,4 +258,4 @@ Here is a list of the currently-implemented notifiers in pppd. -## $Id: PLUGINS,v 1.3 2001/05/21 08:34:33 paulus Exp $ ## +## $Id: PLUGINS,v 1.4 2002/01/22 16:02:55 dfs Exp $ ## |