This is the mail archive of the ecos-discuss@sourceware.org mailing list for the eCos project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Authentication problem with ECOS PPP Server


"Weili Yao" <weili_yao@trimble.com> writes:

> >> Hello, there:
> >>    My device is running as ECOS PPP Server and the Windows XP is
> running
> >> as PPP Client. The problem is that the ECOS PPP Server does not
> properly
> >> do authentication, i.e. the ECOS PPP Server will take whatever
> >> user/password being set by the client (Windows XP). Any idea how to
> >> set/configure the ECOS PPP Server to do the authetication?
> 
> >The original FreeBSD PPPD code worked by looking in
> >/etc/ppp/pap-secrets and /etc/passwd. Since eCos runs in systems that
> >don't have filesystems, all of the code that did this was removed.
> >
> >The main interface to this code still exists: the function
> >check_passwd() in auth.c. At present it just returns OK for
> >everything. So if you want to add your own authentication mechanism
> >then the best approach is to ifdef this function out here and add your
> >own implementation in your own code.
> 
> I don't see the logic ever reaching the check_passwd() when I set ECOS
> device as PPP server. I think fundamentally the ECOS PPP Server
> authentication has been broken. 

In that case you are going to have to work out where it is broken and
fix it. It may help to download the original sources of the PPPD from
the FreeBSD site and compare it with the ecos version. You may also
need to get the relevant RFCs and see what should be happening.

> 
> In the lcp_init() function, there are following lines:
>     wo->neg_chap = 0;			/* Set to 1 on server */
>     wo->neg_upap = 0;			/* Set to 1 on server */
> But I am not sure what these lines are for. I changed to 1 for both
> neg_upap and neg_chap, still the same result. Another place is in file:
> pppd.c
> 
>     int  auth_required = 0;	/* Peer is required to authenticate */
> 
> What is this line for?

Well, it does what it says I expect and controls whether the peer is
required to authenticate. This variable certainly seems to be used in
relevant places. Whether it is relevant to this issue I cannot say.

What you need to do is to trace the execution path from reception of a
remote authentication request and find out what need to be set to
cause check_passwd() to be called.

-- 
Nick Garnett                                     eCos Kernel Architect
http://www.ecoscentric.com                The eCos and RedBoot experts
http://www.ecoscentric.com/legal        Legal info, address and number


-- 
Before posting, please read the FAQ: http://ecos.sourceware.org/fom/ecos
and search the list archive: http://ecos.sourceware.org/ml/ecos-discuss


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]