diff -ur --new-file ppp-2.3.11/pppd/ccp.c ppp-2.3.11.mppe/pppd/ccp.c --- ppp-2.3.11/pppd/ccp.c Thu Mar 16 17:47:42 2000 +++ ppp-2.3.11.mppe/pppd/ccp.c Tue Mar 28 16:56:22 2000 @@ -37,6 +37,7 @@ #include "mppe.h" #endif #include +#include "lcp.h" static const char rcsid[] = RCSID; @@ -103,6 +104,10 @@ "Disallow stateless MPPE encryption" }, { "-mppe-stateless", o_special_noarg, setnomppe_stateless, "Disallow stateless MPPE encryption" }, + { "require-mppe", o_special_noarg, require_mppe, + "Require MPPE encryption" }, + { "require-mppe-stateless", o_special_noarg, require_mppe_stateless, + "Require stateless MPPE encryption" }, #endif { NULL } @@ -450,6 +455,8 @@ { ccp_flags_set(unit, 0, 0); fsm_lowerdown(&ccp_fsm[unit]); + if ( ccp_wantoptions[unit].require_mppe || ccp_wantoptions[unit].require_mppe_stateless ) + lcp_close(unit,"Encryption negotiation rejected"); } /* @@ -1269,6 +1276,19 @@ notice("%s receive compression enabled", method_name(go, NULL)); } else if (ANY_COMPRESS(*ho)) notice("%s transmit compression enabled", method_name(ho, NULL)); + + if ( ccp_wantoptions[f->unit].require_mppe_stateless || ccp_wantoptions[f->unit].require_mppe ) { + if ( (go->mppe_128 && ho->mppe_128) || (go->mppe_40 && ho->mppe_40 ) ) + if ( ccp_wantoptions[f->unit].require_mppe_stateless ) + if ( go->mppe_stateless && ho->mppe_stateless ) + notice("stateless MPPE enforced"); + else + lcp_close(f->unit,"stateless encryption negotiation failed"); + else + notice("MPPE enforced"); + else + lcp_close(f->unit,"encryption negotiation failed"); + } } /* @@ -1434,6 +1454,8 @@ */ error("Lost compression sync: disabling compression"); ccp_close(unit, "Lost compression sync"); + if ( ccp_wantoptions[unit].require_mppe || ccp_wantoptions[unit].require_mppe_stateless ) + lcp_close(unit,"Encryption got out of order"); } else { /* MPPE/MPPC does not requires CCP_RESETREQ */ if (ccp_gotoptions[f->unit].method == CI_MPPE) diff -ur --new-file ppp-2.3.11/pppd/ccp.h ppp-2.3.11.mppe/pppd/ccp.h --- ppp-2.3.11/pppd/ccp.h Thu Mar 16 17:47:42 2000 +++ ppp-2.3.11.mppe/pppd/ccp.h Thu Mar 16 16:25:50 2000 @@ -38,6 +38,8 @@ bool mppe_40; /* allow 40 bit encryption */ bool mppe_128; /* allow 128 bit encryption */ bool mppe_stateless; /* allow stateless encryption */ + bool require_mppe; /* force mppe encryption */ + bool require_mppe_stateless; /* force stateless encryption */ u_short bsd_bits; /* # bits/code for BSD Compress */ u_short deflate_size; /* lg(window size) for Deflate */ short method; /* code for chosen compression method */ diff -ur --new-file ppp-2.3.11/pppd/mppe.c ppp-2.3.11.mppe/pppd/mppe.c --- ppp-2.3.11/pppd/mppe.c Thu Mar 16 17:47:42 2000 +++ ppp-2.3.11.mppe/pppd/mppe.c Thu Mar 16 17:06:34 2000 @@ -226,4 +226,20 @@ ccp_allowoptions[0].mppe_stateless = ccp_wantoptions[0].mppe_stateless = 0; return 1; } + +int +require_mppe(char **argv) +{ + ccp_allowoptions[0].require_mppe = ccp_wantoptions[0].require_mppe = 1; + return 1; +} + +int +require_mppe_stateless(char **argv) +{ + ccp_allowoptions[0].require_mppe = ccp_wantoptions[0].require_mppe = 1; + ccp_allowoptions[0].require_mppe_stateless = ccp_wantoptions[0].require_mppe_stateless = 1; + return 1; +} + #endif /* MPPE */ diff -ur --new-file ppp-2.3.11/pppd/mppe.h ppp-2.3.11.mppe/pppd/mppe.h --- ppp-2.3.11/pppd/mppe.h Thu Mar 16 17:47:42 2000 +++ ppp-2.3.11.mppe/pppd/mppe.h Thu Mar 16 16:25:00 2000 @@ -51,6 +51,8 @@ int setnomppe_128(char **); int setmppe_stateless(char **); int setnomppe_stateless(char **); +int require_mppe(char **); +int require_mppe_stateless(char **); #define __MPPE_INCLUDE__ #endif /* __MPPE_INCLUDE__ */