ppp: nak unknown auth protocol

If we are sent a Config-Request for an auth proto other than
CHAP with MD5, send a NAK.

gatchat/ppp.h

@@ -25,6 +25,7 @@
 #define CHAP_PROTOCOL	0xc223
 #define IPCP_PROTO	0x8021
 #define PPP_IP_PROTO	0x0021
+#define MD5		5
 
 enum ppp_phase {
 	PPP_PHASE_DEAD = 0,		/* Link dead */
@@ -62,12 +63,21 @@ static inline guint16 __get_unaligned_short(const void *p)
 	return ptr->s;
 }
 
+static inline void __put_unaligned_short(void *p, guint16 val)
+{
+	struct packed_short *ptr = p;
+	ptr->s = val;
+}
+
 #define get_host_long(p) \
 	(ntohl(__get_unaligned_long(p)))
 
 #define get_host_short(p) \
 	(ntohs(__get_unaligned_short(p)))
 
+#define put_network_short(p, val) \
+	(__put_unaligned_short(p, htons(val)))
+
 #define ppp_info(packet) \
 	(packet + 4)
 

gatchat/ppp_auth.c

@@ -35,8 +35,6 @@
 #include "gatppp.h"
 #include "ppp.h"
 
-#define MD5	5
-
 struct chap_header {
 	guint8 code;
 	guint8 identifier;

gatchat/ppp_lcp.c

@@ -166,9 +166,35 @@ static enum rcr_result lcp_rcr(struct pppcp_data *pppcp,
 
 	while (ppp_option_iter_next(&iter) == TRUE) {
 		switch (ppp_option_iter_get_type(&iter)) {
-		case ACCM:
-		/* TODO check to make sure it's a proto we recognize */
 		case AUTH_PROTO:
+		{
+			const guint8 *option_data =
+				ppp_option_iter_get_data(&iter);
+			guint16 proto = get_host_short(option_data);
+			guint8 method = option_data[2];
+			guint8 *option;
+
+			if ((proto == CHAP_PROTOCOL) && (method == MD5))
+				break;
+
+			/*
+			 * try to suggest CHAP & MD5.  If we are out
+			 * of memory, just reject.
+			 */
+
+			option = g_try_malloc0(5);
+			if (!option)
+				return RCR_REJECT;
+
+			option[0] = AUTH_PROTO;
+			option[1] = 5;
+			put_network_short(&option[2], CHAP_PROTOCOL);
+			option[4] = MD5;
+			*new_options = option;
+			*new_len = 5;
+			return RCR_NAK;
+		}
+		case ACCM:
 		case PFC:
 		case ACFC:
 			break;