Ubuntu
ppp package

Merge ~eivnaes/ubuntu/+source/ppp:ubuntu/impish into ubuntu/+source/ppp:ubuntu/devel

  1. Git
  2. lp:~eivnaes/ubuntu/+source/ppp
  3. ubuntu/impish
  4. Merge into ubuntu/devel
Proposed by Eivind Naess
Status: Needs review
Proposed branch: ~eivnaes/ubuntu/+source/ppp:ubuntu/impish
Merge into: ubuntu/+source/ppp:ubuntu/devel
Diff against target: 945 lines (+889/-5)
4 files modified
debian/patches/eap-mschap-v2-namelen.patch (+13/-0)
debian/patches/expose-mppe-keys-via-api.patch (+864/-0)
debian/patches/series (+2/-0)
debian/ppp.symbols (+10/-5)
Reviewer Review Type Date Requested Status
Simon Quigley (community) Needs Resubmitting
git-ubuntu import Pending
Review via email: mp+415397@code.launchpad.net

Commit message

Fix EAP-MSCHAPv2 and export 32-byte MPPE keys

Backported commit-id: d706c95906d996534f13632a747af5dc617f306e
Author: Eivind Næss <email address hidden>
Date: Sat Apr 24 03:00:34 2021 -0700

The lengthy part of this fix is to refactor the handling of MPPE keys
by moving it into mppe.c and thus reducing the clutter in chap_ms.c.
It does so by renaming the mppe_set_keys/2 to the corresponding
mppe_set_chapv1/mppe_set_chapv2 versions and updates callers of these
functions.

Having done so, it conveniently allows the name "mppe_set_keys" to be
re-used for this new purpose which will copy the key material up to
its size and then clear the input parameters (avoids leaving the MPPE
keys on the stack).

Additional functiions added to the MPPE code allow plugins et al. to
access the MPPE keys, clear the keys, and check if they are set. All
plugin and CCP code has been updated to use this API.

This fixes GitHub Issue #258
Signed-off-by: Eivind Naess <email address hidden>

Backported commit-id: d7e62a8499c4032d79e05afbd8fd3efd51c5b148
Author: Eivind Næss <email address hidden>
Date: Thu Feb 3 14:28:22 2022 -0800

    pppd/eap: Fix bug causing incorrect response length (#334)

    Need to update the esp->ea_client.ea_namelen variable. A plugin can override the
    name of the user, and the variable is passed onto the eap_chap2_response generating
    the wrong response length.

    Signed-off-by: Eivind Næss <email address hidden>

Description of the change

I am the maintainer of sstp-client/network-manager-sstp, and am getting repeated requests for support of EAP-MSCHAPv2 and EAP-TLS. The MPPE keys need an expansion from 16 to 32 bytes, and there is currently a bug in the EAP code when doing MSCHAPv2 given the length of the user-name.

This merge request fixes both of those issues. Both fixes are in pppd-project (master branch).

To post a comment you must log in.
Revision history for this message
Simon Chopin (schopin) wrote :

While the patch itself is substantial, the request seems reasonable.

I've reviewed it as much as I could (I'm not familiar with this area of the ppp code) and I didn't see any obvious problems with it. The comments in https://github.com/ppp-project/ppp/issues/258 where particularly helpful in understanding the ins and outs of the patch.

This is a +1 from me, assuming proper testing afterwards from OP.

Reply
Revision history for this message
Eivind Naess (eivnaes) wrote :

@schopin

Thank you for the review. I did email ubuntu-server mailing list requesting a review. However, they've subscribed ~ubuntu-sponsorship to the issue. Do you know if there is someone that could help with that and to expedite the process somehow?

People are upgrading to Ubuntu 21.10 and finding out that sstp-client is broken for them. It makes it really hard for me to support them, and telling non-developers to go rebuild multiple packages is a bit hard.

Reply
Revision history for this message
Robie Basak (racb) wrote :

I had assumed you wanted this in the upcoming Ubuntu LTS release (codenamed Jammy) expected to be 22.04. It will supersede 21.10 and 21.10 will go end-of-life in July 2022, so five months away. After it is released, I doubt that anyone new will be installing 21.10 any more. 22.04 will have standard support for at least five years - so until at least April 2027.

If you still want 21.10 updated then we can consider that. The process is more involved and is documented at https://wiki.ubuntu.com/StableReleaseUpdates. In particular, we'd need to ensure that it meets the policy that prevents unexpected behaviour changes hitting users of the stable release. Bugfixes on the other hand are fine. Major refactorings generally are not.

Another requirement of that process though is that the Ubuntu development release (ie. Jammy) must be fixed first, and so maybe we can focus on this first if this is what you want? It seems to me that it'd be great to have good support in this area in the LTS release and you've done great work in this area already, so with your help we could get that into Jammy.

Feature freeze for Jammy is today, so if we want this change, it has to go in today. It sounds like we're all generally in favour. I have yet to review in detail, and I will do that next, but I know of no issues with that side right now.

However, in pulling in a patch to Ubuntu ahead of an upstream release, we will be going out on a limb here. Can you commit to helping us maintain this patch in Jammy - helping us with testing and with any issues we might encounter with it in the future - both during development and after release? Note that changing things after release is much harder because of the care we owe to our users to ensure stability - see the link above.

Reply
Revision history for this message
Eivind Naess (eivnaes) wrote :

Hi Robie,

If you want things fixed today, I maybe able to spare a few minutes just let me know what exactly you need. You can also email me back at eivnaes [at] yahoo [dot] com as I receive notifications on my phone w.r.t. email.

I can generally help with testing on Jimmy. Right now the EAP-MSCHAP fix is definitely busted, and also EAP-TLS doesn't work with the MS-SSTP protocol. The former is definitely hitting people as EAP is the default option for Microsoft Windows. I've committed multiple fixes upstream to pppd project, and unfortunately I don't see an release coming up on a short timeline (unless Paul changes his mind).

It is still unclear what you need me to do, so please hit me up and be specific as the time window is very narrow.

Does this patch apply cleanly to Jimmy? I haven't tried

Reply
Revision history for this message
Eivind Naess (eivnaes) wrote :

Also noted, the EAP-TLS with MS-SSTP is a hot-button issue for a lot of people trying to connect to Microsoft Azure cloud environment.

Reply
Revision history for this message
Robie Basak (racb) wrote :

Thanks!

The patch does apply cleanly to Jammy - there are no changes to the
package apart from metadata. So I think we should be safe from that
perspective.

I'm struggling to find a match between this patch and the one upstream.
I found 789e867 that I thought was related, but that doesn't match.
Ideally I'd like to see that the patch is identical to the one upstream,
or if it's not, understand why it's different. Could you help me
understand how this patch is constructed from the upstream ones, please?
For example, is there a commit or a set of commits upstream that, if
squashed together, makes up this one? If so, a link to the upstream
commits would be helpful.

Reply
Revision history for this message
Eivind Naess (eivnaes) wrote :

Robie

Thanks for taking a look at this. The patch is slightly different, as a previous patch to debian pppd replaced all internal crypto calls with calls to use openssl crypto functions. I had to manually re-do the upstream patch with that in mind as the MPPE specific functions was moved into mppe.c (see replace-vendored-hash-functions.patch).

(A little error on the unused Makefile.sol2 here, it adds the sha1.o object, but that isn't even been used here -- solaris2 only).

Reply
Revision history for this message
Eivind Naess (eivnaes) wrote :

You mean: 789e867 - Improve the PEAP contribution by Rustam Kovhaev?

That's a completely new authentication mechanism, PEAP is EAP but wrapped inside a TLS tunnel.

Reply
Revision history for this message
Eivind Naess (eivnaes) wrote :

Robie,

While I have your attention here, there's been another annoying feature that breaks network-manager-sstp project. It's the

https://git.launchpad.net/ubuntu/+source/ppp/tree/debian/extra/ip-up.d/0000usepeerdns#n10

`
nm-pptp-service-*|nm-l2tp-service-*|/org/freedesktop/NetworkManager/PPP/*)
`

It should probably say: nm-*-service-* instead of
`
nm-*-service-*|org/freedesktop/NetworkManager/PPP/*)
`

At least it would permit any clone(s) of the network manager <protocol> plugin to bypass this replacement of resolv.conf.

I filed a bug against this
https://bugs.launchpad.net/ubuntu/+source/ppp/+bug/1921398

it's just that I've not been able to reach anyone to help with getting the issue resolved.

Reply
Revision history for this message
Robie Basak (racb) wrote :

Ah, thanks. I found the upstream commit d706c959 and this matches this MP except for the OpenSSL related changes you mentioned.

Reply
Revision history for this message
Robie Basak (racb) wrote :

Oh, and that was in your commit message. Sorry!

Reply
Revision history for this message
Eivind Naess (eivnaes) wrote :

Awesome!

Reply
Revision history for this message
Eivind Naess (eivnaes) wrote :

Did you get this merged?

What about https://bugs.launchpad.net/ubuntu/+source/ppp/+bug/1921398 ?

Reply
Revision history for this message
Eivind Naess (eivnaes) wrote :

Robie,

I have Jammy Jellyfish setup and am ready to test this. Let me know what you need me to do.

Reply
Revision history for this message
Robie Basak (racb) wrote :

I've uploaded this to Jammy. Thank you for your contribution!

I didn't know about that bug. The usual process it to subscribe ~ubuntu-sponsors to the bug, then it appears in the sponsorship queue. But the queue is quite big and not very well managed unfortunately, so it does help to ask in #ubuntu-devel and be available there.

I can look into that bug for you too, but not today - I'm busy with a few other tasks for feature freeze, and that fix is a bug fix so won't be blocked by the freeze.

Once the package is built in Jammy and migrated, please could you test to make sure that it works as expected?

There are also some reverse dependencies that could do with testing too, just to make sure that nothing is broken. Or if you know ppp well and understand better how to make sure nothing is adversely affected, that works too :)

connman
network-manager
network-manager-fortisslvpn
network-manager-l2tp
network-manager-pptp
pptpd
rp-pppoe

Reply
Revision history for this message
Eivind Naess (eivnaes) wrote :

Will do

When can I expect the package to be available via apt-get, tomorrow?

Reply
Revision history for this message
Robie Basak (racb) wrote :

It's available now, assuming any local mirrors you're using are caught up.

Reply
Revision history for this message
Eivind Naess (eivnaes) wrote :

Robie,

I was able to get the new ppp package 2.4.9-1ubuntu3 yesterday. The network-manager-* packages, and likely the pptpd, rp-pppoe and connman packages will require a re-build. I haven't seen those being available on my local mirrors yet.

You able to kick off a build (at least for the network-manager* packages)?

Reply
Revision history for this message
Simon Quigley (tsimonq2) :
review: Needs Resubmitting
Reply
Revision history for this message
Eivind Naess (eivnaes) wrote :

The patches was merged into Jammy Jellyfish (22.04) by Robie Basak. Not sure if it makes sense to back-port them to into impish. In fact the entire issse/comment thread can probably be closed by now.

Reply

Unmerged commits

99eebc7... by Eivind Naess

Fix EAP-MSCHAPv2 and export 32-byte MPPE keys

Backported commit-id: d706c95906d996534f13632a747af5dc617f306e
Backported commit-id: d7e62a8499c4032d79e05afbd8fd3efd51c5b148

From ppp-project/ppp on Github

Signed-off-by: Eivind Næss <email address hidden>

5e01a99... by Simon Chopin

2.4.9-1+1ubuntu1 (patches unapplied)

Imported using git-ubuntu import.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/patches/eap-mschap-v2-namelen.patch b/debian/patches/eap-mschap-v2-namelen.patch
2new file mode 100644
3index 0000000..f5cf55a
4--- /dev/null
5+++ b/debian/patches/eap-mschap-v2-namelen.patch
6@@ -0,0 +1,13 @@
7+This fixes the length of the username when responding to an EAP MSCHAPv2 challenge.
8+Index: ppp-2.4.9/pppd/eap.c
9+===================================================================
10+--- ppp-2.4.9.orig/pppd/eap.c
11++++ ppp-2.4.9/pppd/eap.c
12+@@ -2261,6 +2261,7 @@ eap_request(eap_state *esp, u_char *inp,
13+ eap_send_nak(esp, id, EAPT_SRP);
14+ break;
15+ }
16++ esp->es_client.ea_namelen = strlen(esp->es_client.ea_name);
17+
18+ /* Create the MSCHAPv2 response (and add to cache) */
19+ unsigned char response[MS_CHAP2_RESPONSE_LEN+1]; // VLEN + VALUE
20diff --git a/debian/patches/expose-mppe-keys-via-api.patch b/debian/patches/expose-mppe-keys-via-api.patch
21new file mode 100644
22index 0000000..df12a58
23--- /dev/null
24+++ b/debian/patches/expose-mppe-keys-via-api.patch
25@@ -0,0 +1,864 @@
26+Index: ppp-2.4.9/pppd/Makefile.sol2
27+===================================================================
28+--- ppp-2.4.9.orig/pppd/Makefile.sol2
29++++ ppp-2.4.9/pppd/Makefile.sol2
30+@@ -37,7 +37,7 @@ OBJS += ipv6cp.o eui64.o
31+
32+ # Uncomment to enable MS-CHAP
33+ CFLAGS += -DUSE_CRYPT -DCHAPMS -DMSLANMAN -DHAVE_CRYPT_H
34+-OBJS += chap_ms.o pppcrypt.o md4.o sha1.o
35++OBJS += chap_ms.o pppcrypt.o md4.o sha1.o mppe.o
36+
37+ # Uncomment to enable MPPE (in both CHAP and EAP-TLS)
38+ CFLAGS += -DMPPE
39+Index: ppp-2.4.9/pppd/ccp.c
40+===================================================================
41+--- ppp-2.4.9.orig/pppd/ccp.c
42++++ ppp-2.4.9/pppd/ccp.c
43+@@ -38,10 +38,9 @@
44+ #include "ccp.h"
45+ #include <net/ppp-comp.h>
46+
47+-#ifdef MPPE
48+-#include "chap_ms.h" /* mppe_xxxx_key, mppe_keys_set */
49++#include "chap_ms.h"
50++#include "mppe.h"
51+ #include "lcp.h" /* lcp_close(), lcp_fsm */
52+-#endif
53+
54+
55+ /*
56+@@ -574,7 +573,7 @@ ccp_resetci(fsm *f)
57+ }
58+
59+ /* A plugin (eg radius) may not have obtained key material. */
60+- if (!mppe_keys_set) {
61++ if (!mppe_keys_isset()) {
62+ error("MPPE required, but keys are not available. "
63+ "Possible plugin problem?");
64+ lcp_close(f->unit, "MPPE required but not available");
65+@@ -705,7 +704,7 @@ static void
66+ p[1] = opt_buf[1] = CILEN_MPPE;
67+ MPPE_OPTS_TO_CI(go->mppe, &p[2]);
68+ MPPE_OPTS_TO_CI(go->mppe, &opt_buf[2]);
69+- BCOPY(mppe_recv_key, &opt_buf[CILEN_MPPE], MPPE_MAX_KEY_LEN);
70++ mppe_get_recv_key(&opt_buf[CILEN_MPPE], MPPE_MAX_KEY_LEN);
71+ res = ccp_test(f->unit, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN, 0);
72+ if (res > 0)
73+ p += CILEN_MPPE;
74+@@ -1156,8 +1155,7 @@ ccp_reqci(fsm *f, u_char *p, int *lenp,
75+ int mtu;
76+
77+ BCOPY(p, opt_buf, CILEN_MPPE);
78+- BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE],
79+- MPPE_MAX_KEY_LEN);
80++ mppe_get_send_key(&opt_buf[CILEN_MPPE], MPPE_MAX_KEY_LEN);
81+ if (ccp_test(f->unit, opt_buf,
82+ CILEN_MPPE + MPPE_MAX_KEY_LEN, 1) <= 0) {
83+ /* This shouldn't happen, we've already tested it! */
84+@@ -1426,8 +1424,7 @@ ccp_up(fsm *f)
85+ notice("%s transmit compression enabled", method_name(ho, NULL));
86+ #ifdef MPPE
87+ if (go->mppe) {
88+- BZERO(mppe_recv_key, MPPE_MAX_KEY_LEN);
89+- BZERO(mppe_send_key, MPPE_MAX_KEY_LEN);
90++ mppe_clear_keys();
91+ continue_networks(f->unit); /* Bring up IP et al */
92+ }
93+ #endif
94+Index: ppp-2.4.9/pppd/chap_ms.c
95+===================================================================
96+--- ppp-2.4.9.orig/pppd/chap_ms.c
97++++ ppp-2.4.9/pppd/chap_ms.c
98+@@ -93,7 +93,7 @@
99+ #include <openssl/sha.h>
100+ #include "pppcrypt.h"
101+ #include "magic.h"
102+-
103++#include "mppe.h"
104+
105+
106+ static void ascii2unicode (char[], int, u_char[]);
107+@@ -109,10 +109,6 @@ static void GenerateAuthenticatorRespons
108+ static void ChapMS_LANMan (u_char *, char *, int, u_char *);
109+ #endif
110+
111+-#ifdef MPPE
112+-static void Set_Start_Key (u_char *, char *, int);
113+-static void SetMasterKeys (char *, int, u_char[24], int);
114+-#endif
115+
116+ #ifdef MSLANMAN
117+ bool ms_lanman = 0; /* Use LanMan password instead of NT */
118+@@ -120,10 +116,6 @@ bool ms_lanman = 0; /* Use LanMan pa
119+ #endif
120+
121+ #ifdef MPPE
122+-u_char mppe_send_key[MPPE_MAX_KEY_LEN];
123+-u_char mppe_recv_key[MPPE_MAX_KEY_LEN];
124+-int mppe_keys_set = 0; /* Have the MPPE keys been set? */
125+-
126+ #ifdef DEBUGMPPEKEY
127+ /* For MPPE debug */
128+ /* Use "[]|}{?/><,`!2&&(" (sans quotes) for RFC 3079 MS-CHAPv2 test value */
129+@@ -705,32 +697,8 @@ GenerateAuthenticatorResponsePlain
130+ rchallenge, username, authResponse);
131+ }
132+
133+-
134+ #ifdef MPPE
135+ /*
136+- * Set mppe_xxxx_key from the NTPasswordHashHash.
137+- * RFC 2548 (RADIUS support) requires us to export this function (ugh).
138+- */
139+-void
140+-mppe_set_keys(u_char *rchallenge, u_char PasswordHashHash[MD4_SIGNATURE_SIZE])
141+-{
142+- SHA_CTX sha1Context;
143+- u_char Digest[SHA_DIGEST_LENGTH]; /* >= MPPE_MAX_KEY_LEN */
144+-
145+- SHA1_Init(&sha1Context);
146+- SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
147+- SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
148+- SHA1_Update(&sha1Context, rchallenge, 8);
149+- SHA1_Final(Digest, &sha1Context);
150+-
151+- /* Same key in both directions. */
152+- BCOPY(Digest, mppe_send_key, sizeof(mppe_send_key));
153+- BCOPY(Digest, mppe_recv_key, sizeof(mppe_recv_key));
154+-
155+- mppe_keys_set = 1;
156+-}
157+-
158+-/*
159+ * Set mppe_xxxx_key from MS-CHAP credentials. (see RFC 3079)
160+ */
161+ static void
162+@@ -744,105 +712,7 @@ Set_Start_Key(u_char *rchallenge, char *
163+ ascii2unicode(secret, secret_len, unicodePassword);
164+ NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash);
165+ NTPasswordHash(PasswordHash, sizeof(PasswordHash), PasswordHashHash);
166+-
167+- mppe_set_keys(rchallenge, PasswordHashHash);
168+-}
169+-
170+-/*
171+- * Set mppe_xxxx_key from MS-CHAPv2 credentials. (see RFC 3079)
172+- *
173+- * This helper function used in the Winbind module, which gets the
174+- * NTHashHash from the server.
175+- */
176+-void
177+-mppe_set_keys2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
178+- u_char NTResponse[24], int IsServer)
179+-{
180+- SHA_CTX sha1Context;
181+- u_char MasterKey[SHA_DIGEST_LENGTH]; /* >= MPPE_MAX_KEY_LEN */
182+- u_char Digest[SHA_DIGEST_LENGTH]; /* >= MPPE_MAX_KEY_LEN */
183+-
184+- u_char SHApad1[40] =
185+- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
186+- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
187+- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
188+- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
189+- u_char SHApad2[40] =
190+- { 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
191+- 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
192+- 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
193+- 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2 };
194+-
195+- /* "This is the MPPE Master Key" */
196+- u_char Magic1[27] =
197+- { 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74,
198+- 0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d,
199+- 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79 };
200+- /* "On the client side, this is the send key; "
201+- "on the server side, it is the receive key." */
202+- u_char Magic2[84] =
203+- { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
204+- 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
205+- 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
206+- 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79,
207+- 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73,
208+- 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 0x69, 0x64, 0x65,
209+- 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
210+- 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
211+- 0x6b, 0x65, 0x79, 0x2e };
212+- /* "On the client side, this is the receive key; "
213+- "on the server side, it is the send key." */
214+- u_char Magic3[84] =
215+- { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
216+- 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
217+- 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
218+- 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
219+- 0x6b, 0x65, 0x79, 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68,
220+- 0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73,
221+- 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73,
222+- 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20,
223+- 0x6b, 0x65, 0x79, 0x2e };
224+- u_char *s;
225+-
226+- SHA1_Init(&sha1Context);
227+- SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
228+- SHA1_Update(&sha1Context, NTResponse, 24);
229+- SHA1_Update(&sha1Context, Magic1, sizeof(Magic1));
230+- SHA1_Final(MasterKey, &sha1Context);
231+-
232+- /*
233+- * generate send key
234+- */
235+- if (IsServer)
236+- s = Magic3;
237+- else
238+- s = Magic2;
239+- SHA1_Init(&sha1Context);
240+- SHA1_Update(&sha1Context, MasterKey, 16);
241+- SHA1_Update(&sha1Context, SHApad1, sizeof(SHApad1));
242+- SHA1_Update(&sha1Context, s, 84);
243+- SHA1_Update(&sha1Context, SHApad2, sizeof(SHApad2));
244+- SHA1_Final(Digest, &sha1Context);
245+-
246+- BCOPY(Digest, mppe_send_key, sizeof(mppe_send_key));
247+-
248+- /*
249+- * generate recv key
250+- */
251+- if (IsServer)
252+- s = Magic2;
253+- else
254+- s = Magic3;
255+- SHA1_Init(&sha1Context);
256+- SHA1_Update(&sha1Context, MasterKey, 16);
257+- SHA1_Update(&sha1Context, SHApad1, sizeof(SHApad1));
258+- SHA1_Update(&sha1Context, s, 84);
259+- SHA1_Update(&sha1Context, SHApad2, sizeof(SHApad2));
260+- SHA1_Final(Digest, &sha1Context);
261+-
262+- BCOPY(Digest, mppe_recv_key, sizeof(mppe_recv_key));
263+-
264+- mppe_keys_set = 1;
265++ mppe_set_chapv1(rchallenge, PasswordHashHash);
266+ }
267+
268+ /*
269+@@ -858,12 +728,11 @@ SetMasterKeys(char *secret, int secret_l
270+ ascii2unicode(secret, secret_len, unicodePassword);
271+ NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash);
272+ NTPasswordHash(PasswordHash, sizeof(PasswordHash), PasswordHashHash);
273+- mppe_set_keys2(PasswordHashHash, NTResponse, IsServer);
274++ mppe_set_chapv2(PasswordHashHash, NTResponse, IsServer);
275+ }
276+
277+ #endif /* MPPE */
278+
279+-
280+ void
281+ ChapMS(u_char *rchallenge, char *secret, int secret_len,
282+ unsigned char *response)
283+@@ -933,39 +802,6 @@ ChapMS2(u_char *rchallenge, u_char *Peer
284+ #endif
285+ }
286+
287+-#ifdef MPPE
288+-/*
289+- * Set MPPE options from plugins.
290+- */
291+-void
292+-set_mppe_enc_types(int policy, int types)
293+-{
294+- /* Early exit for unknown policies. */
295+- if (policy != MPPE_ENC_POL_ENC_ALLOWED ||
296+- policy != MPPE_ENC_POL_ENC_REQUIRED)
297+- return;
298+-
299+- /* Don't modify MPPE if it's optional and wasn't already configured. */
300+- if (policy == MPPE_ENC_POL_ENC_ALLOWED && !ccp_wantoptions[0].mppe)
301+- return;
302+-
303+- /*
304+- * Disable undesirable encryption types. Note that we don't ENABLE
305+- * any encryption types, to avoid overriding manual configuration.
306+- */
307+- switch(types) {
308+- case MPPE_ENC_TYPES_RC4_40:
309+- ccp_wantoptions[0].mppe &= ~MPPE_OPT_128; /* disable 128-bit */
310+- break;
311+- case MPPE_ENC_TYPES_RC4_128:
312+- ccp_wantoptions[0].mppe &= ~MPPE_OPT_40; /* disable 40-bit */
313+- break;
314+- default:
315+- break;
316+- }
317+-}
318+-#endif /* MPPE */
319+-
320+ static struct chap_digest_type chapms_digest = {
321+ CHAP_MICROSOFT, /* code */
322+ chapms_generate_challenge,
323+Index: ppp-2.4.9/pppd/chap_ms.h
324+===================================================================
325+--- ppp-2.4.9.orig/pppd/chap_ms.h
326++++ ppp-2.4.9/pppd/chap_ms.h
327+@@ -38,6 +38,7 @@
328+ #define MS_CHAP_RESPONSE_LEN 49 /* Response length for MS-CHAP */
329+ #define MS_CHAP2_RESPONSE_LEN 49 /* Response length for MS-CHAPv2 */
330+ #define MS_AUTH_RESPONSE_LENGTH 40 /* MS-CHAPv2 authenticator response, */
331++#define MS_AUTH_NTRESP_LEN 24 /* Length of NT-response field */
332+ /* as ASCII */
333+
334+ /* E=eeeeeeeeee error codes for MS-CHAP failure messages. */
335+@@ -67,22 +68,6 @@
336+ #define MS_CHAP2_NTRESP_LEN 24
337+ #define MS_CHAP2_FLAGS 48
338+
339+-#ifdef MPPE
340+-#include "mppe.h" /* MPPE_MAX_KEY_LEN */
341+-extern u_char mppe_send_key[MPPE_MAX_KEY_LEN];
342+-extern u_char mppe_recv_key[MPPE_MAX_KEY_LEN];
343+-extern int mppe_keys_set;
344+-
345+-/* These values are the RADIUS attribute values--see RFC 2548. */
346+-#define MPPE_ENC_POL_ENC_ALLOWED 1
347+-#define MPPE_ENC_POL_ENC_REQUIRED 2
348+-#define MPPE_ENC_TYPES_RC4_40 2
349+-#define MPPE_ENC_TYPES_RC4_128 4
350+-
351+-/* used by plugins (using above values) */
352+-extern void set_mppe_enc_types(int, int);
353+-#endif
354+-
355+ /* Are we the authenticator or authenticatee? For MS-CHAPv2 key derivation. */
356+ #define MS_CHAP2_AUTHENTICATEE 0
357+ #define MS_CHAP2_AUTHENTICATOR 1
358+@@ -90,12 +75,6 @@ extern void set_mppe_enc_types(int, int)
359+ void ChapMS (u_char *, char *, int, u_char *);
360+ void ChapMS2 (u_char *, u_char *, char *, char *, int,
361+ u_char *, u_char[MS_AUTH_RESPONSE_LENGTH+1], int);
362+-#ifdef MPPE
363+-void mppe_set_keys (u_char *, u_char[MD4_SIGNATURE_SIZE]);
364+-void mppe_set_keys2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
365+- u_char NTResponse[24], int IsServer);
366+-#endif
367+-
368+ void ChallengeHash (u_char[16], u_char *, char *, u_char[8]);
369+
370+ void GenerateAuthenticatorResponse(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
371+Index: ppp-2.4.9/pppd/eap-tls.c
372+===================================================================
373+--- ppp-2.4.9.orig/pppd/eap-tls.c
374++++ ppp-2.4.9/pppd/eap-tls.c
375+@@ -48,6 +48,8 @@
376+ #include "eap-tls.h"
377+ #include "fsm.h"
378+ #include "lcp.h"
379++#include "chap_ms.h"
380++#include "mppe.h"
381+ #include "pathnames.h"
382+
383+ typedef struct pw_cb_data
384+@@ -72,10 +74,6 @@ int ssl_new_session_cb(SSL *s, SSL_SESSI
385+ X509 *get_X509_from_file(char *filename);
386+ int ssl_cmp_certs(char *filename, X509 * a);
387+
388+-#ifdef MPPE
389+-
390+-#define EAPTLS_MPPE_KEY_LEN 32
391+-
392+ /*
393+ * OpenSSL 1.1+ introduced a generic TLS_method()
394+ * For older releases we substitute the appropriate method
395+@@ -118,6 +116,10 @@ static inline int SSL_CTX_set_max_proto_
396+ #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
397+
398+
399++#ifdef MPPE
400++
401++#define EAPTLS_MPPE_KEY_LEN 32
402++
403+ /*
404+ * Generate keys according to RFC 2716 and add to reply
405+ */
406+@@ -159,20 +161,12 @@ void eaptls_gen_mppe_keys(struct eaptls_
407+ */
408+ if (client)
409+ {
410+- p = out;
411+- BCOPY( p, mppe_send_key, sizeof(mppe_send_key) );
412+- p += EAPTLS_MPPE_KEY_LEN;
413+- BCOPY( p, mppe_recv_key, sizeof(mppe_recv_key) );
414++ mppe_set_keys(out, out + EAPTLS_MPPE_KEY_LEN, EAPTLS_MPPE_KEY_LEN);
415+ }
416+ else
417+ {
418+- p = out;
419+- BCOPY( p, mppe_recv_key, sizeof(mppe_recv_key) );
420+- p += EAPTLS_MPPE_KEY_LEN;
421+- BCOPY( p, mppe_send_key, sizeof(mppe_send_key) );
422++ mppe_set_keys(out + EAPTLS_MPPE_KEY_LEN, out, EAPTLS_MPPE_KEY_LEN);
423+ }
424+-
425+- mppe_keys_set = 1;
426+ }
427+
428+ #endif /* MPPE */
429+Index: ppp-2.4.9/pppd/eap-tls.h
430+===================================================================
431+--- ppp-2.4.9.orig/pppd/eap-tls.h
432++++ ppp-2.4.9/pppd/eap-tls.h
433+@@ -85,11 +85,6 @@ int get_eaptls_secret(int unit, char *cl
434+ char *capath, char *pkfile, int am_server);
435+
436+ #ifdef MPPE
437+-#include "mppe.h" /* MPPE_MAX_KEY_LEN */
438+-extern u_char mppe_send_key[MPPE_MAX_KEY_LEN];
439+-extern u_char mppe_recv_key[MPPE_MAX_KEY_LEN];
440+-extern int mppe_keys_set;
441+-
442+ void eaptls_gen_mppe_keys(struct eaptls_session *ets, int client);
443+ #endif
444+
445+Index: ppp-2.4.9/pppd/mppe.c
446+===================================================================
447+--- /dev/null
448++++ ppp-2.4.9/pppd/mppe.c
449+@@ -0,0 +1,248 @@
450++/* * mppe.c - MPPE key implementation
451++ *
452++ * Copyright (c) 2020 Eivind Naess. All rights reserved.
453++ * Copyright (c) 2008 Paul Mackerras. All rights reserved.
454++ *
455++ * Redistribution and use in source and binary forms, with or without
456++ * modification, are permitted provided that the following conditions
457++ * are met:
458++ *
459++ * 1. Redistributions of source code must retain the above copyright
460++ * notice, this list of conditions and the following disclaimer.
461++ *
462++ * 2. Redistributions in binary form must reproduce the above copyright
463++ * notice, this list of conditions and the following disclaimer in
464++ * the documentation and/or other materials provided with the
465++ * distribution.
466++ *
467++ * 3. The name(s) of the authors of this software must not be used to
468++ * endorse or promote products derived from this software without
469++ * prior written permission.
470++ *
471++ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
472++ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
473++ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
474++ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
475++ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
476++ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
477++ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
478++ *
479++ */
480++
481++#include <string.h>
482++
483++#include "pppd.h"
484++#include "fsm.h"
485++#include "ccp.h"
486++#include "chap_ms.h"
487++#include "mppe.h"
488++#include <openssl/sha.h>
489++#include <openssl/md4.h>
490++
491++u_char mppe_send_key[MPPE_MAX_KEY_SIZE];
492++u_char mppe_recv_key[MPPE_MAX_KEY_SIZE];
493++int mppe_keys_set = 0;
494++
495++void
496++mppe_set_keys(u_char *send_key, u_char *recv_key, int keylen)
497++{
498++ int length = keylen;
499++ if (length > MPPE_MAX_KEY_SIZE)
500++ length = MPPE_MAX_KEY_SIZE;
501++
502++ if (send_key) {
503++ BCOPY(send_key, mppe_send_key, length);
504++ BZERO(send_key, keylen);
505++ }
506++
507++ if (recv_key) {
508++ BCOPY(recv_key, mppe_recv_key, length);
509++ BZERO(recv_key, keylen);
510++ }
511++
512++ mppe_keys_set = length;
513++}
514++
515++bool
516++mppe_keys_isset()
517++{
518++ return !!mppe_keys_set;
519++}
520++
521++int
522++mppe_get_recv_key(u_char *recv_key, int length)
523++{
524++ if (mppe_keys_isset()) {
525++ if (length > mppe_keys_set)
526++ length = mppe_keys_set;
527++ BCOPY(mppe_recv_key, recv_key, length);
528++ return length;
529++ }
530++ return 0;
531++}
532++
533++int
534++mppe_get_send_key(u_char *send_key, int length)
535++{
536++ if (mppe_keys_isset()) {
537++ if (length > mppe_keys_set)
538++ length = mppe_keys_set;
539++ BCOPY(mppe_send_key, send_key, length);
540++ return length;
541++ }
542++ return 0;
543++}
544++
545++void
546++mppe_clear_keys(void)
547++{
548++ mppe_keys_set = 0;
549++ BZERO(mppe_send_key, sizeof(mppe_send_key));
550++ BZERO(mppe_recv_key, sizeof(mppe_recv_key));
551++}
552++
553++/*
554++ * Set mppe_xxxx_key from the NTPasswordHashHash.
555++ * RFC 2548 (RADIUS support) requires us to export this function (ugh).
556++ */
557++void
558++mppe_set_chapv1(u_char *rchallenge, u_char PasswordHashHash[MD4_SIGNATURE_SIZE])
559++{
560++ SHA_CTX sha1Context;
561++ u_char Digest[SHA_DIGEST_LENGTH];
562++
563++ SHA1_Init(&sha1Context);
564++ SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
565++ SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
566++ SHA1_Update(&sha1Context, rchallenge, 8);
567++ SHA1_Final(Digest, &sha1Context);
568++
569++ /* Same key in both directions. */
570++ mppe_set_keys(Digest, Digest, sizeof(Digest));
571++}
572++
573++/*
574++ * Set mppe_xxxx_key from MS-CHAPv2 credentials. (see RFC 3079)
575++ *
576++ * This helper function used in the Winbind module, which gets the
577++ * NTHashHash from the server.
578++ */
579++void
580++mppe_set_chapv2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
581++ u_char NTResponse[MS_AUTH_NTRESP_LEN], int IsServer)
582++{
583++ SHA_CTX sha1Context;
584++ u_char MasterKey[SHA_DIGEST_LENGTH];
585++ u_char SendKey[SHA_DIGEST_LENGTH];
586++ u_char RecvKey[SHA_DIGEST_LENGTH];
587++
588++ u_char SHApad1[40] =
589++ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
590++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
591++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
592++ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
593++ u_char SHApad2[40] =
594++ { 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
595++ 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
596++ 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
597++ 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2 };
598++
599++ /* "This is the MPPE Master Key" */
600++ u_char Magic1[27] =
601++ { 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74,
602++ 0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d,
603++ 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79 };
604++ /* "On the client side, this is the send key; "
605++ "on the server side, it is the receive key." */
606++ u_char Magic2[84] =
607++ { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
608++ 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
609++ 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
610++ 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79,
611++ 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73,
612++ 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 0x69, 0x64, 0x65,
613++ 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
614++ 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
615++ 0x6b, 0x65, 0x79, 0x2e };
616++ /* "On the client side, this is the receive key; "
617++ "on the server side, it is the send key." */
618++ u_char Magic3[84] =
619++ { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
620++ 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
621++ 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
622++ 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
623++ 0x6b, 0x65, 0x79, 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68,
624++ 0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73,
625++ 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73,
626++ 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20,
627++ 0x6b, 0x65, 0x79, 0x2e };
628++ u_char *s;
629++
630++ SHA1_Init(&sha1Context);
631++ SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
632++ SHA1_Update(&sha1Context, NTResponse, 24);
633++ SHA1_Update(&sha1Context, Magic1, sizeof(Magic1));
634++ SHA1_Final(MasterKey, &sha1Context);
635++
636++ /*
637++ * generate send key
638++ */
639++ if (IsServer)
640++ s = Magic3;
641++ else
642++ s = Magic2;
643++ SHA1_Init(&sha1Context);
644++ SHA1_Update(&sha1Context, MasterKey, 16);
645++ SHA1_Update(&sha1Context, SHApad1, sizeof(SHApad1));
646++ SHA1_Update(&sha1Context, s, 84);
647++ SHA1_Update(&sha1Context, SHApad2, sizeof(SHApad2));
648++ SHA1_Final(SendKey, &sha1Context);
649++
650++ /*
651++ * generate recv key
652++ */
653++ if (IsServer)
654++ s = Magic2;
655++ else
656++ s = Magic3;
657++ SHA1_Init(&sha1Context);
658++ SHA1_Update(&sha1Context, MasterKey, 16);
659++ SHA1_Update(&sha1Context, SHApad1, sizeof(SHApad1));
660++ SHA1_Update(&sha1Context, s, 84);
661++ SHA1_Update(&sha1Context, SHApad2, sizeof(SHApad2));
662++ SHA1_Final(RecvKey, &sha1Context);
663++
664++ mppe_set_keys(SendKey, RecvKey, SHA_DIGEST_LENGTH);
665++}
666++
667++/*
668++ * Set MPPE options from plugins.
669++ */
670++void
671++mppe_set_enc_types(int policy, int types)
672++{
673++ /* Early exit for unknown policies. */
674++ if (policy != MPPE_ENC_POL_ENC_ALLOWED &&
675++ policy != MPPE_ENC_POL_ENC_REQUIRED)
676++ return;
677++
678++ /* Don't modify MPPE if it's optional and wasn't already configured. */
679++ if (policy == MPPE_ENC_POL_ENC_ALLOWED && !ccp_wantoptions[0].mppe)
680++ return;
681++
682++ /*
683++ * Disable undesirable encryption types. Note that we don't ENABLE
684++ * any encryption types, to avoid overriding manual configuration.
685++ */
686++ switch(types) {
687++ case MPPE_ENC_TYPES_RC4_40:
688++ ccp_wantoptions[0].mppe &= ~MPPE_OPT_128; /* disable 128-bit */
689++ break;
690++ case MPPE_ENC_TYPES_RC4_128:
691++ ccp_wantoptions[0].mppe &= ~MPPE_OPT_40; /* disable 40-bit */
692++ break;
693++ default:
694++ break;
695++ }
696++}
697++
698+Index: ppp-2.4.9/pppd/mppe.h
699+===================================================================
700+--- ppp-2.4.9.orig/pppd/mppe.h
701++++ ppp-2.4.9/pppd/mppe.h
702+@@ -32,9 +32,12 @@
703+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
704+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
705+ */
706++#ifndef __MPPE_H__
707++#define __MPPE_H__
708+
709+ #define MPPE_PAD 4 /* MPPE growth per frame */
710+-#define MPPE_MAX_KEY_LEN 16 /* largest key length (128-bit) */
711++#define MPPE_MAX_KEY_SIZE 32 /* Largest key length */
712++#define MPPE_MAX_KEY_LEN 16 /* Largest key size accepted by the kernel */
713+
714+ /* option bits for ccp_options.mppe */
715+ #define MPPE_OPT_40 0x01 /* 40 bit */
716+@@ -119,3 +122,68 @@
717+ if (ptr[3] & ~MPPE_ALL_BITS) \
718+ opts |= MPPE_OPT_UNKNOWN; \
719+ } while (/* CONSTCOND */ 0)
720++
721++
722++#if MPPE
723++
724++/*
725++ * NOTE:
726++ * Access to these variables directly is discuraged. Please
727++ * change your code to use below accessor functions.
728++ */
729++
730++/* The key material generated which is used for MPPE send key */
731++extern u_char mppe_send_key[MPPE_MAX_KEY_SIZE];
732++/* The key material generated which is used for MPPE recv key */
733++extern u_char mppe_recv_key[MPPE_MAX_KEY_SIZE];
734++/* Keys are set if value is non-zero */
735++extern int mppe_keys_set;
736++
737++/* These values are the RADIUS attribute values--see RFC 2548. */
738++#define MPPE_ENC_POL_ENC_ALLOWED 1
739++#define MPPE_ENC_POL_ENC_REQUIRED 2
740++#define MPPE_ENC_TYPES_RC4_40 2
741++#define MPPE_ENC_TYPES_RC4_128 4
742++
743++/* used by plugins (using above values) */
744++void mppe_set_enc_types (int policy, int types);
745++
746++/*
747++ * Set the MPPE send and recv keys. NULL values for keys are ignored
748++ * and input values are cleared to avoid leaving them on the stack
749++ */
750++void mppe_set_keys(u_char *send_key, u_char *recv_key, int keylen);
751++
752++/*
753++ * Get the MPPE recv key
754++ */
755++int mppe_get_recv_key(u_char *recv_key, int length);
756++
757++/*
758++ * Get the MPPE send key
759++ */
760++int mppe_get_send_key(u_char *send_key, int length);
761++
762++/*
763++ * Clear the MPPE keys
764++ */
765++void mppe_clear_keys(void);
766++
767++/*
768++ * Check if the MPPE keys are set
769++ */
770++bool mppe_keys_isset(void);
771++
772++/*
773++ * Set mppe_xxxx_key from NT Password Hash Hash (MSCHAPv1), see RFC3079
774++ */
775++void mppe_set_chapv1(u_char *rchallenge, u_char PasswordHashHash[MD4_SIGNATURE_SIZE]);
776++
777++/*
778++ * Set the mppe_xxxx_key from MS-CHAP-v2 credentials, see RFC3079
779++ */
780++void mppe_set_chapv2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
781++ u_char NTResponse[MS_AUTH_NTRESP_LEN], int IsServer);
782++
783++#endif // #ifdef MPPE
784++#endif // #ifdef __MPPE_H__
785+Index: ppp-2.4.9/pppd/plugins/radius/radius.c
786+===================================================================
787+--- ppp-2.4.9.orig/pppd/plugins/radius/radius.c
788++++ ppp-2.4.9/pppd/plugins/radius/radius.c
789+@@ -31,6 +31,7 @@ static char const RCSID[] =
790+ #ifdef CHAPMS
791+ #include "chap_ms.h"
792+ #ifdef MPPE
793++#include "mppe.h"
794+ #include <openssl/md5.h>
795+ #endif
796+ #endif
797+@@ -743,11 +744,12 @@ radius_setparams(VALUE_PAIR *vp, char *m
798+ * Note that if the policy value was '0' we don't set the key!
799+ */
800+ if (mppe_enc_policy && mppe_enc_keys) {
801+- mppe_keys_set = 1;
802+ /* Set/modify allowed encryption types. */
803+ if (mppe_enc_types)
804+- set_mppe_enc_types(mppe_enc_policy, mppe_enc_types);
805++ mppe_set_enc_types(mppe_enc_policy, mppe_enc_types);
806++ return 0;
807+ }
808++ mppe_clear_keys();
809+ #endif
810+
811+ return 0;
812+@@ -803,7 +805,7 @@ radius_setmppekeys(VALUE_PAIR *vp, REQUE
813+ * the NAS (us) doesn't need; we only need the start key. So we have
814+ * to generate the start key, sigh. NB: We do not support the LM-Key.
815+ */
816+- mppe_set_keys(challenge, &plain[8]);
817++ mppe_set_chapv1(challenge, &plain[8]);
818+
819+ return 0;
820+ }
821+@@ -855,7 +857,7 @@ radius_setmppekeys2(VALUE_PAIR *vp, REQU
822+ for (i = 0; i < 16; i++)
823+ plain[i] ^= buf[i];
824+
825+- if (plain[0] != sizeof(mppe_send_key) /* 16 */) {
826++ if (plain[0] != 16) {
827+ error("RADIUS: Incorrect key length (%d) for MS-MPPE-%s-Key attribute",
828+ (int) plain[0], type);
829+ return -1;
830+@@ -869,9 +871,9 @@ radius_setmppekeys2(VALUE_PAIR *vp, REQU
831+ plain[16] ^= buf[0]; /* only need the first byte */
832+
833+ if (vp->attribute == PW_MS_MPPE_SEND_KEY)
834+- memcpy(mppe_send_key, plain + 1, 16);
835++ mppe_set_keys(plain + 1, NULL, 16);
836+ else
837+- memcpy(mppe_recv_key, plain + 1, 16);
838++ mppe_set_keys(NULL, plain + 1, 16);
839+
840+ return 0;
841+ }
842+Index: ppp-2.4.9/pppd/plugins/winbind.c
843+===================================================================
844+--- ppp-2.4.9.orig/pppd/plugins/winbind.c
845++++ ppp-2.4.9/pppd/plugins/winbind.c
846+@@ -37,11 +37,9 @@
847+ #include "pppd.h"
848+ #include "chap-new.h"
849+ #include "chap_ms.h"
850+-#ifdef MPPE
851+-#include <openssl/md5.h>
852+-#endif
853+ #include "fsm.h"
854+ #include "ipcp.h"
855++#include "mppe.h"
856+ #include <syslog.h>
857+ #include <sys/types.h>
858+ #include <sys/stat.h>
859+@@ -583,7 +581,7 @@ winbind_chap_verify(char *user, char *ou
860+ nt_response, nt_response_size,
861+ session_key,
862+ &error_string) == AUTHENTICATED) {
863+- mppe_set_keys(challenge, session_key);
864++ mppe_set_chapv1(challenge, session_key);
865+ slprintf(message, message_space, "Access granted");
866+ return AUTHENTICATED;
867+
868+@@ -628,7 +626,7 @@ winbind_chap_verify(char *user, char *ou
869+ &response[MS_CHAP2_NTRESP],
870+ &response[MS_CHAP2_PEER_CHALLENGE],
871+ challenge, user, saresponse);
872+- mppe_set_keys2(session_key, &response[MS_CHAP2_NTRESP],
873++ mppe_set_chapv2(session_key, &response[MS_CHAP2_NTRESP],
874+ MS_CHAP2_AUTHENTICATOR);
875+ if (response[MS_CHAP2_FLAGS]) {
876+ slprintf(message, message_space, "S=%s", saresponse);
877+Index: ppp-2.4.9/pppd/Makefile.linux
878+===================================================================
879+--- ppp-2.4.9.orig/pppd/Makefile.linux
880++++ ppp-2.4.9/pppd/Makefile.linux
881+@@ -105,6 +105,8 @@ CFLAGS += -DMSLANMAN=1
882+ endif
883+ ifdef MPPE
884+ CFLAGS += -DMPPE=1
885++PPPDOBJS += mppe.o
886++PPPDSRC += mppe.c
887+ HEADERS += mppe.h
888+ endif
889+ endif
890diff --git a/debian/patches/series b/debian/patches/series
891index 21f90f7..1d308c2 100644
892--- a/debian/patches/series
893+++ b/debian/patches/series
894@@ -15,3 +15,5 @@ resolv.conf_no_log
895 zzz_config
896 pppd-soname-hack.patch
897 replace-vendored-hash-functions.patch
898+eap-mschap-v2-namelen.patch
899+expose-mppe-keys-via-api.patch
900diff --git a/debian/ppp.symbols b/debian/ppp.symbols
901index cc04633..05e1085 100644
902--- a/debian/ppp.symbols
903+++ b/debian/ppp.symbols
904@@ -1,11 +1,11 @@
905 pppd.so.2.4.9 ppp #MINVER#
906 * Build-Depends-Package: ppp-dev
907 # Ignore all symbols that start with an underscore in the Base module
908- (regex|optional)"^_.*@Base$" 2.4.7-1+2~
909+ (regex|optional)"^_.*@Base$" 2.4.9-1+1~
910 # Ignore $global$ which seems to appear on hppa only
911- (optional)$global$@Base 2.4.7-1+2~
912+ (optional)$global$@Base 2.4.9-1+1~
913 # Ignore everything that claims it's part of glibc
914- (regex|optional)"@GLIBC_" 2.4.7-1+2~
915+ (regex|optional)"@GLIBC_" 2.4.9-1+1~
916 # All others should be pppd symbols
917 ChallengeHash@Base 2.4.7-1+2~
918 ChapMS2@Base 2.4.7-1+2~
919@@ -302,11 +302,17 @@ pppd.so.2.4.9 ppp #MINVER#
920 mp_check_options@Base 2.4.7-1+2~
921 mp_exit_bundle@Base 2.4.7-1+2~
922 mp_join_bundle@Base 2.4.7-1+2~
923+ mppe_clear_keys@Base 2.4.9-1+1~
924+ mppe_get_recv_key@Base 2.4.9-1+1~
925+ mppe_get_send_key@Base 2.4.9-1+1~
926+ mppe_keys_isset@Base 2.4.9-1+1~
927 mppe_keys_set@Base 2.4.7-1+2~
928 mppe_recv_key@Base 2.4.7-1+2~
929 mppe_send_key@Base 2.4.7-1+2~
930- mppe_set_keys2@Base 2.4.7-1+2~
931 mppe_set_keys@Base 2.4.7-1+2~
932+ mppe_set_chapv1@Base 2.4.9-1+1~
933+ mppe_set_chapv2@Base 2.4.9-1+1~
934+ mppe_set_enc_types@Base 2.4.9-1+1~
935 multilink@Base 2.4.7-1+2~
936 multilink_join_hook@Base 2.4.7-1+2~
937 multilink_master@Base 2.4.7-1+2~
938@@ -419,7 +425,6 @@ pppd.so.2.4.9 ppp #MINVER#
939 session_start@Base 2.4.7-1+2~
940 set_filters@Base 2.4.7-1+2~
941 set_ifunit@Base 2.4.7-1+2~
942- set_mppe_enc_types@Base 2.4.7-1+2~
943 set_up_tty@Base 2.4.7-1+2~
944 setdtr@Base 2.4.7-1+2~
945 setipaddr@Base 2.4.7-1+2~

Subscribers

People subscribed via source and target branches