Ubuntu
ppp package

Merge ~eivnaes/ubuntu/+source/ppp:ubuntu/impish into ubuntu/+source/ppp:ubuntu/devel

  1. Git
  2. lp:~eivnaes/ubuntu/+source/ppp
  3. ubuntu/impish
  4. Merge into ubuntu/devel
Proposed by Eivind Naess
Status: Needs review
Proposed branch: ~eivnaes/ubuntu/+source/ppp:ubuntu/impish
Merge into: ubuntu/+source/ppp:ubuntu/devel
Diff against target: 945 lines (+889/-5)
4 files modified
debian/patches/eap-mschap-v2-namelen.patch (+13/-0)
debian/patches/expose-mppe-keys-via-api.patch (+864/-0)
debian/patches/series (+2/-0)
debian/ppp.symbols (+10/-5)
Reviewer Review Type Date Requested Status
Simon Quigley (community) Needs Resubmitting
git-ubuntu import Pending
Review via email: mp+415397@code.launchpad.net

Commit message

Fix EAP-MSCHAPv2 and export 32-byte MPPE keys

Backported commit-id: d706c95906d996534f13632a747af5dc617f306e
Author: Eivind Næss <email address hidden>
Date: Sat Apr 24 03:00:34 2021 -0700

The lengthy part of this fix is to refactor the handling of MPPE keys
by moving it into mppe.c and thus reducing the clutter in chap_ms.c.
It does so by renaming the mppe_set_keys/2 to the corresponding
mppe_set_chapv1/mppe_set_chapv2 versions and updates callers of these
functions.

Having done so, it conveniently allows the name "mppe_set_keys" to be
re-used for this new purpose which will copy the key material up to
its size and then clear the input parameters (avoids leaving the MPPE
keys on the stack).

Additional functiions added to the MPPE code allow plugins et al. to
access the MPPE keys, clear the keys, and check if they are set. All
plugin and CCP code has been updated to use this API.

This fixes GitHub Issue #258
Signed-off-by: Eivind Naess <email address hidden>

Backported commit-id: d7e62a8499c4032d79e05afbd8fd3efd51c5b148
Author: Eivind Næss <email address hidden>
Date: Thu Feb 3 14:28:22 2022 -0800

    pppd/eap: Fix bug causing incorrect response length (#334)

    Need to update the esp->ea_client.ea_namelen variable. A plugin can override the
    name of the user, and the variable is passed onto the eap_chap2_response generating
    the wrong response length.

    Signed-off-by: Eivind Næss <email address hidden>

Description of the change

I am the maintainer of sstp-client/network-manager-sstp, and am getting repeated requests for support of EAP-MSCHAPv2 and EAP-TLS. The MPPE keys need an expansion from 16 to 32 bytes, and there is currently a bug in the EAP code when doing MSCHAPv2 given the length of the user-name.

This merge request fixes both of those issues. Both fixes are in pppd-project (master branch).

To post a comment you must log in.
Revision history for this message
Simon Chopin (schopin) wrote :

While the patch itself is substantial, the request seems reasonable.

I've reviewed it as much as I could (I'm not familiar with this area of the ppp code) and I didn't see any obvious problems with it. The comments in https://github.com/ppp-project/ppp/issues/258 where particularly helpful in understanding the ins and outs of the patch.

This is a +1 from me, assuming proper testing afterwards from OP.

Reply
Revision history for this message
Eivind Naess (eivnaes) wrote :

@schopin

Thank you for the review. I did email ubuntu-server mailing list requesting a review. However, they've subscribed ~ubuntu-sponsorship to the issue. Do you know if there is someone that could help with that and to expedite the process somehow?

People are upgrading to Ubuntu 21.10 and finding out that sstp-client is broken for them. It makes it really hard for me to support them, and telling non-developers to go rebuild multiple packages is a bit hard.

Reply
Revision history for this message
Robie Basak (racb) wrote :

I had assumed you wanted this in the upcoming Ubuntu LTS release (codenamed Jammy) expected to be 22.04. It will supersede 21.10 and 21.10 will go end-of-life in July 2022, so five months away. After it is released, I doubt that anyone new will be installing 21.10 any more. 22.04 will have standard support for at least five years - so until at least April 2027.

If you still want 21.10 updated then we can consider that. The process is more involved and is documented at https://wiki.ubuntu.com/StableReleaseUpdates. In particular, we'd need to ensure that it meets the policy that prevents unexpected behaviour changes hitting users of the stable release. Bugfixes on the other hand are fine. Major refactorings generally are not.

Another requirement of that process though is that the Ubuntu development release (ie. Jammy) must be fixed first, and so maybe we can focus on this first if this is what you want? It seems to me that it'd be great to have good support in this area in the LTS release and you've done great work in this area already, so with your help we could get that into Jammy.

Feature freeze for Jammy is today, so if we want this change, it has to go in today. It sounds like we're all generally in favour. I have yet to review in detail, and I will do that next, but I know of no issues with that side right now.

However, in pulling in a patch to Ubuntu ahead of an upstream release, we will be going out on a limb here. Can you commit to helping us maintain this patch in Jammy - helping us with testing and with any issues we might encounter with it in the future - both during development and after release? Note that changing things after release is much harder because of the care we owe to our users to ensure stability - see the link above.

Reply
Revision history for this message
Eivind Naess (eivnaes) wrote :

Hi Robie,

If you want things fixed today, I maybe able to spare a few minutes just let me know what exactly you need. You can also email me back at eivnaes [at] yahoo [dot] com as I receive notifications on my phone w.r.t. email.

I can generally help with testing on Jimmy. Right now the EAP-MSCHAP fix is definitely busted, and also EAP-TLS doesn't work with the MS-SSTP protocol. The former is definitely hitting people as EAP is the default option for Microsoft Windows. I've committed multiple fixes upstream to pppd project, and unfortunately I don't see an release coming up on a short timeline (unless Paul changes his mind).

It is still unclear what you need me to do, so please hit me up and be specific as the time window is very narrow.

Does this patch apply cleanly to Jimmy? I haven't tried

Reply
Revision history for this message
Eivind Naess (eivnaes) wrote :

Also noted, the EAP-TLS with MS-SSTP is a hot-button issue for a lot of people trying to connect to Microsoft Azure cloud environment.

Reply
Revision history for this message
Robie Basak (racb) wrote :

Thanks!

The patch does apply cleanly to Jammy - there are no changes to the
package apart from metadata. So I think we should be safe from that
perspective.

I'm struggling to find a match between this patch and the one upstream.
I found 789e867 that I thought was related, but that doesn't match.
Ideally I'd like to see that the patch is identical to the one upstream,
or if it's not, understand why it's different. Could you help me
understand how this patch is constructed from the upstream ones, please?
For example, is there a commit or a set of commits upstream that, if
squashed together, makes up this one? If so, a link to the upstream
commits would be helpful.

Reply
Revision history for this message
Eivind Naess (eivnaes) wrote :

Robie

Thanks for taking a look at this. The patch is slightly different, as a previous patch to debian pppd replaced all internal crypto calls with calls to use openssl crypto functions. I had to manually re-do the upstream patch with that in mind as the MPPE specific functions was moved into mppe.c (see replace-vendored-hash-functions.patch).

(A little error on the unused Makefile.sol2 here, it adds the sha1.o object, but that isn't even been used here -- solaris2 only).

Reply
Revision history for this message
Eivind Naess (eivnaes) wrote :

You mean: 789e867 - Improve the PEAP contribution by Rustam Kovhaev?

That's a completely new authentication mechanism, PEAP is EAP but wrapped inside a TLS tunnel.

Reply
Revision history for this message
Eivind Naess (eivnaes) wrote :

Robie,

While I have your attention here, there's been another annoying feature that breaks network-manager-sstp project. It's the

https://git.launchpad.net/ubuntu/+source/ppp/tree/debian/extra/ip-up.d/0000usepeerdns#n10

`
nm-pptp-service-*|nm-l2tp-service-*|/org/freedesktop/NetworkManager/PPP/*)
`

It should probably say: nm-*-service-* instead of
`
nm-*-service-*|org/freedesktop/NetworkManager/PPP/*)
`

At least it would permit any clone(s) of the network manager <protocol> plugin to bypass this replacement of resolv.conf.

I filed a bug against this
https://bugs.launchpad.net/ubuntu/+source/ppp/+bug/1921398

it's just that I've not been able to reach anyone to help with getting the issue resolved.

Reply
Revision history for this message
Robie Basak (racb) wrote :

Ah, thanks. I found the upstream commit d706c959 and this matches this MP except for the OpenSSL related changes you mentioned.

Reply
Revision history for this message
Robie Basak (racb) wrote :

Oh, and that was in your commit message. Sorry!

Reply
Revision history for this message
Eivind Naess (eivnaes) wrote :

Awesome!

Reply
Revision history for this message
Eivind Naess (eivnaes) wrote :

Did you get this merged?

What about https://bugs.launchpad.net/ubuntu/+source/ppp/+bug/1921398 ?

Reply
Revision history for this message
Eivind Naess (eivnaes) wrote :

Robie,

I have Jammy Jellyfish setup and am ready to test this. Let me know what you need me to do.

Reply
Revision history for this message
Robie Basak (racb) wrote :

I've uploaded this to Jammy. Thank you for your contribution!

I didn't know about that bug. The usual process it to subscribe ~ubuntu-sponsors to the bug, then it appears in the sponsorship queue. But the queue is quite big and not very well managed unfortunately, so it does help to ask in #ubuntu-devel and be available there.

I can look into that bug for you too, but not today - I'm busy with a few other tasks for feature freeze, and that fix is a bug fix so won't be blocked by the freeze.

Once the package is built in Jammy and migrated, please could you test to make sure that it works as expected?

There are also some reverse dependencies that could do with testing too, just to make sure that nothing is broken. Or if you know ppp well and understand better how to make sure nothing is adversely affected, that works too :)

connman
network-manager
network-manager-fortisslvpn
network-manager-l2tp
network-manager-pptp
pptpd
rp-pppoe

Reply
Revision history for this message
Eivind Naess (eivnaes) wrote :

Will do

When can I expect the package to be available via apt-get, tomorrow?

Reply
Revision history for this message
Robie Basak (racb) wrote :

It's available now, assuming any local mirrors you're using are caught up.

Reply
Revision history for this message
Eivind Naess (eivnaes) wrote :

Robie,

I was able to get the new ppp package 2.4.9-1ubuntu3 yesterday. The network-manager-* packages, and likely the pptpd, rp-pppoe and connman packages will require a re-build. I haven't seen those being available on my local mirrors yet.

You able to kick off a build (at least for the network-manager* packages)?

Reply
Revision history for this message
Simon Quigley (tsimonq2) :
review: Needs Resubmitting
Reply
Revision history for this message
Eivind Naess (eivnaes) wrote :

The patches was merged into Jammy Jellyfish (22.04) by Robie Basak. Not sure if it makes sense to back-port them to into impish. In fact the entire issse/comment thread can probably be closed by now.

Reply

Unmerged commits

99eebc7... by Eivind Naess

Fix EAP-MSCHAPv2 and export 32-byte MPPE keys

Backported commit-id: d706c95906d996534f13632a747af5dc617f306e
Backported commit-id: d7e62a8499c4032d79e05afbd8fd3efd51c5b148

From ppp-project/ppp on Github

Signed-off-by: Eivind Næss <email address hidden>

5e01a99... by Simon Chopin

2.4.9-1+1ubuntu1 (patches unapplied)

Imported using git-ubuntu import.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/patches/eap-mschap-v2-namelen.patch b/debian/patches/eap-mschap-v2-namelen.patch
0new file mode 1006440new file mode 100644
index 0000000..f5cf55a
--- /dev/null
+++ b/debian/patches/eap-mschap-v2-namelen.patch
@@ -0,0 +1,13 @@
1This fixes the length of the username when responding to an EAP MSCHAPv2 challenge.
2Index: ppp-2.4.9/pppd/eap.c
3===================================================================
4--- ppp-2.4.9.orig/pppd/eap.c
5+++ ppp-2.4.9/pppd/eap.c
6@@ -2261,6 +2261,7 @@ eap_request(eap_state *esp, u_char *inp,
7 eap_send_nak(esp, id, EAPT_SRP);
8 break;
9 }
10+ esp->es_client.ea_namelen = strlen(esp->es_client.ea_name);
11
12 /* Create the MSCHAPv2 response (and add to cache) */
13 unsigned char response[MS_CHAP2_RESPONSE_LEN+1]; // VLEN + VALUE
diff --git a/debian/patches/expose-mppe-keys-via-api.patch b/debian/patches/expose-mppe-keys-via-api.patch
0new file mode 10064414new file mode 100644
index 0000000..df12a58
--- /dev/null
+++ b/debian/patches/expose-mppe-keys-via-api.patch
@@ -0,0 +1,864 @@
1Index: ppp-2.4.9/pppd/Makefile.sol2
2===================================================================
3--- ppp-2.4.9.orig/pppd/Makefile.sol2
4+++ ppp-2.4.9/pppd/Makefile.sol2
5@@ -37,7 +37,7 @@ OBJS += ipv6cp.o eui64.o
6
7 # Uncomment to enable MS-CHAP
8 CFLAGS += -DUSE_CRYPT -DCHAPMS -DMSLANMAN -DHAVE_CRYPT_H
9-OBJS += chap_ms.o pppcrypt.o md4.o sha1.o
10+OBJS += chap_ms.o pppcrypt.o md4.o sha1.o mppe.o
11
12 # Uncomment to enable MPPE (in both CHAP and EAP-TLS)
13 CFLAGS += -DMPPE
14Index: ppp-2.4.9/pppd/ccp.c
15===================================================================
16--- ppp-2.4.9.orig/pppd/ccp.c
17+++ ppp-2.4.9/pppd/ccp.c
18@@ -38,10 +38,9 @@
19 #include "ccp.h"
20 #include <net/ppp-comp.h>
21
22-#ifdef MPPE
23-#include "chap_ms.h" /* mppe_xxxx_key, mppe_keys_set */
24+#include "chap_ms.h"
25+#include "mppe.h"
26 #include "lcp.h" /* lcp_close(), lcp_fsm */
27-#endif
28
29
30 /*
31@@ -574,7 +573,7 @@ ccp_resetci(fsm *f)
32 }
33
34 /* A plugin (eg radius) may not have obtained key material. */
35- if (!mppe_keys_set) {
36+ if (!mppe_keys_isset()) {
37 error("MPPE required, but keys are not available. "
38 "Possible plugin problem?");
39 lcp_close(f->unit, "MPPE required but not available");
40@@ -705,7 +704,7 @@ static void
41 p[1] = opt_buf[1] = CILEN_MPPE;
42 MPPE_OPTS_TO_CI(go->mppe, &p[2]);
43 MPPE_OPTS_TO_CI(go->mppe, &opt_buf[2]);
44- BCOPY(mppe_recv_key, &opt_buf[CILEN_MPPE], MPPE_MAX_KEY_LEN);
45+ mppe_get_recv_key(&opt_buf[CILEN_MPPE], MPPE_MAX_KEY_LEN);
46 res = ccp_test(f->unit, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN, 0);
47 if (res > 0)
48 p += CILEN_MPPE;
49@@ -1156,8 +1155,7 @@ ccp_reqci(fsm *f, u_char *p, int *lenp,
50 int mtu;
51
52 BCOPY(p, opt_buf, CILEN_MPPE);
53- BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE],
54- MPPE_MAX_KEY_LEN);
55+ mppe_get_send_key(&opt_buf[CILEN_MPPE], MPPE_MAX_KEY_LEN);
56 if (ccp_test(f->unit, opt_buf,
57 CILEN_MPPE + MPPE_MAX_KEY_LEN, 1) <= 0) {
58 /* This shouldn't happen, we've already tested it! */
59@@ -1426,8 +1424,7 @@ ccp_up(fsm *f)
60 notice("%s transmit compression enabled", method_name(ho, NULL));
61 #ifdef MPPE
62 if (go->mppe) {
63- BZERO(mppe_recv_key, MPPE_MAX_KEY_LEN);
64- BZERO(mppe_send_key, MPPE_MAX_KEY_LEN);
65+ mppe_clear_keys();
66 continue_networks(f->unit); /* Bring up IP et al */
67 }
68 #endif
69Index: ppp-2.4.9/pppd/chap_ms.c
70===================================================================
71--- ppp-2.4.9.orig/pppd/chap_ms.c
72+++ ppp-2.4.9/pppd/chap_ms.c
73@@ -93,7 +93,7 @@
74 #include <openssl/sha.h>
75 #include "pppcrypt.h"
76 #include "magic.h"
77-
78+#include "mppe.h"
79
80
81 static void ascii2unicode (char[], int, u_char[]);
82@@ -109,10 +109,6 @@ static void GenerateAuthenticatorRespons
83 static void ChapMS_LANMan (u_char *, char *, int, u_char *);
84 #endif
85
86-#ifdef MPPE
87-static void Set_Start_Key (u_char *, char *, int);
88-static void SetMasterKeys (char *, int, u_char[24], int);
89-#endif
90
91 #ifdef MSLANMAN
92 bool ms_lanman = 0; /* Use LanMan password instead of NT */
93@@ -120,10 +116,6 @@ bool ms_lanman = 0; /* Use LanMan pa
94 #endif
95
96 #ifdef MPPE
97-u_char mppe_send_key[MPPE_MAX_KEY_LEN];
98-u_char mppe_recv_key[MPPE_MAX_KEY_LEN];
99-int mppe_keys_set = 0; /* Have the MPPE keys been set? */
100-
101 #ifdef DEBUGMPPEKEY
102 /* For MPPE debug */
103 /* Use "[]|}{?/><,`!2&&(" (sans quotes) for RFC 3079 MS-CHAPv2 test value */
104@@ -705,32 +697,8 @@ GenerateAuthenticatorResponsePlain
105 rchallenge, username, authResponse);
106 }
107
108-
109 #ifdef MPPE
110 /*
111- * Set mppe_xxxx_key from the NTPasswordHashHash.
112- * RFC 2548 (RADIUS support) requires us to export this function (ugh).
113- */
114-void
115-mppe_set_keys(u_char *rchallenge, u_char PasswordHashHash[MD4_SIGNATURE_SIZE])
116-{
117- SHA_CTX sha1Context;
118- u_char Digest[SHA_DIGEST_LENGTH]; /* >= MPPE_MAX_KEY_LEN */
119-
120- SHA1_Init(&sha1Context);
121- SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
122- SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
123- SHA1_Update(&sha1Context, rchallenge, 8);
124- SHA1_Final(Digest, &sha1Context);
125-
126- /* Same key in both directions. */
127- BCOPY(Digest, mppe_send_key, sizeof(mppe_send_key));
128- BCOPY(Digest, mppe_recv_key, sizeof(mppe_recv_key));
129-
130- mppe_keys_set = 1;
131-}
132-
133-/*
134 * Set mppe_xxxx_key from MS-CHAP credentials. (see RFC 3079)
135 */
136 static void
137@@ -744,105 +712,7 @@ Set_Start_Key(u_char *rchallenge, char *
138 ascii2unicode(secret, secret_len, unicodePassword);
139 NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash);
140 NTPasswordHash(PasswordHash, sizeof(PasswordHash), PasswordHashHash);
141-
142- mppe_set_keys(rchallenge, PasswordHashHash);
143-}
144-
145-/*
146- * Set mppe_xxxx_key from MS-CHAPv2 credentials. (see RFC 3079)
147- *
148- * This helper function used in the Winbind module, which gets the
149- * NTHashHash from the server.
150- */
151-void
152-mppe_set_keys2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
153- u_char NTResponse[24], int IsServer)
154-{
155- SHA_CTX sha1Context;
156- u_char MasterKey[SHA_DIGEST_LENGTH]; /* >= MPPE_MAX_KEY_LEN */
157- u_char Digest[SHA_DIGEST_LENGTH]; /* >= MPPE_MAX_KEY_LEN */
158-
159- u_char SHApad1[40] =
160- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
161- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
162- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
163- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
164- u_char SHApad2[40] =
165- { 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
166- 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
167- 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
168- 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2 };
169-
170- /* "This is the MPPE Master Key" */
171- u_char Magic1[27] =
172- { 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74,
173- 0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d,
174- 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79 };
175- /* "On the client side, this is the send key; "
176- "on the server side, it is the receive key." */
177- u_char Magic2[84] =
178- { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
179- 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
180- 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
181- 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79,
182- 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73,
183- 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 0x69, 0x64, 0x65,
184- 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
185- 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
186- 0x6b, 0x65, 0x79, 0x2e };
187- /* "On the client side, this is the receive key; "
188- "on the server side, it is the send key." */
189- u_char Magic3[84] =
190- { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
191- 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
192- 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
193- 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
194- 0x6b, 0x65, 0x79, 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68,
195- 0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73,
196- 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73,
197- 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20,
198- 0x6b, 0x65, 0x79, 0x2e };
199- u_char *s;
200-
201- SHA1_Init(&sha1Context);
202- SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
203- SHA1_Update(&sha1Context, NTResponse, 24);
204- SHA1_Update(&sha1Context, Magic1, sizeof(Magic1));
205- SHA1_Final(MasterKey, &sha1Context);
206-
207- /*
208- * generate send key
209- */
210- if (IsServer)
211- s = Magic3;
212- else
213- s = Magic2;
214- SHA1_Init(&sha1Context);
215- SHA1_Update(&sha1Context, MasterKey, 16);
216- SHA1_Update(&sha1Context, SHApad1, sizeof(SHApad1));
217- SHA1_Update(&sha1Context, s, 84);
218- SHA1_Update(&sha1Context, SHApad2, sizeof(SHApad2));
219- SHA1_Final(Digest, &sha1Context);
220-
221- BCOPY(Digest, mppe_send_key, sizeof(mppe_send_key));
222-
223- /*
224- * generate recv key
225- */
226- if (IsServer)
227- s = Magic2;
228- else
229- s = Magic3;
230- SHA1_Init(&sha1Context);
231- SHA1_Update(&sha1Context, MasterKey, 16);
232- SHA1_Update(&sha1Context, SHApad1, sizeof(SHApad1));
233- SHA1_Update(&sha1Context, s, 84);
234- SHA1_Update(&sha1Context, SHApad2, sizeof(SHApad2));
235- SHA1_Final(Digest, &sha1Context);
236-
237- BCOPY(Digest, mppe_recv_key, sizeof(mppe_recv_key));
238-
239- mppe_keys_set = 1;
240+ mppe_set_chapv1(rchallenge, PasswordHashHash);
241 }
242
243 /*
244@@ -858,12 +728,11 @@ SetMasterKeys(char *secret, int secret_l
245 ascii2unicode(secret, secret_len, unicodePassword);
246 NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash);
247 NTPasswordHash(PasswordHash, sizeof(PasswordHash), PasswordHashHash);
248- mppe_set_keys2(PasswordHashHash, NTResponse, IsServer);
249+ mppe_set_chapv2(PasswordHashHash, NTResponse, IsServer);
250 }
251
252 #endif /* MPPE */
253
254-
255 void
256 ChapMS(u_char *rchallenge, char *secret, int secret_len,
257 unsigned char *response)
258@@ -933,39 +802,6 @@ ChapMS2(u_char *rchallenge, u_char *Peer
259 #endif
260 }
261
262-#ifdef MPPE
263-/*
264- * Set MPPE options from plugins.
265- */
266-void
267-set_mppe_enc_types(int policy, int types)
268-{
269- /* Early exit for unknown policies. */
270- if (policy != MPPE_ENC_POL_ENC_ALLOWED ||
271- policy != MPPE_ENC_POL_ENC_REQUIRED)
272- return;
273-
274- /* Don't modify MPPE if it's optional and wasn't already configured. */
275- if (policy == MPPE_ENC_POL_ENC_ALLOWED && !ccp_wantoptions[0].mppe)
276- return;
277-
278- /*
279- * Disable undesirable encryption types. Note that we don't ENABLE
280- * any encryption types, to avoid overriding manual configuration.
281- */
282- switch(types) {
283- case MPPE_ENC_TYPES_RC4_40:
284- ccp_wantoptions[0].mppe &= ~MPPE_OPT_128; /* disable 128-bit */
285- break;
286- case MPPE_ENC_TYPES_RC4_128:
287- ccp_wantoptions[0].mppe &= ~MPPE_OPT_40; /* disable 40-bit */
288- break;
289- default:
290- break;
291- }
292-}
293-#endif /* MPPE */
294-
295 static struct chap_digest_type chapms_digest = {
296 CHAP_MICROSOFT, /* code */
297 chapms_generate_challenge,
298Index: ppp-2.4.9/pppd/chap_ms.h
299===================================================================
300--- ppp-2.4.9.orig/pppd/chap_ms.h
301+++ ppp-2.4.9/pppd/chap_ms.h
302@@ -38,6 +38,7 @@
303 #define MS_CHAP_RESPONSE_LEN 49 /* Response length for MS-CHAP */
304 #define MS_CHAP2_RESPONSE_LEN 49 /* Response length for MS-CHAPv2 */
305 #define MS_AUTH_RESPONSE_LENGTH 40 /* MS-CHAPv2 authenticator response, */
306+#define MS_AUTH_NTRESP_LEN 24 /* Length of NT-response field */
307 /* as ASCII */
308
309 /* E=eeeeeeeeee error codes for MS-CHAP failure messages. */
310@@ -67,22 +68,6 @@
311 #define MS_CHAP2_NTRESP_LEN 24
312 #define MS_CHAP2_FLAGS 48
313
314-#ifdef MPPE
315-#include "mppe.h" /* MPPE_MAX_KEY_LEN */
316-extern u_char mppe_send_key[MPPE_MAX_KEY_LEN];
317-extern u_char mppe_recv_key[MPPE_MAX_KEY_LEN];
318-extern int mppe_keys_set;
319-
320-/* These values are the RADIUS attribute values--see RFC 2548. */
321-#define MPPE_ENC_POL_ENC_ALLOWED 1
322-#define MPPE_ENC_POL_ENC_REQUIRED 2
323-#define MPPE_ENC_TYPES_RC4_40 2
324-#define MPPE_ENC_TYPES_RC4_128 4
325-
326-/* used by plugins (using above values) */
327-extern void set_mppe_enc_types(int, int);
328-#endif
329-
330 /* Are we the authenticator or authenticatee? For MS-CHAPv2 key derivation. */
331 #define MS_CHAP2_AUTHENTICATEE 0
332 #define MS_CHAP2_AUTHENTICATOR 1
333@@ -90,12 +75,6 @@ extern void set_mppe_enc_types(int, int)
334 void ChapMS (u_char *, char *, int, u_char *);
335 void ChapMS2 (u_char *, u_char *, char *, char *, int,
336 u_char *, u_char[MS_AUTH_RESPONSE_LENGTH+1], int);
337-#ifdef MPPE
338-void mppe_set_keys (u_char *, u_char[MD4_SIGNATURE_SIZE]);
339-void mppe_set_keys2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
340- u_char NTResponse[24], int IsServer);
341-#endif
342-
343 void ChallengeHash (u_char[16], u_char *, char *, u_char[8]);
344
345 void GenerateAuthenticatorResponse(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
346Index: ppp-2.4.9/pppd/eap-tls.c
347===================================================================
348--- ppp-2.4.9.orig/pppd/eap-tls.c
349+++ ppp-2.4.9/pppd/eap-tls.c
350@@ -48,6 +48,8 @@
351 #include "eap-tls.h"
352 #include "fsm.h"
353 #include "lcp.h"
354+#include "chap_ms.h"
355+#include "mppe.h"
356 #include "pathnames.h"
357
358 typedef struct pw_cb_data
359@@ -72,10 +74,6 @@ int ssl_new_session_cb(SSL *s, SSL_SESSI
360 X509 *get_X509_from_file(char *filename);
361 int ssl_cmp_certs(char *filename, X509 * a);
362
363-#ifdef MPPE
364-
365-#define EAPTLS_MPPE_KEY_LEN 32
366-
367 /*
368 * OpenSSL 1.1+ introduced a generic TLS_method()
369 * For older releases we substitute the appropriate method
370@@ -118,6 +116,10 @@ static inline int SSL_CTX_set_max_proto_
371 #endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
372
373
374+#ifdef MPPE
375+
376+#define EAPTLS_MPPE_KEY_LEN 32
377+
378 /*
379 * Generate keys according to RFC 2716 and add to reply
380 */
381@@ -159,20 +161,12 @@ void eaptls_gen_mppe_keys(struct eaptls_
382 */
383 if (client)
384 {
385- p = out;
386- BCOPY( p, mppe_send_key, sizeof(mppe_send_key) );
387- p += EAPTLS_MPPE_KEY_LEN;
388- BCOPY( p, mppe_recv_key, sizeof(mppe_recv_key) );
389+ mppe_set_keys(out, out + EAPTLS_MPPE_KEY_LEN, EAPTLS_MPPE_KEY_LEN);
390 }
391 else
392 {
393- p = out;
394- BCOPY( p, mppe_recv_key, sizeof(mppe_recv_key) );
395- p += EAPTLS_MPPE_KEY_LEN;
396- BCOPY( p, mppe_send_key, sizeof(mppe_send_key) );
397+ mppe_set_keys(out + EAPTLS_MPPE_KEY_LEN, out, EAPTLS_MPPE_KEY_LEN);
398 }
399-
400- mppe_keys_set = 1;
401 }
402
403 #endif /* MPPE */
404Index: ppp-2.4.9/pppd/eap-tls.h
405===================================================================
406--- ppp-2.4.9.orig/pppd/eap-tls.h
407+++ ppp-2.4.9/pppd/eap-tls.h
408@@ -85,11 +85,6 @@ int get_eaptls_secret(int unit, char *cl
409 char *capath, char *pkfile, int am_server);
410
411 #ifdef MPPE
412-#include "mppe.h" /* MPPE_MAX_KEY_LEN */
413-extern u_char mppe_send_key[MPPE_MAX_KEY_LEN];
414-extern u_char mppe_recv_key[MPPE_MAX_KEY_LEN];
415-extern int mppe_keys_set;
416-
417 void eaptls_gen_mppe_keys(struct eaptls_session *ets, int client);
418 #endif
419
420Index: ppp-2.4.9/pppd/mppe.c
421===================================================================
422--- /dev/null
423+++ ppp-2.4.9/pppd/mppe.c
424@@ -0,0 +1,248 @@
425+/* * mppe.c - MPPE key implementation
426+ *
427+ * Copyright (c) 2020 Eivind Naess. All rights reserved.
428+ * Copyright (c) 2008 Paul Mackerras. All rights reserved.
429+ *
430+ * Redistribution and use in source and binary forms, with or without
431+ * modification, are permitted provided that the following conditions
432+ * are met:
433+ *
434+ * 1. Redistributions of source code must retain the above copyright
435+ * notice, this list of conditions and the following disclaimer.
436+ *
437+ * 2. Redistributions in binary form must reproduce the above copyright
438+ * notice, this list of conditions and the following disclaimer in
439+ * the documentation and/or other materials provided with the
440+ * distribution.
441+ *
442+ * 3. The name(s) of the authors of this software must not be used to
443+ * endorse or promote products derived from this software without
444+ * prior written permission.
445+ *
446+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
447+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
448+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
449+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
450+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
451+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
452+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
453+ *
454+ */
455+
456+#include <string.h>
457+
458+#include "pppd.h"
459+#include "fsm.h"
460+#include "ccp.h"
461+#include "chap_ms.h"
462+#include "mppe.h"
463+#include <openssl/sha.h>
464+#include <openssl/md4.h>
465+
466+u_char mppe_send_key[MPPE_MAX_KEY_SIZE];
467+u_char mppe_recv_key[MPPE_MAX_KEY_SIZE];
468+int mppe_keys_set = 0;
469+
470+void
471+mppe_set_keys(u_char *send_key, u_char *recv_key, int keylen)
472+{
473+ int length = keylen;
474+ if (length > MPPE_MAX_KEY_SIZE)
475+ length = MPPE_MAX_KEY_SIZE;
476+
477+ if (send_key) {
478+ BCOPY(send_key, mppe_send_key, length);
479+ BZERO(send_key, keylen);
480+ }
481+
482+ if (recv_key) {
483+ BCOPY(recv_key, mppe_recv_key, length);
484+ BZERO(recv_key, keylen);
485+ }
486+
487+ mppe_keys_set = length;
488+}
489+
490+bool
491+mppe_keys_isset()
492+{
493+ return !!mppe_keys_set;
494+}
495+
496+int
497+mppe_get_recv_key(u_char *recv_key, int length)
498+{
499+ if (mppe_keys_isset()) {
500+ if (length > mppe_keys_set)
501+ length = mppe_keys_set;
502+ BCOPY(mppe_recv_key, recv_key, length);
503+ return length;
504+ }
505+ return 0;
506+}
507+
508+int
509+mppe_get_send_key(u_char *send_key, int length)
510+{
511+ if (mppe_keys_isset()) {
512+ if (length > mppe_keys_set)
513+ length = mppe_keys_set;
514+ BCOPY(mppe_send_key, send_key, length);
515+ return length;
516+ }
517+ return 0;
518+}
519+
520+void
521+mppe_clear_keys(void)
522+{
523+ mppe_keys_set = 0;
524+ BZERO(mppe_send_key, sizeof(mppe_send_key));
525+ BZERO(mppe_recv_key, sizeof(mppe_recv_key));
526+}
527+
528+/*
529+ * Set mppe_xxxx_key from the NTPasswordHashHash.
530+ * RFC 2548 (RADIUS support) requires us to export this function (ugh).
531+ */
532+void
533+mppe_set_chapv1(u_char *rchallenge, u_char PasswordHashHash[MD4_SIGNATURE_SIZE])
534+{
535+ SHA_CTX sha1Context;
536+ u_char Digest[SHA_DIGEST_LENGTH];
537+
538+ SHA1_Init(&sha1Context);
539+ SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
540+ SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
541+ SHA1_Update(&sha1Context, rchallenge, 8);
542+ SHA1_Final(Digest, &sha1Context);
543+
544+ /* Same key in both directions. */
545+ mppe_set_keys(Digest, Digest, sizeof(Digest));
546+}
547+
548+/*
549+ * Set mppe_xxxx_key from MS-CHAPv2 credentials. (see RFC 3079)
550+ *
551+ * This helper function used in the Winbind module, which gets the
552+ * NTHashHash from the server.
553+ */
554+void
555+mppe_set_chapv2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
556+ u_char NTResponse[MS_AUTH_NTRESP_LEN], int IsServer)
557+{
558+ SHA_CTX sha1Context;
559+ u_char MasterKey[SHA_DIGEST_LENGTH];
560+ u_char SendKey[SHA_DIGEST_LENGTH];
561+ u_char RecvKey[SHA_DIGEST_LENGTH];
562+
563+ u_char SHApad1[40] =
564+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
565+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
566+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
567+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
568+ u_char SHApad2[40] =
569+ { 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
570+ 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
571+ 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
572+ 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2 };
573+
574+ /* "This is the MPPE Master Key" */
575+ u_char Magic1[27] =
576+ { 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74,
577+ 0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d,
578+ 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79 };
579+ /* "On the client side, this is the send key; "
580+ "on the server side, it is the receive key." */
581+ u_char Magic2[84] =
582+ { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
583+ 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
584+ 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
585+ 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79,
586+ 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73,
587+ 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 0x69, 0x64, 0x65,
588+ 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
589+ 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
590+ 0x6b, 0x65, 0x79, 0x2e };
591+ /* "On the client side, this is the receive key; "
592+ "on the server side, it is the send key." */
593+ u_char Magic3[84] =
594+ { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
595+ 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
596+ 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
597+ 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
598+ 0x6b, 0x65, 0x79, 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68,
599+ 0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73,
600+ 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73,
601+ 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20,
602+ 0x6b, 0x65, 0x79, 0x2e };
603+ u_char *s;
604+
605+ SHA1_Init(&sha1Context);
606+ SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
607+ SHA1_Update(&sha1Context, NTResponse, 24);
608+ SHA1_Update(&sha1Context, Magic1, sizeof(Magic1));
609+ SHA1_Final(MasterKey, &sha1Context);
610+
611+ /*
612+ * generate send key
613+ */
614+ if (IsServer)
615+ s = Magic3;
616+ else
617+ s = Magic2;
618+ SHA1_Init(&sha1Context);
619+ SHA1_Update(&sha1Context, MasterKey, 16);
620+ SHA1_Update(&sha1Context, SHApad1, sizeof(SHApad1));
621+ SHA1_Update(&sha1Context, s, 84);
622+ SHA1_Update(&sha1Context, SHApad2, sizeof(SHApad2));
623+ SHA1_Final(SendKey, &sha1Context);
624+
625+ /*
626+ * generate recv key
627+ */
628+ if (IsServer)
629+ s = Magic2;
630+ else
631+ s = Magic3;
632+ SHA1_Init(&sha1Context);
633+ SHA1_Update(&sha1Context, MasterKey, 16);
634+ SHA1_Update(&sha1Context, SHApad1, sizeof(SHApad1));
635+ SHA1_Update(&sha1Context, s, 84);
636+ SHA1_Update(&sha1Context, SHApad2, sizeof(SHApad2));
637+ SHA1_Final(RecvKey, &sha1Context);
638+
639+ mppe_set_keys(SendKey, RecvKey, SHA_DIGEST_LENGTH);
640+}
641+
642+/*
643+ * Set MPPE options from plugins.
644+ */
645+void
646+mppe_set_enc_types(int policy, int types)
647+{
648+ /* Early exit for unknown policies. */
649+ if (policy != MPPE_ENC_POL_ENC_ALLOWED &&
650+ policy != MPPE_ENC_POL_ENC_REQUIRED)
651+ return;
652+
653+ /* Don't modify MPPE if it's optional and wasn't already configured. */
654+ if (policy == MPPE_ENC_POL_ENC_ALLOWED && !ccp_wantoptions[0].mppe)
655+ return;
656+
657+ /*
658+ * Disable undesirable encryption types. Note that we don't ENABLE
659+ * any encryption types, to avoid overriding manual configuration.
660+ */
661+ switch(types) {
662+ case MPPE_ENC_TYPES_RC4_40:
663+ ccp_wantoptions[0].mppe &= ~MPPE_OPT_128; /* disable 128-bit */
664+ break;
665+ case MPPE_ENC_TYPES_RC4_128:
666+ ccp_wantoptions[0].mppe &= ~MPPE_OPT_40; /* disable 40-bit */
667+ break;
668+ default:
669+ break;
670+ }
671+}
672+
673Index: ppp-2.4.9/pppd/mppe.h
674===================================================================
675--- ppp-2.4.9.orig/pppd/mppe.h
676+++ ppp-2.4.9/pppd/mppe.h
677@@ -32,9 +32,12 @@
678 * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
679 * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
680 */
681+#ifndef __MPPE_H__
682+#define __MPPE_H__
683
684 #define MPPE_PAD 4 /* MPPE growth per frame */
685-#define MPPE_MAX_KEY_LEN 16 /* largest key length (128-bit) */
686+#define MPPE_MAX_KEY_SIZE 32 /* Largest key length */
687+#define MPPE_MAX_KEY_LEN 16 /* Largest key size accepted by the kernel */
688
689 /* option bits for ccp_options.mppe */
690 #define MPPE_OPT_40 0x01 /* 40 bit */
691@@ -119,3 +122,68 @@
692 if (ptr[3] & ~MPPE_ALL_BITS) \
693 opts |= MPPE_OPT_UNKNOWN; \
694 } while (/* CONSTCOND */ 0)
695+
696+
697+#if MPPE
698+
699+/*
700+ * NOTE:
701+ * Access to these variables directly is discuraged. Please
702+ * change your code to use below accessor functions.
703+ */
704+
705+/* The key material generated which is used for MPPE send key */
706+extern u_char mppe_send_key[MPPE_MAX_KEY_SIZE];
707+/* The key material generated which is used for MPPE recv key */
708+extern u_char mppe_recv_key[MPPE_MAX_KEY_SIZE];
709+/* Keys are set if value is non-zero */
710+extern int mppe_keys_set;
711+
712+/* These values are the RADIUS attribute values--see RFC 2548. */
713+#define MPPE_ENC_POL_ENC_ALLOWED 1
714+#define MPPE_ENC_POL_ENC_REQUIRED 2
715+#define MPPE_ENC_TYPES_RC4_40 2
716+#define MPPE_ENC_TYPES_RC4_128 4
717+
718+/* used by plugins (using above values) */
719+void mppe_set_enc_types (int policy, int types);
720+
721+/*
722+ * Set the MPPE send and recv keys. NULL values for keys are ignored
723+ * and input values are cleared to avoid leaving them on the stack
724+ */
725+void mppe_set_keys(u_char *send_key, u_char *recv_key, int keylen);
726+
727+/*
728+ * Get the MPPE recv key
729+ */
730+int mppe_get_recv_key(u_char *recv_key, int length);
731+
732+/*
733+ * Get the MPPE send key
734+ */
735+int mppe_get_send_key(u_char *send_key, int length);
736+
737+/*
738+ * Clear the MPPE keys
739+ */
740+void mppe_clear_keys(void);
741+
742+/*
743+ * Check if the MPPE keys are set
744+ */
745+bool mppe_keys_isset(void);
746+
747+/*
748+ * Set mppe_xxxx_key from NT Password Hash Hash (MSCHAPv1), see RFC3079
749+ */
750+void mppe_set_chapv1(u_char *rchallenge, u_char PasswordHashHash[MD4_SIGNATURE_SIZE]);
751+
752+/*
753+ * Set the mppe_xxxx_key from MS-CHAP-v2 credentials, see RFC3079
754+ */
755+void mppe_set_chapv2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
756+ u_char NTResponse[MS_AUTH_NTRESP_LEN], int IsServer);
757+
758+#endif // #ifdef MPPE
759+#endif // #ifdef __MPPE_H__
760Index: ppp-2.4.9/pppd/plugins/radius/radius.c
761===================================================================
762--- ppp-2.4.9.orig/pppd/plugins/radius/radius.c
763+++ ppp-2.4.9/pppd/plugins/radius/radius.c
764@@ -31,6 +31,7 @@ static char const RCSID[] =
765 #ifdef CHAPMS
766 #include "chap_ms.h"
767 #ifdef MPPE
768+#include "mppe.h"
769 #include <openssl/md5.h>
770 #endif
771 #endif
772@@ -743,11 +744,12 @@ radius_setparams(VALUE_PAIR *vp, char *m
773 * Note that if the policy value was '0' we don't set the key!
774 */
775 if (mppe_enc_policy && mppe_enc_keys) {
776- mppe_keys_set = 1;
777 /* Set/modify allowed encryption types. */
778 if (mppe_enc_types)
779- set_mppe_enc_types(mppe_enc_policy, mppe_enc_types);
780+ mppe_set_enc_types(mppe_enc_policy, mppe_enc_types);
781+ return 0;
782 }
783+ mppe_clear_keys();
784 #endif
785
786 return 0;
787@@ -803,7 +805,7 @@ radius_setmppekeys(VALUE_PAIR *vp, REQUE
788 * the NAS (us) doesn't need; we only need the start key. So we have
789 * to generate the start key, sigh. NB: We do not support the LM-Key.
790 */
791- mppe_set_keys(challenge, &plain[8]);
792+ mppe_set_chapv1(challenge, &plain[8]);
793
794 return 0;
795 }
796@@ -855,7 +857,7 @@ radius_setmppekeys2(VALUE_PAIR *vp, REQU
797 for (i = 0; i < 16; i++)
798 plain[i] ^= buf[i];
799
800- if (plain[0] != sizeof(mppe_send_key) /* 16 */) {
801+ if (plain[0] != 16) {
802 error("RADIUS: Incorrect key length (%d) for MS-MPPE-%s-Key attribute",
803 (int) plain[0], type);
804 return -1;
805@@ -869,9 +871,9 @@ radius_setmppekeys2(VALUE_PAIR *vp, REQU
806 plain[16] ^= buf[0]; /* only need the first byte */
807
808 if (vp->attribute == PW_MS_MPPE_SEND_KEY)
809- memcpy(mppe_send_key, plain + 1, 16);
810+ mppe_set_keys(plain + 1, NULL, 16);
811 else
812- memcpy(mppe_recv_key, plain + 1, 16);
813+ mppe_set_keys(NULL, plain + 1, 16);
814
815 return 0;
816 }
817Index: ppp-2.4.9/pppd/plugins/winbind.c
818===================================================================
819--- ppp-2.4.9.orig/pppd/plugins/winbind.c
820+++ ppp-2.4.9/pppd/plugins/winbind.c
821@@ -37,11 +37,9 @@
822 #include "pppd.h"
823 #include "chap-new.h"
824 #include "chap_ms.h"
825-#ifdef MPPE
826-#include <openssl/md5.h>
827-#endif
828 #include "fsm.h"
829 #include "ipcp.h"
830+#include "mppe.h"
831 #include <syslog.h>
832 #include <sys/types.h>
833 #include <sys/stat.h>
834@@ -583,7 +581,7 @@ winbind_chap_verify(char *user, char *ou
835 nt_response, nt_response_size,
836 session_key,
837 &error_string) == AUTHENTICATED) {
838- mppe_set_keys(challenge, session_key);
839+ mppe_set_chapv1(challenge, session_key);
840 slprintf(message, message_space, "Access granted");
841 return AUTHENTICATED;
842
843@@ -628,7 +626,7 @@ winbind_chap_verify(char *user, char *ou
844 &response[MS_CHAP2_NTRESP],
845 &response[MS_CHAP2_PEER_CHALLENGE],
846 challenge, user, saresponse);
847- mppe_set_keys2(session_key, &response[MS_CHAP2_NTRESP],
848+ mppe_set_chapv2(session_key, &response[MS_CHAP2_NTRESP],
849 MS_CHAP2_AUTHENTICATOR);
850 if (response[MS_CHAP2_FLAGS]) {
851 slprintf(message, message_space, "S=%s", saresponse);
852Index: ppp-2.4.9/pppd/Makefile.linux
853===================================================================
854--- ppp-2.4.9.orig/pppd/Makefile.linux
855+++ ppp-2.4.9/pppd/Makefile.linux
856@@ -105,6 +105,8 @@ CFLAGS += -DMSLANMAN=1
857 endif
858 ifdef MPPE
859 CFLAGS += -DMPPE=1
860+PPPDOBJS += mppe.o
861+PPPDSRC += mppe.c
862 HEADERS += mppe.h
863 endif
864 endif
diff --git a/debian/patches/series b/debian/patches/series
index 21f90f7..1d308c2 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -15,3 +15,5 @@ resolv.conf_no_log
15zzz_config15zzz_config
16pppd-soname-hack.patch16pppd-soname-hack.patch
17replace-vendored-hash-functions.patch17replace-vendored-hash-functions.patch
18eap-mschap-v2-namelen.patch
19expose-mppe-keys-via-api.patch
diff --git a/debian/ppp.symbols b/debian/ppp.symbols
index cc04633..05e1085 100644
--- a/debian/ppp.symbols
+++ b/debian/ppp.symbols
@@ -1,11 +1,11 @@
1pppd.so.2.4.9 ppp #MINVER#1pppd.so.2.4.9 ppp #MINVER#
2* Build-Depends-Package: ppp-dev2* Build-Depends-Package: ppp-dev
3# Ignore all symbols that start with an underscore in the Base module3# Ignore all symbols that start with an underscore in the Base module
4 (regex|optional)"^_.*@Base$" 2.4.7-1+2~4 (regex|optional)"^_.*@Base$" 2.4.9-1+1~
5# Ignore $global$ which seems to appear on hppa only5# Ignore $global$ which seems to appear on hppa only
6 (optional)$global$@Base 2.4.7-1+2~6 (optional)$global$@Base 2.4.9-1+1~
7# Ignore everything that claims it's part of glibc7# Ignore everything that claims it's part of glibc
8 (regex|optional)"@GLIBC_" 2.4.7-1+2~8 (regex|optional)"@GLIBC_" 2.4.9-1+1~
9# All others should be pppd symbols9# All others should be pppd symbols
10 ChallengeHash@Base 2.4.7-1+2~10 ChallengeHash@Base 2.4.7-1+2~
11 ChapMS2@Base 2.4.7-1+2~11 ChapMS2@Base 2.4.7-1+2~
@@ -302,11 +302,17 @@ pppd.so.2.4.9 ppp #MINVER#
302 mp_check_options@Base 2.4.7-1+2~302 mp_check_options@Base 2.4.7-1+2~
303 mp_exit_bundle@Base 2.4.7-1+2~303 mp_exit_bundle@Base 2.4.7-1+2~
304 mp_join_bundle@Base 2.4.7-1+2~304 mp_join_bundle@Base 2.4.7-1+2~
305 mppe_clear_keys@Base 2.4.9-1+1~
306 mppe_get_recv_key@Base 2.4.9-1+1~
307 mppe_get_send_key@Base 2.4.9-1+1~
308 mppe_keys_isset@Base 2.4.9-1+1~
305 mppe_keys_set@Base 2.4.7-1+2~309 mppe_keys_set@Base 2.4.7-1+2~
306 mppe_recv_key@Base 2.4.7-1+2~310 mppe_recv_key@Base 2.4.7-1+2~
307 mppe_send_key@Base 2.4.7-1+2~311 mppe_send_key@Base 2.4.7-1+2~
308 mppe_set_keys2@Base 2.4.7-1+2~
309 mppe_set_keys@Base 2.4.7-1+2~312 mppe_set_keys@Base 2.4.7-1+2~
313 mppe_set_chapv1@Base 2.4.9-1+1~
314 mppe_set_chapv2@Base 2.4.9-1+1~
315 mppe_set_enc_types@Base 2.4.9-1+1~
310 multilink@Base 2.4.7-1+2~316 multilink@Base 2.4.7-1+2~
311 multilink_join_hook@Base 2.4.7-1+2~317 multilink_join_hook@Base 2.4.7-1+2~
312 multilink_master@Base 2.4.7-1+2~318 multilink_master@Base 2.4.7-1+2~
@@ -419,7 +425,6 @@ pppd.so.2.4.9 ppp #MINVER#
419 session_start@Base 2.4.7-1+2~425 session_start@Base 2.4.7-1+2~
420 set_filters@Base 2.4.7-1+2~426 set_filters@Base 2.4.7-1+2~
421 set_ifunit@Base 2.4.7-1+2~427 set_ifunit@Base 2.4.7-1+2~
422 set_mppe_enc_types@Base 2.4.7-1+2~
423 set_up_tty@Base 2.4.7-1+2~428 set_up_tty@Base 2.4.7-1+2~
424 setdtr@Base 2.4.7-1+2~429 setdtr@Base 2.4.7-1+2~
425 setipaddr@Base 2.4.7-1+2~430 setipaddr@Base 2.4.7-1+2~

Subscribers

People subscribed via source and target branches