diff options
Diffstat (limited to 'package/network/services')
268 files changed, 49652 insertions, 0 deletions
diff --git a/package/network/services/authsae/Makefile b/package/network/services/authsae/Makefile new file mode 100644 index 0000000..2955021 --- /dev/null +++ b/package/network/services/authsae/Makefile @@ -0,0 +1,47 @@ + +# Copyright (C) 2007-2013 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=authsae +PKG_VERSION:=2014-06-09 +PKG_RELEASE=$(PKG_SOURCE_VERSION) + +PKG_SOURCE_PROTO:=git +PKG_SOURCE_URL:=git://github.com/cozybit/authsae.git +PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION) +PKG_SOURCE_VERSION:=8531ab158910a525d4bcbb3ad02c08342f6987f2 +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz + +PKG_BUILD_PARALLEL:=1 +CMAKE_INSTALL:=1 + +CMAKE_OPTIONS += -DSYSCONF_INSTALL_DIR=/etc + +PKG_MAINTAINER:=Felix Fietkau <nbd@openwrt.org> +PKG_LICENSE:=BSD-4-Clause + +include $(INCLUDE_DIR)/package.mk +include $(INCLUDE_DIR)/cmake.mk + +define Package/authsae + SECTION:=net + CATEGORY:=Network + TITLE:=80211s mesh security + DEPENDS:=+libopenssl +libconfig +libnl-tiny +@OPENSSL_WITH_EC +endef + +TARGET_CFLAGS += -D_GNU_SOURCE + +define Package/authsae/install + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/* $(1)/usr/bin + $(INSTALL_DIR) $(1)/lib/wifi + $(INSTALL_DATA) ./files/lib/wifi/authsae.sh $(1)/lib/wifi/ +endef + +$(eval $(call BuildPackage,authsae)) diff --git a/package/network/services/authsae/files/lib/wifi/authsae.sh b/package/network/services/authsae/files/lib/wifi/authsae.sh new file mode 100644 index 0000000..d8c5598 --- /dev/null +++ b/package/network/services/authsae/files/lib/wifi/authsae.sh @@ -0,0 +1,57 @@ +authsae_start_interface() { + local mcast_rate + local mesh_htmode + local mesh_band + local authsae_conf_file="/var/run/authsae-$ifname.cfg" + local ret=1 + + json_get_vars mcast_rate + set_default mcast_rate "12" + + case "$htmode" in + HT20|HT40+|HT40-) mesh_htmode="$htmode";; + *) mesh_htmode="none";; + esac + + case "$hwmode" in + *g*) mesh_band=11g;; + *a*) mesh_band=11a;; + esac + + cat > "$authsae_conf_file" <<EOF +authsae: +{ + sae: + { + debug = 0; + password = "$key"; + group = [19, 26, 21, 25, 20]; + blacklist = 5; + thresh = 5; + lifetime = 3600; + }; + meshd: + { + meshid = "$mesh_id"; + interface = "$ifname"; + passive = 0; + debug = 0; + mediaopt = 1; + band = "$mesh_band"; + channel = $channel; + htmode = "$mesh_htmode"; + mcast-rate = $mcast_rate; + }; +}; +EOF + + /usr/bin/meshd-nl80211 -i "$ifname" -s "$mesh_id" -c "$authsae_conf_file" </dev/null >/dev/null 2>/dev/null & + authsae_pid="$!" + ret="$?" + + echo $authsae_pid > /var/run/authsae-$ifname.pid + wireless_add_process "$authsae_pid" "/usr/bin/meshd-nl80211" 1 + + [ "$ret" != 0 ] && wireless_setup_vif_failed AUTHSAE_FAILED + return $ret +} diff --git a/package/network/services/authsae/patches/100-musl_fix.patch b/package/network/services/authsae/patches/100-musl_fix.patch new file mode 100644 index 0000000..19d2d9b --- /dev/null +++ b/package/network/services/authsae/patches/100-musl_fix.patch @@ -0,0 +1,20 @@ +--- a/linux/mon.c ++++ b/linux/mon.c +@@ -44,7 +44,6 @@ + #include <signal.h> + #include <sys/ioctl.h> + #include <sys/socket.h> +-#include <sys/sysctl.h> + #include <sys/queue.h> + #include <netinet/in.h> + #include <net/if.h> +--- a/linux/meshd.c ++++ b/linux/meshd.c +@@ -44,7 +44,6 @@ + #include <signal.h> + #include <sys/ioctl.h> + #include <sys/socket.h> +-#include <sys/sysctl.h> + #include <sys/queue.h> + #include <netinet/in.h> + #include <net/if.h> diff --git a/package/network/services/dnsmasq/Makefile b/package/network/services/dnsmasq/Makefile new file mode 100644 index 0000000..cddde5c --- /dev/null +++ b/package/network/services/dnsmasq/Makefile @@ -0,0 +1,152 @@ +# +# Copyright (C) 2006-2015 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=dnsmasq +PKG_VERSION:=2.75 +PKG_RELEASE:=2 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz +PKG_SOURCE_URL:=http://thekelleys.org.uk/dnsmasq +PKG_MD5SUM:=887236f1ddde6eb57cdb9d01916c9f72 + +PKG_LICENSE:=GPL-2.0 +PKG_LICENSE_FILES:=COPYING + +PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION) + +PKG_INSTALL:=1 +PKG_BUILD_PARALLEL:=1 +PKG_CONFIG_DEPENDS:=CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dhcpv6 \ + CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dnssec \ + CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_auth \ + CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_ipset + +include $(INCLUDE_DIR)/package.mk + +define Package/dnsmasq/Default + SECTION:=net + CATEGORY:=Base system + TITLE:=DNS and DHCP server + URL:=http://www.thekelleys.org.uk/dnsmasq/ +endef + +define Package/dnsmasq +$(call Package/dnsmasq/Default) + VARIANT:=nodhcpv6 +endef + +define Package/dnsmasq-dhcpv6 +$(call Package/dnsmasq/Default) + TITLE += (with DHCPv6 support) + DEPENDS:=@IPV6 + VARIANT:=dhcpv6 +endef + +define Package/dnsmasq-full +$(call Package/dnsmasq/Default) + TITLE += (with DNSSEC, DHCPv6, Auth DNS, IPset enabled by default) + DEPENDS:=+PACKAGE_dnsmasq_full_dnssec:libnettle \ + +PACKAGE_dnsmasq_full_ipset:kmod-ipt-ipset + VARIANT:=full +endef + +define Package/dnsmasq/description + It is intended to provide coupled DNS and DHCP service to a LAN. +endef + +define Package/dnsmasq-dhcpv6/description +$(call Package/dnsmasq/description) + +This is a variant with DHCPv6 support +endef + +define Package/dnsmasq-full/description +$(call Package/dnsmasq/description) + +This is a fully configurable variant with DHCPv6, DNSSEC, Authroitative DNS and +IPset support enabled by default. +endef + +define Package/dnsmasq/conffiles +/etc/config/dhcp +/etc/dnsmasq.conf +endef + +define Package/dnsmasq-full/config + if PACKAGE_dnsmasq-full + config PACKAGE_dnsmasq_full_dhcpv6 + bool "Build with DHCPv6 support." + depends on IPV6 + default y + config PACKAGE_dnsmasq_full_dnssec + bool "Build with DNSSEC support." + default y + config PACKAGE_dnsmasq_full_auth + bool "Build with the facility to act as an authoritative DNS server." + default y + config PACKAGE_dnsmasq_full_ipset + bool "Build with IPset support." + default y + endif +endef + +Package/dnsmasq-dhcpv6/conffiles = $(Package/dnsmasq/conffiles) +Package/dnsmasq-full/conffiles = $(Package/dnsmasq/conffiles) + +TARGET_CFLAGS += -ffunction-sections -fdata-sections +TARGET_LDFLAGS += -Wl,--gc-sections + +COPTS = $(if $(CONFIG_IPV6),,-DNO_IPV6) + +ifeq ($(BUILD_VARIANT),nodhcpv6) + COPTS += -DNO_DHCP6 +endif + +ifeq ($(BUILD_VARIANT),full) + COPTS += $(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dhcpv6),,-DNO_DHCP6) \ + $(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_dnssec),-DHAVE_DNSSEC) \ + $(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_auth),,-DNO_AUTH) \ + $(if $(CONFIG_PACKAGE_dnsmasq_$(BUILD_VARIANT)_ipset),,-DNO_IPSET) + COPTS += $(if $(CONFIG_LIBNETTLE_MINI),-DNO_GMP,) +else + COPTS += -DNO_AUTH -DNO_IPSET +endif + +MAKE_FLAGS := \ + $(TARGET_CONFIGURE_OPTS) \ + CFLAGS="$(TARGET_CFLAGS)" \ + LDFLAGS="$(TARGET_LDFLAGS)" \ + COPTS="$(COPTS)" \ + PREFIX="/usr" + +define Package/dnsmasq/install + $(INSTALL_DIR) $(1)/usr/sbin + $(CP) $(PKG_INSTALL_DIR)/usr/sbin/dnsmasq $(1)/usr/sbin/ + $(INSTALL_DIR) $(1)/etc/config + $(INSTALL_DATA) ./files/dhcp.conf $(1)/etc/config/dhcp + $(INSTALL_DATA) ./files/dnsmasq.conf $(1)/etc/dnsmasq.conf + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/dnsmasq.init $(1)/etc/init.d/dnsmasq + $(INSTALL_DIR) $(1)/etc/hotplug.d/iface + $(INSTALL_DATA) ./files/dnsmasq.hotplug $(1)/etc/hotplug.d/iface/25-dnsmasq +endef + +Package/dnsmasq-dhcpv6/install = $(Package/dnsmasq/install) + +define Package/dnsmasq-full/install +$(call Package/dnsmasq/install,$(1)) +ifneq ($(CONFIG_PACKAGE_dnsmasq_full_dnssec),) + $(INSTALL_DIR) $(1)/usr/share/dnsmasq + $(INSTALL_DATA) $(PKG_BUILD_DIR)/trust-anchors.conf $(1)/usr/share/dnsmasq +endif +endef + +$(eval $(call BuildPackage,dnsmasq)) +$(eval $(call BuildPackage,dnsmasq-dhcpv6)) +$(eval $(call BuildPackage,dnsmasq-full)) diff --git a/package/network/services/dnsmasq/files/dhcp.conf b/package/network/services/dnsmasq/files/dhcp.conf new file mode 100644 index 0000000..362b90a --- /dev/null +++ b/package/network/services/dnsmasq/files/dhcp.conf @@ -0,0 +1,32 @@ +config dnsmasq + option domainneeded 1 + option boguspriv 1 + option filterwin2k 0 # enable for dial on demand + option localise_queries 1 + option rebind_protection 1 # disable if upstream must serve RFC1918 addresses + option rebind_localhost 1 # enable for RBL checking and similar services + #list rebind_domain example.lan # whitelist RFC1918 responses for domains + option local '/lan/' + option domain 'lan' + option expandhosts 1 + option nonegcache 0 + option authoritative 1 + option readethers 1 + option leasefile '/tmp/dhcp.leases' + option resolvfile '/tmp/resolv.conf.auto' + #list server '/mycompany.local/1.2.3.4' + #option nonwildcard 1 + #list interface br-lan + #list notinterface lo + #list bogusnxdomain '64.94.110.11' + option localservice 1 # disable to allow DNS requests from non-local subnets + +config dhcp lan + option interface lan + option start 100 + option limit 150 + option leasetime 12h + +config dhcp wan + option interface wan + option ignore 1 diff --git a/package/network/services/dnsmasq/files/dnsmasq.conf b/package/network/services/dnsmasq/files/dnsmasq.conf new file mode 100644 index 0000000..bf5816b --- /dev/null +++ b/package/network/services/dnsmasq/files/dnsmasq.conf @@ -0,0 +1,37 @@ +# Change the following lines if you want dnsmasq to serve SRV +# records. +# You may add multiple srv-host lines. +# The fields are <name>,<target>,<port>,<priority>,<weight> + +# A SRV record sending LDAP for the example.com domain to +# ldapserver.example.com port 289 +#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389 + +# Two SRV records for LDAP, each with different priorities +#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1 +#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2 + +# A SRV record indicating that there is no LDAP server for the domain +# example.com +#srv-host=_ldap._tcp.example.com + +# The following line shows how to make dnsmasq serve an arbitrary PTR +# record. This is useful for DNS-SD. +# The fields are <name>,<target> +#ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services" + +# Change the following lines to enable dnsmasq to serve TXT records. +# These are used for things like SPF and zeroconf. +# The fields are <name>,<text>,<text>... + +#Example SPF. +#txt-record=example.com,"v=spf1 a -all" + +#Example zeroconf +#txt-record=_http._tcp.example.com,name=value,paper=A4 + +# Provide an alias for a "local" DNS name. Note that this _only_ works +# for targets which are names from DHCP or /etc/hosts. Give host +# "bert" another name, bertrand +# The fields are <cname>,<target> +#cname=bertand,bert diff --git a/package/network/services/dnsmasq/files/dnsmasq.hotplug b/package/network/services/dnsmasq/files/dnsmasq.hotplug new file mode 100644 index 0000000..ca5d10c --- /dev/null +++ b/package/network/services/dnsmasq/files/dnsmasq.hotplug @@ -0,0 +1,5 @@ +#!/bin/sh + +[ "$ACTION" = ifup ] || exit 0 + +/etc/init.d/dnsmasq enabled && /etc/init.d/dnsmasq start diff --git a/package/network/services/dnsmasq/files/dnsmasq.init b/package/network/services/dnsmasq/files/dnsmasq.init new file mode 100644 index 0000000..1b42cff --- /dev/null +++ b/package/network/services/dnsmasq/files/dnsmasq.init @@ -0,0 +1,641 @@ +#!/bin/sh /etc/rc.common +# Copyright (C) 2007-2012 OpenWrt.org + +START=60 + +USE_PROCD=1 +PROG=/usr/sbin/dnsmasq + +DNS_SERVERS="" +DOMAIN="" + +ADD_LOCAL_DOMAIN=1 +ADD_LOCAL_HOSTNAME=1 + +CONFIGFILE="/var/etc/dnsmasq.conf" +HOSTFILE="/tmp/hosts/dhcp" +TRUSTANCHORSFILE="/usr/share/dnsmasq/trust-anchors.conf" +TIMESTAMPFILE="/etc/dnsmasq.time" + +xappend() { + local value="$1" + + echo "${value#--}" >> $CONFIGFILE +} + +dhcp_calc() { + local ip="$1" + local res=0 + + while [ -n "$ip" ]; do + part="${ip%%.*}" + res="$(($res * 256))" + res="$(($res + $part))" + [ "${ip%.*}" != "$ip" ] && ip="${ip#*.}" || ip= + done + echo "$res" +} + +dhcp_check() { + local ifname="$1" + local stamp="/var/run/dnsmasq.$ifname.dhcp" + local rv=0 + + [ -s "$stamp" ] && return $(cat "$stamp") + + udhcpc -n -q -s /bin/true -t 1 -i "$ifname" >&- && rv=1 || rv=0 + + [ $rv -eq 1 ] && \ + logger -t dnsmasq \ + "found already running DHCP-server on interface '$ifname'" \ + "refusing to start, use 'option force 1' to override" + + echo $rv > "$stamp" + return $rv +} + +log_once() { + pidof dnsmasq >/dev/null || \ + logger -t dnsmasq "$@" +} + +append_bool() { + local section="$1" + local option="$2" + local value="$3" + local _loctmp + config_get_bool _loctmp "$section" "$option" 0 + [ $_loctmp -gt 0 ] && xappend "$value" +} + +append_parm() { + local section="$1" + local option="$2" + local switch="$3" + local _loctmp + config_get _loctmp "$section" "$option" + [ -z "$_loctmp" ] && return 0 + xappend "$switch=$_loctmp" +} + +append_server() { + xappend "--server=$1" +} + +append_address() { + xappend "--address=$1" +} + +append_ipset() { + xappend "--ipset=$1" +} + +append_interface() { + local ifname=$(uci_get_state network "$1" ifname "$1") + xappend "--interface=$ifname" +} + +append_notinterface() { + local ifname=$(uci_get_state network "$1" ifname "$1") + xappend "--except-interface=$ifname" +} + +append_addnhosts() { + xappend "--addn-hosts=$1" +} + +append_bogusnxdomain() { + xappend "--bogus-nxdomain=$1" +} + +append_pxe_service() { + xappend "--pxe-service=$1" +} + +dnsmasq() { + local cfg="$1" + append_bool "$cfg" authoritative "--dhcp-authoritative" + append_bool "$cfg" nodaemon "--no-daemon" + append_bool "$cfg" domainneeded "--domain-needed" + append_bool "$cfg" filterwin2k "--filterwin2k" + append_bool "$cfg" nohosts "--no-hosts" + append_bool "$cfg" nonegcache "--no-negcache" + append_bool "$cfg" strictorder "--strict-order" + append_bool "$cfg" logqueries "--log-queries=extra" + append_bool "$cfg" noresolv "--no-resolv" + append_bool "$cfg" localise_queries "--localise-queries" + append_bool "$cfg" readethers "--read-ethers" + append_bool "$cfg" dbus "--enable-dbus" + append_bool "$cfg" boguspriv "--bogus-priv" + append_bool "$cfg" expandhosts "--expand-hosts" + append_bool "$cfg" enable_tftp "--enable-tftp" + append_bool "$cfg" tftp_no_fail "--tftp-no-fail" + append_bool "$cfg" nonwildcard "--bind-interfaces" + append_bool "$cfg" fqdn "--dhcp-fqdn" + append_bool "$cfg" proxydnssec "--proxy-dnssec" + append_bool "$cfg" localservice "--local-service" + append_bool "$cfg" quietdhcp "--quiet-dhcp" + append_bool "$cfg" sequential_ip "--dhcp-sequential-ip" + + append_parm "$cfg" dhcpscript "--dhcp-script" + append_parm "$cfg" cachesize "--cache-size" + append_parm "$cfg" dnsforwardmax "--dns-forward-max" + append_parm "$cfg" port "--port" + append_parm "$cfg" ednspacket_max "--edns-packet-max" + append_parm "$cfg" dhcpleasemax "--dhcp-lease-max" + append_parm "$cfg" "queryport" "--query-port" + append_parm "$cfg" "domain" "--domain" + append_parm "$cfg" "local" "--server" + config_list_foreach "$cfg" "server" append_server + config_list_foreach "$cfg" "address" append_address + config_list_foreach "$cfg" "ipset" append_ipset + config_list_foreach "$cfg" "interface" append_interface + config_list_foreach "$cfg" "notinterface" append_notinterface + config_list_foreach "$cfg" "addnhosts" append_addnhosts + config_list_foreach "$cfg" "bogusnxdomain" append_bogusnxdomain + append_parm "$cfg" "leasefile" "--dhcp-leasefile" + append_parm "$cfg" "resolvfile" "--resolv-file" + append_parm "$cfg" "serversfile" "--servers-file" + append_parm "$cfg" "tftp_root" "--tftp-root" + append_parm "$cfg" "dhcp_boot" "--dhcp-boot" + append_parm "$cfg" "local_ttl" "--local-ttl" + append_parm "$cfg" "pxe_prompt" "--pxe-prompt" + config_list_foreach "$cfg" "pxe_service" append_pxe_service + config_get DOMAIN "$cfg" domain + + config_get_bool ADD_LOCAL_DOMAIN "$cfg" add_local_domain 1 + config_get_bool ADD_LOCAL_HOSTNAME "$cfg" add_local_hostname 1 + + config_get_bool readethers "$cfg" readethers + [ "$readethers" = "1" -a \! -e "/etc/ethers" ] && touch /etc/ethers + + config_get leasefile $cfg leasefile + [ -n "$leasefile" -a \! -e "$leasefile" ] && touch "$leasefile" + config_get_bool cachelocal "$cfg" cachelocal 1 + + config_get hostsfile "$cfg" dhcphostsfile + [ -e "$hostsfile" ] && xappend "--dhcp-hostsfile=$hostsfile" + + local rebind + config_get_bool rebind "$cfg" rebind_protection 1 + [ $rebind -gt 0 ] && { + log_once \ + "DNS rebinding protection is active," \ + "will discard upstream RFC1918 responses!" + xappend "--stop-dns-rebind" + + local rebind_localhost + config_get_bool rebind_localhost "$cfg" rebind_localhost 0 + [ $rebind_localhost -gt 0 ] && { + log_once "Allowing 127.0.0.0/8 responses" + xappend "--rebind-localhost-ok" + } + + append_rebind_domain() { + log_once "Allowing RFC1918 responses for domain $1" + xappend "--rebind-domain-ok=$1" + } + + config_list_foreach "$cfg" rebind_domain append_rebind_domain + } + + config_get_bool dnssec "$cfg" dnssec 0 + [ "$dnssec" -gt 0 ] && { + xappend "--conf-file=$TRUSTANCHORSFILE" + xappend "--dnssec" + xappend "--dnssec-timestamp=$TIMESTAMPFILE" + append_bool "$cfg" dnsseccheckunsigned "--dnssec-check-unsigned" + } + + dhcp_option_add "$cfg" "" 0 + + xappend "--dhcp-broadcast=tag:needs-broadcast" + + mkdir -p /tmp/hosts /tmp/dnsmasq.d + xappend "--addn-hosts=/tmp/hosts" + xappend "--conf-dir=/tmp/dnsmasq.d" + + echo >> $CONFIGFILE +} + +dhcp_subscrid_add() { + local cfg="$1" + + config_get networkid "$cfg" networkid + [ -n "$networkid" ] || return 0 + + config_get subscriberid "$cfg" subscriberid + [ -n "$subscriberid" ] || return 0 + + xappend "--dhcp-subscrid=$networkid,$subscriberid" + + config_get_bool force "$cfg" force 0 + + dhcp_option_add "$cfg" "$networkid" "$force" +} + +dhcp_remoteid_add() { + local cfg="$1" + + config_get networkid "$cfg" networkid + [ -n "$networkid" ] || return 0 + + config_get remoteid "$cfg" remoteid + [ -n "$remoteid" ] || return 0 + + xappend "--dhcp-remoteid=$networkid,$remoteid" + + config_get_bool force "$cfg" force 0 + + dhcp_option_add "$cfg" "$networkid" "$force" +} + +dhcp_circuitid_add() { + local cfg="$1" + + config_get networkid "$cfg" networkid + [ -n "$networkid" ] || return 0 + + config_get circuitid "$cfg" circuitid + [ -n "$circuitid" ] || return 0 + + xappend "--dhcp-circuitid=$networkid,$circuitid" + + config_get_bool force "$cfg" force 0 + + dhcp_option_add "$cfg" "$networkid" "$force" +} + +dhcp_userclass_add() { + local cfg="$1" + + config_get networkid "$cfg" networkid + [ -n "$networkid" ] || return 0 + + config_get userclass "$cfg" userclass + [ -n "$userclass" ] || return 0 + + xappend "--dhcp-userclass=$networkid,$userclass" + + config_get_bool force "$cfg" force 0 + + dhcp_option_add "$cfg" "$networkid" "$force" +} + +dhcp_vendorclass_add() { + local cfg="$1" + + config_get networkid "$cfg" networkid + [ -n "$networkid" ] || return 0 + + config_get vendorclass "$cfg" vendorclass + [ -n "$vendorclass" ] || return 0 + + xappend "--dhcp-vendorclass=$networkid,$vendorclass" + + config_get_bool force "$cfg" force 0 + + dhcp_option_add "$cfg" "$networkid" "$force" +} + +dhcp_host_add() { + local cfg="$1" + + config_get_bool force "$cfg" force 0 + + config_get networkid "$cfg" networkid + [ -n "$networkid" ] && dhcp_option_add "$cfg" "$networkid" "$force" + + config_get name "$cfg" name + config_get ip "$cfg" ip + [ -n "$ip" -o -n "$name" ] || return 0 + + config_get_bool dns "$cfg" dns 0 + [ "$dns" = "1" -a -n "$ip" -a -n "$name" ] && { + echo "$ip $name${DOMAIN:+.$DOMAIN}" >> $HOSTFILE + } + + config_get mac "$cfg" mac + if [ -n "$mac" ]; then + # --dhcp-host=00:20:e0:3b:13:af,192.168.0.199,lap + macs="" + for m in $mac; do append macs "$m" ","; done + else + # --dhcp-host=lap,192.168.0.199 + [ -n "$name" ] || return 0 + macs="$name" + name="" + fi + + config_get tag "$cfg" tag + + config_get_bool broadcast "$cfg" broadcast 0 + [ "$broadcast" = "0" ] && broadcast= + + xappend "--dhcp-host=$macs${networkid:+,net:$networkid}${broadcast:+,set:needs-broadcast}${tag:+,set:$tag}${ip:+,$ip}${name:+,$name}" +} + +dhcp_tag_add() { + local cfg="$1" + + tag="$cfg" + + [ -n "$tag" ] || return 0 + + config_get_bool force "$cfg" force 0 + [ "$force" = "0" ] && force= + + config_get option "$cfg" dhcp_option + for o in $option; do + xappend "--dhcp-option${force:+-force}=tag:$tag,$o" + done +} + +dhcp_mac_add() { + local cfg="$1" + + config_get networkid "$cfg" networkid + [ -n "$networkid" ] || return 0 + + config_get mac "$cfg" mac + [ -n "$mac" ] || return 0 + + xappend "--dhcp-mac=$networkid,$mac" + + dhcp_option_add "$cfg" "$networkid" +} + +dhcp_boot_add() { + local cfg="$1" + + config_get networkid "$cfg" networkid + + config_get filename "$cfg" filename + [ -n "$filename" ] || return 0 + + config_get servername "$cfg" servername + config_get serveraddress "$cfg" serveraddress + + [ -n "$serveraddress" -a ! -n "$servername" ] && return 0 + + xappend "--dhcp-boot=${networkid:+net:$networkid,}${filename}${servername:+,$servername}${serveraddress:+,$serveraddress}" + + config_get_bool force "$cfg" force 0 + + dhcp_option_add "$cfg" "$networkid" "$force" +} + + +dhcp_add() { + local cfg="$1" + config_get net "$cfg" interface + [ -n "$net" ] || return 0 + + config_get dhcpv4 "$cfg" dhcpv4 + [ "$dhcpv4" != "disabled" ] || return 0 + + config_get networkid "$cfg" networkid + [ -n "$networkid" ] || networkid="$net" + + network_get_subnet subnet "$net" || return 0 + network_get_device ifname "$net" || return 0 + network_get_protocol proto "$net" || return 0 + + [ "$cachelocal" = "0" ] && network_get_dnsserver dnsserver "$net" && { + DNS_SERVERS="$DNS_SERVERS $dnsserver" + } + + append_bool "$cfg" ignore "--no-dhcp-interface=$ifname" && return 0 + + # Do not support non-static interfaces for now + [ static = "$proto" ] || return 0 + + # Override interface netmask with dhcp config if applicable + config_get netmask "$cfg" netmask "${subnet##*/}" + + #check for an already active dhcp server on the interface, unless 'force' is set + config_get_bool force "$cfg" force 0 + [ $force -gt 0 ] || dhcp_check "$ifname" || return 0 + + config_get start "$cfg" start + config_get limit "$cfg" limit + config_get leasetime "$cfg" leasetime + config_get options "$cfg" options + config_get_bool dynamicdhcp "$cfg" dynamicdhcp 1 + + leasetime="${leasetime:-12h}" + start="$(dhcp_calc "${start:-100}")" + limit="${limit:-150}" + [ "$limit" -gt 0 ] && limit=$((limit-1)) + eval "$(ipcalc.sh "${subnet%%/*}" $netmask $start $limit)" + if [ "$dynamicdhcp" = "0" ]; then END="static"; fi + xappend "--dhcp-range=$networkid,$START,$END,$NETMASK,$leasetime${options:+ $options}" + + dhcp_option_add "$cfg" "$networkid" +} + +dhcp_option_add() { + local cfg="$1" + local networkid="$2" + local force="$3" + + [ "$force" = "0" ] && force= + + config_get dhcp_option "$cfg" dhcp_option + for o in $dhcp_option; do + xappend "--dhcp-option${force:+-force}=${networkid:+$networkid,}$o" + done + +} + +dhcp_domain_add() { + local cfg="$1" + local ip name names record + + config_get names "$cfg" name "$2" + [ -n "$names" ] || return 0 + + config_get ip "$cfg" ip "$3" + [ -n "$ip" ] || return 0 + + for name in $names; do + record="${record:+$record }$name" + done + + echo "$ip $record" >> $HOSTFILE +} + +dhcp_srv_add() { + local cfg="$1" + + config_get srv "$cfg" srv + [ -n "$srv" ] || return 0 + + config_get target "$cfg" target + [ -n "$target" ] || return 0 + + config_get port "$cfg" port + [ -n "$port" ] || return 0 + + config_get class "$cfg" class + config_get weight "$cfg" weight + + local service="$srv,$target,$port${class:+,$class${weight:+,$weight}}" + + xappend "--srv-host=$service" +} + +dhcp_mx_add() { + local cfg="$1" + local domain relay pref + + config_get domain "$cfg" domain + [ -n "$domain" ] || return 0 + + config_get relay "$cfg" relay + [ -n "$relay" ] || return 0 + + config_get pref "$cfg" pref 0 + + local service="$domain,$relay,$pref" + + xappend "--mx-host=$service" +} + +dhcp_cname_add() { + local cfg="$1" + local cname target + + config_get cname "$cfg" cname + [ -n "$cname" ] || return 0 + + config_get target "$cfg" target + [ -n "$target" ] || return 0 + + xappend "--cname=${cname},${target}" +} + +dhcp_hostrecord_add() { + local cfg="$1" + local names addresses record val + + config_get names "$cfg" name "$2" + if [ -z "$names" ]; then + return 0 + fi + + config_get addresses "$cfg" ip "$3" + if [ -z "$addresses" ]; then + return 0 + fi + + for val in $names $addresses; do + record="${record:+$record,}$val" + done + + xappend "--host-record=$record" +} + +service_triggers() +{ + procd_add_reload_trigger "dhcp" +} + +boot() { + # Will be launched through hotplug + return 0 +} + +start_service() { + include /lib/functions + + config_load dhcp + + procd_open_instance + procd_set_param command $PROG -C $CONFIGFILE -k -x /var/run/dnsmasq/dnsmasq.pid + procd_set_param file $CONFIGFILE + procd_set_param respawn + + procd_add_jail dnsmasq ubus log + procd_add_jail_mount $CONFIGFILE $TRUSTANCHORSFILE $HOSTFILE /etc/passwd /etc/group /etc/TZ /dev/null /dev/urandom /etc/dnsmasq.conf /tmp/dnsmasq.d /tmp/resolv.conf.auto /etc/hosts /etc/ethers + procd_add_jail_mount_rw /var/run/dnsmasq/ /tmp/dhcp.leases $TIMESTAMPFILE + + procd_close_instance + + # before we can call xappend + mkdir -p /var/run/dnsmasq/ + mkdir -p $(dirname $CONFIGFILE) + mkdir -p /var/lib/misc + touch /tmp/dhcp.leases + + if [ ! -f "$TIMESTAMPFILE" ]; then + touch "$TIMESTAMPFILE" + chown nobody.nogroup "$TIMESTAMPFILE" + fi + + echo "# auto-generated config file from /etc/config/dhcp" > $CONFIGFILE + echo "# auto-generated config file from /etc/config/dhcp" > $HOSTFILE + + # if we did this last, we could override auto-generated config + [ -f /etc/dnsmasq.conf ] && { + xappend "--conf-file=/etc/dnsmasq.conf" + } + + args="" + config_foreach dnsmasq dnsmasq + config_foreach dhcp_host_add host + echo >> $CONFIGFILE + config_foreach dhcp_boot_add boot + config_foreach dhcp_mac_add mac + config_foreach dhcp_tag_add tag + config_foreach dhcp_vendorclass_add vendorclass + config_foreach dhcp_userclass_add userclass + config_foreach dhcp_circuitid_add circuitid + config_foreach dhcp_remoteid_add remoteid + config_foreach dhcp_subscrid_add subscrid + config_foreach dhcp_domain_add domain + config_foreach dhcp_hostrecord_add hostrecord + + # add own hostname + local lanaddr + [ $ADD_LOCAL_HOSTNAME -eq 1 ] && network_get_ipaddr lanaddr "lan" && { + local hostname="$(uci_get system @system[0] hostname OpenWrt)" + dhcp_domain_add "" "$hostname" "$lanaddr" + } + + echo >> $CONFIGFILE + config_foreach dhcp_srv_add srvhost + config_foreach dhcp_mx_add mxhost + echo >> $CONFIGFILE + + config_get odhcpd_is_active odhcpd maindhcp + if [ "$odhcpd_is_active" != "1" ]; then + config_foreach dhcp_add dhcp + fi + + echo >> $CONFIGFILE + config_foreach dhcp_cname_add cname + echo >> $CONFIGFILE + + rm -f /tmp/resolv.conf + [ $ADD_LOCAL_DOMAIN -eq 1 ] && [ -n "$DOMAIN" ] && { + echo "search $DOMAIN" >> /tmp/resolv.conf + } + DNS_SERVERS="$DNS_SERVERS 127.0.0.1" + for DNS_SERVER in $DNS_SERVERS ; do + echo "nameserver $DNS_SERVER" >> /tmp/resolv.conf + done +} + +reload_service() { + rc_procd start_service "$@" + return 0 +} + +stop_service() { + [ -f /tmp/resolv.conf ] && { + rm -f /tmp/resolv.conf + ln -s /tmp/resolv.conf.auto /tmp/resolv.conf + } + rm -f /var/run/dnsmasq.*.dhcp +} diff --git a/package/network/services/dnsmasq/patches/100-fix-dhcp-no-address-warning.patch b/package/network/services/dnsmasq/patches/100-fix-dhcp-no-address-warning.patch new file mode 100644 index 0000000..f5b5ca0 --- /dev/null +++ b/package/network/services/dnsmasq/patches/100-fix-dhcp-no-address-warning.patch @@ -0,0 +1,47 @@ +--- a/src/dhcp.c ++++ b/src/dhcp.c +@@ -146,7 +146,7 @@ void dhcp_packet(time_t now, int pxe_fd) + struct iovec iov; + ssize_t sz; + int iface_index = 0, unicast_dest = 0, is_inform = 0; +- struct in_addr iface_addr; ++ struct in_addr iface_addr, *addrp = NULL; + struct iface_param parm; + #ifdef HAVE_LINUX_NETWORK + struct arpreq arp_req; +@@ -275,11 +275,9 @@ void dhcp_packet(time_t now, int pxe_fd) + { + ifr.ifr_addr.sa_family = AF_INET; + if (ioctl(daemon->dhcpfd, SIOCGIFADDR, &ifr) != -1 ) +- iface_addr = ((struct sockaddr_in *) &ifr.ifr_addr)->sin_addr; +- else + { +- my_syslog(MS_DHCP | LOG_WARNING, _("DHCP packet received on %s which has no address"), ifr.ifr_name); +- return; ++ addrp = &iface_addr; ++ iface_addr = ((struct sockaddr_in *) &ifr.ifr_addr)->sin_addr; + } + + for (tmp = daemon->dhcp_except; tmp; tmp = tmp->next) +@@ -298,7 +296,7 @@ void dhcp_packet(time_t now, int pxe_fd) + parm.relay_local.s_addr = 0; + parm.ind = iface_index; + +- if (!iface_check(AF_INET, (struct all_addr *)&iface_addr, ifr.ifr_name, NULL)) ++ if (!iface_check(AF_INET, (struct all_addr *)addrp, ifr.ifr_name, NULL)) + { + /* If we failed to match the primary address of the interface, see if we've got a --listen-address + for a secondary */ +@@ -318,6 +316,12 @@ void dhcp_packet(time_t now, int pxe_fd) + complete_context(match.addr, iface_index, NULL, match.netmask, match.broadcast, &parm); + } + ++ if (!addrp) ++ { ++ my_syslog(MS_DHCP | LOG_WARNING, _("DHCP packet received on %s which has no address"), ifr.ifr_name); ++ return; ++ } ++ + if (!iface_enumerate(AF_INET, &parm, complete_context)) + return; + diff --git a/package/network/services/dnsmasq/patches/110-ipset-remove-old-kernel-support.patch b/package/network/services/dnsmasq/patches/110-ipset-remove-old-kernel-support.patch new file mode 100644 index 0000000..61b09d5 --- /dev/null +++ b/package/network/services/dnsmasq/patches/110-ipset-remove-old-kernel-support.patch @@ -0,0 +1,110 @@ +--- a/src/ipset.c ++++ b/src/ipset.c +@@ -22,7 +22,6 @@ + #include <errno.h> + #include <sys/types.h> + #include <sys/socket.h> +-#include <sys/utsname.h> + #include <arpa/inet.h> + #include <linux/version.h> + #include <linux/netlink.h> +@@ -72,7 +71,7 @@ struct my_nfgenmsg { + + #define NL_ALIGN(len) (((len)+3) & ~(3)) + static const struct sockaddr_nl snl = { .nl_family = AF_NETLINK }; +-static int ipset_sock, old_kernel; ++static int ipset_sock; + static char *buffer; + + static inline void add_attr(struct nlmsghdr *nlh, uint16_t type, size_t len, const void *data) +@@ -87,25 +86,7 @@ static inline void add_attr(struct nlmsg + + void ipset_init(void) + { +- struct utsname utsname; +- int version; +- char *split; +- +- if (uname(&utsname) < 0) +- die(_("failed to find kernel version: %s"), NULL, EC_MISC); +- +- split = strtok(utsname.release, "."); +- version = (split ? atoi(split) : 0); +- split = strtok(NULL, "."); +- version = version * 256 + (split ? atoi(split) : 0); +- split = strtok(NULL, "."); +- version = version * 256 + (split ? atoi(split) : 0); +- old_kernel = (version < KERNEL_VERSION(2,6,32)); +- +- if (old_kernel && (ipset_sock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) != -1) +- return; +- +- if (!old_kernel && ++ if ( + (buffer = safe_malloc(BUFF_SZ)) && + (ipset_sock = socket(AF_NETLINK, SOCK_RAW, NETLINK_NETFILTER)) != -1 && + (bind(ipset_sock, (struct sockaddr *)&snl, sizeof(snl)) != -1)) +@@ -168,62 +149,16 @@ static int new_add_to_ipset(const char * + } + + +-static int old_add_to_ipset(const char *setname, const struct all_addr *ipaddr, int remove) +-{ +- socklen_t size; +- struct ip_set_req_adt_get { +- unsigned op; +- unsigned version; +- union { +- char name[IPSET_MAXNAMELEN]; +- uint16_t index; +- } set; +- char typename[IPSET_MAXNAMELEN]; +- } req_adt_get; +- struct ip_set_req_adt { +- unsigned op; +- uint16_t index; +- uint32_t ip; +- } req_adt; +- +- if (strlen(setname) >= sizeof(req_adt_get.set.name)) +- { +- errno = ENAMETOOLONG; +- return -1; +- } +- +- req_adt_get.op = 0x10; +- req_adt_get.version = 3; +- strcpy(req_adt_get.set.name, setname); +- size = sizeof(req_adt_get); +- if (getsockopt(ipset_sock, SOL_IP, 83, &req_adt_get, &size) < 0) +- return -1; +- req_adt.op = remove ? 0x102 : 0x101; +- req_adt.index = req_adt_get.set.index; +- req_adt.ip = ntohl(ipaddr->addr.addr4.s_addr); +- if (setsockopt(ipset_sock, SOL_IP, 83, &req_adt, sizeof(req_adt)) < 0) +- return -1; +- +- return 0; +-} +- +- +- + int add_to_ipset(const char *setname, const struct all_addr *ipaddr, int flags, int remove) + { + int af = AF_INET; + + #ifdef HAVE_IPV6 + if (flags & F_IPV6) +- { + af = AF_INET6; +- /* old method only supports IPv4 */ +- if (old_kernel) +- return -1; +- } + #endif + +- return old_kernel ? old_add_to_ipset(setname, ipaddr, remove) : new_add_to_ipset(setname, ipaddr, af, remove); ++ return new_add_to_ipset(setname, ipaddr, af, remove); + } + + #endif diff --git a/package/network/services/dnsmasq/patches/210-dnssec-improve-timestamp-heuristic.patch b/package/network/services/dnsmasq/patches/210-dnssec-improve-timestamp-heuristic.patch new file mode 100644 index 0000000..81fbf18 --- /dev/null +++ b/package/network/services/dnsmasq/patches/210-dnssec-improve-timestamp-heuristic.patch @@ -0,0 +1,47 @@ +From 79e60e145f8a595bca5a784c00b437216d51de68 Mon Sep 17 00:00:00 2001 +From: Steven Barth <steven@midlink.org> +Date: Mon, 13 Apr 2015 09:45:20 +0200 +Subject: [PATCH] dnssec: improve timestamp heuristic + +Signed-off-by: Steven Barth <steven@midlink.org> +--- + src/dnssec.c | 15 +++++++++++---- + 1 file changed, 11 insertions(+), 4 deletions(-) + +--- a/src/dnssec.c ++++ b/src/dnssec.c +@@ -429,17 +429,24 @@ static time_t timestamp_time; + int setup_timestamp(void) + { + struct stat statbuf; ++ time_t now; ++ time_t base = 1420070400; /* 1-1-2015 */ + + daemon->back_to_the_future = 0; + + if (!daemon->timestamp_file) + return 0; ++ ++ now = time(NULL); ++ ++ if (!stat("/proc/self/exe", &statbuf) && difftime(statbuf.st_mtime, base) > 0) ++ base = statbuf.st_mtime; + + if (stat(daemon->timestamp_file, &statbuf) != -1) + { + timestamp_time = statbuf.st_mtime; + check_and_exit: +- if (difftime(timestamp_time, time(0)) <= 0) ++ if (difftime(now, base) >= 0 && difftime(timestamp_time, now) <= 0) + { + /* time already OK, update timestamp, and do key checking from the start. */ + if (utime(daemon->timestamp_file, NULL) == -1) +@@ -460,7 +467,7 @@ int setup_timestamp(void) + + close(fd); + +- timestamp_time = timbuf.actime = timbuf.modtime = 1420070400; /* 1-1-2015 */ ++ timestamp_time = timbuf.actime = timbuf.modtime = base; + if (utime(daemon->timestamp_file, &timbuf) == 0) + goto check_and_exit; + } diff --git a/package/network/services/dropbear/Config.in b/package/network/services/dropbear/Config.in new file mode 100644 index 0000000..e2a7610 --- /dev/null +++ b/package/network/services/dropbear/Config.in @@ -0,0 +1,27 @@ +menu "Configuration" + depends on PACKAGE_dropbear + +config DROPBEAR_ECC + bool "Elliptic curve cryptography (ECC)" + default n + help + Enables elliptic curve cryptography (ECC) support in key exchange and public key + authentication. + + Key exchange algorithms: + ecdh-sha2-nistp256 + ecdh-sha2-nistp384 + ecdh-sha2-nistp521 + curve25519-sha256@libssh.org + + Public key algorithms: + ecdsa-sha2-nistp256 + ecdsa-sha2-nistp384 + ecdsa-sha2-nistp521 + + Does not generate ECC host keys by default (ECC key exchange will not be used, + only ECC public key auth). + + Increases binary size by about 36 kB (MIPS). + +endmenu diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile new file mode 100644 index 0000000..4515165 --- /dev/null +++ b/package/network/services/dropbear/Makefile @@ -0,0 +1,128 @@ +# +# Copyright (C) 2006-2014 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=dropbear +PKG_VERSION:=2015.68 +PKG_RELEASE:=3 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 +PKG_SOURCE_URL:= \ + http://matt.ucc.asn.au/dropbear/releases/ \ + https://dropbear.nl/mirror/releases/ +PKG_MD5SUM:=7664ac10f7cc2301c530eb80c756fc5d + +PKG_LICENSE:=MIT +PKG_LICENSE_FILES:=LICENSE libtomcrypt/LICENSE libtommath/LICENSE + +PKG_BUILD_PARALLEL:=1 +PKG_USE_MIPS16:=0 + +PKG_CONFIG_DEPENDS:=CONFIG_DROPBEAR_ECC + +include $(INCLUDE_DIR)/package.mk + +define Package/dropbear/Default + URL:=http://matt.ucc.asn.au/dropbear/ +endef + +define Package/dropbear/config + source "$(SOURCE)/Config.in" +endef + +define Package/dropbear + $(call Package/dropbear/Default) + SECTION:=net + CATEGORY:=Base system + TITLE:=Small SSH2 client/server +endef + +define Package/dropbear/description + A small SSH2 server/client designed for small memory environments. +endef + +define Package/dropbear/conffiles +/etc/dropbear/dropbear_rsa_host_key +/etc/config/dropbear +endef + +define Package/dropbearconvert + $(call Package/dropbear/Default) + SECTION:=utils + CATEGORY:=Utilities + TITLE:=Utility for converting SSH keys +endef + +CONFIGURE_ARGS += \ + --disable-pam \ + --enable-openpty \ + --enable-syslog \ + $(if $(CONFIG_SHADOW_PASSWORDS),,--disable-shadow) \ + --disable-lastlog \ + --disable-utmp \ + --disable-utmpx \ + --disable-wtmp \ + --disable-wtmpx \ + --disable-loginfunc \ + --disable-pututline \ + --disable-pututxline \ + --disable-zlib \ + --enable-bundled-libtom + +TARGET_CFLAGS += -DARGTYPE=3 -ffunction-sections -fdata-sections +TARGET_LDFLAGS += -Wl,--gc-sections + +define Build/Configure + $(Build/Configure/Default) + + # Enforce that all replacements are made, otherwise options.h has changed + # format and this logic is broken. + for OPTION in DROPBEAR_ECDSA DROPBEAR_ECDH DROPBEAR_CURVE25519; do \ + awk 'BEGIN { rc = 1 } \ + /'$$$$OPTION'/ { $$$$0 = "$(if $(CONFIG_DROPBEAR_ECC),,// )#define '$$$$OPTION'"; rc = 0 } \ + { print } \ + END { exit(rc) }' $(PKG_BUILD_DIR)/options.h \ + >$(PKG_BUILD_DIR)/options.h.new && \ + mv $(PKG_BUILD_DIR)/options.h.new $(PKG_BUILD_DIR)/options.h || exit 1; \ + done +endef + +define Build/Compile + +$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \ + $(TARGET_CONFIGURE_OPTS) \ + PROGRAMS="dropbear dbclient dropbearkey scp" \ + MULTI=1 SCPPROGRESS=1 + +$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \ + $(TARGET_CONFIGURE_OPTS) \ + PROGRAMS="dropbearconvert" +endef + +define Package/dropbear/install + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_BUILD_DIR)/dropbearmulti $(1)/usr/sbin/dropbear + $(INSTALL_DIR) $(1)/usr/bin + $(LN) ../sbin/dropbear $(1)/usr/bin/scp + $(LN) ../sbin/dropbear $(1)/usr/bin/ssh + $(LN) ../sbin/dropbear $(1)/usr/bin/dbclient + $(LN) ../sbin/dropbear $(1)/usr/bin/dropbearkey + $(INSTALL_DIR) $(1)/etc/config + $(INSTALL_DATA) ./files/dropbear.config $(1)/etc/config/dropbear + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/dropbear.init $(1)/etc/init.d/dropbear + $(INSTALL_DIR) $(1)/usr/lib/opkg/info + $(INSTALL_DIR) $(1)/etc/dropbear + touch $(1)/etc/dropbear/dropbear_rsa_host_key +endef + +define Package/dropbearconvert/install + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) $(PKG_BUILD_DIR)/dropbearconvert $(1)/usr/bin/dropbearconvert +endef + +$(eval $(call BuildPackage,dropbear)) +$(eval $(call BuildPackage,dropbearconvert)) diff --git a/package/network/services/dropbear/files/dropbear.config b/package/network/services/dropbear/files/dropbear.config new file mode 100644 index 0000000..2139ba0 --- /dev/null +++ b/package/network/services/dropbear/files/dropbear.config @@ -0,0 +1,5 @@ +config dropbear + option PasswordAuth 'on' + option RootPasswordAuth 'on' + option Port '22' +# option BannerFile '/etc/banner' diff --git a/package/network/services/dropbear/files/dropbear.init b/package/network/services/dropbear/files/dropbear.init new file mode 100755 index 0000000..03745c9 --- /dev/null +++ b/package/network/services/dropbear/files/dropbear.init @@ -0,0 +1,178 @@ +#!/bin/sh /etc/rc.common +# Copyright (C) 2006-2010 OpenWrt.org +# Copyright (C) 2006 Carlos Sobrinho + +START=50 +STOP=50 + +USE_PROCD=1 +PROG=/usr/sbin/dropbear +NAME=dropbear +PIDCOUNT=0 +EXTRA_COMMANDS="killclients" +EXTRA_HELP=" killclients Kill ${NAME} processes except servers and yourself" + +append_ports() +{ + local ipaddrs="$1" + local port="$2" + + [ -z "$ipaddrs" ] && { + procd_append_param command -p "$port" + return + } + + for addr in $ipaddrs; do + procd_append_param command -p "$addr:$port" + done +} + +validate_section_dropbear() +{ + uci_validate_section dropbear dropbear "${1}" \ + 'PasswordAuth:bool:1' \ + 'enable:bool:1' \ + 'Interface:string' \ + 'GatewayPorts:bool:0' \ + 'RootPasswordAuth:bool:1' \ + 'RootLogin:bool:1' \ + 'rsakeyfile:file' \ + 'BannerFile:file' \ + 'Port:list(port):22' \ + 'SSHKeepAlive:uinteger:300' \ + 'IdleTimeout:uinteger:0' \ + 'mdns:uinteger:1' +} + +dropbear_instance() +{ + local PasswordAuth enable Interface GatewayPorts \ + RootPasswordAuth RootLogin rsakeyfile \ + BannerFile Port SSHKeepAlive IdleTimeout \ + mdns ipaddrs + + validate_section_dropbear "${1}" || { + echo "validation failed" + return 1 + } + + [ -n "${Interface}" ] && { + network_get_ipaddrs_all ipaddrs "${Interface}" || { + echo "interface ${Interface} has no physdev or physdev has no suitable ip" + return 1 + } + } + + [ "${enable}" = "0" ] && return 1 + PIDCOUNT="$(( ${PIDCOUNT} + 1))" + local pid_file="/var/run/${NAME}.${PIDCOUNT}.pid" + + procd_open_instance + procd_set_param command "$PROG" -F -P "$pid_file" + [ "${PasswordAuth}" -eq 0 ] && procd_append_param command -s + [ "${GatewayPorts}" -eq 1 ] && procd_append_param command -a + [ "${RootPasswordAuth}" -eq 0 ] && procd_append_param command -g + [ "${RootLogin}" -eq 0 ] && procd_append_param command -w + [ -n "${rsakeyfile}" ] && procd_append_param command -r "${rsakeyfile}" + [ -n "${BannerFile}" ] && procd_append_param command -b "${BannerFile}" + append_ports "${ipaddrs}" "${Port}" + [ "${IdleTimeout}" -ne 0 ] && procd_append_param command -I "${IdleTimeout}" + [ "${SSHKeepAlive}" -ne 0 ] && procd_append_param command -K "${SSHKeepAlive}" + [ "${mdns}" -ne 0 ] && procd_add_mdns "ssh" "tcp" "$Port" "daemon=dropbear" + procd_set_param respawn + procd_close_instance +} + +keygen() +{ + for keytype in rsa; do + # check for keys + key=dropbear/dropbear_${keytype}_host_key + [ -f /tmp/$key -o -s /etc/$key ] || { + # generate missing keys + mkdir -p /tmp/dropbear + [ -x /usr/bin/dropbearkey ] && { + /usr/bin/dropbearkey -t $keytype -f /tmp/$key 2>&- >&- && exec /etc/rc.common "$initscript" start + } & + exit 0 + } + done + + lock /tmp/.switch2jffs + mkdir -p /etc/dropbear + mv /tmp/dropbear/dropbear_* /etc/dropbear/ + lock -u /tmp/.switch2jffs + chown root /etc/dropbear + chmod 0700 /etc/dropbear +} + +start_service() +{ + [ -s /etc/dropbear/dropbear_rsa_host_key ] || keygen + + . /lib/functions.sh + . /lib/functions/network.sh + + config_load "${NAME}" + config_foreach dropbear_instance dropbear +} + +service_triggers() +{ + procd_add_reload_trigger "dropbear" + procd_add_validation validate_section_dropbear +} + +killclients() +{ + local ignore='' + local server + local pid + + # if this script is run from inside a client session, then ignore that session + pid="$$" + while [ "${pid}" -ne 0 ] + do + # get parent process id + pid=`cut -d ' ' -f 4 "/proc/${pid}/stat"` + [ "${pid}" -eq 0 ] && break + + # check if client connection + grep -F -q -e "${PROG}" "/proc/${pid}/cmdline" && { + append ignore "${pid}" + break + } + done + + # get all server pids that should be ignored + for server in `cat /var/run/${NAME}.*.pid` + do + append ignore "${server}" + done + + # get all running pids and kill client connections + local skip + for pid in `pidof "${NAME}"` + do + # check if correct program, otherwise process next pid + grep -F -q -e "${PROG}" "/proc/${pid}/cmdline" || { + continue + } + + # check if pid should be ignored (servers, ourself) + skip=0 + for server in ${ignore} + do + if [ "${pid}" = "${server}" ] + then + skip=1 + break + fi + done + [ "${skip}" -ne 0 ] && continue + + # kill process + echo "${initscript}: Killing ${pid}..." + kill -KILL ${pid} + done +} diff --git a/package/network/services/dropbear/patches/100-pubkey_path.patch b/package/network/services/dropbear/patches/100-pubkey_path.patch new file mode 100644 index 0000000..41fdc1a --- /dev/null +++ b/package/network/services/dropbear/patches/100-pubkey_path.patch @@ -0,0 +1,91 @@ +--- a/svr-authpubkey.c ++++ b/svr-authpubkey.c +@@ -218,17 +218,21 @@ static int checkpubkey(char* algo, unsig + goto out; + } + +- /* we don't need to check pw and pw_dir for validity, since +- * its been done in checkpubkeyperms. */ +- len = strlen(ses.authstate.pw_dir); +- /* allocate max required pathname storage, +- * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ +- filename = m_malloc(len + 22); +- snprintf(filename, len + 22, "%s/.ssh/authorized_keys", +- ses.authstate.pw_dir); +- +- /* open the file */ +- authfile = fopen(filename, "r"); ++ if (ses.authstate.pw_uid != 0) { ++ /* we don't need to check pw and pw_dir for validity, since ++ * its been done in checkpubkeyperms. */ ++ len = strlen(ses.authstate.pw_dir); ++ /* allocate max required pathname storage, ++ * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ ++ filename = m_malloc(len + 22); ++ snprintf(filename, len + 22, "%s/.ssh/authorized_keys", ++ ses.authstate.pw_dir); ++ ++ /* open the file */ ++ authfile = fopen(filename, "r"); ++ } else { ++ authfile = fopen("/etc/dropbear/authorized_keys","r"); ++ } + if (authfile == NULL) { + goto out; + } +@@ -381,26 +385,35 @@ static int checkpubkeyperms() { + goto out; + } + +- /* allocate max required pathname storage, +- * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ +- filename = m_malloc(len + 22); +- strncpy(filename, ses.authstate.pw_dir, len+1); +- +- /* check ~ */ +- if (checkfileperm(filename) != DROPBEAR_SUCCESS) { +- goto out; +- } +- +- /* check ~/.ssh */ +- strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */ +- if (checkfileperm(filename) != DROPBEAR_SUCCESS) { +- goto out; +- } +- +- /* now check ~/.ssh/authorized_keys */ +- strncat(filename, "/authorized_keys", 16); +- if (checkfileperm(filename) != DROPBEAR_SUCCESS) { +- goto out; ++ if (ses.authstate.pw_uid == 0) { ++ if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) { ++ goto out; ++ } ++ if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) { ++ goto out; ++ } ++ } else { ++ /* allocate max required pathname storage, ++ * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ ++ filename = m_malloc(len + 22); ++ strncpy(filename, ses.authstate.pw_dir, len+1); ++ ++ /* check ~ */ ++ if (checkfileperm(filename) != DROPBEAR_SUCCESS) { ++ goto out; ++ } ++ ++ /* check ~/.ssh */ ++ strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */ ++ if (checkfileperm(filename) != DROPBEAR_SUCCESS) { ++ goto out; ++ } ++ ++ /* now check ~/.ssh/authorized_keys */ ++ strncat(filename, "/authorized_keys", 16); ++ if (checkfileperm(filename) != DROPBEAR_SUCCESS) { ++ goto out; ++ } + } + + /* file looks ok, return success */ diff --git a/package/network/services/dropbear/patches/110-change_user.patch b/package/network/services/dropbear/patches/110-change_user.patch new file mode 100644 index 0000000..4b5c1cb --- /dev/null +++ b/package/network/services/dropbear/patches/110-change_user.patch @@ -0,0 +1,18 @@ +--- a/svr-chansession.c ++++ b/svr-chansession.c +@@ -922,12 +922,12 @@ static void execchild(void *user_data) { + /* We can only change uid/gid as root ... */ + if (getuid() == 0) { + +- if ((setgid(ses.authstate.pw_gid) < 0) || ++ if ((ses.authstate.pw_gid != 0) && ((setgid(ses.authstate.pw_gid) < 0) || + (initgroups(ses.authstate.pw_name, +- ses.authstate.pw_gid) < 0)) { ++ ses.authstate.pw_gid) < 0))) { + dropbear_exit("Error changing user group"); + } +- if (setuid(ses.authstate.pw_uid) < 0) { ++ if ((ses.authstate.pw_uid != 0) && (setuid(ses.authstate.pw_uid) < 0)) { + dropbear_exit("Error changing user"); + } + } else { diff --git a/package/network/services/dropbear/patches/120-openwrt_options.patch b/package/network/services/dropbear/patches/120-openwrt_options.patch new file mode 100644 index 0000000..87118ef --- /dev/null +++ b/package/network/services/dropbear/patches/120-openwrt_options.patch @@ -0,0 +1,81 @@ +--- a/options.h ++++ b/options.h +@@ -41,7 +41,7 @@ + * Both of these flags can be defined at once, don't compile without at least + * one of them. */ + #define NON_INETD_MODE +-#define INETD_MODE ++/*#define INETD_MODE*/ + + /* Setting this disables the fast exptmod bignum code. It saves ~5kB, but is + * perhaps 20% slower for pubkey operations (it is probably worth experimenting +@@ -81,7 +81,7 @@ much traffic. */ + + /* Enable "Netcat mode" option. This will forward standard input/output + * to a remote TCP-forwarded connection */ +-#define ENABLE_CLI_NETCAT ++/*#define ENABLE_CLI_NETCAT*/ + + /* Whether to support "-c" and "-m" flags to choose ciphers/MACs at runtime */ + #define ENABLE_USER_ALGO_LIST +@@ -91,16 +91,16 @@ much traffic. */ + * Including multiple keysize variants the same cipher + * (eg AES256 as well as AES128) will result in a minimal size increase.*/ + #define DROPBEAR_AES128 +-#define DROPBEAR_3DES ++/*#define DROPBEAR_3DES*/ + #define DROPBEAR_AES256 + /* Compiling in Blowfish will add ~6kB to runtime heap memory usage */ + /*#define DROPBEAR_BLOWFISH*/ +-#define DROPBEAR_TWOFISH256 +-#define DROPBEAR_TWOFISH128 ++/*#define DROPBEAR_TWOFISH256*/ ++/*#define DROPBEAR_TWOFISH128*/ + + /* Enable CBC mode for ciphers. This has security issues though + * is the most compatible with older SSH implementations */ +-#define DROPBEAR_ENABLE_CBC_MODE ++/*#define DROPBEAR_ENABLE_CBC_MODE*/ + + /* Enable "Counter Mode" for ciphers. This is more secure than normal + * CBC mode against certain attacks. It is recommended for security +@@ -131,9 +131,9 @@ If you test it please contact the Dropbe + * If you disable MD5, Dropbear will fall back to SHA1 fingerprints, + * which are not the standard form. */ + #define DROPBEAR_SHA1_HMAC +-#define DROPBEAR_SHA1_96_HMAC +-#define DROPBEAR_SHA2_256_HMAC +-#define DROPBEAR_SHA2_512_HMAC ++/*#define DROPBEAR_SHA1_96_HMAC*/ ++/*#define DROPBEAR_SHA2_256_HMAC*/ ++/*#define DROPBEAR_SHA2_512_HMAC*/ + #define DROPBEAR_MD5_HMAC + + /* You can also disable integrity. Don't bother disabling this if you're +@@ -146,7 +146,7 @@ If you test it please contact the Dropbe + * Removing either of these won't save very much space. + * SSH2 RFC Draft requires dss, recommends rsa */ + #define DROPBEAR_RSA +-#define DROPBEAR_DSS ++/*#define DROPBEAR_DSS*/ + /* ECDSA is significantly faster than RSA or DSS. Compiling in ECC + * code (either ECDSA or ECDH) increases binary size - around 30kB + * on x86-64 */ +@@ -189,7 +189,7 @@ If you test it please contact the Dropbe + + /* Whether to print the message of the day (MOTD). This doesn't add much code + * size */ +-#define DO_MOTD ++/*#define DO_MOTD*/ + + /* The MOTD file path */ + #ifndef MOTD_FILENAME +@@ -231,7 +231,7 @@ Homedir is prepended unless path begins + * note that it will be provided for all "hidden" client-interactive + * style prompts - if you want something more sophisticated, use + * SSH_ASKPASS instead. Comment out this var to remove this functionality.*/ +-#define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD" ++/*#define DROPBEAR_PASSWORD_ENV "DROPBEAR_PASSWORD"*/ + + /* Define this (as well as ENABLE_CLI_PASSWORD_AUTH) to allow the use of + * a helper program for the ssh client. The helper program should be diff --git a/package/network/services/dropbear/patches/130-ssh_ignore_o_and_x_args.patch b/package/network/services/dropbear/patches/130-ssh_ignore_o_and_x_args.patch new file mode 100644 index 0000000..edb2909 --- /dev/null +++ b/package/network/services/dropbear/patches/130-ssh_ignore_o_and_x_args.patch @@ -0,0 +1,21 @@ +--- a/cli-runopts.c ++++ b/cli-runopts.c +@@ -315,6 +315,10 @@ void cli_getopts(int argc, char ** argv) + debug_trace = 1; + break; + #endif ++ case 'o': ++ next = &dummy; ++ case 'x': ++ break; + case 'F': + case 'e': + #ifndef ENABLE_USER_ALGO_LIST +@@ -332,7 +336,6 @@ void cli_getopts(int argc, char ** argv) + print_version(); + exit(EXIT_SUCCESS); + break; +- case 'o': + case 'b': + next = &dummy; + default: diff --git a/package/network/services/dropbear/patches/140-disable_assert.patch b/package/network/services/dropbear/patches/140-disable_assert.patch new file mode 100644 index 0000000..667d69c --- /dev/null +++ b/package/network/services/dropbear/patches/140-disable_assert.patch @@ -0,0 +1,15 @@ +--- a/dbutil.h ++++ b/dbutil.h +@@ -88,7 +88,11 @@ int m_str_to_uint(const char* str, unsig + #define DEF_MP_INT(X) mp_int X = {0, 0, 0, NULL} + + /* Dropbear assertion */ +-#define dropbear_assert(X) do { if (!(X)) { fail_assert(#X, __FILE__, __LINE__); } } while (0) ++#ifndef DROPBEAR_ASSERT_ENABLED ++#define DROPBEAR_ASSERT_ENABLED 0 ++#endif ++ ++#define dropbear_assert(X) do { if (DROPBEAR_ASSERT_ENABLED && !(X)) { fail_assert(#X, __FILE__, __LINE__); } } while (0) + + /* Returns 0 if a and b have the same contents */ + int constant_time_memcmp(const void* a, const void *b, size_t n); diff --git a/package/network/services/dropbear/patches/150-dbconvert_standalone.patch b/package/network/services/dropbear/patches/150-dbconvert_standalone.patch new file mode 100644 index 0000000..ccc2cb7 --- /dev/null +++ b/package/network/services/dropbear/patches/150-dbconvert_standalone.patch @@ -0,0 +1,14 @@ +--- a/options.h ++++ b/options.h +@@ -5,6 +5,11 @@ + #ifndef DROPBEAR_OPTIONS_H_ + #define DROPBEAR_OPTIONS_H_ + ++#if !defined(DROPBEAR_CLIENT) && !defined(DROPBEAR_SERVER) ++#define DROPBEAR_SERVER ++#define DROPBEAR_CLIENT ++#endif ++ + /* Define compile-time options below - the "#ifndef DROPBEAR_XXX .... #endif" + * parts are to allow for commandline -DDROPBEAR_XXX options etc. */ + diff --git a/package/network/services/dropbear/patches/500-set-default-path.patch b/package/network/services/dropbear/patches/500-set-default-path.patch new file mode 100644 index 0000000..f6880ef --- /dev/null +++ b/package/network/services/dropbear/patches/500-set-default-path.patch @@ -0,0 +1,11 @@ +--- a/options.h ++++ b/options.h +@@ -341,7 +341,7 @@ be overridden at runtime with -I. 0 disa + #define DEFAULT_IDLE_TIMEOUT 0 + + /* The default path. This will often get replaced by the shell */ +-#define DEFAULT_PATH "/usr/bin:/bin" ++#define DEFAULT_PATH "/bin:/sbin:/usr/bin:/usr/sbin" + + /* Some other defines (that mostly should be left alone) are defined + * in sysoptions.h */ diff --git a/package/network/services/dropbear/patches/600-allow-blank-root-password.patch b/package/network/services/dropbear/patches/600-allow-blank-root-password.patch new file mode 100644 index 0000000..7c67b08 --- /dev/null +++ b/package/network/services/dropbear/patches/600-allow-blank-root-password.patch @@ -0,0 +1,11 @@ +--- a/svr-auth.c ++++ b/svr-auth.c +@@ -149,7 +149,7 @@ void recv_msg_userauth_request() { + AUTH_METHOD_NONE_LEN) == 0) { + TRACE(("recv_msg_userauth_request: 'none' request")) + if (valid_user +- && svr_opts.allowblankpass ++ && (svr_opts.allowblankpass || !strcmp(ses.authstate.pw_name, "root")) + && !svr_opts.noauthpass + && !(svr_opts.norootpass && ses.authstate.pw_uid == 0) + && ses.authstate.pw_passwd[0] == '\0') diff --git a/package/network/services/dropbear/patches/610-skip-default-keys-in-custom-runs.patch b/package/network/services/dropbear/patches/610-skip-default-keys-in-custom-runs.patch new file mode 100644 index 0000000..ee6d273 --- /dev/null +++ b/package/network/services/dropbear/patches/610-skip-default-keys-in-custom-runs.patch @@ -0,0 +1,18 @@ +--- a/svr-runopts.c ++++ b/svr-runopts.c +@@ -475,6 +475,7 @@ void load_all_hostkeys() { + m_free(hostkey_file); + } + ++ if (svr_opts.num_hostkey_files <= 0) { + #ifdef DROPBEAR_RSA + loadhostkey(RSA_PRIV_FILENAME, 0); + #endif +@@ -486,6 +487,7 @@ void load_all_hostkeys() { + #ifdef DROPBEAR_ECDSA + loadhostkey(ECDSA_PRIV_FILENAME, 0); + #endif ++ } + + #ifdef DROPBEAR_DELAY_HOSTKEY + if (svr_opts.delay_hostkey) { diff --git a/package/network/services/ead/Makefile b/package/network/services/ead/Makefile new file mode 100644 index 0000000..bd33010 --- /dev/null +++ b/package/network/services/ead/Makefile @@ -0,0 +1,57 @@ +# +# Copyright (C) 2006-2008 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=ead +PKG_RELEASE:=1 + +PKG_BUILD_DEPENDS:=libpcap +PKG_BUILD_DIR:=$(BUILD_DIR)/ead + +PKG_MAINTAINER:=Felix Fietkau <nbd@openwrt.org> +PKG_LICENSE:=GPL-2.0 + +include $(INCLUDE_DIR)/package.mk +include $(INCLUDE_DIR)/kernel.mk + +define Package/ead + SECTION:=net + CATEGORY:=Base system + TITLE:=Emergency Access Daemon + URL:=http://bridge.sourceforge.net/ +endef + +define Package/ead/description + Provides remote access to your device even if IP and firewall + configuration settings are defunct +endef + +CONFIGURE_PATH = tinysrp + +TARGET_CFLAGS += \ + -I$(PKG_BUILD_DIR) \ + -I$(PKG_BUILD_DIR)/tinysrp \ + $(TARGET_CPPFLAGS) + +MAKE_FLAGS += \ + CONFIGURE_ARGS="$(CONFIGURE_ARGS)" \ + LIBS_EADCLIENT="$(PKG_BUILD_DIR)/tinysrp/libtinysrp.a" \ + LIBS_EAD="$(PKG_BUILD_DIR)/tinysrp/libtinysrp.a $(STAGING_DIR)/usr/lib/libpcap.a" \ + CFLAGS="$(TARGET_CFLAGS)" + +define Build/Prepare + mkdir -p $(PKG_BUILD_DIR) + $(CP) ./src/* $(PKG_BUILD_DIR)/ +endef + +define Package/ead/install + $(INSTALL_DIR) $(1)/sbin + $(INSTALL_BIN) $(PKG_BUILD_DIR)/ead $(1)/sbin/ +endef + +$(eval $(call BuildPackage,ead)) diff --git a/package/network/services/ead/src/Makefile b/package/network/services/ead/src/Makefile new file mode 100644 index 0000000..eb75516 --- /dev/null +++ b/package/network/services/ead/src/Makefile @@ -0,0 +1,33 @@ +CC = gcc +CPPFLAGS = -I. -Itinysrp +CFLAGS = -Os -Wall +LDFLAGS = +LIBS_EADCLIENT = tinysrp/libtinysrp.a +LIBS_EAD = tinysrp/libtinysrp.a -lpcap +CONFIGURE_ARGS = + +all: ead ead-client + +obj = ead-crypt.o libbridge_init.o + +tinysrp/Makefile: + cd tinysrp; ./configure $(CONFIGURE_ARGS) + +tinysrp/libtinysrp.a: tinysrp/Makefile + -$(MAKE) -C tinysrp CFLAGS="$(CFLAGS)" + +%.o: %.c $(wildcard *.h) tinysrp/libtinysrp.a + $(CC) $(CPPFLAGS) $(CFLAGS) -c $< -o $@ + +ead.o: filter.c +ead-crypt.o: aes.c sha1.c + +ead: ead.o $(obj) tinysrp/libtinysrp.a + $(CC) -o $@ $< $(obj) $(LDFLAGS) $(LIBS_EAD) + +ead-client: ead-client.o $(obj) + $(CC) -o $@ $< $(obj) $(LDFLAGS) $(LIBS_EADCLIENT) + +clean: + rm -f *.o ead ead-client + if [ -f tinysrp/Makefile ]; then $(MAKE) -C tinysrp distclean; fi diff --git a/package/network/services/ead/src/aes.c b/package/network/services/ead/src/aes.c new file mode 100644 index 0000000..6f9db34 --- /dev/null +++ b/package/network/services/ead/src/aes.c @@ -0,0 +1,1061 @@ +/* + * AES (Rijndael) cipher + * + * Modifications to public domain implementation: + * - support only 128-bit keys + * - cleanup + * - use C pre-processor to make it easier to change S table access + * - added option (AES_SMALL_TABLES) for reducing code size by about 8 kB at + * cost of reduced throughput (quite small difference on Pentium 4, + * 10-25% when using -O1 or -O2 optimization) + * + * Copyright (c) 2003-2005, Jouni Malinen <j@w1.fi> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +/* + * rijndael-alg-fst.c + * + * @version 3.0 (December 2000) + * + * Optimised ANSI C code for the Rijndael cipher (now AES) + * + * @author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be> + * @author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be> + * @author Paulo Barreto <paulo.barreto@terra.com.br> + * + * This code is hereby placed in the public domain. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, + * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* #define FULL_UNROLL */ +#define AES_SMALL_TABLES + +typedef uint8_t u8; +typedef uint16_t u16; +typedef uint32_t u32; + +/* +Te0[x] = S [x].[02, 01, 01, 03]; +Te1[x] = S [x].[03, 02, 01, 01]; +Te2[x] = S [x].[01, 03, 02, 01]; +Te3[x] = S [x].[01, 01, 03, 02]; +Te4[x] = S [x].[01, 01, 01, 01]; + +Td0[x] = Si[x].[0e, 09, 0d, 0b]; +Td1[x] = Si[x].[0b, 0e, 09, 0d]; +Td2[x] = Si[x].[0d, 0b, 0e, 09]; +Td3[x] = Si[x].[09, 0d, 0b, 0e]; +Td4[x] = Si[x].[01, 01, 01, 01]; +*/ + +static const u32 Te0[256] = { + 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU, + 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U, + 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU, + 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU, + 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U, + 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU, + 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU, + 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU, + 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU, + 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU, + 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U, + 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU, + 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU, + 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U, + 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU, + 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU, + 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU, + 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU, + 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU, + 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U, + 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU, + 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU, + 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU, + 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU, + 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U, + 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U, + 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U, + 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U, + 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU, + 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U, + 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U, + 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU, + 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU, + 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U, + 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U, + 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U, + 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU, + 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U, + 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU, + 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U, + 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU, + 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U, + 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U, + 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU, + 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U, + 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U, + 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U, + 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U, + 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U, + 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U, + 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U, + 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U, + 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU, + 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U, + 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U, + 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U, + 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U, + 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U, + 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U, + 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU, + 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U, + 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U, + 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U, + 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU, +}; +#ifndef AES_SMALL_TABLES +static const u32 Te1[256] = { + 0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU, + 0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U, + 0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU, + 0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U, + 0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU, + 0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U, + 0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU, + 0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U, + 0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U, + 0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU, + 0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U, + 0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U, + 0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U, + 0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU, + 0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U, + 0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U, + 0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU, + 0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U, + 0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U, + 0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U, + 0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU, + 0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU, + 0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U, + 0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU, + 0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU, + 0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U, + 0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU, + 0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U, + 0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU, + 0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U, + 0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U, + 0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U, + 0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU, + 0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U, + 0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU, + 0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U, + 0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU, + 0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U, + 0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U, + 0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU, + 0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU, + 0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU, + 0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U, + 0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U, + 0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU, + 0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U, + 0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU, + 0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U, + 0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU, + 0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U, + 0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU, + 0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU, + 0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U, + 0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU, + 0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U, + 0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU, + 0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U, + 0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U, + 0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U, + 0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU, + 0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU, + 0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U, + 0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU, + 0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U, +}; +static const u32 Te2[256] = { + 0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU, + 0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U, + 0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU, + 0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U, + 0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU, + 0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U, + 0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU, + 0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U, + 0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U, + 0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU, + 0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U, + 0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U, + 0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U, + 0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU, + 0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U, + 0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U, + 0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU, + 0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U, + 0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U, + 0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U, + 0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU, + 0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU, + 0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U, + 0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU, + 0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU, + 0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U, + 0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU, + 0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U, + 0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU, + 0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U, + 0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U, + 0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U, + 0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU, + 0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U, + 0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU, + 0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U, + 0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU, + 0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U, + 0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U, + 0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU, + 0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU, + 0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU, + 0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U, + 0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U, + 0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU, + 0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U, + 0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU, + 0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U, + 0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU, + 0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U, + 0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU, + 0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU, + 0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U, + 0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU, + 0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U, + 0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU, + 0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U, + 0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U, + 0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U, + 0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU, + 0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU, + 0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U, + 0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU, + 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U, +}; +static const u32 Te3[256] = { + + 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U, + 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U, + 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U, + 0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU, + 0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU, + 0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU, + 0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U, + 0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU, + 0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU, + 0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U, + 0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U, + 0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU, + 0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU, + 0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU, + 0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU, + 0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU, + 0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U, + 0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU, + 0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU, + 0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U, + 0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U, + 0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U, + 0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U, + 0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U, + 0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU, + 0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U, + 0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU, + 0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU, + 0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U, + 0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U, + 0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U, + 0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU, + 0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U, + 0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU, + 0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU, + 0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U, + 0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U, + 0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU, + 0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U, + 0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU, + 0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U, + 0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U, + 0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U, + 0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U, + 0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU, + 0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U, + 0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU, + 0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U, + 0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU, + 0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U, + 0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU, + 0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU, + 0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU, + 0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU, + 0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U, + 0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U, + 0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U, + 0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U, + 0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U, + 0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U, + 0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU, + 0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U, + 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU, + 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU, +}; +static const u32 Te4[256] = { + 0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU, + 0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U, + 0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU, + 0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U, + 0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU, + 0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U, + 0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU, + 0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U, + 0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U, + 0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU, + 0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U, + 0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U, + 0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U, + 0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU, + 0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U, + 0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U, + 0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU, + 0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U, + 0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U, + 0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U, + 0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU, + 0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU, + 0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U, + 0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU, + 0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU, + 0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U, + 0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU, + 0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U, + 0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU, + 0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U, + 0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U, + 0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U, + 0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU, + 0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U, + 0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU, + 0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U, + 0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU, + 0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U, + 0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U, + 0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU, + 0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU, + 0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU, + 0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U, + 0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U, + 0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU, + 0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U, + 0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU, + 0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U, + 0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU, + 0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U, + 0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU, + 0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU, + 0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U, + 0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU, + 0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U, + 0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU, + 0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U, + 0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U, + 0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U, + 0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU, + 0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU, + 0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U, + 0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU, + 0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U, +}; +#endif /* AES_SMALL_TABLES */ +static const u32 Td0[256] = { + 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U, + 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U, + 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U, + 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU, + 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U, + 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U, + 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU, + 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U, + 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU, + 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U, + 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U, + 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U, + 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U, + 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU, + 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U, + 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU, + 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U, + 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU, + 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U, + 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U, + 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U, + 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU, + 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U, + 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU, + 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U, + 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU, + 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U, + 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU, + 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU, + 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U, + 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU, + 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U, + 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU, + 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U, + 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U, + 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U, + 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU, + 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U, + 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U, + 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU, + 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U, + 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U, + 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U, + 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U, + 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U, + 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU, + 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U, + 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U, + 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U, + 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U, + 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U, + 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU, + 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU, + 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU, + 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU, + 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U, + 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U, + 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU, + 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU, + 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U, + 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU, + 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U, + 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U, + 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U, +}; +#ifndef AES_SMALL_TABLES +static const u32 Td1[256] = { + 0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU, + 0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U, + 0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU, + 0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U, + 0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U, + 0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U, + 0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U, + 0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U, + 0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U, + 0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU, + 0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU, + 0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU, + 0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U, + 0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU, + 0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U, + 0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U, + 0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U, + 0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU, + 0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU, + 0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U, + 0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU, + 0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U, + 0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU, + 0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU, + 0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U, + 0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U, + 0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U, + 0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU, + 0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U, + 0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU, + 0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U, + 0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U, + 0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U, + 0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU, + 0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U, + 0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U, + 0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U, + 0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U, + 0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U, + 0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U, + 0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU, + 0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU, + 0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U, + 0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU, + 0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U, + 0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU, + 0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU, + 0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U, + 0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU, + 0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U, + 0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U, + 0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U, + 0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U, + 0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U, + 0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U, + 0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U, + 0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU, + 0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U, + 0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U, + 0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU, + 0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U, + 0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U, + 0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U, + 0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U, +}; +static const u32 Td2[256] = { + 0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U, + 0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U, + 0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U, + 0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U, + 0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU, + 0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U, + 0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U, + 0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U, + 0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U, + 0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU, + 0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U, + 0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U, + 0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU, + 0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U, + 0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U, + 0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U, + 0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U, + 0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U, + 0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U, + 0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU, + + 0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U, + 0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U, + 0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U, + 0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U, + 0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U, + 0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU, + 0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU, + 0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U, + 0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU, + 0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U, + 0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU, + 0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU, + 0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU, + 0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU, + 0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U, + 0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U, + 0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U, + 0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U, + 0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U, + 0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U, + 0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U, + 0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU, + 0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU, + 0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U, + 0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U, + 0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU, + 0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU, + 0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U, + 0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U, + 0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U, + 0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U, + 0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U, + 0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U, + 0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U, + 0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU, + 0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U, + 0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U, + 0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U, + 0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U, + 0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U, + 0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U, + 0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU, + 0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U, + 0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U, +}; +static const u32 Td3[256] = { + 0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU, + 0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU, + 0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U, + 0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U, + 0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU, + 0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU, + 0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U, + 0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU, + 0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U, + 0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU, + 0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U, + 0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U, + 0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U, + 0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U, + 0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U, + 0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU, + 0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU, + 0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U, + 0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U, + 0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU, + 0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU, + 0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U, + 0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U, + 0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U, + 0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U, + 0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU, + 0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U, + 0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U, + 0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU, + 0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU, + 0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U, + 0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U, + 0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U, + 0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU, + 0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U, + 0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U, + 0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U, + 0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U, + 0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U, + 0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U, + 0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U, + 0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU, + 0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U, + 0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U, + 0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU, + 0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU, + 0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U, + 0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU, + 0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U, + 0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U, + 0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U, + 0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U, + 0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U, + 0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U, + 0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU, + 0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU, + 0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU, + 0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU, + 0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U, + 0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U, + 0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U, + 0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU, + 0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U, + 0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U, +}; +static const u32 Td4[256] = { + 0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U, + 0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U, + 0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU, + 0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU, + 0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U, + 0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U, + 0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U, + 0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU, + 0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U, + 0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU, + 0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU, + 0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU, + 0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U, + 0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U, + 0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U, + 0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U, + 0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U, + 0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U, + 0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU, + 0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U, + 0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U, + 0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU, + 0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U, + 0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U, + 0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U, + 0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU, + 0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U, + 0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U, + 0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU, + 0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U, + 0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U, + 0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU, + 0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U, + 0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU, + 0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU, + 0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U, + 0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U, + 0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U, + 0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U, + 0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU, + 0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U, + 0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U, + 0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU, + 0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU, + 0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU, + 0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U, + 0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU, + 0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U, + 0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U, + 0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U, + 0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U, + 0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU, + 0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U, + 0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU, + 0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU, + 0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU, + 0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU, + 0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U, + 0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU, + 0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U, + 0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU, + 0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U, + 0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U, + 0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU, +}; +static const u32 rcon[] = { + 0x01000000, 0x02000000, 0x04000000, 0x08000000, + 0x10000000, 0x20000000, 0x40000000, 0x80000000, + 0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ +}; +#else /* AES_SMALL_TABLES */ +static const u8 Td4s[256] = { + 0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U, + 0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU, + 0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U, + 0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU, + 0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU, + 0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU, + 0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U, + 0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U, + 0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U, + 0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U, + 0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU, + 0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U, + 0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU, + 0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U, + 0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U, + 0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU, + 0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU, + 0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U, + 0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U, + 0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU, + 0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U, + 0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU, + 0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U, + 0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U, + 0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U, + 0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU, + 0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU, + 0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU, + 0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U, + 0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U, + 0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U, + 0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU, +}; +static const u8 rcons[] = { + 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1B, 0x36 + /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ +}; +#endif /* AES_SMALL_TABLES */ + + +#ifndef AES_SMALL_TABLES + +#define RCON(i) rcon[(i)] + +#define TE0(i) Te0[((i) >> 24) & 0xff] +#define TE1(i) Te1[((i) >> 16) & 0xff] +#define TE2(i) Te2[((i) >> 8) & 0xff] +#define TE3(i) Te3[(i) & 0xff] +#define TE41(i) (Te4[((i) >> 24) & 0xff] & 0xff000000) +#define TE42(i) (Te4[((i) >> 16) & 0xff] & 0x00ff0000) +#define TE43(i) (Te4[((i) >> 8) & 0xff] & 0x0000ff00) +#define TE44(i) (Te4[(i) & 0xff] & 0x000000ff) +#define TE421(i) (Te4[((i) >> 16) & 0xff] & 0xff000000) +#define TE432(i) (Te4[((i) >> 8) & 0xff] & 0x00ff0000) +#define TE443(i) (Te4[(i) & 0xff] & 0x0000ff00) +#define TE414(i) (Te4[((i) >> 24) & 0xff] & 0x000000ff) +#define TE4(i) (Te4[(i)] & 0x000000ff) + +#define TD0(i) Td0[((i) >> 24) & 0xff] +#define TD1(i) Td1[((i) >> 16) & 0xff] +#define TD2(i) Td2[((i) >> 8) & 0xff] +#define TD3(i) Td3[(i) & 0xff] +#define TD41(i) (Td4[((i) >> 24) & 0xff] & 0xff000000) +#define TD42(i) (Td4[((i) >> 16) & 0xff] & 0x00ff0000) +#define TD43(i) (Td4[((i) >> 8) & 0xff] & 0x0000ff00) +#define TD44(i) (Td4[(i) & 0xff] & 0x000000ff) +#define TD0_(i) Td0[(i) & 0xff] +#define TD1_(i) Td1[(i) & 0xff] +#define TD2_(i) Td2[(i) & 0xff] +#define TD3_(i) Td3[(i) & 0xff] + +#else /* AES_SMALL_TABLES */ + +#define RCON(i) (rcons[(i)] << 24) + +static inline u32 rotr(u32 val, int bits) +{ + return (val >> bits) | (val << (32 - bits)); +} + +#define TE0(i) Te0[((i) >> 24) & 0xff] +#define TE1(i) rotr(Te0[((i) >> 16) & 0xff], 8) +#define TE2(i) rotr(Te0[((i) >> 8) & 0xff], 16) +#define TE3(i) rotr(Te0[(i) & 0xff], 24) +#define TE41(i) ((Te0[((i) >> 24) & 0xff] << 8) & 0xff000000) +#define TE42(i) (Te0[((i) >> 16) & 0xff] & 0x00ff0000) +#define TE43(i) (Te0[((i) >> 8) & 0xff] & 0x0000ff00) +#define TE44(i) ((Te0[(i) & 0xff] >> 8) & 0x000000ff) +#define TE421(i) ((Te0[((i) >> 16) & 0xff] << 8) & 0xff000000) +#define TE432(i) (Te0[((i) >> 8) & 0xff] & 0x00ff0000) +#define TE443(i) (Te0[(i) & 0xff] & 0x0000ff00) +#define TE414(i) ((Te0[((i) >> 24) & 0xff] >> 8) & 0x000000ff) +#define TE4(i) ((Te0[(i)] >> 8) & 0x000000ff) + +#define TD0(i) Td0[((i) >> 24) & 0xff] +#define TD1(i) rotr(Td0[((i) >> 16) & 0xff], 8) +#define TD2(i) rotr(Td0[((i) >> 8) & 0xff], 16) +#define TD3(i) rotr(Td0[(i) & 0xff], 24) +#define TD41(i) (Td4s[((i) >> 24) & 0xff] << 24) +#define TD42(i) (Td4s[((i) >> 16) & 0xff] << 16) +#define TD43(i) (Td4s[((i) >> 8) & 0xff] << 8) +#define TD44(i) (Td4s[(i) & 0xff]) +#define TD0_(i) Td0[(i) & 0xff] +#define TD1_(i) rotr(Td0[(i) & 0xff], 8) +#define TD2_(i) rotr(Td0[(i) & 0xff], 16) +#define TD3_(i) rotr(Td0[(i) & 0xff], 24) + +#endif /* AES_SMALL_TABLES */ + +#define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) + +#ifdef _MSC_VER +#define GETU32(p) SWAP(*((u32 *)(p))) +#define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); } +#else +#define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ \ +((u32)(pt)[2] << 8) ^ ((u32)(pt)[3])) +#define PUTU32(ct, st) { \ +(ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); \ +(ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); } +#endif + +/** + * Expand the cipher key into the encryption key schedule. + * + * @return the number of rounds for the given cipher key size. + */ +static void rijndaelKeySetupEnc(u32 rk[/*44*/], const u8 cipherKey[]) +{ + int i; + u32 temp; + + rk[0] = GETU32(cipherKey ); + rk[1] = GETU32(cipherKey + 4); + rk[2] = GETU32(cipherKey + 8); + rk[3] = GETU32(cipherKey + 12); + for (i = 0; i < 10; i++) { + temp = rk[3]; + rk[4] = rk[0] ^ + TE421(temp) ^ TE432(temp) ^ TE443(temp) ^ TE414(temp) ^ + RCON(i); + rk[5] = rk[1] ^ rk[4]; + rk[6] = rk[2] ^ rk[5]; + rk[7] = rk[3] ^ rk[6]; + rk += 4; + } +} + +#ifndef CONFIG_NO_AES_DECRYPT +/** + * Expand the cipher key into the decryption key schedule. + * + * @return the number of rounds for the given cipher key size. + */ +static void rijndaelKeySetupDec(u32 rk[/*44*/], const u8 cipherKey[]) +{ + int Nr = 10, i, j; + u32 temp; + + /* expand the cipher key: */ + rijndaelKeySetupEnc(rk, cipherKey); + /* invert the order of the round keys: */ + for (i = 0, j = 4*Nr; i < j; i += 4, j -= 4) { + temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp; + temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp; + temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp; + temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp; + } + /* apply the inverse MixColumn transform to all round keys but the + * first and the last: */ + for (i = 1; i < Nr; i++) { + rk += 4; + for (j = 0; j < 4; j++) { + rk[j] = TD0_(TE4((rk[j] >> 24) )) ^ + TD1_(TE4((rk[j] >> 16) & 0xff)) ^ + TD2_(TE4((rk[j] >> 8) & 0xff)) ^ + TD3_(TE4((rk[j] ) & 0xff)); + } + } +} +#endif /* CONFIG_NO_AES_DECRYPT */ + +#ifndef CONFIG_NO_AES_ENCRYPT +static void rijndaelEncrypt(const u32 rk[/*44*/], const u8 pt[16], u8 ct[16]) +{ + u32 s0, s1, s2, s3, t0, t1, t2, t3; + const int Nr = 10; +#ifndef FULL_UNROLL + int r; +#endif /* ?FULL_UNROLL */ + + /* + * map byte array block to cipher state + * and add initial round key: + */ + s0 = GETU32(pt ) ^ rk[0]; + s1 = GETU32(pt + 4) ^ rk[1]; + s2 = GETU32(pt + 8) ^ rk[2]; + s3 = GETU32(pt + 12) ^ rk[3]; + +#define ROUND(i,d,s) \ +d##0 = TE0(s##0) ^ TE1(s##1) ^ TE2(s##2) ^ TE3(s##3) ^ rk[4 * i]; \ +d##1 = TE0(s##1) ^ TE1(s##2) ^ TE2(s##3) ^ TE3(s##0) ^ rk[4 * i + 1]; \ +d##2 = TE0(s##2) ^ TE1(s##3) ^ TE2(s##0) ^ TE3(s##1) ^ rk[4 * i + 2]; \ +d##3 = TE0(s##3) ^ TE1(s##0) ^ TE2(s##1) ^ TE3(s##2) ^ rk[4 * i + 3] + +#ifdef FULL_UNROLL + + ROUND(1,t,s); + ROUND(2,s,t); + ROUND(3,t,s); + ROUND(4,s,t); + ROUND(5,t,s); + ROUND(6,s,t); + ROUND(7,t,s); + ROUND(8,s,t); + ROUND(9,t,s); + + rk += Nr << 2; + +#else /* !FULL_UNROLL */ + + /* Nr - 1 full rounds: */ + r = Nr >> 1; + for (;;) { + ROUND(1,t,s); + rk += 8; + if (--r == 0) + break; + ROUND(0,s,t); + } + +#endif /* ?FULL_UNROLL */ + +#undef ROUND + + /* + * apply last round and + * map cipher state to byte array block: + */ + s0 = TE41(t0) ^ TE42(t1) ^ TE43(t2) ^ TE44(t3) ^ rk[0]; + PUTU32(ct , s0); + s1 = TE41(t1) ^ TE42(t2) ^ TE43(t3) ^ TE44(t0) ^ rk[1]; + PUTU32(ct + 4, s1); + s2 = TE41(t2) ^ TE42(t3) ^ TE43(t0) ^ TE44(t1) ^ rk[2]; + PUTU32(ct + 8, s2); + s3 = TE41(t3) ^ TE42(t0) ^ TE43(t1) ^ TE44(t2) ^ rk[3]; + PUTU32(ct + 12, s3); +} +#endif /* CONFIG_NO_AES_ENCRYPT */ + +static void rijndaelDecrypt(const u32 rk[/*44*/], const u8 ct[16], u8 pt[16]) +{ + u32 s0, s1, s2, s3, t0, t1, t2, t3; + const int Nr = 10; +#ifndef FULL_UNROLL + int r; +#endif /* ?FULL_UNROLL */ + + /* + * map byte array block to cipher state + * and add initial round key: + */ + s0 = GETU32(ct ) ^ rk[0]; + s1 = GETU32(ct + 4) ^ rk[1]; + s2 = GETU32(ct + 8) ^ rk[2]; + s3 = GETU32(ct + 12) ^ rk[3]; + +#define ROUND(i,d,s) \ +d##0 = TD0(s##0) ^ TD1(s##3) ^ TD2(s##2) ^ TD3(s##1) ^ rk[4 * i]; \ +d##1 = TD0(s##1) ^ TD1(s##0) ^ TD2(s##3) ^ TD3(s##2) ^ rk[4 * i + 1]; \ +d##2 = TD0(s##2) ^ TD1(s##1) ^ TD2(s##0) ^ TD3(s##3) ^ rk[4 * i + 2]; \ +d##3 = TD0(s##3) ^ TD1(s##2) ^ TD2(s##1) ^ TD3(s##0) ^ rk[4 * i + 3] + +#ifdef FULL_UNROLL + + ROUND(1,t,s); + ROUND(2,s,t); + ROUND(3,t,s); + ROUND(4,s,t); + ROUND(5,t,s); + ROUND(6,s,t); + ROUND(7,t,s); + ROUND(8,s,t); + ROUND(9,t,s); + + rk += Nr << 2; + +#else /* !FULL_UNROLL */ + + /* Nr - 1 full rounds: */ + r = Nr >> 1; + for (;;) { + ROUND(1,t,s); + rk += 8; + if (--r == 0) + break; + ROUND(0,s,t); + } + +#endif /* ?FULL_UNROLL */ + +#undef ROUND + + /* + * apply last round and + * map cipher state to byte array block: + */ + s0 = TD41(t0) ^ TD42(t3) ^ TD43(t2) ^ TD44(t1) ^ rk[0]; + PUTU32(pt , s0); + s1 = TD41(t1) ^ TD42(t0) ^ TD43(t3) ^ TD44(t2) ^ rk[1]; + PUTU32(pt + 4, s1); + s2 = TD41(t2) ^ TD42(t1) ^ TD43(t0) ^ TD44(t3) ^ rk[2]; + PUTU32(pt + 8, s2); + s3 = TD41(t3) ^ TD42(t2) ^ TD43(t1) ^ TD44(t0) ^ rk[3]; + PUTU32(pt + 12, s3); +} + +#define AES_PRIV_SIZE 44 diff --git a/package/network/services/ead/src/ead-client.c b/package/network/services/ead/src/ead-client.c new file mode 100644 index 0000000..6d7e07d --- /dev/null +++ b/package/network/services/ead/src/ead-client.c @@ -0,0 +1,433 @@ +/* + * Client for the Emergency Access Daemon + * Copyright (C) 2008 Felix Fietkau <nbd@openwrt.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#include <sys/types.h> +#include <sys/socket.h> +#include <sys/time.h> +#include <netinet/in.h> +#include <arpa/inet.h> +#include <stdio.h> +#include <stddef.h> +#include <stdint.h> +#include <stdlib.h> +#include <stdbool.h> +#include <string.h> +#include <fcntl.h> +#include <unistd.h> +#include <t_pwd.h> +#include <t_read.h> +#include <t_sha.h> +#include <t_defines.h> +#include <t_client.h> +#include "ead.h" +#include "ead-crypt.h" + +#include "pw_encrypt_md5.c" + +#define EAD_TIMEOUT 400 +#define EAD_TIMEOUT_LONG 2000 + +static char msgbuf[1500]; +static struct ead_msg *msg = (struct ead_msg *) msgbuf; +static uint16_t nid = 0xffff; +struct sockaddr_in local, remote; +static int s = 0; +static int sockflags; +static struct in_addr serverip = { + .s_addr = 0x01010101 /* dummy */ +}; + +static unsigned char *skey = NULL; +static unsigned char bbuf[MAXPARAMLEN]; +static unsigned char saltbuf[MAXSALTLEN]; +static char *username = NULL; +static char password[MAXPARAMLEN] = ""; +static char pw_md5[MD5_OUT_BUFSIZE]; +static char pw_salt[MAXSALTLEN]; + +static struct t_client *tc = NULL; +static struct t_num salt = { .data = saltbuf }; +static struct t_num *A, B; +static struct t_preconf *tcp; +static int auth_type = EAD_AUTH_DEFAULT; +static int timeout = EAD_TIMEOUT; +static uint16_t sid = 0; + +static void +set_nonblock(int enable) +{ + if (enable == !!(sockflags & O_NONBLOCK)) + return; + + sockflags ^= O_NONBLOCK; + fcntl(s, F_SETFL, sockflags); +} + +static int +send_packet(int type, bool (*handler)(void), unsigned int max) +{ + struct timeval tv; + fd_set fds; + int nfds; + int len; + int res = 0; + + type = htonl(type); + memcpy(&msg->ip, &serverip.s_addr, sizeof(msg->ip)); + set_nonblock(0); + sendto(s, msgbuf, sizeof(struct ead_msg) + ntohl(msg->len), 0, (struct sockaddr *) &remote, sizeof(remote)); + set_nonblock(1); + + tv.tv_sec = timeout / 1000; + tv.tv_usec = (timeout % 1000) * 1000; + + FD_ZERO(&fds); + do { + FD_SET(s, &fds); + nfds = select(s + 1, &fds, NULL, NULL, &tv); + + if (nfds <= 0) + break; + + if (!FD_ISSET(s, &fds)) + break; + + len = read(s, msgbuf, sizeof(msgbuf)); + if (len < 0) + break; + + if (len < sizeof(struct ead_msg)) + continue; + + if (len < sizeof(struct ead_msg) + ntohl(msg->len)) + continue; + + if (msg->magic != htonl(EAD_MAGIC)) + continue; + + if ((nid != 0xffff) && (ntohs(msg->nid) != nid)) + continue; + + if (msg->type != type) + continue; + + if (handler()) + res++; + + if ((max > 0) && (res >= max)) + break; + } while (1); + + return res; +} + +static void +prepare_password(void) +{ + switch(auth_type) { + case EAD_AUTH_DEFAULT: + break; + case EAD_AUTH_MD5: + md5_crypt(pw_md5, (unsigned char *) password, (unsigned char *) pw_salt); + strncpy(password, pw_md5, sizeof(password)); + break; + } +} + +static bool +handle_pong(void) +{ + struct ead_msg_pong *pong = EAD_DATA(msg, pong); + int len = ntohl(msg->len) - sizeof(struct ead_msg_pong); + + if (len <= 0) + return false; + + pong->name[len] = 0; + auth_type = ntohs(pong->auth_type); + if (nid == 0xffff) + printf("%04x: %s\n", ntohs(msg->nid), pong->name); + sid = msg->sid; + return true; +} + +static bool +handle_prime(void) +{ + struct ead_msg_salt *sb = EAD_DATA(msg, salt); + + salt.len = sb->len; + memcpy(salt.data, sb->salt, salt.len); + + if (auth_type == EAD_AUTH_MD5) { + memcpy(pw_salt, sb->ext_salt, MAXSALTLEN); + pw_salt[MAXSALTLEN - 1] = 0; + } + + tcp = t_getpreparam(sb->prime); + tc = t_clientopen(username, &tcp->modulus, &tcp->generator, &salt); + if (!tc) { + fprintf(stderr, "Client open failed\n"); + return false; + } + + return true; +} + +static bool +handle_b(void) +{ + struct ead_msg_number *num = EAD_DATA(msg, number); + int len = ntohl(msg->len) - sizeof(struct ead_msg_number); + + B.data = bbuf; + B.len = len; + memcpy(bbuf, num->data, len); + return true; +} + +static bool +handle_none(void) +{ + return true; +} + +static bool +handle_done_auth(void) +{ + struct ead_msg_auth *auth = EAD_DATA(msg, auth); + if (t_clientverify(tc, auth->data) != 0) { + fprintf(stderr, "Client auth verify failed\n"); + return false; + } + return true; +} + +static bool +handle_cmd_data(void) +{ + struct ead_msg_cmd_data *cmd = EAD_ENC_DATA(msg, cmd_data); + int datalen = ead_decrypt_message(msg) - sizeof(struct ead_msg_cmd_data); + + if (datalen < 0) + return false; + + if (datalen > 0) { + write(1, cmd->data, datalen); + } + + return !!cmd->done; +} +static int +send_ping(void) +{ + msg->type = htonl(EAD_TYPE_PING); + msg->len = 0; + return send_packet(EAD_TYPE_PONG, handle_pong, (nid == 0xffff ? 0 : 1)); +} + +static int +send_username(void) +{ + msg->type = htonl(EAD_TYPE_SET_USERNAME); + msg->len = htonl(sizeof(struct ead_msg_user)); + strcpy(EAD_DATA(msg, user)->username, username); + return send_packet(EAD_TYPE_ACK_USERNAME, handle_none, 1); +} + +static int +get_prime(void) +{ + msg->type = htonl(EAD_TYPE_GET_PRIME); + msg->len = 0; + return send_packet(EAD_TYPE_PRIME, handle_prime, 1); +} + +static int +send_a(void) +{ + struct ead_msg_number *num = EAD_DATA(msg, number); + A = t_clientgenexp(tc); + msg->type = htonl(EAD_TYPE_SEND_A); + msg->len = htonl(sizeof(struct ead_msg_number) + A->len); + memcpy(num->data, A->data, A->len); + return send_packet(EAD_TYPE_SEND_B, handle_b, 1); +} + +static int +send_auth(void) +{ + struct ead_msg_auth *auth = EAD_DATA(msg, auth); + + prepare_password(); + t_clientpasswd(tc, password); + skey = t_clientgetkey(tc, &B); + if (!skey) + return 0; + + ead_set_key(skey); + msg->type = htonl(EAD_TYPE_SEND_AUTH); + msg->len = htonl(sizeof(struct ead_msg_auth)); + memcpy(auth->data, t_clientresponse(tc), sizeof(auth->data)); + return send_packet(EAD_TYPE_DONE_AUTH, handle_done_auth, 1); +} + +static int +send_command(const char *command) +{ + struct ead_msg_cmd *cmd = EAD_ENC_DATA(msg, cmd); + + msg->type = htonl(EAD_TYPE_SEND_CMD); + cmd->type = htons(EAD_CMD_NORMAL); + cmd->timeout = htons(10); + strncpy((char *)cmd->data, command, 1024); + ead_encrypt_message(msg, sizeof(struct ead_msg_cmd) + strlen(command) + 1); + return send_packet(EAD_TYPE_RESULT_CMD, handle_cmd_data, 1); +} + + +static int +usage(const char *prog) +{ + fprintf(stderr, "Usage: %s [-s <addr>] [-b <addr>] <node> <username>[:<password>] <command>\n" + "\n" + "\t-s <addr>: Set the server's source address to <addr>\n" + "\t-b <addr>: Set the broadcast address to <addr>\n" + "\t<node>: Node ID (4 digits hex)\n" + "\t<username>: Username to authenticate with\n" + "\n" + "\tPassing no arguments shows a list of active nodes on the network\n" + "\n", prog); + return -1; +} + + +int main(int argc, char **argv) +{ + int val = 1; + char *st = NULL; + const char *command = NULL; + const char *prog = argv[0]; + int ch; + + msg->magic = htonl(EAD_MAGIC); + msg->sid = 0; + + memset(&local, 0, sizeof(local)); + memset(&remote, 0, sizeof(remote)); + + remote.sin_family = AF_INET; + remote.sin_addr.s_addr = 0xffffffff; + remote.sin_port = htons(EAD_PORT); + + local.sin_family = AF_INET; + local.sin_addr.s_addr = INADDR_ANY; + local.sin_port = 0; + + while ((ch = getopt(argc, argv, "b:s:h")) != -1) { + switch(ch) { + case 's': + inet_aton(optarg, &serverip); + break; + case 'b': + inet_aton(optarg, &remote.sin_addr); + break; + case 'h': + return usage(prog); + } + } + argv += optind; + argc -= optind; + + switch(argc) { + case 3: + command = argv[2]; + /* fall through */ + case 2: + username = argv[1]; + st = strchr(username, ':'); + if (st) { + *st = 0; + st++; + strncpy(password, st, sizeof(password)); + password[sizeof(password) - 1] = 0; + /* hide command line password */ + memset(st, 0, strlen(st)); + } + /* fall through */ + case 1: + nid = strtoul(argv[0], &st, 16); + if (st && st[0] != 0) + return usage(prog); + /* fall through */ + case 0: + break; + default: + return usage(prog); + } + + msg->nid = htons(nid); + s = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); + if (s < 0) { + perror("socket"); + return -1; + } + + setsockopt(s, SOL_SOCKET, SO_BROADCAST, &val, sizeof(val)); + + if (bind(s, (struct sockaddr *)&local, sizeof(local)) < 0) { + perror("bind"); + return -1; + } + sockflags = fcntl(s, F_GETFL); + + if (!send_ping()) { + fprintf(stderr, "No devices found\n"); + return 1; + } + + if (nid == 0xffff) + return 0; + + if (!username || !password[0]) + return 0; + + if (!send_username()) { + fprintf(stderr, "Device did not accept user name\n"); + return 1; + } + timeout = EAD_TIMEOUT_LONG; + if (!get_prime()) { + fprintf(stderr, "Failed to get user password info\n"); + return 1; + } + if (!send_a()) { + fprintf(stderr, "Failed to send local authentication data\n"); + return 1; + } + if (!send_auth()) { + fprintf(stderr, "Authentication failed\n"); + return 1; + } + if (!command) { + fprintf(stderr, "Authentication succesful\n"); + return 0; + } + if (!send_command(command)) { + fprintf(stderr, "Command failed\n"); + return 1; + } + + return 0; +} diff --git a/package/network/services/ead/src/ead-crypt.c b/package/network/services/ead/src/ead-crypt.c new file mode 100644 index 0000000..0372172 --- /dev/null +++ b/package/network/services/ead/src/ead-crypt.c @@ -0,0 +1,179 @@ +/* + * Copyright (C) 2008 Felix Fietkau <nbd@openwrt.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#include <stddef.h> +#include <stdint.h> +#include <stdlib.h> +#include <stdbool.h> +#include <string.h> +#include <unistd.h> +#include <stdio.h> +#include "ead.h" + +#include "sha1.c" +#include "aes.c" + +#if EAD_DEBUGLEVEL >= 1 +#define DEBUG(n, format, ...) do { \ + if (EAD_DEBUGLEVEL >= n) \ + fprintf(stderr, format, ##__VA_ARGS__); \ +} while (0); + +#else +#define DEBUG(n, format, ...) do {} while(0) +#endif + + +static uint32_t aes_enc_ctx[AES_PRIV_SIZE]; +static uint32_t aes_dec_ctx[AES_PRIV_SIZE]; +static uint32_t ead_rx_iv; +static uint32_t ead_tx_iv; +static uint32_t ivofs_vec; +static unsigned int ivofs_idx = 0; +static uint32_t W[80]; /* work space for sha1 */ + +#define EAD_ENC_PAD 64 + +void +ead_set_key(unsigned char *skey) +{ + uint32_t *ivp = (uint32_t *)skey; + + memset(aes_enc_ctx, 0, sizeof(aes_enc_ctx)); + memset(aes_dec_ctx, 0, sizeof(aes_dec_ctx)); + + /* first 32 bytes of skey are used as aes key for + * encryption and decryption */ + rijndaelKeySetupEnc(aes_enc_ctx, skey); + rijndaelKeySetupDec(aes_dec_ctx, skey); + + /* the following bytes are used as initialization vector for messages + * (highest byte cleared to avoid overflow) */ + ivp += 8; + ead_rx_iv = ntohl(*ivp) & 0x00ffffff; + ead_tx_iv = ead_rx_iv; + + /* the last bytes are used to feed the random iv increment */ + ivp++; + ivofs_vec = *ivp; +} + + +static bool +ead_check_rx_iv(uint32_t iv) +{ + if (iv <= ead_rx_iv) + return false; + + if (iv > ead_rx_iv + EAD_MAX_IV_INCR) + return false; + + ead_rx_iv = iv; + return true; +} + + +static uint32_t +ead_get_tx_iv(void) +{ + unsigned int ofs; + + ofs = 1 + ((ivofs_vec >> 2 * ivofs_idx) & 0x3); + ivofs_idx = (ivofs_idx + 1) % 16; + ead_tx_iv += ofs; + + return ead_tx_iv; +} + +static void +ead_hash_message(struct ead_msg_encrypted *enc, uint32_t *hash, int len) +{ + unsigned char *data = (unsigned char *) enc; + + /* hash the packet with the stored hash part initialized to zero */ + sha_init(hash); + memset(enc->hash, 0, sizeof(enc->hash)); + while (len > 0) { + sha_transform(hash, data, W); + len -= 64; + data += 64; + } +} + +void +ead_encrypt_message(struct ead_msg *msg, unsigned int len) +{ + struct ead_msg_encrypted *enc = EAD_DATA(msg, enc); + unsigned char *data = (unsigned char *) enc; + uint32_t hash[5]; + int enclen, i; + + len += sizeof(struct ead_msg_encrypted); + enc->pad = (EAD_ENC_PAD - (len % EAD_ENC_PAD)) % EAD_ENC_PAD; + enclen = len + enc->pad; + msg->len = htonl(enclen); + enc->iv = htonl(ead_get_tx_iv()); + + ead_hash_message(enc, hash, enclen); + for (i = 0; i < 5; i++) + enc->hash[i] = htonl(hash[i]); + DEBUG(2, "SHA1 generate (0x%08x), len=%d\n", enc->hash[0], enclen); + + while (enclen > 0) { + rijndaelEncrypt(aes_enc_ctx, data, data); + data += 16; + enclen -= 16; + } +} + +int +ead_decrypt_message(struct ead_msg *msg) +{ + struct ead_msg_encrypted *enc = EAD_DATA(msg, enc); + unsigned char *data = (unsigned char *) enc; + uint32_t hash_old[5], hash_new[5]; + int len = ntohl(msg->len); + int i, enclen = len; + + if (!len || (len % EAD_ENC_PAD > 0)) + return 0; + + while (len > 0) { + rijndaelDecrypt(aes_dec_ctx, data, data); + data += 16; + len -= 16; + } + + data = (unsigned char *) enc; + + if (enc->pad >= EAD_ENC_PAD) { + DEBUG(2, "Invalid padding length\n"); + return 0; + } + + if (!ead_check_rx_iv(ntohl(enc->iv))) { + DEBUG(2, "RX IV mismatch (0x%08x <> 0x%08x)\n", ead_rx_iv, ntohl(enc->iv)); + return 0; + } + + for (i = 0; i < 5; i++) + hash_old[i] = ntohl(enc->hash[i]); + ead_hash_message(enc, hash_new, enclen); + if (memcmp(hash_old, hash_new, sizeof(hash_old)) != 0) { + DEBUG(2, "SHA1 mismatch (0x%08x != 0x%08x), len=%d\n", hash_old[0], hash_new[0], enclen); + return 0; + } + + enclen -= enc->pad + sizeof(struct ead_msg_encrypted); + return enclen; +} diff --git a/package/network/services/ead/src/ead-crypt.h b/package/network/services/ead/src/ead-crypt.h new file mode 100644 index 0000000..831ec8a --- /dev/null +++ b/package/network/services/ead/src/ead-crypt.h @@ -0,0 +1,21 @@ +/* + * Copyright (C) 2008 Felix Fietkau <nbd@openwrt.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#ifndef __EAD_CRYPT_H +#define __EAD_CRYPT_H + +extern void ead_set_key(unsigned char *skey); +extern void ead_encrypt_message(struct ead_msg *msg, unsigned int len); +extern int ead_decrypt_message(struct ead_msg *msg); + +#endif diff --git a/package/network/services/ead/src/ead-pcap.h b/package/network/services/ead/src/ead-pcap.h new file mode 100644 index 0000000..0652ab4 --- /dev/null +++ b/package/network/services/ead/src/ead-pcap.h @@ -0,0 +1,71 @@ +/* + * Copyright (c) 2001-2003, Adam Dunkels. + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. The name of the author may not be used to endorse or promote + * products derived from this software without specific prior + * written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + * This file was part of the uIP TCP/IP stack. + * + */ +#ifndef __EAD_PCAP_H +#define __EAD_PCAP_H + +#include <net/ethernet.h> +#include <stdint.h> +#include "ead.h" + +typedef uint8_t u8_t; +typedef uint16_t u16_t; + +/* The UDP and IP headers. */ +struct ead_packet { + struct ether_header eh; + /* IP header. */ + u8_t vhl, + tos, + len[2], + ipid[2], + ipoffset[2], + ttl, + proto; + u16_t ipchksum; + u16_t srcipaddr[2], + destipaddr[2]; + + /* UDP header. */ + u16_t srcport, + destport; + u16_t udplen; + u16_t udpchksum; + + struct ead_msg msg; +} __attribute__((packed)); + +#define UIP_PROTO_UDP 17 +#define UIP_IPH_LEN 20 /* Size of IP header */ +#define UIP_UDPH_LEN 8 /* Size of UDP header */ +#define UIP_IPUDPH_LEN (UIP_UDPH_LEN + UIP_IPH_LEN) + +#endif diff --git a/package/network/services/ead/src/ead.c b/package/network/services/ead/src/ead.c new file mode 100644 index 0000000..bded769 --- /dev/null +++ b/package/network/services/ead/src/ead.c @@ -0,0 +1,976 @@ +/* + * Emergency Access Daemon + * Copyright (C) 2008 Felix Fietkau <nbd@openwrt.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#include <sys/types.h> +#include <sys/time.h> +#include <sys/select.h> +#include <stdio.h> +#include <stddef.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> +#include <stdbool.h> +#include <fcntl.h> +#include <signal.h> +#include <pcap.h> +#include <pcap-bpf.h> +#include <t_pwd.h> +#include <t_read.h> +#include <t_sha.h> +#include <t_defines.h> +#include <t_server.h> +#include <net/if.h> + +#include "list.h" +#include "ead.h" +#include "ead-pcap.h" +#include "ead-crypt.h" +#include "libbridge.h" + +#include "filter.c" + +#ifdef linux +#include <linux/if_packet.h> +#endif + +#define PASSWD_FILE "/etc/passwd" + +#ifndef DEFAULT_IFNAME +#define DEFAULT_IFNAME "eth0" +#endif + +#ifndef DEFAULT_DEVNAME +#define DEFAULT_DEVNAME "Unknown" +#endif + +#define PCAP_MRU 1600 +#define PCAP_TIMEOUT 200 + +#if EAD_DEBUGLEVEL >= 1 +#define DEBUG(n, format, ...) do { \ + if (EAD_DEBUGLEVEL >= n) \ + fprintf(stderr, format, ##__VA_ARGS__); \ +} while (0); + +#else +#define DEBUG(n, format, ...) do {} while(0) +#endif + +struct ead_instance { + struct list_head list; + char ifname[16]; + int pid; + char id; + char bridge[16]; + bool br_check; +}; + +static char ethmac[6] = "\x00\x13\x37\x00\x00\x00"; /* last 3 bytes will be randomized */ +static pcap_t *pcap_fp = NULL; +static pcap_t *pcap_fp_rx = NULL; +static char pktbuf_b[PCAP_MRU]; +static struct ead_packet *pktbuf = (struct ead_packet *)pktbuf_b; +static u16_t nid = 0xffff; /* node id */ +static char username[32] = ""; +static int state = EAD_TYPE_SET_USERNAME; +static const char *passwd_file = PASSWD_FILE; +static const char password[MAXPARAMLEN]; +static bool child_pending = false; + +static unsigned char abuf[MAXPARAMLEN + 1]; +static unsigned char pwbuf[MAXPARAMLEN]; +static unsigned char saltbuf[MAXSALTLEN]; +static unsigned char pw_saltbuf[MAXSALTLEN]; +static struct list_head instances; +static const char *dev_name = DEFAULT_DEVNAME; +static bool nonfork = false; +static struct ead_instance *instance = NULL; + +static struct t_pwent tpe = { + .name = username, + .index = 1, + .password.data = pwbuf, + .password.len = 0, + .salt.data = saltbuf, + .salt.len = 0, +}; +struct t_confent *tce = NULL; +static struct t_server *ts = NULL; +static struct t_num A, *B = NULL; +unsigned char *skey; + +static void +set_recv_type(pcap_t *p, bool rx) +{ +#ifdef PACKET_RECV_TYPE + struct sockaddr_ll sll; + struct ifreq ifr; + int mask; + int fd; + + fd = pcap_get_selectable_fd(p); + if (fd < 0) + return; + + if (rx) + mask = 1 << PACKET_BROADCAST; + else + mask = 0; + + setsockopt(fd, SOL_PACKET, PACKET_RECV_TYPE, &mask, sizeof(mask)); +#endif +} + + +static pcap_t * +ead_open_pcap(const char *ifname, char *errbuf, bool rx) +{ + pcap_t *p; + + p = pcap_create(ifname, errbuf); + if (p == NULL) + goto out; + + pcap_set_snaplen(p, PCAP_MRU); + pcap_set_promisc(p, rx); + pcap_set_timeout(p, PCAP_TIMEOUT); +#ifdef HAS_PROTO_EXTENSION + pcap_set_protocol(p, (rx ? htons(ETH_P_IP) : 0)); +#endif + pcap_set_buffer_size(p, (rx ? 10 : 1) * PCAP_MRU); + pcap_activate(p); + set_recv_type(p, rx); +out: + return p; +} + +static void +get_random_bytes(void *ptr, int len) +{ + int fd; + + fd = open("/dev/urandom", O_RDONLY); + if (fd < 0) { + perror("open"); + exit(1); + } + read(fd, ptr, len); + close(fd); +} + +static bool +prepare_password(void) +{ + static char lbuf[1024]; + unsigned char dig[SHA_DIGESTSIZE]; + BigInteger x, v, n, g; + SHA1_CTX ctxt; + int ulen = strlen(username); + FILE *f; + + lbuf[sizeof(lbuf) - 1] = 0; + + f = fopen(passwd_file, "r"); + if (!f) + return false; + + while (fgets(lbuf, sizeof(lbuf) - 1, f) != NULL) { + char *str, *s2; + + if (strncmp(lbuf, username, ulen) != 0) + continue; + + if (lbuf[ulen] != ':') + continue; + + str = &lbuf[ulen + 1]; + + if (strncmp(str, "$1$", 3) != 0) + continue; + + s2 = strchr(str + 3, '$'); + if (!s2) + continue; + + if (s2 - str >= MAXSALTLEN) + continue; + + strncpy((char *) pw_saltbuf, str, s2 - str); + pw_saltbuf[s2 - str] = 0; + + s2 = strchr(s2, ':'); + if (!s2) + continue; + + *s2 = 0; + if (s2 - str >= MAXPARAMLEN) + continue; + + strncpy((char *)password, str, MAXPARAMLEN); + fclose(f); + goto hash_password; + } + + /* not found */ + fclose(f); + return false; + +hash_password: + tce = gettcid(tpe.index); + do { + t_random(tpe.password.data, SALTLEN); + } while (memcmp(saltbuf, (char *)dig, sizeof(saltbuf)) == 0); + if (saltbuf[0] == 0) + saltbuf[0] = 0xff; + + n = BigIntegerFromBytes(tce->modulus.data, tce->modulus.len); + g = BigIntegerFromBytes(tce->generator.data, tce->generator.len); + v = BigIntegerFromInt(0); + + SHA1Init(&ctxt); + SHA1Update(&ctxt, (unsigned char *) username, strlen(username)); + SHA1Update(&ctxt, (unsigned char *) ":", 1); + SHA1Update(&ctxt, (unsigned char *) password, strlen(password)); + SHA1Final(dig, &ctxt); + + SHA1Init(&ctxt); + SHA1Update(&ctxt, saltbuf, tpe.salt.len); + SHA1Update(&ctxt, dig, sizeof(dig)); + SHA1Final(dig, &ctxt); + + /* x = H(s, H(u, ':', p)) */ + x = BigIntegerFromBytes(dig, sizeof(dig)); + + BigIntegerModExp(v, g, x, n); + tpe.password.len = BigIntegerToBytes(v, (unsigned char *)pwbuf); + + BigIntegerFree(v); + BigIntegerFree(x); + BigIntegerFree(g); + BigIntegerFree(n); + return true; +} + +static u16_t +chksum(u16_t sum, const u8_t *data, u16_t len) +{ + u16_t t; + const u8_t *dataptr; + const u8_t *last_byte; + + dataptr = data; + last_byte = data + len - 1; + + while(dataptr < last_byte) { /* At least two more bytes */ + t = (dataptr[0] << 8) + dataptr[1]; + sum += t; + if(sum < t) { + sum++; /* carry */ + } + dataptr += 2; + } + + if(dataptr == last_byte) { + t = (dataptr[0] << 8) + 0; + sum += t; + if(sum < t) { + sum++; /* carry */ + } + } + + /* Return sum in host byte order. */ + return sum; +} + +static void +ead_send_packet_clone(struct ead_packet *pkt) +{ + u16_t len, sum; + + memcpy(pktbuf, pkt, offsetof(struct ead_packet, msg)); + memcpy(pktbuf->eh.ether_shost, ethmac, 6); + memcpy(pktbuf->eh.ether_dhost, pkt->eh.ether_shost, 6); + + /* ip header */ + len = sizeof(struct ead_packet) - sizeof(struct ether_header) + ntohl(pktbuf->msg.len); + pktbuf->len[0] = len >> 8; + pktbuf->len[1] = len & 0xff; + memcpy(pktbuf->srcipaddr, &pkt->msg.ip, 4); + memcpy(pktbuf->destipaddr, pkt->srcipaddr, 4); + + /* ip checksum */ + pktbuf->ipchksum = 0; + sum = chksum(0, (void *) &pktbuf->vhl, UIP_IPH_LEN); + if (sum == 0) + sum = 0xffff; + pktbuf->ipchksum = htons(~sum); + + /* udp header */ + pktbuf->srcport = pkt->destport; + pktbuf->destport = pkt->srcport; + + /* udp checksum */ + len -= UIP_IPH_LEN; + pktbuf->udplen = htons(len); + pktbuf->udpchksum = 0; + sum = len + UIP_PROTO_UDP; + sum = chksum(sum, (void *) &pktbuf->srcipaddr[0], 8); /* src, dest ip */ + sum = chksum(sum, (void *) &pktbuf->srcport, len); + if (sum == 0) + sum = 0xffff; + pktbuf->udpchksum = htons(~sum); + pcap_sendpacket(pcap_fp, (void *) pktbuf, sizeof(struct ead_packet) + ntohl(pktbuf->msg.len)); +} + +static void +set_state(int nstate) +{ + if (state == nstate) + return; + + if (nstate < state) { + if ((nstate < EAD_TYPE_GET_PRIME) && + (state >= EAD_TYPE_GET_PRIME)) { + t_serverclose(ts); + ts = NULL; + } + goto done; + } + + switch(state) { + case EAD_TYPE_SET_USERNAME: + if (!prepare_password()) + goto error; + ts = t_serveropenraw(&tpe, tce); + if (!ts) + goto error; + break; + case EAD_TYPE_GET_PRIME: + B = t_servergenexp(ts); + break; + case EAD_TYPE_SEND_A: + skey = t_servergetkey(ts, &A); + if (!skey) + goto error; + + ead_set_key(skey); + break; + } +done: + state = nstate; +error: + return; +} + +static bool +handle_ping(struct ead_packet *pkt, int len, int *nstate) +{ + struct ead_msg *msg = &pktbuf->msg; + struct ead_msg_pong *pong = EAD_DATA(msg, pong); + int slen; + + slen = strlen(dev_name); + if (slen > 1024) + slen = 1024; + + msg->len = htonl(sizeof(struct ead_msg_pong) + slen); + strncpy(pong->name, dev_name, slen); + pong->name[slen] = 0; + pong->auth_type = htons(EAD_AUTH_MD5); + + return true; +} + +static bool +handle_set_username(struct ead_packet *pkt, int len, int *nstate) +{ + struct ead_msg *msg = &pkt->msg; + struct ead_msg_user *user = EAD_DATA(msg, user); + + set_state(EAD_TYPE_SET_USERNAME); /* clear old state */ + strncpy(username, user->username, sizeof(username)); + username[sizeof(username) - 1] = 0; + + msg = &pktbuf->msg; + msg->len = 0; + + *nstate = EAD_TYPE_GET_PRIME; + return true; +} + +static bool +handle_get_prime(struct ead_packet *pkt, int len, int *nstate) +{ + struct ead_msg *msg = &pktbuf->msg; + struct ead_msg_salt *salt = EAD_DATA(msg, salt); + + msg->len = htonl(sizeof(struct ead_msg_salt)); + salt->prime = tce->index - 1; + salt->len = ts->s.len; + memcpy(salt->salt, ts->s.data, ts->s.len); + memcpy(salt->ext_salt, pw_saltbuf, MAXSALTLEN); + + *nstate = EAD_TYPE_SEND_A; + return true; +} + +static bool +handle_send_a(struct ead_packet *pkt, int len, int *nstate) +{ + struct ead_msg *msg = &pkt->msg; + struct ead_msg_number *number = EAD_DATA(msg, number); + len = ntohl(msg->len) - sizeof(struct ead_msg_number); + + if (len > MAXPARAMLEN + 1) + return false; + + A.len = len; + A.data = abuf; + memcpy(A.data, number->data, len); + + msg = &pktbuf->msg; + number = EAD_DATA(msg, number); + msg->len = htonl(sizeof(struct ead_msg_number) + B->len); + memcpy(number->data, B->data, B->len); + + *nstate = EAD_TYPE_SEND_AUTH; + return true; +} + +static bool +handle_send_auth(struct ead_packet *pkt, int len, int *nstate) +{ + struct ead_msg *msg = &pkt->msg; + struct ead_msg_auth *auth = EAD_DATA(msg, auth); + + if (t_serververify(ts, auth->data) != 0) { + DEBUG(2, "Client authentication failed\n"); + *nstate = EAD_TYPE_SET_USERNAME; + return false; + } + + msg = &pktbuf->msg; + auth = EAD_DATA(msg, auth); + msg->len = htonl(sizeof(struct ead_msg_auth)); + + DEBUG(2, "Client authentication successful\n"); + memcpy(auth->data, t_serverresponse(ts), sizeof(auth->data)); + + *nstate = EAD_TYPE_SEND_CMD; + return true; +} + +static bool +handle_send_cmd(struct ead_packet *pkt, int len, int *nstate) +{ + struct ead_msg *msg = &pkt->msg; + struct ead_msg_cmd *cmd = EAD_ENC_DATA(msg, cmd); + struct ead_msg_cmd_data *cmddata; + struct timeval tv, to, tn; + int pfd[2], fd; + fd_set fds; + pid_t pid; + bool stream = false; + int timeout; + int type; + int datalen; + + datalen = ead_decrypt_message(msg) - sizeof(struct ead_msg_cmd); + if (datalen <= 0) + return false; + + type = ntohs(cmd->type); + timeout = ntohs(cmd->timeout); + + FD_ZERO(&fds); + cmd->data[datalen] = 0; + switch(type) { + case EAD_CMD_NORMAL: + if (pipe(pfd) < 0) + return false; + + fcntl(pfd[0], F_SETFL, O_NONBLOCK | fcntl(pfd[0], F_GETFL)); + child_pending = true; + pid = fork(); + if (pid == 0) { + close(pfd[0]); + fd = open("/dev/null", O_RDWR); + if (fd > 0) { + dup2(fd, 0); + dup2(pfd[1], 1); + dup2(pfd[1], 2); + } + system((char *)cmd->data); + exit(0); + } else if (pid > 0) { + close(pfd[1]); + if (!timeout) + timeout = EAD_CMD_TIMEOUT; + + stream = true; + break; + } + return false; + case EAD_CMD_BACKGROUND: + pid = fork(); + if (pid == 0) { + /* close stdin, stdout, stderr, replace with fd to /dev/null */ + fd = open("/dev/null", O_RDWR); + if (fd > 0) { + dup2(fd, 0); + dup2(fd, 1); + dup2(fd, 2); + } + system((char *)cmd->data); + exit(0); + } else if (pid > 0) { + break; + } + return false; + default: + return false; + } + + msg = &pktbuf->msg; + cmddata = EAD_ENC_DATA(msg, cmd_data); + + if (stream) { + int nfds, bytes; + + /* send keepalive packets every 200 ms so that the client doesn't timeout */ + gettimeofday(&to, NULL); + memcpy(&tn, &to, sizeof(tn)); + tv.tv_usec = PCAP_TIMEOUT * 1000; + tv.tv_sec = 0; + do { + cmddata->done = 0; + FD_SET(pfd[0], &fds); + nfds = select(pfd[0] + 1, &fds, NULL, NULL, &tv); + bytes = 0; + if (nfds > 0) { + bytes = read(pfd[0], cmddata->data, 1024); + if (bytes < 0) + bytes = 0; + } + if (!bytes && !child_pending) + break; + DEBUG(3, "Sending %d bytes of console data, type=%d, timeout=%d\n", bytes, ntohl(msg->type), timeout); + ead_encrypt_message(msg, sizeof(struct ead_msg_cmd_data) + bytes); + ead_send_packet_clone(pkt); + gettimeofday(&tn, NULL); + } while (tn.tv_sec < to.tv_sec + timeout); + if (child_pending) { + kill(pid, SIGKILL); + return false; + } + } + cmddata->done = 1; + ead_encrypt_message(msg, sizeof(struct ead_msg_cmd_data)); + + return true; +} + + + +static void +parse_message(struct ead_packet *pkt, int len) +{ + bool (*handler)(struct ead_packet *pkt, int len, int *nstate); + int min_len = sizeof(struct ead_packet); + int nstate = state; + int type = ntohl(pkt->msg.type); + + if ((type >= EAD_TYPE_GET_PRIME) && + (state != type)) + return; + + if ((type != EAD_TYPE_PING) && + ((ntohs(pkt->msg.sid) & EAD_INSTANCE_MASK) >> + EAD_INSTANCE_SHIFT) != instance->id) + return; + + switch(type) { + case EAD_TYPE_PING: + handler = handle_ping; + break; + case EAD_TYPE_SET_USERNAME: + handler = handle_set_username; + min_len += sizeof(struct ead_msg_user); + break; + case EAD_TYPE_GET_PRIME: + handler = handle_get_prime; + break; + case EAD_TYPE_SEND_A: + handler = handle_send_a; + min_len += sizeof(struct ead_msg_number); + break; + case EAD_TYPE_SEND_AUTH: + handler = handle_send_auth; + min_len += sizeof(struct ead_msg_auth); + break; + case EAD_TYPE_SEND_CMD: + handler = handle_send_cmd; + min_len += sizeof(struct ead_msg_cmd) + sizeof(struct ead_msg_encrypted); + break; + default: + return; + } + + if (len < min_len) { + DEBUG(2, "discarding packet: message too small\n"); + return; + } + + pktbuf->msg.magic = htonl(EAD_MAGIC); + pktbuf->msg.type = htonl(type + 1); + pktbuf->msg.nid = htons(nid); + pktbuf->msg.sid = pkt->msg.sid; + pktbuf->msg.len = 0; + + if (handler(pkt, len, &nstate)) { + DEBUG(2, "sending response to packet type %d: %d\n", type + 1, ntohl(pktbuf->msg.len)); + /* format response packet */ + ead_send_packet_clone(pkt); + } + set_state(nstate); +} + +static void +handle_packet(u_char *user, const struct pcap_pkthdr *h, const u_char *bytes) +{ + struct ead_packet *pkt = (struct ead_packet *) bytes; + + if (h->len < sizeof(struct ead_packet)) + return; + + if (pkt->eh.ether_type != htons(ETHERTYPE_IP)) + return; + + if (memcmp(pkt->eh.ether_dhost, "\xff\xff\xff\xff\xff\xff", 6) != 0) + return; + + if (pkt->proto != UIP_PROTO_UDP) + return; + + if (pkt->destport != htons(EAD_PORT)) + return; + + if (pkt->msg.magic != htonl(EAD_MAGIC)) + return; + + if (h->len < sizeof(struct ead_packet) + ntohl(pkt->msg.len)) + return; + + if ((pkt->msg.nid != 0xffff) && + (pkt->msg.nid != htons(nid))) + return; + + parse_message(pkt, h->len); +} + +static void +ead_pcap_reopen(bool first) +{ + static char errbuf[PCAP_ERRBUF_SIZE] = ""; + + if (pcap_fp_rx && (pcap_fp_rx != pcap_fp)) + pcap_close(pcap_fp_rx); + + if (pcap_fp) + pcap_close(pcap_fp); + + pcap_fp_rx = NULL; + do { + if (instance->bridge[0]) { + pcap_fp_rx = ead_open_pcap(instance->bridge, errbuf, 1); + pcap_fp = ead_open_pcap(instance->ifname, errbuf, 0); + } else { + pcap_fp = ead_open_pcap(instance->ifname, errbuf, 1); + } + + if (!pcap_fp_rx) + pcap_fp_rx = pcap_fp; + if (first && !pcap_fp) { + DEBUG(1, "WARNING: unable to open interface '%s'\n", instance->ifname); + first = false; + } + if (!pcap_fp) + sleep(1); + } while (!pcap_fp); + pcap_setfilter(pcap_fp_rx, &pktfilter); +} + + +static void +ead_pktloop(void) +{ + while (1) { + if (pcap_dispatch(pcap_fp_rx, 1, handle_packet, NULL) < 0) { + ead_pcap_reopen(false); + continue; + } + } +} + + +static int +usage(const char *prog) +{ + fprintf(stderr, "Usage: %s [<options>]\n" + "Options:\n" + "\t-B Run in background mode\n" + "\t-d <device> Set the device to listen on\n" + "\t-D <name> Set the name of the device visible to clients\n" + "\t-p <file> Set the password file for authenticating\n" + "\t-P <file> Write a pidfile\n" + "\n", prog); + return -1; +} + +static void +server_handle_sigchld(int sig) +{ + struct ead_instance *in; + struct list_head *p; + int pid = 0; + wait(&pid); + + list_for_each(p, &instances) { + in = list_entry(p, struct ead_instance, list); + if (pid != in->pid) + continue; + + in->pid = 0; + break; + } +} + +static void +instance_handle_sigchld(int sig) +{ + int pid = 0; + wait(&pid); + child_pending = false; +} + +static void +start_server(struct ead_instance *i) +{ + if (!nonfork) { + i->pid = fork(); + if (i->pid != 0) { + if (i->pid < 0) + i->pid = 0; + return; + } + } + + instance = i; + signal(SIGCHLD, instance_handle_sigchld); + ead_pcap_reopen(true); + ead_pktloop(); + pcap_close(pcap_fp); + if (pcap_fp_rx != pcap_fp) + pcap_close(pcap_fp_rx); + + exit(0); +} + + +static void +start_servers(bool restart) +{ + struct ead_instance *in; + struct list_head *p; + + list_for_each(p, &instances) { + in = list_entry(p, struct ead_instance, list); + if (in->pid > 0) + continue; + + sleep(1); + start_server(in); + } +} + +static void +stop_server(struct ead_instance *in, bool do_free) +{ + if (in->pid > 0) + kill(in->pid, SIGKILL); + in->pid = 0; + if (do_free) { + list_del(&in->list); + free(in); + } +} + +static void +server_handle_sigint(int sig) +{ + struct ead_instance *in; + struct list_head *p, *tmp; + + list_for_each_safe(p, tmp, &instances) { + in = list_entry(p, struct ead_instance, list); + stop_server(in, true); + } + exit(1); +} + +static int +check_bridge_port(const char *br, const char *port, void *arg) +{ + struct ead_instance *in; + struct list_head *p; + + list_for_each(p, &instances) { + in = list_entry(p, struct ead_instance, list); + + if (strcmp(in->ifname, port) != 0) + continue; + + in->br_check = true; + if (strcmp(in->bridge, br) == 0) + break; + + strncpy(in->bridge, br, sizeof(in->bridge)); + DEBUG(2, "assigning port %s to bridge %s\n", in->ifname, in->bridge); + stop_server(in, false); + } + return 0; +} + +static int +check_bridge(const char *name, void *arg) +{ + br_foreach_port(name, check_bridge_port, arg); + return 0; +} + +static void +check_all_interfaces(void) +{ + struct ead_instance *in; + struct list_head *p; + + br_foreach_bridge(check_bridge, NULL); + + /* look for interfaces that are no longer part of a bridge */ + list_for_each(p, &instances) { + in = list_entry(p, struct ead_instance, list); + + if (in->br_check) { + in->br_check = false; + } else if (in->bridge[0]) { + DEBUG(2, "removing port %s from bridge %s\n", in->ifname, in->bridge); + in->bridge[0] = 0; + stop_server(in, false); + } + } +} + + +int main(int argc, char **argv) +{ + struct ead_instance *in; + struct timeval tv; + const char *pidfile = NULL; + bool background = false; + int n_iface = 0; + int fd, ch; + + if (argc == 1) + return usage(argv[0]); + + INIT_LIST_HEAD(&instances); + while ((ch = getopt(argc, argv, "Bd:D:fhp:P:")) != -1) { + switch(ch) { + case 'B': + background = true; + break; + case 'f': + nonfork = true; + break; + case 'h': + return usage(argv[0]); + case 'd': + in = malloc(sizeof(struct ead_instance)); + memset(in, 0, sizeof(struct ead_instance)); + INIT_LIST_HEAD(&in->list); + strncpy(in->ifname, optarg, sizeof(in->ifname) - 1); + list_add(&in->list, &instances); + in->id = n_iface++; + break; + case 'D': + dev_name = optarg; + break; + case 'p': + passwd_file = optarg; + break; + case 'P': + pidfile = optarg; + break; + } + } + signal(SIGCHLD, server_handle_sigchld); + signal(SIGINT, server_handle_sigint); + signal(SIGTERM, server_handle_sigint); + signal(SIGKILL, server_handle_sigint); + + if (!n_iface) { + fprintf(stderr, "Error: ead needs at least one interface\n"); + return -1; + } + + if (background) { + if (fork() > 0) + exit(0); + + fd = open("/dev/null", O_RDWR); + dup2(fd, 0); + dup2(fd, 1); + dup2(fd, 2); + } + + if (pidfile) { + char pid[8]; + int len; + + unlink(pidfile); + fd = open(pidfile, O_CREAT|O_WRONLY|O_EXCL, 0644); + if (fd > 0) { + len = sprintf(pid, "%d\n", getpid()); + write(fd, pid, len); + close(fd); + } + } + + /* randomize the mac address */ + get_random_bytes(ethmac + 3, 3); + nid = *(((u16_t *) ethmac) + 2); + + start_servers(false); + br_init(); + tv.tv_sec = 1; + tv.tv_usec = 0; + while (1) { + check_all_interfaces(); + start_servers(true); + sleep(1); + } + br_shutdown(); + + return 0; +} diff --git a/package/network/services/ead/src/ead.h b/package/network/services/ead/src/ead.h new file mode 100644 index 0000000..54505ce --- /dev/null +++ b/package/network/services/ead/src/ead.h @@ -0,0 +1,139 @@ +/* + * Copyright (C) 2008 Felix Fietkau <nbd@openwrt.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#ifndef __EAD_H +#define __EAD_H + +#define EAD_DEBUGLEVEL 1 + +#include <stdint.h> +#include <stddef.h> + +#ifndef MAXSALTLEN +#define MAXSALTLEN 32 +#endif + +#define EAD_PORT 56026UL +#define EAD_MAGIC 3671771902UL +#define EAD_CMD_TIMEOUT 10 + +#define EAD_MAX_IV_INCR 128 + +/* request/response types */ +/* response id == request id + 1 */ +enum ead_type { + EAD_TYPE_PING, + EAD_TYPE_PONG, + + EAD_TYPE_SET_USERNAME, + EAD_TYPE_ACK_USERNAME, + + EAD_TYPE_GET_PRIME, + EAD_TYPE_PRIME, + + EAD_TYPE_SEND_A, + EAD_TYPE_SEND_B, + + EAD_TYPE_SEND_AUTH, + EAD_TYPE_DONE_AUTH, + + EAD_TYPE_SEND_CMD, + EAD_TYPE_RESULT_CMD, + + EAD_TYPE_LAST +}; + +enum ead_auth_type { + EAD_AUTH_DEFAULT, + EAD_AUTH_MD5 +}; + +enum ead_cmd_type { + EAD_CMD_NORMAL, + EAD_CMD_BACKGROUND, + EAD_CMD_LAST +}; + +struct ead_msg_pong { + uint16_t auth_type; + char name[]; +} __attribute__((packed)); + +struct ead_msg_number { + uint8_t id; + unsigned char data[]; +} __attribute__((packed)); + +struct ead_msg_salt { + uint8_t prime; + uint8_t len; + unsigned char salt[MAXSALTLEN]; + unsigned char ext_salt[MAXSALTLEN]; +} __attribute__((packed)); + +struct ead_msg_user { + char username[32]; +} __attribute__((packed)); + +struct ead_msg_auth { + unsigned char data[20]; +} __attribute__((packed)); + +struct ead_msg_cmd { + uint8_t type; + uint16_t timeout; + unsigned char data[]; +} __attribute__((packed)); + +struct ead_msg_cmd_data { + uint8_t done; + unsigned char data[]; +} __attribute__((packed)); + +struct ead_msg_encrypted { + uint32_t hash[5]; + uint32_t iv; + uint8_t pad; + union { + struct ead_msg_cmd cmd; + struct ead_msg_cmd_data cmd_data; + } data[]; +} __attribute__((packed)); + + +#define EAD_DATA(_msg, _type) (&((_msg)->data[0]._type)) +#define EAD_ENC_DATA(_msg, _type) (&((_msg)->data[0].enc.data[0]._type)) + +/* for ead_msg::sid */ +#define EAD_INSTANCE_MASK 0xf000 +#define EAD_INSTANCE_SHIFT 12 + +struct ead_msg { + uint32_t magic; + uint32_t len; + uint32_t type; + uint16_t nid; /* node id */ + uint16_t sid; /* session id */ + uint32_t ip; /* source ip for responses from the server */ + union { + struct ead_msg_pong pong; + struct ead_msg_user user; + struct ead_msg_number number; + struct ead_msg_auth auth; + struct ead_msg_salt salt; + struct ead_msg_encrypted enc; + } data[]; +} __attribute__((packed)); + + +#endif diff --git a/package/network/services/ead/src/filter.c b/package/network/services/ead/src/filter.c new file mode 100644 index 0000000..0759dc3 --- /dev/null +++ b/package/network/services/ead/src/filter.c @@ -0,0 +1,25 @@ +/* precompiled expression: udp and dst port 56026 */ + +static struct bpf_insn pktfilter_insns[] = { + { .code = 0x0028, .jt = 0x00, .jf = 0x00, .k = 0x0000000c }, + { .code = 0x0015, .jt = 0x00, .jf = 0x04, .k = 0x000086dd }, + { .code = 0x0030, .jt = 0x00, .jf = 0x00, .k = 0x00000014 }, + { .code = 0x0015, .jt = 0x00, .jf = 0x0b, .k = 0x00000011 }, + { .code = 0x0028, .jt = 0x00, .jf = 0x00, .k = 0x00000038 }, + { .code = 0x0015, .jt = 0x08, .jf = 0x09, .k = 0x0000dada }, + { .code = 0x0015, .jt = 0x00, .jf = 0x08, .k = 0x00000800 }, + { .code = 0x0030, .jt = 0x00, .jf = 0x00, .k = 0x00000017 }, + { .code = 0x0015, .jt = 0x00, .jf = 0x06, .k = 0x00000011 }, + { .code = 0x0028, .jt = 0x00, .jf = 0x00, .k = 0x00000014 }, + { .code = 0x0045, .jt = 0x04, .jf = 0x00, .k = 0x00001fff }, + { .code = 0x00b1, .jt = 0x00, .jf = 0x00, .k = 0x0000000e }, + { .code = 0x0048, .jt = 0x00, .jf = 0x00, .k = 0x00000010 }, + { .code = 0x0015, .jt = 0x00, .jf = 0x01, .k = 0x0000dada }, + { .code = 0x0006, .jt = 0x00, .jf = 0x00, .k = 0x000005dc }, + { .code = 0x0006, .jt = 0x00, .jf = 0x00, .k = 0x00000000 }, +}; + +static struct bpf_program pktfilter = { + .bf_len = 16, + .bf_insns = pktfilter_insns, +}; diff --git a/package/network/services/ead/src/libbridge.h b/package/network/services/ead/src/libbridge.h new file mode 100644 index 0000000..d7bbdc4 --- /dev/null +++ b/package/network/services/ead/src/libbridge.h @@ -0,0 +1,60 @@ +/* + * Copyright (C) 2000 Lennert Buytenhek + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#ifndef _LIBBRIDGE_H +#define _LIBBRIDGE_H + +#ifdef linux + +int br_init(void); +void br_shutdown(void); + +int br_foreach_port(const char *brname, + int (*iterator)(const char *br, const char *port, void *arg), + void *arg); + +int br_foreach_bridge(int (*iterator)(const char *, void *), void *arg); + +#else + +static inline int br_init(void) +{ + return 0; +} + +static inline void br_shutdown(void) +{ +} + +static inline int +br_foreach_port(const char *brname, + int (*iterator)(const char *br, const char *port, void *arg), + void *arg) +{ + return 0; +} + +static inline int +br_foreach_bridge(int (*iterator)(const char *, void *), void *arg) +{ + return 0; +} + +#endif + +#endif diff --git a/package/network/services/ead/src/libbridge_init.c b/package/network/services/ead/src/libbridge_init.c new file mode 100644 index 0000000..687ef62 --- /dev/null +++ b/package/network/services/ead/src/libbridge_init.c @@ -0,0 +1,127 @@ +/* + * Copyright (C) 2000 Lennert Buytenhek + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#ifdef linux + +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> +#include <errno.h> +#include <string.h> +#include <dirent.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <sys/socket.h> +#include <linux/if.h> +#include <linux/in6.h> +#include <linux/if_bridge.h> + +#include "libbridge.h" +#include "libbridge_private.h" + +static int br_socket_fd = -1; + +int br_init(void) +{ + if ((br_socket_fd = socket(AF_LOCAL, SOCK_STREAM, 0)) < 0) + return errno; + return 0; +} + +void br_shutdown(void) +{ + close(br_socket_fd); + br_socket_fd = -1; +} + +/* If /sys/class/net/XXX/bridge exists then it must be a bridge */ +static int isbridge(const struct dirent *entry) +{ + char path[SYSFS_PATH_MAX]; + struct stat st; + + snprintf(path, SYSFS_PATH_MAX, SYSFS_CLASS_NET "%s/bridge", entry->d_name); + return stat(path, &st) == 0 && S_ISDIR(st.st_mode); +} + +/* + * New interface uses sysfs to find bridges + */ +static int new_foreach_bridge(int (*iterator)(const char *name, void *), + void *arg) +{ + struct dirent **namelist; + int i, count = 0; + + count = scandir(SYSFS_CLASS_NET, &namelist, isbridge, alphasort); + if (count < 0) + return -1; + + for (i = 0; i < count; i++) { + if (iterator(namelist[i]->d_name, arg)) + break; + } + + for (i = 0; i < count; i++) + free(namelist[i]); + free(namelist); + + return count; +} + +/* + * Go over all bridges and call iterator function. + * if iterator returns non-zero then stop. + */ +int br_foreach_bridge(int (*iterator)(const char *, void *), void *arg) +{ + return new_foreach_bridge(iterator, arg); +} + +/* + * Iterate over all ports in bridge (using sysfs). + */ +int br_foreach_port(const char *brname, + int (*iterator)(const char *br, const char *port, void *arg), + void *arg) +{ + int i, count; + struct dirent **namelist; + char path[SYSFS_PATH_MAX]; + + snprintf(path, SYSFS_PATH_MAX, SYSFS_CLASS_NET "%s/brif", brname); + count = scandir(path, &namelist, 0, alphasort); + + for (i = 0; i < count; i++) { + if (namelist[i]->d_name[0] == '.' + && (namelist[i]->d_name[1] == '\0' + || (namelist[i]->d_name[1] == '.' + && namelist[i]->d_name[2] == '\0'))) + continue; + + if (iterator(brname, namelist[i]->d_name, arg)) + break; + } + for (i = 0; i < count; i++) + free(namelist[i]); + free(namelist); + + return count; +} + +#endif diff --git a/package/network/services/ead/src/libbridge_private.h b/package/network/services/ead/src/libbridge_private.h new file mode 100644 index 0000000..38fd60e --- /dev/null +++ b/package/network/services/ead/src/libbridge_private.h @@ -0,0 +1,35 @@ +/* + * Copyright (C) 2000 Lennert Buytenhek + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License as + * published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#ifndef _LIBBRIDGE_PRIVATE_H +#define _LIBBRIDGE_PRIVATE_H + +#include <linux/sockios.h> +#include <sys/time.h> +#include <sys/ioctl.h> +#include <linux/if_bridge.h> + +#define MAX_BRIDGES 1024 +#define MAX_PORTS 1024 + +#define SYSFS_CLASS_NET "/sys/class/net/" +#define SYSFS_PATH_MAX 256 + +#define dprintf(fmt,arg...) + +#endif diff --git a/package/network/services/ead/src/list.h b/package/network/services/ead/src/list.h new file mode 100644 index 0000000..ac429c8 --- /dev/null +++ b/package/network/services/ead/src/list.h @@ -0,0 +1,602 @@ +/* GPL v2, adapted from the Linux kernel */ +#ifndef _LINUX_LIST_H +#define _LINUX_LIST_H + +#include <stddef.h> +/** + * container_of - cast a member of a structure out to the containing structure + * @ptr: the pointer to the member. + * @type: the type of the container struct this is embedded in. + * @member: the name of the member within the struct. + * + */ +#ifndef container_of +#define container_of(ptr, type, member) ( \ + (type *)( (char *)ptr - offsetof(type,member) )) +#endif + + +/* + * Simple doubly linked list implementation. + * + * Some of the internal functions ("__xxx") are useful when + * manipulating whole lists rather than single entries, as + * sometimes we already know the next/prev entries and we can + * generate better code by using them directly rather than + * using the generic single-entry routines. + */ + +struct list_head { + struct list_head *next, *prev; +}; + +#define LIST_HEAD_INIT(name) { &(name), &(name) } + +#define LIST_HEAD(name) \ + struct list_head name = LIST_HEAD_INIT(name) + +static inline void INIT_LIST_HEAD(struct list_head *list) +{ + list->next = list; + list->prev = list; +} + +/* + * Insert a new entry between two known consecutive entries. + * + * This is only for internal list manipulation where we know + * the prev/next entries already! + */ +static inline void __list_add(struct list_head *new, + struct list_head *prev, + struct list_head *next) +{ + next->prev = new; + new->next = next; + new->prev = prev; + prev->next = new; +} + +/** + * list_add - add a new entry + * @new: new entry to be added + * @head: list head to add it after + * + * Insert a new entry after the specified head. + * This is good for implementing stacks. + */ +static inline void list_add(struct list_head *new, struct list_head *head) +{ + __list_add(new, head, head->next); +} + + +/** + * list_add_tail - add a new entry + * @new: new entry to be added + * @head: list head to add it before + * + * Insert a new entry before the specified head. + * This is useful for implementing queues. + */ +static inline void list_add_tail(struct list_head *new, struct list_head *head) +{ + __list_add(new, head->prev, head); +} + + +/* + * Delete a list entry by making the prev/next entries + * point to each other. + * + * This is only for internal list manipulation where we know + * the prev/next entries already! + */ +static inline void __list_del(struct list_head * prev, struct list_head * next) +{ + next->prev = prev; + prev->next = next; +} + +/** + * list_del - deletes entry from list. + * @entry: the element to delete from the list. + * Note: list_empty() on entry does not return true after this, the entry is + * in an undefined state. + */ +static inline void list_del(struct list_head *entry) +{ + __list_del(entry->prev, entry->next); + entry->next = NULL; + entry->prev = NULL; +} + +/** + * list_replace - replace old entry by new one + * @old : the element to be replaced + * @new : the new element to insert + * + * If @old was empty, it will be overwritten. + */ +static inline void list_replace(struct list_head *old, + struct list_head *new) +{ + new->next = old->next; + new->next->prev = new; + new->prev = old->prev; + new->prev->next = new; +} + +static inline void list_replace_init(struct list_head *old, + struct list_head *new) +{ + list_replace(old, new); + INIT_LIST_HEAD(old); +} + +/** + * list_del_init - deletes entry from list and reinitialize it. + * @entry: the element to delete from the list. + */ +static inline void list_del_init(struct list_head *entry) +{ + __list_del(entry->prev, entry->next); + INIT_LIST_HEAD(entry); +} + +/** + * list_move - delete from one list and add as another's head + * @list: the entry to move + * @head: the head that will precede our entry + */ +static inline void list_move(struct list_head *list, struct list_head *head) +{ + __list_del(list->prev, list->next); + list_add(list, head); +} + +/** + * list_move_tail - delete from one list and add as another's tail + * @list: the entry to move + * @head: the head that will follow our entry + */ +static inline void list_move_tail(struct list_head *list, + struct list_head *head) +{ + __list_del(list->prev, list->next); + list_add_tail(list, head); +} + +/** + * list_is_last - tests whether @list is the last entry in list @head + * @list: the entry to test + * @head: the head of the list + */ +static inline int list_is_last(const struct list_head *list, + const struct list_head *head) +{ + return list->next == head; +} + +/** + * list_empty - tests whether a list is empty + * @head: the list to test. + */ +static inline int list_empty(const struct list_head *head) +{ + return head->next == head; +} + +/** + * list_empty_careful - tests whether a list is empty and not being modified + * @head: the list to test + * + * Description: + * tests whether a list is empty _and_ checks that no other CPU might be + * in the process of modifying either member (next or prev) + * + * NOTE: using list_empty_careful() without synchronization + * can only be safe if the only activity that can happen + * to the list entry is list_del_init(). Eg. it cannot be used + * if another CPU could re-list_add() it. + */ +static inline int list_empty_careful(const struct list_head *head) +{ + struct list_head *next = head->next; + return (next == head) && (next == head->prev); +} + +static inline void __list_splice(struct list_head *list, + struct list_head *head) +{ + struct list_head *first = list->next; + struct list_head *last = list->prev; + struct list_head *at = head->next; + + first->prev = head; + head->next = first; + + last->next = at; + at->prev = last; +} + +/** + * list_splice - join two lists + * @list: the new list to add. + * @head: the place to add it in the first list. + */ +static inline void list_splice(struct list_head *list, struct list_head *head) +{ + if (!list_empty(list)) + __list_splice(list, head); +} + +/** + * list_splice_init - join two lists and reinitialise the emptied list. + * @list: the new list to add. + * @head: the place to add it in the first list. + * + * The list at @list is reinitialised + */ +static inline void list_splice_init(struct list_head *list, + struct list_head *head) +{ + if (!list_empty(list)) { + __list_splice(list, head); + INIT_LIST_HEAD(list); + } +} + +/** + * list_entry - get the struct for this entry + * @ptr: the &struct list_head pointer. + * @type: the type of the struct this is embedded in. + * @member: the name of the list_struct within the struct. + */ +#define list_entry(ptr, type, member) \ + container_of(ptr, type, member) + +/** + * list_first_entry - get the first element from a list + * @ptr: the list head to take the element from. + * @type: the type of the struct this is embedded in. + * @member: the name of the list_struct within the struct. + * + * Note, that list is expected to be not empty. + */ +#define list_first_entry(ptr, type, member) \ + list_entry((ptr)->next, type, member) + +/** + * list_for_each - iterate over a list + * @pos: the &struct list_head to use as a loop cursor. + * @head: the head for your list. + */ +#define list_for_each(pos, head) \ + for (pos = (head)->next; pos != (head); \ + pos = pos->next) + +/** + * __list_for_each - iterate over a list + * @pos: the &struct list_head to use as a loop cursor. + * @head: the head for your list. + * + * This variant differs from list_for_each() in that it's the + * simplest possible list iteration code, no prefetching is done. + * Use this for code that knows the list to be very short (empty + * or 1 entry) most of the time. + */ +#define __list_for_each(pos, head) \ + for (pos = (head)->next; pos != (head); pos = pos->next) + +/** + * list_for_each_prev - iterate over a list backwards + * @pos: the &struct list_head to use as a loop cursor. + * @head: the head for your list. + */ +#define list_for_each_prev(pos, head) \ + for (pos = (head)->prev; pos != (head); \ + pos = pos->prev) + +/** + * list_for_each_safe - iterate over a list safe against removal of list entry + * @pos: the &struct list_head to use as a loop cursor. + * @n: another &struct list_head to use as temporary storage + * @head: the head for your list. + */ +#define list_for_each_safe(pos, n, head) \ + for (pos = (head)->next, n = pos->next; pos != (head); \ + pos = n, n = pos->next) + +/** + * list_for_each_prev_safe - iterate over a list backwards safe against removal of list entry + * @pos: the &struct list_head to use as a loop cursor. + * @n: another &struct list_head to use as temporary storage + * @head: the head for your list. + */ +#define list_for_each_prev_safe(pos, n, head) \ + for (pos = (head)->prev, n = pos->prev; \ + pos != (head); \ + pos = n, n = pos->prev) + +/** + * list_for_each_entry - iterate over list of given type + * @pos: the type * to use as a loop cursor. + * @head: the head for your list. + * @member: the name of the list_struct within the struct. + */ +#define list_for_each_entry(pos, head, member) \ + for (pos = list_entry((head)->next, typeof(*pos), member); \ + &pos->member != (head); \ + pos = list_entry(pos->member.next, typeof(*pos), member)) + +/** + * list_for_each_entry_reverse - iterate backwards over list of given type. + * @pos: the type * to use as a loop cursor. + * @head: the head for your list. + * @member: the name of the list_struct within the struct. + */ +#define list_for_each_entry_reverse(pos, head, member) \ + for (pos = list_entry((head)->prev, typeof(*pos), member); \ + &pos->member != (head); \ + pos = list_entry(pos->member.prev, typeof(*pos), member)) + +/** + * list_prepare_entry - prepare a pos entry for use in list_for_each_entry_continue() + * @pos: the type * to use as a start point + * @head: the head of the list + * @member: the name of the list_struct within the struct. + * + * Prepares a pos entry for use as a start point in list_for_each_entry_continue(). + */ +#define list_prepare_entry(pos, head, member) \ + ((pos) ? : list_entry(head, typeof(*pos), member)) + +/** + * list_for_each_entry_continue - continue iteration over list of given type + * @pos: the type * to use as a loop cursor. + * @head: the head for your list. + * @member: the name of the list_struct within the struct. + * + * Continue to iterate over list of given type, continuing after + * the current position. + */ +#define list_for_each_entry_continue(pos, head, member) \ + for (pos = list_entry(pos->member.next, typeof(*pos), member); \ + &pos->member != (head); \ + pos = list_entry(pos->member.next, typeof(*pos), member)) + +/** + * list_for_each_entry_continue_reverse - iterate backwards from the given point + * @pos: the type * to use as a loop cursor. + * @head: the head for your list. + * @member: the name of the list_struct within the struct. + * + * Start to iterate over list of given type backwards, continuing after + * the current position. + */ +#define list_for_each_entry_continue_reverse(pos, head, member) \ + for (pos = list_entry(pos->member.prev, typeof(*pos), member); \ + &pos->member != (head); \ + pos = list_entry(pos->member.prev, typeof(*pos), member)) + +/** + * list_for_each_entry_from - iterate over list of given type from the current point + * @pos: the type * to use as a loop cursor. + * @head: the head for your list. + * @member: the name of the list_struct within the struct. + * + * Iterate over list of given type, continuing from current position. + */ +#define list_for_each_entry_from(pos, head, member) \ + for (; &pos->member != (head); \ + pos = list_entry(pos->member.next, typeof(*pos), member)) + +/** + * list_for_each_entry_safe - iterate over list of given type safe against removal of list entry + * @pos: the type * to use as a loop cursor. + * @n: another type * to use as temporary storage + * @head: the head for your list. + * @member: the name of the list_struct within the struct. + */ +#define list_for_each_entry_safe(pos, n, head, member) \ + for (pos = list_entry((head)->next, typeof(*pos), member), \ + n = list_entry(pos->member.next, typeof(*pos), member); \ + &pos->member != (head); \ + pos = n, n = list_entry(n->member.next, typeof(*n), member)) + +/** + * list_for_each_entry_safe_continue + * @pos: the type * to use as a loop cursor. + * @n: another type * to use as temporary storage + * @head: the head for your list. + * @member: the name of the list_struct within the struct. + * + * Iterate over list of given type, continuing after current point, + * safe against removal of list entry. + */ +#define list_for_each_entry_safe_continue(pos, n, head, member) \ + for (pos = list_entry(pos->member.next, typeof(*pos), member), \ + n = list_entry(pos->member.next, typeof(*pos), member); \ + &pos->member != (head); \ + pos = n, n = list_entry(n->member.next, typeof(*n), member)) + +/** + * list_for_each_entry_safe_from + * @pos: the type * to use as a loop cursor. + * @n: another type * to use as temporary storage + * @head: the head for your list. + * @member: the name of the list_struct within the struct. + * + * Iterate over list of given type from current point, safe against + * removal of list entry. + */ +#define list_for_each_entry_safe_from(pos, n, head, member) \ + for (n = list_entry(pos->member.next, typeof(*pos), member); \ + &pos->member != (head); \ + pos = n, n = list_entry(n->member.next, typeof(*n), member)) + +/** + * list_for_each_entry_safe_reverse + * @pos: the type * to use as a loop cursor. + * @n: another type * to use as temporary storage + * @head: the head for your list. + * @member: the name of the list_struct within the struct. + * + * Iterate backwards over list of given type, safe against removal + * of list entry. + */ +#define list_for_each_entry_safe_reverse(pos, n, head, member) \ + for (pos = list_entry((head)->prev, typeof(*pos), member), \ + n = list_entry(pos->member.prev, typeof(*pos), member); \ + &pos->member != (head); \ + pos = n, n = list_entry(n->member.prev, typeof(*n), member)) + +/* + * Double linked lists with a single pointer list head. + * Mostly useful for hash tables where the two pointer list head is + * too wasteful. + * You lose the ability to access the tail in O(1). + */ + +struct hlist_head { + struct hlist_node *first; +}; + +struct hlist_node { + struct hlist_node *next, **pprev; +}; + +#define HLIST_HEAD_INIT { .first = NULL } +#define HLIST_HEAD(name) struct hlist_head name = { .first = NULL } +#define INIT_HLIST_HEAD(ptr) ((ptr)->first = NULL) +static inline void INIT_HLIST_NODE(struct hlist_node *h) +{ + h->next = NULL; + h->pprev = NULL; +} + +static inline int hlist_unhashed(const struct hlist_node *h) +{ + return !h->pprev; +} + +static inline int hlist_empty(const struct hlist_head *h) +{ + return !h->first; +} + +static inline void __hlist_del(struct hlist_node *n) +{ + struct hlist_node *next = n->next; + struct hlist_node **pprev = n->pprev; + *pprev = next; + if (next) + next->pprev = pprev; +} + +static inline void hlist_del(struct hlist_node *n) +{ + __hlist_del(n); + n->next = NULL; + n->pprev = NULL; +} + +static inline void hlist_del_init(struct hlist_node *n) +{ + if (!hlist_unhashed(n)) { + __hlist_del(n); + INIT_HLIST_NODE(n); + } +} + + +static inline void hlist_add_head(struct hlist_node *n, struct hlist_head *h) +{ + struct hlist_node *first = h->first; + n->next = first; + if (first) + first->pprev = &n->next; + h->first = n; + n->pprev = &h->first; +} + + +/* next must be != NULL */ +static inline void hlist_add_before(struct hlist_node *n, + struct hlist_node *next) +{ + n->pprev = next->pprev; + n->next = next; + next->pprev = &n->next; + *(n->pprev) = n; +} + +static inline void hlist_add_after(struct hlist_node *n, + struct hlist_node *next) +{ + next->next = n->next; + n->next = next; + next->pprev = &n->next; + + if(next->next) + next->next->pprev = &next->next; +} + +#define hlist_entry(ptr, type, member) container_of(ptr,type,member) + +#define hlist_for_each(pos, head) \ + for (pos = (head)->first; pos; pos = pos->next) + +#define hlist_for_each_safe(pos, n, head) \ + for (pos = (head)->first; pos; pos = n) + +/** + * hlist_for_each_entry - iterate over list of given type + * @tpos: the type * to use as a loop cursor. + * @pos: the &struct hlist_node to use as a loop cursor. + * @head: the head for your list. + * @member: the name of the hlist_node within the struct. + */ +#define hlist_for_each_entry(tpos, pos, head, member) \ + for (pos = (head)->first; pos && \ + ({ tpos = hlist_entry(pos, typeof(*tpos), member); 1;}); \ + pos = pos->next) + +/** + * hlist_for_each_entry_continue - iterate over a hlist continuing after current point + * @tpos: the type * to use as a loop cursor. + * @pos: the &struct hlist_node to use as a loop cursor. + * @member: the name of the hlist_node within the struct. + */ +#define hlist_for_each_entry_continue(tpos, pos, member) \ + for (pos = (pos)->next; pos && \ + ({ tpos = hlist_entry(pos, typeof(*tpos), member); 1;}); \ + pos = pos->next) + +/** + * hlist_for_each_entry_from - iterate over a hlist continuing from current point + * @tpos: the type * to use as a loop cursor. + * @pos: the &struct hlist_node to use as a loop cursor. + * @member: the name of the hlist_node within the struct. + */ +#define hlist_for_each_entry_from(tpos, pos, member) \ + for (; pos && \ + ({ tpos = hlist_entry(pos, typeof(*tpos), member); 1;}); \ + pos = pos->next) + +/** + * hlist_for_each_entry_safe - iterate over list of given type safe against removal of list entry + * @tpos: the type * to use as a loop cursor. + * @pos: the &struct hlist_node to use as a loop cursor. + * @n: another &struct hlist_node to use as temporary storage + * @head: the head for your list. + * @member: the name of the hlist_node within the struct. + */ +#define hlist_for_each_entry_safe(tpos, pos, n, head, member) \ + for (pos = (head)->first; \ + pos && ({ n = pos->next; 1; }) && \ + ({ tpos = hlist_entry(pos, typeof(*tpos), member); 1;}); \ + pos = n) + +#endif diff --git a/package/network/services/ead/src/passwd b/package/network/services/ead/src/passwd new file mode 100644 index 0000000..eee7a89 --- /dev/null +++ b/package/network/services/ead/src/passwd @@ -0,0 +1,3 @@ +root:$1$MCGAgYw.$Ip1GcyeUliId3wzVcKR/e/:0:0:root:/root:/bin/ash +nobody:*:65534:65534:nobody:/var:/bin/false +daemon:*:65534:65534:daemon:/var:/bin/false diff --git a/package/network/services/ead/src/pfc.c b/package/network/services/ead/src/pfc.c new file mode 100644 index 0000000..402e37f --- /dev/null +++ b/package/network/services/ead/src/pfc.c @@ -0,0 +1,54 @@ +/* + * Small pcap precompiler + * Copyright (C) 2008 Felix Fietkau <nbd@openwrt.org> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 + * as published by the Free Software Foundation + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ + +#include <sys/types.h> +#include <sys/time.h> +#include <string.h> +#include <stdlib.h> +#include <pcap.h> + +int main (int argc, char ** argv) +{ + struct bpf_program filter; + pcap_t *pc; + int i; + + if (argc != 2) + { + printf ("Usage: %s <expression>\n", argv[0]); + return 1; + } + + pc = pcap_open_dead(DLT_EN10MB, 1500); + if (pcap_compile(pc, &filter, argv[1], 1, 0) != 0) { + printf("error in active-filter expression: %s\n", pcap_geterr(pc)); + return 1; + } + + printf("/* precompiled expression: %s */\n\n" + "static struct bpf_insn pktfilter_insns[] = {\n", + argv[1]); + + for (i = 0; i < filter.bf_len; i++) { + struct bpf_insn *in = &filter.bf_insns[i]; + printf("\t{ .code = 0x%04x, .jt = 0x%02x, .jf = 0x%02x, .k = 0x%08x },\n", in->code, in->jt, in->jf, in->k); + } + printf("};\n\n" + "static struct bpf_program pktfilter = {\n" + "\t.bf_len = %d,\n" + "\t.bf_insns = pktfilter_insns,\n" + "};\n", filter.bf_len); + return 0; + +} diff --git a/package/network/services/ead/src/pw_encrypt_md5.c b/package/network/services/ead/src/pw_encrypt_md5.c new file mode 100644 index 0000000..bc9f249 --- /dev/null +++ b/package/network/services/ead/src/pw_encrypt_md5.c @@ -0,0 +1,646 @@ +/* + * MD5C.C - RSA Data Security, Inc., MD5 message-digest algorithm + * + * Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All + * rights reserved. + * + * License to copy and use this software is granted provided that it + * is identified as the "RSA Data Security, Inc. MD5 Message-Digest + * Algorithm" in all material mentioning or referencing this software + * or this function. + * + * License is also granted to make and use derivative works provided + * that such works are identified as "derived from the RSA Data + * Security, Inc. MD5 Message-Digest Algorithm" in all material + * mentioning or referencing the derived work. + * + * RSA Data Security, Inc. makes no representations concerning either + * the merchantability of this software or the suitability of this + * software for any particular purpose. It is provided "as is" + * without express or implied warranty of any kind. + * + * These notices must be retained in any copies of any part of this + * documentation and/or software. + * + * $FreeBSD: src/lib/libmd/md5c.c,v 1.9.2.1 1999/08/29 14:57:12 peter Exp $ + * + * This code is the same as the code published by RSA Inc. It has been + * edited for clarity and style only. + * + * ---------------------------------------------------------------------------- + * The md5_crypt() function was taken from freeBSD's libcrypt and contains + * this license: + * "THE BEER-WARE LICENSE" (Revision 42): + * <phk@login.dknet.dk> wrote this file. As long as you retain this notice you + * can do whatever you want with this stuff. If we meet some day, and you think + * this stuff is worth it, you can buy me a beer in return. Poul-Henning Kamp + * + * $FreeBSD: src/lib/libcrypt/crypt.c,v 1.7.2.1 1999/08/29 14:56:33 peter Exp $ + * + * ---------------------------------------------------------------------------- + * On April 19th, 2001 md5_crypt() was modified to make it reentrant + * by Erik Andersen <andersen@uclibc.org> + * + * + * June 28, 2001 Manuel Novoa III + * + * "Un-inlined" code using loops and static const tables in order to + * reduce generated code size (on i386 from approx 4k to approx 2.5k). + * + * June 29, 2001 Manuel Novoa III + * + * Completely removed static PADDING array. + * + * Reintroduced the loop unrolling in MD5_Transform and added the + * MD5_SIZE_OVER_SPEED option for configurability. Define below as: + * 0 fully unrolled loops + * 1 partially unrolled (4 ops per loop) + * 2 no unrolling -- introduces the need to swap 4 variables (slow) + * 3 no unrolling and all 4 loops merged into one with switch + * in each loop (glacial) + * On i386, sizes are roughly (-Os -fno-builtin): + * 0: 3k 1: 2.5k 2: 2.2k 3: 2k + * + * + * Since SuSv3 does not require crypt_r, modified again August 7, 2002 + * by Erik Andersen to remove reentrance stuff... + */ + +static const uint8_t ascii64[] = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"; + +/* + * Valid values are 1 (fastest/largest) to 3 (smallest/slowest). + */ +#define MD5_SIZE_OVER_SPEED 3 + +/**********************************************************************/ + +/* MD5 context. */ +struct MD5Context { + uint32_t state[4]; /* state (ABCD) */ + uint32_t count[2]; /* number of bits, modulo 2^64 (lsb first) */ + unsigned char buffer[64]; /* input buffer */ +}; + +static void __md5_Init(struct MD5Context *); +static void __md5_Update(struct MD5Context *, const unsigned char *, unsigned int); +static void __md5_Pad(struct MD5Context *); +static void __md5_Final(unsigned char [16], struct MD5Context *); +static void __md5_Transform(uint32_t [4], const unsigned char [64]); + + +#define MD5_MAGIC_STR "$1$" +#define MD5_MAGIC_LEN (sizeof(MD5_MAGIC_STR) - 1) +static const unsigned char __md5__magic[] = MD5_MAGIC_STR; + + +#ifdef i386 +#define __md5_Encode memcpy +#define __md5_Decode memcpy +#else /* i386 */ + +/* + * __md5_Encodes input (uint32_t) into output (unsigned char). Assumes len is + * a multiple of 4. + */ +static void +__md5_Encode(unsigned char *output, uint32_t *input, unsigned int len) +{ + unsigned int i, j; + + for (i = 0, j = 0; j < len; i++, j += 4) { + output[j] = input[i]; + output[j+1] = (input[i] >> 8); + output[j+2] = (input[i] >> 16); + output[j+3] = (input[i] >> 24); + } +} + +/* + * __md5_Decodes input (unsigned char) into output (uint32_t). Assumes len is + * a multiple of 4. + */ +static void +__md5_Decode(uint32_t *output, const unsigned char *input, unsigned int len) +{ + unsigned int i, j; + + for (i = 0, j = 0; j < len; i++, j += 4) + output[i] = ((uint32_t)input[j]) | (((uint32_t)input[j+1]) << 8) | + (((uint32_t)input[j+2]) << 16) | (((uint32_t)input[j+3]) << 24); +} +#endif /* i386 */ + +/* F, G, H and I are basic MD5 functions. */ +#define F(x, y, z) (((x) & (y)) | (~(x) & (z))) +#define G(x, y, z) (((x) & (z)) | ((y) & ~(z))) +#define H(x, y, z) ((x) ^ (y) ^ (z)) +#define I(x, y, z) ((y) ^ ((x) | ~(z))) + +/* ROTATE_LEFT rotates x left n bits. */ +#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n)))) + +/* + * FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4. + * Rotation is separate from addition to prevent recomputation. + */ +#define FF(a, b, c, d, x, s, ac) { \ + (a) += F ((b), (c), (d)) + (x) + (uint32_t)(ac); \ + (a) = ROTATE_LEFT((a), (s)); \ + (a) += (b); \ + } +#define GG(a, b, c, d, x, s, ac) { \ + (a) += G ((b), (c), (d)) + (x) + (uint32_t)(ac); \ + (a) = ROTATE_LEFT((a), (s)); \ + (a) += (b); \ + } +#define HH(a, b, c, d, x, s, ac) { \ + (a) += H ((b), (c), (d)) + (x) + (uint32_t)(ac); \ + (a) = ROTATE_LEFT((a), (s)); \ + (a) += (b); \ + } +#define II(a, b, c, d, x, s, ac) { \ + (a) += I ((b), (c), (d)) + (x) + (uint32_t)(ac); \ + (a) = ROTATE_LEFT((a), (s)); \ + (a) += (b); \ + } + +/* MD5 initialization. Begins an MD5 operation, writing a new context. */ +static void __md5_Init(struct MD5Context *context) +{ + context->count[0] = context->count[1] = 0; + + /* Load magic initialization constants. */ + context->state[0] = 0x67452301; + context->state[1] = 0xefcdab89; + context->state[2] = 0x98badcfe; + context->state[3] = 0x10325476; +} + +/* + * MD5 block update operation. Continues an MD5 message-digest + * operation, processing another message block, and updating the + * context. + */ +static void __md5_Update(struct MD5Context *context, const unsigned char *input, unsigned int inputLen) +{ + unsigned int i, idx, partLen; + + /* Compute number of bytes mod 64 */ + idx = (context->count[0] >> 3) & 0x3F; + + /* Update number of bits */ + context->count[0] += (inputLen << 3); + if (context->count[0] < (inputLen << 3)) + context->count[1]++; + context->count[1] += (inputLen >> 29); + + partLen = 64 - idx; + + /* Transform as many times as possible. */ + if (inputLen >= partLen) { + memcpy(&context->buffer[idx], input, partLen); + __md5_Transform(context->state, context->buffer); + + for (i = partLen; i + 63 < inputLen; i += 64) + __md5_Transform(context->state, &input[i]); + + idx = 0; + } else + i = 0; + + /* Buffer remaining input */ + memcpy(&context->buffer[idx], &input[i], inputLen - i); +} + +/* + * MD5 padding. Adds padding followed by original length. + */ +static void __md5_Pad(struct MD5Context *context) +{ + unsigned char bits[8]; + unsigned int idx, padLen; + unsigned char PADDING[64]; + + memset(PADDING, 0, sizeof(PADDING)); + PADDING[0] = 0x80; + + /* Save number of bits */ + __md5_Encode(bits, context->count, 8); + + /* Pad out to 56 mod 64. */ + idx = (context->count[0] >> 3) & 0x3f; + padLen = (idx < 56) ? (56 - idx) : (120 - idx); + __md5_Update(context, PADDING, padLen); + + /* Append length (before padding) */ + __md5_Update(context, bits, 8); +} + +/* + * MD5 finalization. Ends an MD5 message-digest operation, writing the + * the message digest and zeroizing the context. + */ +static void __md5_Final(unsigned char digest[16], struct MD5Context *context) +{ + /* Do padding. */ + __md5_Pad(context); + + /* Store state in digest */ + __md5_Encode(digest, context->state, 16); + + /* Zeroize sensitive information. */ + memset(context, 0, sizeof(*context)); +} + +/* MD5 basic transformation. Transforms state based on block. */ +static void __md5_Transform(uint32_t state[4], const unsigned char block[64]) +{ + uint32_t a, b, c, d, x[16]; +#if MD5_SIZE_OVER_SPEED > 1 + uint32_t temp; + const unsigned char *ps; + + static const unsigned char S[] = { + 7, 12, 17, 22, + 5, 9, 14, 20, + 4, 11, 16, 23, + 6, 10, 15, 21 + }; +#endif /* MD5_SIZE_OVER_SPEED > 1 */ + +#if MD5_SIZE_OVER_SPEED > 0 + const uint32_t *pc; + const unsigned char *pp; + int i; + + static const uint32_t C[] = { + /* round 1 */ + 0xd76aa478, 0xe8c7b756, 0x242070db, 0xc1bdceee, + 0xf57c0faf, 0x4787c62a, 0xa8304613, 0xfd469501, + 0x698098d8, 0x8b44f7af, 0xffff5bb1, 0x895cd7be, + 0x6b901122, 0xfd987193, 0xa679438e, 0x49b40821, + /* round 2 */ + 0xf61e2562, 0xc040b340, 0x265e5a51, 0xe9b6c7aa, + 0xd62f105d, 0x2441453, 0xd8a1e681, 0xe7d3fbc8, + 0x21e1cde6, 0xc33707d6, 0xf4d50d87, 0x455a14ed, + 0xa9e3e905, 0xfcefa3f8, 0x676f02d9, 0x8d2a4c8a, + /* round 3 */ + 0xfffa3942, 0x8771f681, 0x6d9d6122, 0xfde5380c, + 0xa4beea44, 0x4bdecfa9, 0xf6bb4b60, 0xbebfbc70, + 0x289b7ec6, 0xeaa127fa, 0xd4ef3085, 0x4881d05, + 0xd9d4d039, 0xe6db99e5, 0x1fa27cf8, 0xc4ac5665, + /* round 4 */ + 0xf4292244, 0x432aff97, 0xab9423a7, 0xfc93a039, + 0x655b59c3, 0x8f0ccc92, 0xffeff47d, 0x85845dd1, + 0x6fa87e4f, 0xfe2ce6e0, 0xa3014314, 0x4e0811a1, + 0xf7537e82, 0xbd3af235, 0x2ad7d2bb, 0xeb86d391 + }; + + static const unsigned char P[] = { + 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, /* 1 */ + 1, 6, 11, 0, 5, 10, 15, 4, 9, 14, 3, 8, 13, 2, 7, 12, /* 2 */ + 5, 8, 11, 14, 1, 4, 7, 10, 13, 0, 3, 6, 9, 12, 15, 2, /* 3 */ + 0, 7, 14, 5, 12, 3, 10, 1, 8, 15, 6, 13, 4, 11, 2, 9 /* 4 */ + }; + +#endif /* MD5_SIZE_OVER_SPEED > 0 */ + + __md5_Decode(x, block, 64); + + a = state[0]; b = state[1]; c = state[2]; d = state[3]; + +#if MD5_SIZE_OVER_SPEED > 2 + pc = C; pp = P; ps = S - 4; + + for (i = 0; i < 64; i++) { + if ((i & 0x0f) == 0) ps += 4; + temp = a; + switch (i>>4) { + case 0: + temp += F(b, c, d); + break; + case 1: + temp += G(b, c, d); + break; + case 2: + temp += H(b, c, d); + break; + case 3: + temp += I(b, c, d); + break; + } + temp += x[*pp++] + *pc++; + temp = ROTATE_LEFT(temp, ps[i & 3]); + temp += b; + a = d; d = c; c = b; b = temp; + } +#elif MD5_SIZE_OVER_SPEED > 1 + pc = C; pp = P; ps = S; + + /* Round 1 */ + for (i = 0; i < 16; i++) { + FF(a, b, c, d, x[*pp], ps[i & 0x3], *pc); pp++; pc++; + temp = d; d = c; c = b; b = a; a = temp; + } + + /* Round 2 */ + ps += 4; + for (; i < 32; i++) { + GG(a, b, c, d, x[*pp], ps[i & 0x3], *pc); pp++; pc++; + temp = d; d = c; c = b; b = a; a = temp; + } + /* Round 3 */ + ps += 4; + for (; i < 48; i++) { + HH(a, b, c, d, x[*pp], ps[i & 0x3], *pc); pp++; pc++; + temp = d; d = c; c = b; b = a; a = temp; + } + + /* Round 4 */ + ps += 4; + for (; i < 64; i++) { + II(a, b, c, d, x[*pp], ps[i & 0x3], *pc); pp++; pc++; + temp = d; d = c; c = b; b = a; a = temp; + } +#elif MD5_SIZE_OVER_SPEED > 0 + pc = C; pp = P; + + /* Round 1 */ + for (i = 0; i < 4; i++) { + FF(a, b, c, d, x[*pp], 7, *pc); pp++; pc++; + FF(d, a, b, c, x[*pp], 12, *pc); pp++; pc++; + FF(c, d, a, b, x[*pp], 17, *pc); pp++; pc++; + FF(b, c, d, a, x[*pp], 22, *pc); pp++; pc++; + } + + /* Round 2 */ + for (i = 0; i < 4; i++) { + GG(a, b, c, d, x[*pp], 5, *pc); pp++; pc++; + GG(d, a, b, c, x[*pp], 9, *pc); pp++; pc++; + GG(c, d, a, b, x[*pp], 14, *pc); pp++; pc++; + GG(b, c, d, a, x[*pp], 20, *pc); pp++; pc++; + } + /* Round 3 */ + for (i = 0; i < 4; i++) { + HH(a, b, c, d, x[*pp], 4, *pc); pp++; pc++; + HH(d, a, b, c, x[*pp], 11, *pc); pp++; pc++; + HH(c, d, a, b, x[*pp], 16, *pc); pp++; pc++; + HH(b, c, d, a, x[*pp], 23, *pc); pp++; pc++; + } + + /* Round 4 */ + for (i = 0; i < 4; i++) { + II(a, b, c, d, x[*pp], 6, *pc); pp++; pc++; + II(d, a, b, c, x[*pp], 10, *pc); pp++; pc++; + II(c, d, a, b, x[*pp], 15, *pc); pp++; pc++; + II(b, c, d, a, x[*pp], 21, *pc); pp++; pc++; + } +#else + /* Round 1 */ +#define S11 7 +#define S12 12 +#define S13 17 +#define S14 22 + FF(a, b, c, d, x[ 0], S11, 0xd76aa478); /* 1 */ + FF(d, a, b, c, x[ 1], S12, 0xe8c7b756); /* 2 */ + FF(c, d, a, b, x[ 2], S13, 0x242070db); /* 3 */ + FF(b, c, d, a, x[ 3], S14, 0xc1bdceee); /* 4 */ + FF(a, b, c, d, x[ 4], S11, 0xf57c0faf); /* 5 */ + FF(d, a, b, c, x[ 5], S12, 0x4787c62a); /* 6 */ + FF(c, d, a, b, x[ 6], S13, 0xa8304613); /* 7 */ + FF(b, c, d, a, x[ 7], S14, 0xfd469501); /* 8 */ + FF(a, b, c, d, x[ 8], S11, 0x698098d8); /* 9 */ + FF(d, a, b, c, x[ 9], S12, 0x8b44f7af); /* 10 */ + FF(c, d, a, b, x[10], S13, 0xffff5bb1); /* 11 */ + FF(b, c, d, a, x[11], S14, 0x895cd7be); /* 12 */ + FF(a, b, c, d, x[12], S11, 0x6b901122); /* 13 */ + FF(d, a, b, c, x[13], S12, 0xfd987193); /* 14 */ + FF(c, d, a, b, x[14], S13, 0xa679438e); /* 15 */ + FF(b, c, d, a, x[15], S14, 0x49b40821); /* 16 */ + + /* Round 2 */ +#define S21 5 +#define S22 9 +#define S23 14 +#define S24 20 + GG(a, b, c, d, x[ 1], S21, 0xf61e2562); /* 17 */ + GG(d, a, b, c, x[ 6], S22, 0xc040b340); /* 18 */ + GG(c, d, a, b, x[11], S23, 0x265e5a51); /* 19 */ + GG(b, c, d, a, x[ 0], S24, 0xe9b6c7aa); /* 20 */ + GG(a, b, c, d, x[ 5], S21, 0xd62f105d); /* 21 */ + GG(d, a, b, c, x[10], S22, 0x2441453); /* 22 */ + GG(c, d, a, b, x[15], S23, 0xd8a1e681); /* 23 */ + GG(b, c, d, a, x[ 4], S24, 0xe7d3fbc8); /* 24 */ + GG(a, b, c, d, x[ 9], S21, 0x21e1cde6); /* 25 */ + GG(d, a, b, c, x[14], S22, 0xc33707d6); /* 26 */ + GG(c, d, a, b, x[ 3], S23, 0xf4d50d87); /* 27 */ + GG(b, c, d, a, x[ 8], S24, 0x455a14ed); /* 28 */ + GG(a, b, c, d, x[13], S21, 0xa9e3e905); /* 29 */ + GG(d, a, b, c, x[ 2], S22, 0xfcefa3f8); /* 30 */ + GG(c, d, a, b, x[ 7], S23, 0x676f02d9); /* 31 */ + GG(b, c, d, a, x[12], S24, 0x8d2a4c8a); /* 32 */ + + /* Round 3 */ +#define S31 4 +#define S32 11 +#define S33 16 +#define S34 23 + HH(a, b, c, d, x[ 5], S31, 0xfffa3942); /* 33 */ + HH(d, a, b, c, x[ 8], S32, 0x8771f681); /* 34 */ + HH(c, d, a, b, x[11], S33, 0x6d9d6122); /* 35 */ + HH(b, c, d, a, x[14], S34, 0xfde5380c); /* 36 */ + HH(a, b, c, d, x[ 1], S31, 0xa4beea44); /* 37 */ + HH(d, a, b, c, x[ 4], S32, 0x4bdecfa9); /* 38 */ + HH(c, d, a, b, x[ 7], S33, 0xf6bb4b60); /* 39 */ + HH(b, c, d, a, x[10], S34, 0xbebfbc70); /* 40 */ + HH(a, b, c, d, x[13], S31, 0x289b7ec6); /* 41 */ + HH(d, a, b, c, x[ 0], S32, 0xeaa127fa); /* 42 */ + HH(c, d, a, b, x[ 3], S33, 0xd4ef3085); /* 43 */ + HH(b, c, d, a, x[ 6], S34, 0x4881d05); /* 44 */ + HH(a, b, c, d, x[ 9], S31, 0xd9d4d039); /* 45 */ + HH(d, a, b, c, x[12], S32, 0xe6db99e5); /* 46 */ + HH(c, d, a, b, x[15], S33, 0x1fa27cf8); /* 47 */ + HH(b, c, d, a, x[ 2], S34, 0xc4ac5665); /* 48 */ + + /* Round 4 */ +#define S41 6 +#define S42 10 +#define S43 15 +#define S44 21 + II(a, b, c, d, x[ 0], S41, 0xf4292244); /* 49 */ + II(d, a, b, c, x[ 7], S42, 0x432aff97); /* 50 */ + II(c, d, a, b, x[14], S43, 0xab9423a7); /* 51 */ + II(b, c, d, a, x[ 5], S44, 0xfc93a039); /* 52 */ + II(a, b, c, d, x[12], S41, 0x655b59c3); /* 53 */ + II(d, a, b, c, x[ 3], S42, 0x8f0ccc92); /* 54 */ + II(c, d, a, b, x[10], S43, 0xffeff47d); /* 55 */ + II(b, c, d, a, x[ 1], S44, 0x85845dd1); /* 56 */ + II(a, b, c, d, x[ 8], S41, 0x6fa87e4f); /* 57 */ + II(d, a, b, c, x[15], S42, 0xfe2ce6e0); /* 58 */ + II(c, d, a, b, x[ 6], S43, 0xa3014314); /* 59 */ + II(b, c, d, a, x[13], S44, 0x4e0811a1); /* 60 */ + II(a, b, c, d, x[ 4], S41, 0xf7537e82); /* 61 */ + II(d, a, b, c, x[11], S42, 0xbd3af235); /* 62 */ + II(c, d, a, b, x[ 2], S43, 0x2ad7d2bb); /* 63 */ + II(b, c, d, a, x[ 9], S44, 0xeb86d391); /* 64 */ +#endif + + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; + + /* Zeroize sensitive information. */ + memset(x, 0, sizeof(x)); +} + + +static char* +__md5_to64(char *s, unsigned v, int n) +{ + while (--n >= 0) { + *s++ = ascii64[v & 0x3f]; + v >>= 6; + } + return s; +} + +/* + * UNIX password + * + * Use MD5 for what it is best at... + */ +#define MD5_OUT_BUFSIZE 36 +static char * +md5_crypt(char passwd[MD5_OUT_BUFSIZE], const unsigned char *pw, const unsigned char *salt) +{ + const unsigned char *sp, *ep; + char *p; + unsigned char final[17]; /* final[16] exists only to aid in looping */ + int sl, pl, i, pw_len; + struct MD5Context ctx, ctx1; + + /* Refine the Salt first */ + sp = salt; + + sp += MD5_MAGIC_LEN; + + /* It stops at the first '$', max 8 chars */ + for (ep = sp; *ep && *ep != '$' && ep < (sp+8); ep++) + continue; + + /* get the length of the true salt */ + sl = ep - sp; + + __md5_Init(&ctx); + + /* The password first, since that is what is most unknown */ + pw_len = strlen((char*)pw); + __md5_Update(&ctx, pw, pw_len); + + /* Then our magic string */ + __md5_Update(&ctx, __md5__magic, MD5_MAGIC_LEN); + + /* Then the raw salt */ + __md5_Update(&ctx, sp, sl); + + /* Then just as many characters of the MD5(pw, salt, pw) */ + __md5_Init(&ctx1); + __md5_Update(&ctx1, pw, pw_len); + __md5_Update(&ctx1, sp, sl); + __md5_Update(&ctx1, pw, pw_len); + __md5_Final(final, &ctx1); + for (pl = pw_len; pl > 0; pl -= 16) + __md5_Update(&ctx, final, pl > 16 ? 16 : pl); + + /* Don't leave anything around in vm they could use. */ +//TODO: the above comment seems to be wrong. final is used later. + memset(final, 0, sizeof(final)); + + /* Then something really weird... */ + for (i = pw_len; i; i >>= 1) { + __md5_Update(&ctx, ((i & 1) ? final : (const unsigned char *) pw), 1); + } + + /* Now make the output string */ + passwd[0] = '$'; + passwd[1] = '1'; + passwd[2] = '$'; + strncpy(passwd + 3, (char*)sp, sl); + passwd[sl + 3] = '$'; + + __md5_Final(final, &ctx); + + /* + * and now, just to make sure things don't run too fast + * On a 60 Mhz Pentium this takes 34 msec, so you would + * need 30 seconds to build a 1000 entry dictionary... + */ + for (i = 0; i < 1000; i++) { + __md5_Init(&ctx1); + if (i & 1) + __md5_Update(&ctx1, pw, pw_len); + else + __md5_Update(&ctx1, final, 16); + + if (i % 3) + __md5_Update(&ctx1, sp, sl); + + if (i % 7) + __md5_Update(&ctx1, pw, pw_len); + + if (i & 1) + __md5_Update(&ctx1, final, 16); + else + __md5_Update(&ctx1, pw, pw_len); + __md5_Final(final, &ctx1); + } + + p = passwd + sl + 4; /* 12 bytes max (sl is up to 8 bytes) */ + + /* Add 5*4+2 = 22 bytes of hash, + NUL byte. */ + final[16] = final[5]; + for (i = 0; i < 5; i++) { + unsigned l = (final[i] << 16) | (final[i+6] << 8) | final[i+12]; + p = __md5_to64(p, l, 4); + } + p = __md5_to64(p, final[11], 2); + *p = '\0'; + + /* Don't leave anything around in vm they could use. */ + memset(final, 0, sizeof(final)); + + return passwd; +} + +#undef MD5_SIZE_OVER_SPEED +#undef MD5_MAGIC_STR +#undef MD5_MAGIC_LEN +#undef __md5_Encode +#undef __md5_Decode +#undef F +#undef G +#undef H +#undef I +#undef ROTATE_LEFT +#undef FF +#undef GG +#undef HH +#undef II +#undef S11 +#undef S12 +#undef S13 +#undef S14 +#undef S21 +#undef S22 +#undef S23 +#undef S24 +#undef S31 +#undef S32 +#undef S33 +#undef S34 +#undef S41 +#undef S42 +#undef S43 +#undef S44 diff --git a/package/network/services/ead/src/sha1.c b/package/network/services/ead/src/sha1.c new file mode 100644 index 0000000..3683a7d --- /dev/null +++ b/package/network/services/ead/src/sha1.c @@ -0,0 +1,104 @@ +/* + * SHA transform algorithm, originally taken from code written by + * Peter Gutmann, and placed in the public domain. + */ + +static uint32_t +rol32(uint32_t word, int shift) +{ + return (word << shift) | (word >> (32 - shift)); +} + +/* The SHA f()-functions. */ + +#define f1(x,y,z) (z ^ (x & (y ^ z))) /* x ? y : z */ +#define f2(x,y,z) (x ^ y ^ z) /* XOR */ +#define f3(x,y,z) ((x & y) + (z & (x ^ y))) /* majority */ + +/* The SHA Mysterious Constants */ + +#define K1 0x5A827999L /* Rounds 0-19: sqrt(2) * 2^30 */ +#define K2 0x6ED9EBA1L /* Rounds 20-39: sqrt(3) * 2^30 */ +#define K3 0x8F1BBCDCL /* Rounds 40-59: sqrt(5) * 2^30 */ +#define K4 0xCA62C1D6L /* Rounds 60-79: sqrt(10) * 2^30 */ + +/** + * sha_transform - single block SHA1 transform + * + * @digest: 160 bit digest to update + * @data: 512 bits of data to hash + * @W: 80 words of workspace (see note) + * + * This function generates a SHA1 digest for a single 512-bit block. + * Be warned, it does not handle padding and message digest, do not + * confuse it with the full FIPS 180-1 digest algorithm for variable + * length messages. + * + * Note: If the hash is security sensitive, the caller should be sure + * to clear the workspace. This is left to the caller to avoid + * unnecessary clears between chained hashing operations. + */ +static void sha_transform(uint32_t *digest, const unsigned char *in, uint32_t *W) +{ + uint32_t a, b, c, d, e, t, i; + + for (i = 0; i < 16; i++) { + int ofs = 4 * i; + + /* word load/store may be unaligned here, so use bytes instead */ + W[i] = + (in[ofs+0] << 24) | + (in[ofs+1] << 16) | + (in[ofs+2] << 8) | + in[ofs+3]; + } + + for (i = 0; i < 64; i++) + W[i+16] = rol32(W[i+13] ^ W[i+8] ^ W[i+2] ^ W[i], 1); + + a = digest[0]; + b = digest[1]; + c = digest[2]; + d = digest[3]; + e = digest[4]; + + for (i = 0; i < 20; i++) { + t = f1(b, c, d) + K1 + rol32(a, 5) + e + W[i]; + e = d; d = c; c = rol32(b, 30); b = a; a = t; + } + + for (; i < 40; i ++) { + t = f2(b, c, d) + K2 + rol32(a, 5) + e + W[i]; + e = d; d = c; c = rol32(b, 30); b = a; a = t; + } + + for (; i < 60; i ++) { + t = f3(b, c, d) + K3 + rol32(a, 5) + e + W[i]; + e = d; d = c; c = rol32(b, 30); b = a; a = t; + } + + for (; i < 80; i ++) { + t = f2(b, c, d) + K4 + rol32(a, 5) + e + W[i]; + e = d; d = c; c = rol32(b, 30); b = a; a = t; + } + + digest[0] += a; + digest[1] += b; + digest[2] += c; + digest[3] += d; + digest[4] += e; +} + +/** + * sha_init - initialize the vectors for a SHA1 digest + * @buf: vector to initialize + */ +static void sha_init(uint32_t *buf) +{ + buf[0] = 0x67452301; + buf[1] = 0xefcdab89; + buf[2] = 0x98badcfe; + buf[3] = 0x10325476; + buf[4] = 0xc3d2e1f0; +} + diff --git a/package/network/services/ead/src/tinysrp/Makefile.am b/package/network/services/ead/src/tinysrp/Makefile.am new file mode 100644 index 0000000..a8f899f --- /dev/null +++ b/package/network/services/ead/src/tinysrp/Makefile.am @@ -0,0 +1,28 @@ +AUTOMAKE_OPTIONS = foreign no-dependencies + +noinst_HEADERS = t_client.h t_pwd.h t_server.h t_sha.h \ + bn.h bn_lcl.h bn_prime.h t_defines.h t_read.h + +include_HEADERS = tinysrp.h + +lib_LIBRARIES = libtinysrp.a + +CFLAGS = -O2 @signed@ + +libtinysrp_a_SOURCES = \ + tinysrp.c t_client.c t_getconf.c t_conv.c t_getpass.c t_sha.c t_math.c \ + t_misc.c t_pw.c t_read.c t_server.c t_truerand.c \ + bn_add.c bn_ctx.c bn_div.c bn_exp.c bn_mul.c bn_word.c bn_asm.c bn_lib.c \ + bn_shift.c bn_sqr.c + +noinst_PROGRAMS = srvtest clitest +srvtest_SOURCES = srvtest.c +clitest_SOURCES = clitest.c + +bin_PROGRAMS = tconf tphrase +tconf_SOURCES = tconf.c t_conf.c +tphrase_SOURCES = tphrase.c + +LDADD = libtinysrp.a + +EXTRA_DIST = tpasswd Notes diff --git a/package/network/services/ead/src/tinysrp/Makefile.in b/package/network/services/ead/src/tinysrp/Makefile.in new file mode 100644 index 0000000..4701cd5 --- /dev/null +++ b/package/network/services/ead/src/tinysrp/Makefile.in @@ -0,0 +1,477 @@ +# Makefile.in generated automatically by automake 1.4a from Makefile.am + +# Copyright (C) 1994, 1995-8, 1999 Free Software Foundation, Inc. +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + + +SHELL = @SHELL@ + +srcdir = @srcdir@ +top_srcdir = @top_srcdir@ +VPATH = @srcdir@ +prefix = @prefix@ +exec_prefix = @exec_prefix@ + +bindir = @bindir@ +sbindir = @sbindir@ +libexecdir = @libexecdir@ +datadir = @datadir@ +sysconfdir = @sysconfdir@ +sharedstatedir = @sharedstatedir@ +localstatedir = @localstatedir@ +libdir = @libdir@ +infodir = @infodir@ +mandir = @mandir@ +includedir = @includedir@ +oldincludedir = /usr/include + +DESTDIR = + +pkgdatadir = $(datadir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ + +top_builddir = . + +ACLOCAL = @ACLOCAL@ +AUTOCONF = @AUTOCONF@ +AUTOMAKE = @AUTOMAKE@ +AUTOHEADER = @AUTOHEADER@ + +INSTALL = @INSTALL@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_FLAG = +transform = @program_transform_name@ + +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +CC = @CC@ +LN_S = @LN_S@ +MAKEINFO = @MAKEINFO@ +PACKAGE = @PACKAGE@ +RANLIB = @RANLIB@ +VERSION = @VERSION@ +signed = @signed@ + +AUTOMAKE_OPTIONS = foreign no-dependencies + +noinst_HEADERS = t_client.h t_pwd.h t_server.h t_sha.h bn.h bn_lcl.h bn_prime.h t_defines.h t_read.h + + +include_HEADERS = tinysrp.h + +lib_LIBRARIES = libtinysrp.a + +CFLAGS = -O2 @signed@ + +libtinysrp_a_SOURCES = tinysrp.c t_client.c t_getconf.c t_conv.c t_getpass.c t_sha.c t_math.c t_misc.c t_pw.c t_read.c t_server.c t_truerand.c bn_add.c bn_ctx.c bn_div.c bn_exp.c bn_mul.c bn_word.c bn_asm.c bn_lib.c bn_shift.c bn_sqr.c + + +noinst_PROGRAMS = srvtest clitest +srvtest_SOURCES = srvtest.c +clitest_SOURCES = clitest.c + +bin_PROGRAMS = tconf tphrase +tconf_SOURCES = tconf.c t_conf.c +tphrase_SOURCES = tphrase.c + +LDADD = libtinysrp.a + +EXTRA_DIST = tpasswd Notes +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs +CONFIG_HEADER = config.h +CONFIG_CLEAN_FILES = +LIBRARIES = $(lib_LIBRARIES) + + +DEFS = @DEFS@ -I. -I$(srcdir) -I. +CPPFLAGS = @CPPFLAGS@ +LDFLAGS = @LDFLAGS@ +LIBS = @LIBS@ +libtinysrp_a_LIBADD = +libtinysrp_a_OBJECTS = tinysrp.o t_client.o t_getconf.o t_conv.o \ +t_getpass.o t_sha.o t_math.o t_misc.o t_pw.o t_read.o t_server.o \ +t_truerand.o bn_add.o bn_ctx.o bn_div.o bn_exp.o bn_mul.o bn_word.o \ +bn_asm.o bn_lib.o bn_shift.o bn_sqr.o +AR = ar +PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS) + +tconf_OBJECTS = tconf.o t_conf.o +tconf_LDADD = $(LDADD) +tconf_DEPENDENCIES = libtinysrp.a +tconf_LDFLAGS = +tphrase_OBJECTS = tphrase.o +tphrase_LDADD = $(LDADD) +tphrase_DEPENDENCIES = libtinysrp.a +tphrase_LDFLAGS = +srvtest_OBJECTS = srvtest.o +srvtest_LDADD = $(LDADD) +srvtest_DEPENDENCIES = libtinysrp.a +srvtest_LDFLAGS = +clitest_OBJECTS = clitest.o +clitest_LDADD = $(LDADD) +clitest_DEPENDENCIES = libtinysrp.a +clitest_LDFLAGS = +COMPILE = $(CC) $(DEFS) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +CCLD = $(CC) +LINK = $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(LDFLAGS) -o $@ +HEADERS = $(include_HEADERS) $(noinst_HEADERS) + +DIST_COMMON = ./stamp-h.in Makefile.am Makefile.in acconfig.h \ +acinclude.m4 aclocal.m4 config.h.in configure configure.in install-sh \ +missing mkinstalldirs + + +DISTFILES = $(DIST_COMMON) $(SOURCES) $(HEADERS) $(TEXINFOS) $(EXTRA_DIST) + +TAR = gtar +GZIP_ENV = --best +SOURCES = $(libtinysrp_a_SOURCES) $(tconf_SOURCES) $(tphrase_SOURCES) $(srvtest_SOURCES) $(clitest_SOURCES) +OBJECTS = $(libtinysrp_a_OBJECTS) $(tconf_OBJECTS) $(tphrase_OBJECTS) $(srvtest_OBJECTS) $(clitest_OBJECTS) + +all: all-redirect +.SUFFIXES: +.SUFFIXES: .S .c .o .s + +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + cd $(top_builddir) \ + && CONFIG_FILES=$@ CONFIG_HEADERS= $(SHELL) ./config.status + +$(ACLOCAL_M4): configure.in acinclude.m4 + cd $(srcdir) && $(ACLOCAL) + +$(srcdir)/configure: $(srcdir)/configure.in $(ACLOCAL_M4) $(CONFIGURE_DEPENDENCIES) + cd $(srcdir) && $(AUTOCONF) + +config.h: stamp-h + @if test ! -f $@; then \ + rm -f stamp-h; \ + $(MAKE) stamp-h; \ + else :; fi +stamp-h: $(srcdir)/config.h.in $(top_builddir)/config.status + cd $(top_builddir) \ + && CONFIG_FILES= CONFIG_HEADERS=config.h \ + $(SHELL) ./config.status + @echo timestamp > stamp-h 2> /dev/null +$(srcdir)/config.h.in: $(srcdir)/stamp-h.in + @if test ! -f $@; then \ + rm -f $(srcdir)/stamp-h.in; \ + $(MAKE) $(srcdir)/stamp-h.in; \ + else :; fi +$(srcdir)/stamp-h.in: $(top_srcdir)/configure.in $(ACLOCAL_M4) acconfig.h + cd $(top_srcdir) && $(AUTOHEADER) + @echo timestamp > $(srcdir)/stamp-h.in 2> /dev/null + +mostlyclean-hdr: + +clean-hdr: + +distclean-hdr: + -rm -f config.h + +maintainer-clean-hdr: + +mostlyclean-libLIBRARIES: + +clean-libLIBRARIES: + -test -z "$(lib_LIBRARIES)" || rm -f $(lib_LIBRARIES) + +distclean-libLIBRARIES: + +maintainer-clean-libLIBRARIES: + +install-libLIBRARIES: $(lib_LIBRARIES) + @$(NORMAL_INSTALL) + $(mkinstalldirs) $(DESTDIR)$(libdir) + @list='$(lib_LIBRARIES)'; for p in $$list; do \ + if test -f $$p; then \ + echo " $(INSTALL_DATA) $$p $(DESTDIR)$(libdir)/$$p"; \ + $(INSTALL_DATA) $$p $(DESTDIR)$(libdir)/$$p; \ + else :; fi; \ + done + @$(POST_INSTALL) + @list='$(lib_LIBRARIES)'; for p in $$list; do \ + if test -f $$p; then \ + echo " $(RANLIB) $(DESTDIR)$(libdir)/$$p"; \ + $(RANLIB) $(DESTDIR)$(libdir)/$$p; \ + else :; fi; \ + done + +uninstall-libLIBRARIES: + @$(NORMAL_UNINSTALL) + list='$(lib_LIBRARIES)'; for p in $$list; do \ + rm -f $(DESTDIR)$(libdir)/$$p; \ + done + +.c.o: + $(COMPILE) -c $< + +.s.o: + $(COMPILE) -c $< + +.S.o: + $(COMPILE) -c $< + +mostlyclean-compile: + -rm -f *.o core *.core + +clean-compile: + +distclean-compile: + -rm -f *.tab.c + +maintainer-clean-compile: + +libtinysrp.a: $(libtinysrp_a_OBJECTS) $(libtinysrp_a_DEPENDENCIES) + -rm -f libtinysrp.a + $(AR) cru libtinysrp.a $(libtinysrp_a_OBJECTS) $(libtinysrp_a_LIBADD) + $(RANLIB) libtinysrp.a + +mostlyclean-binPROGRAMS: + +clean-binPROGRAMS: + -test -z "$(bin_PROGRAMS)" || rm -f $(bin_PROGRAMS) + +distclean-binPROGRAMS: + +maintainer-clean-binPROGRAMS: + +install-binPROGRAMS: $(bin_PROGRAMS) + @$(NORMAL_INSTALL) + $(mkinstalldirs) $(DESTDIR)$(bindir) + @list='$(bin_PROGRAMS)'; for p in $$list; do \ + if test -f $$p; then \ + echo " $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(bindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`"; \ + $(INSTALL_PROGRAM) $(INSTALL_STRIP_FLAG) $$p $(DESTDIR)$(bindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`; \ + else :; fi; \ + done + +uninstall-binPROGRAMS: + @$(NORMAL_UNINSTALL) + list='$(bin_PROGRAMS)'; for p in $$list; do \ + rm -f $(DESTDIR)$(bindir)/`echo $$p|sed 's/$(EXEEXT)$$//'|sed '$(transform)'|sed 's/$$/$(EXEEXT)/'`; \ + done + +mostlyclean-noinstPROGRAMS: + +clean-noinstPROGRAMS: + -test -z "$(noinst_PROGRAMS)" || rm -f $(noinst_PROGRAMS) + +distclean-noinstPROGRAMS: + +maintainer-clean-noinstPROGRAMS: + +tconf: $(tconf_OBJECTS) $(tconf_DEPENDENCIES) + @rm -f tconf + $(LINK) $(tconf_LDFLAGS) $(tconf_OBJECTS) $(tconf_LDADD) $(LIBS) + +tphrase: $(tphrase_OBJECTS) $(tphrase_DEPENDENCIES) + @rm -f tphrase + $(LINK) $(tphrase_LDFLAGS) $(tphrase_OBJECTS) $(tphrase_LDADD) $(LIBS) + +srvtest: $(srvtest_OBJECTS) $(srvtest_DEPENDENCIES) + @rm -f srvtest + $(LINK) $(srvtest_LDFLAGS) $(srvtest_OBJECTS) $(srvtest_LDADD) $(LIBS) + +clitest: $(clitest_OBJECTS) $(clitest_DEPENDENCIES) + @rm -f clitest + $(LINK) $(clitest_LDFLAGS) $(clitest_OBJECTS) $(clitest_LDADD) $(LIBS) + +install-includeHEADERS: $(include_HEADERS) + @$(NORMAL_INSTALL) + $(mkinstalldirs) $(DESTDIR)$(includedir) + @list='$(include_HEADERS)'; for p in $$list; do \ + if test -f "$$p"; then d= ; else d="$(srcdir)/"; fi; \ + echo " $(INSTALL_DATA) $$d$$p $(DESTDIR)$(includedir)/$$p"; \ + $(INSTALL_DATA) $$d$$p $(DESTDIR)$(includedir)/$$p; \ + done + +uninstall-includeHEADERS: + @$(NORMAL_UNINSTALL) + list='$(include_HEADERS)'; for p in $$list; do \ + rm -f $(DESTDIR)$(includedir)/$$p; \ + done + +tags: TAGS + +ID: $(HEADERS) $(SOURCES) $(LISP) + list='$(SOURCES) $(HEADERS)'; \ + unique=`for i in $$list; do echo $$i; done | \ + awk ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + here=`pwd` && cd $(srcdir) \ + && mkid -f$$here/ID $$unique $(LISP) + +TAGS: $(HEADERS) $(SOURCES) config.h.in $(TAGS_DEPENDENCIES) $(LISP) + tags=; \ + here=`pwd`; \ + list='$(SOURCES) $(HEADERS)'; \ + unique=`for i in $$list; do echo $$i; done | \ + awk ' { files[$$0] = 1; } \ + END { for (i in files) print i; }'`; \ + test -z "$(ETAGS_ARGS)config.h.in$$unique$(LISP)$$tags" \ + || (cd $(srcdir) && etags $(ETAGS_ARGS) $$tags config.h.in $$unique $(LISP) -o $$here/TAGS) + +mostlyclean-tags: + +clean-tags: + +distclean-tags: + -rm -f TAGS ID + +maintainer-clean-tags: + +distdir = $(PACKAGE)-$(VERSION) +top_distdir = $(distdir) + +# This target untars the dist file and tries a VPATH configuration. Then +# it guarantees that the distribution is self-contained by making another +# tarfile. +distcheck: dist + -rm -rf $(distdir) + GZIP=$(GZIP_ENV) $(TAR) zxf $(distdir).tar.gz + mkdir $(distdir)/=build + mkdir $(distdir)/=inst + dc_install_base=`cd $(distdir)/=inst && pwd`; \ + cd $(distdir)/=build \ + && ../configure --srcdir=.. --prefix=$$dc_install_base \ + && $(MAKE) $(AM_MAKEFLAGS) \ + && $(MAKE) $(AM_MAKEFLAGS) dvi \ + && $(MAKE) $(AM_MAKEFLAGS) check \ + && $(MAKE) $(AM_MAKEFLAGS) install \ + && $(MAKE) $(AM_MAKEFLAGS) installcheck \ + && $(MAKE) $(AM_MAKEFLAGS) dist + -rm -rf $(distdir) + @banner="$(distdir).tar.gz is ready for distribution"; \ + dashes=`echo "$$banner" | sed s/./=/g`; \ + echo "$$dashes"; \ + echo "$$banner"; \ + echo "$$dashes" +dist: distdir + -chmod -R a+r $(distdir) + GZIP=$(GZIP_ENV) $(TAR) chozf $(distdir).tar.gz $(distdir) + -rm -rf $(distdir) +dist-all: distdir + -chmod -R a+r $(distdir) + GZIP=$(GZIP_ENV) $(TAR) chozf $(distdir).tar.gz $(distdir) + -rm -rf $(distdir) +distdir: $(DISTFILES) + -rm -rf $(distdir) + mkdir $(distdir) + -chmod 777 $(distdir) + @for file in $(DISTFILES); do \ + d=$(srcdir); \ + if test -d $$d/$$file; then \ + cp -pr $$d/$$file $(distdir)/$$file; \ + else \ + test -f $(distdir)/$$file \ + || ln $$d/$$file $(distdir)/$$file 2> /dev/null \ + || cp -p $$d/$$file $(distdir)/$$file || :; \ + fi; \ + done +info-am: +info: info-am +dvi-am: +dvi: dvi-am +check-am: all-am +check: check-am +installcheck-am: +installcheck: installcheck-am +all-recursive-am: config.h + $(MAKE) $(AM_MAKEFLAGS) all-recursive + +install-exec-am: install-libLIBRARIES install-binPROGRAMS +install-exec: install-exec-am + +install-data-am: install-includeHEADERS +install-data: install-data-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am +install: install-am +uninstall-am: uninstall-libLIBRARIES uninstall-binPROGRAMS \ + uninstall-includeHEADERS +uninstall: uninstall-am +all-am: Makefile $(LIBRARIES) $(PROGRAMS) $(HEADERS) config.h +all-redirect: all-am +install-strip: + $(MAKE) $(AM_MAKEFLAGS) INSTALL_STRIP_FLAG=-s install +installdirs: + $(mkinstalldirs) $(DESTDIR)$(libdir) $(DESTDIR)$(bindir) \ + $(DESTDIR)$(includedir) + + +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -rm -f Makefile $(CONFIG_CLEAN_FILES) + -rm -f config.cache config.log stamp-h stamp-h[0-9]* + +maintainer-clean-generic: +mostlyclean-am: mostlyclean-hdr mostlyclean-libLIBRARIES \ + mostlyclean-compile mostlyclean-binPROGRAMS \ + mostlyclean-noinstPROGRAMS mostlyclean-tags \ + mostlyclean-generic + +mostlyclean: mostlyclean-am + +clean-am: clean-hdr clean-libLIBRARIES clean-compile clean-binPROGRAMS \ + clean-noinstPROGRAMS clean-tags clean-generic \ + mostlyclean-am + +clean: clean-am + +distclean-am: distclean-hdr distclean-libLIBRARIES distclean-compile \ + distclean-binPROGRAMS distclean-noinstPROGRAMS \ + distclean-tags distclean-generic clean-am + +distclean: distclean-am + -rm -f config.status + +maintainer-clean-am: maintainer-clean-hdr maintainer-clean-libLIBRARIES \ + maintainer-clean-compile maintainer-clean-binPROGRAMS \ + maintainer-clean-noinstPROGRAMS maintainer-clean-tags \ + maintainer-clean-generic distclean-am + @echo "This command is intended for maintainers to use;" + @echo "it deletes files that may require special tools to rebuild." + +maintainer-clean: maintainer-clean-am + -rm -f config.status + +.PHONY: mostlyclean-hdr distclean-hdr clean-hdr maintainer-clean-hdr \ +mostlyclean-libLIBRARIES distclean-libLIBRARIES clean-libLIBRARIES \ +maintainer-clean-libLIBRARIES uninstall-libLIBRARIES \ +install-libLIBRARIES mostlyclean-compile distclean-compile \ +clean-compile maintainer-clean-compile mostlyclean-binPROGRAMS \ +distclean-binPROGRAMS clean-binPROGRAMS maintainer-clean-binPROGRAMS \ +uninstall-binPROGRAMS install-binPROGRAMS mostlyclean-noinstPROGRAMS \ +distclean-noinstPROGRAMS clean-noinstPROGRAMS \ +maintainer-clean-noinstPROGRAMS uninstall-includeHEADERS \ +install-includeHEADERS tags mostlyclean-tags distclean-tags clean-tags \ +maintainer-clean-tags distdir info-am info dvi-am dvi check check-am \ +installcheck-am installcheck all-recursive-am install-exec-am \ +install-exec install-data-am install-data install-am install \ +uninstall-am uninstall all-redirect all-am all installdirs \ +mostlyclean-generic distclean-generic clean-generic \ +maintainer-clean-generic clean mostlyclean distclean maintainer-clean + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/package/network/services/ead/src/tinysrp/Notes b/package/network/services/ead/src/tinysrp/Notes new file mode 100644 index 0000000..a8620aa --- /dev/null +++ b/package/network/services/ead/src/tinysrp/Notes @@ -0,0 +1,110 @@ +t_* stuff is from the srp 1.7.1 dist +bn_* stuff is from openssl 0.9.6 + +(The 7 in libtinysrp's version number reflects the srp version.) + +Licensing and copyright for srp and openssl are as indicated in the relevant +source files. Everything else here is GPL, including the tinysrp protocol. + +Changelog since initial release: + +0.7.4 more robust terminal modes in t_getpass + a potential buffer overflow in tinysrp +0.7.5 uninitialized pointer bug in tconf + +Changes from the base srp and openssl distributions: + +I've removed everything that's not needed for client/server operations, and +all the bn_* stuff that's only used for prime generation has been moved to +t_conf.c, which isn't part of the library anymore. Also, all the routines +used for passphrase file maintenance have been moved to tphrase.c. + +The library has been optimized (a bit) for space instead of speed. Since +authentication is usually only done once, this isn't a big problem. Modern +CPUs are plenty fast for this task, and even 100 MHz CPUs are fine. If you +really need the speed, get the regular distributions. + +Note that if the server sends the client a prime that the client doesn't +know about, the client MUST test for primality. Since this is pretty +expensive, and takes 30 seconds on a 100 MHz machine, and uses lots of code, +I've removed that ability from the client. So only KNOWN primes can be +used. You can still generate new ones with tconf, but you have to install +them in the table of known primes (pre_params) in t_getconf.c that's common +to the client and server, and recompile. The configuration file is gone. + +The default prime (the last entry in the table) is 1024 bits; there are +others with more bits but they will be correspondingly slower. + +The default tpasswd file (which is an ascii file that may be editted with a +regular text editor) contains two users: moo (passphrase "glub glub") and +"new user" (passphrase "this is a test"). Passphrases may be added or +changed with tphrase; you can also change the user's prime. To delete a +user, edit the tpasswd file and remove that line. The tpasswd file's +default name is DEFAULT_PASSWD in t_pwd.h. Note that you can't change a +user's username by editting the file: the username is encoded in the +verifier. If you change a username you must set a new passphrase with +tphrase. + +Here is an example session, using the supplied srvtest and clitest. First, +start both programs in different windows, and enter the user names. Normally, +the client would send the username to the server. Server lines are marked +with S>, client lines with C>. + +S> % srvtest +S> Enter username: moo +S> index (to client): 5 +S> salt (to client): 19AI0Hc9jEkdFc + +C> % clitest +C> Enter username: moo +C> Enter index (from server): 5 +C> Enter salt (from server): 19AI0Hc9jEkdFc + +The server reports the index and salt values used for that user. They +are sent over the network to the client. (Simulate this by cutting and +pasting from one window to the other.) + +C> A (to server): 5wCDXRxLIv/zLazYfKupV/OY3BlhTZuJ71wVgI0HcL1kSJEpkMuWF.xEz/BV2wlJl7vk5Eoz9KMS1ccnaatsVP5D6CBm7UA.yVB59EQFN0dNBirvX29NAFdtdMsMppo5tHRy987XjJWrWSLpeibq6emr.gP8nYyX75GQqSiMY1j +C> Enter password: + +S> Enter A (from client): 5wCDXRxLIv/zLazYfKupV/OY3BlhTZuJ71wVgI0HcL1kSJEpkMuWF.xEz/BV2wlJl7vk5Eoz9KMS1ccnaatsVP5D6CBm7UA.yVB59EQFN0dNBirvX29NAFdtdMsMppo5tHRy987XjJWrWSLpeibq6emr.gP8nYyX75GQqSiMY1j + +Now the client calculates A and sends it to the server, and while the +server is munching on that, the client gets the password from the user. + +S> B (to client): 9dcCpulxQAbaDXI0NHWY6B.QH6B9fsoXs/x/5SCNBNJm/6H6bYfbVrwNmdquhLZjYMvpcgGc2mBYqL77RNfw1kVQo17//GfsByECBIjRnrAn02ffX9Y/llJcfscAQiii0hyZhJf9PT5wE7pC7WUjIgSqckIZ0JLNDbSr7fJcrgw +S> Session key: ebbcf3a45c968defdcfff6e144ad8d4f5412167c9716e79cbf7cacfe18257947ad46fa5d6418a1fd + +The server now calculates B and sends it to the client. The session key +is not sent -- it is a shared secret that can be used for encryption. + +C> Enter B (from server): 9dcCpulxQAbaDXI0NHWY6B.QH6B9fsoXs/x/5SCNBNJm/6H6bYfbVrwNmdquhLZjYMvpcgGc2mBYqL77RNfw1kVQo17//GfsByECBIjRnrAn02ffX9Y/llJcfscAQiii0hyZhJf9PT5wE7pC7WUjIgSqckIZ0JLNDbSr7fJcrgw +C> Session key: ebbcf3a45c968defdcfff6e144ad8d4f5412167c9716e79cbf7cacfe18257947ad46fa5d6418a1fd +C> Response (to server): b9ea99094a176c4be28eb469982066cc7146d180 + +The client uses the B value to calculate its own copy of the shared secret +session key, and sends a response to the server proving that it does know +the correct key. + +S> Enter response (from client): b9ea99094a176c4be28eb469982066cc7146d180 +S> Authentication successful. +S> Response (to client): cd46c839ccad2d0c76f3ca1905ae8ceda8d1c1dc + +The server authenticates the client. (You're in!) + +C> Enter server response: cd46c839ccad2d0c76f3ca1905ae8ceda8d1c1dc +C> Server authentication successful. + +The client authenticates the server (prevents server spoofing in the case +where the session key isn't used to encrypt the channel -- a spoofed server +might just respond with random values and _pretend_ to authenticate the +client; but the spoofed server won't know the session key and this check +catches that). + +Final note: + +Remember that many breaches of security involve buggy software, such as +servers susceptible to buffer overflow exploits that totally bypass any +passphrase, secure or not. If an attacker roots your client, or the server, +no form of authentication will work. Consider MAC-based schemes if this +worries you. diff --git a/package/network/services/ead/src/tinysrp/acconfig.h b/package/network/services/ead/src/tinysrp/acconfig.h new file mode 100644 index 0000000..b74aed0 --- /dev/null +++ b/package/network/services/ead/src/tinysrp/acconfig.h @@ -0,0 +1,9 @@ +#undef SHA1HANDSOFF + +#undef POSIX_TERMIOS + +#undef POSIX_SIGTYPE + +#undef VERSION + +#undef volatile diff --git a/package/network/services/ead/src/tinysrp/acinclude.m4 b/package/network/services/ead/src/tinysrp/acinclude.m4 new file mode 100644 index 0000000..e0d0d04 --- /dev/null +++ b/package/network/services/ead/src/tinysrp/acinclude.m4 @@ -0,0 +1,27 @@ +dnl +dnl check for signal type +dnl +dnl AC_RETSIGTYPE isn't quite right, but almost. +dnl +define(TYPE_SIGNAL,[ +AC_MSG_CHECKING([POSIX signal handlers]) +AC_CACHE_VAL(cv_has_posix_signals, +[AC_TRY_COMPILE( +[#include <sys/types.h> +#include <signal.h> +#ifdef signal +#undef signal +#endif +extern void (*signal ()) ();], [], +cv_has_posix_signals=yes, cv_has_posix_signals=no)]) +AC_MSG_RESULT($cv_has_posix_signals) +if test $cv_has_posix_signals = yes; then + AC_DEFINE(RETSIGTYPE, void, [Return type is void]) + AC_DEFINE(POSIX_SIGTYPE, [], [Have POSIX signals]) +else + if test $ac_cv_type_signal = void; then + AC_DEFINE(RETSIGTYPE, void, [Return type is void]) + else + AC_DEFINE(RETSIGTYPE, int, [Return type is int]) + fi +fi])dnl diff --git a/package/network/services/ead/src/tinysrp/aclocal.m4 b/package/network/services/ead/src/tinysrp/aclocal.m4 new file mode 100644 index 0000000..703fce4 --- /dev/null +++ b/package/network/services/ead/src/tinysrp/aclocal.m4 @@ -0,0 +1,157 @@ +dnl aclocal.m4 generated automatically by aclocal 1.4a + +dnl Copyright (C) 1994, 1995-8, 1999 Free Software Foundation, Inc. +dnl This file is free software; the Free Software Foundation +dnl gives unlimited permission to copy and/or distribute it, +dnl with or without modifications, as long as this notice is preserved. + +dnl This program is distributed in the hope that it will be useful, +dnl but WITHOUT ANY WARRANTY, to the extent permitted by law; without +dnl even the implied warranty of MERCHANTABILITY or FITNESS FOR A +dnl PARTICULAR PURPOSE. + +dnl +dnl check for signal type +dnl +dnl AC_RETSIGTYPE isn't quite right, but almost. +dnl +define(TYPE_SIGNAL,[ +AC_MSG_CHECKING([POSIX signal handlers]) +AC_CACHE_VAL(cv_has_posix_signals, +[AC_TRY_COMPILE( +[#include <sys/types.h> +#include <signal.h> +#ifdef signal +#undef signal +#endif +extern void (*signal ()) ();], [], +cv_has_posix_signals=yes, cv_has_posix_signals=no)]) +AC_MSG_RESULT($cv_has_posix_signals) +if test $cv_has_posix_signals = yes; then + AC_DEFINE(RETSIGTYPE, void, [Return type is void]) + AC_DEFINE(POSIX_SIGTYPE, [], [Have POSIX signals]) +else + if test $ac_cv_type_signal = void; then + AC_DEFINE(RETSIGTYPE, void, [Return type is void]) + else + AC_DEFINE(RETSIGTYPE, int, [Return type is int]) + fi +fi])dnl + +# Like AC_CONFIG_HEADER, but automatically create stamp file. + +AC_DEFUN(AM_CONFIG_HEADER, +[AC_PREREQ([2.12]) +AC_CONFIG_HEADER([$1]) +dnl When config.status generates a header, we must update the stamp-h file. +dnl This file resides in the same directory as the config header +dnl that is generated. We must strip everything past the first ":", +dnl and everything past the last "/". +AC_OUTPUT_COMMANDS(changequote(<<,>>)dnl +ifelse(patsubst(<<$1>>, <<[^ ]>>, <<>>), <<>>, +<<test -z "<<$>>CONFIG_HEADERS" || echo timestamp > patsubst(<<$1>>, <<^\([^:]*/\)?.*>>, <<\1>>)stamp-h<<>>dnl>>, +<<am_indx=1 +for am_file in <<$1>>; do + case " <<$>>CONFIG_HEADERS " in + *" <<$>>am_file "*<<)>> + echo timestamp > `echo <<$>>am_file | sed -e 's%:.*%%' -e 's%[^/]*$%%'`stamp-h$am_indx + ;; + esac + am_indx=`expr "<<$>>am_indx" + 1` +done<<>>dnl>>) +changequote([,]))]) + +# Do all the work for Automake. This macro actually does too much -- +# some checks are only needed if your package does certain things. +# But this isn't really a big deal. + +# serial 1 + +dnl Usage: +dnl AM_INIT_AUTOMAKE(package,version, [no-define]) + +AC_DEFUN(AM_INIT_AUTOMAKE, +[AC_REQUIRE([AC_PROG_INSTALL]) +dnl We require 2.13 because we rely on SHELL being computed by configure. +AC_PREREQ([2.13]) +PACKAGE=[$1] +AC_SUBST(PACKAGE) +VERSION=[$2] +AC_SUBST(VERSION) +dnl test to see if srcdir already configured +if test "`cd $srcdir && pwd`" != "`pwd`" && test -f $srcdir/config.status; then + AC_MSG_ERROR([source directory already configured; run "make distclean" there first]) +fi +ifelse([$3],, +AC_DEFINE_UNQUOTED(PACKAGE, "$PACKAGE", [Name of package]) +AC_DEFINE_UNQUOTED(VERSION, "$VERSION", [Version number of package])) +AC_REQUIRE([AM_SANITY_CHECK]) +AC_REQUIRE([AC_ARG_PROGRAM]) +dnl FIXME This is truly gross. +missing_dir=`cd $ac_aux_dir && pwd` +AM_MISSING_PROG(ACLOCAL, aclocal, $missing_dir) +AM_MISSING_PROG(AUTOCONF, autoconf, $missing_dir) +AM_MISSING_PROG(AUTOMAKE, automake, $missing_dir) +AM_MISSING_PROG(AUTOHEADER, autoheader, $missing_dir) +AM_MISSING_PROG(MAKEINFO, makeinfo, $missing_dir) +AC_REQUIRE([AC_PROG_MAKE_SET])]) + +# +# Check to make sure that the build environment is sane. +# + +AC_DEFUN(AM_SANITY_CHECK, +[AC_MSG_CHECKING([whether build environment is sane]) +# Just in case +sleep 1 +echo timestamp > conftestfile +# Do `set' in a subshell so we don't clobber the current shell's +# arguments. Must try -L first in case configure is actually a +# symlink; some systems play weird games with the mod time of symlinks +# (eg FreeBSD returns the mod time of the symlink's containing +# directory). +if ( + set X `ls -Lt $srcdir/configure conftestfile 2> /dev/null` + if test "[$]*" = "X"; then + # -L didn't work. + set X `ls -t $srcdir/configure conftestfile` + fi + if test "[$]*" != "X $srcdir/configure conftestfile" \ + && test "[$]*" != "X conftestfile $srcdir/configure"; then + + # If neither matched, then we have a broken ls. This can happen + # if, for instance, CONFIG_SHELL is bash and it inherits a + # broken ls alias from the environment. This has actually + # happened. Such a system could not be considered "sane". + AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken +alias in your environment]) + fi + + test "[$]2" = conftestfile + ) +then + # Ok. + : +else + AC_MSG_ERROR([newly created file is older than distributed files! +Check your system clock]) +fi +rm -f conftest* +AC_MSG_RESULT(yes)]) + +dnl AM_MISSING_PROG(NAME, PROGRAM, DIRECTORY) +dnl The program must properly implement --version. +AC_DEFUN(AM_MISSING_PROG, +[AC_MSG_CHECKING(for working $2) +# Run test in a subshell; some versions of sh will print an error if +# an executable is not found, even if stderr is redirected. +# Redirect stdin to placate older versions of autoconf. Sigh. +if ($2 --version) < /dev/null > /dev/null 2>&1; then + $1=$2 + AC_MSG_RESULT(found) +else + $1="$3/missing $2" + AC_MSG_RESULT(missing) +fi +AC_SUBST($1)]) + diff --git a/package/network/services/ead/src/tinysrp/bn.h b/package/network/services/ead/src/tinysrp/bn.h new file mode 100644 index 0000000..0144dd9 --- /dev/null +++ b/package/network/services/ead/src/tinysrp/bn.h @@ -0,0 +1,471 @@ +/* crypto/bn/bn.h */ +/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef HEADER_BN_H +#define HEADER_BN_H + +#include <stdio.h> /* FILE */ +#include "config.h" + +#ifdef __cplusplus +extern "C" { +#endif + +#ifdef VMS +#undef BN_LLONG /* experimental, so far... */ +#endif + +#undef BN_MUL_COMBA +#undef BN_SQR_COMBA +#undef BN_RECURSION +#undef RECP_MUL_MOD +#undef MONT_MUL_MOD + +#if defined(SIZEOF_LONG_LONG) && SIZEOF_LONG_LONG == 8 +# if SIZEOF_LONG == 4 +# define THIRTY_TWO_BIT +# else +# define SIXTY_FOUR_BIT_LONG +# endif +#else +# if SIZEOF_LONG == 4 +# define THIRTY_TWO_BIT +# endif +#endif + +#undef BN_LLONG + +/* assuming long is 64bit - this is the DEC Alpha + * unsigned long long is only 64 bits :-(, don't define + * BN_LLONG for the DEC Alpha */ +#ifdef SIXTY_FOUR_BIT_LONG +#define BN_ULLONG unsigned long long +#define BN_ULONG unsigned long +#define BN_LONG long +#define BN_BITS 128 +#define BN_BYTES 8 +#define BN_BITS2 64 +#define BN_BITS4 32 +#define BN_MASK (0xffffffffffffffffffffffffffffffffLL) +#define BN_MASK2 (0xffffffffffffffffL) +#define BN_MASK2l (0xffffffffL) +#define BN_MASK2h (0xffffffff00000000L) +#define BN_MASK2h1 (0xffffffff80000000L) +#define BN_TBIT (0x8000000000000000L) +#define BN_DEC_CONV (10000000000000000000UL) +#define BN_DEC_FMT1 "%lu" +#define BN_DEC_FMT2 "%019lu" +#define BN_DEC_NUM 19 +#endif + +/* This is where the long long data type is 64 bits, but long is 32. + * For machines where there are 64bit registers, this is the mode to use. + * IRIX, on R4000 and above should use this mode, along with the relevant + * assembler code :-). Do NOT define BN_LLONG. + */ +#ifdef SIXTY_FOUR_BIT +#undef BN_LLONG +#undef BN_ULLONG +#define BN_ULONG unsigned long long +#define BN_LONG long long +#define BN_BITS 128 +#define BN_BYTES 8 +#define BN_BITS2 64 +#define BN_BITS4 32 +#define BN_MASK2 (0xffffffffffffffffLL) +#define BN_MASK2l (0xffffffffL) +#define BN_MASK2h (0xffffffff00000000LL) +#define BN_MASK2h1 (0xffffffff80000000LL) +#define BN_TBIT (0x8000000000000000LL) +#define BN_DEC_CONV (10000000000000000000LL) +#define BN_DEC_FMT1 "%llu" +#define BN_DEC_FMT2 "%019llu" +#define BN_DEC_NUM 19 +#endif + +#ifdef THIRTY_TWO_BIT +#if defined(WIN32) && !defined(__GNUC__) +#define BN_ULLONG unsigned _int64 +#else +#define BN_ULLONG unsigned long long +#endif +#define BN_ULONG unsigned long +#define BN_LONG long +#define BN_BITS 64 +#define BN_BYTES 4 +#define BN_BITS2 32 +#define BN_BITS4 16 +#ifdef WIN32 +/* VC++ doesn't like the LL suffix */ +#define BN_MASK (0xffffffffffffffffL) +#else +#define BN_MASK (0xffffffffffffffffLL) +#endif +#define BN_MASK2 (0xffffffffL) +#define BN_MASK2l (0xffff) +#define BN_MASK2h1 (0xffff8000L) +#define BN_MASK2h (0xffff0000L) +#define BN_TBIT (0x80000000L) +#define BN_DEC_CONV (1000000000L) +#define BN_DEC_FMT1 "%lu" +#define BN_DEC_FMT2 "%09lu" +#define BN_DEC_NUM 9 +#endif + +#ifdef SIXTEEN_BIT +#ifndef BN_DIV2W +#define BN_DIV2W +#endif +#define BN_ULLONG unsigned long +#define BN_ULONG unsigned short +#define BN_LONG short +#define BN_BITS 32 +#define BN_BYTES 2 +#define BN_BITS2 16 +#define BN_BITS4 8 +#define BN_MASK (0xffffffff) +#define BN_MASK2 (0xffff) +#define BN_MASK2l (0xff) +#define BN_MASK2h1 (0xff80) +#define BN_MASK2h (0xff00) +#define BN_TBIT (0x8000) +#define BN_DEC_CONV (100000) +#define BN_DEC_FMT1 "%u" +#define BN_DEC_FMT2 "%05u" +#define BN_DEC_NUM 5 +#endif + +#ifdef EIGHT_BIT +#ifndef BN_DIV2W +#define BN_DIV2W +#endif +#define BN_ULLONG unsigned short +#define BN_ULONG unsigned char +#define BN_LONG char +#define BN_BITS 16 +#define BN_BYTES 1 +#define BN_BITS2 8 +#define BN_BITS4 4 +#define BN_MASK (0xffff) +#define BN_MASK2 (0xff) +#define BN_MASK2l (0xf) +#define BN_MASK2h1 (0xf8) +#define BN_MASK2h (0xf0) +#define BN_TBIT (0x80) +#define BN_DEC_CONV (100) +#define BN_DEC_FMT1 "%u" +#define BN_DEC_FMT2 "%02u" +#define BN_DEC_NUM 2 +#endif + +#define BN_DEFAULT_BITS 1280 + +#ifdef BIGNUM +#undef BIGNUM +#endif + +#define BN_FLG_MALLOCED 0x01 +#define BN_FLG_STATIC_DATA 0x02 +#define BN_FLG_FREE 0x8000 /* used for debuging */ +#define BN_set_flags(b,n) ((b)->flags|=(n)) +#define BN_get_flags(b,n) ((b)->flags&(n)) + +typedef struct bignum_st + { + BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */ + int top; /* Index of last used d +1. */ + /* The next are internal book keeping for bn_expand. */ + int dmax; /* Size of the d array. */ + int neg; /* one if the number is negative */ + int flags; + } BIGNUM; + +/* Used for temp variables */ +#define BN_CTX_NUM 12 +#define BN_CTX_NUM_POS 12 +typedef struct bignum_ctx + { + int tos; + BIGNUM bn[BN_CTX_NUM]; + int flags; + int depth; + int pos[BN_CTX_NUM_POS]; + int too_many; + } BN_CTX; + +/* Used for montgomery multiplication */ +typedef struct bn_mont_ctx_st + { + int ri; /* number of bits in R */ + BIGNUM RR; /* used to convert to montgomery form */ + BIGNUM N; /* The modulus */ + BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 + * (Ni is only stored for bignum algorithm) */ + BN_ULONG n0; /* least significant word of Ni */ + int flags; + } BN_MONT_CTX; + +/* Used for reciprocal division/mod functions + * It cannot be shared between threads + */ +typedef struct bn_recp_ctx_st + { + BIGNUM N; /* the divisor */ + BIGNUM Nr; /* the reciprocal */ + int num_bits; + int shift; + int flags; + } BN_RECP_CTX; + +#define BN_to_montgomery(r,a,mont,ctx) BN_mod_mul_montgomery(\ + r,a,&((mont)->RR),(mont),ctx) + +#define BN_prime_checks 0 /* default: select number of iterations + based on the size of the number */ + +/* number of Miller-Rabin iterations for an error rate of less than 2^-80 + * for random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook + * of Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996]; + * original paper: Damgaard, Landrock, Pomerance: Average case error estimates + * for the strong probable prime test. -- Math. Comp. 61 (1993) 177-194) */ +#define BN_prime_checks_for_size(b) ((b) >= 1300 ? 2 : \ + (b) >= 850 ? 3 : \ + (b) >= 650 ? 4 : \ + (b) >= 550 ? 5 : \ + (b) >= 450 ? 6 : \ + (b) >= 400 ? 7 : \ + (b) >= 350 ? 8 : \ + (b) >= 300 ? 9 : \ + (b) >= 250 ? 12 : \ + (b) >= 200 ? 15 : \ + (b) >= 150 ? 18 : \ + /* b >= 100 */ 27) + +#define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) +#define BN_is_word(a,w) (((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) +#define BN_is_zero(a) (((a)->top == 0) || BN_is_word(a,0)) +#define BN_is_one(a) (BN_is_word((a),1)) +#define BN_is_odd(a) (((a)->top > 0) && ((a)->d[0] & 1)) +#define BN_one(a) (BN_set_word((a),1)) +#define BN_zero(a) (BN_set_word((a),0)) + +BIGNUM *BN_value_one(void); +char * BN_options(void); +BN_CTX *BN_CTX_new(void); +void BN_CTX_init(BN_CTX *c); +void BN_CTX_free(BN_CTX *c); +void BN_CTX_start(BN_CTX *ctx); +BIGNUM *BN_CTX_get(BN_CTX *ctx); +void BN_CTX_end(BN_CTX *ctx); +int BN_rand(BIGNUM *rnd, int bits, int top,int bottom); +int BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom); +int BN_num_bits(const BIGNUM *a); +int BN_num_bits_word(BN_ULONG); +BIGNUM *BN_new(void); +void BN_init(BIGNUM *); +void BN_clear_free(BIGNUM *a); +BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); +BIGNUM *BN_bin2bn(const unsigned char *s,int len,BIGNUM *ret); +int BN_bn2bin(const BIGNUM *a, unsigned char *to); +int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); +int BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx); +int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, + BN_CTX *ctx); +int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); +int BN_sqr(BIGNUM *r, BIGNUM *a,BN_CTX *ctx); +BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w); +BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w); +int BN_mul_word(BIGNUM *a, BN_ULONG w); +int BN_add_word(BIGNUM *a, BN_ULONG w); +int BN_sub_word(BIGNUM *a, BN_ULONG w); +int BN_set_word(BIGNUM *a, BN_ULONG w); +BN_ULONG BN_get_word(BIGNUM *a); +int BN_cmp(const BIGNUM *a, const BIGNUM *b); +void BN_free(BIGNUM *a); +int BN_is_bit_set(const BIGNUM *a, int n); +int BN_lshift(BIGNUM *r, const BIGNUM *a, int n); +int BN_lshift1(BIGNUM *r, BIGNUM *a); +int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p,BN_CTX *ctx); +int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, + const BIGNUM *m,BN_CTX *ctx); +int BN_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); +int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m,BN_CTX *ctx); +int BN_mask_bits(BIGNUM *a,int n); +int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); +int BN_reciprocal(BIGNUM *r, BIGNUM *m, int len, BN_CTX *ctx); +int BN_rshift(BIGNUM *r, BIGNUM *a, int n); +int BN_rshift1(BIGNUM *r, BIGNUM *a); +void BN_clear(BIGNUM *a); +BIGNUM *BN_dup(const BIGNUM *a); +int BN_ucmp(const BIGNUM *a, const BIGNUM *b); +int BN_set_bit(BIGNUM *a, int n); +int BN_clear_bit(BIGNUM *a, int n); +int BN_gcd(BIGNUM *r,BIGNUM *in_a,BIGNUM *in_b,BN_CTX *ctx); +BIGNUM *BN_mod_inverse(BIGNUM *ret,BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); +BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe,BIGNUM *add, + BIGNUM *rem,void (*callback)(int,int,void *),void *cb_arg); +int BN_is_prime(const BIGNUM *p,int nchecks, + void (*callback)(int,int,void *), + BN_CTX *ctx,void *cb_arg); +int BN_is_prime_fasttest(const BIGNUM *p,int nchecks, + void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg, + int do_trial_division); + +BN_MONT_CTX *BN_MONT_CTX_new(void ); +void BN_MONT_CTX_init(BN_MONT_CTX *ctx); +int BN_mod_mul_montgomery(BIGNUM *r,BIGNUM *a,BIGNUM *b,BN_MONT_CTX *mont, + BN_CTX *ctx); +int BN_from_montgomery(BIGNUM *r,BIGNUM *a,BN_MONT_CTX *mont,BN_CTX *ctx); +void BN_MONT_CTX_free(BN_MONT_CTX *mont); +int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *modulus,BN_CTX *ctx); +BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from); + +void BN_set_params(int mul,int high,int low,int mont); +int BN_get_params(int which); /* 0, mul, 1 high, 2 low, 3 mont */ + +void BN_RECP_CTX_init(BN_RECP_CTX *recp); +BN_RECP_CTX *BN_RECP_CTX_new(void); +void BN_RECP_CTX_free(BN_RECP_CTX *recp); +int BN_RECP_CTX_set(BN_RECP_CTX *recp,const BIGNUM *rdiv,BN_CTX *ctx); +int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *x, BIGNUM *y, + BN_RECP_CTX *recp,BN_CTX *ctx); +int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx); +int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, + BN_RECP_CTX *recp, BN_CTX *ctx); + +/* library internal functions */ + +#define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\ + (a):bn_expand2((a),(bits)/BN_BITS2+1)) +#define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words))) +BIGNUM *bn_expand2(BIGNUM *a, int words); + +#define bn_fix_top(a) \ + { \ + BN_ULONG *ftl; \ + if ((a)->top > 0) \ + { \ + for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \ + if (*(ftl--)) break; \ + } \ + } + +BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w); +BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w); +void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num); +BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d); +BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num); +BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num); + +#ifdef BN_DEBUG + void bn_dump1(FILE *o, const char *a, BN_ULONG *b,int n); +# define bn_print(a) {fprintf(stderr, #a "="); BN_print_fp(stderr,a); \ + fprintf(stderr,"\n");} +# define bn_dump(a,n) bn_dump1(stderr,#a,a,n); +#else +# define bn_print(a) +# define bn_dump(a,b) +#endif + +/* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + +/* Error codes for the BN functions. */ + +/* Function codes. */ +#define BN_F_BN_CTX_GET 116 +#define BN_F_BN_CTX_NEW 106 +#define BN_F_BN_DIV 107 +#define BN_F_BN_EXPAND2 108 +#define BN_F_BN_MOD_EXP2_MONT 118 +#define BN_F_BN_MOD_EXP_MONT 109 +#define BN_F_BN_MOD_EXP_MONT_WORD 117 +#define BN_F_BN_MOD_INVERSE 110 +#define BN_F_BN_MOD_MUL_RECIPROCAL 111 +#define BN_F_BN_MPI2BN 112 +#define BN_F_BN_NEW 113 +#define BN_F_BN_RAND 114 +#define BN_F_BN_USUB 115 + +/* Reason codes. */ +#define BN_R_ARG2_LT_ARG3 100 +#define BN_R_BAD_RECIPROCAL 101 +#define BN_R_CALLED_WITH_EVEN_MODULUS 102 +#define BN_R_DIV_BY_ZERO 103 +#define BN_R_ENCODING_ERROR 104 +#define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105 +#define BN_R_INVALID_LENGTH 106 +#define BN_R_NOT_INITIALIZED 107 +#define BN_R_NO_INVERSE 108 +#define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 + +#ifdef __cplusplus +} +#endif +#endif + diff --git a/package/network/services/ead/src/tinysrp/bn_add.c b/package/network/services/ead/src/tinysrp/bn_add.c new file mode 100644 index 0000000..aae4f2b --- /dev/null +++ b/package/network/services/ead/src/tinysrp/bn_add.c @@ -0,0 +1,305 @@ +/* crypto/bn/bn_add.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include "bn_lcl.h" + +/* r can == a or b */ +int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) + { + const BIGNUM *tmp; + + bn_check_top(a); + bn_check_top(b); + + /* a + b a+b + * a + -b a-b + * -a + b b-a + * -a + -b -(a+b) + */ + if (a->neg ^ b->neg) + { + /* only one is negative */ + if (a->neg) + { tmp=a; a=b; b=tmp; } + + /* we are now a - b */ + + if (BN_ucmp(a,b) < 0) + { + if (!BN_usub(r,b,a)) return(0); + r->neg=1; + } + else + { + if (!BN_usub(r,a,b)) return(0); + r->neg=0; + } + return(1); + } + + if (a->neg) /* both are neg */ + r->neg=1; + else + r->neg=0; + + if (!BN_uadd(r,a,b)) return(0); + return(1); + } + +/* unsigned add of b to a, r must be large enough */ +int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) + { + register int i; + int max,min; + BN_ULONG *ap,*bp,*rp,carry,t1; + const BIGNUM *tmp; + + bn_check_top(a); + bn_check_top(b); + + if (a->top < b->top) + { tmp=a; a=b; b=tmp; } + max=a->top; + min=b->top; + + if (bn_wexpand(r,max+1) == NULL) + return(0); + + r->top=max; + + + ap=a->d; + bp=b->d; + rp=r->d; + carry=0; + + carry=bn_add_words(rp,ap,bp,min); + rp+=min; + ap+=min; + bp+=min; + i=min; + + if (carry) + { + while (i < max) + { + i++; + t1= *(ap++); + if ((*(rp++)=(t1+1)&BN_MASK2) >= t1) + { + carry=0; + break; + } + } + if ((i >= max) && carry) + { + *(rp++)=1; + r->top++; + } + } + if (rp != ap) + { + for (; i<max; i++) + *(rp++)= *(ap++); + } + /* memcpy(rp,ap,sizeof(*ap)*(max-i));*/ + return(1); + } + +/* unsigned subtraction of b from a, a must be larger than b. */ +int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) + { + int max,min; + register BN_ULONG t1,t2,*ap,*bp,*rp; + int i,carry; +#if defined(IRIX_CC_BUG) && !defined(LINT) + int dummy; +#endif + + bn_check_top(a); + bn_check_top(b); + + if (a->top < b->top) /* hmm... should not be happening */ + { + return(0); + } + + max=a->top; + min=b->top; + if (bn_wexpand(r,max) == NULL) return(0); + + ap=a->d; + bp=b->d; + rp=r->d; + +#if 1 + carry=0; + for (i=0; i<min; i++) + { + t1= *(ap++); + t2= *(bp++); + if (carry) + { + carry=(t1 <= t2); + t1=(t1-t2-1)&BN_MASK2; + } + else + { + carry=(t1 < t2); + t1=(t1-t2)&BN_MASK2; + } +#if defined(IRIX_CC_BUG) && !defined(LINT) + dummy=t1; +#endif + *(rp++)=t1&BN_MASK2; + } +#else + carry=bn_sub_words(rp,ap,bp,min); + ap+=min; + bp+=min; + rp+=min; + i=min; +#endif + if (carry) /* subtracted */ + { + while (i < max) + { + i++; + t1= *(ap++); + t2=(t1-1)&BN_MASK2; + *(rp++)=t2; + if (t1 > t2) break; + } + } +#if 0 + memcpy(rp,ap,sizeof(*rp)*(max-i)); +#else + if (rp != ap) + { + for (;;) + { + if (i++ >= max) break; + rp[0]=ap[0]; + if (i++ >= max) break; + rp[1]=ap[1]; + if (i++ >= max) break; + rp[2]=ap[2]; + if (i++ >= max) break; + rp[3]=ap[3]; + rp+=4; + ap+=4; + } + } +#endif + + r->top=max; + bn_fix_top(r); + return(1); + } + +int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) + { + int max; + int add=0,neg=0; + const BIGNUM *tmp; + + bn_check_top(a); + bn_check_top(b); + + /* a - b a-b + * a - -b a+b + * -a - b -(a+b) + * -a - -b b-a + */ + if (a->neg) + { + if (b->neg) + { tmp=a; a=b; b=tmp; } + else + { add=1; neg=1; } + } + else + { + if (b->neg) { add=1; neg=0; } + } + + if (add) + { + if (!BN_uadd(r,a,b)) return(0); + r->neg=neg; + return(1); + } + + /* We are actually doing a - b :-) */ + + max=(a->top > b->top)?a->top:b->top; + if (bn_wexpand(r,max) == NULL) return(0); + if (BN_ucmp(a,b) < 0) + { + if (!BN_usub(r,b,a)) return(0); + r->neg=1; + } + else + { + if (!BN_usub(r,a,b)) return(0); + r->neg=0; + } + return(1); + } + diff --git a/package/network/services/ead/src/tinysrp/bn_asm.c b/package/network/services/ead/src/tinysrp/bn_asm.c new file mode 100644 index 0000000..b24c9af --- /dev/null +++ b/package/network/services/ead/src/tinysrp/bn_asm.c @@ -0,0 +1,382 @@ +/* crypto/bn/bn_asm.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef BN_DEBUG +# undef NDEBUG /* avoid conflicting definitions */ +# define NDEBUG +#endif + +#include <stdio.h> +#include <assert.h> +#include "bn_lcl.h" + +#if defined(BN_LLONG) || defined(BN_UMULT_HIGH) + +BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) + { + BN_ULONG c1=0; + + assert(num >= 0); + if (num <= 0) return(c1); + + while (num&~3) + { + mul_add(rp[0],ap[0],w,c1); + mul_add(rp[1],ap[1],w,c1); + mul_add(rp[2],ap[2],w,c1); + mul_add(rp[3],ap[3],w,c1); + ap+=4; rp+=4; num-=4; + } + if (num) + { + mul_add(rp[0],ap[0],w,c1); if (--num==0) return c1; + mul_add(rp[1],ap[1],w,c1); if (--num==0) return c1; + mul_add(rp[2],ap[2],w,c1); return c1; + } + + return(c1); + } + +BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) + { + BN_ULONG c1=0; + + assert(num >= 0); + if (num <= 0) return(c1); + + while (num&~3) + { + mul(rp[0],ap[0],w,c1); + mul(rp[1],ap[1],w,c1); + mul(rp[2],ap[2],w,c1); + mul(rp[3],ap[3],w,c1); + ap+=4; rp+=4; num-=4; + } + if (num) + { + mul(rp[0],ap[0],w,c1); if (--num == 0) return c1; + mul(rp[1],ap[1],w,c1); if (--num == 0) return c1; + mul(rp[2],ap[2],w,c1); + } + return(c1); + } + +void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n) + { + assert(n >= 0); + if (n <= 0) return; + while (n&~3) + { + sqr(r[0],r[1],a[0]); + sqr(r[2],r[3],a[1]); + sqr(r[4],r[5],a[2]); + sqr(r[6],r[7],a[3]); + a+=4; r+=8; n-=4; + } + if (n) + { + sqr(r[0],r[1],a[0]); if (--n == 0) return; + sqr(r[2],r[3],a[1]); if (--n == 0) return; + sqr(r[4],r[5],a[2]); + } + } + +#else /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */ + +BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) + { + BN_ULONG c=0; + BN_ULONG bl,bh; + + assert(num >= 0); + if (num <= 0) return((BN_ULONG)0); + + bl=LBITS(w); + bh=HBITS(w); + + for (;;) + { + mul_add(rp[0],ap[0],bl,bh,c); + if (--num == 0) break; + mul_add(rp[1],ap[1],bl,bh,c); + if (--num == 0) break; + mul_add(rp[2],ap[2],bl,bh,c); + if (--num == 0) break; + mul_add(rp[3],ap[3],bl,bh,c); + if (--num == 0) break; + ap+=4; + rp+=4; + } + return(c); + } + +BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) + { + BN_ULONG carry=0; + BN_ULONG bl,bh; + + assert(num >= 0); + if (num <= 0) return((BN_ULONG)0); + + bl=LBITS(w); + bh=HBITS(w); + + for (;;) + { + mul(rp[0],ap[0],bl,bh,carry); + if (--num == 0) break; + mul(rp[1],ap[1],bl,bh,carry); + if (--num == 0) break; + mul(rp[2],ap[2],bl,bh,carry); + if (--num == 0) break; + mul(rp[3],ap[3],bl,bh,carry); + if (--num == 0) break; + ap+=4; + rp+=4; + } + return(carry); + } + +void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n) + { + assert(n >= 0); + if (n <= 0) return; + for (;;) + { + sqr64(r[0],r[1],a[0]); + if (--n == 0) break; + + sqr64(r[2],r[3],a[1]); + if (--n == 0) break; + + sqr64(r[4],r[5],a[2]); + if (--n == 0) break; + + sqr64(r[6],r[7],a[3]); + if (--n == 0) break; + + a+=4; + r+=8; + } + } + +#endif /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */ + +#if defined(BN_LLONG) && defined(BN_DIV2W) + +BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d) + { + return((BN_ULONG)(((((BN_ULLONG)h)<<BN_BITS2)|l)/(BN_ULLONG)d)); + } + +#else + +/* Divide h,l by d and return the result. */ +/* I need to test this some more :-( */ +BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d) + { + BN_ULONG dh,dl,q,ret=0,th,tl,t; + int i,count=2; + + if (d == 0) return(BN_MASK2); + + i=BN_num_bits_word(d); + assert((i == BN_BITS2) || (h > (BN_ULONG)1<<i)); + + i=BN_BITS2-i; + if (h >= d) h-=d; + + if (i) + { + d<<=i; + h=(h<<i)|(l>>(BN_BITS2-i)); + l<<=i; + } + dh=(d&BN_MASK2h)>>BN_BITS4; + dl=(d&BN_MASK2l); + for (;;) + { + if ((h>>BN_BITS4) == dh) + q=BN_MASK2l; + else + q=h/dh; + + th=q*dh; + tl=dl*q; + for (;;) + { + t=h-th; + if ((t&BN_MASK2h) || + ((tl) <= ( + (t<<BN_BITS4)| + ((l&BN_MASK2h)>>BN_BITS4)))) + break; + q--; + th-=dh; + tl-=dl; + } + t=(tl>>BN_BITS4); + tl=(tl<<BN_BITS4)&BN_MASK2h; + th+=t; + + if (l < tl) th++; + l-=tl; + if (h < th) + { + h+=d; + q--; + } + h-=th; + + if (--count == 0) break; + + ret=q<<BN_BITS4; + h=((h<<BN_BITS4)|(l>>BN_BITS4))&BN_MASK2; + l=(l&BN_MASK2l)<<BN_BITS4; + } + ret|=q; + return(ret); + } +#endif /* !defined(BN_LLONG) && defined(BN_DIV2W) */ + +#ifdef BN_LLONG +BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) + { + BN_ULLONG ll=0; + + assert(n >= 0); + if (n <= 0) return((BN_ULONG)0); + + for (;;) + { + ll+=(BN_ULLONG)a[0]+b[0]; + r[0]=(BN_ULONG)ll&BN_MASK2; + ll>>=BN_BITS2; + if (--n <= 0) break; + + ll+=(BN_ULLONG)a[1]+b[1]; + r[1]=(BN_ULONG)ll&BN_MASK2; + ll>>=BN_BITS2; + if (--n <= 0) break; + + ll+=(BN_ULLONG)a[2]+b[2]; + r[2]=(BN_ULONG)ll&BN_MASK2; + ll>>=BN_BITS2; + if (--n <= 0) break; + + ll+=(BN_ULLONG)a[3]+b[3]; + r[3]=(BN_ULONG)ll&BN_MASK2; + ll>>=BN_BITS2; + if (--n <= 0) break; + + a+=4; + b+=4; + r+=4; + } + return((BN_ULONG)ll); + } +#else /* !BN_LLONG */ +BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) + { + BN_ULONG c,l,t; + + assert(n >= 0); + if (n <= 0) return((BN_ULONG)0); + + c=0; + for (;;) + { + t=a[0]; + t=(t+c)&BN_MASK2; + c=(t < c); + l=(t+b[0])&BN_MASK2; + c+=(l < t); + r[0]=l; + if (--n <= 0) break; + + t=a[1]; + t=(t+c)&BN_MASK2; + c=(t < c); + l=(t+b[1])&BN_MASK2; + c+=(l < t); + r[1]=l; + if (--n <= 0) break; + + t=a[2]; + t=(t+c)&BN_MASK2; + c=(t < c); + l=(t+b[2])&BN_MASK2; + c+=(l < t); + r[2]=l; + if (--n <= 0) break; + + t=a[3]; + t=(t+c)&BN_MASK2; + c=(t < c); + l=(t+b[3])&BN_MASK2; + c+=(l < t); + r[3]=l; + if (--n <= 0) break; + + a+=4; + b+=4; + r+=4; + } + return((BN_ULONG)c); + } +#endif /* !BN_LLONG */ diff --git a/package/network/services/ead/src/tinysrp/bn_ctx.c b/package/network/services/ead/src/tinysrp/bn_ctx.c new file mode 100644 index 0000000..20a6605 --- /dev/null +++ b/package/network/services/ead/src/tinysrp/bn_ctx.c @@ -0,0 +1,142 @@ +/* crypto/bn/bn_ctx.c */ +/* Written by Ulf Moeller for the OpenSSL project. */ +/* ==================================================================== + * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef BN_CTX_DEBUG +# undef NDEBUG /* avoid conflicting definitions */ +# define NDEBUG +#endif + +#include <stdio.h> +#include <stdlib.h> +#include <assert.h> +#include <bn.h> + + +BN_CTX *BN_CTX_new(void) + { + BN_CTX *ret; + + ret=(BN_CTX *)malloc(sizeof(BN_CTX)); + if (ret == NULL) + { + return(NULL); + } + + BN_CTX_init(ret); + ret->flags=BN_FLG_MALLOCED; + return(ret); + } + +void BN_CTX_init(BN_CTX *ctx) + { + int i; + ctx->tos = 0; + ctx->flags = 0; + ctx->depth = 0; + ctx->too_many = 0; + for (i = 0; i < BN_CTX_NUM; i++) + BN_init(&(ctx->bn[i])); + } + +void BN_CTX_free(BN_CTX *ctx) + { + int i; + + if (ctx == NULL) return; + assert(ctx->depth == 0); + + for (i=0; i < BN_CTX_NUM; i++) + BN_clear_free(&(ctx->bn[i])); + if (ctx->flags & BN_FLG_MALLOCED) + free(ctx); + } + +void BN_CTX_start(BN_CTX *ctx) + { + if (ctx->depth < BN_CTX_NUM_POS) + ctx->pos[ctx->depth] = ctx->tos; + ctx->depth++; + } + +BIGNUM *BN_CTX_get(BN_CTX *ctx) + { + if (ctx->depth > BN_CTX_NUM_POS || ctx->tos >= BN_CTX_NUM) + { + if (!ctx->too_many) + { + /* disable error code until BN_CTX_end is called: */ + ctx->too_many = 1; + } + return NULL; + } + return (&(ctx->bn[ctx->tos++])); + } + +void BN_CTX_end(BN_CTX *ctx) + { + if (ctx == NULL) return; + assert(ctx->depth > 0); + if (ctx->depth == 0) + /* should never happen, but we can tolerate it if not in + * debug mode (could be a 'goto err' in the calling function + * before BN_CTX_start was reached) */ + BN_CTX_start(ctx); + + ctx->too_many = 0; + ctx->depth--; + if (ctx->depth < BN_CTX_NUM_POS) + ctx->tos = ctx->pos[ctx->depth]; + } diff --git a/package/network/services/ead/src/tinysrp/bn_div.c b/package/network/services/ead/src/tinysrp/bn_div.c new file mode 100644 index 0000000..fd21913 --- /dev/null +++ b/package/network/services/ead/src/tinysrp/bn_div.c @@ -0,0 +1,378 @@ +/* crypto/bn/bn_div.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include "bn_lcl.h" + +#define NO_ASM + +/* The old slow way */ +#if 0 +int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, + BN_CTX *ctx) + { + int i,nm,nd; + int ret = 0; + BIGNUM *D; + + bn_check_top(m); + bn_check_top(d); + if (BN_is_zero(d)) + { + return(0); + } + + if (BN_ucmp(m,d) < 0) + { + if (rem != NULL) + { if (BN_copy(rem,m) == NULL) return(0); } + if (dv != NULL) BN_zero(dv); + return(1); + } + + BN_CTX_start(ctx); + D = BN_CTX_get(ctx); + if (dv == NULL) dv = BN_CTX_get(ctx); + if (rem == NULL) rem = BN_CTX_get(ctx); + if (D == NULL || dv == NULL || rem == NULL) + goto end; + + nd=BN_num_bits(d); + nm=BN_num_bits(m); + if (BN_copy(D,d) == NULL) goto end; + if (BN_copy(rem,m) == NULL) goto end; + + /* The next 2 are needed so we can do a dv->d[0]|=1 later + * since BN_lshift1 will only work once there is a value :-) */ + BN_zero(dv); + bn_wexpand(dv,1); + dv->top=1; + + if (!BN_lshift(D,D,nm-nd)) goto end; + for (i=nm-nd; i>=0; i--) + { + if (!BN_lshift1(dv,dv)) goto end; + if (BN_ucmp(rem,D) >= 0) + { + dv->d[0]|=1; + if (!BN_usub(rem,rem,D)) goto end; + } +/* CAN IMPROVE (and have now :=) */ + if (!BN_rshift1(D,D)) goto end; + } + rem->neg=BN_is_zero(rem)?0:m->neg; + dv->neg=m->neg^d->neg; + ret = 1; + end: + BN_CTX_end(ctx); + return(ret); + } + +#else + +#if !defined(NO_ASM) && !defined(NO_INLINE_ASM) && !defined(PEDANTIC) && !defined(BN_DIV3W) +# if defined(__GNUC__) && __GNUC__>=2 +# if defined(__i386) + /* + * There were two reasons for implementing this template: + * - GNU C generates a call to a function (__udivdi3 to be exact) + * in reply to ((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0 (I fail to + * understand why...); + * - divl doesn't only calculate quotient, but also leaves + * remainder in %edx which we can definitely use here:-) + * + * <appro@fy.chalmers.se> + */ +# define bn_div_words(n0,n1,d0) \ + ({ asm volatile ( \ + "divl %4" \ + : "=a"(q), "=d"(rem) \ + : "a"(n1), "d"(n0), "g"(d0) \ + : "cc"); \ + q; \ + }) +# define REMAINDER_IS_ALREADY_CALCULATED +# endif /* __<cpu> */ +# endif /* __GNUC__ */ +#endif /* NO_ASM */ + +int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, + BN_CTX *ctx) + { + int norm_shift,i,j,loop; + BIGNUM *tmp,wnum,*snum,*sdiv,*res; + BN_ULONG *resp,*wnump; + BN_ULONG d0,d1; + int num_n,div_n; + + bn_check_top(num); + bn_check_top(divisor); + + if (BN_is_zero(divisor)) + { + return(0); + } + + if (BN_ucmp(num,divisor) < 0) + { + if (rm != NULL) + { if (BN_copy(rm,num) == NULL) return(0); } + if (dv != NULL) BN_zero(dv); + return(1); + } + + BN_CTX_start(ctx); + tmp=BN_CTX_get(ctx); + tmp->neg=0; + snum=BN_CTX_get(ctx); + sdiv=BN_CTX_get(ctx); + if (dv == NULL) + res=BN_CTX_get(ctx); + else res=dv; + if (res == NULL) goto err; + + /* First we normalise the numbers */ + norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2); + BN_lshift(sdiv,divisor,norm_shift); + sdiv->neg=0; + norm_shift+=BN_BITS2; + BN_lshift(snum,num,norm_shift); + snum->neg=0; + div_n=sdiv->top; + num_n=snum->top; + loop=num_n-div_n; + + /* Lets setup a 'window' into snum + * This is the part that corresponds to the current + * 'area' being divided */ + BN_init(&wnum); + wnum.d= &(snum->d[loop]); + wnum.top= div_n; + wnum.dmax= snum->dmax+1; /* a bit of a lie */ + + /* Get the top 2 words of sdiv */ + /* i=sdiv->top; */ + d0=sdiv->d[div_n-1]; + d1=(div_n == 1)?0:sdiv->d[div_n-2]; + + /* pointer to the 'top' of snum */ + wnump= &(snum->d[num_n-1]); + + /* Setup to 'res' */ + res->neg= (num->neg^divisor->neg); + if (!bn_wexpand(res,(loop+1))) goto err; + res->top=loop; + resp= &(res->d[loop-1]); + + /* space for temp */ + if (!bn_wexpand(tmp,(div_n+1))) goto err; + + if (BN_ucmp(&wnum,sdiv) >= 0) + { + if (!BN_usub(&wnum,&wnum,sdiv)) goto err; + *resp=1; + res->d[res->top-1]=1; + } + else + res->top--; + resp--; + + for (i=0; i<loop-1; i++) + { + BN_ULONG q,l0; +#ifdef BN_DIV3W + q=bn_div_3_words(wnump,d1,d0); +#else + BN_ULONG n0,n1,rem=0; + + n0=wnump[0]; + n1=wnump[-1]; + if (n0 == d0) + q=BN_MASK2; + else /* n0 < d0 */ + { +#ifdef BN_LLONG + BN_ULLONG t2; + +#if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words) + q=(BN_ULONG)(((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0); +#else + q=bn_div_words(n0,n1,d0); +#endif + +#ifndef REMAINDER_IS_ALREADY_CALCULATED + /* + * rem doesn't have to be BN_ULLONG. The least we + * know it's less that d0, isn't it? + */ + rem=(n1-q*d0)&BN_MASK2; +#endif + t2=(BN_ULLONG)d1*q; + + for (;;) + { + if (t2 <= ((((BN_ULLONG)rem)<<BN_BITS2)|wnump[-2])) + break; + q--; + rem += d0; + if (rem < d0) break; /* don't let rem overflow */ + t2 -= d1; + } +#else /* !BN_LLONG */ + BN_ULONG t2l,t2h,ql,qh; + + q=bn_div_words(n0,n1,d0); +#ifndef REMAINDER_IS_ALREADY_CALCULATED + rem=(n1-q*d0)&BN_MASK2; +#endif + +#ifdef BN_UMULT_HIGH + t2l = d1 * q; + t2h = BN_UMULT_HIGH(d1,q); +#else + t2l=LBITS(d1); t2h=HBITS(d1); + ql =LBITS(q); qh =HBITS(q); + mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */ +#endif + + for (;;) + { + if ((t2h < rem) || + ((t2h == rem) && (t2l <= wnump[-2]))) + break; + q--; + rem += d0; + if (rem < d0) break; /* don't let rem overflow */ + if (t2l < d1) t2h--; t2l -= d1; + } +#endif /* !BN_LLONG */ + } +#endif /* !BN_DIV3W */ + + l0=bn_mul_words(tmp->d,sdiv->d,div_n,q); + wnum.d--; wnum.top++; + tmp->d[div_n]=l0; + for (j=div_n+1; j>0; j--) + if (tmp->d[j-1]) break; + tmp->top=j; + + j=wnum.top; + BN_sub(&wnum,&wnum,tmp); + + snum->top=snum->top+wnum.top-j; + + if (wnum.neg) + { + q--; + j=wnum.top; + BN_add(&wnum,&wnum,sdiv); + snum->top+=wnum.top-j; + } + *(resp--)=q; + wnump--; + } + if (rm != NULL) + { + BN_rshift(rm,snum,norm_shift); + rm->neg=num->neg; + } + BN_CTX_end(ctx); + return(1); +err: + BN_CTX_end(ctx); + return(0); + } + +#endif + +/* rem != m */ +int BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx) + { +#if 0 /* The old slow way */ + int i,nm,nd; + BIGNUM *dv; + + if (BN_ucmp(m,d) < 0) + return((BN_copy(rem,m) == NULL)?0:1); + + BN_CTX_start(ctx); + dv=BN_CTX_get(ctx); + + if (!BN_copy(rem,m)) goto err; + + nm=BN_num_bits(rem); + nd=BN_num_bits(d); + if (!BN_lshift(dv,d,nm-nd)) goto err; + for (i=nm-nd; i>=0; i--) + { + if (BN_cmp(rem,dv) >= 0) + { + if (!BN_sub(rem,rem,dv)) goto err; + } + if (!BN_rshift1(dv,dv)) goto err; + } + BN_CTX_end(ctx); + return(1); + err: + BN_CTX_end(ctx); + return(0); +#else + return(BN_div(NULL,rem,m,d,ctx)); +#endif + } + diff --git a/package/network/services/ead/src/tinysrp/bn_exp.c b/package/network/services/ead/src/tinysrp/bn_exp.c new file mode 100644 index 0000000..09afb79 --- /dev/null +++ b/package/network/services/ead/src/tinysrp/bn_exp.c @@ -0,0 +1,395 @@ +/* crypto/bn/bn_exp.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + + +#include <stdio.h> +#include "bn_lcl.h" + +#define TABLE_SIZE 32 + +/* slow but works */ +int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, BN_CTX *ctx) + { + BIGNUM *t; + int r=0; + + bn_check_top(a); + bn_check_top(b); + bn_check_top(m); + + BN_CTX_start(ctx); + if ((t = BN_CTX_get(ctx)) == NULL) goto err; + if (a == b) + { if (!BN_sqr(t,a,ctx)) goto err; } + else + { if (!BN_mul(t,a,b,ctx)) goto err; } + if (!BN_mod(ret,t,m,ctx)) goto err; + r=1; +err: + BN_CTX_end(ctx); + return(r); + } + +int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, const BIGNUM *m, + BN_CTX *ctx) + { + int ret; + + bn_check_top(a); + bn_check_top(p); + bn_check_top(m); + +#ifdef MONT_MUL_MOD + /* I have finally been able to take out this pre-condition of + * the top bit being set. It was caused by an error in BN_div + * with negatives. There was also another problem when for a^b%m + * a >= m. eay 07-May-97 */ +/* if ((m->d[m->top-1]&BN_TBIT) && BN_is_odd(m)) */ + + if (BN_is_odd(m)) + { + if (a->top == 1) + { + BN_ULONG A = a->d[0]; + ret=BN_mod_exp_mont_word(r,A,p,m,ctx,NULL); + } + else + ret=BN_mod_exp_mont(r,a,p,m,ctx,NULL); + } + else +#endif +#ifdef RECP_MUL_MOD + { ret=BN_mod_exp_recp(r,a,p,m,ctx); } +#else + { ret=BN_mod_exp_simple(r,a,p,m,ctx); } +#endif + + return(ret); + } + + +#ifdef RECP_MUL_MOD +int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx) + { + int i,j,bits,ret=0,wstart,wend,window,wvalue; + int start=1,ts=0; + BIGNUM *aa; + BIGNUM val[TABLE_SIZE]; + BN_RECP_CTX recp; + + bits=BN_num_bits(p); + + if (bits == 0) + { + BN_one(r); + return(1); + } + + BN_CTX_start(ctx); + if ((aa = BN_CTX_get(ctx)) == NULL) goto err; + + BN_RECP_CTX_init(&recp); + if (BN_RECP_CTX_set(&recp,m,ctx) <= 0) goto err; + + BN_init(&(val[0])); + ts=1; + + if (!BN_mod(&(val[0]),a,m,ctx)) goto err; /* 1 */ + + window = BN_window_bits_for_exponent_size(bits); + if (window > 1) + { + if (!BN_mod_mul_reciprocal(aa,&(val[0]),&(val[0]),&recp,ctx)) + goto err; /* 2 */ + j=1<<(window-1); + for (i=1; i<j; i++) + { + BN_init(&val[i]); + if (!BN_mod_mul_reciprocal(&(val[i]),&(val[i-1]),aa,&recp,ctx)) + goto err; + } + ts=i; + } + + start=1; /* This is used to avoid multiplication etc + * when there is only the value '1' in the + * buffer. */ + wvalue=0; /* The 'value' of the window */ + wstart=bits-1; /* The top bit of the window */ + wend=0; /* The bottom bit of the window */ + + if (!BN_one(r)) goto err; + + for (;;) + { + if (BN_is_bit_set(p,wstart) == 0) + { + if (!start) + if (!BN_mod_mul_reciprocal(r,r,r,&recp,ctx)) + goto err; + if (wstart == 0) break; + wstart--; + continue; + } + /* We now have wstart on a 'set' bit, we now need to work out + * how bit a window to do. To do this we need to scan + * forward until the last set bit before the end of the + * window */ + j=wstart; + wvalue=1; + wend=0; + for (i=1; i<window; i++) + { + if (wstart-i < 0) break; + if (BN_is_bit_set(p,wstart-i)) + { + wvalue<<=(i-wend); + wvalue|=1; + wend=i; + } + } + + /* wend is the size of the current window */ + j=wend+1; + /* add the 'bytes above' */ + if (!start) + for (i=0; i<j; i++) + { + if (!BN_mod_mul_reciprocal(r,r,r,&recp,ctx)) + goto err; + } + + /* wvalue will be an odd number < 2^window */ + if (!BN_mod_mul_reciprocal(r,r,&(val[wvalue>>1]),&recp,ctx)) + goto err; + + /* move the 'window' down further */ + wstart-=wend+1; + wvalue=0; + start=0; + if (wstart < 0) break; + } + ret=1; +err: + BN_CTX_end(ctx); + for (i=0; i<ts; i++) + BN_clear_free(&(val[i])); + BN_RECP_CTX_free(&recp); + return(ret); + } +#else + +/* The old fallback, simple version :-) */ +int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx) + { + int i,j,bits,ret=0,wstart,wend,window,wvalue,ts=0; + int start=1; + BIGNUM *d; + BIGNUM val[TABLE_SIZE]; + + bits=BN_num_bits(p); + + if (bits == 0) + { + BN_one(r); + return(1); + } + + BN_CTX_start(ctx); + if ((d = BN_CTX_get(ctx)) == NULL) goto err; + + BN_init(&(val[0])); + ts=1; + if (!BN_mod(&(val[0]),a,m,ctx)) goto err; /* 1 */ + + window = BN_window_bits_for_exponent_size(bits); + if (window > 1) + { + if (!BN_mod_mul(d,&(val[0]),&(val[0]),m,ctx)) + goto err; /* 2 */ + j=1<<(window-1); + for (i=1; i<j; i++) + { + BN_init(&(val[i])); + if (!BN_mod_mul(&(val[i]),&(val[i-1]),d,m,ctx)) + goto err; + } + ts=i; + } + + start=1; /* This is used to avoid multiplication etc + * when there is only the value '1' in the + * buffer. */ + wvalue=0; /* The 'value' of the window */ + wstart=bits-1; /* The top bit of the window */ + wend=0; /* The bottom bit of the window */ + + if (!BN_one(r)) goto err; + + for (;;) + { + if (BN_is_bit_set(p,wstart) == 0) + { + if (!start) + if (!BN_mod_mul(r,r,r,m,ctx)) + goto err; + if (wstart == 0) break; + wstart--; + continue; + } + /* We now have wstart on a 'set' bit, we now need to work out + * how bit a window to do. To do this we need to scan + * forward until the last set bit before the end of the + * window */ + j=wstart; + wvalue=1; + wend=0; + for (i=1; i<window; i++) + { + if (wstart-i < 0) break; + if (BN_is_bit_set(p,wstart-i)) + { + wvalue<<=(i-wend); + wvalue|=1; + wend=i; + } + } + + /* wend is the size of the current window */ + j=wend+1; + /* add the 'bytes above' */ + if (!start) + for (i=0; i<j; i++) + { + if (!BN_mod_mul(r,r,r,m,ctx)) + goto err; + } + + /* wvalue will be an odd number < 2^window */ + if (!BN_mod_mul(r,r,&(val[wvalue>>1]),m,ctx)) + goto err; + + /* move the 'window' down further */ + wstart-=wend+1; + wvalue=0; + start=0; + if (wstart < 0) break; + } + ret=1; +err: + BN_CTX_end(ctx); + for (i=0; i<ts; i++) + BN_clear_free(&(val[i])); + return(ret); + } +#endif diff --git a/package/network/services/ead/src/tinysrp/bn_lcl.h b/package/network/services/ead/src/tinysrp/bn_lcl.h new file mode 100644 index 0000000..129ad65 --- /dev/null +++ b/package/network/services/ead/src/tinysrp/bn_lcl.h @@ -0,0 +1,419 @@ +/* crypto/bn/bn_lcl.h */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ +/* ==================================================================== + * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@openssl.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.openssl.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * + */ + +#ifndef HEADER_BN_LCL_H +#define HEADER_BN_LCL_H + +#include <bn.h> + +#ifdef __cplusplus +extern "C" { +#endif + + +/* + * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions + * + * + * For window size 'w' (w >= 2) and a random 'b' bits exponent, + * the number of multiplications is a constant plus on average + * + * 2^(w-1) + (b-w)/(w+1); + * + * here 2^(w-1) is for precomputing the table (we actually need + * entries only for windows that have the lowest bit set), and + * (b-w)/(w+1) is an approximation for the expected number of + * w-bit windows, not counting the first one. + * + * Thus we should use + * + * w >= 6 if b > 671 + * w = 5 if 671 > b > 239 + * w = 4 if 239 > b > 79 + * w = 3 if 79 > b > 23 + * w <= 2 if 23 > b + * + * (with draws in between). Very small exponents are often selected + * with low Hamming weight, so we use w = 1 for b <= 23. + */ +#if 1 +#define BN_window_bits_for_exponent_size(b) \ + ((b) > 671 ? 6 : \ + (b) > 239 ? 5 : \ + (b) > 79 ? 4 : \ + (b) > 23 ? 3 : 1) +#else +/* Old SSLeay/OpenSSL table. + * Maximum window size was 5, so this table differs for b==1024; + * but it coincides for other interesting values (b==160, b==512). + */ +#define BN_window_bits_for_exponent_size(b) \ + ((b) > 255 ? 5 : \ + (b) > 127 ? 4 : \ + (b) > 17 ? 3 : 1) +#endif + + + +/* Pentium pro 16,16,16,32,64 */ +/* Alpha 16,16,16,16.64 */ +#define BN_MULL_SIZE_NORMAL (16) /* 32 */ +#define BN_MUL_RECURSIVE_SIZE_NORMAL (16) /* 32 less than */ +#define BN_SQR_RECURSIVE_SIZE_NORMAL (16) /* 32 */ +#define BN_MUL_LOW_RECURSIVE_SIZE_NORMAL (32) /* 32 */ +#define BN_MONT_CTX_SET_SIZE_WORD (64) /* 32 */ + +#if !defined(NO_ASM) && !defined(NO_INLINE_ASM) && !defined(PEDANTIC) +/* + * BN_UMULT_HIGH section. + * + * No, I'm not trying to overwhelm you when stating that the + * product of N-bit numbers is 2*N bits wide:-) No, I don't expect + * you to be impressed when I say that if the compiler doesn't + * support 2*N integer type, then you have to replace every N*N + * multiplication with 4 (N/2)*(N/2) accompanied by some shifts + * and additions which unavoidably results in severe performance + * penalties. Of course provided that the hardware is capable of + * producing 2*N result... That's when you normally start + * considering assembler implementation. However! It should be + * pointed out that some CPUs (most notably Alpha, PowerPC and + * upcoming IA-64 family:-) provide *separate* instruction + * calculating the upper half of the product placing the result + * into a general purpose register. Now *if* the compiler supports + * inline assembler, then it's not impossible to implement the + * "bignum" routines (and have the compiler optimize 'em) + * exhibiting "native" performance in C. That's what BN_UMULT_HIGH + * macro is about:-) + * + * <appro@fy.chalmers.se> + */ +# if defined(__alpha) && (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT)) +# if defined(__DECC) +# include <c_asm.h> +# define BN_UMULT_HIGH(a,b) (BN_ULONG)asm("umulh %a0,%a1,%v0",(a),(b)) +# elif defined(__GNUC__) +# define BN_UMULT_HIGH(a,b) ({ \ + register BN_ULONG ret; \ + asm ("umulh %1,%2,%0" \ + : "=r"(ret) \ + : "r"(a), "r"(b)); \ + ret; }) +# endif /* compiler */ +# elif defined(_ARCH_PPC) && defined(__64BIT__) && defined(SIXTY_FOUR_BIT_LONG) +# if defined(__GNUC__) +# define BN_UMULT_HIGH(a,b) ({ \ + register BN_ULONG ret; \ + asm ("mulhdu %0,%1,%2" \ + : "=r"(ret) \ + : "r"(a), "r"(b)); \ + ret; }) +# endif /* compiler */ +# endif /* cpu */ +#endif /* NO_ASM */ + +/************************************************************* + * Using the long long type + */ +#define Lw(t) (((BN_ULONG)(t))&BN_MASK2) +#define Hw(t) (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2) + +/* This is used for internal error checking and is not normally used */ +#ifdef BN_DEBUG +# include <assert.h> +# define bn_check_top(a) assert ((a)->top >= 0 && (a)->top <= (a)->dmax); +#else +# define bn_check_top(a) +#endif + +/* This macro is to add extra stuff for development checking */ +#ifdef BN_DEBUG +#define bn_set_max(r) ((r)->max=(r)->top,BN_set_flags((r),BN_FLG_STATIC_DATA)) +#else +#define bn_set_max(r) +#endif + +/* These macros are used to 'take' a section of a bignum for read only use */ +#define bn_set_low(r,a,n) \ + { \ + (r)->top=((a)->top > (n))?(n):(a)->top; \ + (r)->d=(a)->d; \ + (r)->neg=(a)->neg; \ + (r)->flags|=BN_FLG_STATIC_DATA; \ + bn_set_max(r); \ + } + +#define bn_set_high(r,a,n) \ + { \ + if ((a)->top > (n)) \ + { \ + (r)->top=(a)->top-n; \ + (r)->d= &((a)->d[n]); \ + } \ + else \ + (r)->top=0; \ + (r)->neg=(a)->neg; \ + (r)->flags|=BN_FLG_STATIC_DATA; \ + bn_set_max(r); \ + } + +#ifdef BN_LLONG +#define mul_add(r,a,w,c) { \ + BN_ULLONG t; \ + t=(BN_ULLONG)w * (a) + (r) + (c); \ + (r)= Lw(t); \ + (c)= Hw(t); \ + } + +#define mul(r,a,w,c) { \ + BN_ULLONG t; \ + t=(BN_ULLONG)w * (a) + (c); \ + (r)= Lw(t); \ + (c)= Hw(t); \ + } + +#define sqr(r0,r1,a) { \ + BN_ULLONG t; \ + t=(BN_ULLONG)(a)*(a); \ + (r0)=Lw(t); \ + (r1)=Hw(t); \ + } + +#elif defined(BN_UMULT_HIGH) +#define mul_add(r,a,w,c) { \ + BN_ULONG high,low,ret,tmp=(a); \ + ret = (r); \ + high= BN_UMULT_HIGH(w,tmp); \ + ret += (c); \ + low = (w) * tmp; \ + (c) = (ret<(c))?1:0; \ + (c) += high; \ + ret += low; \ + (c) += (ret<low)?1:0; \ + (r) = ret; \ + } + +#define mul(r,a,w,c) { \ + BN_ULONG high,low,ret,ta=(a); \ + low = (w) * ta; \ + high= BN_UMULT_HIGH(w,ta); \ + ret = low + (c); \ + (c) = high; \ + (c) += (ret<low)?1:0; \ + (r) = ret; \ + } + +#define sqr(r0,r1,a) { \ + BN_ULONG tmp=(a); \ + (r0) = tmp * tmp; \ + (r1) = BN_UMULT_HIGH(tmp,tmp); \ + } + +#else +/************************************************************* + * No long long type + */ + +#define LBITS(a) ((a)&BN_MASK2l) +#define HBITS(a) (((a)>>BN_BITS4)&BN_MASK2l) +#define L2HBITS(a) ((BN_ULONG)((a)&BN_MASK2l)<<BN_BITS4) + +#define LLBITS(a) ((a)&BN_MASKl) +#define LHBITS(a) (((a)>>BN_BITS2)&BN_MASKl) +#define LL2HBITS(a) ((BN_ULLONG)((a)&BN_MASKl)<<BN_BITS2) + +#define mul64(l,h,bl,bh) \ + { \ + BN_ULONG m,m1,lt,ht; \ + \ + lt=l; \ + ht=h; \ + m =(bh)*(lt); \ + lt=(bl)*(lt); \ + m1=(bl)*(ht); \ + ht =(bh)*(ht); \ + m=(m+m1)&BN_MASK2; if (m < m1) ht+=L2HBITS(1L); \ + ht+=HBITS(m); \ + m1=L2HBITS(m); \ + lt=(lt+m1)&BN_MASK2; if (lt < m1) ht++; \ + (l)=lt; \ + (h)=ht; \ + } + +#define sqr64(lo,ho,in) \ + { \ + BN_ULONG l,h,m; \ + \ + h=(in); \ + l=LBITS(h); \ + h=HBITS(h); \ + m =(l)*(h); \ + l*=l; \ + h*=h; \ + h+=(m&BN_MASK2h1)>>(BN_BITS4-1); \ + m =(m&BN_MASK2l)<<(BN_BITS4+1); \ + l=(l+m)&BN_MASK2; if (l < m) h++; \ + (lo)=l; \ + (ho)=h; \ + } + +#define mul_add(r,a,bl,bh,c) { \ + BN_ULONG l,h; \ + \ + h= (a); \ + l=LBITS(h); \ + h=HBITS(h); \ + mul64(l,h,(bl),(bh)); \ + \ + /* non-multiply part */ \ + l=(l+(c))&BN_MASK2; if (l < (c)) h++; \ + (c)=(r); \ + l=(l+(c))&BN_MASK2; if (l < (c)) h++; \ + (c)=h&BN_MASK2; \ + (r)=l; \ + } + +#define mul(r,a,bl,bh,c) { \ + BN_ULONG l,h; \ + \ + h= (a); \ + l=LBITS(h); \ + h=HBITS(h); \ + mul64(l,h,(bl),(bh)); \ + \ + /* non-multiply part */ \ + l+=(c); if ((l&BN_MASK2) < (c)) h++; \ + (c)=h&BN_MASK2; \ + (r)=l&BN_MASK2; \ + } +#endif /* !BN_LLONG */ + +void bn_mul_normal(BN_ULONG *r,BN_ULONG *a,int na,BN_ULONG *b,int nb); +void bn_mul_comba8(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b); +void bn_mul_comba4(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b); +void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp); +void bn_sqr_comba8(BN_ULONG *r,BN_ULONG *a); +void bn_sqr_comba4(BN_ULONG *r,BN_ULONG *a); +int bn_cmp_words(BN_ULONG *a,BN_ULONG *b,int n); +void bn_mul_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2,BN_ULONG *t); +void bn_mul_part_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, + int tn, int n,BN_ULONG *t); +void bn_sqr_recursive(BN_ULONG *r,BN_ULONG *a, int n2, BN_ULONG *t); +void bn_mul_low_normal(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, int n); +void bn_mul_low_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2, + BN_ULONG *t); +void bn_mul_high(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,BN_ULONG *l,int n2, + BN_ULONG *t); + +#ifdef __cplusplus +} +#endif + +#endif diff --git a/package/network/services/ead/src/tinysrp/bn_lib.c b/package/network/services/ead/src/tinysrp/bn_lib.c new file mode 100644 index 0000000..cfa0d75 --- /dev/null +++ b/package/network/services/ead/src/tinysrp/bn_lib.c @@ -0,0 +1,576 @@ +/* crypto/bn/bn_lib.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef BN_DEBUG +# undef NDEBUG /* avoid conflicting definitions */ +# define NDEBUG +#endif + +#include <assert.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include "bn_lcl.h" + +const char *BN_version="Big Number"; + +/* For a 32 bit machine + * 2 - 4 == 128 + * 3 - 8 == 256 + * 4 - 16 == 512 + * 5 - 32 == 1024 + * 6 - 64 == 2048 + * 7 - 128 == 4096 + * 8 - 256 == 8192 + */ +static int bn_limit_bits=0; +static int bn_limit_num=8; /* (1<<bn_limit_bits) */ +static int bn_limit_bits_low=0; +static int bn_limit_num_low=8; /* (1<<bn_limit_bits_low) */ +static int bn_limit_bits_high=0; +static int bn_limit_num_high=8; /* (1<<bn_limit_bits_high) */ +static int bn_limit_bits_mont=0; +static int bn_limit_num_mont=8; /* (1<<bn_limit_bits_mont) */ + +int BN_num_bits_word(BN_ULONG l) + { + static const char bits[256]={ + 0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4, + 5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5, + 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6, + 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6, + 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7, + 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7, + 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7, + 7,7,7,7,7,7,7,7,7,7,7,7,7,7,7,7, + 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, + 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, + 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, + 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, + 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, + 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, + 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, + 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, + }; + +#if defined(SIXTY_FOUR_BIT_LONG) + if (l & 0xffffffff00000000L) + { + if (l & 0xffff000000000000L) + { + if (l & 0xff00000000000000L) + { + return(bits[(int)(l>>56)]+56); + } + else return(bits[(int)(l>>48)]+48); + } + else + { + if (l & 0x0000ff0000000000L) + { + return(bits[(int)(l>>40)]+40); + } + else return(bits[(int)(l>>32)]+32); + } + } + else +#else +#ifdef SIXTY_FOUR_BIT + if (l & 0xffffffff00000000LL) + { + if (l & 0xffff000000000000LL) + { + if (l & 0xff00000000000000LL) + { + return(bits[(int)(l>>56)]+56); + } + else return(bits[(int)(l>>48)]+48); + } + else + { + if (l & 0x0000ff0000000000LL) + { + return(bits[(int)(l>>40)]+40); + } + else return(bits[(int)(l>>32)]+32); + } + } + else +#endif +#endif + { +#if defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) + if (l & 0xffff0000L) + { + if (l & 0xff000000L) + return(bits[(int)(l>>24L)]+24); + else return(bits[(int)(l>>16L)]+16); + } + else +#endif + { +#if defined(SIXTEEN_BIT) || defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) + if (l & 0xff00L) + return(bits[(int)(l>>8)]+8); + else +#endif + return(bits[(int)(l )] ); + } + } + } + +int BN_num_bits(const BIGNUM *a) + { + BN_ULONG l; + int i; + + bn_check_top(a); + + if (a->top == 0) return(0); + l=a->d[a->top-1]; + assert(l != 0); + i=(a->top-1)*BN_BITS2; + return(i+BN_num_bits_word(l)); + } + +void BN_clear_free(BIGNUM *a) + { + int i; + + if (a == NULL) return; + if (a->d != NULL) + { + memset(a->d,0,a->dmax*sizeof(a->d[0])); + if (!(BN_get_flags(a,BN_FLG_STATIC_DATA))) + free(a->d); + } + i=BN_get_flags(a,BN_FLG_MALLOCED); + memset(a,0,sizeof(BIGNUM)); + if (i) + free(a); + } + +void BN_free(BIGNUM *a) + { + if (a == NULL) return; + if ((a->d != NULL) && !(BN_get_flags(a,BN_FLG_STATIC_DATA))) + free(a->d); + a->flags|=BN_FLG_FREE; /* REMOVE? */ + if (a->flags & BN_FLG_MALLOCED) + free(a); + } + +void BN_init(BIGNUM *a) + { + memset(a,0,sizeof(BIGNUM)); + } + +BIGNUM *BN_new(void) + { + BIGNUM *ret; + + if ((ret=(BIGNUM *)malloc(sizeof(BIGNUM))) == NULL) + { + return(NULL); + } + ret->flags=BN_FLG_MALLOCED; + ret->top=0; + ret->neg=0; + ret->dmax=0; + ret->d=NULL; + return(ret); + } + +/* This is an internal function that should not be used in applications. + * It ensures that 'b' has enough room for a 'words' word number number. + * It is mostly used by the various BIGNUM routines. If there is an error, + * NULL is returned. If not, 'b' is returned. */ + +BIGNUM *bn_expand2(BIGNUM *b, int words) + { + BN_ULONG *A,*a; + const BN_ULONG *B; + int i; + + bn_check_top(b); + + if (words > b->dmax) + { + bn_check_top(b); + if (BN_get_flags(b,BN_FLG_STATIC_DATA)) + { + return(NULL); + } + a=A=(BN_ULONG *)malloc(sizeof(BN_ULONG)*(words+1)); + if (A == NULL) + { + return(NULL); + } +#if 1 + B=b->d; + /* Check if the previous number needs to be copied */ + if (B != NULL) + { +#if 0 + /* This lot is an unrolled loop to copy b->top + * BN_ULONGs from B to A + */ +/* + * I have nothing against unrolling but it's usually done for + * several reasons, namely: + * - minimize percentage of decision making code, i.e. branches; + * - avoid cache trashing; + * - make it possible to schedule loads earlier; + * Now let's examine the code below. The cornerstone of C is + * "programmer is always right" and that's what we love it for:-) + * For this very reason C compilers have to be paranoid when it + * comes to data aliasing and assume the worst. Yeah, but what + * does it mean in real life? This means that loop body below will + * be compiled to sequence of loads immediately followed by stores + * as compiler assumes the worst, something in A==B+1 style. As a + * result CPU pipeline is going to starve for incoming data. Secondly + * if A and B happen to share same cache line such code is going to + * cause severe cache trashing. Both factors have severe impact on + * performance of modern CPUs and this is the reason why this + * particular piece of code is #ifdefed away and replaced by more + * "friendly" version found in #else section below. This comment + * also applies to BN_copy function. + * + * <appro@fy.chalmers.se> + */ + for (i=b->top&(~7); i>0; i-=8) + { + A[0]=B[0]; A[1]=B[1]; A[2]=B[2]; A[3]=B[3]; + A[4]=B[4]; A[5]=B[5]; A[6]=B[6]; A[7]=B[7]; + A+=8; + B+=8; + } + switch (b->top&7) + { + case 7: + A[6]=B[6]; + case 6: + A[5]=B[5]; + case 5: + A[4]=B[4]; + case 4: + A[3]=B[3]; + case 3: + A[2]=B[2]; + case 2: + A[1]=B[1]; + case 1: + A[0]=B[0]; + case 0: + /* I need the 'case 0' entry for utrix cc. + * If the optimizer is turned on, it does the + * switch table by doing + * a=top&7 + * a--; + * goto jump_table[a]; + * If top is 0, this makes us jump to 0xffffffc + * which is rather bad :-(. + * eric 23-Apr-1998 + */ + ; + } +#else + for (i=b->top>>2; i>0; i--,A+=4,B+=4) + { + /* + * The fact that the loop is unrolled + * 4-wise is a tribute to Intel. It's + * the one that doesn't have enough + * registers to accomodate more data. + * I'd unroll it 8-wise otherwise:-) + * + * <appro@fy.chalmers.se> + */ + BN_ULONG a0,a1,a2,a3; + a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3]; + A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3; + } + switch (b->top&3) + { + case 3: A[2]=B[2]; + case 2: A[1]=B[1]; + case 1: A[0]=B[0]; + case 0: ; /* ultrix cc workaround, see above */ + } +#endif + free(b->d); + } + + b->d=a; + b->dmax=words; + + /* Now need to zero any data between b->top and b->max */ + + A= &(b->d[b->top]); + for (i=(b->dmax - b->top)>>3; i>0; i--,A+=8) + { + A[0]=0; A[1]=0; A[2]=0; A[3]=0; + A[4]=0; A[5]=0; A[6]=0; A[7]=0; + } + for (i=(b->dmax - b->top)&7; i>0; i--,A++) + A[0]=0; +#else + memset(A,0,sizeof(BN_ULONG)*(words+1)); + memcpy(A,b->d,sizeof(b->d[0])*b->top); + b->d=a; + b->max=words; +#endif + +/* memset(&(p[b->max]),0,((words+1)-b->max)*sizeof(BN_ULONG)); */ +/* { int i; for (i=b->max; i<words+1; i++) p[i]=i;} */ + + } + return(b); + } + +BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) + { + int i; + BN_ULONG *A; + const BN_ULONG *B; + + bn_check_top(b); + + if (a == b) return(a); + if (bn_wexpand(a,b->top) == NULL) return(NULL); + +#if 1 + A=a->d; + B=b->d; + for (i=b->top>>2; i>0; i--,A+=4,B+=4) + { + BN_ULONG a0,a1,a2,a3; + a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3]; + A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3; + } + switch (b->top&3) + { + case 3: A[2]=B[2]; + case 2: A[1]=B[1]; + case 1: A[0]=B[0]; + case 0: ; /* ultrix cc workaround, see comments in bn_expand2 */ + } +#else + memcpy(a->d,b->d,sizeof(b->d[0])*b->top); +#endif + +/* memset(&(a->d[b->top]),0,sizeof(a->d[0])*(a->max-b->top));*/ + a->top=b->top; + if ((a->top == 0) && (a->d != NULL)) + a->d[0]=0; + a->neg=b->neg; + return(a); + } + +int BN_set_word(BIGNUM *a, BN_ULONG w) + { + int i,n; + if (bn_expand(a,sizeof(BN_ULONG)*8) == NULL) return(0); + + n=sizeof(BN_ULONG)/BN_BYTES; + a->neg=0; + a->top=0; + a->d[0]=(BN_ULONG)w&BN_MASK2; + if (a->d[0] != 0) a->top=1; + for (i=1; i<n; i++) + { + /* the following is done instead of + * w>>=BN_BITS2 so compilers don't complain + * on builds where sizeof(long) == BN_TYPES */ +#ifndef SIXTY_FOUR_BIT /* the data item > unsigned long */ + w>>=BN_BITS4; + w>>=BN_BITS4; +#else + w=0; +#endif + a->d[i]=(BN_ULONG)w&BN_MASK2; + if (a->d[i] != 0) a->top=i+1; + } + return(1); + } + +/* ignore negative */ +BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) + { + unsigned int i,m; + unsigned int n; + BN_ULONG l; + + if (ret == NULL) ret=BN_new(); + if (ret == NULL) return(NULL); + l=0; + n=len; + if (n == 0) + { + ret->top=0; + return(ret); + } + if (bn_expand(ret,(int)(n+2)*8) == NULL) + return(NULL); + i=((n-1)/BN_BYTES)+1; + m=((n-1)%(BN_BYTES)); + ret->top=i; + while (n-- > 0) + { + l=(l<<8L)| *(s++); + if (m-- == 0) + { + ret->d[--i]=l; + l=0; + m=BN_BYTES-1; + } + } + /* need to call this due to clear byte at top if avoiding + * having the top bit set (-ve number) */ + bn_fix_top(ret); + return(ret); + } + +/* ignore negative */ +int BN_bn2bin(const BIGNUM *a, unsigned char *to) + { + int n,i; + BN_ULONG l; + + n=i=BN_num_bytes(a); + while (i-- > 0) + { + l=a->d[i/BN_BYTES]; + *(to++)=(unsigned char)(l>>(8*(i%BN_BYTES)))&0xff; + } + return(n); + } + +int BN_ucmp(const BIGNUM *a, const BIGNUM *b) + { + int i; + BN_ULONG t1,t2,*ap,*bp; + + bn_check_top(a); + bn_check_top(b); + + i=a->top-b->top; + if (i != 0) return(i); + ap=a->d; + bp=b->d; + for (i=a->top-1; i>=0; i--) + { + t1= ap[i]; + t2= bp[i]; + if (t1 != t2) + return(t1 > t2?1:-1); + } + return(0); + } + +int BN_cmp(const BIGNUM *a, const BIGNUM *b) + { + int i; + int gt,lt; + BN_ULONG t1,t2; + + if ((a == NULL) || (b == NULL)) + { + if (a != NULL) + return(-1); + else if (b != NULL) + return(1); + else + return(0); + } + + bn_check_top(a); + bn_check_top(b); + + if (a->neg != b->neg) + { + if (a->neg) + return(-1); + else return(1); + } + if (a->neg == 0) + { gt=1; lt= -1; } + else { gt= -1; lt=1; } + + if (a->top > b->top) return(gt); + if (a->top < b->top) return(lt); + for (i=a->top-1; i>=0; i--) + { + t1=a->d[i]; + t2=b->d[i]; + if (t1 > t2) return(gt); + if (t1 < t2) return(lt); + } + return(0); + } + +int BN_is_bit_set(const BIGNUM *a, int n) + { + int i,j; + + if (n < 0) return(0); + i=n/BN_BITS2; + j=n%BN_BITS2; + if (a->top <= i) return(0); + return((a->d[i]&(((BN_ULONG)1)<<j))?1:0); + } diff --git a/package/network/services/ead/src/tinysrp/bn_mul.c b/package/network/services/ead/src/tinysrp/bn_mul.c new file mode 100644 index 0000000..92330e5 --- /dev/null +++ b/package/network/services/ead/src/tinysrp/bn_mul.c @@ -0,0 +1,172 @@ +/* crypto/bn/bn_mul.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <string.h> +#include "bn_lcl.h" + +int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx) + { + int top,al,bl; + BIGNUM *rr; + int ret = 0; +#if defined(BN_MUL_COMBA) || defined(BN_RECURSION) + int i; +#endif + +#ifdef BN_COUNT + printf("BN_mul %d * %d\n",a->top,b->top); +#endif + + bn_check_top(a); + bn_check_top(b); + bn_check_top(r); + + al=a->top; + bl=b->top; + + if ((al == 0) || (bl == 0)) + { + BN_zero(r); + return(1); + } + top=al+bl; + + BN_CTX_start(ctx); + if ((r == a) || (r == b)) + { + if ((rr = BN_CTX_get(ctx)) == NULL) goto err; + } + else + rr = r; + rr->neg=a->neg^b->neg; + +#if defined(BN_MUL_COMBA) || defined(BN_RECURSION) + i = al-bl; +#endif +#ifdef BN_MUL_COMBA + if (i == 0) + { +# if 0 + if (al == 4) + { + if (bn_wexpand(rr,8) == NULL) goto err; + rr->top=8; + bn_mul_comba4(rr->d,a->d,b->d); + goto end; + } +# endif + if (al == 8) + { + if (bn_wexpand(rr,16) == NULL) goto err; + rr->top=16; + bn_mul_comba8(rr->d,a->d,b->d); + goto end; + } + } +#endif /* BN_MUL_COMBA */ + if (bn_wexpand(rr,top) == NULL) goto err; + rr->top=top; + bn_mul_normal(rr->d,a->d,al,b->d,bl); + +#if defined(BN_MUL_COMBA) || defined(BN_RECURSION) +end: +#endif + bn_fix_top(rr); + if (r != rr) BN_copy(r,rr); + ret=1; +err: + BN_CTX_end(ctx); + return(ret); + } + +void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb) + { + BN_ULONG *rr; + +#ifdef BN_COUNT + printf(" bn_mul_normal %d * %d\n",na,nb); +#endif + + if (na < nb) + { + int itmp; + BN_ULONG *ltmp; + + itmp=na; na=nb; nb=itmp; + ltmp=a; a=b; b=ltmp; + + } + rr= &(r[na]); + rr[0]=bn_mul_words(r,a,na,b[0]); + + for (;;) + { + if (--nb <= 0) return; + rr[1]=bn_mul_add_words(&(r[1]),a,na,b[1]); + if (--nb <= 0) return; + rr[2]=bn_mul_add_words(&(r[2]),a,na,b[2]); + if (--nb <= 0) return; + rr[3]=bn_mul_add_words(&(r[3]),a,na,b[3]); + if (--nb <= 0) return; + rr[4]=bn_mul_add_words(&(r[4]),a,na,b[4]); + rr+=4; + r+=4; + b+=4; + } + } diff --git a/package/network/services/ead/src/tinysrp/bn_prime.h b/package/network/services/ead/src/tinysrp/bn_prime.h new file mode 100644 index 0000000..b7cf9a9 --- /dev/null +++ b/package/network/services/ead/src/tinysrp/bn_prime.h @@ -0,0 +1,325 @@ +/* Auto generated by bn_prime.pl */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#ifndef EIGHT_BIT +#define NUMPRIMES 2048 +#else +#define NUMPRIMES 54 +#endif +static const unsigned int primes[NUMPRIMES]= + { + 2, 3, 5, 7, 11, 13, 17, 19, + 23, 29, 31, 37, 41, 43, 47, 53, + 59, 61, 67, 71, 73, 79, 83, 89, + 97, 101, 103, 107, 109, 113, 127, 131, + 137, 139, 149, 151, 157, 163, 167, 173, + 179, 181, 191, 193, 197, 199, 211, 223, + 227, 229, 233, 239, 241, 251, +#ifndef EIGHT_BIT + 257, 263, + 269, 271, 277, 281, 283, 293, 307, 311, + 313, 317, 331, 337, 347, 349, 353, 359, + 367, 373, 379, 383, 389, 397, 401, 409, + 419, 421, 431, 433, 439, 443, 449, 457, + 461, 463, 467, 479, 487, 491, 499, 503, + 509, 521, 523, 541, 547, 557, 563, 569, + 571, 577, 587, 593, 599, 601, 607, 613, + 617, 619, 631, 641, 643, 647, 653, 659, + 661, 673, 677, 683, 691, 701, 709, 719, + 727, 733, 739, 743, 751, 757, 761, 769, + 773, 787, 797, 809, 811, 821, 823, 827, + 829, 839, 853, 857, 859, 863, 877, 881, + 883, 887, 907, 911, 919, 929, 937, 941, + 947, 953, 967, 971, 977, 983, 991, 997, + 1009,1013,1019,1021,1031,1033,1039,1049, + 1051,1061,1063,1069,1087,1091,1093,1097, + 1103,1109,1117,1123,1129,1151,1153,1163, + 1171,1181,1187,1193,1201,1213,1217,1223, + 1229,1231,1237,1249,1259,1277,1279,1283, + 1289,1291,1297,1301,1303,1307,1319,1321, + 1327,1361,1367,1373,1381,1399,1409,1423, + 1427,1429,1433,1439,1447,1451,1453,1459, + 1471,1481,1483,1487,1489,1493,1499,1511, + 1523,1531,1543,1549,1553,1559,1567,1571, + 1579,1583,1597,1601,1607,1609,1613,1619, + 1621,1627,1637,1657,1663,1667,1669,1693, + 1697,1699,1709,1721,1723,1733,1741,1747, + 1753,1759,1777,1783,1787,1789,1801,1811, + 1823,1831,1847,1861,1867,1871,1873,1877, + 1879,1889,1901,1907,1913,1931,1933,1949, + 1951,1973,1979,1987,1993,1997,1999,2003, + 2011,2017,2027,2029,2039,2053,2063,2069, + 2081,2083,2087,2089,2099,2111,2113,2129, + 2131,2137,2141,2143,2153,2161,2179,2203, + 2207,2213,2221,2237,2239,2243,2251,2267, + 2269,2273,2281,2287,2293,2297,2309,2311, + 2333,2339,2341,2347,2351,2357,2371,2377, + 2381,2383,2389,2393,2399,2411,2417,2423, + 2437,2441,2447,2459,2467,2473,2477,2503, + 2521,2531,2539,2543,2549,2551,2557,2579, + 2591,2593,2609,2617,2621,2633,2647,2657, + 2659,2663,2671,2677,2683,2687,2689,2693, + 2699,2707,2711,2713,2719,2729,2731,2741, + 2749,2753,2767,2777,2789,2791,2797,2801, + 2803,2819,2833,2837,2843,2851,2857,2861, + 2879,2887,2897,2903,2909,2917,2927,2939, + 2953,2957,2963,2969,2971,2999,3001,3011, + 3019,3023,3037,3041,3049,3061,3067,3079, + 3083,3089,3109,3119,3121,3137,3163,3167, + 3169,3181,3187,3191,3203,3209,3217,3221, + 3229,3251,3253,3257,3259,3271,3299,3301, + 3307,3313,3319,3323,3329,3331,3343,3347, + 3359,3361,3371,3373,3389,3391,3407,3413, + 3433,3449,3457,3461,3463,3467,3469,3491, + 3499,3511,3517,3527,3529,3533,3539,3541, + 3547,3557,3559,3571,3581,3583,3593,3607, + 3613,3617,3623,3631,3637,3643,3659,3671, + 3673,3677,3691,3697,3701,3709,3719,3727, + 3733,3739,3761,3767,3769,3779,3793,3797, + 3803,3821,3823,3833,3847,3851,3853,3863, + 3877,3881,3889,3907,3911,3917,3919,3923, + 3929,3931,3943,3947,3967,3989,4001,4003, + 4007,4013,4019,4021,4027,4049,4051,4057, + 4073,4079,4091,4093,4099,4111,4127,4129, + 4133,4139,4153,4157,4159,4177,4201,4211, + 4217,4219,4229,4231,4241,4243,4253,4259, + 4261,4271,4273,4283,4289,4297,4327,4337, + 4339,4349,4357,4363,4373,4391,4397,4409, + 4421,4423,4441,4447,4451,4457,4463,4481, + 4483,4493,4507,4513,4517,4519,4523,4547, + 4549,4561,4567,4583,4591,4597,4603,4621, + 4637,4639,4643,4649,4651,4657,4663,4673, + 4679,4691,4703,4721,4723,4729,4733,4751, + 4759,4783,4787,4789,4793,4799,4801,4813, + 4817,4831,4861,4871,4877,4889,4903,4909, + 4919,4931,4933,4937,4943,4951,4957,4967, + 4969,4973,4987,4993,4999,5003,5009,5011, + 5021,5023,5039,5051,5059,5077,5081,5087, + 5099,5101,5107,5113,5119,5147,5153,5167, + 5171,5179,5189,5197,5209,5227,5231,5233, + 5237,5261,5273,5279,5281,5297,5303,5309, + 5323,5333,5347,5351,5381,5387,5393,5399, + 5407,5413,5417,5419,5431,5437,5441,5443, + 5449,5471,5477,5479,5483,5501,5503,5507, + 5519,5521,5527,5531,5557,5563,5569,5573, + 5581,5591,5623,5639,5641,5647,5651,5653, + 5657,5659,5669,5683,5689,5693,5701,5711, + 5717,5737,5741,5743,5749,5779,5783,5791, + 5801,5807,5813,5821,5827,5839,5843,5849, + 5851,5857,5861,5867,5869,5879,5881,5897, + 5903,5923,5927,5939,5953,5981,5987,6007, + 6011,6029,6037,6043,6047,6053,6067,6073, + 6079,6089,6091,6101,6113,6121,6131,6133, + 6143,6151,6163,6173,6197,6199,6203,6211, + 6217,6221,6229,6247,6257,6263,6269,6271, + 6277,6287,6299,6301,6311,6317,6323,6329, + 6337,6343,6353,6359,6361,6367,6373,6379, + 6389,6397,6421,6427,6449,6451,6469,6473, + 6481,6491,6521,6529,6547,6551,6553,6563, + 6569,6571,6577,6581,6599,6607,6619,6637, + 6653,6659,6661,6673,6679,6689,6691,6701, + 6703,6709,6719,6733,6737,6761,6763,6779, + 6781,6791,6793,6803,6823,6827,6829,6833, + 6841,6857,6863,6869,6871,6883,6899,6907, + 6911,6917,6947,6949,6959,6961,6967,6971, + 6977,6983,6991,6997,7001,7013,7019,7027, + 7039,7043,7057,7069,7079,7103,7109,7121, + 7127,7129,7151,7159,7177,7187,7193,7207, + 7211,7213,7219,7229,7237,7243,7247,7253, + 7283,7297,7307,7309,7321,7331,7333,7349, + 7351,7369,7393,7411,7417,7433,7451,7457, + 7459,7477,7481,7487,7489,7499,7507,7517, + 7523,7529,7537,7541,7547,7549,7559,7561, + 7573,7577,7583,7589,7591,7603,7607,7621, + 7639,7643,7649,7669,7673,7681,7687,7691, + 7699,7703,7717,7723,7727,7741,7753,7757, + 7759,7789,7793,7817,7823,7829,7841,7853, + 7867,7873,7877,7879,7883,7901,7907,7919, + 7927,7933,7937,7949,7951,7963,7993,8009, + 8011,8017,8039,8053,8059,8069,8081,8087, + 8089,8093,8101,8111,8117,8123,8147,8161, + 8167,8171,8179,8191,8209,8219,8221,8231, + 8233,8237,8243,8263,8269,8273,8287,8291, + 8293,8297,8311,8317,8329,8353,8363,8369, + 8377,8387,8389,8419,8423,8429,8431,8443, + 8447,8461,8467,8501,8513,8521,8527,8537, + 8539,8543,8563,8573,8581,8597,8599,8609, + 8623,8627,8629,8641,8647,8663,8669,8677, + 8681,8689,8693,8699,8707,8713,8719,8731, + 8737,8741,8747,8753,8761,8779,8783,8803, + 8807,8819,8821,8831,8837,8839,8849,8861, + 8863,8867,8887,8893,8923,8929,8933,8941, + 8951,8963,8969,8971,8999,9001,9007,9011, + 9013,9029,9041,9043,9049,9059,9067,9091, + 9103,9109,9127,9133,9137,9151,9157,9161, + 9173,9181,9187,9199,9203,9209,9221,9227, + 9239,9241,9257,9277,9281,9283,9293,9311, + 9319,9323,9337,9341,9343,9349,9371,9377, + 9391,9397,9403,9413,9419,9421,9431,9433, + 9437,9439,9461,9463,9467,9473,9479,9491, + 9497,9511,9521,9533,9539,9547,9551,9587, + 9601,9613,9619,9623,9629,9631,9643,9649, + 9661,9677,9679,9689,9697,9719,9721,9733, + 9739,9743,9749,9767,9769,9781,9787,9791, + 9803,9811,9817,9829,9833,9839,9851,9857, + 9859,9871,9883,9887,9901,9907,9923,9929, + 9931,9941,9949,9967,9973,10007,10009,10037, + 10039,10061,10067,10069,10079,10091,10093,10099, + 10103,10111,10133,10139,10141,10151,10159,10163, + 10169,10177,10181,10193,10211,10223,10243,10247, + 10253,10259,10267,10271,10273,10289,10301,10303, + 10313,10321,10331,10333,10337,10343,10357,10369, + 10391,10399,10427,10429,10433,10453,10457,10459, + 10463,10477,10487,10499,10501,10513,10529,10531, + 10559,10567,10589,10597,10601,10607,10613,10627, + 10631,10639,10651,10657,10663,10667,10687,10691, + 10709,10711,10723,10729,10733,10739,10753,10771, + 10781,10789,10799,10831,10837,10847,10853,10859, + 10861,10867,10883,10889,10891,10903,10909,10937, + 10939,10949,10957,10973,10979,10987,10993,11003, + 11027,11047,11057,11059,11069,11071,11083,11087, + 11093,11113,11117,11119,11131,11149,11159,11161, + 11171,11173,11177,11197,11213,11239,11243,11251, + 11257,11261,11273,11279,11287,11299,11311,11317, + 11321,11329,11351,11353,11369,11383,11393,11399, + 11411,11423,11437,11443,11447,11467,11471,11483, + 11489,11491,11497,11503,11519,11527,11549,11551, + 11579,11587,11593,11597,11617,11621,11633,11657, + 11677,11681,11689,11699,11701,11717,11719,11731, + 11743,11777,11779,11783,11789,11801,11807,11813, + 11821,11827,11831,11833,11839,11863,11867,11887, + 11897,11903,11909,11923,11927,11933,11939,11941, + 11953,11959,11969,11971,11981,11987,12007,12011, + 12037,12041,12043,12049,12071,12073,12097,12101, + 12107,12109,12113,12119,12143,12149,12157,12161, + 12163,12197,12203,12211,12227,12239,12241,12251, + 12253,12263,12269,12277,12281,12289,12301,12323, + 12329,12343,12347,12373,12377,12379,12391,12401, + 12409,12413,12421,12433,12437,12451,12457,12473, + 12479,12487,12491,12497,12503,12511,12517,12527, + 12539,12541,12547,12553,12569,12577,12583,12589, + 12601,12611,12613,12619,12637,12641,12647,12653, + 12659,12671,12689,12697,12703,12713,12721,12739, + 12743,12757,12763,12781,12791,12799,12809,12821, + 12823,12829,12841,12853,12889,12893,12899,12907, + 12911,12917,12919,12923,12941,12953,12959,12967, + 12973,12979,12983,13001,13003,13007,13009,13033, + 13037,13043,13049,13063,13093,13099,13103,13109, + 13121,13127,13147,13151,13159,13163,13171,13177, + 13183,13187,13217,13219,13229,13241,13249,13259, + 13267,13291,13297,13309,13313,13327,13331,13337, + 13339,13367,13381,13397,13399,13411,13417,13421, + 13441,13451,13457,13463,13469,13477,13487,13499, + 13513,13523,13537,13553,13567,13577,13591,13597, + 13613,13619,13627,13633,13649,13669,13679,13681, + 13687,13691,13693,13697,13709,13711,13721,13723, + 13729,13751,13757,13759,13763,13781,13789,13799, + 13807,13829,13831,13841,13859,13873,13877,13879, + 13883,13901,13903,13907,13913,13921,13931,13933, + 13963,13967,13997,13999,14009,14011,14029,14033, + 14051,14057,14071,14081,14083,14087,14107,14143, + 14149,14153,14159,14173,14177,14197,14207,14221, + 14243,14249,14251,14281,14293,14303,14321,14323, + 14327,14341,14347,14369,14387,14389,14401,14407, + 14411,14419,14423,14431,14437,14447,14449,14461, + 14479,14489,14503,14519,14533,14537,14543,14549, + 14551,14557,14561,14563,14591,14593,14621,14627, + 14629,14633,14639,14653,14657,14669,14683,14699, + 14713,14717,14723,14731,14737,14741,14747,14753, + 14759,14767,14771,14779,14783,14797,14813,14821, + 14827,14831,14843,14851,14867,14869,14879,14887, + 14891,14897,14923,14929,14939,14947,14951,14957, + 14969,14983,15013,15017,15031,15053,15061,15073, + 15077,15083,15091,15101,15107,15121,15131,15137, + 15139,15149,15161,15173,15187,15193,15199,15217, + 15227,15233,15241,15259,15263,15269,15271,15277, + 15287,15289,15299,15307,15313,15319,15329,15331, + 15349,15359,15361,15373,15377,15383,15391,15401, + 15413,15427,15439,15443,15451,15461,15467,15473, + 15493,15497,15511,15527,15541,15551,15559,15569, + 15581,15583,15601,15607,15619,15629,15641,15643, + 15647,15649,15661,15667,15671,15679,15683,15727, + 15731,15733,15737,15739,15749,15761,15767,15773, + 15787,15791,15797,15803,15809,15817,15823,15859, + 15877,15881,15887,15889,15901,15907,15913,15919, + 15923,15937,15959,15971,15973,15991,16001,16007, + 16033,16057,16061,16063,16067,16069,16073,16087, + 16091,16097,16103,16111,16127,16139,16141,16183, + 16187,16189,16193,16217,16223,16229,16231,16249, + 16253,16267,16273,16301,16319,16333,16339,16349, + 16361,16363,16369,16381,16411,16417,16421,16427, + 16433,16447,16451,16453,16477,16481,16487,16493, + 16519,16529,16547,16553,16561,16567,16573,16603, + 16607,16619,16631,16633,16649,16651,16657,16661, + 16673,16691,16693,16699,16703,16729,16741,16747, + 16759,16763,16787,16811,16823,16829,16831,16843, + 16871,16879,16883,16889,16901,16903,16921,16927, + 16931,16937,16943,16963,16979,16981,16987,16993, + 17011,17021,17027,17029,17033,17041,17047,17053, + 17077,17093,17099,17107,17117,17123,17137,17159, + 17167,17183,17189,17191,17203,17207,17209,17231, + 17239,17257,17291,17293,17299,17317,17321,17327, + 17333,17341,17351,17359,17377,17383,17387,17389, + 17393,17401,17417,17419,17431,17443,17449,17467, + 17471,17477,17483,17489,17491,17497,17509,17519, + 17539,17551,17569,17573,17579,17581,17597,17599, + 17609,17623,17627,17657,17659,17669,17681,17683, + 17707,17713,17729,17737,17747,17749,17761,17783, + 17789,17791,17807,17827,17837,17839,17851,17863, +#endif + }; diff --git a/package/network/services/ead/src/tinysrp/bn_shift.c b/package/network/services/ead/src/tinysrp/bn_shift.c new file mode 100644 index 0000000..f403720 --- /dev/null +++ b/package/network/services/ead/src/tinysrp/bn_shift.c @@ -0,0 +1,139 @@ +/* crypto/bn/bn_shift.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <string.h> +#include "bn_lcl.h" + +int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) + { + int i,nw,lb,rb; + BN_ULONG *t,*f; + BN_ULONG l; + + r->neg=a->neg; + if (bn_wexpand(r,a->top+(n/BN_BITS2)+1) == NULL) return(0); + nw=n/BN_BITS2; + lb=n%BN_BITS2; + rb=BN_BITS2-lb; + f=a->d; + t=r->d; + t[a->top+nw]=0; + if (lb == 0) + for (i=a->top-1; i>=0; i--) + t[nw+i]=f[i]; + else + for (i=a->top-1; i>=0; i--) + { + l=f[i]; + t[nw+i+1]|=(l>>rb)&BN_MASK2; + t[nw+i]=(l<<lb)&BN_MASK2; + } + memset(t,0,nw*sizeof(t[0])); +/* for (i=0; i<nw; i++) + t[i]=0;*/ + r->top=a->top+nw+1; + bn_fix_top(r); + return(1); + } + +int BN_rshift(BIGNUM *r, BIGNUM *a, int n) + { + int i,j,nw,lb,rb; + BN_ULONG *t,*f; + BN_ULONG l,tmp; + + nw=n/BN_BITS2; + rb=n%BN_BITS2; + lb=BN_BITS2-rb; + if (nw > a->top || a->top == 0) + { + BN_zero(r); + return(1); + } + if (r != a) + { + r->neg=a->neg; + if (bn_wexpand(r,a->top-nw+1) == NULL) return(0); + } + + f= &(a->d[nw]); + t=r->d; + j=a->top-nw; + r->top=j; + + if (rb == 0) + { + for (i=j+1; i > 0; i--) + *(t++)= *(f++); + } + else + { + l= *(f++); + for (i=1; i<j; i++) + { + tmp =(l>>rb)&BN_MASK2; + l= *(f++); + *(t++) =(tmp|(l<<lb))&BN_MASK2; + } + *(t++) =(l>>rb)&BN_MASK2; + } + *t=0; + bn_fix_top(r); + return(1); + } diff --git a/package/network/services/ead/src/tinysrp/bn_sqr.c b/package/network/services/ead/src/tinysrp/bn_sqr.c new file mode 100644 index 0000000..2d3db70 --- /dev/null +++ b/package/network/services/ead/src/tinysrp/bn_sqr.c @@ -0,0 +1,160 @@ +/* crypto/bn/bn_sqr.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include <string.h> +#include "bn_lcl.h" + +/* r must not be a */ +/* I've just gone over this and it is now %20 faster on x86 - eay - 27 Jun 96 */ +int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx) + { + int max,al; + int ret = 0; + BIGNUM *tmp,*rr; + +#ifdef BN_COUNT +printf("BN_sqr %d * %d\n",a->top,a->top); +#endif + bn_check_top(a); + + al=a->top; + if (al <= 0) + { + r->top=0; + return(1); + } + + BN_CTX_start(ctx); + rr=(a != r) ? r : BN_CTX_get(ctx); + tmp=BN_CTX_get(ctx); + if (tmp == NULL) goto err; + + max=(al+al); + if (bn_wexpand(rr,max+1) == NULL) goto err; + + r->neg=0; + if (al == 4) + { +#ifndef BN_SQR_COMBA + BN_ULONG t[8]; + bn_sqr_normal(rr->d,a->d,4,t); +#else + bn_sqr_comba4(rr->d,a->d); +#endif + } + else if (al == 8) + { +#ifndef BN_SQR_COMBA + BN_ULONG t[16]; + bn_sqr_normal(rr->d,a->d,8,t); +#else + bn_sqr_comba8(rr->d,a->d); +#endif + } + else + { + if (bn_wexpand(tmp,max) == NULL) goto err; + bn_sqr_normal(rr->d,a->d,al,tmp->d); + } + + rr->top=max; + if ((max > 0) && (rr->d[max-1] == 0)) rr->top--; + if (rr != r) BN_copy(r,rr); + ret = 1; + err: + BN_CTX_end(ctx); + return(ret); + } + +/* tmp must have 2*n words */ +void bn_sqr_normal(BN_ULONG *r, BN_ULONG *a, int n, BN_ULONG *tmp) + { + int i,j,max; + BN_ULONG *ap,*rp; + + max=n*2; + ap=a; + rp=r; + rp[0]=rp[max-1]=0; + rp++; + j=n; + + if (--j > 0) + { + ap++; + rp[j]=bn_mul_words(rp,ap,j,ap[-1]); + rp+=2; + } + + for (i=n-2; i>0; i--) + { + j--; + ap++; + rp[j]=bn_mul_add_words(rp,ap,j,ap[-1]); + rp+=2; + } + + bn_add_words(r,r,r,max); + + /* There will not be a carry */ + + bn_sqr_words(tmp,a,n); + + bn_add_words(r,r,tmp,max); + } diff --git a/package/network/services/ead/src/tinysrp/bn_word.c b/package/network/services/ead/src/tinysrp/bn_word.c new file mode 100644 index 0000000..7820e08 --- /dev/null +++ b/package/network/services/ead/src/tinysrp/bn_word.c @@ -0,0 +1,130 @@ +/* crypto/bn/bn_word.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include "bn_lcl.h" + +int BN_add_word(BIGNUM *a, BN_ULONG w) + { + BN_ULONG l; + int i; + + if (a->neg) + { + a->neg=0; + i=BN_sub_word(a,w); + if (!BN_is_zero(a)) + a->neg=!(a->neg); + return(i); + } + w&=BN_MASK2; + if (bn_wexpand(a,a->top+1) == NULL) return(0); + i=0; + for (;;) + { + l=(a->d[i]+(BN_ULONG)w)&BN_MASK2; + a->d[i]=l; + if (w > l) + w=1; + else + break; + i++; + } + if (i >= a->top) + a->top++; + return(1); + } + +int BN_sub_word(BIGNUM *a, BN_ULONG w) + { + int i; + + if (BN_is_zero(a) || a->neg) + { + a->neg=0; + i=BN_add_word(a,w); + a->neg=1; + return(i); + } + + w&=BN_MASK2; + if ((a->top == 1) && (a->d[0] < w)) + { + a->d[0]=w-a->d[0]; + a->neg=1; + return(1); + } + i=0; + for (;;) + { + if (a->d[i] >= w) + { + a->d[i]-=w; + break; + } + else + { + a->d[i]=(a->d[i]-w)&BN_MASK2; + i++; + w=1; + } + } + if ((a->d[i] == 0) && (i == (a->top-1))) + a->top--; + return(1); + } diff --git a/package/network/services/ead/src/tinysrp/clitest.c b/package/network/services/ead/src/tinysrp/clitest.c new file mode 100644 index 0000000..338f41f --- /dev/null +++ b/package/network/services/ead/src/tinysrp/clitest.c @@ -0,0 +1,110 @@ +/* + * Copyright (c) 1997-1999 The Stanford SRP Authentication Project + * All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, + * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY + * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + * + * IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL, + * INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER + * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF + * THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT + * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * In addition, the following conditions apply: + * + * 1. Any software that incorporates the SRP authentication technology + * must display the following acknowlegment: + * "This product uses the 'Secure Remote Password' cryptographic + * authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)." + * + * 2. Any software that incorporates all or part of the SRP distribution + * itself must also display the following acknowledgment: + * "This product includes software developed by Tom Wu and Eugene + * Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)." + * + * 3. Redistributions in source or binary form must retain an intact copy + * of this copyright notice and list of conditions. + */ + +#include <stdio.h> +#include "t_defines.h" +#include "t_pwd.h" +#include "t_client.h" + +int +main() +{ + int index; + struct t_client * tc; + struct t_preconf *tcp; + struct t_num s; + struct t_num B; + char username[MAXUSERLEN]; + char hexbuf[MAXHEXPARAMLEN]; + char buf1[MAXPARAMLEN], buf2[MAXPARAMLEN], buf3[MAXSALTLEN]; + unsigned char cbuf[20]; + struct t_num * A; + unsigned char * skey; + char pass[128]; + + printf("Enter username: "); + fgets(username, sizeof(username), stdin); + username[strlen(username) - 1] = '\0'; + printf("Enter index (from server): "); + fgets(hexbuf, sizeof(hexbuf), stdin); + index = atoi(hexbuf); + tcp = t_getpreparam(index - 1); + printf("Enter salt (from server): "); + fgets(hexbuf, sizeof(hexbuf), stdin); + s.data = buf3; + s.len = t_fromb64(s.data, hexbuf); + + tc = t_clientopen(username, &tcp->modulus, &tcp->generator, &s); + if (tc == 0) { + printf("invalid n, g\n"); + exit(1); + } + + A = t_clientgenexp(tc); + printf("A (to server): %s\n", t_tob64(hexbuf, A->data, A->len)); + + t_getpass(pass, 128, "Enter password:"); + t_clientpasswd(tc, pass); + + printf("Enter B (from server): "); + fgets(hexbuf, sizeof(hexbuf), stdin); + B.data = buf1; + B.len = t_fromb64(B.data, hexbuf); + + skey = t_clientgetkey(tc, &B); + printf("Session key: %s\n", t_tohex(hexbuf, skey, 40)); + printf("Response (to server): %s\n", + t_tohex(hexbuf, t_clientresponse(tc), RESPONSE_LEN)); + + printf("Enter server response: "); + fgets(hexbuf, sizeof(hexbuf), stdin); + hexbuf[strlen(hexbuf) - 1] = '\0'; + t_fromhex(cbuf, hexbuf); + + if (t_clientverify(tc, cbuf) == 0) + printf("Server authentication successful.\n"); + else + printf("Server authentication failed.\n"); + + t_clientclose(tc); + + return 0; +} diff --git a/package/network/services/ead/src/tinysrp/config.h.in b/package/network/services/ead/src/tinysrp/config.h.in new file mode 100644 index 0000000..a4b50c7 --- /dev/null +++ b/package/network/services/ead/src/tinysrp/config.h.in @@ -0,0 +1,79 @@ +/* config.h.in. Generated automatically from configure.in by autoheader. */ + +/* Define if type char is unsigned and you are not using gcc. */ +#ifndef __CHAR_UNSIGNED__ +#undef __CHAR_UNSIGNED__ +#endif + +/* Define to empty if the keyword does not work. */ +#undef const + +/* Define as __inline if that's what the C compiler calls it. */ +#undef inline + +/* Define as the return type of signal handlers (int or void). */ +#undef RETSIGTYPE + +/* Define if you have the ANSI C header files. */ +#undef STDC_HEADERS + +/* Define if you can safely include both <sys/time.h> and <time.h>. */ +#undef TIME_WITH_SYS_TIME + +/* Define if your processor stores words with the most significant + byte first (like Motorola and SPARC, unlike Intel and VAX). */ +#undef WORDS_BIGENDIAN + +#undef SHA1HANDSOFF + +#undef POSIX_TERMIOS + +#undef POSIX_SIGTYPE + +#undef volatile + +/* The number of bytes in a int. */ +#undef SIZEOF_INT + +/* The number of bytes in a long. */ +#undef SIZEOF_LONG + +/* The number of bytes in a long long. */ +#undef SIZEOF_LONG_LONG + +/* The number of bytes in a short. */ +#undef SIZEOF_SHORT + +/* Define if you have the memcpy function. */ +#undef HAVE_MEMCPY + +/* Define if you have the sigaction function. */ +#undef HAVE_SIGACTION + +/* Define if you have the strchr function. */ +#undef HAVE_STRCHR + +/* Define if you have the <sgtty.h> header file. */ +#undef HAVE_SGTTY_H + +/* Define if you have the <sys/ioctl.h> header file. */ +#undef HAVE_SYS_IOCTL_H + +/* Define if you have the <sys/time.h> header file. */ +#undef HAVE_SYS_TIME_H + +/* Define if you have the <termio.h> header file. */ +#undef HAVE_TERMIO_H + +/* Define if you have the <termios.h> header file. */ +#undef HAVE_TERMIOS_H + +/* Define if you have the <unistd.h> header file. */ +#undef HAVE_UNISTD_H + +/* Name of package */ +#undef PACKAGE + +/* Version number of package */ +#undef VERSION + diff --git a/package/network/services/ead/src/tinysrp/configure b/package/network/services/ead/src/tinysrp/configure new file mode 100755 index 0000000..6ee76bf --- /dev/null +++ b/package/network/services/ead/src/tinysrp/configure @@ -0,0 +1,2421 @@ +#! /bin/sh + +# Guess values for system-dependent variables and create Makefiles. +# Generated automatically using autoconf version 2.13 +# Copyright (C) 1992, 93, 94, 95, 96 Free Software Foundation, Inc. +# +# This configure script is free software; the Free Software Foundation +# gives unlimited permission to copy, distribute and modify it. + +# Defaults: +ac_help= +ac_default_prefix=/usr/local +# Any additions from configure.in: + +# Initialize some variables set by options. +# The variables have the same names as the options, with +# dashes changed to underlines. +build=NONE +cache_file=./config.cache +exec_prefix=NONE +host=NONE +no_create= +nonopt=NONE +no_recursion= +prefix=NONE +program_prefix=NONE +program_suffix=NONE +program_transform_name=s,x,x, +silent= +site= +srcdir= +target=NONE +verbose= +x_includes=NONE +x_libraries=NONE +bindir='${exec_prefix}/bin' +sbindir='${exec_prefix}/sbin' +libexecdir='${exec_prefix}/libexec' +datadir='${prefix}/share' +sysconfdir='${prefix}/etc' +sharedstatedir='${prefix}/com' +localstatedir='${prefix}/var' +libdir='${exec_prefix}/lib' +includedir='${prefix}/include' +oldincludedir='/usr/include' +infodir='${prefix}/info' +mandir='${prefix}/man' + +# Initialize some other variables. +subdirs= +MFLAGS= MAKEFLAGS= +SHELL=${CONFIG_SHELL-/bin/sh} +# Maximum number of lines to put in a shell here document. +ac_max_here_lines=12 + +ac_prev= +for ac_option +do + + # If the previous option needs an argument, assign it. + if test -n "$ac_prev"; then + eval "$ac_prev=\$ac_option" + ac_prev= + continue + fi + + case "$ac_option" in + -*=*) ac_optarg=`echo "$ac_option" | sed 's/[-_a-zA-Z0-9]*=//'` ;; + *) ac_optarg= ;; + esac + + # Accept the important Cygnus configure options, so we can diagnose typos. + + case "$ac_option" in + + -bindir | --bindir | --bindi | --bind | --bin | --bi) + ac_prev=bindir ;; + -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) + bindir="$ac_optarg" ;; + + -build | --build | --buil | --bui | --bu) + ac_prev=build ;; + -build=* | --build=* | --buil=* | --bui=* | --bu=*) + build="$ac_optarg" ;; + + -cache-file | --cache-file | --cache-fil | --cache-fi \ + | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) + ac_prev=cache_file ;; + -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ + | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) + cache_file="$ac_optarg" ;; + + -datadir | --datadir | --datadi | --datad | --data | --dat | --da) + ac_prev=datadir ;; + -datadir=* | --datadir=* | --datadi=* | --datad=* | --data=* | --dat=* \ + | --da=*) + datadir="$ac_optarg" ;; + + -disable-* | --disable-*) + ac_feature=`echo $ac_option|sed -e 's/-*disable-//'` + # Reject names that are not valid shell variable names. + if test -n "`echo $ac_feature| sed 's/[-a-zA-Z0-9_]//g'`"; then + { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; } + fi + ac_feature=`echo $ac_feature| sed 's/-/_/g'` + eval "enable_${ac_feature}=no" ;; + + -enable-* | --enable-*) + ac_feature=`echo $ac_option|sed -e 's/-*enable-//' -e 's/=.*//'` + # Reject names that are not valid shell variable names. + if test -n "`echo $ac_feature| sed 's/[-_a-zA-Z0-9]//g'`"; then + { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; } + fi + ac_feature=`echo $ac_feature| sed 's/-/_/g'` + case "$ac_option" in + *=*) ;; + *) ac_optarg=yes ;; + esac + eval "enable_${ac_feature}='$ac_optarg'" ;; + + -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ + | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ + | --exec | --exe | --ex) + ac_prev=exec_prefix ;; + -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ + | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ + | --exec=* | --exe=* | --ex=*) + exec_prefix="$ac_optarg" ;; + + -gas | --gas | --ga | --g) + # Obsolete; use --with-gas. + with_gas=yes ;; + + -help | --help | --hel | --he) + # Omit some internal or obsolete options to make the list less imposing. + # This message is too long to be a string in the A/UX 3.1 sh. + cat << EOF +Usage: configure [options] [host] +Options: [defaults in brackets after descriptions] +Configuration: + --cache-file=FILE cache test results in FILE + --help print this message + --no-create do not create output files + --quiet, --silent do not print \`checking...' messages + --version print the version of autoconf that created configure +Directory and file names: + --prefix=PREFIX install architecture-independent files in PREFIX + [$ac_default_prefix] + --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX + [same as prefix] + --bindir=DIR user executables in DIR [EPREFIX/bin] + --sbindir=DIR system admin executables in DIR [EPREFIX/sbin] + --libexecdir=DIR program executables in DIR [EPREFIX/libexec] + --datadir=DIR read-only architecture-independent data in DIR + [PREFIX/share] + --sysconfdir=DIR read-only single-machine data in DIR [PREFIX/etc] + --sharedstatedir=DIR modifiable architecture-independent data in DIR + [PREFIX/com] + --localstatedir=DIR modifiable single-machine data in DIR [PREFIX/var] + --libdir=DIR object code libraries in DIR [EPREFIX/lib] + --includedir=DIR C header files in DIR [PREFIX/include] + --oldincludedir=DIR C header files for non-gcc in DIR [/usr/include] + --infodir=DIR info documentation in DIR [PREFIX/info] + --mandir=DIR man documentation in DIR [PREFIX/man] + --srcdir=DIR find the sources in DIR [configure dir or ..] + --program-prefix=PREFIX prepend PREFIX to installed program names + --program-suffix=SUFFIX append SUFFIX to installed program names + --program-transform-name=PROGRAM + run sed PROGRAM on installed program names +EOF + cat << EOF +Host type: + --build=BUILD configure for building on BUILD [BUILD=HOST] + --host=HOST configure for HOST [guessed] + --target=TARGET configure for TARGET [TARGET=HOST] +Features and packages: + --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) + --enable-FEATURE[=ARG] include FEATURE [ARG=yes] + --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] + --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) + --x-includes=DIR X include files are in DIR + --x-libraries=DIR X library files are in DIR +EOF + if test -n "$ac_help"; then + echo "--enable and --with options recognized:$ac_help" + fi + exit 0 ;; + + -host | --host | --hos | --ho) + ac_prev=host ;; + -host=* | --host=* | --hos=* | --ho=*) + host="$ac_optarg" ;; + + -includedir | --includedir | --includedi | --included | --include \ + | --includ | --inclu | --incl | --inc) + ac_prev=includedir ;; + -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ + | --includ=* | --inclu=* | --incl=* | --inc=*) + includedir="$ac_optarg" ;; + + -infodir | --infodir | --infodi | --infod | --info | --inf) + ac_prev=infodir ;; + -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) + infodir="$ac_optarg" ;; + + -libdir | --libdir | --libdi | --libd) + ac_prev=libdir ;; + -libdir=* | --libdir=* | --libdi=* | --libd=*) + libdir="$ac_optarg" ;; + + -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ + | --libexe | --libex | --libe) + ac_prev=libexecdir ;; + -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ + | --libexe=* | --libex=* | --libe=*) + libexecdir="$ac_optarg" ;; + + -localstatedir | --localstatedir | --localstatedi | --localstated \ + | --localstate | --localstat | --localsta | --localst \ + | --locals | --local | --loca | --loc | --lo) + ac_prev=localstatedir ;; + -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ + | --localstate=* | --localstat=* | --localsta=* | --localst=* \ + | --locals=* | --local=* | --loca=* | --loc=* | --lo=*) + localstatedir="$ac_optarg" ;; + + -mandir | --mandir | --mandi | --mand | --man | --ma | --m) + ac_prev=mandir ;; + -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) + mandir="$ac_optarg" ;; + + -nfp | --nfp | --nf) + # Obsolete; use --without-fp. + with_fp=no ;; + + -no-create | --no-create | --no-creat | --no-crea | --no-cre \ + | --no-cr | --no-c) + no_create=yes ;; + + -no-recursion | --no-recursion | --no-recursio | --no-recursi \ + | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) + no_recursion=yes ;; + + -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ + | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ + | --oldin | --oldi | --old | --ol | --o) + ac_prev=oldincludedir ;; + -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ + | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ + | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) + oldincludedir="$ac_optarg" ;; + + -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) + ac_prev=prefix ;; + -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) + prefix="$ac_optarg" ;; + + -program-prefix | --program-prefix | --program-prefi | --program-pref \ + | --program-pre | --program-pr | --program-p) + ac_prev=program_prefix ;; + -program-prefix=* | --program-prefix=* | --program-prefi=* \ + | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) + program_prefix="$ac_optarg" ;; + + -program-suffix | --program-suffix | --program-suffi | --program-suff \ + | --program-suf | --program-su | --program-s) + ac_prev=program_suffix ;; + -program-suffix=* | --program-suffix=* | --program-suffi=* \ + | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) + program_suffix="$ac_optarg" ;; + + -program-transform-name | --program-transform-name \ + | --program-transform-nam | --program-transform-na \ + | --program-transform-n | --program-transform- \ + | --program-transform | --program-transfor \ + | --program-transfo | --program-transf \ + | --program-trans | --program-tran \ + | --progr-tra | --program-tr | --program-t) + ac_prev=program_transform_name ;; + -program-transform-name=* | --program-transform-name=* \ + | --program-transform-nam=* | --program-transform-na=* \ + | --program-transform-n=* | --program-transform-=* \ + | --program-transform=* | --program-transfor=* \ + | --program-transfo=* | --program-transf=* \ + | --program-trans=* | --program-tran=* \ + | --progr-tra=* | --program-tr=* | --program-t=*) + program_transform_name="$ac_optarg" ;; + + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + silent=yes ;; + + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) + ac_prev=sbindir ;; + -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ + | --sbi=* | --sb=*) + sbindir="$ac_optarg" ;; + + -sharedstatedir | --sharedstatedir | --sharedstatedi \ + | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ + | --sharedst | --shareds | --shared | --share | --shar \ + | --sha | --sh) + ac_prev=sharedstatedir ;; + -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ + | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ + | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ + | --sha=* | --sh=*) + sharedstatedir="$ac_optarg" ;; + + -site | --site | --sit) + ac_prev=site ;; + -site=* | --site=* | --sit=*) + site="$ac_optarg" ;; + + -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) + ac_prev=srcdir ;; + -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) + srcdir="$ac_optarg" ;; + + -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ + | --syscon | --sysco | --sysc | --sys | --sy) + ac_prev=sysconfdir ;; + -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ + | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) + sysconfdir="$ac_optarg" ;; + + -target | --target | --targe | --targ | --tar | --ta | --t) + ac_prev=target ;; + -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) + target="$ac_optarg" ;; + + -v | -verbose | --verbose | --verbos | --verbo | --verb) + verbose=yes ;; + + -version | --version | --versio | --versi | --vers) + echo "configure generated by autoconf version 2.13" + exit 0 ;; + + -with-* | --with-*) + ac_package=`echo $ac_option|sed -e 's/-*with-//' -e 's/=.*//'` + # Reject names that are not valid shell variable names. + if test -n "`echo $ac_package| sed 's/[-_a-zA-Z0-9]//g'`"; then + { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; } + fi + ac_package=`echo $ac_package| sed 's/-/_/g'` + case "$ac_option" in + *=*) ;; + *) ac_optarg=yes ;; + esac + eval "with_${ac_package}='$ac_optarg'" ;; + + -without-* | --without-*) + ac_package=`echo $ac_option|sed -e 's/-*without-//'` + # Reject names that are not valid shell variable names. + if test -n "`echo $ac_package| sed 's/[-a-zA-Z0-9_]//g'`"; then + { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; } + fi + ac_package=`echo $ac_package| sed 's/-/_/g'` + eval "with_${ac_package}=no" ;; + + --x) + # Obsolete; use --with-x. + with_x=yes ;; + + -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ + | --x-incl | --x-inc | --x-in | --x-i) + ac_prev=x_includes ;; + -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ + | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) + x_includes="$ac_optarg" ;; + + -x-libraries | --x-libraries | --x-librarie | --x-librari \ + | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) + ac_prev=x_libraries ;; + -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ + | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) + x_libraries="$ac_optarg" ;; + + -*) { echo "configure: error: $ac_option: invalid option; use --help to show usage" 1>&2; exit 1; } + ;; + + *) + if test -n "`echo $ac_option| sed 's/[-a-z0-9.]//g'`"; then + echo "configure: warning: $ac_option: invalid host type" 1>&2 + fi + if test "x$nonopt" != xNONE; then + { echo "configure: error: can only configure for one host and one target at a time" 1>&2; exit 1; } + fi + nonopt="$ac_option" + ;; + + esac +done + +if test -n "$ac_prev"; then + { echo "configure: error: missing argument to --`echo $ac_prev | sed 's/_/-/g'`" 1>&2; exit 1; } +fi + +trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15 + +# File descriptor usage: +# 0 standard input +# 1 file creation +# 2 errors and warnings +# 3 some systems may open it to /dev/tty +# 4 used on the Kubota Titan +# 6 checking for... messages and results +# 5 compiler messages saved in config.log +if test "$silent" = yes; then + exec 6>/dev/null +else + exec 6>&1 +fi +exec 5>./config.log + +echo "\ +This file contains any messages produced by compilers while +running configure, to aid debugging if configure makes a mistake. +" 1>&5 + +# Strip out --no-create and --no-recursion so they do not pile up. +# Also quote any args containing shell metacharacters. +ac_configure_args= +for ac_arg +do + case "$ac_arg" in + -no-create | --no-create | --no-creat | --no-crea | --no-cre \ + | --no-cr | --no-c) ;; + -no-recursion | --no-recursion | --no-recursio | --no-recursi \ + | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) ;; + *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?]*) + ac_configure_args="$ac_configure_args '$ac_arg'" ;; + *) ac_configure_args="$ac_configure_args $ac_arg" ;; + esac +done + +# NLS nuisances. +# Only set these to C if already set. These must not be set unconditionally +# because not all systems understand e.g. LANG=C (notably SCO). +# Fixing LC_MESSAGES prevents Solaris sh from translating var values in `set'! +# Non-C LC_CTYPE values break the ctype check. +if test "${LANG+set}" = set; then LANG=C; export LANG; fi +if test "${LC_ALL+set}" = set; then LC_ALL=C; export LC_ALL; fi +if test "${LC_MESSAGES+set}" = set; then LC_MESSAGES=C; export LC_MESSAGES; fi +if test "${LC_CTYPE+set}" = set; then LC_CTYPE=C; export LC_CTYPE; fi + +# confdefs.h avoids OS command line length limits that DEFS can exceed. +rm -rf conftest* confdefs.h +# AIX cpp loses on an empty file, so make sure it contains at least a newline. +echo > confdefs.h + +# A filename unique to this package, relative to the directory that +# configure is in, which we can look for to find out if srcdir is correct. +ac_unique_file=t_pwd.h + +# Find the source files, if location was not specified. +if test -z "$srcdir"; then + ac_srcdir_defaulted=yes + # Try the directory containing this script, then its parent. + ac_prog=$0 + ac_confdir=`echo $ac_prog|sed 's%/[^/][^/]*$%%'` + test "x$ac_confdir" = "x$ac_prog" && ac_confdir=. + srcdir=$ac_confdir + if test ! -r $srcdir/$ac_unique_file; then + srcdir=.. + fi +else + ac_srcdir_defaulted=no +fi +if test ! -r $srcdir/$ac_unique_file; then + if test "$ac_srcdir_defaulted" = yes; then + { echo "configure: error: can not find sources in $ac_confdir or .." 1>&2; exit 1; } + else + { echo "configure: error: can not find sources in $srcdir" 1>&2; exit 1; } + fi +fi +srcdir=`echo "${srcdir}" | sed 's%\([^/]\)/*$%\1%'` + +# Prefer explicitly selected file to automatically selected ones. +if test -z "$CONFIG_SITE"; then + if test "x$prefix" != xNONE; then + CONFIG_SITE="$prefix/share/config.site $prefix/etc/config.site" + else + CONFIG_SITE="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site" + fi +fi +for ac_site_file in $CONFIG_SITE; do + if test -r "$ac_site_file"; then + echo "loading site script $ac_site_file" + . "$ac_site_file" + fi +done + +if test -r "$cache_file"; then + echo "loading cache $cache_file" + . $cache_file +else + echo "creating cache $cache_file" + > $cache_file +fi + +ac_ext=c +# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. +ac_cpp='$CPP $CPPFLAGS' +ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' +ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' +cross_compiling=$ac_cv_prog_cc_cross + +ac_exeext= +ac_objext=o +if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then + # Stardent Vistra SVR4 grep lacks -e, says ghazi@caip.rutgers.edu. + if (echo -n testing; echo 1,2,3) | sed s/-n/xn/ | grep xn >/dev/null; then + ac_n= ac_c=' +' ac_t=' ' + else + ac_n=-n ac_c= ac_t= + fi +else + ac_n= ac_c='\c' ac_t= +fi + + + + + +ac_aux_dir= +for ac_dir in $srcdir $srcdir/.. $srcdir/../..; do + if test -f $ac_dir/install-sh; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install-sh -c" + break + elif test -f $ac_dir/install.sh; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install.sh -c" + break + fi +done +if test -z "$ac_aux_dir"; then + { echo "configure: error: can not find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." 1>&2; exit 1; } +fi +ac_config_guess=$ac_aux_dir/config.guess +ac_config_sub=$ac_aux_dir/config.sub +ac_configure=$ac_aux_dir/configure # This should be Cygnus configure. + +# Find a good install program. We prefer a C program (faster), +# so one script is as good as another. But avoid the broken or +# incompatible versions: +# SysV /etc/install, /usr/sbin/install +# SunOS /usr/etc/install +# IRIX /sbin/install +# AIX /bin/install +# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag +# AFS /usr/afsws/bin/install, which mishandles nonexistent args +# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" +# ./install, which can be erroneously created by make from ./install.sh. +echo $ac_n "checking for a BSD compatible install""... $ac_c" 1>&6 +echo "configure:559: checking for a BSD compatible install" >&5 +if test -z "$INSTALL"; then +if eval "test \"`echo '$''{'ac_cv_path_install'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + IFS="${IFS= }"; ac_save_IFS="$IFS"; IFS=":" + for ac_dir in $PATH; do + # Account for people who put trailing slashes in PATH elements. + case "$ac_dir/" in + /|./|.//|/etc/*|/usr/sbin/*|/usr/etc/*|/sbin/*|/usr/afsws/bin/*|/usr/ucb/*) ;; + *) + # OSF1 and SCO ODT 3.0 have their own names for install. + # Don't use installbsd from OSF since it installs stuff as root + # by default. + for ac_prog in ginstall scoinst install; do + if test -f $ac_dir/$ac_prog; then + if test $ac_prog = install && + grep dspmsg $ac_dir/$ac_prog >/dev/null 2>&1; then + # AIX install. It has an incompatible calling convention. + : + else + ac_cv_path_install="$ac_dir/$ac_prog -c" + break 2 + fi + fi + done + ;; + esac + done + IFS="$ac_save_IFS" + +fi + if test "${ac_cv_path_install+set}" = set; then + INSTALL="$ac_cv_path_install" + else + # As a last resort, use the slow shell script. We don't cache a + # path for INSTALL within a source directory, because that will + # break other packages using the cache if that directory is + # removed, or if the path is relative. + INSTALL="$ac_install_sh" + fi +fi +echo "$ac_t""$INSTALL" 1>&6 + +# Use test -z because SunOS4 sh mishandles braces in ${var-val}. +# It thinks the first close brace ends the variable substitution. +test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' + +test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL_PROGRAM}' + +test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' + +echo $ac_n "checking whether build environment is sane""... $ac_c" 1>&6 +echo "configure:612: checking whether build environment is sane" >&5 +# Just in case +sleep 1 +echo timestamp > conftestfile +# Do `set' in a subshell so we don't clobber the current shell's +# arguments. Must try -L first in case configure is actually a +# symlink; some systems play weird games with the mod time of symlinks +# (eg FreeBSD returns the mod time of the symlink's containing +# directory). +if ( + set X `ls -Lt $srcdir/configure conftestfile 2> /dev/null` + if test "$*" = "X"; then + # -L didn't work. + set X `ls -t $srcdir/configure conftestfile` + fi + if test "$*" != "X $srcdir/configure conftestfile" \ + && test "$*" != "X conftestfile $srcdir/configure"; then + + # If neither matched, then we have a broken ls. This can happen + # if, for instance, CONFIG_SHELL is bash and it inherits a + # broken ls alias from the environment. This has actually + # happened. Such a system could not be considered "sane". + { echo "configure: error: ls -t appears to fail. Make sure there is not a broken +alias in your environment" 1>&2; exit 1; } + fi + + test "$2" = conftestfile + ) +then + # Ok. + : +else + { echo "configure: error: newly created file is older than distributed files! +Check your system clock" 1>&2; exit 1; } +fi +rm -f conftest* +echo "$ac_t""yes" 1>&6 +if test "$program_transform_name" = s,x,x,; then + program_transform_name= +else + # Double any \ or $. echo might interpret backslashes. + cat <<\EOF_SED > conftestsed +s,\\,\\\\,g; s,\$,$$,g +EOF_SED + program_transform_name="`echo $program_transform_name|sed -f conftestsed`" + rm -f conftestsed +fi +test "$program_prefix" != NONE && + program_transform_name="s,^,${program_prefix},; $program_transform_name" +# Use a double $ so make ignores it. +test "$program_suffix" != NONE && + program_transform_name="s,\$\$,${program_suffix},; $program_transform_name" + +# sed with no file args requires a program. +test "$program_transform_name" = "" && program_transform_name="s,x,x," + +echo $ac_n "checking whether ${MAKE-make} sets \${MAKE}""... $ac_c" 1>&6 +echo "configure:669: checking whether ${MAKE-make} sets \${MAKE}" >&5 +set dummy ${MAKE-make}; ac_make=`echo "$2" | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_prog_make_${ac_make}_set'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftestmake <<\EOF +all: + @echo 'ac_maketemp="${MAKE}"' +EOF +# GNU make sometimes prints "make[1]: Entering...", which would confuse us. +eval `${MAKE-make} -f conftestmake 2>/dev/null | grep temp=` +if test -n "$ac_maketemp"; then + eval ac_cv_prog_make_${ac_make}_set=yes +else + eval ac_cv_prog_make_${ac_make}_set=no +fi +rm -f conftestmake +fi +if eval "test \"`echo '$ac_cv_prog_make_'${ac_make}_set`\" = yes"; then + echo "$ac_t""yes" 1>&6 + SET_MAKE= +else + echo "$ac_t""no" 1>&6 + SET_MAKE="MAKE=${MAKE-make}" +fi + + + +PACKAGE=libtinysrp + +VERSION=0.7.5 + +if test "`cd $srcdir && pwd`" != "`pwd`" && test -f $srcdir/config.status; then + { echo "configure: error: source directory already configured; run "make distclean" there first" 1>&2; exit 1; } +fi +cat >> confdefs.h <<EOF +#define PACKAGE "$PACKAGE" +EOF + +cat >> confdefs.h <<EOF +#define VERSION "$VERSION" +EOF + + + +missing_dir=`cd $ac_aux_dir && pwd` +echo $ac_n "checking for working aclocal""... $ac_c" 1>&6 +echo "configure:716: checking for working aclocal" >&5 +# Run test in a subshell; some versions of sh will print an error if +# an executable is not found, even if stderr is redirected. +# Redirect stdin to placate older versions of autoconf. Sigh. +if (aclocal --version) < /dev/null > /dev/null 2>&1; then + ACLOCAL=aclocal + echo "$ac_t""found" 1>&6 +else + ACLOCAL="$missing_dir/missing aclocal" + echo "$ac_t""missing" 1>&6 +fi + +echo $ac_n "checking for working autoconf""... $ac_c" 1>&6 +echo "configure:729: checking for working autoconf" >&5 +# Run test in a subshell; some versions of sh will print an error if +# an executable is not found, even if stderr is redirected. +# Redirect stdin to placate older versions of autoconf. Sigh. +if (autoconf --version) < /dev/null > /dev/null 2>&1; then + AUTOCONF=autoconf + echo "$ac_t""found" 1>&6 +else + AUTOCONF="$missing_dir/missing autoconf" + echo "$ac_t""missing" 1>&6 +fi + +echo $ac_n "checking for working automake""... $ac_c" 1>&6 +echo "configure:742: checking for working automake" >&5 +# Run test in a subshell; some versions of sh will print an error if +# an executable is not found, even if stderr is redirected. +# Redirect stdin to placate older versions of autoconf. Sigh. +if (automake --version) < /dev/null > /dev/null 2>&1; then + AUTOMAKE=automake + echo "$ac_t""found" 1>&6 +else + AUTOMAKE="$missing_dir/missing automake" + echo "$ac_t""missing" 1>&6 +fi + +echo $ac_n "checking for working autoheader""... $ac_c" 1>&6 +echo "configure:755: checking for working autoheader" >&5 +# Run test in a subshell; some versions of sh will print an error if +# an executable is not found, even if stderr is redirected. +# Redirect stdin to placate older versions of autoconf. Sigh. +if (autoheader --version) < /dev/null > /dev/null 2>&1; then + AUTOHEADER=autoheader + echo "$ac_t""found" 1>&6 +else + AUTOHEADER="$missing_dir/missing autoheader" + echo "$ac_t""missing" 1>&6 +fi + +echo $ac_n "checking for working makeinfo""... $ac_c" 1>&6 +echo "configure:768: checking for working makeinfo" >&5 +# Run test in a subshell; some versions of sh will print an error if +# an executable is not found, even if stderr is redirected. +# Redirect stdin to placate older versions of autoconf. Sigh. +if (makeinfo --version) < /dev/null > /dev/null 2>&1; then + MAKEINFO=makeinfo + echo "$ac_t""found" 1>&6 +else + MAKEINFO="$missing_dir/missing makeinfo" + echo "$ac_t""missing" 1>&6 +fi + + + +test "$CFLAGS" = "" && CFLAGS="-O2" + + +# Extract the first word of "gcc", so it can be a program name with args. +set dummy gcc; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:788: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_prog_CC="gcc" + break + fi + done + IFS="$ac_save_ifs" +fi +fi +CC="$ac_cv_prog_CC" +if test -n "$CC"; then + echo "$ac_t""$CC" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + +if test -z "$CC"; then + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:818: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_prog_rejected=no + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + if test "$ac_dir/$ac_word" = "/usr/ucb/cc"; then + ac_prog_rejected=yes + continue + fi + ac_cv_prog_CC="cc" + break + fi + done + IFS="$ac_save_ifs" +if test $ac_prog_rejected = yes; then + # We found a bogon in the path, so make sure we never use it. + set dummy $ac_cv_prog_CC + shift + if test $# -gt 0; then + # We chose a different compiler from the bogus one. + # However, it has the same basename, so the bogon will be chosen + # first if we set CC to just the basename; use the full file name. + shift + set dummy "$ac_dir/$ac_word" "$@" + shift + ac_cv_prog_CC="$@" + fi +fi +fi +fi +CC="$ac_cv_prog_CC" +if test -n "$CC"; then + echo "$ac_t""$CC" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + + if test -z "$CC"; then + case "`uname -s`" in + *win32* | *WIN32*) + # Extract the first word of "cl", so it can be a program name with args. +set dummy cl; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:869: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_prog_CC="cl" + break + fi + done + IFS="$ac_save_ifs" +fi +fi +CC="$ac_cv_prog_CC" +if test -n "$CC"; then + echo "$ac_t""$CC" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + ;; + esac + fi + test -z "$CC" && { echo "configure: error: no acceptable cc found in \$PATH" 1>&2; exit 1; } +fi + +echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6 +echo "configure:901: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 + +ac_ext=c +# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. +ac_cpp='$CPP $CPPFLAGS' +ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' +ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' +cross_compiling=$ac_cv_prog_cc_cross + +cat > conftest.$ac_ext << EOF + +#line 912 "configure" +#include "confdefs.h" + +main(){return(0);} +EOF +if { (eval echo configure:917: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + ac_cv_prog_cc_works=yes + # If we can't run a trivial program, we are probably using a cross compiler. + if (./conftest; exit) 2>/dev/null; then + ac_cv_prog_cc_cross=no + else + ac_cv_prog_cc_cross=yes + fi +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + ac_cv_prog_cc_works=no +fi +rm -fr conftest* +ac_ext=c +# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. +ac_cpp='$CPP $CPPFLAGS' +ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' +ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' +cross_compiling=$ac_cv_prog_cc_cross + +echo "$ac_t""$ac_cv_prog_cc_works" 1>&6 +if test $ac_cv_prog_cc_works = no; then + { echo "configure: error: installation or configuration problem: C compiler cannot create executables." 1>&2; exit 1; } +fi +echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6 +echo "configure:943: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 +echo "$ac_t""$ac_cv_prog_cc_cross" 1>&6 +cross_compiling=$ac_cv_prog_cc_cross + +echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6 +echo "configure:948: checking whether we are using GNU C" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.c <<EOF +#ifdef __GNUC__ + yes; +#endif +EOF +if { ac_try='${CC-cc} -E conftest.c'; { (eval echo configure:957: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then + ac_cv_prog_gcc=yes +else + ac_cv_prog_gcc=no +fi +fi + +echo "$ac_t""$ac_cv_prog_gcc" 1>&6 + +if test $ac_cv_prog_gcc = yes; then + GCC=yes +else + GCC= +fi + +ac_test_CFLAGS="${CFLAGS+set}" +ac_save_CFLAGS="$CFLAGS" +CFLAGS= +echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6 +echo "configure:976: checking whether ${CC-cc} accepts -g" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_cc_g'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + echo 'void f(){}' > conftest.c +if test -z "`${CC-cc} -g -c conftest.c 2>&1`"; then + ac_cv_prog_cc_g=yes +else + ac_cv_prog_cc_g=no +fi +rm -f conftest* + +fi + +echo "$ac_t""$ac_cv_prog_cc_g" 1>&6 +if test "$ac_test_CFLAGS" = set; then + CFLAGS="$ac_save_CFLAGS" +elif test $ac_cv_prog_cc_g = yes; then + if test "$GCC" = yes; then + CFLAGS="-g -O2" + else + CFLAGS="-g" + fi +else + if test "$GCC" = yes; then + CFLAGS="-O2" + else + CFLAGS= + fi +fi + +# Find a good install program. We prefer a C program (faster), +# so one script is as good as another. But avoid the broken or +# incompatible versions: +# SysV /etc/install, /usr/sbin/install +# SunOS /usr/etc/install +# IRIX /sbin/install +# AIX /bin/install +# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag +# AFS /usr/afsws/bin/install, which mishandles nonexistent args +# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" +# ./install, which can be erroneously created by make from ./install.sh. +echo $ac_n "checking for a BSD compatible install""... $ac_c" 1>&6 +echo "configure:1019: checking for a BSD compatible install" >&5 +if test -z "$INSTALL"; then +if eval "test \"`echo '$''{'ac_cv_path_install'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + IFS="${IFS= }"; ac_save_IFS="$IFS"; IFS=":" + for ac_dir in $PATH; do + # Account for people who put trailing slashes in PATH elements. + case "$ac_dir/" in + /|./|.//|/etc/*|/usr/sbin/*|/usr/etc/*|/sbin/*|/usr/afsws/bin/*|/usr/ucb/*) ;; + *) + # OSF1 and SCO ODT 3.0 have their own names for install. + # Don't use installbsd from OSF since it installs stuff as root + # by default. + for ac_prog in ginstall scoinst install; do + if test -f $ac_dir/$ac_prog; then + if test $ac_prog = install && + grep dspmsg $ac_dir/$ac_prog >/dev/null 2>&1; then + # AIX install. It has an incompatible calling convention. + : + else + ac_cv_path_install="$ac_dir/$ac_prog -c" + break 2 + fi + fi + done + ;; + esac + done + IFS="$ac_save_IFS" + +fi + if test "${ac_cv_path_install+set}" = set; then + INSTALL="$ac_cv_path_install" + else + # As a last resort, use the slow shell script. We don't cache a + # path for INSTALL within a source directory, because that will + # break other packages using the cache if that directory is + # removed, or if the path is relative. + INSTALL="$ac_install_sh" + fi +fi +echo "$ac_t""$INSTALL" 1>&6 + +# Use test -z because SunOS4 sh mishandles braces in ${var-val}. +# It thinks the first close brace ends the variable substitution. +test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' + +test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL_PROGRAM}' + +test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' + +echo $ac_n "checking whether ln -s works""... $ac_c" 1>&6 +echo "configure:1072: checking whether ln -s works" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_LN_S'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + rm -f conftestdata +if ln -s X conftestdata 2>/dev/null +then + rm -f conftestdata + ac_cv_prog_LN_S="ln -s" +else + ac_cv_prog_LN_S=ln +fi +fi +LN_S="$ac_cv_prog_LN_S" +if test "$ac_cv_prog_LN_S" = "ln -s"; then + echo "$ac_t""yes" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + +# Extract the first word of "ranlib", so it can be a program name with args. +set dummy ranlib; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:1095: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_RANLIB'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test -n "$RANLIB"; then + ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. +else + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_prog_RANLIB="ranlib" + break + fi + done + IFS="$ac_save_ifs" + test -z "$ac_cv_prog_RANLIB" && ac_cv_prog_RANLIB=":" +fi +fi +RANLIB="$ac_cv_prog_RANLIB" +if test -n "$RANLIB"; then + echo "$ac_t""$RANLIB" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + +if test "$program_transform_name" = s,x,x,; then + program_transform_name= +else + # Double any \ or $. echo might interpret backslashes. + cat <<\EOF_SED > conftestsed +s,\\,\\\\,g; s,\$,$$,g +EOF_SED + program_transform_name="`echo $program_transform_name|sed -f conftestsed`" + rm -f conftestsed +fi +test "$program_prefix" != NONE && + program_transform_name="s,^,${program_prefix},; $program_transform_name" +# Use a double $ so make ignores it. +test "$program_suffix" != NONE && + program_transform_name="s,\$\$,${program_suffix},; $program_transform_name" + +# sed with no file args requires a program. +test "$program_transform_name" = "" && program_transform_name="s,x,x," + + + +echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6 +echo "configure:1144: checking how to run the C preprocessor" >&5 +# On Suns, sometimes $CPP names a directory. +if test -n "$CPP" && test -d "$CPP"; then + CPP= +fi +if test -z "$CPP"; then +if eval "test \"`echo '$''{'ac_cv_prog_CPP'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + # This must be in double quotes, not single quotes, because CPP may get + # substituted into the Makefile and "${CC-cc}" will confuse make. + CPP="${CC-cc} -E" + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. + cat > conftest.$ac_ext <<EOF +#line 1159 "configure" +#include "confdefs.h" +#include <assert.h> +Syntax Error +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:1165: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + : +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + CPP="${CC-cc} -E -traditional-cpp" + cat > conftest.$ac_ext <<EOF +#line 1176 "configure" +#include "confdefs.h" +#include <assert.h> +Syntax Error +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:1182: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + : +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + CPP="${CC-cc} -nologo -E" + cat > conftest.$ac_ext <<EOF +#line 1193 "configure" +#include "confdefs.h" +#include <assert.h> +Syntax Error +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:1199: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + : +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + CPP=/lib/cpp +fi +rm -f conftest* +fi +rm -f conftest* +fi +rm -f conftest* + ac_cv_prog_CPP="$CPP" +fi + CPP="$ac_cv_prog_CPP" +else + ac_cv_prog_CPP="$CPP" +fi +echo "$ac_t""$CPP" 1>&6 + +echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6 +echo "configure:1224: checking for ANSI C header files" >&5 +if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 1229 "configure" +#include "confdefs.h" +#include <stdlib.h> +#include <stdarg.h> +#include <string.h> +#include <float.h> +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:1237: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + rm -rf conftest* + ac_cv_header_stdc=yes +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_header_stdc=no +fi +rm -f conftest* + +if test $ac_cv_header_stdc = yes; then + # SunOS 4.x string.h does not declare mem*, contrary to ANSI. +cat > conftest.$ac_ext <<EOF +#line 1254 "configure" +#include "confdefs.h" +#include <string.h> +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "memchr" >/dev/null 2>&1; then + : +else + rm -rf conftest* + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. +cat > conftest.$ac_ext <<EOF +#line 1272 "configure" +#include "confdefs.h" +#include <stdlib.h> +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "free" >/dev/null 2>&1; then + : +else + rm -rf conftest* + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. +if test "$cross_compiling" = yes; then + : +else + cat > conftest.$ac_ext <<EOF +#line 1293 "configure" +#include "confdefs.h" +#include <ctype.h> +#define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +#define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) +#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) +int main () { int i; for (i = 0; i < 256; i++) +if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) exit(2); +exit (0); } + +EOF +if { (eval echo configure:1304: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + : +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + ac_cv_header_stdc=no +fi +rm -fr conftest* +fi + +fi +fi + +echo "$ac_t""$ac_cv_header_stdc" 1>&6 +if test $ac_cv_header_stdc = yes; then + cat >> confdefs.h <<\EOF +#define STDC_HEADERS 1 +EOF + +fi + +for ac_hdr in sgtty.h sys/ioctl.h sys/time.h termio.h termios.h unistd.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:1331: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 1336 "configure" +#include "confdefs.h" +#include <$ac_hdr> +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:1341: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <<EOF +#define $ac_tr_hdr 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi +done + + + +echo $ac_n "checking for working const""... $ac_c" 1>&6 +echo "configure:1370: checking for working const" >&5 +if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 1375 "configure" +#include "confdefs.h" + +int main() { + +/* Ultrix mips cc rejects this. */ +typedef int charset[2]; const charset x; +/* SunOS 4.1.1 cc rejects this. */ +char const *const *ccp; +char **p; +/* NEC SVR4.0.2 mips cc rejects this. */ +struct point {int x, y;}; +static struct point const zero = {0,0}; +/* AIX XL C 1.02.0.0 rejects this. + It does not let you subtract one const X* pointer from another in an arm + of an if-expression whose if-part is not a constant expression */ +const char *g = "string"; +ccp = &g + (g ? g-g : 0); +/* HPUX 7.0 cc rejects these. */ +++ccp; +p = (char**) ccp; +ccp = (char const *const *) p; +{ /* SCO 3.2v4 cc rejects this. */ + char *t; + char const *s = 0 ? (char *) 0 : (char const *) 0; + + *t++ = 0; +} +{ /* Someone thinks the Sun supposedly-ANSI compiler will reject this. */ + int x[] = {25, 17}; + const int *foo = &x[0]; + ++foo; +} +{ /* Sun SC1.0 ANSI compiler rejects this -- but not the above. */ + typedef const int *iptr; + iptr p = 0; + ++p; +} +{ /* AIX XL C 1.02.0.0 rejects this saying + "k.c", line 2.27: 1506-025 (S) Operand must be a modifiable lvalue. */ + struct s { int j; const int *ap[3]; }; + struct s *b; b->j = 5; +} +{ /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */ + const int foo = 10; +} + +; return 0; } +EOF +if { (eval echo configure:1424: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_c_const=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_c_const=no +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_c_const" 1>&6 +if test $ac_cv_c_const = no; then + cat >> confdefs.h <<\EOF +#define const +EOF + +fi + +echo $ac_n "checking for inline""... $ac_c" 1>&6 +echo "configure:1445: checking for inline" >&5 +if eval "test \"`echo '$''{'ac_cv_c_inline'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_cv_c_inline=no +for ac_kw in inline __inline__ __inline; do + cat > conftest.$ac_ext <<EOF +#line 1452 "configure" +#include "confdefs.h" + +int main() { +} $ac_kw foo() { +; return 0; } +EOF +if { (eval echo configure:1459: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_c_inline=$ac_kw; break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* +done + +fi + +echo "$ac_t""$ac_cv_c_inline" 1>&6 +case "$ac_cv_c_inline" in + inline | yes) ;; + no) cat >> confdefs.h <<\EOF +#define inline +EOF + ;; + *) cat >> confdefs.h <<EOF +#define inline $ac_cv_c_inline +EOF + ;; +esac + +echo $ac_n "checking whether time.h and sys/time.h may both be included""... $ac_c" 1>&6 +echo "configure:1485: checking whether time.h and sys/time.h may both be included" >&5 +if eval "test \"`echo '$''{'ac_cv_header_time'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 1490 "configure" +#include "confdefs.h" +#include <sys/types.h> +#include <sys/time.h> +#include <time.h> +int main() { +struct tm *tp; +; return 0; } +EOF +if { (eval echo configure:1499: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_header_time=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_header_time=no +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_header_time" 1>&6 +if test $ac_cv_header_time = yes; then + cat >> confdefs.h <<\EOF +#define TIME_WITH_SYS_TIME 1 +EOF + +fi + +echo $ac_n "checking whether byte ordering is bigendian""... $ac_c" 1>&6 +echo "configure:1520: checking whether byte ordering is bigendian" >&5 +if eval "test \"`echo '$''{'ac_cv_c_bigendian'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_cv_c_bigendian=unknown +# See if sys/param.h defines the BYTE_ORDER macro. +cat > conftest.$ac_ext <<EOF +#line 1527 "configure" +#include "confdefs.h" +#include <sys/types.h> +#include <sys/param.h> +int main() { + +#if !BYTE_ORDER || !BIG_ENDIAN || !LITTLE_ENDIAN + bogus endian macros +#endif +; return 0; } +EOF +if { (eval echo configure:1538: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + # It does; now see whether it defined to BIG_ENDIAN or not. +cat > conftest.$ac_ext <<EOF +#line 1542 "configure" +#include "confdefs.h" +#include <sys/types.h> +#include <sys/param.h> +int main() { + +#if BYTE_ORDER != BIG_ENDIAN + not big endian +#endif +; return 0; } +EOF +if { (eval echo configure:1553: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_c_bigendian=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_c_bigendian=no +fi +rm -f conftest* +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* +if test $ac_cv_c_bigendian = unknown; then +if test "$cross_compiling" = yes; then + { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } +else + cat > conftest.$ac_ext <<EOF +#line 1573 "configure" +#include "confdefs.h" +main () { + /* Are we little or big endian? From Harbison&Steele. */ + union + { + long l; + char c[sizeof (long)]; + } u; + u.l = 1; + exit (u.c[sizeof (long) - 1] == 1); +} +EOF +if { (eval echo configure:1586: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + ac_cv_c_bigendian=no +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + ac_cv_c_bigendian=yes +fi +rm -fr conftest* +fi + +fi +fi + +echo "$ac_t""$ac_cv_c_bigendian" 1>&6 +if test $ac_cv_c_bigendian = yes; then + cat >> confdefs.h <<\EOF +#define WORDS_BIGENDIAN 1 +EOF + +fi + +echo $ac_n "checking size of short""... $ac_c" 1>&6 +echo "configure:1610: checking size of short" >&5 +if eval "test \"`echo '$''{'ac_cv_sizeof_short'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test "$cross_compiling" = yes; then + { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } +else + cat > conftest.$ac_ext <<EOF +#line 1618 "configure" +#include "confdefs.h" +#include <stdio.h> +main() +{ + FILE *f=fopen("conftestval", "w"); + if (!f) exit(1); + fprintf(f, "%d\n", sizeof(short)); + exit(0); +} +EOF +if { (eval echo configure:1629: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + ac_cv_sizeof_short=`cat conftestval` +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + ac_cv_sizeof_short=0 +fi +rm -fr conftest* +fi + +fi +echo "$ac_t""$ac_cv_sizeof_short" 1>&6 +cat >> confdefs.h <<EOF +#define SIZEOF_SHORT $ac_cv_sizeof_short +EOF + + +echo $ac_n "checking size of int""... $ac_c" 1>&6 +echo "configure:1649: checking size of int" >&5 +if eval "test \"`echo '$''{'ac_cv_sizeof_int'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test "$cross_compiling" = yes; then + { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } +else + cat > conftest.$ac_ext <<EOF +#line 1657 "configure" +#include "confdefs.h" +#include <stdio.h> +main() +{ + FILE *f=fopen("conftestval", "w"); + if (!f) exit(1); + fprintf(f, "%d\n", sizeof(int)); + exit(0); +} +EOF +if { (eval echo configure:1668: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + ac_cv_sizeof_int=`cat conftestval` +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + ac_cv_sizeof_int=0 +fi +rm -fr conftest* +fi + +fi +echo "$ac_t""$ac_cv_sizeof_int" 1>&6 +cat >> confdefs.h <<EOF +#define SIZEOF_INT $ac_cv_sizeof_int +EOF + + +echo $ac_n "checking size of long""... $ac_c" 1>&6 +echo "configure:1688: checking size of long" >&5 +if eval "test \"`echo '$''{'ac_cv_sizeof_long'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test "$cross_compiling" = yes; then + { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } +else + cat > conftest.$ac_ext <<EOF +#line 1696 "configure" +#include "confdefs.h" +#include <stdio.h> +main() +{ + FILE *f=fopen("conftestval", "w"); + if (!f) exit(1); + fprintf(f, "%d\n", sizeof(long)); + exit(0); +} +EOF +if { (eval echo configure:1707: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + ac_cv_sizeof_long=`cat conftestval` +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + ac_cv_sizeof_long=0 +fi +rm -fr conftest* +fi + +fi +echo "$ac_t""$ac_cv_sizeof_long" 1>&6 +cat >> confdefs.h <<EOF +#define SIZEOF_LONG $ac_cv_sizeof_long +EOF + + +echo $ac_n "checking size of long long""... $ac_c" 1>&6 +echo "configure:1727: checking size of long long" >&5 +if eval "test \"`echo '$''{'ac_cv_sizeof_long_long'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test "$cross_compiling" = yes; then + { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } +else + cat > conftest.$ac_ext <<EOF +#line 1735 "configure" +#include "confdefs.h" +#include <stdio.h> +main() +{ + FILE *f=fopen("conftestval", "w"); + if (!f) exit(1); + fprintf(f, "%d\n", sizeof(long long)); + exit(0); +} +EOF +if { (eval echo configure:1746: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + ac_cv_sizeof_long_long=`cat conftestval` +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + ac_cv_sizeof_long_long=0 +fi +rm -fr conftest* +fi + +fi +echo "$ac_t""$ac_cv_sizeof_long_long" 1>&6 +cat >> confdefs.h <<EOF +#define SIZEOF_LONG_LONG $ac_cv_sizeof_long_long +EOF + + +cat > conftest.$ac_ext <<EOF +#line 1766 "configure" +#include "confdefs.h" + +int main() { +volatile int i; +; return 0; } +EOF +if { (eval echo configure:1773: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + : +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + cat >> confdefs.h <<\EOF +#define volatile +EOF + +fi +rm -f conftest* +echo $ac_n "checking whether char is unsigned""... $ac_c" 1>&6 +echo "configure:1786: checking whether char is unsigned" >&5 +if eval "test \"`echo '$''{'ac_cv_c_char_unsigned'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test "$GCC" = yes; then + # GCC predefines this symbol on systems where it applies. +cat > conftest.$ac_ext <<EOF +#line 1793 "configure" +#include "confdefs.h" +#ifdef __CHAR_UNSIGNED__ + yes +#endif + +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "yes" >/dev/null 2>&1; then + rm -rf conftest* + ac_cv_c_char_unsigned=yes +else + rm -rf conftest* + ac_cv_c_char_unsigned=no +fi +rm -f conftest* + +else +if test "$cross_compiling" = yes; then + { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } +else + cat > conftest.$ac_ext <<EOF +#line 1815 "configure" +#include "confdefs.h" +/* volatile prevents gcc2 from optimizing the test away on sparcs. */ +#if !defined(__STDC__) || __STDC__ != 1 +#define volatile +#endif +main() { + volatile char c = 255; exit(c < 0); +} +EOF +if { (eval echo configure:1825: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + ac_cv_c_char_unsigned=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + ac_cv_c_char_unsigned=no +fi +rm -fr conftest* +fi + +fi +fi + +echo "$ac_t""$ac_cv_c_char_unsigned" 1>&6 +if test $ac_cv_c_char_unsigned = yes && test "$GCC" != yes; then + cat >> confdefs.h <<\EOF +#define __CHAR_UNSIGNED__ 1 +EOF + +fi + + +if test "$ac_cv_c_char_unsigned" = "yes"; then + signed=-signed +fi + + +for ac_func in sigaction strchr memcpy +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:1857: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 1862 "configure" +#include "confdefs.h" +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $ac_func(); below. */ +#include <assert.h> +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:1885: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <<EOF +#define $ac_tr_func 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi +done + + +echo $ac_n "checking POSIX signal handlers""... $ac_c" 1>&6 +echo "configure:1911: checking POSIX signal handlers" >&5 +if eval "test \"`echo '$''{'ac_cv_has_posix_signals'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 1916 "configure" +#include "confdefs.h" +#include <sys/types.h> +#include <signal.h> +#ifdef signal +#undef signal +#endif +extern void (*signal ()) (); +int main() { + +; return 0; } +EOF +if { (eval echo configure:1928: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_has_posix_signals=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_has_posix_signals=no +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_has_posix_signals" 1>&6 +if test $ac_cv_has_posix_signals = yes; then + cat >> confdefs.h <<\EOF +#define RETSIGTYPE void +EOF + cat >> confdefs.h <<\EOF +#define POSIX_SIGTYPE 1 +EOF + +else + if test $ac_cv_type_signal = void; then + cat >> confdefs.h <<\EOF +#define RETSIGTYPE void +EOF + + else + cat >> confdefs.h <<\EOF +#define RETSIGTYPE int +EOF + + fi +fi +ac_safe=`echo "termios.h" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for termios.h""... $ac_c" 1>&6 +echo "configure:1964: checking for termios.h" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 1969 "configure" +#include "confdefs.h" +#include <termios.h> +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:1974: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + echo $ac_n "checking for cfsetispeed""... $ac_c" 1>&6 +echo "configure:1991: checking for cfsetispeed" >&5 +if eval "test \"`echo '$''{'ac_cv_func_cfsetispeed'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <<EOF +#line 1996 "configure" +#include "confdefs.h" +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char cfsetispeed(); below. */ +#include <assert.h> +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char cfsetispeed(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_cfsetispeed) || defined (__stub___cfsetispeed) +choke me +#else +cfsetispeed(); +#endif + +; return 0; } +EOF +if { (eval echo configure:2019: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_cfsetispeed=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_cfsetispeed=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'cfsetispeed`\" = yes"; then + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +#define POSIX_TERMIOS 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi + +else + echo "$ac_t""no" 1>&6 +fi + + + + +cat >> confdefs.h <<\EOF +#define SHA1HANDSOFF 1 +EOF + + +trap '' 1 2 15 +cat > confcache <<\EOF +# This file is a shell script that caches the results of configure +# tests run on this system so they can be shared between configure +# scripts and configure runs. It is not useful on other systems. +# If it contains results you don't want to keep, you may remove or edit it. +# +# By default, configure uses ./config.cache as the cache file, +# creating it if it does not exist already. You can give configure +# the --cache-file=FILE option to use a different cache file; that is +# what configure does when it calls configure scripts in +# subdirectories, so they share the cache. +# Giving --cache-file=/dev/null disables caching, for debugging configure. +# config.status only pays attention to the cache file if you give it the +# --recheck option to rerun configure. +# +EOF +# The following way of writing the cache mishandles newlines in values, +# but we know of no workaround that is simple, portable, and efficient. +# So, don't put newlines in cache variables' values. +# Ultrix sh set writes to stderr and can't be redirected directly, +# and sets the high bit in the cache file unless we assign to the vars. +(set) 2>&1 | + case `(ac_space=' '; set | grep ac_space) 2>&1` in + *ac_space=\ *) + # `set' does not quote correctly, so add quotes (double-quote substitution + # turns \\\\ into \\, and sed turns \\ into \). + sed -n \ + -e "s/'/'\\\\''/g" \ + -e "s/^\\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\\)=\\(.*\\)/\\1=\${\\1='\\2'}/p" + ;; + *) + # `set' quotes correctly as required by POSIX, so do not add quotes. + sed -n -e 's/^\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\)=\(.*\)/\1=${\1=\2}/p' + ;; + esac >> confcache +if cmp -s $cache_file confcache; then + : +else + if test -w $cache_file; then + echo "updating cache $cache_file" + cat confcache > $cache_file + else + echo "not updating unwritable cache $cache_file" + fi +fi +rm -f confcache + +trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15 + +test "x$prefix" = xNONE && prefix=$ac_default_prefix +# Let make expand exec_prefix. +test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' + +# Any assignment to VPATH causes Sun make to only execute +# the first set of double-colon rules, so remove it if not needed. +# If there is a colon in the path, we need to keep it. +if test "x$srcdir" = x.; then + ac_vpsub='/^[ ]*VPATH[ ]*=[^:]*$/d' +fi + +trap 'rm -f $CONFIG_STATUS conftest*; exit 1' 1 2 15 + +DEFS=-DHAVE_CONFIG_H + +# Without the "./", some shells look in PATH for config.status. +: ${CONFIG_STATUS=./config.status} + +echo creating $CONFIG_STATUS +rm -f $CONFIG_STATUS +cat > $CONFIG_STATUS <<EOF +#! /bin/sh +# Generated automatically by configure. +# Run this file to recreate the current configuration. +# This directory was configured as follows, +# on host `(hostname || uname -n) 2>/dev/null | sed 1q`: +# +# $0 $ac_configure_args +# +# Compiler output produced by configure, useful for debugging +# configure, is in ./config.log if it exists. + +ac_cs_usage="Usage: $CONFIG_STATUS [--recheck] [--version] [--help]" +for ac_option +do + case "\$ac_option" in + -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) + echo "running \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion" + exec \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion ;; + -version | --version | --versio | --versi | --vers | --ver | --ve | --v) + echo "$CONFIG_STATUS generated by autoconf version 2.13" + exit 0 ;; + -help | --help | --hel | --he | --h) + echo "\$ac_cs_usage"; exit 0 ;; + *) echo "\$ac_cs_usage"; exit 1 ;; + esac +done + +ac_given_srcdir=$srcdir +ac_given_INSTALL="$INSTALL" + +trap 'rm -fr `echo "Makefile config.h" | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15 +EOF +cat >> $CONFIG_STATUS <<EOF + +# Protect against being on the right side of a sed subst in config.status. +sed 's/%@/@@/; s/@%/@@/; s/%g\$/@g/; /@g\$/s/[\\\\&%]/\\\\&/g; + s/@@/%@/; s/@@/@%/; s/@g\$/%g/' > conftest.subs <<\\CEOF +$ac_vpsub +$extrasub +s%@SHELL@%$SHELL%g +s%@CFLAGS@%$CFLAGS%g +s%@CPPFLAGS@%$CPPFLAGS%g +s%@CXXFLAGS@%$CXXFLAGS%g +s%@FFLAGS@%$FFLAGS%g +s%@DEFS@%$DEFS%g +s%@LDFLAGS@%$LDFLAGS%g +s%@LIBS@%$LIBS%g +s%@exec_prefix@%$exec_prefix%g +s%@prefix@%$prefix%g +s%@program_transform_name@%$program_transform_name%g +s%@bindir@%$bindir%g +s%@sbindir@%$sbindir%g +s%@libexecdir@%$libexecdir%g +s%@datadir@%$datadir%g +s%@sysconfdir@%$sysconfdir%g +s%@sharedstatedir@%$sharedstatedir%g +s%@localstatedir@%$localstatedir%g +s%@libdir@%$libdir%g +s%@includedir@%$includedir%g +s%@oldincludedir@%$oldincludedir%g +s%@infodir@%$infodir%g +s%@mandir@%$mandir%g +s%@INSTALL_PROGRAM@%$INSTALL_PROGRAM%g +s%@INSTALL_SCRIPT@%$INSTALL_SCRIPT%g +s%@INSTALL_DATA@%$INSTALL_DATA%g +s%@PACKAGE@%$PACKAGE%g +s%@VERSION@%$VERSION%g +s%@ACLOCAL@%$ACLOCAL%g +s%@AUTOCONF@%$AUTOCONF%g +s%@AUTOMAKE@%$AUTOMAKE%g +s%@AUTOHEADER@%$AUTOHEADER%g +s%@MAKEINFO@%$MAKEINFO%g +s%@SET_MAKE@%$SET_MAKE%g +s%@CC@%$CC%g +s%@LN_S@%$LN_S%g +s%@RANLIB@%$RANLIB%g +s%@CPP@%$CPP%g +s%@signed@%$signed%g + +CEOF +EOF + +cat >> $CONFIG_STATUS <<\EOF + +# Split the substitutions into bite-sized pieces for seds with +# small command number limits, like on Digital OSF/1 and HP-UX. +ac_max_sed_cmds=90 # Maximum number of lines to put in a sed script. +ac_file=1 # Number of current file. +ac_beg=1 # First line for current file. +ac_end=$ac_max_sed_cmds # Line after last line for current file. +ac_more_lines=: +ac_sed_cmds="" +while $ac_more_lines; do + if test $ac_beg -gt 1; then + sed "1,${ac_beg}d; ${ac_end}q" conftest.subs > conftest.s$ac_file + else + sed "${ac_end}q" conftest.subs > conftest.s$ac_file + fi + if test ! -s conftest.s$ac_file; then + ac_more_lines=false + rm -f conftest.s$ac_file + else + if test -z "$ac_sed_cmds"; then + ac_sed_cmds="sed -f conftest.s$ac_file" + else + ac_sed_cmds="$ac_sed_cmds | sed -f conftest.s$ac_file" + fi + ac_file=`expr $ac_file + 1` + ac_beg=$ac_end + ac_end=`expr $ac_end + $ac_max_sed_cmds` + fi +done +if test -z "$ac_sed_cmds"; then + ac_sed_cmds=cat +fi +EOF + +cat >> $CONFIG_STATUS <<EOF + +CONFIG_FILES=\${CONFIG_FILES-"Makefile"} +EOF +cat >> $CONFIG_STATUS <<\EOF +for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then + # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". + case "$ac_file" in + *:*) ac_file_in=`echo "$ac_file"|sed 's%[^:]*:%%'` + ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;; + *) ac_file_in="${ac_file}.in" ;; + esac + + # Adjust a relative srcdir, top_srcdir, and INSTALL for subdirectories. + + # Remove last slash and all that follows it. Not all systems have dirname. + ac_dir=`echo $ac_file|sed 's%/[^/][^/]*$%%'` + if test "$ac_dir" != "$ac_file" && test "$ac_dir" != .; then + # The file is in a subdirectory. + test ! -d "$ac_dir" && mkdir "$ac_dir" + ac_dir_suffix="/`echo $ac_dir|sed 's%^\./%%'`" + # A "../" for each directory in $ac_dir_suffix. + ac_dots=`echo $ac_dir_suffix|sed 's%/[^/]*%../%g'` + else + ac_dir_suffix= ac_dots= + fi + + case "$ac_given_srcdir" in + .) srcdir=. + if test -z "$ac_dots"; then top_srcdir=. + else top_srcdir=`echo $ac_dots|sed 's%/$%%'`; fi ;; + /*) srcdir="$ac_given_srcdir$ac_dir_suffix"; top_srcdir="$ac_given_srcdir" ;; + *) # Relative path. + srcdir="$ac_dots$ac_given_srcdir$ac_dir_suffix" + top_srcdir="$ac_dots$ac_given_srcdir" ;; + esac + + case "$ac_given_INSTALL" in + [/$]*) INSTALL="$ac_given_INSTALL" ;; + *) INSTALL="$ac_dots$ac_given_INSTALL" ;; + esac + + echo creating "$ac_file" + rm -f "$ac_file" + configure_input="Generated automatically from `echo $ac_file_in|sed 's%.*/%%'` by configure." + case "$ac_file" in + *Makefile*) ac_comsub="1i\\ +# $configure_input" ;; + *) ac_comsub= ;; + esac + + ac_file_inputs=`echo $ac_file_in|sed -e "s%^%$ac_given_srcdir/%" -e "s%:% $ac_given_srcdir/%g"` + sed -e "$ac_comsub +s%@configure_input@%$configure_input%g +s%@srcdir@%$srcdir%g +s%@top_srcdir@%$top_srcdir%g +s%@INSTALL@%$INSTALL%g +" $ac_file_inputs | (eval "$ac_sed_cmds") > $ac_file +fi; done +rm -f conftest.s* + +# These sed commands are passed to sed as "A NAME B NAME C VALUE D", where +# NAME is the cpp macro being defined and VALUE is the value it is being given. +# +# ac_d sets the value in "#define NAME VALUE" lines. +ac_dA='s%^\([ ]*\)#\([ ]*define[ ][ ]*\)' +ac_dB='\([ ][ ]*\)[^ ]*%\1#\2' +ac_dC='\3' +ac_dD='%g' +# ac_u turns "#undef NAME" with trailing blanks into "#define NAME VALUE". +ac_uA='s%^\([ ]*\)#\([ ]*\)undef\([ ][ ]*\)' +ac_uB='\([ ]\)%\1#\2define\3' +ac_uC=' ' +ac_uD='\4%g' +# ac_e turns "#undef NAME" without trailing blanks into "#define NAME VALUE". +ac_eA='s%^\([ ]*\)#\([ ]*\)undef\([ ][ ]*\)' +ac_eB='$%\1#\2define\3' +ac_eC=' ' +ac_eD='%g' + +if test "${CONFIG_HEADERS+set}" != set; then +EOF +cat >> $CONFIG_STATUS <<EOF + CONFIG_HEADERS="config.h" +EOF +cat >> $CONFIG_STATUS <<\EOF +fi +for ac_file in .. $CONFIG_HEADERS; do if test "x$ac_file" != x..; then + # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". + case "$ac_file" in + *:*) ac_file_in=`echo "$ac_file"|sed 's%[^:]*:%%'` + ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;; + *) ac_file_in="${ac_file}.in" ;; + esac + + echo creating $ac_file + + rm -f conftest.frag conftest.in conftest.out + ac_file_inputs=`echo $ac_file_in|sed -e "s%^%$ac_given_srcdir/%" -e "s%:% $ac_given_srcdir/%g"` + cat $ac_file_inputs > conftest.in + +EOF + +# Transform confdefs.h into a sed script conftest.vals that substitutes +# the proper values into config.h.in to produce config.h. And first: +# Protect against being on the right side of a sed subst in config.status. +# Protect against being in an unquoted here document in config.status. +rm -f conftest.vals +cat > conftest.hdr <<\EOF +s/[\\&%]/\\&/g +s%[\\$`]%\\&%g +s%#define \([A-Za-z_][A-Za-z0-9_]*\) *\(.*\)%${ac_dA}\1${ac_dB}\1${ac_dC}\2${ac_dD}%gp +s%ac_d%ac_u%gp +s%ac_u%ac_e%gp +EOF +sed -n -f conftest.hdr confdefs.h > conftest.vals +rm -f conftest.hdr + +# This sed command replaces #undef with comments. This is necessary, for +# example, in the case of _POSIX_SOURCE, which is predefined and required +# on some systems where configure will not decide to define it. +cat >> conftest.vals <<\EOF +s%^[ ]*#[ ]*undef[ ][ ]*[a-zA-Z_][a-zA-Z_0-9]*%/* & */% +EOF + +# Break up conftest.vals because some shells have a limit on +# the size of here documents, and old seds have small limits too. + +rm -f conftest.tail +while : +do + ac_lines=`grep -c . conftest.vals` + # grep -c gives empty output for an empty file on some AIX systems. + if test -z "$ac_lines" || test "$ac_lines" -eq 0; then break; fi + # Write a limited-size here document to conftest.frag. + echo ' cat > conftest.frag <<CEOF' >> $CONFIG_STATUS + sed ${ac_max_here_lines}q conftest.vals >> $CONFIG_STATUS + echo 'CEOF + sed -f conftest.frag conftest.in > conftest.out + rm -f conftest.in + mv conftest.out conftest.in +' >> $CONFIG_STATUS + sed 1,${ac_max_here_lines}d conftest.vals > conftest.tail + rm -f conftest.vals + mv conftest.tail conftest.vals +done +rm -f conftest.vals + +cat >> $CONFIG_STATUS <<\EOF + rm -f conftest.frag conftest.h + echo "/* $ac_file. Generated automatically by configure. */" > conftest.h + cat conftest.in >> conftest.h + rm -f conftest.in + if cmp -s $ac_file conftest.h 2>/dev/null; then + echo "$ac_file is unchanged" + rm -f conftest.h + else + # Remove last slash and all that follows it. Not all systems have dirname. + ac_dir=`echo $ac_file|sed 's%/[^/][^/]*$%%'` + if test "$ac_dir" != "$ac_file" && test "$ac_dir" != .; then + # The file is in a subdirectory. + test ! -d "$ac_dir" && mkdir "$ac_dir" + fi + rm -f $ac_file + mv conftest.h $ac_file + fi +fi; done + +EOF +cat >> $CONFIG_STATUS <<EOF + + +EOF +cat >> $CONFIG_STATUS <<\EOF +test -z "$CONFIG_HEADERS" || echo timestamp > stamp-h + +exit 0 +EOF +chmod +x $CONFIG_STATUS +rm -fr confdefs* $ac_clean_files +test "$no_create" = yes || ${CONFIG_SHELL-/bin/sh} $CONFIG_STATUS || exit 1 + diff --git a/package/network/services/ead/src/tinysrp/configure.in b/package/network/services/ead/src/tinysrp/configure.in new file mode 100644 index 0000000..627d15a --- /dev/null +++ b/package/network/services/ead/src/tinysrp/configure.in @@ -0,0 +1,52 @@ +dnl Process this file with autoconf to produce a configure script. + +AC_INIT(t_pwd.h) +AM_CONFIG_HEADER(config.h) +AM_INIT_AUTOMAKE(libtinysrp, 0.7.5) + +test "$CFLAGS" = "" && CFLAGS="-O2" + +dnl Checks for programs. + +AC_PROG_CC +AC_PROG_INSTALL +AC_PROG_LN_S +AC_PROG_RANLIB +AC_ARG_PROGRAM + +dnl Checks for header files. + +AC_HEADER_STDC +AC_CHECK_HEADERS(sgtty.h sys/ioctl.h sys/time.h termio.h termios.h unistd.h) + +dnl Checks for typedefs, structures, and compiler characteristics. + +AC_C_CONST +AC_C_INLINE +AC_HEADER_TIME +AC_C_BIGENDIAN +AC_CHECK_SIZEOF(short) +AC_CHECK_SIZEOF(int) +AC_CHECK_SIZEOF(long) +AC_CHECK_SIZEOF(long long) +AC_TRY_COMPILE(, [volatile int i;], , AC_DEFINE(volatile, )) +AC_C_CHAR_UNSIGNED + +AC_SUBST(signed)dnl +if test "$ac_cv_c_char_unsigned" = "yes"; then + signed=-signed +fi + +dnl Checks for library functions. + +AC_CHECK_FUNCS(sigaction strchr memcpy) +TYPE_SIGNAL +AC_HEADER_CHECK(termios.h,AC_FUNC_CHECK(cfsetispeed,AC_DEFINE(POSIX_TERMIOS))) + +dnl User options + +dnl Some defines for now. + +AC_DEFINE(SHA1HANDSOFF) + +AC_OUTPUT(Makefile) diff --git a/package/network/services/ead/src/tinysrp/install-sh b/package/network/services/ead/src/tinysrp/install-sh new file mode 100755 index 0000000..e843669 --- /dev/null +++ b/package/network/services/ead/src/tinysrp/install-sh @@ -0,0 +1,250 @@ +#!/bin/sh +# +# install - install a program, script, or datafile +# This comes from X11R5 (mit/util/scripts/install.sh). +# +# Copyright 1991 by the Massachusetts Institute of Technology +# +# Permission to use, copy, modify, distribute, and sell this software and its +# documentation for any purpose is hereby granted without fee, provided that +# the above copyright notice appear in all copies and that both that +# copyright notice and this permission notice appear in supporting +# documentation, and that the name of M.I.T. not be used in advertising or +# publicity pertaining to distribution of the software without specific, +# written prior permission. M.I.T. makes no representations about the +# suitability of this software for any purpose. It is provided "as is" +# without express or implied warranty. +# +# Calling this script install-sh is preferred over install.sh, to prevent +# `make' implicit rules from creating a file called install from it +# when there is no Makefile. +# +# This script is compatible with the BSD install script, but was written +# from scratch. It can only install one file at a time, a restriction +# shared with many OS's install programs. + + +# set DOITPROG to echo to test this script + +# Don't use :- since 4.3BSD and earlier shells don't like it. +doit="${DOITPROG-}" + + +# put in absolute paths if you don't have them in your path; or use env. vars. + +mvprog="${MVPROG-mv}" +cpprog="${CPPROG-cp}" +chmodprog="${CHMODPROG-chmod}" +chownprog="${CHOWNPROG-chown}" +chgrpprog="${CHGRPPROG-chgrp}" +stripprog="${STRIPPROG-strip}" +rmprog="${RMPROG-rm}" +mkdirprog="${MKDIRPROG-mkdir}" + +transformbasename="" +transform_arg="" +instcmd="$mvprog" +chmodcmd="$chmodprog 0755" +chowncmd="" +chgrpcmd="" +stripcmd="" +rmcmd="$rmprog -f" +mvcmd="$mvprog" +src="" +dst="" +dir_arg="" + +while [ x"$1" != x ]; do + case $1 in + -c) instcmd="$cpprog" + shift + continue;; + + -d) dir_arg=true + shift + continue;; + + -m) chmodcmd="$chmodprog $2" + shift + shift + continue;; + + -o) chowncmd="$chownprog $2" + shift + shift + continue;; + + -g) chgrpcmd="$chgrpprog $2" + shift + shift + continue;; + + -s) stripcmd="$stripprog" + shift + continue;; + + -t=*) transformarg=`echo $1 | sed 's/-t=//'` + shift + continue;; + + -b=*) transformbasename=`echo $1 | sed 's/-b=//'` + shift + continue;; + + *) if [ x"$src" = x ] + then + src=$1 + else + # this colon is to work around a 386BSD /bin/sh bug + : + dst=$1 + fi + shift + continue;; + esac +done + +if [ x"$src" = x ] +then + echo "install: no input file specified" + exit 1 +else + true +fi + +if [ x"$dir_arg" != x ]; then + dst=$src + src="" + + if [ -d $dst ]; then + instcmd=: + else + instcmd=mkdir + fi +else + +# Waiting for this to be detected by the "$instcmd $src $dsttmp" command +# might cause directories to be created, which would be especially bad +# if $src (and thus $dsttmp) contains '*'. + + if [ -f $src -o -d $src ] + then + true + else + echo "install: $src does not exist" + exit 1 + fi + + if [ x"$dst" = x ] + then + echo "install: no destination specified" + exit 1 + else + true + fi + +# If destination is a directory, append the input filename; if your system +# does not like double slashes in filenames, you may need to add some logic + + if [ -d $dst ] + then + dst="$dst"/`basename $src` + else + true + fi +fi + +## this sed command emulates the dirname command +dstdir=`echo $dst | sed -e 's,[^/]*$,,;s,/$,,;s,^$,.,'` + +# Make sure that the destination directory exists. +# this part is taken from Noah Friedman's mkinstalldirs script + +# Skip lots of stat calls in the usual case. +if [ ! -d "$dstdir" ]; then +defaultIFS=' +' +IFS="${IFS-${defaultIFS}}" + +oIFS="${IFS}" +# Some sh's can't handle IFS=/ for some reason. +IFS='%' +set - `echo ${dstdir} | sed -e 's@/@%@g' -e 's@^%@/@'` +IFS="${oIFS}" + +pathcomp='' + +while [ $# -ne 0 ] ; do + pathcomp="${pathcomp}${1}" + shift + + if [ ! -d "${pathcomp}" ] ; + then + $mkdirprog "${pathcomp}" + else + true + fi + + pathcomp="${pathcomp}/" +done +fi + +if [ x"$dir_arg" != x ] +then + $doit $instcmd $dst && + + if [ x"$chowncmd" != x ]; then $doit $chowncmd $dst; else true ; fi && + if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dst; else true ; fi && + if [ x"$stripcmd" != x ]; then $doit $stripcmd $dst; else true ; fi && + if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dst; else true ; fi +else + +# If we're going to rename the final executable, determine the name now. + + if [ x"$transformarg" = x ] + then + dstfile=`basename $dst` + else + dstfile=`basename $dst $transformbasename | + sed $transformarg`$transformbasename + fi + +# don't allow the sed command to completely eliminate the filename + + if [ x"$dstfile" = x ] + then + dstfile=`basename $dst` + else + true + fi + +# Make a temp file name in the proper directory. + + dsttmp=$dstdir/#inst.$$# + +# Move or copy the file name to the temp name + + $doit $instcmd $src $dsttmp && + + trap "rm -f ${dsttmp}" 0 && + +# and set any options; do chmod last to preserve setuid bits + +# If any of these fail, we abort the whole thing. If we want to +# ignore errors from any of these, just make sure not to ignore +# errors from the above "$doit $instcmd $src $dsttmp" command. + + if [ x"$chowncmd" != x ]; then $doit $chowncmd $dsttmp; else true;fi && + if [ x"$chgrpcmd" != x ]; then $doit $chgrpcmd $dsttmp; else true;fi && + if [ x"$stripcmd" != x ]; then $doit $stripcmd $dsttmp; else true;fi && + if [ x"$chmodcmd" != x ]; then $doit $chmodcmd $dsttmp; else true;fi && + +# Now rename the file to the real destination. + + $doit $rmcmd -f $dstdir/$dstfile && + $doit $mvcmd $dsttmp $dstdir/$dstfile + +fi && + + +exit 0 diff --git a/package/network/services/ead/src/tinysrp/missing b/package/network/services/ead/src/tinysrp/missing new file mode 100755 index 0000000..a6abd06 --- /dev/null +++ b/package/network/services/ead/src/tinysrp/missing @@ -0,0 +1,134 @@ +#! /bin/sh +# Common stub for a few missing GNU programs while installing. +# Copyright (C) 1996, 1997 Free Software Foundation, Inc. +# Franc,ois Pinard <pinard@iro.umontreal.ca>, 1996. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA +# 02111-1307, USA. + +if test $# -eq 0; then + echo 1>&2 "Try \`$0 --help' for more information" + exit 1 +fi + +case "$1" in + + -h|--h|--he|--hel|--help) + echo "\ +$0 [OPTION]... PROGRAM [ARGUMENT]... + +Handle \`PROGRAM [ARGUMENT]...' for when PROGRAM is missing, or return an +error status if there is no known handling for PROGRAM. + +Options: + -h, --help display this help and exit + -v, --version output version information and exit + +Supported PROGRAM values: + aclocal touch file \`aclocal.m4' + autoconf touch file \`configure' + autoheader touch file \`config.h.in' + automake touch all \`Makefile.in' files + bison touch file \`y.tab.c' + makeinfo touch the output file + yacc touch file \`y.tab.c'" + ;; + + -v|--v|--ve|--ver|--vers|--versi|--versio|--version) + echo "missing - GNU libit 0.0" + ;; + + -*) + echo 1>&2 "$0: Unknown \`$1' option" + echo 1>&2 "Try \`$0 --help' for more information" + exit 1 + ;; + + aclocal) + echo 1>&2 "\ +WARNING: \`$1' is missing on your system. You should only need it if + you modified \`acinclude.m4' or \`configure.in'. You might want + to install the \`Automake' and \`Perl' packages. Grab them from + any GNU archive site." + touch aclocal.m4 + ;; + + autoconf) + echo 1>&2 "\ +WARNING: \`$1' is missing on your system. You should only need it if + you modified \`configure.in'. You might want to install the + \`Autoconf' and \`GNU m4' packages. Grab them from any GNU + archive site." + touch configure + ;; + + autoheader) + echo 1>&2 "\ +WARNING: \`$1' is missing on your system. You should only need it if + you modified \`acconfig.h' or \`configure.in'. You might want + to install the \`Autoconf' and \`GNU m4' packages. Grab them + from any GNU archive site." + touch config.h.in + ;; + + automake) + echo 1>&2 "\ +WARNING: \`$1' is missing on your system. You should only need it if + you modified \`Makefile.am', \`acinclude.m4' or \`configure.in'. + You might want to install the \`Automake' and \`Perl' packages. + Grab them from any GNU archive site." + find . -type f -name Makefile.am -print \ + | sed 's/^\(.*\).am$/touch \1.in/' \ + | sh + ;; + + bison|yacc) + echo 1>&2 "\ +WARNING: \`$1' is missing on your system. You should only need it if + you modified a \`.y' file. You may need the \`Bison' package + in order for those modifications to take effect. You can get + \`Bison' from any GNU archive site." + touch y.tab.c + ;; + + makeinfo) + echo 1>&2 "\ +WARNING: \`$1' is missing on your system. You should only need it if + you modified a \`.texi' or \`.texinfo' file, or any other file + indirectly affecting the aspect of the manual. The spurious + call might also be the consequence of using a buggy \`make' (AIX, + DU, IRIX). You might want to install the \`Texinfo' package or + the \`GNU make' package. Grab either from any GNU archive site." + file=`echo "$*" | sed -n 's/.*-o \([^ ]*\).*/\1/p'` + if test -z "$file"; then + file=`echo "$*" | sed 's/.* \([^ ]*\) *$/\1/'` + file=`sed -n '/^@setfilename/ { s/.* \([^ ]*\) *$/\1/; p; q; }' $file` + fi + touch $file + ;; + + *) + echo 1>&2 "\ +WARNING: \`$1' is needed, and you do not seem to have it handy on your + system. You might have modified some files without having the + proper tools for further handling them. Check the \`README' file, + it often tells you about the needed prerequirements for installing + this package. You may also peek at any GNU archive site, in case + some other package would contain this missing \`$1' program." + exit 1 + ;; +esac + +exit 0 diff --git a/package/network/services/ead/src/tinysrp/mkinstalldirs b/package/network/services/ead/src/tinysrp/mkinstalldirs new file mode 100755 index 0000000..3bc1836 --- /dev/null +++ b/package/network/services/ead/src/tinysrp/mkinstalldirs @@ -0,0 +1,39 @@ +#! /bin/sh +# mkinstalldirs --- make directory hierarchy +# Author: Noah Friedman <friedman@prep.ai.mit.edu> +# Created: 1993-05-16 +# Public domain + + +errstatus=0 + +for file +do + set fnord `echo ":$file" | sed -ne 's/^:\//#/;s/^://;s/\// /g;s/^#/\//;p'` + shift + + pathcomp= + for d + do + pathcomp="$pathcomp$d" + case "$pathcomp" in + -* ) pathcomp=./$pathcomp ;; + esac + + if test ! -d "$pathcomp"; then + echo "mkdir $pathcomp" 1>&2 + + mkdir "$pathcomp" || lasterr=$? + + if test ! -d "$pathcomp"; then + errstatus=$lasterr + fi + fi + + pathcomp="$pathcomp/" + done +done + +exit $errstatus + +# mkinstalldirs ends here diff --git a/package/network/services/ead/src/tinysrp/srvtest.c b/package/network/services/ead/src/tinysrp/srvtest.c new file mode 100644 index 0000000..e09d501 --- /dev/null +++ b/package/network/services/ead/src/tinysrp/srvtest.c @@ -0,0 +1,111 @@ +/* + * Copyright (c) 1997-1999 The Stanford SRP Authentication Project + * All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, + * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY + * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + * + * IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL, + * INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER + * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF + * THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT + * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * In addition, the following conditions apply: + * + * 1. Any software that incorporates the SRP authentication technology + * must display the following acknowlegment: + * "This product uses the 'Secure Remote Password' cryptographic + * authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)." + * + * 2. Any software that incorporates all or part of the SRP distribution + * itself must also display the following acknowledgment: + * "This product includes software developed by Tom Wu and Eugene + * Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)." + * + * 3. Redistributions in source or binary form must retain an intact copy + * of this copyright notice and list of conditions. + */ + +#include <stdio.h> +#include "t_defines.h" +#include "t_pwd.h" +#include "t_server.h" + +int +main(argc, argv) + int argc; + char * argv[]; +{ + struct t_server * ts; + struct t_pw * tpw; + struct t_conf * tcnf; + struct t_num * B; + char username[MAXUSERLEN]; + char hexbuf[MAXHEXPARAMLEN]; + char buf[MAXPARAMLEN]; + struct t_num A; + unsigned char * skey; + unsigned char cbuf[20]; + FILE * fp; + FILE * fp2; + char confname[256]; + + printf("Enter username: "); + fgets(username, sizeof(username), stdin); + username[strlen(username) - 1] = '\0'; + ts = t_serveropen(username); + + if(ts == NULL) { + fprintf(stderr, "User %s not found\n", username); + exit(1); + } + +#if 0 + printf("n: %s\n", t_tob64(hexbuf, ts->n.data, ts->n.len)); + printf("g: %s\n", t_tob64(hexbuf, ts->g.data, ts->g.len)); +#endif + printf("index (to client): %d\n", ts->index); + printf("salt (to client): %s\n", t_tob64(hexbuf, ts->s.data, ts->s.len)); + + B = t_servergenexp(ts); + printf("Enter A (from client): "); + fgets(hexbuf, sizeof(hexbuf), stdin); + A.data = buf; + A.len = t_fromb64(A.data, hexbuf); + + printf("B (to client): %s\n", t_tob64(hexbuf, B->data, B->len)); + + skey = t_servergetkey(ts, &A); + printf("Session key: %s\n", t_tohex(hexbuf, skey, 40)); + + /* printf("[Expected response: %s]\n", t_tohex(hexbuf, cbuf, 16)); */ + + printf("Enter response (from client): "); + fgets(hexbuf, sizeof(hexbuf), stdin); + hexbuf[strlen(hexbuf) - 1] = '\0'; + t_fromhex(cbuf, hexbuf); + + if(t_serververify(ts, cbuf) == 0) { + printf("Authentication successful.\n"); + printf("Response (to client): %s\n", + t_tohex(hexbuf, t_serverresponse(ts), RESPONSE_LEN)); + } else + printf("Authentication failed.\n"); + + t_serverclose(ts); + + return 0; +} diff --git a/package/network/services/ead/src/tinysrp/stamp-h.in b/package/network/services/ead/src/tinysrp/stamp-h.in new file mode 100644 index 0000000..9788f70 --- /dev/null +++ b/package/network/services/ead/src/tinysrp/stamp-h.in @@ -0,0 +1 @@ +timestamp diff --git a/package/network/services/ead/src/tinysrp/t_client.c b/package/network/services/ead/src/tinysrp/t_client.c new file mode 100644 index 0000000..692215a --- /dev/null +++ b/package/network/services/ead/src/tinysrp/t_client.c @@ -0,0 +1,285 @@ +/* + * Copyright (c) 1997-1999 The Stanford SRP Authentication Project + * All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, + * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY + * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + * + * IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL, + * INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER + * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF + * THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT + * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * In addition, the following conditions apply: + * + * 1. Any software that incorporates the SRP authentication technology + * must display the following acknowlegment: + * "This product uses the 'Secure Remote Password' cryptographic + * authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)." + * + * 2. Any software that incorporates all or part of the SRP distribution + * itself must also display the following acknowledgment: + * "This product includes software developed by Tom Wu and Eugene + * Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)." + * + * 3. Redistributions in source or binary form must retain an intact copy + * of this copyright notice and list of conditions. + */ + +#include <stdio.h> +#include "t_defines.h" +#include "t_pwd.h" +#include "t_client.h" +#include "t_sha.h" + +_TYPE( struct t_client * ) +t_clientopen(u, n, g, s) + const char * u; + struct t_num * n; + struct t_num * g; + struct t_num * s; +{ + struct t_client * tc; + unsigned char buf1[SHA_DIGESTSIZE], buf2[SHA_DIGESTSIZE]; + SHA1_CTX ctxt; + int i, validated; + struct t_preconf * tpc; + + validated = 0; + if(n->len < MIN_MOD_BYTES) + return 0; + for(i = 0; i < t_getprecount(); ++i) { + tpc = t_getpreparam(i); + if(tpc->modulus.len == n->len && tpc->generator.len == g->len && + memcmp(tpc->modulus.data, n->data, n->len) == 0 && + memcmp(tpc->generator.data, g->data, g->len) == 0) { + validated = 1; /* Match found, done */ + break; + } + } + + if(validated == 0) + return 0; + + if((tc = malloc(sizeof(struct t_client))) == 0) + return 0; + + strncpy(tc->username, u, MAXUSERLEN); + + SHA1Init(&tc->hash); + + tc->n.len = n->len; + tc->n.data = tc->nbuf; + memcpy(tc->n.data, n->data, tc->n.len); + + SHA1Init(&ctxt); + SHA1Update(&ctxt, tc->n.data, tc->n.len); + SHA1Final(buf1, &ctxt); + + tc->g.len = g->len; + tc->g.data = tc->gbuf; + memcpy(tc->g.data, g->data, tc->g.len); + + SHA1Init(&ctxt); + SHA1Update(&ctxt, tc->g.data, tc->g.len); + SHA1Final(buf2, &ctxt); + + for(i = 0; i < sizeof(buf1); ++i) + buf1[i] ^= buf2[i]; + + SHA1Update(&tc->hash, buf1, sizeof(buf1)); + + SHA1Init(&ctxt); + SHA1Update(&ctxt, tc->username, strlen(tc->username)); + SHA1Final(buf1, &ctxt); + + SHA1Update(&tc->hash, buf1, sizeof(buf1)); + + tc->s.len = s->len; + tc->s.data = tc->sbuf; + memcpy(tc->s.data, s->data, tc->s.len); + + SHA1Update(&tc->hash, tc->s.data, tc->s.len); + + tc->a.data = tc->abuf; + tc->A.data = tc->Abuf; + tc->p.data = tc->pbuf; + tc->v.data = tc->vbuf; + + SHA1Init(&tc->ckhash); + + return tc; +} + +_TYPE( struct t_num * ) +t_clientgenexp(tc) + struct t_client * tc; +{ + BigInteger a, A, n, g; + + if(tc->n.len < ALEN) + tc->a.len = tc->n.len; + else + tc->a.len = ALEN; + + t_random(tc->a.data, tc->a.len); + a = BigIntegerFromBytes(tc->a.data, tc->a.len); + n = BigIntegerFromBytes(tc->n.data, tc->n.len); + g = BigIntegerFromBytes(tc->g.data, tc->g.len); + A = BigIntegerFromInt(0); + BigIntegerModExp(A, g, a, n); + tc->A.len = BigIntegerToBytes(A, tc->A.data); + + BigIntegerFree(A); + BigIntegerFree(a); + BigIntegerFree(g); + BigIntegerFree(n); + + SHA1Update(&tc->hash, tc->A.data, tc->A.len); + SHA1Update(&tc->ckhash, tc->A.data, tc->A.len); + + return &tc->A; +} + +_TYPE( void ) +t_clientpasswd(tc, password) + struct t_client * tc; + char * password; +{ + BigInteger n, g, p, v; + SHA1_CTX ctxt; + unsigned char dig[SHA_DIGESTSIZE]; + + n = BigIntegerFromBytes(tc->n.data, tc->n.len); + g = BigIntegerFromBytes(tc->g.data, tc->g.len); + + SHA1Init(&ctxt); + SHA1Update(&ctxt, tc->username, strlen(tc->username)); + SHA1Update(&ctxt, ":", 1); + SHA1Update(&ctxt, password, strlen(password)); + SHA1Final(dig, &ctxt); + + SHA1Init(&ctxt); + SHA1Update(&ctxt, tc->s.data, tc->s.len); + SHA1Update(&ctxt, dig, sizeof(dig)); + SHA1Final(dig, &ctxt); + + p = BigIntegerFromBytes(dig, sizeof(dig)); + + v = BigIntegerFromInt(0); + BigIntegerModExp(v, g, p, n); + + tc->p.len = BigIntegerToBytes(p, tc->p.data); + BigIntegerFree(p); + + tc->v.len = BigIntegerToBytes(v, tc->v.data); + BigIntegerFree(v); +} + +_TYPE( unsigned char * ) +t_clientgetkey(tc, serverval) + struct t_client * tc; + struct t_num * serverval; +{ + BigInteger n, B, v, p, a, sum, S; + unsigned char sbuf[MAXPARAMLEN]; + unsigned char dig[SHA_DIGESTSIZE]; + unsigned slen; + unsigned int u; + SHA1_CTX ctxt; + + SHA1Init(&ctxt); + SHA1Update(&ctxt, serverval->data, serverval->len); + SHA1Final(dig, &ctxt); + u = (dig[0] << 24) | (dig[1] << 16) | (dig[2] << 8) | dig[3]; + if(u == 0) + return NULL; + + SHA1Update(&tc->hash, serverval->data, serverval->len); + + B = BigIntegerFromBytes(serverval->data, serverval->len); + n = BigIntegerFromBytes(tc->n.data, tc->n.len); + + if(BigIntegerCmp(B, n) >= 0 || BigIntegerCmpInt(B, 0) == 0) { + BigIntegerFree(B); + BigIntegerFree(n); + return NULL; + } + v = BigIntegerFromBytes(tc->v.data, tc->v.len); + if(BigIntegerCmp(B, v) < 0) + BigIntegerAdd(B, B, n); + BigIntegerSub(B, B, v); + BigIntegerFree(v); + + a = BigIntegerFromBytes(tc->a.data, tc->a.len); + p = BigIntegerFromBytes(tc->p.data, tc->p.len); + + sum = BigIntegerFromInt(0); + BigIntegerMulInt(sum, p, u); + BigIntegerAdd(sum, sum, a); + + BigIntegerFree(p); + BigIntegerFree(a); + + S = BigIntegerFromInt(0); + BigIntegerModExp(S, B, sum, n); + slen = BigIntegerToBytes(S, sbuf); + + BigIntegerFree(S); + BigIntegerFree(sum); + BigIntegerFree(B); + BigIntegerFree(n); + + t_sessionkey(tc->session_key, sbuf, slen); + memset(sbuf, 0, slen); + + SHA1Update(&tc->hash, tc->session_key, sizeof(tc->session_key)); + + SHA1Final(tc->session_response, &tc->hash); + SHA1Update(&tc->ckhash, tc->session_response, sizeof(tc->session_response)); + SHA1Update(&tc->ckhash, tc->session_key, sizeof(tc->session_key)); + + return tc->session_key; +} + +_TYPE( int ) +t_clientverify(tc, resp) + struct t_client * tc; + unsigned char * resp; +{ + unsigned char expected[SHA_DIGESTSIZE]; + + SHA1Final(expected, &tc->ckhash); + return memcmp(expected, resp, sizeof(expected)); +} + +_TYPE( unsigned char * ) +t_clientresponse(tc) + struct t_client * tc; +{ + return tc->session_response; +} + +_TYPE( void ) +t_clientclose(tc) + struct t_client * tc; +{ + memset(tc->abuf, 0, sizeof(tc->abuf)); + memset(tc->pbuf, 0, sizeof(tc->pbuf)); + memset(tc->vbuf, 0, sizeof(tc->vbuf)); + memset(tc->session_key, 0, sizeof(tc->session_key)); + free(tc); +} diff --git a/package/network/services/ead/src/tinysrp/t_client.h b/package/network/services/ead/src/tinysrp/t_client.h new file mode 100644 index 0000000..42922af --- /dev/null +++ b/package/network/services/ead/src/tinysrp/t_client.h @@ -0,0 +1,148 @@ +/* + * Copyright (c) 1997-1999 The Stanford SRP Authentication Project + * All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, + * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY + * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + * + * IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL, + * INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER + * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF + * THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT + * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * In addition, the following conditions apply: + * + * 1. Any software that incorporates the SRP authentication technology + * must display the following acknowlegment: + * "This product uses the 'Secure Remote Password' cryptographic + * authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)." + * + * 2. Any software that incorporates all or part of the SRP distribution + * itself must also display the following acknowledgment: + * "This product includes software developed by Tom Wu and Eugene + * Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)." + * + * 3. Redistributions in source or binary form must retain an intact copy + * of this copyright notice and list of conditions. + */ + +#ifndef T_CLIENT_H +#define T_CLIENT_H + +#include "t_sha.h" + +#if !defined(P) +#ifdef __STDC__ +#define P(x) x +#else +#define P(x) () +#endif +#endif + +/* For building dynamic link libraries under windows, windows NT + * using MSVC1.5 or MSVC2.0 + */ + +#ifndef _DLLDECL +#define _DLLDECL + +#ifdef MSVC15 /* MSVC1.5 support for 16 bit apps */ +#define _MSVC15EXPORT _export +#define _MSVC20EXPORT +#define _DLLAPI _export _pascal +#define _TYPE(a) a _MSVC15EXPORT +#define DLLEXPORT 1 + +#elif MSVC20 +#define _MSVC15EXPORT +#define _MSVC20EXPORT _declspec(dllexport) +#define _DLLAPI +#define _TYPE(a) _MSVC20EXPORT a +#define DLLEXPORT 1 + +#else /* Default, non-dll. Use this for Unix or DOS */ +#define _MSVC15DEXPORT +#define _MSVC20EXPORT +#define _DLLAPI +#define _TYPE(a) a +#endif +#endif + +#define ALEN 32 +#define MIN_MOD_BYTES 64 /* 512 bits */ + +struct t_client { + struct t_num n; + struct t_num g; + struct t_num s; + + struct t_num a; + struct t_num A; + + struct t_num p; + struct t_num v; + + SHA1_CTX hash, ckhash; + + char username[MAXUSERLEN]; + unsigned char session_key[SESSION_KEY_LEN]; + unsigned char session_response[RESPONSE_LEN]; + + unsigned char nbuf[MAXPARAMLEN], gbuf[MAXPARAMLEN], sbuf[MAXSALTLEN]; + unsigned char pbuf[MAXPARAMLEN], vbuf[MAXPARAMLEN]; + unsigned char abuf[ALEN], Abuf[MAXPARAMLEN]; +}; + +/* + * SRP client-side negotiation + * + * This code negotiates the client side of an SRP exchange. + * "t_clientopen" accepts a username, and N, g, and s parameters, + * which are usually sent by the server in the first round. + * The client should then call... + * "t_clientgenexp" will generate a random 256-bit exponent and + * raise g to that power, returning the result. This result + * should be sent to the server as w(p). + * "t_clientpasswd" accepts the user's password, which should be + * entered locally and updates the client's state. + * "t_clientgetkey" accepts the exponential y(p), which should + * be sent by the server in the next round and computes the + * 256-bit session key. This data should be saved before the + * session is closed. + * "t_clientresponse" computes the session key proof as SHA(y(p), K). + * "t_clientclose" closes the session and frees its memory. + * + * Note that authentication is not performed per se; it is up + * to either/both sides of the protocol to now verify securely + * that their session keys agree in order to establish authenticity. + * One possible way is through "oracle hashing"; one side sends + * r, the other replies with H(r,K), where H() is a hash function. + * + * t_clientresponse and t_clientverify now implement a version of + * the session-key verification described above. + */ +_TYPE( struct t_client * ) + t_clientopen P((const char *, struct t_num *, struct t_num *, + struct t_num *)); +_TYPE( struct t_num * ) t_clientgenexp P((struct t_client *)); +_TYPE( void ) t_clientpasswd P((struct t_client *, char *)); +_TYPE( unsigned char * ) + t_clientgetkey P((struct t_client *, struct t_num *)); +_TYPE( int ) t_clientverify P((struct t_client *, unsigned char *)); +_TYPE( unsigned char * ) t_clientresponse P((struct t_client *)); +_TYPE( void ) t_clientclose P((struct t_client *)); + +#endif diff --git a/package/network/services/ead/src/tinysrp/t_conf.c b/package/network/services/ead/src/tinysrp/t_conf.c new file mode 100644 index 0000000..fbe6f41 --- /dev/null +++ b/package/network/services/ead/src/tinysrp/t_conf.c @@ -0,0 +1,1080 @@ +/* + * Copyright (c) 1997-1999 The Stanford SRP Authentication Project + * All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, + * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY + * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + * + * IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL, + * INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER + * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF + * THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT + * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * In addition, the following conditions apply: + * + * 1. Any software that incorporates the SRP authentication technology + * must display the following acknowlegment: + * "This product uses the 'Secure Remote Password' cryptographic + * authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)." + * + * 2. Any software that incorporates all or part of the SRP distribution + * itself must also display the following acknowledgment: + * "This product includes software developed by Tom Wu and Eugene + * Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)." + * + * 3. Redistributions in source or binary form must retain an intact copy + * of this copyright notice and list of conditions. + */ + +#include <stdio.h> + +#include "t_defines.h" +#include "t_pwd.h" +#include "t_read.h" +#include "bn.h" +#include "bn_lcl.h" +#include "bn_prime.h" + +#define TABLE_SIZE 32 + +static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, + const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont); + +/* + * This is the safe prime generation logic. + * To generate a safe prime p (where p = 2q+1 and q is prime), we start + * with a random odd q that is one bit shorter than the desired length + * of p. We use a simple 30-element sieve to filter the values of q + * and consider only those that are 11, 23, or 29 (mod 30). (If q were + * anything else, either q or p would be divisible by 2, 3, or 5). + * For the values of q that are left, we apply the following tests in + * this order: + * + * trial divide q + * let p = 2q + 1 + * trial divide p + * apply Fermat test to q (2^q == 2 (mod q)) + * apply Fermat test to p (2^p == 2 (mod p)) + * apply real probablistic primality test to q + * apply real probablistic primality test to p + * + * A number that passes all these tests is considered a safe prime for + * our purposes. The tests are ordered this way for efficiency; the + * slower tests are run rarely if ever at all. + */ + +static int +trialdiv(x) + const BigInteger x; +{ + static int primes[] = { /* All odd primes < 256 */ + 3, 5, 7, 11, 13, 17, 19, 23, 29, + 31, 37, 41, 43, 47, 53, 59, 61, 67, + 71, 73, 79, 83, 89, 97, 101, 103, + 107, 109, 113, 127, 131, 137, 139, 149, 151, + 157, 163, 167, 173, 179, 181, 191, 193, 197, + 199, 211, 223, 227, 229, 233, 239, 241, 251 + }; + static int nprimes = sizeof(primes) / sizeof(int); + int i; + + for(i = 0; i < nprimes; ++i) { + if(BigIntegerModInt(x, primes[i]) == 0) + return primes[i]; + } + return 1; +} + +/* x + sieve30[x%30] == 11, 23, or 29 (mod 30) */ + +static int sieve30[] = +{ 11, 10, 9, 8, 7, 6, 5, 4, 3, 2, + 1, 12, 11, 10, 9, 8, 7, 6, 5, 4, + 3, 2, 1, 6, 5, 4, 3, 2, 1, 12 +}; + +/* Find a Sophie-Germain prime between "lo" and "hi". NOTE: this is not + a "safe prime", but the smaller prime. Take 2q+1 to get the safe prime. */ + +static void +sophie_germain(q, lo, hi) + BigInteger q; /* assumed initialized */ + const BigInteger lo; + const BigInteger hi; +{ + BigInteger m, p, r; + char parambuf[MAXPARAMLEN]; + int foundprime = 0; + int i, mod30; + + m = BigIntegerFromInt(0); + BigIntegerSub(m, hi, lo); + i = (BigIntegerBitLen(m) + 7) / 8; + t_random(parambuf, i); + r = BigIntegerFromBytes(parambuf, i); + BigIntegerMod(r, r, m); + + BigIntegerAdd(q, r, lo); + if(BigIntegerModInt(q, 2) == 0) + BigIntegerAddInt(q, q, 1); /* make q odd */ + + mod30 = BigIntegerModInt(q, 30); /* mod30 = q % 30 */ + + BigIntegerFree(m); + m = BigIntegerFromInt(2); /* m = 2 */ + p = BigIntegerFromInt(0); + + while(BigIntegerCmp(q, hi) < 0) { + if(trialdiv(q) < 2) { + BigIntegerMulInt(p, q, 2); /* p = 2 * q */ + BigIntegerAddInt(p, p, 1); /* p += 1 */ + if(trialdiv(p) < 2) { + BigIntegerModExp(r, m, q, q); /* r = 2^q % q */ + if(BigIntegerCmpInt(r, 2) == 0) { /* if(r == 2) */ + BigIntegerModExp(r, m, p, p); /* r = 2^p % p */ + if(BigIntegerCmpInt(r, 2) == 0) { /* if(r == 2) */ + if(BigIntegerCheckPrime(q) && BigIntegerCheckPrime(p)) { + ++foundprime; + break; + } + } + } + } + } + + i = sieve30[mod30]; + BigIntegerAddInt(q, q, i); /* q += i */ + mod30 = (mod30 + i) % 30; + } + + /* should wrap around on failure */ + if(!foundprime) { + fprintf(stderr, "Prime generation failed!\n"); + exit(1); + } + + BigIntegerFree(r); + BigIntegerFree(m); + BigIntegerFree(p); +} + +_TYPE( struct t_confent * ) +t_makeconfent(tc, nsize) + struct t_conf * tc; + int nsize; +{ + BigInteger n, g, q, t, u; + + t = BigIntegerFromInt(0); + u = BigIntegerFromInt(1); /* u = 1 */ + BigIntegerLShift(t, u, nsize - 2); /* t = 2^(nsize-2) */ + BigIntegerMulInt(u, t, 2); /* u = 2^(nsize-1) */ + + q = BigIntegerFromInt(0); + sophie_germain(q, t, u); + + n = BigIntegerFromInt(0); + BigIntegerMulInt(n, q, 2); + BigIntegerAddInt(n, n, 1); + + /* Look for a generator mod n */ + g = BigIntegerFromInt(2); + while(1) { + BigIntegerModExp(t, g, q, n); /* t = g^q % n */ + if(BigIntegerCmpInt(t, 1) == 0) /* if(t == 1) */ + BigIntegerAddInt(g, g, 1); /* ++g */ + else + break; + } + BigIntegerFree(t); + BigIntegerFree(u); + BigIntegerFree(q); + + tc->tcbuf.modulus.data = tc->modbuf; + tc->tcbuf.modulus.len = BigIntegerToBytes(n, tc->tcbuf.modulus.data); + BigIntegerFree(n); + + tc->tcbuf.generator.data = tc->genbuf; + tc->tcbuf.generator.len = BigIntegerToBytes(g, tc->tcbuf.generator.data); + BigIntegerFree(g); + + tc->tcbuf.index = 1; + return &tc->tcbuf; +} + +_TYPE( struct t_confent * ) +t_makeconfent_c(tc, nsize) + struct t_conf * tc; + int nsize; +{ + BigInteger g, n, p, q, j, k, t, u; + int psize, qsize; + + psize = nsize / 2; + qsize = nsize - psize; + + t = BigIntegerFromInt(1); /* t = 1 */ + u = BigIntegerFromInt(0); + BigIntegerLShift(u, t, psize - 3); /* u = t*2^(psize-3) = 2^(psize-3) */ + BigIntegerMulInt(t, u, 3); /* t = 3*u = 1.5*2^(psize-2) */ + BigIntegerAdd(u, u, t); /* u += t [u = 2^(psize-1)] */ + j = BigIntegerFromInt(0); + sophie_germain(j, t, u); + + k = BigIntegerFromInt(0); + if(qsize != psize) { + BigIntegerFree(t); + t = BigIntegerFromInt(1); /* t = 1 */ + BigIntegerLShift(u, t, qsize - 3); /* u = t*2^(qsize-3) = 2^(qsize-3) */ + BigIntegerMulInt(t, u, 3); /* t = 3*u = 1.5*2^(qsize-2) */ + BigIntegerAdd(u, u, t); /* u += t [u = 2^(qsize-1)] */ + } + sophie_germain(k, t, u); + + p = BigIntegerFromInt(0); + BigIntegerMulInt(p, j, 2); /* p = 2 * j */ + BigIntegerAddInt(p, p, 1); /* p += 1 */ + + q = BigIntegerFromInt(0); + BigIntegerMulInt(q, k, 2); /* q = 2 * k */ + BigIntegerAddInt(q, q, 1); /* q += 1 */ + + n = BigIntegerFromInt(0); + BigIntegerMul(n, p, q); /* n = p * q */ + BigIntegerMul(u, j, k); /* u = j * k */ + + BigIntegerFree(p); + BigIntegerFree(q); + BigIntegerFree(j); + BigIntegerFree(k); + + g = BigIntegerFromInt(2); /* g = 2 */ + + /* Look for a generator mod n */ + while(1) { + BigIntegerModExp(t, g, u, n); /* t = g^u % n */ + if(BigIntegerCmpInt(t, 1) == 0) + BigIntegerAddInt(g, g, 1); /* ++g */ + else + break; + } + + BigIntegerFree(u); + BigIntegerFree(t); + + tc->tcbuf.modulus.data = tc->modbuf; + tc->tcbuf.modulus.len = BigIntegerToBytes(n, tc->tcbuf.modulus.data); + BigIntegerFree(n); + + tc->tcbuf.generator.data = tc->genbuf; + tc->tcbuf.generator.len = BigIntegerToBytes(g, tc->tcbuf.generator.data); + BigIntegerFree(g); + + tc->tcbuf.index = 1; + return &tc->tcbuf; +} + +_TYPE( struct t_confent * ) +t_newconfent(tc) + struct t_conf * tc; +{ + tc->tcbuf.index = 0; + tc->tcbuf.modulus.data = tc->modbuf; + tc->tcbuf.modulus.len = 0; + tc->tcbuf.generator.data = tc->genbuf; + tc->tcbuf.generator.len = 0; + return &tc->tcbuf; +} + +_TYPE( void ) +t_putconfent(ent, fp) + const struct t_confent * ent; + FILE * fp; +{ + char strbuf[MAXB64PARAMLEN]; + + fprintf(fp, "%d:%s:", ent->index, + t_tob64(strbuf, ent->modulus.data, ent->modulus.len)); + fprintf(fp, "%s\n", + t_tob64(strbuf, ent->generator.data, ent->generator.len)); +} + +int +BigIntegerBitLen(b) + BigInteger b; +{ + return BN_num_bits(b); +} + +int +BigIntegerCheckPrime(n) + BigInteger n; +{ + BN_CTX * ctx = BN_CTX_new(); + int rv = BN_is_prime(n, 25, NULL, ctx, NULL); + BN_CTX_free(ctx); + return rv; +} + +unsigned int +BigIntegerModInt(d, m) + BigInteger d; + unsigned int m; +{ + return BN_mod_word(d, m); +} + +void +BigIntegerMod(result, d, m) + BigInteger result, d, m; +{ + BN_CTX * ctx = BN_CTX_new(); + BN_mod(result, d, m, ctx); + BN_CTX_free(ctx); +} + +void +BigIntegerMul(result, m1, m2) + BigInteger result, m1, m2; +{ + BN_CTX * ctx = BN_CTX_new(); + BN_mul(result, m1, m2, ctx); + BN_CTX_free(ctx); +} + +void +BigIntegerLShift(result, x, bits) + BigInteger result, x; + unsigned int bits; +{ + BN_lshift(result, x, bits); +} + +int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int,int,void *), + BN_CTX *ctx_passed, void *cb_arg) + { + return BN_is_prime_fasttest(a, checks, callback, ctx_passed, cb_arg, 0); + } + +int BN_is_prime_fasttest(const BIGNUM *a, int checks, + void (*callback)(int,int,void *), + BN_CTX *ctx_passed, void *cb_arg, + int do_trial_division) + { + int i, j, ret = -1; + int k; + BN_CTX *ctx = NULL; + BIGNUM *A1, *A1_odd, *check; /* taken from ctx */ + BN_MONT_CTX *mont = NULL; + const BIGNUM *A = NULL; + + if (checks == BN_prime_checks) + checks = BN_prime_checks_for_size(BN_num_bits(a)); + + /* first look for small factors */ + if (!BN_is_odd(a)) + return(0); + if (do_trial_division) + { + for (i = 1; i < NUMPRIMES; i++) + if (BN_mod_word(a, primes[i]) == 0) + return 0; + if (callback != NULL) callback(1, -1, cb_arg); + } + + if (ctx_passed != NULL) + ctx = ctx_passed; + else + if ((ctx=BN_CTX_new()) == NULL) + goto err; + BN_CTX_start(ctx); + + /* A := abs(a) */ + if (a->neg) + { + BIGNUM *t; + if ((t = BN_CTX_get(ctx)) == NULL) goto err; + BN_copy(t, a); + t->neg = 0; + A = t; + } + else + A = a; + A1 = BN_CTX_get(ctx); + A1_odd = BN_CTX_get(ctx); + check = BN_CTX_get(ctx); + if (check == NULL) goto err; + + /* compute A1 := A - 1 */ + if (!BN_copy(A1, A)) + goto err; + if (!BN_sub_word(A1, 1)) + goto err; + if (BN_is_zero(A1)) + { + ret = 0; + goto err; + } + + /* write A1 as A1_odd * 2^k */ + k = 1; + while (!BN_is_bit_set(A1, k)) + k++; + if (!BN_rshift(A1_odd, A1, k)) + goto err; + + /* Montgomery setup for computations mod A */ + mont = BN_MONT_CTX_new(); + if (mont == NULL) + goto err; + if (!BN_MONT_CTX_set(mont, A, ctx)) + goto err; + + for (i = 0; i < checks; i++) + { + if (!BN_pseudo_rand(check, BN_num_bits(A1), 0, 0)) + goto err; + if (BN_cmp(check, A1) >= 0) + if (!BN_sub(check, check, A1)) + goto err; + if (!BN_add_word(check, 1)) + goto err; + /* now 1 <= check < A */ + + j = witness(check, A, A1, A1_odd, k, ctx, mont); + if (j == -1) goto err; + if (j) + { + ret=0; + goto err; + } + if (callback != NULL) callback(1,i,cb_arg); + } + ret=1; +err: + if (ctx != NULL) + { + BN_CTX_end(ctx); + if (ctx_passed == NULL) + BN_CTX_free(ctx); + } + if (mont != NULL) + BN_MONT_CTX_free(mont); + + return(ret); + } + +static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, + const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont) + { + if (!BN_mod_exp_mont(w, w, a1_odd, a, ctx, mont)) /* w := w^a1_odd mod a */ + return -1; + if (BN_is_one(w)) + return 0; /* probably prime */ + if (BN_cmp(w, a1) == 0) + return 0; /* w == -1 (mod a), 'a' is probably prime */ + while (--k) + { + if (!BN_mod_mul(w, w, w, a, ctx)) /* w := w^2 mod a */ + return -1; + if (BN_is_one(w)) + return 1; /* 'a' is composite, otherwise a previous 'w' would + * have been == -1 (mod 'a') */ + if (BN_cmp(w, a1) == 0) + return 0; /* w == -1 (mod a), 'a' is probably prime */ + } + /* If we get here, 'w' is the (a-1)/2-th power of the original 'w', + * and it is neither -1 nor +1 -- so 'a' cannot be prime */ + return 1; + } + +int BN_mod_exp_mont(BIGNUM *rr, BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) + { + int i,j,bits,ret=0,wstart,wend,window,wvalue; + int start=1,ts=0; + BIGNUM *d,*r; + BIGNUM *aa; + BIGNUM val[TABLE_SIZE]; + BN_MONT_CTX *mont=NULL; + + bn_check_top(a); + bn_check_top(p); + bn_check_top(m); + + if (!(m->d[0] & 1)) + { + return(0); + } + bits=BN_num_bits(p); + if (bits == 0) + { + BN_one(rr); + return(1); + } + BN_CTX_start(ctx); + d = BN_CTX_get(ctx); + r = BN_CTX_get(ctx); + if (d == NULL || r == NULL) goto err; + + /* If this is not done, things will break in the montgomery + * part */ + + if (in_mont != NULL) + mont=in_mont; + else + { + if ((mont=BN_MONT_CTX_new()) == NULL) goto err; + if (!BN_MONT_CTX_set(mont,m,ctx)) goto err; + } + + BN_init(&val[0]); + ts=1; + if (BN_ucmp(a,m) >= 0) + { + if (!BN_mod(&(val[0]),a,m,ctx)) + goto err; + aa= &(val[0]); + } + else + aa=a; + if (!BN_to_montgomery(&(val[0]),aa,mont,ctx)) goto err; /* 1 */ + + window = BN_window_bits_for_exponent_size(bits); + if (window > 1) + { + if (!BN_mod_mul_montgomery(d,&(val[0]),&(val[0]),mont,ctx)) goto err; /* 2 */ + j=1<<(window-1); + for (i=1; i<j; i++) + { + BN_init(&(val[i])); + if (!BN_mod_mul_montgomery(&(val[i]),&(val[i-1]),d,mont,ctx)) + goto err; + } + ts=i; + } + + start=1; /* This is used to avoid multiplication etc + * when there is only the value '1' in the + * buffer. */ + wvalue=0; /* The 'value' of the window */ + wstart=bits-1; /* The top bit of the window */ + wend=0; /* The bottom bit of the window */ + + if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err; + for (;;) + { + if (BN_is_bit_set(p,wstart) == 0) + { + if (!start) + { + if (!BN_mod_mul_montgomery(r,r,r,mont,ctx)) + goto err; + } + if (wstart == 0) break; + wstart--; + continue; + } + /* We now have wstart on a 'set' bit, we now need to work out + * how bit a window to do. To do this we need to scan + * forward until the last set bit before the end of the + * window */ + j=wstart; + wvalue=1; + wend=0; + for (i=1; i<window; i++) + { + if (wstart-i < 0) break; + if (BN_is_bit_set(p,wstart-i)) + { + wvalue<<=(i-wend); + wvalue|=1; + wend=i; + } + } + + /* wend is the size of the current window */ + j=wend+1; + /* add the 'bytes above' */ + if (!start) + for (i=0; i<j; i++) + { + if (!BN_mod_mul_montgomery(r,r,r,mont,ctx)) + goto err; + } + + /* wvalue will be an odd number < 2^window */ + if (!BN_mod_mul_montgomery(r,r,&(val[wvalue>>1]),mont,ctx)) + goto err; + + /* move the 'window' down further */ + wstart-=wend+1; + wvalue=0; + start=0; + if (wstart < 0) break; + } + if (!BN_from_montgomery(rr,r,mont,ctx)) goto err; + ret=1; +err: + if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); + BN_CTX_end(ctx); + for (i=0; i<ts; i++) + BN_clear_free(&(val[i])); + return(ret); + } + +BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w) + { +#ifndef BN_LLONG + BN_ULONG ret=0; +#else + BN_ULLONG ret=0; +#endif + int i; + + w&=BN_MASK2; + for (i=a->top-1; i>=0; i--) + { +#ifndef BN_LLONG + ret=((ret<<BN_BITS4)|((a->d[i]>>BN_BITS4)&BN_MASK2l))%w; + ret=((ret<<BN_BITS4)|(a->d[i]&BN_MASK2l))%w; +#else + ret=(BN_ULLONG)(((ret<<(BN_ULLONG)BN_BITS2)|a->d[i])% + (BN_ULLONG)w); +#endif + } + return((BN_ULONG)ret); + } + +static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) + { + unsigned char *buf=NULL; + int ret=0,bit,bytes,mask; + + if (bits == 0) + { + BN_zero(rnd); + return 1; + } + + bytes=(bits+7)/8; + bit=(bits-1)%8; + mask=0xff<<bit; + + buf=(unsigned char *)malloc(bytes); + if (buf == NULL) + { + goto err; + } + + /* make a random number and set the top and bottom bits */ + /* this ignores the pseudorand flag */ + + t_random(buf, bytes); + + if (top) + { + if (bit == 0) + { + buf[0]=1; + buf[1]|=0x80; + } + else + { + buf[0]|=(3<<(bit-1)); + buf[0]&= ~(mask<<1); + } + } + else + { + buf[0]|=(1<<bit); + buf[0]&= ~(mask<<1); + } + if (bottom) /* set bottom bits to whatever odd is */ + buf[bytes-1]|=1; + if (!BN_bin2bn(buf,bytes,rnd)) goto err; + ret=1; +err: + if (buf != NULL) + { + memset(buf,0,bytes); + free(buf); + } + return(ret); + } + +/* BN_pseudo_rand is the same as BN_rand, now. */ + +int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom) + { + return bnrand(1, rnd, bits, top, bottom); + } + +#define MONT_WORD /* use the faster word-based algorithm */ + +int BN_mod_mul_montgomery(BIGNUM *r, BIGNUM *a, BIGNUM *b, + BN_MONT_CTX *mont, BN_CTX *ctx) + { + BIGNUM *tmp,*tmp2; + int ret=0; + + BN_CTX_start(ctx); + tmp = BN_CTX_get(ctx); + tmp2 = BN_CTX_get(ctx); + if (tmp == NULL || tmp2 == NULL) goto err; + + bn_check_top(tmp); + bn_check_top(tmp2); + + if (a == b) + { + if (!BN_sqr(tmp,a,ctx)) goto err; + } + else + { + if (!BN_mul(tmp,a,b,ctx)) goto err; + } + /* reduce from aRR to aR */ + if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err; + ret=1; +err: + BN_CTX_end(ctx); + return(ret); + } + +int BN_from_montgomery(BIGNUM *ret, BIGNUM *a, BN_MONT_CTX *mont, + BN_CTX *ctx) + { + int retn=0; + +#ifdef MONT_WORD + BIGNUM *n,*r; + BN_ULONG *ap,*np,*rp,n0,v,*nrp; + int al,nl,max,i,x,ri; + + BN_CTX_start(ctx); + if ((r = BN_CTX_get(ctx)) == NULL) goto err; + + if (!BN_copy(r,a)) goto err; + n= &(mont->N); + + ap=a->d; + /* mont->ri is the size of mont->N in bits (rounded up + to the word size) */ + al=ri=mont->ri/BN_BITS2; + + nl=n->top; + if ((al == 0) || (nl == 0)) { r->top=0; return(1); } + + max=(nl+al+1); /* allow for overflow (no?) XXX */ + if (bn_wexpand(r,max) == NULL) goto err; + if (bn_wexpand(ret,max) == NULL) goto err; + + r->neg=a->neg^n->neg; + np=n->d; + rp=r->d; + nrp= &(r->d[nl]); + + /* clear the top words of T */ +#if 1 + for (i=r->top; i<max; i++) /* memset? XXX */ + r->d[i]=0; +#else + memset(&(r->d[r->top]),0,(max-r->top)*sizeof(BN_ULONG)); +#endif + + r->top=max; + n0=mont->n0; + +#ifdef BN_COUNT + printf("word BN_from_montgomery %d * %d\n",nl,nl); +#endif + for (i=0; i<nl; i++) + { +#ifdef __TANDEM + { + long long t1; + long long t2; + long long t3; + t1 = rp[0] * (n0 & 0177777); + t2 = 037777600000l; + t2 = n0 & t2; + t3 = rp[0] & 0177777; + t2 = (t3 * t2) & BN_MASK2; + t1 = t1 + t2; + v=bn_mul_add_words(rp,np,nl,(BN_ULONG) t1); + } +#else + v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2); +#endif + nrp++; + rp++; + if (((nrp[-1]+=v)&BN_MASK2) >= v) + continue; + else + { + if (((++nrp[0])&BN_MASK2) != 0) continue; + if (((++nrp[1])&BN_MASK2) != 0) continue; + for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ; + } + } + bn_fix_top(r); + + /* mont->ri will be a multiple of the word size */ +#if 0 + BN_rshift(ret,r,mont->ri); +#else + ret->neg = r->neg; + x=ri; + rp=ret->d; + ap= &(r->d[x]); + if (r->top < x) + al=0; + else + al=r->top-x; + ret->top=al; + al-=4; + for (i=0; i<al; i+=4) + { + BN_ULONG t1,t2,t3,t4; + + t1=ap[i+0]; + t2=ap[i+1]; + t3=ap[i+2]; + t4=ap[i+3]; + rp[i+0]=t1; + rp[i+1]=t2; + rp[i+2]=t3; + rp[i+3]=t4; + } + al+=4; + for (; i<al; i++) + rp[i]=ap[i]; +#endif +#else /* !MONT_WORD */ + BIGNUM *t1,*t2; + + BN_CTX_start(ctx); + t1 = BN_CTX_get(ctx); + t2 = BN_CTX_get(ctx); + if (t1 == NULL || t2 == NULL) goto err; + + if (!BN_copy(t1,a)) goto err; + BN_mask_bits(t1,mont->ri); + + if (!BN_mul(t2,t1,&mont->Ni,ctx)) goto err; + BN_mask_bits(t2,mont->ri); + + if (!BN_mul(t1,t2,&mont->N,ctx)) goto err; + if (!BN_add(t2,a,t1)) goto err; + BN_rshift(ret,t2,mont->ri); +#endif /* MONT_WORD */ + + if (BN_ucmp(ret, &(mont->N)) >= 0) + { + BN_usub(ret,ret,&(mont->N)); + } + retn=1; + err: + BN_CTX_end(ctx); + return(retn); + } + +void BN_MONT_CTX_init(BN_MONT_CTX *ctx) + { + ctx->ri=0; + BN_init(&(ctx->RR)); + BN_init(&(ctx->N)); + BN_init(&(ctx->Ni)); + ctx->flags=0; + } + +BN_MONT_CTX *BN_MONT_CTX_new(void) + { + BN_MONT_CTX *ret; + + if ((ret=(BN_MONT_CTX *)malloc(sizeof(BN_MONT_CTX))) == NULL) + return(NULL); + + BN_MONT_CTX_init(ret); + ret->flags=BN_FLG_MALLOCED; + return(ret); + } + +void BN_MONT_CTX_free(BN_MONT_CTX *mont) + { + if(mont == NULL) + return; + + BN_free(&(mont->RR)); + BN_free(&(mont->N)); + BN_free(&(mont->Ni)); + if (mont->flags & BN_FLG_MALLOCED) + free(mont); + } + +int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) + { + BIGNUM Ri,*R; + + BN_init(&Ri); + R= &(mont->RR); /* grab RR as a temp */ + BN_copy(&(mont->N),mod); /* Set N */ + +#ifdef MONT_WORD + { + BIGNUM tmod; + BN_ULONG buf[2]; + + mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2; + BN_zero(R); + BN_set_bit(R,BN_BITS2); /* R */ + + buf[0]=mod->d[0]; /* tmod = N mod word size */ + buf[1]=0; + tmod.d=buf; + tmod.top=1; + tmod.dmax=2; + tmod.neg=mod->neg; + /* Ri = R^-1 mod N*/ + if ((BN_mod_inverse(&Ri,R,&tmod,ctx)) == NULL) + goto err; + BN_lshift(&Ri,&Ri,BN_BITS2); /* R*Ri */ + if (!BN_is_zero(&Ri)) + BN_sub_word(&Ri,1); + else /* if N mod word size == 1 */ + BN_set_word(&Ri,BN_MASK2); /* Ri-- (mod word size) */ + BN_div(&Ri,NULL,&Ri,&tmod,ctx); /* Ni = (R*Ri-1)/N, + * keep only least significant word: */ + mont->n0=Ri.d[0]; + BN_free(&Ri); + } +#else /* !MONT_WORD */ + { /* bignum version */ + mont->ri=BN_num_bits(mod); + BN_zero(R); + BN_set_bit(R,mont->ri); /* R = 2^ri */ + /* Ri = R^-1 mod N*/ + if ((BN_mod_inverse(&Ri,R,mod,ctx)) == NULL) + goto err; + BN_lshift(&Ri,&Ri,mont->ri); /* R*Ri */ + BN_sub_word(&Ri,1); + /* Ni = (R*Ri-1) / N */ + BN_div(&(mont->Ni),NULL,&Ri,mod,ctx); + BN_free(&Ri); + } +#endif + + /* setup RR for conversions */ + BN_zero(&(mont->RR)); + BN_set_bit(&(mont->RR),mont->ri*2); + BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx); + + return(1); +err: + return(0); + } + +BIGNUM *BN_value_one(void) + { + static BN_ULONG data_one=1L; + static BIGNUM const_one={&data_one,1,1,0}; + + return(&const_one); + } + +/* solves ax == 1 (mod n) */ +BIGNUM *BN_mod_inverse(BIGNUM *in, BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) + { + BIGNUM *A,*B,*X,*Y,*M,*D,*R=NULL; + BIGNUM *T,*ret=NULL; + int sign; + + bn_check_top(a); + bn_check_top(n); + + BN_CTX_start(ctx); + A = BN_CTX_get(ctx); + B = BN_CTX_get(ctx); + X = BN_CTX_get(ctx); + D = BN_CTX_get(ctx); + M = BN_CTX_get(ctx); + Y = BN_CTX_get(ctx); + if (Y == NULL) goto err; + + if (in == NULL) + R=BN_new(); + else + R=in; + if (R == NULL) goto err; + + BN_zero(X); + BN_one(Y); + if (BN_copy(A,a) == NULL) goto err; + if (BN_copy(B,n) == NULL) goto err; + sign=1; + + while (!BN_is_zero(B)) + { + if (!BN_div(D,M,A,B,ctx)) goto err; + T=A; + A=B; + B=M; + /* T has a struct, M does not */ + + if (!BN_mul(T,D,X,ctx)) goto err; + if (!BN_add(T,T,Y)) goto err; + M=Y; + Y=X; + X=T; + sign= -sign; + } + if (sign < 0) + { + if (!BN_sub(Y,n,Y)) goto err; + } + + if (BN_is_one(A)) + { if (!BN_mod(R,Y,n,ctx)) goto err; } + else + { + goto err; + } + ret=R; +err: + if ((ret == NULL) && (in == NULL)) BN_free(R); + BN_CTX_end(ctx); + return(ret); + } + +int BN_set_bit(BIGNUM *a, int n) + { + int i,j,k; + + i=n/BN_BITS2; + j=n%BN_BITS2; + if (a->top <= i) + { + if (bn_wexpand(a,i+1) == NULL) return(0); + for(k=a->top; k<i+1; k++) + a->d[k]=0; + a->top=i+1; + } + + a->d[i]|=(((BN_ULONG)1)<<j); + return(1); + } + diff --git a/package/network/services/ead/src/tinysrp/t_conv.c b/package/network/services/ead/src/tinysrp/t_conv.c new file mode 100644 index 0000000..3be6d85 --- /dev/null +++ b/package/network/services/ead/src/tinysrp/t_conv.c @@ -0,0 +1,226 @@ +/* + * Copyright (c) 1997-1999 The Stanford SRP Authentication Project + * All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, + * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY + * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + * + * IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL, + * INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER + * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF + * THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT + * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * In addition, the following conditions apply: + * + * 1. Any software that incorporates the SRP authentication technology + * must display the following acknowlegment: + * "This product uses the 'Secure Remote Password' cryptographic + * authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)." + * + * 2. Any software that incorporates all or part of the SRP distribution + * itself must also display the following acknowledgment: + * "This product includes software developed by Tom Wu and Eugene + * Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)." + * + * 3. Redistributions in source or binary form must retain an intact copy + * of this copyright notice and list of conditions. + */ + +/*#define _POSIX_SOURCE*/ +#include <stdio.h> +#include "t_defines.h" + +static int +hexDigitToInt(c) + char c; +{ + if(c >= '0' && c <= '9') + return c - '0'; + else if(c >= 'a' && c <= 'f') + return c - 'a' + 10; + else if(c >= 'A' && c <= 'F') + return c - 'A' + 10; + else + return 0; +} + +/* + * Convert a hex string to a string of bytes; return size of dst + */ +_TYPE( int ) +t_fromhex(dst, src) + register char *dst, *src; +{ + register char *chp = dst; + register unsigned size = strlen(src); + + /* FIXME: handle whitespace and non-hex digits by setting size and src + appropriately. */ + + if(size % 2 == 1) { + *chp++ = hexDigitToInt(*src++); + --size; + } + while(size > 0) { + *chp++ = (hexDigitToInt(*src) << 4) | hexDigitToInt(*(src + 1)); + src += 2; + size -= 2; + } + return chp - dst; +} + +/* + * Convert a string of bytes to their hex representation + */ +_TYPE( char * ) +t_tohex(dst, src, size) + register char *dst, *src; + register unsigned size; +{ + int notleading = 0; + + register char *chp = dst; + if (size != 0) do { + if(notleading || *src != '\0') { + notleading = 1; + sprintf(chp, "%.2x", * (unsigned char *) src); + chp += 2; + } + ++src; + } while (--size != 0); + return dst; +} + +static char b64table[] = + "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz./"; + +/* + * Convert a base64 string into raw byte array representation. + */ +_TYPE( int ) +t_fromb64(dst, src) + register char *dst, *src; +{ + unsigned char *a; + char *loc; + int i, j; + unsigned int size; + + while(*src && (*src == ' ' || *src == '\t' || *src == '\n')) + ++src; + size = strlen(src); + + a = malloc((size + 1) * sizeof(unsigned char)); + if(a == (unsigned char *) 0) + return -1; + + i = 0; + while(i < size) { + loc = strchr(b64table, src[i]); + if(loc == (char *) 0) + break; + else + a[i] = loc - b64table; + ++i; + } + size = i; + + i = size - 1; + j = size; + while(1) { + a[j] = a[i]; + if(--i < 0) + break; + a[j] |= (a[i] & 3) << 6; + --j; + a[j] = (unsigned char) ((a[i] & 0x3c) >> 2); + if(--i < 0) + break; + a[j] |= (a[i] & 0xf) << 4; + --j; + a[j] = (unsigned char) ((a[i] & 0x30) >> 4); + if(--i < 0) + break; + a[j] |= (a[i] << 2); + + a[--j] = 0; + if(--i < 0) + break; + } + + while(j <= size && a[j] == 0) + ++j; + + memcpy(dst, a + j, size - j + 1); + free(a); + return size - j + 1; +} + +/* + * Convert a raw byte string into a null-terminated base64 ASCII string. + */ +_TYPE( char * ) +t_tob64(dst, src, size) + register char *dst, *src; + register unsigned size; +{ + int c, pos = size % 3; + unsigned char b0 = 0, b1 = 0, b2 = 0, notleading = 0; + char *olddst = dst; + + switch(pos) { + case 1: + b2 = src[0]; + break; + case 2: + b1 = src[0]; + b2 = src[1]; + break; + } + + while(1) { + c = (b0 & 0xfc) >> 2; + if(notleading || c != 0) { + *dst++ = b64table[c]; + notleading = 1; + } + c = ((b0 & 3) << 4) | ((b1 & 0xf0) >> 4); + if(notleading || c != 0) { + *dst++ = b64table[c]; + notleading = 1; + } + c = ((b1 & 0xf) << 2) | ((b2 & 0xc0) >> 6); + if(notleading || c != 0) { + *dst++ = b64table[c]; + notleading = 1; + } + c = b2 & 0x3f; + if(notleading || c != 0) { + *dst++ = b64table[c]; + notleading = 1; + } + if(pos >= size) + break; + else { + b0 = src[pos++]; + b1 = src[pos++]; + b2 = src[pos++]; + } + } + + *dst++ = '\0'; + return olddst; +} diff --git a/package/network/services/ead/src/tinysrp/t_defines.h b/package/network/services/ead/src/tinysrp/t_defines.h new file mode 100644 index 0000000..4128093 --- /dev/null +++ b/package/network/services/ead/src/tinysrp/t_defines.h @@ -0,0 +1,169 @@ +/* + * Copyright (c) 1997-1999 The Stanford SRP Authentication Project + * All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, + * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY + * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + * + * IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL, + * INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER + * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF + * THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT + * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * In addition, the following conditions apply: + * + * 1. Any software that incorporates the SRP authentication technology + * must display the following acknowlegment: + * "This product uses the 'Secure Remote Password' cryptographic + * authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)." + * + * 2. Any software that incorporates all or part of the SRP distribution + * itself must also display the following acknowledgment: + * "This product includes software developed by Tom Wu and Eugene + * Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)." + * + * 3. Redistributions in source or binary form must retain an intact copy + * of this copyright notice and list of conditions. + */ + +#ifndef T_DEFINES_H +#define T_DEFINES_H + +#ifndef P +#if defined(__STDC__) || defined(__cplusplus) +#define P(x) x +#else +#define P(x) () +#endif +#endif + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif /* HAVE_CONFIG_H */ + +#ifndef _DLLDECL +#define _DLLDECL + +#ifdef MSVC15 /* MSVC1.5 support for 16 bit apps */ +#define _MSVC15EXPORT _export +#define _MSVC20EXPORT +#define _DLLAPI _export _pascal +#define _TYPE(a) a _MSVC15EXPORT +#define DLLEXPORT 1 + +#elif MSVC20 +#define _MSVC15EXPORT +#define _MSVC20EXPORT _declspec(dllexport) +#define _DLLAPI +#define _TYPE(a) _MSVC20EXPORT a +#define DLLEXPORT 1 + +#else /* Default, non-dll. Use this for Unix or DOS */ +#define _MSVC15DEXPORT +#define _MSVC20EXPORT +#define _DLLAPI +#define _TYPE(a) a +#endif +#endif + +#if STDC_HEADERS +#include <stdlib.h> +#include <string.h> +#else /* not STDC_HEADERS */ +#ifndef HAVE_STRCHR +#define strchr index +#define strrchr rindex +#endif +char *strchr(), *strrchr(), *strtok(); +#ifndef HAVE_MEMCPY +#define memcpy(d, s, n) bcopy((s), (d), (n)) +#endif +#endif /* not STDC_HEADERS */ + +#include <sys/types.h> + +#if TIME_WITH_SYS_TIME +#include <sys/time.h> +#include <time.h> +#else /* not TIME_WITH_SYS_TIME */ +#if HAVE_SYS_TIME_H +#include <sys/time.h> +#else +#include <time.h> +#endif +#endif /* not TIME_WITH_SYS_TIME */ + +#if HAVE_TERMIOS_H +#include <termios.h> +#define STTY(fd, termio) tcsetattr(fd, TCSANOW, termio) +#define GTTY(fd, termio) tcgetattr(fd, termio) +#define TERMIO struct termios +#define USE_TERMIOS +#elif HAVE_TERMIO_H +#include <sys/ioctl.h> +#include <termio.h> +#define STTY(fd, termio) ioctl(fd, TCSETA, termio) +#define GTTY(fd, termio) ioctl(fd, TCGETA, termio) +#define TEMRIO struct termio +#define USE_TERMIO +#elif HAVE_SGTTY_H +#include <sgtty.h> +#define STTY(fd, termio) stty(fd, termio) +#define GTTY(fd, termio) gtty(fd, termio) +#define TERMIO struct sgttyb +#define USE_SGTTY +#endif + +#ifdef USE_FTIME +#include <sys/timeb.h> +#endif + +#ifndef MATH_PRIV +typedef void * BigInteger; +#endif + +_TYPE( BigInteger ) BigIntegerFromInt P((unsigned int number)); +_TYPE( BigInteger ) BigIntegerFromBytes P((unsigned char * bytes, int length)); +_TYPE( int ) BigIntegerToBytes P((BigInteger src, unsigned char * dest)); +_TYPE( int ) BigIntegerBitLen P((BigInteger b)); +_TYPE( int ) BigIntegerCmp P((BigInteger c1, BigInteger c2)); +_TYPE( int ) BigIntegerCmpInt P((BigInteger c1, unsigned int c2)); +_TYPE( void ) BigIntegerLShift P((BigInteger result, BigInteger x, + unsigned int bits)); +_TYPE( void ) BigIntegerAdd P((BigInteger result, BigInteger a1, BigInteger a2)); +_TYPE( void ) BigIntegerAddInt P((BigInteger result, + BigInteger a1, unsigned int a2)); +_TYPE( void ) BigIntegerSub P((BigInteger result, BigInteger s1, BigInteger s2)); +_TYPE( void ) BigIntegerSubInt P((BigInteger result, + BigInteger s1, unsigned int s2)); +/* For BigIntegerMul{,Int}: result != m1, m2 */ +_TYPE( void ) BigIntegerMul P((BigInteger result, BigInteger m1, BigInteger m2)); +_TYPE( void ) BigIntegerMulInt P((BigInteger result, + BigInteger m1, unsigned int m2)); +_TYPE( void ) BigIntegerDivInt P((BigInteger result, + BigInteger d, unsigned int m)); +_TYPE( void ) BigIntegerMod P((BigInteger result, BigInteger d, BigInteger m)); +_TYPE( unsigned int ) BigIntegerModInt P((BigInteger d, unsigned int m)); +_TYPE( void ) BigIntegerModMul P((BigInteger result, + BigInteger m1, BigInteger m2, BigInteger m)); +_TYPE( void ) BigIntegerModExp P((BigInteger result, BigInteger base, + BigInteger expt, BigInteger modulus)); +_TYPE( void ) BigIntegerModExpInt P((BigInteger result, BigInteger base, + unsigned int expt, BigInteger modulus)); +_TYPE( int ) BigIntegerCheckPrime P((BigInteger n)); +_TYPE( void ) BigIntegerFree P((BigInteger b)); + +#endif diff --git a/package/network/services/ead/src/tinysrp/t_getconf.c b/package/network/services/ead/src/tinysrp/t_getconf.c new file mode 100644 index 0000000..db6de61 --- /dev/null +++ b/package/network/services/ead/src/tinysrp/t_getconf.c @@ -0,0 +1,118 @@ +/* + * Copyright (c) 1997-1999 The Stanford SRP Authentication Project + * All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, + * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY + * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + * + * IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL, + * INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER + * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF + * THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT + * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * In addition, the following conditions apply: + * + * 1. Any software that incorporates the SRP authentication technology + * must display the following acknowlegment: + * "This product uses the 'Secure Remote Password' cryptographic + * authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)." + * + * 2. Any software that incorporates all or part of the SRP distribution + * itself must also display the following acknowledgment: + * "This product includes software developed by Tom Wu and Eugene + * Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)." + * + * 3. Redistributions in source or binary form must retain an intact copy + * of this copyright notice and list of conditions. + */ + +#include <stdio.h> + +#include "t_defines.h" +#include "t_pwd.h" +#include "t_read.h" + +/* Master builtin parameter storage object. The default that tphrase +uses is the last one. */ + +static struct pre_struct { + struct t_preconf preconf; + int state; /* 0 == uninitialized/first time */ + unsigned char modbuf[MAXPARAMLEN]; + unsigned char genbuf[MAXPARAMLEN]; +} pre_params[] = { + { { "2iQzj1CagQc/5ctbuJYLWlhtAsPHc7xWVyCPAKFRLWKADpASkqe9djWPFWTNTdeJtL8nAhImCn3Sr/IAdQ1FrGw0WvQUstPx3FO9KNcXOwisOQ1VlL.gheAHYfbYyBaxXL.NcJx9TUwgWDT0hRzFzqSrdGGTN3FgSTA1v4QnHtEygNj3eZ.u0MThqWUaDiP87nqha7XnT66bkTCkQ8.7T8L4KZjIImrNrUftedTTBi.WCi.zlrBxDuOM0da0JbUkQlXqvp0yvJAPpC11nxmmZOAbQOywZGmu9nhZNuwTlxjfIro0FOdthaDTuZRL9VL7MRPUDo/DQEyW.d4H.UIlzp", + "2", + NULL }, 0 }, + { { "dUyyhxav9tgnyIg65wHxkzkb7VIPh4o0lkwfOKiPp4rVJrzLRYVBtb76gKlaO7ef5LYGEw3G.4E0jbMxcYBetDy2YdpiP/3GWJInoBbvYHIRO9uBuxgsFKTKWu7RnR7yTau/IrFTdQ4LY/q.AvoCzMxV0PKvD9Odso/LFIItn8PbTov3VMn/ZEH2SqhtpBUkWtmcIkEflhX/YY/fkBKfBbe27/zUaKUUZEUYZ2H2nlCL60.JIPeZJSzsu/xHDVcx", + "2", + NULL }, 0 }, + { { "3NUKQ2Re4P5BEK0TLg2dX3gETNNNECPoe92h4OVMaDn3Xo/0QdjgG/EvM.hiVV1BdIGklSI14HA38Mpe5k04juR5/EXMU0r1WtsLhNXwKBlf2zEfoOh0zVmDvqInpU695f29Iy7sNW3U5RIogcs740oUp2Kdv5wuITwnIx84cnO.e467/IV1lPnvMCr0pd1dgS0a.RV5eBJr03Q65Xy61R", + "2", + NULL }, 0 }, + { { "F//////////oG/QeY5emZJ4ncABWDmSqIa2JWYAPynq0Wk.fZiJco9HIWXvZZG4tU.L6RFDEaCRC2iARV9V53TFuJLjRL72HUI5jNPYNdx6z4n2wQOtxMiB/rosz0QtxUuuQ/jQYP.bhfya4NnB7.P9A6PHxEPJWV//////////", + "5", + "oakley prime 2" }, 0 }, + { { "Ewl2hcjiutMd3Fu2lgFnUXWSc67TVyy2vwYCKoS9MLsrdJVT9RgWTCuEqWJrfB6uE3LsE9GkOlaZabS7M29sj5TnzUqOLJMjiwEzArfiLr9WbMRANlF68N5AVLcPWvNx6Zjl3m5Scp0BzJBz9TkgfhzKJZ.WtP3Mv/67I/0wmRZ", + "2", + NULL }, 0 }, +}; + +_TYPE( int ) +t_getprecount() +{ + return (sizeof(pre_params) / sizeof(struct pre_struct)); +} + +static struct t_confent sysconf; + +/* id is index origin 1 */ + +_TYPE( struct t_confent * ) +gettcid +(id) + int id; +{ + struct t_preconf *tcp; + + if (id <= 0 || id > t_getprecount()) { + return NULL; + } + tcp = t_getpreparam(id - 1); + sysconf.index = id; + sysconf.modulus = tcp->modulus; + sysconf.generator = tcp->generator; + + return &sysconf; +} + +_TYPE( struct t_preconf * ) +t_getpreparam(idx) + int idx; +{ + if(pre_params[idx].state == 0) { + /* Wire up storage */ + pre_params[idx].preconf.modulus.data = pre_params[idx].modbuf; + pre_params[idx].preconf.generator.data = pre_params[idx].genbuf; + + /* Convert from b64 to t_num */ + pre_params[idx].preconf.modulus.len = t_fromb64(pre_params[idx].preconf.modulus.data, pre_params[idx].preconf.mod_b64); + pre_params[idx].preconf.generator.len = t_fromb64(pre_params[idx].preconf.generator.data, pre_params[idx].preconf.gen_b64); + + pre_params[idx].state = 1; + } + return &(pre_params[idx].preconf); +} diff --git a/package/network/services/ead/src/tinysrp/t_getpass.c b/package/network/services/ead/src/tinysrp/t_getpass.c new file mode 100644 index 0000000..6ae7fca --- /dev/null +++ b/package/network/services/ead/src/tinysrp/t_getpass.c @@ -0,0 +1,191 @@ +/* + * Copyright 1990 - 1995, Julianne Frances Haugh + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of Julianne F. Haugh nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "t_defines.h" +#ifdef _WIN32 +#include <windows.h> +#include <io.h> +#endif /* _WIN32 */ +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif /* HAVE_UNISTD_H */ +#include <signal.h> +#include <stdio.h> + +static int sig_caught; +#ifdef HAVE_SIGACTION +static struct sigaction sigact; +#endif + +/*ARGSUSED*/ +static RETSIGTYPE +sig_catch (sig) +int sig; +{ + sig_caught = 1; +} + +_TYPE( int ) +t_getpass (buf, maxlen, prompt) + char *buf; + unsigned maxlen; + const char *prompt; +{ + char *cp; +#ifdef _WIN32 + HANDLE handle = (HANDLE) _get_osfhandle(_fileno(stdin)); + DWORD mode; + + GetConsoleMode( handle, &mode ); + SetConsoleMode( handle, mode & ~ENABLE_ECHO_INPUT ); + + if(fputs(prompt, stdout) == EOF || + fgets(buf, maxlen, stdin) == NULL) { + SetConsoleMode(handle,mode); + return -1; + } + cp = buf + strlen(buf) - 1; + if ( *cp == 0x0a ) + *cp = '\0'; + printf("\n"); + SetConsoleMode(handle,mode); +#else + FILE *fp; + int tty_opened = 0; + +#ifdef HAVE_SIGACTION + struct sigaction old_sigact; +#else + RETSIGTYPE (*old_signal)(); +#endif + TERMIO new_modes; + TERMIO old_modes; + + /* + * set a flag so the SIGINT signal can be re-sent if it + * is caught + */ + + sig_caught = 0; + + /* + * if /dev/tty can't be opened, getpass() needs to read + * from stdin instead. + */ + + if ((fp = fopen ("/dev/tty", "r")) == 0) { + fp = stdin; + setbuf (fp, (char *) 0); + } else { + tty_opened = 1; + } + + /* + * the current tty modes must be saved so they can be + * restored later on. echo will be turned off, except + * for the newline character (BSD has to punt on this) + */ + + if (GTTY (fileno (fp), &new_modes)) + return -1; + + old_modes = new_modes; + +#ifdef HAVE_SIGACTION + sigact.sa_handler = sig_catch; + (void) sigaction (SIGINT, &sigact, &old_sigact); +#else + old_signal = signal (SIGINT, sig_catch); +#endif + +#ifdef USE_SGTTY + new_modes.sg_flags &= ~ECHO; +#else + new_modes.c_iflag &= ~IGNCR; + new_modes.c_iflag |= ICRNL; + new_modes.c_oflag |= OPOST|ONLCR; + new_modes.c_lflag &= ~(ECHO|ECHOE|ECHOK); + new_modes.c_lflag |= ICANON|ECHONL; +#endif + + if (STTY (fileno (fp), &new_modes)) + goto out; + + /* + * the prompt is output, and the response read without + * echoing. the trailing newline must be removed. if + * the fgets() returns an error, a NULL pointer is + * returned. + */ + + if (fputs (prompt, stdout) == EOF) + goto out; + + (void) fflush (stdout); + + if (fgets (buf, maxlen, fp) == buf) { + if ((cp = strchr (buf, '\n'))) + *cp = '\0'; + else + buf[maxlen - 1] = '\0'; + +#ifdef USE_SGTTY + putc ('\n', stdout); +#endif + } + else buf[0] = '\0'; +out: + /* + * the old SIGINT handler is restored after the tty + * modes. then /dev/tty is closed if it was opened in + * the beginning. finally, if a signal was caught it + * is sent to this process for normal processing. + */ + + if (STTY (fileno (fp), &old_modes)) + { memset (buf, 0, maxlen); return -1; } + +#ifdef HAVE_SIGACTION + (void) sigaction (SIGINT, &old_sigact, NULL); +#else + (void) signal (SIGINT, old_signal); +#endif + + if (tty_opened) + (void) fclose (fp); + + if (sig_caught) { + kill (getpid (), SIGINT); + memset (buf, 0, maxlen); + return -1; + } +#endif + + return 0; +} diff --git a/package/network/services/ead/src/tinysrp/t_math.c b/package/network/services/ead/src/tinysrp/t_math.c new file mode 100644 index 0000000..20161a0 --- /dev/null +++ b/package/network/services/ead/src/tinysrp/t_math.c @@ -0,0 +1,177 @@ +/* + * Copyright (c) 1997-1999 The Stanford SRP Authentication Project + * All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, + * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY + * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + * + * IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL, + * INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER + * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF + * THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT + * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * In addition, the following conditions apply: + * + * 1. Any software that incorporates the SRP authentication technology + * must display the following acknowlegment: + * "This product uses the 'Secure Remote Password' cryptographic + * authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)." + * + * 2. Any software that incorporates all or part of the SRP distribution + * itself must also display the following acknowledgment: + * "This product includes software developed by Tom Wu and Eugene + * Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)." + * + * 3. Redistributions in source or binary form must retain an intact copy + * of this copyright notice and list of conditions. + */ + +#include <stdio.h> +#include <sys/types.h> + +#include "config.h" + +#include "bn.h" +typedef BIGNUM * BigInteger; +#define MATH_PRIV + +#include "t_defines.h" +#include "t_pwd.h" + +/* Math library interface stubs */ + +BigInteger +BigIntegerFromInt(n) + unsigned int n; +{ + BIGNUM * a = BN_new(); + BN_set_word(a, n); + return a; +} + +BigInteger +BigIntegerFromBytes(bytes, length) + unsigned char * bytes; + int length; +{ + BIGNUM * a = BN_new(); + BN_bin2bn(bytes, length, a); + return a; +} + +int +BigIntegerToBytes(src, dest) + BigInteger src; + unsigned char * dest; +{ + return BN_bn2bin(src, dest); +} + +int +BigIntegerCmp(c1, c2) + BigInteger c1, c2; +{ + return BN_cmp(c1, c2); +} + +int +BigIntegerCmpInt(c1, c2) + BigInteger c1; + unsigned int c2; +{ + BIGNUM * a = BN_new(); + int rv; + BN_set_word(a, c2); + rv = BN_cmp(c1, a); + BN_free(a); + return rv; +} + +void +BigIntegerAdd(result, a1, a2) + BigInteger result, a1, a2; +{ + BN_add(result, a1, a2); +} + +void +BigIntegerAddInt(result, a1, a2) + BigInteger result, a1; + unsigned int a2; +{ + BIGNUM * a = BN_new(); + BN_set_word(a, a2); + BN_add(result, a1, a); + BN_free(a); +} + +void +BigIntegerSub(result, s1, s2) + BigInteger result, s1, s2; +{ + BN_sub(result, s1, s2); +} + +void +BigIntegerMulInt(result, m1, m2) + BigInteger result, m1; + unsigned int m2; +{ + BN_CTX * ctx = BN_CTX_new(); + BIGNUM * m = BN_new(); + BN_set_word(m, m2); + BN_mul(result, m1, m, ctx); + BN_CTX_free(ctx); +} + +void +BigIntegerModMul(r, m1, m2, modulus) + BigInteger r, m1, m2, modulus; +{ + BN_CTX * ctx = BN_CTX_new(); + BN_mod_mul(r, m1, m2, modulus, ctx); + BN_CTX_free(ctx); +} + +void +BigIntegerModExp(r, b, e, m) + BigInteger r, b, e, m; +{ + BN_CTX * ctx = BN_CTX_new(); + BN_mod_exp(r, b, e, m, ctx); + BN_CTX_free(ctx); +} + +void +BigIntegerModExpInt(r, b, e, m) + BigInteger r, b; + unsigned int e; + BigInteger m; +{ + BN_CTX * ctx = BN_CTX_new(); + BIGNUM * p = BN_new(); + BN_set_word(p, e); + BN_mod_exp(r, b, p, m, ctx); + BN_free(p); + BN_CTX_free(ctx); +} + +void +BigIntegerFree(b) + BigInteger b; +{ + BN_free(b); +} diff --git a/package/network/services/ead/src/tinysrp/t_misc.c b/package/network/services/ead/src/tinysrp/t_misc.c new file mode 100644 index 0000000..a23986f --- /dev/null +++ b/package/network/services/ead/src/tinysrp/t_misc.c @@ -0,0 +1,338 @@ +/* + * Copyright (c) 1997-1999 The Stanford SRP Authentication Project + * All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, + * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY + * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + * + * IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL, + * INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER + * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF + * THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT + * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * In addition, the following conditions apply: + * + * 1. Any software that incorporates the SRP authentication technology + * must display the following acknowlegment: + * "This product uses the 'Secure Remote Password' cryptographic + * authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)." + * + * 2. Any software that incorporates all or part of the SRP distribution + * itself must also display the following acknowledgment: + * "This product includes software developed by Tom Wu and Eugene + * Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)." + * + * 3. Redistributions in source or binary form must retain an intact copy + * of this copyright notice and list of conditions. + */ + +#include "t_defines.h" + +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif /* HAVE_UNISTD_H */ + +#include <stdio.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <fcntl.h> + +#include "t_sha.h" + +#ifndef NULL +#define NULL 0 +#endif + +static unsigned char randpool[SHA_DIGESTSIZE], randout[SHA_DIGESTSIZE]; +static unsigned long randcnt = 0; +static unsigned int outpos = 0; +SHA1_CTX randctxt; + +/* + * t_envhash - Generate a 160-bit SHA hash of the environment + * + * This routine performs an SHA hash of all the "name=value" pairs + * in the environment concatenated together and dumps them in the + * output. While it is true that anyone on the system can see + * your environment, someone not on the system will have a very + * difficult time guessing it, especially since some systems play + * tricks with variable ordering and sometimes define quirky + * environment variables like $WINDOWID or $_. + */ +extern char ** environ; + +static void +t_envhash(out) + unsigned char * out; +{ + char ** ptr; + char ebuf[256]; + SHA1_CTX ctxt; + + SHA1Init(&ctxt); + for(ptr = environ; *ptr; ++ptr) { + strncpy(ebuf, *ptr, 255); + ebuf[255] = '\0'; + SHA1Update(&ctxt, ebuf, strlen(ebuf)); + } + SHA1Final(out, &ctxt); +} + +/* + * t_fshash - Generate a 160-bit SHA hash from the file system + * + * This routine climbs up the directory tree from the current + * directory, running stat() on each directory until it hits the + * root directory. This information is sensitive to the last + * access/modification times of all the directories above you, + * so someone who lists one of those directories injects some + * entropy into the system. Obviously, this hash is very sensitive + * to your current directory when the program is run. + * + * For good measure, it also performs an fstat on the standard input, + * usually your tty, throws that into the buffer, creates a file in + * /tmp (the inode is unpredictable on a busy system), and runs stat() + * on that before deleting it. + * + * The entire buffer is run once through SHA to obtain the final result. + */ +static void +t_fshash(out) + unsigned char * out; +{ + char dotpath[128]; + struct stat st; + SHA1_CTX ctxt; + int i, pinode; + dev_t pdev; + + SHA1Init(&ctxt); + if(stat(".", &st) >= 0) { + SHA1Update(&ctxt, (unsigned char *) &st, sizeof(st)); + pinode = st.st_ino; + pdev = st.st_dev; + strcpy(dotpath, ".."); + for(i = 0; i < 40; ++i) { + if(stat(dotpath, &st) < 0) + break; + if(st.st_ino == pinode && st.st_dev == pdev) + break; + SHA1Update(&ctxt, (unsigned char *) &st, sizeof(st)); + pinode = st.st_ino; + pdev = st.st_dev; + strcat(dotpath, "/.."); + } + } + + if(fstat(0, &st) >= 0) + SHA1Update(&ctxt, (unsigned char *) &st, sizeof(st)); + + sprintf(dotpath, "/tmp/rnd.%d", getpid()); + if(creat(dotpath, 0600) >= 0 && stat(dotpath, &st) >= 0) + SHA1Update(&ctxt, (unsigned char *) &st, sizeof(st)); + unlink(dotpath); + + SHA1Final(out, &ctxt); +} + +/* + * Generate a high-entropy seed for the strong random number generator. + * This uses a wide variety of quickly gathered and somewhat unpredictable + * system information. The 'preseed' structure is assembled from: + * + * The system time in seconds + * The system time in microseconds + * The current process ID + * The parent process ID + * A hash of the user's environment + * A hash gathered from the file system + * Input from a random device, if available + * Timings of system interrupts + * + * The entire structure (60 bytes on most systems) is fed to SHA to produce + * a 160-bit seed for the strong random number generator. It is believed + * that in the worst case (on a quiet system with no random device versus + * an attacker who has access to the system already), the seed contains at + * least about 80 bits of entropy. Versus an attacker who does not have + * access to the system, the entropy should be slightly over 128 bits. + */ +static char initialized = 0; + +static struct { + unsigned int trand1; + time_t sec; + time_t usec; + short pid; + short ppid; + unsigned char envh[SHA_DIGESTSIZE]; + unsigned char fsh[SHA_DIGESTSIZE]; + unsigned char devrand[20]; + unsigned int trand2; +} preseed; + +unsigned long raw_truerand(); + +void +t_initrand() +{ + SHA1_CTX ctxt; +#ifdef USE_FTIME + struct timeb t; +#else + struct timeval t; +#endif + int i, r=0; + + if(initialized) + return; + + initialized = 1; + + i = open("/dev/urandom", O_RDONLY); + if(i > 0) { + r += read(i, preseed.devrand, sizeof(preseed.devrand)); + close(i); + } + + /* Resort to truerand only if desperate for some Real entropy */ + if(r == 0) + preseed.trand1 = raw_truerand(); + +#ifdef USE_FTIME + ftime(&t); +#else + gettimeofday(&t, NULL); +#endif + +#ifdef USE_FTIME + preseed.sec = t.time; + preseed.usec = t.millitm; +#else + preseed.sec = t.tv_sec; + preseed.usec = t.tv_usec; +#endif + preseed.pid = getpid(); + preseed.ppid = getppid(); + t_envhash(preseed.envh); + t_fshash(preseed.fsh); + + if(r == 0) + preseed.trand2 = raw_truerand(); + + SHA1Init(&ctxt); + SHA1Update(&ctxt, (unsigned char *) &preseed, sizeof(preseed)); + SHA1Final(randpool, &ctxt); + outpos = 0; + memset((unsigned char *) &preseed, 0, sizeof(preseed)); + memset((unsigned char *) &ctxt, 0, sizeof(ctxt)); +} + +#define NUM_RANDOMS 12 + +/* + * The strong random number generator. This uses a 160-bit seed + * and uses SHA-1 in a feedback configuration to generate successive + * outputs. If S[0] is set to the initial seed, then: + * + * S[i+1] = SHA-1(i || S[i]) + * A[i] = SHA-1(S[i]) + * + * where the A[i] are the output blocks starting with i=0. + * Each cycle generates 20 bytes of new output. + */ +_TYPE( void ) +t_random(data, size) + unsigned char * data; + unsigned size; +{ + if(!initialized) + t_initrand(); + + if(size <= 0) /* t_random(NULL, 0) forces seed initialization */ + return; + + while(size > outpos) { + if(outpos > 0) { + memcpy(data, randout + (sizeof(randout) - outpos), outpos); + data += outpos; + size -= outpos; + } + + /* Recycle */ + SHA1Init(&randctxt); + SHA1Update(&randctxt, randpool, sizeof(randpool)); + SHA1Final(randout, &randctxt); + SHA1Init(&randctxt); + SHA1Update(&randctxt, (unsigned char *) &randcnt, sizeof(randcnt)); + SHA1Update(&randctxt, randpool, sizeof(randpool)); + SHA1Final(randpool, &randctxt); + ++randcnt; + outpos = sizeof(randout); + } + + if(size > 0) { + memcpy(data, randout + (sizeof(randout) - outpos), size); + outpos -= size; + } +} + +/* + * The interleaved session-key hash. This separates the even and the odd + * bytes of the input (ignoring the first byte if the input length is odd), + * hashes them separately, and re-interleaves the two outputs to form a + * single 320-bit value. + */ +_TYPE( unsigned char * ) +t_sessionkey(key, sk, sklen) + unsigned char * key; + unsigned char * sk; + unsigned sklen; +{ + unsigned i, klen; + unsigned char * hbuf; + unsigned char hout[SHA_DIGESTSIZE]; + SHA1_CTX ctxt; + + while(sklen > 0 && *sk == 0) { /* Skip leading 0's */ + --sklen; + ++sk; + } + + klen = sklen / 2; + if((hbuf = malloc(klen * sizeof(char))) == 0) + return 0; + + for(i = 0; i < klen; ++i) + hbuf[i] = sk[sklen - 2 * i - 1]; + SHA1Init(&ctxt); + SHA1Update(&ctxt, hbuf, klen); + SHA1Final(hout, &ctxt); + for(i = 0; i < sizeof(hout); ++i) + key[2 * i] = hout[i]; + + for(i = 0; i < klen; ++i) + hbuf[i] = sk[sklen - 2 * i - 2]; + SHA1Init(&ctxt); + SHA1Update(&ctxt, hbuf, klen); + SHA1Final(hout, &ctxt); + for(i = 0; i < sizeof(hout); ++i) + key[2 * i + 1] = hout[i]; + + memset(hout, 0, sizeof(hout)); + memset(hbuf, 0, klen); + free(hbuf); + return key; +} diff --git a/package/network/services/ead/src/tinysrp/t_pw.c b/package/network/services/ead/src/tinysrp/t_pw.c new file mode 100644 index 0000000..18e929b --- /dev/null +++ b/package/network/services/ead/src/tinysrp/t_pw.c @@ -0,0 +1,262 @@ +/* + * Copyright (c) 1997-2000 The Stanford SRP Authentication Project + * All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, + * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY + * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + * + * IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL, + * INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER + * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF + * THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT + * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * In addition, the following conditions apply: + * + * 1. Any software that incorporates the SRP authentication technology + * must display the following acknowlegment: + * "This product uses the 'Secure Remote Password' cryptographic + * authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)." + * + * 2. Any software that incorporates all or part of the SRP distribution + * itself must also display the following acknowledgment: + * "This product includes software developed by Tom Wu and Eugene + * Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)." + * + * 3. Redistributions in source or binary form must retain an intact copy + * of this copyright notice and list of conditions. + */ + +#include "t_defines.h" + +#ifdef HAVE_UNISTD_H +#include <unistd.h> +#endif /* HAVE_UNISTD_H */ + +#include <stdio.h> +#include <sys/types.h> +#include <sys/stat.h> +#ifdef USE_HOMEDIR +#include <pwd.h> +#endif +#ifdef WIN32 +#include <io.h> +#endif + +#include "t_pwd.h" +#include "t_read.h" +#include "t_sha.h" +#include "t_server.h" + +static struct t_pw * syspw = NULL; +static struct t_passwd tpass; + +_TYPE( struct t_server * ) +t_serveropen(username) + const char * username; +{ + struct t_passwd * p; + p = gettpnam(username); + if(p == NULL) { + return NULL; + } else { + return t_serveropenraw(&p->tp, &p->tc); + } +} + + +/* t_openpw(NULL) is deprecated - use settpent()/gettpnam() instead */ + +_TYPE( struct t_pw * ) +t_openpw(fp) + FILE * fp; +{ + struct t_pw * tpw; + char close_flag = 0; + + if(fp == NULL) { /* Deprecated */ + if((fp = fopen(DEFAULT_PASSWD, "r")) == NULL) + return NULL; + close_flag = 1; + } + else + close_flag = 0; + + if((tpw = malloc(sizeof(struct t_pw))) == NULL) + return NULL; + tpw->instream = fp; + tpw->close_on_exit = close_flag; + tpw->state = FILE_ONLY; + + return tpw; +} + +_TYPE( struct t_pw * ) +t_openpwbyname(pwname) + const char * pwname; +{ + FILE * fp; + struct t_pw * t; + + if(pwname == NULL) /* Deprecated */ + return t_openpw(NULL); + + if((fp = fopen(pwname, "r")) == NULL) + return NULL; + + t = t_openpw(fp); + t->close_on_exit = 1; + return t; +} + +_TYPE( void ) +t_closepw(tpw) + struct t_pw * tpw; +{ + if(tpw->close_on_exit) + fclose(tpw->instream); + free(tpw); +} + +_TYPE( void ) +t_rewindpw(tpw) + struct t_pw * tpw; +{ +#ifdef ENABLE_YP + if(tpw->state == IN_NIS) + tpw->state = FILE_NIS; +#endif + rewind(tpw->instream); +} + +#ifdef ENABLE_YP +static void +savepwent(tpw, pwent) + struct t_pw * tpw; + struct t_pwent *pwent; +{ + tpw->pebuf.name = tpw->userbuf; + tpw->pebuf.password.data = tpw->pwbuf; + tpw->pebuf.salt.data = tpw->saltbuf; + strcpy(tpw->pebuf.name, pwent->name); + tpw->pebuf.password.len = pwent->password.len; + memcpy(tpw->pebuf.password.data, pwent->password.data, pwent->password.len); + tpw->pebuf.salt.len = pwent->salt.len; + memcpy(tpw->pebuf.salt.data, pwent->salt.data, pwent->salt.len); + tpw->pebuf.index = pwent->index; +} +#endif /* ENABLE_YP */ + +_TYPE( struct t_pwent * ) +t_getpwbyname(tpw, user) + struct t_pw * tpw; + const char * user; +{ + char indexbuf[16]; + char passbuf[MAXB64PARAMLEN]; + char saltstr[MAXB64SALTLEN]; + char username[MAXUSERLEN]; +#ifdef ENABLE_YP + struct t_passwd * nisent; +#endif + + t_rewindpw(tpw); + + while(t_nextfield(tpw->instream, username, MAXUSERLEN) > 0) { +#ifdef ENABLE_YP + if(tpw->state == FILE_NIS && *username == '+') { + if(strlen(username) == 1 || strcmp(user, username+1) == 0) { + nisent = _yp_gettpnam(user); /* Entry is +username or + */ + if(nisent != NULL) { + savepwent(tpw, &nisent->tp); + return &tpw->pebuf; + } + } + } +#endif + if(strcmp(user, username) == 0) + if(t_nextfield(tpw->instream, passbuf, MAXB64PARAMLEN) > 0 && + (tpw->pebuf.password.len = t_fromb64(tpw->pwbuf, passbuf)) > 0 && + t_nextfield(tpw->instream, saltstr, MAXB64SALTLEN) > 0 && + (tpw->pebuf.salt.len = t_fromb64(tpw->saltbuf, saltstr)) > 0 && + t_nextfield(tpw->instream, indexbuf, 16) > 0 && + (tpw->pebuf.index = atoi(indexbuf)) > 0) { + strcpy(tpw->userbuf, username); + tpw->pebuf.name = tpw->userbuf; + tpw->pebuf.password.data = tpw->pwbuf; + tpw->pebuf.salt.data = tpw->saltbuf; + t_nextline(tpw->instream); + return &tpw->pebuf; + } + if(t_nextline(tpw->instream) < 0) + return NULL; + } + return NULL; +} + +/* System password file accessors */ + +static int +pwinit() +{ + if(syspw == NULL) { + if((syspw = t_openpwbyname(DEFAULT_PASSWD)) == NULL) + return -1; + syspw->state = FILE_NIS; + } + return 0; +} + +static void +pwsetup(out, tpwd, tcnf) + struct t_passwd * out; + struct t_pwent * tpwd; + struct t_confent * tcnf; +{ + out->tp.name = tpwd->name; + out->tp.password.len = tpwd->password.len; + out->tp.password.data = tpwd->password.data; + out->tp.salt.len = tpwd->salt.len; + out->tp.salt.data = tpwd->salt.data; + out->tp.index = tpwd->index; + + out->tc.index = tcnf->index; + out->tc.modulus.len = tcnf->modulus.len; + out->tc.modulus.data = tcnf->modulus.data; + out->tc.generator.len = tcnf->generator.len; + out->tc.generator.data = tcnf->generator.data; +} + +_TYPE( struct t_passwd * ) +gettpnam +(user) + const char * user; +{ + struct t_pwent * tpptr; + struct t_confent * tcptr; + + if(pwinit() < 0) + return NULL; + tpptr = t_getpwbyname(syspw, user); + if(tpptr == NULL) + return NULL; + tcptr = + gettcid + (tpptr->index); + if(tcptr == NULL) + return NULL; + pwsetup(&tpass, tpptr, tcptr); + return &tpass; +} diff --git a/package/network/services/ead/src/tinysrp/t_pwd.h b/package/network/services/ead/src/tinysrp/t_pwd.h new file mode 100644 index 0000000..73697be --- /dev/null +++ b/package/network/services/ead/src/tinysrp/t_pwd.h @@ -0,0 +1,310 @@ +/* + * Copyright (c) 1997-1999 The Stanford SRP Authentication Project + * All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, + * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY + * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + * + * IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL, + * INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER + * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF + * THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT + * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * In addition, the following conditions apply: + * + * 1. Any software that incorporates the SRP authentication technology + * must display the following acknowlegment: + * "This product uses the 'Secure Remote Password' cryptographic + * authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)." + * + * 2. Any software that incorporates all or part of the SRP distribution + * itself must also display the following acknowledgment: + * "This product includes software developed by Tom Wu and Eugene + * Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)." + * + * 3. Redistributions in source or binary form must retain an intact copy + * of this copyright notice and list of conditions. + */ + +#ifndef T_PWD_H +#define T_PWD_H + +#ifndef P +#if defined (__STDC__) || defined (__cplusplus) +#define P(x) x +#else +#define P(x) () +#endif +#endif + +/* For building dynamic link libraries under windows, windows NT + * using MSVC1.5 or MSVC2.0 + */ + +#ifndef _DLLDECL +#define _DLLDECL + +#ifdef MSVC15 /* MSVC1.5 support for 16 bit apps */ +#define _MSVC15EXPORT _export +#define _MSVC20EXPORT +#define _DLLAPI _export _pascal +#define _TYPE(a) a _MSVC15EXPORT +#define DLLEXPORT 1 + +#elif MSVC20 +#define _MSVC15EXPORT +#define _MSVC20EXPORT _declspec(dllexport) +#define _DLLAPI +#define _TYPE(a) _MSVC20EXPORT a +#define DLLEXPORT 1 + +#else /* Default, non-dll. Use this for Unix or DOS */ +#define _MSVC15DEXPORT +#define _MSVC20EXPORT +#define _DLLAPI +#define _TYPE(a) a +#endif +#endif + +#define MAXPARAMBITS 2048 +#define MAXPARAMLEN ((MAXPARAMBITS + 7) / 8) +#define MAXB64PARAMLEN ((MAXPARAMBITS + 5) / 6 + 1) +#define MAXHEXPARAMLEN ((MAXPARAMBITS + 3) / 4 + 1) +#define MAXOCTPARAMLEN ((MAXPARAMBITS + 2) / 3 + 1) + +#define MAXUSERLEN 32 +#define MAXSALTLEN 32 +#define MAXB64SALTLEN 44 /* 256 bits in b64 + null */ +#define SALTLEN 10 /* Normally 80 bits */ + +#define RESPONSE_LEN 20 /* 160-bit proof hashes */ +#define SESSION_KEY_LEN (2 * RESPONSE_LEN) /* 320-bit session key */ + +#define DEFAULT_PASSWD "tpasswd" + +struct t_num { /* Standard byte-oriented integer representation */ + int len; + unsigned char * data; +}; + +struct t_preconf { /* Structure returned by t_getpreparam() */ + char * mod_b64; + char * gen_b64; + char * comment; + + struct t_num modulus; + struct t_num generator; +}; + +/* + * The built-in (known good) parameters access routines + * + * "t_getprecount" returns the number of precompiled parameter sets. + * "t_getpreparam" returns the indicated parameter set. + * Memory is statically allocated - callers need not perform any memory mgmt. + */ +_TYPE( int ) t_getprecount(); +_TYPE( struct t_preconf * ) t_getpreparam P((int)); + +struct t_confent { /* One configuration file entry (index, N, g) */ + int index; + struct t_num modulus; + struct t_num generator; +}; + +struct t_conf { /* An open configuration file */ + FILE * instream; + char close_on_exit; + unsigned char modbuf[MAXPARAMLEN]; + unsigned char genbuf[MAXPARAMLEN]; + struct t_confent tcbuf; +}; + +/* + * The configuration file routines are designed along the lines of the + * "getpw" functions in the standard C library. + * + * "t_openconf" accepts a stdio stream and interprets it as a config file. + * "t_openconfbyname" accepts a filename and does the same thing. + * "t_closeconf" closes the config file. + * "t_getconfent" fetches the next sequential configuration entry. + * "t_getconfbyindex" fetches the configuration entry whose index + * matches the one supplied, or NULL if one can't be found. + * "t_getconflast" fetches the last configuration entry in the file. + * "t_makeconfent" generates a set of configuration entry parameters + * randomly. + * "t_newconfent" returns an empty configuration entry. + * "t_cmpconfent" compares two configuration entries a la strcmp. + * "t_checkconfent" verifies that a set of configuration parameters + * are suitable. N must be prime and should be a safe prime. + * "t_putconfent" writes a configuration entry to a stream. + */ +_TYPE( struct t_conf * ) t_openconf P((FILE *)); +_TYPE( struct t_conf * ) t_openconfbyname P((const char *)); +_TYPE( void ) t_closeconf P((struct t_conf *)); +_TYPE( void ) t_rewindconf P((struct t_conf *)); +_TYPE( struct t_confent * ) t_getconfent P((struct t_conf *)); +_TYPE( struct t_confent * ) t_getconfbyindex P((struct t_conf *, int)); +_TYPE( struct t_confent * ) t_getconflast P((struct t_conf *)); +_TYPE( struct t_confent * ) t_makeconfent P((struct t_conf *, int)); +_TYPE( struct t_confent * ) t_makeconfent_c P((struct t_conf *, int)); +_TYPE( struct t_confent * ) t_newconfent P((struct t_conf *)); +_TYPE( int ) t_cmpconfent P((const struct t_confent *, const struct t_confent *)); +_TYPE( int ) t_checkconfent P((const struct t_confent *)); +_TYPE( void ) t_putconfent P((const struct t_confent *, FILE *)); + +/* libc-style system conf file access */ +_TYPE( struct t_confent *) gettcent(); +_TYPE( struct t_confent *) gettcid P((int)); +_TYPE( void ) settcent(); +_TYPE( void ) endtcent(); + +#ifdef ENABLE_NSW +extern struct t_confent * _gettcent(); +extern struct t_confent * _gettcid P((int)); +extern void _settcent(); +extern void _endtcent(); +#endif + +/* A hack to support '+'-style entries in the passwd file */ + +typedef enum fstate { + FILE_ONLY, /* Ordinary file, don't consult NIS ever */ + FILE_NIS, /* Currently accessing file, use NIS if encountered */ + IN_NIS, /* Currently in a '+' entry; use NIS for getXXent */ +} FILE_STATE; + +struct t_pwent { /* A single password file entry */ + char * name; + struct t_num password; + struct t_num salt; + int index; +}; + +struct t_pw { /* An open password file */ + FILE * instream; + char close_on_exit; + FILE_STATE state; + char userbuf[MAXUSERLEN]; + unsigned char pwbuf[MAXPARAMLEN]; + unsigned char saltbuf[SALTLEN]; + struct t_pwent pebuf; +}; + +/* + * The password manipulation routines are patterned after the getpw* + * standard C library function calls. + * + * "t_openpw" reads a stream as if it were a password file. + * "t_openpwbyname" opens the named file as a password file. + * "t_closepw" closes an open password file. + * "t_rewindpw" starts the internal file pointer from the beginning + * of the password file. + * "t_getpwent" retrieves the next sequential password entry. + * "t_getpwbyname" looks up the password entry corresponding to the + * specified user. + * "t_makepwent" constructs a password entry from a username, password, + * numeric salt, and configuration entry. + * "t_putpwent" writes a password entry to a stream. + */ +_TYPE( struct t_pw * ) t_openpw P((FILE *)); +_TYPE( struct t_pw * ) t_openpwbyname P((const char *)); +_TYPE( void ) t_closepw P((struct t_pw *)); +_TYPE( void ) t_rewindpw P((struct t_pw *)); +_TYPE( struct t_pwent * ) t_getpwent P((struct t_pw *)); +_TYPE( struct t_pwent * ) t_getpwbyname P((struct t_pw *, const char *)); +_TYPE( struct t_pwent * ) t_makepwent P((struct t_pw *, const char *, + const char *, const struct t_num *, + const struct t_confent *)); +_TYPE( void ) t_putpwent P((const struct t_pwent *, FILE *)); + +struct t_passwd { + struct t_pwent tp; + struct t_confent tc; +}; + +/* libc-style system password file access */ +_TYPE( struct t_passwd * ) gettpent(); +_TYPE( struct t_passwd * ) gettpnam P((const char *)); +_TYPE( void ) settpent(); +_TYPE( void ) endtpent(); + +#ifdef ENABLE_NSW +extern struct t_passwd * _gettpent(); +extern struct t_passwd * _gettpnam P((const char *)); +extern void _settpent(); +extern void _endtpent(); +#endif + +/* + * Utility functions + * + * "t_verifypw" accepts a username and password, and checks against the + * system password file to see if the password for that user is correct. + * Returns > 0 if it is correct, 0 if not, and -1 if some error occurred + * (i.e. the user doesn't exist on the system). This is intended ONLY + * for local authentication; for remote authentication, look at the + * t_client and t_server source. (That's the whole point of SRP!) + * "t_changepw" modifies the specified file, substituting the given password + * entry for the one already in the file. If no matching entry is found, + * the new entry is simply appended to the file. + * "t_deletepw" removes the specified user from the specified file. + */ +_TYPE( int ) t_verifypw P((const char *, const char *)); +_TYPE( int ) t_changepw P((const char *, const struct t_pwent *)); +_TYPE( int ) t_deletepw P((const char *, const char *)); + +/* Conversion utilities */ + +/* + * All these calls accept output as the first parameter. In the case of + * t_tohex and t_tob64, the last argument is the length of the byte-string + * input. + */ +_TYPE( char * t_tohex ) P((char *, char *, unsigned)); +_TYPE( int ) t_fromhex P((char *, char *)); +_TYPE( char * ) t_tob64 P((char *, char *, unsigned)); +_TYPE( int ) t_fromb64 P((char *, char *)); + +/* Miscellaneous utilities */ + +/* + * "t_random" is a cryptographic random number generator, which is seeded + * from various high-entropy sources and uses a one-way hash function + * in a feedback configuration. + * "t_sessionkey" is the interleaved hash used to generate session keys + * from a large integer. + * "t_getpass" reads a password from the terminal without echoing. + */ +_TYPE( void ) t_random P((unsigned char *, unsigned)); +_TYPE( void ) t_stronginitrand(); +_TYPE( unsigned char * ) + t_sessionkey P((unsigned char *, unsigned char *, unsigned)); +_TYPE( int ) t_getpass P((char *, unsigned, const char *)); + +/* + * Return value of t_checkprime: + * < 0 : not prime + * = 0 : prime, but not safe + * > 0 : safe + */ +#define NUM_NOTPRIME -1 +#define NUM_NOTSAFE 0 +#define NUM_SAFE 1 + +_TYPE( int ) t_checkprime P((const struct t_num *)); + +#endif diff --git a/package/network/services/ead/src/tinysrp/t_read.c b/package/network/services/ead/src/tinysrp/t_read.c new file mode 100644 index 0000000..087b7d5 --- /dev/null +++ b/package/network/services/ead/src/tinysrp/t_read.c @@ -0,0 +1,81 @@ +/* + * Copyright (c) 1997-1999 The Stanford SRP Authentication Project + * All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, + * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY + * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + * + * IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL, + * INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER + * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF + * THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT + * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * In addition, the following conditions apply: + * + * 1. Any software that incorporates the SRP authentication technology + * must display the following acknowlegment: + * "This product uses the 'Secure Remote Password' cryptographic + * authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)." + * + * 2. Any software that incorporates all or part of the SRP distribution + * itself must also display the following acknowledgment: + * "This product includes software developed by Tom Wu and Eugene + * Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)." + * + * 3. Redistributions in source or binary form must retain an intact copy + * of this copyright notice and list of conditions. + */ + +#include <stdio.h> +#include "config.h" + +#define FSEPARATOR ':' + +int +t_nextfield(fp, s, max) +FILE * fp; +char * s; +unsigned max; +{ + int c, count = 0; + + while((c = getc(fp)) != EOF) { + if(c == '\n') { + ungetc(c, fp); + break; + } + else if(c == FSEPARATOR) + break; + if(count < max - 1) { + *s++ = c; + ++count; + } + } + *s++ = '\0'; + return count; +} + +int +t_nextline(fp) +FILE * fp; +{ + int c; + + while((c = getc(fp)) != '\n') + if(c == EOF) + return -1; + return 0; +} diff --git a/package/network/services/ead/src/tinysrp/t_read.h b/package/network/services/ead/src/tinysrp/t_read.h new file mode 100644 index 0000000..e621f79 --- /dev/null +++ b/package/network/services/ead/src/tinysrp/t_read.h @@ -0,0 +1,55 @@ +/* + * Copyright (c) 1997-1999 The Stanford SRP Authentication Project + * All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, + * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY + * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + * + * IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL, + * INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER + * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF + * THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT + * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * In addition, the following conditions apply: + * + * 1. Any software that incorporates the SRP authentication technology + * must display the following acknowlegment: + * "This product uses the 'Secure Remote Password' cryptographic + * authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)." + * + * 2. Any software that incorporates all or part of the SRP distribution + * itself must also display the following acknowledgment: + * "This product includes software developed by Tom Wu and Eugene + * Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)." + * + * 3. Redistributions in source or binary form must retain an intact copy + * of this copyright notice and list of conditions. + */ + +#ifndef _T_READ_H_ +#define _T_READ_H_ + +#if !defined(P) +#ifdef __STDC__ +#define P(x) x +#else +#define P(x) () +#endif +#endif + +extern int t_nextfield P((FILE *, char *, unsigned)); +extern int t_nextline P((FILE *)); +#endif diff --git a/package/network/services/ead/src/tinysrp/t_server.c b/package/network/services/ead/src/tinysrp/t_server.c new file mode 100644 index 0000000..6ab501b --- /dev/null +++ b/package/network/services/ead/src/tinysrp/t_server.c @@ -0,0 +1,259 @@ +/* + * Copyright (c) 1997-1999 The Stanford SRP Authentication Project + * All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, + * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY + * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + * + * IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL, + * INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER + * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF + * THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT + * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * In addition, the following conditions apply: + * + * 1. Any software that incorporates the SRP authentication technology + * must display the following acknowlegment: + * "This product uses the 'Secure Remote Password' cryptographic + * authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)." + * + * 2. Any software that incorporates all or part of the SRP distribution + * itself must also display the following acknowledgment: + * "This product includes software developed by Tom Wu and Eugene + * Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)." + * + * 3. Redistributions in source or binary form must retain an intact copy + * of this copyright notice and list of conditions. + */ + +#include <stdio.h> +#include "t_defines.h" +#include "t_pwd.h" +#include "t_server.h" + +_TYPE( struct t_server * ) +t_serveropenraw(ent, tce) + struct t_pwent * ent; + struct t_confent * tce; +{ + struct t_server * ts; + unsigned char buf1[SHA_DIGESTSIZE], buf2[SHA_DIGESTSIZE]; + SHA1_CTX ctxt; + int i; + + if((ts = malloc(sizeof(struct t_server))) == 0) + return 0; + + SHA1Init(&ts->ckhash); + + ts->index = ent->index; + ts->n.len = tce->modulus.len; + ts->n.data = ts->nbuf; + memcpy(ts->n.data, tce->modulus.data, ts->n.len); + + SHA1Init(&ctxt); + SHA1Update(&ctxt, ts->n.data, ts->n.len); + SHA1Final(buf1, &ctxt); + + ts->g.len = tce->generator.len; + ts->g.data = ts->gbuf; + memcpy(ts->g.data, tce->generator.data, ts->g.len); + + SHA1Init(&ctxt); + SHA1Update(&ctxt, ts->g.data, ts->g.len); + SHA1Final(buf2, &ctxt); + + for(i = 0; i < sizeof(buf1); ++i) + buf1[i] ^= buf2[i]; + + SHA1Update(&ts->ckhash, buf1, sizeof(buf1)); + + SHA1Init(&ctxt); + SHA1Update(&ctxt, ent->name, strlen(ent->name)); + SHA1Final(buf1, &ctxt); + + SHA1Update(&ts->ckhash, buf1, sizeof(buf1)); + + ts->v.len = ent->password.len; + ts->v.data = ts->vbuf; + memcpy(ts->v.data, ent->password.data, ts->v.len); + + ts->s.len = ent->salt.len; + ts->s.data = ts->saltbuf; + memcpy(ts->s.data, ent->salt.data, ts->s.len); + + SHA1Update(&ts->ckhash, ts->s.data, ts->s.len); + + ts->b.data = ts->bbuf; + ts->B.data = ts->Bbuf; + + SHA1Init(&ts->hash); + SHA1Init(&ts->oldhash); + SHA1Init(&ts->oldckhash); + + return ts; +} + +_TYPE( struct t_num * ) +t_servergenexp(ts) + struct t_server * ts; +{ + BigInteger b, B, v, n, g; + + if(ts->n.len < BLEN) + ts->b.len = ts->n.len; + else + ts->b.len = BLEN; + + t_random(ts->b.data, ts->b.len); + b = BigIntegerFromBytes(ts->b.data, ts->b.len); + n = BigIntegerFromBytes(ts->n.data, ts->n.len); + g = BigIntegerFromBytes(ts->g.data, ts->g.len); + B = BigIntegerFromInt(0); + BigIntegerModExp(B, g, b, n); + + v = BigIntegerFromBytes(ts->v.data, ts->v.len); + BigIntegerAdd(B, B, v); + if(BigIntegerCmp(B, n) > 0) + BigIntegerSub(B, B, n); + + ts->B.len = BigIntegerToBytes(B, ts->B.data); + + BigIntegerFree(v); + BigIntegerFree(B); + BigIntegerFree(b); + BigIntegerFree(g); + BigIntegerFree(n); + + SHA1Update(&ts->oldckhash, ts->B.data, ts->B.len); + + return &ts->B; +} + +_TYPE( unsigned char * ) +t_servergetkey(ts, clientval) + struct t_server * ts; + struct t_num * clientval; +{ + BigInteger n, v, A, b, prod, res, S; + SHA1_CTX ctxt; + unsigned char sbuf[MAXPARAMLEN]; + unsigned char dig[SHA_DIGESTSIZE]; + unsigned slen; + unsigned int u; + + SHA1Update(&ts->ckhash, clientval->data, clientval->len); + SHA1Update(&ts->ckhash, ts->B.data, ts->B.len); + + SHA1Init(&ctxt); + SHA1Update(&ctxt, ts->B.data, ts->B.len); + SHA1Final(dig, &ctxt); + u = (dig[0] << 24) | (dig[1] << 16) | (dig[2] << 8) | dig[3]; + + SHA1Update(&ts->oldhash, clientval->data, clientval->len); + SHA1Update(&ts->hash, clientval->data, clientval->len); + + n = BigIntegerFromBytes(ts->n.data, ts->n.len); + b = BigIntegerFromBytes(ts->b.data, ts->b.len); + v = BigIntegerFromBytes(ts->v.data, ts->v.len); + A = BigIntegerFromBytes(clientval->data, clientval->len); + + prod = BigIntegerFromInt(0); + BigIntegerModExpInt(prod, v, u, n); + res = BigIntegerFromInt(0); + BigIntegerModMul(res, prod, A, n); + + BigIntegerFree(A); + BigIntegerFree(v); + BigIntegerFree(prod); + + if(BigIntegerCmpInt(res, 1) <= 0) { /* Check for Av^u == 1 (mod n) */ + BigIntegerFree(res); + BigIntegerFree(b); + BigIntegerFree(n); + return NULL; + } + + S = BigIntegerFromInt(0); + + BigIntegerAddInt(S, res, 1); + if(BigIntegerCmp(S, n) == 0) { /* Check for Av^u == -1 (mod n) */ + BigIntegerFree(res); + BigIntegerFree(b); + BigIntegerFree(n); + BigIntegerFree(S); + return NULL; + } + + BigIntegerModExp(S, res, b, n); + slen = BigIntegerToBytes(S, sbuf); + + BigIntegerFree(S); + BigIntegerFree(res); + BigIntegerFree(b); + BigIntegerFree(n); + + t_sessionkey(ts->session_key, sbuf, slen); + memset(sbuf, 0, slen); + + SHA1Update(&ts->oldhash, ts->session_key, sizeof(ts->session_key)); + SHA1Update(&ts->oldckhash, ts->session_key, sizeof(ts->session_key)); + SHA1Update(&ts->ckhash, ts->session_key, sizeof(ts->session_key)); + + return ts->session_key; +} + +_TYPE( int ) +t_serververify(ts, resp) + struct t_server * ts; + unsigned char * resp; +{ + unsigned char expected[SHA_DIGESTSIZE]; + int i; + + SHA1Final(expected, &ts->oldckhash); + i = memcmp(expected, resp, sizeof(expected)); + if(i == 0) { + SHA1Final(ts->session_response, &ts->oldhash); + return 0; + } + SHA1Final(expected, &ts->ckhash); + i = memcmp(expected, resp, sizeof(expected)); + if(i == 0) { + SHA1Update(&ts->hash, expected, sizeof(expected)); + SHA1Update(&ts->hash, ts->session_key, sizeof(ts->session_key)); + SHA1Final(ts->session_response, &ts->hash); + } + return i; +} + +_TYPE( unsigned char * ) +t_serverresponse(ts) + struct t_server * ts; +{ + return ts->session_response; +} + +_TYPE( void ) +t_serverclose(ts) + struct t_server * ts; +{ + memset(ts->bbuf, 0, sizeof(ts->bbuf)); + memset(ts->vbuf, 0, sizeof(ts->vbuf)); + memset(ts->saltbuf, 0, sizeof(ts->saltbuf)); + memset(ts->session_key, 0, sizeof(ts->session_key)); + free(ts); +} diff --git a/package/network/services/ead/src/tinysrp/t_server.h b/package/network/services/ead/src/tinysrp/t_server.h new file mode 100644 index 0000000..20970ff --- /dev/null +++ b/package/network/services/ead/src/tinysrp/t_server.h @@ -0,0 +1,138 @@ +/* + * Copyright (c) 1997-1999 The Stanford SRP Authentication Project + * All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, + * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY + * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + * + * IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL, + * INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER + * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF + * THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT + * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * In addition, the following conditions apply: + * + * 1. Any software that incorporates the SRP authentication technology + * must display the following acknowlegment: + * "This product uses the 'Secure Remote Password' cryptographic + * authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)." + * + * 2. Any software that incorporates all or part of the SRP distribution + * itself must also display the following acknowledgment: + * "This product includes software developed by Tom Wu and Eugene + * Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)." + * + * 3. Redistributions in source or binary form must retain an intact copy + * of this copyright notice and list of conditions. + */ + +#ifndef T_SERVER_H +#define T_SERVER_H + +#include "t_sha.h" + +#if !defined(P) +#ifdef __STDC__ +#define P(x) x +#else +#define P(x) () +#endif +#endif + +#ifndef _DLLDECL +#define _DLLDECL + +#ifdef MSVC15 /* MSVC1.5 support for 16 bit apps */ +#define _MSVC15EXPORT _export +#define _MSVC20EXPORT +#define _DLLAPI _export _pascal +#define _TYPE(a) a _MSVC15EXPORT +#define DLLEXPORT 1 + +#elif MSVC20 +#define _MSVC15EXPORT +#define _MSVC20EXPORT _declspec(dllexport) +#define _DLLAPI +#define _TYPE(a) _MSVC20EXPORT a +#define DLLEXPORT 1 + +#else /* Default, non-dll. Use this for Unix or DOS */ +#define _MSVC15DEXPORT +#define _MSVC20EXPORT +#define _DLLAPI +#define _TYPE(a) a +#endif +#endif + +#define BLEN 32 + +struct t_server { + int index; + struct t_num n; + struct t_num g; + struct t_num v; + struct t_num s; + + struct t_num b; + struct t_num B; + + SHA1_CTX oldhash, hash, oldckhash, ckhash; + + unsigned char session_key[SESSION_KEY_LEN]; + unsigned char session_response[RESPONSE_LEN]; + + unsigned char nbuf[MAXPARAMLEN], gbuf[MAXPARAMLEN], vbuf[MAXPARAMLEN]; + unsigned char saltbuf[MAXSALTLEN], bbuf[BLEN], Bbuf[MAXPARAMLEN]; +}; + +/* + * SRP server-side negotiation + * + * This code negotiates the server side of an SRP exchange. + * "t_serveropen" accepts a username (sent by the client), a pointer + * to an open password file, and a pointer to an open configuration + * file. The server should then call... + * "t_servergenexp" will generate a random 256-bit exponent and + * raise g (from the configuration file) to that power, returning + * the result. This result should be sent to the client as y(p). + * "t_servergetkey" accepts the exponential w(p), which should be + * sent by the client, and computes the 256-bit session key. + * This data should be saved before the session is closed. + * "t_serverresponse" computes the session key proof as SHA(w(p), K). + * "t_serverclose" closes the session and frees its memory. + * + * Note that authentication is not performed per se; it is up + * to either/both sides of the protocol to now verify securely + * that their session keys agree in order to establish authenticity. + * One possible way is through "oracle hashing"; one side sends + * r, the other replies with H(r,K), where H() is a hash function. + * + * t_serverresponse and t_serververify now implement a version of + * the session-key verification described above. + */ +_TYPE( struct t_server * ) + t_serveropen P((const char *)); +_TYPE( struct t_server * ) + t_serveropenfromfiles P((const char *, struct t_pw *, struct t_conf *)); +_TYPE( struct t_server * ) + t_serveropenraw P((struct t_pwent *, struct t_confent *)); +_TYPE( struct t_num * ) t_servergenexp P((struct t_server *)); +_TYPE( unsigned char * ) t_servergetkey P((struct t_server *, struct t_num *)); +_TYPE( int ) t_serververify P((struct t_server *, unsigned char *)); +_TYPE( unsigned char * ) t_serverresponse P((struct t_server *)); +_TYPE( void ) t_serverclose P((struct t_server *)); + +#endif diff --git a/package/network/services/ead/src/tinysrp/t_sha.c b/package/network/services/ead/src/tinysrp/t_sha.c new file mode 100644 index 0000000..cc41d64 --- /dev/null +++ b/package/network/services/ead/src/tinysrp/t_sha.c @@ -0,0 +1,166 @@ +#include "t_defines.h" +#include "t_sha.h" + +/* +SHA-1 in C +By Steve Reid <steve@edmweb.com> +100% Public Domain + +Test Vectors (from FIPS PUB 180-1) +"abc" + A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D +"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" + 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1 +A million repetitions of "a" + 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F +*/ + +/* #define WORDS_BIGENDIAN * This should be #define'd if true. */ +/* #define SHA1HANDSOFF * Copies data before messing with it. */ + +#include <stdio.h> +#include <string.h> + +static void SHA1Transform(uint32 state[5], const unsigned char buffer[64]); + +#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits)))) + +/* blk0() and blk() perform the initial expand. */ +/* I got the idea of expanding during the round function from SSLeay */ +#ifndef WORDS_BIGENDIAN +#define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \ + |(rol(block->l[i],8)&0x00FF00FF)) +#else +#define blk0(i) block->l[i] +#endif +#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \ + ^block->l[(i+2)&15]^block->l[i&15],1)) + +/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */ +#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30); +#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30); +#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30); +#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30); +#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30); + +/* Hash a single 512-bit block. This is the core of the algorithm. */ + +static void SHA1Transform(uint32 state[5], const unsigned char buffer[64]) +{ +uint32 a, b, c, d, e; +typedef union { + unsigned char c[64]; + uint32 l[16]; +} CHAR64LONG16; +CHAR64LONG16* block; +#ifdef SHA1HANDSOFF +static unsigned char workspace[64]; + block = (CHAR64LONG16*)workspace; + memcpy(block, buffer, 64); +#else + block = (CHAR64LONG16*)buffer; +#endif + /* Copy context->state[] to working vars */ + a = state[0]; + b = state[1]; + c = state[2]; + d = state[3]; + e = state[4]; + /* 4 rounds of 20 operations each. Loop unrolled. */ + R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); + R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); + R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); + R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); + R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); + R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); + R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); + R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); + R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); + R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); + R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); + R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); + R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); + R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); + R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); + R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); + R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); + R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); + R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); + R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); + /* Add the working vars back into context.state[] */ + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; + state[4] += e; + /* Wipe variables */ + a = b = c = d = e = 0; +} + + +/* SHA1Init - Initialize new context */ + +void SHA1Init(SHA1_CTX* context) +{ + /* SHA1 initialization constants */ + context->state[0] = 0x67452301; + context->state[1] = 0xEFCDAB89; + context->state[2] = 0x98BADCFE; + context->state[3] = 0x10325476; + context->state[4] = 0xC3D2E1F0; + context->count[0] = context->count[1] = 0; +} + + +/* Run your data through this. */ + +void SHA1Update(SHA1_CTX* context, const unsigned char* data, unsigned int len) +{ +unsigned int i, j; + + j = (context->count[0] >> 3) & 63; + if ((context->count[0] += len << 3) < (len << 3)) context->count[1]++; + context->count[1] += (len >> 29); + if ((j + len) > 63) { + memcpy(&context->buffer[j], data, (i = 64-j)); + SHA1Transform(context->state, context->buffer); + for ( ; i + 63 < len; i += 64) { + SHA1Transform(context->state, &data[i]); + } + j = 0; + } + else i = 0; + memcpy(&context->buffer[j], &data[i], len - i); +} + + +/* Add padding and return the message digest. */ + +void SHA1Final(unsigned char digest[20], SHA1_CTX* context) +{ +uint32 i, j; +unsigned char finalcount[8]; + + for (i = 0; i < 8; i++) { + finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)] + >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */ + } + SHA1Update(context, (unsigned char *)"\200", 1); + while ((context->count[0] & 504) != 448) { + SHA1Update(context, (unsigned char *)"\0", 1); + } + SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform() */ + for (i = 0; i < 20; i++) { + digest[i] = (unsigned char) + ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255); + } + /* Wipe variables */ + i = j = 0; + memset(context->buffer, 0, 64); + memset(context->state, 0, 20); + memset(context->count, 0, 8); + memset(&finalcount, 0, 8); +#ifdef SHA1HANDSOFF /* make SHA1Transform overwrite its own static vars */ + SHA1Transform(context->state, context->buffer); +#endif +} diff --git a/package/network/services/ead/src/tinysrp/t_sha.h b/package/network/services/ead/src/tinysrp/t_sha.h new file mode 100644 index 0000000..d10115e --- /dev/null +++ b/package/network/services/ead/src/tinysrp/t_sha.h @@ -0,0 +1,26 @@ +#ifndef T_SHA_H +#define T_SHA_H + +#if !defined(P) +#ifdef __STDC__ +#define P(x) x +#else +#define P(x) () +#endif +#endif + +#define SHA_DIGESTSIZE 20 + +typedef unsigned int uint32; + +typedef struct { + uint32 state[5]; + uint32 count[2]; + unsigned char buffer[64]; +} SHA1_CTX; + +void SHA1Init P((SHA1_CTX* context)); +void SHA1Update P((SHA1_CTX* context, const unsigned char* data, unsigned int len)); +void SHA1Final P((unsigned char digest[20], SHA1_CTX* context)); + +#endif /* T_SHA_H */ diff --git a/package/network/services/ead/src/tinysrp/t_truerand.c b/package/network/services/ead/src/tinysrp/t_truerand.c new file mode 100644 index 0000000..fa0d6ce --- /dev/null +++ b/package/network/services/ead/src/tinysrp/t_truerand.c @@ -0,0 +1,151 @@ +/* + * Physically random numbers (very nearly uniform) + * D. P. Mitchell + * Modified by Matt Blaze 7/95 + */ +/* + * The authors of this software are Don Mitchell and Matt Blaze. + * Copyright (c) 1995 by AT&T. + * Permission to use, copy, and modify this software without fee + * is hereby granted, provided that this entire notice is included in + * all copies of any software which is or includes a copy or + * modification of this software and in all copies of the supporting + * documentation for such software. + * + * This software may be subject to United States export controls. + * + * THIS SOFTWARE IS BEING PROVIDED "AS IS", WITHOUT ANY EXPRESS OR IMPLIED + * WARRANTY. IN PARTICULAR, NEITHER THE AUTHORS NOR AT&T MAKE ANY + * REPRESENTATION OR WARRANTY OF ANY KIND CONCERNING THE MERCHANTABILITY + * OF THIS SOFTWARE OR ITS FITNESS FOR ANY PARTICULAR PURPOSE. + */ + +/* + * WARNING: depending on the particular platform, raw_truerand() + * output may be biased or correlated. In general, you can expect + * about 16 bits of "pseudo-entropy" out of each 32 bit word returned + * by truerand(), but it may not be uniformly diffused. You should + * raw_therefore run the output through some post-whitening function + * (like MD5 or DES or whatever) before using it to generate key + * material. (RSAREF's random package does this for you when you feed + * raw_truerand() bits to the seed input function.) + * + * The application interface, for 8, 16, and 32 bit properly "whitened" + * random numbers, can be found in trand8(), trand16(), and trand32(). + * Use those instead of calling raw_truerand() directly. + * + * The basic idea here is that between clock "skew" and various + * hard-to-predict OS event arrivals, counting a tight loop will yield + * a little (maybe a third of a bit or so) of "good" randomness per + * interval clock tick. This seems to work well even on unloaded + * machines. If there is a human operator at the machine, you should + * augment truerand with other measure, like keyboard event timing. + * On server machines (e.g., when you need to generate a + * Diffie-Hellman secret) truerand alone may be good enough. + * + * Test these assumptions on your own platform before fielding a + * system based on this software or these techniques. + * + * This software seems to work well (at 10 or so bits per + * raw_truerand() call) on a Sun Sparc-20 under SunOS 4.1.3 and on a + * P100 under BSDI 2.0. You're on your own elsewhere. + * + */ + +#include "t_defines.h" + +#include <signal.h> +#include <setjmp.h> +#include <sys/time.h> +#include <math.h> +#include <stdio.h> + +#ifdef OLD_TRUERAND +static jmp_buf env; +#endif +static unsigned volatile count +#ifndef OLD_TRUERAND + , done = 0 +#endif +; + +static unsigned ocount; +static unsigned buffer; + +static void +tick() +{ + struct itimerval it, oit; + + it.it_interval.tv_sec = 0; + it.it_interval.tv_usec = 0; + it.it_value.tv_sec = 0; + it.it_value.tv_usec = 16665; + if (setitimer(ITIMER_REAL, &it, &oit) < 0) + perror("tick"); +} + +static void +interrupt() +{ + if (count) { +#ifdef OLD_TRUERAND + longjmp(env, 1); +#else + ++done; + return; +#endif + } + + (void) signal(SIGALRM, interrupt); + tick(); +} + +static unsigned long +roulette() +{ +#ifdef OLD_TRUERAND + if (setjmp(env)) { + count ^= (count>>3) ^ (count>>6) ^ ocount; + count &= 0x7; + ocount=count; + buffer = (buffer<<3) ^ count; + return buffer; + } +#else + done = 0; +#endif + (void) signal(SIGALRM, interrupt); + count = 0; + tick(); +#ifdef OLD_TRUERAND + for (;;) +#else + while(done == 0) +#endif + count++; /* about 1 MHz on VAX 11/780 */ +#ifndef OLD_TRUERAND + count ^= (count>>3) ^ (count>>6) ^ ocount; + count &= 0x7; + ocount=count; + buffer = (buffer<<3) ^ count; + return buffer; +#endif +} + +unsigned long +raw_truerand() +{ + count=0; + (void) roulette(); + (void) roulette(); + (void) roulette(); + (void) roulette(); + (void) roulette(); + (void) roulette(); + (void) roulette(); + (void) roulette(); + (void) roulette(); + (void) roulette(); + return roulette(); +} diff --git a/package/network/services/ead/src/tinysrp/tconf.c b/package/network/services/ead/src/tinysrp/tconf.c new file mode 100644 index 0000000..ad77f4c --- /dev/null +++ b/package/network/services/ead/src/tinysrp/tconf.c @@ -0,0 +1,157 @@ +/* + * Copyright (c) 1997-2000 The Stanford SRP Authentication Project + * All Rights Reserved. + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS-IS" AND WITHOUT WARRANTY OF ANY KIND, + * EXPRESS, IMPLIED OR OTHERWISE, INCLUDING WITHOUT LIMITATION, ANY + * WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. + * + * IN NO EVENT SHALL STANFORD BE LIABLE FOR ANY SPECIAL, INCIDENTAL, + * INDIRECT OR CONSEQUENTIAL DAMAGES OF ANY KIND, OR ANY DAMAGES WHATSOEVER + * RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER OR NOT ADVISED OF + * THE POSSIBILITY OF DAMAGE, AND ON ANY THEORY OF LIABILITY, ARISING OUT + * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * In addition, the following conditions apply: + * + * 1. Any software that incorporates the SRP authentication technology + * must display the following acknowlegment: + * "This product uses the 'Secure Remote Password' cryptographic + * authentication system developed by Tom Wu (tjw@CS.Stanford.EDU)." + * + * 2. Any software that incorporates all or part of the SRP distribution + * itself must also display the following acknowledgment: + * "This product includes software developed by Tom Wu and Eugene + * Jhong for the SRP Distribution (http://srp.stanford.edu/srp/)." + * + * 3. Redistributions in source or binary form must retain an intact copy + * of this copyright notice and list of conditions. + */ + +#include <unistd.h> /* close getlogin */ +#include <stdlib.h> /* atexit exit */ +#include <stdio.h> +#include <string.h> + +#include "t_pwd.h" + +#define MIN_BASIS_BITS 512 +#define BASIS_BITS 2048 + +extern int optind; +extern char *optarg; + +extern int errno; + +char *progName; + +int debug = 0; +int verbose = 0; +int composite = 0; + +int main(argc, argv) + int argc; + char *argv[]; +{ + char *chp; + char *configFile = NULL; + char cbuf[256]; + char b64buf[MAXB64PARAMLEN]; + int c, ch, i, lastidx, keylen, yesno, fsize, status, nparams; + FILE *efp; + + struct t_preconf * tpc; + struct t_conf tcs; + struct t_conf * tc = &tcs; + struct t_confent * tcent; + + progName = *argv; + if ((chp = strrchr(progName, '/')) != (char *) 0) progName = chp + 1; + + while ((ch = getopt(argc, argv, "dv2c:")) != EOF) + switch(ch) { + case 'c': + configFile = optarg; + break; + case 'v': + verbose++; + break; + case 'd': + debug++; + break; + case '2': + composite++; + break; + default: + fprintf(stderr, "usage: %s [-dv2] [-c configfile]\n", progName); + exit(1); + } + + argc -= optind; + argv += optind; + + lastidx = 0; + keylen = 0; + + tcent = t_newconfent(tc); + + printf("\nThis program will generate a set of parameters for the EPS\n"); + printf("password file. The size of these parameters, measured in bits,\n"); + printf("determines the level of security offered by SRP, and is related\n"); + printf("to the security of similarly-sized RSA or Diffie-Hellman keys.\n"); + printf("Choosing a predefined field is generally preferable to generating\n"); + printf("a new field because clients can avoid costly parameter verification.\n"); + printf("Either way, the values generated by this program are public and\n"); + printf("can even shared between systems.\n"); + + printf("\nEnter the new field size, in bits. Suggested sizes:\n\n"); + printf(" 512 (fast, minimally secure)\n"); + printf(" 768 (moderate security)\n"); + printf("1024 (most popular default)\n"); + printf("1536 (additional security, possibly slow)\n"); + printf("2048 (maximum supported security level)\n"); + printf("\nField size (%d to %d): ", MIN_BASIS_BITS, BASIS_BITS); + + fgets(cbuf, sizeof(cbuf), stdin); + fsize = atoi(cbuf); + if(fsize < MIN_BASIS_BITS || fsize > BASIS_BITS) { + fprintf(stderr, "%s: field size must be between %d and %d\n", + progName, MIN_BASIS_BITS, BASIS_BITS); + exit(1); + } + + if(fsize <= keylen) + fprintf(stderr, "Warning: new field size is not larger than old field size\n"); + + printf("\nInitializing random number generator..."); + fflush(stdout); + t_initrand(); + + if(composite) + printf("done.\n\nGenerating a %d-bit composite with safe prime factors. This may take a while.\n", fsize); + else + printf("done.\n\nGenerating a %d-bit safe prime. This may take a while.\n", fsize); + + while((tcent = (composite ? t_makeconfent_c(tc, fsize) : + t_makeconfent(tc, fsize))) == NULL) + printf("Parameter generation failed, retrying...\n"); + tcent->index = lastidx + 1; + + printf("\nParameters successfully generated.\n"); + printf("N = [%s]\n", t_tob64(b64buf, + tcent->modulus.data, tcent->modulus.len)); + printf("g = [%s]\n", t_tob64(b64buf, + tcent->generator.data, tcent->generator.len)); + printf("\nYou must update the pre_params array in t_getconf.c\n"); +} diff --git a/package/network/services/ead/src/tinysrp/tinysrp.c b/package/network/services/ead/src/tinysrp/tinysrp.c new file mode 100644 index 0000000..fc01055 --- /dev/null +++ b/package/network/services/ead/src/tinysrp/tinysrp.c @@ -0,0 +1,235 @@ +/* This bit implements a simple API for using the SRP library over sockets. */ + +#include <stdio.h> +#include <string.h> +#include <stdlib.h> +#include <unistd.h> +#include <sys/types.h> +#include <sys/socket.h> +#include "t_defines.h" +#include "t_pwd.h" +#include "t_server.h" +#include "t_client.h" +#include "tinysrp.h" + +#ifndef MSG_WAITALL +#ifdef linux +#define MSG_WAITALL 0x100 /* somehow not defined on my box */ +#endif +#endif + +/* This is called by the client with a connected socket, username, and +passphrase. pass can be NULL in which case the user is queried. */ + +int tsrp_client_authenticate(int s, char *user, char *pass, TSRP_SESSION *tsrp) +{ + int i, index; + unsigned char username[MAXUSERLEN + 1], sbuf[MAXSALTLEN]; + unsigned char msgbuf[MAXPARAMLEN + 1], bbuf[MAXPARAMLEN]; + unsigned char passbuf[128], *skey; + struct t_client *tc; + struct t_preconf *tcp; /* @@@ should go away */ + struct t_num salt, *A, B; + + /* Send the username. */ + + i = strlen(user); + if (i > MAXUSERLEN) { + i = MAXUSERLEN; + } + msgbuf[0] = i; + memcpy(msgbuf + 1, user, i); + if (send(s, msgbuf, i + 1, 0) < 0) { + return 0; + } + memcpy(username, user, i); + username[i] = '\0'; + + /* Get the prime index and salt. */ + + i = recv(s, msgbuf, 2, MSG_WAITALL); + if (i <= 0) { + return 0; + } + index = msgbuf[0]; + if (index <= 0 || index > t_getprecount()) { + return 0; + } + tcp = t_getpreparam(index - 1); + salt.len = msgbuf[1]; + if (salt.len > MAXSALTLEN) { + return 0; + } + salt.data = sbuf; + i = recv(s, sbuf, salt.len, MSG_WAITALL); + if (i <= 0) { + return 0; + } + + /* @@@ t_clientopen() needs a variant that takes the index */ + + tc = t_clientopen(username, &tcp->modulus, &tcp->generator, &salt); + if (tc == NULL) { + return 0; + } + + /* Calculate A and send it to the server. */ + + A = t_clientgenexp(tc); + msgbuf[0] = A->len - 1; /* len is max 256 */ + memcpy(msgbuf + 1, A->data, A->len); + if (send(s, msgbuf, A->len + 1, 0) < 0) { + return 0; + } + + /* Ask the user for the passphrase. */ + + if (pass == NULL) { + t_getpass(passbuf, sizeof(passbuf), "Enter password:"); + pass = passbuf; + } + t_clientpasswd(tc, pass); + + /* Get B from the server. */ + + i = recv(s, msgbuf, 1, 0); + if (i <= 0) { + return 0; + } + B.len = msgbuf[0] + 1; + B.data = bbuf; + i = recv(s, bbuf, B.len, MSG_WAITALL); + if (i <= 0) { + return 0; + } + + /* Compute the session key. */ + + skey = t_clientgetkey(tc, &B); + if (skey == NULL) { + return 0; + } + + /* Send the response. */ + + if (send(s, t_clientresponse(tc), RESPONSE_LEN, 0) < 0) { + return 0; + } + + /* Get the server's response. */ + + i = recv(s, msgbuf, RESPONSE_LEN, MSG_WAITALL); + if (i <= 0) { + return 0; + } + if (t_clientverify(tc, msgbuf) != 0) { + return 0; + } + + /* All done. Now copy the key and clean up. */ + + if (tsrp) { + memcpy(tsrp->username, username, strlen(username) + 1); + memcpy(tsrp->key, skey, SESSION_KEY_LEN); + } + t_clientclose(tc); + + return 1; +} + +/* This is called by the server with a connected socket. */ + +int tsrp_server_authenticate(int s, TSRP_SESSION *tsrp) +{ + int i, j; + unsigned char username[MAXUSERLEN], *skey; + unsigned char msgbuf[MAXPARAMLEN + 1], abuf[MAXPARAMLEN]; + struct t_server *ts; + struct t_num A, *B; + + /* Get the username. */ + + i = recv(s, msgbuf, 1, 0); + if (i <= 0) { + return 0; + } + j = msgbuf[0]; + i = recv(s, username, j, MSG_WAITALL); + if (i <= 0) { + return 0; + } + username[j] = '\0'; + + ts = t_serveropen(username); + if (ts == NULL) { + return 0; + } + + /* Send the prime index and the salt. */ + + msgbuf[0] = ts->index; /* max 256 primes... */ + i = ts->s.len; + msgbuf[1] = i; + memcpy(msgbuf + 2, ts->s.data, i); + if (send(s, msgbuf, i + 2, 0) < 0) { + return 0; + } + + /* Calculate B while we're waiting. */ + + B = t_servergenexp(ts); + + /* Get A from the client. */ + + i = recv(s, msgbuf, 1, 0); + if (i <= 0) { + return 0; + } + A.len = msgbuf[0] + 1; + A.data = abuf; + i = recv(s, abuf, A.len, MSG_WAITALL); + if (i <= 0) { + return 0; + } + + /* Now send B. */ + + msgbuf[0] = B->len - 1; + memcpy(msgbuf + 1, B->data, B->len); + if (send(s, msgbuf, B->len + 1, 0) < 0) { + return 0; + } + + /* Calculate the session key while we're waiting. */ + + skey = t_servergetkey(ts, &A); + if (skey == NULL) { + return 0; + } + + /* Get the response from the client. */ + + i = recv(s, msgbuf, RESPONSE_LEN, MSG_WAITALL); + if (i <= 0) { + return 0; + } + if (t_serververify(ts, msgbuf) != 0) { + return 0; + } + + /* Client authenticated. Now authenticate ourselves to the client. */ + + if (send(s, t_serverresponse(ts), RESPONSE_LEN, 0) < 0) { + return 0; + } + + /* Copy the key and clean up. */ + + if (tsrp) { + memcpy(tsrp->username, username, strlen(username) + 1); + memcpy(tsrp->key, skey, SESSION_KEY_LEN); + } + t_serverclose(ts); + + return 1; +} diff --git a/package/network/services/ead/src/tinysrp/tinysrp.h b/package/network/services/ead/src/tinysrp/tinysrp.h new file mode 100644 index 0000000..4420a19 --- /dev/null +++ b/package/network/services/ead/src/tinysrp/tinysrp.h @@ -0,0 +1,18 @@ +/* Simple API for the tinysrp library. */ + +#ifndef T_PWD_H +#define MAXUSERLEN 32 +#define SESSION_KEY_LEN 40 /* 320-bit session key */ +#endif + +typedef struct { + char username[MAXUSERLEN + 1]; + unsigned char key[SESSION_KEY_LEN]; +} TSRP_SESSION; + +/* These functions are passed a connected socket, and return true for a +successful authentication. If tsrp is not NULL, the username and key +fields are filled in. */ + +extern int tsrp_server_authenticate(int s, TSRP_SESSION *tsrp); +extern int tsrp_client_authenticate(int s, char *user, char *pass, TSRP_SESSION *tsrp); diff --git a/package/network/services/ead/src/tinysrp/tpasswd b/package/network/services/ead/src/tinysrp/tpasswd new file mode 100644 index 0000000..2ac7e2a --- /dev/null +++ b/package/network/services/ead/src/tinysrp/tpasswd @@ -0,0 +1,2 @@ +moo:A9lHvOGAMJvw1m3vcDsQRUFovh6/QUmLDKqwhv.drKQzbE9nS7HrOZLUPx2MmS6ewwybN8RHqpWqnUJRCMFT14FMbYXR7kYNUUQNx43A7F.xrVOU7tlFq5NjoK9sfFtp6PMdbIOP5wzWmipiNFlCOu4sjlSZb.o7C1chLzTKU.0:19AI0Hc9jEkdFc:5 +new user:1FsanML2fbTOEsa072bLjyRD1LEqoRD2GwElfN0VmHeR.FAg5A.2.G5bTjIHmMmHL60kgoAHJZhRrgopalYmujlyAuQoKiHJb98SHm1oJaQ9nl/DrZCvfyw5LpVMqg.CupdiWz6OtmOz8fwC96ItExFnNDt6SmsVDIOn4HqXG6C0lLaqEvcqlN3gFDlJXyP2yldM.LJ1TkHTHmA3DjRkmWEUL3mWEgzkEHyPcRB3Jd5ncDT7jaNbJTTLRoOtgRsaqE7OXuPADoK8MGBcUquYBRrGwyU4Y/wW4gLc3QmV793zxkk.P3.dxkLSjro/Kk94D7kC6fx3K9tadLJyzd94rr:3v/KRlxT0.oYF1:1 diff --git a/package/network/services/ead/src/tinysrp/tphrase.c b/package/network/services/ead/src/tinysrp/tphrase.c new file mode 100644 index 0000000..0ab1e08 --- /dev/null +++ b/package/network/services/ead/src/tinysrp/tphrase.c @@ -0,0 +1,354 @@ +/* Add passphrases to the tpasswd file. Use the last entry in the config +file by default or a particular one specified by index. */ + +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> +#include <sys/types.h> +#include <sys/stat.h> +#include "config.h" +#include "t_pwd.h" +#include "t_read.h" +#include "t_sha.h" +#include "t_defines.h" + +char *Progname; +char Usage[] = "usage: %s [-n configindex] [-p passfile] user\n"; +#define USAGE() fprintf(stderr, Usage, Progname) + +void doit(char *); + +int Configindex = -1; +char *Passfile = DEFAULT_PASSWD; + +int main(int argc, char **argv) +{ + int c; + + Progname = *argv; + + /* Parse option arguments. */ + + while ((c = getopt(argc, argv, "n:p:")) != EOF) { + switch (c) { + + case 'n': + Configindex = atoi(optarg); + break; + + case 'p': + Passfile = optarg; + break; + + default: + USAGE(); + exit(1); + } + } + argc -= optind; + argv += optind; + + if (argc != 1) { + USAGE(); + exit(1); + } + doit(argv[0]); + + return 0; +} + +void doit(char *name) +{ + char passphrase[128], passphrase1[128]; + FILE *f; + struct t_confent *tcent; + struct t_pw eps_passwd; + + /* Get the config entry. */ + + if (Configindex <= 0) { + Configindex = t_getprecount(); + } + tcent = gettcid(Configindex); + if (tcent == NULL) { + fprintf(stderr, "Invalid configuration file entry.\n"); + exit(1); + } + + /* Ask for the passphrase twice. */ + + printf("Setting passphrase for %s\n", name); + + if (t_getpass(passphrase, sizeof(passphrase), "Enter passphrase: ") < 0) { + exit(1); + } + if (t_getpass(passphrase1, sizeof(passphrase1), "Verify: ") < 0) { + exit(1); + } + if (strcmp(passphrase, passphrase1) != 0) { + fprintf(stderr, "mismatch\n"); + exit(1); + } + + /* Create the passphrase verifier. */ + + t_makepwent(&eps_passwd, name, passphrase, NULL, tcent); + + /* Don't need these anymore. */ + + memset(passphrase, 0, sizeof(passphrase)); + memset(passphrase1, 0, sizeof(passphrase1)); + + /* See if the passphrase file is there; create it if not. */ + + if ((f = fopen(Passfile, "r+")) == NULL) { + creat(Passfile, 0400); + } else { + fclose(f); + } + + /* Change the passphrase. */ + + if (t_changepw(Passfile, &eps_passwd.pebuf) < 0) { + fprintf(stderr, "Error changing passphrase\n"); + exit(1); + } +} + +/* TODO: Implement a more general method to handle delete/change */ + +_TYPE( int ) +t_changepw(pwname, diff) + const char * pwname; + const struct t_pwent * diff; +{ + char * bakfile; + char * bakfile2; + struct stat st; + FILE * passfp; + FILE * bakfp; + + if(pwname == NULL) + pwname = DEFAULT_PASSWD; + + if((passfp = fopen(pwname, "rb")) == NULL || fstat(fileno(passfp), &st) < 0) + return -1; + + if((bakfile = malloc(strlen(pwname) + 5)) == NULL) { + fclose(passfp); + return -1; + } + else if((bakfile2 = malloc(strlen(pwname) + 5)) == NULL) { + fclose(passfp); + free(bakfile); + return -1; + } + + sprintf(bakfile, "%s.bak", pwname); + sprintf(bakfile2, "%s.sav", pwname); + + if((bakfp = fopen(bakfile2, "wb")) == NULL && + (unlink(bakfile2) < 0 || (bakfp = fopen(bakfile2, "wb")) == NULL)) { + fclose(passfp); + free(bakfile); + free(bakfile2); + return -1; + } + +#ifdef NO_FCHMOD + chmod(bakfile2, st.st_mode & 0777); +#else + fchmod(fileno(bakfp), st.st_mode & 0777); +#endif + + t_pwcopy(bakfp, passfp, diff); + + fclose(bakfp); + fclose(passfp); + +#ifdef USE_RENAME + unlink(bakfile); + if(rename(pwname, bakfile) < 0) { + free(bakfile); + free(bakfile2); + return -1; + } + if(rename(bakfile2, pwname) < 0) { + free(bakfile); + free(bakfile2); + return -1; + } +#else + unlink(bakfile); + link(pwname, bakfile); + unlink(pwname); + link(bakfile2, pwname); + unlink(bakfile2); +#endif + free(bakfile); + free(bakfile2); + + return 0; +} + +_TYPE( struct t_pwent * ) +t_makepwent(tpw, user, pass, salt, confent) + struct t_pw * tpw; + const char * user; + const char * pass; + const struct t_num * salt; + const struct t_confent * confent; +{ + BigInteger x, v, n, g; + unsigned char dig[SHA_DIGESTSIZE]; + SHA1_CTX ctxt; + + tpw->pebuf.name = tpw->userbuf; + tpw->pebuf.password.data = tpw->pwbuf; + tpw->pebuf.salt.data = tpw->saltbuf; + + strncpy(tpw->pebuf.name, user, MAXUSERLEN); + tpw->pebuf.index = confent->index; + + if(salt) { + tpw->pebuf.salt.len = salt->len; + memcpy(tpw->pebuf.salt.data, salt->data, salt->len); + } + else { + memset(dig, 0, SALTLEN); /* salt is 80 bits */ + tpw->pebuf.salt.len = SALTLEN; + do { + t_random(tpw->pebuf.salt.data, SALTLEN); + } while(memcmp(tpw->pebuf.salt.data, dig, SALTLEN) == 0); + if(tpw->pebuf.salt.data[0] == 0) + tpw->pebuf.salt.data[0] = 0xff; + } + + n = BigIntegerFromBytes(confent->modulus.data, confent->modulus.len); + g = BigIntegerFromBytes(confent->generator.data, confent->generator.len); + v = BigIntegerFromInt(0); + + SHA1Init(&ctxt); + SHA1Update(&ctxt, user, strlen(user)); + SHA1Update(&ctxt, ":", 1); + SHA1Update(&ctxt, pass, strlen(pass)); + SHA1Final(dig, &ctxt); + + SHA1Init(&ctxt); + SHA1Update(&ctxt, tpw->pebuf.salt.data, tpw->pebuf.salt.len); + SHA1Update(&ctxt, dig, sizeof(dig)); + SHA1Final(dig, &ctxt); + + /* x = H(s, H(u, ':', p)) */ + x = BigIntegerFromBytes(dig, sizeof(dig)); + + BigIntegerModExp(v, g, x, n); + tpw->pebuf.password.len = BigIntegerToBytes(v, tpw->pebuf.password.data); + + BigIntegerFree(v); + BigIntegerFree(x); + BigIntegerFree(g); + BigIntegerFree(n); + + return &tpw->pebuf; +} + +int +t_pwcopy(pwdest, pwsrc, diff) + FILE * pwdest; + FILE * pwsrc; + struct t_pwent * diff; +{ + struct t_pw * src; + struct t_pwent * ent; + + if((src = t_openpw(pwsrc)) == NULL) + return -1; + + while((ent = t_getpwent(src)) != NULL) + if(diff && strcmp(diff->name, ent->name) == 0) { + t_putpwent(diff, pwdest); + diff = NULL; + } + else + t_putpwent(ent, pwdest); + + if(diff) + t_putpwent(diff, pwdest); + + return 0; +} + +_TYPE( struct t_pwent * ) +t_getpwent(tpw) + struct t_pw * tpw; +{ + char indexbuf[16]; + char passbuf[MAXB64PARAMLEN]; + char saltstr[MAXB64SALTLEN]; + +#ifdef ENABLE_YP + struct t_passwd * nisent; + /* FIXME: should tell caller to get conf entry from NIS also */ + + if(tpw->state == IN_NIS) { + nisent = _yp_gettpent(); + if(nisent != NULL) { + savepwent(tpw, &nisent->tp); + return &tpw->pebuf; + } + tpw->state = FILE_NIS; + } +#endif + + while(1) { + if(t_nextfield(tpw->instream, tpw->userbuf, MAXUSERLEN) > 0) { +#ifdef ENABLE_YP + if(tpw->state == FILE_NIS && *tpw->userbuf == '+') { + t_nextline(tpw->instream); + if(strlen(tpw->userbuf) > 1) { /* +name:... */ + nisent = _yp_gettpnam(tpw->userbuf + 1); + if(nisent != NULL) { + savepwent(tpw, nisent); + return &tpw->pebuf; + } + } + else { /* +:... */ + tpw->state = IN_NIS; + _yp_settpent(); + return t_getpwent(tpw); + } + } +#endif + if(t_nextfield(tpw->instream, passbuf, MAXB64PARAMLEN) > 0 && + (tpw->pebuf.password.len = t_fromb64(tpw->pwbuf, passbuf)) > 0 && + t_nextfield(tpw->instream, saltstr, MAXB64SALTLEN) > 0 && + (tpw->pebuf.salt.len = t_fromb64(tpw->saltbuf, saltstr)) > 0 && + t_nextfield(tpw->instream, indexbuf, 16) > 0 && + (tpw->pebuf.index = atoi(indexbuf)) > 0) { + tpw->pebuf.name = tpw->userbuf; + tpw->pebuf.password.data = tpw->pwbuf; + tpw->pebuf.salt.data = tpw->saltbuf; + t_nextline(tpw->instream); + return &tpw->pebuf; + } + } + if(t_nextline(tpw->instream) < 0) + return NULL; + } +} + +_TYPE( void ) +t_putpwent(ent, fp) + const struct t_pwent * ent; + FILE * fp; +{ + char strbuf[MAXB64PARAMLEN]; + char saltbuf[MAXB64SALTLEN]; + + fprintf(fp, "%s:%s:%s:%d\n", ent->name, + t_tob64(strbuf, ent->password.data, ent->password.len), + t_tob64(saltbuf, ent->salt.data, ent->salt.len), ent->index); +} + diff --git a/package/network/services/hostapd/Config.in b/package/network/services/hostapd/Config.in new file mode 100644 index 0000000..aee2a15 --- /dev/null +++ b/package/network/services/hostapd/Config.in @@ -0,0 +1,52 @@ +# wpa_supplicant config +config WPA_SUPPLICANT_NO_TIMESTAMP_CHECK + bool "Disable timestamp check" + depends on PACKAGE_wpa-supplicant || PACKAGE_wpa-supplicant-mesh || PACKAGE_wpa-supplicant-mini || PACKAGE_wpad || PACKAGE_wpad-mini || PACAKGE_wpad-mesh + default n + help + This disables the timestamp check for certificates in wpa_supplicant + Useful for devices without RTC that cannot reliably get the real date/time + +choice + prompt "Choose TLS provider" + default WPA_SUPPLICANT_INTERNAL + depends on PACKAGE_wpa-supplicant || PACKAGE_wpa-supplicant-mesh || PACKAGE_wpad || PACKAGE_wpad-mesh + +config WPA_SUPPLICANT_INTERNAL + bool "internal" + depends on PACKAGE_wpa-supplicant || PACKAGE_wpad + +config WPA_SUPPLICANT_OPENSSL + bool "openssl" + select PACKAGE_libopenssl + +endchoice + +config WPA_RFKILL_SUPPORT + bool "Add rfkill support" + depends on PACKAGE_wpa-supplicant || PACKAGE_wpa-supplicant-mesh || PACKAGE_wpa-supplicant-mini || PACKAGE_wpad || PACKAGE_wpad-mini || PACKAGE_wpad-mesh + default n + +config WPA_MSG_MIN_PRIORITY + int "Minimum debug message priority" + default 3 + help + Useful values are: + 0 = all messages + 1 = raw message dumps + 2 = most debugging messages + 3 = info messages + 4 = warnings + 5 = errors + +config DRIVER_WEXT_SUPPORT + bool + default n + +config DRIVER_11N_SUPPORT + bool + default n + +config DRIVER_11W_SUPPORT + bool + default n diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile new file mode 100644 index 0000000..edcfd1b --- /dev/null +++ b/package/network/services/hostapd/Makefile @@ -0,0 +1,446 @@ +# Copyright (C) 2006-2014 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=hostapd +PKG_VERSION:=2015-03-25 +PKG_RELEASE:=1 +PKG_REV:=8278138e679174b1ec8af7f169c2810a8888e202 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 +PKG_SOURCE_URL:=git://w1.fi/srv/git/hostap.git +PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION) +PKG_SOURCE_VERSION:=$(PKG_REV) +PKG_SOURCE_PROTO:=git +# PKG_MIRROR_MD5SUM:=4e7c1f97edd7514535056fce54ae053a + +PKG_MAINTAINER:=Felix Fietkau <nbd@openwrt.org> +PKG_LICENSE:=BSD-3-Clause + +PKG_BUILD_PARALLEL:=1 + +PKG_CONFIG_DEPENDS:= \ + CONFIG_WPA_SUPPLICANT_NO_TIMESTAMP_CHECK \ + CONFIG_PACKAGE_kmod-ath9k \ + CONFIG_PACKAGE_kmod-cfg80211 \ + CONFIG_PACKAGE_hostapd \ + CONFIG_PACKAGE_hostapd-mini \ + CONFIG_PACKAGE_kmod-hostap \ + CONFIG_WPA_RFKILL_SUPPORT \ + CONFIG_DRIVER_WEXT_SUPPORT \ + CONFIG_DRIVER_11N_SUPPORT + +LOCAL_TYPE=$(strip \ + $(if $(findstring wpad,$(BUILD_VARIANT)),wpad, \ + $(if $(findstring supplicant,$(BUILD_VARIANT)),supplicant, \ + hostapd \ + ))) +LOCAL_VARIANT=$(patsubst wpad-%,%,$(patsubst supplicant-%,%,$(BUILD_VARIANT))) + +ifeq ($(LOCAL_TYPE),supplicant) + ifeq ($(LOCAL_VARIANT),full) + PKG_CONFIG_DEPENDS += \ + CONFIG_WPA_SUPPLICANT_INTERNAL \ + CONFIG_WPA_SUPPLICANT_OPENSSL + endif + ifeq ($(LOCAL_VARIANT),mesh) + PKG_CONFIG_DEPENDS += \ + CONFIG_WPA_SUPPLICANT_OPENSSL + endif +endif + +PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION) + +include $(INCLUDE_DIR)/package.mk + +STAMP_CONFIGURED:=$(STAMP_CONFIGURED)_$(CONFIG_WPA_MSG_MIN_PRIORITY) + +ifneq ($(CONFIG_DRIVER_11N_SUPPORT),) + HOSTAPD_IEEE80211N:=y +endif + +DRIVER_MAKEOPTS= \ + CONFIG_ACS=$(CONFIG_PACKAGE_kmod-cfg80211) \ + CONFIG_DRIVER_NL80211=$(CONFIG_PACKAGE_kmod-cfg80211) \ + CONFIG_DRIVER_HOSTAP=$(CONFIG_PACKAGE_kmod-hostap) \ + CONFIG_IEEE80211N=$(HOSTAPD_IEEE80211N) \ + CONFIG_DRIVER_WEXT=$(CONFIG_DRIVER_WEXT_SUPPORT) \ + +ifeq ($(LOCAL_VARIANT),full) + DRIVER_MAKEOPTS += CONFIG_IEEE80211W=$(CONFIG_DRIVER_11W_SUPPORT) +endif + +ifneq ($(LOCAL_TYPE),hostapd) + ifdef CONFIG_WPA_SUPPLICANT_OPENSSL + ifeq ($(LOCAL_VARIANT),full) + DRIVER_MAKEOPTS += CONFIG_TLS=openssl + TARGET_LDFLAGS += -lcrypto -lssl + endif + endif + ifeq ($(LOCAL_VARIANT),mesh) + DRIVER_MAKEOPTS += CONFIG_TLS=openssl + TARGET_LDFLAGS += -lcrypto -lssl + endif + ifdef CONFIG_WPA_SUPPLICANT_NO_TIMESTAMP_CHECK + TARGET_CFLAGS += -DNO_TIMESTAMP_CHECK + endif + ifdef CONFIG_WPA_RFKILL_SUPPORT + DRIVER_MAKEOPTS += NEED_RFKILL=y + endif + DRIVER_MAKEOPTS += \ + CONFIG_DRIVER_ROBOSWITCH=$(CONFIG_PACKAGE_kmod-switch) +endif + +ifdef CONFIG_USE_GLIBC + TARGET_LDFLAGS += -lrt + TARGET_LDFLAGS_C += -lrt +endif + +DRV_DEPENDS:=+PACKAGE_kmod-cfg80211:libnl-tiny + +define Package/hostapd/Default + SECTION:=net + CATEGORY:=Network + TITLE:=IEEE 802.1x Authenticator + URL:=http://hostap.epitest.fi/ + DEPENDS:=$(DRV_DEPENDS) +hostapd-common +libubus +endef + +define Package/hostapd +$(call Package/hostapd/Default) + TITLE+= (full) + VARIANT:=full + CONFLICTS:=wpad wpad-mini wpad-mesh +endef + +define Package/hostapd/description + This package contains a full featured IEEE 802.1x/WPA/EAP/RADIUS + Authenticator. +endef + +define Package/hostapd-mini +$(call Package/hostapd/Default) + TITLE+= (WPA-PSK only) + VARIANT:=mini + CONFLICTS:=wpad wpad-mini wpad-mesh +endef + +define Package/hostapd-mini/description + This package contains a minimal IEEE 802.1x/WPA Authenticator (WPA-PSK only). +endef + +define Package/hostapd-utils + $(call Package/hostapd/Default) + TITLE+= (utils) + DEPENDS:=@PACKAGE_hostapd||PACKAGE_hostapd-mini||PACKAGE_wpad||PACKAGE_wpad-mesh||PACKAGE_wpad-mini +endef + +define Package/hostapd-utils/description + This package contains a command line utility to control the + IEEE 802.1x/WPA/EAP/RADIUS Authenticator. +endef + +define Package/wpad/Default + SECTION:=net + CATEGORY:=Network + TITLE:=IEEE 802.1x Authenticator/Supplicant + DEPENDS:=$(DRV_DEPENDS) +hostapd-common +libubus + URL:=http://hostap.epitest.fi/ +endef + +define Package/wpad +$(call Package/wpad/Default) + TITLE+= (full) + DEPENDS+=+WPA_SUPPLICANT_OPENSSL:libopenssl + VARIANT:=wpad-full +endef + +define Package/wpad/description + This package contains a full featured IEEE 802.1x/WPA/EAP/RADIUS + Authenticator and Supplicant +endef + +define Package/wpad-mini +$(call Package/wpad/Default) + TITLE+= (WPA-PSK only) + VARIANT:=wpad-mini +endef + +define Package/wpad-mini/description + This package contains a minimal IEEE 802.1x/WPA Authenticator and Supplicant (WPA-PSK only). +endef + +define Package/wpad-mesh +$(call Package/wpad/Default) + TITLE+= (with 802.11s mesh and SAE support) + DEPENDS:=$(DRV_DEPENDS) +libubus +PACKAGE_wpad-mesh:libopenssl +@CONFIG_WPA_SUPPLICANT_OPENSSL @(!TARGET_uml||BROKEN) + CONFLICTS:=@WPA_SUPPLICANT_INTERNAL + VARIANT:=wpad-mesh +endef + +define Package/wpad-mesh/description + This package contains a minimal IEEE 802.1x/WPA Authenticator and Supplicant (with 802.11s mesh and SAE support). +endef + +define Package/wpa-supplicant + SECTION:=net + CATEGORY:=Network + TITLE:=WPA Supplicant + URL:=http://hostap.epitest.fi/wpa_supplicant/ + DEPENDS:=$(DRV_DEPENDS) +WPA_SUPPLICANT_OPENSSL:libopenssl + CONFLICTS:=wpad wpad-mini wpad-mesh + VARIANT:=supplicant-full +endef + +define Package/wpa-supplicant/Description + WPA Supplicant +endef + +define Package/wpa-supplicant/config + source "$(SOURCE)/Config.in" +endef + +define Package/wpa-supplicant-p2p + $(Package/wpa-supplicant) + TITLE:=WPA Supplicant (with Wi-Fi P2P support) + DEPENDS:=$(DRV_DEPENDS) + CONFLICTS:=wpad wpad-mini wpad-mesh + VARIANT:=supplicant-p2p +endef + +define Package/wpa-supplicant-p2p/Description + WPA Supplicant (with Wi-Fi P2P support) +endef + +define Package/wpa-supplicant-mesh + $(Package/wpa-supplicant) + TITLE:=WPA Supplicant (with 802.11s and SAE) + DEPENDS:=$(DRV_DEPENDS) @(!TARGET_uml||BROKEN) + CONFLICTS:=wpad wpad-mesh wpad-mesh + VARIANT:=supplicant-mesh +endef + +define Package/wpa-supplicant-mesh/Description + WPA Supplicant (variant with 802.11s and SAE support) +endef + +define Package/wpa-supplicant-mini + $(Package/wpa-supplicant) + TITLE:=WPA Supplicant (minimal version) + DEPENDS:=$(DRV_DEPENDS) + CONFLICTS:=wpad wpad-mini wpad-mesh + VARIANT:=supplicant-mini +endef + +define Package/wpa-supplicant-mini/Description + WPA Supplicant (minimal version) +endef + +define Package/wpa-cli + SECTION:=net + CATEGORY:=Network + DEPENDS:=@PACKAGE_wpa-supplicant||PACKAGE_wpa-supplicant-p2p||PACKAGE_wpad-mini||PACKAGE_wpad||PACKAGE_wpad-mesh + TITLE:=WPA Supplicant command line interface +endef + +define Package/wpa-cli/Description + WPA Supplicant control utility +endef + +define Package/hostapd-common + TITLE:=hostapd/wpa_supplicant common support files + SECTION:=net + CATEGORY:=Network +endef + +define Package/hostapd-common-old + TITLE:=hostapd/wpa_supplicant common support files (legacy drivers) + SECTION:=net + CATEGORY:=Network +endef + +define Package/eapol-test + TITLE:=802.1x authentication test utility + SECTION:=net + CATEGORY:=Network + VARIANT:=supplicant-full + DEPENDS:=$(DRV_DEPENDS) +endef + + +ifneq ($(wildcard $(PKG_BUILD_DIR)/.config_*),$(subst .configured_,.config_,$(STAMP_CONFIGURED))) + define Build/Configure/rebuild + $(FIND) $(PKG_BUILD_DIR) -name \*.o -or -name \*.a | $(XARGS) rm -f + rm -f $(PKG_BUILD_DIR)/hostapd/hostapd + rm -f $(PKG_BUILD_DIR)/wpa_supplicant/wpa_supplicant + rm -f $(PKG_BUILD_DIR)/.config_* + touch $(subst .configured_,.config_,$(STAMP_CONFIGURED)) + endef +endif + +define Build/Configure + $(Build/Configure/rebuild) + $(if $(wildcard ./files/hostapd-$(LOCAL_VARIANT).config), \ + $(CP) ./files/hostapd-$(LOCAL_VARIANT).config $(PKG_BUILD_DIR)/hostapd/.config \ + ) + $(CP) ./files/wpa_supplicant-$(LOCAL_VARIANT).config $(PKG_BUILD_DIR)/wpa_supplicant/.config +endef + +TARGET_CPPFLAGS := \ + -I$(STAGING_DIR)/usr/include/libnl-tiny \ + -I$(PKG_BUILD_DIR)/src/crypto \ + $(TARGET_CPPFLAGS) \ + -DCONFIG_LIBNL20 \ + -D_GNU_SOURCE \ + $(if $(CONFIG_WPA_MSG_MIN_PRIORITY),-DCONFIG_MSG_MIN_PRIORITY=$(CONFIG_WPA_MSG_MIN_PRIORITY)) + +TARGET_CFLAGS += -ffunction-sections -fdata-sections +TARGET_LDFLAGS += -Wl,--gc-sections +ifeq ($(findstring supplicant,$(BUILD_VARIANT)),) + TARGET_LDFLAGS += -lubox -lubus +endif + +ifdef CONFIG_PACKAGE_kmod-cfg80211 + TARGET_LDFLAGS += -lm -lnl-tiny +endif + +define Build/RunMake + CFLAGS="$(TARGET_CPPFLAGS) $(TARGET_CFLAGS)" \ + $(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR)/$(1) \ + $(TARGET_CONFIGURE_OPTS) \ + $(DRIVER_MAKEOPTS) \ + LIBS="$(TARGET_LDFLAGS)" \ + LIBS_c="$(TARGET_LDFLAGS_C)" \ + BCHECK= \ + $(2) +endef + +define Build/Compile/wpad + echo ` \ + $(call Build/RunMake,hostapd,-s MULTICALL=1 dump_cflags); \ + $(call Build/RunMake,wpa_supplicant,-s MULTICALL=1 dump_cflags) | \ + sed -e 's,-n ,,g' -e 's^$(TARGET_CFLAGS)^^' \ + ` > $(PKG_BUILD_DIR)/.cflags + +$(call Build/RunMake,hostapd, \ + CFLAGS="$$$$(cat $(PKG_BUILD_DIR)/.cflags)" \ + MULTICALL=1 \ + hostapd_cli hostapd_multi.a \ + ) + +$(call Build/RunMake,wpa_supplicant, \ + CFLAGS="$$$$(cat $(PKG_BUILD_DIR)/.cflags)" \ + MULTICALL=1 \ + wpa_cli wpa_supplicant_multi.a \ + ) + $(TARGET_CC) -o $(PKG_BUILD_DIR)/wpad \ + $(TARGET_CFLAGS) \ + ./files/multicall.c \ + $(PKG_BUILD_DIR)/hostapd/hostapd_multi.a \ + $(PKG_BUILD_DIR)/wpa_supplicant/wpa_supplicant_multi.a \ + $(TARGET_LDFLAGS) +endef + +define Build/Compile/hostapd + $(call Build/RunMake,hostapd, \ + hostapd hostapd_cli \ + ) +endef + +define Build/Compile/supplicant + $(call Build/RunMake,wpa_supplicant, \ + wpa_cli wpa_supplicant \ + ) +endef + +define Build/Compile/supplicant-full + $(call Build/RunMake,wpa_supplicant, \ + eapol_test \ + ) +endef + +define Build/Compile + $(Build/Compile/$(LOCAL_TYPE)) + $(Build/Compile/$(BUILD_VARIANT)) +endef + +define Install/hostapd + $(INSTALL_DIR) $(1)/usr/sbin +endef + +define Install/supplicant + $(INSTALL_DIR) $(1)/usr/sbin +endef + +define Package/hostapd-common/install + $(INSTALL_DIR) $(1)/lib/netifd + $(INSTALL_DATA) ./files/netifd.sh $(1)/lib/netifd/hostapd.sh +endef + +define Package/hostapd-common-old/install + $(INSTALL_DIR) $(1)/lib/wifi + $(INSTALL_DATA) ./files/hostapd.sh $(1)/lib/wifi/hostapd.sh + $(INSTALL_DATA) ./files/wpa_supplicant.sh $(1)/lib/wifi/wpa_supplicant.sh +endef + +define Package/hostapd/install + $(call Install/hostapd,$(1)) + $(INSTALL_BIN) $(PKG_BUILD_DIR)/hostapd/hostapd $(1)/usr/sbin/ +endef +Package/hostapd-mini/install = $(Package/hostapd/install) + +ifneq ($(LOCAL_TYPE),supplicant) + define Package/hostapd-utils/install + $(INSTALL_DIR) $(1)/usr/sbin $(1)/etc/rc.button + $(INSTALL_BIN) $(PKG_BUILD_DIR)/hostapd/hostapd_cli $(1)/usr/sbin/ + $(INSTALL_BIN) ./files/wps-hotplug.sh $(1)/etc/rc.button/wps + endef +endif + +define Package/wpad/install + $(call Install/hostapd,$(1)) + $(call Install/supplicant,$(1)) + $(INSTALL_BIN) $(PKG_BUILD_DIR)/wpad $(1)/usr/sbin/ + $(LN) wpad $(1)/usr/sbin/hostapd + $(LN) wpad $(1)/usr/sbin/wpa_supplicant +endef +Package/wpad-mini/install = $(Package/wpad/install) +Package/wpad-mesh/install = $(Package/wpad/install) + +define Package/wpa-supplicant/install + $(call Install/supplicant,$(1)) + $(INSTALL_BIN) $(PKG_BUILD_DIR)/wpa_supplicant/wpa_supplicant $(1)/usr/sbin/ +endef +Package/wpa-supplicant-mini/install = $(Package/wpa-supplicant/install) +Package/wpa-supplicant-p2p/install = $(Package/wpa-supplicant/install) + +ifneq ($(LOCAL_TYPE),hostapd) + define Package/wpa-cli/install + $(INSTALL_DIR) $(1)/usr/sbin + $(CP) $(PKG_BUILD_DIR)/wpa_supplicant/wpa_cli $(1)/usr/sbin/ + endef +endif + +ifeq ($(BUILD_VARIANT),supplicant-full) + define Package/eapol-test/install + $(INSTALL_DIR) $(1)/usr/sbin + $(CP) $(PKG_BUILD_DIR)/wpa_supplicant/eapol_test $(1)/usr/sbin/ + endef +endif + +$(eval $(call BuildPackage,hostapd)) +$(eval $(call BuildPackage,hostapd-mini)) +$(eval $(call BuildPackage,wpad)) +$(eval $(call BuildPackage,wpad-mesh)) +$(eval $(call BuildPackage,wpad-mini)) +$(eval $(call BuildPackage,wpa-supplicant)) +$(eval $(call BuildPackage,wpa-supplicant-mesh)) +$(eval $(call BuildPackage,wpa-supplicant-mini)) +$(eval $(call BuildPackage,wpa-supplicant-p2p)) +$(eval $(call BuildPackage,wpa-cli)) +$(eval $(call BuildPackage,hostapd-utils)) +$(eval $(call BuildPackage,hostapd-common)) +$(eval $(call BuildPackage,hostapd-common-old)) +$(eval $(call BuildPackage,eapol-test)) diff --git a/package/network/services/hostapd/files/hostapd-full.config b/package/network/services/hostapd/files/hostapd-full.config new file mode 100644 index 0000000..f1b2655 --- /dev/null +++ b/package/network/services/hostapd/files/hostapd-full.config @@ -0,0 +1,166 @@ +# Example hostapd build time configuration +# +# This file lists the configuration options that are used when building the +# hostapd binary. All lines starting with # are ignored. Configuration option +# lines must be commented out complete, if they are not to be included, i.e., +# just setting VARIABLE=n is not disabling that variable. +# +# This file is included in Makefile, so variables like CFLAGS and LIBS can also +# be modified from here. In most cass, these lines should use += in order not +# to override previous values of the variables. + +# Driver interface for Host AP driver +CONFIG_DRIVER_HOSTAP=y + +# Driver interface for wired authenticator +CONFIG_DRIVER_WIRED=y + +# Driver interface for Prism54 driver +#CONFIG_DRIVER_PRISM54=y + +# Driver interface for drivers using the nl80211 kernel interface +CONFIG_DRIVER_NL80211=y +# driver_nl80211.c requires a rather new libnl (version 1.1) which may not be +# shipped with your distribution yet. If that is the case, you need to build +# newer libnl version and point the hostapd build to use it. +#LIBNL=/usr/src/libnl +#CFLAGS += -I$(LIBNL)/include +#LIBS += -L$(LIBNL)/lib + +# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) +#CONFIG_DRIVER_BSD=y +#CFLAGS += -I/usr/local/include +#LIBS += -L/usr/local/lib + +# Driver interface for no driver (e.g., RADIUS server only) +#CONFIG_DRIVER_NONE=y + +# IEEE 802.11F/IAPP +CONFIG_IAPP=y + +# WPA2/IEEE 802.11i RSN pre-authentication +CONFIG_RSN_PREAUTH=y + +# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) +CONFIG_PEERKEY=y + +# IEEE 802.11w (management frame protection) +# This version is an experimental implementation based on IEEE 802.11w/D1.0 +# draft and is subject to change since the standard has not yet been finalized. +# Driver support is also needed for IEEE 802.11w. +#CONFIG_IEEE80211W=y + +# Integrated EAP server +CONFIG_EAP=y + +# EAP-MD5 for the integrated EAP server +CONFIG_EAP_MD5=y + +# EAP-TLS for the integrated EAP server +CONFIG_EAP_TLS=y + +# EAP-MSCHAPv2 for the integrated EAP server +CONFIG_EAP_MSCHAPV2=y + +# EAP-PEAP for the integrated EAP server +CONFIG_EAP_PEAP=y + +# EAP-GTC for the integrated EAP server +CONFIG_EAP_GTC=y + +# EAP-TTLS for the integrated EAP server +CONFIG_EAP_TTLS=y + +# EAP-SIM for the integrated EAP server +#CONFIG_EAP_SIM=y + +# EAP-AKA for the integrated EAP server +#CONFIG_EAP_AKA=y + +# EAP-AKA' for the integrated EAP server +# This requires CONFIG_EAP_AKA to be enabled, too. +#CONFIG_EAP_AKA_PRIME=y + +# EAP-PAX for the integrated EAP server +#CONFIG_EAP_PAX=y + +# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK) +#CONFIG_EAP_PSK=y + +# EAP-SAKE for the integrated EAP server +#CONFIG_EAP_SAKE=y + +# EAP-GPSK for the integrated EAP server +#CONFIG_EAP_GPSK=y +# Include support for optional SHA256 cipher suite in EAP-GPSK +#CONFIG_EAP_GPSK_SHA256=y + +# EAP-FAST for the integrated EAP server +# Note: Default OpenSSL package does not include support for all the +# functionality needed for EAP-FAST. If EAP-FAST is enabled with OpenSSL, +# the OpenSSL library must be patched (openssl-0.9.9-session-ticket.patch) +# to add the needed functions. +#CONFIG_EAP_FAST=y + +# Wi-Fi Protected Setup (WPS) +CONFIG_WPS=y +CONFIG_WPS2=y +# Enable UPnP support for external WPS Registrars +#CONFIG_WPS_UPNP=y + +# EAP-IKEv2 +#CONFIG_EAP_IKEV2=y + +# Trusted Network Connect (EAP-TNC) +#CONFIG_EAP_TNC=y + +# PKCS#12 (PFX) support (used to read private key and certificate file from +# a file that usually has extension .p12 or .pfx) +CONFIG_PKCS12=y + +# RADIUS authentication server. This provides access to the integrated EAP +# server from external hosts using RADIUS. +#CONFIG_RADIUS_SERVER=y + +# Build IPv6 support for RADIUS operations +CONFIG_IPV6=y + +# IEEE Std 802.11r-2008 (Fast BSS Transition) +CONFIG_IEEE80211R=y + +# Use the hostapd's IEEE 802.11 authentication (ACL), but without +# the IEEE 802.11 Management capability (e.g. FreeBSD/net80211) +#CONFIG_DRIVER_RADIUS_ACL=y + +# IEEE 802.11n (High Throughput) support +CONFIG_IEEE80211N=y + +# IEEE 802.11ac (Very High Throughput) support +CONFIG_IEEE80211AC=y + +# Remove debugging code that is printing out debug messages to stdout. +# This can be used to reduce the size of the hostapd considerably if debugging +# code is not needed. +#CONFIG_NO_STDOUT_DEBUG=y + +# Remove support for RADIUS accounting +#CONFIG_NO_ACCOUNTING=y + +# Remove support for RADIUS +#CONFIG_NO_RADIUS=y + +# Remove support for VLANs +#CONFIG_NO_VLAN=y + +CONFIG_TLS=internal +CONFIG_INTERNAL_LIBTOMMATH=y +CONFIG_INTERNAL_AES=y +NEED_AES_DEC=y + +CONFIG_NO_RANDOM_POOL=y +CONFIG_NO_DUMP_STATE=y + +CONFIG_WPS=y +CONFIG_FULL_DYNAMIC_VLAN=y + +CONFIG_UBUS=y diff --git a/package/network/services/hostapd/files/hostapd-mini.config b/package/network/services/hostapd/files/hostapd-mini.config new file mode 100644 index 0000000..118d97c --- /dev/null +++ b/package/network/services/hostapd/files/hostapd-mini.config @@ -0,0 +1,159 @@ +# Example hostapd build time configuration +# +# This file lists the configuration options that are used when building the +# hostapd binary. All lines starting with # are ignored. Configuration option +# lines must be commented out complete, if they are not to be included, i.e., +# just setting VARIABLE=n is not disabling that variable. +# +# This file is included in Makefile, so variables like CFLAGS and LIBS can also +# be modified from here. In most cass, these lines should use += in order not +# to override previous values of the variables. + +# Driver interface for Host AP driver +CONFIG_DRIVER_HOSTAP=y + +# Driver interface for wired authenticator +CONFIG_DRIVER_WIRED=y + +# Driver interface for Prism54 driver +#CONFIG_DRIVER_PRISM54=y + +# Driver interface for drivers using the nl80211 kernel interface +CONFIG_DRIVER_NL80211=y +# driver_nl80211.c requires a rather new libnl (version 1.1) which may not be +# shipped with your distribution yet. If that is the case, you need to build +# newer libnl version and point the hostapd build to use it. +#LIBNL=/usr/src/libnl +#CFLAGS += -I$(LIBNL)/include +#LIBS += -L$(LIBNL)/lib + +# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) +#CONFIG_DRIVER_BSD=y +#CFLAGS += -I/usr/local/include +#LIBS += -L/usr/local/lib + +# Driver interface for no driver (e.g., RADIUS server only) +#CONFIG_DRIVER_NONE=y + +# IEEE 802.11F/IAPP +# CONFIG_IAPP=y + +# WPA2/IEEE 802.11i RSN pre-authentication +CONFIG_RSN_PREAUTH=y + +# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) +CONFIG_PEERKEY=y + +# IEEE 802.11w (management frame protection) +# This version is an experimental implementation based on IEEE 802.11w/D1.0 +# draft and is subject to change since the standard has not yet been finalized. +# Driver support is also needed for IEEE 802.11w. +#CONFIG_IEEE80211W=y + +# Integrated EAP server +#CONFIG_EAP=y + +# EAP-MD5 for the integrated EAP server +#CONFIG_EAP_MD5=y + +# EAP-TLS for the integrated EAP server +#CONFIG_EAP_TLS=y + +# EAP-MSCHAPv2 for the integrated EAP server +#CONFIG_EAP_MSCHAPV2=y + +# EAP-PEAP for the integrated EAP server +#CONFIG_EAP_PEAP=y + +# EAP-GTC for the integrated EAP server +#CONFIG_EAP_GTC=y + +# EAP-TTLS for the integrated EAP server +#CONFIG_EAP_TTLS=y + +# EAP-SIM for the integrated EAP server +#CONFIG_EAP_SIM=y + +# EAP-AKA for the integrated EAP server +#CONFIG_EAP_AKA=y + +# EAP-AKA' for the integrated EAP server +# This requires CONFIG_EAP_AKA to be enabled, too. +#CONFIG_EAP_AKA_PRIME=y + +# EAP-PAX for the integrated EAP server +#CONFIG_EAP_PAX=y + +# EAP-PSK for the integrated EAP server (this is _not_ needed for WPA-PSK) +#CONFIG_EAP_PSK=y + +# EAP-SAKE for the integrated EAP server +#CONFIG_EAP_SAKE=y + +# EAP-GPSK for the integrated EAP server +#CONFIG_EAP_GPSK=y +# Include support for optional SHA256 cipher suite in EAP-GPSK +#CONFIG_EAP_GPSK_SHA256=y + +# EAP-FAST for the integrated EAP server +# Note: Default OpenSSL package does not include support for all the +# functionality needed for EAP-FAST. If EAP-FAST is enabled with OpenSSL, +# the OpenSSL library must be patched (openssl-0.9.9-session-ticket.patch) +# to add the needed functions. +#CONFIG_EAP_FAST=y + +# Wi-Fi Protected Setup (WPS) +#CONFIG_WPS=y +# Enable UPnP support for external WPS Registrars +#CONFIG_WPS_UPNP=y + +# EAP-IKEv2 +#CONFIG_EAP_IKEV2=y + +# Trusted Network Connect (EAP-TNC) +#CONFIG_EAP_TNC=y + +# PKCS#12 (PFX) support (used to read private key and certificate file from +# a file that usually has extension .p12 or .pfx) +#CONFIG_PKCS12=y + +# RADIUS authentication server. This provides access to the integrated EAP +# server from external hosts using RADIUS. +#CONFIG_RADIUS_SERVER=y + +# Build IPv6 support for RADIUS operations +#CONFIG_IPV6=y + +# IEEE Std 802.11r-2008 (Fast BSS Transition) +#CONFIG_IEEE80211R=y + +# Use the hostapd's IEEE 802.11 authentication (ACL), but without +# the IEEE 802.11 Management capability (e.g. FreeBSD/net80211) +#CONFIG_DRIVER_RADIUS_ACL=y + +# IEEE 802.11n (High Throughput) support +CONFIG_IEEE80211N=y + +# IEEE 802.11ac (Very High Throughput) support +CONFIG_IEEE80211AC=y + +# Remove debugging code that is printing out debug messages to stdout. +# This can be used to reduce the size of the hostapd considerably if debugging +# code is not needed. +#CONFIG_NO_STDOUT_DEBUG=y + +# Remove support for RADIUS accounting +CONFIG_NO_ACCOUNTING=y + +# Remove support for RADIUS +CONFIG_NO_RADIUS=y + +# Remove support for VLANs +#CONFIG_NO_VLAN=y + +CONFIG_TLS=internal + +CONFIG_NO_RANDOM_POOL=y +CONFIG_NO_DUMP_STATE=y + +CONFIG_UBUS=y diff --git a/package/network/services/hostapd/files/hostapd.sh b/package/network/services/hostapd/files/hostapd.sh new file mode 100644 index 0000000..7aec7ad --- /dev/null +++ b/package/network/services/hostapd/files/hostapd.sh @@ -0,0 +1,394 @@ +hostapd_set_bss_options() { + local var="$1" + local vif="$2" + local enc wep_rekey wpa_group_rekey wpa_pair_rekey wpa_master_rekey wps_possible wpa_key_mgmt + + config_get enc "$vif" encryption "none" + config_get wep_rekey "$vif" wep_rekey # 300 + config_get wpa_group_rekey "$vif" wpa_group_rekey # 300 + config_get wpa_pair_rekey "$vif" wpa_pair_rekey # 300 + config_get wpa_master_rekey "$vif" wpa_master_rekey # 640 + config_get_bool ap_isolate "$vif" isolate 0 + config_get_bool disassoc_low_ack "$vif" disassoc_low_ack 1 + config_get max_num_sta "$vif" max_num_sta 0 + config_get max_inactivity "$vif" max_inactivity 0 + config_get_bool preamble "$vif" short_preamble 1 + + config_get device "$vif" device + config_get hwmode "$device" hwmode + config_get phy "$device" phy + + append "$var" "ctrl_interface=/var/run/hostapd-$phy" "$N" + + if [ "$ap_isolate" -gt 0 ]; then + append "$var" "ap_isolate=$ap_isolate" "$N" + fi + if [ "$max_num_sta" -gt 0 ]; then + append "$var" "max_num_sta=$max_num_sta" "$N" + fi + if [ "$max_inactivity" -gt 0 ]; then + append "$var" "ap_max_inactivity=$max_inactivity" "$N" + fi + append "$var" "disassoc_low_ack=$disassoc_low_ack" "$N" + if [ "$preamble" -gt 0 ]; then + append "$var" "preamble=$preamble" "$N" + fi + + # Examples: + # psk-mixed/tkip => WPA1+2 PSK, TKIP + # wpa-psk2/tkip+aes => WPA2 PSK, CCMP+TKIP + # wpa2/tkip+aes => WPA2 RADIUS, CCMP+TKIP + # ... + + # TODO: move this parsing function somewhere generic, so that + # later it can be reused by drivers that don't use hostapd + + # crypto defaults: WPA2 vs WPA1 + case "$enc" in + wpa2*|*psk2*) + wpa=2 + crypto="CCMP" + ;; + *mixed*) + wpa=3 + crypto="CCMP TKIP" + ;; + *) + wpa=1 + crypto="TKIP" + ;; + esac + + # explicit override for crypto setting + case "$enc" in + *tkip+aes|*tkip+ccmp|*aes+tkip|*ccmp+tkip) crypto="CCMP TKIP";; + *aes|*ccmp) crypto="CCMP";; + *tkip) crypto="TKIP";; + esac + + # enforce CCMP for 11ng and 11na + case "$hwmode:$crypto" in + *ng:TKIP|*na:TKIP) crypto="CCMP TKIP";; + esac + + # use crypto/auth settings for building the hostapd config + case "$enc" in + none) + wps_possible=1 + wpa=0 + crypto= + # Here we make the assumption that if we're in open mode + # with WPS enabled, we got to be in unconfigured state. + wps_not_configured=1 + ;; + *psk*) + config_get psk "$vif" key + if [ ${#psk} -eq 64 ]; then + append "$var" "wpa_psk=$psk" "$N" + else + append "$var" "wpa_passphrase=$psk" "$N" + fi + wps_possible=1 + [ -n "$wpa_group_rekey" ] && append "$var" "wpa_group_rekey=$wpa_group_rekey" "$N" + [ -n "$wpa_pair_rekey" ] && append "$var" "wpa_ptk_rekey=$wpa_pair_rekey" "$N" + [ -n "$wpa_master_rekey" ] && append "$var" "wpa_gmk_rekey=$wpa_master_rekey" "$N" + append wpa_key_mgmt "WPA-PSK" + ;; + *wpa*|*8021x*) + # required fields? formats? + # hostapd is particular, maybe a default configuration for failures + config_get auth_server "$vif" auth_server + [ -z "$auth_server" ] && config_get auth_server "$vif" server + append "$var" "auth_server_addr=$auth_server" "$N" + config_get auth_port "$vif" auth_port + [ -z "$auth_port" ] && config_get auth_port "$vif" port + auth_port=${auth_port:-1812} + append "$var" "auth_server_port=$auth_port" "$N" + config_get auth_secret "$vif" auth_secret + [ -z "$auth_secret" ] && config_get auth_secret "$vif" key + append "$var" "auth_server_shared_secret=$auth_secret" "$N" + # You don't really want to enable this unless you are doing + # some corner case testing or are using OpenWrt as a work around + # for some systematic issues. + config_get_bool auth_cache "$vif" auth_cache 0 + config_get rsn_preauth "$vif" rsn_preauth + [ "$auth_cache" -gt 0 ] || [[ "$rsn_preauth" = 1 ]] || append "$var" "disable_pmksa_caching=1" "$N" + [ "$auth_cache" -gt 0 ] || [[ "$rsn_preauth" = 1 ]] || append "$var" "okc=0" "$N" + config_get acct_server "$vif" acct_server + [ -n "$acct_server" ] && append "$var" "acct_server_addr=$acct_server" "$N" + config_get acct_port "$vif" acct_port + [ -n "$acct_port" ] && acct_port=${acct_port:-1813} + [ -n "$acct_port" ] && append "$var" "acct_server_port=$acct_port" "$N" + config_get acct_secret "$vif" acct_secret + [ -n "$acct_secret" ] && append "$var" "acct_server_shared_secret=$acct_secret" "$N" + config_get eap_reauth_period "$vif" eap_reauth_period + [ -n "$eap_reauth_period" ] && append "$var" "eap_reauth_period=$eap_reauth_period" "$N" + config_get dae_client "$vif" dae_client + config_get dae_secret "$vif" dae_secret + [ -n "$dae_client" -a -n "$dae_secret" ] && { + config_get dae_port "$vif" dae_port + append "$var" "radius_das_port=${dae_port:-3799}" "$N" + append "$var" "radius_das_client=$dae_client $dae_secret" "$N" + } + config_get ownip "$vif" ownip + append "$var" "own_ip_addr=$ownip" "$N" + append "$var" "eapol_key_index_workaround=1" "$N" + append "$var" "ieee8021x=1" "$N" + append wpa_key_mgmt "WPA-EAP" + [ -n "$wpa_group_rekey" ] && append "$var" "wpa_group_rekey=$wpa_group_rekey" "$N" + [ -n "$wpa_pair_rekey" ] && append "$var" "wpa_ptk_rekey=$wpa_pair_rekey" "$N" + [ -n "$wpa_master_rekey" ] && append "$var" "wpa_gmk_rekey=$wpa_master_rekey" "$N" + ;; + *wep*) + config_get key "$vif" key + key="${key:-1}" + case "$key" in + [1234]) + for idx in 1 2 3 4; do + local zidx + zidx=$(($idx - 1)) + config_get ckey "$vif" "key${idx}" + [ -n "$ckey" ] && \ + append "$var" "wep_key${zidx}=$(prepare_key_wep "$ckey")" "$N" + done + append "$var" "wep_default_key=$((key - 1))" "$N" + ;; + *) + append "$var" "wep_key0=$(prepare_key_wep "$key")" "$N" + append "$var" "wep_default_key=0" "$N" + [ -n "$wep_rekey" ] && append "$var" "wep_rekey_period=$wep_rekey" "$N" + ;; + esac + case "$enc" in + *shared*) + auth_algs=2 + ;; + *mixed*) + auth_algs=3 + ;; + esac + wpa=0 + crypto= + ;; + *) + wpa=0 + crypto= + ;; + esac + append "$var" "auth_algs=${auth_algs:-1}" "$N" + append "$var" "wpa=$wpa" "$N" + [ -n "$crypto" ] && append "$var" "wpa_pairwise=$crypto" "$N" + [ -n "$wpa_group_rekey" ] && append "$var" "wpa_group_rekey=$wpa_group_rekey" "$N" + + config_get ssid "$vif" ssid + config_get bridge "$vif" bridge + config_get ieee80211d "$vif" ieee80211d + config_get iapp_interface "$vif" iapp_interface + + config_get_bool wps_pbc "$vif" wps_pushbutton 0 + config_get_bool wps_label "$vif" wps_label 0 + + config_get config_methods "$vif" wps_config + [ "$wps_pbc" -gt 0 ] && append config_methods push_button + + [ -n "$wps_possible" -a -n "$config_methods" ] && { + config_get device_type "$vif" wps_device_type "6-0050F204-1" + config_get device_name "$vif" wps_device_name "OpenWrt AP" + config_get manufacturer "$vif" wps_manufacturer "openwrt.org" + config_get wps_pin "$vif" wps_pin + + config_get_bool ext_registrar "$vif" ext_registrar 0 + [ "$ext_registrar" -gt 0 -a -n "$bridge" ] && append "$var" "upnp_iface=$bridge" "$N" + + append "$var" "eap_server=1" "$N" + [ -n "$wps_pin" ] && append "$var" "ap_pin=$wps_pin" "$N" + append "$var" "wps_state=${wps_not_configured:-2}" "$N" + append "$var" "ap_setup_locked=0" "$N" + append "$var" "device_type=$device_type" "$N" + append "$var" "device_name=$device_name" "$N" + append "$var" "manufacturer=$manufacturer" "$N" + append "$var" "config_methods=$config_methods" "$N" + } + + append "$var" "ssid=$ssid" "$N" + [ -n "$bridge" ] && append "$var" "bridge=$bridge" "$N" + [ -n "$ieee80211d" ] && append "$var" "ieee80211d=$ieee80211d" "$N" + [ -n "$iapp_interface" ] && append "$var" iapp_interface=$(uci_get_state network "$iapp_interface" ifname "$iapp_interface") "$N" + + if [ "$wpa" -ge "1" ] + then + config_get nasid "$vif" nasid + [ -n "$nasid" ] && append "$var" "nas_identifier=$nasid" "$N" + + config_get_bool ieee80211r "$vif" ieee80211r 0 + if [ "$ieee80211r" -gt 0 ] + then + config_get mobility_domain "$vif" mobility_domain "4f57" + config_get r0_key_lifetime "$vif" r0_key_lifetime "10000" + config_get r1_key_holder "$vif" r1_key_holder "00004f577274" + config_get reassociation_deadline "$vif" reassociation_deadline "1000" + config_get r0kh "$vif" r0kh + config_get r1kh "$vif" r1kh + config_get_bool pmk_r1_push "$vif" pmk_r1_push 0 + + append "$var" "mobility_domain=$mobility_domain" "$N" + append "$var" "r0_key_lifetime=$r0_key_lifetime" "$N" + append "$var" "r1_key_holder=$r1_key_holder" "$N" + append "$var" "reassociation_deadline=$reassociation_deadline" "$N" + append "$var" "pmk_r1_push=$pmk_r1_push" "$N" + + for kh in $r0kh; do + "$var" "r0kh=${kh//,/ }" "$N" + done + for kh in $r1kh; do + "$var" "r1kh=${kh//,/ }" "$N" + done + + [ "$wpa_key_mgmt" != "${wpa_key_mgmt/EAP/}" ] && append wpa_key_mgmt "FT-EAP" + [ "$wpa_key_mgmt" != "${wpa_key_mgmt/PSK/}" ] && append wpa_key_mgmt "FT-PSK" + fi + + [ -n "wpa_key_mgmt" ] && append "$var" "wpa_key_mgmt=$wpa_key_mgmt" + fi + + if [ "$wpa" -ge "2" ] + then + # RSN -> allow preauthentication. You have two + # options, rsn_preauth for production or rsn_preauth_testing + # for validation / testing. + if [ -n "$bridge" -a "$rsn_preauth" = 1 ] + then + append "$var" "rsn_preauth=1" "$N" + append "$var" "rsn_preauth_interfaces=$bridge" "$N" + append "$var" "okc=1" "$N" + else + # RSN preauthentication testings hould disable + # Opportunistic Key Caching (okc) as otherwise the PMKSA + # entry for a test could come from the Opportunistic Key Caching + config_get rsn_preauth_testing "$vif" rsn_preauth_testing + if [ -n "$bridge" -a "$rsn_preauth_testing" = 1 ] + then + append "$var" "rsn_preauth=1" "$N" + append "$var" "rsn_preauth_interfaces=$bridge" "$N" + append "$var" "okc=0" "$N" + fi + fi + + # RSN -> allow management frame protection + config_get ieee80211w "$vif" ieee80211w + case "$ieee80211w" in + [012]) + append "$var" "ieee80211w=$ieee80211w" "$N" + [ "$ieee80211w" -gt "0" ] && { + config_get ieee80211w_max_timeout "$vif" ieee80211w_max_timeout + config_get ieee80211w_retry_timeout "$vif" ieee80211w_retry_timeout + [ -n "$ieee80211w_max_timeout" ] && \ + append "$var" "assoc_sa_query_max_timeout=$ieee80211w_max_timeout" "$N" + [ -n "$ieee80211w_retry_timeout" ] && \ + append "$var" "assoc_sa_query_retry_timeout=$ieee80211w_retry_timeout" "$N" + } + ;; + esac + fi + + config_get macfile "$vif" macfile + config_get maclist "$vif" maclist + if [ -z "$macfile" ] + then + # if no macfile has been specified, fallback to the default name + # and truncate file to avoid aggregating entries over time + macfile="/var/run/hostapd-$ifname.maclist" + echo "" > "$macfile" + else + if [ -n "$maclist" ] + then + # to avoid to overwrite the original file, make a copy + # before appending the entries specified by the maclist + # option + cp $macfile $macfile.maclist + macfile=$macfile.maclist + fi + fi + + if [ -n "$maclist" ] + then + for mac in $maclist; do + echo "$mac" >> $macfile + done + fi + + config_get macfilter "$vif" macfilter + case "$macfilter" in + allow) + append "$var" "macaddr_acl=1" "$N" + append "$var" "accept_mac_file=$macfile" "$N" + ;; + deny) + append "$var" "macaddr_acl=0" "$N" + append "$var" "deny_mac_file=$macfile" "$N" + ;; + esac +} + +hostapd_set_log_options() { + local var="$1" + local cfg="$2" + local log_level log_80211 log_8021x log_radius log_wpa log_driver log_iapp log_mlme + + config_get log_level "$cfg" log_level 2 + + config_get_bool log_80211 "$cfg" log_80211 1 + config_get_bool log_8021x "$cfg" log_8021x 1 + config_get_bool log_radius "$cfg" log_radius 1 + config_get_bool log_wpa "$cfg" log_wpa 1 + config_get_bool log_driver "$cfg" log_driver 1 + config_get_bool log_iapp "$cfg" log_iapp 1 + config_get_bool log_mlme "$cfg" log_mlme 1 + + local log_mask=$(( \ + ($log_80211 << 0) | \ + ($log_8021x << 1) | \ + ($log_radius << 2) | \ + ($log_wpa << 3) | \ + ($log_driver << 4) | \ + ($log_iapp << 5) | \ + ($log_mlme << 6) \ + )) + + append "$var" "logger_syslog=$log_mask" "$N" + append "$var" "logger_syslog_level=$log_level" "$N" + append "$var" "logger_stdout=$log_mask" "$N" + append "$var" "logger_stdout_level=$log_level" "$N" +} + +hostapd_setup_vif() { + local vif="$1" + local driver="$2" + local ifname device channel hwmode + + hostapd_cfg= + + config_get ifname "$vif" ifname + config_get device "$vif" device + config_get channel "$device" channel + config_get hwmode "$device" hwmode + + hostapd_set_log_options hostapd_cfg "$device" + hostapd_set_bss_options hostapd_cfg "$vif" + + case "$hwmode" in + *bg|*gdt|*gst|*fh) hwmode=g;; + *adt|*ast) hwmode=a;; + esac + [ "$channel" = auto ] && channel= + [ -n "$channel" -a -z "$hwmode" ] && wifi_fixup_hwmode "$device" + cat > /var/run/hostapd-$ifname.conf <<EOF +driver=$driver +interface=$ifname +${hwmode:+hw_mode=${hwmode#11}} +${channel:+channel=$channel} +$hostapd_cfg +EOF + hostapd -P /var/run/wifi-$ifname.pid -B /var/run/hostapd-$ifname.conf +} + diff --git a/package/network/services/hostapd/files/multicall.c b/package/network/services/hostapd/files/multicall.c new file mode 100644 index 0000000..c8e814b --- /dev/null +++ b/package/network/services/hostapd/files/multicall.c @@ -0,0 +1,28 @@ +#include <stdio.h> +#include <string.h> +#include <stdbool.h> + +extern int hostapd_main(int argc, char **argv); +extern int wpa_supplicant_main(int argc, char **argv); + +int main(int argc, char **argv) +{ + bool restart = false; + const char *prog = argv[0]; + +restart: + if (strstr(argv[0], "hostapd")) + return hostapd_main(argc, argv); + else if (strstr(argv[0], "wpa_supplicant")) + return wpa_supplicant_main(argc, argv); + + if (!restart && argc > 1) { + argv++; + argc--; + restart = true; + goto restart; + } + + fprintf(stderr, "Invalid command.\nUsage: %s wpa_supplicant|hostapd [<arguments>]\n", prog); + return 255; +} diff --git a/package/network/services/hostapd/files/netifd.sh b/package/network/services/hostapd/files/netifd.sh new file mode 100644 index 0000000..9b40a23 --- /dev/null +++ b/package/network/services/hostapd/files/netifd.sh @@ -0,0 +1,715 @@ +wpa_supplicant_add_rate() { + local var="$1" + local val="$(($2 / 1000))" + local sub="$((($2 / 100) % 10))" + append $var "$val" "," + [ $sub -gt 0 ] && append $var "." +} + +hostapd_add_rate() { + local var="$1" + local val="$(($2 / 100))" + append $var "$val" " " +} + +hostapd_append_wep_key() { + local var="$1" + + wep_keyidx=0 + set_default key 1 + case "$key" in + [1234]) + for idx in 1 2 3 4; do + local zidx + zidx=$(($idx - 1)) + json_get_var ckey "key${idx}" + [ -n "$ckey" ] && \ + append $var "wep_key${zidx}=$(prepare_key_wep "$ckey")" "$N$T" + done + wep_keyidx=$((key - 1)) + ;; + *) + append $var "wep_key0=$(prepare_key_wep "$key")" "$N$T" + ;; + esac +} + +hostapd_add_log_config() { + config_add_boolean \ + log_80211 \ + log_8021x \ + log_radius \ + log_wpa \ + log_driver \ + log_iapp \ + log_mlme + + config_add_int log_level +} + +hostapd_common_add_device_config() { + config_add_array basic_rate + config_add_array supported_rates + + config_add_string country + config_add_boolean country_ie doth + config_add_string require_mode + + hostapd_add_log_config +} + +hostapd_prepare_device_config() { + local config="$1" + local driver="$2" + + local base="${config%%.conf}" + local base_cfg= + + json_get_vars country country_ie beacon_int doth require_mode + + hostapd_set_log_options base_cfg + + set_default country_ie 1 + set_default doth 1 + + [ -n "$country" ] && { + append base_cfg "country_code=$country" "$N" + + [ "$country_ie" -gt 0 ] && append base_cfg "ieee80211d=1" "$N" + [ "$hwmode" = "a" -a "$doth" -gt 0 ] && append base_cfg "ieee80211h=1" "$N" + } + [ -n "$hwmode" ] && append base_cfg "hw_mode=$hwmode" "$N" + + local brlist= br + json_get_values basic_rate_list basic_rate + for br in $basic_rate_list; do + hostapd_add_rate brlist "$br" + done + case "$require_mode" in + g) brlist="60 120 240" ;; + n) append base_cfg "require_ht=1" "$N";; + ac) append base_cfg "require_vht=1" "$N";; + esac + + local rlist= r + json_get_values rate_list supported_rates + for r in $rate_list; do + hostapd_add_rate rlist "$r" + done + + [ -n "$rlist" ] && append base_cfg "supported_rates=$rlist" "$N" + [ -n "$brlist" ] && append base_cfg "basic_rates=$brlist" "$N" + [ -n "$beacon_int" ] && append base_cfg "beacon_int=$beacon_int" "$N" + + cat > "$config" <<EOF +driver=$driver +$base_cfg +EOF +} + +hostapd_common_add_bss_config() { + config_add_string 'bssid:macaddr' 'ssid:string' + config_add_boolean wds wmm uapsd hidden + + config_add_int maxassoc max_inactivity + config_add_boolean disassoc_low_ack isolate short_preamble + + config_add_int \ + wep_rekey eap_reauth_period \ + wpa_group_rekey wpa_pair_rekey wpa_master_rekey + + config_add_boolean rsn_preauth auth_cache + config_add_int ieee80211w + config_add_int eapol_version + + config_add_string 'auth_server:host' 'server:host' + config_add_string auth_secret + config_add_int 'auth_port:port' 'port:port' + + config_add_string acct_server + config_add_string acct_secret + config_add_int acct_port + + config_add_string dae_client + config_add_string dae_secret + config_add_int dae_port + + config_add_string nasid + config_add_string ownip + config_add_string iapp_interface + config_add_string eap_type ca_cert client_cert identity auth priv_key priv_key_pwd + + config_add_int dynamic_vlan vlan_naming + config_add_string vlan_tagged_interface vlan_bridge + config_add_string vlan_file + + config_add_string 'key1:wepkey' 'key2:wepkey' 'key3:wepkey' 'key4:wepkey' 'password:wpakey' + + config_add_string wpa_psk_file + + config_add_boolean wps_pushbutton wps_label ext_registrar wps_pbc_in_m1 + config_add_string wps_device_type wps_device_name wps_manufacturer wps_pin + + config_add_boolean ieee80211r pmk_r1_push + config_add_int r0_key_lifetime reassociation_deadline + config_add_string mobility_domain r1_key_holder + config_add_array r0kh r1kh + + config_add_int ieee80211w_max_timeout ieee80211w_retry_timeout + + config_add_string macfilter 'macfile:file' + config_add_array 'maclist:list(macaddr)' + + config_add_array bssid_blacklist + config_add_array bssid_whitelist + + config_add_int mcast_rate + config_add_array basic_rate + config_add_array supported_rates +} + +hostapd_set_bss_options() { + local var="$1" + local phy="$2" + local vif="$3" + + wireless_vif_parse_encryption + + local bss_conf + local wep_rekey wpa_group_rekey wpa_pair_rekey wpa_master_rekey wpa_key_mgmt + + json_get_vars \ + wep_rekey wpa_group_rekey wpa_pair_rekey wpa_master_rekey \ + maxassoc max_inactivity disassoc_low_ack isolate auth_cache \ + wps_pushbutton wps_label ext_registrar wps_pbc_in_m1 \ + wps_device_type wps_device_name wps_manufacturer wps_pin \ + macfilter ssid wmm uapsd hidden short_preamble rsn_preauth \ + iapp_interface eapol_version + + set_default isolate 0 + set_default maxassoc 0 + set_default max_inactivity 0 + set_default short_preamble 1 + set_default disassoc_low_ack 1 + set_default hidden 0 + set_default wmm 1 + set_default uapsd 1 + set_default eapol_version 0 + + append bss_conf "ctrl_interface=/var/run/hostapd" + if [ "$isolate" -gt 0 ]; then + append bss_conf "ap_isolate=$isolate" "$N" + fi + if [ "$maxassoc" -gt 0 ]; then + append bss_conf "max_num_sta=$maxassoc" "$N" + fi + if [ "$max_inactivity" -gt 0 ]; then + append bss_conf "ap_max_inactivity=$max_inactivity" "$N" + fi + + append bss_conf "disassoc_low_ack=$disassoc_low_ack" "$N" + append bss_conf "preamble=$short_preamble" "$N" + append bss_conf "wmm_enabled=$wmm" "$N" + append bss_conf "ignore_broadcast_ssid=$hidden" "$N" + append bss_conf "uapsd_advertisement_enabled=$uapsd" "$N" + + [ "$wpa" -gt 0 ] && { + [ -n "$wpa_group_rekey" ] && append bss_conf "wpa_group_rekey=$wpa_group_rekey" "$N" + [ -n "$wpa_pair_rekey" ] && append bss_conf "wpa_ptk_rekey=$wpa_pair_rekey" "$N" + [ -n "$wpa_master_rekey" ] && append bss_conf "wpa_gmk_rekey=$wpa_master_rekey" "$N" + } + + case "$auth_type" in + none) + wps_possible=1 + # Here we make the assumption that if we're in open mode + # with WPS enabled, we got to be in unconfigured state. + wps_not_configured=1 + ;; + psk) + json_get_vars key wpa_psk_file + if [ ${#key} -lt 8 ]; then + wireless_setup_vif_failed INVALID_WPA_PSK + return 1 + elif [ ${#key} -eq 64 ]; then + append bss_conf "wpa_psk=$key" "$N" + else + append bss_conf "wpa_passphrase=$key" "$N" + fi + [ -n "$wpa_psk_file" ] && { + [ -e "$wpa_psk_file" ] || touch "$wpa_psk_file" + append bss_conf "wpa_psk_file=$wpa_psk_file" "$N" + } + [ "$eapol_version" -ge "1" -a "$eapol_version" -le "2" ] && append bss_conf "eapol_version=$eapol_version" "$N" + + wps_possible=1 + append wpa_key_mgmt "WPA-PSK" + ;; + eap) + json_get_vars \ + auth_server auth_secret auth_port \ + acct_server acct_secret acct_port \ + dae_client dae_secret dae_port \ + ownip \ + eap_reauth_period dynamic_vlan \ + vlan_naming vlan_tagged_interface \ + vlan_bridge vlan_file + + # legacy compatibility + [ -n "$auth_server" ] || json_get_var auth_server server + [ -n "$auth_port" ] || json_get_var auth_port port + [ -n "$auth_secret" ] || json_get_var auth_secret key + + set_default auth_port 1812 + set_default acct_port 1813 + set_default dae_port 3799 + + set_default vlan_naming 1 + + append bss_conf "auth_server_addr=$auth_server" "$N" + append bss_conf "auth_server_port=$auth_port" "$N" + append bss_conf "auth_server_shared_secret=$auth_secret" "$N" + + [ -n "$acct_server" ] && { + append bss_conf "acct_server_addr=$acct_server" "$N" + append bss_conf "acct_server_port=$acct_port" "$N" + [ -n "$acct_secret" ] && \ + append bss_conf "acct_server_shared_secret=$acct_secret" "$N" + } + + [ -n "$eap_reauth_period" ] && append bss_conf "eap_reauth_period=$eap_reauth_period" "$N" + + [ -n "$dae_client" -a -n "$dae_secret" ] && { + append bss_conf "radius_das_port=$dae_port" "$N" + append bss_conf "radius_das_client=$dae_client $dae_secret" "$N" + } + + [ -n "$ownip" ] && append bss_conf "own_ip_addr=$ownip" "$N" + append bss_conf "eapol_key_index_workaround=1" "$N" + append bss_conf "ieee8021x=1" "$N" + append wpa_key_mgmt "WPA-EAP" + + [ -n "$dynamic_vlan" ] && { + append bss_conf "dynamic_vlan=$dynamic_vlan" "$N" + append bss_conf "vlan_naming=$vlan_naming" "$N" + [ -n "$vlan_bridge" ] && \ + append bss_conf "vlan_bridge=$vlan_bridge" "$N" + [ -n "$vlan_tagged_interface" ] && \ + append bss_conf "vlan_tagged_interface=$vlan_tagged_interface" "$N" + [ -n "$vlan_file" ] && { + [ -e "$vlan_file" ] || touch "$vlan_file" + append bss_conf "vlan_file=$vlan_file" "$N" + } + } + + [ "$eapol_version" -ge "1" -a "$eapol_version" -le "2" ] && append bss_conf "eapol_version=$eapol_version" "$N" + ;; + wep) + local wep_keyidx=0 + json_get_vars key + hostapd_append_wep_key bss_conf + append bss_conf "wep_default_key=$wep_keyidx" "$N" + [ -n "$wep_rekey" ] && append bss_conf "wep_rekey_period=$wep_rekey" "$N" + ;; + esac + + local auth_algs=$((($auth_mode_shared << 1) | $auth_mode_open)) + append bss_conf "auth_algs=${auth_algs:-1}" "$N" + append bss_conf "wpa=$wpa" "$N" + [ -n "$wpa_pairwise" ] && append bss_conf "wpa_pairwise=$wpa_pairwise" "$N" + + set_default wps_pushbutton 0 + set_default wps_label 0 + set_default wps_pbc_in_m1 0 + + config_methods= + [ "$wps_pushbutton" -gt 0 ] && append config_methods push_button + [ "$wps_label" -gt 0 ] && append config_methods label + + [ -n "$wps_possible" -a -n "$config_methods" ] && { + set_default ext_registrar 0 + set_default wps_device_type "6-0050F204-1" + set_default wps_device_name "OpenWrt AP" + set_default wps_manufacturer "openwrt.org" + + wps_state=2 + [ -n "$wps_configured" ] && wps_state=1 + + [ "$ext_registrar" -gt 0 -a -n "$network_bridge" ] && append bss_conf "upnp_iface=$network_bridge" "$N" + + append bss_conf "eap_server=1" "$N" + [ -n "$wps_pin" ] && append bss_conf "ap_pin=$wps_pin" "$N" + append bss_conf "wps_state=$wps_state" "$N" + append bss_conf "ap_setup_locked=0" "$N" + append bss_conf "device_type=$wps_device_type" "$N" + append bss_conf "device_name=$wps_device_name" "$N" + append bss_conf "manufacturer=$wps_manufacturer" "$N" + append bss_conf "config_methods=$config_methods" "$N" + [ "$wps_pbc_in_m1" -gt 0 ] && append bss_conf "pbc_in_m1=$wps_pbc_in_m1" "$N" + } + + append bss_conf "ssid=$ssid" "$N" + [ -n "$network_bridge" ] && append bss_conf "bridge=$network_bridge" "$N" + [ -n "$iapp_interface" ] && { + iapp_interface="$(uci_get_state network "$iapp_interface" ifname "$iapp_interface")" + [ -n "$iapp_interface" ] && append bss_conf "iapp_interface=$iapp_interface" "$N" + } + + if [ "$wpa" -ge "1" ]; then + json_get_vars nasid ieee80211r + set_default ieee80211r 0 + [ -n "$nasid" ] && append bss_conf "nas_identifier=$nasid" "$N" + + if [ "$ieee80211r" -gt "0" ]; then + json_get_vars mobility_domain r0_key_lifetime r1_key_holder \ + reassociation_deadline pmk_r1_push + json_get_values r0kh r0kh + json_get_values r1kh r1kh + + set_default mobility_domain "4f57" + set_default r0_key_lifetime 10000 + set_default r1_key_holder "00004f577274" + set_default reassociation_deadline 1000 + set_default pmk_r1_push 0 + + append bss_conf "mobility_domain=$mobility_domain" "$N" + append bss_conf "r0_key_lifetime=$r0_key_lifetime" "$N" + append bss_conf "r1_key_holder=$r1_key_holder" "$N" + append bss_conf "reassociation_deadline=$reassociation_deadline" "$N" + append bss_conf "pmk_r1_push=$pmk_r1_push" "$N" + + for kh in $r0kh; do + append bss_conf "r0kh=${kh//,/ }" "$N" + done + for kh in $r1kh; do + append bss_conf "r1kh=${kh//,/ }" "$N" + done + + [ "$wpa_key_mgmt" != "${wpa_key_mgmt/EAP/}" ] && append wpa_key_mgmt "FT-EAP" + [ "$wpa_key_mgmt" != "${wpa_key_mgmt/PSK/}" ] && append wpa_key_mgmt "FT-PSK" + fi + + [ -n "$wpa_key_mgmt" ] && append bss_conf "wpa_key_mgmt=$wpa_key_mgmt" "$N" + fi + + if [ "$wpa" -ge "2" ]; then + if [ -n "$network_bridge" -a "$rsn_preauth" = 1 ]; then + set_default auth_cache 1 + append bss_conf "rsn_preauth=1" "$N" + append bss_conf "rsn_preauth_interfaces=$network_bridge" "$N" + else + set_default auth_cache 0 + fi + + append bss_conf "okc=$auth_cache" "$N" + [ "$auth_cache" = 0 ] && append bss_conf "disable_pmksa_caching=1" "$N" + + # RSN -> allow management frame protection + json_get_var ieee80211w ieee80211w + case "$ieee80211w" in + [012]) + json_get_vars ieee80211w_max_timeout ieee80211w_retry_timeout + append bss_conf "ieee80211w=$ieee80211w" "$N" + [ "$ieee80211w" -gt "0" ] && { + [ -n "$ieee80211w_max_timeout" ] && \ + append bss_conf "assoc_sa_query_max_timeout=$ieee80211w_max_timeout" "$N" + [ -n "$ieee80211w_retry_timeout" ] && \ + append bss_conf "assoc_sa_query_retry_timeout=$ieee80211w_retry_timeout" "$N" + } + ;; + esac + fi + + _macfile="/var/run/hostapd-$ifname.maclist" + case "$macfilter" in + allow) + append bss_conf "macaddr_acl=1" "$N" + append bss_conf "accept_mac_file=$_macfile" "$N" + ;; + deny) + append bss_conf "macaddr_acl=0" "$N" + append bss_conf "deny_mac_file=$_macfile" "$N" + ;; + *) + _macfile="" + ;; + esac + + [ -n "$_macfile" ] && { + json_get_vars macfile + json_get_values maclist maclist + + rm -f "$_macfile" + ( + for mac in $maclist; do + echo "$mac" + done + [ -n "$macfile" -a -f "$macfile" ] && cat "$macfile" + ) > "$_macfile" + } + + append "$var" "$bss_conf" "$N" + return 0 +} + +hostapd_set_log_options() { + local var="$1" + + local log_level log_80211 log_8021x log_radius log_wpa log_driver log_iapp log_mlme + json_get_vars log_level log_80211 log_8021x log_radius log_wpa log_driver log_iapp log_mlme + + set_default log_level 2 + set_default log_80211 1 + set_default log_8021x 1 + set_default log_radius 1 + set_default log_wpa 1 + set_default log_driver 1 + set_default log_iapp 1 + set_default log_mlme 1 + + local log_mask=$(( \ + ($log_80211 << 0) | \ + ($log_8021x << 1) | \ + ($log_radius << 2) | \ + ($log_wpa << 3) | \ + ($log_driver << 4) | \ + ($log_iapp << 5) | \ + ($log_mlme << 6) \ + )) + + append "$var" "logger_syslog=$log_mask" "$N" + append "$var" "logger_syslog_level=$log_level" "$N" + append "$var" "logger_stdout=$log_mask" "$N" + append "$var" "logger_stdout_level=$log_level" "$N" + + return 0 +} + +_wpa_supplicant_common() { + local ifname="$1" + + _rpath="/var/run/wpa_supplicant" + _config="${_rpath}-$ifname.conf" +} + +wpa_supplicant_teardown_interface() { + _wpa_supplicant_common "$1" + rm -rf "$_rpath/$1" "$_config" +} + +wpa_supplicant_prepare_interface() { + local ifname="$1" + _w_driver="$2" + + _wpa_supplicant_common "$1" + + json_get_vars mode wds + + [ -n "$network_bridge" ] && { + fail= + case "$mode" in + adhoc) + fail=1 + ;; + sta) + [ "$wds" = 1 ] || fail=1 + ;; + esac + + [ -n "$fail" ] && { + wireless_setup_vif_failed BRIDGE_NOT_ALLOWED + return 1 + } + } + + local ap_scan= + + _w_mode="$mode" + _w_modestr= + + [[ "$mode" = adhoc ]] && { + ap_scan="ap_scan=2" + + _w_modestr="mode=1" + } + + wpa_supplicant_teardown_interface "$ifname" + cat > "$_config" <<EOF +$ap_scan +EOF + return 0 +} + +wpa_supplicant_add_network() { + local ifname="$1" + + _wpa_supplicant_common "$1" + wireless_vif_parse_encryption + + json_get_vars \ + ssid bssid key \ + basic_rate mcast_rate \ + ieee80211w ieee80211r + + set_default ieee80211r 0 + + local key_mgmt='NONE' + local enc_str= + local network_data= + local T=" " + + local wpa_key_mgmt="WPA-PSK" + local scan_ssid="scan_ssid=1" + local freq + + [ "$ieee80211r" -gt 0 ] && wpa_key_mgmt="FT-PSK $wpa_key_mgmt" + + [[ "$_w_mode" = "adhoc" ]] && { + append network_data "mode=1" "$N$T" + [ -n "$channel" ] && { + freq="$(get_freq "$phy" "$channel")" + append network_data "fixed_freq=1" "$N$T" + append network_data "frequency=$freq" "$N$T" + } + + scan_ssid="scan_ssid=0" + + [ "$_w_driver" = "nl80211" ] || wpa_key_mgmt="WPA-NONE" + } + + [[ "$_w_mode" = "mesh" ]] && { + append network_data "mode=5" "$N$T" + [ -n "$channel" ] && { + freq="$(get_freq "$phy" "$channel")" + append network_data "frequency=$freq" "$N$T" + } + wpa_key_mgmt="SAE" + scan_ssid="" + } + + [[ "$_w_mode" = "adhoc" -o "$_w_mode" = "mesh" ]] && append network_data "$_w_modestr" "$N$T" + + case "$auth_type" in + none) ;; + wep) + local wep_keyidx=0 + hostapd_append_wep_key network_data + append network_data "wep_tx_keyidx=$wep_keyidx" "$N$T" + ;; + psk) + local passphrase + + key_mgmt="$wpa_key_mgmt" + if [ ${#key} -eq 64 ]; then + passphrase="psk=${key}" + else + passphrase="psk=\"${key}\"" + fi + append network_data "$passphrase" "$N$T" + ;; + eap) + key_mgmt='WPA-EAP' + [ "$ieee80211r" -gt 0 ] && key_mgmt="FT-EAP $key_mgmt" + + json_get_vars eap_type identity ca_cert + [ -n "$ca_cert" ] && append network_data "ca_cert=\"$ca_cert\"" "$N$T" + [ -n "$identity" ] && append network_data "identity=\"$identity\"" "$N$T" + case "$eap_type" in + tls) + json_get_vars client_cert priv_key priv_key_pwd + append network_data "client_cert=\"$client_cert\"" "$N$T" + append network_data "private_key=\"$priv_key\"" "$N$T" + append network_data "private_key_passwd=\"$priv_key_pwd\"" "$N$T" + ;; + peap|ttls) + json_get_vars auth password + set_default auth MSCHAPV2 + append network_data "phase2=\"$auth\"" "$N$T" + append network_data "password=\"$password\"" "$N$T" + ;; + esac + append network_data "eap=$(echo $eap_type | tr 'a-z' 'A-Z')" "$N$T" + ;; + esac + + [ "$mode" = mesh ] || { + case "$wpa" in + 1) + append network_data "proto=WPA" "$N$T" + ;; + 2) + append network_data "proto=RSN" "$N$T" + ;; + esac + + case "$ieee80211w" in + [012]) + [ "$wpa" -ge 2 ] && append network_data "ieee80211w=$ieee80211w" "$N$T" + ;; + esac + } + local beacon_int brates mrate + [ -n "$bssid" ] && append network_data "bssid=$bssid" "$N$T" + [ -n "$beacon_int" ] && append network_data "beacon_int=$beacon_int" "$N$T" + + local bssid_blacklist bssid_whitelist + json_get_values bssid_blacklist bssid_blacklist + json_get_values bssid_whitelist bssid_whitelist + + [ -n "$bssid_blacklist" ] && append network_data "bssid_blacklist=$bssid_blacklist" "$N$T" + [ -n "$bssid_whitelist" ] && append network_data "bssid_whitelist=$bssid_whitelist" "$N$T" + + [ -n "$basic_rate" ] && { + local br rate_list= + for br in $basic_rate; do + wpa_supplicant_add_rate rate_list "$br" + done + [ -n "$rate_list" ] && append network_data "rates=$rate_list" "$N$T" + } + + [ -n "$mcast_rate" ] && { + local mc_rate= + wpa_supplicant_add_rate mc_rate "$mcast_rate" + append network_data "mcast_rate=$mc_rate" "$N$T" + } + + local ht_str + [[ "$_w_mode" = adhoc ]] || ibss_htmode= + [ -n "$ibss_htmode" ] && append network_data "htmode=$ibss_htmode" "$N$T" + + cat >> "$_config" <<EOF +network={ + $scan_ssid + ssid="$ssid" + key_mgmt=$key_mgmt + $network_data +} +EOF + return 0 +} + +wpa_supplicant_run() { + local ifname="$1"; shift + + _wpa_supplicant_common "$ifname" + + /usr/sbin/wpa_supplicant -B \ + ${network_bridge:+-b $network_bridge} \ + -P "/var/run/wpa_supplicant-${ifname}.pid" \ + -D ${_w_driver:-wext} \ + -i "$ifname" \ + -c "$_config" \ + -C "$_rpath" \ + "$@" + + ret="$?" + wireless_add_process "$(cat "/var/run/wpa_supplicant-${ifname}.pid")" /usr/sbin/wpa_supplicant 1 + + [ "$ret" != 0 ] && wireless_setup_vif_failed WPA_SUPPLICANT_FAILED + + return $ret +} + +hostapd_common_cleanup() { + killall hostapd wpa_supplicant meshd-nl80211 +} diff --git a/package/network/services/hostapd/files/wpa_supplicant-full.config b/package/network/services/hostapd/files/wpa_supplicant-full.config new file mode 100644 index 0000000..26e3c80 --- /dev/null +++ b/package/network/services/hostapd/files/wpa_supplicant-full.config @@ -0,0 +1,403 @@ +# Example wpa_supplicant build time configuration +# +# This file lists the configuration options that are used when building the +# hostapd binary. All lines starting with # are ignored. Configuration option +# lines must be commented out complete, if they are not to be included, i.e., +# just setting VARIABLE=n is not disabling that variable. +# +# This file is included in Makefile, so variables like CFLAGS and LIBS can also +# be modified from here. In most cases, these lines should use += in order not +# to override previous values of the variables. + + +# Uncomment following two lines and fix the paths if you have installed OpenSSL +# or GnuTLS in non-default location +#CFLAGS += -I/usr/local/openssl/include +#LIBS += -L/usr/local/openssl/lib + +# Some Red Hat versions seem to include kerberos header files from OpenSSL, but +# the kerberos files are not in the default include path. Following line can be +# used to fix build issues on such systems (krb5.h not found). +#CFLAGS += -I/usr/include/kerberos + +# Example configuration for various cross-compilation platforms + +#### sveasoft (e.g., for Linksys WRT54G) ###################################### +#CC=mipsel-uclibc-gcc +#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc +#CFLAGS += -Os +#CPPFLAGS += -I../src/include -I../../src/router/openssl/include +#LIBS += -L/opt/brcm/hndtools-mipsel-uclibc-0.9.19/lib -lssl +############################################################################### + +#### openwrt (e.g., for Linksys WRT54G) ####################################### +#CC=mipsel-uclibc-gcc +#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc +#CFLAGS += -Os +#CPPFLAGS=-I../src/include -I../openssl-0.9.7d/include \ +# -I../WRT54GS/release/src/include +#LIBS = -lssl +############################################################################### + + +# Driver interface for Host AP driver +CONFIG_DRIVER_HOSTAP=y + +# Driver interface for Agere driver +#CONFIG_DRIVER_HERMES=y +# Change include directories to match with the local setup +#CFLAGS += -I../../hcf -I../../include -I../../include/hcf +#CFLAGS += -I../../include/wireless + +# Driver interface for ndiswrapper +# Deprecated; use CONFIG_DRIVER_WEXT=y instead. +#CONFIG_DRIVER_NDISWRAPPER=y + +# Driver interface for Atmel driver +# CONFIG_DRIVER_ATMEL=y + +# Driver interface for old Broadcom driver +# Please note that the newer Broadcom driver ("hybrid Linux driver") supports +# Linux wireless extensions and does not need (or even work) with the old +# driver wrapper. Use CONFIG_DRIVER_WEXT=y with that driver. +#CONFIG_DRIVER_BROADCOM=y +# Example path for wlioctl.h; change to match your configuration +#CFLAGS += -I/opt/WRT54GS/release/src/include + +# Driver interface for Intel ipw2100/2200 driver +# Deprecated; use CONFIG_DRIVER_WEXT=y instead. +#CONFIG_DRIVER_IPW=y + +# Driver interface for Ralink driver +#CONFIG_DRIVER_RALINK=y + +# Driver interface for generic Linux wireless extensions +CONFIG_DRIVER_WEXT=y + +# Driver interface for Linux drivers using the nl80211 kernel interface +CONFIG_DRIVER_NL80211=y + +# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) +#CONFIG_DRIVER_BSD=y +#CFLAGS += -I/usr/local/include +#LIBS += -L/usr/local/lib +#LIBS_p += -L/usr/local/lib +#LIBS_c += -L/usr/local/lib + +# Driver interface for Windows NDIS +#CONFIG_DRIVER_NDIS=y +#CFLAGS += -I/usr/include/w32api/ddk +#LIBS += -L/usr/local/lib +# For native build using mingw +#CONFIG_NATIVE_WINDOWS=y +# Additional directories for cross-compilation on Linux host for mingw target +#CFLAGS += -I/opt/mingw/mingw32/include/ddk +#LIBS += -L/opt/mingw/mingw32/lib +#CC=mingw32-gcc +# By default, driver_ndis uses WinPcap for low-level operations. This can be +# replaced with the following option which replaces WinPcap calls with NDISUIO. +# However, this requires that WZC is disabled (net stop wzcsvc) before starting +# wpa_supplicant. +# CONFIG_USE_NDISUIO=y + +# Driver interface for development testing +#CONFIG_DRIVER_TEST=y + +# Include client MLME (management frame processing) for test driver +# This can be used to test MLME operations in hostapd with the test interface. +# space. +#CONFIG_CLIENT_MLME=y + +# Driver interface for wired Ethernet drivers +CONFIG_DRIVER_WIRED=y + +# Driver interface for the Broadcom RoboSwitch family +#CONFIG_DRIVER_ROBOSWITCH=y + +# Driver interface for no driver (e.g., WPS ER only) +#CONFIG_DRIVER_NONE=y + +# Enable IEEE 802.1X Supplicant (automatically included if any EAP method is +# included) +CONFIG_IEEE8021X_EAPOL=y + +# EAP-MD5 +CONFIG_EAP_MD5=y + +# EAP-MSCHAPv2 +CONFIG_EAP_MSCHAPV2=y + +# EAP-TLS +CONFIG_EAP_TLS=y + +# EAL-PEAP +CONFIG_EAP_PEAP=y + +# EAP-TTLS +CONFIG_EAP_TTLS=y + +# EAP-FAST +# Note: Default OpenSSL package does not include support for all the +# functionality needed for EAP-FAST. If EAP-FAST is enabled with OpenSSL, +# the OpenSSL library must be patched (openssl-0.9.8d-tls-extensions.patch) +# to add the needed functions. +#CONFIG_EAP_FAST=y + +# EAP-GTC +CONFIG_EAP_GTC=y + +# EAP-OTP +CONFIG_EAP_OTP=y + +# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used) +#CONFIG_EAP_SIM=y + +# EAP-PSK (experimental; this is _not_ needed for WPA-PSK) +#CONFIG_EAP_PSK=y + +# EAP-PAX +#CONFIG_EAP_PAX=y + +# LEAP +CONFIG_EAP_LEAP=y + +# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used) +#CONFIG_EAP_AKA=y + +# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used). +# This requires CONFIG_EAP_AKA to be enabled, too. +#CONFIG_EAP_AKA_PRIME=y + +# Enable USIM simulator (Milenage) for EAP-AKA +#CONFIG_USIM_SIMULATOR=y + +# EAP-SAKE +#CONFIG_EAP_SAKE=y + +# EAP-GPSK +#CONFIG_EAP_GPSK=y +# Include support for optional SHA256 cipher suite in EAP-GPSK +#CONFIG_EAP_GPSK_SHA256=y + +# EAP-TNC and related Trusted Network Connect support (experimental) +#CONFIG_EAP_TNC=y + +# Wi-Fi Protected Setup (WPS) +CONFIG_WPS=y + +# EAP-IKEv2 +#CONFIG_EAP_IKEV2=y + +# PKCS#12 (PFX) support (used to read private key and certificate file from +# a file that usually has extension .p12 or .pfx) +CONFIG_PKCS12=y + +# Smartcard support (i.e., private key on a smartcard), e.g., with openssl +# engine. +CONFIG_SMARTCARD=y + +# PC/SC interface for smartcards (USIM, GSM SIM) +# Enable this if EAP-SIM or EAP-AKA is included +#CONFIG_PCSC=y + +# Development testing +#CONFIG_EAPOL_TEST=y + +# Select control interface backend for external programs, e.g, wpa_cli: +# unix = UNIX domain sockets (default for Linux/*BSD) +# udp = UDP sockets using localhost (127.0.0.1) +# named_pipe = Windows Named Pipe (default for Windows) +# y = use default (backwards compatibility) +# If this option is commented out, control interface is not included in the +# build. +CONFIG_CTRL_IFACE=y + +# Include support for GNU Readline and History Libraries in wpa_cli. +# When building a wpa_cli binary for distribution, please note that these +# libraries are licensed under GPL and as such, BSD license may not apply for +# the resulting binary. +#CONFIG_READLINE=y + +# Remove debugging code that is printing out debug message to stdout. +# This can be used to reduce the size of the wpa_supplicant considerably +# if debugging code is not needed. The size reduction can be around 35% +# (e.g., 90 kB). +#CONFIG_NO_STDOUT_DEBUG=y + +# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save +# 35-50 kB in code size. +#CONFIG_NO_WPA=y + +# Remove WPA2 support. This allows WPA to be used, but removes WPA2 code to +# save about 1 kB in code size when building only WPA-Personal (no EAP support) +# or 6 kB if building for WPA-Enterprise. +#CONFIG_NO_WPA2=y + +# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support +# This option can be used to reduce code size by removing support for +# converting ASCII passphrases into PSK. If this functionality is removed, the +# PSK can only be configured as the 64-octet hexstring (e.g., from +# wpa_passphrase). This saves about 0.5 kB in code size. +#CONFIG_NO_WPA_PASSPHRASE=y + +# Disable scan result processing (ap_mode=1) to save code size by about 1 kB. +# This can be used if ap_scan=1 mode is never enabled. +#CONFIG_NO_SCAN_PROCESSING=y + +# Select configuration backend: +# file = text file (e.g., wpa_supplicant.conf; note: the configuration file +# path is given on command line, not here; this option is just used to +# select the backend that allows configuration files to be used) +# winreg = Windows registry (see win_example.reg for an example) +CONFIG_BACKEND=file + +# Remove configuration write functionality (i.e., to allow the configuration +# file to be updated based on runtime configuration changes). The runtime +# configuration can still be changed, the changes are just not going to be +# persistent over restarts. This option can be used to reduce code size by +# about 3.5 kB. +#CONFIG_NO_CONFIG_WRITE=y + +# Remove support for configuration blobs to reduce code size by about 1.5 kB. +#CONFIG_NO_CONFIG_BLOBS=y + +# Select program entry point implementation: +# main = UNIX/POSIX like main() function (default) +# main_winsvc = Windows service (read parameters from registry) +# main_none = Very basic example (development use only) +#CONFIG_MAIN=main + +# Select wrapper for operatins system and C library specific functions +# unix = UNIX/POSIX like systems (default) +# win32 = Windows systems +# none = Empty template +#CONFIG_OS=unix + +# Select event loop implementation +# eloop = select() loop (default) +# eloop_win = Windows events and WaitForMultipleObject() loop +# eloop_none = Empty template +#CONFIG_ELOOP=eloop + +# Select layer 2 packet implementation +# linux = Linux packet socket (default) +# pcap = libpcap/libdnet/WinPcap +# freebsd = FreeBSD libpcap +# winpcap = WinPcap with receive thread +# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y) +# none = Empty template +#CONFIG_L2_PACKET=linux + +# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) +CONFIG_PEERKEY=y + +# IEEE 802.11w (management frame protection) +# This version is an experimental implementation based on IEEE 802.11w/D1.0 +# draft and is subject to change since the standard has not yet been finalized. +# Driver support is also needed for IEEE 802.11w. +CONFIG_IEEE80211W=y + +# Select TLS implementation +# openssl = OpenSSL (default) +# gnutls = GnuTLS (needed for TLS/IA, see also CONFIG_GNUTLS_EXTRA) +# internal = Internal TLSv1 implementation (experimental) +# none = Empty template +CONFIG_TLS=internal + +# Whether to enable TLS/IA support, which is required for EAP-TTLSv1. +# You need CONFIG_TLS=gnutls for this to have any effect. Please note that +# even though the core GnuTLS library is released under LGPL, this extra +# library uses GPL and as such, the terms of GPL apply to the combination +# of wpa_supplicant and GnuTLS if this option is enabled. BSD license may not +# apply for distribution of the resulting binary. +#CONFIG_GNUTLS_EXTRA=y + +# If CONFIG_TLS=internal is used, additional library and include paths are +# needed for LibTomMath. Alternatively, an integrated, minimal version of +# LibTomMath can be used. See beginning of libtommath.c for details on benefits +# and drawbacks of this option. +CONFIG_INTERNAL_LIBTOMMATH=y +#ifndef CONFIG_INTERNAL_LIBTOMMATH +#LTM_PATH=/usr/src/libtommath-0.39 +#CFLAGS += -I$(LTM_PATH) +#LIBS += -L$(LTM_PATH) +#LIBS_p += -L$(LTM_PATH) +#endif +# At the cost of about 4 kB of additional binary size, the internal LibTomMath +# can be configured to include faster routines for exptmod, sqr, and div to +# speed up DH and RSA calculation considerably +CONFIG_INTERNAL_LIBTOMMATH_FAST=y + +# Include NDIS event processing through WMI into wpa_supplicant/wpasvc. +# This is only for Windows builds and requires WMI-related header files and +# WbemUuid.Lib from Platform SDK even when building with MinGW. +#CONFIG_NDIS_EVENTS_INTEGRATED=y +#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib" + +# Add support for old DBus control interface +# (fi.epitest.hostap.WPASupplicant) +#CONFIG_CTRL_IFACE_DBUS=y + +# Add support for new DBus control interface +# (fi.w1.hostap.wpa_supplicant1) +#CONFIG_CTRL_IFACE_DBUS_NEW=y + +# Add introspection support for new DBus control interface +#CONFIG_CTRL_IFACE_DBUS_INTRO=y + +# Add support for loading EAP methods dynamically as shared libraries. +# When this option is enabled, each EAP method can be either included +# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn). +# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to +# be loaded in the beginning of the wpa_supplicant configuration file +# (see load_dynamic_eap parameter in the example file) before being used in +# the network blocks. +# +# Note that some shared parts of EAP methods are included in the main program +# and in order to be able to use dynamic EAP methods using these parts, the +# main program must have been build with the EAP method enabled (=y or =dyn). +# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries +# unless at least one of them was included in the main build to force inclusion +# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included +# in the main build to be able to load these methods dynamically. +# +# Please also note that using dynamic libraries will increase the total binary +# size. Thus, it may not be the best option for targets that have limited +# amount of memory/flash. +#CONFIG_DYNAMIC_EAP_METHODS=y + +# IEEE Std 802.11r-2008 (Fast BSS Transition) +CONFIG_IEEE80211R=y + +# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt) +#CONFIG_DEBUG_FILE=y + +# Enable privilege separation (see README 'Privilege separation' for details) +#CONFIG_PRIVSEP=y + +# Enable mitigation against certain attacks against TKIP by delaying Michael +# MIC error reports by a random amount of time between 0 and 60 seconds +#CONFIG_DELAYED_MIC_ERROR_REPORT=y + +# Enable tracing code for developer debugging +# This tracks use of memory allocations and other registrations and reports +# incorrect use with a backtrace of call (or allocation) location. +#CONFIG_WPA_TRACE=y +# For BSD, comment out these. +#LIBS += -lexecinfo +#LIBS_p += -lexecinfo +#LIBS_c += -lexecinfo + +# Use libbfd to get more details for developer debugging +# This enables use of libbfd to get more detailed symbols for the backtraces +# generated by CONFIG_WPA_TRACE=y. +#CONFIG_WPA_TRACE_BFD=y +# For BSD, comment out these. +#LIBS += -lbfd -liberty -lz +#LIBS_p += -lbfd -liberty -lz +#LIBS_c += -lbfd -liberty -lz + +CONFIG_NO_RANDOM_POOL=y +NEED_80211_COMMON=y + +CONFIG_IBSS_RSN=y diff --git a/package/network/services/hostapd/files/wpa_supplicant-mesh.config b/package/network/services/hostapd/files/wpa_supplicant-mesh.config new file mode 100644 index 0000000..36e2908 --- /dev/null +++ b/package/network/services/hostapd/files/wpa_supplicant-mesh.config @@ -0,0 +1,407 @@ +# Example wpa_supplicant build time configuration +# +# This file lists the configuration options that are used when building the +# hostapd binary. All lines starting with # are ignored. Configuration option +# lines must be commented out complete, if they are not to be included, i.e., +# just setting VARIABLE=n is not disabling that variable. +# +# This file is included in Makefile, so variables like CFLAGS and LIBS can also +# be modified from here. In most cases, these lines should use += in order not +# to override previous values of the variables. + + +# Uncomment following two lines and fix the paths if you have installed OpenSSL +# or GnuTLS in non-default location +#CFLAGS += -I/usr/local/openssl/include +#LIBS += -L/usr/local/openssl/lib + +# Some Red Hat versions seem to include kerberos header files from OpenSSL, but +# the kerberos files are not in the default include path. Following line can be +# used to fix build issues on such systems (krb5.h not found). +#CFLAGS += -I/usr/include/kerberos + +# Example configuration for various cross-compilation platforms + +#### sveasoft (e.g., for Linksys WRT54G) ###################################### +#CC=mipsel-uclibc-gcc +#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc +#CFLAGS += -Os +#CPPFLAGS += -I../src/include -I../../src/router/openssl/include +#LIBS += -L/opt/brcm/hndtools-mipsel-uclibc-0.9.19/lib -lssl +############################################################################### + +#### openwrt (e.g., for Linksys WRT54G) ####################################### +#CC=mipsel-uclibc-gcc +#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc +#CFLAGS += -Os +#CPPFLAGS=-I../src/include -I../openssl-0.9.7d/include \ +# -I../WRT54GS/release/src/include +#LIBS = -lssl +############################################################################### + + +# Driver interface for Host AP driver +CONFIG_DRIVER_HOSTAP=y + +# Driver interface for Agere driver +#CONFIG_DRIVER_HERMES=y +# Change include directories to match with the local setup +#CFLAGS += -I../../hcf -I../../include -I../../include/hcf +#CFLAGS += -I../../include/wireless + +# Driver interface for ndiswrapper +# Deprecated; use CONFIG_DRIVER_WEXT=y instead. +#CONFIG_DRIVER_NDISWRAPPER=y + +# Driver interface for Atmel driver +# CONFIG_DRIVER_ATMEL=y + +# Driver interface for old Broadcom driver +# Please note that the newer Broadcom driver ("hybrid Linux driver") supports +# Linux wireless extensions and does not need (or even work) with the old +# driver wrapper. Use CONFIG_DRIVER_WEXT=y with that driver. +#CONFIG_DRIVER_BROADCOM=y +# Example path for wlioctl.h; change to match your configuration +#CFLAGS += -I/opt/WRT54GS/release/src/include + +# Driver interface for Intel ipw2100/2200 driver +# Deprecated; use CONFIG_DRIVER_WEXT=y instead. +#CONFIG_DRIVER_IPW=y + +# Driver interface for Ralink driver +#CONFIG_DRIVER_RALINK=y + +# Driver interface for generic Linux wireless extensions +CONFIG_DRIVER_WEXT=y + +# Driver interface for Linux drivers using the nl80211 kernel interface +CONFIG_DRIVER_NL80211=y + +# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) +#CONFIG_DRIVER_BSD=y +#CFLAGS += -I/usr/local/include +#LIBS += -L/usr/local/lib +#LIBS_p += -L/usr/local/lib +#LIBS_c += -L/usr/local/lib + +# Driver interface for Windows NDIS +#CONFIG_DRIVER_NDIS=y +#CFLAGS += -I/usr/include/w32api/ddk +#LIBS += -L/usr/local/lib +# For native build using mingw +#CONFIG_NATIVE_WINDOWS=y +# Additional directories for cross-compilation on Linux host for mingw target +#CFLAGS += -I/opt/mingw/mingw32/include/ddk +#LIBS += -L/opt/mingw/mingw32/lib +#CC=mingw32-gcc +# By default, driver_ndis uses WinPcap for low-level operations. This can be +# replaced with the following option which replaces WinPcap calls with NDISUIO. +# However, this requires that WZC is disabled (net stop wzcsvc) before starting +# wpa_supplicant. +# CONFIG_USE_NDISUIO=y + +# Driver interface for development testing +#CONFIG_DRIVER_TEST=y + +# Include client MLME (management frame processing) for test driver +# This can be used to test MLME operations in hostapd with the test interface. +# space. +#CONFIG_CLIENT_MLME=y + +# Driver interface for wired Ethernet drivers +CONFIG_DRIVER_WIRED=y + +# Driver interface for the Broadcom RoboSwitch family +#CONFIG_DRIVER_ROBOSWITCH=y + +# Driver interface for no driver (e.g., WPS ER only) +#CONFIG_DRIVER_NONE=y + +# Enable IEEE 802.1X Supplicant (automatically included if any EAP method is +# included) +CONFIG_IEEE8021X_EAPOL=y + +# EAP-MD5 +CONFIG_EAP_MD5=y + +# EAP-MSCHAPv2 +CONFIG_EAP_MSCHAPV2=y + +# EAP-TLS +CONFIG_EAP_TLS=y + +# EAL-PEAP +CONFIG_EAP_PEAP=y + +# EAP-TTLS +CONFIG_EAP_TTLS=y + +# EAP-FAST +# Note: Default OpenSSL package does not include support for all the +# functionality needed for EAP-FAST. If EAP-FAST is enabled with OpenSSL, +# the OpenSSL library must be patched (openssl-0.9.8d-tls-extensions.patch) +# to add the needed functions. +#CONFIG_EAP_FAST=y + +# EAP-GTC +CONFIG_EAP_GTC=y + +# EAP-OTP +CONFIG_EAP_OTP=y + +# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used) +#CONFIG_EAP_SIM=y + +# EAP-PSK (experimental; this is _not_ needed for WPA-PSK) +#CONFIG_EAP_PSK=y + +# EAP-PAX +#CONFIG_EAP_PAX=y + +# LEAP +CONFIG_EAP_LEAP=y + +# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used) +#CONFIG_EAP_AKA=y + +# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used). +# This requires CONFIG_EAP_AKA to be enabled, too. +#CONFIG_EAP_AKA_PRIME=y + +# Enable USIM simulator (Milenage) for EAP-AKA +#CONFIG_USIM_SIMULATOR=y + +# EAP-SAKE +#CONFIG_EAP_SAKE=y + +# EAP-GPSK +#CONFIG_EAP_GPSK=y +# Include support for optional SHA256 cipher suite in EAP-GPSK +#CONFIG_EAP_GPSK_SHA256=y + +# EAP-TNC and related Trusted Network Connect support (experimental) +#CONFIG_EAP_TNC=y + +# Wi-Fi Protected Setup (WPS) +CONFIG_WPS=y + +# EAP-IKEv2 +#CONFIG_EAP_IKEV2=y + +# PKCS#12 (PFX) support (used to read private key and certificate file from +# a file that usually has extension .p12 or .pfx) +CONFIG_PKCS12=y + +# Smartcard support (i.e., private key on a smartcard), e.g., with openssl +# engine. +CONFIG_SMARTCARD=y + +# PC/SC interface for smartcards (USIM, GSM SIM) +# Enable this if EAP-SIM or EAP-AKA is included +#CONFIG_PCSC=y + +# Development testing +#CONFIG_EAPOL_TEST=y + +# Select control interface backend for external programs, e.g, wpa_cli: +# unix = UNIX domain sockets (default for Linux/*BSD) +# udp = UDP sockets using localhost (127.0.0.1) +# named_pipe = Windows Named Pipe (default for Windows) +# y = use default (backwards compatibility) +# If this option is commented out, control interface is not included in the +# build. +CONFIG_CTRL_IFACE=y + +# Include support for GNU Readline and History Libraries in wpa_cli. +# When building a wpa_cli binary for distribution, please note that these +# libraries are licensed under GPL and as such, BSD license may not apply for +# the resulting binary. +#CONFIG_READLINE=y + +# Remove debugging code that is printing out debug message to stdout. +# This can be used to reduce the size of the wpa_supplicant considerably +# if debugging code is not needed. The size reduction can be around 35% +# (e.g., 90 kB). +#CONFIG_NO_STDOUT_DEBUG=y + +# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save +# 35-50 kB in code size. +#CONFIG_NO_WPA=y + +# Remove WPA2 support. This allows WPA to be used, but removes WPA2 code to +# save about 1 kB in code size when building only WPA-Personal (no EAP support) +# or 6 kB if building for WPA-Enterprise. +#CONFIG_NO_WPA2=y + +# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support +# This option can be used to reduce code size by removing support for +# converting ASCII passphrases into PSK. If this functionality is removed, the +# PSK can only be configured as the 64-octet hexstring (e.g., from +# wpa_passphrase). This saves about 0.5 kB in code size. +#CONFIG_NO_WPA_PASSPHRASE=y + +# Disable scan result processing (ap_mode=1) to save code size by about 1 kB. +# This can be used if ap_scan=1 mode is never enabled. +#CONFIG_NO_SCAN_PROCESSING=y + +# Select configuration backend: +# file = text file (e.g., wpa_supplicant.conf; note: the configuration file +# path is given on command line, not here; this option is just used to +# select the backend that allows configuration files to be used) +# winreg = Windows registry (see win_example.reg for an example) +CONFIG_BACKEND=file + +# Remove configuration write functionality (i.e., to allow the configuration +# file to be updated based on runtime configuration changes). The runtime +# configuration can still be changed, the changes are just not going to be +# persistent over restarts. This option can be used to reduce code size by +# about 3.5 kB. +#CONFIG_NO_CONFIG_WRITE=y + +# Remove support for configuration blobs to reduce code size by about 1.5 kB. +#CONFIG_NO_CONFIG_BLOBS=y + +# Select program entry point implementation: +# main = UNIX/POSIX like main() function (default) +# main_winsvc = Windows service (read parameters from registry) +# main_none = Very basic example (development use only) +#CONFIG_MAIN=main + +# Select wrapper for operatins system and C library specific functions +# unix = UNIX/POSIX like systems (default) +# win32 = Windows systems +# none = Empty template +#CONFIG_OS=unix + +# Select event loop implementation +# eloop = select() loop (default) +# eloop_win = Windows events and WaitForMultipleObject() loop +# eloop_none = Empty template +#CONFIG_ELOOP=eloop + +# Select layer 2 packet implementation +# linux = Linux packet socket (default) +# pcap = libpcap/libdnet/WinPcap +# freebsd = FreeBSD libpcap +# winpcap = WinPcap with receive thread +# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y) +# none = Empty template +#CONFIG_L2_PACKET=linux + +# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) +CONFIG_PEERKEY=y + +# IEEE 802.11w (management frame protection) +# This version is an experimental implementation based on IEEE 802.11w/D1.0 +# draft and is subject to change since the standard has not yet been finalized. +# Driver support is also needed for IEEE 802.11w. +CONFIG_IEEE80211W=y + +# Select TLS implementation +# openssl = OpenSSL (default) +# gnutls = GnuTLS (needed for TLS/IA, see also CONFIG_GNUTLS_EXTRA) +# internal = Internal TLSv1 implementation (experimental) +# none = Empty template +CONFIG_TLS=internal + +# Whether to enable TLS/IA support, which is required for EAP-TTLSv1. +# You need CONFIG_TLS=gnutls for this to have any effect. Please note that +# even though the core GnuTLS library is released under LGPL, this extra +# library uses GPL and as such, the terms of GPL apply to the combination +# of wpa_supplicant and GnuTLS if this option is enabled. BSD license may not +# apply for distribution of the resulting binary. +#CONFIG_GNUTLS_EXTRA=y + +# If CONFIG_TLS=internal is used, additional library and include paths are +# needed for LibTomMath. Alternatively, an integrated, minimal version of +# LibTomMath can be used. See beginning of libtommath.c for details on benefits +# and drawbacks of this option. +CONFIG_INTERNAL_LIBTOMMATH=y +#ifndef CONFIG_INTERNAL_LIBTOMMATH +#LTM_PATH=/usr/src/libtommath-0.39 +#CFLAGS += -I$(LTM_PATH) +#LIBS += -L$(LTM_PATH) +#LIBS_p += -L$(LTM_PATH) +#endif +# At the cost of about 4 kB of additional binary size, the internal LibTomMath +# can be configured to include faster routines for exptmod, sqr, and div to +# speed up DH and RSA calculation considerably +CONFIG_INTERNAL_LIBTOMMATH_FAST=y + +# Include NDIS event processing through WMI into wpa_supplicant/wpasvc. +# This is only for Windows builds and requires WMI-related header files and +# WbemUuid.Lib from Platform SDK even when building with MinGW. +#CONFIG_NDIS_EVENTS_INTEGRATED=y +#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib" + +# Add support for old DBus control interface +# (fi.epitest.hostap.WPASupplicant) +#CONFIG_CTRL_IFACE_DBUS=y + +# Add support for new DBus control interface +# (fi.w1.hostap.wpa_supplicant1) +#CONFIG_CTRL_IFACE_DBUS_NEW=y + +# Add introspection support for new DBus control interface +#CONFIG_CTRL_IFACE_DBUS_INTRO=y + +# Add support for loading EAP methods dynamically as shared libraries. +# When this option is enabled, each EAP method can be either included +# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn). +# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to +# be loaded in the beginning of the wpa_supplicant configuration file +# (see load_dynamic_eap parameter in the example file) before being used in +# the network blocks. +# +# Note that some shared parts of EAP methods are included in the main program +# and in order to be able to use dynamic EAP methods using these parts, the +# main program must have been build with the EAP method enabled (=y or =dyn). +# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries +# unless at least one of them was included in the main build to force inclusion +# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included +# in the main build to be able to load these methods dynamically. +# +# Please also note that using dynamic libraries will increase the total binary +# size. Thus, it may not be the best option for targets that have limited +# amount of memory/flash. +#CONFIG_DYNAMIC_EAP_METHODS=y + +# IEEE Std 802.11r-2008 (Fast BSS Transition) +#CONFIG_IEEE80211R=y + +# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt) +#CONFIG_DEBUG_FILE=y + +# Enable privilege separation (see README 'Privilege separation' for details) +#CONFIG_PRIVSEP=y + +# Enable mitigation against certain attacks against TKIP by delaying Michael +# MIC error reports by a random amount of time between 0 and 60 seconds +#CONFIG_DELAYED_MIC_ERROR_REPORT=y + +# Enable tracing code for developer debugging +# This tracks use of memory allocations and other registrations and reports +# incorrect use with a backtrace of call (or allocation) location. +#CONFIG_WPA_TRACE=y +# For BSD, comment out these. +#LIBS += -lexecinfo +#LIBS_p += -lexecinfo +#LIBS_c += -lexecinfo + +# Use libbfd to get more details for developer debugging +# This enables use of libbfd to get more detailed symbols for the backtraces +# generated by CONFIG_WPA_TRACE=y. +#CONFIG_WPA_TRACE_BFD=y +# For BSD, comment out these. +#LIBS += -lbfd -liberty -lz +#LIBS_p += -lbfd -liberty -lz +#LIBS_c += -lbfd -liberty -lz + +CONFIG_NO_RANDOM_POOL=y +NEED_80211_COMMON=y + +CONFIG_IBSS_RSN=y + +CONFIG_MESH=y +CONFIG_SAE=y +CONFIG_AP=y diff --git a/package/network/services/hostapd/files/wpa_supplicant-mini.config b/package/network/services/hostapd/files/wpa_supplicant-mini.config new file mode 100644 index 0000000..a8d334d --- /dev/null +++ b/package/network/services/hostapd/files/wpa_supplicant-mini.config @@ -0,0 +1,401 @@ +# Example wpa_supplicant build time configuration +# +# This file lists the configuration options that are used when building the +# hostapd binary. All lines starting with # are ignored. Configuration option +# lines must be commented out complete, if they are not to be included, i.e., +# just setting VARIABLE=n is not disabling that variable. +# +# This file is included in Makefile, so variables like CFLAGS and LIBS can also +# be modified from here. In most cases, these lines should use += in order not +# to override previous values of the variables. + + +# Uncomment following two lines and fix the paths if you have installed OpenSSL +# or GnuTLS in non-default location +#CFLAGS += -I/usr/local/openssl/include +#LIBS += -L/usr/local/openssl/lib + +# Some Red Hat versions seem to include kerberos header files from OpenSSL, but +# the kerberos files are not in the default include path. Following line can be +# used to fix build issues on such systems (krb5.h not found). +#CFLAGS += -I/usr/include/kerberos + +# Example configuration for various cross-compilation platforms + +#### sveasoft (e.g., for Linksys WRT54G) ###################################### +#CC=mipsel-uclibc-gcc +#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc +#CFLAGS += -Os +#CPPFLAGS += -I../src/include -I../../src/router/openssl/include +#LIBS += -L/opt/brcm/hndtools-mipsel-uclibc-0.9.19/lib -lssl +############################################################################### + +#### openwrt (e.g., for Linksys WRT54G) ####################################### +#CC=mipsel-uclibc-gcc +#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc +#CFLAGS += -Os +#CPPFLAGS=-I../src/include -I../openssl-0.9.7d/include \ +# -I../WRT54GS/release/src/include +#LIBS = -lssl +############################################################################### + + +# Driver interface for Host AP driver +CONFIG_DRIVER_HOSTAP=y + +# Driver interface for Agere driver +#CONFIG_DRIVER_HERMES=y +# Change include directories to match with the local setup +#CFLAGS += -I../../hcf -I../../include -I../../include/hcf +#CFLAGS += -I../../include/wireless + +# Driver interface for ndiswrapper +# Deprecated; use CONFIG_DRIVER_WEXT=y instead. +#CONFIG_DRIVER_NDISWRAPPER=y + +# Driver interface for Atmel driver +# CONFIG_DRIVER_ATMEL=y + +# Driver interface for old Broadcom driver +# Please note that the newer Broadcom driver ("hybrid Linux driver") supports +# Linux wireless extensions and does not need (or even work) with the old +# driver wrapper. Use CONFIG_DRIVER_WEXT=y with that driver. +#CONFIG_DRIVER_BROADCOM=y +# Example path for wlioctl.h; change to match your configuration +#CFLAGS += -I/opt/WRT54GS/release/src/include + +# Driver interface for Intel ipw2100/2200 driver +# Deprecated; use CONFIG_DRIVER_WEXT=y instead. +#CONFIG_DRIVER_IPW=y + +# Driver interface for Ralink driver +#CONFIG_DRIVER_RALINK=y + +# Driver interface for generic Linux wireless extensions +CONFIG_DRIVER_WEXT=y + +# Driver interface for Linux drivers using the nl80211 kernel interface +CONFIG_DRIVER_NL80211=y + +# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) +#CONFIG_DRIVER_BSD=y +#CFLAGS += -I/usr/local/include +#LIBS += -L/usr/local/lib +#LIBS_p += -L/usr/local/lib +#LIBS_c += -L/usr/local/lib + +# Driver interface for Windows NDIS +#CONFIG_DRIVER_NDIS=y +#CFLAGS += -I/usr/include/w32api/ddk +#LIBS += -L/usr/local/lib +# For native build using mingw +#CONFIG_NATIVE_WINDOWS=y +# Additional directories for cross-compilation on Linux host for mingw target +#CFLAGS += -I/opt/mingw/mingw32/include/ddk +#LIBS += -L/opt/mingw/mingw32/lib +#CC=mingw32-gcc +# By default, driver_ndis uses WinPcap for low-level operations. This can be +# replaced with the following option which replaces WinPcap calls with NDISUIO. +# However, this requires that WZC is disabled (net stop wzcsvc) before starting +# wpa_supplicant. +# CONFIG_USE_NDISUIO=y + +# Driver interface for development testing +#CONFIG_DRIVER_TEST=y + +# Include client MLME (management frame processing) for test driver +# This can be used to test MLME operations in hostapd with the test interface. +# space. +#CONFIG_CLIENT_MLME=y + +# Driver interface for wired Ethernet drivers +CONFIG_DRIVER_WIRED=y + +# Driver interface for the Broadcom RoboSwitch family +#CONFIG_DRIVER_ROBOSWITCH=y + +# Driver interface for no driver (e.g., WPS ER only) +#CONFIG_DRIVER_NONE=y + +# Enable IEEE 802.1X Supplicant (automatically included if any EAP method is +# included) +# CONFIG_IEEE8021X_EAPOL=y + +# EAP-MD5 +# CONFIG_EAP_MD5=y + +# EAP-MSCHAPv2 +# CONFIG_EAP_MSCHAPV2=y + +# EAP-TLS +# CONFIG_EAP_TLS=y + +# EAL-PEAP +# CONFIG_EAP_PEAP=y + +# EAP-TTLS +# CONFIG_EAP_TTLS=y + +# EAP-FAST +# Note: Default OpenSSL package does not include support for all the +# functionality needed for EAP-FAST. If EAP-FAST is enabled with OpenSSL, +# the OpenSSL library must be patched (openssl-0.9.8d-tls-extensions.patch) +# to add the needed functions. +#CONFIG_EAP_FAST=y + +# EAP-GTC +# CONFIG_EAP_GTC=y + +# EAP-OTP +# CONFIG_EAP_OTP=y + +# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used) +#CONFIG_EAP_SIM=y + +# EAP-PSK (experimental; this is _not_ needed for WPA-PSK) +#CONFIG_EAP_PSK=y + +# EAP-PAX +#CONFIG_EAP_PAX=y + +# LEAP +# CONFIG_EAP_LEAP=y + +# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used) +#CONFIG_EAP_AKA=y + +# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used). +# This requires CONFIG_EAP_AKA to be enabled, too. +#CONFIG_EAP_AKA_PRIME=y + +# Enable USIM simulator (Milenage) for EAP-AKA +#CONFIG_USIM_SIMULATOR=y + +# EAP-SAKE +#CONFIG_EAP_SAKE=y + +# EAP-GPSK +#CONFIG_EAP_GPSK=y +# Include support for optional SHA256 cipher suite in EAP-GPSK +#CONFIG_EAP_GPSK_SHA256=y + +# EAP-TNC and related Trusted Network Connect support (experimental) +#CONFIG_EAP_TNC=y + +# Wi-Fi Protected Setup (WPS) +#CONFIG_WPS=y + +# EAP-IKEv2 +#CONFIG_EAP_IKEV2=y + +# PKCS#12 (PFX) support (used to read private key and certificate file from +# a file that usually has extension .p12 or .pfx) +# CONFIG_PKCS12=y + +# Smartcard support (i.e., private key on a smartcard), e.g., with openssl +# engine. +# CONFIG_SMARTCARD=y + +# PC/SC interface for smartcards (USIM, GSM SIM) +# Enable this if EAP-SIM or EAP-AKA is included +#CONFIG_PCSC=y + +# Development testing +#CONFIG_EAPOL_TEST=y + +# Select control interface backend for external programs, e.g, wpa_cli: +# unix = UNIX domain sockets (default for Linux/*BSD) +# udp = UDP sockets using localhost (127.0.0.1) +# named_pipe = Windows Named Pipe (default for Windows) +# y = use default (backwards compatibility) +# If this option is commented out, control interface is not included in the +# build. +CONFIG_CTRL_IFACE=y + +# Include support for GNU Readline and History Libraries in wpa_cli. +# When building a wpa_cli binary for distribution, please note that these +# libraries are licensed under GPL and as such, BSD license may not apply for +# the resulting binary. +#CONFIG_READLINE=y + +# Remove debugging code that is printing out debug message to stdout. +# This can be used to reduce the size of the wpa_supplicant considerably +# if debugging code is not needed. The size reduction can be around 35% +# (e.g., 90 kB). +#CONFIG_NO_STDOUT_DEBUG=y + +# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save +# 35-50 kB in code size. +#CONFIG_NO_WPA=y + +# Remove WPA2 support. This allows WPA to be used, but removes WPA2 code to +# save about 1 kB in code size when building only WPA-Personal (no EAP support) +# or 6 kB if building for WPA-Enterprise. +#CONFIG_NO_WPA2=y + +# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support +# This option can be used to reduce code size by removing support for +# converting ASCII passphrases into PSK. If this functionality is removed, the +# PSK can only be configured as the 64-octet hexstring (e.g., from +# wpa_passphrase). This saves about 0.5 kB in code size. +#CONFIG_NO_WPA_PASSPHRASE=y + +# Disable scan result processing (ap_mode=1) to save code size by about 1 kB. +# This can be used if ap_scan=1 mode is never enabled. +#CONFIG_NO_SCAN_PROCESSING=y + +# Select configuration backend: +# file = text file (e.g., wpa_supplicant.conf; note: the configuration file +# path is given on command line, not here; this option is just used to +# select the backend that allows configuration files to be used) +# winreg = Windows registry (see win_example.reg for an example) +CONFIG_BACKEND=file + +# Remove configuration write functionality (i.e., to allow the configuration +# file to be updated based on runtime configuration changes). The runtime +# configuration can still be changed, the changes are just not going to be +# persistent over restarts. This option can be used to reduce code size by +# about 3.5 kB. +#CONFIG_NO_CONFIG_WRITE=y + +# Remove support for configuration blobs to reduce code size by about 1.5 kB. +#CONFIG_NO_CONFIG_BLOBS=y + +# Select program entry point implementation: +# main = UNIX/POSIX like main() function (default) +# main_winsvc = Windows service (read parameters from registry) +# main_none = Very basic example (development use only) +#CONFIG_MAIN=main + +# Select wrapper for operatins system and C library specific functions +# unix = UNIX/POSIX like systems (default) +# win32 = Windows systems +# none = Empty template +#CONFIG_OS=unix + +# Select event loop implementation +# eloop = select() loop (default) +# eloop_win = Windows events and WaitForMultipleObject() loop +# eloop_none = Empty template +#CONFIG_ELOOP=eloop + +# Select layer 2 packet implementation +# linux = Linux packet socket (default) +# pcap = libpcap/libdnet/WinPcap +# freebsd = FreeBSD libpcap +# winpcap = WinPcap with receive thread +# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y) +# none = Empty template +#CONFIG_L2_PACKET=linux + +# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) +# CONFIG_PEERKEY=y + +# IEEE 802.11w (management frame protection) +# This version is an experimental implementation based on IEEE 802.11w/D1.0 +# draft and is subject to change since the standard has not yet been finalized. +# Driver support is also needed for IEEE 802.11w. +#CONFIG_IEEE80211W=y + +# Select TLS implementation +# openssl = OpenSSL (default) +# gnutls = GnuTLS (needed for TLS/IA, see also CONFIG_GNUTLS_EXTRA) +# internal = Internal TLSv1 implementation (experimental) +# none = Empty template +CONFIG_TLS=internal + +# Whether to enable TLS/IA support, which is required for EAP-TTLSv1. +# You need CONFIG_TLS=gnutls for this to have any effect. Please note that +# even though the core GnuTLS library is released under LGPL, this extra +# library uses GPL and as such, the terms of GPL apply to the combination +# of wpa_supplicant and GnuTLS if this option is enabled. BSD license may not +# apply for distribution of the resulting binary. +#CONFIG_GNUTLS_EXTRA=y + +# If CONFIG_TLS=internal is used, additional library and include paths are +# needed for LibTomMath. Alternatively, an integrated, minimal version of +# LibTomMath can be used. See beginning of libtommath.c for details on benefits +# and drawbacks of this option. +#CONFIG_INTERNAL_LIBTOMMATH=y +#ifndef CONFIG_INTERNAL_LIBTOMMATH +#LTM_PATH=/usr/src/libtommath-0.39 +#CFLAGS += -I$(LTM_PATH) +#LIBS += -L$(LTM_PATH) +#LIBS_p += -L$(LTM_PATH) +#endif +# At the cost of about 4 kB of additional binary size, the internal LibTomMath +# can be configured to include faster routines for exptmod, sqr, and div to +# speed up DH and RSA calculation considerably +#CONFIG_INTERNAL_LIBTOMMATH_FAST=y + +# Include NDIS event processing through WMI into wpa_supplicant/wpasvc. +# This is only for Windows builds and requires WMI-related header files and +# WbemUuid.Lib from Platform SDK even when building with MinGW. +#CONFIG_NDIS_EVENTS_INTEGRATED=y +#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib" + +# Add support for old DBus control interface +# (fi.epitest.hostap.WPASupplicant) +#CONFIG_CTRL_IFACE_DBUS=y + +# Add support for new DBus control interface +# (fi.w1.hostap.wpa_supplicant1) +#CONFIG_CTRL_IFACE_DBUS_NEW=y + +# Add introspection support for new DBus control interface +#CONFIG_CTRL_IFACE_DBUS_INTRO=y + +# Add support for loading EAP methods dynamically as shared libraries. +# When this option is enabled, each EAP method can be either included +# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn). +# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to +# be loaded in the beginning of the wpa_supplicant configuration file +# (see load_dynamic_eap parameter in the example file) before being used in +# the network blocks. +# +# Note that some shared parts of EAP methods are included in the main program +# and in order to be able to use dynamic EAP methods using these parts, the +# main program must have been build with the EAP method enabled (=y or =dyn). +# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries +# unless at least one of them was included in the main build to force inclusion +# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included +# in the main build to be able to load these methods dynamically. +# +# Please also note that using dynamic libraries will increase the total binary +# size. Thus, it may not be the best option for targets that have limited +# amount of memory/flash. +#CONFIG_DYNAMIC_EAP_METHODS=y + +# IEEE Std 802.11r-2008 (Fast BSS Transition) +#CONFIG_IEEE80211R=y + +# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt) +#CONFIG_DEBUG_FILE=y + +# Enable privilege separation (see README 'Privilege separation' for details) +#CONFIG_PRIVSEP=y + +# Enable mitigation against certain attacks against TKIP by delaying Michael +# MIC error reports by a random amount of time between 0 and 60 seconds +#CONFIG_DELAYED_MIC_ERROR_REPORT=y + +# Enable tracing code for developer debugging +# This tracks use of memory allocations and other registrations and reports +# incorrect use with a backtrace of call (or allocation) location. +#CONFIG_WPA_TRACE=y +# For BSD, comment out these. +#LIBS += -lexecinfo +#LIBS_p += -lexecinfo +#LIBS_c += -lexecinfo + +# Use libbfd to get more details for developer debugging +# This enables use of libbfd to get more detailed symbols for the backtraces +# generated by CONFIG_WPA_TRACE=y. +#CONFIG_WPA_TRACE_BFD=y +# For BSD, comment out these. +#LIBS += -lbfd -liberty -lz +#LIBS_p += -lbfd -liberty -lz +#LIBS_c += -lbfd -liberty -lz + +CONFIG_NO_RANDOM_POOL=y +NEED_80211_COMMON=y diff --git a/package/network/services/hostapd/files/wpa_supplicant-p2p.config b/package/network/services/hostapd/files/wpa_supplicant-p2p.config new file mode 100644 index 0000000..1c307d0 --- /dev/null +++ b/package/network/services/hostapd/files/wpa_supplicant-p2p.config @@ -0,0 +1,406 @@ +# Example wpa_supplicant build time configuration +# +# This file lists the configuration options that are used when building the +# hostapd binary. All lines starting with # are ignored. Configuration option +# lines must be commented out complete, if they are not to be included, i.e., +# just setting VARIABLE=n is not disabling that variable. +# +# This file is included in Makefile, so variables like CFLAGS and LIBS can also +# be modified from here. In most cases, these lines should use += in order not +# to override previous values of the variables. + + +# Uncomment following two lines and fix the paths if you have installed OpenSSL +# or GnuTLS in non-default location +#CFLAGS += -I/usr/local/openssl/include +#LIBS += -L/usr/local/openssl/lib + +# Some Red Hat versions seem to include kerberos header files from OpenSSL, but +# the kerberos files are not in the default include path. Following line can be +# used to fix build issues on such systems (krb5.h not found). +#CFLAGS += -I/usr/include/kerberos + +# Example configuration for various cross-compilation platforms + +#### sveasoft (e.g., for Linksys WRT54G) ###################################### +#CC=mipsel-uclibc-gcc +#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc +#CFLAGS += -Os +#CPPFLAGS += -I../src/include -I../../src/router/openssl/include +#LIBS += -L/opt/brcm/hndtools-mipsel-uclibc-0.9.19/lib -lssl +############################################################################### + +#### openwrt (e.g., for Linksys WRT54G) ####################################### +#CC=mipsel-uclibc-gcc +#CC=/opt/brcm/hndtools-mipsel-uclibc/bin/mipsel-uclibc-gcc +#CFLAGS += -Os +#CPPFLAGS=-I../src/include -I../openssl-0.9.7d/include \ +# -I../WRT54GS/release/src/include +#LIBS = -lssl +############################################################################### + + +# Driver interface for Host AP driver +CONFIG_DRIVER_HOSTAP=y + +# Driver interface for Agere driver +#CONFIG_DRIVER_HERMES=y +# Change include directories to match with the local setup +#CFLAGS += -I../../hcf -I../../include -I../../include/hcf +#CFLAGS += -I../../include/wireless + +# Driver interface for ndiswrapper +# Deprecated; use CONFIG_DRIVER_WEXT=y instead. +#CONFIG_DRIVER_NDISWRAPPER=y + +# Driver interface for Atmel driver +# CONFIG_DRIVER_ATMEL=y + +# Driver interface for old Broadcom driver +# Please note that the newer Broadcom driver ("hybrid Linux driver") supports +# Linux wireless extensions and does not need (or even work) with the old +# driver wrapper. Use CONFIG_DRIVER_WEXT=y with that driver. +#CONFIG_DRIVER_BROADCOM=y +# Example path for wlioctl.h; change to match your configuration +#CFLAGS += -I/opt/WRT54GS/release/src/include + +# Driver interface for Intel ipw2100/2200 driver +# Deprecated; use CONFIG_DRIVER_WEXT=y instead. +#CONFIG_DRIVER_IPW=y + +# Driver interface for Ralink driver +#CONFIG_DRIVER_RALINK=y + +# Driver interface for generic Linux wireless extensions +CONFIG_DRIVER_WEXT=y + +# Driver interface for Linux drivers using the nl80211 kernel interface +CONFIG_DRIVER_NL80211=y + +# Driver interface for FreeBSD net80211 layer (e.g., Atheros driver) +#CONFIG_DRIVER_BSD=y +#CFLAGS += -I/usr/local/include +#LIBS += -L/usr/local/lib +#LIBS_p += -L/usr/local/lib +#LIBS_c += -L/usr/local/lib + +# Driver interface for Windows NDIS +#CONFIG_DRIVER_NDIS=y +#CFLAGS += -I/usr/include/w32api/ddk +#LIBS += -L/usr/local/lib +# For native build using mingw +#CONFIG_NATIVE_WINDOWS=y +# Additional directories for cross-compilation on Linux host for mingw target +#CFLAGS += -I/opt/mingw/mingw32/include/ddk +#LIBS += -L/opt/mingw/mingw32/lib +#CC=mingw32-gcc +# By default, driver_ndis uses WinPcap for low-level operations. This can be +# replaced with the following option which replaces WinPcap calls with NDISUIO. +# However, this requires that WZC is disabled (net stop wzcsvc) before starting +# wpa_supplicant. +# CONFIG_USE_NDISUIO=y + +# Driver interface for development testing +#CONFIG_DRIVER_TEST=y + +# Include client MLME (management frame processing) for test driver +# This can be used to test MLME operations in hostapd with the test interface. +# space. +#CONFIG_CLIENT_MLME=y + +# Driver interface for wired Ethernet drivers +CONFIG_DRIVER_WIRED=y + +# Driver interface for the Broadcom RoboSwitch family +#CONFIG_DRIVER_ROBOSWITCH=y + +# Driver interface for no driver (e.g., WPS ER only) +#CONFIG_DRIVER_NONE=y + +# Enable IEEE 802.1X Supplicant (automatically included if any EAP method is +# included) +CONFIG_IEEE8021X_EAPOL=y + +# EAP-MD5 +CONFIG_EAP_MD5=y + +# EAP-MSCHAPv2 +CONFIG_EAP_MSCHAPV2=y + +# EAP-TLS +CONFIG_EAP_TLS=y + +# EAL-PEAP +CONFIG_EAP_PEAP=y + +# EAP-TTLS +CONFIG_EAP_TTLS=y + +# EAP-FAST +# Note: Default OpenSSL package does not include support for all the +# functionality needed for EAP-FAST. If EAP-FAST is enabled with OpenSSL, +# the OpenSSL library must be patched (openssl-0.9.8d-tls-extensions.patch) +# to add the needed functions. +#CONFIG_EAP_FAST=y + +# EAP-GTC +CONFIG_EAP_GTC=y + +# EAP-OTP +CONFIG_EAP_OTP=y + +# EAP-SIM (enable CONFIG_PCSC, if EAP-SIM is used) +#CONFIG_EAP_SIM=y + +# EAP-PSK (experimental; this is _not_ needed for WPA-PSK) +#CONFIG_EAP_PSK=y + +# EAP-PAX +#CONFIG_EAP_PAX=y + +# LEAP +CONFIG_EAP_LEAP=y + +# EAP-AKA (enable CONFIG_PCSC, if EAP-AKA is used) +#CONFIG_EAP_AKA=y + +# EAP-AKA' (enable CONFIG_PCSC, if EAP-AKA' is used). +# This requires CONFIG_EAP_AKA to be enabled, too. +#CONFIG_EAP_AKA_PRIME=y + +# Enable USIM simulator (Milenage) for EAP-AKA +#CONFIG_USIM_SIMULATOR=y + +# EAP-SAKE +#CONFIG_EAP_SAKE=y + +# EAP-GPSK +#CONFIG_EAP_GPSK=y +# Include support for optional SHA256 cipher suite in EAP-GPSK +#CONFIG_EAP_GPSK_SHA256=y + +# EAP-TNC and related Trusted Network Connect support (experimental) +#CONFIG_EAP_TNC=y + +# Wi-Fi Protected Setup (WPS) +CONFIG_WPS=y + +# EAP-IKEv2 +#CONFIG_EAP_IKEV2=y + +# PKCS#12 (PFX) support (used to read private key and certificate file from +# a file that usually has extension .p12 or .pfx) +CONFIG_PKCS12=y + +# Smartcard support (i.e., private key on a smartcard), e.g., with openssl +# engine. +CONFIG_SMARTCARD=y + +# PC/SC interface for smartcards (USIM, GSM SIM) +# Enable this if EAP-SIM or EAP-AKA is included +#CONFIG_PCSC=y + +# Development testing +#CONFIG_EAPOL_TEST=y + +# Select control interface backend for external programs, e.g, wpa_cli: +# unix = UNIX domain sockets (default for Linux/*BSD) +# udp = UDP sockets using localhost (127.0.0.1) +# named_pipe = Windows Named Pipe (default for Windows) +# y = use default (backwards compatibility) +# If this option is commented out, control interface is not included in the +# build. +CONFIG_CTRL_IFACE=y + +# Include support for GNU Readline and History Libraries in wpa_cli. +# When building a wpa_cli binary for distribution, please note that these +# libraries are licensed under GPL and as such, BSD license may not apply for +# the resulting binary. +#CONFIG_READLINE=y + +# Remove debugging code that is printing out debug message to stdout. +# This can be used to reduce the size of the wpa_supplicant considerably +# if debugging code is not needed. The size reduction can be around 35% +# (e.g., 90 kB). +#CONFIG_NO_STDOUT_DEBUG=y + +# Remove WPA support, e.g., for wired-only IEEE 802.1X supplicant, to save +# 35-50 kB in code size. +#CONFIG_NO_WPA=y + +# Remove WPA2 support. This allows WPA to be used, but removes WPA2 code to +# save about 1 kB in code size when building only WPA-Personal (no EAP support) +# or 6 kB if building for WPA-Enterprise. +#CONFIG_NO_WPA2=y + +# Remove IEEE 802.11i/WPA-Personal ASCII passphrase support +# This option can be used to reduce code size by removing support for +# converting ASCII passphrases into PSK. If this functionality is removed, the +# PSK can only be configured as the 64-octet hexstring (e.g., from +# wpa_passphrase). This saves about 0.5 kB in code size. +#CONFIG_NO_WPA_PASSPHRASE=y + +# Disable scan result processing (ap_mode=1) to save code size by about 1 kB. +# This can be used if ap_scan=1 mode is never enabled. +#CONFIG_NO_SCAN_PROCESSING=y + +# Select configuration backend: +# file = text file (e.g., wpa_supplicant.conf; note: the configuration file +# path is given on command line, not here; this option is just used to +# select the backend that allows configuration files to be used) +# winreg = Windows registry (see win_example.reg for an example) +CONFIG_BACKEND=file + +# Remove configuration write functionality (i.e., to allow the configuration +# file to be updated based on runtime configuration changes). The runtime +# configuration can still be changed, the changes are just not going to be +# persistent over restarts. This option can be used to reduce code size by +# about 3.5 kB. +#CONFIG_NO_CONFIG_WRITE=y + +# Remove support for configuration blobs to reduce code size by about 1.5 kB. +#CONFIG_NO_CONFIG_BLOBS=y + +# Select program entry point implementation: +# main = UNIX/POSIX like main() function (default) +# main_winsvc = Windows service (read parameters from registry) +# main_none = Very basic example (development use only) +#CONFIG_MAIN=main + +# Select wrapper for operatins system and C library specific functions +# unix = UNIX/POSIX like systems (default) +# win32 = Windows systems +# none = Empty template +#CONFIG_OS=unix + +# Select event loop implementation +# eloop = select() loop (default) +# eloop_win = Windows events and WaitForMultipleObject() loop +# eloop_none = Empty template +#CONFIG_ELOOP=eloop + +# Select layer 2 packet implementation +# linux = Linux packet socket (default) +# pcap = libpcap/libdnet/WinPcap +# freebsd = FreeBSD libpcap +# winpcap = WinPcap with receive thread +# ndis = Windows NDISUIO (note: requires CONFIG_USE_NDISUIO=y) +# none = Empty template +#CONFIG_L2_PACKET=linux + +# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS) +CONFIG_PEERKEY=y + +# IEEE 802.11w (management frame protection) +# This version is an experimental implementation based on IEEE 802.11w/D1.0 +# draft and is subject to change since the standard has not yet been finalized. +# Driver support is also needed for IEEE 802.11w. +CONFIG_IEEE80211W=y + +# Select TLS implementation +# openssl = OpenSSL (default) +# gnutls = GnuTLS (needed for TLS/IA, see also CONFIG_GNUTLS_EXTRA) +# internal = Internal TLSv1 implementation (experimental) +# none = Empty template +CONFIG_TLS=internal + +# Whether to enable TLS/IA support, which is required for EAP-TTLSv1. +# You need CONFIG_TLS=gnutls for this to have any effect. Please note that +# even though the core GnuTLS library is released under LGPL, this extra +# library uses GPL and as such, the terms of GPL apply to the combination +# of wpa_supplicant and GnuTLS if this option is enabled. BSD license may not +# apply for distribution of the resulting binary. +#CONFIG_GNUTLS_EXTRA=y + +# If CONFIG_TLS=internal is used, additional library and include paths are +# needed for LibTomMath. Alternatively, an integrated, minimal version of +# LibTomMath can be used. See beginning of libtommath.c for details on benefits +# and drawbacks of this option. +CONFIG_INTERNAL_LIBTOMMATH=y +#ifndef CONFIG_INTERNAL_LIBTOMMATH +#LTM_PATH=/usr/src/libtommath-0.39 +#CFLAGS += -I$(LTM_PATH) +#LIBS += -L$(LTM_PATH) +#LIBS_p += -L$(LTM_PATH) +#endif +# At the cost of about 4 kB of additional binary size, the internal LibTomMath +# can be configured to include faster routines for exptmod, sqr, and div to +# speed up DH and RSA calculation considerably +CONFIG_INTERNAL_LIBTOMMATH_FAST=y + +# Include NDIS event processing through WMI into wpa_supplicant/wpasvc. +# This is only for Windows builds and requires WMI-related header files and +# WbemUuid.Lib from Platform SDK even when building with MinGW. +#CONFIG_NDIS_EVENTS_INTEGRATED=y +#PLATFORMSDKLIB="/opt/Program Files/Microsoft Platform SDK/Lib" + +# Add support for old DBus control interface +# (fi.epitest.hostap.WPASupplicant) +#CONFIG_CTRL_IFACE_DBUS=y + +# Add support for new DBus control interface +# (fi.w1.hostap.wpa_supplicant1) +#CONFIG_CTRL_IFACE_DBUS_NEW=y + +# Add introspection support for new DBus control interface +#CONFIG_CTRL_IFACE_DBUS_INTRO=y + +# Add support for loading EAP methods dynamically as shared libraries. +# When this option is enabled, each EAP method can be either included +# statically (CONFIG_EAP_<method>=y) or dynamically (CONFIG_EAP_<method>=dyn). +# Dynamic EAP methods are build as shared objects (eap_*.so) and they need to +# be loaded in the beginning of the wpa_supplicant configuration file +# (see load_dynamic_eap parameter in the example file) before being used in +# the network blocks. +# +# Note that some shared parts of EAP methods are included in the main program +# and in order to be able to use dynamic EAP methods using these parts, the +# main program must have been build with the EAP method enabled (=y or =dyn). +# This means that EAP-TLS/PEAP/TTLS/FAST cannot be added as dynamic libraries +# unless at least one of them was included in the main build to force inclusion +# of the shared code. Similarly, at least one of EAP-SIM/AKA must be included +# in the main build to be able to load these methods dynamically. +# +# Please also note that using dynamic libraries will increase the total binary +# size. Thus, it may not be the best option for targets that have limited +# amount of memory/flash. +#CONFIG_DYNAMIC_EAP_METHODS=y + +# IEEE Std 802.11r-2008 (Fast BSS Transition) +#CONFIG_IEEE80211R=y + +# Add support for writing debug log to a file (/tmp/wpa_supplicant-log-#.txt) +#CONFIG_DEBUG_FILE=y + +# Enable privilege separation (see README 'Privilege separation' for details) +#CONFIG_PRIVSEP=y + +# Enable mitigation against certain attacks against TKIP by delaying Michael +# MIC error reports by a random amount of time between 0 and 60 seconds +#CONFIG_DELAYED_MIC_ERROR_REPORT=y + +# Enable tracing code for developer debugging +# This tracks use of memory allocations and other registrations and reports +# incorrect use with a backtrace of call (or allocation) location. +#CONFIG_WPA_TRACE=y +# For BSD, comment out these. +#LIBS += -lexecinfo +#LIBS_p += -lexecinfo +#LIBS_c += -lexecinfo + +# Use libbfd to get more details for developer debugging +# This enables use of libbfd to get more detailed symbols for the backtraces +# generated by CONFIG_WPA_TRACE=y. +#CONFIG_WPA_TRACE_BFD=y +# For BSD, comment out these. +#LIBS += -lbfd -liberty -lz +#LIBS_p += -lbfd -liberty -lz +#LIBS_c += -lbfd -liberty -lz + +CONFIG_NO_RANDOM_POOL=y +NEED_80211_COMMON=y + +CONFIG_IBSS_RSN=y + +CONFIG_P2P=y +CONFIG_AP=y diff --git a/package/network/services/hostapd/files/wpa_supplicant.sh b/package/network/services/hostapd/files/wpa_supplicant.sh new file mode 100644 index 0000000..b678484 --- /dev/null +++ b/package/network/services/hostapd/files/wpa_supplicant.sh @@ -0,0 +1,194 @@ +wpa_supplicant_setup_vif() { + local vif="$1" + local driver="$2" + local key="$key" + local options="$3" + local freq="" + local ht="$5" + local ap_scan="" + local scan_ssid="1" + [ -n "$4" ] && freq="frequency=$4" + + config_get enc "$vif" encryption + config_get key "$vif" key + + local net_cfg bridge + config_get bridge "$vif" bridge + [ -z "$bridge" ] && { + net_cfg="$(find_net_config "$vif")" + [ -z "$net_cfg" ] || bridge="$(bridge_interface "$net_cfg")" + config_set "$vif" bridge "$bridge" + } + + local mode ifname wds modestr="" + config_get mode "$vif" mode + config_get ifname "$vif" ifname + config_get_bool wds "$vif" wds 0 + [ -z "$bridge" ] || [ "$mode" = ap ] || [ "$mode" = sta -a $wds -eq 1 ] || { + echo "wpa_supplicant_setup_vif($ifname): Refusing to bridge $mode mode interface" + return 1 + } + [ "$mode" = "adhoc" ] && { + modestr="mode=1" + scan_ssid="0" + ap_scan="ap_scan=2" + } + + key_mgmt='NONE' + case "$enc" in + *none*) ;; + *wep*) + config_get key "$vif" key + key="${key:-1}" + case "$key" in + [1234]) + for idx in 1 2 3 4; do + local zidx + zidx=$(($idx - 1)) + config_get ckey "$vif" "key${idx}" + [ -n "$ckey" ] && \ + append "wep_key${zidx}" "wep_key${zidx}=$(prepare_key_wep "$ckey")" + done + wep_tx_keyidx="wep_tx_keyidx=$((key - 1))" + ;; + *) + wep_key0="wep_key0=$(prepare_key_wep "$key")" + wep_tx_keyidx="wep_tx_keyidx=0" + ;; + esac + ;; + *psk*) + key_mgmt='WPA-PSK' + # if you want to use PSK with a non-nl80211 driver you + # have to use WPA-NONE and wext driver for wpa_s + [ "$mode" = "adhoc" -a "$driver" != "nl80211" ] && { + key_mgmt='WPA-NONE' + driver='wext' + } + if [ ${#key} -eq 64 ]; then + passphrase="psk=${key}" + else + passphrase="psk=\"${key}\"" + fi + case "$enc" in + *psk2*) + proto='proto=RSN' + config_get ieee80211w "$vif" ieee80211w + ;; + *psk*) + proto='proto=WPA' + ;; + esac + ;; + *wpa*|*8021x*) + proto='proto=WPA2' + key_mgmt='WPA-EAP' + config_get ieee80211w "$vif" ieee80211w + config_get ca_cert "$vif" ca_cert + config_get eap_type "$vif" eap_type + ca_cert=${ca_cert:+"ca_cert=\"$ca_cert\""} + case "$eap_type" in + tls) + pairwise='pairwise=CCMP' + group='group=CCMP' + config_get identity "$vif" identity + config_get client_cert "$vif" client_cert + config_get priv_key "$vif" priv_key + config_get priv_key_pwd "$vif" priv_key_pwd + identity="identity=\"$identity\"" + client_cert="client_cert=\"$client_cert\"" + priv_key="private_key=\"$priv_key\"" + priv_key_pwd="private_key_passwd=\"$priv_key_pwd\"" + ;; + peap|ttls) + config_get auth "$vif" auth + config_get identity "$vif" identity + config_get password "$vif" password + phase2="phase2=\"auth=${auth:-MSCHAPV2}\"" + identity="identity=\"$identity\"" + password="${password:+password=\"$password\"}" + ;; + esac + eap_type="eap=$(echo $eap_type | tr 'a-z' 'A-Z')" + ;; + esac + + case "$ieee80211w" in + [012]) + ieee80211w="ieee80211w=$ieee80211w" + ;; + esac + + local fixed_freq bssid1 beacon_int brates mrate + config_get ifname "$vif" ifname + config_get bridge "$vif" bridge + config_get ssid "$vif" ssid + config_get bssid "$vif" bssid + bssid1=${bssid:+"bssid=$bssid"} + beacon_int=${beacon_int:+"beacon_int=$beacon_int"} + + local br brval brsub brstr + [ -n "$basic_rate_list" ] && { + for br in $basic_rate_list; do + brval="$(($br / 1000))" + brsub="$((($br / 100) % 10))" + [ "$brsub" -gt 0 ] && brval="$brval.$brsub" + [ -n "$brstr" ] && brstr="$brstr," + brstr="$brstr$brval" + done + brates=${basic_rate_list:+"rates=$brstr"} + } + + local mcval="" + [ -n "$mcast_rate" ] && { + mcval="$(($mcast_rate / 1000))" + mcsub="$(( ($mcast_rate / 100) % 10 ))" + [ "$mcsub" -gt 0 ] && mcval="$mcval.$mcsub" + mrate=${mcast_rate:+"mcast_rate=$mcval"} + } + + local ht_str + [ -n "$ht" ] && ht_str="htmode=$ht" + + rm -rf /var/run/wpa_supplicant-$ifname + cat > /var/run/wpa_supplicant-$ifname.conf <<EOF +ctrl_interface=/var/run/wpa_supplicant-$ifname +$ap_scan +network={ + $modestr + scan_ssid=$scan_ssid + ssid="$ssid" + $bssid1 + key_mgmt=$key_mgmt + $proto + $freq + ${fixed:+"fixed_freq=1"} + $beacon_int + $brates + $mrate + $ht_str + $ieee80211w + $passphrase + $pairwise + $group + $eap_type + $ca_cert + $client_cert + $priv_key + $priv_key_pwd + $phase2 + $identity + $password + $wep_key0 + $wep_key1 + $wep_key2 + $wep_key3 + $wep_tx_keyidx +} +EOF + if [ -n "$proto" -o "$key_mgmt" = "NONE" ]; then + wpa_supplicant ${bridge:+ -b $bridge} -B -P "/var/run/wifi-${ifname}.pid" -D ${driver:-wext} -i "$ifname" -c /var/run/wpa_supplicant-$ifname.conf $options + else + return 0 + fi +} diff --git a/package/network/services/hostapd/files/wps-hotplug.sh b/package/network/services/hostapd/files/wps-hotplug.sh new file mode 100644 index 0000000..24af80e --- /dev/null +++ b/package/network/services/hostapd/files/wps-hotplug.sh @@ -0,0 +1,11 @@ +#!/bin/sh + +if [ "$ACTION" = "pressed" -a "$BUTTON" = "wps" ]; then + cd /var/run/hostapd + for socket in *; do + [ -S "$socket" ] || continue + hostapd_cli -i "$socket" wps_pbc + done +fi + +return 0 diff --git a/package/network/services/hostapd/patches/001-P2P-Validate-SSID-element-length-before-copying-it-C.patch b/package/network/services/hostapd/patches/001-P2P-Validate-SSID-element-length-before-copying-it-C.patch new file mode 100644 index 0000000..e408fbe --- /dev/null +++ b/package/network/services/hostapd/patches/001-P2P-Validate-SSID-element-length-before-copying-it-C.patch @@ -0,0 +1,37 @@ +From 9ed4eee345f85e3025c33c6e20aa25696e341ccd Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <jouni@qca.qualcomm.com> +Date: Tue, 7 Apr 2015 11:32:11 +0300 +Subject: [PATCH] P2P: Validate SSID element length before copying it + (CVE-2015-1863) + +This fixes a possible memcpy overflow for P2P dev->oper_ssid in +p2p_add_device(). The length provided by the peer device (0..255 bytes) +was used without proper bounds checking and that could have resulted in +arbitrary data of up to 223 bytes being written beyond the end of the +dev->oper_ssid[] array (of which about 150 bytes would be beyond the +heap allocation) when processing a corrupted management frame for P2P +peer discovery purposes. + +This could result in corrupted state in heap, unexpected program +behavior due to corrupted P2P peer device information, denial of service +due to process crash, exposure of memory contents during GO Negotiation, +and potentially arbitrary code execution. + +Thanks to Google security team for reporting this issue and smart +hardware research group of Alibaba security team for discovering it. + +Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com> +--- + src/p2p/p2p.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/src/p2p/p2p.c ++++ b/src/p2p/p2p.c +@@ -778,6 +778,7 @@ int p2p_add_device(struct p2p_data *p2p, + if (os_memcmp(addr, p2p_dev_addr, ETH_ALEN) != 0) + os_memcpy(dev->interface_addr, addr, ETH_ALEN); + if (msg.ssid && ++ msg.ssid[1] <= sizeof(dev->oper_ssid) && + (msg.ssid[1] != P2P_WILDCARD_SSID_LEN || + os_memcmp(msg.ssid + 2, P2P_WILDCARD_SSID, P2P_WILDCARD_SSID_LEN) + != 0)) { diff --git a/package/network/services/hostapd/patches/002-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch b/package/network/services/hostapd/patches/002-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch new file mode 100644 index 0000000..bc4d60f --- /dev/null +++ b/package/network/services/hostapd/patches/002-AP-WMM-Fix-integer-underflow-in-WMM-Action-frame-par.patch @@ -0,0 +1,36 @@ +From ef566a4d4f74022e1fdb0a2addfe81e6de9f4aae Mon Sep 17 00:00:00 2001 +From: Jouni Malinen <j@w1.fi> +Date: Wed, 29 Apr 2015 02:21:53 +0300 +Subject: [PATCH] AP WMM: Fix integer underflow in WMM Action frame parser + +The length of the WMM Action frame was not properly validated and the +length of the information elements (int left) could end up being +negative. This would result in reading significantly past the stack +buffer while parsing the IEs in ieee802_11_parse_elems() and while doing +so, resulting in segmentation fault. + +This can result in an invalid frame being used for a denial of service +attack (hostapd process killed) against an AP with a driver that uses +hostapd for management frame processing (e.g., all mac80211-based +drivers). + +Thanks to Kostya Kortchinsky of Google security team for discovering and +reporting this issue. + +Signed-off-by: Jouni Malinen <j@w1.fi> +--- + src/ap/wmm.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/src/ap/wmm.c ++++ b/src/ap/wmm.c +@@ -274,6 +274,9 @@ void hostapd_wmm_action(struct hostapd_d + return; + } + ++ if (left < 0) ++ return; /* not a valid WMM Action frame */ ++ + /* extract the tspec info element */ + if (ieee802_11_parse_elems(pos, left, &elems, 1) == ParseFailed) { + hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, diff --git a/package/network/services/hostapd/patches/110-bool_fix.patch b/package/network/services/hostapd/patches/110-bool_fix.patch new file mode 100644 index 0000000..865c014 --- /dev/null +++ b/package/network/services/hostapd/patches/110-bool_fix.patch @@ -0,0 +1,14 @@ +--- a/src/ap/ieee802_1x.c ++++ b/src/ap/ieee802_1x.c +@@ -2332,9 +2332,9 @@ void ieee802_1x_notify_pre_auth(struct e + } + + +-static const char * bool_txt(Boolean bool) ++static const char * bool_txt(Boolean bool_val) + { +- return bool ? "TRUE" : "FALSE"; ++ return bool_val ? "TRUE" : "FALSE"; + } + + diff --git a/package/network/services/hostapd/patches/120-daemonize_fix.patch b/package/network/services/hostapd/patches/120-daemonize_fix.patch new file mode 100644 index 0000000..032e207 --- /dev/null +++ b/package/network/services/hostapd/patches/120-daemonize_fix.patch @@ -0,0 +1,97 @@ +--- a/src/utils/os_unix.c ++++ b/src/utils/os_unix.c +@@ -10,6 +10,7 @@ + + #include <time.h> + #include <sys/wait.h> ++#include <fcntl.h> + + #ifdef ANDROID + #include <sys/capability.h> +@@ -155,59 +156,46 @@ int os_gmtime(os_time_t t, struct os_tm + return 0; + } + +- +-#ifdef __APPLE__ +-#include <fcntl.h> +-static int os_daemon(int nochdir, int noclose) ++int os_daemonize(const char *pid_file) + { +- int devnull; ++ int pid = 0, i, devnull; + +- if (chdir("/") < 0) +- return -1; ++#if defined(__uClinux__) || defined(__sun__) ++ return -1; ++#else /* defined(__uClinux__) || defined(__sun__) */ + +- devnull = open("/dev/null", O_RDWR); +- if (devnull < 0) ++#ifndef __APPLE__ ++ pid = fork(); ++ if (pid < 0) + return -1; ++#endif + +- if (dup2(devnull, STDIN_FILENO) < 0) { +- close(devnull); +- return -1; ++ if (pid > 0) { ++ if (pid_file) { ++ FILE *f = fopen(pid_file, "w"); ++ if (f) { ++ fprintf(f, "%u\n", pid); ++ fclose(f); ++ } ++ } ++ _exit(0); + } + +- if (dup2(devnull, STDOUT_FILENO) < 0) { +- close(devnull); ++ if (setsid() < 0) + return -1; +- } + +- if (dup2(devnull, STDERR_FILENO) < 0) { +- close(devnull); ++ if (chdir("/") < 0) + return -1; +- } +- +- return 0; +-} +-#else /* __APPLE__ */ +-#define os_daemon daemon +-#endif /* __APPLE__ */ + +- +-int os_daemonize(const char *pid_file) +-{ +-#if defined(__uClinux__) || defined(__sun__) +- return -1; +-#else /* defined(__uClinux__) || defined(__sun__) */ +- if (os_daemon(0, 0)) { +- perror("daemon"); ++ devnull = open("/dev/null", O_RDWR); ++ if (devnull < 0) + return -1; +- } + +- if (pid_file) { +- FILE *f = fopen(pid_file, "w"); +- if (f) { +- fprintf(f, "%u\n", getpid()); +- fclose(f); +- } +- } ++ for (i = 0; i <= STDERR_FILENO; i++) ++ dup2(devnull, i); ++ ++ if (devnull > 2) ++ close(devnull); + + return -0; + #endif /* defined(__uClinux__) || defined(__sun__) */ diff --git a/package/network/services/hostapd/patches/130-no_eapol_fix.patch b/package/network/services/hostapd/patches/130-no_eapol_fix.patch new file mode 100644 index 0000000..d23b47b --- /dev/null +++ b/package/network/services/hostapd/patches/130-no_eapol_fix.patch @@ -0,0 +1,14 @@ +--- a/wpa_supplicant/wpa_supplicant.c ++++ b/wpa_supplicant/wpa_supplicant.c +@@ -252,9 +252,10 @@ void wpa_supplicant_cancel_auth_timeout( + */ + void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s) + { ++ struct wpa_ssid *ssid = wpa_s->current_ssid; ++ + #ifdef IEEE8021X_EAPOL + struct eapol_config eapol_conf; +- struct wpa_ssid *ssid = wpa_s->current_ssid; + + #ifdef CONFIG_IBSS_RSN + if (ssid->mode == WPAS_MODE_IBSS && diff --git a/package/network/services/hostapd/patches/140-disable_bridge_packet_workaround.patch b/package/network/services/hostapd/patches/140-disable_bridge_packet_workaround.patch new file mode 100644 index 0000000..6337d8d --- /dev/null +++ b/package/network/services/hostapd/patches/140-disable_bridge_packet_workaround.patch @@ -0,0 +1,12 @@ +--- a/src/l2_packet/l2_packet_linux.c ++++ b/src/l2_packet/l2_packet_linux.c +@@ -307,8 +307,7 @@ struct l2_packet_data * l2_packet_init_b + + l2 = l2_packet_init(br_ifname, own_addr, protocol, rx_callback, + rx_callback_ctx, l2_hdr); +- if (!l2) +- return NULL; ++ return l2; + + /* + * The Linux packet socket behavior has changed over the years and there diff --git a/package/network/services/hostapd/patches/200-multicall.patch b/package/network/services/hostapd/patches/200-multicall.patch new file mode 100644 index 0000000..de4a3a8 --- /dev/null +++ b/package/network/services/hostapd/patches/200-multicall.patch @@ -0,0 +1,276 @@ +--- a/hostapd/Makefile ++++ b/hostapd/Makefile +@@ -17,6 +17,7 @@ export BINDIR ?= /usr/local/bin/ + # CFLAGS += -DUSE_KERNEL_HEADERS -I/usr/src/linux/include + + -include .config ++-include $(if $(MULTICALL), ../wpa_supplicant/.config) + + ifdef CONFIG_TESTING_OPTIONS + CFLAGS += -DCONFIG_TESTING_OPTIONS +@@ -242,10 +243,14 @@ ifdef CONFIG_IEEE80211AC + CFLAGS += -DCONFIG_IEEE80211AC + endif + ++ifndef MULTICALL ++CFLAGS += -DNO_SUPPLICANT ++endif ++ + include ../src/drivers/drivers.mak +-OBJS += $(DRV_AP_OBJS) +-CFLAGS += $(DRV_AP_CFLAGS) +-LDFLAGS += $(DRV_AP_LDFLAGS) ++OBJS += $(sort $(DRV_AP_OBJS) $(if $(MULTICALL),$(DRV_WPA_OBJS))) ++CFLAGS += $(DRV_AP_CFLAGS) $(if $(MULTICALL),$(DRV_WPA_CFLAGS)) ++LDFLAGS += $(DRV_AP_LDFLAGS) $(if $(MULTICALL),$(DRV_WPA_LDFLAGS)) + LIBS += $(DRV_AP_LIBS) + + ifdef CONFIG_L2_PACKET +@@ -941,6 +946,12 @@ install: $(addprefix $(DESTDIR)$(BINDIR) + + BCHECK=../src/drivers/build.hostapd + ++hostapd_multi.a: $(BCHECK) $(OBJS) ++ $(Q)$(CC) -c -o hostapd_multi.o -Dmain=hostapd_main $(CFLAGS) main.c ++ @$(E) " CC " $< ++ @rm -f $@ ++ @$(AR) cr $@ hostapd_multi.o $(OBJS) ++ + hostapd: $(BCHECK) $(OBJS) + $(Q)$(CC) $(LDFLAGS) -o hostapd $(OBJS) $(LIBS) + @$(E) " LD " $@ +@@ -980,6 +991,12 @@ HOBJS += ../src/crypto/aes-internal.o + HOBJS += ../src/crypto/aes-internal-enc.o + endif + ++dump_cflags: ++ @echo -n $(CFLAGS) " " ++ ++dump_ldflags: ++ @echo -n $(LDFLAGS) $(LIBS) $(EXTRALIBS) " " ++ + nt_password_hash: $(NOBJS) + $(Q)$(CC) $(LDFLAGS) -o nt_password_hash $(NOBJS) $(LIBS_n) + @$(E) " LD " $@ +--- a/wpa_supplicant/Makefile ++++ b/wpa_supplicant/Makefile +@@ -15,6 +15,7 @@ CFLAGS += -I$(abspath ../src) + CFLAGS += -I$(abspath ../src/utils) + + -include .config ++-include $(if $(MULTICALL),../hostapd/.config) + + ifdef CONFIG_TESTING_OPTIONS + CFLAGS += -DCONFIG_TESTING_OPTIONS +@@ -773,6 +774,10 @@ ifdef CONFIG_DYNAMIC_EAP_METHODS + CFLAGS += -DCONFIG_DYNAMIC_EAP_METHODS + LIBS += -ldl -rdynamic + endif ++else ++ ifdef MULTICALL ++ OBJS += ../src/eap_common/eap_common.o ++ endif + endif + + ifdef CONFIG_MACSEC +@@ -793,9 +798,11 @@ NEED_EAP_COMMON=y + NEED_RSN_AUTHENTICATOR=y + CFLAGS += -DCONFIG_AP + OBJS += ap.o ++ifndef MULTICALL + CFLAGS += -DCONFIG_NO_RADIUS + CFLAGS += -DCONFIG_NO_ACCOUNTING + CFLAGS += -DCONFIG_NO_VLAN ++endif + OBJS += ../src/ap/hostapd.o + OBJS += ../src/ap/wpa_auth_glue.o + OBJS += ../src/ap/utils.o +@@ -858,10 +865,18 @@ endif + ifdef CONFIG_HS20 + OBJS += ../src/ap/hs20.o + endif ++else ++ ifdef MULTICALL ++ OBJS += ../src/eap_server/eap_server.o ++ OBJS += ../src/eap_server/eap_server_identity.o ++ OBJS += ../src/eap_server/eap_server_methods.o ++ endif + endif + + ifdef NEED_RSN_AUTHENTICATOR ++ifndef MULTICALL + CFLAGS += -DCONFIG_NO_RADIUS ++endif + NEED_AES_WRAP=y + OBJS += ../src/ap/wpa_auth.o + OBJS += ../src/ap/wpa_auth_ie.o +@@ -1603,6 +1618,12 @@ wpa_priv: $(BCHECK) $(OBJS_priv) + + $(OBJS_c) $(OBJS_t) $(OBJS_t2) $(OBJS) $(BCHECK) $(EXTRA_progs): .config + ++wpa_supplicant_multi.a: .config $(BCHECK) $(OBJS) $(EXTRA_progs) ++ $(Q)$(CC) -c -o wpa_supplicant_multi.o -Dmain=wpa_supplicant_main $(CFLAGS) main.c ++ @$(E) " CC " $< ++ @rm -f $@ ++ @$(AR) cr $@ wpa_supplicant_multi.o $(OBJS) ++ + wpa_supplicant: $(BCHECK) $(OBJS) $(EXTRA_progs) + $(Q)$(LDO) $(LDFLAGS) -o wpa_supplicant $(OBJS) $(LIBS) $(EXTRALIBS) + @$(E) " LD " $@ +@@ -1694,6 +1715,12 @@ endif + $(Q)sed -e 's|\@BINDIR\@|$(BINDIR)|g' $< >$@ + @$(E) " sed" $< + ++dump_cflags: ++ @echo -n $(CFLAGS) " " ++ ++dump_ldflags: ++ @echo -n $(LDFLAGS) $(LIBS) $(EXTRALIBS) " " ++ + wpa_supplicant.exe: wpa_supplicant + mv -f $< $@ + wpa_cli.exe: wpa_cli +--- a/src/drivers/driver.h ++++ b/src/drivers/driver.h +@@ -4581,8 +4581,8 @@ union wpa_event_data { + * Driver wrapper code should call this function whenever an event is received + * from the driver. + */ +-void wpa_supplicant_event(void *ctx, enum wpa_event_type event, +- union wpa_event_data *data); ++extern void (*wpa_supplicant_event)(void *ctx, enum wpa_event_type event, ++ union wpa_event_data *data); + + + /* +--- a/src/ap/drv_callbacks.c ++++ b/src/ap/drv_callbacks.c +@@ -1075,8 +1075,8 @@ static void hostapd_event_dfs_cac_starte + #endif /* NEED_AP_MLME */ + + +-void wpa_supplicant_event(void *ctx, enum wpa_event_type event, +- union wpa_event_data *data) ++void hostapd_wpa_event(void *ctx, enum wpa_event_type event, ++ union wpa_event_data *data) + { + struct hostapd_data *hapd = ctx; + #ifndef CONFIG_NO_STDOUT_DEBUG +--- a/wpa_supplicant/wpa_priv.c ++++ b/wpa_supplicant/wpa_priv.c +@@ -819,8 +819,8 @@ static void wpa_priv_send_ft_response(st + } + + +-void wpa_supplicant_event(void *ctx, enum wpa_event_type event, +- union wpa_event_data *data) ++static void supplicant_event(void *ctx, enum wpa_event_type event, ++ union wpa_event_data *data) + { + struct wpa_priv_interface *iface = ctx; + +@@ -961,6 +961,7 @@ int main(int argc, char *argv[]) + if (os_program_init()) + return -1; + ++ wpa_supplicant_event = supplicant_event; + wpa_priv_fd_workaround(); + + for (;;) { +--- a/wpa_supplicant/events.c ++++ b/wpa_supplicant/events.c +@@ -3138,8 +3138,8 @@ static void wpa_supplicant_event_assoc_a + } + + +-void wpa_supplicant_event(void *ctx, enum wpa_event_type event, +- union wpa_event_data *data) ++void supplicant_event(void *ctx, enum wpa_event_type event, ++ union wpa_event_data *data) + { + struct wpa_supplicant *wpa_s = ctx; + +--- a/wpa_supplicant/wpa_supplicant.c ++++ b/wpa_supplicant/wpa_supplicant.c +@@ -4300,6 +4300,9 @@ static void wpa_supplicant_deinit_iface( + os_free(wpa_s); + } + ++extern void supplicant_event(void *ctx, enum wpa_event_type event, ++ union wpa_event_data *data); ++ + + /** + * wpa_supplicant_add_iface - Add a new network interface +@@ -4526,6 +4529,7 @@ struct wpa_global * wpa_supplicant_init( + #ifndef CONFIG_NO_WPA_MSG + wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb); + #endif /* CONFIG_NO_WPA_MSG */ ++ wpa_supplicant_event = supplicant_event; + + if (params->wpa_debug_file_path) + wpa_debug_open_file(params->wpa_debug_file_path); +--- a/hostapd/main.c ++++ b/hostapd/main.c +@@ -511,6 +511,9 @@ static int hostapd_get_ctrl_iface_group( + return 0; + } + ++void hostapd_wpa_event(void *ctx, enum wpa_event_type event, ++ union wpa_event_data *data); ++ + + #ifdef CONFIG_WPS + static int gen_uuid(const char *txt_addr) +@@ -562,6 +565,7 @@ int main(int argc, char *argv[]) + interfaces.global_iface_name = NULL; + interfaces.global_ctrl_sock = -1; + ++ wpa_supplicant_event = hostapd_wpa_event; + for (;;) { + c = getopt(argc, argv, "b:Bde:f:hKP:Ttu:vg:G:"); + if (c < 0) +--- a/src/drivers/drivers.c ++++ b/src/drivers/drivers.c +@@ -10,6 +10,9 @@ + #include "utils/common.h" + #include "driver.h" + ++void (*wpa_supplicant_event)(void *ctx, enum wpa_event_type event, ++ union wpa_event_data *data); ++ + #ifdef CONFIG_DRIVER_WEXT + extern struct wpa_driver_ops wpa_driver_wext_ops; /* driver_wext.c */ + #endif /* CONFIG_DRIVER_WEXT */ +--- a/wpa_supplicant/eapol_test.c ++++ b/wpa_supplicant/eapol_test.c +@@ -28,8 +28,12 @@ + #include "ctrl_iface.h" + #include "pcsc_funcs.h" + #include "wpas_glue.h" ++#include "drivers/driver.h" + + ++void (*wpa_supplicant_event)(void *ctx, enum wpa_event_type event, ++ union wpa_event_data *data); ++ + struct wpa_driver_ops *wpa_drivers[] = { NULL }; + + +@@ -1203,6 +1207,8 @@ static void usage(void) + "option several times.\n"); + } + ++extern void supplicant_event(void *ctx, enum wpa_event_type event, ++ union wpa_event_data *data); + + int main(int argc, char *argv[]) + { +@@ -1221,6 +1227,7 @@ int main(int argc, char *argv[]) + if (os_program_init()) + return -1; + ++ wpa_supplicant_event = supplicant_event; + hostapd_logger_register_cb(hostapd_logger_cb); + + os_memset(&eapol_test, 0, sizeof(eapol_test)); diff --git a/package/network/services/hostapd/patches/300-noscan.patch b/package/network/services/hostapd/patches/300-noscan.patch new file mode 100644 index 0000000..57d8fe2 --- /dev/null +++ b/package/network/services/hostapd/patches/300-noscan.patch @@ -0,0 +1,57 @@ +--- a/hostapd/config_file.c ++++ b/hostapd/config_file.c +@@ -2771,6 +2771,10 @@ static int hostapd_config_fill(struct ho + } + #endif /* CONFIG_IEEE80211W */ + #ifdef CONFIG_IEEE80211N ++ } else if (os_strcmp(buf, "noscan") == 0) { ++ conf->noscan = atoi(pos); ++ } else if (os_strcmp(buf, "ht_coex") == 0) { ++ conf->no_ht_coex = !atoi(pos); + } else if (os_strcmp(buf, "ieee80211n") == 0) { + conf->ieee80211n = atoi(pos); + } else if (os_strcmp(buf, "ht_capab") == 0) { +--- a/src/ap/ap_config.h ++++ b/src/ap/ap_config.h +@@ -619,6 +619,8 @@ struct hostapd_config { + + int ht_op_mode_fixed; + u16 ht_capab; ++ int noscan; ++ int no_ht_coex; + int ieee80211n; + int secondary_channel; + int require_ht; +--- a/src/ap/hw_features.c ++++ b/src/ap/hw_features.c +@@ -461,7 +461,7 @@ static int ieee80211n_check_40mhz(struct + struct wpa_driver_scan_params params; + int ret; + +- if (!iface->conf->secondary_channel) ++ if (!iface->conf->secondary_channel || iface->conf->noscan) + return 0; /* HT40 not used */ + + hostapd_set_state(iface, HAPD_IFACE_HT_SCAN); +--- a/src/ap/ieee802_11_ht.c ++++ b/src/ap/ieee802_11_ht.c +@@ -221,6 +221,9 @@ void hostapd_2040_coex_action(struct hos + if (!(iface->conf->ht_capab & HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) + return; + ++ if (iface->conf->noscan || iface->conf->no_ht_coex) ++ return; ++ + if (len < IEEE80211_HDRLEN + 2 + sizeof(*bc_ie)) + return; + +@@ -346,6 +349,9 @@ void ht40_intolerant_add(struct hostapd_ + if (iface->current_mode->mode != HOSTAPD_MODE_IEEE80211G) + return; + ++ if (iface->conf->noscan || iface->conf->no_ht_coex) ++ return; ++ + wpa_printf(MSG_INFO, "HT: Forty MHz Intolerant is set by STA " MACSTR + " in Association Request", MAC2STR(sta->addr)); + diff --git a/package/network/services/hostapd/patches/310-rescan_immediately.patch b/package/network/services/hostapd/patches/310-rescan_immediately.patch new file mode 100644 index 0000000..7be8c32 --- /dev/null +++ b/package/network/services/hostapd/patches/310-rescan_immediately.patch @@ -0,0 +1,11 @@ +--- a/wpa_supplicant/wpa_supplicant.c ++++ b/wpa_supplicant/wpa_supplicant.c +@@ -3249,7 +3249,7 @@ wpa_supplicant_alloc(struct wpa_supplica + if (wpa_s == NULL) + return NULL; + wpa_s->scan_req = INITIAL_SCAN_REQ; +- wpa_s->scan_interval = 5; ++ wpa_s->scan_interval = 1; + wpa_s->new_connection = 1; + wpa_s->parent = parent ? parent : wpa_s; + wpa_s->sched_scanning = 0; diff --git a/package/network/services/hostapd/patches/320-optional_rfkill.patch b/package/network/services/hostapd/patches/320-optional_rfkill.patch new file mode 100644 index 0000000..75b4b07 --- /dev/null +++ b/package/network/services/hostapd/patches/320-optional_rfkill.patch @@ -0,0 +1,61 @@ +--- a/src/drivers/drivers.mak ++++ b/src/drivers/drivers.mak +@@ -34,7 +34,6 @@ NEED_SME=y + NEED_AP_MLME=y + NEED_NETLINK=y + NEED_LINUX_IOCTL=y +-NEED_RFKILL=y + + ifdef CONFIG_LIBNL32 + DRV_LIBS += -lnl-3 +@@ -116,7 +115,6 @@ DRV_WPA_CFLAGS += -DCONFIG_DRIVER_WEXT + CONFIG_WIRELESS_EXTENSION=y + NEED_NETLINK=y + NEED_LINUX_IOCTL=y +-NEED_RFKILL=y + endif + + ifdef CONFIG_DRIVER_NDIS +@@ -142,7 +140,6 @@ endif + ifdef CONFIG_WIRELESS_EXTENSION + DRV_WPA_CFLAGS += -DCONFIG_WIRELESS_EXTENSION + DRV_WPA_OBJS += ../src/drivers/driver_wext.o +-NEED_RFKILL=y + endif + + ifdef NEED_NETLINK +@@ -155,6 +152,7 @@ endif + + ifdef NEED_RFKILL + DRV_OBJS += ../src/drivers/rfkill.o ++DRV_WPA_CFLAGS += -DCONFIG_RFKILL + endif + + ifdef CONFIG_VLAN_NETLINK +--- a/src/drivers/rfkill.h ++++ b/src/drivers/rfkill.h +@@ -18,8 +18,24 @@ struct rfkill_config { + void (*unblocked_cb)(void *ctx); + }; + ++#ifdef CONFIG_RFKILL + struct rfkill_data * rfkill_init(struct rfkill_config *cfg); + void rfkill_deinit(struct rfkill_data *rfkill); + int rfkill_is_blocked(struct rfkill_data *rfkill); ++#else ++static inline struct rfkill_data * rfkill_init(struct rfkill_config *cfg) ++{ ++ return (void *) 1; ++} ++ ++static inline void rfkill_deinit(struct rfkill_data *rfkill) ++{ ++} ++ ++static inline int rfkill_is_blocked(struct rfkill_data *rfkill) ++{ ++ return 0; ++} ++#endif + + #endif /* RFKILL_H */ diff --git a/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch b/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch new file mode 100644 index 0000000..dd90877 --- /dev/null +++ b/package/network/services/hostapd/patches/330-nl80211_fix_set_freq.patch @@ -0,0 +1,11 @@ +--- a/src/drivers/driver_nl80211.c ++++ b/src/drivers/driver_nl80211.c +@@ -3616,7 +3616,7 @@ static int nl80211_set_channel(struct i8 + freq->freq, freq->ht_enabled, freq->vht_enabled, + freq->bandwidth, freq->center_freq1, freq->center_freq2); + +- msg = nl80211_drv_msg(drv, 0, set_chan ? NL80211_CMD_SET_CHANNEL : ++ msg = nl80211_bss_msg(bss, 0, set_chan ? NL80211_CMD_SET_CHANNEL : + NL80211_CMD_SET_WIPHY); + if (!msg || nl80211_put_freq_params(msg, freq) < 0) { + nlmsg_free(msg); diff --git a/package/network/services/hostapd/patches/340-reload_freq_change.patch b/package/network/services/hostapd/patches/340-reload_freq_change.patch new file mode 100644 index 0000000..91b6196 --- /dev/null +++ b/package/network/services/hostapd/patches/340-reload_freq_change.patch @@ -0,0 +1,44 @@ +--- a/src/ap/hostapd.c ++++ b/src/ap/hostapd.c +@@ -76,6 +76,16 @@ static void hostapd_reload_bss(struct ho + #endif /* CONFIG_NO_RADIUS */ + + ssid = &hapd->conf->ssid; ++ ++ hostapd_set_freq(hapd, hapd->iconf->hw_mode, hapd->iface->freq, ++ hapd->iconf->channel, ++ hapd->iconf->ieee80211n, ++ hapd->iconf->ieee80211ac, ++ hapd->iconf->secondary_channel, ++ hapd->iconf->vht_oper_chwidth, ++ hapd->iconf->vht_oper_centr_freq_seg0_idx, ++ hapd->iconf->vht_oper_centr_freq_seg1_idx); ++ + if (!ssid->wpa_psk_set && ssid->wpa_psk && !ssid->wpa_psk->next && + ssid->wpa_passphrase_set && ssid->wpa_passphrase) { + /* +@@ -175,21 +185,12 @@ int hostapd_reload_config(struct hostapd + oldconf = hapd->iconf; + iface->conf = newconf; + ++ if (iface->conf->channel) ++ iface->freq = hostapd_hw_get_freq(hapd, iface->conf->channel); ++ + for (j = 0; j < iface->num_bss; j++) { + hapd = iface->bss[j]; + hapd->iconf = newconf; +- hapd->iconf->channel = oldconf->channel; +- hapd->iconf->acs = oldconf->acs; +- hapd->iconf->secondary_channel = oldconf->secondary_channel; +- hapd->iconf->ieee80211n = oldconf->ieee80211n; +- hapd->iconf->ieee80211ac = oldconf->ieee80211ac; +- hapd->iconf->ht_capab = oldconf->ht_capab; +- hapd->iconf->vht_capab = oldconf->vht_capab; +- hapd->iconf->vht_oper_chwidth = oldconf->vht_oper_chwidth; +- hapd->iconf->vht_oper_centr_freq_seg0_idx = +- oldconf->vht_oper_centr_freq_seg0_idx; +- hapd->iconf->vht_oper_centr_freq_seg1_idx = +- oldconf->vht_oper_centr_freq_seg1_idx; + hapd->conf = newconf->bss[j]; + hostapd_reload_bss(hapd); + } diff --git a/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch b/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch new file mode 100644 index 0000000..a14fa03 --- /dev/null +++ b/package/network/services/hostapd/patches/350-nl80211_del_beacon_bss.patch @@ -0,0 +1,72 @@ +--- a/src/drivers/driver_nl80211.c ++++ b/src/drivers/driver_nl80211.c +@@ -2254,13 +2254,18 @@ wpa_driver_nl80211_finish_drv_init(struc + } + + +-static int wpa_driver_nl80211_del_beacon(struct wpa_driver_nl80211_data *drv) ++static int wpa_driver_nl80211_del_beacon(struct i802_bss *bss) + { ++ struct wpa_driver_nl80211_data *drv = bss->drv; + struct nl_msg *msg; + ++ if (!bss->beacon_set) ++ return 0; ++ ++ bss->beacon_set = 0; + wpa_printf(MSG_DEBUG, "nl80211: Remove beacon (ifindex=%d)", +- drv->ifindex); +- msg = nl80211_drv_msg(drv, 0, NL80211_CMD_DEL_BEACON); ++ bss->ifindex); ++ msg = nl80211_bss_msg(bss, 0, NL80211_CMD_DEL_BEACON); + return send_and_recv_msgs(drv, msg, NULL, NULL); + } + +@@ -2311,7 +2316,7 @@ static void wpa_driver_nl80211_deinit(st + nl80211_remove_monitor_interface(drv); + + if (is_ap_interface(drv->nlmode)) +- wpa_driver_nl80211_del_beacon(drv); ++ wpa_driver_nl80211_del_beacon(bss); + + if (drv->eapol_sock >= 0) { + eloop_unregister_read_sock(drv->eapol_sock); +@@ -4140,8 +4145,7 @@ static void nl80211_teardown_ap(struct i + nl80211_remove_monitor_interface(drv); + else + nl80211_mgmt_unsubscribe(bss, "AP teardown"); +- +- bss->beacon_set = 0; ++ wpa_driver_nl80211_del_beacon(bss); + } + + +@@ -6066,8 +6070,6 @@ static int wpa_driver_nl80211_if_remove( + } else { + wpa_printf(MSG_DEBUG, "nl80211: First BSS - reassign context"); + nl80211_teardown_ap(bss); +- if (!bss->added_if && !drv->first_bss->next) +- wpa_driver_nl80211_del_beacon(drv); + nl80211_destroy_bss(bss); + if (!bss->added_if) + i802_set_iface_flags(bss, 0); +@@ -6389,8 +6391,7 @@ static int wpa_driver_nl80211_deinit_ap( + struct wpa_driver_nl80211_data *drv = bss->drv; + if (!is_ap_interface(drv->nlmode)) + return -1; +- wpa_driver_nl80211_del_beacon(drv); +- bss->beacon_set = 0; ++ wpa_driver_nl80211_del_beacon(bss); + + /* + * If the P2P GO interface was dynamically added, then it is +@@ -6409,8 +6410,7 @@ static int wpa_driver_nl80211_stop_ap(vo + struct wpa_driver_nl80211_data *drv = bss->drv; + if (!is_ap_interface(drv->nlmode)) + return -1; +- wpa_driver_nl80211_del_beacon(drv); +- bss->beacon_set = 0; ++ wpa_driver_nl80211_del_beacon(bss); + return 0; + } + diff --git a/package/network/services/hostapd/patches/360-ctrl_iface_reload.patch b/package/network/services/hostapd/patches/360-ctrl_iface_reload.patch new file mode 100644 index 0000000..06b005e --- /dev/null +++ b/package/network/services/hostapd/patches/360-ctrl_iface_reload.patch @@ -0,0 +1,104 @@ +--- a/hostapd/ctrl_iface.c ++++ b/hostapd/ctrl_iface.c +@@ -45,6 +45,7 @@ + #include "wps/wps.h" + #include "config_file.h" + #include "ctrl_iface.h" ++#include "config_file.h" + + + struct wpa_ctrl_dst { +@@ -55,6 +56,7 @@ struct wpa_ctrl_dst { + int errors; + }; + ++static char *reload_opts = NULL; + + static void hostapd_ctrl_iface_send(struct hostapd_data *hapd, int level, + const char *buf, size_t len); +@@ -164,6 +166,61 @@ static int hostapd_ctrl_iface_new_sta(st + return 0; + } + ++static char *get_option(char *opt, char *str) ++{ ++ int len = strlen(str); ++ ++ if (!strncmp(opt, str, len)) ++ return opt + len; ++ else ++ return NULL; ++} ++ ++static struct hostapd_config *hostapd_ctrl_iface_config_read(const char *fname) ++{ ++ struct hostapd_config *conf; ++ char *opt, *val; ++ ++ conf = hostapd_config_read(fname); ++ if (!conf) ++ return NULL; ++ ++ for (opt = strtok(reload_opts, " "); ++ opt; ++ opt = strtok(NULL, " ")) { ++ ++ if ((val = get_option(opt, "channel="))) ++ conf->channel = atoi(val); ++ else if ((val = get_option(opt, "ht_capab="))) ++ conf->ht_capab = atoi(val); ++ else if ((val = get_option(opt, "ht_capab_mask="))) ++ conf->ht_capab &= atoi(val); ++ else if ((val = get_option(opt, "sec_chan="))) ++ conf->secondary_channel = atoi(val); ++ else if ((val = get_option(opt, "hw_mode="))) ++ conf->hw_mode = atoi(val); ++ else if ((val = get_option(opt, "ieee80211n="))) ++ conf->ieee80211n = atoi(val); ++ else ++ break; ++ } ++ ++ return conf; ++} ++ ++static int hostapd_ctrl_iface_update(struct hostapd_data *hapd, char *txt) ++{ ++ struct hostapd_config * (*config_read_cb)(const char *config_fname); ++ struct hostapd_iface *iface = hapd->iface; ++ ++ config_read_cb = iface->interfaces->config_read_cb; ++ iface->interfaces->config_read_cb = hostapd_ctrl_iface_config_read; ++ reload_opts = txt; ++ ++ hostapd_reload_config(iface); ++ ++ iface->interfaces->config_read_cb = config_read_cb; ++} + + #ifdef CONFIG_IEEE80211W + #ifdef NEED_AP_MLME +@@ -2086,6 +2143,8 @@ static void hostapd_ctrl_iface_receive(i + } else if (os_strncmp(buf, "VENDOR ", 7) == 0) { + reply_len = hostapd_ctrl_iface_vendor(hapd, buf + 7, reply, + reply_size); ++ } else if (os_strncmp(buf, "UPDATE ", 7) == 0) { ++ hostapd_ctrl_iface_update(hapd, buf + 7); + } else if (os_strcmp(buf, "ERP_FLUSH") == 0) { + ieee802_1x_erp_flush(hapd); + #ifdef RADIUS_SERVER +--- a/src/ap/ctrl_iface_ap.c ++++ b/src/ap/ctrl_iface_ap.c +@@ -541,5 +541,11 @@ int hostapd_parse_csa_settings(const cha + + int hostapd_ctrl_iface_stop_ap(struct hostapd_data *hapd) + { +- return hostapd_drv_stop_ap(hapd); ++ struct hostapd_iface *iface = hapd->iface; ++ int i; ++ ++ for (i = 0; i < iface->num_bss; i++) ++ hostapd_drv_stop_ap(iface->bss[i]); ++ ++ return 0; + } diff --git a/package/network/services/hostapd/patches/370-ap_sta_support.patch b/package/network/services/hostapd/patches/370-ap_sta_support.patch new file mode 100644 index 0000000..ea235e6 --- /dev/null +++ b/package/network/services/hostapd/patches/370-ap_sta_support.patch @@ -0,0 +1,237 @@ +--- a/wpa_supplicant/wpa_supplicant_i.h ++++ b/wpa_supplicant/wpa_supplicant_i.h +@@ -110,6 +110,11 @@ struct wpa_interface { + const char *ifname; + + /** ++ * hostapd_ctrl - path to hostapd control socket for notification ++ */ ++ const char *hostapd_ctrl; ++ ++ /** + * bridge_ifname - Optional bridge interface name + * + * If the driver interface (ifname) is included in a Linux bridge +@@ -442,6 +447,8 @@ struct wpa_supplicant { + #endif /* CONFIG_CTRL_IFACE_DBUS_NEW */ + char bridge_ifname[16]; + ++ struct wpa_ctrl *hostapd; ++ + char *confname; + char *confanother; + +--- a/wpa_supplicant/Makefile ++++ b/wpa_supplicant/Makefile +@@ -14,6 +14,10 @@ CFLAGS += $(EXTRA_CFLAGS) + CFLAGS += -I$(abspath ../src) + CFLAGS += -I$(abspath ../src/utils) + ++ifdef MULTICALL ++CFLAGS += -DMULTICALL ++endif ++ + -include .config + -include $(if $(MULTICALL),../hostapd/.config) + +@@ -84,6 +88,8 @@ OBJS_c += ../src/utils/wpa_debug.o + OBJS_c += ../src/utils/common.o + OBJS += wmm_ac.o + ++OBJS += ../src/common/wpa_ctrl.o ++ + ifndef CONFIG_OS + ifdef CONFIG_NATIVE_WINDOWS + CONFIG_OS=win32 +--- a/wpa_supplicant/wpa_supplicant.c ++++ b/wpa_supplicant/wpa_supplicant.c +@@ -107,6 +107,55 @@ const char *wpa_supplicant_full_license5 + "\n"; + #endif /* CONFIG_NO_STDOUT_DEBUG */ + ++static int hostapd_stop(struct wpa_supplicant *wpa_s) ++{ ++ const char *cmd = "STOP_AP"; ++ char buf[256]; ++ size_t len = sizeof(buf); ++ ++ if (wpa_ctrl_request(wpa_s->hostapd, cmd, os_strlen(cmd), buf, &len, NULL) < 0) { ++ wpa_printf(MSG_ERROR, "\nFailed to stop hostapd AP interfaces\n"); ++ return -1; ++ } ++ return 0; ++} ++ ++static int hostapd_reload(struct wpa_supplicant *wpa_s, struct wpa_bss *bss) ++{ ++ char *cmd = NULL; ++ char buf[256]; ++ size_t len = sizeof(buf); ++ enum hostapd_hw_mode hw_mode; ++ u8 channel; ++ int sec_chan = 0; ++ int ret; ++ ++ if (!bss) ++ return; ++ ++ if (bss->ht_param & HT_INFO_HT_PARAM_STA_CHNL_WIDTH) { ++ int sec = bss->ht_param & HT_INFO_HT_PARAM_SECONDARY_CHNL_OFF_MASK; ++ if (sec == HT_INFO_HT_PARAM_SECONDARY_CHNL_ABOVE) ++ sec_chan = 1; ++ else if (sec == HT_INFO_HT_PARAM_SECONDARY_CHNL_BELOW) ++ sec_chan = -1; ++ } ++ ++ hw_mode = ieee80211_freq_to_chan(bss->freq, &channel); ++ if (asprintf(&cmd, "UPDATE channel=%d sec_chan=%d hw_mode=%d", ++ channel, sec_chan, hw_mode) < 0) ++ return -1; ++ ++ ret = wpa_ctrl_request(wpa_s->hostapd, cmd, os_strlen(cmd), buf, &len, NULL); ++ free(cmd); ++ ++ if (ret < 0) { ++ wpa_printf(MSG_ERROR, "\nFailed to reload hostapd AP interfaces\n"); ++ return -1; ++ } ++ return 0; ++} ++ + /* Configure default/group WEP keys for static WEP */ + int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid) + { +@@ -743,8 +792,12 @@ void wpa_supplicant_set_state(struct wpa + wpas_p2p_completed(wpa_s); + + sme_sched_obss_scan(wpa_s, 1); ++ if (wpa_s->hostapd) ++ hostapd_reload(wpa_s, wpa_s->current_bss); + } else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING || + state == WPA_ASSOCIATED) { ++ if (wpa_s->hostapd) ++ hostapd_stop(wpa_s); + wpa_s->new_connection = 1; + wpa_drv_set_operstate(wpa_s, 0); + #ifndef IEEE8021X_EAPOL +@@ -4038,6 +4091,20 @@ static int wpa_supplicant_init_iface(str + sizeof(wpa_s->bridge_ifname)); + } + ++ if (iface->hostapd_ctrl) { ++ char *cmd = "STOP_AP"; ++ char buf[256]; ++ int len = sizeof(buf); ++ ++ wpa_s->hostapd = wpa_ctrl_open(iface->hostapd_ctrl); ++ if (!wpa_s->hostapd) { ++ wpa_printf(MSG_ERROR, "\nFailed to connect to hostapd\n"); ++ return -1; ++ } ++ if (hostapd_stop(wpa_s) < 0) ++ return -1; ++ } ++ + /* RSNA Supplicant Key Management - INITIALIZE */ + eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE); + eapol_sm_notify_portValid(wpa_s->eapol, FALSE); +@@ -4280,6 +4347,11 @@ static void wpa_supplicant_deinit_iface( + if (terminate) + wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING); + ++ if (wpa_s->hostapd) { ++ wpa_ctrl_close(wpa_s->hostapd); ++ wpa_s->hostapd = NULL; ++ } ++ + if (wpa_s->ctrl_iface) { + wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface); + wpa_s->ctrl_iface = NULL; +--- a/wpa_supplicant/bss.c ++++ b/wpa_supplicant/bss.c +@@ -11,6 +11,7 @@ + #include "utils/common.h" + #include "utils/eloop.h" + #include "common/ieee802_11_defs.h" ++#include "common/ieee802_11_common.h" + #include "drivers/driver.h" + #include "wpa_supplicant_i.h" + #include "config.h" +@@ -277,6 +278,10 @@ static void calculate_update_time(const + static void wpa_bss_copy_res(struct wpa_bss *dst, struct wpa_scan_res *src, + struct os_reltime *fetch_time) + { ++ struct ieee80211_ht_capabilities *capab; ++ struct ieee80211_ht_operation *oper; ++ struct ieee802_11_elems elems; ++ + dst->flags = src->flags; + os_memcpy(dst->bssid, src->bssid, ETH_ALEN); + dst->freq = src->freq; +@@ -289,6 +294,15 @@ static void wpa_bss_copy_res(struct wpa_ + dst->est_throughput = src->est_throughput; + dst->snr = src->snr; + ++ memset(&elems, 0, sizeof(elems)); ++ ieee802_11_parse_elems((u8 *) (src + 1), src->ie_len, &elems, 0); ++ capab = (struct ieee80211_ht_capabilities *) elems.ht_capabilities; ++ oper = (struct ieee80211_ht_operation *) elems.ht_operation; ++ if (capab) ++ dst->ht_capab = le_to_host16(capab->ht_capabilities_info); ++ if (oper) ++ dst->ht_param = oper->ht_param; ++ + calculate_update_time(fetch_time, src->age, &dst->last_update); + } + +--- a/wpa_supplicant/main.c ++++ b/wpa_supplicant/main.c +@@ -33,7 +33,7 @@ static void usage(void) + "vW] [-P<pid file>] " + "[-g<global ctrl>] \\\n" + " [-G<group>] \\\n" +- " -i<ifname> -c<config file> [-C<ctrl>] [-D<driver>] " ++ " -i<ifname> -c<config file> [-C<ctrl>] [-D<driver>] [-H<hostapd path>] " + "[-p<driver_param>] \\\n" + " [-b<br_ifname>] [-e<entropy file>]" + #ifdef CONFIG_DEBUG_FILE +@@ -84,6 +84,7 @@ static void usage(void) + #endif /* CONFIG_DEBUG_LINUX_TRACING */ + printf(" -t = include timestamp in debug messages\n" + " -h = show this help text\n" ++ " -H = connect to a hostapd instance to manage state changes\n" + " -L = show license (BSD)\n" + " -o = override driver parameter for new interfaces\n" + " -O = override ctrl_interface parameter for new interfaces\n" +@@ -175,7 +176,7 @@ int main(int argc, char *argv[]) + + for (;;) { + c = getopt(argc, argv, +- "b:Bc:C:D:de:f:g:G:hi:I:KLm:No:O:p:P:qsTtuvW"); ++ "b:Bc:C:D:de:f:g:G:hH:i:I:KLm:No:O:p:P:qsTtuvW"); + if (c < 0) + break; + switch (c) { +@@ -222,6 +223,9 @@ int main(int argc, char *argv[]) + usage(); + exitcode = 0; + goto out; ++ case 'H': ++ iface->hostapd_ctrl = optarg; ++ break; + case 'i': + iface->ifname = optarg; + break; +--- a/wpa_supplicant/bss.h ++++ b/wpa_supplicant/bss.h +@@ -72,6 +72,10 @@ struct wpa_bss { + u8 ssid[32]; + /** Length of SSID */ + size_t ssid_len; ++ /** HT caapbilities */ ++ u16 ht_capab; ++ /* Five octets of HT Operation Information */ ++ u8 ht_param; + /** Frequency of the channel in MHz (e.g., 2412 = channel 1) */ + int freq; + /** Beacon interval in TUs (host byte order) */ diff --git a/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch b/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch new file mode 100644 index 0000000..3a41b82 --- /dev/null +++ b/package/network/services/hostapd/patches/380-disable_ctrl_iface_mib.patch @@ -0,0 +1,178 @@ +--- a/hostapd/Makefile ++++ b/hostapd/Makefile +@@ -168,6 +168,9 @@ endif + ifdef CONFIG_NO_CTRL_IFACE + CFLAGS += -DCONFIG_NO_CTRL_IFACE + else ++ifdef CONFIG_CTRL_IFACE_MIB ++CFLAGS += -DCONFIG_CTRL_IFACE_MIB ++endif + OBJS += ctrl_iface.o + OBJS += ../src/ap/ctrl_iface_ap.o + endif +--- a/hostapd/ctrl_iface.c ++++ b/hostapd/ctrl_iface.c +@@ -1953,6 +1953,7 @@ static void hostapd_ctrl_iface_receive(i + reply_size); + } else if (os_strcmp(buf, "STATUS-DRIVER") == 0) { + reply_len = hostapd_drv_status(hapd, reply, reply_size); ++#ifdef CONFIG_CTRL_IFACE_MIB + } else if (os_strcmp(buf, "MIB") == 0) { + reply_len = ieee802_11_get_mib(hapd, reply, reply_size); + if (reply_len >= 0) { +@@ -1994,6 +1995,7 @@ static void hostapd_ctrl_iface_receive(i + } else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) { + reply_len = hostapd_ctrl_iface_sta_next(hapd, buf + 9, reply, + reply_size); ++#endif + } else if (os_strcmp(buf, "ATTACH") == 0) { + if (hostapd_ctrl_iface_attach(hapd, &from, fromlen)) + reply_len = -1; +--- a/wpa_supplicant/Makefile ++++ b/wpa_supplicant/Makefile +@@ -837,6 +837,9 @@ ifdef CONFIG_WNM + OBJS += ../src/ap/wnm_ap.o + endif + ifdef CONFIG_CTRL_IFACE ++ifdef CONFIG_CTRL_IFACE_MIB ++CFLAGS += -DCONFIG_CTRL_IFACE_MIB ++endif + OBJS += ../src/ap/ctrl_iface_ap.o + endif + +--- a/wpa_supplicant/ctrl_iface.c ++++ b/wpa_supplicant/ctrl_iface.c +@@ -1795,7 +1795,7 @@ static int wpa_supplicant_ctrl_iface_sta + pos += ret; + } + +-#ifdef CONFIG_AP ++#if defined(CONFIG_AP) && defined(CONFIG_CTRL_IFACE_MIB) + if (wpa_s->ap_iface) { + pos += ap_ctrl_iface_wpa_get_status(wpa_s, pos, + end - pos, +@@ -7896,6 +7896,7 @@ char * wpa_supplicant_ctrl_iface_process + reply_len = -1; + } else if (os_strncmp(buf, "NOTE ", 5) == 0) { + wpa_printf(MSG_INFO, "NOTE: %s", buf + 5); ++#ifdef CONFIG_CTRL_IFACE_MIB + } else if (os_strcmp(buf, "MIB") == 0) { + reply_len = wpa_sm_get_mib(wpa_s->wpa, reply, reply_size); + if (reply_len >= 0) { +@@ -7903,6 +7904,7 @@ char * wpa_supplicant_ctrl_iface_process + reply + reply_len, + reply_size - reply_len); + } ++#endif + } else if (os_strncmp(buf, "STATUS", 6) == 0) { + reply_len = wpa_supplicant_ctrl_iface_status( + wpa_s, buf + 6, reply, reply_size); +@@ -8353,6 +8355,7 @@ char * wpa_supplicant_ctrl_iface_process + reply_len = wpa_supplicant_ctrl_iface_bss( + wpa_s, buf + 4, reply, reply_size); + #ifdef CONFIG_AP ++#ifdef CONFIG_CTRL_IFACE_MIB + } else if (os_strcmp(buf, "STA-FIRST") == 0) { + reply_len = ap_ctrl_iface_sta_first(wpa_s, reply, reply_size); + } else if (os_strncmp(buf, "STA ", 4) == 0) { +@@ -8361,12 +8364,15 @@ char * wpa_supplicant_ctrl_iface_process + } else if (os_strncmp(buf, "STA-NEXT ", 9) == 0) { + reply_len = ap_ctrl_iface_sta_next(wpa_s, buf + 9, reply, + reply_size); ++#endif ++#ifdef CONFIG_CTRL_IFACE_MIB + } else if (os_strncmp(buf, "DEAUTHENTICATE ", 15) == 0) { + if (ap_ctrl_iface_sta_deauthenticate(wpa_s, buf + 15)) + reply_len = -1; + } else if (os_strncmp(buf, "DISASSOCIATE ", 13) == 0) { + if (ap_ctrl_iface_sta_disassociate(wpa_s, buf + 13)) + reply_len = -1; ++#endif + } else if (os_strncmp(buf, "CHAN_SWITCH ", 12) == 0) { + if (ap_ctrl_iface_chanswitch(wpa_s, buf + 12)) + reply_len = -1; +--- a/src/ap/ctrl_iface_ap.c ++++ b/src/ap/ctrl_iface_ap.c +@@ -22,6 +22,7 @@ + #include "ctrl_iface_ap.h" + #include "ap_drv_ops.h" + ++#ifdef CONFIG_CTRL_IFACE_MIB + + static int hostapd_get_sta_tx_rx(struct hostapd_data *hapd, + struct sta_info *sta, +@@ -224,6 +225,7 @@ int hostapd_ctrl_iface_sta_next(struct h + return hostapd_ctrl_iface_sta_mib(hapd, sta->next, buf, buflen); + } + ++#endif + + #ifdef CONFIG_P2P_MANAGER + static int p2p_manager_disconnect(struct hostapd_data *hapd, u16 stype, +--- a/src/ap/ieee802_1x.c ++++ b/src/ap/ieee802_1x.c +@@ -2337,6 +2337,7 @@ static const char * bool_txt(Boolean boo + return bool_val ? "TRUE" : "FALSE"; + } + ++#ifdef CONFIG_CTRL_IFACE_MIB + + int ieee802_1x_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen) + { +@@ -2512,6 +2513,7 @@ int ieee802_1x_get_mib_sta(struct hostap + return len; + } + ++#endif + + static void ieee802_1x_finished(struct hostapd_data *hapd, + struct sta_info *sta, int success, +--- a/src/ap/wpa_auth.c ++++ b/src/ap/wpa_auth.c +@@ -2999,6 +2999,7 @@ static const char * wpa_bool_txt(int boo + return bool ? "TRUE" : "FALSE"; + } + ++#ifdef CONFIG_CTRL_IFACE_MIB + + #define RSN_SUITE "%02x-%02x-%02x-%d" + #define RSN_SUITE_ARG(s) \ +@@ -3143,7 +3144,7 @@ int wpa_get_mib_sta(struct wpa_state_mac + + return len; + } +- ++#endif + + void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth) + { +--- a/src/rsn_supp/wpa.c ++++ b/src/rsn_supp/wpa.c +@@ -2032,6 +2032,8 @@ static u32 wpa_key_mgmt_suite(struct wpa + } + + ++#ifdef CONFIG_CTRL_IFACE_MIB ++ + #define RSN_SUITE "%02x-%02x-%02x-%d" + #define RSN_SUITE_ARG(s) \ + ((s) >> 24) & 0xff, ((s) >> 16) & 0xff, ((s) >> 8) & 0xff, (s) & 0xff +@@ -2115,6 +2117,7 @@ int wpa_sm_get_mib(struct wpa_sm *sm, ch + + return (int) len; + } ++#endif + #endif /* CONFIG_CTRL_IFACE */ + + +--- a/wpa_supplicant/ap.c ++++ b/wpa_supplicant/ap.c +@@ -1015,7 +1015,7 @@ int wpas_ap_wps_nfc_report_handover(stru + #endif /* CONFIG_WPS */ + + +-#ifdef CONFIG_CTRL_IFACE ++#if defined(CONFIG_CTRL_IFACE) && defined(CONFIG_CTRL_IFACE_MIB) + + int ap_ctrl_iface_sta_first(struct wpa_supplicant *wpa_s, + char *buf, size_t buflen) diff --git a/package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch b/package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch new file mode 100644 index 0000000..1065a7f --- /dev/null +++ b/package/network/services/hostapd/patches/390-wpa_ie_cap_workaround.patch @@ -0,0 +1,56 @@ +--- a/src/common/wpa_common.c ++++ b/src/common/wpa_common.c +@@ -1228,6 +1228,31 @@ u32 wpa_akm_to_suite(int akm) + } + + ++static void wpa_fixup_wpa_ie_rsn(u8 *assoc_ie, const u8 *wpa_msg_ie, ++ size_t rsn_ie_len) ++{ ++ int pos, count; ++ ++ pos = sizeof(struct rsn_ie_hdr) + RSN_SELECTOR_LEN; ++ if (rsn_ie_len < pos + 2) ++ return; ++ ++ count = WPA_GET_LE16(wpa_msg_ie + pos); ++ pos += 2 + count * RSN_SELECTOR_LEN; ++ if (rsn_ie_len < pos + 2) ++ return; ++ ++ count = WPA_GET_LE16(wpa_msg_ie + pos); ++ pos += 2 + count * RSN_SELECTOR_LEN; ++ if (rsn_ie_len < pos + 2) ++ return; ++ ++ if (!assoc_ie[pos] && !assoc_ie[pos + 1] && ++ (wpa_msg_ie[pos] || wpa_msg_ie[pos + 1])) ++ memcpy(&assoc_ie[pos], &wpa_msg_ie[pos], 2); ++} ++ ++ + int wpa_compare_rsn_ie(int ft_initial_assoc, + const u8 *ie1, size_t ie1len, + const u8 *ie2, size_t ie2len) +@@ -1235,8 +1260,19 @@ int wpa_compare_rsn_ie(int ft_initial_as + if (ie1 == NULL || ie2 == NULL) + return -1; + +- if (ie1len == ie2len && os_memcmp(ie1, ie2, ie1len) == 0) +- return 0; /* identical IEs */ ++ if (ie1len == ie2len) { ++ u8 *ie_tmp; ++ ++ if (os_memcmp(ie1, ie2, ie1len) == 0) ++ return 0; /* identical IEs */ ++ ++ ie_tmp = alloca(ie1len); ++ memcpy(ie_tmp, ie1, ie1len); ++ wpa_fixup_wpa_ie_rsn(ie_tmp, ie2, ie1len); ++ ++ if (os_memcmp(ie_tmp, ie2, ie1len) == 0) ++ return 0; /* only mismatch in RSN capabilties */ ++ } + + #ifdef CONFIG_IEEE80211R + if (ft_initial_assoc) { diff --git a/package/network/services/hostapd/patches/400-wps_single_auth_enc_type.patch b/package/network/services/hostapd/patches/400-wps_single_auth_enc_type.patch new file mode 100644 index 0000000..083af5b --- /dev/null +++ b/package/network/services/hostapd/patches/400-wps_single_auth_enc_type.patch @@ -0,0 +1,25 @@ +--- a/src/ap/wps_hostapd.c ++++ b/src/ap/wps_hostapd.c +@@ -1052,11 +1052,9 @@ int hostapd_init_wps(struct hostapd_data + + if (conf->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP)) + wps->encr_types |= WPS_ENCR_AES; +- if (conf->rsn_pairwise & WPA_CIPHER_TKIP) ++ else if (conf->rsn_pairwise & WPA_CIPHER_TKIP) + wps->encr_types |= WPS_ENCR_TKIP; +- } +- +- if (conf->wpa & WPA_PROTO_WPA) { ++ } else if (conf->wpa & WPA_PROTO_WPA) { + if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) + wps->auth_types |= WPS_AUTH_WPAPSK; + if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) +@@ -1064,7 +1062,7 @@ int hostapd_init_wps(struct hostapd_data + + if (conf->wpa_pairwise & WPA_CIPHER_CCMP) + wps->encr_types |= WPS_ENCR_AES; +- if (conf->wpa_pairwise & WPA_CIPHER_TKIP) ++ else if (conf->wpa_pairwise & WPA_CIPHER_TKIP) + wps->encr_types |= WPS_ENCR_TKIP; + } + diff --git a/package/network/services/hostapd/patches/410-limit_debug_messages.patch b/package/network/services/hostapd/patches/410-limit_debug_messages.patch new file mode 100644 index 0000000..da88732 --- /dev/null +++ b/package/network/services/hostapd/patches/410-limit_debug_messages.patch @@ -0,0 +1,214 @@ +--- a/src/utils/wpa_debug.c ++++ b/src/utils/wpa_debug.c +@@ -201,7 +201,7 @@ void wpa_debug_close_linux_tracing(void) + * + * Note: New line '\n' is added to the end of the text when printing to stdout. + */ +-void wpa_printf(int level, const char *fmt, ...) ++void _wpa_printf(int level, const char *fmt, ...) + { + va_list ap; + +@@ -248,8 +248,8 @@ void wpa_printf(int level, const char *f + } + + +-static void _wpa_hexdump(int level, const char *title, const u8 *buf, +- size_t len, int show) ++void _wpa_hexdump(int level, const char *title, const u8 *buf, ++ size_t len, int show) + { + size_t i; + +@@ -375,20 +375,8 @@ static void _wpa_hexdump(int level, cons + #endif /* CONFIG_ANDROID_LOG */ + } + +-void wpa_hexdump(int level, const char *title, const void *buf, size_t len) +-{ +- _wpa_hexdump(level, title, buf, len, 1); +-} +- +- +-void wpa_hexdump_key(int level, const char *title, const void *buf, size_t len) +-{ +- _wpa_hexdump(level, title, buf, len, wpa_debug_show_keys); +-} +- +- +-static void _wpa_hexdump_ascii(int level, const char *title, const void *buf, +- size_t len, int show) ++void _wpa_hexdump_ascii(int level, const char *title, const void *buf, ++ size_t len, int show) + { + size_t i, llen; + const u8 *pos = buf; +@@ -495,20 +483,6 @@ static void _wpa_hexdump_ascii(int level + } + + +-void wpa_hexdump_ascii(int level, const char *title, const void *buf, +- size_t len) +-{ +- _wpa_hexdump_ascii(level, title, buf, len, 1); +-} +- +- +-void wpa_hexdump_ascii_key(int level, const char *title, const void *buf, +- size_t len) +-{ +- _wpa_hexdump_ascii(level, title, buf, len, wpa_debug_show_keys); +-} +- +- + #ifdef CONFIG_DEBUG_FILE + static char *last_path = NULL; + #endif /* CONFIG_DEBUG_FILE */ +@@ -602,7 +576,7 @@ void wpa_msg_register_ifname_cb(wpa_msg_ + } + + +-void wpa_msg(void *ctx, int level, const char *fmt, ...) ++void _wpa_msg(void *ctx, int level, const char *fmt, ...) + { + va_list ap; + char *buf; +@@ -640,7 +614,7 @@ void wpa_msg(void *ctx, int level, const + } + + +-void wpa_msg_ctrl(void *ctx, int level, const char *fmt, ...) ++void _wpa_msg_ctrl(void *ctx, int level, const char *fmt, ...) + { + va_list ap; + char *buf; +--- a/src/utils/wpa_debug.h ++++ b/src/utils/wpa_debug.h +@@ -49,6 +49,17 @@ int wpa_debug_reopen_file(void); + void wpa_debug_close_file(void); + void wpa_debug_setup_stdout(void); + ++/* internal */ ++void _wpa_hexdump(int level, const char *title, const u8 *buf, ++ size_t len, int show); ++void _wpa_hexdump_ascii(int level, const char *title, const void *buf, ++ size_t len, int show); ++extern int wpa_debug_show_keys; ++ ++#ifndef CONFIG_MSG_MIN_PRIORITY ++#define CONFIG_MSG_MIN_PRIORITY 0 ++#endif ++ + /** + * wpa_debug_printf_timestamp - Print timestamp for debug output + * +@@ -69,9 +80,15 @@ void wpa_debug_print_timestamp(void); + * + * Note: New line '\n' is added to the end of the text when printing to stdout. + */ +-void wpa_printf(int level, const char *fmt, ...) ++void _wpa_printf(int level, const char *fmt, ...) + PRINTF_FORMAT(2, 3); + ++#define wpa_printf(level, ...) \ ++ do { \ ++ if (level >= CONFIG_MSG_MIN_PRIORITY) \ ++ _wpa_printf(level, __VA_ARGS__); \ ++ } while(0) ++ + /** + * wpa_hexdump - conditional hex dump + * @level: priority level (MSG_*) of the message +@@ -83,7 +100,13 @@ PRINTF_FORMAT(2, 3); + * output may be directed to stdout, stderr, and/or syslog based on + * configuration. The contents of buf is printed out has hex dump. + */ +-void wpa_hexdump(int level, const char *title, const void *buf, size_t len); ++static inline void wpa_hexdump(int level, const char *title, const u8 *buf, size_t len) ++{ ++ if (level < CONFIG_MSG_MIN_PRIORITY) ++ return; ++ ++ _wpa_hexdump(level, title, buf, len, 1); ++} + + static inline void wpa_hexdump_buf(int level, const char *title, + const struct wpabuf *buf) +@@ -105,7 +128,13 @@ static inline void wpa_hexdump_buf(int l + * like wpa_hexdump(), but by default, does not include secret keys (passwords, + * etc.) in debug output. + */ +-void wpa_hexdump_key(int level, const char *title, const void *buf, size_t len); ++static inline void wpa_hexdump_key(int level, const char *title, const u8 *buf, size_t len) ++{ ++ if (level < CONFIG_MSG_MIN_PRIORITY) ++ return; ++ ++ _wpa_hexdump(level, title, buf, len, wpa_debug_show_keys); ++} + + static inline void wpa_hexdump_buf_key(int level, const char *title, + const struct wpabuf *buf) +@@ -127,8 +156,14 @@ static inline void wpa_hexdump_buf_key(i + * the hex numbers and ASCII characters (for printable range) are shown. 16 + * bytes per line will be shown. + */ +-void wpa_hexdump_ascii(int level, const char *title, const void *buf, +- size_t len); ++static inline void wpa_hexdump_ascii(int level, const char *title, ++ const u8 *buf, size_t len) ++{ ++ if (level < CONFIG_MSG_MIN_PRIORITY) ++ return; ++ ++ _wpa_hexdump_ascii(level, title, buf, len, 1); ++} + + /** + * wpa_hexdump_ascii_key - conditional hex dump, hide keys +@@ -144,8 +179,14 @@ void wpa_hexdump_ascii(int level, const + * bytes per line will be shown. This works like wpa_hexdump_ascii(), but by + * default, does not include secret keys (passwords, etc.) in debug output. + */ +-void wpa_hexdump_ascii_key(int level, const char *title, const void *buf, +- size_t len); ++static inline void wpa_hexdump_ascii_key(int level, const char *title, ++ const u8 *buf, size_t len) ++{ ++ if (level < CONFIG_MSG_MIN_PRIORITY) ++ return; ++ ++ _wpa_hexdump_ascii(level, title, buf, len, wpa_debug_show_keys); ++} + + /* + * wpa_dbg() behaves like wpa_msg(), but it can be removed from build to reduce +@@ -181,7 +222,12 @@ void wpa_hexdump_ascii_key(int level, co + * + * Note: New line '\n' is added to the end of the text when printing to stdout. + */ +-void wpa_msg(void *ctx, int level, const char *fmt, ...) PRINTF_FORMAT(3, 4); ++void _wpa_msg(void *ctx, int level, const char *fmt, ...) PRINTF_FORMAT(3, 4); ++#define wpa_msg(ctx, level, ...) \ ++ do { \ ++ if (level >= CONFIG_MSG_MIN_PRIORITY) \ ++ _wpa_msg(ctx, level, __VA_ARGS__); \ ++ } while(0) + + /** + * wpa_msg_ctrl - Conditional printf for ctrl_iface monitors +@@ -195,8 +241,13 @@ void wpa_msg(void *ctx, int level, const + * attached ctrl_iface monitors. In other words, it can be used for frequent + * events that do not need to be sent to syslog. + */ +-void wpa_msg_ctrl(void *ctx, int level, const char *fmt, ...) ++void _wpa_msg_ctrl(void *ctx, int level, const char *fmt, ...) + PRINTF_FORMAT(3, 4); ++#define wpa_msg_ctrl(ctx, level, ...) \ ++ do { \ ++ if (level >= CONFIG_MSG_MIN_PRIORITY) \ ++ _wpa_msg_ctrl(ctx, level, __VA_ARGS__); \ ++ } while(0) + + /** + * wpa_msg_global - Global printf for ctrl_iface monitors diff --git a/package/network/services/hostapd/patches/420-indicate-features.patch b/package/network/services/hostapd/patches/420-indicate-features.patch new file mode 100644 index 0000000..64c92df --- /dev/null +++ b/package/network/services/hostapd/patches/420-indicate-features.patch @@ -0,0 +1,82 @@ +--- a/hostapd/main.c ++++ b/hostapd/main.c +@@ -15,6 +15,7 @@ + #include "utils/common.h" + #include "utils/eloop.h" + #include "utils/uuid.h" ++#include "utils/build_features.h" + #include "crypto/random.h" + #include "crypto/tls.h" + #include "common/version.h" +@@ -567,7 +568,7 @@ int main(int argc, char *argv[]) + + wpa_supplicant_event = hostapd_wpa_event; + for (;;) { +- c = getopt(argc, argv, "b:Bde:f:hKP:Ttu:vg:G:"); ++ c = getopt(argc, argv, "b:Bde:f:hKP:Ttu:g:G:v::"); + if (c < 0) + break; + switch (c) { +@@ -604,6 +605,8 @@ int main(int argc, char *argv[]) + break; + #endif /* CONFIG_DEBUG_LINUX_TRACING */ + case 'v': ++ if (optarg) ++ exit(!has_feature(optarg)); + show_version(); + exit(1); + break; +--- a/wpa_supplicant/main.c ++++ b/wpa_supplicant/main.c +@@ -12,6 +12,7 @@ + #endif /* __linux__ */ + + #include "common.h" ++#include "build_features.h" + #include "wpa_supplicant_i.h" + #include "driver_i.h" + #include "p2p_supplicant.h" +@@ -176,7 +177,7 @@ int main(int argc, char *argv[]) + + for (;;) { + c = getopt(argc, argv, +- "b:Bc:C:D:de:f:g:G:hH:i:I:KLm:No:O:p:P:qsTtuvW"); ++ "b:Bc:C:D:de:f:g:G:hH:i:I:KLm:No:O:p:P:qsTtuv::W"); + if (c < 0) + break; + switch (c) { +@@ -279,8 +280,12 @@ int main(int argc, char *argv[]) + break; + #endif /* CONFIG_DBUS */ + case 'v': +- printf("%s\n", wpa_supplicant_version); +- exitcode = 0; ++ if (optarg) { ++ exitcode = !has_feature(optarg); ++ } else { ++ printf("%s\n", wpa_supplicant_version); ++ exitcode = 0; ++ } + goto out; + case 'W': + params.wait_for_monitor++; +--- /dev/null ++++ b/src/utils/build_features.h +@@ -0,0 +1,17 @@ ++#ifndef BUILD_FEATURES_H ++#define BUILD_FEATURES_H ++ ++static inline int has_feature(const char *feat) ++{ ++#ifdef IEEE8021X_EAPOL ++ if (!strcmp(feat, "eap")) ++ return 1; ++#endif ++#ifdef IEEE80211N ++ if (!strcmp(feat, "11n")) ++ return 1; ++#endif ++ return 0; ++} ++ ++#endif /* BUILD_FEATURES_H */ diff --git a/package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch b/package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch new file mode 100644 index 0000000..85d2e16 --- /dev/null +++ b/package/network/services/hostapd/patches/430-hostapd_cli_ifdef.patch @@ -0,0 +1,50 @@ +--- a/hostapd/hostapd_cli.c ++++ b/hostapd/hostapd_cli.c +@@ -67,7 +67,6 @@ static const char *commands_help = + #ifdef CONFIG_IEEE80211W + " sa_query <addr> send SA Query to a station\n" + #endif /* CONFIG_IEEE80211W */ +-#ifdef CONFIG_WPS + " wps_pin <uuid> <pin> [timeout] [addr] add WPS Enrollee PIN\n" + " wps_check_pin <PIN> verify PIN checksum\n" + " wps_pbc indicate button pushed to initiate PBC\n" +@@ -80,7 +79,6 @@ static const char *commands_help = + " wps_ap_pin <cmd> [params..] enable/disable AP PIN\n" + " wps_config <SSID> <auth> <encr> <key> configure AP\n" + " wps_get_status show current WPS status\n" +-#endif /* CONFIG_WPS */ + " get_config show current configuration\n" + " help show this usage help\n" + " interface [ifname] show interfaces/select interface\n" +@@ -353,7 +351,6 @@ static int hostapd_cli_cmd_sa_query(stru + #endif /* CONFIG_IEEE80211W */ + + +-#ifdef CONFIG_WPS + static int hostapd_cli_cmd_wps_pin(struct wpa_ctrl *ctrl, int argc, + char *argv[]) + { +@@ -579,7 +576,6 @@ static int hostapd_cli_cmd_wps_config(st + ssid_hex, argv[1]); + return wpa_ctrl_command(ctrl, buf); + } +-#endif /* CONFIG_WPS */ + + + static int hostapd_cli_cmd_disassoc_imminent(struct wpa_ctrl *ctrl, int argc, +@@ -1027,7 +1023,6 @@ static struct hostapd_cli_cmd hostapd_cl + #ifdef CONFIG_IEEE80211W + { "sa_query", hostapd_cli_cmd_sa_query }, + #endif /* CONFIG_IEEE80211W */ +-#ifdef CONFIG_WPS + { "wps_pin", hostapd_cli_cmd_wps_pin }, + { "wps_check_pin", hostapd_cli_cmd_wps_check_pin }, + { "wps_pbc", hostapd_cli_cmd_wps_pbc }, +@@ -1041,7 +1036,6 @@ static struct hostapd_cli_cmd hostapd_cl + { "wps_ap_pin", hostapd_cli_cmd_wps_ap_pin }, + { "wps_config", hostapd_cli_cmd_wps_config }, + { "wps_get_status", hostapd_cli_cmd_wps_get_status }, +-#endif /* CONFIG_WPS */ + { "disassoc_imminent", hostapd_cli_cmd_disassoc_imminent }, + { "ess_disassoc", hostapd_cli_cmd_ess_disassoc }, + { "bss_tm_req", hostapd_cli_cmd_bss_tm_req }, diff --git a/package/network/services/hostapd/patches/431-wpa_cli_ifdef.patch b/package/network/services/hostapd/patches/431-wpa_cli_ifdef.patch new file mode 100644 index 0000000..874ff4b --- /dev/null +++ b/package/network/services/hostapd/patches/431-wpa_cli_ifdef.patch @@ -0,0 +1,13 @@ +--- a/wpa_supplicant/wpa_cli.c ++++ b/wpa_supplicant/wpa_cli.c +@@ -26,6 +26,10 @@ + #endif /* ANDROID */ + + ++#ifndef CONFIG_P2P ++#define CONFIG_P2P ++#endif ++ + static const char *wpa_cli_version = + "wpa_cli v" VERSION_STR "\n" + "Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi> and contributors"; diff --git a/package/network/services/hostapd/patches/440-max_num_sta_probe.patch b/package/network/services/hostapd/patches/440-max_num_sta_probe.patch new file mode 100644 index 0000000..74aef26 --- /dev/null +++ b/package/network/services/hostapd/patches/440-max_num_sta_probe.patch @@ -0,0 +1,13 @@ +--- a/src/ap/beacon.c ++++ b/src/ap/beacon.c +@@ -664,6 +664,10 @@ void handle_probe_req(struct hostapd_dat + return; + } + ++ if (!sta && hapd->num_sta >= hapd->conf->max_num_sta) ++ wpa_printf(MSG_MSGDUMP, "Probe Request from " MACSTR " ignored," ++ " too many connected stations.", MAC2STR(mgmt->sa)); ++ + #ifdef CONFIG_INTERWORKING + if (hapd->conf->interworking && + elems.interworking && elems.interworking_len >= 1) { diff --git a/package/network/services/hostapd/patches/450-scan_wait.patch b/package/network/services/hostapd/patches/450-scan_wait.patch new file mode 100644 index 0000000..87ebd45 --- /dev/null +++ b/package/network/services/hostapd/patches/450-scan_wait.patch @@ -0,0 +1,66 @@ +--- a/hostapd/main.c ++++ b/hostapd/main.c +@@ -36,6 +36,8 @@ struct hapd_global { + }; + + static struct hapd_global global; ++static int daemonize = 0; ++static char *pid_file = NULL; + + + #ifndef CONFIG_NO_HOSTAPD_LOGGER +@@ -142,6 +144,14 @@ static void hostapd_logger_cb(void *ctx, + } + #endif /* CONFIG_NO_HOSTAPD_LOGGER */ + ++static void hostapd_setup_complete_cb(void *ctx) ++{ ++ if (daemonize && os_daemonize(pid_file)) { ++ perror("daemon"); ++ return; ++ } ++ daemonize = 0; ++} + + /** + * hostapd_driver_init - Preparate driver interface +@@ -160,6 +170,8 @@ static int hostapd_driver_init(struct ho + return -1; + } + ++ hapd->setup_complete_cb = hostapd_setup_complete_cb; ++ + /* Initialize the driver interface */ + if (!(b[0] | b[1] | b[2] | b[3] | b[4] | b[5])) + b = NULL; +@@ -381,8 +393,6 @@ static void hostapd_global_deinit(const + #endif /* CONFIG_NATIVE_WINDOWS */ + + eap_server_unregister_methods(); +- +- os_daemonize_terminate(pid_file); + } + + +@@ -408,11 +418,6 @@ static int hostapd_global_run(struct hap + } + #endif /* EAP_SERVER_TNC */ + +- if (daemonize && os_daemonize(pid_file)) { +- wpa_printf(MSG_ERROR, "daemon: %s", strerror(errno)); +- return -1; +- } +- + eloop_run(); + + return 0; +@@ -542,8 +547,7 @@ int main(int argc, char *argv[]) + struct hapd_interfaces interfaces; + int ret = 1; + size_t i, j; +- int c, debug = 0, daemonize = 0; +- char *pid_file = NULL; ++ int c, debug = 0; + const char *log_file = NULL; + const char *entropy_file = NULL; + char **bss_config = NULL, **tmp_bss; diff --git a/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch b/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch new file mode 100644 index 0000000..217e701 --- /dev/null +++ b/package/network/services/hostapd/patches/460-wpa_supplicant-add-new-config-params-to-be-used-with.patch @@ -0,0 +1,188 @@ +From 4bb69d15477e0f2b00e166845341dc933de47c58 Mon Sep 17 00:00:00 2001 +From: Antonio Quartulli <ordex@autistici.org> +Date: Sun, 3 Jun 2012 18:22:56 +0200 +Subject: [PATCHv2 601/602] wpa_supplicant: add new config params to be used + with the ibss join command + +Signed-hostap: Antonio Quartulli <ordex@autistici.org> +--- + src/drivers/driver.h | 6 +++ + wpa_supplicant/config.c | 96 +++++++++++++++++++++++++++++++++++++++ + wpa_supplicant/config_ssid.h | 6 +++ + wpa_supplicant/wpa_supplicant.c | 23 +++++++--- + 4 files changed, 124 insertions(+), 7 deletions(-) + +--- a/src/drivers/driver.h ++++ b/src/drivers/driver.h +@@ -19,6 +19,7 @@ + + #define WPA_SUPPLICANT_DRIVER_VERSION 4 + ++#include "drivers/nl80211_copy.h" + #include "common/defs.h" + #include "utils/list.h" + +@@ -538,6 +539,9 @@ struct wpa_driver_associate_params { + * responsible for selecting with which BSS to associate. */ + const u8 *bssid; + ++ unsigned char rates[NL80211_MAX_SUPP_RATES]; ++ int mcast_rate; ++ + /** + * bssid_hint - BSSID of a proposed AP + * +--- a/wpa_supplicant/config.c ++++ b/wpa_supplicant/config.c +@@ -15,6 +15,7 @@ + #include "rsn_supp/wpa.h" + #include "eap_peer/eap.h" + #include "p2p/p2p.h" ++#include "drivers/nl80211_copy.h" + #include "config.h" + + +@@ -1722,6 +1723,97 @@ static char * wpa_config_write_mesh_basi + #endif /* CONFIG_MESH */ + + ++static int wpa_config_parse_mcast_rate(const struct parse_data *data, ++ struct wpa_ssid *ssid, int line, ++ const char *value) ++{ ++ ssid->mcast_rate = (int)(strtod(value, NULL) * 10); ++ ++ return 0; ++} ++ ++#ifndef NO_CONFIG_WRITE ++static char * wpa_config_write_mcast_rate(const struct parse_data *data, ++ struct wpa_ssid *ssid) ++{ ++ char *value; ++ int res; ++ ++ if (!ssid->mcast_rate == 0) ++ return NULL; ++ ++ value = os_malloc(6); /* longest: 300.0 */ ++ if (value == NULL) ++ return NULL; ++ res = os_snprintf(value, 5, "%.1f", (double)ssid->mcast_rate / 10); ++ if (res < 0) { ++ os_free(value); ++ return NULL; ++ } ++ return value; ++} ++#endif /* NO_CONFIG_WRITE */ ++ ++static int wpa_config_parse_rates(const struct parse_data *data, ++ struct wpa_ssid *ssid, int line, ++ const char *value) ++{ ++ int i; ++ char *pos, *r, *sptr, *end; ++ double rate; ++ ++ pos = (char *)value; ++ r = strtok_r(pos, ",", &sptr); ++ i = 0; ++ while (pos && i < NL80211_MAX_SUPP_RATES) { ++ rate = 0.0; ++ if (r) ++ rate = strtod(r, &end); ++ ssid->rates[i] = rate * 2; ++ if (*end != '\0' || rate * 2 != ssid->rates[i]) ++ return 1; ++ ++ i++; ++ r = strtok_r(NULL, ",", &sptr); ++ } ++ ++ return 0; ++} ++ ++#ifndef NO_CONFIG_WRITE ++static char * wpa_config_write_rates(const struct parse_data *data, ++ struct wpa_ssid *ssid) ++{ ++ char *value, *pos; ++ int res, i; ++ ++ if (ssid->rates[0] <= 0) ++ return NULL; ++ ++ value = os_malloc(6 * NL80211_MAX_SUPP_RATES + 1); ++ if (value == NULL) ++ return NULL; ++ pos = value; ++ for (i = 0; i < NL80211_MAX_SUPP_RATES - 1; i++) { ++ res = os_snprintf(pos, 6, "%.1f,", (double)ssid->rates[i] / 2); ++ if (res < 0) { ++ os_free(value); ++ return NULL; ++ } ++ pos += res; ++ } ++ res = os_snprintf(pos, 6, "%.1f", ++ (double)ssid->rates[NL80211_MAX_SUPP_RATES - 1] / 2); ++ if (res < 0) { ++ os_free(value); ++ return NULL; ++ } ++ ++ value[6 * NL80211_MAX_SUPP_RATES] = '\0'; ++ return value; ++} ++#endif /* NO_CONFIG_WRITE */ ++ + /* Helper macros for network block parser */ + + #ifdef OFFSET +@@ -1947,6 +2039,9 @@ static const struct parse_data ssid_fiel + { INT(ap_max_inactivity) }, + { INT(dtim_period) }, + { INT(beacon_int) }, ++ { INT_RANGE(fixed_freq, 0, 1) }, ++ { FUNC(rates) }, ++ { FUNC(mcast_rate) }, + #ifdef CONFIG_MACSEC + { INT_RANGE(macsec_policy, 0, 1) }, + #endif /* CONFIG_MACSEC */ +--- a/wpa_supplicant/config_ssid.h ++++ b/wpa_supplicant/config_ssid.h +@@ -12,6 +12,7 @@ + #include "common/defs.h" + #include "utils/list.h" + #include "eap_peer/eap_config.h" ++#include "drivers/nl80211_copy.h" + + #define MAX_SSID_LEN 32 + +@@ -675,6 +676,9 @@ struct wpa_ssid { + */ + void *parent_cred; + ++ unsigned char rates[NL80211_MAX_SUPP_RATES]; ++ double mcast_rate; ++ + #ifdef CONFIG_MACSEC + /** + * macsec_policy - Determines the policy for MACsec secure session +--- a/wpa_supplicant/wpa_supplicant.c ++++ b/wpa_supplicant/wpa_supplicant.c +@@ -2266,6 +2266,13 @@ static void wpas_start_assoc_cb(struct w + params.beacon_int = ssid->beacon_int; + else + params.beacon_int = wpa_s->conf->beacon_int; ++ params.fixed_freq = ssid->fixed_freq; ++ i = 0; ++ while (i < NL80211_MAX_SUPP_RATES) { ++ params.rates[i] = ssid->rates[i]; ++ i++; ++ } ++ params.mcast_rate = ssid->mcast_rate; + } + + params.wpa_ie = wpa_ie; diff --git a/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch b/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch new file mode 100644 index 0000000..730cc31 --- /dev/null +++ b/package/network/services/hostapd/patches/461-driver_nl80211-use-new-parameters-during-ibss-join.patch @@ -0,0 +1,59 @@ +From ffc4445958a3ed4064f2e1bf73fa478a61c5cf7b Mon Sep 17 00:00:00 2001 +From: Antonio Quartulli <ordex@autistici.org> +Date: Sun, 3 Jun 2012 18:42:25 +0200 +Subject: [PATCHv2 602/602] driver_nl80211: use new parameters during ibss join + +Signed-hostap: Antonio Quartulli <ordex@autistici.org> +--- + src/drivers/driver_nl80211.c | 33 ++++++++++++++++++++++++++++++++- + 1 file changed, 32 insertions(+), 1 deletion(-) + +--- a/src/drivers/driver_nl80211.c ++++ b/src/drivers/driver_nl80211.c +@@ -4398,7 +4398,7 @@ static int wpa_driver_nl80211_ibss(struc + struct wpa_driver_associate_params *params) + { + struct nl_msg *msg; +- int ret = -1; ++ int ret = -1, i; + int count = 0; + + wpa_printf(MSG_DEBUG, "nl80211: Join IBSS (ifindex=%d)", drv->ifindex); +@@ -4425,6 +4425,37 @@ retry: + nl80211_put_beacon_int(msg, params->beacon_int)) + goto fail; + ++ if (params->fixed_freq) { ++ wpa_printf(MSG_DEBUG, " * fixed_freq"); ++ nla_put_flag(msg, NL80211_ATTR_FREQ_FIXED); ++ } ++ ++ if (params->beacon_int > 0) { ++ wpa_printf(MSG_DEBUG, " * beacon_int=%d", ++ params->beacon_int); ++ nla_put_u32(msg, NL80211_ATTR_BEACON_INTERVAL, ++ params->beacon_int); ++ } ++ ++ if (params->rates[0] > 0) { ++ wpa_printf(MSG_DEBUG, " * basic_rates:"); ++ i = 0; ++ while (i < NL80211_MAX_SUPP_RATES && ++ params->rates[i] > 0) { ++ wpa_printf(MSG_DEBUG, " %.1f", ++ (double)params->rates[i] / 2); ++ i++; ++ } ++ nla_put(msg, NL80211_ATTR_BSS_BASIC_RATES, i, ++ params->rates); ++ } ++ ++ if (params->mcast_rate > 0) { ++ wpa_printf(MSG_DEBUG, " * mcast_rate=%.1f", ++ (double)params->mcast_rate / 10); ++ nla_put_u32(msg, NL80211_ATTR_MCAST_RATE, params->mcast_rate); ++ } ++ + ret = nl80211_set_conn_keys(params, msg); + if (ret) + goto fail; diff --git a/package/network/services/hostapd/patches/462-wpa_s-support-htmode-param.patch b/package/network/services/hostapd/patches/462-wpa_s-support-htmode-param.patch new file mode 100644 index 0000000..30bb2dc --- /dev/null +++ b/package/network/services/hostapd/patches/462-wpa_s-support-htmode-param.patch @@ -0,0 +1,156 @@ +From b9329c5dfeed7d5c55d2117d8dfe326fc40c8fb1 Mon Sep 17 00:00:00 2001 +From: Antonio Quartulli <ordex@autistici.org> +Date: Tue, 3 Jul 2012 00:36:24 +0200 +Subject: [PATCH] wpa_s: support htmode param + +possible values are HT20, HT40-, HT40+ and NOHT + +Signed-off-by: Antonio Quartulli <ordex@autistici.org> +--- + src/drivers/driver.h | 2 ++ + src/drivers/driver_nl80211.c | 16 ++++++++++ + wpa_supplicant/config.c | 66 +++++++++++++++++++++++++++++++++++++++ + wpa_supplicant/config_ssid.h | 2 ++ + wpa_supplicant/wpa_supplicant.c | 2 ++ + 5 files changed, 88 insertions(+) + +--- a/src/drivers/driver.h ++++ b/src/drivers/driver.h +@@ -541,6 +541,8 @@ struct wpa_driver_associate_params { + + unsigned char rates[NL80211_MAX_SUPP_RATES]; + int mcast_rate; ++ int ht_set; ++ unsigned int htmode; + + /** + * bssid_hint - BSSID of a proposed AP +--- a/src/drivers/driver_nl80211.c ++++ b/src/drivers/driver_nl80211.c +@@ -4456,6 +4456,22 @@ retry: + nla_put_u32(msg, NL80211_ATTR_MCAST_RATE, params->mcast_rate); + } + ++ if (params->ht_set) { ++ switch(params->htmode) { ++ case NL80211_CHAN_HT20: ++ wpa_printf(MSG_DEBUG, " * ht=HT20"); ++ break; ++ case NL80211_CHAN_HT40PLUS: ++ wpa_printf(MSG_DEBUG, " * ht=HT40+"); ++ break; ++ case NL80211_CHAN_HT40MINUS: ++ wpa_printf(MSG_DEBUG, " * ht=HT40-"); ++ break; ++ } ++ nla_put_u32(msg, NL80211_ATTR_WIPHY_CHANNEL_TYPE, ++ params->htmode); ++ } ++ + ret = nl80211_set_conn_keys(params, msg); + if (ret) + goto fail; +--- a/wpa_supplicant/config.c ++++ b/wpa_supplicant/config.c +@@ -1754,6 +1754,71 @@ static char * wpa_config_write_mcast_rat + } + #endif /* NO_CONFIG_WRITE */ + ++static int wpa_config_parse_htmode(const struct parse_data *data, ++ struct wpa_ssid *ssid, int line, ++ const char *value) ++{ ++ int i; ++ static const struct { ++ const char *name; ++ unsigned int val; ++ } htmap[] = { ++ { .name = "HT20", .val = NL80211_CHAN_HT20, }, ++ { .name = "HT40+", .val = NL80211_CHAN_HT40PLUS, }, ++ { .name = "HT40-", .val = NL80211_CHAN_HT40MINUS, }, ++ { .name = "NOHT", .val = NL80211_CHAN_NO_HT, }, ++ }; ++ ssid->ht_set = 0;; ++ for (i = 0; i < 4; i++) { ++ if (strcasecmp(htmap[i].name, value) == 0) { ++ ssid->htmode = htmap[i].val; ++ ssid->ht_set = 1; ++ break; ++ } ++ } ++ ++ return 0; ++} ++ ++#ifndef NO_CONFIG_WRITE ++static char * wpa_config_write_htmode(const struct parse_data *data, ++ struct wpa_ssid *ssid) ++{ ++ char *value; ++ int res; ++ ++ value = os_malloc(6); /* longest: HT40+ */ ++ if (value == NULL) ++ return NULL; ++ ++ switch(ssid->htmode) { ++ case NL80211_CHAN_HT20: ++ res = os_snprintf(value, 4, "HT20"); ++ break; ++ case NL80211_CHAN_HT40PLUS: ++ res = os_snprintf(value, 5, "HT40+"); ++ break; ++ case NL80211_CHAN_HT40MINUS: ++ res = os_snprintf(value, 5, "HT40-"); ++ break; ++ case NL80211_CHAN_NO_HT: ++ res = os_snprintf(value, 4, "NOHT"); ++ break; ++ default: ++ os_free(value); ++ return NULL; ++ } ++ ++ if (res < 0) { ++ os_free(value); ++ return NULL; ++ } ++ ++ return value; ++} ++#endif /* NO_CONFIG_WRITE */ ++ ++ + static int wpa_config_parse_rates(const struct parse_data *data, + struct wpa_ssid *ssid, int line, + const char *value) +@@ -2042,6 +2107,7 @@ static const struct parse_data ssid_fiel + { INT_RANGE(fixed_freq, 0, 1) }, + { FUNC(rates) }, + { FUNC(mcast_rate) }, ++ { FUNC(htmode) }, + #ifdef CONFIG_MACSEC + { INT_RANGE(macsec_policy, 0, 1) }, + #endif /* CONFIG_MACSEC */ +--- a/wpa_supplicant/config_ssid.h ++++ b/wpa_supplicant/config_ssid.h +@@ -678,6 +678,8 @@ struct wpa_ssid { + + unsigned char rates[NL80211_MAX_SUPP_RATES]; + double mcast_rate; ++ int ht_set; ++ unsigned int htmode; + + #ifdef CONFIG_MACSEC + /** +--- a/wpa_supplicant/wpa_supplicant.c ++++ b/wpa_supplicant/wpa_supplicant.c +@@ -2273,6 +2273,8 @@ static void wpas_start_assoc_cb(struct w + i++; + } + params.mcast_rate = ssid->mcast_rate; ++ params.ht_set = ssid->ht_set; ++ params.htmode = ssid->htmode; + } + + params.wpa_ie = wpa_ie; diff --git a/package/network/services/hostapd/patches/470-wait-for-nullfunc-longer.patch b/package/network/services/hostapd/patches/470-wait-for-nullfunc-longer.patch new file mode 100644 index 0000000..e6bbddd --- /dev/null +++ b/package/network/services/hostapd/patches/470-wait-for-nullfunc-longer.patch @@ -0,0 +1,11 @@ +--- a/src/ap/sta_info.h ++++ b/src/ap/sta_info.h +@@ -179,7 +179,7 @@ struct sta_info { + * AP_DISASSOC_DELAY seconds. Similarly, the station will be deauthenticated + * after AP_DEAUTH_DELAY seconds has passed after disassociation. */ + #define AP_MAX_INACTIVITY (5 * 60) +-#define AP_DISASSOC_DELAY (1) ++#define AP_DISASSOC_DELAY (3) + #define AP_DEAUTH_DELAY (1) + /* Number of seconds to keep STA entry with Authenticated flag after it has + * been disassociated. */ diff --git a/package/network/services/hostapd/patches/600-ubus_support.patch b/package/network/services/hostapd/patches/600-ubus_support.patch new file mode 100644 index 0000000..df2eac8 --- /dev/null +++ b/package/network/services/hostapd/patches/600-ubus_support.patch @@ -0,0 +1,858 @@ +--- a/hostapd/Makefile ++++ b/hostapd/Makefile +@@ -121,6 +121,11 @@ OBJS += ../src/common/hw_features_common + + OBJS += ../src/eapol_auth/eapol_auth_sm.o + ++ifdef CONFIG_UBUS ++CFLAGS += -DUBUS_SUPPORT ++OBJS += ../src/ap/ubus.o ++LIBS += -lubox -lubus ++endif + + ifdef CONFIG_CODE_COVERAGE + CFLAGS += -O0 -fprofile-arcs -ftest-coverage +--- a/src/ap/hostapd.h ++++ b/src/ap/hostapd.h +@@ -13,6 +13,7 @@ + #include "utils/list.h" + #include "ap_config.h" + #include "drivers/driver.h" ++#include "ubus.h" + + struct wpa_ctrl_dst; + struct radius_server_data; +@@ -103,6 +104,7 @@ struct hostapd_data { + struct hostapd_iface *iface; + struct hostapd_config *iconf; + struct hostapd_bss_config *conf; ++ struct hostapd_ubus_bss ubus; + int interface_added; /* virtual interface added for this BSS */ + unsigned int started:1; + unsigned int disabled:1; +@@ -286,6 +288,8 @@ struct hostapd_iface { + struct hostapd_config *conf; + char phy[16]; /* Name of the PHY (radio) */ + ++ struct hostapd_ubus_iface ubus; ++ + enum hostapd_iface_state { + HAPD_IFACE_UNINITIALIZED, + HAPD_IFACE_DISABLED, +--- /dev/null ++++ b/src/ap/ubus.c +@@ -0,0 +1,511 @@ ++/* ++ * hostapd / ubus support ++ * Copyright (c) 2013, Felix Fietkau <nbd@openwrt.org> ++ * ++ * This software may be distributed under the terms of the BSD license. ++ * See README for more details. ++ */ ++ ++#include "utils/includes.h" ++#include "utils/common.h" ++#include "utils/eloop.h" ++#include "common/ieee802_11_defs.h" ++#include "hostapd.h" ++#include "wps_hostapd.h" ++#include "sta_info.h" ++#include "ubus.h" ++ ++static struct ubus_context *ctx; ++static struct blob_buf b; ++static int ctx_ref; ++ ++static inline struct hostapd_data *get_hapd_from_object(struct ubus_object *obj) ++{ ++ return container_of(obj, struct hostapd_data, ubus.obj); ++} ++ ++ ++struct ubus_banned_client { ++ struct avl_node avl; ++ u8 addr[ETH_ALEN]; ++}; ++ ++static void ubus_receive(int sock, void *eloop_ctx, void *sock_ctx) ++{ ++ struct ubus_context *ctx = eloop_ctx; ++ ubus_handle_event(ctx); ++} ++ ++static void ubus_reconnect_timeout(void *eloop_data, void *user_ctx) ++{ ++ if (ubus_reconnect(ctx, NULL)) { ++ eloop_register_timeout(1, 0, ubus_reconnect_timeout, ctx, NULL); ++ return; ++ } ++ ++ eloop_register_read_sock(ctx->sock.fd, ubus_receive, ctx, NULL); ++} ++ ++static void hostapd_ubus_connection_lost(struct ubus_context *ctx) ++{ ++ eloop_unregister_read_sock(ctx->sock.fd); ++ eloop_register_timeout(1, 0, ubus_reconnect_timeout, ctx, NULL); ++} ++ ++static bool hostapd_ubus_init(void) ++{ ++ if (ctx) ++ return true; ++ ++ ctx = ubus_connect(NULL); ++ if (!ctx) ++ return false; ++ ++ ctx->connection_lost = hostapd_ubus_connection_lost; ++ eloop_register_read_sock(ctx->sock.fd, ubus_receive, ctx, NULL); ++ return true; ++} ++ ++static void hostapd_ubus_ref_inc(void) ++{ ++ ctx_ref++; ++} ++ ++static void hostapd_ubus_ref_dec(void) ++{ ++ ctx_ref--; ++ if (!ctx) ++ return; ++ ++ if (ctx_ref) ++ return; ++ ++ eloop_unregister_read_sock(ctx->sock.fd); ++ ubus_free(ctx); ++ ctx = NULL; ++} ++ ++void hostapd_ubus_add_iface(struct hostapd_iface *iface) ++{ ++ if (!hostapd_ubus_init()) ++ return; ++} ++ ++void hostapd_ubus_free_iface(struct hostapd_iface *iface) ++{ ++ if (!ctx) ++ return; ++} ++ ++static void ++hostapd_bss_del_ban(void *eloop_data, void *user_ctx) ++{ ++ struct ubus_banned_client *ban = eloop_data; ++ struct hostapd_data *hapd = user_ctx; ++ ++ avl_delete(&hapd->ubus.banned, &ban->avl); ++ free(ban); ++} ++ ++static void ++hostapd_bss_ban_client(struct hostapd_data *hapd, u8 *addr, int time) ++{ ++ struct ubus_banned_client *ban; ++ ++ if (time < 0) ++ time = 0; ++ ++ ban = avl_find_element(&hapd->ubus.banned, addr, ban, avl); ++ if (!ban) { ++ if (!time) ++ return; ++ ++ ban = os_zalloc(sizeof(*ban)); ++ memcpy(ban->addr, addr, sizeof(ban->addr)); ++ ban->avl.key = ban->addr; ++ avl_insert(&hapd->ubus.banned, &ban->avl); ++ } else { ++ eloop_cancel_timeout(hostapd_bss_del_ban, ban, hapd); ++ if (!time) { ++ hostapd_bss_del_ban(ban, hapd); ++ return; ++ } ++ } ++ ++ eloop_register_timeout(0, time * 1000, hostapd_bss_del_ban, ban, hapd); ++} ++ ++static int ++hostapd_bss_get_clients(struct ubus_context *ctx, struct ubus_object *obj, ++ struct ubus_request_data *req, const char *method, ++ struct blob_attr *msg) ++{ ++ struct hostapd_data *hapd = container_of(obj, struct hostapd_data, ubus.obj); ++ struct sta_info *sta; ++ void *list, *c; ++ char mac_buf[20]; ++ static const struct { ++ const char *name; ++ uint32_t flag; ++ } sta_flags[] = { ++ { "auth", WLAN_STA_AUTH }, ++ { "assoc", WLAN_STA_ASSOC }, ++ { "authorized", WLAN_STA_AUTHORIZED }, ++ { "preauth", WLAN_STA_PREAUTH }, ++ { "wds", WLAN_STA_WDS }, ++ { "wmm", WLAN_STA_WMM }, ++ { "ht", WLAN_STA_HT }, ++ { "vht", WLAN_STA_VHT }, ++ { "wps", WLAN_STA_WPS }, ++ { "mfp", WLAN_STA_MFP }, ++ }; ++ ++ blob_buf_init(&b, 0); ++ blobmsg_add_u32(&b, "freq", hapd->iface->freq); ++ list = blobmsg_open_table(&b, "clients"); ++ for (sta = hapd->sta_list; sta; sta = sta->next) { ++ int i; ++ ++ sprintf(mac_buf, MACSTR, MAC2STR(sta->addr)); ++ c = blobmsg_open_table(&b, mac_buf); ++ for (i = 0; i < ARRAY_SIZE(sta_flags); i++) ++ blobmsg_add_u8(&b, sta_flags[i].name, ++ !!(sta->flags & sta_flags[i].flag)); ++ blobmsg_add_u32(&b, "aid", sta->aid); ++ blobmsg_close_table(&b, c); ++ } ++ blobmsg_close_array(&b, list); ++ ubus_send_reply(ctx, req, b.head); ++ ++ return 0; ++} ++ ++enum { ++ DEL_CLIENT_ADDR, ++ DEL_CLIENT_REASON, ++ DEL_CLIENT_DEAUTH, ++ DEL_CLIENT_BAN_TIME, ++ __DEL_CLIENT_MAX ++}; ++ ++static const struct blobmsg_policy del_policy[__DEL_CLIENT_MAX] = { ++ [DEL_CLIENT_ADDR] = { "addr", BLOBMSG_TYPE_STRING }, ++ [DEL_CLIENT_REASON] = { "reason", BLOBMSG_TYPE_INT32 }, ++ [DEL_CLIENT_DEAUTH] = { "deauth", BLOBMSG_TYPE_INT8 }, ++ [DEL_CLIENT_BAN_TIME] = { "ban_time", BLOBMSG_TYPE_INT32 }, ++}; ++ ++static int ++hostapd_bss_del_client(struct ubus_context *ctx, struct ubus_object *obj, ++ struct ubus_request_data *req, const char *method, ++ struct blob_attr *msg) ++{ ++ struct blob_attr *tb[__DEL_CLIENT_MAX]; ++ struct hostapd_data *hapd = container_of(obj, struct hostapd_data, ubus.obj); ++ struct sta_info *sta; ++ bool deauth = false; ++ int reason; ++ u8 addr[ETH_ALEN]; ++ ++ blobmsg_parse(del_policy, __DEL_CLIENT_MAX, tb, blob_data(msg), blob_len(msg)); ++ ++ if (!tb[DEL_CLIENT_ADDR]) ++ return UBUS_STATUS_INVALID_ARGUMENT; ++ ++ if (hwaddr_aton(blobmsg_data(tb[DEL_CLIENT_ADDR]), addr)) ++ return UBUS_STATUS_INVALID_ARGUMENT; ++ ++ if (tb[DEL_CLIENT_REASON]) ++ reason = blobmsg_get_u32(tb[DEL_CLIENT_REASON]); ++ ++ if (tb[DEL_CLIENT_DEAUTH]) ++ deauth = blobmsg_get_bool(tb[DEL_CLIENT_DEAUTH]); ++ ++ sta = ap_get_sta(hapd, addr); ++ if (sta) { ++ if (deauth) { ++ hostapd_drv_sta_deauth(hapd, addr, reason); ++ ap_sta_deauthenticate(hapd, sta, reason); ++ } else { ++ hostapd_drv_sta_disassoc(hapd, addr, reason); ++ ap_sta_disassociate(hapd, sta, reason); ++ } ++ } ++ ++ if (tb[DEL_CLIENT_BAN_TIME]) ++ hostapd_bss_ban_client(hapd, addr, blobmsg_get_u32(tb[DEL_CLIENT_BAN_TIME])); ++ ++ return 0; ++} ++ ++static void ++blobmsg_add_macaddr(struct blob_buf *buf, const char *name, const u8 *addr) ++{ ++ char *s; ++ ++ s = blobmsg_alloc_string_buffer(buf, name, 20); ++ sprintf(s, MACSTR, MAC2STR(addr)); ++ blobmsg_add_string_buffer(buf); ++} ++ ++static int ++hostapd_bss_list_bans(struct ubus_context *ctx, struct ubus_object *obj, ++ struct ubus_request_data *req, const char *method, ++ struct blob_attr *msg) ++{ ++ struct hostapd_data *hapd = container_of(obj, struct hostapd_data, ubus.obj); ++ struct ubus_banned_client *ban; ++ void *c; ++ ++ blob_buf_init(&b, 0); ++ c = blobmsg_open_array(&b, "clients"); ++ avl_for_each_element(&hapd->ubus.banned, ban, avl) ++ blobmsg_add_macaddr(&b, NULL, ban->addr); ++ blobmsg_close_array(&b, c); ++ ubus_send_reply(ctx, req, b.head); ++ ++ return 0; ++} ++ ++static int ++hostapd_bss_wps_start(struct ubus_context *ctx, struct ubus_object *obj, ++ struct ubus_request_data *req, const char *method, ++ struct blob_attr *msg) ++{ ++ int rc; ++ struct hostapd_data *hapd = container_of(obj, struct hostapd_data, ubus.obj); ++ ++ rc = hostapd_wps_button_pushed(hapd, NULL); ++ ++ if (rc != 0) ++ return UBUS_STATUS_NOT_SUPPORTED; ++ ++ return 0; ++} ++ ++static int ++hostapd_bss_wps_cancel(struct ubus_context *ctx, struct ubus_object *obj, ++ struct ubus_request_data *req, const char *method, ++ struct blob_attr *msg) ++{ ++ int rc; ++ struct hostapd_data *hapd = container_of(obj, struct hostapd_data, ubus.obj); ++ ++ rc = hostapd_wps_cancel(hapd); ++ ++ if (rc != 0) ++ return UBUS_STATUS_NOT_SUPPORTED; ++ ++ return 0; ++} ++ ++static int ++hostapd_bss_update_beacon(struct ubus_context *ctx, struct ubus_object *obj, ++ struct ubus_request_data *req, const char *method, ++ struct blob_attr *msg) ++{ ++ int rc; ++ struct hostapd_data *hapd = container_of(obj, struct hostapd_data, ubus.obj); ++ ++ rc = ieee802_11_set_beacon(hapd); ++ ++ if (rc != 0) ++ return UBUS_STATUS_NOT_SUPPORTED; ++ ++ return 0; ++} ++ ++enum { ++ CSA_FREQ, ++ CSA_BCN_COUNT, ++ __CSA_MAX ++}; ++ ++static const struct blobmsg_policy csa_policy[__CSA_MAX] = { ++ /* ++ * for now, frequency and beacon count are enough, add more ++ * parameters on demand ++ */ ++ [CSA_FREQ] = { "freq", BLOBMSG_TYPE_INT32 }, ++ [CSA_BCN_COUNT] = { "bcn_count", BLOBMSG_TYPE_INT32 }, ++}; ++ ++#ifdef NEED_AP_MLME ++static int ++hostapd_switch_chan(struct ubus_context *ctx, struct ubus_object *obj, ++ struct ubus_request_data *req, const char *method, ++ struct blob_attr *msg) ++{ ++ struct blob_attr *tb[__CSA_MAX]; ++ struct hostapd_data *hapd = get_hapd_from_object(obj); ++ struct csa_settings css; ++ ++ blobmsg_parse(csa_policy, __CSA_MAX, tb, blob_data(msg), blob_len(msg)); ++ ++ if (!tb[CSA_FREQ]) ++ return UBUS_STATUS_INVALID_ARGUMENT; ++ ++ memset(&css, 0, sizeof(css)); ++ css.freq_params.freq = blobmsg_get_u32(tb[CSA_FREQ]); ++ if (tb[CSA_BCN_COUNT]) ++ css.cs_count = blobmsg_get_u32(tb[CSA_BCN_COUNT]); ++ ++ if (hostapd_switch_channel(hapd, &css) != 0) ++ return UBUS_STATUS_NOT_SUPPORTED; ++ return UBUS_STATUS_OK; ++} ++#endif ++ ++enum { ++ VENDOR_ELEMENTS, ++ __VENDOR_ELEMENTS_MAX ++}; ++ ++static const struct blobmsg_policy ve_policy[__VENDOR_ELEMENTS_MAX] = { ++ /* vendor elements are provided as hex-string */ ++ [VENDOR_ELEMENTS] = { "vendor_elements", BLOBMSG_TYPE_STRING }, ++}; ++ ++static int ++hostapd_vendor_elements(struct ubus_context *ctx, struct ubus_object *obj, ++ struct ubus_request_data *req, const char *method, ++ struct blob_attr *msg) ++{ ++ struct blob_attr *tb[__VENDOR_ELEMENTS_MAX]; ++ struct hostapd_data *hapd = get_hapd_from_object(obj); ++ ++ blobmsg_parse(ve_policy, __VENDOR_ELEMENTS_MAX, tb, ++ blob_data(msg), blob_len(msg)); ++ ++ if (!tb[VENDOR_ELEMENTS]) ++ return UBUS_STATUS_INVALID_ARGUMENT; ++ ++ const char *vendor_elements = blobmsg_data(tb[VENDOR_ELEMENTS]); ++ if (hostapd_set_iface(hapd->iconf, hapd->conf, "vendor_elements", ++ vendor_elements) != 0) ++ return UBUS_STATUS_NOT_SUPPORTED; ++ ++ /* update beacons if vendor elements were set successfully */ ++ if (ieee802_11_update_beacons(hapd->iface) != 0) ++ return UBUS_STATUS_NOT_SUPPORTED; ++ return UBUS_STATUS_OK; ++} ++ ++static const struct ubus_method bss_methods[] = { ++ UBUS_METHOD_NOARG("get_clients", hostapd_bss_get_clients), ++ UBUS_METHOD("del_client", hostapd_bss_del_client, del_policy), ++ UBUS_METHOD_NOARG("list_bans", hostapd_bss_list_bans), ++ UBUS_METHOD_NOARG("wps_start", hostapd_bss_wps_start), ++ UBUS_METHOD_NOARG("wps_cancel", hostapd_bss_wps_cancel), ++ UBUS_METHOD_NOARG("update_beacon", hostapd_bss_update_beacon), ++#ifdef NEED_AP_MLME ++ UBUS_METHOD("switch_chan", hostapd_switch_chan, csa_policy), ++#endif ++ UBUS_METHOD("set_vendor_elements", hostapd_vendor_elements, ve_policy), ++}; ++ ++static struct ubus_object_type bss_object_type = ++ UBUS_OBJECT_TYPE("hostapd_bss", bss_methods); ++ ++static int avl_compare_macaddr(const void *k1, const void *k2, void *ptr) ++{ ++ return memcmp(k1, k2, ETH_ALEN); ++} ++ ++void hostapd_ubus_add_bss(struct hostapd_data *hapd) ++{ ++ struct ubus_object *obj = &hapd->ubus.obj; ++ char *name; ++ int ret; ++ ++ if (!hostapd_ubus_init()) ++ return; ++ ++ if (asprintf(&name, "hostapd.%s", hapd->conf->iface) < 0) ++ return; ++ ++ avl_init(&hapd->ubus.banned, avl_compare_macaddr, false, NULL); ++ obj->name = name; ++ obj->type = &bss_object_type; ++ obj->methods = bss_object_type.methods; ++ obj->n_methods = bss_object_type.n_methods; ++ ret = ubus_add_object(ctx, obj); ++ hostapd_ubus_ref_inc(); ++} ++ ++void hostapd_ubus_free_bss(struct hostapd_data *hapd) ++{ ++ struct ubus_object *obj = &hapd->ubus.obj; ++ char *name = (char *) obj->name; ++ ++ if (!ctx) ++ return; ++ ++ if (obj->id) { ++ ubus_remove_object(ctx, obj); ++ hostapd_ubus_ref_dec(); ++ } ++ ++ free(name); ++} ++ ++struct ubus_event_req { ++ struct ubus_notify_request nreq; ++ bool deny; ++}; ++ ++static void ++ubus_event_cb(struct ubus_notify_request *req, int idx, int ret) ++{ ++ struct ubus_event_req *ureq = container_of(req, struct ubus_event_req, nreq); ++ ++ if (ret) ++ ureq->deny = true; ++} ++ ++int hostapd_ubus_handle_event(struct hostapd_data *hapd, struct hostapd_ubus_request *req) ++{ ++ struct ubus_banned_client *ban; ++ const char *types[HOSTAPD_UBUS_TYPE_MAX] = { ++ [HOSTAPD_UBUS_PROBE_REQ] = "probe", ++ [HOSTAPD_UBUS_AUTH_REQ] = "auth", ++ [HOSTAPD_UBUS_ASSOC_REQ] = "assoc", ++ }; ++ const char *type = "mgmt"; ++ struct ubus_event_req ureq = {}; ++ const u8 *addr; ++ ++ if (req->mgmt_frame) ++ addr = req->mgmt_frame->sa; ++ else ++ addr = req->addr; ++ ++ ban = avl_find_element(&hapd->ubus.banned, addr, ban, avl); ++ if (ban) ++ return -2; ++ ++ if (!hapd->ubus.obj.has_subscribers) ++ return 0; ++ ++ if (req->type < ARRAY_SIZE(types)) ++ type = types[req->type]; ++ ++ blob_buf_init(&b, 0); ++ blobmsg_add_macaddr(&b, "address", addr); ++ if (req->mgmt_frame) ++ blobmsg_add_macaddr(&b, "target", req->mgmt_frame->da); ++ if (req->frame_info) ++ blobmsg_add_u32(&b, "signal", req->frame_info->ssi_signal); ++ blobmsg_add_u32(&b, "freq", hapd->iface->freq); ++ ++ if (ubus_notify_async(ctx, &hapd->ubus.obj, type, b.head, &ureq.nreq)) ++ return 0; ++ ++ ureq.nreq.status_cb = ubus_event_cb; ++ ubus_complete_request(ctx, &ureq.nreq.req, 100); ++ ++ if (ureq.deny) ++ return -1; ++ ++ return 0; ++} +--- /dev/null ++++ b/src/ap/ubus.h +@@ -0,0 +1,78 @@ ++/* ++ * hostapd / ubus support ++ * Copyright (c) 2013, Felix Fietkau <nbd@openwrt.org> ++ * ++ * This software may be distributed under the terms of the BSD license. ++ * See README for more details. ++ */ ++#ifndef __HOSTAPD_UBUS_H ++#define __HOSTAPD_UBUS_H ++ ++enum hostapd_ubus_event_type { ++ HOSTAPD_UBUS_PROBE_REQ, ++ HOSTAPD_UBUS_AUTH_REQ, ++ HOSTAPD_UBUS_ASSOC_REQ, ++ HOSTAPD_UBUS_TYPE_MAX ++}; ++ ++struct hostapd_ubus_request { ++ enum hostapd_ubus_event_type type; ++ const struct ieee80211_mgmt *mgmt_frame; ++ const struct hostapd_frame_info *frame_info; ++ const u8 *addr; ++}; ++ ++struct hostapd_iface; ++struct hostapd_data; ++ ++#ifdef UBUS_SUPPORT ++ ++#include <libubox/avl.h> ++#include <libubus.h> ++ ++struct hostapd_ubus_iface { ++ struct ubus_object obj; ++}; ++ ++struct hostapd_ubus_bss { ++ struct ubus_object obj; ++ struct avl_tree banned; ++}; ++ ++void hostapd_ubus_add_iface(struct hostapd_iface *iface); ++void hostapd_ubus_free_iface(struct hostapd_iface *iface); ++void hostapd_ubus_add_bss(struct hostapd_data *hapd); ++void hostapd_ubus_free_bss(struct hostapd_data *hapd); ++ ++int hostapd_ubus_handle_event(struct hostapd_data *hapd, struct hostapd_ubus_request *req); ++ ++#else ++ ++struct hostapd_ubus_iface {}; ++ ++struct hostapd_ubus_bss {}; ++ ++static inline void hostapd_ubus_add_iface(struct hostapd_iface *iface) ++{ ++} ++ ++static inline void hostapd_ubus_free_iface(struct hostapd_iface *iface) ++{ ++} ++ ++static inline void hostapd_ubus_add_bss(struct hostapd_data *hapd) ++{ ++} ++ ++static inline void hostapd_ubus_free_bss(struct hostapd_data *hapd) ++{ ++} ++ ++static inline int hostapd_ubus_handle_event(struct hostapd_data *hapd, struct hostapd_ubus_request *req) ++{ ++ return 0; ++} ++ ++#endif ++ ++#endif +--- a/src/ap/hostapd.c ++++ b/src/ap/hostapd.c +@@ -277,6 +277,7 @@ static void hostapd_free_hapd_data(struc + hapd->started = 0; + + wpa_printf(MSG_DEBUG, "%s(%s)", __func__, hapd->conf->iface); ++ hostapd_ubus_free_bss(hapd); + iapp_deinit(hapd->iapp); + hapd->iapp = NULL; + accounting_deinit(hapd); +@@ -1098,6 +1099,8 @@ static int hostapd_setup_bss(struct host + if (hapd->driver && hapd->driver->set_operstate) + hapd->driver->set_operstate(hapd->drv_priv, 1); + ++ hostapd_ubus_add_bss(hapd); ++ + return 0; + } + +@@ -1384,6 +1387,7 @@ int hostapd_setup_interface_complete(str + if (err) + goto fail; + ++ hostapd_ubus_add_iface(iface); + wpa_printf(MSG_DEBUG, "Completing interface initialization"); + if (iface->conf->channel) { + #ifdef NEED_AP_MLME +@@ -1544,6 +1548,7 @@ dfs_offload: + + fail: + wpa_printf(MSG_ERROR, "Interface initialization failed"); ++ hostapd_ubus_free_iface(iface); + hostapd_set_state(iface, HAPD_IFACE_DISABLED); + wpa_msg(hapd->msg_ctx, MSG_INFO, AP_EVENT_DISABLED); + if (iface->interfaces && iface->interfaces->terminate_on_error) +@@ -1873,6 +1878,7 @@ void hostapd_interface_deinit_free(struc + (unsigned int) iface->conf->num_bss); + driver = iface->bss[0]->driver; + drv_priv = iface->bss[0]->drv_priv; ++ hostapd_ubus_free_iface(iface); + hostapd_interface_deinit(iface); + wpa_printf(MSG_DEBUG, "%s: driver=%p drv_priv=%p -> hapd_deinit", + __func__, driver, drv_priv); +--- a/src/ap/ieee802_11.c ++++ b/src/ap/ieee802_11.c +@@ -881,7 +881,8 @@ int auth_sae_init_committed(struct hosta + + + static void handle_auth(struct hostapd_data *hapd, +- const struct ieee80211_mgmt *mgmt, size_t len) ++ const struct ieee80211_mgmt *mgmt, size_t len, ++ struct hostapd_frame_info *fi) + { + u16 auth_alg, auth_transaction, status_code; + u16 resp = WLAN_STATUS_SUCCESS; +@@ -897,6 +898,11 @@ static void handle_auth(struct hostapd_d + char *identity = NULL; + char *radius_cui = NULL; + u16 seq_ctrl; ++ struct hostapd_ubus_request req = { ++ .type = HOSTAPD_UBUS_AUTH_REQ, ++ .mgmt_frame = mgmt, ++ .frame_info = fi, ++ }; + + if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) { + wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)", +@@ -983,6 +989,14 @@ static void handle_auth(struct hostapd_d + resp = WLAN_STATUS_UNSPECIFIED_FAILURE; + goto fail; + } ++ ++ if (hostapd_ubus_handle_event(hapd, &req)) { ++ wpa_printf(MSG_DEBUG, "Station " MACSTR " rejected by ubus handler.\n", ++ MAC2STR(mgmt->sa)); ++ resp = WLAN_STATUS_UNSPECIFIED_FAILURE; ++ goto fail; ++ } ++ + if (res == HOSTAPD_ACL_PENDING) { + wpa_printf(MSG_DEBUG, "Authentication frame from " MACSTR + " waiting for an external authentication", +@@ -1694,13 +1708,18 @@ static void send_assoc_resp(struct hosta + + static void handle_assoc(struct hostapd_data *hapd, + const struct ieee80211_mgmt *mgmt, size_t len, +- int reassoc) ++ int reassoc, struct hostapd_frame_info *fi) + { + u16 capab_info, listen_interval, seq_ctrl, fc; + u16 resp = WLAN_STATUS_SUCCESS; + const u8 *pos; + int left, i; + struct sta_info *sta; ++ struct hostapd_ubus_request req = { ++ .type = HOSTAPD_UBUS_ASSOC_REQ, ++ .mgmt_frame = mgmt, ++ .frame_info = fi, ++ }; + + if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) : + sizeof(mgmt->u.assoc_req))) { +@@ -1820,6 +1839,13 @@ static void handle_assoc(struct hostapd_ + goto fail; + } + ++ if (hostapd_ubus_handle_event(hapd, &req)) { ++ wpa_printf(MSG_DEBUG, "Station " MACSTR " assoc rejected by ubus handler.\n", ++ MAC2STR(mgmt->sa)); ++ resp = WLAN_STATUS_UNSPECIFIED_FAILURE; ++ goto fail; ++ } ++ + sta->capability = capab_info; + sta->listen_interval = listen_interval; + +@@ -2236,7 +2262,7 @@ int ieee802_11_mgmt(struct hostapd_data + + + if (stype == WLAN_FC_STYPE_PROBE_REQ) { +- handle_probe_req(hapd, mgmt, len, fi->ssi_signal); ++ handle_probe_req(hapd, mgmt, len, fi); + return 1; + } + +@@ -2251,17 +2277,17 @@ int ieee802_11_mgmt(struct hostapd_data + switch (stype) { + case WLAN_FC_STYPE_AUTH: + wpa_printf(MSG_DEBUG, "mgmt::auth"); +- handle_auth(hapd, mgmt, len); ++ handle_auth(hapd, mgmt, len, fi); + ret = 1; + break; + case WLAN_FC_STYPE_ASSOC_REQ: + wpa_printf(MSG_DEBUG, "mgmt::assoc_req"); +- handle_assoc(hapd, mgmt, len, 0); ++ handle_assoc(hapd, mgmt, len, 0, fi); + ret = 1; + break; + case WLAN_FC_STYPE_REASSOC_REQ: + wpa_printf(MSG_DEBUG, "mgmt::reassoc_req"); +- handle_assoc(hapd, mgmt, len, 1); ++ handle_assoc(hapd, mgmt, len, 1, fi); + ret = 1; + break; + case WLAN_FC_STYPE_DISASSOC: +--- a/src/ap/beacon.c ++++ b/src/ap/beacon.c +@@ -542,7 +542,7 @@ static enum ssid_match_result ssid_match + + void handle_probe_req(struct hostapd_data *hapd, + const struct ieee80211_mgmt *mgmt, size_t len, +- int ssi_signal) ++ struct hostapd_frame_info *fi) + { + u8 *resp; + struct ieee802_11_elems elems; +@@ -550,8 +550,14 @@ void handle_probe_req(struct hostapd_dat + size_t ie_len; + struct sta_info *sta = NULL; + size_t i, resp_len; ++ int ssi_signal = fi->ssi_signal; + int noack; + enum ssid_match_result res; ++ struct hostapd_ubus_request req = { ++ .type = HOSTAPD_UBUS_PROBE_REQ, ++ .mgmt_frame = mgmt, ++ .frame_info = fi, ++ }; + + ie = mgmt->u.probe_req.variable; + if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.probe_req)) +@@ -710,6 +716,12 @@ void handle_probe_req(struct hostapd_dat + } + #endif /* CONFIG_P2P */ + ++ if (hostapd_ubus_handle_event(hapd, &req)) { ++ wpa_printf(MSG_DEBUG, "Probe request for " MACSTR " rejected by ubus handler.\n", ++ MAC2STR(mgmt->sa)); ++ return; ++ } ++ + /* TODO: verify that supp_rates contains at least one matching rate + * with AP configuration */ + +--- a/src/ap/beacon.h ++++ b/src/ap/beacon.h +@@ -14,7 +14,7 @@ struct ieee80211_mgmt; + + void handle_probe_req(struct hostapd_data *hapd, + const struct ieee80211_mgmt *mgmt, size_t len, +- int ssi_signal); ++ struct hostapd_frame_info *fi); + int ieee802_11_set_beacon(struct hostapd_data *hapd); + int ieee802_11_set_beacons(struct hostapd_iface *iface); + int ieee802_11_update_beacons(struct hostapd_iface *iface); +--- a/src/ap/drv_callbacks.c ++++ b/src/ap/drv_callbacks.c +@@ -49,6 +49,10 @@ int hostapd_notif_assoc(struct hostapd_d + u16 reason = WLAN_REASON_UNSPECIFIED; + u16 status = WLAN_STATUS_SUCCESS; + const u8 *p2p_dev_addr = NULL; ++ struct hostapd_ubus_request req = { ++ .type = HOSTAPD_UBUS_ASSOC_REQ, ++ .addr = addr, ++ }; + + if (addr == NULL) { + /* +@@ -113,6 +117,12 @@ int hostapd_notif_assoc(struct hostapd_d + } + sta->flags &= ~(WLAN_STA_WPS | WLAN_STA_MAYBE_WPS | WLAN_STA_WPS2); + ++ if (hostapd_ubus_handle_event(hapd, &req)) { ++ wpa_printf(MSG_DEBUG, "Station " MACSTR " assoc rejected by ubus handler.\n", ++ MAC2STR(req.addr)); ++ goto fail; ++ } ++ + #ifdef CONFIG_P2P + if (elems.p2p) { + wpabuf_free(sta->p2p_ie); diff --git a/package/network/services/igmpproxy/Makefile b/package/network/services/igmpproxy/Makefile new file mode 100644 index 0000000..03ad258 --- /dev/null +++ b/package/network/services/igmpproxy/Makefile @@ -0,0 +1,59 @@ +# +# Copyright (C) 2006-2011 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=igmpproxy +PKG_VERSION:=0.1 +PKG_RELEASE:=8 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=@SF/igmpproxy +PKG_MD5SUM:=c56f41ec195bc1fe016369bf74efc5a1 +PKG_MAINTAINER:=Felix Fietkau <nbd@openwrt.org> + +include $(INCLUDE_DIR)/package.mk + +PKG_FIXUP:=autoreconf +PKG_LICENSE:=GPL-2.0+ + +define Package/igmpproxy + SECTION:=net + CATEGORY:=Network + SUBMENU:=Routing and Redirection + DEPENDS:=+USE_GLIBC:librt + TITLE:=Multicast Routing Daemon + URL:=http://sourceforge.net/projects/igmpproxy +endef + +define Package/igmpproxy/description + IGMPproxy is a simple dynamic Multicast Routing Daemon using + only IGMP signalling (Internet Group Management Protocol). +endef + +define Package/igmpproxy/conffiles +/etc/config/igmpproxy +endef + +TARGET_CFLAGS += -Dlog=igmpproxy_log + +define Build/Compile + $(MAKE) -C $(PKG_BUILD_DIR)/src \ + CC="$(TARGET_CC)" \ + CFLAGS="$(TARGET_CFLAGS) -std=gnu99" +endef + +define Package/igmpproxy/install + $(INSTALL_DIR) $(1)/etc/config + $(INSTALL_CONF) ./files/igmpproxy.config $(1)/etc/config/igmpproxy + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/igmpproxy.init $(1)/etc/init.d/igmpproxy + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_BUILD_DIR)/src/igmpproxy $(1)/usr/sbin/ +endef + +$(eval $(call BuildPackage,igmpproxy)) diff --git a/package/network/services/igmpproxy/files/igmpproxy.config b/package/network/services/igmpproxy/files/igmpproxy.config new file mode 100644 index 0000000..d290632 --- /dev/null +++ b/package/network/services/igmpproxy/files/igmpproxy.config @@ -0,0 +1,11 @@ +config igmpproxy + option quickleave 1 + +config phyint wan + option network wan + option direction upstream + list altnet 192.168.1.0/24 + +config phyint lan + option network lan + option direction downstream diff --git a/package/network/services/igmpproxy/files/igmpproxy.init b/package/network/services/igmpproxy/files/igmpproxy.init new file mode 100644 index 0000000..d03f90f --- /dev/null +++ b/package/network/services/igmpproxy/files/igmpproxy.init @@ -0,0 +1,146 @@ +#!/bin/sh /etc/rc.common +# Copyright (C) 2010-2014 OpenWrt.org + +START=99 +USE_PROCD=1 +PROG=/usr/sbin/igmpproxy +CONFIGFILE=/var/etc/igmpproxy.conf + +# igmpproxy supports both a debug mode and verbosity, which are very useful +# when something isn't working. +# +# Debug mode will print everything to stdout instead of syslog. Generally +# verbosity should NOT be set as it will quickly fill your syslog. +# +# Put any debug or verbosity options into IGMP_OPTS +# +# Examples: +# OPTIONS="-d -v -v" - debug mode and very verbose, this will land in +# stdout and not in syslog +# OPTIONS="-v" - be verbose, this will write aditional information to syslog + +OPTIONS="" + +igmp_header() { + local quickleave + config_get_bool quickleave "$1" quickleave 0 + + mkdir -p /var/etc + rm -f /var/etc/igmpproxy.conf + [ $quickleave -gt 0 ] && echo "quickleave" >> /var/etc/igmpproxy.conf + + [ -L /etc/igmpproxy.conf ] || ln -nsf /var/etc/igmpproxy.conf /etc/igmpproxy.conf +} + +igmp_add_phyint() { + local network direction altnets device up + + config_get network $1 network + config_get direction $1 direction + config_get altnets $1 altnet + + local status="$(ubus -S call "network.interface.$network" status)" + [ -n "$status" ] || return + + json_load "$status" + json_get_var device l3_device + json_get_var up up + + [ -n "$device" -a "$up" = "1" ] || { + procd_append_param error "$network is not up" + return; + } + + append netdevs "$device" + + [[ "$direction" = "upstream" ]] && has_upstream=1 + + echo -e "\nphyint $device $direction ratelimit 0 threshold 1" >> /var/etc/igmpproxy.conf + + if [ -n "$altnets" ]; then + local altnet + for altnet in $altnets; do + echo -e "\taltnet $altnet" >> /var/etc/igmpproxy.conf + done + fi +} + +igmp_add_network() { + local network + + config_get network $1 network + procd_add_interface_trigger "interface.*" $network /etc/init.d/igmpproxy reload +} + +igmp_add_firewall_routing() { + config_get network $1 network + config_get direction $1 direction + + [[ "$direction" = "downstream" ]] || return 0 + + json_add_object "" + json_add_string type rule + json_add_string src "$upstream" + json_add_string dest "$network" + json_add_string family ipv4 + json_add_string proto udp + json_add_string dest_ip "224.0.0.0/4" + json_add_string target ACCEPT + json_close_object +} + +igmp_add_firewall_network() { + config_get network $1 network + config_get direction $1 direction + + json_add_object "" + json_add_string type rule + json_add_string src "$network" + json_add_string proto igmp + json_add_string target ACCEPT + json_close_object + + [[ "$direction" = "upstream" ]] && { + upstream="$network" + config_foreach igmp_add_firewall_routing phyint + } +} + +service_triggers() { + procd_add_reload_trigger "igmpproxy" +} + +start_service() { + has_upstream= + netdevs= + config_load igmpproxy + + config_foreach igmp_header igmpproxy + config_foreach igmp_add_phyint phyint + [ -n "$has_upstream" ] || return + + procd_open_instance + procd_set_param command $PROG + [ -n "$OPTIONS" ] && procd_append_param $OPTIONS + procd_append_param command $CONFIGFILE + procd_set_param file $CONFIGFILE + procd_set_param netdev $netdevs + procd_set_param respawn + procd_open_trigger + config_foreach igmp_add_network phyint + procd_close_trigger + + procd_open_data + + json_add_array firewall + config_foreach igmp_add_firewall_network phyint + json_close_array + + procd_close_data + + procd_close_instance +} + +service_started() { + procd_set_config_changed firewall +} diff --git a/package/network/services/igmpproxy/patches/001-Send-IGMP-packets-with-IP-Router-Alert-option-RFC-21.patch b/package/network/services/igmpproxy/patches/001-Send-IGMP-packets-with-IP-Router-Alert-option-RFC-21.patch new file mode 100644 index 0000000..ffe1cf1 --- /dev/null +++ b/package/network/services/igmpproxy/patches/001-Send-IGMP-packets-with-IP-Router-Alert-option-RFC-21.patch @@ -0,0 +1,79 @@ +From fed8c3db10bc9d3a1e799a774924c00522595d0c Mon Sep 17 00:00:00 2001 +From: Evgeny Yurchenko <evg.yurch@rogers.com> +Date: Mon, 4 Jan 2010 05:13:59 +0500 +Subject: [PATCH] Send IGMP packets with IP Router Alert option [RFC 2113] included in IP header + +--- + src/igmp.c | 17 ++++++++++++----- + src/igmpproxy.h | 1 + + 2 files changed, 13 insertions(+), 5 deletions(-) + +diff --git a/src/igmp.c b/src/igmp.c +index a0cd27d..b547688 100644 +--- a/src/igmp.c ++++ b/src/igmp.c +@@ -67,7 +67,7 @@ void initIgmp() { + * - Checksum (let the kernel fill it in) + */ + ip->ip_v = IPVERSION; +- ip->ip_hl = sizeof(struct ip) >> 2; ++ ip->ip_hl = (sizeof(struct ip) + 4) >> 2; /* +4 for Router Alert option */ + ip->ip_tos = 0xc0; /* Internet Control */ + ip->ip_ttl = MAXTTL; /* applies to unicasts only */ + ip->ip_p = IPPROTO_IGMP; +@@ -213,7 +213,7 @@ void buildIgmp(uint32_t src, uint32_t dst, int type, int code, uint32_t group, i + ip = (struct ip *)send_buf; + ip->ip_src.s_addr = src; + ip->ip_dst.s_addr = dst; +- ip_set_len(ip, MIN_IP_HEADER_LEN + IGMP_MINLEN + datalen); ++ ip_set_len(ip, IP_HEADER_RAOPT_LEN + IGMP_MINLEN + datalen); + + if (IN_MULTICAST(ntohl(dst))) { + ip->ip_ttl = curttl; +@@ -221,13 +221,20 @@ void buildIgmp(uint32_t src, uint32_t dst, int type, int code, uint32_t group, i + ip->ip_ttl = MAXTTL; + } + +- igmp = (struct igmp *)(send_buf + MIN_IP_HEADER_LEN); ++ /* Add Router Alert option */ ++ ((u_char*)send_buf+MIN_IP_HEADER_LEN)[0] = IPOPT_RA; ++ ((u_char*)send_buf+MIN_IP_HEADER_LEN)[1] = 0x04; ++ ((u_char*)send_buf+MIN_IP_HEADER_LEN)[2] = 0x00; ++ ((u_char*)send_buf+MIN_IP_HEADER_LEN)[3] = 0x00; ++ ++ igmp = (struct igmp *)(send_buf + IP_HEADER_RAOPT_LEN); + igmp->igmp_type = type; + igmp->igmp_code = code; + igmp->igmp_group.s_addr = group; + igmp->igmp_cksum = 0; + igmp->igmp_cksum = inetChksum((u_short *)igmp, +- IGMP_MINLEN + datalen); ++ IP_HEADER_RAOPT_LEN + datalen); ++ + } + + /* +@@ -257,7 +264,7 @@ void sendIgmp(uint32_t src, uint32_t dst, int type, int code, uint32_t group, in + #endif + sdst.sin_addr.s_addr = dst; + if (sendto(MRouterFD, send_buf, +- MIN_IP_HEADER_LEN + IGMP_MINLEN + datalen, 0, ++ IP_HEADER_RAOPT_LEN + IGMP_MINLEN + datalen, 0, + (struct sockaddr *)&sdst, sizeof(sdst)) < 0) { + if (errno == ENETDOWN) + my_log(LOG_ERR, errno, "Sender VIF was down."); +diff --git a/src/igmpproxy.h b/src/igmpproxy.h +index 0de7791..4df8a79 100644 +--- a/src/igmpproxy.h ++++ b/src/igmpproxy.h +@@ -64,6 +64,7 @@ + #define MAX_IP_PACKET_LEN 576 + #define MIN_IP_HEADER_LEN 20 + #define MAX_IP_HEADER_LEN 60 ++#define IP_HEADER_RAOPT_LEN 24 + + #define MAX_MC_VIFS 32 // !!! check this const in the specific includes + +-- +1.7.2.5 + diff --git a/package/network/services/igmpproxy/patches/002-Change-default-interface-state-to-disabled-wrt-29458.patch b/package/network/services/igmpproxy/patches/002-Change-default-interface-state-to-disabled-wrt-29458.patch new file mode 100644 index 0000000..d7550d7 --- /dev/null +++ b/package/network/services/igmpproxy/patches/002-Change-default-interface-state-to-disabled-wrt-29458.patch @@ -0,0 +1,43 @@ +From 85e240727305b156097ee7aa0f0c4473a136291f Mon Sep 17 00:00:00 2001 +From: Constantin Baranov <const@mimas.ru> +Date: Tue, 23 Feb 2010 21:08:02 +0400 +Subject: [PATCH] Change default interface state to disabled (wrt #2945877) + +--- + src/ifvc.c | 2 +- + src/igmpproxy.c | 6 ++++-- + 2 files changed, 5 insertions(+), 3 deletions(-) + +diff --git a/src/ifvc.c b/src/ifvc.c +index 545b3b4..9d7ee97 100644 +--- a/src/ifvc.c ++++ b/src/ifvc.c +@@ -139,7 +139,7 @@ void buildIfVc() { + IfDescEp->allowednets->subnet_addr = subnet; + + // Set the default params for the IF... +- IfDescEp->state = IF_STATE_DOWNSTREAM; ++ IfDescEp->state = IF_STATE_DISABLED; + IfDescEp->robustness = DEFAULT_ROBUSTNESS; + IfDescEp->threshold = DEFAULT_THRESHOLD; /* ttl limit */ + IfDescEp->ratelimit = DEFAULT_RATELIMIT; +diff --git a/src/igmpproxy.c b/src/igmpproxy.c +index 1ece15a..35000c7 100644 +--- a/src/igmpproxy.c ++++ b/src/igmpproxy.c +@@ -186,8 +186,10 @@ int igmpProxyInit() { + } + } + +- addVIF( Dp ); +- vifcount++; ++ if (Dp->state != IF_STATE_DISABLED) { ++ addVIF( Dp ); ++ vifcount++; ++ } + } + } + +-- +1.7.2.5 + diff --git a/package/network/services/igmpproxy/patches/003-Restrict-igmp-reports-for-downstream-interfaces-wrt-.patch b/package/network/services/igmpproxy/patches/003-Restrict-igmp-reports-for-downstream-interfaces-wrt-.patch new file mode 100644 index 0000000..90d4d5f --- /dev/null +++ b/package/network/services/igmpproxy/patches/003-Restrict-igmp-reports-for-downstream-interfaces-wrt-.patch @@ -0,0 +1,164 @@ +From 65f777e7f66b55239d935c1cf81bb5abc0f6c89f Mon Sep 17 00:00:00 2001 +From: Grinch <grinch79@users.sourceforge.net> +Date: Sun, 16 Aug 2009 19:58:26 +0500 +Subject: [PATCH] Restrict igmp reports for downstream interfaces (wrt #2833339) + +atm all igmp membership reports are forwarded to the upstream interface. +Unfortunately some ISP Providers restrict some multicast groups (esp. those +that are defined as local link groups and that are not supposed to be +forwarded to the wan, i.e 224.0.0.0/24). Therefore there should be some +kind of black oder whitelisting. +As whitelisting can be accomplished quite easy I wrote a litte patch, which +is attached to this request. +--- + doc/igmpproxy.conf.5.in | 19 +++++++++++++++++++ + src/config.c | 23 ++++++++++++++++++++++- + src/igmpproxy.h | 1 + + src/request.c | 20 ++++++++++++++++---- + 4 files changed, 58 insertions(+), 5 deletions(-) + +diff --git a/doc/igmpproxy.conf.5.in b/doc/igmpproxy.conf.5.in +index a4ea7d0..56efa22 100644 +--- a/doc/igmpproxy.conf.5.in ++++ b/doc/igmpproxy.conf.5.in +@@ -116,6 +116,25 @@ This is especially useful for the upstream interface, since the source for multi + traffic is often from a remote location. Any number of altnet parameters can be specified. + .RE + ++.B whitelist ++.I networkaddr ++.RS ++Defines a whitelist for multicast groups. The network address must be in the following ++format 'a.b.c.d/n'. If you want to allow one single group use a network mask of /32, ++i.e. 'a.b.c.d/32'. ++ ++By default all multicast groups are allowed on any downstream interface. If at least one ++whitelist entry is defined, all igmp membership reports for not explicitly whitelisted ++multicast groups will be ignored and therefore not be served by igmpproxy. This is especially ++useful, if your provider does only allow a predefined set of multicast groups. These whitelists ++are only obeyed by igmpproxy itself, they won't prevent any other igmp client running on the ++same machine as igmpproxy from requesting 'unallowed' multicast groups. ++ ++You may specify as many whitelist entries as needed. Although you should keep it as simple as ++possible, as this list is parsed for every membership report and therefore this increases igmp ++response times. Often used or large groups should be defined first, as parsing ends as soon as ++a group matches an entry. ++.RE + + .SH EXAMPLE + ## Enable quickleave +diff --git a/src/config.c b/src/config.c +index 5a96ce0..d72619f 100644 +--- a/src/config.c ++++ b/src/config.c +@@ -46,6 +46,9 @@ struct vifconfig { + + // Keep allowed nets for VIF. + struct SubnetList* allowednets; ++ ++ // Allowed Groups ++ struct SubnetList* allowedgroups; + + // Next config in list... + struct vifconfig* next; +@@ -202,6 +205,8 @@ void configureVifs() { + // Insert the configured nets... + vifLast->next = confPtr->allowednets; + ++ Dp->allowedgroups = confPtr->allowedgroups; ++ + break; + } + } +@@ -215,7 +220,7 @@ void configureVifs() { + */ + struct vifconfig *parsePhyintToken() { + struct vifconfig *tmpPtr; +- struct SubnetList **anetPtr; ++ struct SubnetList **anetPtr, **agrpPtr; + char *token; + short parseError = 0; + +@@ -239,6 +244,7 @@ struct vifconfig *parsePhyintToken() { + tmpPtr->threshold = 1; + tmpPtr->state = IF_STATE_DOWNSTREAM; + tmpPtr->allowednets = NULL; ++ tmpPtr->allowedgroups = NULL; + + // Make a copy of the token to store the IF name + tmpPtr->name = strdup( token ); +@@ -248,6 +254,7 @@ struct vifconfig *parsePhyintToken() { + + // Set the altnet pointer to the allowednets pointer. + anetPtr = &tmpPtr->allowednets; ++ agrpPtr = &tmpPtr->allowedgroups; + + // Parse the rest of the config.. + token = nextConfigToken(); +@@ -266,6 +273,20 @@ struct vifconfig *parsePhyintToken() { + anetPtr = &(*anetPtr)->next; + } + } ++ else if(strcmp("whitelist", token)==0) { ++ // Whitelist ++ token = nextConfigToken(); ++ my_log(LOG_DEBUG, 0, "Config: IF: Got whitelist token %s.", token); ++ ++ *agrpPtr = parseSubnetAddress(token); ++ if(*agrpPtr == NULL) { ++ parseError = 1; ++ my_log(LOG_WARNING, 0, "Unable to parse subnet address."); ++ break; ++ } else { ++ agrpPtr = &(*agrpPtr)->next; ++ } ++ } + else if(strcmp("upstream", token)==0) { + // Upstream + my_log(LOG_DEBUG, 0, "Config: IF: Got upstream token."); +diff --git a/src/igmpproxy.h b/src/igmpproxy.h +index 4dabd1c..0de7791 100644 +--- a/src/igmpproxy.h ++++ b/src/igmpproxy.h +@@ -145,6 +145,7 @@ struct IfDesc { + short Flags; + short state; + struct SubnetList* allowednets; ++ struct SubnetList* allowedgroups; + unsigned int robustness; + unsigned char threshold; /* ttl limit */ + unsigned int ratelimit; +diff --git a/src/request.c b/src/request.c +index e3589f6..89b91de 100644 +--- a/src/request.c ++++ b/src/request.c +@@ -82,10 +82,22 @@ void acceptGroupReport(uint32_t src, uint32_t group, uint8_t type) { + my_log(LOG_DEBUG, 0, "Should insert group %s (from: %s) to route table. Vif Ix : %d", + inetFmt(group,s1), inetFmt(src,s2), sourceVif->index); + +- // The membership report was OK... Insert it into the route table.. +- insertRoute(group, sourceVif->index); +- +- ++ // If we don't have a whitelist we insertRoute and done ++ if(sourceVif->allowedgroups == NULL) ++ { ++ insertRoute(group, sourceVif->index); ++ return; ++ } ++ // Check if this Request is legit on this interface ++ struct SubnetList *sn; ++ for(sn = sourceVif->allowedgroups; sn != NULL; sn = sn->next) ++ if((group & sn->subnet_mask) == sn->subnet_addr) ++ { ++ // The membership report was OK... Insert it into the route table.. ++ insertRoute(group, sourceVif->index); ++ return; ++ } ++ my_log(LOG_INFO, 0, "The group address %s may not be requested from this interface. Ignoring.", inetFmt(group, s1)); + } else { + // Log the state of the interface the report was recieved on. + my_log(LOG_INFO, 0, "Mebership report was recieved on %s. Ignoring.", +-- +1.7.2.5 + diff --git a/package/network/services/igmpproxy/patches/004-Restrict-igmp-reports-forwarding-to-upstream-interfa.patch b/package/network/services/igmpproxy/patches/004-Restrict-igmp-reports-forwarding-to-upstream-interfa.patch new file mode 100644 index 0000000..a4caed7 --- /dev/null +++ b/package/network/services/igmpproxy/patches/004-Restrict-igmp-reports-forwarding-to-upstream-interfa.patch @@ -0,0 +1,62 @@ +From bcd7c648e86d97263c931de53a008c9629e7797e Mon Sep 17 00:00:00 2001 +From: Stefan Becker <stefan.becker@nokia.com> +Date: Fri, 11 Dec 2009 21:08:57 +0200 +Subject: [PATCH] Restrict igmp reports forwarding to upstream interface + +Utilize the new "whitelist" keyword also on the upstream interface definition. +If specified then only whitelisted multicast groups will be forwarded upstream. + +This can be used to avoid publishing private multicast groups to the world, +e.g. SSDP from a UPnP server on the internal network. +--- + doc/igmpproxy.conf.5.in | 5 +++++ + src/rttable.c | 17 +++++++++++++++++ + 2 files changed, 22 insertions(+), 0 deletions(-) + +diff --git a/doc/igmpproxy.conf.5.in b/doc/igmpproxy.conf.5.in +index 56efa22..d916f05 100644 +--- a/doc/igmpproxy.conf.5.in ++++ b/doc/igmpproxy.conf.5.in +@@ -134,6 +134,11 @@ You may specify as many whitelist entries as needed. Although you should keep it + possible, as this list is parsed for every membership report and therefore this increases igmp + response times. Often used or large groups should be defined first, as parsing ends as soon as + a group matches an entry. ++ ++You may also specify whitelist entries for the upstream interface. Only igmp membership reports ++for explicitely whitelisted multicast groups will be sent out on the upstream interface. This ++is useful if you want to use multicast groups only between your downstream interfaces, like SSDP ++from a UPnP server. + .RE + + .SH EXAMPLE +diff --git a/src/rttable.c b/src/rttable.c +index f0701a8..77dd791 100644 +--- a/src/rttable.c ++++ b/src/rttable.c +@@ -117,6 +117,23 @@ void sendJoinLeaveUpstream(struct RouteTable* route, int join) { + my_log(LOG_ERR, 0 ,"FATAL: Unable to get Upstream IF."); + } + ++ // Check if there is a white list for the upstram VIF ++ if (upstrIf->allowedgroups != NULL) { ++ uint32_t group = route->group; ++ struct SubnetList* sn; ++ ++ // Check if this Request is legit to be forwarded to upstream ++ for(sn = upstrIf->allowedgroups; sn != NULL; sn = sn->next) ++ if((group & sn->subnet_mask) == sn->subnet_addr) ++ // Forward is OK... ++ break; ++ ++ if (sn == NULL) { ++ my_log(LOG_INFO, 0, "The group address %s may not be forwarded upstream. Ignoring.", inetFmt(group, s1)); ++ return; ++ } ++ } ++ + // Send join or leave request... + if(join) { + +-- +1.7.2.5 + diff --git a/package/network/services/igmpproxy/patches/010-missing_include.patch b/package/network/services/igmpproxy/patches/010-missing_include.patch new file mode 100644 index 0000000..af0eab8 --- /dev/null +++ b/package/network/services/igmpproxy/patches/010-missing_include.patch @@ -0,0 +1,10 @@ +--- a/src/os-linux.h ++++ b/src/os-linux.h +@@ -3,6 +3,7 @@ + #include <linux/mroute.h> + #include <netinet/ip.h> + #include <netinet/igmp.h> ++#include <sys/types.h> + + static inline u_short ip_data_len(const struct ip *ip) + { diff --git a/package/network/services/igmpproxy/patches/020-Silence-downstream-interface-igmp-messages.patch b/package/network/services/igmpproxy/patches/020-Silence-downstream-interface-igmp-messages.patch new file mode 100644 index 0000000..ccd000c --- /dev/null +++ b/package/network/services/igmpproxy/patches/020-Silence-downstream-interface-igmp-messages.patch @@ -0,0 +1,19 @@ +--- a/src/igmp.c ++++ b/src/igmp.c +@@ -139,8 +139,14 @@ + return; + } + else if(!isAdressValidForIf(checkVIF, src)) { +- my_log(LOG_WARNING, 0, "The source address %s for group %s, is not in any valid net for upstream VIF.", +- inetFmt(src, s1), inetFmt(dst, s2)); ++ struct IfDesc *downVIF = getIfByAddress(src); ++ if (downVIF && downVIF->state & IF_STATE_DOWNSTREAM) { ++ my_log(LOG_NOTICE, 0, "The source address %s for group %s is from downstream VIF. Ignoring.", ++ inetFmt(src, s1), inetFmt(dst, s2)); ++ } else { ++ my_log(LOG_WARNING, 0, "The source address %s for group %s, is not in any valid net for upstream VIF.", ++ inetFmt(src, s1), inetFmt(dst, s2)); ++ } + return; + } + diff --git a/package/network/services/igmpproxy/patches/100-use-monotic-clock-instead-of-time-of-day.patch b/package/network/services/igmpproxy/patches/100-use-monotic-clock-instead-of-time-of-day.patch new file mode 100644 index 0000000..e75283c --- /dev/null +++ b/package/network/services/igmpproxy/patches/100-use-monotic-clock-instead-of-time-of-day.patch @@ -0,0 +1,120 @@ +From d0e66e0719ae8eb549f7cc220fdc66575d3db332 Mon Sep 17 00:00:00 2001 +From: Jonas Gorski <jonas.gorski@gmail.com> +Date: Thu, 29 Mar 2012 17:01:11 +0200 +Subject: [PATCH 4/4] use monotic clock instead of time of day + +The time of day might chance e.g. by daylight savings time during the +runtime, which causes timers to fire repeatedly for a long time. + +Contributed by T-Labs, Deutsche Telekom Innovation Laboratories + +Signed-off-by: Jonas Gorski <jonas.gorski@gmail.com> +--- + configure.ac | 2 ++ + src/igmpproxy.c | 26 +++++++++++++------------- + src/igmpproxy.h | 3 ++- + 3 files changed, 17 insertions(+), 14 deletions(-) + +diff --git a/configure.ac b/configure.ac +index 85beb08..bd84eba 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -25,6 +25,8 @@ AC_CHECK_MEMBERS([struct sockaddr_in.sin_len], [], [], [[ + #include <netinet/in.h> + ]]) + ++AC_SEARCH_LIBS([clock_gettime],[rt]) ++ + AC_CONFIG_FILES([ + Makefile + doc/Makefile +diff --git a/src/igmpproxy.c b/src/igmpproxy.c +index 35000c7..3a9ccad 100644 +--- a/src/igmpproxy.c ++++ b/src/igmpproxy.c +@@ -234,13 +234,13 @@ void igmpProxyRun() { + int MaxFD, Rt, secs; + fd_set ReadFDS; + socklen_t dummy = 0; +- struct timeval curtime, lasttime, difftime, tv; ++ struct timespec curtime, lasttime, difftime, tv; + // The timeout is a pointer in order to set it to NULL if nessecary. +- struct timeval *timeout = &tv; ++ struct timespec *timeout = &tv; + + // Initialize timer vars +- difftime.tv_usec = 0; +- gettimeofday(&curtime, NULL); ++ difftime.tv_nsec = 0; ++ clock_gettime(CLOCK_MONOTONIC, &curtime); + lasttime = curtime; + + // First thing we send a membership query in downstream VIF's... +@@ -263,7 +263,7 @@ void igmpProxyRun() { + if(secs == -1) { + timeout = NULL; + } else { +- timeout->tv_usec = 0; ++ timeout->tv_nsec = 0; + timeout->tv_sec = secs; + } + +@@ -274,7 +274,7 @@ void igmpProxyRun() { + FD_SET( MRouterFD, &ReadFDS ); + + // wait for input +- Rt = select( MaxFD +1, &ReadFDS, NULL, NULL, timeout ); ++ Rt = pselect( MaxFD +1, &ReadFDS, NULL, NULL, timeout, NULL ); + + // log and ignore failures + if( Rt < 0 ) { +@@ -307,20 +307,20 @@ void igmpProxyRun() { + */ + if (Rt == 0) { + curtime.tv_sec = lasttime.tv_sec + secs; +- curtime.tv_usec = lasttime.tv_usec; ++ curtime.tv_nsec = lasttime.tv_nsec; + Rt = -1; /* don't do this next time through the loop */ + } else { +- gettimeofday(&curtime, NULL); ++ clock_gettime(CLOCK_MONOTONIC, &curtime); + } + difftime.tv_sec = curtime.tv_sec - lasttime.tv_sec; +- difftime.tv_usec += curtime.tv_usec - lasttime.tv_usec; +- while (difftime.tv_usec > 1000000) { ++ difftime.tv_nsec += curtime.tv_nsec - lasttime.tv_nsec; ++ while (difftime.tv_nsec > 1000000000) { + difftime.tv_sec++; +- difftime.tv_usec -= 1000000; ++ difftime.tv_nsec -= 1000000000; + } +- if (difftime.tv_usec < 0) { ++ if (difftime.tv_nsec < 0) { + difftime.tv_sec--; +- difftime.tv_usec += 1000000; ++ difftime.tv_nsec += 1000000000; + } + lasttime = curtime; + if (secs == 0 || difftime.tv_sec > 0) +diff --git a/src/igmpproxy.h b/src/igmpproxy.h +index 4df8a79..36a4f04 100644 +--- a/src/igmpproxy.h ++++ b/src/igmpproxy.h +@@ -44,12 +44,13 @@ + #include <string.h> + #include <fcntl.h> + #include <stdbool.h> ++#include <time.h> + + #include <sys/socket.h> + #include <sys/un.h> +-#include <sys/time.h> + #include <sys/ioctl.h> + #include <sys/param.h> ++#include <sys/select.h> + + #include <net/if.h> + #include <netinet/in.h> +-- +1.7.2.5 + diff --git a/package/network/services/igmpproxy/patches/200-allow_wildcard_addr.patch b/package/network/services/igmpproxy/patches/200-allow_wildcard_addr.patch new file mode 100644 index 0000000..0dd7720 --- /dev/null +++ b/package/network/services/igmpproxy/patches/200-allow_wildcard_addr.patch @@ -0,0 +1,24 @@ +--- a/src/config.c ++++ b/src/config.c +@@ -357,15 +357,18 @@ struct SubnetList *parseSubnetAddress(ch + tmpStr = strtok(NULL, "/"); + if(tmpStr != NULL) { + int bitcnt = atoi(tmpStr); +- if(bitcnt <= 0 || bitcnt > 32) { ++ if(bitcnt < 0 || bitcnt > 32) { + my_log(LOG_WARNING, 0, "The bits part of the address is invalid : %d.",tmpStr); + return NULL; + } + +- mask <<= (32 - bitcnt); ++ if (bitcnt == 0) ++ mask = 0; ++ else ++ mask <<= (32 - bitcnt); + } + +- if(addr == -1 || addr == 0) { ++ if(addr == -1) { + my_log(LOG_WARNING, 0, "Unable to parse address token '%s'.", addrstr); + return NULL; + } diff --git a/package/network/services/igmpproxy/patches/250-fix_multiple_downlink_interfaces.patch b/package/network/services/igmpproxy/patches/250-fix_multiple_downlink_interfaces.patch new file mode 100644 index 0000000..24aefce --- /dev/null +++ b/package/network/services/igmpproxy/patches/250-fix_multiple_downlink_interfaces.patch @@ -0,0 +1,154 @@ +--- a/src/igmpproxy.h ++++ b/src/igmpproxy.h +@@ -251,6 +251,7 @@ int activateRoute(uint32_t group, uint32 + void ageActiveRoutes(); + void setRouteLastMemberMode(uint32_t group); + int lastMemberGroupAge(uint32_t group); ++int interfaceInRoute(int32_t group, int Ix); + + /* request.c + */ +--- a/src/request.c ++++ b/src/request.c +@@ -41,10 +41,10 @@ + + // Prototypes... + void sendGroupSpecificMemberQuery(void *argument); +- ++ + typedef struct { + uint32_t group; +- uint32_t vifAddr; ++ // uint32_t vifAddr; + short started; + } GroupVifDesc; + +@@ -142,7 +142,7 @@ void acceptLeaveMessage(uint32_t src, ui + + // Call the group spesific membership querier... + gvDesc->group = group; +- gvDesc->vifAddr = sourceVif->InAdr.s_addr; ++ // gvDesc->vifAddr = sourceVif->InAdr.s_addr; + gvDesc->started = 0; + + sendGroupSpecificMemberQuery(gvDesc); +@@ -159,6 +159,9 @@ void acceptLeaveMessage(uint32_t src, ui + */ + void sendGroupSpecificMemberQuery(void *argument) { + struct Config *conf = getCommonConfig(); ++ struct IfDesc *Dp; ++ struct RouteTable *croute; ++ int Ix; + + // Cast argument to correct type... + GroupVifDesc *gvDesc = (GroupVifDesc*) argument; +@@ -166,22 +169,38 @@ void sendGroupSpecificMemberQuery(void * + if(gvDesc->started) { + // If aging returns false, we don't do any further action... + if(!lastMemberGroupAge(gvDesc->group)) { ++ // FIXME: Should we free gvDesc here? + return; + } + } else { + gvDesc->started = 1; + } + +- // Send a group specific membership query... +- sendIgmp(gvDesc->vifAddr, gvDesc->group, +- IGMP_MEMBERSHIP_QUERY, +- conf->lastMemberQueryInterval * IGMP_TIMER_SCALE, +- gvDesc->group, 0); +- +- my_log(LOG_DEBUG, 0, "Sent membership query from %s to %s. Delay: %d", +- inetFmt(gvDesc->vifAddr,s1), inetFmt(gvDesc->group,s2), +- conf->lastMemberQueryInterval); +- ++ /** ++ * FIXME: This loops through all interfaces the group is active on an sends queries. ++ * It might be better to send only a query on the interface the leave was accepted on and remove only that interface from the route. ++ */ ++ ++ // Loop through all downstream interfaces ++ for ( Ix = 0; (Dp = getIfByIx(Ix)); Ix++ ) { ++ if ( Dp->InAdr.s_addr && ! (Dp->Flags & IFF_LOOPBACK) ) { ++ if(Dp->state == IF_STATE_DOWNSTREAM) { ++ // Is that interface used in the group? ++ if (interfaceInRoute(gvDesc->group ,Dp->index)) { ++ ++ // Send a group specific membership query... ++ sendIgmp(Dp->InAdr.s_addr, gvDesc->group, ++ IGMP_MEMBERSHIP_QUERY, ++ conf->lastMemberQueryInterval * IGMP_TIMER_SCALE, ++ gvDesc->group, 0); ++ ++ my_log(LOG_DEBUG, 0, "Sent membership query from %s to %s. Delay: %d", ++ inetFmt(Dp->InAdr.s_addr,s1), inetFmt(gvDesc->group,s2), ++ conf->lastMemberQueryInterval); ++ } ++ } ++ } ++ } + // Set timeout for next round... + timer_setTimer(conf->lastMemberQueryInterval, sendGroupSpecificMemberQuery, gvDesc); + +--- a/src/rttable.c ++++ b/src/rttable.c +@@ -428,6 +428,25 @@ void ageActiveRoutes() { + } + + /** ++* Counts the number of interfaces a given route is active on ++*/ ++int numberOfInterfaces(struct RouteTable *croute) { ++ int Ix; ++ struct IfDesc *Dp; ++ int result = 0; ++ // Loop through all interfaces ++ for ( Ix = 0; (Dp = getIfByIx(Ix)); Ix++ ) { ++ // If the interface is used by the route, increase counter ++ if(BIT_TST(croute->vifBits, Dp->index)) { ++ result++; ++ } ++ } ++ my_log(LOG_DEBUG, 0, "counted %d interfaces", result); ++ return result; ++} ++ ++ ++/** + * Should be called when a leave message is recieved, to + * mark a route for the last member probe state. + */ +@@ -439,8 +458,11 @@ void setRouteLastMemberMode(uint32_t gro + if(croute!=NULL) { + // Check for fast leave mode... + if(croute->upstrState == ROUTESTATE_JOINED && conf->fastUpstreamLeave) { +- // Send a leave message right away.. +- sendJoinLeaveUpstream(croute, 0); ++ // Send a leave message right away only when the route has been active on only one interface ++ if (numberOfInterfaces(croute) <= 1) { ++ my_log(LOG_DEBUG, 0, "Leaving group %d now", group); ++ sendJoinLeaveUpstream(croute, 0); ++ } + } + // Set the routingstate to Last member check... + croute->upstrState = ROUTESTATE_CHECK_LAST_MEMBER; +@@ -677,3 +699,18 @@ void logRouteTable(char *header) { + + my_log(LOG_DEBUG, 0, "-----------------------------------------------------"); + } ++ ++/** ++* Returns true when the given group belongs to the given interface ++*/ ++int interfaceInRoute(int32_t group, int Ix) { ++ struct RouteTable* croute; ++ croute = findRoute(group); ++ if (croute != NULL) { ++ my_log(LOG_DEBUG, 0, "Interface id %d is in group $d", Ix, group); ++ return BIT_TST(croute->vifBits, Ix); ++ } else { ++ return 0; ++ } ++} ++ diff --git a/package/network/services/ipset-dns/Makefile b/package/network/services/ipset-dns/Makefile new file mode 100644 index 0000000..37cf7c5 --- /dev/null +++ b/package/network/services/ipset-dns/Makefile @@ -0,0 +1,60 @@ +# +# Copyright (C) 2013 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=ipset-dns +PKG_VERSION:=2013-05-03 +PKG_RELEASE=$(PKG_SOURCE_VERSION) + +PKG_SOURCE_PROTO:=git +PKG_SOURCE_URL:=http://git.zx2c4.com/ipset-dns +PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION) +PKG_SOURCE_VERSION:=6be3afd819a86136b51c5ae722ab48266187155b +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz +PKG_MAINTAINER:=Jo-Philipp Wich <jow@openwrt.org> + +PKG_LICENSE:=GPL-2.0 +PKG_LICENSE_FILES:=COPYING + +include $(INCLUDE_DIR)/package.mk + +define Package/ipset-dns/Default +endef + +define Package/ipset-dns + SECTION:=net + CATEGORY:=Network + TITLE:=A lightweight DNS forwarder to populate ipsets + URL:=http://git.zx2c4.com/ipset-dns/about/ + DEPENDS:=+libmnl +endef + +define Package/ipset-dns/description + The ipset-dns daemon is a lightweight DNS forwarding server that adds all + resolved IPs to a given netfilter ipset. It is designed to be used in + conjunction with dnsmasq's upstream server directive. + + Practical use cases include routing over a given gateway traffic for + particular web services or webpages that do not have a priori predictable + IP addresses and instead rely on dizzying arrays of DNS resolutions. +endef + +define Package/ipset-dns/conffiles +/etc/config/ipset-dns +endef + +define Package/ipset-dns/install + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_BUILD_DIR)/ipset-dns $(1)/usr/sbin/ipset-dns + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/ipset-dns.init $(1)/etc/init.d/ipset-dns + $(INSTALL_DIR) $(1)/etc/config + $(INSTALL_CONF) ./files/ipset-dns.config $(1)/etc/config/ipset-dns +endef + +$(eval $(call BuildPackage,ipset-dns)) diff --git a/package/network/services/ipset-dns/files/ipset-dns.config b/package/network/services/ipset-dns/files/ipset-dns.config new file mode 100644 index 0000000..0270366 --- /dev/null +++ b/package/network/services/ipset-dns/files/ipset-dns.config @@ -0,0 +1,16 @@ +# declare an ipset-dns listener instance, multiple allowed +config ipset-dns + # use given ipset for type A (IPv4) responses + option ipset 'domain-filter-ipv4' + + # use given ipset for type AAAA (IPv6) responses + option ipset6 'domain-filter-ipv6' + + # use given listening port + # defaults to 53000 + instance number + #option port '53001' + + # use given upstream DNS server, + # defaults to first entry in /tmp/resolv.conf.auto + #option dns '8.8.8.8' + diff --git a/package/network/services/ipset-dns/files/ipset-dns.init b/package/network/services/ipset-dns/files/ipset-dns.init new file mode 100755 index 0000000..0a76fcc --- /dev/null +++ b/package/network/services/ipset-dns/files/ipset-dns.init @@ -0,0 +1,57 @@ +#!/bin/sh /etc/rc.common +# Copyright (C) 2013 OpenWrt.org + +START=61 + +USE_PROCD=1 + +find_nameserver() { + . /lib/functions/network.sh + + local tmp + if network_find_wan tmp && network_get_dnsserver tmp "$tmp"; then + echo "${tmp%% *}" + return 0 + fi + + return 1 +} + +start_instance() { + local cfg="$1" + local ipset ipset6 port dns + + config_get ipset "$cfg" ipset + config_get ipset6 "$cfg" ipset6 + [ -n "$ipset$ipset6" ] || { + echo "No ipset specified for instance $cfg" >&2 + return 1 + } + + config_get dns "$cfg" dns "$DEFNS" + [ -n "$dns" ] || { + echo "No DNS server specified for instance $cfg" >&2 + return 1 + } + + config_get port "$cfg" port $((PORT++)) + + procd_open_instance + procd_set_param command /usr/sbin/ipset-dns "$ipset" "$ipset6" "$port" "$dns" + procd_set_param env NO_DAEMONIZE=1 + procd_set_param respawn + procd_close_instance +} + +service_triggers() +{ + procd_add_reload_trigger "ipset-dns" +} + +start_service() { + PORT=53001 + DEFNS="$(find_nameserver)" + + config_load ipset-dns + config_foreach start_instance ipset-dns +} diff --git a/package/network/services/ipset-dns/patches/100-simultaneous-ipv4-ipv6.patch b/package/network/services/ipset-dns/patches/100-simultaneous-ipv4-ipv6.patch new file mode 100644 index 0000000..19669a0 --- /dev/null +++ b/package/network/services/ipset-dns/patches/100-simultaneous-ipv4-ipv6.patch @@ -0,0 +1,57 @@ +--- a/ipset-dns.c ++++ b/ipset-dns.c +@@ -307,19 +307,20 @@ int main(int argc, char *argv[]) + struct timeval tv; + char msg[512]; + char ip[INET6_ADDRSTRLEN]; +- char *ipset; ++ char *ipset, *ipset6; + int listen_sock, upstream_sock; + int pos, i, size, af; + socklen_t len; + size_t received; + pid_t child; + +- if (argc != 4) { +- fprintf(stderr, "Usage: %s ipset port upstream\n", argv[0]); ++ if (argc != 5) { ++ fprintf(stderr, "Usage: %s ipv4-ipset ipv6-ipset port upstream\n", argv[0]); + return 1; + } + + ipset = argv[1]; ++ ipset6 = argv[2]; + + listen_sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); + if (listen_sock < 0) { +@@ -329,7 +330,7 @@ int main(int argc, char *argv[]) + + memset(&listen_addr, 0, sizeof(listen_addr)); + listen_addr.sin_family = AF_INET; +- listen_addr.sin_port = htons(atoi(argv[2])); ++ listen_addr.sin_port = htons(atoi(argv[3])); + listen_addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK); + i = 1; + setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR, &i, sizeof(i)); +@@ -341,7 +342,7 @@ int main(int argc, char *argv[]) + memset(&upstream_addr, 0, sizeof(upstream_addr)); + upstream_addr.sin_family = AF_INET; + upstream_addr.sin_port = htons(53); +- inet_aton(argv[3], &upstream_addr.sin_addr); ++ inet_aton(argv[4], &upstream_addr.sin_addr); + + /* TODO: Put all of the below code in several forks all listening on the same sock. */ + +@@ -434,8 +435,11 @@ int main(int argc, char *argv[]) + continue; + } + ++ if ((af == AF_INET && !*ipset) || (af == AF_INET6 && !*ipset6)) ++ continue; ++ + printf("%s: %s\n", answer.dotted, ip); +- if (add_to_ipset(ipset, answer.rdata, af) < 0) ++ if (add_to_ipset((af == AF_INET) ? ipset : ipset6, answer.rdata, af) < 0) + perror("add_to_ipset"); + } + diff --git a/package/network/services/lldpd/Config.in b/package/network/services/lldpd/Config.in new file mode 100644 index 0000000..93d84e2 --- /dev/null +++ b/package/network/services/lldpd/Config.in @@ -0,0 +1,54 @@ +menu "Configuration" + depends on PACKAGE_lldpd + +config LLDPD_WITH_PRIVSEP + bool + default y + prompt "Enable privilege separation (run lldpd with a chrooted 'lldp' user)" + +config LLDPD_WITH_CDP + bool + default y + prompt "Enable support for the Cisco Discovery Protocol (CDP) version 1 and 2" + +config LLDPD_WITH_FDP + bool + default y + prompt "Enable support for the Foundry Discovery Protocol (FDP)" + +config LLDPD_WITH_EDP + bool + default y + prompt "Enable support for the Extreme Discovery Protocol (EDP)" + +config LLDPD_WITH_SONMP + bool + default y + prompt "Enable support for the SynOptics Network Management Protocol" + +config LLDPD_WITH_LLDPMED + bool + prompt "Enable LLDP-MED extension" + default y + +config LLDPD_WITH_DOT1 + bool + prompt "Enable Dot1 extension (VLAN stuff)" + default y + +config LLDPD_WITH_DOT3 + bool + prompt "Enable Dot3 extension (PHY stuff)" + default y + +config LLDPD_WITH_CUSTOM + bool + prompt "Enable Custom TLVs" + default y + +config LLDPD_WITH_JSON + bool + prompt "Enable JSON output for the LLDP Command-Line Interface" + default n + +endmenu diff --git a/package/network/services/lldpd/Makefile b/package/network/services/lldpd/Makefile new file mode 100644 index 0000000..81e4a8f --- /dev/null +++ b/package/network/services/lldpd/Makefile @@ -0,0 +1,108 @@ +# +# Copyright (C) 2008-2015 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=lldpd +PKG_VERSION:=0.7.15 +PKG_RELEASE:=1 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=http://media.luffy.cx/files/lldpd +PKG_MD5SUM:=46f7ad97fc1d04084ab11b32fc0ed708 + +PKG_MAINTAINER:=Jo-Philipp Wich <jow@openwrt.org> +PKG_LICENSE:=ISC + +PKG_FIXUP:=autoreconf +PKG_INSTALL:=1 + +TARGET_CFLAGS+=--std=c99 + +include $(INCLUDE_DIR)/package.mk + +define Package/lldpd + SECTION:=net + CATEGORY:=Network + SUBMENU:=Routing and Redirection + TITLE:=Link Layer Discovery Protocol daemon + URL:=https://github.com/vincentbernat/lldpd/wiki + DEPENDS:=+libevent2 +USE_GLIBC:libbsd +LLDPD_WITH_JSON:libjson-c + USERID:=lldp=121:lldp=129 + MENU:=1 +endef + +define Package/lldpd/config +source "$(SOURCE)/Config.in" +endef + +define Package/lldpd/description + LLDP (Link Layer Discovery Protocol) is an industry standard protocol designed + to supplant proprietary Link-Layer protocols such as + Extreme's EDP (Extreme Discovery Protocol) and + CDP (Cisco Discovery Protocol). + The goal of LLDP is to provide an inter-vendor compatible mechanism to deliver + Link-Layer notifications to adjacent network devices. +endef + +define Build/InstallDev + $(INSTALL_DIR) $(1)/usr/lib + $(CP) $(PKG_INSTALL_DIR)/usr/lib/liblldpctl.so* $(1)/usr/lib/ + $(INSTALL_DIR) $(1)/usr/include + $(CP) $(PKG_INSTALL_DIR)/usr/include/lldpctl.h $(1)/usr/include/lldpctl.h + $(CP) $(PKG_INSTALL_DIR)/usr/include/lldp-const.h $(1)/usr/include/lldp-const.h +endef + +define Package/lldpd/install + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_DIR) $(1)/etc/lldpd.d + $(INSTALL_DIR) $(1)/etc/config + $(INSTALL_DIR) $(1)/usr/lib $(1)/usr/sbin + $(CP) $(PKG_INSTALL_DIR)/usr/sbin/lldp{cli,ctl,d} $(1)/usr/sbin/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/liblldpctl.so* $(1)/usr/lib/ + $(INSTALL_BIN) ./files/lldpd.init $(1)/etc/init.d/lldpd + $(INSTALL_DATA) ./files/lldpd.config $(1)/etc/config/lldpd +ifneq ($(CONFIG_LLDPD_WITH_CDP),y) + sed -i -e '/cdp/d' $(1)/etc/init.d/lldpd $(1)/etc/config/lldpd +endif +ifneq ($(CONFIG_LLDPD_WITH_FDP),y) + sed -i -e '/fdp/d' $(1)/etc/init.d/lldpd $(1)/etc/config/lldpd +endif +ifneq ($(CONFIG_LLDPD_WITH_EDP),y) + sed -i -e '/edp/d' $(1)/etc/init.d/lldpd $(1)/etc/config/lldpd +endif +ifneq ($(CONFIG_LLDPD_WITH_SONMP),y) + sed -i -e '/sonmp/d' $(1)/etc/init.d/lldpd $(1)/etc/config/lldpd +endif +endef + +define Package/lldpd/conffiles +/etc/config/lldpd +endef + +CONFIGURE_ARGS += \ + $(if $(CONFIG_LLDPD_WITH_PRIVSEP), \ + --with-privsep-user=lldp \ + --with-privsep-group=lldp \ + --with-privsep-chroot=/var/run/lldp \ + ,--disable-privsep) \ + --with-readline=no \ + --with-embedded-libevent=no \ + --disable-hardening \ + --without-xml \ + $(if $(CONFIG_LLDPD_WITH_CDP),,--disable-cdp) \ + $(if $(CONFIG_LLDPD_WITH_FDP),,--disable-fdp) \ + $(if $(CONFIG_LLDPD_WITH_EDP),,--disable-edp) \ + $(if $(CONFIG_LLDPD_WITH_LLDPMED),,--disable-lldpmed) \ + $(if $(CONFIG_LLDPD_WITH_DOT1),,--disable-dot1) \ + $(if $(CONFIG_LLDPD_WITH_DOT3),,--disable-dot3) \ + $(if $(CONFIG_LLDPD_WITH_CUSTOM),,--disable-custom) \ + $(if $(CONFIG_LLDPD_WITH_SONMP),,--disable-sonmp) \ + $(if $(CONFIG_LLDPD_WITH_JSON),--with-json=json-c,--with-json=no) + + +$(eval $(call BuildPackage,lldpd)) diff --git a/package/network/services/lldpd/files/lldpd.config b/package/network/services/lldpd/files/lldpd.config new file mode 100644 index 0000000..48728e0 --- /dev/null +++ b/package/network/services/lldpd/files/lldpd.config @@ -0,0 +1,15 @@ +config lldpd config + option enable_cdp 1 + option enable_fdp 1 + option enable_sonmp 1 + option enable_edp 1 + + option lldp_class 4 + option lldp_location "2:FR:6:Commercial Rd:3:Roseville:19:4" + + # if empty, the distribution description is sent + #option lldp_description "OpenWrt System" + + # interfaces to listen on + list interface "loopback" + list interface "lan" diff --git a/package/network/services/lldpd/files/lldpd.init b/package/network/services/lldpd/files/lldpd.init new file mode 100644 index 0000000..04e5b8c --- /dev/null +++ b/package/network/services/lldpd/files/lldpd.init @@ -0,0 +1,93 @@ +#!/bin/sh /etc/rc.common +# Copyright (C) 2008-2012 OpenWrt.org + +START=90 + +USE_PROCD=1 +LLDPCLI=/usr/sbin/lldpcli +LLDPSOCKET=/var/run/lldpd.socket + +find_release_info() +{ + [ -s /etc/openwrt_release ] && . /etc/openwrt_release + [ -z "$DISTRIB_DESCRIPTION" ] && [ -s /etc/openwrt_version ] && \ + DISTRIB_DESCRIPTION="$(cat /etc/openwrt_version)" + + echo "${DISTRIB_DESCRIPTION:-Unknown OpenWrt release} @ $(cat /proc/sys/kernel/hostname)" +} + +start_service() { + . /lib/functions/network.sh + + local enable_cdp + local enable_fdp + local enable_sonmp + local enable_edp + local lldp_class + local lldp_location + local lldp_description + local readonly_mode + + config_load 'lldpd' + config_get_bool enable_cdp 'config' 'enable_cdp' 0 + config_get_bool enable_fdp 'config' 'enable_fdp' 0 + config_get_bool enable_sonmp 'config' 'enable_sonmp' 0 + config_get_bool enable_edp 'config' 'enable_edp' 0 + config_get lldp_class 'config' 'lldp_class' + config_get lldp_location 'config' 'lldp_location' + config_get lldp_description 'config' 'lldp_description' "$(find_release_info)" + config_get_bool readonly_mode 'config' 'readonly_mode' 0 + + local ifaces + config_get ifaces 'config' 'interface' + + local iface ifnames="" + for iface in $ifaces; do + local ifname="" + if network_get_device ifname "$iface" || [ -e "/sys/class/net/$iface" ]; then + append ifnames "${ifname:-$iface}" "," + fi + done + + mkdir -p /var/run/lldp + chown lldp:lldp /var/run/lldp + + procd_open_instance + procd_set_param command /usr/sbin/lldpd + procd_append_param command -d # don't daemonize, procd will handle that for us + + [ -n "$ifnames" ] && procd_append_param command -I "$ifnames" + [ $enable_cdp -gt 0 ] && procd_append_param command '-c' + [ $enable_fdp -gt 0 ] && procd_append_param command '-f' + [ $enable_sonmp -gt 0 ] && procd_append_param command '-s' + [ $enable_edp -gt 0 ] && procd_append_param command '-e' + [ $readonly_mode -gt 0 ] && procd_append_param command '-r' + [ -n "$lldp_class" ] && procd_append_param command -M "$lldp_class" + [ -n "$lldp_description" ] && procd_append_param command -S "$lldp_description" + + # set auto respawn behavior + procd_set_param respawn + procd_append_param respawn 3600 + procd_append_param respawn 5 + procd_append_param respawn -1 + procd_close_instance +} + +service_running() { + pgrep -x /usr/sbin/lldpd &> /dev/null +} + +reload_service() { + running || return 1 + # Custom TLVs are special and should be + # reloaded from config during lldpd reload + $LLDPCLI -u $LLDPSOCKET unconfigure lldp custom-tlv &> /dev/null + $LLDPCLI -u $LLDPSOCKET -c /etc/lldpd.conf -c /etc/lldpd.d &> /dev/null + # Broadcast update over the wire + $LLDPCLI -u $LLDPSOCKET update &> /dev/null + return 0 +} + +stop_service() { + rm -rf /var/run/lldp $LLDPSOCKET +} diff --git a/package/network/services/lldpd/patches/100-os-release.patch b/package/network/services/lldpd/patches/100-os-release.patch new file mode 100644 index 0000000..a906f39 --- /dev/null +++ b/package/network/services/lldpd/patches/100-os-release.patch @@ -0,0 +1,39 @@ +Index: lldpd-0.7.15/src/daemon/lldpd.c +=================================================================== +--- lldpd-0.7.15.orig/src/daemon/lldpd.c ++++ lldpd-0.7.15/src/daemon/lldpd.c +@@ -736,6 +736,10 @@ lldpd_get_os_release() { + fp = fopen("/usr/lib/os-release", "r"); + } + if (!fp) { ++ log_debug("localchassis", "could not open /usr/lib/os-release"); ++ fp = fopen("/etc/openwrt_release", "r"); ++ } ++ if (!fp) { + log_info("localchassis", + "could not open either /etc/os-release or /usr/lib/os-release"); + return NULL; +@@ -745,7 +749,8 @@ lldpd_get_os_release() { + key = strtok(line, "="); + val = strtok(NULL, "="); + +- if (strncmp(key, "PRETTY_NAME", sizeof(line)) == 0) { ++ if (strncmp(key, "PRETTY_NAME", sizeof(line)) == 0 || ++ strncmp(key, "DISTRIB_DESCRIPTION", sizeof(line)) == 0) { + strlcpy(release, val, sizeof(line)); + break; + } +@@ -755,11 +760,11 @@ lldpd_get_os_release() { + /* Remove trailing newline and all " in the string. */ + ptr1 = release + strlen(release) - 1; + while (ptr1 != release && +- ((*ptr1 == '"') || (*ptr1 == '\n'))) { ++ ((*ptr1 == '"') || (*ptr1 == '\n') || (*ptr1 == '\''))) { + *ptr1 = '\0'; + ptr1--; + } +- if (release[0] == '"') ++ if (release[0] == '"' || release[0] == '\'') + return release+1; + return release; + } diff --git a/package/network/services/mdns/Makefile b/package/network/services/mdns/Makefile new file mode 100644 index 0000000..74e2693 --- /dev/null +++ b/package/network/services/mdns/Makefile @@ -0,0 +1,48 @@ +# +# Copyright (C) 2014 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=mdns +PKG_VERSION:=2015-09-03 +PKG_RELEASE=$(PKG_SOURCE_VERSION) + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 +PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION) +PKG_SOURCE_URL:=git://git.openwrt.org/project/mdnsd.git +PKG_SOURCE_PROTO:=git +PKG_SOURCE_VERSION:=ae8773477c31b741ba8b47f8898e4c0a1c834b85 + +PKG_MAINTAINER:=John Crispin <blogic@openwrt.org> +PKG_LICENSE:=LGPL-2.1 + +include $(INCLUDE_DIR)/package-seccomp.mk +include $(INCLUDE_DIR)/package.mk +include $(INCLUDE_DIR)/cmake.mk + +define Package/mdns + SECTION:=net + CATEGORY:=Network + TITLE:=OpenWrt Multicast DNS Daemon + DEPENDS:=+libubox +libubus +libblobmsg-json +endef + +TARGET_CFLAGS += -I$(STAGING_DIR)/usr/include + +define Package/mdns/conffiles +/etc/config/mdns +endef + +define Package/mdns/install + $(INSTALL_DIR) $(1)/usr/sbin $(1)/etc/init.d $(1)/etc/config + $(INSTALL_BIN) $(PKG_BUILD_DIR)/mdns $(1)/usr/sbin/ + $(INSTALL_BIN) ./files/mdns.init $(1)/etc/init.d/mdns + $(INSTALL_CONF) ./files/mdns.config $(1)/etc/config/mdns + $(call InstallSeccomp,$(1),./files/mdns.json) +endef + +$(eval $(call BuildPackage,mdns)) diff --git a/package/network/services/mdns/files/mdns.config b/package/network/services/mdns/files/mdns.config new file mode 100644 index 0000000..b09eaf5 --- /dev/null +++ b/package/network/services/mdns/files/mdns.config @@ -0,0 +1,3 @@ +config mdns + option jail 1 + list network lan diff --git a/package/network/services/mdns/files/mdns.init b/package/network/services/mdns/files/mdns.init new file mode 100644 index 0000000..c0f9155 --- /dev/null +++ b/package/network/services/mdns/files/mdns.init @@ -0,0 +1,54 @@ +#!/bin/sh /etc/rc.common +# Copyright (c) 2014 OpenWrt.org + +. /lib/functions/network.sh + +START=80 + +USE_PROCD=1 +PROG=/usr/sbin/mdns +IFACES="" + +load_ifaces() { + local network="$(uci get mdns.@mdns[-1].network)" + for n in $network; do + local device + json_load "$(ifstatus $n)" + json_get_var device l3_device + echo -n "$device " + done +} + +reload_service() { + json_init + json_add_array interfaces + for i in $(load_ifaces); do + json_add_string "" "$i" + done + json_close_array + + ubus call mdns set_config "$(json_dump)" +} + +start_service() { + local network="$(uci get mdns.@mdns[-1].network)" + + procd_open_instance + procd_set_param command "$PROG" + procd_set_param seccomp /etc/seccomp/mdns.json + procd_set_param respawn + procd_open_trigger + procd_add_config_trigger "config.change" "mdns" /etc/init.d/mdns reload + for n in $network; do + procd_add_interface_trigger "interface.*" $n /etc/init.d/mdns reload + done + procd_add_raw_trigger "instance.update" 5000 "/bin/ubus" "call" "mdns" "reload" + procd_close_trigger + [ "$(uci get mdns.@mdns[-1].jail)" = 1 ] && procd_add_jail mdns ubus log + procd_close_instance +} + +service_started() { + ubus -t 10 wait_for mdns + [ $? = 0 ] && reload_service +} diff --git a/package/network/services/mdns/files/mdns.json b/package/network/services/mdns/files/mdns.json new file mode 100644 index 0000000..c22ba6f --- /dev/null +++ b/package/network/services/mdns/files/mdns.json @@ -0,0 +1,32 @@ +{ + "whitelist": [ + "read", + "write", + "open", + "close", + "time", + "brk", + "ioctl", + "uname", + "bind", + "connect", + "getsockname", + "recvmsg", + "sendmsg", + "sendto", + "setsockopt", + "socket", + "poll", + "fcntl64", + "epoll_create", + "epoll_ctl", + "epoll_wait", + "rt_sigaction", + "sigreturn", + "rt_sigreturn", + "exit_group", + "exit", + "clock_gettime" + ], + "policy": 1 +} diff --git a/package/network/services/odhcpd/Makefile b/package/network/services/odhcpd/Makefile new file mode 100644 index 0000000..0ec4769 --- /dev/null +++ b/package/network/services/odhcpd/Makefile @@ -0,0 +1,67 @@ +# +# Copyright (C) 2013 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=odhcpd +PKG_VERSION:=2015-09-07-1 +PKG_RELEASE=$(PKG_SOURCE_VERSION) + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 +PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION) +PKG_SOURCE_URL:=git://github.com/sbyx/odhcpd.git +PKG_SOURCE_PROTO:=git +PKG_SOURCE_VERSION:=cb1842c117030e6779f9556cd5d86b1a0ef145d7 + +PKG_MAINTAINER:=Steven Barth <steven@midlink.org> +PKG_LICENSE:=GPL-2.0 + +include $(INCLUDE_DIR)/package.mk +include $(INCLUDE_DIR)/cmake.mk + +CMAKE_OPTIONS += -DUBUS=1 + +ifneq ($(CONFIG_PACKAGE_odhcpd_ext_cer_id),0) + CMAKE_OPTIONS += -DEXT_CER_ID=$(CONFIG_PACKAGE_odhcpd_ext_cer_id) +endif + + +define Package/odhcpd + SECTION:=net + CATEGORY:=Network + TITLE:=OpenWrt DHCP/DHCPv6(-PD)/RA Server & Relay + DEPENDS:=+libubox +libuci +libubus +endef + +define Package/odhcpd/config + config PACKAGE_odhcpd_ext_cer_id + int "CER-ID Extension ID (0 = disabled)" + depends on PACKAGE_odhcpd + default 0 +endef + +define Package/odhcpd/description + odhcpd is a daemon for serving and relaying IP management protocols to + configure clients and downstream routers. It tries to follow the RFC 6204 + requirements for IPv6 home routers. + + odhcpd provides server services for DHCP, RA, stateless and stateful DHCPv6, + prefix delegation and can be used to relay RA, DHCPv6 and NDP between routed + (non-bridged) interfaces in case no delegated prefixes are available. +endef + +define Package/odhcpd/install + $(INSTALL_DIR) $(1)/usr/sbin/ + $(INSTALL_BIN) $(PKG_BUILD_DIR)/odhcpd $(1)/usr/sbin/ + $(INSTALL_BIN) ./files/odhcpd-update $(1)/usr/sbin/ + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/odhcpd.init $(1)/etc/init.d/odhcpd + $(INSTALL_DIR) $(1)/etc/uci-defaults + $(INSTALL_BIN) ./files/odhcpd.defaults $(1)/etc/uci-defaults +endef + +$(eval $(call BuildPackage,odhcpd)) diff --git a/package/network/services/odhcpd/files/odhcpd-update b/package/network/services/odhcpd/files/odhcpd-update new file mode 100755 index 0000000..e17cd0b --- /dev/null +++ b/package/network/services/odhcpd/files/odhcpd-update @@ -0,0 +1,5 @@ +#!/bin/sh +# Make dnsmasq reread hostfile + +pid=$(pidof dnsmasq) +[ "$(readlink /proc/$pid/exe)" = "/usr/sbin/dnsmasq" ] && kill -SIGHUP $pid diff --git a/package/network/services/odhcpd/files/odhcpd.defaults b/package/network/services/odhcpd/files/odhcpd.defaults new file mode 100644 index 0000000..d079ec0 --- /dev/null +++ b/package/network/services/odhcpd/files/odhcpd.defaults @@ -0,0 +1,13 @@ +#!/bin/sh +uci -q get dhcp.odhcpd && exit 0 +touch /etc/config/dhcp + +uci batch <<EOF +set dhcp.odhcpd=odhcpd +set dhcp.odhcpd.maindhcp=0 +set dhcp.odhcpd.leasefile=/tmp/hosts/odhcpd +set dhcp.odhcpd.leasetrigger=/usr/sbin/odhcpd-update +set dhcp.lan.dhcpv6=server +set dhcp.lan.ra=server +commit dhcp +EOF diff --git a/package/network/services/odhcpd/files/odhcpd.init b/package/network/services/odhcpd/files/odhcpd.init new file mode 100644 index 0000000..c8a3114 --- /dev/null +++ b/package/network/services/odhcpd/files/odhcpd.init @@ -0,0 +1,18 @@ +#!/bin/sh /etc/rc.common + +START=35 +STOP=85 +USE_PROCD=1 + +start_service() { + procd_open_instance + procd_set_param command /usr/sbin/odhcpd + procd_set_param respawn + procd_close_instance +} + +service_triggers() +{ + procd_add_reload_trigger "dhcp" +} + diff --git a/package/network/services/omcproxy/Makefile b/package/network/services/omcproxy/Makefile new file mode 100644 index 0000000..75997fe --- /dev/null +++ b/package/network/services/omcproxy/Makefile @@ -0,0 +1,43 @@ +# +# Copyright (C) 2015 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=omcproxy +PKG_VERSION:=2015-08-24 +PKG_RELEASE:=3 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION) +PKG_SOURCE_URL:=https://github.com/sbyx/omcproxy.git +PKG_SOURCE_PROTO:=git +PKG_SOURCE_VERSION:=8de9fa84e018e152e45c342f10b5b5140b63e4b1 +PKG_MAINTAINER:=Steven Barth <cyrus@openwrt.org> +PKG_LICENSE:=Apache-2.0 + +include $(INCLUDE_DIR)/package.mk +include $(INCLUDE_DIR)/cmake.mk + +define Package/omcproxy + SECTION:=net + CATEGORY:=Network + DEPENDS:=+libubox +libubus + TITLE:=IGMPv3 and MLDv2 Multicast Proxy +endef + +CMAKE_OPTIONS += -DWITH_LIBUBOX=1 + +define Package/omcproxy/install + $(INSTALL_DIR) $(1)/etc/config + $(INSTALL_CONF) ./files/omcproxy.config $(1)/etc/config/omcproxy + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/omcproxy.init $(1)/etc/init.d/omcproxy + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_BUILD_DIR)/omcproxy $(1)/usr/sbin/ +endef + +$(eval $(call BuildPackage,omcproxy)) diff --git a/package/network/services/omcproxy/files/omcproxy.config b/package/network/services/omcproxy/files/omcproxy.config new file mode 100644 index 0000000..b0f9bb0 --- /dev/null +++ b/package/network/services/omcproxy/files/omcproxy.config @@ -0,0 +1,9 @@ +config proxy + option scope global + option uplink wan + list downlink lan + +config proxy + option scope global + option uplink wan6 + list downlink lan diff --git a/package/network/services/omcproxy/files/omcproxy.init b/package/network/services/omcproxy/files/omcproxy.init new file mode 100644 index 0000000..a129792 --- /dev/null +++ b/package/network/services/omcproxy/files/omcproxy.init @@ -0,0 +1,143 @@ +#!/bin/sh /etc/rc.common +# Copyright (C) 2010-2014 OpenWrt.org + +START=99 +USE_PROCD=1 +PROG=/usr/sbin/omcproxy + +# Uncomment to enable verbosity +#OPTIONS="-v" +PROXIES="" + + +omcproxy_add_proxy() { + local uplink downlink scope proxy + config_get uplink $1 uplink + config_get downlink $1 downlink + config_get scope $1 scope + + proxy="" + + network_get_device updev $uplink + [ -n "$updev" ] || return 0 + + for network in $downlink; do + network_get_device downdev $network + [ -n "$downdev" ] && proxy="$proxy,$downdev" + + # Disable in-kernel querier while ours is active + [ -f /sys/class/net/$downdev/bridge/multicast_querier ] && \ + echo 0 > /sys/class/net/$downdev/bridge/multicast_querier + done + + [ -n "$proxy" ] || return 0 + [ -n "$scope" ] && proxy="$proxy,scope=$scope" + + PROXIES="$PROXIES $updev$proxy" + +} + +omcproxy_add_trigger() { + local uplink downlink + config_get uplink $1 uplink + config_get downlink $1 downlink + + for network in $uplink $downlink; do + procd_add_interface_trigger "interface.*" $network /etc/init.d/omcproxy restart + done +} + +omcproxy_add_firewall() { + config_get uplink $1 uplink + config_get downlink $1 downlink + + upzone=$(fw3 network $uplink) + [ -n "$upzone" ] || return 0 + + json_add_object "" + json_add_string type rule + json_add_string src "$upzone" + json_add_string proto igmp + json_add_string target ACCEPT + json_close_object + + json_add_object "" + json_add_string type rule + json_add_string family ipv6 + json_add_string src "$upzone" + json_add_string proto icmp + json_add_string src_ip fe80::/10 + json_add_array icmp_type + json_add_string "" 130/0 + json_add_string "" 131/0 + json_add_string "" 132/0 + json_add_string "" 143/0 + json_close_array + json_add_string target ACCEPT + json_close_object + + for network in $downlink; do + downzone=$(fw3 network $network) + [ -n "$downzone" ] || continue + + json_add_object "" + json_add_string type rule + json_add_string src "$upzone" + json_add_string dest "$downzone" + json_add_string family ipv4 + json_add_string proto any + json_add_string dest_ip "224.0.0.0/4" + json_add_string target ACCEPT + json_close_object + + json_add_object "" + json_add_string type rule + json_add_string src "$upzone" + json_add_string dest "$downzone" + json_add_string family ipv6 + json_add_string proto any + json_add_string dest_ip "ff00::/8" + json_add_string target ACCEPT + json_close_object + done +} + +service_triggers() { + procd_add_reload_trigger "omcproxy" +} + +start_service() { + include /lib/functions + + config_load omcproxy + config_foreach omcproxy_add_proxy proxy + + [ -n "$PROXIES" ] || return 0 + + procd_open_instance + procd_set_param command $PROG + [ -n "$OPTIONS" ] && procd_append_param command $OPTIONS + procd_append_param command $PROXIES + procd_set_param respawn + + procd_open_trigger + config_foreach omcproxy_add_trigger proxy + procd_close_trigger + + procd_open_data + + json_add_array firewall + config_foreach omcproxy_add_firewall proxy + json_close_array + + procd_close_data + + procd_close_instance + + # Increase maximum IPv4 group memberships per socket + echo 128 > /proc/sys/net/ipv4/igmp_max_memberships +} + +service_started() { + procd_set_config_changed firewall +} diff --git a/package/network/services/openvpn-easy-rsa/Makefile b/package/network/services/openvpn-easy-rsa/Makefile new file mode 100644 index 0000000..fe03cbd --- /dev/null +++ b/package/network/services/openvpn-easy-rsa/Makefile @@ -0,0 +1,59 @@ +# +# Copyright (C) 2010-2013 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=openvpn-easy-rsa + +PKG_REV:=ff5bfd1dd8e548cb24d302742af3894f893ef92f +PKG_VERSION:=2013-01-30 +PKG_RELEASE=2 + +PKG_SOURCE_PROTO:=git +PKG_SOURCE_URL:=https://github.com/OpenVPN/easy-rsa.git +PKG_SOURCE_VERSION:=$(PKG_REV) +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_REV).tar.gz +PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION) +PKG_LICENSE:=GPL-2.0 + +include $(INCLUDE_DIR)/package.mk + +define Package/openvpn-easy-rsa + TITLE:=Simple shell scripts to manage a Certificate Authority + SECTION:=net + CATEGORY:=Network + URL:=http://openvpn.net + SUBMENU:=VPN + DEPENDS:=+openssl-util +endef + +define Package/openvpn-easy-rsa/conffiles +/etc/easy-rsa/keys/serial +/etc/easy-rsa/keys/index.txt +/etc/easy-rsa/vars +endef + +define Build/Configure + +endef + +define Build/Compile + +endef + +define Package/openvpn-easy-rsa/install + $(INSTALL_DIR) $(1)/usr/sbin + $(CP) $(PKG_BUILD_DIR)/easy-rsa/2.0/{build-*,clean-all,inherit-inter,list-crl,pkitool,revoke-full,sign-req,whichopensslcnf} $(1)/usr/sbin/ + $(INSTALL_DIR) $(1)/etc/easy-rsa + $(INSTALL_DATA) $(PKG_BUILD_DIR)/easy-rsa/2.0/openssl-1.0.0.cnf $(1)/etc/easy-rsa/openssl-1.0.0.cnf + $(INSTALL_DATA) $(PKG_BUILD_DIR)/easy-rsa/2.0/vars $(1)/etc/easy-rsa/vars + $(INSTALL_DIR) $(1)/etc/easy-rsa/keys + $(INSTALL_DATA) files/easy-rsa.index $(1)/etc/easy-rsa/keys/index.txt + $(INSTALL_DATA) files/easy-rsa.serial $(1)/etc/easy-rsa/keys/serial +endef + +$(eval $(call BuildPackage,openvpn-easy-rsa)) diff --git a/package/network/services/openvpn-easy-rsa/files/easy-rsa.index b/package/network/services/openvpn-easy-rsa/files/easy-rsa.index new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/package/network/services/openvpn-easy-rsa/files/easy-rsa.index diff --git a/package/network/services/openvpn-easy-rsa/files/easy-rsa.serial b/package/network/services/openvpn-easy-rsa/files/easy-rsa.serial new file mode 100644 index 0000000..8a0f05e --- /dev/null +++ b/package/network/services/openvpn-easy-rsa/files/easy-rsa.serial @@ -0,0 +1 @@ +01 diff --git a/package/network/services/openvpn-easy-rsa/patches/100-run-ootb.patch b/package/network/services/openvpn-easy-rsa/patches/100-run-ootb.patch new file mode 100644 index 0000000..4c1b889 --- /dev/null +++ b/package/network/services/openvpn-easy-rsa/patches/100-run-ootb.patch @@ -0,0 +1,152 @@ +--- a/easy-rsa/2.0/build-ca ++++ b/easy-rsa/2.0/build-ca +@@ -5,4 +5,4 @@ + # + + export EASY_RSA="${EASY_RSA:-.}" +-"$EASY_RSA/pkitool" --interact --initca $* ++"/usr/sbin/pkitool" --interact --initca $* +--- a/easy-rsa/2.0/build-dh ++++ b/easy-rsa/2.0/build-dh +@@ -1,5 +1,7 @@ + #!/bin/sh + ++. /etc/easy-rsa/vars ++ + # Build Diffie-Hellman parameters for the server side + # of an SSL/TLS connection. + +--- a/easy-rsa/2.0/build-inter ++++ b/easy-rsa/2.0/build-inter +@@ -4,4 +4,4 @@ + # root certificate. + + export EASY_RSA="${EASY_RSA:-.}" +-"$EASY_RSA/pkitool" --interact --inter $* ++"/usr/sbin/pkitool" --interact --inter $* +--- a/easy-rsa/2.0/build-key ++++ b/easy-rsa/2.0/build-key +@@ -4,4 +4,4 @@ + # root certificate. + + export EASY_RSA="${EASY_RSA:-.}" +-"$EASY_RSA/pkitool" --interact $* ++"/usr/sbin/pkitool" --interact $* +--- a/easy-rsa/2.0/build-key-pass ++++ b/easy-rsa/2.0/build-key-pass +@@ -4,4 +4,4 @@ + # with a password. + + export EASY_RSA="${EASY_RSA:-.}" +-"$EASY_RSA/pkitool" --interact --pass $* ++"/usr/sbin/pkitool" --interact --pass $* +--- a/easy-rsa/2.0/build-key-pkcs12 ++++ b/easy-rsa/2.0/build-key-pkcs12 +@@ -5,4 +5,4 @@ + # the CA certificate as well. + + export EASY_RSA="${EASY_RSA:-.}" +-"$EASY_RSA/pkitool" --interact --pkcs12 $* ++"/usr/sbin/pkitool" --interact --pkcs12 $* +--- a/easy-rsa/2.0/build-key-server ++++ b/easy-rsa/2.0/build-key-server +@@ -7,4 +7,4 @@ + # extension in the openssl.cnf file. + + export EASY_RSA="${EASY_RSA:-.}" +-"$EASY_RSA/pkitool" --interact --server $* ++"/usr/sbin/pkitool" --interact --server $* +--- a/easy-rsa/2.0/build-req ++++ b/easy-rsa/2.0/build-req +@@ -4,4 +4,4 @@ + # when your root certificate and key is not available locally. + + export EASY_RSA="${EASY_RSA:-.}" +-"$EASY_RSA/pkitool" --interact --csr $* ++"/usr/sbin/pkitool" --interact --csr $* +--- a/easy-rsa/2.0/build-req-pass ++++ b/easy-rsa/2.0/build-req-pass +@@ -4,4 +4,4 @@ + # with a password. + + export EASY_RSA="${EASY_RSA:-.}" +-"$EASY_RSA/pkitool" --interact --csr --pass $* ++"/usr/sbin/pkitool" --interact --csr --pass $* +--- a/easy-rsa/2.0/clean-all ++++ b/easy-rsa/2.0/clean-all +@@ -1,5 +1,7 @@ + #!/bin/sh + ++. /etc/easy-rsa/vars ++ + # Initialize the $KEY_DIR directory. + # Note that this script does a + # rm -rf on $KEY_DIR so be careful! +--- a/easy-rsa/2.0/inherit-inter ++++ b/easy-rsa/2.0/inherit-inter +@@ -1,5 +1,7 @@ + #!/bin/sh + ++. /etc/easy-rsa/vars ++ + # Build a new PKI which is rooted on an intermediate certificate generated + # by ./build-inter or ./pkitool --inter from a parent PKI. The new PKI should + # have independent vars settings, and must use a different KEY_DIR directory +--- a/easy-rsa/2.0/list-crl ++++ b/easy-rsa/2.0/list-crl +@@ -1,5 +1,7 @@ + #!/bin/sh + ++. /etc/easy-rsa/vars ++ + # list revoked certificates + + CRL="${1:-crl.pem}" +--- a/easy-rsa/2.0/pkitool ++++ b/easy-rsa/2.0/pkitool +@@ -1,5 +1,7 @@ + #!/bin/sh + ++. /etc/easy-rsa/vars ++ + # OpenVPN -- An application to securely tunnel IP networks + # over a single TCP/UDP port, with support for SSL/TLS-based + # session authentication and key exchange, +--- a/easy-rsa/2.0/revoke-full ++++ b/easy-rsa/2.0/revoke-full +@@ -1,5 +1,7 @@ + #!/bin/sh + ++. /etc/easy-rsa/vars ++ + # revoke a certificate, regenerate CRL, + # and verify revocation + +--- a/easy-rsa/2.0/sign-req ++++ b/easy-rsa/2.0/sign-req +@@ -4,4 +4,4 @@ + # with a local root certificate and key. + + export EASY_RSA="${EASY_RSA:-.}" +-"$EASY_RSA/pkitool" --interact --sign $* ++"/usr/sbin/pkitool" --interact --sign $* +--- a/easy-rsa/2.0/vars ++++ b/easy-rsa/2.0/vars +@@ -12,7 +12,7 @@ + # This variable should point to + # the top level of the easy-rsa + # tree. +-export EASY_RSA="`pwd`" ++export EASY_RSA="/etc/easy-rsa" + + # + # This variable should point to +@@ -26,7 +26,7 @@ + # This variable should point to + # the openssl.cnf file included + # with easy-rsa. +-export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA` ++export KEY_CONFIG=`/usr/sbin/whichopensslcnf $EASY_RSA` + + # Edit this variable to point to + # your soon-to-be-created key diff --git a/package/network/services/openvpn/Config-nossl.in b/package/network/services/openvpn/Config-nossl.in new file mode 100644 index 0000000..3eaa228 --- /dev/null +++ b/package/network/services/openvpn/Config-nossl.in @@ -0,0 +1,54 @@ +if PACKAGE_openvpn-nossl + +config OPENVPN_nossl_ENABLE_LZO + bool "Enable LZO compression support" + default y + +config OPENVPN_nossl_ENABLE_SERVER + bool "Enable server support (otherwise only client mode is support)" + default y + +config OPENVPN_nossl_ENABLE_MANAGEMENT + bool "Enable management server support" + default n + +config OPENVPN_nossl_ENABLE_HTTP + bool "Enable HTTP proxy support" + default y + +config OPENVPN_nossl_ENABLE_SOCKS + bool "Enable SOCKS proxy support" + default y + +config OPENVPN_nossl_ENABLE_FRAGMENT + bool "Enable internal fragmentation support (--fragment)" + default y + +config OPENVPN_nossl_ENABLE_MULTIHOME + bool "Enable multi-homed UDP server support (--multihome)" + default y + +config OPENVPN_nossl_ENABLE_PORT_SHARE + bool "Enable TCP server port-share support (--port-share)" + default y + +config OPENVPN_nossl_ENABLE_DEF_AUTH + bool "Enable deferred authentication" + default y + +config OPENVPN_nossl_ENABLE_PF + bool "Enable internal packet filter" + default y + +config OPENVPN_nossl_ENABLE_IPROUTE2 + bool "Enable support for iproute2" + default n + +config OPENVPN_nossl_ENABLE_SMALL + bool "Enable size optimization" + default y + help + enable smaller executable size (disable OCC, usage + message, and verb 4 parm list) + +endif diff --git a/package/network/services/openvpn/Config-openssl.in b/package/network/services/openvpn/Config-openssl.in new file mode 100644 index 0000000..ac4c774 --- /dev/null +++ b/package/network/services/openvpn/Config-openssl.in @@ -0,0 +1,66 @@ +if PACKAGE_openvpn-openssl + +config OPENVPN_openssl_ENABLE_LZO + bool "Enable LZO compression support" + default y + +config OPENVPN_openssl_ENABLE_X509_ALT_USERNAME + bool "Enable the --x509-username-field feature" + default n + +config OPENVPN_openssl_ENABLE_SERVER + bool "Enable server support (otherwise only client mode is support)" + default y + +#config OPENVPN_openssl_ENABLE_EUREPHIA +# bool "Enable support for the eurephia plug-in" +# default n + +config OPENVPN_openssl_ENABLE_MANAGEMENT + bool "Enable management server support" + default n + +#config OPENVPN_openssl_ENABLE_PKCS11 +# bool "Enable pkcs11 support" +# default n + +config OPENVPN_openssl_ENABLE_HTTP + bool "Enable HTTP proxy support" + default y + +config OPENVPN_openssl_ENABLE_SOCKS + bool "Enable SOCKS proxy support" + default y + +config OPENVPN_openssl_ENABLE_FRAGMENT + bool "Enable internal fragmentation support (--fragment)" + default y + +config OPENVPN_openssl_ENABLE_MULTIHOME + bool "Enable multi-homed UDP server support (--multihome)" + default y + +config OPENVPN_openssl_ENABLE_PORT_SHARE + bool "Enable TCP server port-share support (--port-share)" + default y + +config OPENVPN_openssl_ENABLE_DEF_AUTH + bool "Enable deferred authentication" + default y + +config OPENVPN_openssl_ENABLE_PF + bool "Enable internal packet filter" + default y + +config OPENVPN_openssl_ENABLE_IPROUTE2 + bool "Enable support for iproute2" + default n + +config OPENVPN_openssl_ENABLE_SMALL + bool "Enable size optimization" + default y + help + enable smaller executable size (disable OCC, usage + message, and verb 4 parm list) + +endif diff --git a/package/network/services/openvpn/Config-polarssl.in b/package/network/services/openvpn/Config-polarssl.in new file mode 100644 index 0000000..26692ce --- /dev/null +++ b/package/network/services/openvpn/Config-polarssl.in @@ -0,0 +1,66 @@ +if PACKAGE_openvpn-polarssl + +config OPENVPN_polarssl_ENABLE_LZO + bool "Enable LZO compression support" + default y + +config OPENVPN_polarssl_ENABLE_X509_ALT_USERNAME + bool "Enable the --x509-username-field feature" + default n + +config OPENVPN_polarssl_ENABLE_SERVER + bool "Enable server support (otherwise only client mode is support)" + default y + +#config OPENVPN_polarssl_ENABLE_EUREPHIA +# bool "Enable support for the eurephia plug-in" +# default n + +config OPENVPN_polarssl_ENABLE_MANAGEMENT + bool "Enable management server support" + default n + +#config OPENVPN_polarssl_ENABLE_PKCS11 +# bool "Enable pkcs11 support" +# default n + +config OPENVPN_polarssl_ENABLE_HTTP + bool "Enable HTTP proxy support" + default y + +config OPENVPN_polarssl_ENABLE_SOCKS + bool "Enable SOCKS proxy support" + default y + +config OPENVPN_polarssl_ENABLE_FRAGMENT + bool "Enable internal fragmentation support (--fragment)" + default y + +config OPENVPN_polarssl_ENABLE_MULTIHOME + bool "Enable multi-homed UDP server support (--multihome)" + default y + +config OPENVPN_polarssl_ENABLE_PORT_SHARE + bool "Enable TCP server port-share support (--port-share)" + default y + +config OPENVPN_polarssl_ENABLE_DEF_AUTH + bool "Enable deferred authentication" + default y + +config OPENVPN_polarssl_ENABLE_PF + bool "Enable internal packet filter" + default y + +config OPENVPN_polarssl_ENABLE_IPROUTE2 + bool "Enable support for iproute2" + default n + +config OPENVPN_polarssl_ENABLE_SMALL + bool "Enable size optimization" + default y + help + enable smaller executable size (disable OCC, usage + message, and verb 4 parm list) + +endif diff --git a/package/network/services/openvpn/Makefile b/package/network/services/openvpn/Makefile new file mode 100644 index 0000000..a1784f4 --- /dev/null +++ b/package/network/services/openvpn/Makefile @@ -0,0 +1,125 @@ +# +# Copyright (C) 2010-2015 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=openvpn + +PKG_VERSION:=2.3.7 +PKG_RELEASE:=1 + +PKG_SOURCE_URL:=http://swupdate.openvpn.net/community/releases +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_MD5SUM:=070bca95e478f88dff9ec6a221e2c3f7 + +PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION) + +PKG_INSTALL:=1 +PKG_FIXUP:=autoreconf +PKG_BUILD_PARALLEL:=1 +PKG_LICENSE:=GPL-2.0 + +include $(INCLUDE_DIR)/package.mk + +define Package/openvpn/Default + TITLE:=Open source VPN solution using $(2) + SECTION:=net + CATEGORY:=Network + URL:=http://openvpn.net + SUBMENU:=VPN + MENU:=1 + DEPENDS:=+kmod-tun +OPENVPN_$(1)_ENABLE_LZO:liblzo +OPENVPN_$(1)_ENABLE_IPROUTE2:ip $(3) + VARIANT:=$(1) + MAINTAINER:=Mirko Vogt <mirko@openwrt.org> +endef + +Package/openvpn-openssl=$(call Package/openvpn/Default,openssl,OpenSSL,+libopenssl) +Package/openvpn-polarssl=$(call Package/openvpn/Default,polarssl,PolarSSL,+libpolarssl) +Package/openvpn-nossl=$(call Package/openvpn/Default,nossl,plaintext (no SSL)) + +define Package/openvpn/config/Default + source "$(SOURCE)/Config-$(1).in" +endef + +Package/openvpn-openssl/config=$(call Package/openvpn/config/Default,openssl) +Package/openvpn-polarssl/config=$(call Package/openvpn/config/Default,polarssl) +Package/openvpn-nossl/config=$(call Package/openvpn/config/Default,nossl) + +ifeq ($(BUILD_VARIANT),polarssl) +CONFIG_OPENVPN_POLARSSL:=y +endif +ifeq ($(BUILD_VARIANT),openssl) +CONFIG_OPENVPN_OPENSSL:=y +endif +ifeq ($(BUILD_VARIANT),nossl) +CONFIG_OPENVPN_NOSSL:=y +endif + +CONFIGURE_VARS += \ + IFCONFIG=/sbin/ifconfig \ + ROUTE=/sbin/route \ + IPROUTE=/sbin/ip \ + NETSTAT=/sbin/netstat + +define Build/Configure + $(call Build/Configure/Default, \ + $(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_SMALL),--enable-small) \ + --disable-selinux \ + --disable-systemd \ + --disable-plugins \ + --disable-debug \ + --disable-eurephia \ + --disable-pkcs11 \ + --enable-password-save \ + $(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_LZO),--enable,--disable)-lzo \ + $(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_X509_ALT_USERNAME),enable,disable-x509-alt-username)-ssl \ + $(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_SERVER),--enable,--disable)-server \ + $(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_MANAGEMENT),--enable,--disable)-management \ + $(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_SOCKS),--enable,--disable)-socks \ + $(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_HTTP),--enable,--disable)-http \ + $(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_FRAGMENT),--enable,--disable)-fragment \ + $(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_MULTIHOME),--enable,--disable)-multihome \ + $(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_IPROUTE2),--enable,--disable)-iproute2 \ + $(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_DEF_AUTH),--enable,--disable)-def-auth \ + $(if $(CONFIG_OPENVPN_$(BUILD_VARIANT)_ENABLE_PF),--enable,--disable)-pf \ + $(if $(CONFIG_OPENVPN_NOSSL),--disable-ssl --disable-crypto,--enable-ssl --enable-crypto) \ + $(if $(CONFIG_OPENVPN_OPENSSL),--with-crypto-library=openssl) \ + $(if $(CONFIG_OPENVPN_POLARSSL),--with-crypto-library=polarssl) \ + ) +endef + +define Package/openvpn-$(BUILD_VARIANT)/conffiles +/etc/config/openvpn +endef + +define Package/openvpn-$(BUILD_VARIANT)/install + $(INSTALL_DIR) \ + $(1)/usr/sbin \ + $(1)/etc/init.d \ + $(1)/etc/config \ + $(1)/etc/openvpn \ + $(1)/lib/upgrade/keep.d + + $(INSTALL_BIN) \ + $(PKG_INSTALL_DIR)/usr/sbin/openvpn \ + $(1)/usr/sbin/ + + $(INSTALL_BIN) \ + files/openvpn.init \ + $(1)/etc/init.d/openvpn + + $(INSTALL_CONF) files/openvpn.config \ + $(1)/etc/config/openvpn + + $(INSTALL_DATA) \ + files/openvpn.upgrade \ + $(1)/lib/upgrade/keep.d/openvpn +endef + +$(eval $(call BuildPackage,openvpn-openssl)) +$(eval $(call BuildPackage,openvpn-polarssl)) +$(eval $(call BuildPackage,openvpn-nossl)) diff --git a/package/network/services/openvpn/files/openvpn.config b/package/network/services/openvpn/files/openvpn.config new file mode 100644 index 0000000..3e053c3 --- /dev/null +++ b/package/network/services/openvpn/files/openvpn.config @@ -0,0 +1,400 @@ +package openvpn + +################################################# +# Sample to include a custom config file. # +################################################# + +config openvpn custom_config + + # Set to 1 to enable this instance: + option enabled 0 + + # Include OpenVPN configuration + option config /etc/openvpn/my-vpn.conf + + +################################################# +# Sample OpenVPN 2.0 uci config for # +# multi-client server. # +################################################# + +config openvpn sample_server + + # Set to 1 to enable this instance: + option enabled 0 + + # Which local IP address should OpenVPN + # listen on? (optional) +# option local 0.0.0.0 + + # Which TCP/UDP port should OpenVPN listen on? + # If you want to run multiple OpenVPN instances + # on the same machine, use a different port + # number for each one. You will need to + # open up this port on your firewall. + option port 1194 + + # TCP or UDP server? +# option proto tcp + option proto udp + + # "dev tun" will create a routed IP tunnel, + # "dev tap" will create an ethernet tunnel. + # Use "dev tap0" if you are ethernet bridging + # and have precreated a tap0 virtual interface + # and bridged it with your ethernet interface. + # If you want to control access policies + # over the VPN, you must create firewall + # rules for the the TUN/TAP interface. + # On non-Windows systems, you can give + # an explicit unit number, such as tun0. + # On Windows, use "dev-node" for this. + # On most systems, the VPN will not function + # unless you partially or fully disable + # the firewall for the TUN/TAP interface. +# option dev tap + option dev tun + + # SSL/TLS root certificate (ca), certificate + # (cert), and private key (key). Each client + # and the server must have their own cert and + # key file. The server and all clients will + # use the same ca file. + # + # See the "easy-rsa" directory for a series + # of scripts for generating RSA certificates + # and private keys. Remember to use + # a unique Common Name for the server + # and each of the client certificates. + # + # Any X509 key management system can be used. + # OpenVPN can also use a PKCS #12 formatted key file + # (see "pkcs12" directive in man page). + option ca /etc/openvpn/ca.crt + option cert /etc/openvpn/server.crt + # This file should be kept secret: + option key /etc/openvpn/server.key + + # Diffie hellman parameters. + # Generate your own with: + # openssl dhparam -out dh1024.pem 1024 + # Substitute 2048 for 1024 if you are using + # 2048 bit keys. + option dh /etc/openvpn/dh1024.pem + + # Configure server mode and supply a VPN subnet + # for OpenVPN to draw client addresses from. + # The server will take 10.8.0.1 for itself, + # the rest will be made available to clients. + # Each client will be able to reach the server + # on 10.8.0.1. Comment this line out if you are + # ethernet bridging. See the man page for more info. + option server "10.8.0.0 255.255.255.0" + + # Maintain a record of client <-> virtual IP address + # associations in this file. If OpenVPN goes down or + # is restarted, reconnecting clients can be assigned + # the same virtual IP address from the pool that was + # previously assigned. + option ifconfig_pool_persist /tmp/ipp.txt + + # Configure server mode for ethernet bridging. + # You must first use your OS's bridging capability + # to bridge the TAP interface with the ethernet + # NIC interface. Then you must manually set the + # IP/netmask on the bridge interface, here we + # assume 10.8.0.4/255.255.255.0. Finally we + # must set aside an IP range in this subnet + # (start=10.8.0.50 end=10.8.0.100) to allocate + # to connecting clients. Leave this line commented + # out unless you are ethernet bridging. +# option server_bridge "10.8.0.4 255.255.255.0 10.8.0.50 10.8.0.100" + + # Push routes to the client to allow it + # to reach other private subnets behind + # the server. Remember that these + # private subnets will also need + # to know to route the OpenVPN client + # address pool (10.8.0.0/255.255.255.0) + # back to the OpenVPN server. +# list push "route 192.168.10.0 255.255.255.0" +# list push "route 192.168.20.0 255.255.255.0" + + # To assign specific IP addresses to specific + # clients or if a connecting client has a private + # subnet behind it that should also have VPN access, + # use the subdirectory "ccd" for client-specific + # configuration files (see man page for more info). + + # EXAMPLE: Suppose the client + # having the certificate common name "Thelonious" + # also has a small subnet behind his connecting + # machine, such as 192.168.40.128/255.255.255.248. + # First, uncomment out these lines: +# option client_config_dir /etc/openvpn/ccd +# list route "192.168.40.128 255.255.255.248" + # Then create a file ccd/Thelonious with this line: + # iroute 192.168.40.128 255.255.255.248 + # This will allow Thelonious' private subnet to + # access the VPN. This example will only work + # if you are routing, not bridging, i.e. you are + # using "dev tun" and "server" directives. + + # EXAMPLE: Suppose you want to give + # Thelonious a fixed VPN IP address of 10.9.0.1. + # First uncomment out these lines: +# option client_config_dir /etc/openvpn/ccd +# list route "10.9.0.0 255.255.255.252" +# list route "192.168.100.0 255.255.255.0" + # Then add this line to ccd/Thelonious: + # ifconfig-push "10.9.0.1 10.9.0.2" + + # Suppose that you want to enable different + # firewall access policies for different groups + # of clients. There are two methods: + # (1) Run multiple OpenVPN daemons, one for each + # group, and firewall the TUN/TAP interface + # for each group/daemon appropriately. + # (2) (Advanced) Create a script to dynamically + # modify the firewall in response to access + # from different clients. See man + # page for more info on learn-address script. +# option learn_address /etc/openvpn/script + + # If enabled, this directive will configure + # all clients to redirect their default + # network gateway through the VPN, causing + # all IP traffic such as web browsing and + # and DNS lookups to go through the VPN + # (The OpenVPN server machine may need to NAT + # the TUN/TAP interface to the internet in + # order for this to work properly). + # CAVEAT: May break client's network config if + # client's local DHCP server packets get routed + # through the tunnel. Solution: make sure + # client's local DHCP server is reachable via + # a more specific route than the default route + # of 0.0.0.0/0.0.0.0. +# list push "redirect-gateway" + + # Certain Windows-specific network settings + # can be pushed to clients, such as DNS + # or WINS server addresses. CAVEAT: + # http://openvpn.net/faq.html#dhcpcaveats +# list push "dhcp-option DNS 10.8.0.1" +# list push "dhcp-option WINS 10.8.0.1" + + # Uncomment this directive to allow different + # clients to be able to "see" each other. + # By default, clients will only see the server. + # To force clients to only see the server, you + # will also need to appropriately firewall the + # server's TUN/TAP interface. +# option client_to_client 1 + + # Uncomment this directive if multiple clients + # might connect with the same certificate/key + # files or common names. This is recommended + # only for testing purposes. For production use, + # each client should have its own certificate/key + # pair. + # + # IF YOU HAVE NOT GENERATED INDIVIDUAL + # CERTIFICATE/KEY PAIRS FOR EACH CLIENT, + # EACH HAVING ITS OWN UNIQUE "COMMON NAME", + # UNCOMMENT THIS LINE OUT. +# option duplicate_cn 1 + + # The keepalive directive causes ping-like + # messages to be sent back and forth over + # the link so that each side knows when + # the other side has gone down. + # Ping every 10 seconds, assume that remote + # peer is down if no ping received during + # a 120 second time period. + option keepalive "10 120" + + # For extra security beyond that provided + # by SSL/TLS, create an "HMAC firewall" + # to help block DoS attacks and UDP port flooding. + # + # Generate with: + # openvpn --genkey --secret ta.key + # + # The server and each client must have + # a copy of this key. + # The second parameter should be '0' + # on the server and '1' on the clients. + # This file is secret: +# option tls_auth "/etc/openvpn/ta.key 0" + + # Select a cryptographic cipher. + # This config item must be copied to + # the client config file as well. + # Blowfish (default): +# option cipher BF-CBC + # AES: +# option cipher AES-128-CBC + # Triple-DES: +# option cipher DES-EDE3-CBC + + # Enable compression on the VPN link. + # If you enable it here, you must also + # enable it in the client config file. + option comp_lzo yes + + # The maximum number of concurrently connected + # clients we want to allow. +# option max_clients 100 + + # The persist options will try to avoid + # accessing certain resources on restart + # that may no longer be accessible because + # of the privilege downgrade. + option persist_key 1 + option persist_tun 1 + option user nobody + + # Output a short status file showing + # current connections, truncated + # and rewritten every minute. + option status /tmp/openvpn-status.log + + # By default, log messages will go to the syslog (or + # on Windows, if running as a service, they will go to + # the "\Program Files\OpenVPN\log" directory). + # Use log or log-append to override this default. + # "log" will truncate the log file on OpenVPN startup, + # while "log-append" will append to it. Use one + # or the other (but not both). +# option log /tmp/openvpn.log +# option log_append /tmp/openvpn.log + + # Set the appropriate level of log + # file verbosity. + # + # 0 is silent, except for fatal errors + # 4 is reasonable for general usage + # 5 and 6 can help to debug connection problems + # 9 is extremely verbose + option verb 3 + + # Silence repeating messages. At most 20 + # sequential messages of the same message + # category will be output to the log. +# option mute 20 + + +############################################## +# Sample client-side OpenVPN 2.0 uci config # +# for connecting to multi-client server. # +############################################## + +config openvpn sample_client + + # Set to 1 to enable this instance: + option enabled 0 + + # Specify that we are a client and that we + # will be pulling certain config file directives + # from the server. + option client 1 + + # Use the same setting as you are using on + # the server. + # On most systems, the VPN will not function + # unless you partially or fully disable + # the firewall for the TUN/TAP interface. +# option dev tap + option dev tun + + # Are we connecting to a TCP or + # UDP server? Use the same setting as + # on the server. +# option proto tcp + option proto udp + + # The hostname/IP and port of the server. + # You can have multiple remote entries + # to load balance between the servers. + list remote "my_server_1 1194" +# list remote "my_server_2 1194" + + # Choose a random host from the remote + # list for load_balancing. Otherwise + # try hosts in the order specified. +# option remote_random 1 + + # Keep trying indefinitely to resolve the + # host name of the OpenVPN server. Very useful + # on machines which are not permanently connected + # to the internet such as laptops. + option resolv_retry infinite + + # Most clients don't need to bind to + # a specific local port number. + option nobind 1 + + # Try to preserve some state across restarts. + option persist_key 1 + option persist_tun 1 + option user nobody + + # If you are connecting through an + # HTTP proxy to reach the actual OpenVPN + # server, put the proxy server/IP and + # port number here. See the man page + # if your proxy server requires + # authentication. + # retry on connection failures: +# option http_proxy_retry 1 + # specify http proxy address and port: +# option http_proxy "192.168.1.100 8080" + + # Wireless networks often produce a lot + # of duplicate packets. Set this flag + # to silence duplicate packet warnings. +# option mute_replay_warnings 1 + + # SSL/TLS parms. + # See the server config file for more + # description. It's best to use + # a separate .crt/.key file pair + # for each client. A single ca + # file can be used for all clients. + option ca /etc/openvpn/ca.crt + option cert /etc/openvpn/client.crt + option key /etc/openvpn/client.key + + # Verify server certificate by checking + # that the certicate has the nsCertType + # field set to "server". This is an + # important precaution to protect against + # a potential attack discussed here: + # http://openvpn.net/howto.html#mitm + # + # To use this feature, you will need to generate + # your server certificates with the nsCertType + # field set to "server". The build_key_server + # script in the easy_rsa folder will do this. +# option ns_cert_type server + + # If a tls_auth key is used on the server + # then every client must also have the key. +# option tls_auth "/etc/openvpn/ta.key 1" + + # Select a cryptographic cipher. + # If the cipher option is used on the server + # then you must also specify it here. +# option cipher x + + # Enable compression on the VPN link. + # Don't enable this unless it is also + # enabled in the server config file. + option comp_lzo yes + + # Set log file verbosity. + option verb 3 + + # Silence repeating messages +# option mute 20 diff --git a/package/network/services/openvpn/files/openvpn.init b/package/network/services/openvpn/files/openvpn.init new file mode 100644 index 0000000..994973b --- /dev/null +++ b/package/network/services/openvpn/files/openvpn.init @@ -0,0 +1,154 @@ +#!/bin/sh /etc/rc.common +# Copyright (C) 2008-2013 OpenWrt.org +# Copyright (C) 2008 Jo-Philipp Wich +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. + +START=90 +STOP=10 + +USE_PROCD=1 +PROG=/usr/sbin/openvpn + +LIST_SEP=" +" + +UCI_STARTED= +UCI_DISABLED= + +append_param() { + local s="$1" + local v="$2" + case "$v" in + *_*_*_*) v=${v%%_*}-${v#*_}; v=${v%%_*}-${v#*_}; v=${v%%_*}-${v#*_} ;; + *_*_*) v=${v%%_*}-${v#*_}; v=${v%%_*}-${v#*_} ;; + *_*) v=${v%%_*}-${v#*_} ;; + esac + echo -n "$v" >> "/var/etc/openvpn-$s.conf" + return 0 +} + +append_bools() { + local p; local v; local s="$1"; shift + for p in $*; do + config_get_bool v "$s" "$p" + [ "$v" = 1 ] && append_param "$s" "$p" && echo >> "/var/etc/openvpn-$s.conf" + done +} + +append_params() { + local p; local v; local s="$1"; shift + for p in $*; do + config_get v "$s" "$p" + IFS="$LIST_SEP" + for v in $v; do + [ -n "$v" ] && append_param "$s" "$p" && echo " $v" >> "/var/etc/openvpn-$s.conf" + done + unset IFS + done +} + +section_enabled() { + config_get_bool enable "$1" 'enable' 0 + config_get_bool enabled "$1" 'enabled' 0 + [ $enable -gt 0 ] || [ $enabled -gt 0 ] +} + +openvpn_add_instance() { + local name="$1" + local dir="$2" + local conf="$3" + + procd_open_instance + procd_set_param command "$PROG" \ + --syslog "openvpn($name)" \ + --status "/var/run/openvpn.$name.status" \ + --cd "$dir" \ + --config "$conf" + procd_set_param file "$dir/$conf" + procd_set_param respawn + procd_close_instance +} + +start_instance() { + local s="$1" + + config_get config "$s" config + config="${config:+$(readlink -f "$config")}" + + section_enabled "$s" || { + append UCI_DISABLED "$config" "$LIST_SEP" + return 1 + } + + [ ! -d "/var/run" ] && mkdir -p "/var/run" + + if [ ! -z "$config" ]; then + append UCI_STARTED "$config" "$LIST_SEP" + openvpn_add_instance "$s" "${config%/*}" "$config" + return + fi + + [ ! -d "/var/etc" ] && mkdir -p "/var/etc" + [ -f "/var/etc/openvpn-$s.conf" ] && rm "/var/etc/openvpn-$s.conf" + + # append flags + append_bools "$s" \ + auth_nocache auth_user_pass_optional bind ccd_exclusive client client_cert_not_required \ + client_to_client comp_noadapt disable \ + disable_occ down_pre duplicate_cn fast_io float http_proxy_retry \ + ifconfig_noexec ifconfig_nowarn ifconfig_pool_linear management_forget_disconnect management_hold \ + management_query_passwords management_signal mktun mlock mtu_test multihome mute_replay_warnings \ + nobind no_iv no_name_remapping no_replay opt_verify passtos persist_key persist_local_ip \ + persist_remote_ip persist_tun ping_timer_rem pull push_reset \ + remote_random rmtun route_noexec route_nopull single_session socks_proxy_retry \ + suppress_timestamps tcp_nodelay test_crypto tls_client tls_exit tls_server \ + tun_ipv6 up_delay up_restart username_as_common_name + + # append params + append_params "$s" \ + cd askpass auth auth_retry auth_user_pass auth_user_pass_verify bcast_buffers ca cert \ + chroot cipher client_config_dir client_connect client_disconnect comp_lzo connect_freq \ + connect_retry connect_timeout connect_retry_max crl_verify dev dev_node dev_type dh \ + echo engine explicit_exit_notify fragment group hand_window hash_size \ + http_proxy http_proxy_option http_proxy_timeout ifconfig ifconfig_pool \ + ifconfig_pool_persist ifconfig_push inactive ipchange iroute keepalive \ + key key_method keysize learn_address link_mtu lladdr local log log_append \ + lport management management_log_cache max_clients \ + max_routes_per_client mode mssfix mtu_disc mute nice ns_cert_type ping \ + ping_exit ping_restart pkcs12 plugin port port_share prng proto rcvbuf \ + redirect_gateway remap_usr1 remote remote_cert_eku remote_cert_ku remote_cert_tls \ + reneg_bytes reneg_pkts reneg_sec \ + replay_persist replay_window resolv_retry route route_delay route_gateway \ + route_metric route_pre_down route_up rport script_security secret server server_bridge setenv shaper sndbuf \ + socks_proxy status status_version syslog tcp_queue_limit tls_auth \ + tls_cipher tls_remote tls_timeout tls_verify tmp_dir topology tran_window \ + tun_mtu tun_mtu_extra txqueuelen user verb down push up \ + ifconfig_ipv6 route_ipv6 server_ipv6 ifconfig_ipv6_pool ifconfig_ipv6_push iroute_ipv6 + + openvpn_add_instance "$s" "/var/etc" "openvpn-$s.conf" +} + +start_service() { + config_load 'openvpn' + config_foreach start_instance 'openvpn' + + local path name + for path in /etc/openvpn/*.conf; do + if [ -f "$path" ]; then + name="${path##*/}"; name="${name%.conf}" + + # don't start configs again that are already started by uci + if echo "$UCI_STARTED" | grep -qxF "$path"; then + continue + + # don't start configs which are set to disabled in uci + elif echo "$UCI_DISABLED" | grep -qxF "$path"; then + logger -t openvpn "$name.conf is disabled in /etc/config/openvpn" + continue + fi + + openvpn_add_instance "$name" "${path%/*}" "$path" + fi + done +} diff --git a/package/network/services/openvpn/files/openvpn.upgrade b/package/network/services/openvpn/files/openvpn.upgrade new file mode 100644 index 0000000..6ae49d2 --- /dev/null +++ b/package/network/services/openvpn/files/openvpn.upgrade @@ -0,0 +1 @@ +/etc/openvpn/ diff --git a/package/network/services/openvpn/patches/001-reproducible-remove_DATE.patch b/package/network/services/openvpn/patches/001-reproducible-remove_DATE.patch new file mode 100644 index 0000000..3ceef6f --- /dev/null +++ b/package/network/services/openvpn/patches/001-reproducible-remove_DATE.patch @@ -0,0 +1,10 @@ +--- a/src/openvpn/options.c ++++ b/src/openvpn/options.c +@@ -102,7 +102,6 @@ const char title_string[] = + " [MH]" + #endif + " [IPv6]" +- " built on " __DATE__ + ; + + #ifndef ENABLE_SMALL diff --git a/package/network/services/openvpn/patches/100-polarssl_compat.h b/package/network/services/openvpn/patches/100-polarssl_compat.h new file mode 100644 index 0000000..a1c83b0 --- /dev/null +++ b/package/network/services/openvpn/patches/100-polarssl_compat.h @@ -0,0 +1,257 @@ +--- a/src/openvpn/ssl_polarssl.h ++++ b/src/openvpn/ssl_polarssl.h +@@ -38,6 +38,8 @@ + #include <polarssl/pkcs11.h> + #endif + ++#include <polarssl/compat-1.2.h> ++ + typedef struct _buffer_entry buffer_entry; + + struct _buffer_entry { +--- a/src/openvpn/ssl_polarssl.c ++++ b/src/openvpn/ssl_polarssl.c +@@ -46,7 +46,7 @@ + #include "manage.h" + #include "ssl_common.h" + +-#include <polarssl/sha2.h> ++#include <polarssl/sha256.h> + #include <polarssl/havege.h> + + #include "ssl_verify_polarssl.h" +@@ -212,13 +212,13 @@ tls_ctx_load_dh_params (struct tls_root_ + { + if (!strcmp (dh_file, INLINE_FILE_TAG) && dh_inline) + { +- if (0 != x509parse_dhm(ctx->dhm_ctx, (const unsigned char *) dh_inline, ++ if (0 != dhm_parse_dhm(ctx->dhm_ctx, (const unsigned char *) dh_inline, + strlen(dh_inline))) + msg (M_FATAL, "Cannot read inline DH parameters"); + } + else + { +- if (0 != x509parse_dhmfile(ctx->dhm_ctx, dh_file)) ++ if (0 != dhm_parse_dhmfile(ctx->dhm_ctx, dh_file)) + msg (M_FATAL, "Cannot read DH parameters from file %s", dh_file); + } + +@@ -253,13 +253,13 @@ tls_ctx_load_cert_file (struct tls_root_ + + if (!strcmp (cert_file, INLINE_FILE_TAG) && cert_inline) + { +- if (0 != x509parse_crt(ctx->crt_chain, ++ if (0 != x509_crt_parse(ctx->crt_chain, + (const unsigned char *) cert_inline, strlen(cert_inline))) + msg (M_FATAL, "Cannot load inline certificate file"); + } + else + { +- if (0 != x509parse_crtfile(ctx->crt_chain, cert_file)) ++ if (0 != x509_crt_parse_file(ctx->crt_chain, cert_file)) + msg (M_FATAL, "Cannot load certificate file %s", cert_file); + } + } +@@ -277,7 +277,7 @@ tls_ctx_load_priv_file (struct tls_root_ + status = x509parse_key(ctx->priv_key, + (const unsigned char *) priv_key_inline, strlen(priv_key_inline), + NULL, 0); +- if (POLARSSL_ERR_X509_PASSWORD_REQUIRED == status) ++ if (POLARSSL_ERR_PK_PASSWORD_REQUIRED == status) + { + char passbuf[512] = {0}; + pem_password_callback(passbuf, 512, 0, NULL); +@@ -289,7 +289,7 @@ tls_ctx_load_priv_file (struct tls_root_ + else + { + status = x509parse_keyfile(ctx->priv_key, priv_key_file, NULL); +- if (POLARSSL_ERR_X509_PASSWORD_REQUIRED == status) ++ if (POLARSSL_ERR_PK_PASSWORD_REQUIRED == status) + { + char passbuf[512] = {0}; + pem_password_callback(passbuf, 512, 0, NULL); +@@ -480,14 +480,14 @@ void tls_ctx_load_ca (struct tls_root_ct + + if (ca_file && !strcmp (ca_file, INLINE_FILE_TAG) && ca_inline) + { +- if (0 != x509parse_crt(ctx->ca_chain, (const unsigned char *) ca_inline, ++ if (0 != x509_crt_parse(ctx->ca_chain, (const unsigned char *) ca_inline, + strlen(ca_inline))) + msg (M_FATAL, "Cannot load inline CA certificates"); + } + else + { + /* Load CA file for verifying peer supplied certificate */ +- if (0 != x509parse_crtfile(ctx->ca_chain, ca_file)) ++ if (0 != x509_crt_parse_file(ctx->ca_chain, ca_file)) + msg (M_FATAL, "Cannot load CA certificate file %s", ca_file); + } + } +@@ -501,14 +501,14 @@ tls_ctx_load_extra_certs (struct tls_roo + + if (!strcmp (extra_certs_file, INLINE_FILE_TAG) && extra_certs_inline) + { +- if (0 != x509parse_crt(ctx->crt_chain, ++ if (0 != x509_crt_parse(ctx->crt_chain, + (const unsigned char *) extra_certs_inline, + strlen(extra_certs_inline))) + msg (M_FATAL, "Cannot load inline extra-certs file"); + } + else + { +- if (0 != x509parse_crtfile(ctx->crt_chain, extra_certs_file)) ++ if (0 != x509_crt_parse_file(ctx->crt_chain, extra_certs_file)) + msg (M_FATAL, "Cannot load extra-certs file: %s", extra_certs_file); + } + } +@@ -724,7 +724,7 @@ void key_state_ssl_init(struct key_state + external_key_len ); + else + #endif +- ssl_set_own_cert( ks_ssl->ctx, ssl_ctx->crt_chain, ssl_ctx->priv_key ); ++ ssl_set_own_cert_rsa( ks_ssl->ctx, ssl_ctx->crt_chain, ssl_ctx->priv_key ); + + /* Initialise SSL verification */ + #if P2MP_SERVER +@@ -1068,7 +1068,7 @@ print_details (struct key_state_ssl * ks + cert = ssl_get_peer_cert(ks_ssl->ctx); + if (cert != NULL) + { +- openvpn_snprintf (s2, sizeof (s2), ", " counter_format " bit RSA", (counter_type) cert->rsa.len * 8); ++ openvpn_snprintf (s2, sizeof (s2), ", " counter_format " bit RSA", (counter_type) pk_rsa(cert->pk)->len * 8); + } + + msg (D_HANDSHAKE, "%s%s", s1, s2); +--- a/src/openvpn/crypto_polarssl.c ++++ b/src/openvpn/crypto_polarssl.c +@@ -487,7 +487,12 @@ cipher_ctx_get_cipher_kt (const cipher_c + + int cipher_ctx_reset (cipher_context_t *ctx, uint8_t *iv_buf) + { +- return 0 == cipher_reset(ctx, iv_buf); ++ int retval = cipher_reset(ctx); ++ ++ if (0 == retval) ++ cipher_set_iv(ctx, iv_buf, ctx->cipher_info->iv_size); ++ ++ return 0 == retval; + } + + int cipher_ctx_update (cipher_context_t *ctx, uint8_t *dst, int *dst_len, +--- a/src/openvpn/ssl_verify_polarssl.h ++++ b/src/openvpn/ssl_verify_polarssl.h +@@ -34,6 +34,7 @@ + #include "misc.h" + #include "manage.h" + #include <polarssl/x509.h> ++#include <polarssl/compat-1.2.h> + + #ifndef __OPENVPN_X509_CERT_T_DECLARED + #define __OPENVPN_X509_CERT_T_DECLARED +--- a/src/openvpn/ssl_verify_polarssl.c ++++ b/src/openvpn/ssl_verify_polarssl.c +@@ -40,6 +40,7 @@ + #include "ssl_verify.h" + #include <polarssl/error.h> + #include <polarssl/bignum.h> ++#include <polarssl/oid.h> + #include <polarssl/sha1.h> + + #define MAX_SUBJECT_LENGTH 256 +@@ -102,7 +103,7 @@ x509_get_username (char *cn, int cn_len, + /* Find common name */ + while( name != NULL ) + { +- if( memcmp( name->oid.p, OID_CN, OID_SIZE(OID_CN) ) == 0) ++ if( memcmp( name->oid.p, OID_AT_CN, OID_SIZE(OID_AT_CN) ) == 0) + break; + + name = name->next; +@@ -224,60 +225,18 @@ x509_setenv (struct env_set *es, int cer + while( name != NULL ) + { + char name_expand[64+8]; ++ const char *shortname; + +- if( name->oid.len == 2 && memcmp( name->oid.p, OID_X520, 2 ) == 0 ) ++ if( 0 == oid_get_attr_short_name(&name->oid, &shortname) ) + { +- switch( name->oid.p[2] ) +- { +- case X520_COMMON_NAME: +- openvpn_snprintf (name_expand, sizeof(name_expand), "X509_%d_CN", +- cert_depth); break; +- +- case X520_COUNTRY: +- openvpn_snprintf (name_expand, sizeof(name_expand), "X509_%d_C", +- cert_depth); break; +- +- case X520_LOCALITY: +- openvpn_snprintf (name_expand, sizeof(name_expand), "X509_%d_L", +- cert_depth); break; +- +- case X520_STATE: +- openvpn_snprintf (name_expand, sizeof(name_expand), "X509_%d_ST", +- cert_depth); break; +- +- case X520_ORGANIZATION: +- openvpn_snprintf (name_expand, sizeof(name_expand), "X509_%d_O", +- cert_depth); break; +- +- case X520_ORG_UNIT: +- openvpn_snprintf (name_expand, sizeof(name_expand), "X509_%d_OU", +- cert_depth); break; +- +- default: +- openvpn_snprintf (name_expand, sizeof(name_expand), +- "X509_%d_0x%02X", cert_depth, name->oid.p[2]); +- break; +- } ++ openvpn_snprintf (name_expand, sizeof(name_expand), "X509_%d_%s", ++ cert_depth, shortname); ++ } ++ else ++ { ++ openvpn_snprintf (name_expand, sizeof(name_expand), "X509_%d_\?\?", ++ cert_depth); + } +- else if( name->oid.len == 8 && memcmp( name->oid.p, OID_PKCS9, 8 ) == 0 ) +- { +- switch( name->oid.p[8] ) +- { +- case PKCS9_EMAIL: +- openvpn_snprintf (name_expand, sizeof(name_expand), +- "X509_%d_emailAddress", cert_depth); break; +- +- default: +- openvpn_snprintf (name_expand, sizeof(name_expand), +- "X509_%d_0x%02X", cert_depth, name->oid.p[8]); +- break; +- } +- } +- else +- { +- openvpn_snprintf (name_expand, sizeof(name_expand), "X509_%d_\?\?", +- cert_depth); +- } + + for( i = 0; i < name->val.len; i++ ) + { +--- a/configure.ac ++++ b/configure.ac +@@ -832,13 +832,13 @@ if test "${with_crypto_library}" = "pola + #include <polarssl/version.h> + ]], + [[ +-#if POLARSSL_VERSION_NUMBER < 0x01020A00 || POLARSSL_VERSION_NUMBER >= 0x01030000 ++#if POLARSSL_VERSION_NUMBER < 0x01030000 + #error invalid version + #endif + ]] + )], + [AC_MSG_RESULT([ok])], +- [AC_MSG_ERROR([PolarSSL 1.2.x required and must be 1.2.10 or later])] ++ [AC_MSG_ERROR([PolarSSL 1.3.x required])] + ) + + polarssl_with_pkcs11="no" diff --git a/package/network/services/openvpn/patches/120-polarssl-disable-record-splitting.patch b/package/network/services/openvpn/patches/120-polarssl-disable-record-splitting.patch new file mode 100644 index 0000000..b05592e --- /dev/null +++ b/package/network/services/openvpn/patches/120-polarssl-disable-record-splitting.patch @@ -0,0 +1,14 @@ +--- a/src/openvpn/ssl_polarssl.c ++++ b/src/openvpn/ssl_polarssl.c +@@ -707,6 +707,11 @@ void key_state_ssl_init(struct key_state + if (ssl_ctx->allowed_ciphers) + ssl_set_ciphersuites (ks_ssl->ctx, ssl_ctx->allowed_ciphers); + ++ /* Disable record splitting (breaks current ssl handling) */ ++#if defined(POLARSSL_SSL_CBC_RECORD_SPLITTING) ++ ssl_set_cbc_record_splitting (ks_ssl->ctx, SSL_CBC_RECORD_SPLITTING_DISABLED); ++#endif /* POLARSSL_SSL_CBC_RECORD_SPLITTING */ ++ + /* Initialise authentication information */ + if (is_server) + ssl_set_dh_param_ctx (ks_ssl->ctx, ssl_ctx->dhm_ctx ); diff --git a/package/network/services/openvpn/patches/130-polarssl-disable-runtime-version-check.patch b/package/network/services/openvpn/patches/130-polarssl-disable-runtime-version-check.patch new file mode 100644 index 0000000..c97e9f2 --- /dev/null +++ b/package/network/services/openvpn/patches/130-polarssl-disable-runtime-version-check.patch @@ -0,0 +1,11 @@ +--- a/src/openvpn/ssl_polarssl.c ++++ b/src/openvpn/ssl_polarssl.c +@@ -1119,7 +1119,7 @@ const char * + get_ssl_library_version(void) + { + static char polar_version[30]; +- unsigned int pv = version_get_number(); ++ unsigned int pv = POLARSSL_VERSION_NUMBER; + sprintf( polar_version, "PolarSSL %d.%d.%d", + (pv>>24)&0xff, (pv>>16)&0xff, (pv>>8)&0xff ); + return polar_version; diff --git a/package/network/services/ppp/Makefile b/package/network/services/ppp/Makefile new file mode 100644 index 0000000..e0acf59 --- /dev/null +++ b/package/network/services/ppp/Makefile @@ -0,0 +1,265 @@ +# +# Copyright (C) 2006-2015 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk +include $(INCLUDE_DIR)/kernel.mk + +PKG_NAME:=ppp +PKG_VERSION:=2.4.7 +PKG_RELEASE:=8 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=https://download.samba.org/pub/ppp/ +PKG_MD5SUM:=78818f40e6d33a1d1de68a1551f6595a +PKG_MAINTAINER:=Felix Fietkau <nbd@openwrt.org> +PKG_LICENSE:=BSD-4-Clause + +PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION) + +PKG_BUILD_DEPENDS:=libpcap + +PKG_BUILD_PARALLEL:=1 +PKG_INSTALL:=1 + +include $(INCLUDE_DIR)/package.mk + +define Package/ppp/Default + SECTION:=net + CATEGORY:=Network + URL:=http://ppp.samba.org/ +endef + +define Package/ppp +$(call Package/ppp/Default) + DEPENDS:=+kmod-ppp + TITLE:=PPP daemon + VARIANT:=default +endef + +define Package/ppp-multilink +$(call Package/ppp/Default) + DEPENDS:=+kmod-ppp + TITLE:=PPP daemon (with multilink support) + VARIANT:=multilink +endef + +define Package/ppp/description +This package contains the PPP (Point-to-Point Protocol) daemon. +endef + +define Package/ppp/conffiles +/etc/ppp/chap-secrets +/etc/ppp/filter +/etc/ppp/ip-down +/etc/ppp/ip-up +/etc/ppp/ipv6-down +/etc/ppp/ipv6-up +/etc/ppp/options +endef + +define Package/ppp-mod-pppoa +$(call Package/ppp/Default) + DEPENDS:=@(PACKAGE_ppp||PACKAGE_ppp-multilink) +linux-atm +kmod-pppoa + TITLE:=PPPoA plugin +endef + +define Package/ppp-mod-pppoa/description +This package contains a PPPoA (PPP over ATM) plugin for ppp. +endef + +define Package/ppp-mod-pppoe +$(call Package/ppp/Default) + DEPENDS:=@(PACKAGE_ppp||PACKAGE_ppp-multilink) +kmod-pppoe + TITLE:=PPPoE plugin +endef + +define Package/ppp-mod-pppoe/description +This package contains a PPPoE (PPP over Ethernet) plugin for ppp. +endef + +define Package/ppp-mod-radius +$(call Package/ppp/Default) + DEPENDS:=@(PACKAGE_ppp||PACKAGE_ppp-multilink) + TITLE:=RADIUS plugin +endef + +define Package/ppp-mod-radius/description +This package contains a RADIUS (Remote Authentication Dial-In User Service) +plugin for ppp. +endef + +define Package/ppp-mod-radius/conffiles +/etc/ppp/radius.conf +/etc/ppp/radius/ +endef + +define Package/ppp-mod-pppol2tp +$(call Package/ppp/Default) + DEPENDS:=@(PACKAGE_ppp||PACKAGE_ppp-multilink) +kmod-pppol2tp + TITLE:=PPPoL2TP plugin +endef + +define Package/ppp-mod-pppol2tp/description +This package contains a PPPoL2TP (PPP over L2TP) plugin for ppp. +endef + +define Package/ppp-mod-pptp +$(call Package/ppp/Default) + DEPENDS:=@(PACKAGE_ppp||PACKAGE_ppp-multilink) +kmod-pptp +kmod-mppe +resolveip + TITLE:=PPtP plugin +endef + +define Package/ppp-mod-pptp/description +This package contains a PPtP plugin for ppp. +endef + +define Package/chat +$(call Package/ppp/Default) + TITLE:=Establish conversation with a modem +endef + +define Package/chat/description +This package contains an utility to establish conversation with other PPP servers +(via a modem). +endef + +define Package/pppdump +$(call Package/ppp/Default) + DEPENDS:=@(PACKAGE_ppp||PACKAGE_ppp-multilink) + TITLE:=Read PPP record file +endef + +define Package/pppdump/description +This package contains an utility to read PPP record file. +endef + +define Package/pppstats +$(call Package/ppp/Default) + DEPENDS:=@(PACKAGE_ppp||PACKAGE_ppp-multilink) + TITLE:=Report PPP statistics +endef + +define Package/pppstats/description +This package contains an utility to report PPP statistics. +endef + + +define Build/Configure +$(call Build/Configure/Default,, \ + UNAME_S="Linux" \ + UNAME_R="$(LINUX_VERSION)" \ + UNAME_M="$(ARCH)" \ +) + mkdir -p $(PKG_BUILD_DIR)/pppd/plugins/pppoatm/linux + cp \ + $(LINUX_DIR)/include/linux/compiler.h \ + $(LINUX_DIR)/include/$(LINUX_UAPI_DIR)linux/atm*.h \ + $(PKG_BUILD_DIR)/pppd/plugins/pppoatm/linux/ +endef + +MAKE_FLAGS += COPTS="$(TARGET_CFLAGS)" \ + PRECOMPILED_FILTER=1 \ + STAGING_DIR="$(STAGING_DIR)" + +ifeq ($(BUILD_VARIANT),multilink) + MAKE_FLAGS += HAVE_MULTILINK=y +else + MAKE_FLAGS += HAVE_MULTILINK= +endif + +ifdef CONFIG_USE_MUSL + MAKE_FLAGS += USE_LIBUTIL= +endif + +define Build/InstallDev + $(INSTALL_DIR) $(1)/usr/include + $(CP) $(PKG_INSTALL_DIR)/include/pppd $(1)/usr/include/ +endef + +define Package/ppp/script_install +endef + +define Package/ppp/install + $(INSTALL_DIR) $(1)/usr/lib/pppd/$(PKG_VERSION) + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/sbin/pppd $(1)/usr/sbin/ + $(INSTALL_DIR) $(1)/etc/ppp + $(INSTALL_CONF) ./files/etc/ppp/chap-secrets $(1)/etc/ppp/ + $(INSTALL_DATA) ./files/etc/ppp/filter $(1)/etc/ppp/ + $(INSTALL_DATA) ./files/etc/ppp/options $(1)/etc/ppp/ + $(LN) /tmp/resolv.conf.ppp $(1)/etc/ppp/resolv.conf + $(INSTALL_DIR) $(1)/lib/netifd/proto + $(INSTALL_BIN) ./files/ppp.sh $(1)/lib/netifd/proto/ + $(INSTALL_BIN) ./files/lib/netifd/ppp-up $(1)/lib/netifd/ + $(INSTALL_BIN) ./files/lib/netifd/ppp-down $(1)/lib/netifd/ +endef +Package/ppp-multilink/install=$(Package/ppp/install) + +define Package/ppp-mod-pppoa/install + $(INSTALL_DIR) $(1)/usr/lib/pppd/$(PKG_VERSION) + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/lib/pppd/$(PKG_VERSION)/pppoatm.so \ + $(1)/usr/lib/pppd/$(PKG_VERSION)/ +endef + +define Package/ppp-mod-pppoe/install + $(INSTALL_DIR) $(1)/usr/lib/pppd/$(PKG_VERSION) + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/lib/pppd/$(PKG_VERSION)/rp-pppoe.so \ + $(1)/usr/lib/pppd/$(PKG_VERSION)/ +endef + +define Package/ppp-mod-radius/install + $(INSTALL_DIR) $(1)/usr/lib/pppd/$(PKG_VERSION) + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/lib/pppd/$(PKG_VERSION)/radius.so \ + $(1)/usr/lib/pppd/$(PKG_VERSION)/ + $(INSTALL_DIR) $(1)/etc/ppp + $(INSTALL_DATA) ./files/etc/ppp/radius.conf $(1)/etc/ppp/ + $(INSTALL_DIR) $(1)/etc/ppp/radius + $(INSTALL_DATA) ./files/etc/ppp/radius/dictionary* \ + $(1)/etc/ppp/radius/ + $(INSTALL_CONF) ./files/etc/ppp/radius/servers \ + $(1)/etc/ppp/radius/ +endef + +define Package/ppp-mod-pppol2tp/install + $(INSTALL_DIR) $(1)/usr/lib/pppd/$(PKG_VERSION) + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/lib/pppd/$(PKG_VERSION)/pppol2tp.so \ + $(1)/usr/lib/pppd/$(PKG_VERSION)/ +endef + +define Package/ppp-mod-pptp/install + $(INSTALL_DIR) $(1)/usr/lib/pppd/$(PKG_VERSION) + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/lib/pppd/$(PKG_VERSION)/pptp.so \ + $(1)/usr/lib/pppd/$(PKG_VERSION)/ + $(INSTALL_DIR) $(1)/etc/ppp + $(INSTALL_DATA) ./files/etc/ppp/options.pptp $(1)/etc/ppp/ +endef + +define Package/chat/install + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/sbin/chat $(1)/usr/sbin/ +endef + +define Package/pppdump/install + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/sbin/pppdump $(1)/usr/sbin/ +endef + +define Package/pppstats/install + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/sbin/pppstats $(1)/usr/sbin/ +endef + +$(eval $(call BuildPackage,ppp)) +$(eval $(call BuildPackage,ppp-multilink)) +$(eval $(call BuildPackage,ppp-mod-pppoa)) +$(eval $(call BuildPackage,ppp-mod-pppoe)) +$(eval $(call BuildPackage,ppp-mod-radius)) +$(eval $(call BuildPackage,ppp-mod-pppol2tp)) +$(eval $(call BuildPackage,ppp-mod-pptp)) +$(eval $(call BuildPackage,chat)) +$(eval $(call BuildPackage,pppdump)) +$(eval $(call BuildPackage,pppstats)) diff --git a/package/network/services/ppp/files/etc/ppp/chap-secrets b/package/network/services/ppp/files/etc/ppp/chap-secrets new file mode 100644 index 0000000..6ab76e4 --- /dev/null +++ b/package/network/services/ppp/files/etc/ppp/chap-secrets @@ -0,0 +1 @@ +#USERNAME PROVIDER PASSWORD IPADDRESS diff --git a/package/network/services/ppp/files/etc/ppp/filter b/package/network/services/ppp/files/etc/ppp/filter new file mode 100644 index 0000000..ec72a81 --- /dev/null +++ b/package/network/services/ppp/files/etc/ppp/filter @@ -0,0 +1,23 @@ +# +# Expression: outbound and not icmp[0] != 8 and not tcp[13] & 4 != 0 +# +19 +48 0 0 0 +21 0 16 1 +40 0 0 2 +21 0 13 33 +48 0 0 13 +21 0 5 1 +40 0 0 10 +69 9 0 8191 +177 0 0 4 +80 0 0 4 +21 6 7 8 +21 0 5 6 +40 0 0 10 +69 3 0 8191 +177 0 0 4 +80 0 0 17 +69 1 0 4 +6 0 0 4 +6 0 0 0 diff --git a/package/network/services/ppp/files/etc/ppp/options b/package/network/services/ppp/files/etc/ppp/options new file mode 100644 index 0000000..6b93f7b --- /dev/null +++ b/package/network/services/ppp/files/etc/ppp/options @@ -0,0 +1,10 @@ +#debug +logfile /dev/null +noipdefault +noaccomp +nopcomp +nocrtscts +lock +maxfail 0 +lcp-echo-failure 5 +lcp-echo-interval 1 diff --git a/package/network/services/ppp/files/etc/ppp/options.pptp b/package/network/services/ppp/files/etc/ppp/options.pptp new file mode 100644 index 0000000..46a3f48 --- /dev/null +++ b/package/network/services/ppp/files/etc/ppp/options.pptp @@ -0,0 +1,7 @@ +noipdefault +noauth +nobsdcomp +nodeflate +idle 0 +mppe required,no40,no56,stateless +maxfail 0 diff --git a/package/network/services/ppp/files/etc/ppp/radius.conf b/package/network/services/ppp/files/etc/ppp/radius.conf new file mode 100644 index 0000000..0f24a8c --- /dev/null +++ b/package/network/services/ppp/files/etc/ppp/radius.conf @@ -0,0 +1,8 @@ +authserver localhost:1812 +acctserver localhost:1813 +dictionary /etc/ppp/radius/dictionary +servers /etc/ppp/radius/servers +mapfile /dev/null +seqfile /tmp/radius.seq +radius_timeout 5 +radius_retries 3 diff --git a/package/network/services/ppp/files/etc/ppp/radius/dictionary b/package/network/services/ppp/files/etc/ppp/radius/dictionary new file mode 100644 index 0000000..706d1ce --- /dev/null +++ b/package/network/services/ppp/files/etc/ppp/radius/dictionary @@ -0,0 +1,253 @@ +# +# Updated 97/06/13 to livingston-radius-2.01 miquels@cistron.nl +# +# This file contains dictionary translations for parsing +# requests and generating responses. All transactions are +# composed of Attribute/Value Pairs. The value of each attribute +# is specified as one of 4 data types. Valid data types are: +# +# string - 0-253 octets +# ipaddr - 4 octets in network byte order +# integer - 32 bit value in big endian order (high byte first) +# date - 32 bit value in big endian order - seconds since +# 00:00:00 GMT, Jan. 1, 1970 +# +# Enumerated values are stored in the user file with dictionary +# VALUE translations for easy administration. +# +# Example: +# +# ATTRIBUTE VALUE +# --------------- ----- +# Framed-Protocol = PPP +# 7 = 1 (integer encoding) +# + +# The dictionary format now supports vendor-specific attributes. +# Vendors are introduced like this: +# +# VENDOR vendor_name vendor_number +# +# For example: +# +# VENDOR RoaringPenguin 10055 +# +# Vendor-specific attributes have a fifth field with the name of the +# vendor. For example: +# +# ATTRIBUTE RP-Upstream-Speed-Limit 1 integer RoaringPenguin +# +# introduces a Roaring Penguin vendor-specific attribbute with name +# RP-Upstream-Speed-Limit, number 1, type integer and vendor RoaringPenguin. + +# +# Following are the proper new names. Use these. +# +ATTRIBUTE User-Name 1 string +ATTRIBUTE Password 2 string +ATTRIBUTE CHAP-Password 3 string +ATTRIBUTE NAS-IP-Address 4 ipaddr +ATTRIBUTE NAS-Port-Id 5 integer +ATTRIBUTE Service-Type 6 integer +ATTRIBUTE Framed-Protocol 7 integer +ATTRIBUTE Framed-IP-Address 8 ipaddr +ATTRIBUTE Framed-IP-Netmask 9 ipaddr +ATTRIBUTE Framed-Routing 10 integer +ATTRIBUTE Filter-Id 11 string +ATTRIBUTE Framed-MTU 12 integer +ATTRIBUTE Framed-Compression 13 integer +ATTRIBUTE Login-IP-Host 14 ipaddr +ATTRIBUTE Login-Service 15 integer +ATTRIBUTE Login-TCP-Port 16 integer +ATTRIBUTE Reply-Message 18 string +ATTRIBUTE Callback-Number 19 string +ATTRIBUTE Callback-Id 20 string +ATTRIBUTE Framed-Route 22 string +ATTRIBUTE Framed-IPX-Network 23 ipaddr +ATTRIBUTE State 24 string +ATTRIBUTE Class 25 string +ATTRIBUTE Session-Timeout 27 integer +ATTRIBUTE Idle-Timeout 28 integer +ATTRIBUTE Termination-Action 29 integer +ATTRIBUTE Called-Station-Id 30 string +ATTRIBUTE Calling-Station-Id 31 string +ATTRIBUTE NAS-Identifier 32 string +ATTRIBUTE Acct-Status-Type 40 integer +ATTRIBUTE Acct-Delay-Time 41 integer +ATTRIBUTE Acct-Input-Octets 42 integer +ATTRIBUTE Acct-Output-Octets 43 integer +ATTRIBUTE Acct-Session-Id 44 string +ATTRIBUTE Acct-Authentic 45 integer +ATTRIBUTE Acct-Session-Time 46 integer +ATTRIBUTE Acct-Input-Packets 47 integer +ATTRIBUTE Acct-Output-Packets 48 integer +ATTRIBUTE Acct-Terminate-Cause 49 integer +ATTRIBUTE Chap-Challenge 60 string +ATTRIBUTE NAS-Port-Type 61 integer +ATTRIBUTE Port-Limit 62 integer +ATTRIBUTE Connect-Info 77 string + +# RFC 2869 +ATTRIBUTE Acct-Interim-Interval 85 integer + +# +# Experimental Non Protocol Attributes used by Cistron-Radiusd +# +ATTRIBUTE Huntgroup-Name 221 string +ATTRIBUTE User-Category 1029 string +ATTRIBUTE Group-Name 1030 string +ATTRIBUTE Simultaneous-Use 1034 integer +ATTRIBUTE Strip-User-Name 1035 integer +ATTRIBUTE Fall-Through 1036 integer +ATTRIBUTE Add-Port-To-IP-Address 1037 integer +ATTRIBUTE Exec-Program 1038 string +ATTRIBUTE Exec-Program-Wait 1039 string +ATTRIBUTE Hint 1040 string + +# +# Non-Protocol Attributes +# These attributes are used internally by the server +# +ATTRIBUTE Expiration 21 date +ATTRIBUTE Auth-Type 1000 integer +ATTRIBUTE Menu 1001 string +ATTRIBUTE Termination-Menu 1002 string +ATTRIBUTE Prefix 1003 string +ATTRIBUTE Suffix 1004 string +ATTRIBUTE Group 1005 string +ATTRIBUTE Crypt-Password 1006 string +ATTRIBUTE Connect-Rate 1007 integer + +# +# Experimental, implementation specific attributes +# +# Limit session traffic +ATTRIBUTE Session-Octets-Limit 227 integer +# What to assume as limit - 0 in+out, 1 in, 2 out, 3 max(in,out) +ATTRIBUTE Octets-Direction 228 integer + +# +# Integer Translations +# + +# User Types + +VALUE Service-Type Login-User 1 +VALUE Service-Type Framed-User 2 +VALUE Service-Type Callback-Login-User 3 +VALUE Service-Type Callback-Framed-User 4 +VALUE Service-Type Outbound-User 5 +VALUE Service-Type Administrative-User 6 +VALUE Service-Type NAS-Prompt-User 7 + +# Framed Protocols + +VALUE Framed-Protocol PPP 1 +VALUE Framed-Protocol SLIP 2 + +# Framed Routing Values + +VALUE Framed-Routing None 0 +VALUE Framed-Routing Broadcast 1 +VALUE Framed-Routing Listen 2 +VALUE Framed-Routing Broadcast-Listen 3 + +# Framed Compression Types + +VALUE Framed-Compression None 0 +VALUE Framed-Compression Van-Jacobson-TCP-IP 1 + +# Login Services + +VALUE Login-Service Telnet 0 +VALUE Login-Service Rlogin 1 +VALUE Login-Service TCP-Clear 2 +VALUE Login-Service PortMaster 3 + +# Status Types + +VALUE Acct-Status-Type Start 1 +VALUE Acct-Status-Type Stop 2 +VALUE Acct-Status-Type Accounting-On 7 +VALUE Acct-Status-Type Accounting-Off 8 + +# Authentication Types + +VALUE Acct-Authentic RADIUS 1 +VALUE Acct-Authentic Local 2 +VALUE Acct-Authentic PowerLink128 100 + +# Termination Options + +VALUE Termination-Action Default 0 +VALUE Termination-Action RADIUS-Request 1 + +# NAS Port Types, available in 3.3.1 and later + +VALUE NAS-Port-Type Async 0 +VALUE NAS-Port-Type Sync 1 +VALUE NAS-Port-Type ISDN 2 +VALUE NAS-Port-Type ISDN-V120 3 +VALUE NAS-Port-Type ISDN-V110 4 + +# Acct Terminate Causes, available in 3.3.2 and later + +VALUE Acct-Terminate-Cause User-Request 1 +VALUE Acct-Terminate-Cause Lost-Carrier 2 +VALUE Acct-Terminate-Cause Lost-Service 3 +VALUE Acct-Terminate-Cause Idle-Timeout 4 +VALUE Acct-Terminate-Cause Session-Timeout 5 +VALUE Acct-Terminate-Cause Admin-Reset 6 +VALUE Acct-Terminate-Cause Admin-Reboot 7 +VALUE Acct-Terminate-Cause Port-Error 8 +VALUE Acct-Terminate-Cause NAS-Error 9 +VALUE Acct-Terminate-Cause NAS-Request 10 +VALUE Acct-Terminate-Cause NAS-Reboot 11 +VALUE Acct-Terminate-Cause Port-Unneeded 12 +VALUE Acct-Terminate-Cause Port-Preempted 13 +VALUE Acct-Terminate-Cause Port-Suspended 14 +VALUE Acct-Terminate-Cause Service-Unavailable 15 +VALUE Acct-Terminate-Cause Callback 16 +VALUE Acct-Terminate-Cause User-Error 17 +VALUE Acct-Terminate-Cause Host-Request 18 + +# +# Non-Protocol Integer Translations +# + +VALUE Auth-Type Local 0 +VALUE Auth-Type System 1 +VALUE Auth-Type SecurID 2 +VALUE Auth-Type Crypt-Local 3 +VALUE Auth-Type Reject 4 + +# +# Cistron extensions +# +VALUE Auth-Type Pam 253 +VALUE Auth-Type None 254 + +# +# Experimental Non-Protocol Integer Translations for Cistron-Radiusd +# +VALUE Fall-Through No 0 +VALUE Fall-Through Yes 1 +VALUE Add-Port-To-IP-Address No 0 +VALUE Add-Port-To-IP-Address Yes 1 + +# +# Configuration Values +# uncomment these two lines to turn account expiration on +# + +#VALUE Server-Config Password-Expiration 30 +#VALUE Server-Config Password-Warning 5 + +# Octets-Direction +VALUE Octets-Direction Sum 0 +VALUE Octets-Direction Input 1 +VALUE Octets-Direction Output 2 +VALUE Octets-Direction MaxOveral 3 +VALUE Octets-Direction MaxSession 4 + +INCLUDE /etc/ppp/radius/dictionary.microsoft diff --git a/package/network/services/ppp/files/etc/ppp/radius/dictionary.asnet b/package/network/services/ppp/files/etc/ppp/radius/dictionary.asnet new file mode 100644 index 0000000..337d1e1 --- /dev/null +++ b/package/network/services/ppp/files/etc/ppp/radius/dictionary.asnet @@ -0,0 +1,3 @@ +VENDOR ASNET 50000 +ATTRIBUTE Speed-Down 1 string ASNET +ATTRIBUTE Speed-Up 2 string ASNET diff --git a/package/network/services/ppp/files/etc/ppp/radius/dictionary.microsoft b/package/network/services/ppp/files/etc/ppp/radius/dictionary.microsoft new file mode 100644 index 0000000..2a6c20e --- /dev/null +++ b/package/network/services/ppp/files/etc/ppp/radius/dictionary.microsoft @@ -0,0 +1,80 @@ +# +# Microsoft's VSA's, from RFC 2548 +# +# + +VENDOR Microsoft 311 Microsoft + +ATTRIBUTE MS-CHAP-Response 1 string Microsoft +ATTRIBUTE MS-CHAP-Error 2 string Microsoft +ATTRIBUTE MS-CHAP-CPW-1 3 string Microsoft +ATTRIBUTE MS-CHAP-CPW-2 4 string Microsoft +ATTRIBUTE MS-CHAP-LM-Enc-PW 5 string Microsoft +ATTRIBUTE MS-CHAP-NT-Enc-PW 6 string Microsoft +ATTRIBUTE MS-MPPE-Encryption-Policy 7 string Microsoft +# This is referred to as both singular and plural in the RFC. +# Plural seems to make more sense. +ATTRIBUTE MS-MPPE-Encryption-Type 8 string Microsoft +ATTRIBUTE MS-MPPE-Encryption-Types 8 string Microsoft +ATTRIBUTE MS-RAS-Vendor 9 integer Microsoft +ATTRIBUTE MS-CHAP-Domain 10 string Microsoft +ATTRIBUTE MS-CHAP-Challenge 11 string Microsoft +ATTRIBUTE MS-CHAP-MPPE-Keys 12 string Microsoft +ATTRIBUTE MS-BAP-Usage 13 integer Microsoft +ATTRIBUTE MS-Link-Utilization-Threshold 14 integer Microsoft +ATTRIBUTE MS-Link-Drop-Time-Limit 15 integer Microsoft +ATTRIBUTE MS-MPPE-Send-Key 16 string Microsoft +ATTRIBUTE MS-MPPE-Recv-Key 17 string Microsoft +ATTRIBUTE MS-RAS-Version 18 string Microsoft +ATTRIBUTE MS-Old-ARAP-Password 19 string Microsoft +ATTRIBUTE MS-New-ARAP-Password 20 string Microsoft +ATTRIBUTE MS-ARAP-PW-Change-Reason 21 integer Microsoft + +ATTRIBUTE MS-Filter 22 string Microsoft +ATTRIBUTE MS-Acct-Auth-Type 23 integer Microsoft +ATTRIBUTE MS-Acct-EAP-Type 24 integer Microsoft + +ATTRIBUTE MS-CHAP2-Response 25 string Microsoft +ATTRIBUTE MS-CHAP2-Success 26 string Microsoft +ATTRIBUTE MS-CHAP2-CPW 27 string Microsoft + +ATTRIBUTE MS-Primary-DNS-Server 28 ipaddr Microsoft +ATTRIBUTE MS-Secondary-DNS-Server 29 ipaddr Microsoft +ATTRIBUTE MS-Primary-NBNS-Server 30 ipaddr Microsoft +ATTRIBUTE MS-Secondary-NBNS-Server 31 ipaddr Microsoft + +#ATTRIBUTE MS-ARAP-Challenge 33 string Microsoft + + +# +# Integer Translations +# + +# MS-BAP-Usage Values + +VALUE MS-BAP-Usage Not-Allowed 0 +VALUE MS-BAP-Usage Allowed 1 +VALUE MS-BAP-Usage Required 2 + +# MS-ARAP-Password-Change-Reason Values + +VALUE MS-ARAP-PW-Change-Reason Just-Change-Password 1 +VALUE MS-ARAP-PW-Change-Reason Expired-Password 2 +VALUE MS-ARAP-PW-Change-Reason Admin-Requires-Password-Change 3 +VALUE MS-ARAP-PW-Change-Reason Password-Too-Short 4 + +# MS-Acct-Auth-Type Values + +VALUE MS-Acct-Auth-Type PAP 1 +VALUE MS-Acct-Auth-Type CHAP 2 +VALUE MS-Acct-Auth-Type MS-CHAP-1 3 +VALUE MS-Acct-Auth-Type MS-CHAP-2 4 +VALUE MS-Acct-Auth-Type EAP 5 + +# MS-Acct-EAP-Type Values + +VALUE MS-Acct-EAP-Type MD5 4 +VALUE MS-Acct-EAP-Type OTP 5 +VALUE MS-Acct-EAP-Type Generic-Token-Card 6 +VALUE MS-Acct-EAP-Type TLS 13 + diff --git a/package/network/services/ppp/files/etc/ppp/radius/servers b/package/network/services/ppp/files/etc/ppp/radius/servers new file mode 100644 index 0000000..0d4f069 --- /dev/null +++ b/package/network/services/ppp/files/etc/ppp/radius/servers @@ -0,0 +1,2 @@ +# SERVER SECRET +localhost secret diff --git a/package/network/services/ppp/files/lib/netifd/ppp-down b/package/network/services/ppp/files/lib/netifd/ppp-down new file mode 100755 index 0000000..94cefc4 --- /dev/null +++ b/package/network/services/ppp/files/lib/netifd/ppp-down @@ -0,0 +1,13 @@ +#!/bin/sh +PPP_IPPARAM="$6" + +. /lib/netifd/netifd-proto.sh +proto_init_update "$IFNAME" 0 +proto_send_update "$PPP_IPPARAM" + +[ -d /etc/ppp/ip-down.d ] && { + for SCRIPT in /etc/ppp/ip-down.d/* + do + [ -x "$SCRIPT" ] && "$SCRIPT" "$@" + done +} diff --git a/package/network/services/ppp/files/lib/netifd/ppp-up b/package/network/services/ppp/files/lib/netifd/ppp-up new file mode 100755 index 0000000..7511042 --- /dev/null +++ b/package/network/services/ppp/files/lib/netifd/ppp-up @@ -0,0 +1,31 @@ +#!/bin/sh +PPP_IPPARAM="$6" + +. /lib/netifd/netifd-proto.sh +proto_init_update "$IFNAME" 1 1 +proto_set_keep 1 +[ -n "$PPP_IPPARAM" ] && { + [ -n "$IPLOCAL" ] && proto_add_ipv4_address "$IPLOCAL" 32 "" "${IPREMOTE:-2.2.2.2}" + [ -n "$IPREMOTE" ] && proto_add_ipv4_route 0.0.0.0 0 "$IPREMOTE" + [ -n "$LLLOCAL" ] && proto_add_ipv6_address "$LLLOCAL" 128 + [ -n "$DNS1" ] && proto_add_dns_server "$DNS1" + [ -n "$DNS2" -a "$DNS1" != "$DNS2" ] && proto_add_dns_server "$DNS2" +} +proto_send_update "$PPP_IPPARAM" + +[ -d /etc/ppp/ip-up.d ] && { + for SCRIPT in /etc/ppp/ip-up.d/* + do + [ -x "$SCRIPT" ] && "$SCRIPT" "$@" + done +} + +if [ -n "$AUTOIPV6" ]; then + json_init + json_add_string name "${PPP_IPPARAM}_6" + json_add_string ifname "@$PPP_IPPARAM" + json_add_string proto "dhcpv6" + [ -n "$EXTENDPREFIX" ] && json_add_string extendprefix 1 + json_close_object + ubus call network add_dynamic "$(json_dump)" +fi diff --git a/package/network/services/ppp/files/ppp.sh b/package/network/services/ppp/files/ppp.sh new file mode 100755 index 0000000..2a7e76b --- /dev/null +++ b/package/network/services/ppp/files/ppp.sh @@ -0,0 +1,314 @@ +#!/bin/sh + +[ -x /usr/sbin/pppd ] || exit 0 + +[ -n "$INCLUDE_ONLY" ] || { + . /lib/functions.sh + . /lib/functions/network.sh + . ../netifd-proto.sh + init_proto "$@" +} + +ppp_select_ipaddr() +{ + local subnets=$1 + local res + local res_mask + + for subnet in $subnets; do + local addr="${subnet%%/*}" + local mask="${subnet#*/}" + + if [ -n "$res_mask" -a "$mask" != 32 ]; then + [ "$mask" -gt "$res_mask" ] || [ "$res_mask" = 32 ] && { + res="$addr" + res_mask="$mask" + } + elif [ -z "$res_mask" ]; then + res="$addr" + res_mask="$mask" + fi + done + + echo "$res" +} + +ppp_exitcode_tostring() +{ + local errorcode=$1 + [ -n "$errorcode" ] || errorcode=5 + + case "$errorcode" in + 0) echo "OK" ;; + 1) echo "FATAL_ERROR" ;; + 2) echo "OPTION_ERROR" ;; + 3) echo "NOT_ROOT" ;; + 4) echo "NO_KERNEL_SUPPORT" ;; + 5) echo "USER_REQUEST" ;; + 6) echo "LOCK_FAILED" ;; + 7) echo "OPEN_FAILED" ;; + 8) echo "CONNECT_FAILED" ;; + 9) echo "PTYCMD_FAILED" ;; + 10) echo "NEGOTIATION_FAILED" ;; + 11) echo "PEER_AUTH_FAILED" ;; + 12) echo "IDLE_TIMEOUT" ;; + 13) echo "CONNECT_TIME" ;; + 14) echo "CALLBACK" ;; + 15) echo "PEER_DEAD" ;; + 16) echo "HANGUP" ;; + 17) echo "LOOPBACK" ;; + 18) echo "INIT_FAILED" ;; + 19) echo "AUTH_TOPEER_FAILED" ;; + 20) echo "TRAFFIC_LIMIT" ;; + 21) echo "CNID_AUTH_FAILED";; + *) echo "UNKNOWN_ERROR" ;; + esac +} + +ppp_generic_init_config() { + proto_config_add_string username + proto_config_add_string password + proto_config_add_string keepalive + proto_config_add_boolean keepalive_adaptive + proto_config_add_int demand + proto_config_add_string pppd_options + proto_config_add_string 'connect:file' + proto_config_add_string 'disconnect:file' + proto_config_add_string ipv6 + proto_config_add_boolean authfail + proto_config_add_int mtu + proto_config_add_string pppname + proto_config_add_string unnumbered +} + +ppp_generic_setup() { + local config="$1"; shift + local localip + + json_get_vars ipv6 demand keepalive keepalive_adaptive username password pppd_options pppname unnumbered + if [ "$ipv6" = 0 ]; then + ipv6="" + elif [ -z "$ipv6" -o "$ipv6" = auto ]; then + ipv6=1 + autoipv6=1 + fi + + if [ "${demand:-0}" -gt 0 ]; then + demand="precompiled-active-filter /etc/ppp/filter demand idle $demand" + else + demand="" + fi + [ -n "$mtu" ] || json_get_var mtu mtu + [ -n "$pppname" ] || pppname="${proto:-ppp}-$config" + [ -n "$unnumbered" ] && { + local subnets + ( proto_add_host_dependency "$config" "" "$unnumbered" ) + network_get_subnets subnets "$unnumbered" + localip=$(ppp_select_ipaddr "$subnets") + [ -n "$localip" ] || { + proto_block_restart "$config" + return + } + } + + local lcp_failure="${keepalive%%[, ]*}" + local lcp_interval="${keepalive##*[, ]}" + local lcp_adaptive="lcp-echo-adaptive" + [ "${lcp_failure:-0}" -lt 1 ] && lcp_failure="" + [ "$lcp_interval" != "$keepalive" ] || lcp_interval=5 + [ "${keepalive_adaptive:-1}" -lt 1 ] && lcp_adaptive="" + [ -n "$connect" ] || json_get_var connect connect + [ -n "$disconnect" ] || json_get_var disconnect disconnect + + proto_run_command "$config" /usr/sbin/pppd \ + nodetach ipparam "$config" \ + ifname "$pppname" \ + ${localip:+$localip:} \ + ${lcp_failure:+lcp-echo-interval $lcp_interval lcp-echo-failure $lcp_failure $lcp_adaptive} \ + ${ipv6:++ipv6} \ + ${autoipv6:+set AUTOIPV6=1} \ + nodefaultroute \ + usepeerdns \ + $demand maxfail 1 \ + ${username:+user "$username" password "$password"} \ + ${connect:+connect "$connect"} \ + ${disconnect:+disconnect "$disconnect"} \ + ip-up-script /lib/netifd/ppp-up \ + ipv6-up-script /lib/netifd/ppp-up \ + ip-down-script /lib/netifd/ppp-down \ + ipv6-down-script /lib/netifd/ppp-down \ + ${mtu:+mtu $mtu mru $mtu} \ + "$@" $pppd_options +} + +ppp_generic_teardown() { + local interface="$1" + local errorstring=$(ppp_exitcode_tostring $ERROR) + + case "$ERROR" in + 0) + ;; + 2) + proto_notify_error "$interface" "$errorstring" + proto_block_restart "$interface" + ;; + 11|19) + json_get_var authfail authfail + proto_notify_error "$interface" "$errorstring" + if [ "${authfail:-0}" -gt 0 ]; then + proto_block_restart "$interface" + fi + ;; + *) + proto_notify_error "$interface" "$errorstring" + ;; + esac + + proto_kill_command "$interface" +} + +# PPP on serial device + +proto_ppp_init_config() { + proto_config_add_string "device" + ppp_generic_init_config + no_device=1 + available=1 + lasterror=1 +} + +proto_ppp_setup() { + local config="$1" + + json_get_var device device + ppp_generic_setup "$config" "$device" +} + +proto_ppp_teardown() { + ppp_generic_teardown "$@" +} + +proto_pppoe_init_config() { + ppp_generic_init_config + proto_config_add_string "ac" + proto_config_add_string "service" + proto_config_add_string "host_uniq" + lasterror=1 +} + +proto_pppoe_setup() { + local config="$1" + local iface="$2" + + for module in slhc ppp_generic pppox pppoe; do + /sbin/insmod $module 2>&- >&- + done + + json_get_var mtu mtu + mtu="${mtu:-1492}" + + json_get_var ac ac + json_get_var service service + json_get_var host_uniq host_uniq + + ppp_generic_setup "$config" \ + plugin rp-pppoe.so \ + ${ac:+rp_pppoe_ac "$ac"} \ + ${service:+rp_pppoe_service "$service"} \ + ${host_uniq:+host-uniq "$host_uniq"} \ + "nic-$iface" +} + +proto_pppoe_teardown() { + ppp_generic_teardown "$@" +} + +proto_pppoa_init_config() { + ppp_generic_init_config + proto_config_add_int "atmdev" + proto_config_add_int "vci" + proto_config_add_int "vpi" + proto_config_add_string "encaps" + no_device=1 + available=1 + lasterror=1 +} + +proto_pppoa_setup() { + local config="$1" + local iface="$2" + + for module in slhc ppp_generic pppox pppoatm; do + /sbin/insmod $module 2>&- >&- + done + + json_get_vars atmdev vci vpi encaps + + case "$encaps" in + 1|vc) encaps="vc-encaps" ;; + *) encaps="llc-encaps" ;; + esac + + ppp_generic_setup "$config" \ + plugin pppoatm.so \ + ${atmdev:+$atmdev.}${vpi:-8}.${vci:-35} \ + ${encaps} +} + +proto_pppoa_teardown() { + ppp_generic_teardown "$@" +} + +proto_pptp_init_config() { + ppp_generic_init_config + proto_config_add_string "server" + proto_config_add_string "interface" + available=1 + no_device=1 + lasterror=1 +} + +proto_pptp_setup() { + local config="$1" + local iface="$2" + + local ip serv_addr server interface + json_get_vars interface server + [ -n "$server" ] && { + for ip in $(resolveip -t 5 "$server"); do + ( proto_add_host_dependency "$config" "$ip" $interface ) + serv_addr=1 + done + } + [ -n "$serv_addr" ] || { + echo "Could not resolve server address" + sleep 5 + proto_setup_failed "$config" + exit 1 + } + + local load + for module in slhc ppp_generic ppp_async ppp_mppe ip_gre gre pptp; do + grep -q "^$module " /proc/modules && continue + /sbin/insmod $module 2>&- >&- + load=1 + done + [ "$load" = "1" ] && sleep 1 + + ppp_generic_setup "$config" \ + plugin pptp.so \ + pptp_server $server \ + file /etc/ppp/options.pptp +} + +proto_pptp_teardown() { + ppp_generic_teardown "$@" +} + +[ -n "$INCLUDE_ONLY" ] || { + add_protocol ppp + [ -f /usr/lib/pppd/*/rp-pppoe.so ] && add_protocol pppoe + [ -f /usr/lib/pppd/*/pppoatm.so ] && add_protocol pppoa + [ -f /usr/lib/pppd/*/pptp.so ] && add_protocol pptp +} + diff --git a/package/network/services/ppp/patches/001-honor-ldflags.patch b/package/network/services/ppp/patches/001-honor-ldflags.patch new file mode 100644 index 0000000..1328811 --- /dev/null +++ b/package/network/services/ppp/patches/001-honor-ldflags.patch @@ -0,0 +1,39 @@ +--- a/pppd/plugins/radius/Makefile.linux ++++ b/pppd/plugins/radius/Makefile.linux +@@ -43,13 +43,13 @@ install: all + $(INSTALL) -c -m 444 pppd-radattr.8 $(MANDIR) + + radius.so: radius.o libradiusclient.a +- $(CC) -o radius.so -shared radius.o libradiusclient.a ++ $(CC) $(COPTS) -o radius.so -shared radius.o libradiusclient.a + + radattr.so: radattr.o +- $(CC) -o radattr.so -shared radattr.o ++ $(CC) $(COPTS) -o radattr.so -shared radattr.o + + radrealms.so: radrealms.o +- $(CC) -o radrealms.so -shared radrealms.o ++ $(CC) $(COPTS) -o radrealms.so -shared radrealms.o + + CLIENTOBJS = avpair.o buildreq.o config.o dict.o ip_util.o \ + clientid.o sendserver.o lock.o util.o md5.o +--- a/pppd/plugins/rp-pppoe/Makefile.linux ++++ b/pppd/plugins/rp-pppoe/Makefile.linux +@@ -30,7 +30,7 @@ CFLAGS=$(COPTS) -I../../../include '-DRP + all: rp-pppoe.so pppoe-discovery + + pppoe-discovery: pppoe-discovery.o debug.o +- $(CC) -o pppoe-discovery pppoe-discovery.o debug.o ++ $(CC) $(CFLAGS) -o pppoe-discovery pppoe-discovery.o debug.o + + pppoe-discovery.o: pppoe-discovery.c + $(CC) $(CFLAGS) -c -o pppoe-discovery.o pppoe-discovery.c +@@ -39,7 +39,7 @@ debug.o: debug.c + $(CC) $(CFLAGS) -c -o debug.o debug.c + + rp-pppoe.so: plugin.o discovery.o if.o common.o +- $(CC) -o rp-pppoe.so -shared plugin.o discovery.o if.o common.o ++ $(CC) $(CFLAGS) -o rp-pppoe.so -shared plugin.o discovery.o if.o common.o + + install: all + $(INSTALL) -d -m 755 $(LIBDIR) diff --git a/package/network/services/ppp/patches/010-use_target_for_configure.patch b/package/network/services/ppp/patches/010-use_target_for_configure.patch new file mode 100644 index 0000000..aff0df6 --- /dev/null +++ b/package/network/services/ppp/patches/010-use_target_for_configure.patch @@ -0,0 +1,24 @@ +configure: Allow overriding uname results + +In a cross compile setting it makes no sense to rely on the "uname" values +reported by the build host system. This patch allows overriding the +"uname -r", "uname -s" and "uname -m" results with the "UNAME_R", "UNAME_S" +and "UNAME_M" environment variables. + +Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> + +--- a/configure ++++ b/configure +@@ -8,9 +8,9 @@ SYSCONF=/etc + # if [ -d /NextApps ]; then + # system="NeXTStep" + # else +- system=`uname -s` +- release=`uname -r` +- arch=`uname -m` ++ system=${UNAME_S:-`uname -s`} ++ release=${UNAME_R:-`uname -r`} ++ arch=${UNAME_M:-`uname -m`} + # fi + state="unknown" + diff --git a/package/network/services/ppp/patches/100-debian_ip-ip_option.patch b/package/network/services/ppp/patches/100-debian_ip-ip_option.patch new file mode 100644 index 0000000..1017e0f --- /dev/null +++ b/package/network/services/ppp/patches/100-debian_ip-ip_option.patch @@ -0,0 +1,96 @@ +pppd: Allow specifying ip-up and ip-down scripts + +This patch implements the "ip-up-script" and "ip-down-script" options which +allow to specify the path of the ip-up and ip-down scripts to call. + +These options default to _PATH_IPUP and _PATH_IPDOWN to retain the +existing behaviour. + +The patch originated from the Debian project. + +Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> + +--- a/pppd/ipcp.c ++++ b/pppd/ipcp.c +@@ -1958,7 +1958,7 @@ ipcp_up(f) + */ + if (ipcp_script_state == s_down && ipcp_script_pid == 0) { + ipcp_script_state = s_up; +- ipcp_script(_PATH_IPUP, 0); ++ ipcp_script(path_ipup, 0); + } + } + +@@ -2008,7 +2008,7 @@ ipcp_down(f) + /* Execute the ip-down script */ + if (ipcp_script_state == s_up && ipcp_script_pid == 0) { + ipcp_script_state = s_down; +- ipcp_script(_PATH_IPDOWN, 0); ++ ipcp_script(path_ipdown, 0); + } + } + +@@ -2062,13 +2062,13 @@ ipcp_script_done(arg) + case s_up: + if (ipcp_fsm[0].state != OPENED) { + ipcp_script_state = s_down; +- ipcp_script(_PATH_IPDOWN, 0); ++ ipcp_script(path_ipdown, 0); + } + break; + case s_down: + if (ipcp_fsm[0].state == OPENED) { + ipcp_script_state = s_up; +- ipcp_script(_PATH_IPUP, 0); ++ ipcp_script(path_ipup, 0); + } + break; + } +--- a/pppd/main.c ++++ b/pppd/main.c +@@ -316,6 +316,9 @@ main(argc, argv) + struct protent *protp; + char numbuf[16]; + ++ strlcpy(path_ipup, _PATH_IPUP, sizeof(path_ipup)); ++ strlcpy(path_ipdown, _PATH_IPDOWN, sizeof(path_ipdown)); ++ + link_stats_valid = 0; + new_phase(PHASE_INITIALIZE); + +--- a/pppd/options.c ++++ b/pppd/options.c +@@ -114,6 +114,8 @@ char linkname[MAXPATHLEN]; /* logical na + bool tune_kernel; /* may alter kernel settings */ + int connect_delay = 1000; /* wait this many ms after connect script */ + int req_unit = -1; /* requested interface unit */ ++char path_ipup[MAXPATHLEN]; /* pathname of ip-up script */ ++char path_ipdown[MAXPATHLEN];/* pathname of ip-down script */ + bool multilink = 0; /* Enable multilink operation */ + char *bundle_name = NULL; /* bundle name for multilink */ + bool dump_options; /* print out option values */ +@@ -299,6 +301,13 @@ option_t general_options[] = { + "Unset user environment variable", + OPT_A2PRINTER | OPT_NOPRINT, (void *)user_unsetprint }, + ++ { "ip-up-script", o_string, path_ipup, ++ "Set pathname of ip-up script", ++ OPT_PRIV|OPT_STATIC, NULL, MAXPATHLEN }, ++ { "ip-down-script", o_string, path_ipdown, ++ "Set pathname of ip-down script", ++ OPT_PRIV|OPT_STATIC, NULL, MAXPATHLEN }, ++ + #ifdef HAVE_MULTILINK + { "multilink", o_bool, &multilink, + "Enable multilink operation", OPT_PRIO | 1 }, +--- a/pppd/pppd.h ++++ b/pppd/pppd.h +@@ -318,6 +318,8 @@ extern bool tune_kernel; /* May alter ke + extern int connect_delay; /* Time to delay after connect script */ + extern int max_data_rate; /* max bytes/sec through charshunt */ + extern int req_unit; /* interface unit number to use */ ++extern char path_ipup[MAXPATHLEN]; /* pathname of ip-up script */ ++extern char path_ipdown[MAXPATHLEN]; /* pathname of ip-down script */ + extern bool multilink; /* enable multilink operation */ + extern bool noendpoint; /* don't send or accept endpt. discrim. */ + extern char *bundle_name; /* bundle name for multilink */ diff --git a/package/network/services/ppp/patches/101-debian_close_dev_ppp.patch b/package/network/services/ppp/patches/101-debian_close_dev_ppp.patch new file mode 100644 index 0000000..7c6765b --- /dev/null +++ b/package/network/services/ppp/patches/101-debian_close_dev_ppp.patch @@ -0,0 +1,28 @@ +pppd: Close already open ppp descriptors + +When using the kernel PPPoE driver in conjunction with the "persist" option, +the already open descriptor to /dev/ppp is not closed when the link is +reestablished. This eventually leads to high CPU load because the stray +descriptors are always reported as ready by select(). + +This patch closes the descriptor if it is already open when establishing a +new connection. It originated from the Debian project. + +Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> + +--- a/pppd/sys-linux.c ++++ b/pppd/sys-linux.c +@@ -458,6 +458,13 @@ int generic_establish_ppp (int fd) + if (new_style_driver) { + int flags; + ++ /* if a ppp_fd is already open, close it first */ ++ if(ppp_fd > 0) { ++ close(ppp_fd); ++ remove_fd(ppp_fd); ++ ppp_fd = -1; ++ } ++ + /* Open an instance of /dev/ppp and connect the channel to it */ + if (ioctl(fd, PPPIOCGCHAN, &chindex) == -1) { + error("Couldn't get channel number: %m"); diff --git a/package/network/services/ppp/patches/103-debian_fix_link_pidfile.patch b/package/network/services/ppp/patches/103-debian_fix_link_pidfile.patch new file mode 100644 index 0000000..c8a23ed --- /dev/null +++ b/package/network/services/ppp/patches/103-debian_fix_link_pidfile.patch @@ -0,0 +1,23 @@ +pppd: Fix creation of linkpidfile + +When pppd is run without "nodetach" or with "updetach", the linkpidfile is +never created. The call to create_linkpidfile() is protected by a check for +linkpidfile[0] but this is only filled in when create_linkpidfile() is called. + +This patch changes to code to allways uncondiationally call +create_linkpidfile(), it originated from the Debian project. + +Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> + +--- a/pppd/main.c ++++ b/pppd/main.c +@@ -773,8 +773,7 @@ detach() + /* update pid files if they have been written already */ + if (pidfilename[0]) + create_pidfile(pid); +- if (linkpidfile[0]) +- create_linkpidfile(pid); ++ create_linkpidfile(pid); + exit(0); /* parent dies */ + } + setsid(); diff --git a/package/network/services/ppp/patches/105-debian_demand.patch b/package/network/services/ppp/patches/105-debian_demand.patch new file mode 100644 index 0000000..2502d49 --- /dev/null +++ b/package/network/services/ppp/patches/105-debian_demand.patch @@ -0,0 +1,172 @@ +--- a/pppd/demand.c ++++ b/pppd/demand.c +@@ -36,6 +36,8 @@ + #include <errno.h> + #include <fcntl.h> + #include <netdb.h> ++#include <unistd.h> ++#include <syslog.h> + #include <sys/param.h> + #include <sys/types.h> + #include <sys/wait.h> +@@ -43,6 +45,8 @@ + #include <sys/resource.h> + #include <sys/stat.h> + #include <sys/socket.h> ++#include <netinet/in.h> ++#include <arpa/inet.h> + #ifdef PPP_FILTER + #include <pcap-bpf.h> + #endif +@@ -221,6 +225,14 @@ loop_chars(p, n) + int c, rv; + + rv = 0; ++ ++/* check for synchronous connection... */ ++ ++ if ( (p[0] == 0xFF) && (p[1] == 0x03) ) { ++ rv = loop_frame(p,n); ++ return rv; ++ } ++ + for (; n > 0; --n) { + c = *p++; + if (c == PPP_FLAG) { +@@ -299,17 +311,102 @@ loop_frame(frame, len) + * loopback, now that the real serial link is up. + */ + void +-demand_rexmit(proto) ++demand_rexmit(proto, newip) + int proto; ++ u_int32_t newip; + { + struct packet *pkt, *prev, *nextpkt; ++ unsigned short checksum; ++ unsigned short pkt_checksum = 0; ++ unsigned iphdr; ++ struct timeval tv; ++ char cv = 0; ++ char ipstr[16]; + + prev = NULL; + pkt = pend_q; + pend_q = NULL; ++ tv.tv_sec = 1; ++ tv.tv_usec = 0; ++ select(0,NULL,NULL,NULL,&tv); /* Sleep for 1 Seconds */ + for (; pkt != NULL; pkt = nextpkt) { + nextpkt = pkt->next; + if (PPP_PROTOCOL(pkt->data) == proto) { ++ if ( (proto == PPP_IP) && newip ) { ++ /* Get old checksum */ ++ ++ iphdr = (pkt->data[4] & 15) << 2; ++ checksum = *((unsigned short *) (pkt->data+14)); ++ if (checksum == 0xFFFF) { ++ checksum = 0; ++ } ++ ++ ++ if (pkt->data[13] == 17) { ++ pkt_checksum = *((unsigned short *) (pkt->data+10+iphdr)); ++ if (pkt_checksum) { ++ cv = 1; ++ if (pkt_checksum == 0xFFFF) { ++ pkt_checksum = 0; ++ } ++ } ++ else { ++ cv = 0; ++ } ++ } ++ ++ if (pkt->data[13] == 6) { ++ pkt_checksum = *((unsigned short *) (pkt->data+20+iphdr)); ++ cv = 1; ++ if (pkt_checksum == 0xFFFF) { ++ pkt_checksum = 0; ++ } ++ } ++ ++ /* Delete old Source-IP-Address */ ++ checksum -= *((unsigned short *) (pkt->data+16)) ^ 0xFFFF; ++ checksum -= *((unsigned short *) (pkt->data+18)) ^ 0xFFFF; ++ ++ pkt_checksum -= *((unsigned short *) (pkt->data+16)) ^ 0xFFFF; ++ pkt_checksum -= *((unsigned short *) (pkt->data+18)) ^ 0xFFFF; ++ ++ /* Change Source-IP-Address */ ++ * ((u_int32_t *) (pkt->data + 16)) = newip; ++ ++ /* Add new Source-IP-Address */ ++ checksum += *((unsigned short *) (pkt->data+16)) ^ 0xFFFF; ++ checksum += *((unsigned short *) (pkt->data+18)) ^ 0xFFFF; ++ ++ pkt_checksum += *((unsigned short *) (pkt->data+16)) ^ 0xFFFF; ++ pkt_checksum += *((unsigned short *) (pkt->data+18)) ^ 0xFFFF; ++ ++ /* Write new checksum */ ++ if (!checksum) { ++ checksum = 0xFFFF; ++ } ++ *((unsigned short *) (pkt->data+14)) = checksum; ++ if (pkt->data[13] == 6) { ++ *((unsigned short *) (pkt->data+20+iphdr)) = pkt_checksum; ++ } ++ if (cv && (pkt->data[13] == 17) ) { ++ *((unsigned short *) (pkt->data+10+iphdr)) = pkt_checksum; ++ } ++ ++ /* Log Packet */ ++ strcpy(ipstr,inet_ntoa(*( (struct in_addr *) (pkt->data+16)))); ++ if (pkt->data[13] == 1) { ++ syslog(LOG_INFO,"Open ICMP %s -> %s\n", ++ ipstr, ++ inet_ntoa(*( (struct in_addr *) (pkt->data+20)))); ++ } else { ++ syslog(LOG_INFO,"Open %s %s:%d -> %s:%d\n", ++ pkt->data[13] == 6 ? "TCP" : "UDP", ++ ipstr, ++ ntohs(*( (short *) (pkt->data+iphdr+4))), ++ inet_ntoa(*( (struct in_addr *) (pkt->data+20))), ++ ntohs(*( (short *) (pkt->data+iphdr+6)))); ++ } ++ } + output(0, pkt->data, pkt->length); + free(pkt); + } else { +--- a/pppd/ipcp.c ++++ b/pppd/ipcp.c +@@ -1883,7 +1883,7 @@ ipcp_up(f) + proxy_arp_set[f->unit] = 1; + + } +- demand_rexmit(PPP_IP); ++ demand_rexmit(PPP_IP,go->ouraddr); + sifnpmode(f->unit, PPP_IP, NPMODE_PASS); + + } else { +--- a/pppd/ipv6cp.c ++++ b/pppd/ipv6cp.c +@@ -1232,7 +1232,7 @@ ipv6cp_up(f) + } + + } +- demand_rexmit(PPP_IPV6); ++ demand_rexmit(PPP_IPV6,0); + sifnpmode(f->unit, PPP_IPV6, NPMODE_PASS); + + } else { +--- a/pppd/pppd.h ++++ b/pppd/pppd.h +@@ -585,7 +585,7 @@ void demand_conf __P((void)); /* config + void demand_block __P((void)); /* set all NPs to queue up packets */ + void demand_unblock __P((void)); /* set all NPs to pass packets */ + void demand_discard __P((void)); /* set all NPs to discard packets */ +-void demand_rexmit __P((int)); /* retransmit saved frames for an NP */ ++void demand_rexmit __P((int, u_int32_t)); /* retransmit saved frames for an NP*/ + int loop_chars __P((unsigned char *, int)); /* process chars from loopback */ + int loop_frame __P((unsigned char *, int)); /* should we bring link up? */ + diff --git a/package/network/services/ppp/patches/106-debian_stripMSdomain.patch b/package/network/services/ppp/patches/106-debian_stripMSdomain.patch new file mode 100644 index 0000000..86af1ef --- /dev/null +++ b/package/network/services/ppp/patches/106-debian_stripMSdomain.patch @@ -0,0 +1,47 @@ +pppd: Implement option to strip domain part from MS CHAP response + +This patch implements a new boolean option "chapms-strip-domain" which +strips the leading domain part of the username in a received MS Chap +response. + +When the option is set, all leading chars up to and including the last +backslash in the username are stripped. The option defaults to false. + +The patch originated from the Debian project. + +Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> + +--- a/pppd/chap-new.c ++++ b/pppd/chap-new.c +@@ -58,6 +58,7 @@ int (*chap_verify_hook)(char *name, char + int chap_timeout_time = 3; + int chap_max_transmits = 10; + int chap_rechallenge_time = 0; ++int chapms_strip_domain = 0; + + /* + * Command-line options. +@@ -69,6 +70,8 @@ static option_t chap_option_list[] = { + "Set max #xmits for challenge", OPT_PRIO }, + { "chap-interval", o_int, &chap_rechallenge_time, + "Set interval for rechallenge", OPT_PRIO }, ++ { "chapms-strip-domain", o_bool, &chapms_strip_domain, ++ "Strip the domain prefix before the Username", 1 }, + { NULL } + }; + +@@ -336,6 +339,14 @@ chap_handle_response(struct chap_server_ + /* Null terminate and clean remote name. */ + slprintf(rname, sizeof(rname), "%.*v", len, name); + name = rname; ++ ++ /* strip the MS domain name */ ++ if (chapms_strip_domain && strrchr(rname, '\\')) { ++ char tmp[MAXNAMELEN+1]; ++ ++ strcpy(tmp, strrchr(rname, '\\') + 1); ++ strcpy(rname, tmp); ++ } + } + + if (chap_verify_hook) diff --git a/package/network/services/ppp/patches/107-debian_pppoatm_wildcard.patch b/package/network/services/ppp/patches/107-debian_pppoatm_wildcard.patch new file mode 100644 index 0000000..eaad2cd --- /dev/null +++ b/package/network/services/ppp/patches/107-debian_pppoatm_wildcard.patch @@ -0,0 +1,25 @@ +pppoatm: Allow wildcard ATM devices + +When operating pppd's pppoatm plugin with an USB ADSL modem, e.g. an +Alcatel Speedtouch, the ATM device number might change when the modem is +reconnected to the USB port or when the host controller resets the USB +device. + +This patch allows to specify the ATM device as wildcard which gives +enough flexibility to cope with changing device names. + +The patch originated from the Debain project. + +Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> + +--- a/pppd/plugins/pppoatm/pppoatm.c ++++ b/pppd/plugins/pppoatm/pppoatm.c +@@ -75,7 +75,7 @@ static int setdevname_pppoatm(const char + //info("PPPoATM setdevname_pppoatm: '%s'", cp); + memset(&addr, 0, sizeof addr); + if (text2atm(cp, (struct sockaddr *) &addr, sizeof(addr), +- T2A_PVC | T2A_NAME) < 0) { ++ T2A_PVC | T2A_NAME | T2A_WILDCARD) < 0) { + if(doit) + info("atm does not recognize: %s", cp); + return 0; diff --git a/package/network/services/ppp/patches/110-debian_defaultroute.patch b/package/network/services/ppp/patches/110-debian_defaultroute.patch new file mode 100644 index 0000000..e8659ea --- /dev/null +++ b/package/network/services/ppp/patches/110-debian_defaultroute.patch @@ -0,0 +1,313 @@ +pppd: Add "replacedefaultroute" and "noreplacedefaultroute" options + +This patch implements two new options, "replacedefaultroute" to replace any +existing system default route when specified and "noreplacedefaultroute" to +disable the "replacedefaultroute" option, which is useful in multi user +environments where the administrator wants to allow users to dial pppd +connections but not allow them to change the system default route. + +The patch originated from the Debian project. + +Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> + +--- a/pppd/ipcp.c ++++ b/pppd/ipcp.c +@@ -198,6 +198,14 @@ static option_t ipcp_option_list[] = { + "disable defaultroute option", OPT_ALIAS | OPT_A2CLR, + &ipcp_wantoptions[0].default_route }, + ++ { "replacedefaultroute", o_bool, ++ &ipcp_wantoptions[0].replace_default_route, ++ "Replace default route", 1 ++ }, ++ { "noreplacedefaultroute", o_bool, ++ &ipcp_allowoptions[0].replace_default_route, ++ "Never replace default route", OPT_A2COPY, ++ &ipcp_wantoptions[0].replace_default_route }, + { "proxyarp", o_bool, &ipcp_wantoptions[0].proxy_arp, + "Add proxy ARP entry", OPT_ENABLE|1, &ipcp_allowoptions[0].proxy_arp }, + { "noproxyarp", o_bool, &ipcp_allowoptions[0].proxy_arp, +@@ -271,7 +279,7 @@ struct protent ipcp_protent = { + ip_active_pkt + }; + +-static void ipcp_clear_addrs __P((int, u_int32_t, u_int32_t)); ++static void ipcp_clear_addrs __P((int, u_int32_t, u_int32_t, bool)); + static void ipcp_script __P((char *, int)); /* Run an up/down script */ + static void ipcp_script_done __P((void *)); + +@@ -1761,7 +1769,8 @@ ip_demand_conf(u) + if (!sifnpmode(u, PPP_IP, NPMODE_QUEUE)) + return 0; + if (wo->default_route) +- if (sifdefaultroute(u, wo->ouraddr, wo->hisaddr)) ++ if (sifdefaultroute(u, wo->ouraddr, wo->hisaddr, ++ wo->replace_default_route)) + default_route_set[u] = 1; + if (wo->proxy_arp) + if (sifproxyarp(u, wo->hisaddr)) +@@ -1849,7 +1858,8 @@ ipcp_up(f) + */ + if (demand) { + if (go->ouraddr != wo->ouraddr || ho->hisaddr != wo->hisaddr) { +- ipcp_clear_addrs(f->unit, wo->ouraddr, wo->hisaddr); ++ ipcp_clear_addrs(f->unit, wo->ouraddr, wo->hisaddr, ++ wo->replace_default_route); + if (go->ouraddr != wo->ouraddr) { + warn("Local IP address changed to %I", go->ouraddr); + script_setenv("OLDIPLOCAL", ip_ntoa(wo->ouraddr), 0); +@@ -1874,7 +1884,8 @@ ipcp_up(f) + + /* assign a default route through the interface if required */ + if (ipcp_wantoptions[f->unit].default_route) +- if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr)) ++ if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr, ++ wo->replace_default_route)) + default_route_set[f->unit] = 1; + + /* Make a proxy ARP entry if requested. */ +@@ -1924,7 +1935,8 @@ ipcp_up(f) + + /* assign a default route through the interface if required */ + if (ipcp_wantoptions[f->unit].default_route) +- if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr)) ++ if (sifdefaultroute(f->unit, go->ouraddr, ho->hisaddr, ++ wo->replace_default_route)) + default_route_set[f->unit] = 1; + + /* Make a proxy ARP entry if requested. */ +@@ -2002,7 +2014,7 @@ ipcp_down(f) + sifnpmode(f->unit, PPP_IP, NPMODE_DROP); + sifdown(f->unit); + ipcp_clear_addrs(f->unit, ipcp_gotoptions[f->unit].ouraddr, +- ipcp_hisoptions[f->unit].hisaddr); ++ ipcp_hisoptions[f->unit].hisaddr, 0); + } + + /* Execute the ip-down script */ +@@ -2018,16 +2030,25 @@ ipcp_down(f) + * proxy arp entries, etc. + */ + static void +-ipcp_clear_addrs(unit, ouraddr, hisaddr) ++ipcp_clear_addrs(unit, ouraddr, hisaddr, replacedefaultroute) + int unit; + u_int32_t ouraddr; /* local address */ + u_int32_t hisaddr; /* remote address */ ++ bool replacedefaultroute; + { + if (proxy_arp_set[unit]) { + cifproxyarp(unit, hisaddr); + proxy_arp_set[unit] = 0; + } +- if (default_route_set[unit]) { ++ /* If replacedefaultroute, sifdefaultroute will be called soon ++ * with replacedefaultroute set and that will overwrite the current ++ * default route. This is the case only when doing demand, otherwise ++ * during demand, this cifdefaultroute would restore the old default ++ * route which is not what we want in this case. In the non-demand ++ * case, we'll delete the default route and restore the old if there ++ * is one saved by an sifdefaultroute with replacedefaultroute. ++ */ ++ if (!replacedefaultroute && default_route_set[unit]) { + cifdefaultroute(unit, ouraddr, hisaddr); + default_route_set[unit] = 0; + } +--- a/pppd/ipcp.h ++++ b/pppd/ipcp.h +@@ -70,6 +70,7 @@ typedef struct ipcp_options { + bool old_addrs; /* Use old (IP-Addresses) option? */ + bool req_addr; /* Ask peer to send IP address? */ + bool default_route; /* Assign default route through interface? */ ++ bool replace_default_route; /* Replace default route through interface? */ + bool proxy_arp; /* Make proxy ARP entry for peer? */ + bool neg_vj; /* Van Jacobson Compression? */ + bool old_vj; /* use old (short) form of VJ option? */ +--- a/pppd/pppd.8 ++++ b/pppd/pppd.8 +@@ -121,6 +121,11 @@ the gateway, when IPCP negotiation is su + This entry is removed when the PPP connection is broken. This option + is privileged if the \fInodefaultroute\fR option has been specified. + .TP ++.B replacedefaultroute ++This option is a flag to the defaultroute option. If defaultroute is ++set and this flag is also set, pppd replaces an existing default route ++with the new default route. ++.TP + .B disconnect \fIscript + Execute the command specified by \fIscript\fR, by passing it to a + shell, after +@@ -734,7 +739,12 @@ disable both forms of hardware flow cont + .TP + .B nodefaultroute + Disable the \fIdefaultroute\fR option. The system administrator who +-wishes to prevent users from creating default routes with pppd ++wishes to prevent users from adding a default route with pppd ++can do so by placing this option in the /etc/ppp/options file. ++.TP ++.B noreplacedefaultroute ++Disable the \fIreplacedefaultroute\fR option. The system administrator who ++wishes to prevent users from replacing a default route with pppd + can do so by placing this option in the /etc/ppp/options file. + .TP + .B nodeflate +--- a/pppd/pppd.h ++++ b/pppd/pppd.h +@@ -667,7 +667,7 @@ int sif6addr __P((int, eui64_t, eui64_t + int cif6addr __P((int, eui64_t, eui64_t)); + /* Remove an IPv6 address from i/f */ + #endif +-int sifdefaultroute __P((int, u_int32_t, u_int32_t)); ++int sifdefaultroute __P((int, u_int32_t, u_int32_t, bool replace_default_rt)); + /* Create default route through i/f */ + int cifdefaultroute __P((int, u_int32_t, u_int32_t)); + /* Delete default route through i/f */ +--- a/pppd/sys-linux.c ++++ b/pppd/sys-linux.c +@@ -207,6 +207,8 @@ static unsigned char inbuf[512]; /* buff + static int if_is_up; /* Interface has been marked up */ + static int if6_is_up; /* Interface has been marked up for IPv6, to help differentiate */ + static int have_default_route; /* Gateway for default route added */ ++static struct rtentry old_def_rt; /* Old default route */ ++static int default_rt_repl_rest; /* replace and restore old default rt */ + static u_int32_t proxy_arp_addr; /* Addr for proxy arp entry added */ + static char proxy_arp_dev[16]; /* Device for proxy arp entry */ + static u_int32_t our_old_addr; /* for detecting address changes */ +@@ -1552,6 +1554,9 @@ static int read_route_table(struct rtent + p = NULL; + } + ++ SET_SA_FAMILY (rt->rt_dst, AF_INET); ++ SET_SA_FAMILY (rt->rt_gateway, AF_INET); ++ + SIN_ADDR(rt->rt_dst) = strtoul(cols[route_dest_col], NULL, 16); + SIN_ADDR(rt->rt_gateway) = strtoul(cols[route_gw_col], NULL, 16); + SIN_ADDR(rt->rt_genmask) = strtoul(cols[route_mask_col], NULL, 16); +@@ -1621,20 +1626,51 @@ int have_route_to(u_int32_t addr) + /******************************************************************** + * + * sifdefaultroute - assign a default route through the address given. +- */ +- +-int sifdefaultroute (int unit, u_int32_t ouraddr, u_int32_t gateway) +-{ +- struct rtentry rt; +- +- if (defaultroute_exists(&rt) && strcmp(rt.rt_dev, ifname) != 0) { +- if (rt.rt_flags & RTF_GATEWAY) +- error("not replacing existing default route via %I", +- SIN_ADDR(rt.rt_gateway)); +- else ++ * ++ * If the global default_rt_repl_rest flag is set, then this function ++ * already replaced the original system defaultroute with some other ++ * route and it should just replace the current defaultroute with ++ * another one, without saving the current route. Use: demand mode, ++ * when pppd sets first a defaultroute it it's temporary ppp0 addresses ++ * and then changes the temporary addresses to the addresses for the real ++ * ppp connection when it has come up. ++ */ ++ ++int sifdefaultroute (int unit, u_int32_t ouraddr, u_int32_t gateway, bool replace) ++{ ++ struct rtentry rt, tmp_rt; ++ struct rtentry *del_rt = NULL; ++ ++ if (default_rt_repl_rest) { ++ /* We have already reclaced the original defaultroute, if we ++ are called again, we will delete the current default route ++ and set the new default route in this function. ++ - this is normally only the case the doing demand: */ ++ if (defaultroute_exists(&tmp_rt)) ++ del_rt = &tmp_rt; ++ } else if (defaultroute_exists(&old_def_rt) && ++ strcmp(old_def_rt.rt_dev, ifname) != 0) { ++ /* We did not yet replace an existing default route, let's ++ check if we should save and replace a default route: */ ++ if (old_def_rt.rt_flags & RTF_GATEWAY) { ++ if (!replace) { ++ error("not replacing existing default route via %I", ++ SIN_ADDR(old_def_rt.rt_gateway)); ++ return 0; ++ } else { ++ /* we need to copy rt_dev because we need it permanent too: */ ++ char *tmp_dev = malloc(strlen(old_def_rt.rt_dev) + 1); ++ strcpy(tmp_dev, old_def_rt.rt_dev); ++ old_def_rt.rt_dev = tmp_dev; ++ ++ notice("replacing old default route to %s [%I]", ++ old_def_rt.rt_dev, SIN_ADDR(old_def_rt.rt_gateway)); ++ default_rt_repl_rest = 1; ++ del_rt = &old_def_rt; ++ } ++ } else + error("not replacing existing default route through %s", +- rt.rt_dev); +- return 0; ++ old_def_rt.rt_dev); + } + + memset (&rt, 0, sizeof (rt)); +@@ -1649,10 +1685,16 @@ int sifdefaultroute (int unit, u_int32_t + + rt.rt_flags = RTF_UP; + if (ioctl(sock_fd, SIOCADDRT, &rt) < 0) { +- if ( ! ok_error ( errno )) ++ if (!ok_error(errno)) + error("default route ioctl(SIOCADDRT): %m"); + return 0; + } ++ if (default_rt_repl_rest && del_rt) ++ if (ioctl(sock_fd, SIOCDELRT, del_rt) < 0) { ++ if (!ok_error(errno)) ++ error("del old default route ioctl(SIOCDELRT): %m"); ++ return 0; ++ } + + have_default_route = 1; + return 1; +@@ -1683,11 +1725,21 @@ int cifdefaultroute (int unit, u_int32_t + rt.rt_flags = RTF_UP; + if (ioctl(sock_fd, SIOCDELRT, &rt) < 0 && errno != ESRCH) { + if (still_ppp()) { +- if ( ! ok_error ( errno )) ++ if (!ok_error(errno)) + error("default route ioctl(SIOCDELRT): %m"); + return 0; + } + } ++ if (default_rt_repl_rest) { ++ notice("restoring old default route to %s [%I]", ++ old_def_rt.rt_dev, SIN_ADDR(old_def_rt.rt_gateway)); ++ if (ioctl(sock_fd, SIOCADDRT, &old_def_rt) < 0) { ++ if (!ok_error(errno)) ++ error("restore default route ioctl(SIOCADDRT): %m"); ++ return 0; ++ } ++ default_rt_repl_rest = 0; ++ } + + return 1; + } +--- a/pppd/sys-solaris.c ++++ b/pppd/sys-solaris.c +@@ -2039,12 +2039,18 @@ cifaddr(u, o, h) + * sifdefaultroute - assign a default route through the address given. + */ + int +-sifdefaultroute(u, l, g) ++sifdefaultroute(u, l, g, replace) + int u; + u_int32_t l, g; ++ bool replace; + { + struct rtentry rt; + ++ if (replace) { ++ error("replacedefaultroute not supported on this platform"); ++ return 0; ++ } ++ + #if defined(__USLC__) + g = l; /* use the local address as gateway */ + #endif diff --git a/package/network/services/ppp/patches/120-debian_ipv6_updown_option.patch b/package/network/services/ppp/patches/120-debian_ipv6_updown_option.patch new file mode 100644 index 0000000..0e57029 --- /dev/null +++ b/package/network/services/ppp/patches/120-debian_ipv6_updown_option.patch @@ -0,0 +1,95 @@ +pppd: Allow specifying ipv6-up and ipv6-down scripts + +This patch implements the "ipv6-up-script" and "ipv6-down-script" options +which allow to specify the path of the ipv6-up and ipv6-down scripts to call. + +These options default to _PATH_IPV6UP and _PATH_IPV6DOWN to retain the +existing behaviour. + +The patch originated from the Debian project. + +Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> + +--- a/pppd/main.c ++++ b/pppd/main.c +@@ -318,6 +318,8 @@ main(argc, argv) + + strlcpy(path_ipup, _PATH_IPUP, sizeof(path_ipup)); + strlcpy(path_ipdown, _PATH_IPDOWN, sizeof(path_ipdown)); ++ strlcpy(path_ipv6up, _PATH_IPV6UP, sizeof(path_ipv6up)); ++ strlcpy(path_ipv6down, _PATH_IPV6DOWN, sizeof(path_ipv6down)); + + link_stats_valid = 0; + new_phase(PHASE_INITIALIZE); +--- a/pppd/options.c ++++ b/pppd/options.c +@@ -116,6 +116,8 @@ int connect_delay = 1000; /* wait this m + int req_unit = -1; /* requested interface unit */ + char path_ipup[MAXPATHLEN]; /* pathname of ip-up script */ + char path_ipdown[MAXPATHLEN];/* pathname of ip-down script */ ++char path_ipv6up[MAXPATHLEN]; /* pathname of ipv6-up script */ ++char path_ipv6down[MAXPATHLEN];/* pathname of ipv6-down script */ + bool multilink = 0; /* Enable multilink operation */ + char *bundle_name = NULL; /* bundle name for multilink */ + bool dump_options; /* print out option values */ +@@ -308,6 +310,13 @@ option_t general_options[] = { + "Set pathname of ip-down script", + OPT_PRIV|OPT_STATIC, NULL, MAXPATHLEN }, + ++ { "ipv6-up-script", o_string, path_ipv6up, ++ "Set pathname of ipv6-up script", ++ OPT_PRIV|OPT_STATIC, NULL, MAXPATHLEN }, ++ { "ipv6-down-script", o_string, path_ipv6down, ++ "Set pathname of ipv6-down script", ++ OPT_PRIV|OPT_STATIC, NULL, MAXPATHLEN }, ++ + #ifdef HAVE_MULTILINK + { "multilink", o_bool, &multilink, + "Enable multilink operation", OPT_PRIO | 1 }, +--- a/pppd/ipv6cp.c ++++ b/pppd/ipv6cp.c +@@ -1269,7 +1269,7 @@ ipv6cp_up(f) + */ + if (ipv6cp_script_state == s_down && ipv6cp_script_pid == 0) { + ipv6cp_script_state = s_up; +- ipv6cp_script(_PATH_IPV6UP); ++ ipv6cp_script(path_ipv6up); + } + } + +@@ -1321,7 +1321,7 @@ ipv6cp_down(f) + /* Execute the ipv6-down script */ + if (ipv6cp_script_state == s_up && ipv6cp_script_pid == 0) { + ipv6cp_script_state = s_down; +- ipv6cp_script(_PATH_IPV6DOWN); ++ ipv6cp_script(path_ipv6down); + } + } + +@@ -1364,13 +1364,13 @@ ipv6cp_script_done(arg) + case s_up: + if (ipv6cp_fsm[0].state != OPENED) { + ipv6cp_script_state = s_down; +- ipv6cp_script(_PATH_IPV6DOWN); ++ ipv6cp_script(path_ipv6down); + } + break; + case s_down: + if (ipv6cp_fsm[0].state == OPENED) { + ipv6cp_script_state = s_up; +- ipv6cp_script(_PATH_IPV6UP); ++ ipv6cp_script(path_ipv6up); + } + break; + } +--- a/pppd/pppd.h ++++ b/pppd/pppd.h +@@ -320,6 +320,8 @@ extern int max_data_rate; /* max bytes/s + extern int req_unit; /* interface unit number to use */ + extern char path_ipup[MAXPATHLEN]; /* pathname of ip-up script */ + extern char path_ipdown[MAXPATHLEN]; /* pathname of ip-down script */ ++extern char path_ipv6up[MAXPATHLEN]; /* pathname of ipv6-up script */ ++extern char path_ipv6down[MAXPATHLEN]; /* pathname of ipv6-down script */ + extern bool multilink; /* enable multilink operation */ + extern bool noendpoint; /* don't send or accept endpt. discrim. */ + extern char *bundle_name; /* bundle name for multilink */ diff --git a/package/network/services/ppp/patches/121-debian_adaptive_lcp_echo.patch b/package/network/services/ppp/patches/121-debian_adaptive_lcp_echo.patch new file mode 100644 index 0000000..b7a6240 --- /dev/null +++ b/package/network/services/ppp/patches/121-debian_adaptive_lcp_echo.patch @@ -0,0 +1,56 @@ +--- a/pppd/lcp.c ++++ b/pppd/lcp.c +@@ -73,6 +73,7 @@ static void lcp_delayed_up __P((void *)) + */ + int lcp_echo_interval = 0; /* Interval between LCP echo-requests */ + int lcp_echo_fails = 0; /* Tolerance to unanswered echo-requests */ ++bool lcp_echo_adaptive = 0; /* request echo only if the link was idle */ + bool lax_recv = 0; /* accept control chars in asyncmap */ + bool noendpoint = 0; /* don't send/accept endpoint discriminator */ + +@@ -151,6 +152,8 @@ static option_t lcp_option_list[] = { + OPT_PRIO }, + { "lcp-echo-interval", o_int, &lcp_echo_interval, + "Set time in seconds between LCP echo requests", OPT_PRIO }, ++ { "lcp-echo-adaptive", o_bool, &lcp_echo_adaptive, ++ "Suppress LCP echo requests if traffic was received", 1 }, + { "lcp-restart", o_int, &lcp_fsm[0].timeouttime, + "Set time in seconds between LCP retransmissions", OPT_PRIO }, + { "lcp-max-terminate", o_int, &lcp_fsm[0].maxtermtransmits, +@@ -2331,6 +2334,22 @@ LcpSendEchoRequest (f) + } + } + ++ /* ++ * If adaptive echos have been enabled, only send the echo request if ++ * no traffic was received since the last one. ++ */ ++ if (lcp_echo_adaptive) { ++ static unsigned int last_pkts_in = 0; ++ ++ update_link_stats(f->unit); ++ link_stats_valid = 0; ++ ++ if (link_stats.pkts_in != last_pkts_in) { ++ last_pkts_in = link_stats.pkts_in; ++ return; ++ } ++ } ++ + /* + * Make and send the echo request frame. + */ +--- a/pppd/pppd.8 ++++ b/pppd/pppd.8 +@@ -563,6 +563,11 @@ to 1) if the \fIproxyarp\fR option is us + dynamic IP address option (i.e. set /proc/sys/net/ipv4/ip_dynaddr to + 1) in demand mode if the local address changes. + .TP ++.B lcp\-echo\-adaptive ++If this option is used with the \fIlcp\-echo\-failure\fR option then ++pppd will send LCP echo\-request frames only if no traffic was received ++from the peer since the last echo\-request was sent. ++.TP + .B lcp\-echo\-failure \fIn + If this option is given, pppd will presume the peer to be dead + if \fIn\fR LCP echo\-requests are sent without receiving a valid LCP diff --git a/package/network/services/ppp/patches/130-no_cdefs_h.patch b/package/network/services/ppp/patches/130-no_cdefs_h.patch new file mode 100644 index 0000000..caa892e --- /dev/null +++ b/package/network/services/ppp/patches/130-no_cdefs_h.patch @@ -0,0 +1,11 @@ +--- a/pppd/plugins/rp-pppoe/config.h ++++ b/pppd/plugins/rp-pppoe/config.h +@@ -102,7 +102,7 @@ + #define HAVE_NETPACKET_PACKET_H 1 + + /* Define if you have the <sys/cdefs.h> header file. */ +-#define HAVE_SYS_CDEFS_H 1 ++/* #undef HAVE_SYS_CDEFS_H */ + + /* Define if you have the <sys/dlpi.h> header file. */ + /* #undef HAVE_SYS_DLPI_H */ diff --git a/package/network/services/ppp/patches/131-missing_prototype_macro.patch b/package/network/services/ppp/patches/131-missing_prototype_macro.patch new file mode 100644 index 0000000..868a08b --- /dev/null +++ b/package/network/services/ppp/patches/131-missing_prototype_macro.patch @@ -0,0 +1,23 @@ +--- a/pppd/pppd.h ++++ b/pppd/pppd.h +@@ -67,6 +67,9 @@ + #define volatile + #endif + ++#undef __P ++#define __P(args) args ++ + #ifdef INET6 + #include "eui64.h" + #endif +--- a/pppd/magic.h ++++ b/pppd/magic.h +@@ -42,6 +42,8 @@ + * $Id: magic.h,v 1.5 2003/06/11 23:56:26 paulus Exp $ + */ + ++#include "pppd.h" ++ + void magic_init __P((void)); /* Initialize the magic number generator */ + u_int32_t magic __P((void)); /* Returns the next magic number */ + diff --git a/package/network/services/ppp/patches/132-fix_linux_includes.patch b/package/network/services/ppp/patches/132-fix_linux_includes.patch new file mode 100644 index 0000000..696dad1 --- /dev/null +++ b/package/network/services/ppp/patches/132-fix_linux_includes.patch @@ -0,0 +1,40 @@ +--- a/pppd/sys-linux.c ++++ b/pppd/sys-linux.c +@@ -73,12 +73,12 @@ + #include <sys/types.h> + #include <sys/socket.h> + #include <sys/time.h> +-#include <sys/errno.h> + #include <sys/file.h> + #include <sys/stat.h> + #include <sys/utsname.h> + #include <sys/sysmacros.h> + ++#include <errno.h> + #include <stdio.h> + #include <stdlib.h> + #include <syslog.h> +@@ -102,22 +102,15 @@ + #define MAX_ADDR_LEN 7 + #endif + +-#if __GLIBC__ >= 2 + #include <asm/types.h> /* glibc 2 conflicts with linux/types.h */ + #include <net/if.h> + #include <net/if_arp.h> + #include <net/route.h> + #include <netinet/if_ether.h> +-#else +-#include <linux/types.h> +-#include <linux/if.h> +-#include <linux/if_arp.h> +-#include <linux/route.h> +-#include <linux/if_ether.h> +-#endif + #include <netinet/in.h> + #include <arpa/inet.h> + ++#include <linux/sockios.h> + #include <linux/ppp_defs.h> + #include <linux/if_ppp.h> + diff --git a/package/network/services/ppp/patches/133-fix_sha1_include.patch b/package/network/services/ppp/patches/133-fix_sha1_include.patch new file mode 100644 index 0000000..b5ccd08 --- /dev/null +++ b/package/network/services/ppp/patches/133-fix_sha1_include.patch @@ -0,0 +1,11 @@ +--- a/pppd/sha1.c ++++ b/pppd/sha1.c +@@ -18,7 +18,7 @@ + + #include <string.h> + #include <netinet/in.h> /* htonl() */ +-#include <net/ppp_defs.h> ++#include "pppd.h" + #include "sha1.h" + + static void diff --git a/package/network/services/ppp/patches/140-pppoe_compile_fix.patch b/package/network/services/ppp/patches/140-pppoe_compile_fix.patch new file mode 100644 index 0000000..2983a75 --- /dev/null +++ b/package/network/services/ppp/patches/140-pppoe_compile_fix.patch @@ -0,0 +1,101 @@ +--- a/pppd/plugins/rp-pppoe/plugin.c ++++ b/pppd/plugins/rp-pppoe/plugin.c +@@ -46,10 +46,10 @@ static char const RCSID[] = + #include <unistd.h> + #include <fcntl.h> + #include <signal.h> +-#include <net/ethernet.h> + #include <net/if_arp.h> + #include <linux/ppp_defs.h> + #include <linux/if_pppox.h> ++#include <linux/if_ether.h> + + #ifndef _ROOT_PATH + #define _ROOT_PATH "" +--- a/pppd/plugins/rp-pppoe/pppoe.h ++++ b/pppd/plugins/rp-pppoe/pppoe.h +@@ -86,17 +86,6 @@ typedef unsigned long UINT32_t; + + #include <netinet/in.h> + +-#ifdef HAVE_NETINET_IF_ETHER_H +-#include <sys/types.h> +- +-#ifdef HAVE_SYS_SOCKET_H +-#include <sys/socket.h> +-#endif +-#ifndef HAVE_SYS_DLPI_H +-#include <netinet/if_ether.h> +-#endif +-#endif +- + + + /* Ethernet frame types according to RFC 2516 */ +--- a/pppd/plugins/rp-pppoe/if.c ++++ b/pppd/plugins/rp-pppoe/if.c +@@ -31,7 +31,7 @@ static char const RCSID[] = + #endif + + #ifdef HAVE_NET_ETHERNET_H +-#include <net/ethernet.h> ++#include <linux/if_ether.h> + #endif + + #ifdef HAVE_ASM_TYPES_H +--- a/pppd/plugins/rp-pppoe/pppoe-discovery.c ++++ b/pppd/plugins/rp-pppoe/pppoe-discovery.c +@@ -16,6 +16,7 @@ + #include <string.h> + + #include "pppoe.h" ++#include "pppd/pppd.h" + + #ifdef HAVE_UNISTD_H + #include <unistd.h> +@@ -27,10 +28,6 @@ + #include <linux/if_packet.h> + #endif + +-#ifdef HAVE_NET_ETHERNET_H +-#include <net/ethernet.h> +-#endif +- + #ifdef HAVE_ASM_TYPES_H + #include <asm/types.h> + #endif +@@ -717,6 +714,23 @@ char *xstrdup(const char *s) + return ret; + } + ++void ++error(char *fmt, ...) ++{ ++ va_list pvar; ++ ++#if defined(__STDC__) ++ va_start(pvar, fmt); ++#else ++ char *fmt; ++ va_start(pvar); ++ fmt = va_arg(pvar, char *); ++#endif ++ ++ fprintf(stderr, fmt, pvar); ++ va_end(pvar); ++} ++ + void usage(void) + { + fprintf(stderr, "Usage: pppoe-discovery [options]\n"); +--- a/pppd/plugins/rp-pppoe/Makefile.linux ++++ b/pppd/plugins/rp-pppoe/Makefile.linux +@@ -33,7 +33,7 @@ pppoe-discovery: pppoe-discovery.o debug + $(CC) $(CFLAGS) -o pppoe-discovery pppoe-discovery.o debug.o + + pppoe-discovery.o: pppoe-discovery.c +- $(CC) $(CFLAGS) -c -o pppoe-discovery.o pppoe-discovery.c ++ $(CC) $(CFLAGS) -I../../.. -c -o pppoe-discovery.o pppoe-discovery.c + + debug.o: debug.c + $(CC) $(CFLAGS) -c -o debug.o debug.c diff --git a/package/network/services/ppp/patches/200-makefile.patch b/package/network/services/ppp/patches/200-makefile.patch new file mode 100644 index 0000000..d5e5719 --- /dev/null +++ b/package/network/services/ppp/patches/200-makefile.patch @@ -0,0 +1,49 @@ +pppd: tune Linux config defaults for OpenWrt + +This patch adjusts a number defaults to properly match the OpenWrt environment. +It is not intended for upstream. + +Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> + +--- a/pppd/Makefile.linux ++++ b/pppd/Makefile.linux +@@ -48,7 +48,7 @@ MPPE=y + # Uncomment the next line to include support for PPP packet filtering. + # This requires that the libpcap library and headers be installed + # and that the kernel driver support PPP packet filtering. +-FILTER=y ++#FILTER=y + + # Uncomment the next line to enable multilink PPP (enabled by default) + # Linux distributions: Please leave multilink ENABLED in your builds +@@ -58,7 +58,7 @@ HAVE_MULTILINK=y + # Uncomment the next line to enable the TDB database (enabled by default.) + # If you enable multilink, then TDB is automatically enabled also. + # Linux distributions: Please leave TDB ENABLED in your builds. +-USE_TDB=y ++#USE_TDB=y + + HAS_SHADOW=y + #USE_PAM=y +@@ -80,7 +80,7 @@ MAXOCTETS=y + + INCLUDE_DIRS= -I../include + +-COMPILE_FLAGS= -DHAVE_PATHS_H -DIPX_CHANGE -DHAVE_MMAP ++COMPILE_FLAGS= -DHAVE_PATHS_H -DHAVE_MMAP + + CFLAGS= $(COPTS) $(COMPILE_FLAGS) $(INCLUDE_DIRS) '-DDESTDIR="@DESTDIR@"' + +@@ -120,10 +120,10 @@ CFLAGS += -DHAS_SHADOW + #LIBS += -lshadow $(LIBS) + endif + +-ifneq ($(wildcard /usr/include/crypt.h),) ++#ifneq ($(wildcard /usr/include/crypt.h),) + CFLAGS += -DHAVE_CRYPT_H=1 + LIBS += -lcrypt +-endif ++#endif + + ifdef USE_LIBUTIL + CFLAGS += -DHAVE_LOGWTMP=1 diff --git a/package/network/services/ppp/patches/201-mppe_mppc_1.1.patch b/package/network/services/ppp/patches/201-mppe_mppc_1.1.patch new file mode 100644 index 0000000..0bc42d4 --- /dev/null +++ b/package/network/services/ppp/patches/201-mppe_mppc_1.1.patch @@ -0,0 +1,1495 @@ +pppd: add support for MPPE and MPPC encryption and compression protocols + +This is a forward ported version of ppp-2.4.3-mppe-mppc-1.1.patch.gz found on +http://mppe-mppc.alphacron.de/ . + +Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> + +--- a/include/linux/ppp-comp.h ++++ b/include/linux/ppp-comp.h +@@ -36,7 +36,7 @@ + */ + + /* +- * ==FILEVERSION 20020319== ++ * ==FILEVERSION 20020715== + * + * NOTE TO MAINTAINERS: + * If you modify this file at all, please set the above date. +@@ -201,6 +201,33 @@ struct compressor { + #define CI_MPPE 18 /* config option for MPPE */ + #define CILEN_MPPE 6 /* length of config option */ + ++/* MPPE/MPPC definitions by J.D.*/ ++#define MPPE_STATELESS MPPE_H_BIT /* configuration bit H */ ++#define MPPE_40BIT MPPE_L_BIT /* configuration bit L */ ++#define MPPE_56BIT MPPE_M_BIT /* configuration bit M */ ++#define MPPE_128BIT MPPE_S_BIT /* configuration bit S */ ++#define MPPE_MPPC MPPE_C_BIT /* configuration bit C */ ++ ++/* ++ * Definitions for Stac LZS. ++ */ ++ ++#define CI_LZS 17 /* config option for Stac LZS */ ++#define CILEN_LZS 5 /* length of config option */ ++ ++#define LZS_OVHD 4 /* max. LZS overhead */ ++#define LZS_HIST_LEN 2048 /* LZS history size */ ++#define LZS_MAX_CCOUNT 0x0FFF /* max. coherency counter value */ ++ ++#define LZS_MODE_NONE 0 ++#define LZS_MODE_LCB 1 ++#define LZS_MODE_CRC 2 ++#define LZS_MODE_SEQ 3 ++#define LZS_MODE_EXT 4 ++ ++#define LZS_EXT_BIT_FLUSHED 0x80 /* bit A */ ++#define LZS_EXT_BIT_COMP 0x20 /* bit C */ ++ + /* + * Definitions for other, as yet unsupported, compression methods. + */ +--- a/include/net/ppp-comp.h ++++ b/include/net/ppp-comp.h +@@ -168,6 +168,33 @@ struct compressor { + #define CI_MPPE 18 /* config option for MPPE */ + #define CILEN_MPPE 6 /* length of config option */ + ++/* MPPE/MPPC definitions by J.D.*/ ++#define MPPE_STATELESS MPPE_H_BIT /* configuration bit H */ ++#define MPPE_40BIT MPPE_L_BIT /* configuration bit L */ ++#define MPPE_56BIT MPPE_M_BIT /* configuration bit M */ ++#define MPPE_128BIT MPPE_S_BIT /* configuration bit S */ ++#define MPPE_MPPC MPPE_C_BIT /* configuration bit C */ ++ ++/* ++ * Definitions for Stac LZS. ++ */ ++ ++#define CI_LZS 17 /* config option for Stac LZS */ ++#define CILEN_LZS 5 /* length of config option */ ++ ++#define LZS_OVHD 4 /* max. LZS overhead */ ++#define LZS_HIST_LEN 2048 /* LZS history size */ ++#define LZS_MAX_CCOUNT 0x0FFF /* max. coherency counter value */ ++ ++#define LZS_MODE_NONE 0 ++#define LZS_MODE_LCB 1 ++#define LZS_MODE_CRC 2 ++#define LZS_MODE_SEQ 3 ++#define LZS_MODE_EXT 4 ++ ++#define LZS_EXT_BIT_FLUSHED 0x80 /* bit A */ ++#define LZS_EXT_BIT_COMP 0x20 /* bit C */ ++ + /* + * Definitions for other, as yet unsupported, compression methods. + */ +--- a/pppd/ccp.c ++++ b/pppd/ccp.c +@@ -62,12 +62,10 @@ static int setdeflate __P((char **)); + static char bsd_value[8]; + static char deflate_value[8]; + +-/* +- * Option variables. +- */ + #ifdef MPPE +-bool refuse_mppe_stateful = 1; /* Allow stateful mode? */ +-#endif ++static int setmppe(char **); ++static int setnomppe(void); ++#endif /* MPPE */ + + static option_t ccp_option_list[] = { + { "noccp", o_bool, &ccp_protent.enabled_flag, +@@ -108,54 +106,36 @@ static option_t ccp_option_list[] = { + "don't allow Predictor-1", OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLR, + &ccp_allowoptions[0].predictor_1 }, + ++ { "lzs", o_bool, &ccp_wantoptions[0].lzs, ++ "request Stac LZS", 1, &ccp_allowoptions[0].lzs, OPT_PRIO }, ++ { "+lzs", o_bool, &ccp_wantoptions[0].lzs, ++ "request Stac LZS", 1, &ccp_allowoptions[0].lzs, OPT_ALIAS | OPT_PRIO }, ++ { "nolzs", o_bool, &ccp_wantoptions[0].lzs, ++ "don't allow Stac LZS", OPT_PRIOSUB | OPT_A2CLR, ++ &ccp_allowoptions[0].lzs }, ++ { "-lzs", o_bool, &ccp_wantoptions[0].lzs, ++ "don't allow Stac LZS", OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLR, ++ &ccp_allowoptions[0].lzs }, ++ + #ifdef MPPE +- /* MPPE options are symmetrical ... we only set wantoptions here */ +- { "require-mppe", o_bool, &ccp_wantoptions[0].mppe, +- "require MPPE encryption", +- OPT_PRIO | MPPE_OPT_40 | MPPE_OPT_128 }, +- { "+mppe", o_bool, &ccp_wantoptions[0].mppe, +- "require MPPE encryption", +- OPT_ALIAS | OPT_PRIO | MPPE_OPT_40 | MPPE_OPT_128 }, +- { "nomppe", o_bool, &ccp_wantoptions[0].mppe, +- "don't allow MPPE encryption", OPT_PRIO }, +- { "-mppe", o_bool, &ccp_wantoptions[0].mppe, +- "don't allow MPPE encryption", OPT_ALIAS | OPT_PRIO }, +- +- /* We use ccp_allowoptions[0].mppe as a junk var ... it is reset later */ +- { "require-mppe-40", o_bool, &ccp_allowoptions[0].mppe, +- "require MPPE 40-bit encryption", OPT_PRIO | OPT_A2OR | MPPE_OPT_40, +- &ccp_wantoptions[0].mppe }, +- { "+mppe-40", o_bool, &ccp_allowoptions[0].mppe, +- "require MPPE 40-bit encryption", OPT_PRIO | OPT_A2OR | MPPE_OPT_40, +- &ccp_wantoptions[0].mppe }, +- { "nomppe-40", o_bool, &ccp_allowoptions[0].mppe, +- "don't allow MPPE 40-bit encryption", +- OPT_PRIOSUB | OPT_A2CLRB | MPPE_OPT_40, &ccp_wantoptions[0].mppe }, +- { "-mppe-40", o_bool, &ccp_allowoptions[0].mppe, +- "don't allow MPPE 40-bit encryption", +- OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLRB | MPPE_OPT_40, +- &ccp_wantoptions[0].mppe }, +- +- { "require-mppe-128", o_bool, &ccp_allowoptions[0].mppe, +- "require MPPE 128-bit encryption", OPT_PRIO | OPT_A2OR | MPPE_OPT_128, +- &ccp_wantoptions[0].mppe }, +- { "+mppe-128", o_bool, &ccp_allowoptions[0].mppe, +- "require MPPE 128-bit encryption", +- OPT_ALIAS | OPT_PRIO | OPT_A2OR | MPPE_OPT_128, +- &ccp_wantoptions[0].mppe }, +- { "nomppe-128", o_bool, &ccp_allowoptions[0].mppe, +- "don't allow MPPE 128-bit encryption", +- OPT_PRIOSUB | OPT_A2CLRB | MPPE_OPT_128, &ccp_wantoptions[0].mppe }, +- { "-mppe-128", o_bool, &ccp_allowoptions[0].mppe, +- "don't allow MPPE 128-bit encryption", +- OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLRB | MPPE_OPT_128, +- &ccp_wantoptions[0].mppe }, +- +- /* strange one; we always request stateless, but will we allow stateful? */ +- { "mppe-stateful", o_bool, &refuse_mppe_stateful, +- "allow MPPE stateful mode", OPT_PRIO }, +- { "nomppe-stateful", o_bool, &refuse_mppe_stateful, +- "disallow MPPE stateful mode", OPT_PRIO | 1 }, ++ { "mppc", o_bool, &ccp_wantoptions[0].mppc, ++ "request MPPC compression", 1, &ccp_allowoptions[0].mppc }, ++ { "+mppc", o_bool, &ccp_wantoptions[0].mppc, ++ "request MPPC compression", 1, &ccp_allowoptions[0].mppc, OPT_ALIAS }, ++ { "nomppc", o_bool, &ccp_wantoptions[0].mppc, ++ "don't allow MPPC compression", OPT_PRIOSUB | OPT_A2CLR, ++ &ccp_allowoptions[0].mppc }, ++ { "-mppc", o_bool, &ccp_wantoptions[0].mppc, ++ "don't allow MPPC compression", OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLR, ++ &ccp_allowoptions[0].mppc }, ++ { "mppe", o_special, (void *)setmppe, ++ "request MPPE encryption" }, ++ { "+mppe", o_special, (void *)setmppe, ++ "request MPPE encryption" }, ++ { "nomppe", o_special_noarg, (void *)setnomppe, ++ "don't allow MPPE encryption" }, ++ { "-mppe", o_special_noarg, (void *)setnomppe, ++ "don't allow MPPE encryption" }, + #endif /* MPPE */ + + { NULL } +@@ -241,7 +221,7 @@ static fsm_callbacks ccp_callbacks = { + */ + #define ANY_COMPRESS(opt) ((opt).deflate || (opt).bsd_compress \ + || (opt).predictor_1 || (opt).predictor_2 \ +- || (opt).mppe) ++ || (opt).lzs || (opt).mppc || (opt).mppe) + + /* + * Local state (mainly for handling reset-reqs and reset-acks). +@@ -344,6 +324,100 @@ setdeflate(argv) + return 1; + } + ++#ifdef MPPE ++/* ++ * Functions called from config options ++ */ ++/* ++ MPPE suboptions: ++ required - require MPPE; disconnect if peer doesn't support it ++ stateless - use stateless mode ++ no40 - disable 40 bit keys ++ no56 - disable 56 bit keys ++ no128 - disable 128 bit keys ++*/ ++int setmppe(char **argv) ++{ ++ int i; ++ char *str, cmdbuf[16]; ++ ++ ccp_allowoptions[0].mppe = 1; ++ ccp_allowoptions[0].mppe_40 = 1; ++ ccp_allowoptions[0].mppe_56 = 1; ++ ccp_allowoptions[0].mppe_128 = 1; ++ ccp_allowoptions[0].mppe_stateless = 0; ++ ccp_wantoptions[0].mppe = 0; ++ ++ str = *argv; ++ ++ while (1) { ++ i = 0; ++ memset(cmdbuf, '\0', 16); ++ while ((i < 16) && (*str != ',') && (*str != '\0')) ++ cmdbuf[i++] = *str++; ++ cmdbuf[i] = '\0'; ++ if (!strncasecmp(cmdbuf, "no40", strlen("no40"))) { ++ ccp_allowoptions[0].mppe_40 = 0; ++ goto next_param; ++ } else if (!strncasecmp(cmdbuf, "no56", strlen("no56"))) { ++ ccp_allowoptions[0].mppe_56 = 0; ++ goto next_param; ++ } else if (!strncasecmp(cmdbuf, "no128", strlen("no128"))) { ++ ccp_allowoptions[0].mppe_128 = 0; ++ goto next_param; ++ } else if (!strncasecmp(cmdbuf, "stateless", strlen("stateless"))) { ++ ccp_allowoptions[0].mppe_stateless = 1; ++ goto next_param; ++ } else if (!strncasecmp(cmdbuf, "required", strlen("required"))) { ++ ccp_wantoptions[0].mppe = 1; ++ goto next_param; ++ } else { ++ option_error("invalid parameter '%s' for mppe option", cmdbuf); ++ return 0; ++ } ++ ++ next_param: ++ if (*str == ',') { ++ str++; ++ continue; ++ } ++ if (*str == '\0') { ++ if (!(ccp_allowoptions[0].mppe_40 || ccp_allowoptions[0].mppe_56 || ++ ccp_allowoptions[0].mppe_128)) { ++ if (ccp_wantoptions[0].mppe == 1) { ++ option_error("You require MPPE but you have switched off " ++ "all encryption key lengths."); ++ return 0; ++ } ++ ccp_wantoptions[0].mppe = ccp_allowoptions[0].mppe = 0; ++ ccp_wantoptions[0].mppe_stateless = ++ ccp_allowoptions[0].mppe_stateless = 0; ++ } else { ++ ccp_allowoptions[0].mppe = 1; ++ ccp_wantoptions[0].mppe_stateless = ++ ccp_allowoptions[0].mppe_stateless; ++ if (ccp_wantoptions[0].mppe == 1) { ++ ccp_wantoptions[0].mppe_40 = ccp_allowoptions[0].mppe_40; ++ ccp_wantoptions[0].mppe_56 = ccp_allowoptions[0].mppe_56; ++ ccp_wantoptions[0].mppe_128 = ccp_allowoptions[0].mppe_128; ++ } ++ } ++ return 1; ++ } ++ } ++} ++ ++int setnomppe(void) ++{ ++ ccp_wantoptions[0].mppe = ccp_allowoptions[0].mppe = 0; ++ ccp_wantoptions[0].mppe_40 = ccp_allowoptions[0].mppe_40 = 0; ++ ccp_wantoptions[0].mppe_56 = ccp_allowoptions[0].mppe_56 = 0; ++ ccp_wantoptions[0].mppe_128 = ccp_allowoptions[0].mppe_128 = 0; ++ ccp_wantoptions[0].mppe_stateless = ccp_allowoptions[0].mppe_stateless = 0; ++ return 1; ++} ++#endif /* MPPE */ ++ + /* + * ccp_init - initialize CCP. + */ +@@ -378,6 +452,30 @@ ccp_init(unit) + ccp_allowoptions[0].bsd_bits = BSD_MAX_BITS; + + ccp_allowoptions[0].predictor_1 = 1; ++ ++ ccp_wantoptions[0].lzs = 0; /* Stac LZS - will be enabled in the future */ ++ ccp_wantoptions[0].lzs_mode = LZS_MODE_SEQ; ++ ccp_wantoptions[0].lzs_hists = 1; ++ ccp_allowoptions[0].lzs = 0; /* Stac LZS - will be enabled in the future */ ++ ccp_allowoptions[0].lzs_mode = LZS_MODE_SEQ; ++ ccp_allowoptions[0].lzs_hists = 1; ++ ++#ifdef MPPE ++ /* by default allow and request MPPC... */ ++ ccp_wantoptions[0].mppc = ccp_allowoptions[0].mppc = 1; ++ ++ /* ... and allow but don't request MPPE */ ++ ccp_allowoptions[0].mppe = 1; ++ ccp_allowoptions[0].mppe_40 = 1; ++ ccp_allowoptions[0].mppe_56 = 1; ++ ccp_allowoptions[0].mppe_128 = 1; ++ ccp_allowoptions[0].mppe_stateless = 1; ++ ccp_wantoptions[0].mppe = 0; ++ ccp_wantoptions[0].mppe_40 = 0; ++ ccp_wantoptions[0].mppe_56 = 0; ++ ccp_wantoptions[0].mppe_128 = 0; ++ ccp_wantoptions[0].mppe_stateless = 0; ++#endif /* MPPE */ + } + + /* +@@ -455,11 +553,11 @@ ccp_input(unit, p, len) + if (oldstate == OPENED && p[0] == TERMREQ && f->state != OPENED) { + notice("Compression disabled by peer."); + #ifdef MPPE +- if (ccp_gotoptions[unit].mppe) { ++ if (ccp_wantoptions[unit].mppe) { + error("MPPE disabled, closing LCP"); + lcp_close(unit, "MPPE disabled by peer"); + } +-#endif ++#endif /* MPPE */ + } + + /* +@@ -487,6 +585,15 @@ ccp_extcode(f, code, id, p, len) + break; + /* send a reset-ack, which the transmitter will see and + reset its compression state. */ ++ ++ /* In case of MPPE/MPPC or LZS we shouldn't send CCP_RESETACK, ++ but we do it in order to reset compressor; CCP_RESETACK is ++ then silently discarded. See functions ppp_send_frame and ++ ppp_ccp_peek in ppp_generic.c (Linux only !!!). All the ++ confusion is caused by the fact that CCP code is splited ++ into two parts - one part is handled by pppd, the other one ++ is handled by kernel. */ ++ + fsm_sdata(f, CCP_RESETACK, id, NULL, 0); + break; + +@@ -515,12 +622,11 @@ ccp_protrej(unit) + fsm_lowerdown(&ccp_fsm[unit]); + + #ifdef MPPE +- if (ccp_gotoptions[unit].mppe) { ++ if (ccp_wantoptions[unit].mppe) { + error("MPPE required but peer negotiation failed"); + lcp_close(unit, "MPPE required but peer negotiation failed"); + } +-#endif +- ++#endif /* MPPE */ + } + + /* +@@ -537,7 +643,7 @@ ccp_resetci(f) + all_rejected[f->unit] = 0; + + #ifdef MPPE +- if (go->mppe) { ++ if (go->mppe || go->mppc) { + ccp_options *ao = &ccp_allowoptions[f->unit]; + int auth_mschap_bits = auth_done[f->unit]; + int numbits; +@@ -551,80 +657,109 @@ ccp_resetci(f) + * NB: If MPPE is required, all other compression opts are invalid. + * So, we return right away if we can't do it. + */ ++ if (ccp_wantoptions[f->unit].mppe) { ++ /* Leave only the mschap auth bits set */ ++ auth_mschap_bits &= (CHAP_MS_WITHPEER | CHAP_MS_PEER | ++ CHAP_MS2_WITHPEER | CHAP_MS2_PEER); ++ /* Count the mschap auths */ ++ auth_mschap_bits >>= CHAP_MS_SHIFT; ++ numbits = 0; ++ do { ++ numbits += auth_mschap_bits & 1; ++ auth_mschap_bits >>= 1; ++ } while (auth_mschap_bits); ++ if (numbits > 1) { ++ error("MPPE required, but auth done in both directions."); ++ lcp_close(f->unit, "MPPE required but not available"); ++ return; ++ } ++ if (!numbits) { ++ error("MPPE required, but MS-CHAP[v2] auth not performed."); ++ lcp_close(f->unit, "MPPE required but not available"); ++ return; ++ } + +- /* Leave only the mschap auth bits set */ +- auth_mschap_bits &= (CHAP_MS_WITHPEER | CHAP_MS_PEER | +- CHAP_MS2_WITHPEER | CHAP_MS2_PEER); +- /* Count the mschap auths */ +- auth_mschap_bits >>= CHAP_MS_SHIFT; +- numbits = 0; +- do { +- numbits += auth_mschap_bits & 1; +- auth_mschap_bits >>= 1; +- } while (auth_mschap_bits); +- if (numbits > 1) { +- error("MPPE required, but auth done in both directions."); +- lcp_close(f->unit, "MPPE required but not available"); +- return; +- } +- if (!numbits) { +- error("MPPE required, but MS-CHAP[v2] auth not performed."); +- lcp_close(f->unit, "MPPE required but not available"); +- return; +- } +- +- /* A plugin (eg radius) may not have obtained key material. */ +- if (!mppe_keys_set) { +- error("MPPE required, but keys are not available. " +- "Possible plugin problem?"); +- lcp_close(f->unit, "MPPE required but not available"); +- return; +- } +- +- /* LM auth not supported for MPPE */ +- if (auth_done[f->unit] & (CHAP_MS_WITHPEER | CHAP_MS_PEER)) { +- /* This might be noise */ +- if (go->mppe & MPPE_OPT_40) { +- notice("Disabling 40-bit MPPE; MS-CHAP LM not supported"); +- go->mppe &= ~MPPE_OPT_40; +- ccp_wantoptions[f->unit].mppe &= ~MPPE_OPT_40; ++ /* A plugin (eg radius) may not have obtained key material. */ ++ if (!mppe_keys_set) { ++ error("MPPE required, but keys are not available. " ++ "Possible plugin problem?"); ++ lcp_close(f->unit, "MPPE required but not available"); ++ return; + } + } + +- /* Last check: can we actually negotiate something? */ +- if (!(go->mppe & (MPPE_OPT_40 | MPPE_OPT_128))) { +- /* Could be misconfig, could be 40-bit disabled above. */ +- error("MPPE required, but both 40-bit and 128-bit disabled."); +- lcp_close(f->unit, "MPPE required but not available"); +- return; ++ /* ++ * Check whether the kernel knows about the various ++ * compression methods we might request. Key material ++ * unimportant here. ++ */ ++ if (go->mppc) { ++ opt_buf[0] = CI_MPPE; ++ opt_buf[1] = CILEN_MPPE; ++ opt_buf[2] = 0; ++ opt_buf[3] = 0; ++ opt_buf[4] = 0; ++ opt_buf[5] = MPPE_MPPC; ++ if (ccp_test(f->unit, opt_buf, CILEN_MPPE, 0) <= 0) ++ go->mppc = 0; ++ } ++ if (go->mppe_40) { ++ opt_buf[0] = CI_MPPE; ++ opt_buf[1] = CILEN_MPPE; ++ opt_buf[2] = MPPE_STATELESS; ++ opt_buf[3] = 0; ++ opt_buf[4] = 0; ++ opt_buf[5] = MPPE_40BIT; ++ if (ccp_test(f->unit, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN, 0) <= 0) ++ go->mppe_40 = 0; ++ } ++ if (go->mppe_56) { ++ opt_buf[0] = CI_MPPE; ++ opt_buf[1] = CILEN_MPPE; ++ opt_buf[2] = MPPE_STATELESS; ++ opt_buf[3] = 0; ++ opt_buf[4] = 0; ++ opt_buf[5] = MPPE_56BIT; ++ if (ccp_test(f->unit, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN, 0) <= 0) ++ go->mppe_56 = 0; ++ } ++ if (go->mppe_128) { ++ opt_buf[0] = CI_MPPE; ++ opt_buf[1] = CILEN_MPPE; ++ opt_buf[2] = MPPE_STATELESS; ++ opt_buf[3] = 0; ++ opt_buf[4] = 0; ++ opt_buf[5] = MPPE_128BIT; ++ if (ccp_test(f->unit, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN, 0) <= 0) ++ go->mppe_128 = 0; ++ } ++ if (!go->mppe_40 && !go->mppe_56 && !go->mppe_128) { ++ if (ccp_wantoptions[f->unit].mppe) { ++ error("MPPE required, but kernel has no support."); ++ lcp_close(f->unit, "MPPE required but not available"); ++ } ++ go->mppe = go->mppe_stateless = 0; ++ } else { ++ /* MPPE is not compatible with other compression types */ ++ if (ccp_wantoptions[f->unit].mppe) { ++ ao->bsd_compress = go->bsd_compress = 0; ++ ao->predictor_1 = go->predictor_1 = 0; ++ ao->predictor_2 = go->predictor_2 = 0; ++ ao->deflate = go->deflate = 0; ++ ao->lzs = go->lzs = 0; ++ } + } +- +- /* sync options */ +- ao->mppe = go->mppe; +- /* MPPE is not compatible with other compression types */ +- ao->bsd_compress = go->bsd_compress = 0; +- ao->predictor_1 = go->predictor_1 = 0; +- ao->predictor_2 = go->predictor_2 = 0; +- ao->deflate = go->deflate = 0; + } + #endif /* MPPE */ +- +- /* +- * Check whether the kernel knows about the various +- * compression methods we might request. +- */ +-#ifdef MPPE +- if (go->mppe) { +- opt_buf[0] = CI_MPPE; +- opt_buf[1] = CILEN_MPPE; +- MPPE_OPTS_TO_CI(go->mppe, &opt_buf[2]); +- /* Key material unimportant here. */ +- if (ccp_test(f->unit, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN, 0) <= 0) { +- error("MPPE required, but kernel has no support."); +- lcp_close(f->unit, "MPPE required but not available"); +- } ++ if (go->lzs) { ++ opt_buf[0] = CI_LZS; ++ opt_buf[1] = CILEN_LZS; ++ opt_buf[2] = go->lzs_hists >> 8; ++ opt_buf[3] = go->lzs_hists & 0xff; ++ opt_buf[4] = LZS_MODE_SEQ; ++ if (ccp_test(f->unit, opt_buf, CILEN_LZS, 0) <= 0) ++ go->lzs = 0; + } +-#endif + if (go->bsd_compress) { + opt_buf[0] = CI_BSD_COMPRESS; + opt_buf[1] = CILEN_BSD_COMPRESS; +@@ -679,7 +814,8 @@ ccp_cilen(f) + + (go->deflate? CILEN_DEFLATE: 0) + + (go->predictor_1? CILEN_PREDICTOR_1: 0) + + (go->predictor_2? CILEN_PREDICTOR_2: 0) +- + (go->mppe? CILEN_MPPE: 0); ++ + (go->lzs? CILEN_LZS: 0) ++ + ((go->mppe || go->mppc)? CILEN_MPPE: 0); + } + + /* +@@ -693,6 +829,8 @@ ccp_addci(f, p, lenp) + { + int res; + ccp_options *go = &ccp_gotoptions[f->unit]; ++ ccp_options *ao = &ccp_allowoptions[f->unit]; ++ ccp_options *wo = &ccp_wantoptions[f->unit]; + u_char *p0 = p; + + /* +@@ -701,22 +839,43 @@ ccp_addci(f, p, lenp) + * in case it gets Acked. + */ + #ifdef MPPE +- if (go->mppe) { ++ if (go->mppe || go->mppc || (!wo->mppe && ao->mppe)) { + u_char opt_buf[CILEN_MPPE + MPPE_MAX_KEY_LEN]; + +- p[0] = opt_buf[0] = CI_MPPE; +- p[1] = opt_buf[1] = CILEN_MPPE; +- MPPE_OPTS_TO_CI(go->mppe, &p[2]); +- MPPE_OPTS_TO_CI(go->mppe, &opt_buf[2]); ++ p[0] = CI_MPPE; ++ p[1] = CILEN_MPPE; ++ p[2] = (go->mppe_stateless ? MPPE_STATELESS : 0); ++ p[3] = 0; ++ p[4] = 0; ++ p[5] = (go->mppe_40 ? MPPE_40BIT : 0) | (go->mppe_56 ? MPPE_56BIT : 0) | ++ (go->mppe_128 ? MPPE_128BIT : 0) | (go->mppc ? MPPE_MPPC : 0); ++ ++ BCOPY(p, opt_buf, CILEN_MPPE); + BCOPY(mppe_recv_key, &opt_buf[CILEN_MPPE], MPPE_MAX_KEY_LEN); + res = ccp_test(f->unit, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN, 0); +- if (res > 0) ++ if (res > 0) { + p += CILEN_MPPE; +- else ++ } else { + /* This shouldn't happen, we've already tested it! */ +- lcp_close(f->unit, "MPPE required but not available in kernel"); ++ go->mppe = go->mppe_40 = go->mppe_56 = go->mppe_128 = ++ go->mppe_stateless = go->mppc = 0; ++ if (ccp_wantoptions[f->unit].mppe) ++ lcp_close(f->unit, "MPPE required but not available in kernel"); ++ } ++ } ++#endif /* MPPE */ ++ if (go->lzs) { ++ p[0] = CI_LZS; ++ p[1] = CILEN_LZS; ++ p[2] = go->lzs_hists >> 8; ++ p[3] = go->lzs_hists & 0xff; ++ p[4] = LZS_MODE_SEQ; ++ res = ccp_test(f->unit, p, CILEN_LZS, 0); ++ if (res > 0) { ++ p += CILEN_LZS; ++ } else ++ go->lzs = 0; + } +-#endif + if (go->deflate) { + p[0] = go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT; + p[1] = CILEN_DEFLATE; +@@ -802,7 +961,7 @@ ccp_addci(f, p, lenp) + + /* + * ccp_ackci - process a received configure-ack, and return +- * 1 iff the packet was OK. ++ * 1 if the packet was OK. + */ + static int + ccp_ackci(f, p, len) +@@ -811,24 +970,44 @@ ccp_ackci(f, p, len) + int len; + { + ccp_options *go = &ccp_gotoptions[f->unit]; ++ ccp_options *ao = &ccp_allowoptions[f->unit]; ++ ccp_options *wo = &ccp_wantoptions[f->unit]; + u_char *p0 = p; + + #ifdef MPPE +- if (go->mppe) { +- u_char opt_buf[CILEN_MPPE]; +- +- opt_buf[0] = CI_MPPE; +- opt_buf[1] = CILEN_MPPE; +- MPPE_OPTS_TO_CI(go->mppe, &opt_buf[2]); +- if (len < CILEN_MPPE || memcmp(opt_buf, p, CILEN_MPPE)) ++ if (go->mppe || go->mppc || (!wo->mppe && ao->mppe)) { ++ if (len < CILEN_MPPE ++ || p[1] != CILEN_MPPE || p[0] != CI_MPPE ++ || p[2] != (go->mppe_stateless ? MPPE_STATELESS : 0) ++ || p[3] != 0 ++ || p[4] != 0 ++ || (p[5] != ((go->mppe_40 ? MPPE_40BIT : 0) | ++ (go->mppc ? MPPE_MPPC : 0)) ++ && p[5] != ((go->mppe_56 ? MPPE_56BIT : 0) | ++ (go->mppc ? MPPE_MPPC : 0)) ++ && p[5] != ((go->mppe_128 ? MPPE_128BIT : 0) | ++ (go->mppc ? MPPE_MPPC : 0)))) + return 0; ++ if (go->mppe_40 || go->mppe_56 || go->mppe_128) ++ go->mppe = 1; + p += CILEN_MPPE; + len -= CILEN_MPPE; ++ /* Cope with first/fast ack */ ++ if (p == p0 && len == 0) ++ return 1; ++ } ++#endif /* MPPE */ ++ if (go->lzs) { ++ if (len < CILEN_LZS || p[0] != CI_LZS || p[1] != CILEN_LZS ++ || p[2] != go->lzs_hists>>8 || p[3] != (go->lzs_hists&0xff) ++ || p[4] != LZS_MODE_SEQ) ++ return 0; ++ p += CILEN_LZS; ++ len -= CILEN_LZS; + /* XXX Cope with first/fast ack */ +- if (len == 0) ++ if (p == p0 && len == 0) + return 1; + } +-#endif + if (go->deflate) { + if (len < CILEN_DEFLATE + || p[0] != (go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT) +@@ -901,6 +1080,8 @@ ccp_nakci(f, p, len, treat_as_reject) + int treat_as_reject; + { + ccp_options *go = &ccp_gotoptions[f->unit]; ++ ccp_options *ao = &ccp_allowoptions[f->unit]; ++ ccp_options *wo = &ccp_wantoptions[f->unit]; + ccp_options no; /* options we've seen already */ + ccp_options try; /* options to ask for next time */ + +@@ -908,28 +1089,100 @@ ccp_nakci(f, p, len, treat_as_reject) + try = *go; + + #ifdef MPPE +- if (go->mppe && len >= CILEN_MPPE +- && p[0] == CI_MPPE && p[1] == CILEN_MPPE) { +- no.mppe = 1; +- /* +- * Peer wants us to use a different strength or other setting. +- * Fail if we aren't willing to use his suggestion. +- */ +- MPPE_CI_TO_OPTS(&p[2], try.mppe); +- if ((try.mppe & MPPE_OPT_STATEFUL) && refuse_mppe_stateful) { +- error("Refusing MPPE stateful mode offered by peer"); +- try.mppe = 0; +- } else if (((go->mppe | MPPE_OPT_STATEFUL) & try.mppe) != try.mppe) { +- /* Peer must have set options we didn't request (suggest) */ +- try.mppe = 0; +- } ++ if ((go->mppe || go->mppc || (!wo->mppe && ao->mppe)) && ++ len >= CILEN_MPPE && p[0] == CI_MPPE && p[1] == CILEN_MPPE) { + +- if (!try.mppe) { +- error("MPPE required but peer negotiation failed"); +- lcp_close(f->unit, "MPPE required but peer negotiation failed"); ++ if (go->mppc) { ++ no.mppc = 1; ++ if (!(p[5] & MPPE_MPPC)) ++ try.mppc = 0; ++ } ++ ++ if (go->mppe) ++ no.mppe = 1; ++ if (go->mppe_40) ++ no.mppe_40 = 1; ++ if (go->mppe_56) ++ no.mppe_56 = 1; ++ if (go->mppe_128) ++ no.mppe_128 = 1; ++ if (go->mppe_stateless) ++ no.mppe_stateless = 1; ++ ++ if (ao->mppe_40) { ++ if ((p[5] & MPPE_40BIT)) ++ try.mppe_40 = 1; ++ else ++ try.mppe_40 = (p[5] == 0) ? 1 : 0; ++ } ++ if (ao->mppe_56) { ++ if ((p[5] & MPPE_56BIT)) ++ try.mppe_56 = 1; ++ else ++ try.mppe_56 = (p[5] == 0) ? 1 : 0; ++ } ++ if (ao->mppe_128) { ++ if ((p[5] & MPPE_128BIT)) ++ try.mppe_128 = 1; ++ else ++ try.mppe_128 = (p[5] == 0) ? 1 : 0; ++ } ++ ++ if (ao->mppe_stateless) { ++ if ((p[2] & MPPE_STATELESS) || wo->mppe_stateless) ++ try.mppe_stateless = 1; ++ else ++ try.mppe_stateless = 0; ++ } ++ ++ if (!try.mppe_56 && !try.mppe_40 && !try.mppe_128) { ++ try.mppe = try.mppe_stateless = 0; ++ if (wo->mppe) { ++ /* we require encryption, but peer doesn't support it ++ so we close connection */ ++ wo->mppc = wo->mppe = wo->mppe_stateless = wo->mppe_40 = ++ wo->mppe_56 = wo->mppe_128 = 0; ++ lcp_close(f->unit, "MPPE required but cannot negotiate MPPE " ++ "key length"); ++ } ++ } ++ if (wo->mppe && (wo->mppe_40 != try.mppe_40) && ++ (wo->mppe_56 != try.mppe_56) && (wo->mppe_128 != try.mppe_128)) { ++ /* cannot negotiate key length */ ++ wo->mppc = wo->mppe = wo->mppe_stateless = wo->mppe_40 = ++ wo->mppe_56 = wo->mppe_128 = 0; ++ lcp_close(f->unit, "Cannot negotiate MPPE key length"); + } ++ if (try.mppe_40 && try.mppe_56 && try.mppe_128) ++ try.mppe_40 = try.mppe_56 = 0; ++ else ++ if (try.mppe_56 && try.mppe_128) ++ try.mppe_56 = 0; ++ else ++ if (try.mppe_40 && try.mppe_128) ++ try.mppe_40 = 0; ++ else ++ if (try.mppe_40 && try.mppe_56) ++ try.mppe_40 = 0; ++ ++ p += CILEN_MPPE; ++ len -= CILEN_MPPE; + } + #endif /* MPPE */ ++ ++ if (go->lzs && len >= CILEN_LZS && p[0] == CI_LZS && p[1] == CILEN_LZS) { ++ no.lzs = 1; ++ if (((p[2]<<8)|p[3]) > 1 || (p[4] != LZS_MODE_SEQ && ++ p[4] != LZS_MODE_EXT)) ++ try.lzs = 0; ++ else { ++ try.lzs_mode = p[4]; ++ try.lzs_hists = (p[2] << 8) | p[3]; ++ } ++ p += CILEN_LZS; ++ len -= CILEN_LZS; ++ } ++ + if (go->deflate && len >= CILEN_DEFLATE + && p[0] == (go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT) + && p[1] == CILEN_DEFLATE) { +@@ -1002,14 +1255,50 @@ ccp_rejci(f, p, len) + return -1; + + #ifdef MPPE +- if (go->mppe && len >= CILEN_MPPE ++ if ((go->mppe || go->mppc) && len >= CILEN_MPPE + && p[0] == CI_MPPE && p[1] == CILEN_MPPE) { +- error("MPPE required but peer refused"); +- lcp_close(f->unit, "MPPE required but peer refused"); ++ ccp_options *wo = &ccp_wantoptions[f->unit]; ++ if (p[2] != (go->mppe_stateless ? MPPE_STATELESS : 0) || ++ p[3] != 0 || ++ p[4] != 0 || ++ p[5] != ((go->mppe_40 ? MPPE_40BIT : 0) | ++ (go->mppe_56 ? MPPE_56BIT : 0) | ++ (go->mppe_128 ? MPPE_128BIT : 0) | ++ (go->mppc ? MPPE_MPPC : 0))) ++ return 0; ++ if (go->mppc) ++ try.mppc = 0; ++ if (go->mppe) { ++ try.mppe = 0; ++ if (go->mppe_40) ++ try.mppe_40 = 0; ++ if (go->mppe_56) ++ try.mppe_56 = 0; ++ if (go->mppe_128) ++ try.mppe_128 = 0; ++ if (go->mppe_stateless) ++ try.mppe_stateless = 0; ++ if (!try.mppe_56 && !try.mppe_40 && !try.mppe_128) ++ try.mppe = try.mppe_stateless = 0; ++ if (wo->mppe) { /* we want MPPE but cannot negotiate key length */ ++ wo->mppc = wo->mppe = wo->mppe_stateless = wo->mppe_40 = ++ wo->mppe_56 = wo->mppe_128 = 0; ++ lcp_close(f->unit, "MPPE required but cannot negotiate MPPE " ++ "key length"); ++ } ++ } + p += CILEN_MPPE; + len -= CILEN_MPPE; + } +-#endif ++#endif /* MPPE */ ++ if (go->lzs && len >= CILEN_LZS && p[0] == CI_LZS && p[1] == CILEN_LZS) { ++ if (p[2] != go->lzs_hists>>8 || p[3] != (go->lzs_hists&0xff) ++ || p[4] != go->lzs_mode) ++ return 0; ++ try.lzs = 0; ++ p += CILEN_LZS; ++ len -= CILEN_LZS; ++ } + if (go->deflate_correct && len >= CILEN_DEFLATE + && p[0] == CI_DEFLATE && p[1] == CILEN_DEFLATE) { + if (p[2] != DEFLATE_MAKE_OPT(go->deflate_size) +@@ -1073,14 +1362,15 @@ ccp_reqci(f, p, lenp, dont_nak) + int dont_nak; + { + int ret, newret, res; +- u_char *p0, *retp; ++ u_char *p0, *retp, p2, p5; + int len, clen, type, nb; + ccp_options *ho = &ccp_hisoptions[f->unit]; + ccp_options *ao = &ccp_allowoptions[f->unit]; ++ ccp_options *wo = &ccp_wantoptions[f->unit]; + #ifdef MPPE +- bool rej_for_ci_mppe = 1; /* Are we rejecting based on a bad/missing */ +- /* CI_MPPE, or due to other options? */ +-#endif ++ u_char opt_buf[CILEN_MPPE + MPPE_MAX_KEY_LEN]; ++/* int mtu; */ ++#endif /* MPPE */ + + ret = CONFACK; + retp = p0 = p; +@@ -1103,106 +1393,302 @@ ccp_reqci(f, p, lenp, dont_nak) + switch (type) { + #ifdef MPPE + case CI_MPPE: +- if (!ao->mppe || clen != CILEN_MPPE) { ++ if ((!ao->mppc && !ao->mppe) || clen != CILEN_MPPE) { + newret = CONFREJ; + break; + } +- MPPE_CI_TO_OPTS(&p[2], ho->mppe); +- +- /* Nak if anything unsupported or unknown are set. */ +- if (ho->mppe & MPPE_OPT_UNSUPPORTED) { +- newret = CONFNAK; +- ho->mppe &= ~MPPE_OPT_UNSUPPORTED; +- } +- if (ho->mppe & MPPE_OPT_UNKNOWN) { ++ p2 = p[2]; ++ p5 = p[5]; ++ /* not sure what they want, tell 'em what we got */ ++ if (((p[2] & ~MPPE_STATELESS) != 0 || p[3] != 0 || p[4] != 0 || ++ (p[5] & ~(MPPE_40BIT | MPPE_56BIT | MPPE_128BIT | ++ MPPE_MPPC)) != 0 || p[5] == 0) || ++ (p[2] == 0 && p[3] == 0 && p[4] == 0 && p[5] == 0)) { + newret = CONFNAK; +- ho->mppe &= ~MPPE_OPT_UNKNOWN; +- } +- +- /* Check state opt */ +- if (ho->mppe & MPPE_OPT_STATEFUL) { +- /* +- * We can Nak and request stateless, but it's a +- * lot easier to just assume the peer will request +- * it if he can do it; stateful mode is bad over +- * the Internet -- which is where we expect MPPE. +- */ +- if (refuse_mppe_stateful) { +- error("Refusing MPPE stateful mode offered by peer"); +- newret = CONFREJ; +- break; ++ p[2] = (wo->mppe_stateless ? MPPE_STATELESS : 0); ++ p[3] = 0; ++ p[4] = 0; ++ p[5] = (wo->mppe_40 ? MPPE_40BIT : 0) | ++ (wo->mppe_56 ? MPPE_56BIT : 0) | ++ (wo->mppe_128 ? MPPE_128BIT : 0) | ++ (wo->mppc ? MPPE_MPPC : 0); ++ break; ++ } ++ ++ if ((p[5] & MPPE_MPPC)) { ++ if (ao->mppc) { ++ ho->mppc = 1; ++ BCOPY(p, opt_buf, CILEN_MPPE); ++ opt_buf[2] = opt_buf[3] = opt_buf[4] = 0; ++ opt_buf[5] = MPPE_MPPC; ++ if (ccp_test(f->unit, opt_buf, CILEN_MPPE, 1) <= 0) { ++ ho->mppc = 0; ++ p[5] &= ~MPPE_MPPC; ++ newret = CONFNAK; ++ } ++ } else { ++ newret = CONFREJ; ++ if (wo->mppe || ao->mppe) { ++ p[5] &= ~MPPE_MPPC; ++ newret = CONFNAK; ++ } + } + } +- +- /* Find out which of {S,L} are set. */ +- if ((ho->mppe & MPPE_OPT_128) +- && (ho->mppe & MPPE_OPT_40)) { +- /* Both are set, negotiate the strongest. */ +- newret = CONFNAK; +- if (ao->mppe & MPPE_OPT_128) +- ho->mppe &= ~MPPE_OPT_40; +- else if (ao->mppe & MPPE_OPT_40) +- ho->mppe &= ~MPPE_OPT_128; +- else { +- newret = CONFREJ; +- break; +- } +- } else if (ho->mppe & MPPE_OPT_128) { +- if (!(ao->mppe & MPPE_OPT_128)) { +- newret = CONFREJ; +- break; +- } +- } else if (ho->mppe & MPPE_OPT_40) { +- if (!(ao->mppe & MPPE_OPT_40)) { +- newret = CONFREJ; +- break; +- } ++ if (ao->mppe) ++ ho->mppe = 1; ++ ++ if ((p[2] & MPPE_STATELESS)) { ++ if (ao->mppe_stateless) { ++ if (wo->mppe_stateless) ++ ho->mppe_stateless = 1; ++ else { ++ newret = CONFNAK; ++ if (!dont_nak) ++ p[2] &= ~MPPE_STATELESS; ++ } ++ } else { ++ newret = CONFNAK; ++ if (!dont_nak) ++ p[2] &= ~MPPE_STATELESS; ++ } ++ } else { ++ if (wo->mppe_stateless && !dont_nak) { ++ wo->mppe_stateless = 0; ++ newret = CONFNAK; ++ p[2] |= MPPE_STATELESS; ++ } ++ } ++ ++ if ((p[5] & ~MPPE_MPPC) == (MPPE_40BIT|MPPE_56BIT|MPPE_128BIT)) { ++ newret = CONFNAK; ++ if (ao->mppe_128) { ++ ho->mppe_128 = 1; ++ p[5] &= ~(MPPE_40BIT|MPPE_56BIT); ++ BCOPY(p, opt_buf, CILEN_MPPE); ++ BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE], ++ MPPE_MAX_KEY_LEN); ++ if (ccp_test(f->unit, opt_buf, CILEN_MPPE + ++ MPPE_MAX_KEY_LEN, 1) <= 0) { ++ ho->mppe_128 = 0; ++ p[5] |= (MPPE_40BIT|MPPE_56BIT); ++ p[5] &= ~MPPE_128BIT; ++ goto check_mppe_56_40; ++ } ++ goto check_mppe; ++ } ++ p[5] &= ~MPPE_128BIT; ++ goto check_mppe_56_40; ++ } ++ if ((p[5] & ~MPPE_MPPC) == (MPPE_56BIT|MPPE_128BIT)) { ++ newret = CONFNAK; ++ if (ao->mppe_128) { ++ ho->mppe_128 = 1; ++ p[5] &= ~MPPE_56BIT; ++ BCOPY(p, opt_buf, CILEN_MPPE); ++ BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE], ++ MPPE_MAX_KEY_LEN); ++ if (ccp_test(f->unit, opt_buf, CILEN_MPPE + ++ MPPE_MAX_KEY_LEN, 1) <= 0) { ++ ho->mppe_128 = 0; ++ p[5] |= MPPE_56BIT; ++ p[5] &= ~MPPE_128BIT; ++ goto check_mppe_56; ++ } ++ goto check_mppe; ++ } ++ p[5] &= ~MPPE_128BIT; ++ goto check_mppe_56; ++ } ++ if ((p[5] & ~MPPE_MPPC) == (MPPE_40BIT|MPPE_128BIT)) { ++ newret = CONFNAK; ++ if (ao->mppe_128) { ++ ho->mppe_128 = 1; ++ p[5] &= ~MPPE_40BIT; ++ BCOPY(p, opt_buf, CILEN_MPPE); ++ BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE], ++ MPPE_MAX_KEY_LEN); ++ if (ccp_test(f->unit, opt_buf, CILEN_MPPE + ++ MPPE_MAX_KEY_LEN, 1) <= 0) { ++ ho->mppe_128 = 0; ++ p[5] |= MPPE_40BIT; ++ p[5] &= ~MPPE_128BIT; ++ goto check_mppe_40; ++ } ++ goto check_mppe; ++ } ++ p[5] &= ~MPPE_128BIT; ++ goto check_mppe_40; ++ } ++ if ((p[5] & ~MPPE_MPPC) == MPPE_128BIT) { ++ if (ao->mppe_128) { ++ ho->mppe_128 = 1; ++ BCOPY(p, opt_buf, CILEN_MPPE); ++ BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE], ++ MPPE_MAX_KEY_LEN); ++ if (ccp_test(f->unit, opt_buf, CILEN_MPPE + ++ MPPE_MAX_KEY_LEN, 1) <= 0) { ++ ho->mppe_128 = 0; ++ p[5] &= ~MPPE_128BIT; ++ newret = CONFNAK; ++ } ++ goto check_mppe; ++ } ++ p[5] &= ~MPPE_128BIT; ++ newret = CONFNAK; ++ goto check_mppe; ++ } ++ check_mppe_56_40: ++ if ((p[5] & ~MPPE_MPPC) == (MPPE_40BIT|MPPE_56BIT)) { ++ newret = CONFNAK; ++ if (ao->mppe_56) { ++ ho->mppe_56 = 1; ++ p[5] &= ~MPPE_40BIT; ++ BCOPY(p, opt_buf, CILEN_MPPE); ++ BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE], ++ MPPE_MAX_KEY_LEN); ++ if (ccp_test(f->unit, opt_buf, CILEN_MPPE + ++ MPPE_MAX_KEY_LEN, 1) <= 0) { ++ ho->mppe_56 = 0; ++ p[5] |= MPPE_40BIT; ++ p[5] &= ~MPPE_56BIT; ++ newret = CONFNAK; ++ goto check_mppe_40; ++ } ++ goto check_mppe; ++ } ++ p[5] &= ~MPPE_56BIT; ++ goto check_mppe_40; ++ } ++ check_mppe_56: ++ if ((p[5] & ~MPPE_MPPC) == MPPE_56BIT) { ++ if (ao->mppe_56) { ++ ho->mppe_56 = 1; ++ BCOPY(p, opt_buf, CILEN_MPPE); ++ BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE], ++ MPPE_MAX_KEY_LEN); ++ if (ccp_test(f->unit, opt_buf, CILEN_MPPE + ++ MPPE_MAX_KEY_LEN, 1) <= 0) { ++ ho->mppe_56 = 0; ++ p[5] &= ~MPPE_56BIT; ++ newret = CONFNAK; ++ } ++ goto check_mppe; ++ } ++ p[5] &= ~MPPE_56BIT; ++ newret = CONFNAK; ++ goto check_mppe; ++ } ++ check_mppe_40: ++ if ((p[5] & ~MPPE_MPPC) == MPPE_40BIT) { ++ if (ao->mppe_40) { ++ ho->mppe_40 = 1; ++ BCOPY(p, opt_buf, CILEN_MPPE); ++ BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE], ++ MPPE_MAX_KEY_LEN); ++ if (ccp_test(f->unit, opt_buf, CILEN_MPPE + ++ MPPE_MAX_KEY_LEN, 1) <= 0) { ++ ho->mppe_40 = 0; ++ p[5] &= ~MPPE_40BIT; ++ newret = CONFNAK; ++ } ++ goto check_mppe; ++ } ++ p[5] &= ~MPPE_40BIT; ++ } ++ ++ check_mppe: ++ if (!ho->mppe_40 && !ho->mppe_56 && !ho->mppe_128) { ++ if (wo->mppe_40 || wo->mppe_56 || wo->mppe_128) { ++ newret = CONFNAK; ++ p[2] |= (wo->mppe_stateless ? MPPE_STATELESS : 0); ++ p[5] |= (wo->mppe_40 ? MPPE_40BIT : 0) | ++ (wo->mppe_56 ? MPPE_56BIT : 0) | ++ (wo->mppe_128 ? MPPE_128BIT : 0) | ++ (wo->mppc ? MPPE_MPPC : 0); ++ } else { ++ ho->mppe = ho->mppe_stateless = 0; ++ } + } else { +- /* Neither are set. */ +- /* We cannot accept this. */ +- newret = CONFNAK; +- /* Give the peer our idea of what can be used, +- so it can choose and confirm */ +- ho->mppe = ao->mppe; +- } +- +- /* rebuild the opts */ +- MPPE_OPTS_TO_CI(ho->mppe, &p[2]); +- if (newret == CONFACK) { +- u_char opt_buf[CILEN_MPPE + MPPE_MAX_KEY_LEN]; +- int mtu; +- +- BCOPY(p, opt_buf, CILEN_MPPE); +- BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE], +- MPPE_MAX_KEY_LEN); +- if (ccp_test(f->unit, opt_buf, +- CILEN_MPPE + MPPE_MAX_KEY_LEN, 1) <= 0) { +- /* This shouldn't happen, we've already tested it! */ +- error("MPPE required, but kernel has no support."); +- lcp_close(f->unit, "MPPE required but not available"); +- newret = CONFREJ; +- break; +- } +- /* +- * We need to decrease the interface MTU by MPPE_PAD +- * because MPPE frames **grow**. The kernel [must] +- * allocate MPPE_PAD extra bytes in xmit buffers. +- */ +- mtu = netif_get_mtu(f->unit); +- if (mtu) +- netif_set_mtu(f->unit, mtu - MPPE_PAD); +- else +- newret = CONFREJ; +- } +- +- /* +- * We have accepted MPPE or are willing to negotiate +- * MPPE parameters. A CONFREJ is due to subsequent +- * (non-MPPE) processing. +- */ +- rej_for_ci_mppe = 0; +- break; +-#endif /* MPPE */ ++ /* MPPE is not compatible with other compression types */ ++ if (wo->mppe) { ++ ao->bsd_compress = 0; ++ ao->predictor_1 = 0; ++ ao->predictor_2 = 0; ++ ao->deflate = 0; ++ ao->lzs = 0; ++ } ++ } ++ if ((!ho->mppc || !ao->mppc) && !ho->mppe) { ++ p[2] = p2; ++ p[5] = p5; ++ newret = CONFREJ; ++ break; ++ } ++ ++ /* ++ * I have commented the code below because according to RFC1547 ++ * MTU is only information for higher level protocols about ++ * "the maximum allowable length for a packet (q.v.) transmitted ++ * over a point-to-point link without incurring network layer ++ * fragmentation." Of course a PPP implementation should be able ++ * to handle overhead added by MPPE - in our case apropriate code ++ * is located in drivers/net/ppp_generic.c in the kernel sources. ++ * ++ * According to RFC1661: ++ * - when negotiated MRU is less than 1500 octets, a PPP ++ * implementation must still be able to receive at least 1500 ++ * octets, ++ * - when PFC is negotiated, a PPP implementation is still ++ * required to receive frames with uncompressed protocol field. ++ * ++ * So why not to handle MPPE overhead without changing MTU value? ++ * I am sure that RFC3078, unfortunately silently, assumes that. ++ */ ++ ++ /* ++ * We need to decrease the interface MTU by MPPE_PAD ++ * because MPPE frames **grow**. The kernel [must] ++ * allocate MPPE_PAD extra bytes in xmit buffers. ++ */ ++ /* ++ mtu = netif_get_mtu(f->unit); ++ if (mtu) { ++ netif_set_mtu(f->unit, mtu - MPPE_PAD); ++ } else { ++ newret = CONFREJ; ++ if (ccp_wantoptions[f->unit].mppe) { ++ error("Cannot adjust MTU needed by MPPE."); ++ lcp_close(f->unit, "Cannot adjust MTU needed by MPPE."); ++ } ++ } ++ */ ++ break; ++ #endif /* MPPE */ ++ ++ case CI_LZS: ++ if (!ao->lzs || clen != CILEN_LZS) { ++ newret = CONFREJ; ++ break; ++ } ++ ++ ho->lzs = 1; ++ ho->lzs_hists = (p[2] << 8) | p[3]; ++ ho->lzs_mode = p[4]; ++ if ((ho->lzs_hists != ao->lzs_hists) || ++ (ho->lzs_mode != ao->lzs_mode)) { ++ newret = CONFNAK; ++ if (!dont_nak) { ++ p[2] = ao->lzs_hists >> 8; ++ p[3] = ao->lzs_hists & 0xff; ++ p[4] = ao->lzs_mode; ++ } else ++ break; ++ } ++ ++ if (p == p0 && ccp_test(f->unit, p, CILEN_LZS, 1) <= 0) { ++ newret = CONFREJ; ++ } ++ break; + case CI_DEFLATE: + case CI_DEFLATE_DRAFT: + if (!ao->deflate || clen != CILEN_DEFLATE +@@ -1344,12 +1830,6 @@ ccp_reqci(f, p, lenp, dont_nak) + else + *lenp = retp - p0; + } +-#ifdef MPPE +- if (ret == CONFREJ && ao->mppe && rej_for_ci_mppe) { +- error("MPPE required but peer negotiation failed"); +- lcp_close(f->unit, "MPPE required but peer negotiation failed"); +- } +-#endif + return ret; + } + +@@ -1371,24 +1851,35 @@ method_name(opt, opt2) + char *p = result; + char *q = result + sizeof(result); /* 1 past result */ + +- slprintf(p, q - p, "MPPE "); +- p += 5; +- if (opt->mppe & MPPE_OPT_128) { +- slprintf(p, q - p, "128-bit "); +- p += 8; +- } +- if (opt->mppe & MPPE_OPT_40) { +- slprintf(p, q - p, "40-bit "); +- p += 7; +- } +- if (opt->mppe & MPPE_OPT_STATEFUL) +- slprintf(p, q - p, "stateful"); +- else +- slprintf(p, q - p, "stateless"); +- ++ if (opt->mppe) { ++ if (opt->mppc) { ++ slprintf(p, q - p, "MPPC/MPPE "); ++ p += 10; ++ } else { ++ slprintf(p, q - p, "MPPE "); ++ p += 5; ++ } ++ if (opt->mppe_128) { ++ slprintf(p, q - p, "128-bit "); ++ p += 8; ++ } else if (opt->mppe_56) { ++ slprintf(p, q - p, "56-bit "); ++ p += 7; ++ } else if (opt->mppe_40) { ++ slprintf(p, q - p, "40-bit "); ++ p += 7; ++ } ++ if (opt->mppe_stateless) ++ slprintf(p, q - p, "stateless"); ++ else ++ slprintf(p, q - p, "stateful"); ++ } else if (opt->mppc) ++ slprintf(p, q - p, "MPPC"); + break; + } +-#endif ++#endif /* MPPE */ ++ case CI_LZS: ++ return "Stac LZS"; + case CI_DEFLATE: + case CI_DEFLATE_DRAFT: + if (opt2 != NULL && opt2->deflate_size != opt->deflate_size) +@@ -1444,12 +1935,12 @@ ccp_up(f) + } else if (ANY_COMPRESS(*ho)) + notice("%s transmit compression enabled", method_name(ho, NULL)); + #ifdef MPPE +- if (go->mppe) { ++ if (go->mppe || go->mppc) { + BZERO(mppe_recv_key, MPPE_MAX_KEY_LEN); + BZERO(mppe_send_key, MPPE_MAX_KEY_LEN); + continue_networks(f->unit); /* Bring up IP et al */ + } +-#endif ++#endif /* MPPE */ + } + + /* +@@ -1472,7 +1963,7 @@ ccp_down(f) + lcp_close(f->unit, "MPPE disabled"); + } + } +-#endif ++#endif /* MPPE */ + } + + /* +@@ -1532,24 +2023,28 @@ ccp_printpkt(p, plen, printer, arg) + #ifdef MPPE + case CI_MPPE: + if (optlen >= CILEN_MPPE) { +- u_char mppe_opts; +- +- MPPE_CI_TO_OPTS(&p[2], mppe_opts); +- printer(arg, "mppe %s %s %s %s %s %s%s", +- (p[2] & MPPE_H_BIT)? "+H": "-H", +- (p[5] & MPPE_M_BIT)? "+M": "-M", +- (p[5] & MPPE_S_BIT)? "+S": "-S", +- (p[5] & MPPE_L_BIT)? "+L": "-L", ++ printer(arg, "mppe %s %s %s %s %s %s", ++ (p[2] & MPPE_STATELESS)? "+H": "-H", ++ (p[5] & MPPE_56BIT)? "+M": "-M", ++ (p[5] & MPPE_128BIT)? "+S": "-S", ++ (p[5] & MPPE_40BIT)? "+L": "-L", + (p[5] & MPPE_D_BIT)? "+D": "-D", +- (p[5] & MPPE_C_BIT)? "+C": "-C", +- (mppe_opts & MPPE_OPT_UNKNOWN)? " +U": ""); +- if (mppe_opts & MPPE_OPT_UNKNOWN) ++ (p[5] & MPPE_MPPC)? "+C": "-C"); ++ if ((p[5] & ~(MPPE_56BIT | MPPE_128BIT | MPPE_40BIT | ++ MPPE_D_BIT | MPPE_MPPC)) || ++ (p[2] & ~MPPE_STATELESS)) + printer(arg, " (%.2x %.2x %.2x %.2x)", + p[2], p[3], p[4], p[5]); + p += CILEN_MPPE; + } + break; +-#endif ++#endif /* MPPE */ ++ case CI_LZS: ++ if (optlen >= CILEN_LZS) { ++ printer(arg, "lzs %.2x %.2x %.2x", p[2], p[3], p[4]); ++ p += CILEN_LZS; ++ } ++ break; + case CI_DEFLATE: + case CI_DEFLATE_DRAFT: + if (optlen >= CILEN_DEFLATE) { +@@ -1635,6 +2130,7 @@ ccp_datainput(unit, pkt, len) + error("Lost compression sync: disabling compression"); + ccp_close(unit, "Lost compression sync"); + #ifdef MPPE ++ /* My module dosn't need this. J.D., 2003-07-06 */ + /* + * If we were doing MPPE, we must also take the link down. + */ +@@ -1642,9 +2138,18 @@ ccp_datainput(unit, pkt, len) + error("Too many MPPE errors, closing LCP"); + lcp_close(unit, "Too many MPPE errors"); + } +-#endif ++#endif /* MPPE */ + } else { + /* ++ * When LZS or MPPE/MPPC is negotiated we just send CCP_RESETREQ ++ * and don't wait for CCP_RESETACK ++ */ ++ if ((ccp_gotoptions[f->unit].method == CI_LZS) || ++ (ccp_gotoptions[f->unit].method == CI_MPPE)) { ++ fsm_sdata(f, CCP_RESETREQ, f->reqid = ++f->id, NULL, 0); ++ return; ++ } ++ /* + * Send a reset-request to reset the peer's compressor. + * We don't do that if we are still waiting for an + * acknowledgement to a previous reset-request. +--- a/pppd/ccp.h ++++ b/pppd/ccp.h +@@ -37,9 +37,17 @@ typedef struct ccp_options { + bool predictor_2; /* do Predictor-2? */ + bool deflate_correct; /* use correct code for deflate? */ + bool deflate_draft; /* use draft RFC code for deflate? */ ++ bool lzs; /* do Stac LZS? */ ++ bool mppc; /* do MPPC? */ + bool mppe; /* do MPPE? */ ++ bool mppe_40; /* allow 40 bit encryption? */ ++ bool mppe_56; /* allow 56 bit encryption? */ ++ bool mppe_128; /* allow 128 bit encryption? */ ++ bool mppe_stateless; /* allow stateless encryption */ + u_short bsd_bits; /* # bits/code for BSD Compress */ + u_short deflate_size; /* lg(window size) for Deflate */ ++ u_short lzs_mode; /* LZS check mode */ ++ u_short lzs_hists; /* number of LZS histories */ + short method; /* code for chosen compression method */ + } ccp_options; + +--- a/pppd/chap_ms.c ++++ b/pppd/chap_ms.c +@@ -963,13 +963,17 @@ set_mppe_enc_types(int policy, int types + /* + * Disable undesirable encryption types. Note that we don't ENABLE + * any encryption types, to avoid overriding manual configuration. ++ * ++ * It seems that 56 bit keys are unsupported in MS-RADIUS (see RFC 2548) + */ + switch(types) { + case MPPE_ENC_TYPES_RC4_40: +- ccp_wantoptions[0].mppe &= ~MPPE_OPT_128; /* disable 128-bit */ ++ ccp_wantoptions[0].mppe_128 = 0; /* disable 128-bit */ ++ ccp_wantoptions[0].mppe_56 = 0; /* disable 56-bit */ + break; + case MPPE_ENC_TYPES_RC4_128: +- ccp_wantoptions[0].mppe &= ~MPPE_OPT_40; /* disable 40-bit */ ++ ccp_wantoptions[0].mppe_56 = 0; /* disable 56-bit */ ++ ccp_wantoptions[0].mppe_40 = 0; /* disable 40-bit */ + break; + default: + break; diff --git a/package/network/services/ppp/patches/202-no_strip.patch b/package/network/services/ppp/patches/202-no_strip.patch new file mode 100644 index 0000000..375f449 --- /dev/null +++ b/package/network/services/ppp/patches/202-no_strip.patch @@ -0,0 +1,88 @@ +build: Do not strip binaries on install + +Strippign executables should be handled by the distro packaging, not by ppp +itself. This patch removes the "-s" (strip) switch from all "install" commands +in order to install unstripped binaries into the destination prefix. + +Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> + +--- a/chat/Makefile.linux ++++ b/chat/Makefile.linux +@@ -25,7 +25,7 @@ chat.o: chat.c + + install: chat + mkdir -p $(BINDIR) $(MANDIR) +- $(INSTALL) -s -c chat $(BINDIR) ++ $(INSTALL) -c chat $(BINDIR) + $(INSTALL) -c -m 644 chat.8 $(MANDIR) + + clean: +--- a/pppd/Makefile.linux ++++ b/pppd/Makefile.linux +@@ -102,7 +102,7 @@ ifdef USE_SRP + CFLAGS += -DUSE_SRP -DOPENSSL -I/usr/local/ssl/include + LIBS += -lsrp -L/usr/local/ssl/lib -lcrypto + TARGETS += srp-entry +-EXTRAINSTALL = $(INSTALL) -s -c -m 555 srp-entry $(BINDIR)/srp-entry ++EXTRAINSTALL = $(INSTALL) -c -m 555 srp-entry $(BINDIR)/srp-entry + MANPAGES += srp-entry.8 + EXTRACLEAN += srp-entry.o + NEEDDES=y +@@ -208,7 +208,7 @@ all: $(TARGETS) + install: pppd + mkdir -p $(BINDIR) $(MANDIR) + $(EXTRAINSTALL) +- $(INSTALL) -s -c -m 555 pppd $(BINDIR)/pppd ++ $(INSTALL) -c -m 555 pppd $(BINDIR)/pppd + if chgrp pppusers $(BINDIR)/pppd 2>/dev/null; then \ + chmod o-rx,u+s $(BINDIR)/pppd; fi + $(INSTALL) -c -m 444 pppd.8 $(MANDIR) +--- a/pppd/plugins/radius/Makefile.linux ++++ b/pppd/plugins/radius/Makefile.linux +@@ -36,9 +36,9 @@ all: $(PLUGIN) + + install: all + $(INSTALL) -d -m 755 $(LIBDIR) +- $(INSTALL) -s -c -m 755 radius.so $(LIBDIR) +- $(INSTALL) -s -c -m 755 radattr.so $(LIBDIR) +- $(INSTALL) -s -c -m 755 radrealms.so $(LIBDIR) ++ $(INSTALL) -c -m 755 radius.so $(LIBDIR) ++ $(INSTALL) -c -m 755 radattr.so $(LIBDIR) ++ $(INSTALL) -c -m 755 radrealms.so $(LIBDIR) + $(INSTALL) -c -m 444 pppd-radius.8 $(MANDIR) + $(INSTALL) -c -m 444 pppd-radattr.8 $(MANDIR) + +--- a/pppd/plugins/rp-pppoe/Makefile.linux ++++ b/pppd/plugins/rp-pppoe/Makefile.linux +@@ -43,9 +43,9 @@ rp-pppoe.so: plugin.o discovery.o if.o c + + install: all + $(INSTALL) -d -m 755 $(LIBDIR) +- $(INSTALL) -s -c -m 4550 rp-pppoe.so $(LIBDIR) ++ $(INSTALL) -c -m 4550 rp-pppoe.so $(LIBDIR) + $(INSTALL) -d -m 755 $(BINDIR) +- $(INSTALL) -s -c -m 555 pppoe-discovery $(BINDIR) ++ $(INSTALL) -c -m 555 pppoe-discovery $(BINDIR) + + clean: + rm -f *.o *.so pppoe-discovery +--- a/pppdump/Makefile.linux ++++ b/pppdump/Makefile.linux +@@ -17,5 +17,5 @@ clean: + + install: + mkdir -p $(BINDIR) $(MANDIR) +- $(INSTALL) -s -c pppdump $(BINDIR) ++ $(INSTALL) -c pppdump $(BINDIR) + $(INSTALL) -c -m 444 pppdump.8 $(MANDIR) +--- a/pppstats/Makefile.linux ++++ b/pppstats/Makefile.linux +@@ -22,7 +22,7 @@ all: pppstats + + install: pppstats + -mkdir -p $(MANDIR) +- $(INSTALL) -s -c pppstats $(BINDIR) ++ $(INSTALL) -c pppstats $(BINDIR) + $(INSTALL) -c -m 444 pppstats.8 $(MANDIR) + + pppstats: $(PPPSTATSRCS) diff --git a/package/network/services/ppp/patches/203-opt_flags.patch b/package/network/services/ppp/patches/203-opt_flags.patch new file mode 100644 index 0000000..906d081 --- /dev/null +++ b/package/network/services/ppp/patches/203-opt_flags.patch @@ -0,0 +1,32 @@ +build: Move optimization flags into a separate variable + +Isolate optimization related compiler flags from CFLAGS and move them into a +separate COPTS variable so that it is easier to override optimizations from +the environment. + +Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> + +--- a/pppd/plugins/radius/Makefile.linux ++++ b/pppd/plugins/radius/Makefile.linux +@@ -12,7 +12,8 @@ VERSION = $(shell awk -F '"' '/VERSION/ + INSTALL = install + + PLUGIN=radius.so radattr.so radrealms.so +-CFLAGS=-I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON ++COPTS = -O2 ++CFLAGS=-I. -I../.. -I../../../include $(COPTS) -fPIC -DRC_LOG_FACILITY=LOG_DAEMON + + # Uncomment the next line to include support for Microsoft's + # MS-CHAP authentication protocol. +--- a/pppdump/Makefile.linux ++++ b/pppdump/Makefile.linux +@@ -2,7 +2,8 @@ DESTDIR = $(INSTROOT)@DESTDIR@ + BINDIR = $(DESTDIR)/sbin + MANDIR = $(DESTDIR)/share/man/man8 + +-CFLAGS= -O -I../include/net ++COPTS = -O ++CFLAGS= $(COPTS) -I../include/net + OBJS = pppdump.o bsd-comp.o deflate.o zlib.o + + INSTALL= install diff --git a/package/network/services/ppp/patches/204-radius_config.patch b/package/network/services/ppp/patches/204-radius_config.patch new file mode 100644 index 0000000..c97a535 --- /dev/null +++ b/package/network/services/ppp/patches/204-radius_config.patch @@ -0,0 +1,72 @@ +--- a/pppd/plugins/radius/config.c ++++ b/pppd/plugins/radius/config.c +@@ -369,31 +369,37 @@ static int test_config(char *filename) + } + #endif + ++#if 0 + if (rc_conf_int("login_tries") <= 0) + { + error("%s: login_tries <= 0 is illegal", filename); + return (-1); + } ++#endif + if (rc_conf_str("seqfile") == NULL) + { + error("%s: seqfile not specified", filename); + return (-1); + } ++#if 0 + if (rc_conf_int("login_timeout") <= 0) + { + error("%s: login_timeout <= 0 is illegal", filename); + return (-1); + } ++#endif + if (rc_conf_str("mapfile") == NULL) + { + error("%s: mapfile not specified", filename); + return (-1); + } ++#if 0 + if (rc_conf_str("nologin") == NULL) + { + error("%s: nologin not specified", filename); + return (-1); + } ++#endif + + return 0; + } +--- a/pppd/plugins/radius/options.h ++++ b/pppd/plugins/radius/options.h +@@ -31,24 +31,21 @@ typedef struct _option { + static SERVER acctserver = {0}; + static SERVER authserver = {0}; + +-int default_tries = 4; +-int default_timeout = 60; +- + static OPTION config_options[] = { + /* internally used options */ + {"config_file", OT_STR, ST_UNDEF, NULL}, + /* General options */ + {"auth_order", OT_AUO, ST_UNDEF, NULL}, +-{"login_tries", OT_INT, ST_UNDEF, &default_tries}, +-{"login_timeout", OT_INT, ST_UNDEF, &default_timeout}, +-{"nologin", OT_STR, ST_UNDEF, "/etc/nologin"}, +-{"issue", OT_STR, ST_UNDEF, "/etc/radiusclient/issue"}, ++{"login_tries", OT_INT, ST_UNDEF, NULL}, ++{"login_timeout", OT_INT, ST_UNDEF, NULL}, ++{"nologin", OT_STR, ST_UNDEF, NULL}, ++{"issue", OT_STR, ST_UNDEF, NULL}, + /* RADIUS specific options */ + {"authserver", OT_SRV, ST_UNDEF, &authserver}, + {"acctserver", OT_SRV, ST_UNDEF, &acctserver}, + {"servers", OT_STR, ST_UNDEF, NULL}, + {"dictionary", OT_STR, ST_UNDEF, NULL}, +-{"login_radius", OT_STR, ST_UNDEF, "/usr/sbin/login.radius"}, ++{"login_radius", OT_STR, ST_UNDEF, NULL}, + {"seqfile", OT_STR, ST_UNDEF, NULL}, + {"mapfile", OT_STR, ST_UNDEF, NULL}, + {"default_realm", OT_STR, ST_UNDEF, NULL}, diff --git a/package/network/services/ppp/patches/205-no_exponential_timeout.patch b/package/network/services/ppp/patches/205-no_exponential_timeout.patch new file mode 100644 index 0000000..68aea12 --- /dev/null +++ b/package/network/services/ppp/patches/205-no_exponential_timeout.patch @@ -0,0 +1,29 @@ +pppd: Don't use exponential timeout in discovery phase + +This patch removes the exponential timeout increase between PADO or PADS +discovery attempts. + +Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> + +--- a/pppd/plugins/rp-pppoe/discovery.c ++++ b/pppd/plugins/rp-pppoe/discovery.c +@@ -644,7 +644,9 @@ discovery(PPPoEConnection *conn) + conn->discoveryState = STATE_SENT_PADI; + waitForPADO(conn, timeout); + ++#if 0 + timeout *= 2; ++#endif + } while (conn->discoveryState == STATE_SENT_PADI); + + timeout = conn->discoveryTimeout; +@@ -659,7 +661,9 @@ discovery(PPPoEConnection *conn) + sendPADR(conn); + conn->discoveryState = STATE_SENT_PADR; + waitForPADS(conn, timeout); ++#if 0 + timeout *= 2; ++#endif + } while (conn->discoveryState == STATE_SENT_PADR); + + if (!conn->seenMaxPayload) { diff --git a/package/network/services/ppp/patches/206-compensate_time_change.patch b/package/network/services/ppp/patches/206-compensate_time_change.patch new file mode 100644 index 0000000..fb6c656 --- /dev/null +++ b/package/network/services/ppp/patches/206-compensate_time_change.patch @@ -0,0 +1,94 @@ +pppd: Watch out for time warps + +On many embedded systems there is no battery backed RTC and a proper system +time only becomes available through NTP after establishing a connection. + +When the clock suddenly jumps forward, the internal accounting (connect time) +is confused resulting in unreliable data. + +This patch implements periodic clock checking to look for time warps, if one +is detected, the internal counters are adjusted accordingly. + +Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> + +--- a/pppd/main.c ++++ b/pppd/main.c +@@ -90,6 +90,7 @@ + #include <sys/socket.h> + #include <netinet/in.h> + #include <arpa/inet.h> ++#include <sys/sysinfo.h> + + #include "pppd.h" + #include "magic.h" +@@ -228,6 +229,7 @@ static struct subprocess *children; + + /* Prototypes for procedures local to this file. */ + ++static void check_time(void); + static void setup_signals __P((void)); + static void create_pidfile __P((int pid)); + static void create_linkpidfile __P((int pid)); +@@ -535,6 +537,7 @@ main(argc, argv) + info("Starting link"); + } + ++ check_time(); + gettimeofday(&start_time, NULL); + script_unsetenv("CONNECT_TIME"); + script_unsetenv("BYTES_SENT"); +@@ -1267,6 +1270,36 @@ struct callout { + + static struct callout *callout = NULL; /* Callout list */ + static struct timeval timenow; /* Current time */ ++static long uptime_diff = 0; ++static int uptime_diff_set = 0; ++ ++static void check_time(void) ++{ ++ long new_diff; ++ struct timeval t; ++ struct sysinfo i; ++ struct callout *p; ++ ++ gettimeofday(&t, NULL); ++ sysinfo(&i); ++ new_diff = t.tv_sec - i.uptime; ++ ++ if (!uptime_diff_set) { ++ uptime_diff = new_diff; ++ uptime_diff_set = 1; ++ return; ++ } ++ ++ if ((new_diff - 5 > uptime_diff) || (new_diff + 5 < uptime_diff)) { ++ /* system time has changed, update counters and timeouts */ ++ info("System time change detected."); ++ start_time.tv_sec += new_diff - uptime_diff; ++ ++ for (p = callout; p != NULL; p = p->c_next) ++ p->c_time.tv_sec += new_diff - uptime_diff; ++ } ++ uptime_diff = new_diff; ++} + + /* + * timeout - Schedule a timeout. +@@ -1337,6 +1370,8 @@ calltimeout() + { + struct callout *p; + ++ check_time(); ++ + while (callout != NULL) { + p = callout; + +@@ -1364,6 +1399,8 @@ timeleft(tvp) + { + if (callout == NULL) + return NULL; ++ ++ check_time(); + + gettimeofday(&timenow, NULL); + tvp->tv_sec = callout->c_time.tv_sec - timenow.tv_sec; diff --git a/package/network/services/ppp/patches/207-lcp_mtu_max.patch b/package/network/services/ppp/patches/207-lcp_mtu_max.patch new file mode 100644 index 0000000..240701b --- /dev/null +++ b/package/network/services/ppp/patches/207-lcp_mtu_max.patch @@ -0,0 +1,25 @@ +pppd: Cap MTU to the user configured value + +This patchs caps the calculated MTU value in lcp.c to the user specified "mru" +option value. Without this patch pppd would advertise a different MTU value +compared to what is set on the local interface in some cases. + +Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> + +--- a/pppd/lcp.c ++++ b/pppd/lcp.c +@@ -1917,12 +1917,12 @@ lcp_up(f) + * the interface MTU is set to the lowest of that, the + * MTU we want to use, and our link MRU. + */ +- mtu = ho->neg_mru? ho->mru: PPP_MRU; ++ mtu = MIN(ho->neg_mru? ho->mru: PPP_MRU, ao->mru); + mru = go->neg_mru? MAX(wo->mru, go->mru): PPP_MRU; + #ifdef HAVE_MULTILINK + if (!(multilink && go->neg_mrru && ho->neg_mrru)) + #endif /* HAVE_MULTILINK */ +- netif_set_mtu(f->unit, MIN(MIN(mtu, mru), ao->mru)); ++ netif_set_mtu(f->unit, MIN(mtu, mru)); + ppp_send_config(f->unit, mtu, + (ho->neg_asyncmap? ho->asyncmap: 0xffffffff), + ho->neg_pcompression, ho->neg_accompression); diff --git a/package/network/services/ppp/patches/208-fix_status_code.patch b/package/network/services/ppp/patches/208-fix_status_code.patch new file mode 100644 index 0000000..25e2a10 --- /dev/null +++ b/package/network/services/ppp/patches/208-fix_status_code.patch @@ -0,0 +1,24 @@ +pppd: Do not clobber exit codes on hangup + +When a modem hangup occurs, pppd unconditionally sets the exit status code +to EXIT_HANGUP. This patch only sets EXIT_HANGUP if the exit status code is +not already set to an error value. + +The motiviation of this patch is to allow applications which remote control +pppd to react properly on errors, e.g. only redial (relaunch pppd) if there +was a hangup, but not if the CHAP authentication failed. + +Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> + +--- a/pppd/main.c ++++ b/pppd/main.c +@@ -1048,7 +1048,8 @@ get_input() + } + notice("Modem hangup"); + hungup = 1; +- status = EXIT_HANGUP; ++ if (status == EXIT_OK) ++ status = EXIT_HANGUP; + lcp_lowerdown(0); /* serial link is no longer available */ + link_terminated(0); + return; diff --git a/package/network/services/ppp/patches/300-filter-pcap-includes-lib.patch b/package/network/services/ppp/patches/300-filter-pcap-includes-lib.patch new file mode 100644 index 0000000..843c9f2 --- /dev/null +++ b/package/network/services/ppp/patches/300-filter-pcap-includes-lib.patch @@ -0,0 +1,20 @@ +build: Add required CFLAGS for libpcap + +This patch adds some flags to required to properly link libpcap within the +OpenWrt environment. + +Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> + +--- a/pppd/Makefile.linux ++++ b/pppd/Makefile.linux +@@ -178,8 +178,8 @@ endif + + ifdef FILTER + ifneq ($(wildcard /usr/include/pcap-bpf.h),) +-LIBS += -lpcap +-CFLAGS += -DPPP_FILTER ++LIBS += -lpcap -L$(STAGING_DIR)/usr/lib ++CFLAGS += -DPPP_FILTER -I$(STAGING_DIR)/usr/include + endif + endif + diff --git a/package/network/services/ppp/patches/310-precompile_filter.patch b/package/network/services/ppp/patches/310-precompile_filter.patch new file mode 100644 index 0000000..877ca6b --- /dev/null +++ b/package/network/services/ppp/patches/310-precompile_filter.patch @@ -0,0 +1,196 @@ +pppd: Implement support for precompiled pcap filters + +This patch implements support for precompiled pcap filters which is useful to +support dial-on-demand on memory constrained embedded devices without having +to link the full libpcap into pppd to generate the filters during runtime. + +Two new options are introduced; "precompiled-pass-filter" specifies a pre- +compiled filter file containing rules to match packets which should be passed, +"precompiled-active-filter" specifies a filter file containing rules to match +packets which are treated as active. + +Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> + +--- a/pppd/Makefile.linux ++++ b/pppd/Makefile.linux +@@ -50,6 +50,9 @@ MPPE=y + # and that the kernel driver support PPP packet filtering. + #FILTER=y + ++# Support for precompiled filters ++PRECOMPILED_FILTER=y ++ + # Uncomment the next line to enable multilink PPP (enabled by default) + # Linux distributions: Please leave multilink ENABLED in your builds + # of pppd! +@@ -183,6 +186,14 @@ CFLAGS += -DPPP_FILTER -I$(STAGING_DIR) + endif + endif + ++ifdef PRECOMPILED_FILTER ++PPPDSRCS += pcap_pcc.c ++HEADERS += pcap_pcc.h ++PPPDOBJS += pcap_pcc.o ++LIBS += $(STAGING_DIR)/usr/lib/libpcap.a ++CFLAGS += -DPPP_FILTER -DPPP_PRECOMPILED_FILTER -I$(STAGING_DIR)/usr/include ++endif ++ + ifdef HAVE_INET6 + PPPDSRCS += ipv6cp.c eui64.c + HEADERS += ipv6cp.h eui64.h +--- a/pppd/options.c ++++ b/pppd/options.c +@@ -57,6 +57,7 @@ + + #ifdef PPP_FILTER + #include <pcap.h> ++#include <pcap-bpf.h> + /* + * There have been 3 or 4 different names for this in libpcap CVS, but + * this seems to be what they have settled on... +@@ -165,6 +166,13 @@ static int setlogfile __P((char **)); + static int loadplugin __P((char **)); + #endif + ++#ifdef PPP_PRECOMPILED_FILTER ++#include "pcap_pcc.h" ++static int setprecompiledpassfilter __P((char **)); ++static int setprecompiledactivefilter __P((char **)); ++#undef PPP_FILTER ++#endif ++ + #ifdef PPP_FILTER + static int setpassfilter __P((char **)); + static int setactivefilter __P((char **)); +@@ -344,6 +352,14 @@ option_t general_options[] = { + "set filter for active pkts", OPT_PRIO }, + #endif + ++#ifdef PPP_PRECOMPILED_FILTER ++ { "precompiled-pass-filter", 1, setprecompiledpassfilter, ++ "set precompiled filter for packets to pass", OPT_PRIO }, ++ ++ { "precompiled-active-filter", 1, setprecompiledactivefilter, ++ "set precompiled filter for active pkts", OPT_PRIO }, ++#endif ++ + #ifdef MAXOCTETS + { "maxoctets", o_int, &maxoctets, + "Set connection traffic limit", +@@ -1493,6 +1509,29 @@ callfile(argv) + return ok; + } + ++#ifdef PPP_PRECOMPILED_FILTER ++/* ++ * setprecompiledpassfilter - Set the pass filter for packets using a ++ * precompiled expression ++ */ ++static int ++setprecompiledpassfilter(argv) ++ char **argv; ++{ ++ return pcap_pre_compiled (*argv, &pass_filter); ++} ++ ++/* ++ * setactivefilter - Set the active filter for packets ++ */ ++static int ++setprecompiledactivefilter(argv) ++ char **argv; ++{ ++ return pcap_pre_compiled (*argv, &active_filter); ++} ++#endif ++ + #ifdef PPP_FILTER + /* + * setpassfilter - Set the pass filter for packets +--- /dev/null ++++ b/pppd/pcap_pcc.c +@@ -0,0 +1,74 @@ ++#include <pcap.h> ++#include <pcap-bpf.h> ++#include <stdio.h> ++#include <stdlib.h> ++#include <string.h> ++#include <errno.h> ++#include "pppd.h" ++ ++int pcap_pre_compiled (char * fname, struct bpf_program *p) ++{ ++ char buf[128]; ++ int line = 0, size = 0, index=0, ret=1; ++ FILE *f = fopen (fname, "r"); ++ if (!f) ++ { ++ option_error("error opening precompiled active-filter '%s': %s", ++ fname, strerror (errno)); ++ return 0; ++ } ++ while (fgets (buf, 127, f)) ++ { ++ line++; ++ if (*buf == '#') ++ continue; ++ if (size) ++ { ++ /* ++ struct bpf_insn { ++ u_short code; ++ u_char jt; ++ u_char jf; ++ bpf_int32 k; ++ } ++ */ ++ struct bpf_insn * insn = & p->bf_insns[index]; ++ unsigned code, jt, jf, k; ++ if (sscanf (buf, "%u %u %u %u", &code, &jt, &jf, &k) != 4) ++ { ++ goto err; ++ } ++ insn->code = code; ++ insn->jt = jt; ++ insn->jf = jf; ++ insn->k = k; ++ index++; ++ } ++ else ++ { ++ if (sscanf (buf, "%u", &size) != 1) ++ { ++ goto err; ++ } ++ p->bf_len = size; ++ p->bf_insns = (struct bpf_insn *) ++ malloc (size * sizeof (struct bpf_insn)); ++ } ++ } ++ if (size != index) ++ { ++ option_error("error in precompiled active-filter," ++ " expected %d expressions, got %dn", ++ size, index); ++ ret = 0; ++ } ++ fclose(f); ++ return ret; ++ ++err: ++ option_error("error in precompiled active-filter" ++ " expression line %s:%d (wrong size)\n", ++ fname, line); ++ fclose (f); ++ return 0; ++} +--- /dev/null ++++ b/pppd/pcap_pcc.h +@@ -0,0 +1,7 @@ ++#ifndef PCAP_PCC_H ++#define PCAP_PCC_H ++ ++#include <pcap.h> ++ ++int pcap_pre_compiled (char * fname, struct bpf_program *p); ++#endif /* PCAP_PCC_H */ diff --git a/package/network/services/ppp/patches/320-custom_iface_names.patch b/package/network/services/ppp/patches/320-custom_iface_names.patch new file mode 100644 index 0000000..ccda0c6 --- /dev/null +++ b/package/network/services/ppp/patches/320-custom_iface_names.patch @@ -0,0 +1,135 @@ +pppd: Support arbitrary interface names + +This patch implements a new string option "ifname" which allows to specify +fully custom PPP interface names on Linux. It does so by renaming the +allocated pppX device immediately after it has been created to the requested +interface name. + +Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> + +--- a/pppd/main.c ++++ b/pppd/main.c +@@ -745,8 +745,11 @@ void + set_ifunit(iskey) + int iskey; + { +- info("Using interface %s%d", PPP_DRV_NAME, ifunit); +- slprintf(ifname, sizeof(ifname), "%s%d", PPP_DRV_NAME, ifunit); ++ if (use_ifname[0] == 0) ++ slprintf(ifname, sizeof(ifname), "%s%d", PPP_DRV_NAME, ifunit); ++ else ++ slprintf(ifname, sizeof(ifname), "%s", use_ifname); ++ info("Using interface %s", ifname); + script_setenv("IFNAME", ifname, iskey); + if (iskey) { + create_pidfile(getpid()); /* write pid to file */ +--- a/pppd/options.c ++++ b/pppd/options.c +@@ -112,6 +112,7 @@ int log_to_fd = 1; /* send log messages + bool log_default = 1; /* log_to_fd is default (stdout) */ + int maxfail = 10; /* max # of unsuccessful connection attempts */ + char linkname[MAXPATHLEN]; /* logical name for link */ ++char use_ifname[IFNAMSIZ]; /* physical name for PPP link */ + bool tune_kernel; /* may alter kernel settings */ + int connect_delay = 1000; /* wait this many ms after connect script */ + int req_unit = -1; /* requested interface unit */ +@@ -277,6 +278,9 @@ option_t general_options[] = { + { "linkname", o_string, linkname, + "Set logical name for link", + OPT_PRIO | OPT_PRIV | OPT_STATIC, NULL, MAXPATHLEN }, ++ { "ifname", o_string, use_ifname, ++ "Set physical name for PPP interface", ++ OPT_PRIO | OPT_PRIV | OPT_STATIC, NULL, IFNAMSIZ }, + + { "maxfail", o_int, &maxfail, + "Maximum number of unsuccessful connection attempts to allow", +--- a/pppd/pppd.h ++++ b/pppd/pppd.h +@@ -74,6 +74,10 @@ + #include "eui64.h" + #endif + ++#ifndef IFNAMSIZ ++#define IFNAMSIZ 16 ++#endif ++ + /* + * Limits. + */ +@@ -317,6 +321,7 @@ extern char *record_file; /* File to rec + extern bool sync_serial; /* Device is synchronous serial device */ + extern int maxfail; /* Max # of unsuccessful connection attempts */ + extern char linkname[MAXPATHLEN]; /* logical name for link */ ++extern char use_ifname[IFNAMSIZ]; /* physical name for PPP interface */ + extern bool tune_kernel; /* May alter kernel settings as necessary */ + extern int connect_delay; /* Time to delay after connect script */ + extern int max_data_rate; /* max bytes/sec through charshunt */ +--- a/pppd/sys-linux.c ++++ b/pppd/sys-linux.c +@@ -161,6 +161,10 @@ struct in6_ifreq { + /* We can get an EIO error on an ioctl if the modem has hung up */ + #define ok_error(num) ((num)==EIO) + ++#if !defined(PPP_DRV_NAME) ++#define PPP_DRV_NAME "ppp" ++#endif /* !defined(PPP_DRV_NAME) */ ++ + static int tty_disc = N_TTY; /* The TTY discipline */ + static int ppp_disc = N_PPP; /* The PPP discpline */ + static int initfdflags = -1; /* Initial file descriptor flags for fd */ +@@ -620,7 +624,8 @@ void generic_disestablish_ppp(int dev_fd + */ + static int make_ppp_unit() + { +- int x, flags; ++ struct ifreq ifr; ++ int x, flags, s; + + if (ppp_dev_fd >= 0) { + dbglog("in make_ppp_unit, already had /dev/ppp open?"); +@@ -643,6 +648,30 @@ static int make_ppp_unit() + } + if (x < 0) + error("Couldn't create new ppp unit: %m"); ++ ++ if (use_ifname[0] != 0) { ++ s = socket(PF_INET, SOCK_DGRAM, 0); ++ if (s < 0) ++ s = socket(PF_PACKET, SOCK_DGRAM, 0); ++ if (s < 0) ++ s = socket(PF_INET6, SOCK_DGRAM, 0); ++ if (s < 0) ++ s = socket(PF_UNIX, SOCK_DGRAM, 0); ++ if (s >= 0) { ++ slprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s%d", PPP_DRV_NAME, ifunit); ++ slprintf(ifr.ifr_newname, sizeof(ifr.ifr_newname), "%s", use_ifname); ++ x = ioctl(s, SIOCSIFNAME, &ifr); ++ close(s); ++ } else { ++ x = s; ++ } ++ if (x < 0) { ++ error("Couldn't rename %s to %s", ifr.ifr_name, ifr.ifr_newname); ++ close(ppp_dev_fd); ++ ppp_dev_fd = -1; ++ } ++ } ++ + return x; + } + +--- a/pppstats/pppstats.c ++++ b/pppstats/pppstats.c +@@ -506,10 +506,12 @@ main(argc, argv) + if (argc > 0) + interface = argv[0]; + ++#if 0 + if (sscanf(interface, PPP_DRV_NAME "%d", &unit) != 1) { + fprintf(stderr, "%s: invalid interface '%s' specified\n", + progname, interface); + } ++#endif + + #ifndef STREAMS + { diff --git a/package/network/services/ppp/patches/321-multilink_support_custom_iface_names.patch b/package/network/services/ppp/patches/321-multilink_support_custom_iface_names.patch new file mode 100644 index 0000000..bba5884 --- /dev/null +++ b/package/network/services/ppp/patches/321-multilink_support_custom_iface_names.patch @@ -0,0 +1,146 @@ +From: George Kashperko <george@znau.edu.ua> + +Make mlppp support more generic interface naming other than pppX +Signed-off-by: George Kashperko <george@znau.edu.ua> +--- + pppd/multilink.c | 55 +++++++++++++++++++++++++++++++++------------ + pppd/sys-linux.c | 12 +++++++++ + 2 files changed, 53 insertions(+), 14 deletions(-) +--- a/pppd/multilink.c ++++ b/pppd/multilink.c +@@ -56,7 +56,8 @@ static void iterate_bundle_links __P((vo + + static int get_default_epdisc __P((struct epdisc *)); + static int parse_num __P((char *str, const char *key, int *valp)); +-static int owns_unit __P((TDB_DATA pid, int unit)); ++static int parse_str __P((char *str, const char *key, char *buf, int buflen)); ++static int owns_link __P((TDB_DATA pid, char *ifname)); + + #define set_ip_epdisc(ep, addr) do { \ + ep->length = 4; \ +@@ -197,35 +198,38 @@ mp_join_bundle() + key.dptr = bundle_id; + key.dsize = p - bundle_id; + pid = tdb_fetch(pppdb, key); ++ + if (pid.dptr != NULL) { ++ char tmp[IFNAMSIZ]; ++ + /* bundle ID exists, see if the pppd record exists */ + rec = tdb_fetch(pppdb, pid); ++ + if (rec.dptr != NULL && rec.dsize > 0) { + /* make sure the string is null-terminated */ + rec.dptr[rec.dsize-1] = 0; +- /* parse the interface number */ +- parse_num(rec.dptr, "IFNAME=ppp", &unit); ++ + /* check the pid value */ + if (!parse_num(rec.dptr, "PPPD_PID=", &pppd_pid) ++ || !parse_str(rec.dptr, "IFNAME=", tmp, sizeof(tmp)) ++ || !parse_num(rec.dptr, "IFUNIT=", &unit) + || !process_exists(pppd_pid) +- || !owns_unit(pid, unit)) ++ || !owns_link(pid, tmp)) + unit = -1; + free(rec.dptr); + } + free(pid.dptr); +- } + +- if (unit >= 0) { + /* attach to existing unit */ +- if (bundle_attach(unit)) { ++ if (unit >= 0 && bundle_attach(unit)) { + set_ifunit(0); + script_setenv("BUNDLE", bundle_id + 7, 0); + make_bundle_links(1); + unlock_db(); +- info("Link attached to %s", ifname); ++ info("Link attached to %s", tmp); + return 1; ++ /* attach failed because bundle doesn't exist */ + } +- /* attach failed because bundle doesn't exist */ + } + + /* we have to make a new bundle */ +@@ -408,22 +412,45 @@ parse_num(str, key, valp) + return 0; + } + ++static int ++parse_str(str, key, buf, buflen) ++ char *str; ++ const char *key; ++ char *buf; ++ int buflen; ++{ ++ char *p, *endp; ++ int i; ++ ++ p = strstr(str, key); ++ if (p) { ++ p += strlen(key); ++ while (--buflen && *p != 0 && *p != ';') ++ *(buf++) = *(p++); ++ *buf = 0; ++ return 1; ++ } ++ return 0; ++} ++ + /* +- * Check whether the pppd identified by `key' still owns ppp unit `unit'. ++ * Check whether the pppd identified by `key' still owns ppp link `ifname'. + */ + static int +-owns_unit(key, unit) ++owns_link(key, ifname) + TDB_DATA key; +- int unit; ++ char *ifname; + { +- char ifkey[32]; ++ char ifkey[7 + IFNAMSIZ]; + TDB_DATA kd, vd; + int ret = 0; + +- slprintf(ifkey, sizeof(ifkey), "IFNAME=ppp%d", unit); ++ slprintf(ifkey, sizeof(ifkey), "IFNAME=%s", ifname); ++ + kd.dptr = ifkey; + kd.dsize = strlen(ifkey); + vd = tdb_fetch(pppdb, kd); ++ + if (vd.dptr != NULL) { + ret = vd.dsize == key.dsize + && memcmp(vd.dptr, key.dptr, vd.dsize) == 0; +--- a/pppd/sys-linux.c ++++ b/pppd/sys-linux.c +@@ -698,6 +698,16 @@ void cfg_bundle(int mrru, int mtru, int + add_fd(ppp_dev_fd); + } + ++static void ++setenv_ifunit(void) ++{ ++#ifdef USE_TDB ++ char tmp[11]; ++ slprintf(tmp, sizeof(tmp), "%d", ifunit); ++ script_setenv("IFUNIT", tmp, 0); ++#endif ++} ++ + /* + * make_new_bundle - create a new PPP unit (i.e. a bundle) + * and connect our channel to it. This should only get called +@@ -716,6 +726,8 @@ void make_new_bundle(int mrru, int mtru, + + /* set the mrru and flags */ + cfg_bundle(mrru, mtru, rssn, tssn); ++ ++ setenv_ifunit(); + } + + /* diff --git a/package/network/services/ppp/patches/330-retain_foreign_default_routes.patch b/package/network/services/ppp/patches/330-retain_foreign_default_routes.patch new file mode 100644 index 0000000..f68b466 --- /dev/null +++ b/package/network/services/ppp/patches/330-retain_foreign_default_routes.patch @@ -0,0 +1,22 @@ +pppd: Retain foreign default routes on Linux + +On Linux, when pppd attempts to delete its default route it does not fill +the rt_dev field of the struct rtentry used to match the system default route. +As a consequence, pppd happily deletes any default route even if it belongs +to another interface. + +This patch makes pppd fill out the rt_dev field so that only own default +routes are ever matched. + +Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> + +--- a/pppd/sys-linux.c ++++ b/pppd/sys-linux.c +@@ -1756,6 +1756,7 @@ int cifdefaultroute (int unit, u_int32_t + SIN_ADDR(rt.rt_genmask) = 0L; + } + ++ rt.rt_dev = ifname; + rt.rt_flags = RTF_UP; + if (ioctl(sock_fd, SIOCDELRT, &rt) < 0 && errno != ESRCH) { + if (still_ppp()) { diff --git a/package/network/services/ppp/patches/340-populate_default_gateway.patch b/package/network/services/ppp/patches/340-populate_default_gateway.patch new file mode 100644 index 0000000..a1451de --- /dev/null +++ b/package/network/services/ppp/patches/340-populate_default_gateway.patch @@ -0,0 +1,34 @@ +pppd: Fill in default gateway on Linux + +On Linux, when pppd creates the default route, it does not set the peer +address as gateway, leading to a default route without gateway address. + +This behaviour breaks various downstream programs which attempt to infer +the default gateway IP address from the system default route entry. + +This patch addresses the issue by filling in the peer address as gateway +when generating the default route entry. + +Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> + +--- a/pppd/sys-linux.c ++++ b/pppd/sys-linux.c +@@ -1710,6 +1710,9 @@ int sifdefaultroute (int unit, u_int32_t + memset (&rt, 0, sizeof (rt)); + SET_SA_FAMILY (rt.rt_dst, AF_INET); + ++ SET_SA_FAMILY(rt.rt_gateway, AF_INET); ++ SIN_ADDR(rt.rt_gateway) = gateway; ++ + rt.rt_dev = ifname; + + if (kernel_version > KVERSION(2,1,0)) { +@@ -1717,7 +1720,7 @@ int sifdefaultroute (int unit, u_int32_t + SIN_ADDR(rt.rt_genmask) = 0L; + } + +- rt.rt_flags = RTF_UP; ++ rt.rt_flags = RTF_UP | RTF_GATEWAY; + if (ioctl(sock_fd, SIOCADDRT, &rt) < 0) { + if (!ok_error(errno)) + error("default route ioctl(SIOCADDRT): %m"); diff --git a/package/network/services/ppp/patches/400-simplify_kernel_checks.patch b/package/network/services/ppp/patches/400-simplify_kernel_checks.patch new file mode 100644 index 0000000..11af6d8 --- /dev/null +++ b/package/network/services/ppp/patches/400-simplify_kernel_checks.patch @@ -0,0 +1,154 @@ +pppd: Remove runtime kernel checks + +On embedded system distributions the required kernel features for pppd are +more or less guaranteed to be present, so there is not much point in +performing runtime checks, it just increases the binary size. + +This patch removes the runtime kernel feature checks. + +Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> + +--- a/pppd/sys-linux.c ++++ b/pppd/sys-linux.c +@@ -196,7 +196,7 @@ static int driver_is_old = 0; + static int restore_term = 0; /* 1 => we've munged the terminal */ + static struct termios inittermios; /* Initial TTY termios */ + +-int new_style_driver = 0; ++static const int new_style_driver = 1; + + static char loop_name[20]; + static unsigned char inbuf[512]; /* buffer for chars read from loopback */ +@@ -214,8 +214,8 @@ static int looped; /* 1 if using loop + static int link_mtu; /* mtu for the link (not bundle) */ + + static struct utsname utsname; /* for the kernel version */ +-static int kernel_version; + #define KVERSION(j,n,p) ((j)*1000000 + (n)*1000 + (p)) ++static const int kernel_version = KVERSION(2,6,37); + + #define MAX_IFS 100 + +@@ -1451,11 +1451,12 @@ int ccp_fatal_error (int unit) + * + * path_to_procfs - find the path to the proc file system mount point + */ +-static char proc_path[MAXPATHLEN]; +-static int proc_path_len; ++static char proc_path[MAXPATHLEN] = "/proc"; ++static int proc_path_len = 5; + + static char *path_to_procfs(const char *tail) + { ++#if 0 + struct mntent *mntent; + FILE *fp; + +@@ -1477,6 +1478,7 @@ static char *path_to_procfs(const char * + fclose (fp); + } + } ++#endif + + strlcpy(proc_path + proc_path_len, tail, + sizeof(proc_path) - proc_path_len); +@@ -2129,15 +2131,19 @@ int ppp_available(void) + int my_version, my_modification, my_patch; + int osmaj, osmin, ospatch; + ++#if 0 + /* get the kernel version now, since we are called before sys_init */ + uname(&utsname); + osmaj = osmin = ospatch = 0; + sscanf(utsname.release, "%d.%d.%d", &osmaj, &osmin, &ospatch); + kernel_version = KVERSION(osmaj, osmin, ospatch); ++#endif + + fd = open("/dev/ppp", O_RDWR); + if (fd >= 0) { ++#if 0 + new_style_driver = 1; ++#endif + + /* XXX should get from driver */ + driver_version = 2; +@@ -2197,6 +2203,7 @@ int ppp_available(void) + + if (ok && ((ifr.ifr_hwaddr.sa_family & ~0xFF) != ARPHRD_PPP)) + ok = 0; ++ return ok; + + /* + * This is the PPP device. Validate the version of the driver at this +@@ -2730,6 +2737,7 @@ get_pty(master_fdp, slave_fdp, slave_nam + } + #endif /* TIOCGPTN */ + ++#if 0 + if (sfd < 0) { + /* the old way - scan through the pty name space */ + for (i = 0; i < 64; ++i) { +@@ -2748,6 +2756,7 @@ get_pty(master_fdp, slave_fdp, slave_nam + } + } + } ++#endif + + if (sfd < 0) + return 0; +--- a/pppd/plugins/pppoatm/pppoatm.c ++++ b/pppd/plugins/pppoatm/pppoatm.c +@@ -168,14 +168,6 @@ static void disconnect_pppoatm(void) + + void plugin_init(void) + { +-#if defined(__linux__) +- extern int new_style_driver; /* From sys-linux.c */ +- if (!ppp_available() && !new_style_driver) +- fatal("Kernel doesn't support ppp_generic - " +- "needed for PPPoATM"); +-#else +- fatal("No PPPoATM support on this OS"); +-#endif + info("PPPoATM plugin_init"); + add_options(pppoa_options); + } +--- a/pppd/plugins/rp-pppoe/plugin.c ++++ b/pppd/plugins/rp-pppoe/plugin.c +@@ -59,9 +59,6 @@ static char const RCSID[] = + + char pppd_version[] = VERSION; + +-/* From sys-linux.c in pppd -- MUST FIX THIS! */ +-extern int new_style_driver; +- + char *pppd_pppoe_service = NULL; + static char *acName = NULL; + static char *existingSession = NULL; +@@ -371,10 +368,6 @@ PPPoEDevnameHook(char *cmd, char **argv, + void + plugin_init(void) + { +- if (!ppp_available() && !new_style_driver) { +- fatal("Linux kernel does not support PPPoE -- are you running 2.4.x?"); +- } +- + add_options(Options); + + info("RP-PPPoE plugin version %s compiled against pppd %s", +--- a/pppd/plugins/pppol2tp/pppol2tp.c ++++ b/pppd/plugins/pppol2tp/pppol2tp.c +@@ -486,12 +486,7 @@ static void pppol2tp_cleanup(void) + + void plugin_init(void) + { +-#if defined(__linux__) +- extern int new_style_driver; /* From sys-linux.c */ +- if (!ppp_available() && !new_style_driver) +- fatal("Kernel doesn't support ppp_generic - " +- "needed for PPPoL2TP"); +-#else ++#if !defined(__linux__) + fatal("No PPPoL2TP support on this OS"); + #endif + add_options(pppol2tp_options); diff --git a/package/network/services/ppp/patches/401-no_record_file.patch b/package/network/services/ppp/patches/401-no_record_file.patch new file mode 100644 index 0000000..f3c13ec --- /dev/null +++ b/package/network/services/ppp/patches/401-no_record_file.patch @@ -0,0 +1,39 @@ +pppd: Remove the "record" option + +On many embedded systems there is not enough space to record PPP session +information to the permanent storage, therfore remove this option. + +Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> + +--- a/pppd/pppd.h ++++ b/pppd/pppd.h +@@ -317,7 +317,6 @@ extern int holdoff; /* Dead time before + extern bool holdoff_specified; /* true if user gave a holdoff value */ + extern bool notty; /* Stdin/out is not a tty */ + extern char *pty_socket; /* Socket to connect to pty */ +-extern char *record_file; /* File to record chars sent/received */ + extern bool sync_serial; /* Device is synchronous serial device */ + extern int maxfail; /* Max # of unsuccessful connection attempts */ + extern char linkname[MAXPATHLEN]; /* logical name for link */ +--- a/pppd/tty.c ++++ b/pppd/tty.c +@@ -146,7 +146,7 @@ char *disconnect_script = NULL; /* Scrip + char *welcomer = NULL; /* Script to run after phys link estab. */ + char *ptycommand = NULL; /* Command to run on other side of pty */ + bool notty = 0; /* Stdin/out is not a tty */ +-char *record_file = NULL; /* File to record chars sent/received */ ++static char *const record_file = NULL; /* File to record chars sent/received */ + int max_data_rate; /* max bytes/sec through charshunt */ + bool sync_serial = 0; /* Device is synchronous serial device */ + char *pty_socket = NULL; /* Socket to connect to pty */ +@@ -202,8 +202,10 @@ option_t tty_options[] = { + "Send and receive over socket, arg is host:port", + OPT_PRIO | OPT_DEVNAM }, + ++#if 0 + { "record", o_string, &record_file, + "Record characters sent/received to file", OPT_PRIO }, ++#endif + + { "crtscts", o_int, &crtscts, + "Set hardware (RTS/CTS) flow control", diff --git a/package/network/services/ppp/patches/403-no_wtmp.patch b/package/network/services/ppp/patches/403-no_wtmp.patch new file mode 100644 index 0000000..3c78894 --- /dev/null +++ b/package/network/services/ppp/patches/403-no_wtmp.patch @@ -0,0 +1,25 @@ +pppd: Disable wtmp support + +Many uClibc based environments lack wtmp and utmp support, therfore remove +the code updating the wtmp information. + +Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> + +--- a/pppd/sys-linux.c ++++ b/pppd/sys-linux.c +@@ -2267,6 +2267,7 @@ int ppp_available(void) + + void logwtmp (const char *line, const char *name, const char *host) + { ++#if 0 + struct utmp ut, *utp; + pid_t mypid = getpid(); + #if __GLIBC__ < 2 +@@ -2332,6 +2333,7 @@ void logwtmp (const char *line, const ch + close (wtmp); + } + #endif ++#endif + } + #endif /* HAVE_LOGWTMP */ + diff --git a/package/network/services/ppp/patches/404-remove_obsolete_protocol_names.patch b/package/network/services/ppp/patches/404-remove_obsolete_protocol_names.patch new file mode 100644 index 0000000..edbca76 --- /dev/null +++ b/package/network/services/ppp/patches/404-remove_obsolete_protocol_names.patch @@ -0,0 +1,151 @@ +pppd: Remove historical protocol names + +Remove a number of historical protocol entries from pppd's builtin list, this +reduced the binary size without loss of features. + +Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> + +--- a/pppd/main.c ++++ b/pppd/main.c +@@ -882,14 +882,17 @@ struct protocol_list { + const char *name; + } protocol_list[] = { + { 0x21, "IP" }, ++#if 0 + { 0x23, "OSI Network Layer" }, + { 0x25, "Xerox NS IDP" }, + { 0x27, "DECnet Phase IV" }, + { 0x29, "Appletalk" }, + { 0x2b, "Novell IPX" }, ++#endif + { 0x2d, "VJ compressed TCP/IP" }, + { 0x2f, "VJ uncompressed TCP/IP" }, + { 0x31, "Bridging PDU" }, ++#if 0 + { 0x33, "Stream Protocol ST-II" }, + { 0x35, "Banyan Vines" }, + { 0x39, "AppleTalk EDDP" }, +@@ -903,8 +906,11 @@ struct protocol_list { + { 0x49, "Serial Data Transport Protocol (PPP-SDTP)" }, + { 0x4b, "SNA over 802.2" }, + { 0x4d, "SNA" }, ++#endif + { 0x4f, "IP6 Header Compression" }, ++#if 0 + { 0x51, "KNX Bridging Data" }, ++#endif + { 0x53, "Encryption" }, + { 0x55, "Individual Link Encryption" }, + { 0x57, "IPv6" }, +@@ -915,12 +921,15 @@ struct protocol_list { + { 0x65, "RTP IPHC Compressed non-TCP" }, + { 0x67, "RTP IPHC Compressed UDP 8" }, + { 0x69, "RTP IPHC Compressed RTP 8" }, ++#if 0 + { 0x6f, "Stampede Bridging" }, + { 0x73, "MP+" }, + { 0xc1, "NTCITS IPI" }, ++#endif + { 0xfb, "single-link compression" }, + { 0xfd, "Compressed Datagram" }, + { 0x0201, "802.1d Hello Packets" }, ++#if 0 + { 0x0203, "IBM Source Routing BPDU" }, + { 0x0205, "DEC LANBridge100 Spanning Tree" }, + { 0x0207, "Cisco Discovery Protocol" }, +@@ -932,15 +941,19 @@ struct protocol_list { + { 0x0231, "Luxcom" }, + { 0x0233, "Sigma Network Systems" }, + { 0x0235, "Apple Client Server Protocol" }, ++#endif + { 0x0281, "MPLS Unicast" }, + { 0x0283, "MPLS Multicast" }, ++#if 0 + { 0x0285, "IEEE p1284.4 standard - data packets" }, + { 0x0287, "ETSI TETRA Network Protocol Type 1" }, ++#endif + { 0x0289, "Multichannel Flow Treatment Protocol" }, + { 0x2063, "RTP IPHC Compressed TCP No Delta" }, + { 0x2065, "RTP IPHC Context State" }, + { 0x2067, "RTP IPHC Compressed UDP 16" }, + { 0x2069, "RTP IPHC Compressed RTP 16" }, ++#if 0 + { 0x4001, "Cray Communications Control Protocol" }, + { 0x4003, "CDPD Mobile Network Registration Protocol" }, + { 0x4005, "Expand accelerator protocol" }, +@@ -951,8 +964,10 @@ struct protocol_list { + { 0x4023, "RefTek Protocol" }, + { 0x4025, "Fibre Channel" }, + { 0x4027, "EMIT Protocols" }, ++#endif + { 0x405b, "Vendor-Specific Protocol (VSP)" }, + { 0x8021, "Internet Protocol Control Protocol" }, ++#if 0 + { 0x8023, "OSI Network Layer Control Protocol" }, + { 0x8025, "Xerox NS IDP Control Protocol" }, + { 0x8027, "DECnet Phase IV Control Protocol" }, +@@ -961,7 +976,9 @@ struct protocol_list { + { 0x8031, "Bridging NCP" }, + { 0x8033, "Stream Protocol Control Protocol" }, + { 0x8035, "Banyan Vines Control Protocol" }, ++#endif + { 0x803d, "Multi-Link Control Protocol" }, ++#if 0 + { 0x803f, "NETBIOS Framing Control Protocol" }, + { 0x8041, "Cisco Systems Control Protocol" }, + { 0x8043, "Ascom Timeplex" }, +@@ -970,18 +987,24 @@ struct protocol_list { + { 0x8049, "Serial Data Control Protocol (PPP-SDCP)" }, + { 0x804b, "SNA over 802.2 Control Protocol" }, + { 0x804d, "SNA Control Protocol" }, ++#endif + { 0x804f, "IP6 Header Compression Control Protocol" }, ++#if 0 + { 0x8051, "KNX Bridging Control Protocol" }, ++#endif + { 0x8053, "Encryption Control Protocol" }, + { 0x8055, "Individual Link Encryption Control Protocol" }, + { 0x8057, "IPv6 Control Protocol" }, + { 0x8059, "PPP Muxing Control Protocol" }, + { 0x805b, "Vendor-Specific Network Control Protocol (VSNCP)" }, ++#if 0 + { 0x806f, "Stampede Bridging Control Protocol" }, + { 0x8073, "MP+ Control Protocol" }, + { 0x80c1, "NTCITS IPI Control Protocol" }, ++#endif + { 0x80fb, "Single Link Compression Control Protocol" }, + { 0x80fd, "Compression Control Protocol" }, ++#if 0 + { 0x8207, "Cisco Discovery Protocol Control" }, + { 0x8209, "Netcs Twin Routing" }, + { 0x820b, "STP - Control Protocol" }, +@@ -990,24 +1013,29 @@ struct protocol_list { + { 0x8281, "MPLSCP" }, + { 0x8285, "IEEE p1284.4 standard - Protocol Control" }, + { 0x8287, "ETSI TETRA TNP1 Control Protocol" }, ++#endif + { 0x8289, "Multichannel Flow Treatment Protocol" }, + { 0xc021, "Link Control Protocol" }, + { 0xc023, "Password Authentication Protocol" }, + { 0xc025, "Link Quality Report" }, ++#if 0 + { 0xc027, "Shiva Password Authentication Protocol" }, + { 0xc029, "CallBack Control Protocol (CBCP)" }, + { 0xc02b, "BACP Bandwidth Allocation Control Protocol" }, + { 0xc02d, "BAP" }, ++#endif + { 0xc05b, "Vendor-Specific Authentication Protocol (VSAP)" }, + { 0xc081, "Container Control Protocol" }, + { 0xc223, "Challenge Handshake Authentication Protocol" }, + { 0xc225, "RSA Authentication Protocol" }, + { 0xc227, "Extensible Authentication Protocol" }, ++#if 0 + { 0xc229, "Mitsubishi Security Info Exch Ptcl (SIEP)" }, + { 0xc26f, "Stampede Bridging Authorization Protocol" }, + { 0xc281, "Proprietary Authentication Protocol" }, + { 0xc283, "Proprietary Authentication Protocol" }, + { 0xc481, "Proprietary Node ID Authentication Protocol" }, ++#endif + { 0, NULL }, + }; + diff --git a/package/network/services/ppp/patches/405-no_multilink_option.patch b/package/network/services/ppp/patches/405-no_multilink_option.patch new file mode 100644 index 0000000..e8f99e5 --- /dev/null +++ b/package/network/services/ppp/patches/405-no_multilink_option.patch @@ -0,0 +1,28 @@ +pppd: Support "nomp" option even if multilink support is off + +This patch moves the "nomp" option entry outside of the defines protecting +the multilink specific code. The motivation is to allow "nomp" even if pppd +does not support multilink, so that controlling programs can unconditionally +pass it to pppd regardless of the compile time features. + +Signed-off-by: Jo-Philipp Wich <jow@openwrt.org> + +--- a/pppd/options.c ++++ b/pppd/options.c +@@ -336,13 +336,14 @@ option_t general_options[] = { + "Enable multilink operation", OPT_PRIOSUB | OPT_ALIAS | 1 }, + { "nomultilink", o_bool, &multilink, + "Disable multilink operation", OPT_PRIOSUB | 0 }, +- { "nomp", o_bool, &multilink, +- "Disable multilink operation", OPT_PRIOSUB | OPT_ALIAS | 0 }, + + { "bundle", o_string, &bundle_name, + "Bundle name for multilink", OPT_PRIO }, + #endif /* HAVE_MULTILINK */ + ++ { "nomp", o_bool, &multilink, ++ "Disable multilink operation", OPT_PRIOSUB | OPT_ALIAS | 0 }, ++ + #ifdef PLUGIN + { "plugin", o_special, (void *)loadplugin, + "Load a plug-in module into pppd", OPT_PRIV | OPT_A2LIST }, diff --git a/package/network/services/ppp/patches/500-add-pptp-plugin.patch b/package/network/services/ppp/patches/500-add-pptp-plugin.patch new file mode 100644 index 0000000..d984e1b --- /dev/null +++ b/package/network/services/ppp/patches/500-add-pptp-plugin.patch @@ -0,0 +1,3065 @@ +--- a/configure ++++ b/configure +@@ -195,7 +195,7 @@ if [ -d "$ksrc" ]; then + mkmkf $ksrc/Makedefs$compiletype Makedefs.com + for dir in pppd pppstats chat pppdump pppd/plugins pppd/plugins/rp-pppoe \ + pppd/plugins/radius pppd/plugins/pppoatm \ +- pppd/plugins/pppol2tp; do ++ pppd/plugins/pppol2tp pppd/plugins/pptp ; do + mkmkf $dir/Makefile.$makext $dir/Makefile + done + if [ -f $ksrc/Makefile.$makext$archvariant ]; then +--- a/pppd/plugins/Makefile.linux ++++ b/pppd/plugins/Makefile.linux +@@ -9,7 +9,7 @@ BINDIR = $(DESTDIR)/sbin + MANDIR = $(DESTDIR)/share/man/man8 + LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION) + +-SUBDIRS := rp-pppoe pppoatm pppol2tp ++SUBDIRS := rp-pppoe pppoatm pppol2tp pptp + # Uncomment the next line to include the radius authentication plugin + SUBDIRS += radius + PLUGINS := minconn.so passprompt.so passwordfd.so winbind.so +--- /dev/null ++++ b/pppd/plugins/pptp/Makefile.linux +@@ -0,0 +1,31 @@ ++# ++# This program may be distributed according to the terms of the GNU ++# General Public License, version 2 or (at your option) any later version. ++# ++# $Id: Makefile.linux,v 1.9 2012/05/04 21:48:00 dgolle Exp $ ++#*********************************************************************** ++ ++DESTDIR = $(INSTROOT)@DESTDIR@ ++LIBDIR = $(DESTDIR)/lib/pppd/$(PPPDVERSION) ++ ++PPPDVERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h) ++ ++INSTALL = install ++ ++COPTS=-O2 -g ++CFLAGS = $(COPTS) -I. -I../.. -I../../../include -fPIC -DPPPD_VERSION=\"$(PPPDVERSION)\" ++all: pptp.so ++ ++%.o: %.c ++ $(CC) $(CFLAGS) -c -o $@ $< ++ ++pptp.so: dirutil.o orckit_quirks.o pptp.o pptp_callmgr.o pptp_ctrl.o pptp_quirks.o util.o vector.o ++ $(CC) -o pptp.so -shared dirutil.o orckit_quirks.o pptp.o pptp_callmgr.o pptp_ctrl.o pptp_quirks.o util.o vector.o ++ ++install: all ++ $(INSTALL) -d -m 755 $(LIBDIR) ++ $(INSTALL) -c -m 4550 pptp.so $(LIBDIR) ++ ++clean: ++ rm -f *.o *.so ++ +--- /dev/null ++++ b/pppd/plugins/pptp/dirutil.c +@@ -0,0 +1,68 @@ ++/* dirutil.c ... directory utilities. ++ * C. Scott Ananian <cananian@alumni.princeton.edu> ++ * ++ * $Id: dirutil.c,v 1.2 2003/06/17 17:25:47 reink Exp $ ++ */ ++ ++#include <sys/stat.h> ++#include <sys/types.h> ++#include <unistd.h> ++#include <string.h> ++#include <stdlib.h> ++#include "dirutil.h" ++ ++/* Returned malloc'ed string representing basename */ ++char *basenamex(char *pathname) ++{ ++ char *dup = strdup(pathname); ++ char *ptr = strrchr(stripslash(dup), '/'); ++ if (ptr == NULL) return dup; ++ ptr = strdup(ptr+1); ++ free(dup); ++ return ptr; ++} ++ ++/* Return malloc'ed string representing directory name (no trailing slash) */ ++char *dirnamex(char *pathname) ++{ ++ char *dup = strdup(pathname); ++ char *ptr = strrchr(stripslash(dup), '/'); ++ if (ptr == NULL) { free(dup); return strdup("."); } ++ if (ptr == dup && dup[0] == '/') ptr++; ++ *ptr = '\0'; ++ return dup; ++} ++ ++/* In-place modify a string to remove trailing slashes. Returns arg. ++ * stripslash("/") returns "/"; ++ */ ++char *stripslash(char *pathname) { ++ int len = strlen(pathname); ++ while (len > 1 && pathname[len - 1] == '/') ++ pathname[--len] = '\0'; ++ return pathname; ++} ++ ++/* ensure dirname exists, creating it if necessary. */ ++int make_valid_path(char *dir, mode_t mode) ++{ ++ struct stat st; ++ char *tmp = NULL, *path = stripslash(strdup(dir)); ++ int retval; ++ if (stat(path, &st) == 0) { /* file exists */ ++ if (S_ISDIR(st.st_mode)) { retval = 1; goto end; } ++ else { retval = 0; goto end; } /* not a directory. Oops. */ ++ } ++ /* Directory doesn't exist. Let's make it. */ ++ /* Make parent first. */ ++ if (!make_valid_path(tmp = dirnamex(path), mode)) { retval = 0; goto end; } ++ /* Now make this 'un. */ ++ if (mkdir(path, mode) < 0) { retval = 0; goto end; } ++ /* Success. */ ++ retval = 1; ++ ++end: ++ if (tmp != NULL) free(tmp); ++ if (path != NULL) free(path); ++ return retval; ++} +--- /dev/null ++++ b/pppd/plugins/pptp/dirutil.h +@@ -0,0 +1,14 @@ ++/* dirutil.h ... directory utilities. ++ * C. Scott Ananian <cananian@alumni.princeton.edu> ++ * ++ * $Id: dirutil.h,v 1.1.1.1 2000/12/23 08:19:51 scott Exp $ ++ */ ++ ++/* Returned malloc'ed string representing basename */ ++char *basenamex(char *pathname); ++/* Return malloc'ed string representing directory name (no trailing slash) */ ++char *dirnamex(char *pathname); ++/* In-place modify a string to remove trailing slashes. Returns arg. */ ++char *stripslash(char *pathname); ++/* ensure dirname exists, creating it if necessary. */ ++int make_valid_path(char *dirname, mode_t mode); +--- /dev/null ++++ b/pppd/plugins/pptp/orckit_quirks.c +@@ -0,0 +1,86 @@ ++/* orckit_quirks.c ...... fix quirks in orckit adsl modems ++ * mulix <mulix@actcom.co.il> ++ * ++ * $Id: orckit_quirks.c,v 1.3 2002/03/01 01:23:36 quozl Exp $ ++ */ ++ ++#include <string.h> ++#include <sys/types.h> ++#include <netinet/in.h> ++#include "pptp_msg.h" ++#include "pptp_options.h" ++#include "pptp_ctrl.h" ++#include "util.h" ++ ++ ++ ++/* return 0 on success, non zero otherwise */ ++int ++orckit_atur3_build_hook(struct pptp_out_call_rqst* packet) ++{ ++ unsigned int name_length = 10; ++ ++ struct pptp_out_call_rqst fixed_packet = { ++ PPTP_HEADER_CTRL(PPTP_OUT_CALL_RQST), ++ 0, /* hton16(call->callid) */ ++ 0, /* hton16(call->sernum) */ ++ hton32(PPTP_BPS_MIN), hton32(PPTP_BPS_MAX), ++ hton32(PPTP_BEARER_DIGITAL), hton32(PPTP_FRAME_ANY), ++ hton16(PPTP_WINDOW), 0, hton16(name_length), 0, ++ {'R','E','L','A','Y','_','P','P','P','1',0}, {0} ++ }; ++ ++ if (!packet) ++ return -1; ++ ++ memcpy(packet, &fixed_packet, sizeof(*packet)); ++ ++ return 0; ++} ++ ++/* return 0 on success, non zero otherwise */ ++int ++orckit_atur3_set_link_hook(struct pptp_set_link_info* packet, ++ int peer_call_id) ++{ ++ struct pptp_set_link_info fixed_packet = { ++ PPTP_HEADER_CTRL(PPTP_SET_LINK_INFO), ++ hton16(peer_call_id), ++ 0, ++ 0xffffffff, ++ 0xffffffff}; ++ ++ if (!packet) ++ return -1; ++ ++ memcpy(packet, &fixed_packet, sizeof(*packet)); ++ return 0; ++} ++ ++/* return 0 on success, non 0 otherwise */ ++int ++orckit_atur3_start_ctrl_conn_hook(struct pptp_start_ctrl_conn* packet) ++{ ++ struct pptp_start_ctrl_conn fixed_packet = { ++ {0}, /* we'll set the header later */ ++ hton16(PPTP_VERSION), 0, 0, ++ hton32(PPTP_FRAME_ASYNC), hton32(PPTP_BEARER_ANALOG), ++ hton16(0) /* max channels */, ++ hton16(0x6021), ++ {'R','E','L','A','Y','_','P','P','P','1',0}, /* hostname */ ++ {'M','S',' ','W','i','n',' ','N','T',0} /* vendor */ ++ }; ++ ++ if (!packet) ++ return -1; ++ ++ /* grab the header from the original packet, since we dont ++ know if this is a request or a reply */ ++ memcpy(&fixed_packet.header, &packet->header, sizeof(struct pptp_header)); ++ ++ /* and now overwrite the full packet, effectively preserving the header */ ++ memcpy(packet, &fixed_packet, sizeof(*packet)); ++ return 0; ++} ++ ++ +--- /dev/null ++++ b/pppd/plugins/pptp/orckit_quirks.h +@@ -0,0 +1,27 @@ ++/* orckit_quirks.h ...... fix quirks in orckit adsl modems ++ * mulix <mulix@actcom.co.il> ++ * ++ * $Id: orckit_quirks.h,v 1.2 2001/11/23 03:42:51 quozl Exp $ ++ */ ++ ++#ifndef INC_ORCKIT_QUIRKS_H_ ++#define INC_ORCKIT_QUIRKS_H_ ++ ++#include "pptp_options.h" ++#include "pptp_ctrl.h" ++#include "pptp_msg.h" ++ ++/* return 0 on success, non zero otherwise */ ++int ++orckit_atur3_build_hook(struct pptp_out_call_rqst* packt); ++ ++/* return 0 on success, non zero otherwise */ ++int ++orckit_atur3_set_link_hook(struct pptp_set_link_info* packet, ++ int peer_call_id); ++ ++/* return 0 on success, non zero otherwise */ ++int ++orckit_atur3_start_ctrl_conn_hook(struct pptp_start_ctrl_conn* packet); ++ ++#endif /* INC_ORCKIT_QUIRKS_H_ */ +--- /dev/null ++++ b/pppd/plugins/pptp/pppd-pptp.8 +@@ -0,0 +1,68 @@ ++.\" manual page [] for PPTP plugin for pppd 2.4 ++.\" $Id: pppd-pptp.8,v 1.0 2007/10/17 13:27:17 kad Exp $ ++.\" SH section heading ++.\" SS subsection heading ++.\" LP paragraph ++.\" IP indented paragraph ++.\" TP hanging label ++.TH PPPD-PPTP 8 ++.SH NAME ++pptp.so \- PPTP VPN plugin for ++.BR pppd (8) ++.SH SYNOPSIS ++.B pppd ++[ ++.I options ++] ++plugin pptp.so ++.SH DESCRIPTION ++.LP ++The PPTP plugin for pppd performs interaction with pptp kernel module ++and has built-in call manager (client part of PPTP). ++It pasees necessary paremeters from \fIoptions\fR into kernel module ++to configure ppp-pptp channel. If it runs in client mode, then additionally ++call manager starts up. PPTPD daemon automaticaly invokes this plugin ++in server mode and passes necessary options, so additional configuration ++is not needed. ++ ++.SH OPTIONS for client mode ++The PPTP plugin introduces one additional pppd option: ++.TP ++.BI "pptp_server " server " (required)" ++Specifies ip address or hostname of pptp server. ++.TP ++.BI "pptp_window " packets " (optional)" ++The amount of sliding window size. ++Set to 0 to turn off sliding window. ++ to 3-10 for low speed connections. ++ to >10 for hi speed connections. ++Default is 50 ++.TP ++.BI "pptp_phone " phone " (optional)" ++The phone string that sended to pptp server. ++.SH USAGE ++Sample configuration file: ++.nf ++plugin "pptp.so" ++pptp_server 192.168.0.1 ++pptp_window 100 ++name myname ++remotename pptp ++noauth ++refuse-eap ++refuse-chap ++refuse-mschap ++nobsdcomp ++nodeflate ++novj ++novjccomp ++require-mppe-128 ++lcp-echo-interval 20 ++lcp-echo-failure 3 ++.fi ++ ++.SH SEE ALSO ++.BR pppd (8) " " pptpd (8) " " pptpd.conf (5) ++ ++.SH AUTHOR ++xeb xeb@mail.ru +--- /dev/null ++++ b/pppd/plugins/pptp/pptp.c +@@ -0,0 +1,323 @@ ++/*************************************************************************** ++ * Copyright (C) 2006 by Kozlov D. <xeb@mail.ru> * ++ * some cleanup done (C) 2012 by Daniel Golle <dgolle@allnet.de> * ++ * * ++ * This program is free software; you can redistribute it and/or modify * ++ * it under the terms of the GNU General Public License as published by * ++ * the Free Software Foundation; either version 2 of the License, or * ++ * (at your option) any later version. * ++ * * ++ * This program is distributed in the hope that it will be useful, * ++ * but WITHOUT ANY WARRANTY; without even the implied warranty of * ++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * ++ * GNU General Public License for more details. * ++ * * ++ * You should have received a copy of the GNU General Public License * ++ * along with this program; if not, write to the * ++ * Free Software Foundation, Inc., * ++ * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. * ++ ***************************************************************************/ ++ ++#define PPTP_VERSION "1.00" ++ ++#ifdef HAVE_CONFIG_H ++#include <config.h> ++#endif ++ ++#include <netinet/in.h> ++#include <arpa/inet.h> ++#include <sys/un.h> ++#include <netdb.h> ++#include <stdio.h> ++#include <string.h> ++#include <stdlib.h> ++#include <syslog.h> ++#include <unistd.h> ++#include <signal.h> ++#include <errno.h> ++#include <fcntl.h> ++#include <sys/wait.h> ++#include <sys/ioctl.h> ++ ++#include "pppd.h" ++#include "fsm.h" ++#include "lcp.h" ++#include "ipcp.h" ++#include "ccp.h" ++#include "pathnames.h" ++ ++#include "pptp_callmgr.h" ++#include <net/if.h> ++#include <net/ethernet.h> ++#include <linux/if_pppox.h> ++ ++#include <stdio.h> ++#include <stdlib.h> ++ ++ ++ ++extern char** environ; ++ ++char pppd_version[] = PPPD_VERSION; ++extern int new_style_driver; ++ ++ ++char *pptp_server = NULL; ++char *pptp_client = NULL; ++char *pptp_phone = NULL; ++int pptp_window=50; ++int pptp_sock=-1; ++struct in_addr localbind = { INADDR_NONE }; ++ ++static int callmgr_sock; ++static int pptp_fd; ++int call_ID; ++ ++static int open_callmgr(int call_id,struct in_addr inetaddr, char *phonenr,int window); ++static void launch_callmgr(int call_is,struct in_addr inetaddr, char *phonenr,int window); ++static int get_call_id(int sock, pid_t gre, pid_t pppd, u_int16_t *peer_call_id); ++ ++static option_t Options[] = ++{ ++ { "pptp_server", o_string, &pptp_server, ++ "PPTP Server" }, ++ { "pptp_client", o_string, &pptp_client, ++ "PPTP Client" }, ++ { "pptp_sock",o_int, &pptp_sock, ++ "PPTP socket" }, ++ { "pptp_phone", o_string, &pptp_phone, ++ "PPTP Phone number" }, ++ { "pptp_window",o_int, &pptp_window, ++ "PPTP window" }, ++ { NULL } ++}; ++ ++static int pptp_connect(void); ++static void pptp_disconnect(void); ++ ++struct channel pptp_channel = { ++ options: Options, ++ check_options: NULL, ++ connect: &pptp_connect, ++ disconnect: &pptp_disconnect, ++ establish_ppp: &generic_establish_ppp, ++ disestablish_ppp: &generic_disestablish_ppp, ++ close: NULL, ++ cleanup: NULL ++}; ++ ++static int pptp_start_server(void) ++{ ++ pptp_fd=pptp_sock; ++ sprintf(ppp_devnam,"pptp (%s)",pptp_client); ++ ++ return pptp_fd; ++} ++static int pptp_start_client(void) ++{ ++ socklen_t len; ++ struct sockaddr_pppox src_addr,dst_addr; ++ struct hostent *hostinfo; ++ ++ hostinfo=gethostbyname(pptp_server); ++ if (!hostinfo) ++ { ++ error("PPTP: Unknown host %s\n", pptp_server); ++ return -1; ++ } ++ dst_addr.sa_addr.pptp.sin_addr=*(struct in_addr*)hostinfo->h_addr; ++ { ++ int sock; ++ struct sockaddr_in addr; ++ len=sizeof(addr); ++ addr.sin_addr=dst_addr.sa_addr.pptp.sin_addr; ++ addr.sin_family=AF_INET; ++ addr.sin_port=htons(1700); ++ sock=socket(AF_INET,SOCK_DGRAM,0); ++ if (connect(sock,(struct sockaddr*)&addr,sizeof(addr))) ++ { ++ close(sock); ++ error("PPTP: connect failed (%s)\n",strerror(errno)); ++ return -1; ++ } ++ getsockname(sock,(struct sockaddr*)&addr,&len); ++ src_addr.sa_addr.pptp.sin_addr=addr.sin_addr; ++ close(sock); ++ } ++ ++ src_addr.sa_family=AF_PPPOX; ++ src_addr.sa_protocol=PX_PROTO_PPTP; ++ src_addr.sa_addr.pptp.call_id=0; ++ ++ dst_addr.sa_family=AF_PPPOX; ++ dst_addr.sa_protocol=PX_PROTO_PPTP; ++ dst_addr.sa_addr.pptp.call_id=0; ++ ++ pptp_fd=socket(AF_PPPOX,SOCK_STREAM,PX_PROTO_PPTP); ++ if (pptp_fd<0) ++ { ++ error("PPTP: failed to create PPTP socket (%s)\n",strerror(errno)); ++ return -1; ++ } ++ if (bind(pptp_fd,(struct sockaddr*)&src_addr,sizeof(src_addr))) ++ { ++ close(pptp_fd); ++ error("PPTP: failed to bind PPTP socket (%s)\n",strerror(errno)); ++ return -1; ++ } ++ len=sizeof(src_addr); ++ getsockname(pptp_fd,(struct sockaddr*)&src_addr,&len); ++ call_ID=src_addr.sa_addr.pptp.call_id; ++ ++ do { ++ /* ++ * Open connection to call manager (Launch call manager if necessary.) ++ */ ++ callmgr_sock = open_callmgr(src_addr.sa_addr.pptp.call_id,dst_addr.sa_addr.pptp.sin_addr, pptp_phone, pptp_window); ++ if (callmgr_sock<0) ++ { ++ close(pptp_fd); ++ return -1; ++ } ++ /* Exchange PIDs, get call ID */ ++ } while (get_call_id(callmgr_sock, getpid(), getpid(), &dst_addr.sa_addr.pptp.call_id) < 0); ++ ++ if (connect(pptp_fd,(struct sockaddr*)&dst_addr,sizeof(dst_addr))) ++ { ++ close(callmgr_sock); ++ close(pptp_fd); ++ error("PPTP: failed to connect PPTP socket (%s)\n",strerror(errno)); ++ return -1; ++ } ++ ++ sprintf(ppp_devnam,"pptp (%s)",pptp_server); ++ ++ return pptp_fd; ++} ++static int pptp_connect(void) ++{ ++ if ((!pptp_server && !pptp_client) || (pptp_server && pptp_client)) ++ { ++ fatal("PPTP: unknown mode (you must specify pptp_server or pptp_client option)"); ++ return -1; ++ } ++ ++ if (pptp_server) return pptp_start_client(); ++ return pptp_start_server(); ++} ++ ++static void pptp_disconnect(void) ++{ ++ if (pptp_server) close(callmgr_sock); ++ close(pptp_fd); ++} ++ ++static int open_callmgr(int call_id,struct in_addr inetaddr, char *phonenr,int window) ++{ ++ /* Try to open unix domain socket to call manager. */ ++ struct sockaddr_un where; ++ const int NUM_TRIES = 3; ++ int i, fd; ++ pid_t pid; ++ int status; ++ /* Open socket */ ++ if ((fd = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) ++ { ++ fatal("Could not create unix domain socket: %s", strerror(errno)); ++ } ++ /* Make address */ ++ callmgr_name_unixsock(&where, inetaddr, localbind); ++ for (i = 0; i < NUM_TRIES; i++) ++ { ++ if (connect(fd, (struct sockaddr *) &where, sizeof(where)) < 0) ++ { ++ /* couldn't connect. We'll have to launch this guy. */ ++ ++ unlink (where.sun_path); ++ ++ /* fork and launch call manager process */ ++ switch (pid = fork()) ++ { ++ case -1: /* failure */ ++ fatal("fork() to launch call manager failed."); ++ case 0: /* child */ ++ { ++ /* close the pty and gre in the call manager */ ++ close(fd); ++ close(pptp_fd); ++ launch_callmgr(call_id,inetaddr,phonenr,window); ++ } ++ default: /* parent */ ++ waitpid(pid, &status, 0); ++ if (status!= 0) ++ { ++ close(fd); ++ error("Call manager exited with error %d", status); ++ return -1; ++ } ++ break; ++ } ++ sleep(1); ++ } ++ else return fd; ++ } ++ close(fd); ++ error("Could not launch call manager after %d tries.", i); ++ return -1; /* make gcc happy */ ++} ++ ++/*** call the call manager main ***********************************************/ ++static void launch_callmgr(int call_id,struct in_addr inetaddr, char *phonenr,int window) ++{ ++ dbglog("pptp: call manager for %s\n", inet_ntoa(inetaddr)); ++ dbglog("window size:\t%d\n",window); ++ if (phonenr) dbglog("phone number:\t'%s'\n",phonenr); ++ dbglog("call id:\t%d\n",call_id); ++ exit(callmgr_main(inetaddr, phonenr, window, call_id)); ++} ++ ++/*** exchange data with the call manager *************************************/ ++/* XXX need better error checking XXX */ ++static int get_call_id(int sock, pid_t gre, pid_t pppd, ++ u_int16_t *peer_call_id) ++{ ++ u_int16_t m_call_id, m_peer_call_id; ++ /* write pid's to socket */ ++ /* don't bother with network byte order, because pid's are meaningless ++ * outside the local host. ++ */ ++ int rc; ++ rc = write(sock, &gre, sizeof(gre)); ++ if (rc != sizeof(gre)) ++ return -1; ++ rc = write(sock, &pppd, sizeof(pppd)); ++ if (rc != sizeof(pppd)) ++ return -1; ++ rc = read(sock, &m_call_id, sizeof(m_call_id)); ++ if (rc != sizeof(m_call_id)) ++ return -1; ++ rc = read(sock, &m_peer_call_id, sizeof(m_peer_call_id)); ++ if (rc != sizeof(m_peer_call_id)) ++ return -1; ++ /* ++ * XXX FIXME ... DO ERROR CHECKING & TIME-OUTS XXX ++ * (Rhialto: I am assuming for now that timeouts are not relevant ++ * here, because the read and write calls would return -1 (fail) when ++ * the peer goes away during the process. We know it is (or was) ++ * running because the connect() call succeeded.) ++ * (James: on the other hand, if the route to the peer goes away, we ++ * wouldn't get told by read() or write() for quite some time.) ++ */ ++ *peer_call_id = m_peer_call_id; ++ return 0; ++} ++ ++void plugin_init(void) ++{ ++ add_options(Options); ++ ++ info("PPTP plugin version %s", PPTP_VERSION); ++ ++ the_channel = &pptp_channel; ++ modem = 0; ++} +--- /dev/null ++++ b/pppd/plugins/pptp/pptp_callmgr.c +@@ -0,0 +1,381 @@ ++/* pptp_callmgr.c ... Call manager for PPTP connections. ++ * Handles TCP port 1723 protocol. ++ * C. Scott Ananian <cananian@alumni.princeton.edu> ++ * ++ * $Id: pptp_callmgr.c,v 1.20 2005/03/31 07:42:39 quozl Exp $ ++ */ ++#include <signal.h> ++#include <sys/time.h> ++#include <sys/types.h> ++#include <sys/stat.h> ++#include <sys/socket.h> ++#include <netinet/in.h> ++#include <arpa/inet.h> ++#include <sys/un.h> ++#include <unistd.h> ++#include <stdlib.h> ++#include <string.h> ++#include <assert.h> ++#include <setjmp.h> ++#include <stdio.h> ++#include <errno.h> ++#include "pptp_callmgr.h" ++#include "pptp_ctrl.h" ++#include "pptp_msg.h" ++#include "dirutil.h" ++#include "vector.h" ++#include "util.h" ++#include "pppd.h" ++ ++extern struct in_addr localbind; /* from pptp.c */ ++extern int call_ID; ++ ++int open_inetsock(struct in_addr inetaddr); ++int open_unixsock(struct in_addr inetaddr); ++void close_inetsock(int fd, struct in_addr inetaddr); ++void close_unixsock(int fd, struct in_addr inetaddr); ++ ++sigjmp_buf callmgr_env; ++ ++void callmgr_sighandler(int sig) { ++ /* TODO: according to signal(2), siglongjmp() is unsafe used here */ ++ siglongjmp (callmgr_env, 1); ++} ++ ++void callmgr_do_nothing(int sig) { ++ /* do nothing signal handler */ ++} ++ ++struct local_callinfo { ++ int unix_sock; ++ pid_t pid[2]; ++}; ++ ++struct local_conninfo { ++ VECTOR * call_list; ++ fd_set * call_set; ++}; ++ ++/* Call callback */ ++void call_callback(PPTP_CONN *conn, PPTP_CALL *call, enum call_state state) ++{ ++ struct local_callinfo *lci; ++ struct local_conninfo *conninfo; ++ u_int16_t call_id[2]; ++ switch(state) { ++ case CALL_OPEN_DONE: ++ /* okey dokey. This means that the call_id and peer_call_id are ++ * now valid, so lets send them on to our friends who requested ++ * this call. */ ++ lci = pptp_call_closure_get(conn, call); assert(lci != NULL); ++ pptp_call_get_ids(conn, call, &call_id[0], &call_id[1]); ++ write(lci->unix_sock, &call_id, sizeof(call_id)); ++ /* Our duty to the fatherland is now complete. */ ++ break; ++ case CALL_OPEN_FAIL: ++ case CALL_CLOSE_RQST: ++ case CALL_CLOSE_DONE: ++ /* don't need to do anything here, except make sure tables ++ * are sync'ed */ ++ dbglog("Closing connection (call state)"); ++ conninfo = pptp_conn_closure_get(conn); ++ lci = pptp_call_closure_get(conn, call); ++ assert(lci != NULL && conninfo != NULL); ++ if (vector_contains(conninfo->call_list, lci->unix_sock)) { ++ vector_remove(conninfo->call_list, lci->unix_sock); ++ close(lci->unix_sock); ++ FD_CLR(lci->unix_sock, conninfo->call_set); ++ } ++ break; ++ default: ++ dbglog("Unhandled call callback state [%d].", (int) state); ++ break; ++ } ++} ++ ++/****************************************************************************** ++ * NOTE ABOUT 'VOLATILE': ++ * several variables here get a volatile qualifier to silence warnings ++ * from older (before 3.0) gccs. if the longjmp stuff is removed, ++ * the volatile qualifiers should be removed as well. ++ *****************************************************************************/ ++ ++/*** Call Manager *************************************************************/ ++int callmgr_main(struct in_addr inetaddr, char phonenr[], int window, int pcallid) ++{ ++ int inet_sock, unix_sock; ++ fd_set call_set; ++ PPTP_CONN * conn; ++ VECTOR * call_list; ++ int max_fd = 0; ++ volatile int first = 1; ++ int retval; ++ int i; ++ if (pcallid>0) call_ID=pcallid; ++ ++ /* Step 1: Open sockets. */ ++ if ((inet_sock = open_inetsock(inetaddr)) < 0) ++ fatal("Could not open control connection to %s", inet_ntoa(inetaddr)); ++ dbglog("control connection"); ++ if ((unix_sock = open_unixsock(inetaddr)) < 0) ++ fatal("Could not open unix socket for %s", inet_ntoa(inetaddr)); ++ /* Step 1b: FORK and return status to calling process. */ ++ dbglog("unix_sock"); ++ ++ switch (fork()) { ++ case 0: /* child. stick around. */ ++ break; ++ case -1: /* failure. Fatal. */ ++ fatal("Could not fork."); ++ default: /* Parent. Return status to caller. */ ++ exit(0); ++ } ++ /* re-open stderr as /dev/null to release it */ ++ file2fd("/dev/null", "wb", STDERR_FILENO); ++ /* Step 1c: Clean up unix socket on TERM */ ++ if (sigsetjmp(callmgr_env, 1) != 0) ++ goto cleanup; ++ signal(SIGINT, callmgr_sighandler); ++ signal(SIGTERM, callmgr_sighandler); ++ signal(SIGPIPE, callmgr_do_nothing); ++ signal(SIGUSR1, callmgr_do_nothing); /* signal state change ++ wake up accept */ ++ /* Step 2: Open control connection and register callback */ ++ if ((conn = pptp_conn_open(inet_sock, 1, NULL/* callback */)) == NULL) { ++ close(unix_sock); close(inet_sock); fatal("Could not open connection."); ++ } ++ FD_ZERO(&call_set); ++ call_list = vector_create(); ++ { ++ struct local_conninfo *conninfo = malloc(sizeof(*conninfo)); ++ if (conninfo == NULL) { ++ close(unix_sock); close(inet_sock); fatal("No memory."); ++ } ++ conninfo->call_list = call_list; ++ conninfo->call_set = &call_set; ++ pptp_conn_closure_put(conn, conninfo); ++ } ++ if (sigsetjmp(callmgr_env, 1) != 0) goto shutdown; ++ /* Step 3: Get FD_SETs */ ++ max_fd = unix_sock; ++ do { ++ int rc; ++ fd_set read_set = call_set, write_set; ++ FD_ZERO (&write_set); ++ if (pptp_conn_established(conn)) { ++ FD_SET (unix_sock, &read_set); ++ if (unix_sock > max_fd) max_fd = unix_sock; ++ } ++ pptp_fd_set(conn, &read_set, &write_set, &max_fd); ++ for (; max_fd > 0 ; max_fd--) { ++ if (FD_ISSET (max_fd, &read_set) || ++ FD_ISSET (max_fd, &write_set)) ++ break; ++ } ++ /* Step 4: Wait on INET or UNIX event */ ++ if ((rc = select(max_fd + 1, &read_set, &write_set, NULL, NULL)) <0) { ++ if (errno == EBADF) break; ++ /* a signal or somesuch. */ ++ continue; ++ } ++ /* Step 5a: Handle INET events */ ++ rc = pptp_dispatch(conn, &read_set, &write_set); ++ if (rc < 0) ++ break; ++ /* Step 5b: Handle new connection to UNIX socket */ ++ if (FD_ISSET(unix_sock, &read_set)) { ++ /* New call! */ ++ struct sockaddr_un from; ++ int len = sizeof(from); ++ PPTP_CALL * call; ++ struct local_callinfo *lci; ++ int s; ++ /* Accept the socket */ ++ FD_CLR (unix_sock, &read_set); ++ if ((s = accept(unix_sock, (struct sockaddr *) &from, &len)) < 0) { ++ warn("Socket not accepted: %s", strerror(errno)); ++ goto skip_accept; ++ } ++ /* Allocate memory for local call information structure. */ ++ if ((lci = malloc(sizeof(*lci))) == NULL) { ++ warn("Out of memory."); close(s); goto skip_accept; ++ } ++ lci->unix_sock = s; ++ /* Give the initiator time to write the PIDs while we open ++ * the call */ ++ call = pptp_call_open(conn, call_ID,call_callback, phonenr,window); ++ /* Read and store the associated pids */ ++ read(s, &lci->pid[0], sizeof(lci->pid[0])); ++ read(s, &lci->pid[1], sizeof(lci->pid[1])); ++ /* associate the local information with the call */ ++ pptp_call_closure_put(conn, call, (void *) lci); ++ /* The rest is done on callback. */ ++ /* Keep alive; wait for close */ ++ retval = vector_insert(call_list, s, call); assert(retval); ++ if (s > max_fd) max_fd = s; ++ FD_SET(s, &call_set); ++ first = 0; ++ } ++skip_accept: /* Step 5c: Handle socket close */ ++ for (i = 0; i < max_fd + 1; i++) ++ if (FD_ISSET(i, &read_set)) { ++ /* close it */ ++ PPTP_CALL * call; ++ retval = vector_search(call_list, i, &call); ++ if (retval) { ++ struct local_callinfo *lci = ++ pptp_call_closure_get(conn, call); ++ dbglog("Closing connection (unhandled)"); ++ free(lci); ++ /* soft shutdown. Callback will do hard shutdown later */ ++ pptp_call_close(conn, call); ++ vector_remove(call_list, i); ++ } ++ FD_CLR(i, &call_set); ++ close(i); ++ } ++ } while (vector_size(call_list) > 0 || first); ++shutdown: ++ { ++ int rc; ++ fd_set read_set, write_set; ++ struct timeval tv; ++ signal(SIGINT, callmgr_do_nothing); ++ signal(SIGTERM, callmgr_do_nothing); ++ /* warn("Shutdown"); */ ++ /* kill all open calls */ ++ for (i = 0; i < vector_size(call_list); i++) { ++ PPTP_CALL *call = vector_get_Nth(call_list, i); ++ dbglog("Closing connection (shutdown)"); ++ pptp_call_close(conn, call); ++ } ++ /* attempt to dispatch these messages */ ++ FD_ZERO(&read_set); ++ FD_ZERO(&write_set); ++ pptp_fd_set(conn, &read_set, &write_set, &max_fd); ++ tv.tv_sec = 0; ++ tv.tv_usec = 0; ++ select(max_fd + 1, &read_set, &write_set, NULL, &tv); ++ rc = pptp_dispatch(conn, &read_set, &write_set); ++ if (rc > 0) { ++ /* wait for a respond, a timeout because there might not be one */ ++ FD_ZERO(&read_set); ++ FD_ZERO(&write_set); ++ pptp_fd_set(conn, &read_set, &write_set, &max_fd); ++ tv.tv_sec = 2; ++ tv.tv_usec = 0; ++ select(max_fd + 1, &read_set, &write_set, NULL, &tv); ++ rc = pptp_dispatch(conn, &read_set, &write_set); ++ if (rc > 0) { ++ if (i > 0) sleep(2); ++ /* no more open calls. Close the connection. */ ++ pptp_conn_close(conn, PPTP_STOP_LOCAL_SHUTDOWN); ++ /* wait for a respond, a timeout because there might not be one */ ++ FD_ZERO(&read_set); ++ FD_ZERO(&write_set); ++ pptp_fd_set(conn, &read_set, &write_set, &max_fd); ++ tv.tv_sec = 2; ++ tv.tv_usec = 0; ++ select(max_fd + 1, &read_set, &write_set, NULL, &tv); ++ pptp_dispatch(conn, &read_set, &write_set); ++ if (rc > 0) sleep(2); ++ } ++ } ++ /* with extreme prejudice */ ++ pptp_conn_destroy(conn); ++ vector_destroy(call_list); ++ } ++cleanup: ++ signal(SIGINT, callmgr_do_nothing); ++ signal(SIGTERM, callmgr_do_nothing); ++ close_inetsock(inet_sock, inetaddr); ++ close_unixsock(unix_sock, inetaddr); ++ return 0; ++} ++ ++/*** open_inetsock ************************************************************/ ++int open_inetsock(struct in_addr inetaddr) ++{ ++ struct sockaddr_in dest, src; ++ int s; ++ dest.sin_family = AF_INET; ++ dest.sin_port = htons(PPTP_PORT); ++ dest.sin_addr = inetaddr; ++ if ((s = socket(AF_INET, SOCK_STREAM, 0)) < 0) { ++ warn("socket: %s", strerror(errno)); ++ return s; ++ } ++ if (localbind.s_addr != INADDR_NONE) { ++ bzero(&src, sizeof(src)); ++ src.sin_family = AF_INET; ++ src.sin_addr = localbind; ++ if (bind(s, (struct sockaddr *) &src, sizeof(src)) != 0) { ++ warn("bind: %s", strerror(errno)); ++ close(s); return -1; ++ } ++ } ++ if (connect(s, (struct sockaddr *) &dest, sizeof(dest)) < 0) { ++ warn("connect: %s", strerror(errno)); ++ close(s); return -1; ++ } ++ return s; ++} ++ ++/*** open_unixsock ************************************************************/ ++int open_unixsock(struct in_addr inetaddr) ++{ ++ struct sockaddr_un where; ++ struct stat st; ++ char *dir; ++ int s; ++ if ((s = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) { ++ warn("socket: %s", strerror(errno)); ++ return s; ++ } ++ callmgr_name_unixsock( &where, inetaddr, localbind); ++ if (stat(where.sun_path, &st) >= 0) ++ { ++ warn("Call manager for %s is already running.", inet_ntoa(inetaddr)); ++ close(s); return -1; ++ } ++ /* Make sure path is valid. */ ++ dir = dirnamex(where.sun_path); ++ if (!make_valid_path(dir, 0770)) ++ fatal("Could not make path to %s: %s", where.sun_path, strerror(errno)); ++ free(dir); ++ if (bind(s, (struct sockaddr *) &where, sizeof(where)) < 0) { ++ warn("bind: %s", strerror(errno)); ++ close(s); return -1; ++ } ++ chmod(where.sun_path, 0777); ++ listen(s, 127); ++ return s; ++} ++ ++/*** close_inetsock ***********************************************************/ ++void close_inetsock(int fd, struct in_addr inetaddr) ++{ ++ close(fd); ++} ++ ++/*** close_unixsock ***********************************************************/ ++void close_unixsock(int fd, struct in_addr inetaddr) ++{ ++ struct sockaddr_un where; ++ close(fd); ++ callmgr_name_unixsock(&where, inetaddr, localbind); ++ unlink(where.sun_path); ++} ++ ++/*** make a unix socket address ***********************************************/ ++void callmgr_name_unixsock(struct sockaddr_un *where, ++ struct in_addr inetaddr, ++ struct in_addr localbind) ++{ ++ char localaddr[16], remoteaddr[16]; ++ where->sun_family = AF_UNIX; ++ strncpy(localaddr, inet_ntoa(localbind), 16); ++ strncpy(remoteaddr, inet_ntoa(inetaddr), 16); ++ snprintf(where->sun_path, sizeof(where->sun_path), ++ PPTP_SOCKET_PREFIX "%s:%i", remoteaddr,call_ID); ++} +--- /dev/null ++++ b/pppd/plugins/pptp/pptp_callmgr.h +@@ -0,0 +1,17 @@ ++/* pptp_callmgr.h ... Call manager for PPTP connections. ++ * Handles TCP port 1723 protocol. ++ * C. Scott Ananian <cananian@alumni.princeton.edu> ++ * ++ * $Id: pptp_callmgr.h,v 1.3 2003/02/17 00:22:17 quozl Exp $ ++ */ ++ ++#define PPTP_SOCKET_PREFIX "/var/run/pptp/" ++ ++int callmgr_main(struct in_addr inetaddr, ++ char phonenr[], ++ int window, ++ int pcallid); ++ ++void callmgr_name_unixsock(struct sockaddr_un *where, ++ struct in_addr inetaddr, ++ struct in_addr localbind); +--- /dev/null ++++ b/pppd/plugins/pptp/pptp_ctrl.c +@@ -0,0 +1,1077 @@ ++/* pptp_ctrl.c ... handle PPTP control connection. ++ * C. Scott Ananian <cananian@alumni.princeton.edu> ++ * ++ * $Id: pptp_ctrl.c,v 1.31 2005/03/31 07:42:39 quozl Exp $ ++ */ ++ ++#include <errno.h> ++#include <sys/time.h> ++#include <sys/types.h> ++#include <sys/socket.h> ++#include <netinet/in.h> ++#include <unistd.h> ++#include <stdlib.h> ++#include <assert.h> ++#include <signal.h> ++#include <string.h> ++#include <ctype.h> ++#include <fcntl.h> ++#include "pptp_msg.h" ++#include "pptp_ctrl.h" ++#include "pptp_options.h" ++#include "vector.h" ++#include "util.h" ++#include "pptp_quirks.h" ++ ++/* BECAUSE OF SIGNAL LIMITATIONS, EACH PROCESS CAN ONLY MANAGE ONE ++ * CONNECTION. SO THIS 'PPTP_CONN' STRUCTURE IS A BIT MISLEADING. ++ * WE'LL KEEP CONNECTION-SPECIFIC INFORMATION IN THERE ANYWAY (AS ++ * OPPOSED TO USING GLOBAL VARIABLES), BUT BEWARE THAT THE ENTIRE ++ * UNIX SIGNAL-HANDLING SEMANTICS WOULD HAVE TO CHANGE (OR THE ++ * TIME-OUT CODE DRASTICALLY REWRITTEN) BEFORE YOU COULD DO A ++ * PPTP_CONN_OPEN MORE THAN ONCE PER PROCESS AND GET AWAY WITH IT. ++ */ ++ ++/* This structure contains connection-specific information that the ++ * signal handler needs to see. Thus, it needs to be in a global ++ * variable. If you end up using pthreads or something (why not ++ * just processes?), this would have to be placed in a thread-specific ++ * data area, using pthread_get|set_specific, etc., so I've ++ * conveniently encapsulated it for you. ++ * [linux threads will have to support thread-specific signals ++ * before this would work at all, which, as of this writing ++ * (linux-threads v0.6, linux kernel 2.1.72), it does not.] ++ */ ++ ++/* Globals */ ++ ++/* control the number of times echo packets will be logged */ ++static int nlogecho = 10; ++ ++static struct thread_specific { ++ struct sigaction old_sigaction; /* evil signals */ ++ PPTP_CONN * conn; ++} global; ++ ++#define INITIAL_BUFSIZE 512 /* initial i/o buffer size. */ ++ ++struct PPTP_CONN { ++ int inet_sock; ++ /* Connection States */ ++ enum { ++ CONN_IDLE, CONN_WAIT_CTL_REPLY, CONN_WAIT_STOP_REPLY, CONN_ESTABLISHED ++ } conn_state; /* on startup: CONN_IDLE */ ++ /* Keep-alive states */ ++ enum { ++ KA_NONE, KA_OUTSTANDING ++ } ka_state; /* on startup: KA_NONE */ ++ /* Keep-alive ID; monotonically increasing (watch wrap-around!) */ ++ u_int32_t ka_id; /* on startup: 1 */ ++ /* Other properties. */ ++ u_int16_t version; ++ u_int16_t firmware_rev; ++ u_int8_t hostname[64], vendor[64]; ++ /* XXX these are only PNS properties, currently XXX */ ++ /* Call assignment information. */ ++ u_int16_t call_serial_number; ++ VECTOR *call; ++ void * closure; ++ pptp_conn_cb callback; ++ /******* IO buffers ******/ ++ char * read_buffer, *write_buffer; ++ size_t read_alloc, write_alloc; ++ size_t read_size, write_size; ++}; ++ ++struct PPTP_CALL { ++ /* Call properties */ ++ enum { ++ PPTP_CALL_PAC, PPTP_CALL_PNS ++ } call_type; ++ union { ++ enum pptp_pac_state { ++ PAC_IDLE, PAC_WAIT_REPLY, PAC_ESTABLISHED, PAC_WAIT_CS_ANS ++ } pac; ++ enum pptp_pns_state { ++ PNS_IDLE, PNS_WAIT_REPLY, PNS_ESTABLISHED, PNS_WAIT_DISCONNECT ++ } pns; ++ } state; ++ u_int16_t call_id, peer_call_id; ++ u_int16_t sernum; ++ u_int32_t speed; ++ /* For user data: */ ++ pptp_call_cb callback; ++ void * closure; ++}; ++ ++ ++/* PPTP error codes: ----------------------------------------------*/ ++ ++/* (General Error Codes) */ ++static const struct { ++ const char *name, *desc; ++} pptp_general_errors[] = { ++#define PPTP_GENERAL_ERROR_NONE 0 ++ { "(None)", "No general error" }, ++#define PPTP_GENERAL_ERROR_NOT_CONNECTED 1 ++ { "(Not-Connected)", "No control connection exists yet for this " ++ "PAC-PNS pair" }, ++#define PPTP_GENERAL_ERROR_BAD_FORMAT 2 ++ { "(Bad-Format)", "Length is wrong or Magic Cookie value is incorrect" }, ++#define PPTP_GENERAL_ERROR_BAD_VALUE 3 ++ { "(Bad-Value)", "One of the field values was out of range or " ++ "reserved field was non-zero" }, ++#define PPTP_GENERAL_ERROR_NO_RESOURCE 4 ++ { "(No-Resource)", "Insufficient resources to handle this command now" }, ++#define PPTP_GENERAL_ERROR_BAD_CALLID 5 ++ { "(Bad-Call ID)", "The Call ID is invalid in this context" }, ++#define PPTP_GENERAL_ERROR_PAC_ERROR 6 ++ { "(PAC-Error)", "A generic vendor-specific error occured in the PAC" } ++}; ++ ++#define MAX_GENERAL_ERROR ( sizeof(pptp_general_errors) / \ ++ sizeof(pptp_general_errors[0]) - 1) ++ ++/* Outgoing Call Reply Result Codes */ ++static const char *pptp_out_call_reply_result[] = { ++/* 0 */ "Unknown Result Code", ++/* 1 */ "Connected", ++/* 2 */ "General Error", ++/* 3 */ "No Carrier Detected", ++/* 4 */ "Busy Signal", ++/* 5 */ "No Dial Tone", ++/* 6 */ "Time Out", ++/* 7 */ "Not Accepted, Call is administratively prohibited" }; ++ ++#define MAX_OUT_CALL_REPLY_RESULT 7 ++ ++/* Call Disconnect Notify Result Codes */ ++static const char *pptp_call_disc_ntfy[] = { ++/* 0 */ "Unknown Result Code", ++/* 1 */ "Lost Carrier", ++/* 2 */ "General Error", ++/* 3 */ "Administrative Shutdown", ++/* 4 */ "(your) Request" }; ++ ++#define MAX_CALL_DISC_NTFY 4 ++ ++/* Call Disconnect Notify Result Codes */ ++static const char *pptp_start_ctrl_conn_rply[] = { ++/* 0 */ "Unknown Result Code", ++/* 1 */ "Successful Channel Establishment", ++/* 2 */ "General Error", ++/* 3 */ "Command Channel Already Exists", ++/* 4 */ "Requester is not Authorized" }; ++ ++#define MAX_START_CTRL_CONN_REPLY 4 ++ ++/* timing options */ ++int idle_wait = PPTP_TIMEOUT; ++int max_echo_wait = PPTP_TIMEOUT; ++ ++/* Local prototypes */ ++static void pptp_reset_timer(void); ++static void pptp_handle_timer(); ++/* Write/read as much as we can without blocking. */ ++int pptp_write_some(PPTP_CONN * conn); ++int pptp_read_some(PPTP_CONN * conn); ++/* Make valid packets from read_buffer */ ++int pptp_make_packet(PPTP_CONN * conn, void **buf, size_t *size); ++/* Add packet to write_buffer */ ++int pptp_send_ctrl_packet(PPTP_CONN * conn, void * buffer, size_t size); ++/* Dispatch packets (general) */ ++int pptp_dispatch_packet(PPTP_CONN * conn, void * buffer, size_t size); ++/* Dispatch packets (control messages) */ ++int ctrlp_disp(PPTP_CONN * conn, void * buffer, size_t size); ++/* Set link info, for pptp servers that need it. ++ this is a noop, unless the user specified a quirk and ++ there's a set_link hook defined in the quirks table ++ for that quirk */ ++void pptp_set_link(PPTP_CONN * conn, int peer_call_id); ++ ++/*** log error information in control packets *********************************/ ++static void ctrlp_error( int result, int error, int cause, ++ const char *result_text[], int max_result) ++{ ++ if( cause >= 0) ++ warn("Result code is %d '%s'. Error code is %d, Cause code is %d", ++ result, result_text[result <= max_result ? result : 0], error, ++ cause ); ++ else ++ warn("Reply result code is %d '%s'. Error code is %d", ++ result, result_text[result <= max_result ? result : 0], error); ++ if ((error > 0) && (error <= MAX_GENERAL_ERROR)){ ++ if( result != PPTP_RESULT_GENERAL_ERROR ) ++ warn("Result code is something else then \"general error\", " ++ "so the following error is probably bogus."); ++ warn("Error is '%s', Error message: '%s'", ++ pptp_general_errors[error].name, ++ pptp_general_errors[error].desc); ++ } ++} ++ ++static const char *ctrl_msg_types[] = { ++ "invalid control message type", ++/* (Control Connection Management) */ ++ "Start-Control-Connection-Request", /* 1 */ ++ "Start-Control-Connection-Reply", /* 2 */ ++ "Stop-Control-Connection-Request", /* 3 */ ++ "Stop-Control-Connection-Reply", /* 4 */ ++ "Echo-Request", /* 5 */ ++ "Echo-Reply", /* 6 */ ++/* (Call Management) */ ++ "Outgoing-Call-Request", /* 7 */ ++ "Outgoing-Call-Reply", /* 8 */ ++ "Incoming-Call-Request", /* 9 */ ++ "Incoming-Call-Reply", /* 10 */ ++ "Incoming-Call-Connected", /* 11 */ ++ "Call-Clear-Request", /* 12 */ ++ "Call-Disconnect-Notify", /* 13 */ ++/* (Error Reporting) */ ++ "WAN-Error-Notify", /* 14 */ ++/* (PPP Session Control) */ ++ "Set-Link-Info" /* 15 */ ++}; ++#define MAX_CTRLMSG_TYPE 15 ++ ++/*** report a sent packet ****************************************************/ ++static void ctrlp_rep( void * buffer, int size, int isbuff) ++{ ++ struct pptp_header *packet = buffer; ++ unsigned int type; ++ if(size < sizeof(struct pptp_header)) return; ++ type = ntoh16(packet->ctrl_type); ++ /* FIXME: do not report sending echo requests as long as they are ++ * sent in a signal handler. This may dead lock as the syslog call ++ * is not reentrant */ ++ if( type == PPTP_ECHO_RQST ) return; ++ /* don't keep reporting sending of echo's */ ++ if( (type == PPTP_ECHO_RQST || type == PPTP_ECHO_RPLY) && nlogecho <= 0 ) return; ++ dbglog("%s control packet type is %d '%s'\n",isbuff ? "Buffered" : "Sent", ++ type, ctrl_msg_types[type <= MAX_CTRLMSG_TYPE ? type : 0]); ++ ++} ++ ++ ++ ++/* Open new pptp_connection. Returns NULL on failure. */ ++PPTP_CONN * pptp_conn_open(int inet_sock, int isclient, pptp_conn_cb callback) ++{ ++ PPTP_CONN *conn; ++ /* Allocate structure */ ++ if ((conn = malloc(sizeof(*conn))) == NULL) return NULL; ++ if ((conn->call = vector_create()) == NULL) { free(conn); return NULL; } ++ /* Initialize */ ++ conn->inet_sock = inet_sock; ++ conn->conn_state = CONN_IDLE; ++ conn->ka_state = KA_NONE; ++ conn->ka_id = 1; ++ conn->call_serial_number = 0; ++ conn->callback = callback; ++ /* Create I/O buffers */ ++ conn->read_size = conn->write_size = 0; ++ conn->read_alloc = conn->write_alloc = INITIAL_BUFSIZE; ++ conn->read_buffer = ++ malloc(sizeof(*(conn->read_buffer)) * conn->read_alloc); ++ conn->write_buffer = ++ malloc(sizeof(*(conn->write_buffer)) * conn->write_alloc); ++ if (conn->read_buffer == NULL || conn->write_buffer == NULL) { ++ if (conn->read_buffer != NULL) free(conn->read_buffer); ++ if (conn->write_buffer != NULL) free(conn->write_buffer); ++ vector_destroy(conn->call); free(conn); return NULL; ++ } ++ /* Make this socket non-blocking. */ ++ fcntl(conn->inet_sock, F_SETFL, O_NONBLOCK); ++ /* Request connection from server, if this is a client */ ++ if (isclient) { ++ struct pptp_start_ctrl_conn packet = { ++ PPTP_HEADER_CTRL(PPTP_START_CTRL_CONN_RQST), ++ hton16(PPTP_VERSION), 0, 0, ++ hton32(PPTP_FRAME_CAP), hton32(PPTP_BEARER_CAP), ++ hton16(PPTP_MAX_CHANNELS), hton16(PPTP_FIRMWARE_VERSION), ++ PPTP_HOSTNAME, PPTP_VENDOR ++ }; ++ /* fix this packet, if necessary */ ++ int idx, rc; ++ idx = get_quirk_index(); ++ if (idx != -1 && pptp_fixups[idx].start_ctrl_conn) { ++ if ((rc = pptp_fixups[idx].start_ctrl_conn(&packet))) ++ warn("calling the start_ctrl_conn hook failed (%d)", rc); ++ } ++ if (pptp_send_ctrl_packet(conn, &packet, sizeof(packet))) ++ conn->conn_state = CONN_WAIT_CTL_REPLY; ++ else ++ return NULL; /* could not send initial start request. */ ++ } ++ /* Set up interval/keep-alive timer */ ++ /* First, register handler for SIGALRM */ ++ sigpipe_create(); ++ sigpipe_assign(SIGALRM); ++ global.conn = conn; ++ /* Reset event timer */ ++ pptp_reset_timer(); ++ /* all done. */ ++ return conn; ++} ++ ++int pptp_conn_established(PPTP_CONN *conn) { ++ return (conn->conn_state == CONN_ESTABLISHED); ++} ++ ++/* This currently *only* works for client call requests. ++ * We need to do something else to allocate calls for incoming requests. ++ */ ++PPTP_CALL * pptp_call_open(PPTP_CONN * conn, int call_id,pptp_call_cb callback, ++ char *phonenr,int window) ++{ ++ PPTP_CALL * call; ++ int idx, rc; ++ /* Send off the call request */ ++ struct pptp_out_call_rqst packet = { ++ PPTP_HEADER_CTRL(PPTP_OUT_CALL_RQST), ++ 0,0, /*call_id, sernum */ ++ hton32(PPTP_BPS_MIN), hton32(PPTP_BPS_MAX), ++ hton32(PPTP_BEARER_CAP), hton32(PPTP_FRAME_CAP), ++ hton16(window), 0, 0, 0, {0}, {0} ++ }; ++ assert(conn && conn->call); ++ assert(conn->conn_state == CONN_ESTABLISHED); ++ /* Assign call id */ ++ if (!call_id && !vector_scan(conn->call, 0, PPTP_MAX_CHANNELS - 1, &call_id)) ++ /* no more calls available! */ ++ return NULL; ++ /* allocate structure. */ ++ if ((call = malloc(sizeof(*call))) == NULL) return NULL; ++ /* Initialize call structure */ ++ call->call_type = PPTP_CALL_PNS; ++ call->state.pns = PNS_IDLE; ++ call->call_id = (u_int16_t) call_id; ++ call->sernum = conn->call_serial_number++; ++ call->callback = callback; ++ call->closure = NULL; ++ packet.call_id = htons(call->call_id); ++ packet.call_sernum = htons(call->sernum); ++ /* if we have a quirk, build a new packet to fit it */ ++ idx = get_quirk_index(); ++ if (idx != -1 && pptp_fixups[idx].out_call_rqst_hook) { ++ if ((rc = pptp_fixups[idx].out_call_rqst_hook(&packet))) ++ warn("calling the out_call_rqst hook failed (%d)", rc); ++ } ++ /* fill in the phone number if it was specified */ ++ if (phonenr) { ++ strncpy(packet.phone_num, phonenr, sizeof(packet.phone_num)); ++ packet.phone_len = strlen(phonenr); ++ if( packet.phone_len > sizeof(packet.phone_num)) ++ packet.phone_len = sizeof(packet.phone_num); ++ packet.phone_len = hton16 (packet.phone_len); ++ } ++ if (pptp_send_ctrl_packet(conn, &packet, sizeof(packet))) { ++ pptp_reset_timer(); ++ call->state.pns = PNS_WAIT_REPLY; ++ /* and add it to the call vector */ ++ vector_insert(conn->call, call_id, call); ++ return call; ++ } else { /* oops, unsuccessful. Deallocate. */ ++ free(call); ++ return NULL; ++ } ++} ++ ++/*** pptp_call_close **********************************************************/ ++void pptp_call_close(PPTP_CONN * conn, PPTP_CALL * call) ++{ ++ struct pptp_call_clear_rqst rqst = { ++ PPTP_HEADER_CTRL(PPTP_CALL_CLEAR_RQST), 0, 0 ++ }; ++ assert(conn && conn->call); assert(call); ++ assert(vector_contains(conn->call, call->call_id)); ++ /* haven't thought about PAC yet */ ++ assert(call->call_type == PPTP_CALL_PNS); ++ assert(call->state.pns != PNS_IDLE); ++ rqst.call_id = hton16(call->call_id); ++ /* don't check state against WAIT_DISCONNECT... allow multiple disconnect ++ * requests to be made. ++ */ ++ pptp_send_ctrl_packet(conn, &rqst, sizeof(rqst)); ++ pptp_reset_timer(); ++ call->state.pns = PNS_WAIT_DISCONNECT; ++ /* call structure will be freed when we have confirmation of disconnect. */ ++} ++ ++/*** hard close ***************************************************************/ ++void pptp_call_destroy(PPTP_CONN *conn, PPTP_CALL *call) ++{ ++ assert(conn && conn->call); assert(call); ++ assert(vector_contains(conn->call, call->call_id)); ++ /* notify */ ++ if (call->callback != NULL) call->callback(conn, call, CALL_CLOSE_DONE); ++ /* deallocate */ ++ vector_remove(conn->call, call->call_id); ++ free(call); ++} ++ ++/*** this is a soft close *****************************************************/ ++void pptp_conn_close(PPTP_CONN * conn, u_int8_t close_reason) ++{ ++ struct pptp_stop_ctrl_conn rqst = { ++ PPTP_HEADER_CTRL(PPTP_STOP_CTRL_CONN_RQST), ++ hton8(close_reason), 0, 0 ++ }; ++ int i; ++ assert(conn && conn->call); ++ /* avoid repeated close attempts */ ++ if (conn->conn_state == CONN_IDLE || conn->conn_state == CONN_WAIT_STOP_REPLY) ++ return; ++ /* close open calls, if any */ ++ for (i = 0; i < vector_size(conn->call); i++) ++ pptp_call_close(conn, vector_get_Nth(conn->call, i)); ++ /* now close connection */ ++ info("Closing PPTP connection"); ++ pptp_send_ctrl_packet(conn, &rqst, sizeof(rqst)); ++ pptp_reset_timer(); /* wait 60 seconds for reply */ ++ conn->conn_state = CONN_WAIT_STOP_REPLY; ++ return; ++} ++ ++/*** this is a hard close *****************************************************/ ++void pptp_conn_destroy(PPTP_CONN * conn) ++{ ++ int i; ++ assert(conn != NULL); assert(conn->call != NULL); ++ /* destroy all open calls */ ++ for (i = 0; i < vector_size(conn->call); i++) ++ pptp_call_destroy(conn, vector_get_Nth(conn->call, i)); ++ /* notify */ ++ if (conn->callback != NULL) conn->callback(conn, CONN_CLOSE_DONE); ++ sigpipe_close(); ++ close(conn->inet_sock); ++ /* deallocate */ ++ vector_destroy(conn->call); ++ free(conn); ++} ++ ++/*** Deal with messages, in a non-blocking manner ++ * Add file descriptors used by pptp to fd_set. ++ */ ++void pptp_fd_set(PPTP_CONN * conn, fd_set * read_set, fd_set * write_set, ++ int * max_fd) ++{ ++ assert(conn && conn->call); ++ /* Add fd to write_set if there are outstanding writes. */ ++ if (conn->write_size > 0) ++ FD_SET(conn->inet_sock, write_set); ++ /* Always add fd to read_set. (always want something to read) */ ++ FD_SET(conn->inet_sock, read_set); ++ if (*max_fd < conn->inet_sock) *max_fd = conn->inet_sock; ++ /* Add signal pipe file descriptor to set */ ++ int sig_fd = sigpipe_fd(); ++ FD_SET(sig_fd, read_set); ++ if (*max_fd < sig_fd) *max_fd = sig_fd; ++} ++ ++/*** handle any pptp file descriptors set in fd_set, and clear them ***********/ ++int pptp_dispatch(PPTP_CONN * conn, fd_set * read_set, fd_set * write_set) ++{ ++ int r = 0; ++ assert(conn && conn->call); ++ /* Check for signals */ ++ if (FD_ISSET(sigpipe_fd(), read_set)) { ++ if (sigpipe_read() == SIGALRM) pptp_handle_timer(); ++ FD_CLR(sigpipe_fd(), read_set); ++ } ++ /* Check write_set could be set. */ ++ if (FD_ISSET(conn->inet_sock, write_set)) { ++ FD_CLR(conn->inet_sock, write_set); ++ if (conn->write_size > 0) ++ r = pptp_write_some(conn);/* write as much as we can without blocking */ ++ } ++ /* Check read_set */ ++ if (r >= 0 && FD_ISSET(conn->inet_sock, read_set)) { ++ void *buffer; size_t size; ++ FD_CLR(conn->inet_sock, read_set); ++ r = pptp_read_some(conn); /* read as much as we can without blocking */ ++ if (r < 0) ++ return r; ++ /* make packets of the buffer, while we can. */ ++ while (r >= 0 && pptp_make_packet(conn, &buffer, &size)) { ++ r = pptp_dispatch_packet(conn, buffer, size); ++ free(buffer); ++ } ++ } ++ /* That's all, folks. Simple, eh? */ ++ return r; ++} ++ ++/*** Non-blocking write *******************************************************/ ++int pptp_write_some(PPTP_CONN * conn) { ++ ssize_t retval; ++ assert(conn && conn->call); ++ retval = write(conn->inet_sock, conn->write_buffer, conn->write_size); ++ if (retval < 0) { /* error. */ ++ if (errno == EAGAIN || errno == EINTR) { ++ return 0; ++ } else { /* a real error */ ++ warn("write error: %s", strerror(errno)); ++ return -1; ++ } ++ } ++ assert(retval <= conn->write_size); ++ conn->write_size -= retval; ++ memmove(conn->write_buffer, conn->write_buffer + retval, conn->write_size); ++ ctrlp_rep(conn->write_buffer, retval, 0); ++ return 0; ++} ++ ++/*** Non-blocking read ********************************************************/ ++int pptp_read_some(PPTP_CONN * conn) ++{ ++ ssize_t retval; ++ assert(conn && conn->call); ++ if (conn->read_size == conn->read_alloc) { /* need to alloc more memory */ ++ char *new_buffer = realloc(conn->read_buffer, ++ sizeof(*(conn->read_buffer)) * conn->read_alloc * 2); ++ if (new_buffer == NULL) { ++ warn("Out of memory"); return -1; ++ } ++ conn->read_alloc *= 2; ++ conn->read_buffer = new_buffer; ++ } ++ retval = read(conn->inet_sock, conn->read_buffer + conn->read_size, ++ conn->read_alloc - conn->read_size); ++ if (retval == 0) { ++ warn("read returned zero, peer has closed"); ++ return -1; ++ } ++ if (retval < 0) { ++ if (errno == EINTR || errno == EAGAIN) ++ return 0; ++ else { /* a real error */ ++ warn("read error: %s", strerror(errno)); ++ return -1; ++ } ++ } ++ conn->read_size += retval; ++ assert(conn->read_size <= conn->read_alloc); ++ return 0; ++} ++ ++/*** Packet formation *********************************************************/ ++int pptp_make_packet(PPTP_CONN * conn, void **buf, size_t *size) ++{ ++ struct pptp_header *header; ++ size_t bad_bytes = 0; ++ assert(conn && conn->call); assert(buf != NULL); assert(size != NULL); ++ /* Give up unless there are at least sizeof(pptp_header) bytes */ ++ while ((conn->read_size-bad_bytes) >= sizeof(struct pptp_header)) { ++ /* Throw out bytes until we have a valid header. */ ++ header = (struct pptp_header *) (conn->read_buffer + bad_bytes); ++ if (ntoh32(header->magic) != PPTP_MAGIC) goto throwitout; ++ if (ntoh16(header->reserved0) != 0) ++ warn("reserved0 field is not zero! (0x%x) Cisco feature? \n", ++ ntoh16(header->reserved0)); ++ if (ntoh16(header->length) < sizeof(struct pptp_header)) goto throwitout; ++ if (ntoh16(header->length) > PPTP_CTRL_SIZE_MAX) goto throwitout; ++ /* well. I guess it's good. Let's see if we've got it all. */ ++ if (ntoh16(header->length) > (conn->read_size-bad_bytes)) ++ /* nope. Let's wait until we've got it, then. */ ++ goto flushbadbytes; ++ /* One last check: */ ++ if ((ntoh16(header->pptp_type) == PPTP_MESSAGE_CONTROL) && ++ (ntoh16(header->length) != ++ PPTP_CTRL_SIZE(ntoh16(header->ctrl_type)))) ++ goto throwitout; ++ /* well, I guess we've got it. */ ++ *size = ntoh16(header->length); ++ *buf = malloc(*size); ++ if (*buf == NULL) { warn("Out of memory."); return 0; /* ack! */ } ++ memcpy(*buf, conn->read_buffer + bad_bytes, *size); ++ /* Delete this packet from the read_buffer. */ ++ conn->read_size -= (bad_bytes + *size); ++ memmove(conn->read_buffer, conn->read_buffer + bad_bytes + *size, ++ conn->read_size); ++ if (bad_bytes > 0) ++ warn("%lu bad bytes thrown away.", (unsigned long) bad_bytes); ++ return 1; ++throwitout: ++ bad_bytes++; ++ } ++flushbadbytes: ++ /* no more packets. Let's get rid of those bad bytes */ ++ conn->read_size -= bad_bytes; ++ memmove(conn->read_buffer, conn->read_buffer + bad_bytes, conn->read_size); ++ if (bad_bytes > 0) ++ warn("%lu bad bytes thrown away.", (unsigned long) bad_bytes); ++ return 0; ++} ++ ++/*** pptp_send_ctrl_packet ****************************************************/ ++int pptp_send_ctrl_packet(PPTP_CONN * conn, void * buffer, size_t size) ++{ ++ assert(conn && conn->call); assert(buffer); ++ if( conn->write_size > 0) pptp_write_some( conn); ++ if( conn->write_size == 0) { ++ ssize_t retval; ++ retval = write(conn->inet_sock, buffer, size); ++ if (retval < 0) { /* error. */ ++ if (errno == EAGAIN || errno == EINTR) { ++ /* ignore */; ++ retval = 0; ++ } else { /* a real error */ ++ warn("write error: %s", strerror(errno)); ++ pptp_conn_destroy(conn); /* shut down fast. */ ++ return 0; ++ } ++ } ++ ctrlp_rep( buffer, retval, 0); ++ size -= retval; ++ if( size <= 0) return 1; ++ } ++ /* Shove anything not written into the write buffer */ ++ if (conn->write_size + size > conn->write_alloc) { /* need more memory */ ++ char *new_buffer = realloc(conn->write_buffer, ++ sizeof(*(conn->write_buffer)) * conn->write_alloc * 2); ++ if (new_buffer == NULL) { ++ warn("Out of memory"); return 0; ++ } ++ conn->write_alloc *= 2; ++ conn->write_buffer = new_buffer; ++ } ++ memcpy(conn->write_buffer + conn->write_size, buffer, size); ++ conn->write_size += size; ++ ctrlp_rep( buffer,size,1); ++ return 1; ++} ++ ++/*** Packet Dispatch **********************************************************/ ++int pptp_dispatch_packet(PPTP_CONN * conn, void * buffer, size_t size) ++{ ++ int r = 0; ++ struct pptp_header *header = (struct pptp_header *)buffer; ++ assert(conn && conn->call); assert(buffer); ++ assert(ntoh32(header->magic) == PPTP_MAGIC); ++ assert(ntoh16(header->length) == size); ++ switch (ntoh16(header->pptp_type)) { ++ case PPTP_MESSAGE_CONTROL: ++ r = ctrlp_disp(conn, buffer, size); ++ break; ++ case PPTP_MESSAGE_MANAGE: ++ /* MANAGEMENT messages aren't even part of the spec right now. */ ++ dbglog("PPTP management message received, but not understood."); ++ break; ++ default: ++ dbglog("Unknown PPTP control message type received: %u", ++ (unsigned int) ntoh16(header->pptp_type)); ++ break; ++ } ++ return r; ++} ++ ++/*** log echo request/replies *************************************************/ ++static void logecho( int type) ++{ ++ /* hack to stop flooding the log files (the most interesting part is right ++ * after the connection built-up) */ ++ if( nlogecho > 0) { ++ dbglog("Echo Re%s received.", type == PPTP_ECHO_RQST ? "quest" :"ply"); ++ if( --nlogecho == 0) ++ dbglog("no more Echo Reply/Request packets will be reported."); ++ } ++} ++ ++/*** pptp_dispatch_ctrl_packet ************************************************/ ++int ctrlp_disp(PPTP_CONN * conn, void * buffer, size_t size) ++{ ++ struct pptp_header *header = (struct pptp_header *)buffer; ++ u_int8_t close_reason = PPTP_STOP_NONE; ++ assert(conn && conn->call); assert(buffer); ++ assert(ntoh32(header->magic) == PPTP_MAGIC); ++ assert(ntoh16(header->length) == size); ++ assert(ntoh16(header->pptp_type) == PPTP_MESSAGE_CONTROL); ++ if (size < PPTP_CTRL_SIZE(ntoh16(header->ctrl_type))) { ++ warn("Invalid packet received [type: %d; length: %d].", ++ (int) ntoh16(header->ctrl_type), (int) size); ++ return 0; ++ } ++ switch (ntoh16(header->ctrl_type)) { ++ /* ----------- STANDARD Start-Session MESSAGES ------------ */ ++ case PPTP_START_CTRL_CONN_RQST: ++ { ++ struct pptp_start_ctrl_conn *packet = ++ (struct pptp_start_ctrl_conn *) buffer; ++ struct pptp_start_ctrl_conn reply = { ++ PPTP_HEADER_CTRL(PPTP_START_CTRL_CONN_RPLY), ++ hton16(PPTP_VERSION), 0, 0, ++ hton32(PPTP_FRAME_CAP), hton32(PPTP_BEARER_CAP), ++ hton16(PPTP_MAX_CHANNELS), hton16(PPTP_FIRMWARE_VERSION), ++ PPTP_HOSTNAME, PPTP_VENDOR }; ++ int idx, rc; ++ dbglog("Received Start Control Connection Request"); ++ /* fix this packet, if necessary */ ++ idx = get_quirk_index(); ++ if (idx != -1 && pptp_fixups[idx].start_ctrl_conn) { ++ if ((rc = pptp_fixups[idx].start_ctrl_conn(&reply))) ++ warn("calling the start_ctrl_conn hook failed (%d)", rc); ++ } ++ if (conn->conn_state == CONN_IDLE) { ++ if (ntoh16(packet->version) < PPTP_VERSION) { ++ /* Can't support this (earlier) PPTP_VERSION */ ++ reply.version = packet->version; ++ /* protocol version not supported */ ++ reply.result_code = hton8(5); ++ pptp_send_ctrl_packet(conn, &reply, sizeof(reply)); ++ pptp_reset_timer(); /* give sender a chance for a retry */ ++ } else { /* same or greater version */ ++ if (pptp_send_ctrl_packet(conn, &reply, sizeof(reply))) { ++ conn->conn_state = CONN_ESTABLISHED; ++ dbglog("server connection ESTABLISHED."); ++ pptp_reset_timer(); ++ } ++ } ++ } ++ break; ++ } ++ case PPTP_START_CTRL_CONN_RPLY: ++ { ++ struct pptp_start_ctrl_conn *packet = ++ (struct pptp_start_ctrl_conn *) buffer; ++ dbglog("Received Start Control Connection Reply"); ++ if (conn->conn_state == CONN_WAIT_CTL_REPLY) { ++ /* XXX handle collision XXX [see rfc] */ ++ if (ntoh16(packet->version) != PPTP_VERSION) { ++ if (conn->callback != NULL) ++ conn->callback(conn, CONN_OPEN_FAIL); ++ close_reason = PPTP_STOP_PROTOCOL; ++ goto pptp_conn_close; ++ } ++ if (ntoh8(packet->result_code) != 1 && ++ /* J'ai change le if () afin que la connection ne se ferme ++ * pas pour un "rien" :p adel@cybercable.fr - ++ * ++ * Don't close the connection if the result code is zero ++ * (feature found in certain ADSL modems) ++ */ ++ ntoh8(packet->result_code) != 0) { ++ dbglog("Negative reply received to our Start Control " ++ "Connection Request"); ++ ctrlp_error(packet->result_code, packet->error_code, ++ -1, pptp_start_ctrl_conn_rply, ++ MAX_START_CTRL_CONN_REPLY); ++ if (conn->callback != NULL) ++ conn->callback(conn, CONN_OPEN_FAIL); ++ close_reason = PPTP_STOP_PROTOCOL; ++ goto pptp_conn_close; ++ } ++ conn->conn_state = CONN_ESTABLISHED; ++ /* log session properties */ ++ conn->version = ntoh16(packet->version); ++ conn->firmware_rev = ntoh16(packet->firmware_rev); ++ memcpy(conn->hostname, packet->hostname, sizeof(conn->hostname)); ++ memcpy(conn->vendor, packet->vendor, sizeof(conn->vendor)); ++ pptp_reset_timer(); /* 60 seconds until keep-alive */ ++ dbglog("Client connection established."); ++ if (conn->callback != NULL) ++ conn->callback(conn, CONN_OPEN_DONE); ++ } /* else goto pptp_conn_close; */ ++ break; ++ } ++ /* ----------- STANDARD Stop-Session MESSAGES ------------ */ ++ case PPTP_STOP_CTRL_CONN_RQST: ++ { ++ /* conn_state should be CONN_ESTABLISHED, but it could be ++ * something else */ ++ struct pptp_stop_ctrl_conn reply = { ++ PPTP_HEADER_CTRL(PPTP_STOP_CTRL_CONN_RPLY), ++ hton8(1), hton8(PPTP_GENERAL_ERROR_NONE), 0 ++ }; ++ dbglog("Received Stop Control Connection Request."); ++ if (conn->conn_state == CONN_IDLE) break; ++ if (pptp_send_ctrl_packet(conn, &reply, sizeof(reply))) { ++ if (conn->callback != NULL) ++ conn->callback(conn, CONN_CLOSE_RQST); ++ conn->conn_state = CONN_IDLE; ++ return -1; ++ } ++ break; ++ } ++ case PPTP_STOP_CTRL_CONN_RPLY: ++ { ++ dbglog("Received Stop Control Connection Reply."); ++ /* conn_state should be CONN_WAIT_STOP_REPLY, but it ++ * could be something else */ ++ if (conn->conn_state == CONN_IDLE) break; ++ conn->conn_state = CONN_IDLE; ++ return -1; ++ } ++ /* ----------- STANDARD Echo/Keepalive MESSAGES ------------ */ ++ case PPTP_ECHO_RPLY: ++ { ++ struct pptp_echo_rply *packet = ++ (struct pptp_echo_rply *) buffer; ++ logecho( PPTP_ECHO_RPLY); ++ if ((conn->ka_state == KA_OUTSTANDING) && ++ (ntoh32(packet->identifier) == conn->ka_id)) { ++ conn->ka_id++; ++ conn->ka_state = KA_NONE; ++ pptp_reset_timer(); ++ } ++ break; ++ } ++ case PPTP_ECHO_RQST: ++ { ++ struct pptp_echo_rqst *packet = ++ (struct pptp_echo_rqst *) buffer; ++ struct pptp_echo_rply reply = { ++ PPTP_HEADER_CTRL(PPTP_ECHO_RPLY), ++ packet->identifier, /* skip hton32(ntoh32(id)) */ ++ hton8(1), hton8(PPTP_GENERAL_ERROR_NONE), 0 ++ }; ++ logecho( PPTP_ECHO_RQST); ++ pptp_send_ctrl_packet(conn, &reply, sizeof(reply)); ++ pptp_reset_timer(); ++ break; ++ } ++ /* ----------- OUTGOING CALL MESSAGES ------------ */ ++ case PPTP_OUT_CALL_RQST: ++ { ++ struct pptp_out_call_rqst *packet = ++ (struct pptp_out_call_rqst *)buffer; ++ struct pptp_out_call_rply reply = { ++ PPTP_HEADER_CTRL(PPTP_OUT_CALL_RPLY), ++ 0 /* callid */, packet->call_id, 1, PPTP_GENERAL_ERROR_NONE, 0, ++ hton32(PPTP_CONNECT_SPEED), ++ hton16(PPTP_WINDOW), hton16(PPTP_DELAY), 0 ++ }; ++ dbglog("Received Outgoing Call Request."); ++ /* XXX PAC: eventually this should make an outgoing call. XXX */ ++ reply.result_code = hton8(7); /* outgoing calls verboten */ ++ pptp_send_ctrl_packet(conn, &reply, sizeof(reply)); ++ break; ++ } ++ case PPTP_OUT_CALL_RPLY: ++ { ++ struct pptp_out_call_rply *packet = ++ (struct pptp_out_call_rply *)buffer; ++ PPTP_CALL * call; ++ u_int16_t callid = ntoh16(packet->call_id_peer); ++ dbglog("Received Outgoing Call Reply."); ++ if (!vector_search(conn->call, (int) callid, &call)) { ++ dbglog("PPTP_OUT_CALL_RPLY received for non-existant call: " ++ "peer call ID (us) %d call ID (them) %d.", ++ callid, ntoh16(packet->call_id)); ++ break; ++ } ++ if (call->call_type != PPTP_CALL_PNS) { ++ dbglog("Ack! How did this call_type get here?"); /* XXX? */ ++ break; ++ } ++ if (call->state.pns != PNS_WAIT_REPLY) { ++ warn("Unexpected(?) Outgoing Call Reply will be ignored."); ++ break; ++ } ++ /* check for errors */ ++ if (packet->result_code != 1) { ++ /* An error. Log it verbosely. */ ++ dbglog("Our outgoing call request [callid %d] has not been " ++ "accepted.", (int) callid); ++ ctrlp_error(packet->result_code, packet->error_code, ++ packet->cause_code, pptp_out_call_reply_result, ++ MAX_OUT_CALL_REPLY_RESULT); ++ call->state.pns = PNS_IDLE; ++ if (call->callback != NULL) ++ call->callback(conn, call, CALL_OPEN_FAIL); ++ pptp_call_destroy(conn, call); ++ } else { ++ /* connection established */ ++ call->state.pns = PNS_ESTABLISHED; ++ call->peer_call_id = ntoh16(packet->call_id); ++ call->speed = ntoh32(packet->speed); ++ pptp_reset_timer(); ++ /* call pptp_set_link. unless the user specified a quirk ++ and this quirk has a set_link hook, this is a noop */ ++ pptp_set_link(conn, call->peer_call_id); ++ if (call->callback != NULL) ++ call->callback(conn, call, CALL_OPEN_DONE); ++ dbglog("Outgoing call established (call ID %u, peer's " ++ "call ID %u).\n", call->call_id, call->peer_call_id); ++ } ++ break; ++ } ++ /* ----------- INCOMING CALL MESSAGES ------------ */ ++ /* XXX write me XXX */ ++ /* ----------- CALL CONTROL MESSAGES ------------ */ ++ case PPTP_CALL_CLEAR_RQST: ++ { ++ struct pptp_call_clear_rqst *packet = ++ (struct pptp_call_clear_rqst *)buffer; ++ struct pptp_call_clear_ntfy reply = { ++ PPTP_HEADER_CTRL(PPTP_CALL_CLEAR_NTFY), packet->call_id, ++ 1, PPTP_GENERAL_ERROR_NONE, 0, 0, {0} ++ }; ++ dbglog("Received Call Clear Request."); ++ if (vector_contains(conn->call, ntoh16(packet->call_id))) { ++ PPTP_CALL * call; ++ vector_search(conn->call, ntoh16(packet->call_id), &call); ++ if (call->callback != NULL) ++ call->callback(conn, call, CALL_CLOSE_RQST); ++ pptp_send_ctrl_packet(conn, &reply, sizeof(reply)); ++ pptp_call_destroy(conn, call); ++ dbglog("Call closed (RQST) (call id %d)", (int) call->call_id); ++ } ++ break; ++ } ++ case PPTP_CALL_CLEAR_NTFY: ++ { ++ struct pptp_call_clear_ntfy *packet = ++ (struct pptp_call_clear_ntfy *)buffer; ++ dbglog("Call disconnect notification received (call id %d)", ++ ntoh16(packet->call_id)); ++ if (vector_contains(conn->call, ntoh16(packet->call_id))) { ++ PPTP_CALL * call; ++ ctrlp_error(packet->result_code, packet->error_code, ++ packet->cause_code, pptp_call_disc_ntfy, ++ MAX_CALL_DISC_NTFY); ++ vector_search(conn->call, ntoh16(packet->call_id), &call); ++ pptp_call_destroy(conn, call); ++ } ++ /* XXX we could log call stats here XXX */ ++ /* XXX not all servers send this XXX */ ++ break; ++ } ++ case PPTP_SET_LINK_INFO: ++ { ++ /* I HAVE NO CLUE WHAT TO DO IF send_accm IS NOT 0! */ ++ /* this is really dealt with in the HDLC deencapsulation, anyway. */ ++ struct pptp_set_link_info *packet = ++ (struct pptp_set_link_info *)buffer; ++ /* log it. */ ++ dbglog("PPTP_SET_LINK_INFO received from peer_callid %u", ++ (unsigned int) ntoh16(packet->call_id_peer)); ++ dbglog(" send_accm is %08lX, recv_accm is %08lX", ++ (unsigned long) ntoh32(packet->send_accm), ++ (unsigned long) ntoh32(packet->recv_accm)); ++ if (!(ntoh32(packet->send_accm) == 0 && ++ ntoh32(packet->recv_accm) == 0)) ++ warn("Non-zero Async Control Character Maps are not supported!"); ++ break; ++ } ++ default: ++ dbglog("Unrecognized Packet %d received.", ++ (int) ntoh16(((struct pptp_header *)buffer)->ctrl_type)); ++ /* goto pptp_conn_close; */ ++ break; ++ } ++ return 0; ++pptp_conn_close: ++ warn("pptp_conn_close(%d)", (int) close_reason); ++ pptp_conn_close(conn, close_reason); ++ return 0; ++} ++ ++/*** pptp_set_link **************************************************************/ ++void pptp_set_link(PPTP_CONN* conn, int peer_call_id) ++{ ++ int idx, rc; ++ /* if we need to send a set_link packet because of buggy ++ hardware or pptp server, do it now */ ++ if ((idx = get_quirk_index()) != -1 && pptp_fixups[idx].set_link_hook) { ++ struct pptp_set_link_info packet; ++ if ((rc = pptp_fixups[idx].set_link_hook(&packet, peer_call_id))) ++ warn("calling the set_link hook failed (%d)", rc); ++ if (pptp_send_ctrl_packet(conn, &packet, sizeof(packet))) { ++ pptp_reset_timer(); ++ } ++ } ++} ++ ++/*** Get info from call structure *********************************************/ ++/* NOTE: The peer_call_id is undefined until we get a server response. */ ++void pptp_call_get_ids(PPTP_CONN * conn, PPTP_CALL * call, ++ u_int16_t * call_id, u_int16_t * peer_call_id) ++{ ++ assert(conn != NULL); assert(call != NULL); ++ *call_id = call->call_id; ++ *peer_call_id = call->peer_call_id; ++} ++ ++/*** pptp_call_closure_put ****************************************************/ ++void pptp_call_closure_put(PPTP_CONN * conn, PPTP_CALL * call, void *cl) ++{ ++ assert(conn != NULL); assert(call != NULL); ++ call->closure = cl; ++} ++ ++/*** pptp_call_closure_get ****************************************************/ ++void * pptp_call_closure_get(PPTP_CONN * conn, PPTP_CALL * call) ++{ ++ assert(conn != NULL); assert(call != NULL); ++ return call->closure; ++} ++ ++/*** pptp_conn_closure_put ****************************************************/ ++void pptp_conn_closure_put(PPTP_CONN * conn, void *cl) ++{ ++ assert(conn != NULL); ++ conn->closure = cl; ++} ++ ++/*** pptp_conn_closure_get ****************************************************/ ++void * pptp_conn_closure_get(PPTP_CONN * conn) ++{ ++ assert(conn != NULL); ++ return conn->closure; ++} ++ ++/*** Reset keep-alive timer ***************************************************/ ++static void pptp_reset_timer(void) ++{ ++ const struct itimerval tv = { { 0, 0 }, /* stop on time-out */ ++ { idle_wait, 0 } }; ++ if (idle_wait) setitimer(ITIMER_REAL, &tv, NULL); ++} ++ ++ ++/*** Handle keep-alive timer **************************************************/ ++static void pptp_handle_timer() ++{ ++ int i; ++ /* "Keep Alives and Timers, 1": check connection state */ ++ if (global.conn->conn_state != CONN_ESTABLISHED) { ++ if (global.conn->conn_state == CONN_WAIT_STOP_REPLY) ++ /* hard close. */ ++ pptp_conn_destroy(global.conn); ++ else /* soft close */ ++ pptp_conn_close(global.conn, PPTP_STOP_NONE); ++ } ++ /* "Keep Alives and Timers, 2": check echo status */ ++ if (global.conn->ka_state == KA_OUTSTANDING) { ++ /* no response to keep-alive */ ++ info("closing control connection due to missing echo reply"); ++ pptp_conn_close(global.conn, PPTP_STOP_NONE); ++ } else { /* ka_state == NONE */ /* send keep-alive */ ++ struct pptp_echo_rqst rqst = { ++ PPTP_HEADER_CTRL(PPTP_ECHO_RQST), hton32(global.conn->ka_id) }; ++ pptp_send_ctrl_packet(global.conn, &rqst, sizeof(rqst)); ++ global.conn->ka_state = KA_OUTSTANDING; ++ } ++ /* check incoming/outgoing call states for !IDLE && !ESTABLISHED */ ++ for (i = 0; i < vector_size(global.conn->call); i++) { ++ PPTP_CALL * call = vector_get_Nth(global.conn->call, i); ++ if (call->call_type == PPTP_CALL_PNS) { ++ if (call->state.pns == PNS_WAIT_REPLY) { ++ /* send close request */ ++ pptp_call_close(global.conn, call); ++ assert(call->state.pns == PNS_WAIT_DISCONNECT); ++ } else if (call->state.pns == PNS_WAIT_DISCONNECT) { ++ /* hard-close the call */ ++ pptp_call_destroy(global.conn, call); ++ } ++ } else if (call->call_type == PPTP_CALL_PAC) { ++ if (call->state.pac == PAC_WAIT_REPLY) { ++ /* XXX FIXME -- drop the PAC connection XXX */ ++ } else if (call->state.pac == PAC_WAIT_CS_ANS) { ++ /* XXX FIXME -- drop the PAC connection XXX */ ++ } ++ } ++ } ++ pptp_reset_timer(); ++} +--- /dev/null ++++ b/pppd/plugins/pptp/pptp_ctrl.h +@@ -0,0 +1,57 @@ ++/* pptp_ctrl.h ... handle PPTP control connection. ++ * C. Scott Ananian <cananian@alumni.princeton.edu> ++ * ++ * $Id: pptp_ctrl.h,v 1.5 2004/11/09 01:42:32 quozl Exp $ ++ */ ++ ++#ifndef INC_PPTP_CTRL_H ++#define INC_PPTP_CTRL_H ++#include <sys/types.h> ++ ++typedef struct PPTP_CONN PPTP_CONN; ++typedef struct PPTP_CALL PPTP_CALL; ++ ++enum call_state { CALL_OPEN_RQST, CALL_OPEN_DONE, CALL_OPEN_FAIL, ++ CALL_CLOSE_RQST, CALL_CLOSE_DONE }; ++enum conn_state { CONN_OPEN_RQST, CONN_OPEN_DONE, CONN_OPEN_FAIL, ++ CONN_CLOSE_RQST, CONN_CLOSE_DONE }; ++ ++typedef void (*pptp_call_cb)(PPTP_CONN*, PPTP_CALL*, enum call_state); ++typedef void (*pptp_conn_cb)(PPTP_CONN*, enum conn_state); ++ ++/* if 'isclient' is true, then will send 'conn open' packet to other host. ++ * not necessary if this is being opened by a server process after ++ * receiving a conn_open packet from client. ++ */ ++PPTP_CONN * pptp_conn_open(int inet_sock, int isclient, ++ pptp_conn_cb callback); ++PPTP_CALL * pptp_call_open(PPTP_CONN * conn, int call_id, ++ pptp_call_cb callback, char *phonenr,int window); ++int pptp_conn_established(PPTP_CONN * conn); ++/* soft close. Will callback on completion. */ ++void pptp_call_close(PPTP_CONN * conn, PPTP_CALL * call); ++/* hard close. */ ++void pptp_call_destroy(PPTP_CONN *conn, PPTP_CALL *call); ++/* soft close. Will callback on completion. */ ++void pptp_conn_close(PPTP_CONN * conn, u_int8_t close_reason); ++/* hard close */ ++void pptp_conn_destroy(PPTP_CONN * conn); ++ ++/* Add file descriptors used by pptp to fd_set. */ ++void pptp_fd_set(PPTP_CONN * conn, fd_set * read_set, fd_set * write_set, int *max_fd); ++/* handle any pptp file descriptors set in fd_set, and clear them */ ++int pptp_dispatch(PPTP_CONN * conn, fd_set * read_set, fd_set * write_set); ++ ++/* Get info about connection, call */ ++void pptp_call_get_ids(PPTP_CONN * conn, PPTP_CALL * call, ++ u_int16_t * call_id, u_int16_t * peer_call_id); ++/* Arbitrary user data about this call/connection. ++ * It is the caller's responsibility to free this data before calling ++ * pptp_call|conn_close() ++ */ ++void * pptp_conn_closure_get(PPTP_CONN * conn); ++void pptp_conn_closure_put(PPTP_CONN * conn, void *cl); ++void * pptp_call_closure_get(PPTP_CONN * conn, PPTP_CALL * call); ++void pptp_call_closure_put(PPTP_CONN * conn, PPTP_CALL * call, void *cl); ++ ++#endif /* INC_PPTP_CTRL_H */ +--- /dev/null ++++ b/pppd/plugins/pptp/pptp_msg.h +@@ -0,0 +1,303 @@ ++/* pptp.h: packet structures and magic constants for the PPTP protocol ++ * C. Scott Ananian <cananian@alumni.princeton.edu> ++ * ++ * $Id: pptp_msg.h,v 1.3 2003/02/15 10:37:21 quozl Exp $ ++ */ ++ ++#ifndef INC_PPTP_H ++#define INC_PPTP_H ++ ++/* Grab definitions of int16, int32, etc. */ ++#include <sys/types.h> ++/* define "portable" htons, etc. */ ++#define hton8(x) (x) ++#define ntoh8(x) (x) ++#define hton16(x) htons(x) ++#define ntoh16(x) ntohs(x) ++#define hton32(x) htonl(x) ++#define ntoh32(x) ntohl(x) ++ ++/* PPTP magic numbers: ----------------------------------------- */ ++ ++#define PPTP_MAGIC 0x1A2B3C4D /* Magic cookie for PPTP datagrams */ ++#define PPTP_PORT 1723 /* PPTP TCP port number */ ++#define PPTP_PROTO 47 /* PPTP IP protocol number */ ++ ++/* Control Connection Message Types: --------------------------- */ ++ ++#define PPTP_MESSAGE_CONTROL 1 ++#define PPTP_MESSAGE_MANAGE 2 ++ ++/* Control Message Types: -------------------------------------- */ ++ ++/* (Control Connection Management) */ ++#define PPTP_START_CTRL_CONN_RQST 1 ++#define PPTP_START_CTRL_CONN_RPLY 2 ++#define PPTP_STOP_CTRL_CONN_RQST 3 ++#define PPTP_STOP_CTRL_CONN_RPLY 4 ++#define PPTP_ECHO_RQST 5 ++#define PPTP_ECHO_RPLY 6 ++ ++/* (Call Management) */ ++#define PPTP_OUT_CALL_RQST 7 ++#define PPTP_OUT_CALL_RPLY 8 ++#define PPTP_IN_CALL_RQST 9 ++#define PPTP_IN_CALL_RPLY 10 ++#define PPTP_IN_CALL_CONNECT 11 ++#define PPTP_CALL_CLEAR_RQST 12 ++#define PPTP_CALL_CLEAR_NTFY 13 ++ ++/* (Error Reporting) */ ++#define PPTP_WAN_ERR_NTFY 14 ++ ++/* (PPP Session Control) */ ++#define PPTP_SET_LINK_INFO 15 ++ ++/* PPTP version information: --------------------------------------*/ ++#define PPTP_VERSION_STRING "1.00" ++#define PPTP_VERSION 0x100 ++#define PPTP_FIRMWARE_STRING "0.01" ++#define PPTP_FIRMWARE_VERSION 0x001 ++ ++/* PPTP capabilities: ---------------------------------------------*/ ++ ++/* (Framing capabilities for msg sender) */ ++#define PPTP_FRAME_ASYNC 1 ++#define PPTP_FRAME_SYNC 2 ++#define PPTP_FRAME_ANY 3 ++ ++/* (Bearer capabilities for msg sender) */ ++#define PPTP_BEARER_ANALOG 1 ++#define PPTP_BEARER_DIGITAL 2 ++#define PPTP_BEARER_ANY 3 ++ ++#define PPTP_RESULT_GENERAL_ERROR 2 ++ ++/* (Reasons to close a connection) */ ++#define PPTP_STOP_NONE 1 /* no good reason */ ++#define PPTP_STOP_PROTOCOL 2 /* can't support peer's protocol version */ ++#define PPTP_STOP_LOCAL_SHUTDOWN 3 /* requester is being shut down */ ++ ++/* PPTP datagram structures (all data in network byte order): ----------*/ ++ ++struct pptp_header { ++ u_int16_t length; /* message length in octets, including header */ ++ u_int16_t pptp_type; /* PPTP message type. 1 for control message. */ ++ u_int32_t magic; /* this should be PPTP_MAGIC. */ ++ u_int16_t ctrl_type; /* Control message type (0-15) */ ++ u_int16_t reserved0; /* reserved. MUST BE ZERO. */ ++}; ++ ++struct pptp_start_ctrl_conn { /* for control message types 1 and 2 */ ++ struct pptp_header header; ++ ++ u_int16_t version; /* PPTP protocol version. = PPTP_VERSION */ ++ u_int8_t result_code; /* these two fields should be zero on rqst msg*/ ++ u_int8_t error_code; /* 0 unless result_code==2 (General Error) */ ++ u_int32_t framing_cap; /* Framing capabilities */ ++ u_int32_t bearer_cap; /* Bearer Capabilities */ ++ u_int16_t max_channels; /* Maximum Channels (=0 for PNS, PAC ignores) */ ++ u_int16_t firmware_rev; /* Firmware or Software Revision */ ++ u_int8_t hostname[64]; /* Host Name (64 octets, zero terminated) */ ++ u_int8_t vendor[64]; /* Vendor string (64 octets, zero term.) */ ++ /* MS says that end of hostname/vendor fields should be filled with */ ++ /* octets of value 0, but Win95 PPTP driver doesn't do this. */ ++}; ++ ++struct pptp_stop_ctrl_conn { /* for control message types 3 and 4 */ ++ struct pptp_header header; ++ ++ u_int8_t reason_result; /* reason for rqst, result for rply */ ++ u_int8_t error_code; /* MUST be 0, unless rply result==2 (general err)*/ ++ u_int16_t reserved1; /* MUST be 0 */ ++}; ++ ++struct pptp_echo_rqst { /* for control message type 5 */ ++ struct pptp_header header; ++ u_int32_t identifier; /* arbitrary value set by sender which is used */ ++ /* to match up reply and request */ ++}; ++ ++struct pptp_echo_rply { /* for control message type 6 */ ++ struct pptp_header header; ++ u_int32_t identifier; /* should correspond to id of rqst */ ++ u_int8_t result_code; ++ u_int8_t error_code; /* =0, unless result_code==2 (general error) */ ++ u_int16_t reserved1; /* MUST BE ZERO */ ++}; ++ ++struct pptp_out_call_rqst { /* for control message type 7 */ ++ struct pptp_header header; ++ u_int16_t call_id; /* Call ID (unique id used to multiplex data) */ ++ u_int16_t call_sernum; /* Call Serial Number (used for logging) */ ++ u_int32_t bps_min; /* Minimum BPS (lowest acceptable line speed) */ ++ u_int32_t bps_max; /* Maximum BPS (highest acceptable line speed) */ ++ u_int32_t bearer; /* Bearer type */ ++ u_int32_t framing; /* Framing type */ ++ u_int16_t recv_size; /* Recv. Window Size (no. of buffered packets) */ ++ u_int16_t delay; /* Packet Processing Delay (in 1/10 sec) */ ++ u_int16_t phone_len; /* Phone Number Length (num. of valid digits) */ ++ u_int16_t reserved1; /* MUST BE ZERO */ ++ u_int8_t phone_num[64]; /* Phone Number (64 octets, null term.) */ ++ u_int8_t subaddress[64]; /* Subaddress (64 octets, null term.) */ ++}; ++ ++struct pptp_out_call_rply { /* for control message type 8 */ ++ struct pptp_header header; ++ u_int16_t call_id; /* Call ID (used to multiplex data over tunnel)*/ ++ u_int16_t call_id_peer; /* Peer's Call ID (call_id of pptp_out_call_rqst)*/ ++ u_int8_t result_code; /* Result Code (1 is no errors) */ ++ u_int8_t error_code; /* Error Code (=0 unless result_code==2) */ ++ u_int16_t cause_code; /* Cause Code (addt'l failure information) */ ++ u_int32_t speed; /* Connect Speed (in BPS) */ ++ u_int16_t recv_size; /* Recv. Window Size (no. of buffered packets) */ ++ u_int16_t delay; /* Packet Processing Delay (in 1/10 sec) */ ++ u_int32_t channel; /* Physical Channel ID (for logging) */ ++}; ++ ++struct pptp_in_call_rqst { /* for control message type 9 */ ++ struct pptp_header header; ++ u_int16_t call_id; /* Call ID (unique id used to multiplex data) */ ++ u_int16_t call_sernum; /* Call Serial Number (used for logging) */ ++ u_int32_t bearer; /* Bearer type */ ++ u_int32_t channel; /* Physical Channel ID (for logging) */ ++ u_int16_t dialed_len; /* Dialed Number Length (# of valid digits) */ ++ u_int16_t dialing_len; /* Dialing Number Length (# of valid digits) */ ++ u_int8_t dialed_num[64]; /* Dialed Number (64 octets, zero term.) */ ++ u_int8_t dialing_num[64]; /* Dialing Number (64 octets, zero term.) */ ++ u_int8_t subaddress[64]; /* Subaddress (64 octets, zero term.) */ ++}; ++ ++struct pptp_in_call_rply { /* for control message type 10 */ ++ struct pptp_header header; ++ u_int16_t call_id; /* Call ID (used to multiplex data over tunnel)*/ ++ u_int16_t call_id_peer; /* Peer's Call ID (call_id of pptp_out_call_rqst)*/ ++ u_int8_t result_code; /* Result Code (1 is no errors) */ ++ u_int8_t error_code; /* Error Code (=0 unless result_code==2) */ ++ u_int16_t recv_size; /* Recv. Window Size (no. of buffered packets) */ ++ u_int16_t delay; /* Packet Processing Delay (in 1/10 sec) */ ++ u_int16_t reserved1; /* MUST BE ZERO */ ++}; ++ ++struct pptp_in_call_connect { /* for control message type 11 */ ++ struct pptp_header header; ++ u_int16_t call_id_peer; /* Peer's Call ID (call_id of pptp_out_call_rqst)*/ ++ u_int16_t reserved1; /* MUST BE ZERO */ ++ u_int32_t speed; /* Connect Speed (in BPS) */ ++ u_int16_t recv_size; /* Recv. Window Size (no. of buffered packets) */ ++ u_int16_t delay; /* Packet Processing Delay (in 1/10 sec) */ ++ u_int32_t framing; /* Framing type */ ++}; ++ ++struct pptp_call_clear_rqst { /* for control message type 12 */ ++ struct pptp_header header; ++ u_int16_t call_id; /* Call ID (used to multiplex data over tunnel)*/ ++ u_int16_t reserved1; /* MUST BE ZERO */ ++}; ++ ++struct pptp_call_clear_ntfy { /* for control message type 13 */ ++ struct pptp_header header; ++ u_int16_t call_id; /* Call ID (used to multiplex data over tunnel)*/ ++ u_int8_t result_code; /* Result Code */ ++ u_int8_t error_code; /* Error Code (=0 unless result_code==2) */ ++ u_int16_t cause_code; /* Cause Code (for ISDN, is Q.931 cause code) */ ++ u_int16_t reserved1; /* MUST BE ZERO */ ++ u_int8_t call_stats[128]; /* Call Statistics: 128 octets, ascii, 0-term */ ++}; ++ ++struct pptp_wan_err_ntfy { /* for control message type 14 */ ++ struct pptp_header header; ++ u_int16_t call_id_peer; /* Peer's Call ID (call_id of pptp_out_call_rqst)*/ ++ u_int16_t reserved1; /* MUST BE ZERO */ ++ u_int32_t crc_errors; /* CRC errors */ ++ u_int32_t frame_errors; /* Framing errors */ ++ u_int32_t hard_errors; /* Hardware overruns */ ++ u_int32_t buff_errors; /* Buffer overruns */ ++ u_int32_t time_errors; /* Time-out errors */ ++ u_int32_t align_errors; /* Alignment errors */ ++}; ++ ++struct pptp_set_link_info { /* for control message type 15 */ ++ struct pptp_header header; ++ u_int16_t call_id_peer; /* Peer's Call ID (call_id of pptp_out_call_rqst) */ ++ u_int16_t reserved1; /* MUST BE ZERO */ ++ u_int32_t send_accm; /* Send ACCM (for PPP packets; default 0xFFFFFFFF)*/ ++ u_int32_t recv_accm; /* Receive ACCM (for PPP pack.;default 0xFFFFFFFF)*/ ++}; ++ ++/* helpful #defines: -------------------------------------------- */ ++#define pptp_isvalid_ctrl(header, type, length) \ ++ (!( ( ntoh16(((struct pptp_header *)header)->length) < (length) ) || \ ++ ( ntoh16(((struct pptp_header *)header)->pptp_type) !=(type) ) || \ ++ ( ntoh32(((struct pptp_header *)header)->magic) !=PPTP_MAGIC) || \ ++ ( ntoh16(((struct pptp_header *)header)->ctrl_type) > PPTP_SET_LINK_INFO) || \ ++ ( ntoh16(((struct pptp_header *)header)->reserved0) !=0 ) )) ++ ++#define PPTP_HEADER_CTRL(type) \ ++{ hton16(PPTP_CTRL_SIZE(type)), \ ++ hton16(PPTP_MESSAGE_CONTROL), \ ++ hton32(PPTP_MAGIC), \ ++ hton16(type), 0 } ++ ++#define PPTP_CTRL_SIZE(type) ( \ ++(type==PPTP_START_CTRL_CONN_RQST)?sizeof(struct pptp_start_ctrl_conn): \ ++(type==PPTP_START_CTRL_CONN_RPLY)?sizeof(struct pptp_start_ctrl_conn): \ ++(type==PPTP_STOP_CTRL_CONN_RQST )?sizeof(struct pptp_stop_ctrl_conn): \ ++(type==PPTP_STOP_CTRL_CONN_RPLY )?sizeof(struct pptp_stop_ctrl_conn): \ ++(type==PPTP_ECHO_RQST )?sizeof(struct pptp_echo_rqst): \ ++(type==PPTP_ECHO_RPLY )?sizeof(struct pptp_echo_rply): \ ++(type==PPTP_OUT_CALL_RQST )?sizeof(struct pptp_out_call_rqst): \ ++(type==PPTP_OUT_CALL_RPLY )?sizeof(struct pptp_out_call_rply): \ ++(type==PPTP_IN_CALL_RQST )?sizeof(struct pptp_in_call_rqst): \ ++(type==PPTP_IN_CALL_RPLY )?sizeof(struct pptp_in_call_rply): \ ++(type==PPTP_IN_CALL_CONNECT )?sizeof(struct pptp_in_call_connect): \ ++(type==PPTP_CALL_CLEAR_RQST )?sizeof(struct pptp_call_clear_rqst): \ ++(type==PPTP_CALL_CLEAR_NTFY )?sizeof(struct pptp_call_clear_ntfy): \ ++(type==PPTP_WAN_ERR_NTFY )?sizeof(struct pptp_wan_err_ntfy): \ ++(type==PPTP_SET_LINK_INFO )?sizeof(struct pptp_set_link_info): \ ++0) ++#define max(a,b) (((a)>(b))?(a):(b)) ++#define PPTP_CTRL_SIZE_MAX ( \ ++max(sizeof(struct pptp_start_ctrl_conn), \ ++max(sizeof(struct pptp_echo_rqst), \ ++max(sizeof(struct pptp_echo_rply), \ ++max(sizeof(struct pptp_out_call_rqst), \ ++max(sizeof(struct pptp_out_call_rply), \ ++max(sizeof(struct pptp_in_call_rqst), \ ++max(sizeof(struct pptp_in_call_rply), \ ++max(sizeof(struct pptp_in_call_connect), \ ++max(sizeof(struct pptp_call_clear_rqst), \ ++max(sizeof(struct pptp_call_clear_ntfy), \ ++max(sizeof(struct pptp_wan_err_ntfy), \ ++max(sizeof(struct pptp_set_link_info), 0))))))))))))) ++ ++ ++/* gre header structure: -------------------------------------------- */ ++ ++#define PPTP_GRE_PROTO 0x880B ++#define PPTP_GRE_VER 0x1 ++ ++#define PPTP_GRE_FLAG_C 0x80 ++#define PPTP_GRE_FLAG_R 0x40 ++#define PPTP_GRE_FLAG_K 0x20 ++#define PPTP_GRE_FLAG_S 0x10 ++#define PPTP_GRE_FLAG_A 0x80 ++ ++#define PPTP_GRE_IS_C(f) ((f)&PPTP_GRE_FLAG_C) ++#define PPTP_GRE_IS_R(f) ((f)&PPTP_GRE_FLAG_R) ++#define PPTP_GRE_IS_K(f) ((f)&PPTP_GRE_FLAG_K) ++#define PPTP_GRE_IS_S(f) ((f)&PPTP_GRE_FLAG_S) ++#define PPTP_GRE_IS_A(f) ((f)&PPTP_GRE_FLAG_A) ++ ++struct pptp_gre_header { ++ u_int8_t flags; /* bitfield */ ++ u_int8_t ver; /* should be PPTP_GRE_VER (enhanced GRE) */ ++ u_int16_t protocol; /* should be PPTP_GRE_PROTO (ppp-encaps) */ ++ u_int16_t payload_len; /* size of ppp payload, not inc. gre header */ ++ u_int16_t call_id; /* peer's call_id for this session */ ++ u_int32_t seq; /* sequence number. Present if S==1 */ ++ u_int32_t ack; /* seq number of highest packet recieved by */ ++ /* sender in this session */ ++}; ++ ++#endif /* INC_PPTP_H */ +--- /dev/null ++++ b/pppd/plugins/pptp/pptp_options.h +@@ -0,0 +1,41 @@ ++/* pptp_options.h ...... various constants used in the PPTP protocol. ++ * #define STANDARD to emulate NT 4.0 exactly. ++ * C. Scott Ananian <cananian@alumni.princeton.edu> ++ * ++ * $Id: pptp_options.h,v 1.3 2004/11/09 01:42:32 quozl Exp $ ++ */ ++ ++#ifndef INC_PPTP_OPTIONS_H ++#define INC_PPTP_OPTIONS_H ++ ++#undef PPTP_FIRMWARE_STRING ++#undef PPTP_FIRMWARE_VERSION ++#define PPTP_BUF_MAX 65536 ++#define PPTP_TIMEOUT 60 /* seconds */ ++extern int idle_wait; ++extern int max_echo_wait; ++#define PPTP_CONNECT_SPEED 1000000000 ++#define PPTP_WINDOW 3 ++#define PPTP_DELAY 0 ++#define PPTP_BPS_MIN 2400 ++#define PPTP_BPS_MAX 1000000000 ++ ++#ifndef STANDARD ++#define PPTP_MAX_CHANNELS 65535 ++#define PPTP_FIRMWARE_STRING "0.01" ++#define PPTP_FIRMWARE_VERSION 0x001 ++#define PPTP_HOSTNAME {'l','o','c','a','l',0} ++#define PPTP_VENDOR {'c','a','n','a','n','i','a','n',0} ++#define PPTP_FRAME_CAP PPTP_FRAME_ANY ++#define PPTP_BEARER_CAP PPTP_BEARER_ANY ++#else ++#define PPTP_MAX_CHANNELS 5 ++#define PPTP_FIRMWARE_STRING "0.01" ++#define PPTP_FIRMWARE_VERSION 0 ++#define PPTP_HOSTNAME {'l','o','c','a','l',0} ++#define PPTP_VENDOR {'N','T',0} ++#define PPTP_FRAME_CAP 2 ++#define PPTP_BEARER_CAP 1 ++#endif ++ ++#endif /* INC_PPTP_OPTIONS_H */ +--- /dev/null ++++ b/pppd/plugins/pptp/pptp_quirks.c +@@ -0,0 +1,54 @@ ++/* pptp_quirks.c ...... various options to fix quirks found in buggy adsl modems ++ * mulix <mulix@actcom.co.il> ++ * ++ * $Id: pptp_quirks.c,v 1.2 2001/11/23 03:42:51 quozl Exp $ ++ */ ++ ++#include <string.h> ++#include "orckit_quirks.h" ++#include "pptp_quirks.h" ++ ++static int quirk_index = -1; ++ ++struct pptp_fixup pptp_fixups[] = { ++ {BEZEQ_ISRAEL, ORCKIT, ORCKIT_ATUR3, ++ orckit_atur3_build_hook, ++ orckit_atur3_start_ctrl_conn_hook, ++ orckit_atur3_set_link_hook} ++}; ++ ++static int fixups_sz = sizeof(pptp_fixups)/sizeof(pptp_fixups[0]); ++ ++/* return 0 on success, non 0 otherwise */ ++int set_quirk_index(int index) ++{ ++ if (index >= 0 && index < fixups_sz) { ++ quirk_index = index; ++ return 0; ++ } ++ ++ return -1; ++} ++ ++int get_quirk_index() ++{ ++ return quirk_index; ++} ++ ++/* return the index for this isp in the quirks table, -1 if not found */ ++int find_quirk(const char* isp_name) ++{ ++ int i = 0; ++ if (isp_name) { ++ while (i < fixups_sz && pptp_fixups[i].isp) { ++ if (!strcmp(pptp_fixups[i].isp, isp_name)) { ++ return i; ++ } ++ ++i; ++ } ++ } ++ ++ return -1; ++} ++ ++ +--- /dev/null ++++ b/pppd/plugins/pptp/pptp_quirks.h +@@ -0,0 +1,59 @@ ++/* pptp_quirks.h ...... various options to fix quirks found in buggy adsl modems ++ * mulix <mulix@actcom.co.il> ++ * ++ * $Id: pptp_quirks.h,v 1.1 2001/11/20 06:30:10 quozl Exp $ ++ */ ++ ++#ifndef INC_PPTP_QUIRKS_H ++#define INC_PPTP_QUIRKS_H ++ ++/* isp defs - correspond to slots in the fixups table */ ++#define BEZEQ_ISRAEL "BEZEQ_ISRAEL" ++ ++/* vendor defs */ ++ ++#define ORCKIT 1 ++#define ALCATEL 2 ++ ++/* device defs */ ++ ++#define ORCKIT_ATUR2 1 ++#define ORCKIT_ATUR3 2 ++ ++#include "pptp_msg.h" ++#include "pptp_ctrl.h" ++ ++struct pptp_fixup { ++ const char* isp; /* which isp? e.g. Bezeq in Israel */ ++ int vendor; /* which vendor? e.g. Orckit */ ++ int device; /* which device? e.g. Orckit Atur3 */ ++ ++ /* use this hook to build your own out call request packet */ ++ int (*out_call_rqst_hook)(struct pptp_out_call_rqst* packet); ++ ++ /* use this hook to build your own start control connection packet */ ++ /* note that this hook is called from two different places, depending ++ on whether this is a request or reply */ ++ int (*start_ctrl_conn)(struct pptp_start_ctrl_conn* packet); ++ ++ /* use this hook if you need to send a 'set_link' packet once ++ the connection is established */ ++ int (*set_link_hook)(struct pptp_set_link_info* packet, ++ int peer_call_id); ++}; ++ ++extern struct pptp_fixup pptp_fixups[]; ++ ++/* find the index for this isp in the quirks table */ ++/* return the index on success, -1 if not found */ ++int find_quirk(const char* isp_name); ++ ++/* set the global quirk index. return 0 on success, non 0 otherwise */ ++int set_quirk_index(int index); ++ ++/* get the global quirk index. return the index on success, ++ -1 if no quirk is defined */ ++int get_quirk_index(); ++ ++ ++#endif /* INC_PPTP_QUIRKS_H */ +--- /dev/null ++++ b/pppd/plugins/pptp/util.c +@@ -0,0 +1,109 @@ ++/* util.c ....... error message utilities. ++ * C. Scott Ananian <cananian@alumni.princeton.edu> ++ * ++ * $Id: util.c,v 1.11 2005/08/22 00:49:48 quozl Exp $ ++ */ ++ ++#include <stdio.h> ++#include <stdarg.h> ++#include <syslog.h> ++#include <unistd.h> ++#include <stdlib.h> ++#include "util.h" ++ ++#define MAKE_STRING(label) \ ++va_list ap; \ ++char buf[256], string[256]; \ ++va_start(ap, format); \ ++vsnprintf(buf, sizeof(buf), format, ap); \ ++snprintf(string, sizeof(string), "%s %s[%s:%s:%d]: %s", \ ++ log_string, label, func, file, line, buf); \ ++va_end(ap) ++ ++/*** connect a file to a file descriptor **************************************/ ++int file2fd(const char *path, const char *mode, int fd) ++{ ++ int ok = 0; ++ FILE *file = NULL; ++ file = fopen(path, mode); ++ if (file != NULL && dup2(fileno(file), fd) != -1) ++ ok = 1; ++ if (file) fclose(file); ++ return ok; ++} ++ ++/* signal to pipe delivery implementation */ ++#include <unistd.h> ++#include <fcntl.h> ++#include <signal.h> ++#include <string.h> ++ ++/* pipe private to process */ ++static int sigpipe[2]; ++ ++/* create a signal pipe, returns 0 for success, -1 with errno for failure */ ++int sigpipe_create() ++{ ++ int rc; ++ ++ rc = pipe(sigpipe); ++ if (rc < 0) return rc; ++ ++ fcntl(sigpipe[0], F_SETFD, FD_CLOEXEC); ++ fcntl(sigpipe[1], F_SETFD, FD_CLOEXEC); ++ ++#ifdef O_NONBLOCK ++#define FLAG_TO_SET O_NONBLOCK ++#else ++#ifdef SYSV ++#define FLAG_TO_SET O_NDELAY ++#else /* BSD */ ++#define FLAG_TO_SET FNDELAY ++#endif ++#endif ++ ++ rc = fcntl(sigpipe[1], F_GETFL); ++ if (rc != -1) ++ rc = fcntl(sigpipe[1], F_SETFL, rc | FLAG_TO_SET); ++ if (rc < 0) return rc; ++ return 0; ++#undef FLAG_TO_SET ++} ++ ++/* generic handler for signals, writes signal number to pipe */ ++void sigpipe_handler(int signum) ++{ ++ write(sigpipe[1], &signum, sizeof(signum)); ++ signal(signum, sigpipe_handler); ++} ++ ++/* assign a signal number to the pipe */ ++void sigpipe_assign(int signum) ++{ ++ struct sigaction sa; ++ ++ memset(&sa, 0, sizeof(sa)); ++ sa.sa_handler = sigpipe_handler; ++ sigaction(signum, &sa, NULL); ++} ++ ++/* return the signal pipe read file descriptor for select(2) */ ++int sigpipe_fd() ++{ ++ return sigpipe[0]; ++} ++ ++/* read and return the pending signal from the pipe */ ++int sigpipe_read() ++{ ++ int signum; ++ read(sigpipe[0], &signum, sizeof(signum)); ++ return signum; ++} ++ ++void sigpipe_close() ++{ ++ close(sigpipe[0]); ++ close(sigpipe[1]); ++} ++ +--- /dev/null ++++ b/pppd/plugins/pptp/util.h +@@ -0,0 +1,31 @@ ++/* util.h ....... error message utilities. ++ * C. Scott Ananian <cananian@alumni.princeton.edu> ++ * ++ * $Id: util.h,v 1.6 2005/03/10 01:18:20 quozl Exp $ ++ */ ++ ++#ifndef INC_UTIL_H ++#define INC_UTIL_H ++ ++int file2fd(const char *path, const char *mode, int fd); ++ ++/* signal to pipe delivery implementation */ ++ ++/* create a signal pipe, returns 0 for success, -1 with errno for failure */ ++int sigpipe_create(); ++ ++/* generic handler for signals, writes signal number to pipe */ ++void sigpipe_handler(int signum); ++ ++/* assign a signal number to the pipe */ ++void sigpipe_assign(int signum); ++ ++/* return the signal pipe read file descriptor for select(2) */ ++int sigpipe_fd(); ++ ++/* read and return the pending signal from the pipe */ ++int sigpipe_read(); ++ ++void sigpipe_close(); ++ ++#endif /* INC_UTIL_H */ +--- /dev/null ++++ b/pppd/plugins/pptp/vector.c +@@ -0,0 +1,209 @@ ++/* vector.c ..... store a vector of PPTP_CALL information and search it ++ * efficiently. ++ * C. Scott Ananian <cananian@alumni.princeton.edu> ++ * ++ * $Id: vector.c,v 1.3 2003/06/17 10:12:55 reink Exp $ ++ */ ++ ++#include <stdlib.h> ++#include <string.h> ++#include <assert.h> ++#include "pptp_ctrl.h" ++#include "vector.h" ++/* #define VECTOR_DEBUG */ ++#ifndef TRUE ++#define TRUE 1 ++#endif ++#ifndef FALSE ++#define FALSE 0 ++#endif ++ ++struct vector_item { ++ int key; ++ PPTP_CALL *call; ++}; ++ ++struct vector_struct { ++ struct vector_item *item; ++ int size; ++ int alloc; ++#ifdef VECTOR_DEBUG ++ int key_max; ++#endif ++}; ++ ++static struct vector_item *binary_search(VECTOR *v, int key); ++ ++/*** vector_create ************************************************************/ ++VECTOR *vector_create() ++{ ++ const int INITIAL_SIZE = 4; ++ ++ VECTOR *v = malloc(sizeof(*v)); ++ if (v == NULL) return v; ++ ++ v->size = 0; ++ v->alloc = INITIAL_SIZE; ++ v->item = malloc(sizeof(*(v->item)) * (v->alloc)); ++#ifdef VECTOR_DEBUG ++ v->key_max = -1; ++#endif ++ if (v->item == NULL) { free(v); return NULL; } ++ else return v; ++} ++ ++/*** vector_destroy ***********************************************************/ ++void vector_destroy(VECTOR *v) ++{ ++ free(v->item); ++#ifdef VECTOR_DEBUG ++ v->item = NULL; ++#endif ++ free(v); ++} ++ ++/*** vector_size **************************************************************/ ++int vector_size(VECTOR *v) ++{ ++ assert(v != NULL); ++ return v->size; ++} ++ ++/*** vector_insert************************************************************* ++ * nice thing about file descriptors is that we are assured by POSIX ++ * that they are monotonically increasing. ++ */ ++int vector_insert(VECTOR *v, int key, PPTP_CALL * call) ++{ ++ int i; ++ assert(v != NULL && call != NULL); ++ assert(!vector_contains(v, key)); ++#ifdef VECTOR_DEBUG ++ assert(v->key_max < key); ++#endif ++ if (!(v->size < v->alloc)) { ++ void *tmp = realloc(v->item, sizeof(*(v->item)) * 2 * v->alloc); ++ if (tmp != NULL) { ++ v->alloc *= 2; ++ v->item = tmp; ++ } else return FALSE; /* failed to alloc memory. */ ++ } ++ assert(v->size < v->alloc); ++ /* for safety, we make this work in the general case; ++ * but this is optimized for adding call to the end of the vector. ++ */ ++ for(i = v->size - 1; i >= 0; i--) ++ if (v->item[i].key < key) ++ break; ++ /* insert after item i */ ++ memmove(&v->item[i + 2], &v->item[i + 1], ++ (v->size - i - 1) * sizeof(*(v->item))); ++ v->item[i + 1].key = key; ++ v->item[i + 1].call = call; ++ v->size++; ++#ifdef VECTOR_DEBUG ++ if (v->key_max < key) /* ie, always. */ ++ v->key_max = key; ++#endif ++ return TRUE; ++} ++ ++/*** vector_remove ************************************************************/ ++int vector_remove(VECTOR *v, int key) ++{ ++ struct vector_item *tmp; ++ assert(v != NULL); ++ if ((tmp =binary_search(v,key)) == NULL) return FALSE; ++ assert(tmp >= v->item && tmp < v->item + v->size); ++ memmove(tmp, tmp + 1, (v->size - (v->item - tmp) - 1) * sizeof(*(v->item))); ++ v->size--; ++ return TRUE; ++} ++ ++/*** vector_search ************************************************************/ ++int vector_search(VECTOR *v, int key, PPTP_CALL **call) ++{ ++ struct vector_item *tmp; ++ assert(v != NULL); ++ tmp = binary_search(v, key); ++ if (tmp ==NULL) return FALSE; ++ *call = tmp->call; ++ return TRUE; ++} ++ ++/*** vector_contains **********************************************************/ ++int vector_contains(VECTOR *v, int key) ++{ ++ assert(v != NULL); ++ return (binary_search(v, key) != NULL); ++} ++ ++/*** vector_item **************************************************************/ ++static struct vector_item *binary_search(VECTOR *v, int key) ++{ ++ int l,r,x; ++ l = 0; ++ r = v->size - 1; ++ while (r >= l) { ++ x = (l + r)/2; ++ if (key < v->item[x].key) r = x - 1; else l = x + 1; ++ if (key == v->item[x].key) return &(v->item[x]); ++ } ++ return NULL; ++} ++ ++/*** vector_scan *************************************************************** ++ * Hmm. Let's be fancy and use a binary search for the first ++ * unused key, taking advantage of the list is stored sorted; ie ++ * we can look at pointers and keys at two different locations, ++ * and if (ptr1 - ptr2) = (key1 - key2) then all the slots ++ * between ptr1 and ptr2 are filled. Note that ptr1-ptr2 should ++ * never be greater than key1-key2 (no duplicate keys!)... we ++ * check for this. ++ */ ++int vector_scan(VECTOR *v, int lo, int hi, int *key) ++{ ++ int l,r,x; ++ assert(v != NULL); ++ assert(key != NULL); ++ if ((v->size<1) || (lo < v->item[0].key)) { *key = lo; return TRUE; } ++ /* our array bounds */ ++ l = 0; r = v->size - 1; ++ while (r > l) { ++ /* check for a free spot right after l */ ++ if (v->item[l].key + 1 < v->item[l + 1].key) { /* found it! */ ++ *key = v->item[l].key + 1; ++ return TRUE; ++ } ++ /* no dice. Let's see if the free spot is before or after the midpoint */ ++ x = (l + r)/2; ++ /* Okay, we have right (r), left (l) and the probe (x). */ ++ assert(x - l <= v->item[x].key - v->item[l].key); ++ assert(r - x <= v->item[r].key - v->item[x].key); ++ if (x - l < v->item[x].key - v->item[l].key) ++ /* room between l and x */ ++ r = x; ++ else /* no room between l and x */ ++ if (r - x < v->item[r].key - v->item[x].key) ++ /* room between x and r */ ++ l = x; ++ else /* no room between x and r, either */ ++ break; /* game over, man. */ ++ } ++ /* no room found in already allocated space. Check to see if ++ * there's free space above allocated entries. */ ++ if (v->item[v->size - 1].key < hi) { ++ *key = v->item[v->size - 1].key + 1; ++ return TRUE; ++ } ++ /* outta luck */ ++ return FALSE; ++} ++ ++/*** vector_get_Nth ***********************************************************/ ++PPTP_CALL * vector_get_Nth(VECTOR *v, int n) ++{ ++ assert(v != NULL); ++ assert(0 <= n && n < vector_size(v)); ++ return v->item[n].call; ++} +--- /dev/null ++++ b/pppd/plugins/pptp/vector.h +@@ -0,0 +1,31 @@ ++/* vector.h ..... store a vector of PPTP_CALL information and search it ++ * efficiently. ++ * C. Scott Ananian <cananian@alumni.princeton.edu> ++ * ++ * $Id: vector.h,v 1.1.1.1 2000/12/23 08:19:51 scott Exp $ ++ */ ++ ++#ifndef INC_VECTOR_H ++#define INC_VECTOR_H ++ ++#include "pptp_ctrl.h" /* for definition of PPTP_CALL */ ++ ++typedef struct vector_struct VECTOR; ++ ++VECTOR *vector_create(); ++void vector_destroy(VECTOR *v); ++ ++int vector_size(VECTOR *v); ++ ++/* vector_insert and vector_search return TRUE on success, FALSE on failure. */ ++int vector_insert(VECTOR *v, int key, PPTP_CALL * call); ++int vector_remove(VECTOR *v, int key); ++int vector_search(VECTOR *v, int key, PPTP_CALL ** call); ++/* vector_contains returns FALSE if not found, TRUE if found. */ ++int vector_contains(VECTOR *v, int key); ++/* find first unused key. Returns TRUE on success, FALSE if no. */ ++int vector_scan(VECTOR *v, int lo, int hi, int *key); ++/* get a specific PPTP_CALL ... useful only when iterating. */ ++PPTP_CALL * vector_get_Nth(VECTOR *v, int n); ++ ++#endif /* INC_VECTOR_H */ diff --git a/package/network/services/ppp/patches/510-pptp_compile_fix.patch b/package/network/services/ppp/patches/510-pptp_compile_fix.patch new file mode 100644 index 0000000..04bb620 --- /dev/null +++ b/package/network/services/ppp/patches/510-pptp_compile_fix.patch @@ -0,0 +1,11 @@ +--- a/pppd/plugins/pptp/pptp.c ++++ b/pppd/plugins/pptp/pptp.c +@@ -48,7 +48,7 @@ + + #include "pptp_callmgr.h" + #include <net/if.h> +-#include <net/ethernet.h> ++#include <linux/if_ether.h> + #include <linux/if_pppox.h> + + #include <stdio.h> diff --git a/package/network/services/ppp/patches/520-uniq.patch b/package/network/services/ppp/patches/520-uniq.patch new file mode 100644 index 0000000..54c0d62 --- /dev/null +++ b/package/network/services/ppp/patches/520-uniq.patch @@ -0,0 +1,269 @@ +--- a/pppd/plugins/rp-pppoe/common.c ++++ b/pppd/plugins/rp-pppoe/common.c +@@ -119,15 +119,11 @@ sendPADT(PPPoEConnection *conn, char con + conn->session = 0; + + /* If we're using Host-Uniq, copy it over */ +- if (conn->useHostUniq) { +- PPPoETag hostUniq; +- pid_t pid = getpid(); +- hostUniq.type = htons(TAG_HOST_UNIQ); +- hostUniq.length = htons(sizeof(pid)); +- memcpy(hostUniq.payload, &pid, sizeof(pid)); +- memcpy(cursor, &hostUniq, sizeof(pid) + TAG_HDR_SIZE); +- cursor += sizeof(pid) + TAG_HDR_SIZE; +- plen += sizeof(pid) + TAG_HDR_SIZE; ++ if (conn->hostUniq.length) { ++ int len = ntohs(conn->hostUniq.length); ++ memcpy(cursor, &conn->hostUniq, len + TAG_HDR_SIZE); ++ cursor += len + TAG_HDR_SIZE; ++ plen += len + TAG_HDR_SIZE; + } + + /* Copy error message */ +--- a/pppd/plugins/rp-pppoe/discovery.c ++++ b/pppd/plugins/rp-pppoe/discovery.c +@@ -80,13 +80,10 @@ static void + parseForHostUniq(UINT16_t type, UINT16_t len, unsigned char *data, + void *extra) + { +- int *val = (int *) extra; +- if (type == TAG_HOST_UNIQ && len == sizeof(pid_t)) { +- pid_t tmp; +- memcpy(&tmp, data, len); +- if (tmp == getpid()) { +- *val = 1; +- } ++ PPPoETag *tag = extra; ++ ++ if (type == TAG_HOST_UNIQ && len == ntohs(tag->length)) { ++ tag->length = memcmp(data, tag->payload, len); + } + } + +@@ -104,16 +101,16 @@ parseForHostUniq(UINT16_t type, UINT16_t + static int + packetIsForMe(PPPoEConnection *conn, PPPoEPacket *packet) + { +- int forMe = 0; ++ PPPoETag hostUniq = conn->hostUniq; + + /* If packet is not directed to our MAC address, forget it */ + if (memcmp(packet->ethHdr.h_dest, conn->myEth, ETH_ALEN)) return 0; + + /* If we're not using the Host-Unique tag, then accept the packet */ +- if (!conn->useHostUniq) return 1; ++ if (!conn->hostUniq.length) return 1; + +- parsePacket(packet, parseForHostUniq, &forMe); +- return forMe; ++ parsePacket(packet, parseForHostUniq, &hostUniq); ++ return (hostUniq.length == 0); + } + + /********************************************************************** +@@ -301,16 +298,12 @@ sendPADI(PPPoEConnection *conn) + } + + /* If we're using Host-Uniq, copy it over */ +- if (conn->useHostUniq) { +- PPPoETag hostUniq; +- pid_t pid = getpid(); +- hostUniq.type = htons(TAG_HOST_UNIQ); +- hostUniq.length = htons(sizeof(pid)); +- memcpy(hostUniq.payload, &pid, sizeof(pid)); +- CHECK_ROOM(cursor, packet.payload, sizeof(pid) + TAG_HDR_SIZE); +- memcpy(cursor, &hostUniq, sizeof(pid) + TAG_HDR_SIZE); +- cursor += sizeof(pid) + TAG_HDR_SIZE; +- plen += sizeof(pid) + TAG_HDR_SIZE; ++ if (conn->hostUniq.length) { ++ int len = ntohs(conn->hostUniq.length); ++ CHECK_ROOM(cursor, packet.payload, len + TAG_HDR_SIZE); ++ memcpy(cursor, &conn->hostUniq, len + TAG_HDR_SIZE); ++ cursor += len + TAG_HDR_SIZE; ++ plen += len + TAG_HDR_SIZE; + } + + /* Add our maximum MTU/MRU */ +@@ -478,16 +471,12 @@ sendPADR(PPPoEConnection *conn) + cursor += namelen + TAG_HDR_SIZE; + + /* If we're using Host-Uniq, copy it over */ +- if (conn->useHostUniq) { +- PPPoETag hostUniq; +- pid_t pid = getpid(); +- hostUniq.type = htons(TAG_HOST_UNIQ); +- hostUniq.length = htons(sizeof(pid)); +- memcpy(hostUniq.payload, &pid, sizeof(pid)); +- CHECK_ROOM(cursor, packet.payload, sizeof(pid)+TAG_HDR_SIZE); +- memcpy(cursor, &hostUniq, sizeof(pid) + TAG_HDR_SIZE); +- cursor += sizeof(pid) + TAG_HDR_SIZE; +- plen += sizeof(pid) + TAG_HDR_SIZE; ++ if (conn->hostUniq.length) { ++ int len = ntohs(conn->hostUniq.length); ++ CHECK_ROOM(cursor, packet.payload, len+TAG_HDR_SIZE); ++ memcpy(cursor, &conn->hostUniq, len + TAG_HDR_SIZE); ++ cursor += len + TAG_HDR_SIZE; ++ plen += len + TAG_HDR_SIZE; + } + + /* Add our maximum MTU/MRU */ +--- a/pppd/plugins/rp-pppoe/plugin.c ++++ b/pppd/plugins/rp-pppoe/plugin.c +@@ -65,6 +65,7 @@ static char *existingSession = NULL; + static int printACNames = 0; + static char *pppoe_reqd_mac = NULL; + unsigned char pppoe_reqd_mac_addr[6]; ++static char *host_uniq = NULL; + + static int PPPoEDevnameHook(char *cmd, char **argv, int doit); + static option_t Options[] = { +@@ -82,6 +83,8 @@ static option_t Options[] = { + "Be verbose about discovered access concentrators"}, + { "pppoe-mac", o_string, &pppoe_reqd_mac, + "Only connect to specified MAC address" }, ++ { "host-uniq", o_string, &host_uniq, ++ "Specify custom Host-Uniq" }, + { NULL } + }; + int (*OldDevnameHook)(char *cmd, char **argv, int doit) = NULL; +@@ -107,7 +110,6 @@ PPPOEInitDevice(void) + conn->ifName = devnam; + conn->discoverySocket = -1; + conn->sessionSocket = -1; +- conn->useHostUniq = 1; + conn->printACNames = printACNames; + conn->discoveryTimeout = PADI_TIMEOUT; + return 1; +@@ -163,6 +165,9 @@ PPPOEConnectDevice(void) + if (lcp_wantoptions[0].mru > ifr.ifr_mtu - TOTAL_OVERHEAD) + lcp_wantoptions[0].mru = ifr.ifr_mtu - TOTAL_OVERHEAD; + ++ if (host_uniq && !parseHostUniq(host_uniq, &conn->hostUniq)) ++ fatal("Illegal value for host-uniq option"); ++ + conn->acName = acName; + conn->serviceName = pppd_pppoe_service; + strlcpy(ppp_devnam, devnam, sizeof(ppp_devnam)); +--- a/pppd/plugins/rp-pppoe/pppoe-discovery.c ++++ b/pppd/plugins/rp-pppoe/pppoe-discovery.c +@@ -344,7 +344,7 @@ packetIsForMe(PPPoEConnection *conn, PPP + if (memcmp(packet->ethHdr.h_dest, conn->myEth, ETH_ALEN)) return 0; + + /* If we're not using the Host-Unique tag, then accept the packet */ +- if (!conn->useHostUniq) return 1; ++ if (!conn->hostUniq.length) return 1; + + parsePacket(packet, parseForHostUniq, &forMe); + return forMe; +@@ -470,16 +470,12 @@ sendPADI(PPPoEConnection *conn) + cursor += namelen + TAG_HDR_SIZE; + + /* If we're using Host-Uniq, copy it over */ +- if (conn->useHostUniq) { +- PPPoETag hostUniq; +- pid_t pid = getpid(); +- hostUniq.type = htons(TAG_HOST_UNIQ); +- hostUniq.length = htons(sizeof(pid)); +- memcpy(hostUniq.payload, &pid, sizeof(pid)); +- CHECK_ROOM(cursor, packet.payload, sizeof(pid) + TAG_HDR_SIZE); +- memcpy(cursor, &hostUniq, sizeof(pid) + TAG_HDR_SIZE); +- cursor += sizeof(pid) + TAG_HDR_SIZE; +- plen += sizeof(pid) + TAG_HDR_SIZE; ++ if (conn->hostUniq.length) { ++ int len = ntohs(conn->hostUniq.length); ++ CHECK_ROOM(cursor, packet.payload, len + TAG_HDR_SIZE); ++ memcpy(cursor, &conn->hostUniq, len + TAG_HDR_SIZE); ++ cursor += len + TAG_HDR_SIZE; ++ plen += len + TAG_HDR_SIZE; + } + + packet.length = htons(plen); +@@ -641,7 +637,7 @@ int main(int argc, char *argv[]) + + memset(conn, 0, sizeof(PPPoEConnection)); + +- while ((opt = getopt(argc, argv, "I:D:VUAS:C:h")) > 0) { ++ while ((opt = getopt(argc, argv, "I:D:VUW:AS:C:h")) > 0) { + switch(opt) { + case 'S': + conn->serviceName = xstrdup(optarg); +@@ -650,7 +646,23 @@ int main(int argc, char *argv[]) + conn->acName = xstrdup(optarg); + break; + case 'U': +- conn->useHostUniq = 1; ++ if(conn->hostUniq.length) { ++ fprintf(stderr, "-U and -W are mutually exclusive\n"); ++ exit(EXIT_FAILURE); ++ } ++ char pidbuf[5]; ++ snprintf(pidbuf, sizeof(pidbuf), "%04x", getpid()); ++ parseHostUniq(pidbuf, &conn->hostUniq); ++ break; ++ case 'W': ++ if(conn->hostUniq.length) { ++ fprintf(stderr, "-U and -W are mutually exclusive\n"); ++ exit(EXIT_FAILURE); ++ } ++ if (!parseHostUniq(optarg, &conn->hostUniq)) { ++ fprintf(stderr, "Invalid host-uniq argument: %s\n", optarg); ++ exit(EXIT_FAILURE); ++ } + break; + case 'D': + conn->debugFile = fopen(optarg, "w"); +--- a/pppd/plugins/rp-pppoe/pppoe.h ++++ b/pppd/plugins/rp-pppoe/pppoe.h +@@ -21,6 +21,8 @@ + + #include <stdio.h> /* For FILE */ + #include <sys/types.h> /* For pid_t */ ++#include <ctype.h> ++#include <string.h> + + /* How do we access raw Ethernet devices? */ + #undef USE_LINUX_PACKET +@@ -224,7 +226,7 @@ typedef struct PPPoEConnectionStruct { + char *serviceName; /* Desired service name, if any */ + char *acName; /* Desired AC name, if any */ + int synchronous; /* Use synchronous PPP */ +- int useHostUniq; /* Use Host-Uniq tag */ ++ PPPoETag hostUniq; /* Use Host-Uniq tag */ + int printACNames; /* Just print AC names */ + FILE *debugFile; /* Debug file for dumping packets */ + int numPADOs; /* Number of PADO packets received */ +@@ -280,6 +282,33 @@ void pppoe_printpkt(PPPoEPacket *packet, + void (*printer)(void *, char *, ...), void *arg); + void pppoe_log_packet(const char *prefix, PPPoEPacket *packet); + ++static inline int parseHostUniq(const char *uniq, PPPoETag *tag) ++{ ++ int i, len = strlen(uniq); ++ ++#define hex(x) \ ++ (((x) <= '9') ? ((x) - '0') : \ ++ (((x) <= 'F') ? ((x) - 'A' + 10) : \ ++ ((x) - 'a' + 10))) ++ ++ if (len % 2) ++ return 0; ++ ++ for (i = 0; i < len; i += 2) ++ { ++ if (!isxdigit(uniq[i]) || !isxdigit(uniq[i+1])) ++ return 0; ++ ++ tag->payload[i / 2] = (char)(16 * hex(uniq[i]) + hex(uniq[i+1])); ++ } ++ ++#undef hex ++ ++ tag->type = htons(TAG_HOST_UNIQ); ++ tag->length = htons(len / 2); ++ return 1; ++} ++ + #define SET_STRING(var, val) do { if (var) free(var); var = strDup(val); } while(0); + + #define CHECK_ROOM(cursor, start, len) \ diff --git a/package/network/services/ppp/patches/530-pppoe_send_padt.patch b/package/network/services/ppp/patches/530-pppoe_send_padt.patch new file mode 100644 index 0000000..40fa420 --- /dev/null +++ b/package/network/services/ppp/patches/530-pppoe_send_padt.patch @@ -0,0 +1,11 @@ +--- a/pppd/plugins/rp-pppoe/plugin.c ++++ b/pppd/plugins/rp-pppoe/plugin.c +@@ -275,7 +275,7 @@ PPPOEDisconnectDevice(void) + sizeof(struct sockaddr_pppox)) < 0) + error("Failed to disconnect PPPoE socket: %d %m", errno); + close(conn->sessionSocket); +- /* don't send PADT?? */ ++ sendPADT(conn, NULL); + if (conn->discoverySocket >= 0) + close(conn->discoverySocket); + } diff --git a/package/network/services/ppp/patches/531-pppoe_no_disconnect_warning.patch b/package/network/services/ppp/patches/531-pppoe_no_disconnect_warning.patch new file mode 100644 index 0000000..799e961 --- /dev/null +++ b/package/network/services/ppp/patches/531-pppoe_no_disconnect_warning.patch @@ -0,0 +1,14 @@ +--- a/pppd/plugins/rp-pppoe/plugin.c ++++ b/pppd/plugins/rp-pppoe/plugin.c +@@ -271,9 +271,8 @@ PPPOEDisconnectDevice(void) + sp.sa_addr.pppoe.sid = 0; + memcpy(sp.sa_addr.pppoe.dev, conn->ifName, IFNAMSIZ); + memcpy(sp.sa_addr.pppoe.remote, conn->peerEth, ETH_ALEN); +- if (connect(conn->sessionSocket, (struct sockaddr *) &sp, +- sizeof(struct sockaddr_pppox)) < 0) +- error("Failed to disconnect PPPoE socket: %d %m", errno); ++ connect(conn->sessionSocket, (struct sockaddr *) &sp, ++ sizeof(struct sockaddr_pppox)); + close(conn->sessionSocket); + sendPADT(conn, NULL); + if (conn->discoverySocket >= 0) diff --git a/package/network/services/ppp/patches/540-save-pppol2tp_fd_str.patch b/package/network/services/ppp/patches/540-save-pppol2tp_fd_str.patch new file mode 100644 index 0000000..7dd2ad8 --- /dev/null +++ b/package/network/services/ppp/patches/540-save-pppol2tp_fd_str.patch @@ -0,0 +1,13 @@ +--- a/pppd/plugins/pppol2tp/pppol2tp.c ++++ b/pppd/plugins/pppol2tp/pppol2tp.c +@@ -148,6 +148,10 @@ static int setdevname_pppol2tp(char **ar + fatal("PPPoL2TP kernel driver not installed"); + } + ++ pppol2tp_fd_str = strdup(*argv); ++ if (pppol2tp_fd_str == NULL) ++ novm("PPPoL2TP FD"); ++ + /* Setup option defaults. Compression options are disabled! */ + + modem = 0; diff --git a/package/network/services/ppp/patches/550-fix-printer-args.patch b/package/network/services/ppp/patches/550-fix-printer-args.patch new file mode 100644 index 0000000..0eed942 --- /dev/null +++ b/package/network/services/ppp/patches/550-fix-printer-args.patch @@ -0,0 +1,11 @@ +--- a/pppd/options.c ++++ b/pppd/options.c +@@ -1013,7 +1013,7 @@ print_option(opt, mainopt, printer, arg) + p = (char *) opt->addr2; + if ((opt->flags & OPT_STATIC) == 0) + p = *(char **)p; +- printer("%q", p); ++ printer(arg, "%q", p); + } else if (opt->flags & OPT_A2LIST) { + struct option_value *ovp; + diff --git a/package/network/services/ppp/utils/pfc.c b/package/network/services/ppp/utils/pfc.c new file mode 100644 index 0000000..5476be1 --- /dev/null +++ b/package/network/services/ppp/utils/pfc.c @@ -0,0 +1,51 @@ +/* + * Taken from fli4l 3.0 + * Make sure you compile it against the same libpcap version used in OpenWrt + */ + +#include <stdlib.h> +#include <sys/types.h> +#include <sys/time.h> +#include <string.h> + +#include <linux/types.h> +#include <linux/ppp_defs.h> + +#include <pcap.h> +#include <pcap-bpf.h> + +int main (int argc, char ** argv) +{ + pcap_t *pc; /* Fake struct pcap so we can compile expr */ + struct bpf_program filter; /* Filter program for link-active pkts */ + u_int32_t netmask=0; + + int dflag = 3; + if (argc == 4) + { + if (!strcmp (argv[1], "-d")) + { + dflag = atoi (argv[2]); + argv += 2; + argc -=2; + } + } + if (argc != 2) + { + printf ("usage; %s [ -d <debug_level> ] expression\n", argv[0]); + return 1; + } + + pc = pcap_open_dead(DLT_PPP_PPPD, PPP_HDRLEN); + if (pcap_compile(pc, &filter, argv[1], 1, netmask) == 0) + { + printf ("#\n# Expression: %s\n#\n", argv[1]); + bpf_dump (&filter, dflag); + return 0; + } + else + { + printf("error in active-filter expression: %s\n", pcap_geterr(pc)); + } + return 1; +} diff --git a/package/network/services/relayd/Makefile b/package/network/services/relayd/Makefile new file mode 100644 index 0000000..8bfddba --- /dev/null +++ b/package/network/services/relayd/Makefile @@ -0,0 +1,45 @@ +# +# Copyright (C) 2010-2011 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=relayd +PKG_VERSION:=2015-10-29 +PKG_RELEASE=$(PKG_SOURCE_VERSION) + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 +PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION) +PKG_SOURCE_URL:=git://nbd.name/relayd.git +PKG_SOURCE_PROTO:=git +PKG_SOURCE_VERSION:=83dba5d525a3b7c2ae4fcb24961143bfcfc93ba7 + +PKG_MAINTAINER:=Felix Fietkau <nbd@openwrt.org> +PKG_LICENSE:=GPL-2.0 + +include $(INCLUDE_DIR)/package.mk +include $(INCLUDE_DIR)/cmake.mk + +define Package/relayd + SECTION:=net + CATEGORY:=Network + SUBMENU:=Routing and Redirection + TITLE:=Transparent routing / relay daemon + DEPENDS:=+libubox +endef + +TARGET_CFLAGS += -I$(STAGING_DIR)/usr/include + +define Package/relayd/install + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_BUILD_DIR)/relayd $(1)/usr/sbin/relayd + $(INSTALL_DIR) $(1)/etc/hotplug.d/iface + $(INSTALL_DATA) ./files/relay.hotplug $(1)/etc/hotplug.d/iface/30-relay + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/relay.init $(1)/etc/init.d/relayd +endef + +$(eval $(call BuildPackage,relayd)) diff --git a/package/network/services/relayd/files/relay.hotplug b/package/network/services/relayd/files/relay.hotplug new file mode 100644 index 0000000..afffbfe --- /dev/null +++ b/package/network/services/relayd/files/relay.hotplug @@ -0,0 +1,2 @@ +#!/bin/sh +/etc/init.d/relayd enabled && /etc/init.d/relayd start diff --git a/package/network/services/relayd/files/relay.init b/package/network/services/relayd/files/relay.init new file mode 100644 index 0000000..c628863 --- /dev/null +++ b/package/network/services/relayd/files/relay.init @@ -0,0 +1,115 @@ +#!/bin/sh /etc/rc.common +# Copyright (c) 2011-2012 OpenWrt.org + +START=80 + +USE_PROCD=1 +PROG=/usr/sbin/relayd + +validate_proto_relayd() +{ + uci_validate_section network "interface" "${1}" \ + 'network:list(string)' \ + 'expiry:uinteger:30' \ + 'retry:uinteger:5' \ + 'table:range(0, 65535):16800' \ + 'forward_bcast:bool:1' \ + 'forward_dhcp:bool:1' +} + +resolve_ifname() { + grep -qs "^ *$1:" /proc/net/dev && { + procd_append_param command -I "$1" + append ifaces "$1" + } +} + +resolve_network() { + local ifn + fixup_interface "$1" + config_get ifn "$1" ifname + [ -z "$ifn" ] && return 1 + resolve_ifname "$ifn" +} + +start_relay() { + local cfg="$1" + + local args="" + local ifaces="" + + config_get proto "$cfg" proto + [ "$proto" = "relay" ] || return 0 + + config_get_bool disabled "$cfg" disabled 0 + [ "$disabled" -gt 0 ] && return 0 + + SERVICE_DAEMONIZE=1 + SERVICE_WRITE_PID=1 + SERVICE_PID_FILE="/var/run/relay-$cfg.pid" + [ -f "$SERVICE_PID_FILE" ] && { + if grep -q relayd "/proc/$(cat $SERVICE_PID_FILE)/cmdline"; then + return 0 + else + rm -f "$SERVICE_PID_FILE" + fi + } + + procd_open_instance + procd_set_param command "$PROG" + + local net networks + config_get networks "$cfg" network + for net in $networks; do + resolve_network "$net" || { + return 1 + } + done + + local ifn ifnames + config_get ifnames "$cfg" ifname + for ifn in $ifnames; do + resolve_ifname "$ifn" + done + + local ipaddr + config_get ipaddr "$cfg" ipaddr + [ -n "$ipaddr" ] && procd_append_param command -L "$ipaddr" + + local gateway + config_get gateway "$cfg" gateway + [ -n "$gateway" ] && procd_append_param command -G "$gateway" + + local expiry # = 30 + config_get expiry "$cfg" expiry + [ -n "$expiry" ] && procd_append_param command "$expiry" + + local retry # = 5 + config_get retry "$cfg" retry + [ -n "$retry" ] && procd_append_param command -p "$retry" + + local table # = 16800 + config_get table "$cfg" table + [ -n "$table" ] && procd_append_param command -T "$table" + + local fwd_bcast # = 1 + config_get_bool fwd_bcast "$cfg" forward_bcast 1 + [ $fwd_bcast -eq 1 ] && procd_append_param command "-B" + + local fwd_dhcp # = 1 + config_get_bool fwd_dhcp "$cfg" forward_dhcp 1 + [ $fwd_dhcp -eq 1 ] && procd_append_param command "-D" + + procd_close_instance +} + +service_triggers() +{ + procd_add_reload_trigger "network" +} + +start_service() { + include /lib/network + config_load network + config_foreach start_relay interface +} diff --git a/package/network/services/samba36/Makefile b/package/network/services/samba36/Makefile new file mode 100644 index 0000000..9e282f0 --- /dev/null +++ b/package/network/services/samba36/Makefile @@ -0,0 +1,160 @@ +# +# Copyright (C) 2007-2014 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=samba +PKG_VERSION:=3.6.25 +PKG_RELEASE:=4 + +PKG_SOURCE_URL:=http://ftp.samba.org/pub/samba \ + http://ftp.samba.org/pub/samba/stable +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_MD5SUM:=76da2fa64edd94a0188531e7ecb27c4e + +PKG_LICENSE:=GPL-3.0 +PKG_LICENSE_FILES:=COPYING + +PKG_MAINTAINER:=Felix Fietkau <nbd@openwrt.org> + +PKG_BUILD_PARALLEL:=1 + +include $(INCLUDE_DIR)/package.mk + +MAKE_PATH:=source3 +CONFIGURE_PATH:=source3 + +PKG_BUILD_BIN:=$(PKG_BUILD_DIR)/$(MAKE_PATH)/bin + +define Package/samba36-server + SECTION:=net + CATEGORY:=Network + TITLE:=Samba 3.6 SMB/CIFS server + URL:=http://www.samba.org/ + DEPENDS:=+USE_GLIBC:librt $(ICONV_DEPENDS) +endef + +define Package/samba36-client + SECTION:=net + CATEGORY:=Network + TITLE:=Samba 3.6 SMB/CIFS client + URL:=http://www.samba.org/ + DEPENDS:=+libreadline +libncurses +endef + +define Package/samba36-server/config + config PACKAGE_SAMBA_MAX_DEBUG_LEVEL + int "Maximum level of compiled-in debug messages" + depends on PACKAGE_samba36-server || PACKAGE_samba36-client + default -1 + +endef + +define Package/samba36-server/description + The Samba software suite is a collection of programs that implements the + SMB protocol for UNIX systems, allowing you to serve files and printers to + Windows, NT, OS/2 and DOS clients. This protocol is sometimes also referred + to as the LanManager or Netbios protocol. +endef + +TARGET_CFLAGS += -DMAX_DEBUG_LEVEL=$(CONFIG_PACKAGE_SAMBA_MAX_DEBUG_LEVEL) -D__location__=\\\"\\\" -ffunction-sections -fdata-sections +TARGET_LDFLAGS += -Wl,--gc-sections + +CONFIGURE_VARS += \ + ac_cv_lib_attr_getxattr=no \ + ac_cv_search_getxattr=no \ + ac_cv_file__proc_sys_kernel_core_pattern=yes \ + libreplace_cv_HAVE_C99_VSNPRINTF=yes \ + libreplace_cv_HAVE_GETADDRINFO=yes \ + libreplace_cv_HAVE_IFACE_IFCONF=yes \ + LINUX_LFS_SUPPORT=yes \ + samba_cv_CC_NEGATIVE_ENUM_VALUES=yes \ + samba_cv_HAVE_GETTIMEOFDAY_TZ=yes \ + samba_cv_HAVE_IFACE_IFCONF=yes \ + samba_cv_HAVE_KERNEL_OPLOCKS_LINUX=yes \ + samba_cv_HAVE_SECURE_MKSTEMP=yes \ + samba_cv_HAVE_WRFILE_KEYTAB=no \ + samba_cv_USE_SETREUID=yes \ + samba_cv_USE_SETRESUID=yes \ + samba_cv_have_setreuid=yes \ + samba_cv_have_setresuid=yes \ + ac_cv_header_zlib_h=no \ + samba_cv_zlib_1_2_3=no \ + ac_cv_path_PYTHON="" \ + ac_cv_path_PYTHON_CONFIG="" + +CONFIGURE_ARGS += \ + --exec-prefix=/usr \ + --prefix=/ \ + --disable-avahi \ + --disable-cups \ + --disable-pie \ + --disable-relro \ + --disable-static \ + --disable-swat \ + --disable-shared-libs \ + --with-libiconv="$(ICONV_PREFIX)" \ + --with-codepagedir=/etc/samba \ + --with-configdir=/etc/samba \ + --with-included-iniparser \ + --with-included-popt \ + --with-lockdir=/var/lock \ + --with-logfilebase=/var/log \ + --with-nmbdsocketdir=/var/nmbd \ + --with-piddir=/var/run \ + --with-privatedir=/etc/samba \ + --with-sendfile-support \ + --without-acl-support \ + --without-cluster-support \ + --without-ads \ + --without-krb5 \ + --without-ldap \ + --without-pam \ + --without-winbind \ + --without-libtdb \ + --without-libtalloc \ + --without-libnetapi \ + --without-libsmbclient \ + --without-libsmbsharemodes \ + --without-libtevent \ + --without-libaddns \ + --with-shared-modules=pdb_tdbsam,pdb_wbc_sam,idmap_nss,nss_info_template,auth_winbind,auth_wbc,auth_domain + +MAKE_FLAGS += DYNEXP= PICFLAG= MODULES= + +define Package/samba36-server/conffiles +/etc/config/samba +/etc/samba/smb.conf.template +/etc/samba/smbpasswd +endef + +define Package/samba36-server/install + $(INSTALL_DIR) $(1)/etc/config + $(INSTALL_CONF) ./files/samba.config $(1)/etc/config/samba + $(INSTALL_DIR) $(1)/etc/samba + $(INSTALL_DATA) ./files/smb.conf.template $(1)/etc/samba + $(INSTALL_DATA) $(PKG_BUILD_DIR)/codepages/lowcase.dat $(1)/etc/samba + $(INSTALL_DATA) $(PKG_BUILD_DIR)/codepages/upcase.dat $(1)/etc/samba + $(INSTALL_DATA) $(PKG_BUILD_DIR)/codepages/valid.dat $(1)/etc/samba + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/samba.init $(1)/etc/init.d/samba + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_BUILD_BIN)/samba_multicall $(1)/usr/sbin + $(LN) samba_multicall $(1)/usr/sbin/smbd + $(LN) samba_multicall $(1)/usr/sbin/nmbd + $(LN) samba_multicall $(1)/usr/sbin/smbpasswd +endef + +define Package/samba36-client/install + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_BUILD_BIN)/smbclient $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_BUILD_BIN)/nmblookup $(1)/usr/sbin +endef + +$(eval $(call BuildPackage,samba36-client)) +$(eval $(call BuildPackage,samba36-server)) + diff --git a/package/network/services/samba36/files/samba.config b/package/network/services/samba36/files/samba.config new file mode 100644 index 0000000..c79db0d --- /dev/null +++ b/package/network/services/samba36/files/samba.config @@ -0,0 +1,6 @@ +config samba + option 'name' 'OpenWrt' + option 'workgroup' 'WORKGROUP' + option 'description' 'OpenWrt' + option 'homes' '1' + diff --git a/package/network/services/samba36/files/samba.init b/package/network/services/samba36/files/samba.init new file mode 100755 index 0000000..376ae89 --- /dev/null +++ b/package/network/services/samba36/files/samba.init @@ -0,0 +1,118 @@ +#!/bin/sh /etc/rc.common +# Copyright (C) 2008-2012 OpenWrt.org + +START=60 +USE_PROCD=1 + +smb_header() { + local interface + config_get interface $1 interface "loopback lan" + + # resolve interfaces + local interfaces=$( + . /lib/functions/network.sh + + local net + for net in $interface; do + local device + network_get_device device "$net" && { + local subnet + network_get_subnet subnet "$net" && echo -n "$subnet " + network_get_subnet6 subnet "$net" && echo -n "$subnet " + } + + echo -n "${device:-$net} " + done + ) + + local name workgroup description charset + local hostname="$(uci_get system.@system[0].hostname)" + + config_get name $1 name "${hostname:-OpenWrt}" + config_get workgroup $1 workgroup "${hostname:-OpenWrt}" + config_get description $1 description "Samba on ${hostname:-OpenWrt}" + config_get charset $1 charset "UTF-8" + + mkdir -p /var/etc + sed -e "s#|NAME|#$name#g" \ + -e "s#|WORKGROUP|#$workgroup#g" \ + -e "s#|DESCRIPTION|#$description#g" \ + -e "s#|INTERFACES|#$interfaces#g" \ + -e "s#|CHARSET|#$charset#g" \ + /etc/samba/smb.conf.template > /var/etc/smb.conf + + local homes + config_get_bool homes $1 homes 0 + [ $homes -gt 0 ] && { + cat <<EOT >> /var/etc/smb.conf + +[homes] + comment = Home Directories + browsable = no + read only = no + create mode = 0750 +EOT + } + + [ -L /etc/samba/smb.conf ] || ln -nsf /var/etc/smb.conf /etc/samba/smb.conf +} + +smb_add_share() { + local name + local path + local users + local read_only + local guest_ok + local create_mask + local dir_mask + local browseable + + config_get name $1 name + config_get path $1 path + config_get users $1 users + config_get read_only $1 read_only + config_get guest_ok $1 guest_ok + config_get create_mask $1 create_mask + config_get dir_mask $1 dir_mask + config_get browseable $1 browseable + + [ -z "$name" -o -z "$path" ] && return + + echo -e "\n[$name]\n\tpath = $path" >> /var/etc/smb.conf + [ -n "$users" ] && echo -e "\tvalid users = $users" >> /var/etc/smb.conf + [ -n "$read_only" ] && echo -e "\tread only = $read_only" >> /var/etc/smb.conf + [ -n "$guest_ok" ] && echo -e "\tguest ok = $guest_ok" >> /var/etc/smb.conf + [ -n "$create_mask" ] && echo -e "\tcreate mask = $create_mask" >> /var/etc/smb.conf + [ -n "$dir_mask" ] && echo -e "\tdirectory mask = $dir_mask" >> /var/etc/smb.conf + [ -n "$browseable" ] && echo -e "\tbrowseable = $browseable" >> /var/etc/smb.conf +} + +init_config() { + config_load samba + config_foreach smb_header samba + config_foreach smb_add_share sambashare +} + +reload_service() { + init_config + + killall -HUP smbd +} + +service_triggers() { + procd_add_reload_trigger samba +} + +start_service() { + init_config + + procd_open_instance + procd_set_param command /usr/sbin/smbd -F + procd_set_param respawn + procd_close_instance + + procd_open_instance + procd_set_param command /usr/sbin/nmbd -F + procd_set_param respawn + procd_close_instance +} diff --git a/package/network/services/samba36/files/smb.conf.template b/package/network/services/samba36/files/smb.conf.template new file mode 100644 index 0000000..38a3855 --- /dev/null +++ b/package/network/services/samba36/files/smb.conf.template @@ -0,0 +1,34 @@ +[global] + netbios name = |NAME| + display charset = |CHARSET| + interfaces = |INTERFACES| + server string = |DESCRIPTION| + unix charset = |CHARSET| + workgroup = |WORKGROUP| + browseable = yes + deadtime = 30 + domain master = yes + encrypt passwords = true + enable core files = no + guest account = nobody + guest ok = yes + invalid users = root + local master = yes + load printers = no + map to guest = Bad User + max protocol = SMB2 + min receivefile size = 16384 + null passwords = yes + obey pam restrictions = yes + os level = 20 + passdb backend = smbpasswd + preferred master = yes + printable = no + security = user + smb encrypt = disabled + smb passwd file = /etc/samba/smbpasswd + socket options = TCP_NODELAY IPTOS_LOWDELAY + syslog = 2 + use sendfile = yes + writeable = yes + diff --git a/package/network/services/samba36/patches/100-configure_fixes.patch b/package/network/services/samba36/patches/100-configure_fixes.patch new file mode 100644 index 0000000..16e35c8 --- /dev/null +++ b/package/network/services/samba36/patches/100-configure_fixes.patch @@ -0,0 +1,14 @@ +--- a/source3/configure ++++ b/source3/configure +@@ -13294,10 +13294,7 @@ if test x"$libreplace_cv_HAVE_GETADDRINF + # see bug 5910, use our replacements if we detect + # a broken system. + if test "$cross_compiling" = yes; then : +- { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +-$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +-as_fn_error $? "cannot run test program while cross compiling +-See \`config.log' for more details" "$LINENO" 5; } ++ $as_echo "assuming valid getaddrinfo without bug 5910" >&2 + else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext + /* end confdefs.h. */ diff --git a/package/network/services/samba36/patches/110-multicall.patch b/package/network/services/samba36/patches/110-multicall.patch new file mode 100644 index 0000000..22e6a3c --- /dev/null +++ b/package/network/services/samba36/patches/110-multicall.patch @@ -0,0 +1,119 @@ +--- a/source3/Makefile.in ++++ b/source3/Makefile.in +@@ -73,22 +73,22 @@ LDAP_LIBS=@LDAP_LIBS@ + NSCD_LIBS=@NSCD_LIBS@ + UUID_LIBS=@UUID_LIBS@ + LIBWBCLIENT=@LIBWBCLIENT_STATIC@ @LIBWBCLIENT_SHARED@ +-LIBWBCLIENT_LIBS=@LIBWBCLIENT_LIBS@ ++LIBWBCLIENT_LIBS=@LIBWBCLIENT_STATIC@ + PTHREAD_LDFLAGS=@PTHREAD_LDFLAGS@ + PTHREAD_CFLAGS=@PTHREAD_CFLAGS@ + DNSSD_LIBS=@DNSSD_LIBS@ + AVAHI_LIBS=@AVAHI_LIBS@ + POPT_LIBS=@POPTLIBS@ + LIBTALLOC=@LIBTALLOC_STATIC@ @LIBTALLOC_SHARED@ +-LIBTALLOC_LIBS=@LIBTALLOC_LIBS@ ++LIBTALLOC_LIBS=@LIBTALLOC_STATIC@ + LIBTEVENT=@LIBTEVENT_STATIC@ @LIBTEVENT_SHARED@ + LIBTEVENT_LIBS=@LIBTEVENT_LIBS@ + LIBREPLACE_LIBS=@LIBREPLACE_LIBS@ + LIBTDB=@LIBTDB_STATIC@ @LIBTDB_SHARED@ +-LIBTDB_LIBS=@LIBTDB_LIBS@ ++LIBTDB_LIBS=@LIBTDB_STATIC@ + TDB_DEPS=@TDB_DEPS@ + LIBNETAPI=@LIBNETAPI_STATIC@ @LIBNETAPI_SHARED@ +-LIBNETAPI_LIBS=@LIBNETAPI_LIBS@ ++LIBNETAPI_LIBS=@LIBNETAPI_STATIC@ + LIBSMBCLIENT_LIBS=@LIBSMBCLIENT_LIBS@ + LIBSMBSHAREMODES_LIBS=@LIBSMBSHAREMODES_LIBS@ + +@@ -216,7 +216,7 @@ PATH_FLAGS = -DSMB_PASSWD_FILE=\"$(SMB_P + + # Note that all executable programs now provide for an optional executable suffix. + +-SBIN_PROGS = bin/smbd@EXEEXT@ bin/nmbd@EXEEXT@ @SWAT_SBIN_TARGETS@ @EXTRA_SBIN_PROGS@ ++SBIN_PROGS = bin/samba_multicall@EXEEXT@ bin/smbd@EXEEXT@ bin/nmbd@EXEEXT@ @SWAT_SBIN_TARGETS@ @EXTRA_SBIN_PROGS@ + + BIN_PROGS1 = bin/smbclient@EXEEXT@ bin/net@EXEEXT@ bin/smbspool@EXEEXT@ \ + bin/testparm@EXEEXT@ bin/smbstatus@EXEEXT@ bin/smbget@EXEEXT@ \ +@@ -1777,6 +1777,42 @@ bin/.dummy: + dir=bin $(MAKEDIR); fi + @: >> $@ || : > $@ # what a fancy emoticon! + ++smbd/server_multicall.o: smbd/server.c smbd/server.o ++ @echo Compiling $<.c ++ @$(COMPILE_CC_PATH) -Dmain=smbd_main && exit 0;\ ++ echo "The following command failed:" 1>&2;\ ++ echo "$(COMPILE_CC_PATH)" 1>&2;\ ++ $(COMPILE_CC_PATH) >/dev/null 2>&1 ++ ++nmbd/nmbd_multicall.o: nmbd/nmbd.c nmbd/nmbd.o ++ @echo Compiling $<.c ++ @$(COMPILE_CC_PATH) -Dmain=nmbd_main && exit 0;\ ++ echo "The following command failed:" 1>&2;\ ++ echo "$(COMPILE_CC_PATH)" 1>&2;\ ++ $(COMPILE_CC_PATH) >/dev/null 2>&1 ++ ++utils/smbpasswd_multicall.o: utils/smbpasswd.c utils/smbpasswd.o ++ @echo Compiling $<.c ++ @$(COMPILE_CC_PATH) -Dmain=smbpasswd_main && exit 0;\ ++ echo "The following command failed:" 1>&2;\ ++ echo "$(COMPILE_CC_PATH)" 1>&2;\ ++ $(COMPILE_CC_PATH) >/dev/null 2>&1 ++ ++SMBD_MULTI_O = $(patsubst smbd/server.o,smbd/server_multicall.o,$(SMBD_OBJ)) ++NMBD_MULTI_O = $(patsubst nmbd/nmbd.o,nmbd/nmbd_multicall.o,$(filter-out $(LIB_DUMMY_OBJ),$(NMBD_OBJ))) ++SMBPASSWD_MULTI_O = $(patsubst utils/smbpasswd.o,utils/smbpasswd_multicall.o,$(filter-out $(LIB_DUMMY_OBJ),$(SMBPASSWD_OBJ))) ++MULTI_O = multi.o ++ ++MULTICALL_O = $(sort $(SMBD_MULTI_O) $(NMBD_MULTI_O) $(SMBPASSWD_MULTI_O) $(MULTI_O)) ++ ++bin/samba_multicall@EXEEXT@: $(BINARY_PREREQS) $(MULTICALL_O) $(LIBTALLOC) $(LIBTDB) $(LIBWBCLIENT) @BUILD_POPT@ ++ @echo Linking $@ ++ @$(CC) -o $@ $(MULTICALL_O) $(LDFLAGS) $(LDAP_LIBS) @SMBD_FAM_LIBS@ \ ++ $(KRB5LIBS) $(DYNEXP) $(PRINT_LIBS) $(AUTH_LIBS) \ ++ $(ACL_LIBS) $(PASSDB_LIBS) $(LIBS) $(DNSSD_LIBS) $(AVAHI_LIBS) \ ++ $(POPT_LIBS) @SMBD_LIBS@ $(LIBTALLOC_LIBS) $(LIBTEVENT_LIBS) $(LIBTDB_LIBS) \ ++ $(LIBWBCLIENT_LIBS) $(ZLIB_LIBS) ++ + bin/smbd@EXEEXT@: $(BINARY_PREREQS) $(SMBD_OBJ) $(LIBTALLOC) $(LIBTEVENT) $(LIBTDB) $(LIBWBCLIENT) @BUILD_POPT@ + @echo Linking $@ + @$(CC) -o $@ $(SMBD_OBJ) $(LDFLAGS) $(LDAP_LIBS) @SMBD_FAM_LIBS@ \ +--- /dev/null ++++ b/source3/multi.c +@@ -0,0 +1,35 @@ ++#include <stdio.h> ++#include <string.h> ++ ++extern int smbd_main(int argc, char **argv); ++extern int nmbd_main(int argc, char **argv); ++extern int smbpasswd_main(int argc, char **argv); ++ ++static struct { ++ const char *name; ++ int (*func)(int argc, char **argv); ++} multicall[] = { ++ { "smbd", smbd_main }, ++ { "nmbd", nmbd_main }, ++ { "smbpasswd", smbpasswd_main }, ++}; ++ ++#define ARRAY_SIZE(a) (sizeof(a) / sizeof(a[0])) ++ ++int main(int argc, char **argv) ++{ ++ int i; ++ ++ for (i = 0; i < ARRAY_SIZE(multicall); i++) { ++ if (strstr(argv[0], multicall[i].name)) ++ return multicall[i].func(argc, argv); ++ } ++ ++ fprintf(stderr, "Invalid multicall command, available commands:"); ++ for (i = 0; i < ARRAY_SIZE(multicall); i++) ++ fprintf(stderr, " %s", multicall[i].name); ++ ++ fprintf(stderr, "\n"); ++ ++ return 1; ++} diff --git a/package/network/services/samba36/patches/111-owrt_smbpasswd.patch b/package/network/services/samba36/patches/111-owrt_smbpasswd.patch new file mode 100644 index 0000000..79abea5 --- /dev/null +++ b/package/network/services/samba36/patches/111-owrt_smbpasswd.patch @@ -0,0 +1,281 @@ +--- a/source3/Makefile.in ++++ b/source3/Makefile.in +@@ -1019,7 +1019,7 @@ TEST_LP_LOAD_OBJ = param/test_lp_load.o + + PASSWD_UTIL_OBJ = utils/passwd_util.o + +-SMBPASSWD_OBJ = utils/smbpasswd.o $(PASSWD_UTIL_OBJ) $(PASSCHANGE_OBJ) \ ++SMBPASSWD_OBJ = utils/owrt_smbpasswd.o $(PASSWD_UTIL_OBJ) $(PASSCHANGE_OBJ) \ + $(PARAM_OBJ) $(LIBSMB_OBJ) $(PASSDB_OBJ) \ + $(GROUPDB_OBJ) $(LIB_NONSMBD_OBJ) $(KRBCLIENT_OBJ) \ + $(POPT_LIB_OBJ) $(SMBLDAP_OBJ) \ +@@ -1791,7 +1791,7 @@ nmbd/nmbd_multicall.o: nmbd/nmbd.c nmbd/ + echo "$(COMPILE_CC_PATH)" 1>&2;\ + $(COMPILE_CC_PATH) >/dev/null 2>&1 + +-utils/smbpasswd_multicall.o: utils/smbpasswd.c utils/smbpasswd.o ++utils/smbpasswd_multicall.o: utils/owrt_smbpasswd.c utils/owrt_smbpasswd.o + @echo Compiling $<.c + @$(COMPILE_CC_PATH) -Dmain=smbpasswd_main && exit 0;\ + echo "The following command failed:" 1>&2;\ +@@ -1800,7 +1800,7 @@ utils/smbpasswd_multicall.o: utils/smbpa + + SMBD_MULTI_O = $(patsubst smbd/server.o,smbd/server_multicall.o,$(SMBD_OBJ)) + NMBD_MULTI_O = $(patsubst nmbd/nmbd.o,nmbd/nmbd_multicall.o,$(filter-out $(LIB_DUMMY_OBJ),$(NMBD_OBJ))) +-SMBPASSWD_MULTI_O = $(patsubst utils/smbpasswd.o,utils/smbpasswd_multicall.o,$(filter-out $(LIB_DUMMY_OBJ),$(SMBPASSWD_OBJ))) ++SMBPASSWD_MULTI_O = $(patsubst utils/owrt_smbpasswd.o,utils/smbpasswd_multicall.o,$(filter-out $(LIB_DUMMY_OBJ),$(SMBPASSWD_OBJ))) + MULTI_O = multi.o + + MULTICALL_O = $(sort $(SMBD_MULTI_O) $(NMBD_MULTI_O) $(SMBPASSWD_MULTI_O) $(MULTI_O)) +--- /dev/null ++++ b/source3/utils/owrt_smbpasswd.c +@@ -0,0 +1,249 @@ ++/* ++ * Copyright (C) 2012 Felix Fietkau <nbd@openwrt.org> ++ * Copyright (C) 2008 John Crispin <blogic@openwrt.org> ++ * ++ * This program is free software; you can redistribute it and/or modify it ++ * under the terms of the GNU General Public License as published by the ++ * Free Software Foundation; either version 2 of the License, or (at your ++ * option) any later version. ++ * ++ * This program is distributed in the hope that it will be useful, but WITHOUT ++ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or ++ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for ++ * more details. ++ * ++ * You should have received a copy of the GNU General Public License along with ++ * this program; if not, write to the Free Software Foundation, Inc., 675 ++ * Mass Ave, Cambridge, MA 02139, USA. */ ++ ++#include "includes.h" ++#include <endian.h> ++#include <stdio.h> ++ ++static char buf[256]; ++ ++static void md4hash(const char *passwd, uchar p16[16]) ++{ ++ int len; ++ smb_ucs2_t wpwd[129]; ++ int i; ++ ++ len = strlen(passwd); ++ for (i = 0; i < len; i++) { ++#if __BYTE_ORDER == __LITTLE_ENDIAN ++ wpwd[i] = (unsigned char)passwd[i]; ++#else ++ wpwd[i] = (unsigned char)passwd[i] << 8; ++#endif ++ } ++ wpwd[i] = 0; ++ ++ len = len * sizeof(int16); ++ mdfour(p16, (unsigned char *)wpwd, len); ++ ZERO_STRUCT(wpwd); ++} ++ ++ ++static bool find_passwd_line(FILE *fp, const char *user, char **next) ++{ ++ char *p1; ++ ++ while (!feof(fp)) { ++ if(!fgets(buf, sizeof(buf) - 1, fp)) ++ continue; ++ ++ p1 = strchr(buf, ':'); ++ ++ if (p1 - buf != strlen(user)) ++ continue; ++ ++ if (strncmp(buf, user, p1 - buf) != 0) ++ continue; ++ ++ if (next) ++ *next = p1; ++ return true; ++ } ++ return false; ++} ++ ++/* returns -1 if user is not present in /etc/passwd*/ ++static int find_uid_for_user(const char *user) ++{ ++ FILE *fp; ++ char *p1, *p2, *p3; ++ int ret = -1; ++ ++ fp = fopen("/etc/passwd", "r"); ++ if (!fp) { ++ printf("failed to open /etc/passwd"); ++ goto out; ++ } ++ ++ if (!find_passwd_line(fp, user, &p1)) { ++ printf("User %s not found or invalid in /etc/passwd\n", user); ++ goto out; ++ } ++ ++ p2 = strchr(p1 + 1, ':'); ++ if (!p2) ++ goto out; ++ ++ p2++; ++ p3 = strchr(p2, ':'); ++ if (!p1) ++ goto out; ++ ++ *p3 = '\0'; ++ ret = atoi(p2); ++ ++out: ++ if(fp) ++ fclose(fp); ++ return ret; ++} ++ ++static void smbpasswd_write_user(FILE *fp, const char *user, int uid, const char *password) ++{ ++ static uchar nt_p16[NT_HASH_LEN]; ++ int len = 0; ++ int i; ++ ++ md4hash(strdup(password), nt_p16); ++ ++ len += snprintf(buf + len, sizeof(buf) - len, "%s:%u:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:", user, uid); ++ for(i = 0; i < NT_HASH_LEN; i++) ++ len += snprintf(buf + len, sizeof(buf) - len, "%02X", nt_p16[i]); ++ ++ snprintf(buf + len, sizeof(buf) - len, ":[U ]:LCT-00000001:\n"); ++ fputs(buf, fp); ++} ++ ++static void smbpasswd_delete_user(FILE *fp) ++{ ++ fpos_t r_pos, w_pos; ++ int len = strlen(buf); ++ ++ fgetpos(fp, &r_pos); ++ fseek(fp, -len, SEEK_CUR); ++ fgetpos(fp, &w_pos); ++ fsetpos(fp, &r_pos); ++ ++ while (fgets(buf, sizeof(buf) - 1, fp)) { ++ int cur_len = strlen(buf); ++ ++ fsetpos(fp, &w_pos); ++ fputs(buf, fp); ++ fgetpos(fp, &w_pos); ++ ++ fsetpos(fp, &r_pos); ++ fseek(fp, cur_len, SEEK_CUR); ++ fgetpos(fp, &r_pos); ++ } ++ ++ fsetpos(fp, &w_pos); ++ ftruncate(fileno(fp), ftello(fp)); ++} ++ ++static int usage(const char *progname) ++{ ++ fprintf(stderr, ++ "Usage: %s [options] <username>\n" ++ "\n" ++ "Options:\n" ++ " -s read password from stdin\n" ++ " -a add user\n" ++ " -x delete user\n", ++ progname); ++ return 1; ++} ++ ++int main(int argc, char **argv) ++{ ++ const char *prog = argv[0]; ++ const char *user; ++ char *pw1, *pw2; ++ FILE *fp; ++ bool add = false, delete = false, get_stdin = false, found; ++ int ch; ++ int uid; ++ ++ TALLOC_CTX *frame = talloc_stackframe(); ++ ++ while ((ch = getopt(argc, argv, "asx")) != EOF) { ++ switch (ch) { ++ case 's': ++ get_stdin = true; ++ break; ++ case 'a': ++ add = true; ++ break; ++ case 'x': ++ delete = true; ++ break; ++ default: ++ return usage(prog); ++ } ++ } ++ ++ if (add && delete) ++ return usage(prog); ++ ++ argc -= optind; ++ argv += optind; ++ ++ if (!argc) ++ return usage(prog); ++ ++ user = argv[0]; ++ if (!delete) { ++ uid = find_uid_for_user(user); ++ if (uid < 0) { ++ fprintf(stderr, "Could not find user '%s' in /etc/passwd\n", user); ++ return 2; ++ } ++ } ++ ++ fp = fopen("/etc/samba/smbpasswd", "r+"); ++ if(!fp) { ++ fprintf(stderr, "Failed to open /etc/samba/smbpasswd"); ++ return 3; ++ } ++ ++ found = find_passwd_line(fp, user, NULL); ++ if (!add && !found) { ++ fprintf(stderr, "Could not find user '%s' in /etc/samba/smbpasswd\n", user); ++ return 3; ++ } ++ ++ if (delete) { ++ smbpasswd_delete_user(fp); ++ goto out; ++ } ++ ++ pw1 = get_pass("New SMB password:", get_stdin); ++ if (!pw1) ++ pw1 = strdup(""); ++ ++ pw2 = get_pass("Retype SMB password:", get_stdin); ++ if (!pw2) ++ pw2 = strdup(""); ++ ++ if (strcmp(pw1, pw2) != 0) { ++ fprintf(stderr, "Mismatch - password unchanged.\n"); ++ goto out_free; ++ } ++ ++ if (found) ++ fseek(fp, -strlen(buf), SEEK_CUR); ++ smbpasswd_write_user(fp, user, uid, pw2); ++ ++out_free: ++ free(pw1); ++ free(pw2); ++out: ++ fclose(fp); ++ TALLOC_FREE(frame); ++ ++ return 0; ++} diff --git a/package/network/services/samba36/patches/120-add_missing_ifdef.patch b/package/network/services/samba36/patches/120-add_missing_ifdef.patch new file mode 100644 index 0000000..dbd9adc --- /dev/null +++ b/package/network/services/samba36/patches/120-add_missing_ifdef.patch @@ -0,0 +1,26 @@ +--- a/source3/librpc/rpc/rpc_common.c ++++ b/source3/librpc/rpc/rpc_common.c +@@ -119,9 +119,11 @@ static bool initialize_interfaces(void) + if (!smb_register_ndr_interface(&ndr_table_netdfs)) { + return false; + } ++#ifdef DEVELOPER + if (!smb_register_ndr_interface(&ndr_table_rpcecho)) { + return false; + } ++#endif + if (!smb_register_ndr_interface(&ndr_table_initshutdown)) { + return false; + } +--- a/source3/rpcclient/rpcclient.c ++++ b/source3/rpcclient/rpcclient.c +@@ -628,7 +628,9 @@ static struct cmd_set *rpcclient_command + netlogon_commands, + srvsvc_commands, + dfs_commands, ++#ifdef DEVELOPER + echo_commands, ++#endif + epmapper_commands, + shutdown_commands, + test_commands, diff --git a/package/network/services/samba36/patches/200-remove_printer_support.patch b/package/network/services/samba36/patches/200-remove_printer_support.patch new file mode 100644 index 0000000..de567a7 --- /dev/null +++ b/package/network/services/samba36/patches/200-remove_printer_support.patch @@ -0,0 +1,346 @@ +--- a/source3/rpc_server/rpc_ep_setup.c ++++ b/source3/rpc_server/rpc_ep_setup.c +@@ -1110,6 +1110,10 @@ bool dcesrv_ep_setup(struct tevent_conte + "rpc_server", + "spoolss", + "embedded"); ++#ifndef PRINTER_SUPPORT ++ if (1) { ++ } else ++#endif + if (StrCaseCmp(rpcsrv_type, "embedded") == 0) { + spoolss_cb.init = spoolss_init_cb; + spoolss_cb.shutdown = spoolss_shutdown_cb; +--- a/source3/rpcclient/rpcclient.c ++++ b/source3/rpcclient/rpcclient.c +@@ -624,7 +624,9 @@ static struct cmd_set *rpcclient_command + lsarpc_commands, + ds_commands, + samr_commands, ++#ifdef PRINTER_SUPPORT + spoolss_commands, ++#endif + netlogon_commands, + srvsvc_commands, + dfs_commands, +--- a/source3/printing/spoolssd.c ++++ b/source3/printing/spoolssd.c +@@ -165,6 +165,10 @@ void start_spoolssd(struct tevent_contex + NTSTATUS status; + int ret; + ++#ifndef PRINTER_SUPPORT ++ return; ++#endif ++ + DEBUG(1, ("Forking SPOOLSS Daemon\n")); + + pid = sys_fork(); +--- a/source3/utils/net_rpc.c ++++ b/source3/utils/net_rpc.c +@@ -7841,6 +7841,10 @@ int net_rpc_printer(struct net_context * + {NULL, NULL, 0, NULL, NULL} + }; + ++#ifndef PRINTER_SUPPORT ++ return 0; ++#endif ++ + if (argc == 0) { + if (c->display_usage) { + d_printf(_("Usage:\n")); +--- a/source3/smbd/reply.c ++++ b/source3/smbd/reply.c +@@ -5208,7 +5208,11 @@ void reply_printopen(struct smb_request + return; + } + +- if (!CAN_PRINT(conn)) { ++ ++#ifdef PRINTER_SUPPORT ++ if (!CAN_PRINT(conn)) ++#endif ++ { + reply_nterror(req, NT_STATUS_ACCESS_DENIED); + END_PROFILE(SMBsplopen); + return; +@@ -5314,7 +5318,10 @@ void reply_printqueue(struct smb_request + is really quite gross and only worked when there was only + one printer - I think we should now only accept it if they + get it right (tridge) */ +- if (!CAN_PRINT(conn)) { ++#ifdef PRINTER_SUPPORT ++ if (!CAN_PRINT(conn)) ++#endif ++ { + reply_nterror(req, NT_STATUS_ACCESS_DENIED); + END_PROFILE(SMBsplretq); + return; +--- a/source3/smbd/lanman.c ++++ b/source3/smbd/lanman.c +@@ -784,6 +784,10 @@ static bool api_DosPrintQGetInfo(struct + union spoolss_JobInfo *job_info = NULL; + union spoolss_PrinterInfo printer_info; + ++#ifndef PRINTER_SUPPORT ++ return False; ++#endif ++ + if (!str1 || !str2 || !p) { + return False; + } +@@ -999,6 +1003,10 @@ static bool api_DosPrintQEnum(struct smb + union spoolss_DriverInfo *driver_info; + union spoolss_JobInfo **job_info; + ++#ifndef PRINTER_SUPPORT ++ return False; ++#endif ++ + if (!param_format || !output_format1 || !p) { + return False; + } +@@ -3105,6 +3113,10 @@ static bool api_RDosPrintJobDel(struct s + struct spoolss_DevmodeContainer devmode_ctr; + enum spoolss_JobControl command; + ++#ifndef PRINTER_SUPPORT ++ return False; ++#endif ++ + if (!str1 || !str2 || !p) { + return False; + } +@@ -3238,6 +3250,10 @@ static bool api_WPrintQueueCtrl(struct s + struct sec_desc_buf secdesc_ctr; + enum spoolss_PrinterControl command; + ++#ifndef PRINTER_SUPPORT ++ return False; ++#endif ++ + if (!str1 || !str2 || !QueueName) { + return False; + } +@@ -3404,6 +3420,10 @@ static bool api_PrintJobInfo(struct smbd + union spoolss_JobInfo info; + struct spoolss_SetJobInfo1 info1; + ++#ifndef PRINTER_SUPPORT ++ return False; ++#endif ++ + if (!str1 || !str2 || !p) { + return False; + } +@@ -4547,6 +4567,10 @@ static bool api_WPrintJobGetInfo(struct + struct spoolss_DevmodeContainer devmode_ctr; + union spoolss_JobInfo info; + ++#ifndef PRINTER_SUPPORT ++ return False; ++#endif ++ + if (!str1 || !str2 || !p) { + return False; + } +@@ -4685,6 +4709,10 @@ static bool api_WPrintJobEnumerate(struc + uint32_t count = 0; + union spoolss_JobInfo *info; + ++#ifndef PRINTER_SUPPORT ++ return False; ++#endif ++ + if (!str1 || !str2 || !p) { + return False; + } +@@ -4890,6 +4918,10 @@ static bool api_WPrintDestGetInfo(struct + struct spoolss_DevmodeContainer devmode_ctr; + union spoolss_PrinterInfo info; + ++#ifndef PRINTER_SUPPORT ++ return False; ++#endif ++ + if (!str1 || !str2 || !p) { + return False; + } +@@ -5026,6 +5058,10 @@ static bool api_WPrintDestEnum(struct sm + union spoolss_PrinterInfo *info; + uint32_t count; + ++#ifndef PRINTER_SUPPORT ++ return False; ++#endif ++ + if (!str1 || !str2 || !p) { + return False; + } +@@ -5129,6 +5165,10 @@ static bool api_WPrintDriverEnum(struct + int succnt; + struct pack_desc desc; + ++#ifndef PRINTER_SUPPORT ++ return False; ++#endif ++ + if (!str1 || !str2 || !p) { + return False; + } +@@ -5193,6 +5233,10 @@ static bool api_WPrintQProcEnum(struct s + int succnt; + struct pack_desc desc; + ++#ifndef PRINTER_SUPPORT ++ return False; ++#endif ++ + if (!str1 || !str2 || !p) { + return False; + } +@@ -5257,6 +5301,10 @@ static bool api_WPrintPortEnum(struct sm + int succnt; + struct pack_desc desc; + ++#ifndef PRINTER_SUPPORT ++ return False; ++#endif ++ + if (!str1 || !str2 || !p) { + return False; + } +--- a/source3/smbd/server_exit.c ++++ b/source3/smbd/server_exit.c +@@ -141,7 +141,9 @@ static void exit_server_common(enum serv + rpc_eventlog_shutdown(); + rpc_ntsvcs_shutdown(); + rpc_svcctl_shutdown(); ++#ifdef PRINTER_SUPPORT + rpc_spoolss_shutdown(); ++#endif + + rpc_srvsvc_shutdown(); + rpc_winreg_shutdown(); +--- a/source3/smbd/open.c ++++ b/source3/smbd/open.c +@@ -1608,6 +1608,9 @@ static NTSTATUS open_file_ntcreate(conne + * Most of the passed parameters are ignored. + */ + ++#ifndef PRINTER_SUPPORT ++ return NT_STATUS_ACCESS_DENIED; ++#endif + if (pinfo) { + *pinfo = FILE_WAS_CREATED; + } +--- a/source3/smbd/close.c ++++ b/source3/smbd/close.c +@@ -643,6 +643,9 @@ static NTSTATUS close_normal_file(struct + status = ntstatus_keeperror(status, tmp); + + if (fsp->print_file) { ++#ifndef PRINTER_SUPPORT ++ return NT_STATUS_OK; ++#endif + /* FIXME: return spool errors */ + print_spool_end(fsp, close_type); + file_free(req, fsp); +--- a/source3/smbd/fileio.c ++++ b/source3/smbd/fileio.c +@@ -298,6 +298,10 @@ ssize_t write_file(struct smb_request *r + uint32_t t; + int ret; + ++#ifndef PRINTER_SUPPORT ++ return -1; ++#endif ++ + ret = print_spool_write(fsp, data, n, pos, &t); + if (ret) { + errno = ret; +--- a/source3/smbd/smb2_create.c ++++ b/source3/smbd/smb2_create.c +@@ -486,7 +486,10 @@ static struct tevent_req *smbd_smb2_crea + info = FILE_WAS_OPENED; + } else if (CAN_PRINT(smb1req->conn)) { + status = file_new(smb1req, smb1req->conn, &result); +- if(!NT_STATUS_IS_OK(status)) { ++#ifdef PRINTER_SUPPORT ++ if(!NT_STATUS_IS_OK(status)) ++#endif ++ { + tevent_req_nterror(req, status); + return tevent_req_post(req, ev); + } +--- a/source3/rpc_server/svcctl/srv_svcctl_nt.c ++++ b/source3/rpc_server/svcctl/srv_svcctl_nt.c +@@ -85,9 +85,11 @@ bool init_service_op_table( void ) + + /* add builtin services */ + ++#ifdef PRINTER_SUPPORT + svcctl_ops[i].name = talloc_strdup( svcctl_ops, "Spooler" ); + svcctl_ops[i].ops = &spoolss_svc_ops; + i++; ++#endif + + svcctl_ops[i].name = talloc_strdup( svcctl_ops, "NETLOGON" ); + svcctl_ops[i].ops = &netlogon_svc_ops; +--- a/source3/librpc/rpc/rpc_common.c ++++ b/source3/librpc/rpc/rpc_common.c +@@ -113,9 +113,11 @@ static bool initialize_interfaces(void) + if (!smb_register_ndr_interface(&ndr_table_winreg)) { + return false; + } ++#ifdef PRINTER_SUPPORT + if (!smb_register_ndr_interface(&ndr_table_spoolss)) { + return false; + } ++#endif + if (!smb_register_ndr_interface(&ndr_table_netdfs)) { + return false; + } +--- a/source3/smbd/process.c ++++ b/source3/smbd/process.c +@@ -2423,8 +2423,10 @@ static bool housekeeping_fn(const struct + + change_to_root_user(); + ++#ifdef PRINTER_SUPPORT + /* update printer queue caches if necessary */ + update_monitored_printq_cache(sconn->msg_ctx); ++#endif + + /* check if we need to reload services */ + check_reload(sconn, time_mono(NULL)); +--- a/source3/smbd/server.c ++++ b/source3/smbd/server.c +@@ -123,7 +123,9 @@ static void smb_pcap_updated(struct mess + { + struct tevent_context *ev_ctx = + talloc_get_type_abort(private_data, struct tevent_context); +- ++#ifndef PRINTER_SUPPORT ++ return; ++#endif + DEBUG(10,("Got message saying pcap was updated. Reloading.\n")); + change_to_root_user(); + reload_printers(ev_ctx, msg); +@@ -1277,6 +1279,7 @@ extern void build_options(bool screen); + * The print backend init also migrates the printing tdb's, + * this requires a winreg pipe. + */ ++#ifdef PRINTER_SUPPORT + if (!print_backend_init(smbd_messaging_context())) + exit(1); + +@@ -1315,7 +1318,7 @@ extern void build_options(bool screen); + smbd_messaging_context()); + } + } +- ++#endif + if (!is_daemon) { + /* inetd mode */ + TALLOC_FREE(frame); diff --git a/package/network/services/samba36/patches/210-remove_ad_support.patch b/package/network/services/samba36/patches/210-remove_ad_support.patch new file mode 100644 index 0000000..6742dc0 --- /dev/null +++ b/package/network/services/samba36/patches/210-remove_ad_support.patch @@ -0,0 +1,88 @@ +--- a/source3/librpc/rpc/rpc_common.c ++++ b/source3/librpc/rpc/rpc_common.c +@@ -95,9 +95,11 @@ static bool initialize_interfaces(void) + if (!smb_register_ndr_interface(&ndr_table_lsarpc)) { + return false; + } ++#ifdef ACTIVE_DIRECTORY + if (!smb_register_ndr_interface(&ndr_table_dssetup)) { + return false; + } ++#endif + if (!smb_register_ndr_interface(&ndr_table_samr)) { + return false; + } +@@ -141,9 +143,11 @@ static bool initialize_interfaces(void) + if (!smb_register_ndr_interface(&ndr_table_epmapper)) { + return false; + } ++#ifdef ACTIVE_DIRECTORY + if (!smb_register_ndr_interface(&ndr_table_drsuapi)) { + return false; + } ++#endif + return true; + } + +--- a/source3/rpc_server/rpc_ep_setup.c ++++ b/source3/rpc_server/rpc_ep_setup.c +@@ -918,6 +918,7 @@ static bool netdfs_init_cb(void *ptr) + return true; + } + ++#ifdef ACTIVE_DIRECTORY + static bool dssetup_init_cb(void *ptr) + { + struct dcesrv_ep_context *ep_ctx = +@@ -966,6 +967,7 @@ static bool dssetup_init_cb(void *ptr) + + return true; + } ++#endif + + static bool wkssvc_init_cb(void *ptr) + { +@@ -1172,12 +1174,14 @@ bool dcesrv_ep_setup(struct tevent_conte + } + #endif + ++#ifdef ACTIVE_DIRECTORY + dssetup_cb.init = dssetup_init_cb; + dssetup_cb.shutdown = NULL; + dssetup_cb.private_data = ep_ctx; + if (!NT_STATUS_IS_OK(rpc_dssetup_init(&dssetup_cb))) { + return false; + } ++#endif + + wkssvc_cb.init = wkssvc_init_cb; + wkssvc_cb.shutdown = NULL; +--- a/source3/smbd/server_exit.c ++++ b/source3/smbd/server_exit.c +@@ -132,7 +132,9 @@ static void exit_server_common(enum serv + + if (am_parent) { + rpc_wkssvc_shutdown(); ++#ifdef ACTIVE_DIRECTORY + rpc_dssetup_shutdown(); ++#endif + #ifdef DEVELOPER + rpc_rpcecho_shutdown(); + #endif +--- a/source3/rpc_client/cli_pipe.c ++++ b/source3/rpc_client/cli_pipe.c +@@ -2904,12 +2904,14 @@ NTSTATUS cli_rpc_pipe_open_noauth_transp + status = rpc_pipe_bind(result, auth); + if (!NT_STATUS_IS_OK(status)) { + int lvl = 0; ++#ifdef ACTIVE_DIRECTORY + if (ndr_syntax_id_equal(interface, + &ndr_table_dssetup.syntax_id)) { + /* non AD domains just don't have this pipe, avoid + * level 0 statement in that case - gd */ + lvl = 3; + } ++#endif + DEBUG(lvl, ("cli_rpc_pipe_open_noauth: rpc_pipe_bind for pipe " + "%s failed with error %s\n", + get_pipe_name_from_syntax(talloc_tos(), interface), diff --git a/package/network/services/samba36/patches/220-remove_services.patch b/package/network/services/samba36/patches/220-remove_services.patch new file mode 100644 index 0000000..498232d --- /dev/null +++ b/package/network/services/samba36/patches/220-remove_services.patch @@ -0,0 +1,98 @@ +--- a/source3/librpc/rpc/rpc_common.c ++++ b/source3/librpc/rpc/rpc_common.c +@@ -131,6 +131,7 @@ static bool initialize_interfaces(void) + if (!smb_register_ndr_interface(&ndr_table_initshutdown)) { + return false; + } ++#ifdef EXTRA_SERVICES + if (!smb_register_ndr_interface(&ndr_table_svcctl)) { + return false; + } +@@ -140,6 +141,7 @@ static bool initialize_interfaces(void) + if (!smb_register_ndr_interface(&ndr_table_ntsvcs)) { + return false; + } ++#endif + if (!smb_register_ndr_interface(&ndr_table_epmapper)) { + return false; + } +--- a/source3/rpc_server/rpc_ep_setup.c ++++ b/source3/rpc_server/rpc_ep_setup.c +@@ -697,6 +697,7 @@ static bool spoolss_shutdown_cb(void *pt + return true; + } + ++#ifdef EXTRA_SERVICES + static bool svcctl_init_cb(void *ptr) + { + struct dcesrv_ep_context *ep_ctx = +@@ -733,6 +734,7 @@ static bool svcctl_init_cb(void *ptr) + + return true; + } ++#endif + + static bool svcctl_shutdown_cb(void *ptr) + { +@@ -741,6 +743,8 @@ static bool svcctl_shutdown_cb(void *ptr + return true; + } + ++#ifdef EXTRA_SERVICES ++ + static bool ntsvcs_init_cb(void *ptr) + { + struct dcesrv_ep_context *ep_ctx = +@@ -802,6 +806,7 @@ static bool eventlog_init_cb(void *ptr) + + return true; + } ++#endif + + static bool initshutdown_init_cb(void *ptr) + { +@@ -1130,6 +1135,7 @@ bool dcesrv_ep_setup(struct tevent_conte + } + } + ++#ifdef EXTRA_SERVICES + svcctl_cb.init = svcctl_init_cb; + svcctl_cb.shutdown = svcctl_shutdown_cb; + svcctl_cb.private_data = ep_ctx; +@@ -1150,6 +1156,7 @@ bool dcesrv_ep_setup(struct tevent_conte + if (!NT_STATUS_IS_OK(rpc_eventlog_init(&eventlog_cb))) { + return false; + } ++#endif + + initshutdown_cb.init = initshutdown_init_cb; + initshutdown_cb.shutdown = NULL; +--- a/source3/smbd/server_exit.c ++++ b/source3/smbd/server_exit.c +@@ -140,9 +140,11 @@ static void exit_server_common(enum serv + #endif + rpc_netdfs_shutdown(); + rpc_initshutdown_shutdown(); ++#ifdef EXTRA_SERVICES + rpc_eventlog_shutdown(); +- rpc_ntsvcs_shutdown(); + rpc_svcctl_shutdown(); ++ rpc_ntsvcs_shutdown(); ++#endif + #ifdef PRINTER_SUPPORT + rpc_spoolss_shutdown(); + #endif +--- a/source3/rpcclient/rpcclient.c ++++ b/source3/rpcclient/rpcclient.c +@@ -637,9 +637,11 @@ static struct cmd_set *rpcclient_command + shutdown_commands, + test_commands, + wkssvc_commands, ++#ifdef EXTRA_SERVICES + ntsvcs_commands, + drsuapi_commands, + eventlog_commands, ++#endif + winreg_commands, + NULL + }; diff --git a/package/network/services/samba36/patches/230-remove_winreg_support.patch b/package/network/services/samba36/patches/230-remove_winreg_support.patch new file mode 100644 index 0000000..df2be4f --- /dev/null +++ b/package/network/services/samba36/patches/230-remove_winreg_support.patch @@ -0,0 +1,146 @@ +--- a/source3/rpc_server/rpc_ep_setup.c ++++ b/source3/rpc_server/rpc_ep_setup.c +@@ -409,6 +409,7 @@ static bool epmapper_shutdown_cb(void *p + return true; + } + ++#ifdef WINREG_SUPPORT + static bool winreg_init_cb(void *ptr) + { + struct dcesrv_ep_context *ep_ctx = +@@ -456,6 +457,7 @@ static bool winreg_init_cb(void *ptr) + + return true; + } ++#endif + + static bool srvsvc_init_cb(void *ptr) + { +@@ -710,10 +712,12 @@ static bool svcctl_init_cb(void *ptr) + "epmapper", + "none"); + ++#ifdef WINREG_SUPPORT + ok = svcctl_init_winreg(ep_ctx->msg_ctx); + if (!ok) { + return false; + } ++#endif + + /* initialize the control hooks */ + init_service_op_table(); +@@ -785,10 +789,12 @@ static bool eventlog_init_cb(void *ptr) + "epmapper", + "none"); + ++#ifdef WINREG_SUPPORT + ok = eventlog_init_winreg(ep_ctx->msg_ctx); + if (!ok) { + return false; + } ++#endif + + if (StrCaseCmp(rpcsrv_type, "embedded") == 0 || + StrCaseCmp(rpcsrv_type, "daemon") == 0) { +@@ -1077,12 +1083,14 @@ bool dcesrv_ep_setup(struct tevent_conte + } + } + ++#ifdef WINREG_SUPPORT + winreg_cb.init = winreg_init_cb; + winreg_cb.shutdown = NULL; + winreg_cb.private_data = ep_ctx; + if (!NT_STATUS_IS_OK(rpc_winreg_init(&winreg_cb))) { + return false; + } ++#endif + + srvsvc_cb.init = srvsvc_init_cb; + srvsvc_cb.shutdown = NULL; +--- a/source3/smbd/server_exit.c ++++ b/source3/smbd/server_exit.c +@@ -150,7 +150,9 @@ static void exit_server_common(enum serv + #endif + + rpc_srvsvc_shutdown(); ++#ifdef WINREG_SUPPORT + rpc_winreg_shutdown(); ++#endif + + rpc_netlogon_shutdown(); + rpc_samr_shutdown(); +--- a/source3/librpc/rpc/rpc_common.c ++++ b/source3/librpc/rpc/rpc_common.c +@@ -112,9 +112,11 @@ static bool initialize_interfaces(void) + if (!smb_register_ndr_interface(&ndr_table_wkssvc)) { + return false; + } ++#ifdef WINREG_SUPPORT + if (!smb_register_ndr_interface(&ndr_table_winreg)) { + return false; + } ++#endif + #ifdef PRINTER_SUPPORT + if (!smb_register_ndr_interface(&ndr_table_spoolss)) { + return false; +--- a/source3/rpc_server/svcctl/srv_svcctl_nt.c ++++ b/source3/rpc_server/svcctl/srv_svcctl_nt.c +@@ -95,9 +95,11 @@ bool init_service_op_table( void ) + svcctl_ops[i].ops = &netlogon_svc_ops; + i++; + ++#ifdef WINREG_SUPPORT + svcctl_ops[i].name = talloc_strdup( svcctl_ops, "RemoteRegistry" ); + svcctl_ops[i].ops = &winreg_svc_ops; + i++; ++#endif + + svcctl_ops[i].name = talloc_strdup( svcctl_ops, "WINS" ); + svcctl_ops[i].ops = &wins_svc_ops; +--- a/source3/services/svc_winreg_glue.c ++++ b/source3/services/svc_winreg_glue.c +@@ -88,6 +88,10 @@ struct security_descriptor *svcctl_get_s + NTSTATUS status; + WERROR result = WERR_OK; + ++#ifndef WINREG_SUPPORT ++ return NULL; ++#endif ++ + key = talloc_asprintf(mem_ctx, + "%s\\%s\\Security", + TOP_LEVEL_SERVICES_KEY, name); +@@ -161,6 +165,10 @@ bool svcctl_set_secdesc(struct messaging + NTSTATUS status; + WERROR result = WERR_OK; + ++#ifndef WINREG_SUPPORT ++ return false; ++#endif ++ + tmp_ctx = talloc_stackframe(); + if (tmp_ctx == NULL) { + return false; +@@ -272,6 +280,10 @@ const char *svcctl_get_string_value(TALL + NTSTATUS status; + WERROR result = WERR_OK; + ++#ifndef WINREG_SUPPORT ++ return NULL; ++#endif ++ + tmp_ctx = talloc_stackframe(); + if (tmp_ctx == NULL) { + return NULL; +--- a/source3/rpcclient/rpcclient.c ++++ b/source3/rpcclient/rpcclient.c +@@ -642,7 +642,9 @@ static struct cmd_set *rpcclient_command + drsuapi_commands, + eventlog_commands, + #endif ++#ifdef WINREG_SUPPORT + winreg_commands, ++#endif + NULL + }; + diff --git a/package/network/services/samba36/patches/240-remove_dfs_api.patch b/package/network/services/samba36/patches/240-remove_dfs_api.patch new file mode 100644 index 0000000..f4d432e --- /dev/null +++ b/package/network/services/samba36/patches/240-remove_dfs_api.patch @@ -0,0 +1,71 @@ +--- a/source3/rpc_server/rpc_ep_setup.c ++++ b/source3/rpc_server/rpc_ep_setup.c +@@ -881,6 +881,7 @@ static bool rpcecho_init_cb(void *ptr) { + + #endif + ++#ifdef DFS_SUPPORT + static bool netdfs_init_cb(void *ptr) + { + struct dcesrv_ep_context *ep_ctx = +@@ -928,6 +929,7 @@ static bool netdfs_init_cb(void *ptr) + + return true; + } ++#endif + + #ifdef ACTIVE_DIRECTORY + static bool dssetup_init_cb(void *ptr) +@@ -1173,12 +1175,14 @@ bool dcesrv_ep_setup(struct tevent_conte + return false; + } + ++#ifdef DFS_SUPPORT + netdfs_cb.init = netdfs_init_cb; + netdfs_cb.shutdown = NULL; + netdfs_cb.private_data = ep_ctx; + if (!NT_STATUS_IS_OK(rpc_netdfs_init(&netdfs_cb))) { + return false; + } ++#endif + + #ifdef DEVELOPER + rpcecho_cb.init = rpcecho_init_cb; +--- a/source3/librpc/rpc/rpc_common.c ++++ b/source3/librpc/rpc/rpc_common.c +@@ -122,9 +122,11 @@ static bool initialize_interfaces(void) + return false; + } + #endif ++#ifdef DFS_SUPPORT + if (!smb_register_ndr_interface(&ndr_table_netdfs)) { + return false; + } ++#endif + #ifdef DEVELOPER + if (!smb_register_ndr_interface(&ndr_table_rpcecho)) { + return false; +--- a/source3/smbd/server_exit.c ++++ b/source3/smbd/server_exit.c +@@ -138,7 +138,9 @@ static void exit_server_common(enum serv + #ifdef DEVELOPER + rpc_rpcecho_shutdown(); + #endif ++#ifdef DFS_SUPPORT + rpc_netdfs_shutdown(); ++#endif + rpc_initshutdown_shutdown(); + #ifdef EXTRA_SERVICES + rpc_eventlog_shutdown(); +--- a/source3/rpcclient/rpcclient.c ++++ b/source3/rpcclient/rpcclient.c +@@ -629,7 +629,9 @@ static struct cmd_set *rpcclient_command + #endif + netlogon_commands, + srvsvc_commands, ++#ifdef DFS_SUPPORT + dfs_commands, ++#endif + #ifdef DEVELOPER + echo_commands, + #endif diff --git a/package/network/services/samba36/patches/250-remove_domain_logon.patch b/package/network/services/samba36/patches/250-remove_domain_logon.patch new file mode 100644 index 0000000..f7582ef --- /dev/null +++ b/package/network/services/samba36/patches/250-remove_domain_logon.patch @@ -0,0 +1,185 @@ +--- a/source3/rpc_server/rpc_ep_setup.c ++++ b/source3/rpc_server/rpc_ep_setup.c +@@ -606,6 +606,7 @@ static bool samr_init_cb(void *ptr) + return true; + } + ++#ifdef NETLOGON_SUPPORT + static bool netlogon_init_cb(void *ptr) + { + struct dcesrv_ep_context *ep_ctx = +@@ -654,6 +655,7 @@ static bool netlogon_init_cb(void *ptr) + + return true; + } ++#endif + + static bool spoolss_init_cb(void *ptr) + { +@@ -1116,12 +1118,15 @@ bool dcesrv_ep_setup(struct tevent_conte + return false; + } + ++#ifdef NETLOGON_SUPPORT + netlogon_cb.init = netlogon_init_cb; + netlogon_cb.shutdown = NULL; + netlogon_cb.private_data = ep_ctx; + if (!NT_STATUS_IS_OK(rpc_netlogon_init(&netlogon_cb))) { + return false; + } ++#endif ++ + + rpcsrv_type = lp_parm_const_string(GLOBAL_SECTION_SNUM, + "rpc_server", +--- a/source3/librpc/rpc/rpc_common.c ++++ b/source3/librpc/rpc/rpc_common.c +@@ -103,9 +103,11 @@ static bool initialize_interfaces(void) + if (!smb_register_ndr_interface(&ndr_table_samr)) { + return false; + } ++#ifdef NETLOGON_SUPPORT + if (!smb_register_ndr_interface(&ndr_table_netlogon)) { + return false; + } ++#endif + if (!smb_register_ndr_interface(&ndr_table_srvsvc)) { + return false; + } +--- a/source3/smbd/server_exit.c ++++ b/source3/smbd/server_exit.c +@@ -156,7 +156,9 @@ static void exit_server_common(enum serv + rpc_winreg_shutdown(); + #endif + ++#ifdef NETLOGON_SUPPORT + rpc_netlogon_shutdown(); ++#endif + rpc_samr_shutdown(); + rpc_lsarpc_shutdown(); + } +--- a/source3/rpc_server/svcctl/srv_svcctl_nt.c ++++ b/source3/rpc_server/svcctl/srv_svcctl_nt.c +@@ -91,9 +91,11 @@ bool init_service_op_table( void ) + i++; + #endif + ++#ifdef NETLOGON_SUPPORT + svcctl_ops[i].name = talloc_strdup( svcctl_ops, "NETLOGON" ); + svcctl_ops[i].ops = &netlogon_svc_ops; + i++; ++#endif + + #ifdef WINREG_SUPPORT + svcctl_ops[i].name = talloc_strdup( svcctl_ops, "RemoteRegistry" ); +--- a/source3/nmbd/nmbd_processlogon.c ++++ b/source3/nmbd/nmbd_processlogon.c +@@ -320,6 +320,10 @@ void process_logon_packet(struct packet_ + NTSTATUS status; + const char *pdc_name; + ++#ifndef NETLOGON_SUPPORT ++ return; ++#endif ++ + in_addr_to_sockaddr_storage(&ss, p->ip); + pss = iface_ip((struct sockaddr *)&ss); + if (!pss) { +--- a/source3/rpcclient/rpcclient.c ++++ b/source3/rpcclient/rpcclient.c +@@ -627,7 +627,9 @@ static struct cmd_set *rpcclient_command + #ifdef PRINTER_SUPPORT + spoolss_commands, + #endif ++#ifdef NETLOGON_SUPPORT + netlogon_commands, ++#endif + srvsvc_commands, + #ifdef DFS_SUPPORT + dfs_commands, +--- a/source3/rpc_server/wkssvc/srv_wkssvc_nt.c ++++ b/source3/rpc_server/wkssvc/srv_wkssvc_nt.c +@@ -824,6 +824,10 @@ WERROR _wkssvc_NetrJoinDomain2(struct pi + WERROR werr; + struct security_token *token = p->session_info->security_token; + ++#ifndef NETLOGON_SUPPORT ++ return WERR_NOT_SUPPORTED; ++#endif ++ + if (!r->in.domain_name) { + return WERR_INVALID_PARAM; + } +@@ -901,6 +905,10 @@ WERROR _wkssvc_NetrUnjoinDomain2(struct + WERROR werr; + struct security_token *token = p->session_info->security_token; + ++#ifndef NETLOGON_SUPPORT ++ return WERR_NOT_SUPPORTED; ++#endif ++ + if (!r->in.account || !r->in.encrypted_password) { + return WERR_INVALID_PARAM; + } +--- a/source3/libsmb/trusts_util.c ++++ b/source3/libsmb/trusts_util.c +@@ -46,9 +46,11 @@ NTSTATUS trust_pw_change_and_store_it(st + NTSTATUS nt_status; + + switch (sec_channel_type) { ++#ifdef NETLOGON_SUPPORT + case SEC_CHAN_WKSTA: + case SEC_CHAN_DOMAIN: + break; ++#endif + default: + return NT_STATUS_NOT_SUPPORTED; + } +@@ -159,6 +161,11 @@ bool enumerate_domain_trusts( TALLOC_CTX + *num_domains = 0; + *sids = NULL; + ++#ifndef NETLOGON_SUPPORT ++ return False; ++#endif ++ ++ + /* lookup a DC first */ + + if ( !get_dc_name(domain, NULL, dc_name, &dc_ss) ) { +@@ -243,6 +250,10 @@ NTSTATUS change_trust_account_password( + struct cli_state *cli = NULL; + struct rpc_pipe_client *netlogon_pipe = NULL; + ++#ifndef NETLOGON_SUPPORT ++ return NT_STATUS_UNSUCCESSFUL; ++#endif ++ + DEBUG(5,("change_trust_account_password: Attempting to change trust account password in domain %s....\n", + domain)); + +--- a/source3/auth/auth_domain.c ++++ b/source3/auth/auth_domain.c +@@ -538,7 +538,9 @@ static NTSTATUS auth_init_trustdomain(st + + NTSTATUS auth_domain_init(void) + { ++#ifdef NETLOGON_SUPPORT + smb_register_auth(AUTH_INTERFACE_VERSION, "trustdomain", auth_init_trustdomain); + smb_register_auth(AUTH_INTERFACE_VERSION, "ntdomain", auth_init_ntdomain); ++#endif + return NT_STATUS_OK; + } +--- a/source3/smbd/process.c ++++ b/source3/smbd/process.c +@@ -2431,8 +2431,10 @@ static bool housekeeping_fn(const struct + /* check if we need to reload services */ + check_reload(sconn, time_mono(NULL)); + ++#ifdef NETLOGON_SUPPORT + /* Change machine password if neccessary. */ + attempt_machine_password_change(); ++#endif + + /* + * Force a log file check. diff --git a/package/network/services/samba36/patches/260-remove_samr.patch b/package/network/services/samba36/patches/260-remove_samr.patch new file mode 100644 index 0000000..7e55573 --- /dev/null +++ b/package/network/services/samba36/patches/260-remove_samr.patch @@ -0,0 +1,144 @@ +--- a/source3/rpc_server/rpc_handles.c ++++ b/source3/rpc_server/rpc_handles.c +@@ -59,8 +59,11 @@ struct handle_list { + + static bool is_samr_lsa_pipe(const struct ndr_syntax_id *syntax) + { +- return (ndr_syntax_id_equal(syntax, &ndr_table_samr.syntax_id) +- || ndr_syntax_id_equal(syntax, &ndr_table_lsarpc.syntax_id)); ++ return ++#ifdef SAMR_SUPPORT ++ ndr_syntax_id_equal(syntax, &ndr_table_samr.syntax_id) || ++#endif ++ ndr_syntax_id_equal(syntax, &ndr_table_lsarpc.syntax_id); + } + + size_t num_pipe_handles(struct pipes_struct *p) +--- a/source3/librpc/rpc/rpc_common.c ++++ b/source3/librpc/rpc/rpc_common.c +@@ -100,9 +100,11 @@ static bool initialize_interfaces(void) + return false; + } + #endif ++#ifdef SAMR_SUPPORT + if (!smb_register_ndr_interface(&ndr_table_samr)) { + return false; + } ++#endif + #ifdef NETLOGON_SUPPORT + if (!smb_register_ndr_interface(&ndr_table_netlogon)) { + return false; +--- a/source3/rpc_server/rpc_ep_setup.c ++++ b/source3/rpc_server/rpc_ep_setup.c +@@ -557,6 +557,7 @@ static bool lsarpc_init_cb(void *ptr) + return true; + } + ++#ifdef SAMR_SUPPORT + static bool samr_init_cb(void *ptr) + { + struct dcesrv_ep_context *ep_ctx = +@@ -605,6 +606,7 @@ static bool samr_init_cb(void *ptr) + + return true; + } ++#endif + + #ifdef NETLOGON_SUPPORT + static bool netlogon_init_cb(void *ptr) +@@ -1111,12 +1113,14 @@ bool dcesrv_ep_setup(struct tevent_conte + return false; + } + ++#ifdef SAMR_SUPPORT + samr_cb.init = samr_init_cb; + samr_cb.shutdown = NULL; + samr_cb.private_data = ep_ctx; + if (!NT_STATUS_IS_OK(rpc_samr_init(&samr_cb))) { + return false; + } ++#endif + + #ifdef NETLOGON_SUPPORT + netlogon_cb.init = netlogon_init_cb; +--- a/source3/smbd/server_exit.c ++++ b/source3/smbd/server_exit.c +@@ -159,7 +159,9 @@ static void exit_server_common(enum serv + #ifdef NETLOGON_SUPPORT + rpc_netlogon_shutdown(); + #endif ++#ifdef SAMR_SUPPORT + rpc_samr_shutdown(); ++#endif + rpc_lsarpc_shutdown(); + } + +--- a/source3/rpcclient/rpcclient.c ++++ b/source3/rpcclient/rpcclient.c +@@ -623,7 +623,9 @@ static struct cmd_set *rpcclient_command + rpcclient_commands, + lsarpc_commands, + ds_commands, ++#ifdef SAMR_SUPPORT + samr_commands, ++#endif + #ifdef PRINTER_SUPPORT + spoolss_commands, + #endif +--- a/source3/smbd/lanman.c ++++ b/source3/smbd/lanman.c +@@ -2353,6 +2353,10 @@ static bool api_RNetGroupEnum(struct smb + NTSTATUS status, result; + struct dcerpc_binding_handle *b; + ++#ifndef SAMR_SUPPORT ++ return False; ++#endif ++ + if (!str1 || !str2 || !p) { + return False; + } +@@ -2541,6 +2545,10 @@ static bool api_NetUserGetGroups(struct + NTSTATUS status, result; + struct dcerpc_binding_handle *b; + ++#ifndef SAMR_SUPPORT ++ return False; ++#endif ++ + if (!str1 || !str2 || !UserName || !p) { + return False; + } +@@ -2741,6 +2749,10 @@ static bool api_RNetUserEnum(struct smbd + + struct dcerpc_binding_handle *b; + ++#ifndef SAMR_SUPPORT ++ return False; ++#endif ++ + if (!str1 || !str2 || !p) { + return False; + } +@@ -2979,6 +2991,10 @@ static bool api_SamOEMChangePassword(str + int bufsize; + struct dcerpc_binding_handle *b; + ++#ifndef SAMR_SUPPORT ++ return False; ++#endif ++ + *rparam_len = 4; + *rparam = smb_realloc_limit(*rparam,*rparam_len); + if (!*rparam) { +@@ -4020,6 +4036,10 @@ static bool api_RNetUserGetInfo(struct s + union samr_UserInfo *info; + struct dcerpc_binding_handle *b = NULL; + ++#ifndef SAMR_SUPPORT ++ return False; ++#endif ++ + if (!str1 || !str2 || !UserName || !p) { + return False; + } diff --git a/package/network/services/samba36/patches/270-remove_registry_backend.patch b/package/network/services/samba36/patches/270-remove_registry_backend.patch new file mode 100644 index 0000000..147b1ce --- /dev/null +++ b/package/network/services/samba36/patches/270-remove_registry_backend.patch @@ -0,0 +1,43 @@ +--- a/source3/lib/smbconf/smbconf_init.c ++++ b/source3/lib/smbconf/smbconf_init.c +@@ -68,9 +68,12 @@ sbcErr smbconf_init(TALLOC_CTX *mem_ctx, + } + } + ++#ifdef REGISTRY_BACKEND + if (strequal(backend, "registry") || strequal(backend, "reg")) { + err = smbconf_init_reg(mem_ctx, conf_ctx, path); +- } else if (strequal(backend, "file") || strequal(backend, "txt")) { ++ } else ++#endif ++ if (strequal(backend, "file") || strequal(backend, "txt")) { + err = smbconf_init_txt(mem_ctx, conf_ctx, path); + } else if (sep == NULL) { + /* +--- a/source3/lib/netapi/serverinfo.c ++++ b/source3/lib/netapi/serverinfo.c +@@ -557,7 +557,10 @@ static WERROR NetServerSetInfo_l_1005(st + return WERR_INVALID_PARAM; + } + +- if (!lp_config_backend_is_registry()) { ++#ifdef REGISTRY_BACKEND ++ if (!lp_config_backend_is_registry()) ++#endif ++ { + libnetapi_set_error_string(ctx, + "Configuration manipulation requested but not " + "supported by backend"); +--- a/source3/smbd/server.c ++++ b/source3/smbd/server.c +@@ -1230,8 +1230,10 @@ extern void build_options(bool screen); + exit(1); + } + ++#ifdef REGISTRY_BACKEND + if (!W_ERROR_IS_OK(registry_init_full())) + exit(1); ++#endif + + /* Open the share_info.tdb here, so we don't have to open + after the fork on every single connection. This is a small diff --git a/package/network/services/samba36/patches/280-strip_srvsvc.patch b/package/network/services/samba36/patches/280-strip_srvsvc.patch new file mode 100644 index 0000000..348cfbe --- /dev/null +++ b/package/network/services/samba36/patches/280-strip_srvsvc.patch @@ -0,0 +1,143 @@ +--- a/source3/smbd/lanman.c ++++ b/source3/smbd/lanman.c +@@ -2197,6 +2197,10 @@ static bool api_RNetShareAdd(struct smbd + struct srvsvc_NetShareInfo2 info2; + struct dcerpc_binding_handle *b; + ++#ifndef SRVSVC_SUPPORT ++ return False; ++#endif ++ + if (!str1 || !str2 || !p) { + return False; + } +@@ -3589,10 +3593,7 @@ static bool api_RNetServerGetInfo(struct + NTSTATUS status; + WERROR werr; + TALLOC_CTX *mem_ctx = talloc_tos(); +- struct rpc_pipe_client *cli = NULL; +- union srvsvc_NetSrvInfo info; + int errcode; +- struct dcerpc_binding_handle *b; + + if (!str1 || !str2 || !p) { + return False; +@@ -3655,66 +3656,16 @@ static bool api_RNetServerGetInfo(struct + p = *rdata; + p2 = p + struct_len; + +- status = rpc_pipe_open_interface(mem_ctx, &ndr_table_srvsvc.syntax_id, +- conn->session_info, +- &conn->sconn->client_id, +- conn->sconn->msg_ctx, +- &cli); +- if (!NT_STATUS_IS_OK(status)) { +- DEBUG(0,("api_RNetServerGetInfo: could not connect to srvsvc: %s\n", +- nt_errstr(status))); +- errcode = W_ERROR_V(ntstatus_to_werror(status)); +- goto out; +- } +- +- b = cli->binding_handle; +- +- status = dcerpc_srvsvc_NetSrvGetInfo(b, mem_ctx, +- NULL, +- 101, +- &info, +- &werr); +- if (!NT_STATUS_IS_OK(status)) { +- errcode = W_ERROR_V(ntstatus_to_werror(status)); +- goto out; +- } +- if (!W_ERROR_IS_OK(werr)) { +- errcode = W_ERROR_V(werr); +- goto out; +- } +- +- if (info.info101 == NULL) { +- errcode = W_ERROR_V(WERR_INVALID_PARAM); +- goto out; +- } +- + if (uLevel != 20) { +- srvstr_push(NULL, 0, p, info.info101->server_name, 16, ++ srvstr_push(NULL, 0, p, global_myname(), 16, + STR_ASCII|STR_UPPER|STR_TERMINATE); +- } ++ } + p += 16; + if (uLevel > 0) { +- SCVAL(p,0,info.info101->version_major); +- SCVAL(p,1,info.info101->version_minor); +- SIVAL(p,2,info.info101->server_type); +- +- if (mdrcnt == struct_len) { +- SIVAL(p,6,0); +- } else { +- SIVAL(p,6,PTR_DIFF(p2,*rdata)); +- if (mdrcnt - struct_len <= 0) { +- return false; +- } +- push_ascii(p2, +- info.info101->comment, +- MIN(mdrcnt - struct_len, +- MAX_SERVER_STRING_LENGTH), +- STR_TERMINATE); +- p2 = skip_string(*rdata,*rdata_len,p2); +- if (!p2) { +- return False; +- } +- } ++ SCVAL(p,0,lp_major_announce_version()); ++ SCVAL(p,1,lp_minor_announce_version()); ++ SIVAL(p,2,lp_default_server_announce()); ++ SIVAL(p,6,0); + } + + if (uLevel > 1) { +@@ -5405,6 +5356,10 @@ static bool api_RNetSessionEnum(struct s + uint32_t totalentries, resume_handle = 0; + uint32_t count = 0; + ++#ifndef SRVSVC_SUPPORT ++ return False; ++#endif ++ + if (!str1 || !str2 || !p) { + return False; + } +--- a/source3/rpc_server/srvsvc/srv_srvsvc_nt.c ++++ b/source3/rpc_server/srvsvc/srv_srvsvc_nt.c +@@ -1533,6 +1533,10 @@ WERROR _srvsvc_NetShareSetInfo(struct pi + TALLOC_CTX *ctx = p->mem_ctx; + union srvsvc_NetShareInfo *info = r->in.info; + ++#ifndef FULL_SRVSVC ++ return WERR_ACCESS_DENIED; ++#endif ++ + DEBUG(5,("_srvsvc_NetShareSetInfo: %d\n", __LINE__)); + + if (!r->in.share_name) { +@@ -1763,6 +1767,10 @@ WERROR _srvsvc_NetShareAdd(struct pipes_ + int max_connections = 0; + TALLOC_CTX *ctx = p->mem_ctx; + ++#ifndef FULL_SRVSVC ++ return WERR_ACCESS_DENIED; ++#endif ++ + DEBUG(5,("_srvsvc_NetShareAdd: %d\n", __LINE__)); + + if (r->out.parm_error) { +@@ -1945,6 +1953,10 @@ WERROR _srvsvc_NetShareDel(struct pipes_ + struct share_params *params; + TALLOC_CTX *ctx = p->mem_ctx; + ++#ifndef FULL_SRVSVC ++ return WERR_ACCESS_DENIED; ++#endif ++ + DEBUG(5,("_srvsvc_NetShareDel: %d\n", __LINE__)); + + if (!r->in.share_name) { diff --git a/package/network/services/samba36/patches/290-remove_lsa.patch b/package/network/services/samba36/patches/290-remove_lsa.patch new file mode 100644 index 0000000..fe37d5d --- /dev/null +++ b/package/network/services/samba36/patches/290-remove_lsa.patch @@ -0,0 +1,73 @@ +--- a/source3/librpc/rpc/rpc_common.c ++++ b/source3/librpc/rpc/rpc_common.c +@@ -92,9 +92,11 @@ bool smb_register_ndr_interface(const st + + static bool initialize_interfaces(void) + { ++#ifdef LSA_SUPPORT + if (!smb_register_ndr_interface(&ndr_table_lsarpc)) { + return false; + } ++#endif + #ifdef ACTIVE_DIRECTORY + if (!smb_register_ndr_interface(&ndr_table_dssetup)) { + return false; +--- a/source3/smbd/server_exit.c ++++ b/source3/smbd/server_exit.c +@@ -162,7 +162,9 @@ static void exit_server_common(enum serv + #ifdef SAMR_SUPPORT + rpc_samr_shutdown(); + #endif ++#ifdef LSA_SUPPORT + rpc_lsarpc_shutdown(); ++#endif + } + + /* +--- a/source3/rpc_server/rpc_ep_setup.c ++++ b/source3/rpc_server/rpc_ep_setup.c +@@ -508,6 +508,7 @@ static bool srvsvc_init_cb(void *ptr) + return true; + } + ++#ifdef LSA_SUPPORT + static bool lsarpc_init_cb(void *ptr) + { + struct dcesrv_ep_context *ep_ctx = +@@ -556,6 +557,7 @@ static bool lsarpc_init_cb(void *ptr) + + return true; + } ++#endif + + #ifdef SAMR_SUPPORT + static bool samr_init_cb(void *ptr) +@@ -1106,12 +1108,14 @@ bool dcesrv_ep_setup(struct tevent_conte + } + + ++#ifdef LSA_SUPPORT + lsarpc_cb.init = lsarpc_init_cb; + lsarpc_cb.shutdown = NULL; + lsarpc_cb.private_data = ep_ctx; + if (!NT_STATUS_IS_OK(rpc_lsarpc_init(&lsarpc_cb))) { + return false; + } ++#endif + + #ifdef SAMR_SUPPORT + samr_cb.init = samr_init_cb; +--- a/source3/rpc_server/rpc_handles.c ++++ b/source3/rpc_server/rpc_handles.c +@@ -63,7 +63,10 @@ static bool is_samr_lsa_pipe(const struc + #ifdef SAMR_SUPPORT + ndr_syntax_id_equal(syntax, &ndr_table_samr.syntax_id) || + #endif +- ndr_syntax_id_equal(syntax, &ndr_table_lsarpc.syntax_id); ++#ifdef LSA_SUPPORT ++ ndr_syntax_id_equal(syntax, &ndr_table_lsarpc.syntax_id) || ++#endif ++ false; + } + + size_t num_pipe_handles(struct pipes_struct *p) diff --git a/package/network/services/samba36/patches/300-assert_debug_level.patch b/package/network/services/samba36/patches/300-assert_debug_level.patch new file mode 100644 index 0000000..c5b0716 --- /dev/null +++ b/package/network/services/samba36/patches/300-assert_debug_level.patch @@ -0,0 +1,11 @@ +--- a/lib/util/util.h ++++ b/lib/util/util.h +@@ -53,7 +53,7 @@ extern const char *panic_action; + #else + /* redefine the assert macro for non-developer builds */ + #define SMB_ASSERT(b) do { if (!(b)) { \ +- DEBUG(0,("PANIC: assert failed at %s(%d): %s\n", \ ++ DEBUG(3,("PANIC: assert failed at %s(%d): %s\n", \ + __FILE__, __LINE__, #b)); }} while (0) + #endif + diff --git a/package/network/services/samba36/patches/310-remove_error_strings.patch b/package/network/services/samba36/patches/310-remove_error_strings.patch new file mode 100644 index 0000000..8c7ae2d --- /dev/null +++ b/package/network/services/samba36/patches/310-remove_error_strings.patch @@ -0,0 +1,253 @@ +--- a/libcli/util/doserr.c ++++ b/libcli/util/doserr.c +@@ -28,6 +28,7 @@ struct werror_code_struct { + + static const struct werror_code_struct dos_errs[] = + { ++#ifdef VERBOSE_ERROR + { "WERR_OK", WERR_OK }, + { "WERR_BADFILE", WERR_BADFILE }, + { "WERR_ACCESS_DENIED", WERR_ACCESS_DENIED }, +@@ -2668,6 +2669,7 @@ static const struct werror_code_struct d + { "WERR_AMBIGUOUS_SYSTEM_DEVICE", WERR_AMBIGUOUS_SYSTEM_DEVICE }, + { "WERR_SYSTEM_DEVICE_NOT_FOUND", WERR_SYSTEM_DEVICE_NOT_FOUND }, + /* END GENERATED-WIN32-ERROR-CODES */ ++#endif + { NULL, W_ERROR(0) } + }; + +@@ -2684,12 +2686,14 @@ const char *win_errstr(WERROR werror) + static char msg[40]; + int idx = 0; + ++#ifdef VERBOSE_ERROR + while (dos_errs[idx].dos_errstr != NULL) { + if (W_ERROR_V(dos_errs[idx].werror) == + W_ERROR_V(werror)) + return dos_errs[idx].dos_errstr; + idx++; + } ++#endif + + slprintf(msg, sizeof(msg), "DOS code 0x%08x", W_ERROR_V(werror)); + +@@ -2702,6 +2706,7 @@ struct werror_str_struct { + }; + + const struct werror_str_struct dos_err_strs[] = { ++#ifdef VERBOSE_ERROR + { WERR_OK, "Success" }, + { WERR_ACCESS_DENIED, "Access is denied" }, + { WERR_INVALID_PARAM, "Invalid parameter" }, +@@ -5324,6 +5329,7 @@ const struct werror_str_struct dos_err_s + { WERR_AMBIGUOUS_SYSTEM_DEVICE, "The requested system device cannot be identified due to multiple indistinguishable devices potentially matching the identification criteria." }, + { WERR_SYSTEM_DEVICE_NOT_FOUND, "The requested system device cannot be found." }, + /* END GENERATED-WIN32-ERROR-CODES-DESC */ ++#endif + }; + + +@@ -5334,6 +5340,7 @@ const struct werror_str_struct dos_err_s + + const char *get_friendly_werror_msg(WERROR werror) + { ++#ifdef VERBOSE_ERROR + int i = 0; + + for (i = 0; i < ARRAY_SIZE(dos_err_strs); i++) { +@@ -5342,6 +5349,7 @@ const char *get_friendly_werror_msg(WERR + return dos_err_strs[i].friendly_errstr; + } + } ++#endif + + return win_errstr(werror); + } +--- a/librpc/ndr/libndr.h ++++ b/librpc/ndr/libndr.h +@@ -604,4 +604,20 @@ _PUBLIC_ enum ndr_err_code ndr_push_enum + + _PUBLIC_ void ndr_print_bool(struct ndr_print *ndr, const char *name, const bool b); + ++#ifndef VERBOSE_ERROR ++#define ndr_print_bool(...) do {} while (0) ++#define ndr_print_struct(...) do {} while (0) ++#define ndr_print_null(...) do {} while (0) ++#define ndr_print_enum(...) do {} while (0) ++#define ndr_print_bitmap_flag(...) do {} while (0) ++#define ndr_print_ptr(...) do {} while (0) ++#define ndr_print_union(...) do {} while (0) ++#define ndr_print_bad_level(...) do {} while (0) ++#define ndr_print_array_uint8(...) do {} while (0) ++#define ndr_print_string_array(...) do {} while (0) ++#define ndr_print_string_array(...) do {} while (0) ++#define ndr_print_NTSTATUS(...) do {} while (0) ++#define ndr_print_WERROR(...) do {} while (0) ++#endif ++ + #endif /* __LIBNDR_H__ */ +--- a/librpc/ndr/ndr_basic.c ++++ b/librpc/ndr/ndr_basic.c +@@ -31,6 +31,19 @@ + #define NDR_SIVAL(ndr, ofs, v) do { if (NDR_BE(ndr)) { RSIVAL(ndr->data,ofs,v); } else SIVAL(ndr->data,ofs,v); } while (0) + #define NDR_SIVALS(ndr, ofs, v) do { if (NDR_BE(ndr)) { RSIVALS(ndr->data,ofs,v); } else SIVALS(ndr->data,ofs,v); } while (0) + ++#undef ndr_print_bool ++#undef ndr_print_struct ++#undef ndr_print_null ++#undef ndr_print_enum ++#undef ndr_print_bitmap_flag ++#undef ndr_print_ptr ++#undef ndr_print_union ++#undef ndr_print_bad_level ++#undef ndr_print_array_uint8 ++#undef ndr_print_string_array ++#undef ndr_print_string_array ++#undef ndr_print_NTSTATUS ++#undef ndr_print_WERROR + + /* + check for data leaks from the server by looking for non-zero pad bytes +--- a/librpc/ndr/ndr_string.c ++++ b/librpc/ndr/ndr_string.c +@@ -588,6 +588,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_stri + return NDR_ERR_SUCCESS; + } + ++#undef ndr_print_string_array + _PUBLIC_ void ndr_print_string_array(struct ndr_print *ndr, const char *name, const char **a) + { + uint32_t count; +--- a/librpc/rpc/dcerpc_error.c ++++ b/librpc/rpc/dcerpc_error.c +@@ -31,6 +31,7 @@ struct dcerpc_fault_table { + static const struct dcerpc_fault_table dcerpc_faults[] = + { + #define _FAULT_STR(x) { #x , x } ++#ifdef VERBOSE_ERROR + _FAULT_STR(DCERPC_NCA_S_COMM_FAILURE), + _FAULT_STR(DCERPC_NCA_S_OP_RNG_ERROR), + _FAULT_STR(DCERPC_NCA_S_UNKNOWN_IF), +@@ -78,6 +79,7 @@ static const struct dcerpc_fault_table d + _FAULT_STR(DCERPC_NCA_S_FAULT_CODESET_CONV_ERROR), + _FAULT_STR(DCERPC_NCA_S_FAULT_OBJECT_NOT_FOUND), + _FAULT_STR(DCERPC_NCA_S_FAULT_NO_CLIENT_STUB), ++#endif + { NULL, 0 } + #undef _FAULT_STR + }; +@@ -87,12 +89,14 @@ _PUBLIC_ const char *dcerpc_errstr(TALLO + int idx = 0; + WERROR werr = W_ERROR(fault_code); + ++#ifdef VERBOSE_ERROR + while (dcerpc_faults[idx].errstr != NULL) { + if (dcerpc_faults[idx].faultcode == fault_code) { + return dcerpc_faults[idx].errstr; + } + idx++; + } ++#endif + + return win_errstr(werr); + } +--- a/source3/libsmb/nterr.c ++++ b/source3/libsmb/nterr.c +@@ -702,6 +702,7 @@ const char *nt_errstr(NTSTATUS nt_code) + NT_STATUS_DOS_CODE(nt_code)); + } + ++#ifdef VERBOSE_ERROR + while (nt_errs[idx].nt_errstr != NULL) { + if (NT_STATUS_V(nt_errs[idx].nt_errcode) == + NT_STATUS_V(nt_code)) { +@@ -709,6 +710,7 @@ const char *nt_errstr(NTSTATUS nt_code) + } + idx++; + } ++#endif + + result = talloc_asprintf(talloc_tos(), "NT code 0x%08x", + NT_STATUS_V(nt_code)); +@@ -724,12 +726,14 @@ const char *get_friendly_nt_error_msg(NT + { + int idx = 0; + ++#ifdef VERBOSE_ERROR + while (nt_err_desc[idx].nt_errstr != NULL) { + if (NT_STATUS_V(nt_err_desc[idx].nt_errcode) == NT_STATUS_V(nt_code)) { + return nt_err_desc[idx].nt_errstr; + } + idx++; + } ++#endif + + /* fall back to NT_STATUS_XXX string */ + +@@ -745,6 +749,7 @@ const char *get_nt_error_c_code(NTSTATUS + char *result; + int idx = 0; + ++#ifdef VERBOSE_ERROR + while (nt_errs[idx].nt_errstr != NULL) { + if (NT_STATUS_V(nt_errs[idx].nt_errcode) == + NT_STATUS_V(nt_code)) { +@@ -752,6 +757,7 @@ const char *get_nt_error_c_code(NTSTATUS + } + idx++; + } ++#endif + + result = talloc_asprintf(talloc_tos(), "NT_STATUS(0x%08x)", + NT_STATUS_V(nt_code)); +@@ -767,12 +773,14 @@ NTSTATUS nt_status_string_to_code(const + { + int idx = 0; + ++#ifdef VERBOSE_ERROR + while (nt_errs[idx].nt_errstr != NULL) { + if (strcasecmp(nt_errs[idx].nt_errstr, nt_status_str) == 0) { + return nt_errs[idx].nt_errcode; + } + idx++; + } ++#endif + return NT_STATUS_UNSUCCESSFUL; + } + +--- a/lib/tdb/common/tdb_private.h ++++ b/lib/tdb/common/tdb_private.h +@@ -69,7 +69,11 @@ typedef uint32_t tdb_off_t; + /* NB assumes there is a local variable called "tdb" that is the + * current context, also takes doubly-parenthesized print-style + * argument. */ ++#ifdef VERBOSE_DEBUG + #define TDB_LOG(x) tdb->log.log_fn x ++#else ++#define TDB_LOG(x) do {} while(0) ++#endif + + #ifdef TDB_TRACE + void tdb_trace(struct tdb_context *tdb, const char *op); +--- a/source3/script/mkbuildoptions.awk ++++ b/source3/script/mkbuildoptions.awk +@@ -55,7 +55,7 @@ BEGIN { + print "****************************************************************************/"; + print "void build_options(bool screen)"; + print "{"; +- print " if ((DEBUGLEVEL < 4) && (!screen)) {"; ++ print " if ((DEBUGLEVEL < 4) || (!screen)) {"; + print " return;"; + print " }"; + print ""; +--- a/source3/script/mkbuildoptions-waf.awk ++++ b/source3/script/mkbuildoptions-waf.awk +@@ -55,7 +55,7 @@ BEGIN { + print "****************************************************************************/"; + print "void build_options(bool screen)"; + print "{"; +- print " if ((DEBUGLEVEL < 4) && (!screen)) {"; ++ print " if ((DEBUGLEVEL < 4) || (!screen)) {"; + print " return;"; + print " }"; + print ""; diff --git a/package/network/services/samba36/patches/320-debug_level_checks.patch b/package/network/services/samba36/patches/320-debug_level_checks.patch new file mode 100644 index 0000000..c6f2e6e --- /dev/null +++ b/package/network/services/samba36/patches/320-debug_level_checks.patch @@ -0,0 +1,22 @@ +--- a/lib/util/debug.h ++++ b/lib/util/debug.h +@@ -45,7 +45,7 @@ bool dbghdr( int level, const char *loca + * Redefine DEBUGLEVEL because so we don't have to change every source file + * that *unnecessarily* references it. + */ +-#define DEBUGLEVEL DEBUGLEVEL_CLASS[DBGC_ALL] ++#define DEBUGLEVEL 0 + + /* + * Define all new debug classes here. A class is represented by an entry in +--- a/source3/nmbd/asyncdns.c ++++ b/source3/nmbd/asyncdns.c +@@ -85,7 +85,7 @@ static void asyncdns_process(void) + struct query_record r; + unstring qname; + +- DEBUGLEVEL = -1; ++ DEBUGLEVEL_CLASS[DBGC_ALL] = -1; + + while (1) { + NTSTATUS status; diff --git a/package/network/services/samba36/patches/330-librpc_default_print.patch b/package/network/services/samba36/patches/330-librpc_default_print.patch new file mode 100644 index 0000000..f9c2e0e --- /dev/null +++ b/package/network/services/samba36/patches/330-librpc_default_print.patch @@ -0,0 +1,8854 @@ +--- a/source3/librpc/ndr/util.c ++++ b/source3/librpc/ndr/util.c +@@ -28,3 +28,7 @@ _PUBLIC_ void ndr_print_sockaddr_storage + char addr[INET6_ADDRSTRLEN]; + ndr->print(ndr, "%-25s: %s", name, print_sockaddr(addr, sizeof(addr), ss)); + } ++ ++_PUBLIC_ void ndr_print_disabled(struct ndr_print *ndr, const char *name, int flags, void *r) ++{ ++} +--- a/source3/librpc/gen_ndr/ndr_atsvc.c ++++ b/source3/librpc/gen_ndr/ndr_atsvc.c +@@ -867,7 +867,7 @@ static const struct ndr_interface_call a + sizeof(struct atsvc_JobAdd), + (ndr_push_flags_fn_t) ndr_push_atsvc_JobAdd, + (ndr_pull_flags_fn_t) ndr_pull_atsvc_JobAdd, +- (ndr_print_function_t) ndr_print_atsvc_JobAdd, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -876,7 +876,7 @@ static const struct ndr_interface_call a + sizeof(struct atsvc_JobDel), + (ndr_push_flags_fn_t) ndr_push_atsvc_JobDel, + (ndr_pull_flags_fn_t) ndr_pull_atsvc_JobDel, +- (ndr_print_function_t) ndr_print_atsvc_JobDel, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -885,7 +885,7 @@ static const struct ndr_interface_call a + sizeof(struct atsvc_JobEnum), + (ndr_push_flags_fn_t) ndr_push_atsvc_JobEnum, + (ndr_pull_flags_fn_t) ndr_pull_atsvc_JobEnum, +- (ndr_print_function_t) ndr_print_atsvc_JobEnum, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -894,7 +894,7 @@ static const struct ndr_interface_call a + sizeof(struct atsvc_JobGetInfo), + (ndr_push_flags_fn_t) ndr_push_atsvc_JobGetInfo, + (ndr_pull_flags_fn_t) ndr_pull_atsvc_JobGetInfo, +- (ndr_print_function_t) ndr_print_atsvc_JobGetInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_audiosrv.c ++++ b/source3/librpc/gen_ndr/ndr_audiosrv.c +@@ -594,7 +594,7 @@ static const struct ndr_interface_call a + sizeof(struct audiosrv_CreatezoneFactoriesList), + (ndr_push_flags_fn_t) ndr_push_audiosrv_CreatezoneFactoriesList, + (ndr_pull_flags_fn_t) ndr_pull_audiosrv_CreatezoneFactoriesList, +- (ndr_print_function_t) ndr_print_audiosrv_CreatezoneFactoriesList, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -603,7 +603,7 @@ static const struct ndr_interface_call a + sizeof(struct audiosrv_CreateGfxFactoriesList), + (ndr_push_flags_fn_t) ndr_push_audiosrv_CreateGfxFactoriesList, + (ndr_pull_flags_fn_t) ndr_pull_audiosrv_CreateGfxFactoriesList, +- (ndr_print_function_t) ndr_print_audiosrv_CreateGfxFactoriesList, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -612,7 +612,7 @@ static const struct ndr_interface_call a + sizeof(struct audiosrv_CreateGfxList), + (ndr_push_flags_fn_t) ndr_push_audiosrv_CreateGfxList, + (ndr_pull_flags_fn_t) ndr_pull_audiosrv_CreateGfxList, +- (ndr_print_function_t) ndr_print_audiosrv_CreateGfxList, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -621,7 +621,7 @@ static const struct ndr_interface_call a + sizeof(struct audiosrv_RemoveGfx), + (ndr_push_flags_fn_t) ndr_push_audiosrv_RemoveGfx, + (ndr_pull_flags_fn_t) ndr_pull_audiosrv_RemoveGfx, +- (ndr_print_function_t) ndr_print_audiosrv_RemoveGfx, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -630,7 +630,7 @@ static const struct ndr_interface_call a + sizeof(struct audiosrv_AddGfx), + (ndr_push_flags_fn_t) ndr_push_audiosrv_AddGfx, + (ndr_pull_flags_fn_t) ndr_pull_audiosrv_AddGfx, +- (ndr_print_function_t) ndr_print_audiosrv_AddGfx, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -639,7 +639,7 @@ static const struct ndr_interface_call a + sizeof(struct audiosrv_ModifyGfx), + (ndr_push_flags_fn_t) ndr_push_audiosrv_ModifyGfx, + (ndr_pull_flags_fn_t) ndr_pull_audiosrv_ModifyGfx, +- (ndr_print_function_t) ndr_print_audiosrv_ModifyGfx, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -648,7 +648,7 @@ static const struct ndr_interface_call a + sizeof(struct audiosrv_OpenGfx), + (ndr_push_flags_fn_t) ndr_push_audiosrv_OpenGfx, + (ndr_pull_flags_fn_t) ndr_pull_audiosrv_OpenGfx, +- (ndr_print_function_t) ndr_print_audiosrv_OpenGfx, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -657,7 +657,7 @@ static const struct ndr_interface_call a + sizeof(struct audiosrv_Logon), + (ndr_push_flags_fn_t) ndr_push_audiosrv_Logon, + (ndr_pull_flags_fn_t) ndr_pull_audiosrv_Logon, +- (ndr_print_function_t) ndr_print_audiosrv_Logon, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -666,7 +666,7 @@ static const struct ndr_interface_call a + sizeof(struct audiosrv_Logoff), + (ndr_push_flags_fn_t) ndr_push_audiosrv_Logoff, + (ndr_pull_flags_fn_t) ndr_pull_audiosrv_Logoff, +- (ndr_print_function_t) ndr_print_audiosrv_Logoff, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -675,7 +675,7 @@ static const struct ndr_interface_call a + sizeof(struct audiosrv_RegisterSessionNotificationEvent), + (ndr_push_flags_fn_t) ndr_push_audiosrv_RegisterSessionNotificationEvent, + (ndr_pull_flags_fn_t) ndr_pull_audiosrv_RegisterSessionNotificationEvent, +- (ndr_print_function_t) ndr_print_audiosrv_RegisterSessionNotificationEvent, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -684,7 +684,7 @@ static const struct ndr_interface_call a + sizeof(struct audiosrv_UnregisterSessionNotificationEvent), + (ndr_push_flags_fn_t) ndr_push_audiosrv_UnregisterSessionNotificationEvent, + (ndr_pull_flags_fn_t) ndr_pull_audiosrv_UnregisterSessionNotificationEvent, +- (ndr_print_function_t) ndr_print_audiosrv_UnregisterSessionNotificationEvent, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -693,7 +693,7 @@ static const struct ndr_interface_call a + sizeof(struct audiosrv_SessionConnectState), + (ndr_push_flags_fn_t) ndr_push_audiosrv_SessionConnectState, + (ndr_pull_flags_fn_t) ndr_pull_audiosrv_SessionConnectState, +- (ndr_print_function_t) ndr_print_audiosrv_SessionConnectState, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -702,7 +702,7 @@ static const struct ndr_interface_call a + sizeof(struct audiosrv_DriverOpenDrvRegKey), + (ndr_push_flags_fn_t) ndr_push_audiosrv_DriverOpenDrvRegKey, + (ndr_pull_flags_fn_t) ndr_pull_audiosrv_DriverOpenDrvRegKey, +- (ndr_print_function_t) ndr_print_audiosrv_DriverOpenDrvRegKey, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -711,7 +711,7 @@ static const struct ndr_interface_call a + sizeof(struct audiosrv_AdvisePreferredDeviceChange), + (ndr_push_flags_fn_t) ndr_push_audiosrv_AdvisePreferredDeviceChange, + (ndr_pull_flags_fn_t) ndr_pull_audiosrv_AdvisePreferredDeviceChange, +- (ndr_print_function_t) ndr_print_audiosrv_AdvisePreferredDeviceChange, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -720,7 +720,7 @@ static const struct ndr_interface_call a + sizeof(struct audiosrv_GetPnpInfo), + (ndr_push_flags_fn_t) ndr_push_audiosrv_GetPnpInfo, + (ndr_pull_flags_fn_t) ndr_pull_audiosrv_GetPnpInfo, +- (ndr_print_function_t) ndr_print_audiosrv_GetPnpInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_backupkey.c ++++ b/source3/librpc/gen_ndr/ndr_backupkey.c +@@ -740,7 +740,7 @@ static const struct ndr_interface_call b + sizeof(struct bkrp_BackupKey), + (ndr_push_flags_fn_t) ndr_push_bkrp_BackupKey, + (ndr_pull_flags_fn_t) ndr_pull_bkrp_BackupKey, +- (ndr_print_function_t) ndr_print_bkrp_BackupKey, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_browser.c ++++ b/source3/librpc/gen_ndr/ndr_browser.c +@@ -928,7 +928,7 @@ static const struct ndr_interface_call b + sizeof(struct BrowserrServerEnum), + (ndr_push_flags_fn_t) ndr_push_BrowserrServerEnum, + (ndr_pull_flags_fn_t) ndr_pull_BrowserrServerEnum, +- (ndr_print_function_t) ndr_print_BrowserrServerEnum, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -937,7 +937,7 @@ static const struct ndr_interface_call b + sizeof(struct BrowserrDebugCall), + (ndr_push_flags_fn_t) ndr_push_BrowserrDebugCall, + (ndr_pull_flags_fn_t) ndr_pull_BrowserrDebugCall, +- (ndr_print_function_t) ndr_print_BrowserrDebugCall, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -946,7 +946,7 @@ static const struct ndr_interface_call b + sizeof(struct BrowserrQueryOtherDomains), + (ndr_push_flags_fn_t) ndr_push_BrowserrQueryOtherDomains, + (ndr_pull_flags_fn_t) ndr_pull_BrowserrQueryOtherDomains, +- (ndr_print_function_t) ndr_print_BrowserrQueryOtherDomains, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -955,7 +955,7 @@ static const struct ndr_interface_call b + sizeof(struct BrowserrResetNetlogonState), + (ndr_push_flags_fn_t) ndr_push_BrowserrResetNetlogonState, + (ndr_pull_flags_fn_t) ndr_pull_BrowserrResetNetlogonState, +- (ndr_print_function_t) ndr_print_BrowserrResetNetlogonState, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -964,7 +964,7 @@ static const struct ndr_interface_call b + sizeof(struct BrowserrDebugTrace), + (ndr_push_flags_fn_t) ndr_push_BrowserrDebugTrace, + (ndr_pull_flags_fn_t) ndr_pull_BrowserrDebugTrace, +- (ndr_print_function_t) ndr_print_BrowserrDebugTrace, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -973,7 +973,7 @@ static const struct ndr_interface_call b + sizeof(struct BrowserrQueryStatistics), + (ndr_push_flags_fn_t) ndr_push_BrowserrQueryStatistics, + (ndr_pull_flags_fn_t) ndr_pull_BrowserrQueryStatistics, +- (ndr_print_function_t) ndr_print_BrowserrQueryStatistics, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -982,7 +982,7 @@ static const struct ndr_interface_call b + sizeof(struct BrowserResetStatistics), + (ndr_push_flags_fn_t) ndr_push_BrowserResetStatistics, + (ndr_pull_flags_fn_t) ndr_pull_BrowserResetStatistics, +- (ndr_print_function_t) ndr_print_BrowserResetStatistics, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -991,7 +991,7 @@ static const struct ndr_interface_call b + sizeof(struct NetrBrowserStatisticsClear), + (ndr_push_flags_fn_t) ndr_push_NetrBrowserStatisticsClear, + (ndr_pull_flags_fn_t) ndr_pull_NetrBrowserStatisticsClear, +- (ndr_print_function_t) ndr_print_NetrBrowserStatisticsClear, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1000,7 +1000,7 @@ static const struct ndr_interface_call b + sizeof(struct NetrBrowserStatisticsGet), + (ndr_push_flags_fn_t) ndr_push_NetrBrowserStatisticsGet, + (ndr_pull_flags_fn_t) ndr_pull_NetrBrowserStatisticsGet, +- (ndr_print_function_t) ndr_print_NetrBrowserStatisticsGet, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1009,7 +1009,7 @@ static const struct ndr_interface_call b + sizeof(struct BrowserrSetNetlogonState), + (ndr_push_flags_fn_t) ndr_push_BrowserrSetNetlogonState, + (ndr_pull_flags_fn_t) ndr_pull_BrowserrSetNetlogonState, +- (ndr_print_function_t) ndr_print_BrowserrSetNetlogonState, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1018,7 +1018,7 @@ static const struct ndr_interface_call b + sizeof(struct BrowserrQueryEmulatedDomains), + (ndr_push_flags_fn_t) ndr_push_BrowserrQueryEmulatedDomains, + (ndr_pull_flags_fn_t) ndr_pull_BrowserrQueryEmulatedDomains, +- (ndr_print_function_t) ndr_print_BrowserrQueryEmulatedDomains, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1027,7 +1027,7 @@ static const struct ndr_interface_call b + sizeof(struct BrowserrServerEnumEx), + (ndr_push_flags_fn_t) ndr_push_BrowserrServerEnumEx, + (ndr_pull_flags_fn_t) ndr_pull_BrowserrServerEnumEx, +- (ndr_print_function_t) ndr_print_BrowserrServerEnumEx, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_dbgidl.c ++++ b/source3/librpc/gen_ndr/ndr_dbgidl.c +@@ -48,7 +48,7 @@ static const struct ndr_interface_call d + sizeof(struct dummy_dbgidl), + (ndr_push_flags_fn_t) ndr_push_dummy_dbgidl, + (ndr_pull_flags_fn_t) ndr_pull_dummy_dbgidl, +- (ndr_print_function_t) ndr_print_dummy_dbgidl, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_dcom.c ++++ b/source3/librpc/gen_ndr/ndr_dcom.c +@@ -128,7 +128,7 @@ static const struct ndr_interface_call d + sizeof(struct UseProtSeq), + (ndr_push_flags_fn_t) ndr_push_UseProtSeq, + (ndr_pull_flags_fn_t) ndr_pull_UseProtSeq, +- (ndr_print_function_t) ndr_print_UseProtSeq, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -137,7 +137,7 @@ static const struct ndr_interface_call d + sizeof(struct GetCustomProtseqInfo), + (ndr_push_flags_fn_t) ndr_push_GetCustomProtseqInfo, + (ndr_pull_flags_fn_t) ndr_pull_GetCustomProtseqInfo, +- (ndr_print_function_t) ndr_print_GetCustomProtseqInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -146,7 +146,7 @@ static const struct ndr_interface_call d + sizeof(struct UpdateResolverBindings), + (ndr_push_flags_fn_t) ndr_push_UpdateResolverBindings, + (ndr_pull_flags_fn_t) ndr_pull_UpdateResolverBindings, +- (ndr_print_function_t) ndr_print_UpdateResolverBindings, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -450,7 +450,7 @@ static const struct ndr_interface_call I + sizeof(struct QueryInterface), + (ndr_push_flags_fn_t) ndr_push_QueryInterface, + (ndr_pull_flags_fn_t) ndr_pull_QueryInterface, +- (ndr_print_function_t) ndr_print_QueryInterface, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -459,7 +459,7 @@ static const struct ndr_interface_call I + sizeof(struct AddRef), + (ndr_push_flags_fn_t) ndr_push_AddRef, + (ndr_pull_flags_fn_t) ndr_pull_AddRef, +- (ndr_print_function_t) ndr_print_AddRef, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -468,7 +468,7 @@ static const struct ndr_interface_call I + sizeof(struct Release), + (ndr_push_flags_fn_t) ndr_push_Release, + (ndr_pull_flags_fn_t) ndr_pull_Release, +- (ndr_print_function_t) ndr_print_Release, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -849,7 +849,7 @@ static const struct ndr_interface_call I + sizeof(struct CreateInstance), + (ndr_push_flags_fn_t) ndr_push_CreateInstance, + (ndr_pull_flags_fn_t) ndr_pull_CreateInstance, +- (ndr_print_function_t) ndr_print_CreateInstance, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -858,7 +858,7 @@ static const struct ndr_interface_call I + sizeof(struct RemoteCreateInstance), + (ndr_push_flags_fn_t) ndr_push_RemoteCreateInstance, + (ndr_pull_flags_fn_t) ndr_pull_RemoteCreateInstance, +- (ndr_print_function_t) ndr_print_RemoteCreateInstance, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -867,7 +867,7 @@ static const struct ndr_interface_call I + sizeof(struct LockServer), + (ndr_push_flags_fn_t) ndr_push_LockServer, + (ndr_pull_flags_fn_t) ndr_pull_LockServer, +- (ndr_print_function_t) ndr_print_LockServer, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -876,7 +876,7 @@ static const struct ndr_interface_call I + sizeof(struct RemoteLockServer), + (ndr_push_flags_fn_t) ndr_push_RemoteLockServer, + (ndr_pull_flags_fn_t) ndr_pull_RemoteLockServer, +- (ndr_print_function_t) ndr_print_RemoteLockServer, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1434,7 +1434,7 @@ static const struct ndr_interface_call I + sizeof(struct RemQueryInterface), + (ndr_push_flags_fn_t) ndr_push_RemQueryInterface, + (ndr_pull_flags_fn_t) ndr_pull_RemQueryInterface, +- (ndr_print_function_t) ndr_print_RemQueryInterface, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1443,7 +1443,7 @@ static const struct ndr_interface_call I + sizeof(struct RemAddRef), + (ndr_push_flags_fn_t) ndr_push_RemAddRef, + (ndr_pull_flags_fn_t) ndr_pull_RemAddRef, +- (ndr_print_function_t) ndr_print_RemAddRef, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1452,7 +1452,7 @@ static const struct ndr_interface_call I + sizeof(struct RemRelease), + (ndr_push_flags_fn_t) ndr_push_RemRelease, + (ndr_pull_flags_fn_t) ndr_pull_RemRelease, +- (ndr_print_function_t) ndr_print_RemRelease, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1590,7 +1590,7 @@ static const struct ndr_interface_call I + sizeof(struct GetClassObject), + (ndr_push_flags_fn_t) ndr_push_GetClassObject, + (ndr_pull_flags_fn_t) ndr_pull_GetClassObject, +- (ndr_print_function_t) ndr_print_GetClassObject, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1701,7 +1701,7 @@ static const struct ndr_interface_call I + sizeof(struct ISCMLocalActivator_CreateInstance), + (ndr_push_flags_fn_t) ndr_push_ISCMLocalActivator_CreateInstance, + (ndr_pull_flags_fn_t) ndr_pull_ISCMLocalActivator_CreateInstance, +- (ndr_print_function_t) ndr_print_ISCMLocalActivator_CreateInstance, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1788,7 +1788,7 @@ static const struct ndr_interface_call I + sizeof(struct IMachineLocalActivator_foo), + (ndr_push_flags_fn_t) ndr_push_IMachineLocalActivator_foo, + (ndr_pull_flags_fn_t) ndr_pull_IMachineLocalActivator_foo, +- (ndr_print_function_t) ndr_print_IMachineLocalActivator_foo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1875,7 +1875,7 @@ static const struct ndr_interface_call I + sizeof(struct ILocalObjectExporter_Foo), + (ndr_push_flags_fn_t) ndr_push_ILocalObjectExporter_Foo, + (ndr_pull_flags_fn_t) ndr_pull_ILocalObjectExporter_Foo, +- (ndr_print_function_t) ndr_print_ILocalObjectExporter_Foo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2031,7 +2031,7 @@ static const struct ndr_interface_call I + sizeof(struct ISystemActivatorRemoteCreateInstance), + (ndr_push_flags_fn_t) ndr_push_ISystemActivatorRemoteCreateInstance, + (ndr_pull_flags_fn_t) ndr_pull_ISystemActivatorRemoteCreateInstance, +- (ndr_print_function_t) ndr_print_ISystemActivatorRemoteCreateInstance, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2319,7 +2319,7 @@ static const struct ndr_interface_call I + sizeof(struct RemQueryInterface2), + (ndr_push_flags_fn_t) ndr_push_RemQueryInterface2, + (ndr_pull_flags_fn_t) ndr_pull_RemQueryInterface2, +- (ndr_print_function_t) ndr_print_RemQueryInterface2, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3040,7 +3040,7 @@ static const struct ndr_interface_call I + sizeof(struct GetTypeInfoCount), + (ndr_push_flags_fn_t) ndr_push_GetTypeInfoCount, + (ndr_pull_flags_fn_t) ndr_pull_GetTypeInfoCount, +- (ndr_print_function_t) ndr_print_GetTypeInfoCount, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3049,7 +3049,7 @@ static const struct ndr_interface_call I + sizeof(struct GetTypeInfo), + (ndr_push_flags_fn_t) ndr_push_GetTypeInfo, + (ndr_pull_flags_fn_t) ndr_pull_GetTypeInfo, +- (ndr_print_function_t) ndr_print_GetTypeInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3058,7 +3058,7 @@ static const struct ndr_interface_call I + sizeof(struct GetIDsOfNames), + (ndr_push_flags_fn_t) ndr_push_GetIDsOfNames, + (ndr_pull_flags_fn_t) ndr_pull_GetIDsOfNames, +- (ndr_print_function_t) ndr_print_GetIDsOfNames, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3067,7 +3067,7 @@ static const struct ndr_interface_call I + sizeof(struct Invoke), + (ndr_push_flags_fn_t) ndr_push_Invoke, + (ndr_pull_flags_fn_t) ndr_pull_Invoke, +- (ndr_print_function_t) ndr_print_Invoke, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3243,7 +3243,7 @@ static const struct ndr_interface_call I + sizeof(struct MarshalInterface), + (ndr_push_flags_fn_t) ndr_push_MarshalInterface, + (ndr_pull_flags_fn_t) ndr_pull_MarshalInterface, +- (ndr_print_function_t) ndr_print_MarshalInterface, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3252,7 +3252,7 @@ static const struct ndr_interface_call I + sizeof(struct UnMarshalInterface), + (ndr_push_flags_fn_t) ndr_push_UnMarshalInterface, + (ndr_pull_flags_fn_t) ndr_pull_UnMarshalInterface, +- (ndr_print_function_t) ndr_print_UnMarshalInterface, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3385,7 +3385,7 @@ static const struct ndr_interface_call I + sizeof(struct MakeCoffee), + (ndr_push_flags_fn_t) ndr_push_MakeCoffee, + (ndr_pull_flags_fn_t) ndr_pull_MakeCoffee, +- (ndr_print_function_t) ndr_print_MakeCoffee, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3681,7 +3681,7 @@ static const struct ndr_interface_call I + sizeof(struct Read), + (ndr_push_flags_fn_t) ndr_push_Read, + (ndr_pull_flags_fn_t) ndr_pull_Read, +- (ndr_print_function_t) ndr_print_Read, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3690,7 +3690,7 @@ static const struct ndr_interface_call I + sizeof(struct Write), + (ndr_push_flags_fn_t) ndr_push_Write, + (ndr_pull_flags_fn_t) ndr_pull_Write, +- (ndr_print_function_t) ndr_print_Write, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_dfs.c ++++ b/source3/librpc/gen_ndr/ndr_dfs.c +@@ -5910,7 +5910,7 @@ static const struct ndr_interface_call n + sizeof(struct dfs_GetManagerVersion), + (ndr_push_flags_fn_t) ndr_push_dfs_GetManagerVersion, + (ndr_pull_flags_fn_t) ndr_pull_dfs_GetManagerVersion, +- (ndr_print_function_t) ndr_print_dfs_GetManagerVersion, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5919,7 +5919,7 @@ static const struct ndr_interface_call n + sizeof(struct dfs_Add), + (ndr_push_flags_fn_t) ndr_push_dfs_Add, + (ndr_pull_flags_fn_t) ndr_pull_dfs_Add, +- (ndr_print_function_t) ndr_print_dfs_Add, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5928,7 +5928,7 @@ static const struct ndr_interface_call n + sizeof(struct dfs_Remove), + (ndr_push_flags_fn_t) ndr_push_dfs_Remove, + (ndr_pull_flags_fn_t) ndr_pull_dfs_Remove, +- (ndr_print_function_t) ndr_print_dfs_Remove, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5937,7 +5937,7 @@ static const struct ndr_interface_call n + sizeof(struct dfs_SetInfo), + (ndr_push_flags_fn_t) ndr_push_dfs_SetInfo, + (ndr_pull_flags_fn_t) ndr_pull_dfs_SetInfo, +- (ndr_print_function_t) ndr_print_dfs_SetInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5946,7 +5946,7 @@ static const struct ndr_interface_call n + sizeof(struct dfs_GetInfo), + (ndr_push_flags_fn_t) ndr_push_dfs_GetInfo, + (ndr_pull_flags_fn_t) ndr_pull_dfs_GetInfo, +- (ndr_print_function_t) ndr_print_dfs_GetInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5955,7 +5955,7 @@ static const struct ndr_interface_call n + sizeof(struct dfs_Enum), + (ndr_push_flags_fn_t) ndr_push_dfs_Enum, + (ndr_pull_flags_fn_t) ndr_pull_dfs_Enum, +- (ndr_print_function_t) ndr_print_dfs_Enum, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5964,7 +5964,7 @@ static const struct ndr_interface_call n + sizeof(struct dfs_Rename), + (ndr_push_flags_fn_t) ndr_push_dfs_Rename, + (ndr_pull_flags_fn_t) ndr_pull_dfs_Rename, +- (ndr_print_function_t) ndr_print_dfs_Rename, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5973,7 +5973,7 @@ static const struct ndr_interface_call n + sizeof(struct dfs_Move), + (ndr_push_flags_fn_t) ndr_push_dfs_Move, + (ndr_pull_flags_fn_t) ndr_pull_dfs_Move, +- (ndr_print_function_t) ndr_print_dfs_Move, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5982,7 +5982,7 @@ static const struct ndr_interface_call n + sizeof(struct dfs_ManagerGetConfigInfo), + (ndr_push_flags_fn_t) ndr_push_dfs_ManagerGetConfigInfo, + (ndr_pull_flags_fn_t) ndr_pull_dfs_ManagerGetConfigInfo, +- (ndr_print_function_t) ndr_print_dfs_ManagerGetConfigInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5991,7 +5991,7 @@ static const struct ndr_interface_call n + sizeof(struct dfs_ManagerSendSiteInfo), + (ndr_push_flags_fn_t) ndr_push_dfs_ManagerSendSiteInfo, + (ndr_pull_flags_fn_t) ndr_pull_dfs_ManagerSendSiteInfo, +- (ndr_print_function_t) ndr_print_dfs_ManagerSendSiteInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -6000,7 +6000,7 @@ static const struct ndr_interface_call n + sizeof(struct dfs_AddFtRoot), + (ndr_push_flags_fn_t) ndr_push_dfs_AddFtRoot, + (ndr_pull_flags_fn_t) ndr_pull_dfs_AddFtRoot, +- (ndr_print_function_t) ndr_print_dfs_AddFtRoot, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -6009,7 +6009,7 @@ static const struct ndr_interface_call n + sizeof(struct dfs_RemoveFtRoot), + (ndr_push_flags_fn_t) ndr_push_dfs_RemoveFtRoot, + (ndr_pull_flags_fn_t) ndr_pull_dfs_RemoveFtRoot, +- (ndr_print_function_t) ndr_print_dfs_RemoveFtRoot, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -6018,7 +6018,7 @@ static const struct ndr_interface_call n + sizeof(struct dfs_AddStdRoot), + (ndr_push_flags_fn_t) ndr_push_dfs_AddStdRoot, + (ndr_pull_flags_fn_t) ndr_pull_dfs_AddStdRoot, +- (ndr_print_function_t) ndr_print_dfs_AddStdRoot, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -6027,7 +6027,7 @@ static const struct ndr_interface_call n + sizeof(struct dfs_RemoveStdRoot), + (ndr_push_flags_fn_t) ndr_push_dfs_RemoveStdRoot, + (ndr_pull_flags_fn_t) ndr_pull_dfs_RemoveStdRoot, +- (ndr_print_function_t) ndr_print_dfs_RemoveStdRoot, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -6036,7 +6036,7 @@ static const struct ndr_interface_call n + sizeof(struct dfs_ManagerInitialize), + (ndr_push_flags_fn_t) ndr_push_dfs_ManagerInitialize, + (ndr_pull_flags_fn_t) ndr_pull_dfs_ManagerInitialize, +- (ndr_print_function_t) ndr_print_dfs_ManagerInitialize, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -6045,7 +6045,7 @@ static const struct ndr_interface_call n + sizeof(struct dfs_AddStdRootForced), + (ndr_push_flags_fn_t) ndr_push_dfs_AddStdRootForced, + (ndr_pull_flags_fn_t) ndr_pull_dfs_AddStdRootForced, +- (ndr_print_function_t) ndr_print_dfs_AddStdRootForced, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -6054,7 +6054,7 @@ static const struct ndr_interface_call n + sizeof(struct dfs_GetDcAddress), + (ndr_push_flags_fn_t) ndr_push_dfs_GetDcAddress, + (ndr_pull_flags_fn_t) ndr_pull_dfs_GetDcAddress, +- (ndr_print_function_t) ndr_print_dfs_GetDcAddress, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -6063,7 +6063,7 @@ static const struct ndr_interface_call n + sizeof(struct dfs_SetDcAddress), + (ndr_push_flags_fn_t) ndr_push_dfs_SetDcAddress, + (ndr_pull_flags_fn_t) ndr_pull_dfs_SetDcAddress, +- (ndr_print_function_t) ndr_print_dfs_SetDcAddress, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -6072,7 +6072,7 @@ static const struct ndr_interface_call n + sizeof(struct dfs_FlushFtTable), + (ndr_push_flags_fn_t) ndr_push_dfs_FlushFtTable, + (ndr_pull_flags_fn_t) ndr_pull_dfs_FlushFtTable, +- (ndr_print_function_t) ndr_print_dfs_FlushFtTable, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -6081,7 +6081,7 @@ static const struct ndr_interface_call n + sizeof(struct dfs_Add2), + (ndr_push_flags_fn_t) ndr_push_dfs_Add2, + (ndr_pull_flags_fn_t) ndr_pull_dfs_Add2, +- (ndr_print_function_t) ndr_print_dfs_Add2, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -6090,7 +6090,7 @@ static const struct ndr_interface_call n + sizeof(struct dfs_Remove2), + (ndr_push_flags_fn_t) ndr_push_dfs_Remove2, + (ndr_pull_flags_fn_t) ndr_pull_dfs_Remove2, +- (ndr_print_function_t) ndr_print_dfs_Remove2, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -6099,7 +6099,7 @@ static const struct ndr_interface_call n + sizeof(struct dfs_EnumEx), + (ndr_push_flags_fn_t) ndr_push_dfs_EnumEx, + (ndr_pull_flags_fn_t) ndr_pull_dfs_EnumEx, +- (ndr_print_function_t) ndr_print_dfs_EnumEx, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -6108,7 +6108,7 @@ static const struct ndr_interface_call n + sizeof(struct dfs_SetInfo2), + (ndr_push_flags_fn_t) ndr_push_dfs_SetInfo2, + (ndr_pull_flags_fn_t) ndr_pull_dfs_SetInfo2, +- (ndr_print_function_t) ndr_print_dfs_SetInfo2, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_dfsblobs.c ++++ b/source3/librpc/gen_ndr/ndr_dfsblobs.c +@@ -1398,7 +1398,7 @@ static const struct ndr_interface_call d + sizeof(struct dfs_GetDFSReferral), + (ndr_push_flags_fn_t) ndr_push_dfs_GetDFSReferral, + (ndr_pull_flags_fn_t) ndr_pull_dfs_GetDFSReferral, +- (ndr_print_function_t) ndr_print_dfs_GetDFSReferral, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_dns.c ++++ b/source3/librpc/gen_ndr/ndr_dns.c +@@ -860,7 +860,7 @@ static const struct ndr_interface_call d + sizeof(struct decode_dns_name_packet), + (ndr_push_flags_fn_t) ndr_push_decode_dns_name_packet, + (ndr_pull_flags_fn_t) ndr_pull_decode_dns_name_packet, +- (ndr_print_function_t) ndr_print_decode_dns_name_packet, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_dnsp.c ++++ b/source3/librpc/gen_ndr/ndr_dnsp.c +@@ -700,7 +700,7 @@ static const struct ndr_interface_call d + sizeof(struct decode_DnssrvRpcRecord), + (ndr_push_flags_fn_t) ndr_push_decode_DnssrvRpcRecord, + (ndr_pull_flags_fn_t) ndr_pull_decode_DnssrvRpcRecord, +- (ndr_print_function_t) ndr_print_decode_DnssrvRpcRecord, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_dnsserver.c ++++ b/source3/librpc/gen_ndr/ndr_dnsserver.c +@@ -48,7 +48,7 @@ static const struct ndr_interface_call d + sizeof(struct dnsserver_foo), + (ndr_push_flags_fn_t) ndr_push_dnsserver_foo, + (ndr_pull_flags_fn_t) ndr_pull_dnsserver_foo, +- (ndr_print_function_t) ndr_print_dnsserver_foo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_drsblobs.c ++++ b/source3/librpc/gen_ndr/ndr_drsblobs.c +@@ -5275,7 +5275,7 @@ static const struct ndr_interface_call d + sizeof(struct decode_replPropertyMetaData), + (ndr_push_flags_fn_t) ndr_push_decode_replPropertyMetaData, + (ndr_pull_flags_fn_t) ndr_pull_decode_replPropertyMetaData, +- (ndr_print_function_t) ndr_print_decode_replPropertyMetaData, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5284,7 +5284,7 @@ static const struct ndr_interface_call d + sizeof(struct decode_replUpToDateVector), + (ndr_push_flags_fn_t) ndr_push_decode_replUpToDateVector, + (ndr_pull_flags_fn_t) ndr_pull_decode_replUpToDateVector, +- (ndr_print_function_t) ndr_print_decode_replUpToDateVector, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5293,7 +5293,7 @@ static const struct ndr_interface_call d + sizeof(struct decode_repsFromTo), + (ndr_push_flags_fn_t) ndr_push_decode_repsFromTo, + (ndr_pull_flags_fn_t) ndr_pull_decode_repsFromTo, +- (ndr_print_function_t) ndr_print_decode_repsFromTo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5302,7 +5302,7 @@ static const struct ndr_interface_call d + sizeof(struct decode_partialAttributeSet), + (ndr_push_flags_fn_t) ndr_push_decode_partialAttributeSet, + (ndr_pull_flags_fn_t) ndr_pull_decode_partialAttributeSet, +- (ndr_print_function_t) ndr_print_decode_partialAttributeSet, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5311,7 +5311,7 @@ static const struct ndr_interface_call d + sizeof(struct decode_prefixMap), + (ndr_push_flags_fn_t) ndr_push_decode_prefixMap, + (ndr_pull_flags_fn_t) ndr_pull_decode_prefixMap, +- (ndr_print_function_t) ndr_print_decode_prefixMap, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5320,7 +5320,7 @@ static const struct ndr_interface_call d + sizeof(struct decode_ldapControlDirSync), + (ndr_push_flags_fn_t) ndr_push_decode_ldapControlDirSync, + (ndr_pull_flags_fn_t) ndr_pull_decode_ldapControlDirSync, +- (ndr_print_function_t) ndr_print_decode_ldapControlDirSync, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5329,7 +5329,7 @@ static const struct ndr_interface_call d + sizeof(struct decode_supplementalCredentials), + (ndr_push_flags_fn_t) ndr_push_decode_supplementalCredentials, + (ndr_pull_flags_fn_t) ndr_pull_decode_supplementalCredentials, +- (ndr_print_function_t) ndr_print_decode_supplementalCredentials, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5338,7 +5338,7 @@ static const struct ndr_interface_call d + sizeof(struct decode_Packages), + (ndr_push_flags_fn_t) ndr_push_decode_Packages, + (ndr_pull_flags_fn_t) ndr_pull_decode_Packages, +- (ndr_print_function_t) ndr_print_decode_Packages, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5347,7 +5347,7 @@ static const struct ndr_interface_call d + sizeof(struct decode_PrimaryKerberos), + (ndr_push_flags_fn_t) ndr_push_decode_PrimaryKerberos, + (ndr_pull_flags_fn_t) ndr_pull_decode_PrimaryKerberos, +- (ndr_print_function_t) ndr_print_decode_PrimaryKerberos, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5356,7 +5356,7 @@ static const struct ndr_interface_call d + sizeof(struct decode_PrimaryCLEARTEXT), + (ndr_push_flags_fn_t) ndr_push_decode_PrimaryCLEARTEXT, + (ndr_pull_flags_fn_t) ndr_pull_decode_PrimaryCLEARTEXT, +- (ndr_print_function_t) ndr_print_decode_PrimaryCLEARTEXT, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5365,7 +5365,7 @@ static const struct ndr_interface_call d + sizeof(struct decode_PrimaryWDigest), + (ndr_push_flags_fn_t) ndr_push_decode_PrimaryWDigest, + (ndr_pull_flags_fn_t) ndr_pull_decode_PrimaryWDigest, +- (ndr_print_function_t) ndr_print_decode_PrimaryWDigest, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5374,7 +5374,7 @@ static const struct ndr_interface_call d + sizeof(struct decode_trustAuthInOut), + (ndr_push_flags_fn_t) ndr_push_decode_trustAuthInOut, + (ndr_pull_flags_fn_t) ndr_pull_decode_trustAuthInOut, +- (ndr_print_function_t) ndr_print_decode_trustAuthInOut, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5383,7 +5383,7 @@ static const struct ndr_interface_call d + sizeof(struct decode_trustDomainPasswords), + (ndr_push_flags_fn_t) ndr_push_decode_trustDomainPasswords, + (ndr_pull_flags_fn_t) ndr_pull_decode_trustDomainPasswords, +- (ndr_print_function_t) ndr_print_decode_trustDomainPasswords, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5392,7 +5392,7 @@ static const struct ndr_interface_call d + sizeof(struct decode_ExtendedErrorInfo), + (ndr_push_flags_fn_t) ndr_push_decode_ExtendedErrorInfo, + (ndr_pull_flags_fn_t) ndr_pull_decode_ExtendedErrorInfo, +- (ndr_print_function_t) ndr_print_decode_ExtendedErrorInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5401,7 +5401,7 @@ static const struct ndr_interface_call d + sizeof(struct decode_ForestTrustInfo), + (ndr_push_flags_fn_t) ndr_push_decode_ForestTrustInfo, + (ndr_pull_flags_fn_t) ndr_pull_decode_ForestTrustInfo, +- (ndr_print_function_t) ndr_print_decode_ForestTrustInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_drsuapi.c ++++ b/source3/librpc/gen_ndr/ndr_drsuapi.c +@@ -16500,7 +16500,7 @@ static const struct ndr_interface_call d + sizeof(struct drsuapi_DsBind), + (ndr_push_flags_fn_t) ndr_push_drsuapi_DsBind, + (ndr_pull_flags_fn_t) ndr_pull_drsuapi_DsBind, +- (ndr_print_function_t) ndr_print_drsuapi_DsBind, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -16509,7 +16509,7 @@ static const struct ndr_interface_call d + sizeof(struct drsuapi_DsUnbind), + (ndr_push_flags_fn_t) ndr_push_drsuapi_DsUnbind, + (ndr_pull_flags_fn_t) ndr_pull_drsuapi_DsUnbind, +- (ndr_print_function_t) ndr_print_drsuapi_DsUnbind, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -16518,7 +16518,7 @@ static const struct ndr_interface_call d + sizeof(struct drsuapi_DsReplicaSync), + (ndr_push_flags_fn_t) ndr_push_drsuapi_DsReplicaSync, + (ndr_pull_flags_fn_t) ndr_pull_drsuapi_DsReplicaSync, +- (ndr_print_function_t) ndr_print_drsuapi_DsReplicaSync, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -16527,7 +16527,7 @@ static const struct ndr_interface_call d + sizeof(struct drsuapi_DsGetNCChanges), + (ndr_push_flags_fn_t) ndr_push_drsuapi_DsGetNCChanges, + (ndr_pull_flags_fn_t) ndr_pull_drsuapi_DsGetNCChanges, +- (ndr_print_function_t) ndr_print_drsuapi_DsGetNCChanges, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -16536,7 +16536,7 @@ static const struct ndr_interface_call d + sizeof(struct drsuapi_DsReplicaUpdateRefs), + (ndr_push_flags_fn_t) ndr_push_drsuapi_DsReplicaUpdateRefs, + (ndr_pull_flags_fn_t) ndr_pull_drsuapi_DsReplicaUpdateRefs, +- (ndr_print_function_t) ndr_print_drsuapi_DsReplicaUpdateRefs, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -16545,7 +16545,7 @@ static const struct ndr_interface_call d + sizeof(struct drsuapi_DsReplicaAdd), + (ndr_push_flags_fn_t) ndr_push_drsuapi_DsReplicaAdd, + (ndr_pull_flags_fn_t) ndr_pull_drsuapi_DsReplicaAdd, +- (ndr_print_function_t) ndr_print_drsuapi_DsReplicaAdd, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -16554,7 +16554,7 @@ static const struct ndr_interface_call d + sizeof(struct drsuapi_DsReplicaDel), + (ndr_push_flags_fn_t) ndr_push_drsuapi_DsReplicaDel, + (ndr_pull_flags_fn_t) ndr_pull_drsuapi_DsReplicaDel, +- (ndr_print_function_t) ndr_print_drsuapi_DsReplicaDel, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -16563,7 +16563,7 @@ static const struct ndr_interface_call d + sizeof(struct drsuapi_DsReplicaMod), + (ndr_push_flags_fn_t) ndr_push_drsuapi_DsReplicaMod, + (ndr_pull_flags_fn_t) ndr_pull_drsuapi_DsReplicaMod, +- (ndr_print_function_t) ndr_print_drsuapi_DsReplicaMod, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -16572,7 +16572,7 @@ static const struct ndr_interface_call d + sizeof(struct DRSUAPI_VERIFY_NAMES), + (ndr_push_flags_fn_t) ndr_push_DRSUAPI_VERIFY_NAMES, + (ndr_pull_flags_fn_t) ndr_pull_DRSUAPI_VERIFY_NAMES, +- (ndr_print_function_t) ndr_print_DRSUAPI_VERIFY_NAMES, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -16581,7 +16581,7 @@ static const struct ndr_interface_call d + sizeof(struct drsuapi_DsGetMemberships), + (ndr_push_flags_fn_t) ndr_push_drsuapi_DsGetMemberships, + (ndr_pull_flags_fn_t) ndr_pull_drsuapi_DsGetMemberships, +- (ndr_print_function_t) ndr_print_drsuapi_DsGetMemberships, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -16590,7 +16590,7 @@ static const struct ndr_interface_call d + sizeof(struct DRSUAPI_INTER_DOMAIN_MOVE), + (ndr_push_flags_fn_t) ndr_push_DRSUAPI_INTER_DOMAIN_MOVE, + (ndr_pull_flags_fn_t) ndr_pull_DRSUAPI_INTER_DOMAIN_MOVE, +- (ndr_print_function_t) ndr_print_DRSUAPI_INTER_DOMAIN_MOVE, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -16599,7 +16599,7 @@ static const struct ndr_interface_call d + sizeof(struct drsuapi_DsGetNT4ChangeLog), + (ndr_push_flags_fn_t) ndr_push_drsuapi_DsGetNT4ChangeLog, + (ndr_pull_flags_fn_t) ndr_pull_drsuapi_DsGetNT4ChangeLog, +- (ndr_print_function_t) ndr_print_drsuapi_DsGetNT4ChangeLog, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -16608,7 +16608,7 @@ static const struct ndr_interface_call d + sizeof(struct drsuapi_DsCrackNames), + (ndr_push_flags_fn_t) ndr_push_drsuapi_DsCrackNames, + (ndr_pull_flags_fn_t) ndr_pull_drsuapi_DsCrackNames, +- (ndr_print_function_t) ndr_print_drsuapi_DsCrackNames, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -16617,7 +16617,7 @@ static const struct ndr_interface_call d + sizeof(struct drsuapi_DsWriteAccountSpn), + (ndr_push_flags_fn_t) ndr_push_drsuapi_DsWriteAccountSpn, + (ndr_pull_flags_fn_t) ndr_pull_drsuapi_DsWriteAccountSpn, +- (ndr_print_function_t) ndr_print_drsuapi_DsWriteAccountSpn, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -16626,7 +16626,7 @@ static const struct ndr_interface_call d + sizeof(struct drsuapi_DsRemoveDSServer), + (ndr_push_flags_fn_t) ndr_push_drsuapi_DsRemoveDSServer, + (ndr_pull_flags_fn_t) ndr_pull_drsuapi_DsRemoveDSServer, +- (ndr_print_function_t) ndr_print_drsuapi_DsRemoveDSServer, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -16635,7 +16635,7 @@ static const struct ndr_interface_call d + sizeof(struct DRSUAPI_REMOVE_DS_DOMAIN), + (ndr_push_flags_fn_t) ndr_push_DRSUAPI_REMOVE_DS_DOMAIN, + (ndr_pull_flags_fn_t) ndr_pull_DRSUAPI_REMOVE_DS_DOMAIN, +- (ndr_print_function_t) ndr_print_DRSUAPI_REMOVE_DS_DOMAIN, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -16644,7 +16644,7 @@ static const struct ndr_interface_call d + sizeof(struct drsuapi_DsGetDomainControllerInfo), + (ndr_push_flags_fn_t) ndr_push_drsuapi_DsGetDomainControllerInfo, + (ndr_pull_flags_fn_t) ndr_pull_drsuapi_DsGetDomainControllerInfo, +- (ndr_print_function_t) ndr_print_drsuapi_DsGetDomainControllerInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -16653,7 +16653,7 @@ static const struct ndr_interface_call d + sizeof(struct drsuapi_DsAddEntry), + (ndr_push_flags_fn_t) ndr_push_drsuapi_DsAddEntry, + (ndr_pull_flags_fn_t) ndr_pull_drsuapi_DsAddEntry, +- (ndr_print_function_t) ndr_print_drsuapi_DsAddEntry, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -16662,7 +16662,7 @@ static const struct ndr_interface_call d + sizeof(struct drsuapi_DsExecuteKCC), + (ndr_push_flags_fn_t) ndr_push_drsuapi_DsExecuteKCC, + (ndr_pull_flags_fn_t) ndr_pull_drsuapi_DsExecuteKCC, +- (ndr_print_function_t) ndr_print_drsuapi_DsExecuteKCC, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -16671,7 +16671,7 @@ static const struct ndr_interface_call d + sizeof(struct drsuapi_DsReplicaGetInfo), + (ndr_push_flags_fn_t) ndr_push_drsuapi_DsReplicaGetInfo, + (ndr_pull_flags_fn_t) ndr_pull_drsuapi_DsReplicaGetInfo, +- (ndr_print_function_t) ndr_print_drsuapi_DsReplicaGetInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -16680,7 +16680,7 @@ static const struct ndr_interface_call d + sizeof(struct DRSUAPI_ADD_SID_HISTORY), + (ndr_push_flags_fn_t) ndr_push_DRSUAPI_ADD_SID_HISTORY, + (ndr_pull_flags_fn_t) ndr_pull_DRSUAPI_ADD_SID_HISTORY, +- (ndr_print_function_t) ndr_print_DRSUAPI_ADD_SID_HISTORY, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -16689,7 +16689,7 @@ static const struct ndr_interface_call d + sizeof(struct drsuapi_DsGetMemberships2), + (ndr_push_flags_fn_t) ndr_push_drsuapi_DsGetMemberships2, + (ndr_pull_flags_fn_t) ndr_pull_drsuapi_DsGetMemberships2, +- (ndr_print_function_t) ndr_print_drsuapi_DsGetMemberships2, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -16698,7 +16698,7 @@ static const struct ndr_interface_call d + sizeof(struct DRSUAPI_REPLICA_VERIFY_OBJECTS), + (ndr_push_flags_fn_t) ndr_push_DRSUAPI_REPLICA_VERIFY_OBJECTS, + (ndr_pull_flags_fn_t) ndr_pull_DRSUAPI_REPLICA_VERIFY_OBJECTS, +- (ndr_print_function_t) ndr_print_DRSUAPI_REPLICA_VERIFY_OBJECTS, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -16707,7 +16707,7 @@ static const struct ndr_interface_call d + sizeof(struct DRSUAPI_GET_OBJECT_EXISTENCE), + (ndr_push_flags_fn_t) ndr_push_DRSUAPI_GET_OBJECT_EXISTENCE, + (ndr_pull_flags_fn_t) ndr_pull_DRSUAPI_GET_OBJECT_EXISTENCE, +- (ndr_print_function_t) ndr_print_DRSUAPI_GET_OBJECT_EXISTENCE, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -16716,7 +16716,7 @@ static const struct ndr_interface_call d + sizeof(struct drsuapi_QuerySitesByCost), + (ndr_push_flags_fn_t) ndr_push_drsuapi_QuerySitesByCost, + (ndr_pull_flags_fn_t) ndr_pull_drsuapi_QuerySitesByCost, +- (ndr_print_function_t) ndr_print_drsuapi_QuerySitesByCost, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_dsbackup.c ++++ b/source3/librpc/gen_ndr/ndr_dsbackup.c +@@ -360,7 +360,7 @@ static const struct ndr_interface_call a + sizeof(struct HrRBackupPrepare), + (ndr_push_flags_fn_t) ndr_push_HrRBackupPrepare, + (ndr_pull_flags_fn_t) ndr_pull_HrRBackupPrepare, +- (ndr_print_function_t) ndr_print_HrRBackupPrepare, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -369,7 +369,7 @@ static const struct ndr_interface_call a + sizeof(struct HrRBackupEnd), + (ndr_push_flags_fn_t) ndr_push_HrRBackupEnd, + (ndr_pull_flags_fn_t) ndr_pull_HrRBackupEnd, +- (ndr_print_function_t) ndr_print_HrRBackupEnd, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -378,7 +378,7 @@ static const struct ndr_interface_call a + sizeof(struct HrRBackupGetAttachmentInformation), + (ndr_push_flags_fn_t) ndr_push_HrRBackupGetAttachmentInformation, + (ndr_pull_flags_fn_t) ndr_pull_HrRBackupGetAttachmentInformation, +- (ndr_print_function_t) ndr_print_HrRBackupGetAttachmentInformation, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -387,7 +387,7 @@ static const struct ndr_interface_call a + sizeof(struct HrRBackupOpenFile), + (ndr_push_flags_fn_t) ndr_push_HrRBackupOpenFile, + (ndr_pull_flags_fn_t) ndr_pull_HrRBackupOpenFile, +- (ndr_print_function_t) ndr_print_HrRBackupOpenFile, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -396,7 +396,7 @@ static const struct ndr_interface_call a + sizeof(struct HrRBackupRead), + (ndr_push_flags_fn_t) ndr_push_HrRBackupRead, + (ndr_pull_flags_fn_t) ndr_pull_HrRBackupRead, +- (ndr_print_function_t) ndr_print_HrRBackupRead, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -405,7 +405,7 @@ static const struct ndr_interface_call a + sizeof(struct HrRBackupClose), + (ndr_push_flags_fn_t) ndr_push_HrRBackupClose, + (ndr_pull_flags_fn_t) ndr_pull_HrRBackupClose, +- (ndr_print_function_t) ndr_print_HrRBackupClose, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -414,7 +414,7 @@ static const struct ndr_interface_call a + sizeof(struct HrRBackupGetBackupLogs), + (ndr_push_flags_fn_t) ndr_push_HrRBackupGetBackupLogs, + (ndr_pull_flags_fn_t) ndr_pull_HrRBackupGetBackupLogs, +- (ndr_print_function_t) ndr_print_HrRBackupGetBackupLogs, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -423,7 +423,7 @@ static const struct ndr_interface_call a + sizeof(struct HrRBackupTruncateLogs), + (ndr_push_flags_fn_t) ndr_push_HrRBackupTruncateLogs, + (ndr_pull_flags_fn_t) ndr_pull_HrRBackupTruncateLogs, +- (ndr_print_function_t) ndr_print_HrRBackupTruncateLogs, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -432,7 +432,7 @@ static const struct ndr_interface_call a + sizeof(struct HrRBackupPing), + (ndr_push_flags_fn_t) ndr_push_HrRBackupPing, + (ndr_pull_flags_fn_t) ndr_pull_HrRBackupPing, +- (ndr_print_function_t) ndr_print_HrRBackupPing, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -789,7 +789,7 @@ static const struct ndr_interface_call a + sizeof(struct HrRIsNTDSOnline), + (ndr_push_flags_fn_t) ndr_push_HrRIsNTDSOnline, + (ndr_pull_flags_fn_t) ndr_pull_HrRIsNTDSOnline, +- (ndr_print_function_t) ndr_print_HrRIsNTDSOnline, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -798,7 +798,7 @@ static const struct ndr_interface_call a + sizeof(struct HrRRestorePrepare), + (ndr_push_flags_fn_t) ndr_push_HrRRestorePrepare, + (ndr_pull_flags_fn_t) ndr_pull_HrRRestorePrepare, +- (ndr_print_function_t) ndr_print_HrRRestorePrepare, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -807,7 +807,7 @@ static const struct ndr_interface_call a + sizeof(struct HrRRestoreRegister), + (ndr_push_flags_fn_t) ndr_push_HrRRestoreRegister, + (ndr_pull_flags_fn_t) ndr_pull_HrRRestoreRegister, +- (ndr_print_function_t) ndr_print_HrRRestoreRegister, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -816,7 +816,7 @@ static const struct ndr_interface_call a + sizeof(struct HrRRestoreRegisterComplete), + (ndr_push_flags_fn_t) ndr_push_HrRRestoreRegisterComplete, + (ndr_pull_flags_fn_t) ndr_pull_HrRRestoreRegisterComplete, +- (ndr_print_function_t) ndr_print_HrRRestoreRegisterComplete, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -825,7 +825,7 @@ static const struct ndr_interface_call a + sizeof(struct HrRRestoreGetDatabaseLocations), + (ndr_push_flags_fn_t) ndr_push_HrRRestoreGetDatabaseLocations, + (ndr_pull_flags_fn_t) ndr_pull_HrRRestoreGetDatabaseLocations, +- (ndr_print_function_t) ndr_print_HrRRestoreGetDatabaseLocations, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -834,7 +834,7 @@ static const struct ndr_interface_call a + sizeof(struct HrRRestoreEnd), + (ndr_push_flags_fn_t) ndr_push_HrRRestoreEnd, + (ndr_pull_flags_fn_t) ndr_pull_HrRRestoreEnd, +- (ndr_print_function_t) ndr_print_HrRRestoreEnd, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -843,7 +843,7 @@ static const struct ndr_interface_call a + sizeof(struct HrRRestoreSetCurrentLogNumber), + (ndr_push_flags_fn_t) ndr_push_HrRRestoreSetCurrentLogNumber, + (ndr_pull_flags_fn_t) ndr_pull_HrRRestoreSetCurrentLogNumber, +- (ndr_print_function_t) ndr_print_HrRRestoreSetCurrentLogNumber, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -852,7 +852,7 @@ static const struct ndr_interface_call a + sizeof(struct HrRRestoreCheckLogsForBackup), + (ndr_push_flags_fn_t) ndr_push_HrRRestoreCheckLogsForBackup, + (ndr_pull_flags_fn_t) ndr_pull_HrRRestoreCheckLogsForBackup, +- (ndr_print_function_t) ndr_print_HrRRestoreCheckLogsForBackup, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_dssetup.c ++++ b/source3/librpc/gen_ndr/ndr_dssetup.c +@@ -995,7 +995,7 @@ static const struct ndr_interface_call d + sizeof(struct dssetup_DsRoleGetPrimaryDomainInformation), + (ndr_push_flags_fn_t) ndr_push_dssetup_DsRoleGetPrimaryDomainInformation, + (ndr_pull_flags_fn_t) ndr_pull_dssetup_DsRoleGetPrimaryDomainInformation, +- (ndr_print_function_t) ndr_print_dssetup_DsRoleGetPrimaryDomainInformation, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1004,7 +1004,7 @@ static const struct ndr_interface_call d + sizeof(struct dssetup_DsRoleDnsNameToFlatName), + (ndr_push_flags_fn_t) ndr_push_dssetup_DsRoleDnsNameToFlatName, + (ndr_pull_flags_fn_t) ndr_pull_dssetup_DsRoleDnsNameToFlatName, +- (ndr_print_function_t) ndr_print_dssetup_DsRoleDnsNameToFlatName, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1013,7 +1013,7 @@ static const struct ndr_interface_call d + sizeof(struct dssetup_DsRoleDcAsDc), + (ndr_push_flags_fn_t) ndr_push_dssetup_DsRoleDcAsDc, + (ndr_pull_flags_fn_t) ndr_pull_dssetup_DsRoleDcAsDc, +- (ndr_print_function_t) ndr_print_dssetup_DsRoleDcAsDc, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1022,7 +1022,7 @@ static const struct ndr_interface_call d + sizeof(struct dssetup_DsRoleDcAsReplica), + (ndr_push_flags_fn_t) ndr_push_dssetup_DsRoleDcAsReplica, + (ndr_pull_flags_fn_t) ndr_pull_dssetup_DsRoleDcAsReplica, +- (ndr_print_function_t) ndr_print_dssetup_DsRoleDcAsReplica, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1031,7 +1031,7 @@ static const struct ndr_interface_call d + sizeof(struct dssetup_DsRoleDemoteDc), + (ndr_push_flags_fn_t) ndr_push_dssetup_DsRoleDemoteDc, + (ndr_pull_flags_fn_t) ndr_pull_dssetup_DsRoleDemoteDc, +- (ndr_print_function_t) ndr_print_dssetup_DsRoleDemoteDc, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1040,7 +1040,7 @@ static const struct ndr_interface_call d + sizeof(struct dssetup_DsRoleGetDcOperationProgress), + (ndr_push_flags_fn_t) ndr_push_dssetup_DsRoleGetDcOperationProgress, + (ndr_pull_flags_fn_t) ndr_pull_dssetup_DsRoleGetDcOperationProgress, +- (ndr_print_function_t) ndr_print_dssetup_DsRoleGetDcOperationProgress, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1049,7 +1049,7 @@ static const struct ndr_interface_call d + sizeof(struct dssetup_DsRoleGetDcOperationResults), + (ndr_push_flags_fn_t) ndr_push_dssetup_DsRoleGetDcOperationResults, + (ndr_pull_flags_fn_t) ndr_pull_dssetup_DsRoleGetDcOperationResults, +- (ndr_print_function_t) ndr_print_dssetup_DsRoleGetDcOperationResults, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1058,7 +1058,7 @@ static const struct ndr_interface_call d + sizeof(struct dssetup_DsRoleCancel), + (ndr_push_flags_fn_t) ndr_push_dssetup_DsRoleCancel, + (ndr_pull_flags_fn_t) ndr_pull_dssetup_DsRoleCancel, +- (ndr_print_function_t) ndr_print_dssetup_DsRoleCancel, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1067,7 +1067,7 @@ static const struct ndr_interface_call d + sizeof(struct dssetup_DsRoleServerSaveStateForUpgrade), + (ndr_push_flags_fn_t) ndr_push_dssetup_DsRoleServerSaveStateForUpgrade, + (ndr_pull_flags_fn_t) ndr_pull_dssetup_DsRoleServerSaveStateForUpgrade, +- (ndr_print_function_t) ndr_print_dssetup_DsRoleServerSaveStateForUpgrade, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1076,7 +1076,7 @@ static const struct ndr_interface_call d + sizeof(struct dssetup_DsRoleUpgradeDownlevelServer), + (ndr_push_flags_fn_t) ndr_push_dssetup_DsRoleUpgradeDownlevelServer, + (ndr_pull_flags_fn_t) ndr_pull_dssetup_DsRoleUpgradeDownlevelServer, +- (ndr_print_function_t) ndr_print_dssetup_DsRoleUpgradeDownlevelServer, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1085,7 +1085,7 @@ static const struct ndr_interface_call d + sizeof(struct dssetup_DsRoleAbortDownlevelServerUpgrade), + (ndr_push_flags_fn_t) ndr_push_dssetup_DsRoleAbortDownlevelServerUpgrade, + (ndr_pull_flags_fn_t) ndr_pull_dssetup_DsRoleAbortDownlevelServerUpgrade, +- (ndr_print_function_t) ndr_print_dssetup_DsRoleAbortDownlevelServerUpgrade, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_echo.c ++++ b/source3/librpc/gen_ndr/ndr_echo.c +@@ -1458,7 +1458,7 @@ static const struct ndr_interface_call r + sizeof(struct echo_AddOne), + (ndr_push_flags_fn_t) ndr_push_echo_AddOne, + (ndr_pull_flags_fn_t) ndr_pull_echo_AddOne, +- (ndr_print_function_t) ndr_print_echo_AddOne, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1467,7 +1467,7 @@ static const struct ndr_interface_call r + sizeof(struct echo_EchoData), + (ndr_push_flags_fn_t) ndr_push_echo_EchoData, + (ndr_pull_flags_fn_t) ndr_pull_echo_EchoData, +- (ndr_print_function_t) ndr_print_echo_EchoData, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1476,7 +1476,7 @@ static const struct ndr_interface_call r + sizeof(struct echo_SinkData), + (ndr_push_flags_fn_t) ndr_push_echo_SinkData, + (ndr_pull_flags_fn_t) ndr_pull_echo_SinkData, +- (ndr_print_function_t) ndr_print_echo_SinkData, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1485,7 +1485,7 @@ static const struct ndr_interface_call r + sizeof(struct echo_SourceData), + (ndr_push_flags_fn_t) ndr_push_echo_SourceData, + (ndr_pull_flags_fn_t) ndr_pull_echo_SourceData, +- (ndr_print_function_t) ndr_print_echo_SourceData, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1494,7 +1494,7 @@ static const struct ndr_interface_call r + sizeof(struct echo_TestCall), + (ndr_push_flags_fn_t) ndr_push_echo_TestCall, + (ndr_pull_flags_fn_t) ndr_pull_echo_TestCall, +- (ndr_print_function_t) ndr_print_echo_TestCall, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1503,7 +1503,7 @@ static const struct ndr_interface_call r + sizeof(struct echo_TestCall2), + (ndr_push_flags_fn_t) ndr_push_echo_TestCall2, + (ndr_pull_flags_fn_t) ndr_pull_echo_TestCall2, +- (ndr_print_function_t) ndr_print_echo_TestCall2, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1512,7 +1512,7 @@ static const struct ndr_interface_call r + sizeof(struct echo_TestSleep), + (ndr_push_flags_fn_t) ndr_push_echo_TestSleep, + (ndr_pull_flags_fn_t) ndr_pull_echo_TestSleep, +- (ndr_print_function_t) ndr_print_echo_TestSleep, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1521,7 +1521,7 @@ static const struct ndr_interface_call r + sizeof(struct echo_TestEnum), + (ndr_push_flags_fn_t) ndr_push_echo_TestEnum, + (ndr_pull_flags_fn_t) ndr_pull_echo_TestEnum, +- (ndr_print_function_t) ndr_print_echo_TestEnum, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1530,7 +1530,7 @@ static const struct ndr_interface_call r + sizeof(struct echo_TestSurrounding), + (ndr_push_flags_fn_t) ndr_push_echo_TestSurrounding, + (ndr_pull_flags_fn_t) ndr_pull_echo_TestSurrounding, +- (ndr_print_function_t) ndr_print_echo_TestSurrounding, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1539,7 +1539,7 @@ static const struct ndr_interface_call r + sizeof(struct echo_TestDoublePointer), + (ndr_push_flags_fn_t) ndr_push_echo_TestDoublePointer, + (ndr_pull_flags_fn_t) ndr_pull_echo_TestDoublePointer, +- (ndr_print_function_t) ndr_print_echo_TestDoublePointer, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_efs.c ++++ b/source3/librpc/gen_ndr/ndr_efs.c +@@ -1327,7 +1327,7 @@ static const struct ndr_interface_call e + sizeof(struct EfsRpcOpenFileRaw), + (ndr_push_flags_fn_t) ndr_push_EfsRpcOpenFileRaw, + (ndr_pull_flags_fn_t) ndr_pull_EfsRpcOpenFileRaw, +- (ndr_print_function_t) ndr_print_EfsRpcOpenFileRaw, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1336,7 +1336,7 @@ static const struct ndr_interface_call e + sizeof(struct EfsRpcReadFileRaw), + (ndr_push_flags_fn_t) ndr_push_EfsRpcReadFileRaw, + (ndr_pull_flags_fn_t) ndr_pull_EfsRpcReadFileRaw, +- (ndr_print_function_t) ndr_print_EfsRpcReadFileRaw, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1345,7 +1345,7 @@ static const struct ndr_interface_call e + sizeof(struct EfsRpcWriteFileRaw), + (ndr_push_flags_fn_t) ndr_push_EfsRpcWriteFileRaw, + (ndr_pull_flags_fn_t) ndr_pull_EfsRpcWriteFileRaw, +- (ndr_print_function_t) ndr_print_EfsRpcWriteFileRaw, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1354,7 +1354,7 @@ static const struct ndr_interface_call e + sizeof(struct EfsRpcCloseRaw), + (ndr_push_flags_fn_t) ndr_push_EfsRpcCloseRaw, + (ndr_pull_flags_fn_t) ndr_pull_EfsRpcCloseRaw, +- (ndr_print_function_t) ndr_print_EfsRpcCloseRaw, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1363,7 +1363,7 @@ static const struct ndr_interface_call e + sizeof(struct EfsRpcEncryptFileSrv), + (ndr_push_flags_fn_t) ndr_push_EfsRpcEncryptFileSrv, + (ndr_pull_flags_fn_t) ndr_pull_EfsRpcEncryptFileSrv, +- (ndr_print_function_t) ndr_print_EfsRpcEncryptFileSrv, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1372,7 +1372,7 @@ static const struct ndr_interface_call e + sizeof(struct EfsRpcDecryptFileSrv), + (ndr_push_flags_fn_t) ndr_push_EfsRpcDecryptFileSrv, + (ndr_pull_flags_fn_t) ndr_pull_EfsRpcDecryptFileSrv, +- (ndr_print_function_t) ndr_print_EfsRpcDecryptFileSrv, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1381,7 +1381,7 @@ static const struct ndr_interface_call e + sizeof(struct EfsRpcQueryUsersOnFile), + (ndr_push_flags_fn_t) ndr_push_EfsRpcQueryUsersOnFile, + (ndr_pull_flags_fn_t) ndr_pull_EfsRpcQueryUsersOnFile, +- (ndr_print_function_t) ndr_print_EfsRpcQueryUsersOnFile, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1390,7 +1390,7 @@ static const struct ndr_interface_call e + sizeof(struct EfsRpcQueryRecoveryAgents), + (ndr_push_flags_fn_t) ndr_push_EfsRpcQueryRecoveryAgents, + (ndr_pull_flags_fn_t) ndr_pull_EfsRpcQueryRecoveryAgents, +- (ndr_print_function_t) ndr_print_EfsRpcQueryRecoveryAgents, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1399,7 +1399,7 @@ static const struct ndr_interface_call e + sizeof(struct EfsRpcRemoveUsersFromFile), + (ndr_push_flags_fn_t) ndr_push_EfsRpcRemoveUsersFromFile, + (ndr_pull_flags_fn_t) ndr_pull_EfsRpcRemoveUsersFromFile, +- (ndr_print_function_t) ndr_print_EfsRpcRemoveUsersFromFile, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1408,7 +1408,7 @@ static const struct ndr_interface_call e + sizeof(struct EfsRpcAddUsersToFile), + (ndr_push_flags_fn_t) ndr_push_EfsRpcAddUsersToFile, + (ndr_pull_flags_fn_t) ndr_pull_EfsRpcAddUsersToFile, +- (ndr_print_function_t) ndr_print_EfsRpcAddUsersToFile, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1417,7 +1417,7 @@ static const struct ndr_interface_call e + sizeof(struct EfsRpcSetFileEncryptionKey), + (ndr_push_flags_fn_t) ndr_push_EfsRpcSetFileEncryptionKey, + (ndr_pull_flags_fn_t) ndr_pull_EfsRpcSetFileEncryptionKey, +- (ndr_print_function_t) ndr_print_EfsRpcSetFileEncryptionKey, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1426,7 +1426,7 @@ static const struct ndr_interface_call e + sizeof(struct EfsRpcNotSupported), + (ndr_push_flags_fn_t) ndr_push_EfsRpcNotSupported, + (ndr_pull_flags_fn_t) ndr_pull_EfsRpcNotSupported, +- (ndr_print_function_t) ndr_print_EfsRpcNotSupported, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1435,7 +1435,7 @@ static const struct ndr_interface_call e + sizeof(struct EfsRpcFileKeyInfo), + (ndr_push_flags_fn_t) ndr_push_EfsRpcFileKeyInfo, + (ndr_pull_flags_fn_t) ndr_pull_EfsRpcFileKeyInfo, +- (ndr_print_function_t) ndr_print_EfsRpcFileKeyInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1444,7 +1444,7 @@ static const struct ndr_interface_call e + sizeof(struct EfsRpcDuplicateEncryptionInfoFile), + (ndr_push_flags_fn_t) ndr_push_EfsRpcDuplicateEncryptionInfoFile, + (ndr_pull_flags_fn_t) ndr_pull_EfsRpcDuplicateEncryptionInfoFile, +- (ndr_print_function_t) ndr_print_EfsRpcDuplicateEncryptionInfoFile, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_epmapper.c ++++ b/source3/librpc/gen_ndr/ndr_epmapper.c +@@ -2754,7 +2754,7 @@ static const struct ndr_interface_call e + sizeof(struct epm_Insert), + (ndr_push_flags_fn_t) ndr_push_epm_Insert, + (ndr_pull_flags_fn_t) ndr_pull_epm_Insert, +- (ndr_print_function_t) ndr_print_epm_Insert, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2763,7 +2763,7 @@ static const struct ndr_interface_call e + sizeof(struct epm_Delete), + (ndr_push_flags_fn_t) ndr_push_epm_Delete, + (ndr_pull_flags_fn_t) ndr_pull_epm_Delete, +- (ndr_print_function_t) ndr_print_epm_Delete, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2772,7 +2772,7 @@ static const struct ndr_interface_call e + sizeof(struct epm_Lookup), + (ndr_push_flags_fn_t) ndr_push_epm_Lookup, + (ndr_pull_flags_fn_t) ndr_pull_epm_Lookup, +- (ndr_print_function_t) ndr_print_epm_Lookup, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2781,7 +2781,7 @@ static const struct ndr_interface_call e + sizeof(struct epm_Map), + (ndr_push_flags_fn_t) ndr_push_epm_Map, + (ndr_pull_flags_fn_t) ndr_pull_epm_Map, +- (ndr_print_function_t) ndr_print_epm_Map, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2790,7 +2790,7 @@ static const struct ndr_interface_call e + sizeof(struct epm_LookupHandleFree), + (ndr_push_flags_fn_t) ndr_push_epm_LookupHandleFree, + (ndr_pull_flags_fn_t) ndr_pull_epm_LookupHandleFree, +- (ndr_print_function_t) ndr_print_epm_LookupHandleFree, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2799,7 +2799,7 @@ static const struct ndr_interface_call e + sizeof(struct epm_InqObject), + (ndr_push_flags_fn_t) ndr_push_epm_InqObject, + (ndr_pull_flags_fn_t) ndr_pull_epm_InqObject, +- (ndr_print_function_t) ndr_print_epm_InqObject, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2808,7 +2808,7 @@ static const struct ndr_interface_call e + sizeof(struct epm_MgmtDelete), + (ndr_push_flags_fn_t) ndr_push_epm_MgmtDelete, + (ndr_pull_flags_fn_t) ndr_pull_epm_MgmtDelete, +- (ndr_print_function_t) ndr_print_epm_MgmtDelete, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2817,7 +2817,7 @@ static const struct ndr_interface_call e + sizeof(struct epm_MapAuth), + (ndr_push_flags_fn_t) ndr_push_epm_MapAuth, + (ndr_pull_flags_fn_t) ndr_pull_epm_MapAuth, +- (ndr_print_function_t) ndr_print_epm_MapAuth, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_eventlog.c ++++ b/source3/librpc/gen_ndr/ndr_eventlog.c +@@ -2983,7 +2983,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog_ClearEventLogW), + (ndr_push_flags_fn_t) ndr_push_eventlog_ClearEventLogW, + (ndr_pull_flags_fn_t) ndr_pull_eventlog_ClearEventLogW, +- (ndr_print_function_t) ndr_print_eventlog_ClearEventLogW, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2992,7 +2992,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog_BackupEventLogW), + (ndr_push_flags_fn_t) ndr_push_eventlog_BackupEventLogW, + (ndr_pull_flags_fn_t) ndr_pull_eventlog_BackupEventLogW, +- (ndr_print_function_t) ndr_print_eventlog_BackupEventLogW, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3001,7 +3001,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog_CloseEventLog), + (ndr_push_flags_fn_t) ndr_push_eventlog_CloseEventLog, + (ndr_pull_flags_fn_t) ndr_pull_eventlog_CloseEventLog, +- (ndr_print_function_t) ndr_print_eventlog_CloseEventLog, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3010,7 +3010,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog_DeregisterEventSource), + (ndr_push_flags_fn_t) ndr_push_eventlog_DeregisterEventSource, + (ndr_pull_flags_fn_t) ndr_pull_eventlog_DeregisterEventSource, +- (ndr_print_function_t) ndr_print_eventlog_DeregisterEventSource, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3019,7 +3019,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog_GetNumRecords), + (ndr_push_flags_fn_t) ndr_push_eventlog_GetNumRecords, + (ndr_pull_flags_fn_t) ndr_pull_eventlog_GetNumRecords, +- (ndr_print_function_t) ndr_print_eventlog_GetNumRecords, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3028,7 +3028,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog_GetOldestRecord), + (ndr_push_flags_fn_t) ndr_push_eventlog_GetOldestRecord, + (ndr_pull_flags_fn_t) ndr_pull_eventlog_GetOldestRecord, +- (ndr_print_function_t) ndr_print_eventlog_GetOldestRecord, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3037,7 +3037,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog_ChangeNotify), + (ndr_push_flags_fn_t) ndr_push_eventlog_ChangeNotify, + (ndr_pull_flags_fn_t) ndr_pull_eventlog_ChangeNotify, +- (ndr_print_function_t) ndr_print_eventlog_ChangeNotify, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3046,7 +3046,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog_OpenEventLogW), + (ndr_push_flags_fn_t) ndr_push_eventlog_OpenEventLogW, + (ndr_pull_flags_fn_t) ndr_pull_eventlog_OpenEventLogW, +- (ndr_print_function_t) ndr_print_eventlog_OpenEventLogW, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3055,7 +3055,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog_RegisterEventSourceW), + (ndr_push_flags_fn_t) ndr_push_eventlog_RegisterEventSourceW, + (ndr_pull_flags_fn_t) ndr_pull_eventlog_RegisterEventSourceW, +- (ndr_print_function_t) ndr_print_eventlog_RegisterEventSourceW, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3064,7 +3064,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog_OpenBackupEventLogW), + (ndr_push_flags_fn_t) ndr_push_eventlog_OpenBackupEventLogW, + (ndr_pull_flags_fn_t) ndr_pull_eventlog_OpenBackupEventLogW, +- (ndr_print_function_t) ndr_print_eventlog_OpenBackupEventLogW, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3073,7 +3073,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog_ReadEventLogW), + (ndr_push_flags_fn_t) ndr_push_eventlog_ReadEventLogW, + (ndr_pull_flags_fn_t) ndr_pull_eventlog_ReadEventLogW, +- (ndr_print_function_t) ndr_print_eventlog_ReadEventLogW, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3082,7 +3082,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog_ReportEventW), + (ndr_push_flags_fn_t) ndr_push_eventlog_ReportEventW, + (ndr_pull_flags_fn_t) ndr_pull_eventlog_ReportEventW, +- (ndr_print_function_t) ndr_print_eventlog_ReportEventW, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3091,7 +3091,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog_ClearEventLogA), + (ndr_push_flags_fn_t) ndr_push_eventlog_ClearEventLogA, + (ndr_pull_flags_fn_t) ndr_pull_eventlog_ClearEventLogA, +- (ndr_print_function_t) ndr_print_eventlog_ClearEventLogA, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3100,7 +3100,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog_BackupEventLogA), + (ndr_push_flags_fn_t) ndr_push_eventlog_BackupEventLogA, + (ndr_pull_flags_fn_t) ndr_pull_eventlog_BackupEventLogA, +- (ndr_print_function_t) ndr_print_eventlog_BackupEventLogA, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3109,7 +3109,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog_OpenEventLogA), + (ndr_push_flags_fn_t) ndr_push_eventlog_OpenEventLogA, + (ndr_pull_flags_fn_t) ndr_pull_eventlog_OpenEventLogA, +- (ndr_print_function_t) ndr_print_eventlog_OpenEventLogA, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3118,7 +3118,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog_RegisterEventSourceA), + (ndr_push_flags_fn_t) ndr_push_eventlog_RegisterEventSourceA, + (ndr_pull_flags_fn_t) ndr_pull_eventlog_RegisterEventSourceA, +- (ndr_print_function_t) ndr_print_eventlog_RegisterEventSourceA, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3127,7 +3127,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog_OpenBackupEventLogA), + (ndr_push_flags_fn_t) ndr_push_eventlog_OpenBackupEventLogA, + (ndr_pull_flags_fn_t) ndr_pull_eventlog_OpenBackupEventLogA, +- (ndr_print_function_t) ndr_print_eventlog_OpenBackupEventLogA, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3136,7 +3136,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog_ReadEventLogA), + (ndr_push_flags_fn_t) ndr_push_eventlog_ReadEventLogA, + (ndr_pull_flags_fn_t) ndr_pull_eventlog_ReadEventLogA, +- (ndr_print_function_t) ndr_print_eventlog_ReadEventLogA, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3145,7 +3145,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog_ReportEventA), + (ndr_push_flags_fn_t) ndr_push_eventlog_ReportEventA, + (ndr_pull_flags_fn_t) ndr_pull_eventlog_ReportEventA, +- (ndr_print_function_t) ndr_print_eventlog_ReportEventA, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3154,7 +3154,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog_RegisterClusterSvc), + (ndr_push_flags_fn_t) ndr_push_eventlog_RegisterClusterSvc, + (ndr_pull_flags_fn_t) ndr_pull_eventlog_RegisterClusterSvc, +- (ndr_print_function_t) ndr_print_eventlog_RegisterClusterSvc, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3163,7 +3163,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog_DeregisterClusterSvc), + (ndr_push_flags_fn_t) ndr_push_eventlog_DeregisterClusterSvc, + (ndr_pull_flags_fn_t) ndr_pull_eventlog_DeregisterClusterSvc, +- (ndr_print_function_t) ndr_print_eventlog_DeregisterClusterSvc, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3172,7 +3172,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog_WriteClusterEvents), + (ndr_push_flags_fn_t) ndr_push_eventlog_WriteClusterEvents, + (ndr_pull_flags_fn_t) ndr_pull_eventlog_WriteClusterEvents, +- (ndr_print_function_t) ndr_print_eventlog_WriteClusterEvents, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3181,7 +3181,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog_GetLogInformation), + (ndr_push_flags_fn_t) ndr_push_eventlog_GetLogInformation, + (ndr_pull_flags_fn_t) ndr_pull_eventlog_GetLogInformation, +- (ndr_print_function_t) ndr_print_eventlog_GetLogInformation, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3190,7 +3190,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog_FlushEventLog), + (ndr_push_flags_fn_t) ndr_push_eventlog_FlushEventLog, + (ndr_pull_flags_fn_t) ndr_pull_eventlog_FlushEventLog, +- (ndr_print_function_t) ndr_print_eventlog_FlushEventLog, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3199,7 +3199,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog_ReportEventAndSourceW), + (ndr_push_flags_fn_t) ndr_push_eventlog_ReportEventAndSourceW, + (ndr_pull_flags_fn_t) ndr_pull_eventlog_ReportEventAndSourceW, +- (ndr_print_function_t) ndr_print_eventlog_ReportEventAndSourceW, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_eventlog6.c ++++ b/source3/librpc/gen_ndr/ndr_eventlog6.c +@@ -5482,7 +5482,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog6_EvtRpcRegisterRemoteSubscription), + (ndr_push_flags_fn_t) ndr_push_eventlog6_EvtRpcRegisterRemoteSubscription, + (ndr_pull_flags_fn_t) ndr_pull_eventlog6_EvtRpcRegisterRemoteSubscription, +- (ndr_print_function_t) ndr_print_eventlog6_EvtRpcRegisterRemoteSubscription, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5491,7 +5491,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog6_EvtRpcRemoteSubscriptionNextAsync), + (ndr_push_flags_fn_t) ndr_push_eventlog6_EvtRpcRemoteSubscriptionNextAsync, + (ndr_pull_flags_fn_t) ndr_pull_eventlog6_EvtRpcRemoteSubscriptionNextAsync, +- (ndr_print_function_t) ndr_print_eventlog6_EvtRpcRemoteSubscriptionNextAsync, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5500,7 +5500,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog6_EvtRpcRemoteSubscriptionNext), + (ndr_push_flags_fn_t) ndr_push_eventlog6_EvtRpcRemoteSubscriptionNext, + (ndr_pull_flags_fn_t) ndr_pull_eventlog6_EvtRpcRemoteSubscriptionNext, +- (ndr_print_function_t) ndr_print_eventlog6_EvtRpcRemoteSubscriptionNext, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5509,7 +5509,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog6_EvtRpcRemoteSubscriptionWaitAsync), + (ndr_push_flags_fn_t) ndr_push_eventlog6_EvtRpcRemoteSubscriptionWaitAsync, + (ndr_pull_flags_fn_t) ndr_pull_eventlog6_EvtRpcRemoteSubscriptionWaitAsync, +- (ndr_print_function_t) ndr_print_eventlog6_EvtRpcRemoteSubscriptionWaitAsync, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5518,7 +5518,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog6_EvtRpcRegisterControllableOperation), + (ndr_push_flags_fn_t) ndr_push_eventlog6_EvtRpcRegisterControllableOperation, + (ndr_pull_flags_fn_t) ndr_pull_eventlog6_EvtRpcRegisterControllableOperation, +- (ndr_print_function_t) ndr_print_eventlog6_EvtRpcRegisterControllableOperation, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5527,7 +5527,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog6_EvtRpcRegisterLogQuery), + (ndr_push_flags_fn_t) ndr_push_eventlog6_EvtRpcRegisterLogQuery, + (ndr_pull_flags_fn_t) ndr_pull_eventlog6_EvtRpcRegisterLogQuery, +- (ndr_print_function_t) ndr_print_eventlog6_EvtRpcRegisterLogQuery, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5536,7 +5536,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog6_EvtRpcClearLog), + (ndr_push_flags_fn_t) ndr_push_eventlog6_EvtRpcClearLog, + (ndr_pull_flags_fn_t) ndr_pull_eventlog6_EvtRpcClearLog, +- (ndr_print_function_t) ndr_print_eventlog6_EvtRpcClearLog, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5545,7 +5545,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog6_EvtRpcExportLog), + (ndr_push_flags_fn_t) ndr_push_eventlog6_EvtRpcExportLog, + (ndr_pull_flags_fn_t) ndr_pull_eventlog6_EvtRpcExportLog, +- (ndr_print_function_t) ndr_print_eventlog6_EvtRpcExportLog, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5554,7 +5554,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog6_EvtRpcLocalizeExportLog), + (ndr_push_flags_fn_t) ndr_push_eventlog6_EvtRpcLocalizeExportLog, + (ndr_pull_flags_fn_t) ndr_pull_eventlog6_EvtRpcLocalizeExportLog, +- (ndr_print_function_t) ndr_print_eventlog6_EvtRpcLocalizeExportLog, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5563,7 +5563,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog6_EvtRpcMessageRender), + (ndr_push_flags_fn_t) ndr_push_eventlog6_EvtRpcMessageRender, + (ndr_pull_flags_fn_t) ndr_pull_eventlog6_EvtRpcMessageRender, +- (ndr_print_function_t) ndr_print_eventlog6_EvtRpcMessageRender, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5572,7 +5572,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog6_EvtRpcMessageRenderDefault), + (ndr_push_flags_fn_t) ndr_push_eventlog6_EvtRpcMessageRenderDefault, + (ndr_pull_flags_fn_t) ndr_pull_eventlog6_EvtRpcMessageRenderDefault, +- (ndr_print_function_t) ndr_print_eventlog6_EvtRpcMessageRenderDefault, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5581,7 +5581,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog6_EvtRpcQueryNext), + (ndr_push_flags_fn_t) ndr_push_eventlog6_EvtRpcQueryNext, + (ndr_pull_flags_fn_t) ndr_pull_eventlog6_EvtRpcQueryNext, +- (ndr_print_function_t) ndr_print_eventlog6_EvtRpcQueryNext, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5590,7 +5590,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog6_EvtRpcQuerySeek), + (ndr_push_flags_fn_t) ndr_push_eventlog6_EvtRpcQuerySeek, + (ndr_pull_flags_fn_t) ndr_pull_eventlog6_EvtRpcQuerySeek, +- (ndr_print_function_t) ndr_print_eventlog6_EvtRpcQuerySeek, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5599,7 +5599,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog6_EvtRpcClose), + (ndr_push_flags_fn_t) ndr_push_eventlog6_EvtRpcClose, + (ndr_pull_flags_fn_t) ndr_pull_eventlog6_EvtRpcClose, +- (ndr_print_function_t) ndr_print_eventlog6_EvtRpcClose, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5608,7 +5608,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog6_EvtRpcCancel), + (ndr_push_flags_fn_t) ndr_push_eventlog6_EvtRpcCancel, + (ndr_pull_flags_fn_t) ndr_pull_eventlog6_EvtRpcCancel, +- (ndr_print_function_t) ndr_print_eventlog6_EvtRpcCancel, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5617,7 +5617,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog6_EvtRpcAssertConfig), + (ndr_push_flags_fn_t) ndr_push_eventlog6_EvtRpcAssertConfig, + (ndr_pull_flags_fn_t) ndr_pull_eventlog6_EvtRpcAssertConfig, +- (ndr_print_function_t) ndr_print_eventlog6_EvtRpcAssertConfig, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5626,7 +5626,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog6_EvtRpcRetractConfig), + (ndr_push_flags_fn_t) ndr_push_eventlog6_EvtRpcRetractConfig, + (ndr_pull_flags_fn_t) ndr_pull_eventlog6_EvtRpcRetractConfig, +- (ndr_print_function_t) ndr_print_eventlog6_EvtRpcRetractConfig, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5635,7 +5635,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog6_EvtRpcOpenLogHandle), + (ndr_push_flags_fn_t) ndr_push_eventlog6_EvtRpcOpenLogHandle, + (ndr_pull_flags_fn_t) ndr_pull_eventlog6_EvtRpcOpenLogHandle, +- (ndr_print_function_t) ndr_print_eventlog6_EvtRpcOpenLogHandle, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5644,7 +5644,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog6_EvtRpcGetLogFileInfo), + (ndr_push_flags_fn_t) ndr_push_eventlog6_EvtRpcGetLogFileInfo, + (ndr_pull_flags_fn_t) ndr_pull_eventlog6_EvtRpcGetLogFileInfo, +- (ndr_print_function_t) ndr_print_eventlog6_EvtRpcGetLogFileInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5653,7 +5653,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog6_EvtRpcGetChannelList), + (ndr_push_flags_fn_t) ndr_push_eventlog6_EvtRpcGetChannelList, + (ndr_pull_flags_fn_t) ndr_pull_eventlog6_EvtRpcGetChannelList, +- (ndr_print_function_t) ndr_print_eventlog6_EvtRpcGetChannelList, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5662,7 +5662,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog6_EvtRpcGetChannelConfig), + (ndr_push_flags_fn_t) ndr_push_eventlog6_EvtRpcGetChannelConfig, + (ndr_pull_flags_fn_t) ndr_pull_eventlog6_EvtRpcGetChannelConfig, +- (ndr_print_function_t) ndr_print_eventlog6_EvtRpcGetChannelConfig, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5671,7 +5671,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog6_EvtRpcPutChannelConfig), + (ndr_push_flags_fn_t) ndr_push_eventlog6_EvtRpcPutChannelConfig, + (ndr_pull_flags_fn_t) ndr_pull_eventlog6_EvtRpcPutChannelConfig, +- (ndr_print_function_t) ndr_print_eventlog6_EvtRpcPutChannelConfig, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5680,7 +5680,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog6_EvtRpcGetPublisherList), + (ndr_push_flags_fn_t) ndr_push_eventlog6_EvtRpcGetPublisherList, + (ndr_pull_flags_fn_t) ndr_pull_eventlog6_EvtRpcGetPublisherList, +- (ndr_print_function_t) ndr_print_eventlog6_EvtRpcGetPublisherList, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5689,7 +5689,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog6_EvtRpcGetPublisherListForChannel), + (ndr_push_flags_fn_t) ndr_push_eventlog6_EvtRpcGetPublisherListForChannel, + (ndr_pull_flags_fn_t) ndr_pull_eventlog6_EvtRpcGetPublisherListForChannel, +- (ndr_print_function_t) ndr_print_eventlog6_EvtRpcGetPublisherListForChannel, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5698,7 +5698,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog6_EvtRpcGetPublisherMetadata), + (ndr_push_flags_fn_t) ndr_push_eventlog6_EvtRpcGetPublisherMetadata, + (ndr_pull_flags_fn_t) ndr_pull_eventlog6_EvtRpcGetPublisherMetadata, +- (ndr_print_function_t) ndr_print_eventlog6_EvtRpcGetPublisherMetadata, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5707,7 +5707,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog6_EvtRpcGetPublisherResourceMetadata), + (ndr_push_flags_fn_t) ndr_push_eventlog6_EvtRpcGetPublisherResourceMetadata, + (ndr_pull_flags_fn_t) ndr_pull_eventlog6_EvtRpcGetPublisherResourceMetadata, +- (ndr_print_function_t) ndr_print_eventlog6_EvtRpcGetPublisherResourceMetadata, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5716,7 +5716,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog6_EvtRpcGetEventMetadataEnum), + (ndr_push_flags_fn_t) ndr_push_eventlog6_EvtRpcGetEventMetadataEnum, + (ndr_pull_flags_fn_t) ndr_pull_eventlog6_EvtRpcGetEventMetadataEnum, +- (ndr_print_function_t) ndr_print_eventlog6_EvtRpcGetEventMetadataEnum, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5725,7 +5725,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog6_EvtRpcGetNextEventMetadata), + (ndr_push_flags_fn_t) ndr_push_eventlog6_EvtRpcGetNextEventMetadata, + (ndr_pull_flags_fn_t) ndr_pull_eventlog6_EvtRpcGetNextEventMetadata, +- (ndr_print_function_t) ndr_print_eventlog6_EvtRpcGetNextEventMetadata, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5734,7 +5734,7 @@ static const struct ndr_interface_call e + sizeof(struct eventlog6_EvtRpcGetClassicLogDisplayName), + (ndr_push_flags_fn_t) ndr_push_eventlog6_EvtRpcGetClassicLogDisplayName, + (ndr_pull_flags_fn_t) ndr_pull_eventlog6_EvtRpcGetClassicLogDisplayName, +- (ndr_print_function_t) ndr_print_eventlog6_EvtRpcGetClassicLogDisplayName, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_frsapi.c ++++ b/source3/librpc/gen_ndr/ndr_frsapi.c +@@ -979,7 +979,7 @@ static const struct ndr_interface_call f + sizeof(struct FRSAPI_VERIFY_PROMOTION), + (ndr_push_flags_fn_t) ndr_push_FRSAPI_VERIFY_PROMOTION, + (ndr_pull_flags_fn_t) ndr_pull_FRSAPI_VERIFY_PROMOTION, +- (ndr_print_function_t) ndr_print_FRSAPI_VERIFY_PROMOTION, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -988,7 +988,7 @@ static const struct ndr_interface_call f + sizeof(struct FRSAPI_PROMOTION_STATUS), + (ndr_push_flags_fn_t) ndr_push_FRSAPI_PROMOTION_STATUS, + (ndr_pull_flags_fn_t) ndr_pull_FRSAPI_PROMOTION_STATUS, +- (ndr_print_function_t) ndr_print_FRSAPI_PROMOTION_STATUS, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -997,7 +997,7 @@ static const struct ndr_interface_call f + sizeof(struct FRSAPI_START_DEMOTION), + (ndr_push_flags_fn_t) ndr_push_FRSAPI_START_DEMOTION, + (ndr_pull_flags_fn_t) ndr_pull_FRSAPI_START_DEMOTION, +- (ndr_print_function_t) ndr_print_FRSAPI_START_DEMOTION, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1006,7 +1006,7 @@ static const struct ndr_interface_call f + sizeof(struct FRSAPI_COMMIT_DEMOTION), + (ndr_push_flags_fn_t) ndr_push_FRSAPI_COMMIT_DEMOTION, + (ndr_pull_flags_fn_t) ndr_pull_FRSAPI_COMMIT_DEMOTION, +- (ndr_print_function_t) ndr_print_FRSAPI_COMMIT_DEMOTION, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1015,7 +1015,7 @@ static const struct ndr_interface_call f + sizeof(struct frsapi_SetDsPollingIntervalW), + (ndr_push_flags_fn_t) ndr_push_frsapi_SetDsPollingIntervalW, + (ndr_pull_flags_fn_t) ndr_pull_frsapi_SetDsPollingIntervalW, +- (ndr_print_function_t) ndr_print_frsapi_SetDsPollingIntervalW, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1024,7 +1024,7 @@ static const struct ndr_interface_call f + sizeof(struct frsapi_GetDsPollingIntervalW), + (ndr_push_flags_fn_t) ndr_push_frsapi_GetDsPollingIntervalW, + (ndr_pull_flags_fn_t) ndr_pull_frsapi_GetDsPollingIntervalW, +- (ndr_print_function_t) ndr_print_frsapi_GetDsPollingIntervalW, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1033,7 +1033,7 @@ static const struct ndr_interface_call f + sizeof(struct FRSAPI_VERIFY_PROMOTION_W), + (ndr_push_flags_fn_t) ndr_push_FRSAPI_VERIFY_PROMOTION_W, + (ndr_pull_flags_fn_t) ndr_pull_FRSAPI_VERIFY_PROMOTION_W, +- (ndr_print_function_t) ndr_print_FRSAPI_VERIFY_PROMOTION_W, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1042,7 +1042,7 @@ static const struct ndr_interface_call f + sizeof(struct frsapi_InfoW), + (ndr_push_flags_fn_t) ndr_push_frsapi_InfoW, + (ndr_pull_flags_fn_t) ndr_pull_frsapi_InfoW, +- (ndr_print_function_t) ndr_print_frsapi_InfoW, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1051,7 +1051,7 @@ static const struct ndr_interface_call f + sizeof(struct frsapi_IsPathReplicated), + (ndr_push_flags_fn_t) ndr_push_frsapi_IsPathReplicated, + (ndr_pull_flags_fn_t) ndr_pull_frsapi_IsPathReplicated, +- (ndr_print_function_t) ndr_print_frsapi_IsPathReplicated, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1060,7 +1060,7 @@ static const struct ndr_interface_call f + sizeof(struct frsapi_WriterCommand), + (ndr_push_flags_fn_t) ndr_push_frsapi_WriterCommand, + (ndr_pull_flags_fn_t) ndr_pull_frsapi_WriterCommand, +- (ndr_print_function_t) ndr_print_frsapi_WriterCommand, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1069,7 +1069,7 @@ static const struct ndr_interface_call f + sizeof(struct frsapi_ForceReplication), + (ndr_push_flags_fn_t) ndr_push_frsapi_ForceReplication, + (ndr_pull_flags_fn_t) ndr_pull_frsapi_ForceReplication, +- (ndr_print_function_t) ndr_print_frsapi_ForceReplication, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_frsrpc.c ++++ b/source3/librpc/gen_ndr/ndr_frsrpc.c +@@ -2781,7 +2781,7 @@ static const struct ndr_interface_call f + sizeof(struct frsrpc_FrsSendCommPkt), + (ndr_push_flags_fn_t) ndr_push_frsrpc_FrsSendCommPkt, + (ndr_pull_flags_fn_t) ndr_pull_frsrpc_FrsSendCommPkt, +- (ndr_print_function_t) ndr_print_frsrpc_FrsSendCommPkt, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2790,7 +2790,7 @@ static const struct ndr_interface_call f + sizeof(struct frsrpc_FrsVerifyPromotionParent), + (ndr_push_flags_fn_t) ndr_push_frsrpc_FrsVerifyPromotionParent, + (ndr_pull_flags_fn_t) ndr_pull_frsrpc_FrsVerifyPromotionParent, +- (ndr_print_function_t) ndr_print_frsrpc_FrsVerifyPromotionParent, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2799,7 +2799,7 @@ static const struct ndr_interface_call f + sizeof(struct frsrpc_FrsStartPromotionParent), + (ndr_push_flags_fn_t) ndr_push_frsrpc_FrsStartPromotionParent, + (ndr_pull_flags_fn_t) ndr_pull_frsrpc_FrsStartPromotionParent, +- (ndr_print_function_t) ndr_print_frsrpc_FrsStartPromotionParent, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2808,7 +2808,7 @@ static const struct ndr_interface_call f + sizeof(struct frsrpc_FrsNOP), + (ndr_push_flags_fn_t) ndr_push_frsrpc_FrsNOP, + (ndr_pull_flags_fn_t) ndr_pull_frsrpc_FrsNOP, +- (ndr_print_function_t) ndr_print_frsrpc_FrsNOP, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2817,7 +2817,7 @@ static const struct ndr_interface_call f + sizeof(struct FRSRPC_BACKUP_COMPLETE), + (ndr_push_flags_fn_t) ndr_push_FRSRPC_BACKUP_COMPLETE, + (ndr_pull_flags_fn_t) ndr_pull_FRSRPC_BACKUP_COMPLETE, +- (ndr_print_function_t) ndr_print_FRSRPC_BACKUP_COMPLETE, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2826,7 +2826,7 @@ static const struct ndr_interface_call f + sizeof(struct FRSRPC_BACKUP_COMPLETE_5), + (ndr_push_flags_fn_t) ndr_push_FRSRPC_BACKUP_COMPLETE_5, + (ndr_pull_flags_fn_t) ndr_pull_FRSRPC_BACKUP_COMPLETE_5, +- (ndr_print_function_t) ndr_print_FRSRPC_BACKUP_COMPLETE_5, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2835,7 +2835,7 @@ static const struct ndr_interface_call f + sizeof(struct FRSRPC_BACKUP_COMPLETE_6), + (ndr_push_flags_fn_t) ndr_push_FRSRPC_BACKUP_COMPLETE_6, + (ndr_pull_flags_fn_t) ndr_pull_FRSRPC_BACKUP_COMPLETE_6, +- (ndr_print_function_t) ndr_print_FRSRPC_BACKUP_COMPLETE_6, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2844,7 +2844,7 @@ static const struct ndr_interface_call f + sizeof(struct FRSRPC_BACKUP_COMPLETE_7), + (ndr_push_flags_fn_t) ndr_push_FRSRPC_BACKUP_COMPLETE_7, + (ndr_pull_flags_fn_t) ndr_pull_FRSRPC_BACKUP_COMPLETE_7, +- (ndr_print_function_t) ndr_print_FRSRPC_BACKUP_COMPLETE_7, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2853,7 +2853,7 @@ static const struct ndr_interface_call f + sizeof(struct FRSRPC_BACKUP_COMPLETE_8), + (ndr_push_flags_fn_t) ndr_push_FRSRPC_BACKUP_COMPLETE_8, + (ndr_pull_flags_fn_t) ndr_pull_FRSRPC_BACKUP_COMPLETE_8, +- (ndr_print_function_t) ndr_print_FRSRPC_BACKUP_COMPLETE_8, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2862,7 +2862,7 @@ static const struct ndr_interface_call f + sizeof(struct FRSRPC_BACKUP_COMPLETE_9), + (ndr_push_flags_fn_t) ndr_push_FRSRPC_BACKUP_COMPLETE_9, + (ndr_pull_flags_fn_t) ndr_pull_FRSRPC_BACKUP_COMPLETE_9, +- (ndr_print_function_t) ndr_print_FRSRPC_BACKUP_COMPLETE_9, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2871,7 +2871,7 @@ static const struct ndr_interface_call f + sizeof(struct FRSRPC_VERIFY_PROMOTION_PARENT_EX), + (ndr_push_flags_fn_t) ndr_push_FRSRPC_VERIFY_PROMOTION_PARENT_EX, + (ndr_pull_flags_fn_t) ndr_pull_FRSRPC_VERIFY_PROMOTION_PARENT_EX, +- (ndr_print_function_t) ndr_print_FRSRPC_VERIFY_PROMOTION_PARENT_EX, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_frstrans.c ++++ b/source3/librpc/gen_ndr/ndr_frstrans.c +@@ -2331,7 +2331,7 @@ static const struct ndr_interface_call f + sizeof(struct frstrans_CheckConnectivity), + (ndr_push_flags_fn_t) ndr_push_frstrans_CheckConnectivity, + (ndr_pull_flags_fn_t) ndr_pull_frstrans_CheckConnectivity, +- (ndr_print_function_t) ndr_print_frstrans_CheckConnectivity, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2340,7 +2340,7 @@ static const struct ndr_interface_call f + sizeof(struct frstrans_EstablishConnection), + (ndr_push_flags_fn_t) ndr_push_frstrans_EstablishConnection, + (ndr_pull_flags_fn_t) ndr_pull_frstrans_EstablishConnection, +- (ndr_print_function_t) ndr_print_frstrans_EstablishConnection, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2349,7 +2349,7 @@ static const struct ndr_interface_call f + sizeof(struct frstrans_EstablishSession), + (ndr_push_flags_fn_t) ndr_push_frstrans_EstablishSession, + (ndr_pull_flags_fn_t) ndr_pull_frstrans_EstablishSession, +- (ndr_print_function_t) ndr_print_frstrans_EstablishSession, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2358,7 +2358,7 @@ static const struct ndr_interface_call f + sizeof(struct frstrans_RequestUpdates), + (ndr_push_flags_fn_t) ndr_push_frstrans_RequestUpdates, + (ndr_pull_flags_fn_t) ndr_pull_frstrans_RequestUpdates, +- (ndr_print_function_t) ndr_print_frstrans_RequestUpdates, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2367,7 +2367,7 @@ static const struct ndr_interface_call f + sizeof(struct frstrans_RequestVersionVector), + (ndr_push_flags_fn_t) ndr_push_frstrans_RequestVersionVector, + (ndr_pull_flags_fn_t) ndr_pull_frstrans_RequestVersionVector, +- (ndr_print_function_t) ndr_print_frstrans_RequestVersionVector, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2376,7 +2376,7 @@ static const struct ndr_interface_call f + sizeof(struct frstrans_AsyncPoll), + (ndr_push_flags_fn_t) ndr_push_frstrans_AsyncPoll, + (ndr_pull_flags_fn_t) ndr_pull_frstrans_AsyncPoll, +- (ndr_print_function_t) ndr_print_frstrans_AsyncPoll, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2385,7 +2385,7 @@ static const struct ndr_interface_call f + sizeof(struct FRSTRANS_REQUEST_RECORDS), + (ndr_push_flags_fn_t) ndr_push_FRSTRANS_REQUEST_RECORDS, + (ndr_pull_flags_fn_t) ndr_pull_FRSTRANS_REQUEST_RECORDS, +- (ndr_print_function_t) ndr_print_FRSTRANS_REQUEST_RECORDS, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2394,7 +2394,7 @@ static const struct ndr_interface_call f + sizeof(struct FRSTRANS_UPDATE_CANCEL), + (ndr_push_flags_fn_t) ndr_push_FRSTRANS_UPDATE_CANCEL, + (ndr_pull_flags_fn_t) ndr_pull_FRSTRANS_UPDATE_CANCEL, +- (ndr_print_function_t) ndr_print_FRSTRANS_UPDATE_CANCEL, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2403,7 +2403,7 @@ static const struct ndr_interface_call f + sizeof(struct FRSTRANS_RAW_GET_FILE_DATA), + (ndr_push_flags_fn_t) ndr_push_FRSTRANS_RAW_GET_FILE_DATA, + (ndr_pull_flags_fn_t) ndr_pull_FRSTRANS_RAW_GET_FILE_DATA, +- (ndr_print_function_t) ndr_print_FRSTRANS_RAW_GET_FILE_DATA, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2412,7 +2412,7 @@ static const struct ndr_interface_call f + sizeof(struct FRSTRANS_RDC_GET_SIGNATURES), + (ndr_push_flags_fn_t) ndr_push_FRSTRANS_RDC_GET_SIGNATURES, + (ndr_pull_flags_fn_t) ndr_pull_FRSTRANS_RDC_GET_SIGNATURES, +- (ndr_print_function_t) ndr_print_FRSTRANS_RDC_GET_SIGNATURES, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2421,7 +2421,7 @@ static const struct ndr_interface_call f + sizeof(struct FRSTRANS_RDC_PUSH_SOURCE_NEEDS), + (ndr_push_flags_fn_t) ndr_push_FRSTRANS_RDC_PUSH_SOURCE_NEEDS, + (ndr_pull_flags_fn_t) ndr_pull_FRSTRANS_RDC_PUSH_SOURCE_NEEDS, +- (ndr_print_function_t) ndr_print_FRSTRANS_RDC_PUSH_SOURCE_NEEDS, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2430,7 +2430,7 @@ static const struct ndr_interface_call f + sizeof(struct FRSTRANS_RDC_GET_FILE_DATA), + (ndr_push_flags_fn_t) ndr_push_FRSTRANS_RDC_GET_FILE_DATA, + (ndr_pull_flags_fn_t) ndr_pull_FRSTRANS_RDC_GET_FILE_DATA, +- (ndr_print_function_t) ndr_print_FRSTRANS_RDC_GET_FILE_DATA, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2439,7 +2439,7 @@ static const struct ndr_interface_call f + sizeof(struct FRSTRANS_RDC_CLOSE), + (ndr_push_flags_fn_t) ndr_push_FRSTRANS_RDC_CLOSE, + (ndr_pull_flags_fn_t) ndr_pull_FRSTRANS_RDC_CLOSE, +- (ndr_print_function_t) ndr_print_FRSTRANS_RDC_CLOSE, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2448,7 +2448,7 @@ static const struct ndr_interface_call f + sizeof(struct frstrans_InitializeFileTransferAsync), + (ndr_push_flags_fn_t) ndr_push_frstrans_InitializeFileTransferAsync, + (ndr_pull_flags_fn_t) ndr_pull_frstrans_InitializeFileTransferAsync, +- (ndr_print_function_t) ndr_print_frstrans_InitializeFileTransferAsync, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2457,7 +2457,7 @@ static const struct ndr_interface_call f + sizeof(struct FRSTRANS_OPNUM_0E_NOT_USED_ON_THE_WIRE), + (ndr_push_flags_fn_t) ndr_push_FRSTRANS_OPNUM_0E_NOT_USED_ON_THE_WIRE, + (ndr_pull_flags_fn_t) ndr_pull_FRSTRANS_OPNUM_0E_NOT_USED_ON_THE_WIRE, +- (ndr_print_function_t) ndr_print_FRSTRANS_OPNUM_0E_NOT_USED_ON_THE_WIRE, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2466,7 +2466,7 @@ static const struct ndr_interface_call f + sizeof(struct frstrans_RawGetFileDataAsync), + (ndr_push_flags_fn_t) ndr_push_frstrans_RawGetFileDataAsync, + (ndr_pull_flags_fn_t) ndr_pull_frstrans_RawGetFileDataAsync, +- (ndr_print_function_t) ndr_print_frstrans_RawGetFileDataAsync, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 1, frstrans_RawGetFileDataAsync_out_pipes }, + }, +@@ -2475,7 +2475,7 @@ static const struct ndr_interface_call f + sizeof(struct frstrans_RdcGetFileDataAsync), + (ndr_push_flags_fn_t) ndr_push_frstrans_RdcGetFileDataAsync, + (ndr_pull_flags_fn_t) ndr_pull_frstrans_RdcGetFileDataAsync, +- (ndr_print_function_t) ndr_print_frstrans_RdcGetFileDataAsync, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 1, frstrans_RdcGetFileDataAsync_out_pipes }, + }, +--- a/source3/librpc/gen_ndr/ndr_initshutdown.c ++++ b/source3/librpc/gen_ndr/ndr_initshutdown.c +@@ -277,7 +277,7 @@ static const struct ndr_interface_call i + sizeof(struct initshutdown_Init), + (ndr_push_flags_fn_t) ndr_push_initshutdown_Init, + (ndr_pull_flags_fn_t) ndr_pull_initshutdown_Init, +- (ndr_print_function_t) ndr_print_initshutdown_Init, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -286,7 +286,7 @@ static const struct ndr_interface_call i + sizeof(struct initshutdown_Abort), + (ndr_push_flags_fn_t) ndr_push_initshutdown_Abort, + (ndr_pull_flags_fn_t) ndr_pull_initshutdown_Abort, +- (ndr_print_function_t) ndr_print_initshutdown_Abort, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -295,7 +295,7 @@ static const struct ndr_interface_call i + sizeof(struct initshutdown_InitEx), + (ndr_push_flags_fn_t) ndr_push_initshutdown_InitEx, + (ndr_pull_flags_fn_t) ndr_pull_initshutdown_InitEx, +- (ndr_print_function_t) ndr_print_initshutdown_InitEx, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_keysvc.c ++++ b/source3/librpc/gen_ndr/ndr_keysvc.c +@@ -51,7 +51,7 @@ static const struct ndr_interface_call k + sizeof(struct keysvc_Unknown0), + (ndr_push_flags_fn_t) ndr_push_keysvc_Unknown0, + (ndr_pull_flags_fn_t) ndr_pull_keysvc_Unknown0, +- (ndr_print_function_t) ndr_print_keysvc_Unknown0, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_krb5pac.c ++++ b/source3/librpc/gen_ndr/ndr_krb5pac.c +@@ -1002,7 +1002,7 @@ static const struct ndr_interface_call k + sizeof(struct decode_pac), + (ndr_push_flags_fn_t) ndr_push_decode_pac, + (ndr_pull_flags_fn_t) ndr_pull_decode_pac, +- (ndr_print_function_t) ndr_print_decode_pac, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1011,7 +1011,7 @@ static const struct ndr_interface_call k + sizeof(struct decode_pac_raw), + (ndr_push_flags_fn_t) ndr_push_decode_pac_raw, + (ndr_pull_flags_fn_t) ndr_pull_decode_pac_raw, +- (ndr_print_function_t) ndr_print_decode_pac_raw, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1020,7 +1020,7 @@ static const struct ndr_interface_call k + sizeof(struct decode_login_info), + (ndr_push_flags_fn_t) ndr_push_decode_login_info, + (ndr_pull_flags_fn_t) ndr_pull_decode_login_info, +- (ndr_print_function_t) ndr_print_decode_login_info, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1029,7 +1029,7 @@ static const struct ndr_interface_call k + sizeof(struct decode_login_info_ctr), + (ndr_push_flags_fn_t) ndr_push_decode_login_info_ctr, + (ndr_pull_flags_fn_t) ndr_pull_decode_login_info_ctr, +- (ndr_print_function_t) ndr_print_decode_login_info_ctr, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -1038,7 +1038,7 @@ static const struct ndr_interface_call k + sizeof(struct decode_pac_validate), + (ndr_push_flags_fn_t) ndr_push_decode_pac_validate, + (ndr_pull_flags_fn_t) ndr_pull_decode_pac_validate, +- (ndr_print_function_t) ndr_print_decode_pac_validate, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_lsa.c ++++ b/source3/librpc/gen_ndr/ndr_lsa.c +@@ -13565,7 +13565,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_Close), + (ndr_push_flags_fn_t) ndr_push_lsa_Close, + (ndr_pull_flags_fn_t) ndr_pull_lsa_Close, +- (ndr_print_function_t) ndr_print_lsa_Close, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13574,7 +13574,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_Delete), + (ndr_push_flags_fn_t) ndr_push_lsa_Delete, + (ndr_pull_flags_fn_t) ndr_pull_lsa_Delete, +- (ndr_print_function_t) ndr_print_lsa_Delete, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13583,7 +13583,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_EnumPrivs), + (ndr_push_flags_fn_t) ndr_push_lsa_EnumPrivs, + (ndr_pull_flags_fn_t) ndr_pull_lsa_EnumPrivs, +- (ndr_print_function_t) ndr_print_lsa_EnumPrivs, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13592,7 +13592,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_QuerySecurity), + (ndr_push_flags_fn_t) ndr_push_lsa_QuerySecurity, + (ndr_pull_flags_fn_t) ndr_pull_lsa_QuerySecurity, +- (ndr_print_function_t) ndr_print_lsa_QuerySecurity, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13601,7 +13601,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_SetSecObj), + (ndr_push_flags_fn_t) ndr_push_lsa_SetSecObj, + (ndr_pull_flags_fn_t) ndr_pull_lsa_SetSecObj, +- (ndr_print_function_t) ndr_print_lsa_SetSecObj, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13610,7 +13610,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_ChangePassword), + (ndr_push_flags_fn_t) ndr_push_lsa_ChangePassword, + (ndr_pull_flags_fn_t) ndr_pull_lsa_ChangePassword, +- (ndr_print_function_t) ndr_print_lsa_ChangePassword, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13619,7 +13619,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_OpenPolicy), + (ndr_push_flags_fn_t) ndr_push_lsa_OpenPolicy, + (ndr_pull_flags_fn_t) ndr_pull_lsa_OpenPolicy, +- (ndr_print_function_t) ndr_print_lsa_OpenPolicy, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13628,7 +13628,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_QueryInfoPolicy), + (ndr_push_flags_fn_t) ndr_push_lsa_QueryInfoPolicy, + (ndr_pull_flags_fn_t) ndr_pull_lsa_QueryInfoPolicy, +- (ndr_print_function_t) ndr_print_lsa_QueryInfoPolicy, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13637,7 +13637,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_SetInfoPolicy), + (ndr_push_flags_fn_t) ndr_push_lsa_SetInfoPolicy, + (ndr_pull_flags_fn_t) ndr_pull_lsa_SetInfoPolicy, +- (ndr_print_function_t) ndr_print_lsa_SetInfoPolicy, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13646,7 +13646,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_ClearAuditLog), + (ndr_push_flags_fn_t) ndr_push_lsa_ClearAuditLog, + (ndr_pull_flags_fn_t) ndr_pull_lsa_ClearAuditLog, +- (ndr_print_function_t) ndr_print_lsa_ClearAuditLog, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13655,7 +13655,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_CreateAccount), + (ndr_push_flags_fn_t) ndr_push_lsa_CreateAccount, + (ndr_pull_flags_fn_t) ndr_pull_lsa_CreateAccount, +- (ndr_print_function_t) ndr_print_lsa_CreateAccount, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13664,7 +13664,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_EnumAccounts), + (ndr_push_flags_fn_t) ndr_push_lsa_EnumAccounts, + (ndr_pull_flags_fn_t) ndr_pull_lsa_EnumAccounts, +- (ndr_print_function_t) ndr_print_lsa_EnumAccounts, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13673,7 +13673,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_CreateTrustedDomain), + (ndr_push_flags_fn_t) ndr_push_lsa_CreateTrustedDomain, + (ndr_pull_flags_fn_t) ndr_pull_lsa_CreateTrustedDomain, +- (ndr_print_function_t) ndr_print_lsa_CreateTrustedDomain, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13682,7 +13682,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_EnumTrustDom), + (ndr_push_flags_fn_t) ndr_push_lsa_EnumTrustDom, + (ndr_pull_flags_fn_t) ndr_pull_lsa_EnumTrustDom, +- (ndr_print_function_t) ndr_print_lsa_EnumTrustDom, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13691,7 +13691,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_LookupNames), + (ndr_push_flags_fn_t) ndr_push_lsa_LookupNames, + (ndr_pull_flags_fn_t) ndr_pull_lsa_LookupNames, +- (ndr_print_function_t) ndr_print_lsa_LookupNames, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13700,7 +13700,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_LookupSids), + (ndr_push_flags_fn_t) ndr_push_lsa_LookupSids, + (ndr_pull_flags_fn_t) ndr_pull_lsa_LookupSids, +- (ndr_print_function_t) ndr_print_lsa_LookupSids, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13709,7 +13709,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_CreateSecret), + (ndr_push_flags_fn_t) ndr_push_lsa_CreateSecret, + (ndr_pull_flags_fn_t) ndr_pull_lsa_CreateSecret, +- (ndr_print_function_t) ndr_print_lsa_CreateSecret, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13718,7 +13718,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_OpenAccount), + (ndr_push_flags_fn_t) ndr_push_lsa_OpenAccount, + (ndr_pull_flags_fn_t) ndr_pull_lsa_OpenAccount, +- (ndr_print_function_t) ndr_print_lsa_OpenAccount, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13727,7 +13727,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_EnumPrivsAccount), + (ndr_push_flags_fn_t) ndr_push_lsa_EnumPrivsAccount, + (ndr_pull_flags_fn_t) ndr_pull_lsa_EnumPrivsAccount, +- (ndr_print_function_t) ndr_print_lsa_EnumPrivsAccount, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13736,7 +13736,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_AddPrivilegesToAccount), + (ndr_push_flags_fn_t) ndr_push_lsa_AddPrivilegesToAccount, + (ndr_pull_flags_fn_t) ndr_pull_lsa_AddPrivilegesToAccount, +- (ndr_print_function_t) ndr_print_lsa_AddPrivilegesToAccount, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13745,7 +13745,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_RemovePrivilegesFromAccount), + (ndr_push_flags_fn_t) ndr_push_lsa_RemovePrivilegesFromAccount, + (ndr_pull_flags_fn_t) ndr_pull_lsa_RemovePrivilegesFromAccount, +- (ndr_print_function_t) ndr_print_lsa_RemovePrivilegesFromAccount, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13754,7 +13754,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_GetQuotasForAccount), + (ndr_push_flags_fn_t) ndr_push_lsa_GetQuotasForAccount, + (ndr_pull_flags_fn_t) ndr_pull_lsa_GetQuotasForAccount, +- (ndr_print_function_t) ndr_print_lsa_GetQuotasForAccount, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13763,7 +13763,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_SetQuotasForAccount), + (ndr_push_flags_fn_t) ndr_push_lsa_SetQuotasForAccount, + (ndr_pull_flags_fn_t) ndr_pull_lsa_SetQuotasForAccount, +- (ndr_print_function_t) ndr_print_lsa_SetQuotasForAccount, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13772,7 +13772,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_GetSystemAccessAccount), + (ndr_push_flags_fn_t) ndr_push_lsa_GetSystemAccessAccount, + (ndr_pull_flags_fn_t) ndr_pull_lsa_GetSystemAccessAccount, +- (ndr_print_function_t) ndr_print_lsa_GetSystemAccessAccount, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13781,7 +13781,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_SetSystemAccessAccount), + (ndr_push_flags_fn_t) ndr_push_lsa_SetSystemAccessAccount, + (ndr_pull_flags_fn_t) ndr_pull_lsa_SetSystemAccessAccount, +- (ndr_print_function_t) ndr_print_lsa_SetSystemAccessAccount, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13790,7 +13790,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_OpenTrustedDomain), + (ndr_push_flags_fn_t) ndr_push_lsa_OpenTrustedDomain, + (ndr_pull_flags_fn_t) ndr_pull_lsa_OpenTrustedDomain, +- (ndr_print_function_t) ndr_print_lsa_OpenTrustedDomain, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13799,7 +13799,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_QueryTrustedDomainInfo), + (ndr_push_flags_fn_t) ndr_push_lsa_QueryTrustedDomainInfo, + (ndr_pull_flags_fn_t) ndr_pull_lsa_QueryTrustedDomainInfo, +- (ndr_print_function_t) ndr_print_lsa_QueryTrustedDomainInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13808,7 +13808,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_SetInformationTrustedDomain), + (ndr_push_flags_fn_t) ndr_push_lsa_SetInformationTrustedDomain, + (ndr_pull_flags_fn_t) ndr_pull_lsa_SetInformationTrustedDomain, +- (ndr_print_function_t) ndr_print_lsa_SetInformationTrustedDomain, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13817,7 +13817,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_OpenSecret), + (ndr_push_flags_fn_t) ndr_push_lsa_OpenSecret, + (ndr_pull_flags_fn_t) ndr_pull_lsa_OpenSecret, +- (ndr_print_function_t) ndr_print_lsa_OpenSecret, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13826,7 +13826,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_SetSecret), + (ndr_push_flags_fn_t) ndr_push_lsa_SetSecret, + (ndr_pull_flags_fn_t) ndr_pull_lsa_SetSecret, +- (ndr_print_function_t) ndr_print_lsa_SetSecret, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13835,7 +13835,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_QuerySecret), + (ndr_push_flags_fn_t) ndr_push_lsa_QuerySecret, + (ndr_pull_flags_fn_t) ndr_pull_lsa_QuerySecret, +- (ndr_print_function_t) ndr_print_lsa_QuerySecret, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13844,7 +13844,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_LookupPrivValue), + (ndr_push_flags_fn_t) ndr_push_lsa_LookupPrivValue, + (ndr_pull_flags_fn_t) ndr_pull_lsa_LookupPrivValue, +- (ndr_print_function_t) ndr_print_lsa_LookupPrivValue, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13853,7 +13853,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_LookupPrivName), + (ndr_push_flags_fn_t) ndr_push_lsa_LookupPrivName, + (ndr_pull_flags_fn_t) ndr_pull_lsa_LookupPrivName, +- (ndr_print_function_t) ndr_print_lsa_LookupPrivName, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13862,7 +13862,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_LookupPrivDisplayName), + (ndr_push_flags_fn_t) ndr_push_lsa_LookupPrivDisplayName, + (ndr_pull_flags_fn_t) ndr_pull_lsa_LookupPrivDisplayName, +- (ndr_print_function_t) ndr_print_lsa_LookupPrivDisplayName, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13871,7 +13871,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_DeleteObject), + (ndr_push_flags_fn_t) ndr_push_lsa_DeleteObject, + (ndr_pull_flags_fn_t) ndr_pull_lsa_DeleteObject, +- (ndr_print_function_t) ndr_print_lsa_DeleteObject, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13880,7 +13880,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_EnumAccountsWithUserRight), + (ndr_push_flags_fn_t) ndr_push_lsa_EnumAccountsWithUserRight, + (ndr_pull_flags_fn_t) ndr_pull_lsa_EnumAccountsWithUserRight, +- (ndr_print_function_t) ndr_print_lsa_EnumAccountsWithUserRight, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13889,7 +13889,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_EnumAccountRights), + (ndr_push_flags_fn_t) ndr_push_lsa_EnumAccountRights, + (ndr_pull_flags_fn_t) ndr_pull_lsa_EnumAccountRights, +- (ndr_print_function_t) ndr_print_lsa_EnumAccountRights, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13898,7 +13898,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_AddAccountRights), + (ndr_push_flags_fn_t) ndr_push_lsa_AddAccountRights, + (ndr_pull_flags_fn_t) ndr_pull_lsa_AddAccountRights, +- (ndr_print_function_t) ndr_print_lsa_AddAccountRights, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13907,7 +13907,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_RemoveAccountRights), + (ndr_push_flags_fn_t) ndr_push_lsa_RemoveAccountRights, + (ndr_pull_flags_fn_t) ndr_pull_lsa_RemoveAccountRights, +- (ndr_print_function_t) ndr_print_lsa_RemoveAccountRights, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13916,7 +13916,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_QueryTrustedDomainInfoBySid), + (ndr_push_flags_fn_t) ndr_push_lsa_QueryTrustedDomainInfoBySid, + (ndr_pull_flags_fn_t) ndr_pull_lsa_QueryTrustedDomainInfoBySid, +- (ndr_print_function_t) ndr_print_lsa_QueryTrustedDomainInfoBySid, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13925,7 +13925,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_SetTrustedDomainInfo), + (ndr_push_flags_fn_t) ndr_push_lsa_SetTrustedDomainInfo, + (ndr_pull_flags_fn_t) ndr_pull_lsa_SetTrustedDomainInfo, +- (ndr_print_function_t) ndr_print_lsa_SetTrustedDomainInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13934,7 +13934,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_DeleteTrustedDomain), + (ndr_push_flags_fn_t) ndr_push_lsa_DeleteTrustedDomain, + (ndr_pull_flags_fn_t) ndr_pull_lsa_DeleteTrustedDomain, +- (ndr_print_function_t) ndr_print_lsa_DeleteTrustedDomain, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13943,7 +13943,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_StorePrivateData), + (ndr_push_flags_fn_t) ndr_push_lsa_StorePrivateData, + (ndr_pull_flags_fn_t) ndr_pull_lsa_StorePrivateData, +- (ndr_print_function_t) ndr_print_lsa_StorePrivateData, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13952,7 +13952,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_RetrievePrivateData), + (ndr_push_flags_fn_t) ndr_push_lsa_RetrievePrivateData, + (ndr_pull_flags_fn_t) ndr_pull_lsa_RetrievePrivateData, +- (ndr_print_function_t) ndr_print_lsa_RetrievePrivateData, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13961,7 +13961,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_OpenPolicy2), + (ndr_push_flags_fn_t) ndr_push_lsa_OpenPolicy2, + (ndr_pull_flags_fn_t) ndr_pull_lsa_OpenPolicy2, +- (ndr_print_function_t) ndr_print_lsa_OpenPolicy2, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13970,7 +13970,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_GetUserName), + (ndr_push_flags_fn_t) ndr_push_lsa_GetUserName, + (ndr_pull_flags_fn_t) ndr_pull_lsa_GetUserName, +- (ndr_print_function_t) ndr_print_lsa_GetUserName, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13979,7 +13979,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_QueryInfoPolicy2), + (ndr_push_flags_fn_t) ndr_push_lsa_QueryInfoPolicy2, + (ndr_pull_flags_fn_t) ndr_pull_lsa_QueryInfoPolicy2, +- (ndr_print_function_t) ndr_print_lsa_QueryInfoPolicy2, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13988,7 +13988,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_SetInfoPolicy2), + (ndr_push_flags_fn_t) ndr_push_lsa_SetInfoPolicy2, + (ndr_pull_flags_fn_t) ndr_pull_lsa_SetInfoPolicy2, +- (ndr_print_function_t) ndr_print_lsa_SetInfoPolicy2, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13997,7 +13997,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_QueryTrustedDomainInfoByName), + (ndr_push_flags_fn_t) ndr_push_lsa_QueryTrustedDomainInfoByName, + (ndr_pull_flags_fn_t) ndr_pull_lsa_QueryTrustedDomainInfoByName, +- (ndr_print_function_t) ndr_print_lsa_QueryTrustedDomainInfoByName, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -14006,7 +14006,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_SetTrustedDomainInfoByName), + (ndr_push_flags_fn_t) ndr_push_lsa_SetTrustedDomainInfoByName, + (ndr_pull_flags_fn_t) ndr_pull_lsa_SetTrustedDomainInfoByName, +- (ndr_print_function_t) ndr_print_lsa_SetTrustedDomainInfoByName, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -14015,7 +14015,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_EnumTrustedDomainsEx), + (ndr_push_flags_fn_t) ndr_push_lsa_EnumTrustedDomainsEx, + (ndr_pull_flags_fn_t) ndr_pull_lsa_EnumTrustedDomainsEx, +- (ndr_print_function_t) ndr_print_lsa_EnumTrustedDomainsEx, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -14024,7 +14024,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_CreateTrustedDomainEx), + (ndr_push_flags_fn_t) ndr_push_lsa_CreateTrustedDomainEx, + (ndr_pull_flags_fn_t) ndr_pull_lsa_CreateTrustedDomainEx, +- (ndr_print_function_t) ndr_print_lsa_CreateTrustedDomainEx, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -14033,7 +14033,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_CloseTrustedDomainEx), + (ndr_push_flags_fn_t) ndr_push_lsa_CloseTrustedDomainEx, + (ndr_pull_flags_fn_t) ndr_pull_lsa_CloseTrustedDomainEx, +- (ndr_print_function_t) ndr_print_lsa_CloseTrustedDomainEx, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -14042,7 +14042,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_QueryDomainInformationPolicy), + (ndr_push_flags_fn_t) ndr_push_lsa_QueryDomainInformationPolicy, + (ndr_pull_flags_fn_t) ndr_pull_lsa_QueryDomainInformationPolicy, +- (ndr_print_function_t) ndr_print_lsa_QueryDomainInformationPolicy, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -14051,7 +14051,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_SetDomainInformationPolicy), + (ndr_push_flags_fn_t) ndr_push_lsa_SetDomainInformationPolicy, + (ndr_pull_flags_fn_t) ndr_pull_lsa_SetDomainInformationPolicy, +- (ndr_print_function_t) ndr_print_lsa_SetDomainInformationPolicy, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -14060,7 +14060,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_OpenTrustedDomainByName), + (ndr_push_flags_fn_t) ndr_push_lsa_OpenTrustedDomainByName, + (ndr_pull_flags_fn_t) ndr_pull_lsa_OpenTrustedDomainByName, +- (ndr_print_function_t) ndr_print_lsa_OpenTrustedDomainByName, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -14069,7 +14069,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_TestCall), + (ndr_push_flags_fn_t) ndr_push_lsa_TestCall, + (ndr_pull_flags_fn_t) ndr_pull_lsa_TestCall, +- (ndr_print_function_t) ndr_print_lsa_TestCall, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -14078,7 +14078,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_LookupSids2), + (ndr_push_flags_fn_t) ndr_push_lsa_LookupSids2, + (ndr_pull_flags_fn_t) ndr_pull_lsa_LookupSids2, +- (ndr_print_function_t) ndr_print_lsa_LookupSids2, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -14087,7 +14087,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_LookupNames2), + (ndr_push_flags_fn_t) ndr_push_lsa_LookupNames2, + (ndr_pull_flags_fn_t) ndr_pull_lsa_LookupNames2, +- (ndr_print_function_t) ndr_print_lsa_LookupNames2, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -14096,7 +14096,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_CreateTrustedDomainEx2), + (ndr_push_flags_fn_t) ndr_push_lsa_CreateTrustedDomainEx2, + (ndr_pull_flags_fn_t) ndr_pull_lsa_CreateTrustedDomainEx2, +- (ndr_print_function_t) ndr_print_lsa_CreateTrustedDomainEx2, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -14105,7 +14105,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_CREDRWRITE), + (ndr_push_flags_fn_t) ndr_push_lsa_CREDRWRITE, + (ndr_pull_flags_fn_t) ndr_pull_lsa_CREDRWRITE, +- (ndr_print_function_t) ndr_print_lsa_CREDRWRITE, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -14114,7 +14114,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_CREDRREAD), + (ndr_push_flags_fn_t) ndr_push_lsa_CREDRREAD, + (ndr_pull_flags_fn_t) ndr_pull_lsa_CREDRREAD, +- (ndr_print_function_t) ndr_print_lsa_CREDRREAD, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -14123,7 +14123,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_CREDRENUMERATE), + (ndr_push_flags_fn_t) ndr_push_lsa_CREDRENUMERATE, + (ndr_pull_flags_fn_t) ndr_pull_lsa_CREDRENUMERATE, +- (ndr_print_function_t) ndr_print_lsa_CREDRENUMERATE, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -14132,7 +14132,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_CREDRWRITEDOMAINCREDENTIALS), + (ndr_push_flags_fn_t) ndr_push_lsa_CREDRWRITEDOMAINCREDENTIALS, + (ndr_pull_flags_fn_t) ndr_pull_lsa_CREDRWRITEDOMAINCREDENTIALS, +- (ndr_print_function_t) ndr_print_lsa_CREDRWRITEDOMAINCREDENTIALS, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -14141,7 +14141,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_CREDRREADDOMAINCREDENTIALS), + (ndr_push_flags_fn_t) ndr_push_lsa_CREDRREADDOMAINCREDENTIALS, + (ndr_pull_flags_fn_t) ndr_pull_lsa_CREDRREADDOMAINCREDENTIALS, +- (ndr_print_function_t) ndr_print_lsa_CREDRREADDOMAINCREDENTIALS, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -14150,7 +14150,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_CREDRDELETE), + (ndr_push_flags_fn_t) ndr_push_lsa_CREDRDELETE, + (ndr_pull_flags_fn_t) ndr_pull_lsa_CREDRDELETE, +- (ndr_print_function_t) ndr_print_lsa_CREDRDELETE, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -14159,7 +14159,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_CREDRGETTARGETINFO), + (ndr_push_flags_fn_t) ndr_push_lsa_CREDRGETTARGETINFO, + (ndr_pull_flags_fn_t) ndr_pull_lsa_CREDRGETTARGETINFO, +- (ndr_print_function_t) ndr_print_lsa_CREDRGETTARGETINFO, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -14168,7 +14168,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_CREDRPROFILELOADED), + (ndr_push_flags_fn_t) ndr_push_lsa_CREDRPROFILELOADED, + (ndr_pull_flags_fn_t) ndr_pull_lsa_CREDRPROFILELOADED, +- (ndr_print_function_t) ndr_print_lsa_CREDRPROFILELOADED, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -14177,7 +14177,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_LookupNames3), + (ndr_push_flags_fn_t) ndr_push_lsa_LookupNames3, + (ndr_pull_flags_fn_t) ndr_pull_lsa_LookupNames3, +- (ndr_print_function_t) ndr_print_lsa_LookupNames3, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -14186,7 +14186,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_CREDRGETSESSIONTYPES), + (ndr_push_flags_fn_t) ndr_push_lsa_CREDRGETSESSIONTYPES, + (ndr_pull_flags_fn_t) ndr_pull_lsa_CREDRGETSESSIONTYPES, +- (ndr_print_function_t) ndr_print_lsa_CREDRGETSESSIONTYPES, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -14195,7 +14195,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_LSARREGISTERAUDITEVENT), + (ndr_push_flags_fn_t) ndr_push_lsa_LSARREGISTERAUDITEVENT, + (ndr_pull_flags_fn_t) ndr_pull_lsa_LSARREGISTERAUDITEVENT, +- (ndr_print_function_t) ndr_print_lsa_LSARREGISTERAUDITEVENT, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -14204,7 +14204,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_LSARGENAUDITEVENT), + (ndr_push_flags_fn_t) ndr_push_lsa_LSARGENAUDITEVENT, + (ndr_pull_flags_fn_t) ndr_pull_lsa_LSARGENAUDITEVENT, +- (ndr_print_function_t) ndr_print_lsa_LSARGENAUDITEVENT, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -14213,7 +14213,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_LSARUNREGISTERAUDITEVENT), + (ndr_push_flags_fn_t) ndr_push_lsa_LSARUNREGISTERAUDITEVENT, + (ndr_pull_flags_fn_t) ndr_pull_lsa_LSARUNREGISTERAUDITEVENT, +- (ndr_print_function_t) ndr_print_lsa_LSARUNREGISTERAUDITEVENT, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -14222,7 +14222,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_lsaRQueryForestTrustInformation), + (ndr_push_flags_fn_t) ndr_push_lsa_lsaRQueryForestTrustInformation, + (ndr_pull_flags_fn_t) ndr_pull_lsa_lsaRQueryForestTrustInformation, +- (ndr_print_function_t) ndr_print_lsa_lsaRQueryForestTrustInformation, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -14231,7 +14231,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_lsaRSetForestTrustInformation), + (ndr_push_flags_fn_t) ndr_push_lsa_lsaRSetForestTrustInformation, + (ndr_pull_flags_fn_t) ndr_pull_lsa_lsaRSetForestTrustInformation, +- (ndr_print_function_t) ndr_print_lsa_lsaRSetForestTrustInformation, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -14240,7 +14240,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_CREDRRENAME), + (ndr_push_flags_fn_t) ndr_push_lsa_CREDRRENAME, + (ndr_pull_flags_fn_t) ndr_pull_lsa_CREDRRENAME, +- (ndr_print_function_t) ndr_print_lsa_CREDRRENAME, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -14249,7 +14249,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_LookupSids3), + (ndr_push_flags_fn_t) ndr_push_lsa_LookupSids3, + (ndr_pull_flags_fn_t) ndr_pull_lsa_LookupSids3, +- (ndr_print_function_t) ndr_print_lsa_LookupSids3, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -14258,7 +14258,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_LookupNames4), + (ndr_push_flags_fn_t) ndr_push_lsa_LookupNames4, + (ndr_pull_flags_fn_t) ndr_pull_lsa_LookupNames4, +- (ndr_print_function_t) ndr_print_lsa_LookupNames4, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -14267,7 +14267,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_LSAROPENPOLICYSCE), + (ndr_push_flags_fn_t) ndr_push_lsa_LSAROPENPOLICYSCE, + (ndr_pull_flags_fn_t) ndr_pull_lsa_LSAROPENPOLICYSCE, +- (ndr_print_function_t) ndr_print_lsa_LSAROPENPOLICYSCE, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -14276,7 +14276,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_LSARADTREGISTERSECURITYEVENTSOURCE), + (ndr_push_flags_fn_t) ndr_push_lsa_LSARADTREGISTERSECURITYEVENTSOURCE, + (ndr_pull_flags_fn_t) ndr_pull_lsa_LSARADTREGISTERSECURITYEVENTSOURCE, +- (ndr_print_function_t) ndr_print_lsa_LSARADTREGISTERSECURITYEVENTSOURCE, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -14285,7 +14285,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE), + (ndr_push_flags_fn_t) ndr_push_lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE, + (ndr_pull_flags_fn_t) ndr_pull_lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE, +- (ndr_print_function_t) ndr_print_lsa_LSARADTUNREGISTERSECURITYEVENTSOURCE, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -14294,7 +14294,7 @@ static const struct ndr_interface_call l + sizeof(struct lsa_LSARADTREPORTSECURITYEVENT), + (ndr_push_flags_fn_t) ndr_push_lsa_LSARADTREPORTSECURITYEVENT, + (ndr_pull_flags_fn_t) ndr_pull_lsa_LSARADTREPORTSECURITYEVENT, +- (ndr_print_function_t) ndr_print_lsa_LSARADTREPORTSECURITYEVENT, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_mgmt.c ++++ b/source3/librpc/gen_ndr/ndr_mgmt.c +@@ -515,7 +515,7 @@ static const struct ndr_interface_call m + sizeof(struct mgmt_inq_if_ids), + (ndr_push_flags_fn_t) ndr_push_mgmt_inq_if_ids, + (ndr_pull_flags_fn_t) ndr_pull_mgmt_inq_if_ids, +- (ndr_print_function_t) ndr_print_mgmt_inq_if_ids, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -524,7 +524,7 @@ static const struct ndr_interface_call m + sizeof(struct mgmt_inq_stats), + (ndr_push_flags_fn_t) ndr_push_mgmt_inq_stats, + (ndr_pull_flags_fn_t) ndr_pull_mgmt_inq_stats, +- (ndr_print_function_t) ndr_print_mgmt_inq_stats, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -533,7 +533,7 @@ static const struct ndr_interface_call m + sizeof(struct mgmt_is_server_listening), + (ndr_push_flags_fn_t) ndr_push_mgmt_is_server_listening, + (ndr_pull_flags_fn_t) ndr_pull_mgmt_is_server_listening, +- (ndr_print_function_t) ndr_print_mgmt_is_server_listening, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -542,7 +542,7 @@ static const struct ndr_interface_call m + sizeof(struct mgmt_stop_server_listening), + (ndr_push_flags_fn_t) ndr_push_mgmt_stop_server_listening, + (ndr_pull_flags_fn_t) ndr_pull_mgmt_stop_server_listening, +- (ndr_print_function_t) ndr_print_mgmt_stop_server_listening, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -551,7 +551,7 @@ static const struct ndr_interface_call m + sizeof(struct mgmt_inq_princ_name), + (ndr_push_flags_fn_t) ndr_push_mgmt_inq_princ_name, + (ndr_pull_flags_fn_t) ndr_pull_mgmt_inq_princ_name, +- (ndr_print_function_t) ndr_print_mgmt_inq_princ_name, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_msgsvc.c ++++ b/source3/librpc/gen_ndr/ndr_msgsvc.c +@@ -165,7 +165,7 @@ static const struct ndr_interface_call m + sizeof(struct NetrMessageNameAdd), + (ndr_push_flags_fn_t) ndr_push_NetrMessageNameAdd, + (ndr_pull_flags_fn_t) ndr_pull_NetrMessageNameAdd, +- (ndr_print_function_t) ndr_print_NetrMessageNameAdd, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -174,7 +174,7 @@ static const struct ndr_interface_call m + sizeof(struct NetrMessageNameEnum), + (ndr_push_flags_fn_t) ndr_push_NetrMessageNameEnum, + (ndr_pull_flags_fn_t) ndr_pull_NetrMessageNameEnum, +- (ndr_print_function_t) ndr_print_NetrMessageNameEnum, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -183,7 +183,7 @@ static const struct ndr_interface_call m + sizeof(struct NetrMessageNameGetInfo), + (ndr_push_flags_fn_t) ndr_push_NetrMessageNameGetInfo, + (ndr_pull_flags_fn_t) ndr_pull_NetrMessageNameGetInfo, +- (ndr_print_function_t) ndr_print_NetrMessageNameGetInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -192,7 +192,7 @@ static const struct ndr_interface_call m + sizeof(struct NetrMessageNameDel), + (ndr_push_flags_fn_t) ndr_push_NetrMessageNameDel, + (ndr_pull_flags_fn_t) ndr_pull_NetrMessageNameDel, +- (ndr_print_function_t) ndr_print_NetrMessageNameDel, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -276,7 +276,7 @@ static const struct ndr_interface_call m + sizeof(struct NetrSendMessage), + (ndr_push_flags_fn_t) ndr_push_NetrSendMessage, + (ndr_pull_flags_fn_t) ndr_pull_NetrSendMessage, +- (ndr_print_function_t) ndr_print_NetrSendMessage, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_nbt.c ++++ b/source3/librpc/gen_ndr/ndr_nbt.c +@@ -3671,7 +3671,7 @@ static const struct ndr_interface_call n + sizeof(struct decode_nbt_netlogon_packet), + (ndr_push_flags_fn_t) ndr_push_decode_nbt_netlogon_packet, + (ndr_pull_flags_fn_t) ndr_pull_decode_nbt_netlogon_packet, +- (ndr_print_function_t) ndr_print_decode_nbt_netlogon_packet, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_netlogon.c ++++ b/source3/librpc/gen_ndr/ndr_netlogon.c +@@ -17827,7 +17827,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_LogonUasLogon), + (ndr_push_flags_fn_t) ndr_push_netr_LogonUasLogon, + (ndr_pull_flags_fn_t) ndr_pull_netr_LogonUasLogon, +- (ndr_print_function_t) ndr_print_netr_LogonUasLogon, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -17836,7 +17836,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_LogonUasLogoff), + (ndr_push_flags_fn_t) ndr_push_netr_LogonUasLogoff, + (ndr_pull_flags_fn_t) ndr_pull_netr_LogonUasLogoff, +- (ndr_print_function_t) ndr_print_netr_LogonUasLogoff, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -17845,7 +17845,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_LogonSamLogon), + (ndr_push_flags_fn_t) ndr_push_netr_LogonSamLogon, + (ndr_pull_flags_fn_t) ndr_pull_netr_LogonSamLogon, +- (ndr_print_function_t) ndr_print_netr_LogonSamLogon, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -17854,7 +17854,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_LogonSamLogoff), + (ndr_push_flags_fn_t) ndr_push_netr_LogonSamLogoff, + (ndr_pull_flags_fn_t) ndr_pull_netr_LogonSamLogoff, +- (ndr_print_function_t) ndr_print_netr_LogonSamLogoff, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -17863,7 +17863,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_ServerReqChallenge), + (ndr_push_flags_fn_t) ndr_push_netr_ServerReqChallenge, + (ndr_pull_flags_fn_t) ndr_pull_netr_ServerReqChallenge, +- (ndr_print_function_t) ndr_print_netr_ServerReqChallenge, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -17872,7 +17872,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_ServerAuthenticate), + (ndr_push_flags_fn_t) ndr_push_netr_ServerAuthenticate, + (ndr_pull_flags_fn_t) ndr_pull_netr_ServerAuthenticate, +- (ndr_print_function_t) ndr_print_netr_ServerAuthenticate, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -17881,7 +17881,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_ServerPasswordSet), + (ndr_push_flags_fn_t) ndr_push_netr_ServerPasswordSet, + (ndr_pull_flags_fn_t) ndr_pull_netr_ServerPasswordSet, +- (ndr_print_function_t) ndr_print_netr_ServerPasswordSet, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -17890,7 +17890,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_DatabaseDeltas), + (ndr_push_flags_fn_t) ndr_push_netr_DatabaseDeltas, + (ndr_pull_flags_fn_t) ndr_pull_netr_DatabaseDeltas, +- (ndr_print_function_t) ndr_print_netr_DatabaseDeltas, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -17899,7 +17899,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_DatabaseSync), + (ndr_push_flags_fn_t) ndr_push_netr_DatabaseSync, + (ndr_pull_flags_fn_t) ndr_pull_netr_DatabaseSync, +- (ndr_print_function_t) ndr_print_netr_DatabaseSync, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -17908,7 +17908,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_AccountDeltas), + (ndr_push_flags_fn_t) ndr_push_netr_AccountDeltas, + (ndr_pull_flags_fn_t) ndr_pull_netr_AccountDeltas, +- (ndr_print_function_t) ndr_print_netr_AccountDeltas, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -17917,7 +17917,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_AccountSync), + (ndr_push_flags_fn_t) ndr_push_netr_AccountSync, + (ndr_pull_flags_fn_t) ndr_pull_netr_AccountSync, +- (ndr_print_function_t) ndr_print_netr_AccountSync, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -17926,7 +17926,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_GetDcName), + (ndr_push_flags_fn_t) ndr_push_netr_GetDcName, + (ndr_pull_flags_fn_t) ndr_pull_netr_GetDcName, +- (ndr_print_function_t) ndr_print_netr_GetDcName, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -17935,7 +17935,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_LogonControl), + (ndr_push_flags_fn_t) ndr_push_netr_LogonControl, + (ndr_pull_flags_fn_t) ndr_pull_netr_LogonControl, +- (ndr_print_function_t) ndr_print_netr_LogonControl, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -17944,7 +17944,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_GetAnyDCName), + (ndr_push_flags_fn_t) ndr_push_netr_GetAnyDCName, + (ndr_pull_flags_fn_t) ndr_pull_netr_GetAnyDCName, +- (ndr_print_function_t) ndr_print_netr_GetAnyDCName, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -17953,7 +17953,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_LogonControl2), + (ndr_push_flags_fn_t) ndr_push_netr_LogonControl2, + (ndr_pull_flags_fn_t) ndr_pull_netr_LogonControl2, +- (ndr_print_function_t) ndr_print_netr_LogonControl2, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -17962,7 +17962,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_ServerAuthenticate2), + (ndr_push_flags_fn_t) ndr_push_netr_ServerAuthenticate2, + (ndr_pull_flags_fn_t) ndr_pull_netr_ServerAuthenticate2, +- (ndr_print_function_t) ndr_print_netr_ServerAuthenticate2, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -17971,7 +17971,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_DatabaseSync2), + (ndr_push_flags_fn_t) ndr_push_netr_DatabaseSync2, + (ndr_pull_flags_fn_t) ndr_pull_netr_DatabaseSync2, +- (ndr_print_function_t) ndr_print_netr_DatabaseSync2, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -17980,7 +17980,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_DatabaseRedo), + (ndr_push_flags_fn_t) ndr_push_netr_DatabaseRedo, + (ndr_pull_flags_fn_t) ndr_pull_netr_DatabaseRedo, +- (ndr_print_function_t) ndr_print_netr_DatabaseRedo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -17989,7 +17989,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_LogonControl2Ex), + (ndr_push_flags_fn_t) ndr_push_netr_LogonControl2Ex, + (ndr_pull_flags_fn_t) ndr_pull_netr_LogonControl2Ex, +- (ndr_print_function_t) ndr_print_netr_LogonControl2Ex, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -17998,7 +17998,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_NetrEnumerateTrustedDomains), + (ndr_push_flags_fn_t) ndr_push_netr_NetrEnumerateTrustedDomains, + (ndr_pull_flags_fn_t) ndr_pull_netr_NetrEnumerateTrustedDomains, +- (ndr_print_function_t) ndr_print_netr_NetrEnumerateTrustedDomains, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -18007,7 +18007,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_DsRGetDCName), + (ndr_push_flags_fn_t) ndr_push_netr_DsRGetDCName, + (ndr_pull_flags_fn_t) ndr_pull_netr_DsRGetDCName, +- (ndr_print_function_t) ndr_print_netr_DsRGetDCName, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -18016,7 +18016,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_LogonGetCapabilities), + (ndr_push_flags_fn_t) ndr_push_netr_LogonGetCapabilities, + (ndr_pull_flags_fn_t) ndr_pull_netr_LogonGetCapabilities, +- (ndr_print_function_t) ndr_print_netr_LogonGetCapabilities, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -18025,7 +18025,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_NETRLOGONSETSERVICEBITS), + (ndr_push_flags_fn_t) ndr_push_netr_NETRLOGONSETSERVICEBITS, + (ndr_pull_flags_fn_t) ndr_pull_netr_NETRLOGONSETSERVICEBITS, +- (ndr_print_function_t) ndr_print_netr_NETRLOGONSETSERVICEBITS, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -18034,7 +18034,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_LogonGetTrustRid), + (ndr_push_flags_fn_t) ndr_push_netr_LogonGetTrustRid, + (ndr_pull_flags_fn_t) ndr_pull_netr_LogonGetTrustRid, +- (ndr_print_function_t) ndr_print_netr_LogonGetTrustRid, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -18043,7 +18043,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_NETRLOGONCOMPUTESERVERDIGEST), + (ndr_push_flags_fn_t) ndr_push_netr_NETRLOGONCOMPUTESERVERDIGEST, + (ndr_pull_flags_fn_t) ndr_pull_netr_NETRLOGONCOMPUTESERVERDIGEST, +- (ndr_print_function_t) ndr_print_netr_NETRLOGONCOMPUTESERVERDIGEST, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -18052,7 +18052,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_NETRLOGONCOMPUTECLIENTDIGEST), + (ndr_push_flags_fn_t) ndr_push_netr_NETRLOGONCOMPUTECLIENTDIGEST, + (ndr_pull_flags_fn_t) ndr_pull_netr_NETRLOGONCOMPUTECLIENTDIGEST, +- (ndr_print_function_t) ndr_print_netr_NETRLOGONCOMPUTECLIENTDIGEST, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -18061,7 +18061,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_ServerAuthenticate3), + (ndr_push_flags_fn_t) ndr_push_netr_ServerAuthenticate3, + (ndr_pull_flags_fn_t) ndr_pull_netr_ServerAuthenticate3, +- (ndr_print_function_t) ndr_print_netr_ServerAuthenticate3, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -18070,7 +18070,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_DsRGetDCNameEx), + (ndr_push_flags_fn_t) ndr_push_netr_DsRGetDCNameEx, + (ndr_pull_flags_fn_t) ndr_pull_netr_DsRGetDCNameEx, +- (ndr_print_function_t) ndr_print_netr_DsRGetDCNameEx, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -18079,7 +18079,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_DsRGetSiteName), + (ndr_push_flags_fn_t) ndr_push_netr_DsRGetSiteName, + (ndr_pull_flags_fn_t) ndr_pull_netr_DsRGetSiteName, +- (ndr_print_function_t) ndr_print_netr_DsRGetSiteName, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -18088,7 +18088,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_LogonGetDomainInfo), + (ndr_push_flags_fn_t) ndr_push_netr_LogonGetDomainInfo, + (ndr_pull_flags_fn_t) ndr_pull_netr_LogonGetDomainInfo, +- (ndr_print_function_t) ndr_print_netr_LogonGetDomainInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -18097,7 +18097,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_ServerPasswordSet2), + (ndr_push_flags_fn_t) ndr_push_netr_ServerPasswordSet2, + (ndr_pull_flags_fn_t) ndr_pull_netr_ServerPasswordSet2, +- (ndr_print_function_t) ndr_print_netr_ServerPasswordSet2, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -18106,7 +18106,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_ServerPasswordGet), + (ndr_push_flags_fn_t) ndr_push_netr_ServerPasswordGet, + (ndr_pull_flags_fn_t) ndr_pull_netr_ServerPasswordGet, +- (ndr_print_function_t) ndr_print_netr_ServerPasswordGet, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -18115,7 +18115,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_NETRLOGONSENDTOSAM), + (ndr_push_flags_fn_t) ndr_push_netr_NETRLOGONSENDTOSAM, + (ndr_pull_flags_fn_t) ndr_pull_netr_NETRLOGONSENDTOSAM, +- (ndr_print_function_t) ndr_print_netr_NETRLOGONSENDTOSAM, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -18124,7 +18124,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_DsRAddressToSitenamesW), + (ndr_push_flags_fn_t) ndr_push_netr_DsRAddressToSitenamesW, + (ndr_pull_flags_fn_t) ndr_pull_netr_DsRAddressToSitenamesW, +- (ndr_print_function_t) ndr_print_netr_DsRAddressToSitenamesW, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -18133,7 +18133,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_DsRGetDCNameEx2), + (ndr_push_flags_fn_t) ndr_push_netr_DsRGetDCNameEx2, + (ndr_pull_flags_fn_t) ndr_pull_netr_DsRGetDCNameEx2, +- (ndr_print_function_t) ndr_print_netr_DsRGetDCNameEx2, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -18142,7 +18142,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN), + (ndr_push_flags_fn_t) ndr_push_netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN, + (ndr_pull_flags_fn_t) ndr_pull_netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN, +- (ndr_print_function_t) ndr_print_netr_NETRLOGONGETTIMESERVICEPARENTDOMAIN, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -18151,7 +18151,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_NetrEnumerateTrustedDomainsEx), + (ndr_push_flags_fn_t) ndr_push_netr_NetrEnumerateTrustedDomainsEx, + (ndr_pull_flags_fn_t) ndr_pull_netr_NetrEnumerateTrustedDomainsEx, +- (ndr_print_function_t) ndr_print_netr_NetrEnumerateTrustedDomainsEx, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -18160,7 +18160,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_DsRAddressToSitenamesExW), + (ndr_push_flags_fn_t) ndr_push_netr_DsRAddressToSitenamesExW, + (ndr_pull_flags_fn_t) ndr_pull_netr_DsRAddressToSitenamesExW, +- (ndr_print_function_t) ndr_print_netr_DsRAddressToSitenamesExW, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -18169,7 +18169,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_DsrGetDcSiteCoverageW), + (ndr_push_flags_fn_t) ndr_push_netr_DsrGetDcSiteCoverageW, + (ndr_pull_flags_fn_t) ndr_pull_netr_DsrGetDcSiteCoverageW, +- (ndr_print_function_t) ndr_print_netr_DsrGetDcSiteCoverageW, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -18178,7 +18178,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_LogonSamLogonEx), + (ndr_push_flags_fn_t) ndr_push_netr_LogonSamLogonEx, + (ndr_pull_flags_fn_t) ndr_pull_netr_LogonSamLogonEx, +- (ndr_print_function_t) ndr_print_netr_LogonSamLogonEx, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -18187,7 +18187,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_DsrEnumerateDomainTrusts), + (ndr_push_flags_fn_t) ndr_push_netr_DsrEnumerateDomainTrusts, + (ndr_pull_flags_fn_t) ndr_pull_netr_DsrEnumerateDomainTrusts, +- (ndr_print_function_t) ndr_print_netr_DsrEnumerateDomainTrusts, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -18196,7 +18196,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_DsrDeregisterDNSHostRecords), + (ndr_push_flags_fn_t) ndr_push_netr_DsrDeregisterDNSHostRecords, + (ndr_pull_flags_fn_t) ndr_pull_netr_DsrDeregisterDNSHostRecords, +- (ndr_print_function_t) ndr_print_netr_DsrDeregisterDNSHostRecords, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -18205,7 +18205,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_ServerTrustPasswordsGet), + (ndr_push_flags_fn_t) ndr_push_netr_ServerTrustPasswordsGet, + (ndr_pull_flags_fn_t) ndr_pull_netr_ServerTrustPasswordsGet, +- (ndr_print_function_t) ndr_print_netr_ServerTrustPasswordsGet, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -18214,7 +18214,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_DsRGetForestTrustInformation), + (ndr_push_flags_fn_t) ndr_push_netr_DsRGetForestTrustInformation, + (ndr_pull_flags_fn_t) ndr_pull_netr_DsRGetForestTrustInformation, +- (ndr_print_function_t) ndr_print_netr_DsRGetForestTrustInformation, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -18223,7 +18223,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_GetForestTrustInformation), + (ndr_push_flags_fn_t) ndr_push_netr_GetForestTrustInformation, + (ndr_pull_flags_fn_t) ndr_pull_netr_GetForestTrustInformation, +- (ndr_print_function_t) ndr_print_netr_GetForestTrustInformation, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -18232,7 +18232,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_LogonSamLogonWithFlags), + (ndr_push_flags_fn_t) ndr_push_netr_LogonSamLogonWithFlags, + (ndr_pull_flags_fn_t) ndr_pull_netr_LogonSamLogonWithFlags, +- (ndr_print_function_t) ndr_print_netr_LogonSamLogonWithFlags, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -18241,7 +18241,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_ServerGetTrustInfo), + (ndr_push_flags_fn_t) ndr_push_netr_ServerGetTrustInfo, + (ndr_pull_flags_fn_t) ndr_pull_netr_ServerGetTrustInfo, +- (ndr_print_function_t) ndr_print_netr_ServerGetTrustInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -18250,7 +18250,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_Unused47), + (ndr_push_flags_fn_t) ndr_push_netr_Unused47, + (ndr_pull_flags_fn_t) ndr_pull_netr_Unused47, +- (ndr_print_function_t) ndr_print_netr_Unused47, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -18259,7 +18259,7 @@ static const struct ndr_interface_call n + sizeof(struct netr_DsrUpdateReadOnlyServerDnsRecords), + (ndr_push_flags_fn_t) ndr_push_netr_DsrUpdateReadOnlyServerDnsRecords, + (ndr_pull_flags_fn_t) ndr_pull_netr_DsrUpdateReadOnlyServerDnsRecords, +- (ndr_print_function_t) ndr_print_netr_DsrUpdateReadOnlyServerDnsRecords, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_ntlmssp.c ++++ b/source3/librpc/gen_ndr/ndr_ntlmssp.c +@@ -2408,7 +2408,7 @@ static const struct ndr_interface_call n + sizeof(struct decode_NEGOTIATE_MESSAGE), + (ndr_push_flags_fn_t) ndr_push_decode_NEGOTIATE_MESSAGE, + (ndr_pull_flags_fn_t) ndr_pull_decode_NEGOTIATE_MESSAGE, +- (ndr_print_function_t) ndr_print_decode_NEGOTIATE_MESSAGE, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2417,7 +2417,7 @@ static const struct ndr_interface_call n + sizeof(struct decode_CHALLENGE_MESSAGE), + (ndr_push_flags_fn_t) ndr_push_decode_CHALLENGE_MESSAGE, + (ndr_pull_flags_fn_t) ndr_pull_decode_CHALLENGE_MESSAGE, +- (ndr_print_function_t) ndr_print_decode_CHALLENGE_MESSAGE, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2426,7 +2426,7 @@ static const struct ndr_interface_call n + sizeof(struct decode_AUTHENTICATE_MESSAGE), + (ndr_push_flags_fn_t) ndr_push_decode_AUTHENTICATE_MESSAGE, + (ndr_pull_flags_fn_t) ndr_pull_decode_AUTHENTICATE_MESSAGE, +- (ndr_print_function_t) ndr_print_decode_AUTHENTICATE_MESSAGE, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2435,7 +2435,7 @@ static const struct ndr_interface_call n + sizeof(struct decode_NTLMv2_CLIENT_CHALLENGE), + (ndr_push_flags_fn_t) ndr_push_decode_NTLMv2_CLIENT_CHALLENGE, + (ndr_pull_flags_fn_t) ndr_pull_decode_NTLMv2_CLIENT_CHALLENGE, +- (ndr_print_function_t) ndr_print_decode_NTLMv2_CLIENT_CHALLENGE, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2444,7 +2444,7 @@ static const struct ndr_interface_call n + sizeof(struct decode_NTLMv2_RESPONSE), + (ndr_push_flags_fn_t) ndr_push_decode_NTLMv2_RESPONSE, + (ndr_pull_flags_fn_t) ndr_pull_decode_NTLMv2_RESPONSE, +- (ndr_print_function_t) ndr_print_decode_NTLMv2_RESPONSE, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_ntprinting.c ++++ b/source3/librpc/gen_ndr/ndr_ntprinting.c +@@ -914,7 +914,7 @@ static const struct ndr_interface_call n + sizeof(struct decode_ntprinting_form), + (ndr_push_flags_fn_t) ndr_push_decode_ntprinting_form, + (ndr_pull_flags_fn_t) ndr_pull_decode_ntprinting_form, +- (ndr_print_function_t) ndr_print_decode_ntprinting_form, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -923,7 +923,7 @@ static const struct ndr_interface_call n + sizeof(struct decode_ntprinting_driver), + (ndr_push_flags_fn_t) ndr_push_decode_ntprinting_driver, + (ndr_pull_flags_fn_t) ndr_pull_decode_ntprinting_driver, +- (ndr_print_function_t) ndr_print_decode_ntprinting_driver, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -932,7 +932,7 @@ static const struct ndr_interface_call n + sizeof(struct decode_ntprinting_printer), + (ndr_push_flags_fn_t) ndr_push_decode_ntprinting_printer, + (ndr_pull_flags_fn_t) ndr_pull_decode_ntprinting_printer, +- (ndr_print_function_t) ndr_print_decode_ntprinting_printer, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_ntsvcs.c ++++ b/source3/librpc/gen_ndr/ndr_ntsvcs.c +@@ -3466,7 +3466,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_Disconnect), + (ndr_push_flags_fn_t) ndr_push_PNP_Disconnect, + (ndr_pull_flags_fn_t) ndr_pull_PNP_Disconnect, +- (ndr_print_function_t) ndr_print_PNP_Disconnect, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3475,7 +3475,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_Connect), + (ndr_push_flags_fn_t) ndr_push_PNP_Connect, + (ndr_pull_flags_fn_t) ndr_pull_PNP_Connect, +- (ndr_print_function_t) ndr_print_PNP_Connect, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3484,7 +3484,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_GetVersion), + (ndr_push_flags_fn_t) ndr_push_PNP_GetVersion, + (ndr_pull_flags_fn_t) ndr_pull_PNP_GetVersion, +- (ndr_print_function_t) ndr_print_PNP_GetVersion, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3493,7 +3493,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_GetGlobalState), + (ndr_push_flags_fn_t) ndr_push_PNP_GetGlobalState, + (ndr_pull_flags_fn_t) ndr_pull_PNP_GetGlobalState, +- (ndr_print_function_t) ndr_print_PNP_GetGlobalState, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3502,7 +3502,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_InitDetection), + (ndr_push_flags_fn_t) ndr_push_PNP_InitDetection, + (ndr_pull_flags_fn_t) ndr_pull_PNP_InitDetection, +- (ndr_print_function_t) ndr_print_PNP_InitDetection, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3511,7 +3511,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_ReportLogOn), + (ndr_push_flags_fn_t) ndr_push_PNP_ReportLogOn, + (ndr_pull_flags_fn_t) ndr_pull_PNP_ReportLogOn, +- (ndr_print_function_t) ndr_print_PNP_ReportLogOn, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3520,7 +3520,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_ValidateDeviceInstance), + (ndr_push_flags_fn_t) ndr_push_PNP_ValidateDeviceInstance, + (ndr_pull_flags_fn_t) ndr_pull_PNP_ValidateDeviceInstance, +- (ndr_print_function_t) ndr_print_PNP_ValidateDeviceInstance, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3529,7 +3529,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_GetRootDeviceInstance), + (ndr_push_flags_fn_t) ndr_push_PNP_GetRootDeviceInstance, + (ndr_pull_flags_fn_t) ndr_pull_PNP_GetRootDeviceInstance, +- (ndr_print_function_t) ndr_print_PNP_GetRootDeviceInstance, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3538,7 +3538,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_GetRelatedDeviceInstance), + (ndr_push_flags_fn_t) ndr_push_PNP_GetRelatedDeviceInstance, + (ndr_pull_flags_fn_t) ndr_pull_PNP_GetRelatedDeviceInstance, +- (ndr_print_function_t) ndr_print_PNP_GetRelatedDeviceInstance, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3547,7 +3547,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_EnumerateSubKeys), + (ndr_push_flags_fn_t) ndr_push_PNP_EnumerateSubKeys, + (ndr_pull_flags_fn_t) ndr_pull_PNP_EnumerateSubKeys, +- (ndr_print_function_t) ndr_print_PNP_EnumerateSubKeys, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3556,7 +3556,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_GetDeviceList), + (ndr_push_flags_fn_t) ndr_push_PNP_GetDeviceList, + (ndr_pull_flags_fn_t) ndr_pull_PNP_GetDeviceList, +- (ndr_print_function_t) ndr_print_PNP_GetDeviceList, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3565,7 +3565,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_GetDeviceListSize), + (ndr_push_flags_fn_t) ndr_push_PNP_GetDeviceListSize, + (ndr_pull_flags_fn_t) ndr_pull_PNP_GetDeviceListSize, +- (ndr_print_function_t) ndr_print_PNP_GetDeviceListSize, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3574,7 +3574,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_GetDepth), + (ndr_push_flags_fn_t) ndr_push_PNP_GetDepth, + (ndr_pull_flags_fn_t) ndr_pull_PNP_GetDepth, +- (ndr_print_function_t) ndr_print_PNP_GetDepth, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3583,7 +3583,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_GetDeviceRegProp), + (ndr_push_flags_fn_t) ndr_push_PNP_GetDeviceRegProp, + (ndr_pull_flags_fn_t) ndr_pull_PNP_GetDeviceRegProp, +- (ndr_print_function_t) ndr_print_PNP_GetDeviceRegProp, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3592,7 +3592,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_SetDeviceRegProp), + (ndr_push_flags_fn_t) ndr_push_PNP_SetDeviceRegProp, + (ndr_pull_flags_fn_t) ndr_pull_PNP_SetDeviceRegProp, +- (ndr_print_function_t) ndr_print_PNP_SetDeviceRegProp, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3601,7 +3601,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_GetClassInstance), + (ndr_push_flags_fn_t) ndr_push_PNP_GetClassInstance, + (ndr_pull_flags_fn_t) ndr_pull_PNP_GetClassInstance, +- (ndr_print_function_t) ndr_print_PNP_GetClassInstance, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3610,7 +3610,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_CreateKey), + (ndr_push_flags_fn_t) ndr_push_PNP_CreateKey, + (ndr_pull_flags_fn_t) ndr_pull_PNP_CreateKey, +- (ndr_print_function_t) ndr_print_PNP_CreateKey, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3619,7 +3619,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_DeleteRegistryKey), + (ndr_push_flags_fn_t) ndr_push_PNP_DeleteRegistryKey, + (ndr_pull_flags_fn_t) ndr_pull_PNP_DeleteRegistryKey, +- (ndr_print_function_t) ndr_print_PNP_DeleteRegistryKey, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3628,7 +3628,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_GetClassCount), + (ndr_push_flags_fn_t) ndr_push_PNP_GetClassCount, + (ndr_pull_flags_fn_t) ndr_pull_PNP_GetClassCount, +- (ndr_print_function_t) ndr_print_PNP_GetClassCount, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3637,7 +3637,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_GetClassName), + (ndr_push_flags_fn_t) ndr_push_PNP_GetClassName, + (ndr_pull_flags_fn_t) ndr_pull_PNP_GetClassName, +- (ndr_print_function_t) ndr_print_PNP_GetClassName, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3646,7 +3646,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_DeleteClassKey), + (ndr_push_flags_fn_t) ndr_push_PNP_DeleteClassKey, + (ndr_pull_flags_fn_t) ndr_pull_PNP_DeleteClassKey, +- (ndr_print_function_t) ndr_print_PNP_DeleteClassKey, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3655,7 +3655,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_GetInterfaceDeviceAlias), + (ndr_push_flags_fn_t) ndr_push_PNP_GetInterfaceDeviceAlias, + (ndr_pull_flags_fn_t) ndr_pull_PNP_GetInterfaceDeviceAlias, +- (ndr_print_function_t) ndr_print_PNP_GetInterfaceDeviceAlias, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3664,7 +3664,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_GetInterfaceDeviceList), + (ndr_push_flags_fn_t) ndr_push_PNP_GetInterfaceDeviceList, + (ndr_pull_flags_fn_t) ndr_pull_PNP_GetInterfaceDeviceList, +- (ndr_print_function_t) ndr_print_PNP_GetInterfaceDeviceList, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3673,7 +3673,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_GetInterfaceDeviceListSize), + (ndr_push_flags_fn_t) ndr_push_PNP_GetInterfaceDeviceListSize, + (ndr_pull_flags_fn_t) ndr_pull_PNP_GetInterfaceDeviceListSize, +- (ndr_print_function_t) ndr_print_PNP_GetInterfaceDeviceListSize, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3682,7 +3682,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_RegisterDeviceClassAssociation), + (ndr_push_flags_fn_t) ndr_push_PNP_RegisterDeviceClassAssociation, + (ndr_pull_flags_fn_t) ndr_pull_PNP_RegisterDeviceClassAssociation, +- (ndr_print_function_t) ndr_print_PNP_RegisterDeviceClassAssociation, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3691,7 +3691,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_UnregisterDeviceClassAssociation), + (ndr_push_flags_fn_t) ndr_push_PNP_UnregisterDeviceClassAssociation, + (ndr_pull_flags_fn_t) ndr_pull_PNP_UnregisterDeviceClassAssociation, +- (ndr_print_function_t) ndr_print_PNP_UnregisterDeviceClassAssociation, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3700,7 +3700,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_GetClassRegProp), + (ndr_push_flags_fn_t) ndr_push_PNP_GetClassRegProp, + (ndr_pull_flags_fn_t) ndr_pull_PNP_GetClassRegProp, +- (ndr_print_function_t) ndr_print_PNP_GetClassRegProp, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3709,7 +3709,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_SetClassRegProp), + (ndr_push_flags_fn_t) ndr_push_PNP_SetClassRegProp, + (ndr_pull_flags_fn_t) ndr_pull_PNP_SetClassRegProp, +- (ndr_print_function_t) ndr_print_PNP_SetClassRegProp, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3718,7 +3718,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_CreateDevInst), + (ndr_push_flags_fn_t) ndr_push_PNP_CreateDevInst, + (ndr_pull_flags_fn_t) ndr_pull_PNP_CreateDevInst, +- (ndr_print_function_t) ndr_print_PNP_CreateDevInst, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3727,7 +3727,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_DeviceInstanceAction), + (ndr_push_flags_fn_t) ndr_push_PNP_DeviceInstanceAction, + (ndr_pull_flags_fn_t) ndr_pull_PNP_DeviceInstanceAction, +- (ndr_print_function_t) ndr_print_PNP_DeviceInstanceAction, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3736,7 +3736,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_GetDeviceStatus), + (ndr_push_flags_fn_t) ndr_push_PNP_GetDeviceStatus, + (ndr_pull_flags_fn_t) ndr_pull_PNP_GetDeviceStatus, +- (ndr_print_function_t) ndr_print_PNP_GetDeviceStatus, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3745,7 +3745,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_SetDeviceProblem), + (ndr_push_flags_fn_t) ndr_push_PNP_SetDeviceProblem, + (ndr_pull_flags_fn_t) ndr_pull_PNP_SetDeviceProblem, +- (ndr_print_function_t) ndr_print_PNP_SetDeviceProblem, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3754,7 +3754,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_DisableDevInst), + (ndr_push_flags_fn_t) ndr_push_PNP_DisableDevInst, + (ndr_pull_flags_fn_t) ndr_pull_PNP_DisableDevInst, +- (ndr_print_function_t) ndr_print_PNP_DisableDevInst, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3763,7 +3763,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_UninstallDevInst), + (ndr_push_flags_fn_t) ndr_push_PNP_UninstallDevInst, + (ndr_pull_flags_fn_t) ndr_pull_PNP_UninstallDevInst, +- (ndr_print_function_t) ndr_print_PNP_UninstallDevInst, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3772,7 +3772,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_AddID), + (ndr_push_flags_fn_t) ndr_push_PNP_AddID, + (ndr_pull_flags_fn_t) ndr_pull_PNP_AddID, +- (ndr_print_function_t) ndr_print_PNP_AddID, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3781,7 +3781,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_RegisterDriver), + (ndr_push_flags_fn_t) ndr_push_PNP_RegisterDriver, + (ndr_pull_flags_fn_t) ndr_pull_PNP_RegisterDriver, +- (ndr_print_function_t) ndr_print_PNP_RegisterDriver, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3790,7 +3790,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_QueryRemove), + (ndr_push_flags_fn_t) ndr_push_PNP_QueryRemove, + (ndr_pull_flags_fn_t) ndr_pull_PNP_QueryRemove, +- (ndr_print_function_t) ndr_print_PNP_QueryRemove, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3799,7 +3799,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_RequestDeviceEject), + (ndr_push_flags_fn_t) ndr_push_PNP_RequestDeviceEject, + (ndr_pull_flags_fn_t) ndr_pull_PNP_RequestDeviceEject, +- (ndr_print_function_t) ndr_print_PNP_RequestDeviceEject, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3808,7 +3808,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_IsDockStationPresent), + (ndr_push_flags_fn_t) ndr_push_PNP_IsDockStationPresent, + (ndr_pull_flags_fn_t) ndr_pull_PNP_IsDockStationPresent, +- (ndr_print_function_t) ndr_print_PNP_IsDockStationPresent, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3817,7 +3817,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_RequestEjectPC), + (ndr_push_flags_fn_t) ndr_push_PNP_RequestEjectPC, + (ndr_pull_flags_fn_t) ndr_pull_PNP_RequestEjectPC, +- (ndr_print_function_t) ndr_print_PNP_RequestEjectPC, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3826,7 +3826,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_HwProfFlags), + (ndr_push_flags_fn_t) ndr_push_PNP_HwProfFlags, + (ndr_pull_flags_fn_t) ndr_pull_PNP_HwProfFlags, +- (ndr_print_function_t) ndr_print_PNP_HwProfFlags, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3835,7 +3835,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_GetHwProfInfo), + (ndr_push_flags_fn_t) ndr_push_PNP_GetHwProfInfo, + (ndr_pull_flags_fn_t) ndr_pull_PNP_GetHwProfInfo, +- (ndr_print_function_t) ndr_print_PNP_GetHwProfInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3844,7 +3844,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_AddEmptyLogConf), + (ndr_push_flags_fn_t) ndr_push_PNP_AddEmptyLogConf, + (ndr_pull_flags_fn_t) ndr_pull_PNP_AddEmptyLogConf, +- (ndr_print_function_t) ndr_print_PNP_AddEmptyLogConf, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3853,7 +3853,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_FreeLogConf), + (ndr_push_flags_fn_t) ndr_push_PNP_FreeLogConf, + (ndr_pull_flags_fn_t) ndr_pull_PNP_FreeLogConf, +- (ndr_print_function_t) ndr_print_PNP_FreeLogConf, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3862,7 +3862,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_GetFirstLogConf), + (ndr_push_flags_fn_t) ndr_push_PNP_GetFirstLogConf, + (ndr_pull_flags_fn_t) ndr_pull_PNP_GetFirstLogConf, +- (ndr_print_function_t) ndr_print_PNP_GetFirstLogConf, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3871,7 +3871,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_GetNextLogConf), + (ndr_push_flags_fn_t) ndr_push_PNP_GetNextLogConf, + (ndr_pull_flags_fn_t) ndr_pull_PNP_GetNextLogConf, +- (ndr_print_function_t) ndr_print_PNP_GetNextLogConf, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3880,7 +3880,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_GetLogConfPriority), + (ndr_push_flags_fn_t) ndr_push_PNP_GetLogConfPriority, + (ndr_pull_flags_fn_t) ndr_pull_PNP_GetLogConfPriority, +- (ndr_print_function_t) ndr_print_PNP_GetLogConfPriority, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3889,7 +3889,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_AddResDes), + (ndr_push_flags_fn_t) ndr_push_PNP_AddResDes, + (ndr_pull_flags_fn_t) ndr_pull_PNP_AddResDes, +- (ndr_print_function_t) ndr_print_PNP_AddResDes, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3898,7 +3898,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_FreeResDes), + (ndr_push_flags_fn_t) ndr_push_PNP_FreeResDes, + (ndr_pull_flags_fn_t) ndr_pull_PNP_FreeResDes, +- (ndr_print_function_t) ndr_print_PNP_FreeResDes, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3907,7 +3907,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_GetNextResDes), + (ndr_push_flags_fn_t) ndr_push_PNP_GetNextResDes, + (ndr_pull_flags_fn_t) ndr_pull_PNP_GetNextResDes, +- (ndr_print_function_t) ndr_print_PNP_GetNextResDes, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3916,7 +3916,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_GetResDesData), + (ndr_push_flags_fn_t) ndr_push_PNP_GetResDesData, + (ndr_pull_flags_fn_t) ndr_pull_PNP_GetResDesData, +- (ndr_print_function_t) ndr_print_PNP_GetResDesData, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3925,7 +3925,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_GetResDesDataSize), + (ndr_push_flags_fn_t) ndr_push_PNP_GetResDesDataSize, + (ndr_pull_flags_fn_t) ndr_pull_PNP_GetResDesDataSize, +- (ndr_print_function_t) ndr_print_PNP_GetResDesDataSize, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3934,7 +3934,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_ModifyResDes), + (ndr_push_flags_fn_t) ndr_push_PNP_ModifyResDes, + (ndr_pull_flags_fn_t) ndr_pull_PNP_ModifyResDes, +- (ndr_print_function_t) ndr_print_PNP_ModifyResDes, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3943,7 +3943,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_DetectResourceLimit), + (ndr_push_flags_fn_t) ndr_push_PNP_DetectResourceLimit, + (ndr_pull_flags_fn_t) ndr_pull_PNP_DetectResourceLimit, +- (ndr_print_function_t) ndr_print_PNP_DetectResourceLimit, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3952,7 +3952,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_QueryResConfList), + (ndr_push_flags_fn_t) ndr_push_PNP_QueryResConfList, + (ndr_pull_flags_fn_t) ndr_pull_PNP_QueryResConfList, +- (ndr_print_function_t) ndr_print_PNP_QueryResConfList, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3961,7 +3961,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_SetHwProf), + (ndr_push_flags_fn_t) ndr_push_PNP_SetHwProf, + (ndr_pull_flags_fn_t) ndr_pull_PNP_SetHwProf, +- (ndr_print_function_t) ndr_print_PNP_SetHwProf, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3970,7 +3970,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_QueryArbitratorFreeData), + (ndr_push_flags_fn_t) ndr_push_PNP_QueryArbitratorFreeData, + (ndr_pull_flags_fn_t) ndr_pull_PNP_QueryArbitratorFreeData, +- (ndr_print_function_t) ndr_print_PNP_QueryArbitratorFreeData, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3979,7 +3979,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_QueryArbitratorFreeSize), + (ndr_push_flags_fn_t) ndr_push_PNP_QueryArbitratorFreeSize, + (ndr_pull_flags_fn_t) ndr_pull_PNP_QueryArbitratorFreeSize, +- (ndr_print_function_t) ndr_print_PNP_QueryArbitratorFreeSize, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3988,7 +3988,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_RunDetection), + (ndr_push_flags_fn_t) ndr_push_PNP_RunDetection, + (ndr_pull_flags_fn_t) ndr_pull_PNP_RunDetection, +- (ndr_print_function_t) ndr_print_PNP_RunDetection, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3997,7 +3997,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_RegisterNotification), + (ndr_push_flags_fn_t) ndr_push_PNP_RegisterNotification, + (ndr_pull_flags_fn_t) ndr_pull_PNP_RegisterNotification, +- (ndr_print_function_t) ndr_print_PNP_RegisterNotification, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -4006,7 +4006,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_UnregisterNotification), + (ndr_push_flags_fn_t) ndr_push_PNP_UnregisterNotification, + (ndr_pull_flags_fn_t) ndr_pull_PNP_UnregisterNotification, +- (ndr_print_function_t) ndr_print_PNP_UnregisterNotification, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -4015,7 +4015,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_GetCustomDevProp), + (ndr_push_flags_fn_t) ndr_push_PNP_GetCustomDevProp, + (ndr_pull_flags_fn_t) ndr_pull_PNP_GetCustomDevProp, +- (ndr_print_function_t) ndr_print_PNP_GetCustomDevProp, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -4024,7 +4024,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_GetVersionInternal), + (ndr_push_flags_fn_t) ndr_push_PNP_GetVersionInternal, + (ndr_pull_flags_fn_t) ndr_pull_PNP_GetVersionInternal, +- (ndr_print_function_t) ndr_print_PNP_GetVersionInternal, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -4033,7 +4033,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_GetBlockedDriverInfo), + (ndr_push_flags_fn_t) ndr_push_PNP_GetBlockedDriverInfo, + (ndr_pull_flags_fn_t) ndr_pull_PNP_GetBlockedDriverInfo, +- (ndr_print_function_t) ndr_print_PNP_GetBlockedDriverInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -4042,7 +4042,7 @@ static const struct ndr_interface_call n + sizeof(struct PNP_GetServerSideDeviceInstallFlags), + (ndr_push_flags_fn_t) ndr_push_PNP_GetServerSideDeviceInstallFlags, + (ndr_pull_flags_fn_t) ndr_pull_PNP_GetServerSideDeviceInstallFlags, +- (ndr_print_function_t) ndr_print_PNP_GetServerSideDeviceInstallFlags, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_oxidresolver.c ++++ b/source3/librpc/gen_ndr/ndr_oxidresolver.c +@@ -761,7 +761,7 @@ static const struct ndr_interface_call I + sizeof(struct ResolveOxid), + (ndr_push_flags_fn_t) ndr_push_ResolveOxid, + (ndr_pull_flags_fn_t) ndr_pull_ResolveOxid, +- (ndr_print_function_t) ndr_print_ResolveOxid, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -770,7 +770,7 @@ static const struct ndr_interface_call I + sizeof(struct SimplePing), + (ndr_push_flags_fn_t) ndr_push_SimplePing, + (ndr_pull_flags_fn_t) ndr_pull_SimplePing, +- (ndr_print_function_t) ndr_print_SimplePing, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -779,7 +779,7 @@ static const struct ndr_interface_call I + sizeof(struct ComplexPing), + (ndr_push_flags_fn_t) ndr_push_ComplexPing, + (ndr_pull_flags_fn_t) ndr_pull_ComplexPing, +- (ndr_print_function_t) ndr_print_ComplexPing, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -788,7 +788,7 @@ static const struct ndr_interface_call I + sizeof(struct ServerAlive), + (ndr_push_flags_fn_t) ndr_push_ServerAlive, + (ndr_pull_flags_fn_t) ndr_pull_ServerAlive, +- (ndr_print_function_t) ndr_print_ServerAlive, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -797,7 +797,7 @@ static const struct ndr_interface_call I + sizeof(struct ResolveOxid2), + (ndr_push_flags_fn_t) ndr_push_ResolveOxid2, + (ndr_pull_flags_fn_t) ndr_pull_ResolveOxid2, +- (ndr_print_function_t) ndr_print_ResolveOxid2, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -806,7 +806,7 @@ static const struct ndr_interface_call I + sizeof(struct ServerAlive2), + (ndr_push_flags_fn_t) ndr_push_ServerAlive2, + (ndr_pull_flags_fn_t) ndr_pull_ServerAlive2, +- (ndr_print_function_t) ndr_print_ServerAlive2, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_policyagent.c ++++ b/source3/librpc/gen_ndr/ndr_policyagent.c +@@ -51,7 +51,7 @@ static const struct ndr_interface_call p + sizeof(struct policyagent_Dummy), + (ndr_push_flags_fn_t) ndr_push_policyagent_Dummy, + (ndr_pull_flags_fn_t) ndr_pull_policyagent_Dummy, +- (ndr_print_function_t) ndr_print_policyagent_Dummy, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_preg.c ++++ b/source3/librpc/gen_ndr/ndr_preg.c +@@ -204,7 +204,7 @@ static const struct ndr_interface_call p + sizeof(struct decode_preg_file), + (ndr_push_flags_fn_t) ndr_push_decode_preg_file, + (ndr_pull_flags_fn_t) ndr_pull_decode_preg_file, +- (ndr_print_function_t) ndr_print_decode_preg_file, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_remact.c ++++ b/source3/librpc/gen_ndr/ndr_remact.c +@@ -373,7 +373,7 @@ static const struct ndr_interface_call I + sizeof(struct RemoteActivation), + (ndr_push_flags_fn_t) ndr_push_RemoteActivation, + (ndr_pull_flags_fn_t) ndr_pull_RemoteActivation, +- (ndr_print_function_t) ndr_print_RemoteActivation, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_rot.c ++++ b/source3/librpc/gen_ndr/ndr_rot.c +@@ -489,7 +489,7 @@ static const struct ndr_interface_call r + sizeof(struct rot_add), + (ndr_push_flags_fn_t) ndr_push_rot_add, + (ndr_pull_flags_fn_t) ndr_pull_rot_add, +- (ndr_print_function_t) ndr_print_rot_add, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -498,7 +498,7 @@ static const struct ndr_interface_call r + sizeof(struct rot_remove), + (ndr_push_flags_fn_t) ndr_push_rot_remove, + (ndr_pull_flags_fn_t) ndr_pull_rot_remove, +- (ndr_print_function_t) ndr_print_rot_remove, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -507,7 +507,7 @@ static const struct ndr_interface_call r + sizeof(struct rot_is_listed), + (ndr_push_flags_fn_t) ndr_push_rot_is_listed, + (ndr_pull_flags_fn_t) ndr_pull_rot_is_listed, +- (ndr_print_function_t) ndr_print_rot_is_listed, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -516,7 +516,7 @@ static const struct ndr_interface_call r + sizeof(struct rot_get_interface_pointer), + (ndr_push_flags_fn_t) ndr_push_rot_get_interface_pointer, + (ndr_pull_flags_fn_t) ndr_pull_rot_get_interface_pointer, +- (ndr_print_function_t) ndr_print_rot_get_interface_pointer, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -525,7 +525,7 @@ static const struct ndr_interface_call r + sizeof(struct rot_set_modification_time), + (ndr_push_flags_fn_t) ndr_push_rot_set_modification_time, + (ndr_pull_flags_fn_t) ndr_pull_rot_set_modification_time, +- (ndr_print_function_t) ndr_print_rot_set_modification_time, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -534,7 +534,7 @@ static const struct ndr_interface_call r + sizeof(struct rot_get_modification_time), + (ndr_push_flags_fn_t) ndr_push_rot_get_modification_time, + (ndr_pull_flags_fn_t) ndr_pull_rot_get_modification_time, +- (ndr_print_function_t) ndr_print_rot_get_modification_time, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -543,7 +543,7 @@ static const struct ndr_interface_call r + sizeof(struct rot_enum), + (ndr_push_flags_fn_t) ndr_push_rot_enum, + (ndr_pull_flags_fn_t) ndr_pull_rot_enum, +- (ndr_print_function_t) ndr_print_rot_enum, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_samr.c ++++ b/source3/librpc/gen_ndr/ndr_samr.c +@@ -12674,7 +12674,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_Connect), + (ndr_push_flags_fn_t) ndr_push_samr_Connect, + (ndr_pull_flags_fn_t) ndr_pull_samr_Connect, +- (ndr_print_function_t) ndr_print_samr_Connect, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -12683,7 +12683,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_Close), + (ndr_push_flags_fn_t) ndr_push_samr_Close, + (ndr_pull_flags_fn_t) ndr_pull_samr_Close, +- (ndr_print_function_t) ndr_print_samr_Close, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -12692,7 +12692,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_SetSecurity), + (ndr_push_flags_fn_t) ndr_push_samr_SetSecurity, + (ndr_pull_flags_fn_t) ndr_pull_samr_SetSecurity, +- (ndr_print_function_t) ndr_print_samr_SetSecurity, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -12701,7 +12701,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_QuerySecurity), + (ndr_push_flags_fn_t) ndr_push_samr_QuerySecurity, + (ndr_pull_flags_fn_t) ndr_pull_samr_QuerySecurity, +- (ndr_print_function_t) ndr_print_samr_QuerySecurity, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -12710,7 +12710,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_Shutdown), + (ndr_push_flags_fn_t) ndr_push_samr_Shutdown, + (ndr_pull_flags_fn_t) ndr_pull_samr_Shutdown, +- (ndr_print_function_t) ndr_print_samr_Shutdown, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -12719,7 +12719,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_LookupDomain), + (ndr_push_flags_fn_t) ndr_push_samr_LookupDomain, + (ndr_pull_flags_fn_t) ndr_pull_samr_LookupDomain, +- (ndr_print_function_t) ndr_print_samr_LookupDomain, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -12728,7 +12728,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_EnumDomains), + (ndr_push_flags_fn_t) ndr_push_samr_EnumDomains, + (ndr_pull_flags_fn_t) ndr_pull_samr_EnumDomains, +- (ndr_print_function_t) ndr_print_samr_EnumDomains, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -12737,7 +12737,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_OpenDomain), + (ndr_push_flags_fn_t) ndr_push_samr_OpenDomain, + (ndr_pull_flags_fn_t) ndr_pull_samr_OpenDomain, +- (ndr_print_function_t) ndr_print_samr_OpenDomain, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -12746,7 +12746,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_QueryDomainInfo), + (ndr_push_flags_fn_t) ndr_push_samr_QueryDomainInfo, + (ndr_pull_flags_fn_t) ndr_pull_samr_QueryDomainInfo, +- (ndr_print_function_t) ndr_print_samr_QueryDomainInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -12755,7 +12755,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_SetDomainInfo), + (ndr_push_flags_fn_t) ndr_push_samr_SetDomainInfo, + (ndr_pull_flags_fn_t) ndr_pull_samr_SetDomainInfo, +- (ndr_print_function_t) ndr_print_samr_SetDomainInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -12764,7 +12764,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_CreateDomainGroup), + (ndr_push_flags_fn_t) ndr_push_samr_CreateDomainGroup, + (ndr_pull_flags_fn_t) ndr_pull_samr_CreateDomainGroup, +- (ndr_print_function_t) ndr_print_samr_CreateDomainGroup, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -12773,7 +12773,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_EnumDomainGroups), + (ndr_push_flags_fn_t) ndr_push_samr_EnumDomainGroups, + (ndr_pull_flags_fn_t) ndr_pull_samr_EnumDomainGroups, +- (ndr_print_function_t) ndr_print_samr_EnumDomainGroups, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -12782,7 +12782,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_CreateUser), + (ndr_push_flags_fn_t) ndr_push_samr_CreateUser, + (ndr_pull_flags_fn_t) ndr_pull_samr_CreateUser, +- (ndr_print_function_t) ndr_print_samr_CreateUser, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -12791,7 +12791,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_EnumDomainUsers), + (ndr_push_flags_fn_t) ndr_push_samr_EnumDomainUsers, + (ndr_pull_flags_fn_t) ndr_pull_samr_EnumDomainUsers, +- (ndr_print_function_t) ndr_print_samr_EnumDomainUsers, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -12800,7 +12800,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_CreateDomAlias), + (ndr_push_flags_fn_t) ndr_push_samr_CreateDomAlias, + (ndr_pull_flags_fn_t) ndr_pull_samr_CreateDomAlias, +- (ndr_print_function_t) ndr_print_samr_CreateDomAlias, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -12809,7 +12809,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_EnumDomainAliases), + (ndr_push_flags_fn_t) ndr_push_samr_EnumDomainAliases, + (ndr_pull_flags_fn_t) ndr_pull_samr_EnumDomainAliases, +- (ndr_print_function_t) ndr_print_samr_EnumDomainAliases, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -12818,7 +12818,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_GetAliasMembership), + (ndr_push_flags_fn_t) ndr_push_samr_GetAliasMembership, + (ndr_pull_flags_fn_t) ndr_pull_samr_GetAliasMembership, +- (ndr_print_function_t) ndr_print_samr_GetAliasMembership, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -12827,7 +12827,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_LookupNames), + (ndr_push_flags_fn_t) ndr_push_samr_LookupNames, + (ndr_pull_flags_fn_t) ndr_pull_samr_LookupNames, +- (ndr_print_function_t) ndr_print_samr_LookupNames, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -12836,7 +12836,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_LookupRids), + (ndr_push_flags_fn_t) ndr_push_samr_LookupRids, + (ndr_pull_flags_fn_t) ndr_pull_samr_LookupRids, +- (ndr_print_function_t) ndr_print_samr_LookupRids, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -12845,7 +12845,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_OpenGroup), + (ndr_push_flags_fn_t) ndr_push_samr_OpenGroup, + (ndr_pull_flags_fn_t) ndr_pull_samr_OpenGroup, +- (ndr_print_function_t) ndr_print_samr_OpenGroup, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -12854,7 +12854,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_QueryGroupInfo), + (ndr_push_flags_fn_t) ndr_push_samr_QueryGroupInfo, + (ndr_pull_flags_fn_t) ndr_pull_samr_QueryGroupInfo, +- (ndr_print_function_t) ndr_print_samr_QueryGroupInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -12863,7 +12863,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_SetGroupInfo), + (ndr_push_flags_fn_t) ndr_push_samr_SetGroupInfo, + (ndr_pull_flags_fn_t) ndr_pull_samr_SetGroupInfo, +- (ndr_print_function_t) ndr_print_samr_SetGroupInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -12872,7 +12872,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_AddGroupMember), + (ndr_push_flags_fn_t) ndr_push_samr_AddGroupMember, + (ndr_pull_flags_fn_t) ndr_pull_samr_AddGroupMember, +- (ndr_print_function_t) ndr_print_samr_AddGroupMember, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -12881,7 +12881,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_DeleteDomainGroup), + (ndr_push_flags_fn_t) ndr_push_samr_DeleteDomainGroup, + (ndr_pull_flags_fn_t) ndr_pull_samr_DeleteDomainGroup, +- (ndr_print_function_t) ndr_print_samr_DeleteDomainGroup, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -12890,7 +12890,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_DeleteGroupMember), + (ndr_push_flags_fn_t) ndr_push_samr_DeleteGroupMember, + (ndr_pull_flags_fn_t) ndr_pull_samr_DeleteGroupMember, +- (ndr_print_function_t) ndr_print_samr_DeleteGroupMember, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -12899,7 +12899,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_QueryGroupMember), + (ndr_push_flags_fn_t) ndr_push_samr_QueryGroupMember, + (ndr_pull_flags_fn_t) ndr_pull_samr_QueryGroupMember, +- (ndr_print_function_t) ndr_print_samr_QueryGroupMember, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -12908,7 +12908,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_SetMemberAttributesOfGroup), + (ndr_push_flags_fn_t) ndr_push_samr_SetMemberAttributesOfGroup, + (ndr_pull_flags_fn_t) ndr_pull_samr_SetMemberAttributesOfGroup, +- (ndr_print_function_t) ndr_print_samr_SetMemberAttributesOfGroup, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -12917,7 +12917,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_OpenAlias), + (ndr_push_flags_fn_t) ndr_push_samr_OpenAlias, + (ndr_pull_flags_fn_t) ndr_pull_samr_OpenAlias, +- (ndr_print_function_t) ndr_print_samr_OpenAlias, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -12926,7 +12926,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_QueryAliasInfo), + (ndr_push_flags_fn_t) ndr_push_samr_QueryAliasInfo, + (ndr_pull_flags_fn_t) ndr_pull_samr_QueryAliasInfo, +- (ndr_print_function_t) ndr_print_samr_QueryAliasInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -12935,7 +12935,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_SetAliasInfo), + (ndr_push_flags_fn_t) ndr_push_samr_SetAliasInfo, + (ndr_pull_flags_fn_t) ndr_pull_samr_SetAliasInfo, +- (ndr_print_function_t) ndr_print_samr_SetAliasInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -12944,7 +12944,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_DeleteDomAlias), + (ndr_push_flags_fn_t) ndr_push_samr_DeleteDomAlias, + (ndr_pull_flags_fn_t) ndr_pull_samr_DeleteDomAlias, +- (ndr_print_function_t) ndr_print_samr_DeleteDomAlias, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -12953,7 +12953,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_AddAliasMember), + (ndr_push_flags_fn_t) ndr_push_samr_AddAliasMember, + (ndr_pull_flags_fn_t) ndr_pull_samr_AddAliasMember, +- (ndr_print_function_t) ndr_print_samr_AddAliasMember, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -12962,7 +12962,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_DeleteAliasMember), + (ndr_push_flags_fn_t) ndr_push_samr_DeleteAliasMember, + (ndr_pull_flags_fn_t) ndr_pull_samr_DeleteAliasMember, +- (ndr_print_function_t) ndr_print_samr_DeleteAliasMember, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -12971,7 +12971,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_GetMembersInAlias), + (ndr_push_flags_fn_t) ndr_push_samr_GetMembersInAlias, + (ndr_pull_flags_fn_t) ndr_pull_samr_GetMembersInAlias, +- (ndr_print_function_t) ndr_print_samr_GetMembersInAlias, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -12980,7 +12980,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_OpenUser), + (ndr_push_flags_fn_t) ndr_push_samr_OpenUser, + (ndr_pull_flags_fn_t) ndr_pull_samr_OpenUser, +- (ndr_print_function_t) ndr_print_samr_OpenUser, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -12989,7 +12989,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_DeleteUser), + (ndr_push_flags_fn_t) ndr_push_samr_DeleteUser, + (ndr_pull_flags_fn_t) ndr_pull_samr_DeleteUser, +- (ndr_print_function_t) ndr_print_samr_DeleteUser, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -12998,7 +12998,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_QueryUserInfo), + (ndr_push_flags_fn_t) ndr_push_samr_QueryUserInfo, + (ndr_pull_flags_fn_t) ndr_pull_samr_QueryUserInfo, +- (ndr_print_function_t) ndr_print_samr_QueryUserInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13007,7 +13007,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_SetUserInfo), + (ndr_push_flags_fn_t) ndr_push_samr_SetUserInfo, + (ndr_pull_flags_fn_t) ndr_pull_samr_SetUserInfo, +- (ndr_print_function_t) ndr_print_samr_SetUserInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13016,7 +13016,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_ChangePasswordUser), + (ndr_push_flags_fn_t) ndr_push_samr_ChangePasswordUser, + (ndr_pull_flags_fn_t) ndr_pull_samr_ChangePasswordUser, +- (ndr_print_function_t) ndr_print_samr_ChangePasswordUser, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13025,7 +13025,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_GetGroupsForUser), + (ndr_push_flags_fn_t) ndr_push_samr_GetGroupsForUser, + (ndr_pull_flags_fn_t) ndr_pull_samr_GetGroupsForUser, +- (ndr_print_function_t) ndr_print_samr_GetGroupsForUser, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13034,7 +13034,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_QueryDisplayInfo), + (ndr_push_flags_fn_t) ndr_push_samr_QueryDisplayInfo, + (ndr_pull_flags_fn_t) ndr_pull_samr_QueryDisplayInfo, +- (ndr_print_function_t) ndr_print_samr_QueryDisplayInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13043,7 +13043,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_GetDisplayEnumerationIndex), + (ndr_push_flags_fn_t) ndr_push_samr_GetDisplayEnumerationIndex, + (ndr_pull_flags_fn_t) ndr_pull_samr_GetDisplayEnumerationIndex, +- (ndr_print_function_t) ndr_print_samr_GetDisplayEnumerationIndex, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13052,7 +13052,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_TestPrivateFunctionsDomain), + (ndr_push_flags_fn_t) ndr_push_samr_TestPrivateFunctionsDomain, + (ndr_pull_flags_fn_t) ndr_pull_samr_TestPrivateFunctionsDomain, +- (ndr_print_function_t) ndr_print_samr_TestPrivateFunctionsDomain, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13061,7 +13061,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_TestPrivateFunctionsUser), + (ndr_push_flags_fn_t) ndr_push_samr_TestPrivateFunctionsUser, + (ndr_pull_flags_fn_t) ndr_pull_samr_TestPrivateFunctionsUser, +- (ndr_print_function_t) ndr_print_samr_TestPrivateFunctionsUser, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13070,7 +13070,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_GetUserPwInfo), + (ndr_push_flags_fn_t) ndr_push_samr_GetUserPwInfo, + (ndr_pull_flags_fn_t) ndr_pull_samr_GetUserPwInfo, +- (ndr_print_function_t) ndr_print_samr_GetUserPwInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13079,7 +13079,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_RemoveMemberFromForeignDomain), + (ndr_push_flags_fn_t) ndr_push_samr_RemoveMemberFromForeignDomain, + (ndr_pull_flags_fn_t) ndr_pull_samr_RemoveMemberFromForeignDomain, +- (ndr_print_function_t) ndr_print_samr_RemoveMemberFromForeignDomain, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13088,7 +13088,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_QueryDomainInfo2), + (ndr_push_flags_fn_t) ndr_push_samr_QueryDomainInfo2, + (ndr_pull_flags_fn_t) ndr_pull_samr_QueryDomainInfo2, +- (ndr_print_function_t) ndr_print_samr_QueryDomainInfo2, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13097,7 +13097,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_QueryUserInfo2), + (ndr_push_flags_fn_t) ndr_push_samr_QueryUserInfo2, + (ndr_pull_flags_fn_t) ndr_pull_samr_QueryUserInfo2, +- (ndr_print_function_t) ndr_print_samr_QueryUserInfo2, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13106,7 +13106,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_QueryDisplayInfo2), + (ndr_push_flags_fn_t) ndr_push_samr_QueryDisplayInfo2, + (ndr_pull_flags_fn_t) ndr_pull_samr_QueryDisplayInfo2, +- (ndr_print_function_t) ndr_print_samr_QueryDisplayInfo2, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13115,7 +13115,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_GetDisplayEnumerationIndex2), + (ndr_push_flags_fn_t) ndr_push_samr_GetDisplayEnumerationIndex2, + (ndr_pull_flags_fn_t) ndr_pull_samr_GetDisplayEnumerationIndex2, +- (ndr_print_function_t) ndr_print_samr_GetDisplayEnumerationIndex2, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13124,7 +13124,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_CreateUser2), + (ndr_push_flags_fn_t) ndr_push_samr_CreateUser2, + (ndr_pull_flags_fn_t) ndr_pull_samr_CreateUser2, +- (ndr_print_function_t) ndr_print_samr_CreateUser2, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13133,7 +13133,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_QueryDisplayInfo3), + (ndr_push_flags_fn_t) ndr_push_samr_QueryDisplayInfo3, + (ndr_pull_flags_fn_t) ndr_pull_samr_QueryDisplayInfo3, +- (ndr_print_function_t) ndr_print_samr_QueryDisplayInfo3, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13142,7 +13142,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_AddMultipleMembersToAlias), + (ndr_push_flags_fn_t) ndr_push_samr_AddMultipleMembersToAlias, + (ndr_pull_flags_fn_t) ndr_pull_samr_AddMultipleMembersToAlias, +- (ndr_print_function_t) ndr_print_samr_AddMultipleMembersToAlias, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13151,7 +13151,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_RemoveMultipleMembersFromAlias), + (ndr_push_flags_fn_t) ndr_push_samr_RemoveMultipleMembersFromAlias, + (ndr_pull_flags_fn_t) ndr_pull_samr_RemoveMultipleMembersFromAlias, +- (ndr_print_function_t) ndr_print_samr_RemoveMultipleMembersFromAlias, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13160,7 +13160,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_OemChangePasswordUser2), + (ndr_push_flags_fn_t) ndr_push_samr_OemChangePasswordUser2, + (ndr_pull_flags_fn_t) ndr_pull_samr_OemChangePasswordUser2, +- (ndr_print_function_t) ndr_print_samr_OemChangePasswordUser2, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13169,7 +13169,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_ChangePasswordUser2), + (ndr_push_flags_fn_t) ndr_push_samr_ChangePasswordUser2, + (ndr_pull_flags_fn_t) ndr_pull_samr_ChangePasswordUser2, +- (ndr_print_function_t) ndr_print_samr_ChangePasswordUser2, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13178,7 +13178,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_GetDomPwInfo), + (ndr_push_flags_fn_t) ndr_push_samr_GetDomPwInfo, + (ndr_pull_flags_fn_t) ndr_pull_samr_GetDomPwInfo, +- (ndr_print_function_t) ndr_print_samr_GetDomPwInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13187,7 +13187,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_Connect2), + (ndr_push_flags_fn_t) ndr_push_samr_Connect2, + (ndr_pull_flags_fn_t) ndr_pull_samr_Connect2, +- (ndr_print_function_t) ndr_print_samr_Connect2, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13196,7 +13196,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_SetUserInfo2), + (ndr_push_flags_fn_t) ndr_push_samr_SetUserInfo2, + (ndr_pull_flags_fn_t) ndr_pull_samr_SetUserInfo2, +- (ndr_print_function_t) ndr_print_samr_SetUserInfo2, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13205,7 +13205,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_SetBootKeyInformation), + (ndr_push_flags_fn_t) ndr_push_samr_SetBootKeyInformation, + (ndr_pull_flags_fn_t) ndr_pull_samr_SetBootKeyInformation, +- (ndr_print_function_t) ndr_print_samr_SetBootKeyInformation, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13214,7 +13214,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_GetBootKeyInformation), + (ndr_push_flags_fn_t) ndr_push_samr_GetBootKeyInformation, + (ndr_pull_flags_fn_t) ndr_pull_samr_GetBootKeyInformation, +- (ndr_print_function_t) ndr_print_samr_GetBootKeyInformation, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13223,7 +13223,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_Connect3), + (ndr_push_flags_fn_t) ndr_push_samr_Connect3, + (ndr_pull_flags_fn_t) ndr_pull_samr_Connect3, +- (ndr_print_function_t) ndr_print_samr_Connect3, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13232,7 +13232,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_Connect4), + (ndr_push_flags_fn_t) ndr_push_samr_Connect4, + (ndr_pull_flags_fn_t) ndr_pull_samr_Connect4, +- (ndr_print_function_t) ndr_print_samr_Connect4, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13241,7 +13241,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_ChangePasswordUser3), + (ndr_push_flags_fn_t) ndr_push_samr_ChangePasswordUser3, + (ndr_pull_flags_fn_t) ndr_pull_samr_ChangePasswordUser3, +- (ndr_print_function_t) ndr_print_samr_ChangePasswordUser3, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13250,7 +13250,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_Connect5), + (ndr_push_flags_fn_t) ndr_push_samr_Connect5, + (ndr_pull_flags_fn_t) ndr_pull_samr_Connect5, +- (ndr_print_function_t) ndr_print_samr_Connect5, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13259,7 +13259,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_RidToSid), + (ndr_push_flags_fn_t) ndr_push_samr_RidToSid, + (ndr_pull_flags_fn_t) ndr_pull_samr_RidToSid, +- (ndr_print_function_t) ndr_print_samr_RidToSid, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13268,7 +13268,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_SetDsrmPassword), + (ndr_push_flags_fn_t) ndr_push_samr_SetDsrmPassword, + (ndr_pull_flags_fn_t) ndr_pull_samr_SetDsrmPassword, +- (ndr_print_function_t) ndr_print_samr_SetDsrmPassword, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -13277,7 +13277,7 @@ static const struct ndr_interface_call s + sizeof(struct samr_ValidatePassword), + (ndr_push_flags_fn_t) ndr_push_samr_ValidatePassword, + (ndr_pull_flags_fn_t) ndr_pull_samr_ValidatePassword, +- (ndr_print_function_t) ndr_print_samr_ValidatePassword, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_scerpc.c ++++ b/source3/librpc/gen_ndr/ndr_scerpc.c +@@ -51,7 +51,7 @@ static const struct ndr_interface_call s + sizeof(struct scerpc_Unknown0), + (ndr_push_flags_fn_t) ndr_push_scerpc_Unknown0, + (ndr_pull_flags_fn_t) ndr_pull_scerpc_Unknown0, +- (ndr_print_function_t) ndr_print_scerpc_Unknown0, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_spoolss.c ++++ b/source3/librpc/gen_ndr/ndr_spoolss.c +@@ -32661,7 +32661,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_EnumPrinters), + (ndr_push_flags_fn_t) ndr_push_spoolss_EnumPrinters, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_EnumPrinters, +- (ndr_print_function_t) ndr_print_spoolss_EnumPrinters, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -32670,7 +32670,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_OpenPrinter), + (ndr_push_flags_fn_t) ndr_push_spoolss_OpenPrinter, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_OpenPrinter, +- (ndr_print_function_t) ndr_print_spoolss_OpenPrinter, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -32679,7 +32679,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_SetJob), + (ndr_push_flags_fn_t) ndr_push_spoolss_SetJob, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_SetJob, +- (ndr_print_function_t) ndr_print_spoolss_SetJob, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -32688,7 +32688,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_GetJob), + (ndr_push_flags_fn_t) ndr_push_spoolss_GetJob, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_GetJob, +- (ndr_print_function_t) ndr_print_spoolss_GetJob, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -32697,7 +32697,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_EnumJobs), + (ndr_push_flags_fn_t) ndr_push_spoolss_EnumJobs, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_EnumJobs, +- (ndr_print_function_t) ndr_print_spoolss_EnumJobs, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -32706,7 +32706,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_AddPrinter), + (ndr_push_flags_fn_t) ndr_push_spoolss_AddPrinter, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_AddPrinter, +- (ndr_print_function_t) ndr_print_spoolss_AddPrinter, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -32715,7 +32715,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_DeletePrinter), + (ndr_push_flags_fn_t) ndr_push_spoolss_DeletePrinter, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_DeletePrinter, +- (ndr_print_function_t) ndr_print_spoolss_DeletePrinter, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -32724,7 +32724,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_SetPrinter), + (ndr_push_flags_fn_t) ndr_push_spoolss_SetPrinter, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_SetPrinter, +- (ndr_print_function_t) ndr_print_spoolss_SetPrinter, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -32733,7 +32733,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_GetPrinter), + (ndr_push_flags_fn_t) ndr_push_spoolss_GetPrinter, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_GetPrinter, +- (ndr_print_function_t) ndr_print_spoolss_GetPrinter, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -32742,7 +32742,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_AddPrinterDriver), + (ndr_push_flags_fn_t) ndr_push_spoolss_AddPrinterDriver, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_AddPrinterDriver, +- (ndr_print_function_t) ndr_print_spoolss_AddPrinterDriver, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -32751,7 +32751,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_EnumPrinterDrivers), + (ndr_push_flags_fn_t) ndr_push_spoolss_EnumPrinterDrivers, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_EnumPrinterDrivers, +- (ndr_print_function_t) ndr_print_spoolss_EnumPrinterDrivers, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -32760,7 +32760,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_GetPrinterDriver), + (ndr_push_flags_fn_t) ndr_push_spoolss_GetPrinterDriver, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_GetPrinterDriver, +- (ndr_print_function_t) ndr_print_spoolss_GetPrinterDriver, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -32769,7 +32769,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_GetPrinterDriverDirectory), + (ndr_push_flags_fn_t) ndr_push_spoolss_GetPrinterDriverDirectory, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_GetPrinterDriverDirectory, +- (ndr_print_function_t) ndr_print_spoolss_GetPrinterDriverDirectory, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -32778,7 +32778,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_DeletePrinterDriver), + (ndr_push_flags_fn_t) ndr_push_spoolss_DeletePrinterDriver, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_DeletePrinterDriver, +- (ndr_print_function_t) ndr_print_spoolss_DeletePrinterDriver, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -32787,7 +32787,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_AddPrintProcessor), + (ndr_push_flags_fn_t) ndr_push_spoolss_AddPrintProcessor, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_AddPrintProcessor, +- (ndr_print_function_t) ndr_print_spoolss_AddPrintProcessor, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -32796,7 +32796,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_EnumPrintProcessors), + (ndr_push_flags_fn_t) ndr_push_spoolss_EnumPrintProcessors, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_EnumPrintProcessors, +- (ndr_print_function_t) ndr_print_spoolss_EnumPrintProcessors, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -32805,7 +32805,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_GetPrintProcessorDirectory), + (ndr_push_flags_fn_t) ndr_push_spoolss_GetPrintProcessorDirectory, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_GetPrintProcessorDirectory, +- (ndr_print_function_t) ndr_print_spoolss_GetPrintProcessorDirectory, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -32814,7 +32814,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_StartDocPrinter), + (ndr_push_flags_fn_t) ndr_push_spoolss_StartDocPrinter, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_StartDocPrinter, +- (ndr_print_function_t) ndr_print_spoolss_StartDocPrinter, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -32823,7 +32823,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_StartPagePrinter), + (ndr_push_flags_fn_t) ndr_push_spoolss_StartPagePrinter, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_StartPagePrinter, +- (ndr_print_function_t) ndr_print_spoolss_StartPagePrinter, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -32832,7 +32832,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_WritePrinter), + (ndr_push_flags_fn_t) ndr_push_spoolss_WritePrinter, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_WritePrinter, +- (ndr_print_function_t) ndr_print_spoolss_WritePrinter, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -32841,7 +32841,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_EndPagePrinter), + (ndr_push_flags_fn_t) ndr_push_spoolss_EndPagePrinter, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_EndPagePrinter, +- (ndr_print_function_t) ndr_print_spoolss_EndPagePrinter, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -32850,7 +32850,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_AbortPrinter), + (ndr_push_flags_fn_t) ndr_push_spoolss_AbortPrinter, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_AbortPrinter, +- (ndr_print_function_t) ndr_print_spoolss_AbortPrinter, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -32859,7 +32859,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_ReadPrinter), + (ndr_push_flags_fn_t) ndr_push_spoolss_ReadPrinter, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_ReadPrinter, +- (ndr_print_function_t) ndr_print_spoolss_ReadPrinter, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -32868,7 +32868,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_EndDocPrinter), + (ndr_push_flags_fn_t) ndr_push_spoolss_EndDocPrinter, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_EndDocPrinter, +- (ndr_print_function_t) ndr_print_spoolss_EndDocPrinter, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -32877,7 +32877,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_AddJob), + (ndr_push_flags_fn_t) ndr_push_spoolss_AddJob, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_AddJob, +- (ndr_print_function_t) ndr_print_spoolss_AddJob, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -32886,7 +32886,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_ScheduleJob), + (ndr_push_flags_fn_t) ndr_push_spoolss_ScheduleJob, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_ScheduleJob, +- (ndr_print_function_t) ndr_print_spoolss_ScheduleJob, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -32895,7 +32895,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_GetPrinterData), + (ndr_push_flags_fn_t) ndr_push_spoolss_GetPrinterData, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_GetPrinterData, +- (ndr_print_function_t) ndr_print_spoolss_GetPrinterData, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -32904,7 +32904,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_SetPrinterData), + (ndr_push_flags_fn_t) ndr_push_spoolss_SetPrinterData, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_SetPrinterData, +- (ndr_print_function_t) ndr_print_spoolss_SetPrinterData, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -32913,7 +32913,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_WaitForPrinterChange), + (ndr_push_flags_fn_t) ndr_push_spoolss_WaitForPrinterChange, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_WaitForPrinterChange, +- (ndr_print_function_t) ndr_print_spoolss_WaitForPrinterChange, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -32922,7 +32922,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_ClosePrinter), + (ndr_push_flags_fn_t) ndr_push_spoolss_ClosePrinter, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_ClosePrinter, +- (ndr_print_function_t) ndr_print_spoolss_ClosePrinter, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -32931,7 +32931,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_AddForm), + (ndr_push_flags_fn_t) ndr_push_spoolss_AddForm, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_AddForm, +- (ndr_print_function_t) ndr_print_spoolss_AddForm, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -32940,7 +32940,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_DeleteForm), + (ndr_push_flags_fn_t) ndr_push_spoolss_DeleteForm, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_DeleteForm, +- (ndr_print_function_t) ndr_print_spoolss_DeleteForm, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -32949,7 +32949,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_GetForm), + (ndr_push_flags_fn_t) ndr_push_spoolss_GetForm, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_GetForm, +- (ndr_print_function_t) ndr_print_spoolss_GetForm, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -32958,7 +32958,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_SetForm), + (ndr_push_flags_fn_t) ndr_push_spoolss_SetForm, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_SetForm, +- (ndr_print_function_t) ndr_print_spoolss_SetForm, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -32967,7 +32967,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_EnumForms), + (ndr_push_flags_fn_t) ndr_push_spoolss_EnumForms, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_EnumForms, +- (ndr_print_function_t) ndr_print_spoolss_EnumForms, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -32976,7 +32976,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_EnumPorts), + (ndr_push_flags_fn_t) ndr_push_spoolss_EnumPorts, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_EnumPorts, +- (ndr_print_function_t) ndr_print_spoolss_EnumPorts, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -32985,7 +32985,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_EnumMonitors), + (ndr_push_flags_fn_t) ndr_push_spoolss_EnumMonitors, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_EnumMonitors, +- (ndr_print_function_t) ndr_print_spoolss_EnumMonitors, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -32994,7 +32994,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_AddPort), + (ndr_push_flags_fn_t) ndr_push_spoolss_AddPort, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_AddPort, +- (ndr_print_function_t) ndr_print_spoolss_AddPort, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33003,7 +33003,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_ConfigurePort), + (ndr_push_flags_fn_t) ndr_push_spoolss_ConfigurePort, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_ConfigurePort, +- (ndr_print_function_t) ndr_print_spoolss_ConfigurePort, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33012,7 +33012,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_DeletePort), + (ndr_push_flags_fn_t) ndr_push_spoolss_DeletePort, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_DeletePort, +- (ndr_print_function_t) ndr_print_spoolss_DeletePort, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33021,7 +33021,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_CreatePrinterIC), + (ndr_push_flags_fn_t) ndr_push_spoolss_CreatePrinterIC, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_CreatePrinterIC, +- (ndr_print_function_t) ndr_print_spoolss_CreatePrinterIC, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33030,7 +33030,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_PlayGDIScriptOnPrinterIC), + (ndr_push_flags_fn_t) ndr_push_spoolss_PlayGDIScriptOnPrinterIC, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_PlayGDIScriptOnPrinterIC, +- (ndr_print_function_t) ndr_print_spoolss_PlayGDIScriptOnPrinterIC, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33039,7 +33039,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_DeletePrinterIC), + (ndr_push_flags_fn_t) ndr_push_spoolss_DeletePrinterIC, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_DeletePrinterIC, +- (ndr_print_function_t) ndr_print_spoolss_DeletePrinterIC, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33048,7 +33048,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_AddPrinterConnection), + (ndr_push_flags_fn_t) ndr_push_spoolss_AddPrinterConnection, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_AddPrinterConnection, +- (ndr_print_function_t) ndr_print_spoolss_AddPrinterConnection, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33057,7 +33057,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_DeletePrinterConnection), + (ndr_push_flags_fn_t) ndr_push_spoolss_DeletePrinterConnection, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_DeletePrinterConnection, +- (ndr_print_function_t) ndr_print_spoolss_DeletePrinterConnection, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33066,7 +33066,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_PrinterMessageBox), + (ndr_push_flags_fn_t) ndr_push_spoolss_PrinterMessageBox, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_PrinterMessageBox, +- (ndr_print_function_t) ndr_print_spoolss_PrinterMessageBox, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33075,7 +33075,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_AddMonitor), + (ndr_push_flags_fn_t) ndr_push_spoolss_AddMonitor, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_AddMonitor, +- (ndr_print_function_t) ndr_print_spoolss_AddMonitor, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33084,7 +33084,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_DeleteMonitor), + (ndr_push_flags_fn_t) ndr_push_spoolss_DeleteMonitor, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_DeleteMonitor, +- (ndr_print_function_t) ndr_print_spoolss_DeleteMonitor, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33093,7 +33093,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_DeletePrintProcessor), + (ndr_push_flags_fn_t) ndr_push_spoolss_DeletePrintProcessor, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_DeletePrintProcessor, +- (ndr_print_function_t) ndr_print_spoolss_DeletePrintProcessor, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33102,7 +33102,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_AddPrintProvidor), + (ndr_push_flags_fn_t) ndr_push_spoolss_AddPrintProvidor, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_AddPrintProvidor, +- (ndr_print_function_t) ndr_print_spoolss_AddPrintProvidor, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33111,7 +33111,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_DeletePrintProvidor), + (ndr_push_flags_fn_t) ndr_push_spoolss_DeletePrintProvidor, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_DeletePrintProvidor, +- (ndr_print_function_t) ndr_print_spoolss_DeletePrintProvidor, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33120,7 +33120,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_EnumPrintProcDataTypes), + (ndr_push_flags_fn_t) ndr_push_spoolss_EnumPrintProcDataTypes, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_EnumPrintProcDataTypes, +- (ndr_print_function_t) ndr_print_spoolss_EnumPrintProcDataTypes, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33129,7 +33129,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_ResetPrinter), + (ndr_push_flags_fn_t) ndr_push_spoolss_ResetPrinter, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_ResetPrinter, +- (ndr_print_function_t) ndr_print_spoolss_ResetPrinter, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33138,7 +33138,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_GetPrinterDriver2), + (ndr_push_flags_fn_t) ndr_push_spoolss_GetPrinterDriver2, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_GetPrinterDriver2, +- (ndr_print_function_t) ndr_print_spoolss_GetPrinterDriver2, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33147,7 +33147,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_FindFirstPrinterChangeNotification), + (ndr_push_flags_fn_t) ndr_push_spoolss_FindFirstPrinterChangeNotification, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_FindFirstPrinterChangeNotification, +- (ndr_print_function_t) ndr_print_spoolss_FindFirstPrinterChangeNotification, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33156,7 +33156,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_FindNextPrinterChangeNotification), + (ndr_push_flags_fn_t) ndr_push_spoolss_FindNextPrinterChangeNotification, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_FindNextPrinterChangeNotification, +- (ndr_print_function_t) ndr_print_spoolss_FindNextPrinterChangeNotification, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33165,7 +33165,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_FindClosePrinterNotify), + (ndr_push_flags_fn_t) ndr_push_spoolss_FindClosePrinterNotify, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_FindClosePrinterNotify, +- (ndr_print_function_t) ndr_print_spoolss_FindClosePrinterNotify, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33174,7 +33174,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_RouterFindFirstPrinterChangeNotificationOld), + (ndr_push_flags_fn_t) ndr_push_spoolss_RouterFindFirstPrinterChangeNotificationOld, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_RouterFindFirstPrinterChangeNotificationOld, +- (ndr_print_function_t) ndr_print_spoolss_RouterFindFirstPrinterChangeNotificationOld, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33183,7 +33183,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_ReplyOpenPrinter), + (ndr_push_flags_fn_t) ndr_push_spoolss_ReplyOpenPrinter, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_ReplyOpenPrinter, +- (ndr_print_function_t) ndr_print_spoolss_ReplyOpenPrinter, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33192,7 +33192,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_RouterReplyPrinter), + (ndr_push_flags_fn_t) ndr_push_spoolss_RouterReplyPrinter, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_RouterReplyPrinter, +- (ndr_print_function_t) ndr_print_spoolss_RouterReplyPrinter, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33201,7 +33201,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_ReplyClosePrinter), + (ndr_push_flags_fn_t) ndr_push_spoolss_ReplyClosePrinter, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_ReplyClosePrinter, +- (ndr_print_function_t) ndr_print_spoolss_ReplyClosePrinter, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33210,7 +33210,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_AddPortEx), + (ndr_push_flags_fn_t) ndr_push_spoolss_AddPortEx, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_AddPortEx, +- (ndr_print_function_t) ndr_print_spoolss_AddPortEx, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33219,7 +33219,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_RouterFindFirstPrinterChangeNotification), + (ndr_push_flags_fn_t) ndr_push_spoolss_RouterFindFirstPrinterChangeNotification, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_RouterFindFirstPrinterChangeNotification, +- (ndr_print_function_t) ndr_print_spoolss_RouterFindFirstPrinterChangeNotification, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33228,7 +33228,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_SpoolerInit), + (ndr_push_flags_fn_t) ndr_push_spoolss_SpoolerInit, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_SpoolerInit, +- (ndr_print_function_t) ndr_print_spoolss_SpoolerInit, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33237,7 +33237,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_ResetPrinterEx), + (ndr_push_flags_fn_t) ndr_push_spoolss_ResetPrinterEx, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_ResetPrinterEx, +- (ndr_print_function_t) ndr_print_spoolss_ResetPrinterEx, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33246,7 +33246,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_RemoteFindFirstPrinterChangeNotifyEx), + (ndr_push_flags_fn_t) ndr_push_spoolss_RemoteFindFirstPrinterChangeNotifyEx, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_RemoteFindFirstPrinterChangeNotifyEx, +- (ndr_print_function_t) ndr_print_spoolss_RemoteFindFirstPrinterChangeNotifyEx, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33255,7 +33255,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_RouterReplyPrinterEx), + (ndr_push_flags_fn_t) ndr_push_spoolss_RouterReplyPrinterEx, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_RouterReplyPrinterEx, +- (ndr_print_function_t) ndr_print_spoolss_RouterReplyPrinterEx, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33264,7 +33264,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_RouterRefreshPrinterChangeNotify), + (ndr_push_flags_fn_t) ndr_push_spoolss_RouterRefreshPrinterChangeNotify, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_RouterRefreshPrinterChangeNotify, +- (ndr_print_function_t) ndr_print_spoolss_RouterRefreshPrinterChangeNotify, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33273,7 +33273,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_44), + (ndr_push_flags_fn_t) ndr_push_spoolss_44, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_44, +- (ndr_print_function_t) ndr_print_spoolss_44, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33282,7 +33282,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_OpenPrinterEx), + (ndr_push_flags_fn_t) ndr_push_spoolss_OpenPrinterEx, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_OpenPrinterEx, +- (ndr_print_function_t) ndr_print_spoolss_OpenPrinterEx, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33291,7 +33291,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_AddPrinterEx), + (ndr_push_flags_fn_t) ndr_push_spoolss_AddPrinterEx, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_AddPrinterEx, +- (ndr_print_function_t) ndr_print_spoolss_AddPrinterEx, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33300,7 +33300,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_SetPort), + (ndr_push_flags_fn_t) ndr_push_spoolss_SetPort, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_SetPort, +- (ndr_print_function_t) ndr_print_spoolss_SetPort, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33309,7 +33309,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_EnumPrinterData), + (ndr_push_flags_fn_t) ndr_push_spoolss_EnumPrinterData, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_EnumPrinterData, +- (ndr_print_function_t) ndr_print_spoolss_EnumPrinterData, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33318,7 +33318,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_DeletePrinterData), + (ndr_push_flags_fn_t) ndr_push_spoolss_DeletePrinterData, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_DeletePrinterData, +- (ndr_print_function_t) ndr_print_spoolss_DeletePrinterData, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33327,7 +33327,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_4a), + (ndr_push_flags_fn_t) ndr_push_spoolss_4a, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_4a, +- (ndr_print_function_t) ndr_print_spoolss_4a, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33336,7 +33336,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_4b), + (ndr_push_flags_fn_t) ndr_push_spoolss_4b, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_4b, +- (ndr_print_function_t) ndr_print_spoolss_4b, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33345,7 +33345,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_4c), + (ndr_push_flags_fn_t) ndr_push_spoolss_4c, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_4c, +- (ndr_print_function_t) ndr_print_spoolss_4c, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33354,7 +33354,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_SetPrinterDataEx), + (ndr_push_flags_fn_t) ndr_push_spoolss_SetPrinterDataEx, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_SetPrinterDataEx, +- (ndr_print_function_t) ndr_print_spoolss_SetPrinterDataEx, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33363,7 +33363,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_GetPrinterDataEx), + (ndr_push_flags_fn_t) ndr_push_spoolss_GetPrinterDataEx, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_GetPrinterDataEx, +- (ndr_print_function_t) ndr_print_spoolss_GetPrinterDataEx, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33372,7 +33372,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_EnumPrinterDataEx), + (ndr_push_flags_fn_t) ndr_push_spoolss_EnumPrinterDataEx, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_EnumPrinterDataEx, +- (ndr_print_function_t) ndr_print_spoolss_EnumPrinterDataEx, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33381,7 +33381,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_EnumPrinterKey), + (ndr_push_flags_fn_t) ndr_push_spoolss_EnumPrinterKey, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_EnumPrinterKey, +- (ndr_print_function_t) ndr_print_spoolss_EnumPrinterKey, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33390,7 +33390,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_DeletePrinterDataEx), + (ndr_push_flags_fn_t) ndr_push_spoolss_DeletePrinterDataEx, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_DeletePrinterDataEx, +- (ndr_print_function_t) ndr_print_spoolss_DeletePrinterDataEx, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33399,7 +33399,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_DeletePrinterKey), + (ndr_push_flags_fn_t) ndr_push_spoolss_DeletePrinterKey, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_DeletePrinterKey, +- (ndr_print_function_t) ndr_print_spoolss_DeletePrinterKey, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33408,7 +33408,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_53), + (ndr_push_flags_fn_t) ndr_push_spoolss_53, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_53, +- (ndr_print_function_t) ndr_print_spoolss_53, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33417,7 +33417,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_DeletePrinterDriverEx), + (ndr_push_flags_fn_t) ndr_push_spoolss_DeletePrinterDriverEx, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_DeletePrinterDriverEx, +- (ndr_print_function_t) ndr_print_spoolss_DeletePrinterDriverEx, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33426,7 +33426,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_AddPerMachineConnection), + (ndr_push_flags_fn_t) ndr_push_spoolss_AddPerMachineConnection, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_AddPerMachineConnection, +- (ndr_print_function_t) ndr_print_spoolss_AddPerMachineConnection, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33435,7 +33435,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_DeletePerMachineConnection), + (ndr_push_flags_fn_t) ndr_push_spoolss_DeletePerMachineConnection, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_DeletePerMachineConnection, +- (ndr_print_function_t) ndr_print_spoolss_DeletePerMachineConnection, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33444,7 +33444,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_EnumPerMachineConnections), + (ndr_push_flags_fn_t) ndr_push_spoolss_EnumPerMachineConnections, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_EnumPerMachineConnections, +- (ndr_print_function_t) ndr_print_spoolss_EnumPerMachineConnections, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33453,7 +33453,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_XcvData), + (ndr_push_flags_fn_t) ndr_push_spoolss_XcvData, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_XcvData, +- (ndr_print_function_t) ndr_print_spoolss_XcvData, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33462,7 +33462,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_AddPrinterDriverEx), + (ndr_push_flags_fn_t) ndr_push_spoolss_AddPrinterDriverEx, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_AddPrinterDriverEx, +- (ndr_print_function_t) ndr_print_spoolss_AddPrinterDriverEx, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33471,7 +33471,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_5a), + (ndr_push_flags_fn_t) ndr_push_spoolss_5a, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_5a, +- (ndr_print_function_t) ndr_print_spoolss_5a, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33480,7 +33480,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_5b), + (ndr_push_flags_fn_t) ndr_push_spoolss_5b, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_5b, +- (ndr_print_function_t) ndr_print_spoolss_5b, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33489,7 +33489,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_5c), + (ndr_push_flags_fn_t) ndr_push_spoolss_5c, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_5c, +- (ndr_print_function_t) ndr_print_spoolss_5c, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33498,7 +33498,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_5d), + (ndr_push_flags_fn_t) ndr_push_spoolss_5d, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_5d, +- (ndr_print_function_t) ndr_print_spoolss_5d, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33507,7 +33507,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_5e), + (ndr_push_flags_fn_t) ndr_push_spoolss_5e, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_5e, +- (ndr_print_function_t) ndr_print_spoolss_5e, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33516,7 +33516,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_5f), + (ndr_push_flags_fn_t) ndr_push_spoolss_5f, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_5f, +- (ndr_print_function_t) ndr_print_spoolss_5f, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33525,7 +33525,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_60), + (ndr_push_flags_fn_t) ndr_push_spoolss_60, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_60, +- (ndr_print_function_t) ndr_print_spoolss_60, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33534,7 +33534,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_61), + (ndr_push_flags_fn_t) ndr_push_spoolss_61, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_61, +- (ndr_print_function_t) ndr_print_spoolss_61, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33543,7 +33543,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_62), + (ndr_push_flags_fn_t) ndr_push_spoolss_62, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_62, +- (ndr_print_function_t) ndr_print_spoolss_62, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33552,7 +33552,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_63), + (ndr_push_flags_fn_t) ndr_push_spoolss_63, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_63, +- (ndr_print_function_t) ndr_print_spoolss_63, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33561,7 +33561,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_64), + (ndr_push_flags_fn_t) ndr_push_spoolss_64, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_64, +- (ndr_print_function_t) ndr_print_spoolss_64, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33570,7 +33570,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_65), + (ndr_push_flags_fn_t) ndr_push_spoolss_65, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_65, +- (ndr_print_function_t) ndr_print_spoolss_65, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33579,7 +33579,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_GetCorePrinterDrivers), + (ndr_push_flags_fn_t) ndr_push_spoolss_GetCorePrinterDrivers, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_GetCorePrinterDrivers, +- (ndr_print_function_t) ndr_print_spoolss_GetCorePrinterDrivers, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33588,7 +33588,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_67), + (ndr_push_flags_fn_t) ndr_push_spoolss_67, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_67, +- (ndr_print_function_t) ndr_print_spoolss_67, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33597,7 +33597,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_GetPrinterDriverPackagePath), + (ndr_push_flags_fn_t) ndr_push_spoolss_GetPrinterDriverPackagePath, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_GetPrinterDriverPackagePath, +- (ndr_print_function_t) ndr_print_spoolss_GetPrinterDriverPackagePath, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33606,7 +33606,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_69), + (ndr_push_flags_fn_t) ndr_push_spoolss_69, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_69, +- (ndr_print_function_t) ndr_print_spoolss_69, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33615,7 +33615,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_6a), + (ndr_push_flags_fn_t) ndr_push_spoolss_6a, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_6a, +- (ndr_print_function_t) ndr_print_spoolss_6a, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33624,7 +33624,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_6b), + (ndr_push_flags_fn_t) ndr_push_spoolss_6b, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_6b, +- (ndr_print_function_t) ndr_print_spoolss_6b, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33633,7 +33633,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_6c), + (ndr_push_flags_fn_t) ndr_push_spoolss_6c, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_6c, +- (ndr_print_function_t) ndr_print_spoolss_6c, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -33642,7 +33642,7 @@ static const struct ndr_interface_call s + sizeof(struct spoolss_6d), + (ndr_push_flags_fn_t) ndr_push_spoolss_6d, + (ndr_pull_flags_fn_t) ndr_pull_spoolss_6d, +- (ndr_print_function_t) ndr_print_spoolss_6d, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_srvsvc.c ++++ b/source3/librpc/gen_ndr/ndr_srvsvc.c +@@ -20229,7 +20229,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NetCharDevEnum), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NetCharDevEnum, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NetCharDevEnum, +- (ndr_print_function_t) ndr_print_srvsvc_NetCharDevEnum, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20238,7 +20238,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NetCharDevGetInfo), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NetCharDevGetInfo, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NetCharDevGetInfo, +- (ndr_print_function_t) ndr_print_srvsvc_NetCharDevGetInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20247,7 +20247,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NetCharDevControl), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NetCharDevControl, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NetCharDevControl, +- (ndr_print_function_t) ndr_print_srvsvc_NetCharDevControl, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20256,7 +20256,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NetCharDevQEnum), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NetCharDevQEnum, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NetCharDevQEnum, +- (ndr_print_function_t) ndr_print_srvsvc_NetCharDevQEnum, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20265,7 +20265,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NetCharDevQGetInfo), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NetCharDevQGetInfo, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NetCharDevQGetInfo, +- (ndr_print_function_t) ndr_print_srvsvc_NetCharDevQGetInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20274,7 +20274,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NetCharDevQSetInfo), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NetCharDevQSetInfo, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NetCharDevQSetInfo, +- (ndr_print_function_t) ndr_print_srvsvc_NetCharDevQSetInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20283,7 +20283,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NetCharDevQPurge), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NetCharDevQPurge, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NetCharDevQPurge, +- (ndr_print_function_t) ndr_print_srvsvc_NetCharDevQPurge, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20292,7 +20292,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NetCharDevQPurgeSelf), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NetCharDevQPurgeSelf, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NetCharDevQPurgeSelf, +- (ndr_print_function_t) ndr_print_srvsvc_NetCharDevQPurgeSelf, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20301,7 +20301,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NetConnEnum), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NetConnEnum, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NetConnEnum, +- (ndr_print_function_t) ndr_print_srvsvc_NetConnEnum, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20310,7 +20310,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NetFileEnum), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NetFileEnum, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NetFileEnum, +- (ndr_print_function_t) ndr_print_srvsvc_NetFileEnum, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20319,7 +20319,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NetFileGetInfo), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NetFileGetInfo, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NetFileGetInfo, +- (ndr_print_function_t) ndr_print_srvsvc_NetFileGetInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20328,7 +20328,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NetFileClose), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NetFileClose, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NetFileClose, +- (ndr_print_function_t) ndr_print_srvsvc_NetFileClose, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20337,7 +20337,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NetSessEnum), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NetSessEnum, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NetSessEnum, +- (ndr_print_function_t) ndr_print_srvsvc_NetSessEnum, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20346,7 +20346,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NetSessDel), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NetSessDel, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NetSessDel, +- (ndr_print_function_t) ndr_print_srvsvc_NetSessDel, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20355,7 +20355,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NetShareAdd), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NetShareAdd, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NetShareAdd, +- (ndr_print_function_t) ndr_print_srvsvc_NetShareAdd, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20364,7 +20364,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NetShareEnumAll), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NetShareEnumAll, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NetShareEnumAll, +- (ndr_print_function_t) ndr_print_srvsvc_NetShareEnumAll, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20373,7 +20373,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NetShareGetInfo), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NetShareGetInfo, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NetShareGetInfo, +- (ndr_print_function_t) ndr_print_srvsvc_NetShareGetInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20382,7 +20382,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NetShareSetInfo), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NetShareSetInfo, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NetShareSetInfo, +- (ndr_print_function_t) ndr_print_srvsvc_NetShareSetInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20391,7 +20391,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NetShareDel), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NetShareDel, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NetShareDel, +- (ndr_print_function_t) ndr_print_srvsvc_NetShareDel, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20400,7 +20400,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NetShareDelSticky), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NetShareDelSticky, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NetShareDelSticky, +- (ndr_print_function_t) ndr_print_srvsvc_NetShareDelSticky, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20409,7 +20409,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NetShareCheck), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NetShareCheck, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NetShareCheck, +- (ndr_print_function_t) ndr_print_srvsvc_NetShareCheck, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20418,7 +20418,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NetSrvGetInfo), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NetSrvGetInfo, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NetSrvGetInfo, +- (ndr_print_function_t) ndr_print_srvsvc_NetSrvGetInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20427,7 +20427,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NetSrvSetInfo), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NetSrvSetInfo, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NetSrvSetInfo, +- (ndr_print_function_t) ndr_print_srvsvc_NetSrvSetInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20436,7 +20436,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NetDiskEnum), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NetDiskEnum, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NetDiskEnum, +- (ndr_print_function_t) ndr_print_srvsvc_NetDiskEnum, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20445,7 +20445,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NetServerStatisticsGet), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NetServerStatisticsGet, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NetServerStatisticsGet, +- (ndr_print_function_t) ndr_print_srvsvc_NetServerStatisticsGet, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20454,7 +20454,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NetTransportAdd), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NetTransportAdd, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NetTransportAdd, +- (ndr_print_function_t) ndr_print_srvsvc_NetTransportAdd, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20463,7 +20463,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NetTransportEnum), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NetTransportEnum, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NetTransportEnum, +- (ndr_print_function_t) ndr_print_srvsvc_NetTransportEnum, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20472,7 +20472,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NetTransportDel), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NetTransportDel, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NetTransportDel, +- (ndr_print_function_t) ndr_print_srvsvc_NetTransportDel, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20481,7 +20481,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NetRemoteTOD), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NetRemoteTOD, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NetRemoteTOD, +- (ndr_print_function_t) ndr_print_srvsvc_NetRemoteTOD, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20490,7 +20490,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NetSetServiceBits), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NetSetServiceBits, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NetSetServiceBits, +- (ndr_print_function_t) ndr_print_srvsvc_NetSetServiceBits, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20499,7 +20499,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NetPathType), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NetPathType, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NetPathType, +- (ndr_print_function_t) ndr_print_srvsvc_NetPathType, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20508,7 +20508,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NetPathCanonicalize), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NetPathCanonicalize, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NetPathCanonicalize, +- (ndr_print_function_t) ndr_print_srvsvc_NetPathCanonicalize, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20517,7 +20517,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NetPathCompare), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NetPathCompare, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NetPathCompare, +- (ndr_print_function_t) ndr_print_srvsvc_NetPathCompare, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20526,7 +20526,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NetNameValidate), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NetNameValidate, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NetNameValidate, +- (ndr_print_function_t) ndr_print_srvsvc_NetNameValidate, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20535,7 +20535,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NETRPRNAMECANONICALIZE), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NETRPRNAMECANONICALIZE, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NETRPRNAMECANONICALIZE, +- (ndr_print_function_t) ndr_print_srvsvc_NETRPRNAMECANONICALIZE, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20544,7 +20544,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NetPRNameCompare), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NetPRNameCompare, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NetPRNameCompare, +- (ndr_print_function_t) ndr_print_srvsvc_NetPRNameCompare, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20553,7 +20553,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NetShareEnum), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NetShareEnum, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NetShareEnum, +- (ndr_print_function_t) ndr_print_srvsvc_NetShareEnum, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20562,7 +20562,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NetShareDelStart), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NetShareDelStart, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NetShareDelStart, +- (ndr_print_function_t) ndr_print_srvsvc_NetShareDelStart, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20571,7 +20571,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NetShareDelCommit), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NetShareDelCommit, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NetShareDelCommit, +- (ndr_print_function_t) ndr_print_srvsvc_NetShareDelCommit, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20580,7 +20580,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NetGetFileSecurity), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NetGetFileSecurity, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NetGetFileSecurity, +- (ndr_print_function_t) ndr_print_srvsvc_NetGetFileSecurity, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20589,7 +20589,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NetSetFileSecurity), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NetSetFileSecurity, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NetSetFileSecurity, +- (ndr_print_function_t) ndr_print_srvsvc_NetSetFileSecurity, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20598,7 +20598,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NetServerTransportAddEx), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NetServerTransportAddEx, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NetServerTransportAddEx, +- (ndr_print_function_t) ndr_print_srvsvc_NetServerTransportAddEx, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20607,7 +20607,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NetServerSetServiceBitsEx), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NetServerSetServiceBitsEx, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NetServerSetServiceBitsEx, +- (ndr_print_function_t) ndr_print_srvsvc_NetServerSetServiceBitsEx, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20616,7 +20616,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NETRDFSGETVERSION), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NETRDFSGETVERSION, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NETRDFSGETVERSION, +- (ndr_print_function_t) ndr_print_srvsvc_NETRDFSGETVERSION, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20625,7 +20625,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NETRDFSCREATELOCALPARTITION), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NETRDFSCREATELOCALPARTITION, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NETRDFSCREATELOCALPARTITION, +- (ndr_print_function_t) ndr_print_srvsvc_NETRDFSCREATELOCALPARTITION, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20634,7 +20634,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NETRDFSDELETELOCALPARTITION), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NETRDFSDELETELOCALPARTITION, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NETRDFSDELETELOCALPARTITION, +- (ndr_print_function_t) ndr_print_srvsvc_NETRDFSDELETELOCALPARTITION, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20643,7 +20643,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NETRDFSSETLOCALVOLUMESTATE), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NETRDFSSETLOCALVOLUMESTATE, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NETRDFSSETLOCALVOLUMESTATE, +- (ndr_print_function_t) ndr_print_srvsvc_NETRDFSSETLOCALVOLUMESTATE, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20652,7 +20652,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NETRDFSSETSERVERINFO), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NETRDFSSETSERVERINFO, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NETRDFSSETSERVERINFO, +- (ndr_print_function_t) ndr_print_srvsvc_NETRDFSSETSERVERINFO, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20661,7 +20661,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NETRDFSCREATEEXITPOINT), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NETRDFSCREATEEXITPOINT, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NETRDFSCREATEEXITPOINT, +- (ndr_print_function_t) ndr_print_srvsvc_NETRDFSCREATEEXITPOINT, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20670,7 +20670,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NETRDFSDELETEEXITPOINT), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NETRDFSDELETEEXITPOINT, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NETRDFSDELETEEXITPOINT, +- (ndr_print_function_t) ndr_print_srvsvc_NETRDFSDELETEEXITPOINT, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20679,7 +20679,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NETRDFSMODIFYPREFIX), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NETRDFSMODIFYPREFIX, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NETRDFSMODIFYPREFIX, +- (ndr_print_function_t) ndr_print_srvsvc_NETRDFSMODIFYPREFIX, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20688,7 +20688,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NETRDFSFIXLOCALVOLUME), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NETRDFSFIXLOCALVOLUME, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NETRDFSFIXLOCALVOLUME, +- (ndr_print_function_t) ndr_print_srvsvc_NETRDFSFIXLOCALVOLUME, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20697,7 +20697,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NETRDFSMANAGERREPORTSITEINFO), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NETRDFSMANAGERREPORTSITEINFO, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NETRDFSMANAGERREPORTSITEINFO, +- (ndr_print_function_t) ndr_print_srvsvc_NETRDFSMANAGERREPORTSITEINFO, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -20706,7 +20706,7 @@ static const struct ndr_interface_call s + sizeof(struct srvsvc_NETRSERVERTRANSPORTDELEX), + (ndr_push_flags_fn_t) ndr_push_srvsvc_NETRSERVERTRANSPORTDELEX, + (ndr_pull_flags_fn_t) ndr_pull_srvsvc_NETRSERVERTRANSPORTDELEX, +- (ndr_print_function_t) ndr_print_srvsvc_NETRSERVERTRANSPORTDELEX, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_svcctl.c ++++ b/source3/librpc/gen_ndr/ndr_svcctl.c +@@ -7175,7 +7175,7 @@ static const struct ndr_interface_call s + sizeof(struct svcctl_CloseServiceHandle), + (ndr_push_flags_fn_t) ndr_push_svcctl_CloseServiceHandle, + (ndr_pull_flags_fn_t) ndr_pull_svcctl_CloseServiceHandle, +- (ndr_print_function_t) ndr_print_svcctl_CloseServiceHandle, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7184,7 +7184,7 @@ static const struct ndr_interface_call s + sizeof(struct svcctl_ControlService), + (ndr_push_flags_fn_t) ndr_push_svcctl_ControlService, + (ndr_pull_flags_fn_t) ndr_pull_svcctl_ControlService, +- (ndr_print_function_t) ndr_print_svcctl_ControlService, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7193,7 +7193,7 @@ static const struct ndr_interface_call s + sizeof(struct svcctl_DeleteService), + (ndr_push_flags_fn_t) ndr_push_svcctl_DeleteService, + (ndr_pull_flags_fn_t) ndr_pull_svcctl_DeleteService, +- (ndr_print_function_t) ndr_print_svcctl_DeleteService, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7202,7 +7202,7 @@ static const struct ndr_interface_call s + sizeof(struct svcctl_LockServiceDatabase), + (ndr_push_flags_fn_t) ndr_push_svcctl_LockServiceDatabase, + (ndr_pull_flags_fn_t) ndr_pull_svcctl_LockServiceDatabase, +- (ndr_print_function_t) ndr_print_svcctl_LockServiceDatabase, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7211,7 +7211,7 @@ static const struct ndr_interface_call s + sizeof(struct svcctl_QueryServiceObjectSecurity), + (ndr_push_flags_fn_t) ndr_push_svcctl_QueryServiceObjectSecurity, + (ndr_pull_flags_fn_t) ndr_pull_svcctl_QueryServiceObjectSecurity, +- (ndr_print_function_t) ndr_print_svcctl_QueryServiceObjectSecurity, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7220,7 +7220,7 @@ static const struct ndr_interface_call s + sizeof(struct svcctl_SetServiceObjectSecurity), + (ndr_push_flags_fn_t) ndr_push_svcctl_SetServiceObjectSecurity, + (ndr_pull_flags_fn_t) ndr_pull_svcctl_SetServiceObjectSecurity, +- (ndr_print_function_t) ndr_print_svcctl_SetServiceObjectSecurity, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7229,7 +7229,7 @@ static const struct ndr_interface_call s + sizeof(struct svcctl_QueryServiceStatus), + (ndr_push_flags_fn_t) ndr_push_svcctl_QueryServiceStatus, + (ndr_pull_flags_fn_t) ndr_pull_svcctl_QueryServiceStatus, +- (ndr_print_function_t) ndr_print_svcctl_QueryServiceStatus, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7238,7 +7238,7 @@ static const struct ndr_interface_call s + sizeof(struct svcctl_SetServiceStatus), + (ndr_push_flags_fn_t) ndr_push_svcctl_SetServiceStatus, + (ndr_pull_flags_fn_t) ndr_pull_svcctl_SetServiceStatus, +- (ndr_print_function_t) ndr_print_svcctl_SetServiceStatus, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7247,7 +7247,7 @@ static const struct ndr_interface_call s + sizeof(struct svcctl_UnlockServiceDatabase), + (ndr_push_flags_fn_t) ndr_push_svcctl_UnlockServiceDatabase, + (ndr_pull_flags_fn_t) ndr_pull_svcctl_UnlockServiceDatabase, +- (ndr_print_function_t) ndr_print_svcctl_UnlockServiceDatabase, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7256,7 +7256,7 @@ static const struct ndr_interface_call s + sizeof(struct svcctl_NotifyBootConfigStatus), + (ndr_push_flags_fn_t) ndr_push_svcctl_NotifyBootConfigStatus, + (ndr_pull_flags_fn_t) ndr_pull_svcctl_NotifyBootConfigStatus, +- (ndr_print_function_t) ndr_print_svcctl_NotifyBootConfigStatus, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7265,7 +7265,7 @@ static const struct ndr_interface_call s + sizeof(struct svcctl_SCSetServiceBitsW), + (ndr_push_flags_fn_t) ndr_push_svcctl_SCSetServiceBitsW, + (ndr_pull_flags_fn_t) ndr_pull_svcctl_SCSetServiceBitsW, +- (ndr_print_function_t) ndr_print_svcctl_SCSetServiceBitsW, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7274,7 +7274,7 @@ static const struct ndr_interface_call s + sizeof(struct svcctl_ChangeServiceConfigW), + (ndr_push_flags_fn_t) ndr_push_svcctl_ChangeServiceConfigW, + (ndr_pull_flags_fn_t) ndr_pull_svcctl_ChangeServiceConfigW, +- (ndr_print_function_t) ndr_print_svcctl_ChangeServiceConfigW, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7283,7 +7283,7 @@ static const struct ndr_interface_call s + sizeof(struct svcctl_CreateServiceW), + (ndr_push_flags_fn_t) ndr_push_svcctl_CreateServiceW, + (ndr_pull_flags_fn_t) ndr_pull_svcctl_CreateServiceW, +- (ndr_print_function_t) ndr_print_svcctl_CreateServiceW, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7292,7 +7292,7 @@ static const struct ndr_interface_call s + sizeof(struct svcctl_EnumDependentServicesW), + (ndr_push_flags_fn_t) ndr_push_svcctl_EnumDependentServicesW, + (ndr_pull_flags_fn_t) ndr_pull_svcctl_EnumDependentServicesW, +- (ndr_print_function_t) ndr_print_svcctl_EnumDependentServicesW, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7301,7 +7301,7 @@ static const struct ndr_interface_call s + sizeof(struct svcctl_EnumServicesStatusW), + (ndr_push_flags_fn_t) ndr_push_svcctl_EnumServicesStatusW, + (ndr_pull_flags_fn_t) ndr_pull_svcctl_EnumServicesStatusW, +- (ndr_print_function_t) ndr_print_svcctl_EnumServicesStatusW, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7310,7 +7310,7 @@ static const struct ndr_interface_call s + sizeof(struct svcctl_OpenSCManagerW), + (ndr_push_flags_fn_t) ndr_push_svcctl_OpenSCManagerW, + (ndr_pull_flags_fn_t) ndr_pull_svcctl_OpenSCManagerW, +- (ndr_print_function_t) ndr_print_svcctl_OpenSCManagerW, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7319,7 +7319,7 @@ static const struct ndr_interface_call s + sizeof(struct svcctl_OpenServiceW), + (ndr_push_flags_fn_t) ndr_push_svcctl_OpenServiceW, + (ndr_pull_flags_fn_t) ndr_pull_svcctl_OpenServiceW, +- (ndr_print_function_t) ndr_print_svcctl_OpenServiceW, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7328,7 +7328,7 @@ static const struct ndr_interface_call s + sizeof(struct svcctl_QueryServiceConfigW), + (ndr_push_flags_fn_t) ndr_push_svcctl_QueryServiceConfigW, + (ndr_pull_flags_fn_t) ndr_pull_svcctl_QueryServiceConfigW, +- (ndr_print_function_t) ndr_print_svcctl_QueryServiceConfigW, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7337,7 +7337,7 @@ static const struct ndr_interface_call s + sizeof(struct svcctl_QueryServiceLockStatusW), + (ndr_push_flags_fn_t) ndr_push_svcctl_QueryServiceLockStatusW, + (ndr_pull_flags_fn_t) ndr_pull_svcctl_QueryServiceLockStatusW, +- (ndr_print_function_t) ndr_print_svcctl_QueryServiceLockStatusW, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7346,7 +7346,7 @@ static const struct ndr_interface_call s + sizeof(struct svcctl_StartServiceW), + (ndr_push_flags_fn_t) ndr_push_svcctl_StartServiceW, + (ndr_pull_flags_fn_t) ndr_pull_svcctl_StartServiceW, +- (ndr_print_function_t) ndr_print_svcctl_StartServiceW, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7355,7 +7355,7 @@ static const struct ndr_interface_call s + sizeof(struct svcctl_GetServiceDisplayNameW), + (ndr_push_flags_fn_t) ndr_push_svcctl_GetServiceDisplayNameW, + (ndr_pull_flags_fn_t) ndr_pull_svcctl_GetServiceDisplayNameW, +- (ndr_print_function_t) ndr_print_svcctl_GetServiceDisplayNameW, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7364,7 +7364,7 @@ static const struct ndr_interface_call s + sizeof(struct svcctl_GetServiceKeyNameW), + (ndr_push_flags_fn_t) ndr_push_svcctl_GetServiceKeyNameW, + (ndr_pull_flags_fn_t) ndr_pull_svcctl_GetServiceKeyNameW, +- (ndr_print_function_t) ndr_print_svcctl_GetServiceKeyNameW, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7373,7 +7373,7 @@ static const struct ndr_interface_call s + sizeof(struct svcctl_SCSetServiceBitsA), + (ndr_push_flags_fn_t) ndr_push_svcctl_SCSetServiceBitsA, + (ndr_pull_flags_fn_t) ndr_pull_svcctl_SCSetServiceBitsA, +- (ndr_print_function_t) ndr_print_svcctl_SCSetServiceBitsA, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7382,7 +7382,7 @@ static const struct ndr_interface_call s + sizeof(struct svcctl_ChangeServiceConfigA), + (ndr_push_flags_fn_t) ndr_push_svcctl_ChangeServiceConfigA, + (ndr_pull_flags_fn_t) ndr_pull_svcctl_ChangeServiceConfigA, +- (ndr_print_function_t) ndr_print_svcctl_ChangeServiceConfigA, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7391,7 +7391,7 @@ static const struct ndr_interface_call s + sizeof(struct svcctl_CreateServiceA), + (ndr_push_flags_fn_t) ndr_push_svcctl_CreateServiceA, + (ndr_pull_flags_fn_t) ndr_pull_svcctl_CreateServiceA, +- (ndr_print_function_t) ndr_print_svcctl_CreateServiceA, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7400,7 +7400,7 @@ static const struct ndr_interface_call s + sizeof(struct svcctl_EnumDependentServicesA), + (ndr_push_flags_fn_t) ndr_push_svcctl_EnumDependentServicesA, + (ndr_pull_flags_fn_t) ndr_pull_svcctl_EnumDependentServicesA, +- (ndr_print_function_t) ndr_print_svcctl_EnumDependentServicesA, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7409,7 +7409,7 @@ static const struct ndr_interface_call s + sizeof(struct svcctl_EnumServicesStatusA), + (ndr_push_flags_fn_t) ndr_push_svcctl_EnumServicesStatusA, + (ndr_pull_flags_fn_t) ndr_pull_svcctl_EnumServicesStatusA, +- (ndr_print_function_t) ndr_print_svcctl_EnumServicesStatusA, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7418,7 +7418,7 @@ static const struct ndr_interface_call s + sizeof(struct svcctl_OpenSCManagerA), + (ndr_push_flags_fn_t) ndr_push_svcctl_OpenSCManagerA, + (ndr_pull_flags_fn_t) ndr_pull_svcctl_OpenSCManagerA, +- (ndr_print_function_t) ndr_print_svcctl_OpenSCManagerA, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7427,7 +7427,7 @@ static const struct ndr_interface_call s + sizeof(struct svcctl_OpenServiceA), + (ndr_push_flags_fn_t) ndr_push_svcctl_OpenServiceA, + (ndr_pull_flags_fn_t) ndr_pull_svcctl_OpenServiceA, +- (ndr_print_function_t) ndr_print_svcctl_OpenServiceA, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7436,7 +7436,7 @@ static const struct ndr_interface_call s + sizeof(struct svcctl_QueryServiceConfigA), + (ndr_push_flags_fn_t) ndr_push_svcctl_QueryServiceConfigA, + (ndr_pull_flags_fn_t) ndr_pull_svcctl_QueryServiceConfigA, +- (ndr_print_function_t) ndr_print_svcctl_QueryServiceConfigA, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7445,7 +7445,7 @@ static const struct ndr_interface_call s + sizeof(struct svcctl_QueryServiceLockStatusA), + (ndr_push_flags_fn_t) ndr_push_svcctl_QueryServiceLockStatusA, + (ndr_pull_flags_fn_t) ndr_pull_svcctl_QueryServiceLockStatusA, +- (ndr_print_function_t) ndr_print_svcctl_QueryServiceLockStatusA, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7454,7 +7454,7 @@ static const struct ndr_interface_call s + sizeof(struct svcctl_StartServiceA), + (ndr_push_flags_fn_t) ndr_push_svcctl_StartServiceA, + (ndr_pull_flags_fn_t) ndr_pull_svcctl_StartServiceA, +- (ndr_print_function_t) ndr_print_svcctl_StartServiceA, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7463,7 +7463,7 @@ static const struct ndr_interface_call s + sizeof(struct svcctl_GetServiceDisplayNameA), + (ndr_push_flags_fn_t) ndr_push_svcctl_GetServiceDisplayNameA, + (ndr_pull_flags_fn_t) ndr_pull_svcctl_GetServiceDisplayNameA, +- (ndr_print_function_t) ndr_print_svcctl_GetServiceDisplayNameA, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7472,7 +7472,7 @@ static const struct ndr_interface_call s + sizeof(struct svcctl_GetServiceKeyNameA), + (ndr_push_flags_fn_t) ndr_push_svcctl_GetServiceKeyNameA, + (ndr_pull_flags_fn_t) ndr_pull_svcctl_GetServiceKeyNameA, +- (ndr_print_function_t) ndr_print_svcctl_GetServiceKeyNameA, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7481,7 +7481,7 @@ static const struct ndr_interface_call s + sizeof(struct svcctl_GetCurrentGroupeStateW), + (ndr_push_flags_fn_t) ndr_push_svcctl_GetCurrentGroupeStateW, + (ndr_pull_flags_fn_t) ndr_pull_svcctl_GetCurrentGroupeStateW, +- (ndr_print_function_t) ndr_print_svcctl_GetCurrentGroupeStateW, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7490,7 +7490,7 @@ static const struct ndr_interface_call s + sizeof(struct svcctl_EnumServiceGroupW), + (ndr_push_flags_fn_t) ndr_push_svcctl_EnumServiceGroupW, + (ndr_pull_flags_fn_t) ndr_pull_svcctl_EnumServiceGroupW, +- (ndr_print_function_t) ndr_print_svcctl_EnumServiceGroupW, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7499,7 +7499,7 @@ static const struct ndr_interface_call s + sizeof(struct svcctl_ChangeServiceConfig2A), + (ndr_push_flags_fn_t) ndr_push_svcctl_ChangeServiceConfig2A, + (ndr_pull_flags_fn_t) ndr_pull_svcctl_ChangeServiceConfig2A, +- (ndr_print_function_t) ndr_print_svcctl_ChangeServiceConfig2A, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7508,7 +7508,7 @@ static const struct ndr_interface_call s + sizeof(struct svcctl_ChangeServiceConfig2W), + (ndr_push_flags_fn_t) ndr_push_svcctl_ChangeServiceConfig2W, + (ndr_pull_flags_fn_t) ndr_pull_svcctl_ChangeServiceConfig2W, +- (ndr_print_function_t) ndr_print_svcctl_ChangeServiceConfig2W, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7517,7 +7517,7 @@ static const struct ndr_interface_call s + sizeof(struct svcctl_QueryServiceConfig2A), + (ndr_push_flags_fn_t) ndr_push_svcctl_QueryServiceConfig2A, + (ndr_pull_flags_fn_t) ndr_pull_svcctl_QueryServiceConfig2A, +- (ndr_print_function_t) ndr_print_svcctl_QueryServiceConfig2A, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7526,7 +7526,7 @@ static const struct ndr_interface_call s + sizeof(struct svcctl_QueryServiceConfig2W), + (ndr_push_flags_fn_t) ndr_push_svcctl_QueryServiceConfig2W, + (ndr_pull_flags_fn_t) ndr_pull_svcctl_QueryServiceConfig2W, +- (ndr_print_function_t) ndr_print_svcctl_QueryServiceConfig2W, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7535,7 +7535,7 @@ static const struct ndr_interface_call s + sizeof(struct svcctl_QueryServiceStatusEx), + (ndr_push_flags_fn_t) ndr_push_svcctl_QueryServiceStatusEx, + (ndr_pull_flags_fn_t) ndr_pull_svcctl_QueryServiceStatusEx, +- (ndr_print_function_t) ndr_print_svcctl_QueryServiceStatusEx, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7544,7 +7544,7 @@ static const struct ndr_interface_call s + sizeof(struct EnumServicesStatusExA), + (ndr_push_flags_fn_t) ndr_push_EnumServicesStatusExA, + (ndr_pull_flags_fn_t) ndr_pull_EnumServicesStatusExA, +- (ndr_print_function_t) ndr_print_EnumServicesStatusExA, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7553,7 +7553,7 @@ static const struct ndr_interface_call s + sizeof(struct EnumServicesStatusExW), + (ndr_push_flags_fn_t) ndr_push_EnumServicesStatusExW, + (ndr_pull_flags_fn_t) ndr_pull_EnumServicesStatusExW, +- (ndr_print_function_t) ndr_print_EnumServicesStatusExW, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7562,7 +7562,7 @@ static const struct ndr_interface_call s + sizeof(struct svcctl_SCSendTSMessage), + (ndr_push_flags_fn_t) ndr_push_svcctl_SCSendTSMessage, + (ndr_pull_flags_fn_t) ndr_pull_svcctl_SCSendTSMessage, +- (ndr_print_function_t) ndr_print_svcctl_SCSendTSMessage, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_trkwks.c ++++ b/source3/librpc/gen_ndr/ndr_trkwks.c +@@ -51,7 +51,7 @@ static const struct ndr_interface_call t + sizeof(struct trkwks_Unknown0), + (ndr_push_flags_fn_t) ndr_push_trkwks_Unknown0, + (ndr_pull_flags_fn_t) ndr_pull_trkwks_Unknown0, +- (ndr_print_function_t) ndr_print_trkwks_Unknown0, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_unixinfo.c ++++ b/source3/librpc/gen_ndr/ndr_unixinfo.c +@@ -472,7 +472,7 @@ static const struct ndr_interface_call u + sizeof(struct unixinfo_SidToUid), + (ndr_push_flags_fn_t) ndr_push_unixinfo_SidToUid, + (ndr_pull_flags_fn_t) ndr_pull_unixinfo_SidToUid, +- (ndr_print_function_t) ndr_print_unixinfo_SidToUid, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -481,7 +481,7 @@ static const struct ndr_interface_call u + sizeof(struct unixinfo_UidToSid), + (ndr_push_flags_fn_t) ndr_push_unixinfo_UidToSid, + (ndr_pull_flags_fn_t) ndr_pull_unixinfo_UidToSid, +- (ndr_print_function_t) ndr_print_unixinfo_UidToSid, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -490,7 +490,7 @@ static const struct ndr_interface_call u + sizeof(struct unixinfo_SidToGid), + (ndr_push_flags_fn_t) ndr_push_unixinfo_SidToGid, + (ndr_pull_flags_fn_t) ndr_pull_unixinfo_SidToGid, +- (ndr_print_function_t) ndr_print_unixinfo_SidToGid, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -499,7 +499,7 @@ static const struct ndr_interface_call u + sizeof(struct unixinfo_GidToSid), + (ndr_push_flags_fn_t) ndr_push_unixinfo_GidToSid, + (ndr_pull_flags_fn_t) ndr_pull_unixinfo_GidToSid, +- (ndr_print_function_t) ndr_print_unixinfo_GidToSid, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -508,7 +508,7 @@ static const struct ndr_interface_call u + sizeof(struct unixinfo_GetPWUid), + (ndr_push_flags_fn_t) ndr_push_unixinfo_GetPWUid, + (ndr_pull_flags_fn_t) ndr_pull_unixinfo_GetPWUid, +- (ndr_print_function_t) ndr_print_unixinfo_GetPWUid, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_w32time.c ++++ b/source3/librpc/gen_ndr/ndr_w32time.c +@@ -135,7 +135,7 @@ static const struct ndr_interface_call w + sizeof(struct w32time_SyncTime), + (ndr_push_flags_fn_t) ndr_push_w32time_SyncTime, + (ndr_pull_flags_fn_t) ndr_pull_w32time_SyncTime, +- (ndr_print_function_t) ndr_print_w32time_SyncTime, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -144,7 +144,7 @@ static const struct ndr_interface_call w + sizeof(struct w32time_GetNetLogonServiceBits), + (ndr_push_flags_fn_t) ndr_push_w32time_GetNetLogonServiceBits, + (ndr_pull_flags_fn_t) ndr_pull_w32time_GetNetLogonServiceBits, +- (ndr_print_function_t) ndr_print_w32time_GetNetLogonServiceBits, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -153,7 +153,7 @@ static const struct ndr_interface_call w + sizeof(struct w32time_QueryProviderStatus), + (ndr_push_flags_fn_t) ndr_push_w32time_QueryProviderStatus, + (ndr_pull_flags_fn_t) ndr_pull_w32time_QueryProviderStatus, +- (ndr_print_function_t) ndr_print_w32time_QueryProviderStatus, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_wbint.c ++++ b/source3/librpc/gen_ndr/ndr_wbint.c +@@ -2696,7 +2696,7 @@ static const struct ndr_interface_call w + sizeof(struct wbint_Ping), + (ndr_push_flags_fn_t) ndr_push_wbint_Ping, + (ndr_pull_flags_fn_t) ndr_pull_wbint_Ping, +- (ndr_print_function_t) ndr_print_wbint_Ping, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2705,7 +2705,7 @@ static const struct ndr_interface_call w + sizeof(struct wbint_LookupSid), + (ndr_push_flags_fn_t) ndr_push_wbint_LookupSid, + (ndr_pull_flags_fn_t) ndr_pull_wbint_LookupSid, +- (ndr_print_function_t) ndr_print_wbint_LookupSid, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2714,7 +2714,7 @@ static const struct ndr_interface_call w + sizeof(struct wbint_LookupSids), + (ndr_push_flags_fn_t) ndr_push_wbint_LookupSids, + (ndr_pull_flags_fn_t) ndr_pull_wbint_LookupSids, +- (ndr_print_function_t) ndr_print_wbint_LookupSids, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2723,7 +2723,7 @@ static const struct ndr_interface_call w + sizeof(struct wbint_LookupName), + (ndr_push_flags_fn_t) ndr_push_wbint_LookupName, + (ndr_pull_flags_fn_t) ndr_pull_wbint_LookupName, +- (ndr_print_function_t) ndr_print_wbint_LookupName, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2732,7 +2732,7 @@ static const struct ndr_interface_call w + sizeof(struct wbint_Sid2Uid), + (ndr_push_flags_fn_t) ndr_push_wbint_Sid2Uid, + (ndr_pull_flags_fn_t) ndr_pull_wbint_Sid2Uid, +- (ndr_print_function_t) ndr_print_wbint_Sid2Uid, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2741,7 +2741,7 @@ static const struct ndr_interface_call w + sizeof(struct wbint_Sid2Gid), + (ndr_push_flags_fn_t) ndr_push_wbint_Sid2Gid, + (ndr_pull_flags_fn_t) ndr_pull_wbint_Sid2Gid, +- (ndr_print_function_t) ndr_print_wbint_Sid2Gid, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2750,7 +2750,7 @@ static const struct ndr_interface_call w + sizeof(struct wbint_Sids2UnixIDs), + (ndr_push_flags_fn_t) ndr_push_wbint_Sids2UnixIDs, + (ndr_pull_flags_fn_t) ndr_pull_wbint_Sids2UnixIDs, +- (ndr_print_function_t) ndr_print_wbint_Sids2UnixIDs, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2759,7 +2759,7 @@ static const struct ndr_interface_call w + sizeof(struct wbint_Uid2Sid), + (ndr_push_flags_fn_t) ndr_push_wbint_Uid2Sid, + (ndr_pull_flags_fn_t) ndr_pull_wbint_Uid2Sid, +- (ndr_print_function_t) ndr_print_wbint_Uid2Sid, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2768,7 +2768,7 @@ static const struct ndr_interface_call w + sizeof(struct wbint_Gid2Sid), + (ndr_push_flags_fn_t) ndr_push_wbint_Gid2Sid, + (ndr_pull_flags_fn_t) ndr_pull_wbint_Gid2Sid, +- (ndr_print_function_t) ndr_print_wbint_Gid2Sid, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2777,7 +2777,7 @@ static const struct ndr_interface_call w + sizeof(struct wbint_AllocateUid), + (ndr_push_flags_fn_t) ndr_push_wbint_AllocateUid, + (ndr_pull_flags_fn_t) ndr_pull_wbint_AllocateUid, +- (ndr_print_function_t) ndr_print_wbint_AllocateUid, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2786,7 +2786,7 @@ static const struct ndr_interface_call w + sizeof(struct wbint_AllocateGid), + (ndr_push_flags_fn_t) ndr_push_wbint_AllocateGid, + (ndr_pull_flags_fn_t) ndr_pull_wbint_AllocateGid, +- (ndr_print_function_t) ndr_print_wbint_AllocateGid, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2795,7 +2795,7 @@ static const struct ndr_interface_call w + sizeof(struct wbint_QueryUser), + (ndr_push_flags_fn_t) ndr_push_wbint_QueryUser, + (ndr_pull_flags_fn_t) ndr_pull_wbint_QueryUser, +- (ndr_print_function_t) ndr_print_wbint_QueryUser, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2804,7 +2804,7 @@ static const struct ndr_interface_call w + sizeof(struct wbint_LookupUserAliases), + (ndr_push_flags_fn_t) ndr_push_wbint_LookupUserAliases, + (ndr_pull_flags_fn_t) ndr_pull_wbint_LookupUserAliases, +- (ndr_print_function_t) ndr_print_wbint_LookupUserAliases, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2813,7 +2813,7 @@ static const struct ndr_interface_call w + sizeof(struct wbint_LookupUserGroups), + (ndr_push_flags_fn_t) ndr_push_wbint_LookupUserGroups, + (ndr_pull_flags_fn_t) ndr_pull_wbint_LookupUserGroups, +- (ndr_print_function_t) ndr_print_wbint_LookupUserGroups, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2822,7 +2822,7 @@ static const struct ndr_interface_call w + sizeof(struct wbint_QuerySequenceNumber), + (ndr_push_flags_fn_t) ndr_push_wbint_QuerySequenceNumber, + (ndr_pull_flags_fn_t) ndr_pull_wbint_QuerySequenceNumber, +- (ndr_print_function_t) ndr_print_wbint_QuerySequenceNumber, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2831,7 +2831,7 @@ static const struct ndr_interface_call w + sizeof(struct wbint_LookupGroupMembers), + (ndr_push_flags_fn_t) ndr_push_wbint_LookupGroupMembers, + (ndr_pull_flags_fn_t) ndr_pull_wbint_LookupGroupMembers, +- (ndr_print_function_t) ndr_print_wbint_LookupGroupMembers, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2840,7 +2840,7 @@ static const struct ndr_interface_call w + sizeof(struct wbint_QueryUserList), + (ndr_push_flags_fn_t) ndr_push_wbint_QueryUserList, + (ndr_pull_flags_fn_t) ndr_pull_wbint_QueryUserList, +- (ndr_print_function_t) ndr_print_wbint_QueryUserList, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2849,7 +2849,7 @@ static const struct ndr_interface_call w + sizeof(struct wbint_QueryGroupList), + (ndr_push_flags_fn_t) ndr_push_wbint_QueryGroupList, + (ndr_pull_flags_fn_t) ndr_pull_wbint_QueryGroupList, +- (ndr_print_function_t) ndr_print_wbint_QueryGroupList, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2858,7 +2858,7 @@ static const struct ndr_interface_call w + sizeof(struct wbint_DsGetDcName), + (ndr_push_flags_fn_t) ndr_push_wbint_DsGetDcName, + (ndr_pull_flags_fn_t) ndr_pull_wbint_DsGetDcName, +- (ndr_print_function_t) ndr_print_wbint_DsGetDcName, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2867,7 +2867,7 @@ static const struct ndr_interface_call w + sizeof(struct wbint_LookupRids), + (ndr_push_flags_fn_t) ndr_push_wbint_LookupRids, + (ndr_pull_flags_fn_t) ndr_pull_wbint_LookupRids, +- (ndr_print_function_t) ndr_print_wbint_LookupRids, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2876,7 +2876,7 @@ static const struct ndr_interface_call w + sizeof(struct wbint_CheckMachineAccount), + (ndr_push_flags_fn_t) ndr_push_wbint_CheckMachineAccount, + (ndr_pull_flags_fn_t) ndr_pull_wbint_CheckMachineAccount, +- (ndr_print_function_t) ndr_print_wbint_CheckMachineAccount, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2885,7 +2885,7 @@ static const struct ndr_interface_call w + sizeof(struct wbint_ChangeMachineAccount), + (ndr_push_flags_fn_t) ndr_push_wbint_ChangeMachineAccount, + (ndr_pull_flags_fn_t) ndr_pull_wbint_ChangeMachineAccount, +- (ndr_print_function_t) ndr_print_wbint_ChangeMachineAccount, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -2894,7 +2894,7 @@ static const struct ndr_interface_call w + sizeof(struct wbint_PingDc), + (ndr_push_flags_fn_t) ndr_push_wbint_PingDc, + (ndr_pull_flags_fn_t) ndr_pull_wbint_PingDc, +- (ndr_print_function_t) ndr_print_wbint_PingDc, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_winreg.c ++++ b/source3/librpc/gen_ndr/ndr_winreg.c +@@ -4864,7 +4864,7 @@ static const struct ndr_interface_call w + sizeof(struct winreg_OpenHKCR), + (ndr_push_flags_fn_t) ndr_push_winreg_OpenHKCR, + (ndr_pull_flags_fn_t) ndr_pull_winreg_OpenHKCR, +- (ndr_print_function_t) ndr_print_winreg_OpenHKCR, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -4873,7 +4873,7 @@ static const struct ndr_interface_call w + sizeof(struct winreg_OpenHKCU), + (ndr_push_flags_fn_t) ndr_push_winreg_OpenHKCU, + (ndr_pull_flags_fn_t) ndr_pull_winreg_OpenHKCU, +- (ndr_print_function_t) ndr_print_winreg_OpenHKCU, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -4882,7 +4882,7 @@ static const struct ndr_interface_call w + sizeof(struct winreg_OpenHKLM), + (ndr_push_flags_fn_t) ndr_push_winreg_OpenHKLM, + (ndr_pull_flags_fn_t) ndr_pull_winreg_OpenHKLM, +- (ndr_print_function_t) ndr_print_winreg_OpenHKLM, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -4891,7 +4891,7 @@ static const struct ndr_interface_call w + sizeof(struct winreg_OpenHKPD), + (ndr_push_flags_fn_t) ndr_push_winreg_OpenHKPD, + (ndr_pull_flags_fn_t) ndr_pull_winreg_OpenHKPD, +- (ndr_print_function_t) ndr_print_winreg_OpenHKPD, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -4900,7 +4900,7 @@ static const struct ndr_interface_call w + sizeof(struct winreg_OpenHKU), + (ndr_push_flags_fn_t) ndr_push_winreg_OpenHKU, + (ndr_pull_flags_fn_t) ndr_pull_winreg_OpenHKU, +- (ndr_print_function_t) ndr_print_winreg_OpenHKU, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -4909,7 +4909,7 @@ static const struct ndr_interface_call w + sizeof(struct winreg_CloseKey), + (ndr_push_flags_fn_t) ndr_push_winreg_CloseKey, + (ndr_pull_flags_fn_t) ndr_pull_winreg_CloseKey, +- (ndr_print_function_t) ndr_print_winreg_CloseKey, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -4918,7 +4918,7 @@ static const struct ndr_interface_call w + sizeof(struct winreg_CreateKey), + (ndr_push_flags_fn_t) ndr_push_winreg_CreateKey, + (ndr_pull_flags_fn_t) ndr_pull_winreg_CreateKey, +- (ndr_print_function_t) ndr_print_winreg_CreateKey, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -4927,7 +4927,7 @@ static const struct ndr_interface_call w + sizeof(struct winreg_DeleteKey), + (ndr_push_flags_fn_t) ndr_push_winreg_DeleteKey, + (ndr_pull_flags_fn_t) ndr_pull_winreg_DeleteKey, +- (ndr_print_function_t) ndr_print_winreg_DeleteKey, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -4936,7 +4936,7 @@ static const struct ndr_interface_call w + sizeof(struct winreg_DeleteValue), + (ndr_push_flags_fn_t) ndr_push_winreg_DeleteValue, + (ndr_pull_flags_fn_t) ndr_pull_winreg_DeleteValue, +- (ndr_print_function_t) ndr_print_winreg_DeleteValue, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -4945,7 +4945,7 @@ static const struct ndr_interface_call w + sizeof(struct winreg_EnumKey), + (ndr_push_flags_fn_t) ndr_push_winreg_EnumKey, + (ndr_pull_flags_fn_t) ndr_pull_winreg_EnumKey, +- (ndr_print_function_t) ndr_print_winreg_EnumKey, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -4954,7 +4954,7 @@ static const struct ndr_interface_call w + sizeof(struct winreg_EnumValue), + (ndr_push_flags_fn_t) ndr_push_winreg_EnumValue, + (ndr_pull_flags_fn_t) ndr_pull_winreg_EnumValue, +- (ndr_print_function_t) ndr_print_winreg_EnumValue, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -4963,7 +4963,7 @@ static const struct ndr_interface_call w + sizeof(struct winreg_FlushKey), + (ndr_push_flags_fn_t) ndr_push_winreg_FlushKey, + (ndr_pull_flags_fn_t) ndr_pull_winreg_FlushKey, +- (ndr_print_function_t) ndr_print_winreg_FlushKey, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -4972,7 +4972,7 @@ static const struct ndr_interface_call w + sizeof(struct winreg_GetKeySecurity), + (ndr_push_flags_fn_t) ndr_push_winreg_GetKeySecurity, + (ndr_pull_flags_fn_t) ndr_pull_winreg_GetKeySecurity, +- (ndr_print_function_t) ndr_print_winreg_GetKeySecurity, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -4981,7 +4981,7 @@ static const struct ndr_interface_call w + sizeof(struct winreg_LoadKey), + (ndr_push_flags_fn_t) ndr_push_winreg_LoadKey, + (ndr_pull_flags_fn_t) ndr_pull_winreg_LoadKey, +- (ndr_print_function_t) ndr_print_winreg_LoadKey, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -4990,7 +4990,7 @@ static const struct ndr_interface_call w + sizeof(struct winreg_NotifyChangeKeyValue), + (ndr_push_flags_fn_t) ndr_push_winreg_NotifyChangeKeyValue, + (ndr_pull_flags_fn_t) ndr_pull_winreg_NotifyChangeKeyValue, +- (ndr_print_function_t) ndr_print_winreg_NotifyChangeKeyValue, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -4999,7 +4999,7 @@ static const struct ndr_interface_call w + sizeof(struct winreg_OpenKey), + (ndr_push_flags_fn_t) ndr_push_winreg_OpenKey, + (ndr_pull_flags_fn_t) ndr_pull_winreg_OpenKey, +- (ndr_print_function_t) ndr_print_winreg_OpenKey, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5008,7 +5008,7 @@ static const struct ndr_interface_call w + sizeof(struct winreg_QueryInfoKey), + (ndr_push_flags_fn_t) ndr_push_winreg_QueryInfoKey, + (ndr_pull_flags_fn_t) ndr_pull_winreg_QueryInfoKey, +- (ndr_print_function_t) ndr_print_winreg_QueryInfoKey, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5017,7 +5017,7 @@ static const struct ndr_interface_call w + sizeof(struct winreg_QueryValue), + (ndr_push_flags_fn_t) ndr_push_winreg_QueryValue, + (ndr_pull_flags_fn_t) ndr_pull_winreg_QueryValue, +- (ndr_print_function_t) ndr_print_winreg_QueryValue, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5026,7 +5026,7 @@ static const struct ndr_interface_call w + sizeof(struct winreg_ReplaceKey), + (ndr_push_flags_fn_t) ndr_push_winreg_ReplaceKey, + (ndr_pull_flags_fn_t) ndr_pull_winreg_ReplaceKey, +- (ndr_print_function_t) ndr_print_winreg_ReplaceKey, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5035,7 +5035,7 @@ static const struct ndr_interface_call w + sizeof(struct winreg_RestoreKey), + (ndr_push_flags_fn_t) ndr_push_winreg_RestoreKey, + (ndr_pull_flags_fn_t) ndr_pull_winreg_RestoreKey, +- (ndr_print_function_t) ndr_print_winreg_RestoreKey, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5044,7 +5044,7 @@ static const struct ndr_interface_call w + sizeof(struct winreg_SaveKey), + (ndr_push_flags_fn_t) ndr_push_winreg_SaveKey, + (ndr_pull_flags_fn_t) ndr_pull_winreg_SaveKey, +- (ndr_print_function_t) ndr_print_winreg_SaveKey, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5053,7 +5053,7 @@ static const struct ndr_interface_call w + sizeof(struct winreg_SetKeySecurity), + (ndr_push_flags_fn_t) ndr_push_winreg_SetKeySecurity, + (ndr_pull_flags_fn_t) ndr_pull_winreg_SetKeySecurity, +- (ndr_print_function_t) ndr_print_winreg_SetKeySecurity, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5062,7 +5062,7 @@ static const struct ndr_interface_call w + sizeof(struct winreg_SetValue), + (ndr_push_flags_fn_t) ndr_push_winreg_SetValue, + (ndr_pull_flags_fn_t) ndr_pull_winreg_SetValue, +- (ndr_print_function_t) ndr_print_winreg_SetValue, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5071,7 +5071,7 @@ static const struct ndr_interface_call w + sizeof(struct winreg_UnLoadKey), + (ndr_push_flags_fn_t) ndr_push_winreg_UnLoadKey, + (ndr_pull_flags_fn_t) ndr_pull_winreg_UnLoadKey, +- (ndr_print_function_t) ndr_print_winreg_UnLoadKey, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5080,7 +5080,7 @@ static const struct ndr_interface_call w + sizeof(struct winreg_InitiateSystemShutdown), + (ndr_push_flags_fn_t) ndr_push_winreg_InitiateSystemShutdown, + (ndr_pull_flags_fn_t) ndr_pull_winreg_InitiateSystemShutdown, +- (ndr_print_function_t) ndr_print_winreg_InitiateSystemShutdown, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5089,7 +5089,7 @@ static const struct ndr_interface_call w + sizeof(struct winreg_AbortSystemShutdown), + (ndr_push_flags_fn_t) ndr_push_winreg_AbortSystemShutdown, + (ndr_pull_flags_fn_t) ndr_pull_winreg_AbortSystemShutdown, +- (ndr_print_function_t) ndr_print_winreg_AbortSystemShutdown, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5098,7 +5098,7 @@ static const struct ndr_interface_call w + sizeof(struct winreg_GetVersion), + (ndr_push_flags_fn_t) ndr_push_winreg_GetVersion, + (ndr_pull_flags_fn_t) ndr_pull_winreg_GetVersion, +- (ndr_print_function_t) ndr_print_winreg_GetVersion, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5107,7 +5107,7 @@ static const struct ndr_interface_call w + sizeof(struct winreg_OpenHKCC), + (ndr_push_flags_fn_t) ndr_push_winreg_OpenHKCC, + (ndr_pull_flags_fn_t) ndr_pull_winreg_OpenHKCC, +- (ndr_print_function_t) ndr_print_winreg_OpenHKCC, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5116,7 +5116,7 @@ static const struct ndr_interface_call w + sizeof(struct winreg_OpenHKDD), + (ndr_push_flags_fn_t) ndr_push_winreg_OpenHKDD, + (ndr_pull_flags_fn_t) ndr_pull_winreg_OpenHKDD, +- (ndr_print_function_t) ndr_print_winreg_OpenHKDD, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5125,7 +5125,7 @@ static const struct ndr_interface_call w + sizeof(struct winreg_QueryMultipleValues), + (ndr_push_flags_fn_t) ndr_push_winreg_QueryMultipleValues, + (ndr_pull_flags_fn_t) ndr_pull_winreg_QueryMultipleValues, +- (ndr_print_function_t) ndr_print_winreg_QueryMultipleValues, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5134,7 +5134,7 @@ static const struct ndr_interface_call w + sizeof(struct winreg_InitiateSystemShutdownEx), + (ndr_push_flags_fn_t) ndr_push_winreg_InitiateSystemShutdownEx, + (ndr_pull_flags_fn_t) ndr_pull_winreg_InitiateSystemShutdownEx, +- (ndr_print_function_t) ndr_print_winreg_InitiateSystemShutdownEx, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5143,7 +5143,7 @@ static const struct ndr_interface_call w + sizeof(struct winreg_SaveKeyEx), + (ndr_push_flags_fn_t) ndr_push_winreg_SaveKeyEx, + (ndr_pull_flags_fn_t) ndr_pull_winreg_SaveKeyEx, +- (ndr_print_function_t) ndr_print_winreg_SaveKeyEx, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5152,7 +5152,7 @@ static const struct ndr_interface_call w + sizeof(struct winreg_OpenHKPT), + (ndr_push_flags_fn_t) ndr_push_winreg_OpenHKPT, + (ndr_pull_flags_fn_t) ndr_pull_winreg_OpenHKPT, +- (ndr_print_function_t) ndr_print_winreg_OpenHKPT, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5161,7 +5161,7 @@ static const struct ndr_interface_call w + sizeof(struct winreg_OpenHKPN), + (ndr_push_flags_fn_t) ndr_push_winreg_OpenHKPN, + (ndr_pull_flags_fn_t) ndr_pull_winreg_OpenHKPN, +- (ndr_print_function_t) ndr_print_winreg_OpenHKPN, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5170,7 +5170,7 @@ static const struct ndr_interface_call w + sizeof(struct winreg_QueryMultipleValues2), + (ndr_push_flags_fn_t) ndr_push_winreg_QueryMultipleValues2, + (ndr_pull_flags_fn_t) ndr_pull_winreg_QueryMultipleValues2, +- (ndr_print_function_t) ndr_print_winreg_QueryMultipleValues2, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5179,7 +5179,7 @@ static const struct ndr_interface_call w + sizeof(struct winreg_DeleteKeyEx), + (ndr_push_flags_fn_t) ndr_push_winreg_DeleteKeyEx, + (ndr_pull_flags_fn_t) ndr_pull_winreg_DeleteKeyEx, +- (ndr_print_function_t) ndr_print_winreg_DeleteKeyEx, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_wkssvc.c ++++ b/source3/librpc/gen_ndr/ndr_wkssvc.c +@@ -11005,7 +11005,7 @@ static const struct ndr_interface_call w + sizeof(struct wkssvc_NetWkstaGetInfo), + (ndr_push_flags_fn_t) ndr_push_wkssvc_NetWkstaGetInfo, + (ndr_pull_flags_fn_t) ndr_pull_wkssvc_NetWkstaGetInfo, +- (ndr_print_function_t) ndr_print_wkssvc_NetWkstaGetInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -11014,7 +11014,7 @@ static const struct ndr_interface_call w + sizeof(struct wkssvc_NetWkstaSetInfo), + (ndr_push_flags_fn_t) ndr_push_wkssvc_NetWkstaSetInfo, + (ndr_pull_flags_fn_t) ndr_pull_wkssvc_NetWkstaSetInfo, +- (ndr_print_function_t) ndr_print_wkssvc_NetWkstaSetInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -11023,7 +11023,7 @@ static const struct ndr_interface_call w + sizeof(struct wkssvc_NetWkstaEnumUsers), + (ndr_push_flags_fn_t) ndr_push_wkssvc_NetWkstaEnumUsers, + (ndr_pull_flags_fn_t) ndr_pull_wkssvc_NetWkstaEnumUsers, +- (ndr_print_function_t) ndr_print_wkssvc_NetWkstaEnumUsers, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -11032,7 +11032,7 @@ static const struct ndr_interface_call w + sizeof(struct wkssvc_NetrWkstaUserGetInfo), + (ndr_push_flags_fn_t) ndr_push_wkssvc_NetrWkstaUserGetInfo, + (ndr_pull_flags_fn_t) ndr_pull_wkssvc_NetrWkstaUserGetInfo, +- (ndr_print_function_t) ndr_print_wkssvc_NetrWkstaUserGetInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -11041,7 +11041,7 @@ static const struct ndr_interface_call w + sizeof(struct wkssvc_NetrWkstaUserSetInfo), + (ndr_push_flags_fn_t) ndr_push_wkssvc_NetrWkstaUserSetInfo, + (ndr_pull_flags_fn_t) ndr_pull_wkssvc_NetrWkstaUserSetInfo, +- (ndr_print_function_t) ndr_print_wkssvc_NetrWkstaUserSetInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -11050,7 +11050,7 @@ static const struct ndr_interface_call w + sizeof(struct wkssvc_NetWkstaTransportEnum), + (ndr_push_flags_fn_t) ndr_push_wkssvc_NetWkstaTransportEnum, + (ndr_pull_flags_fn_t) ndr_pull_wkssvc_NetWkstaTransportEnum, +- (ndr_print_function_t) ndr_print_wkssvc_NetWkstaTransportEnum, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -11059,7 +11059,7 @@ static const struct ndr_interface_call w + sizeof(struct wkssvc_NetrWkstaTransportAdd), + (ndr_push_flags_fn_t) ndr_push_wkssvc_NetrWkstaTransportAdd, + (ndr_pull_flags_fn_t) ndr_pull_wkssvc_NetrWkstaTransportAdd, +- (ndr_print_function_t) ndr_print_wkssvc_NetrWkstaTransportAdd, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -11068,7 +11068,7 @@ static const struct ndr_interface_call w + sizeof(struct wkssvc_NetrWkstaTransportDel), + (ndr_push_flags_fn_t) ndr_push_wkssvc_NetrWkstaTransportDel, + (ndr_pull_flags_fn_t) ndr_pull_wkssvc_NetrWkstaTransportDel, +- (ndr_print_function_t) ndr_print_wkssvc_NetrWkstaTransportDel, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -11077,7 +11077,7 @@ static const struct ndr_interface_call w + sizeof(struct wkssvc_NetrUseAdd), + (ndr_push_flags_fn_t) ndr_push_wkssvc_NetrUseAdd, + (ndr_pull_flags_fn_t) ndr_pull_wkssvc_NetrUseAdd, +- (ndr_print_function_t) ndr_print_wkssvc_NetrUseAdd, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -11086,7 +11086,7 @@ static const struct ndr_interface_call w + sizeof(struct wkssvc_NetrUseGetInfo), + (ndr_push_flags_fn_t) ndr_push_wkssvc_NetrUseGetInfo, + (ndr_pull_flags_fn_t) ndr_pull_wkssvc_NetrUseGetInfo, +- (ndr_print_function_t) ndr_print_wkssvc_NetrUseGetInfo, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -11095,7 +11095,7 @@ static const struct ndr_interface_call w + sizeof(struct wkssvc_NetrUseDel), + (ndr_push_flags_fn_t) ndr_push_wkssvc_NetrUseDel, + (ndr_pull_flags_fn_t) ndr_pull_wkssvc_NetrUseDel, +- (ndr_print_function_t) ndr_print_wkssvc_NetrUseDel, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -11104,7 +11104,7 @@ static const struct ndr_interface_call w + sizeof(struct wkssvc_NetrUseEnum), + (ndr_push_flags_fn_t) ndr_push_wkssvc_NetrUseEnum, + (ndr_pull_flags_fn_t) ndr_pull_wkssvc_NetrUseEnum, +- (ndr_print_function_t) ndr_print_wkssvc_NetrUseEnum, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -11113,7 +11113,7 @@ static const struct ndr_interface_call w + sizeof(struct wkssvc_NetrMessageBufferSend), + (ndr_push_flags_fn_t) ndr_push_wkssvc_NetrMessageBufferSend, + (ndr_pull_flags_fn_t) ndr_pull_wkssvc_NetrMessageBufferSend, +- (ndr_print_function_t) ndr_print_wkssvc_NetrMessageBufferSend, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -11122,7 +11122,7 @@ static const struct ndr_interface_call w + sizeof(struct wkssvc_NetrWorkstationStatisticsGet), + (ndr_push_flags_fn_t) ndr_push_wkssvc_NetrWorkstationStatisticsGet, + (ndr_pull_flags_fn_t) ndr_pull_wkssvc_NetrWorkstationStatisticsGet, +- (ndr_print_function_t) ndr_print_wkssvc_NetrWorkstationStatisticsGet, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -11131,7 +11131,7 @@ static const struct ndr_interface_call w + sizeof(struct wkssvc_NetrLogonDomainNameAdd), + (ndr_push_flags_fn_t) ndr_push_wkssvc_NetrLogonDomainNameAdd, + (ndr_pull_flags_fn_t) ndr_pull_wkssvc_NetrLogonDomainNameAdd, +- (ndr_print_function_t) ndr_print_wkssvc_NetrLogonDomainNameAdd, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -11140,7 +11140,7 @@ static const struct ndr_interface_call w + sizeof(struct wkssvc_NetrLogonDomainNameDel), + (ndr_push_flags_fn_t) ndr_push_wkssvc_NetrLogonDomainNameDel, + (ndr_pull_flags_fn_t) ndr_pull_wkssvc_NetrLogonDomainNameDel, +- (ndr_print_function_t) ndr_print_wkssvc_NetrLogonDomainNameDel, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -11149,7 +11149,7 @@ static const struct ndr_interface_call w + sizeof(struct wkssvc_NetrJoinDomain), + (ndr_push_flags_fn_t) ndr_push_wkssvc_NetrJoinDomain, + (ndr_pull_flags_fn_t) ndr_pull_wkssvc_NetrJoinDomain, +- (ndr_print_function_t) ndr_print_wkssvc_NetrJoinDomain, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -11158,7 +11158,7 @@ static const struct ndr_interface_call w + sizeof(struct wkssvc_NetrUnjoinDomain), + (ndr_push_flags_fn_t) ndr_push_wkssvc_NetrUnjoinDomain, + (ndr_pull_flags_fn_t) ndr_pull_wkssvc_NetrUnjoinDomain, +- (ndr_print_function_t) ndr_print_wkssvc_NetrUnjoinDomain, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -11167,7 +11167,7 @@ static const struct ndr_interface_call w + sizeof(struct wkssvc_NetrRenameMachineInDomain), + (ndr_push_flags_fn_t) ndr_push_wkssvc_NetrRenameMachineInDomain, + (ndr_pull_flags_fn_t) ndr_pull_wkssvc_NetrRenameMachineInDomain, +- (ndr_print_function_t) ndr_print_wkssvc_NetrRenameMachineInDomain, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -11176,7 +11176,7 @@ static const struct ndr_interface_call w + sizeof(struct wkssvc_NetrValidateName), + (ndr_push_flags_fn_t) ndr_push_wkssvc_NetrValidateName, + (ndr_pull_flags_fn_t) ndr_pull_wkssvc_NetrValidateName, +- (ndr_print_function_t) ndr_print_wkssvc_NetrValidateName, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -11185,7 +11185,7 @@ static const struct ndr_interface_call w + sizeof(struct wkssvc_NetrGetJoinInformation), + (ndr_push_flags_fn_t) ndr_push_wkssvc_NetrGetJoinInformation, + (ndr_pull_flags_fn_t) ndr_pull_wkssvc_NetrGetJoinInformation, +- (ndr_print_function_t) ndr_print_wkssvc_NetrGetJoinInformation, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -11194,7 +11194,7 @@ static const struct ndr_interface_call w + sizeof(struct wkssvc_NetrGetJoinableOus), + (ndr_push_flags_fn_t) ndr_push_wkssvc_NetrGetJoinableOus, + (ndr_pull_flags_fn_t) ndr_pull_wkssvc_NetrGetJoinableOus, +- (ndr_print_function_t) ndr_print_wkssvc_NetrGetJoinableOus, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -11203,7 +11203,7 @@ static const struct ndr_interface_call w + sizeof(struct wkssvc_NetrJoinDomain2), + (ndr_push_flags_fn_t) ndr_push_wkssvc_NetrJoinDomain2, + (ndr_pull_flags_fn_t) ndr_pull_wkssvc_NetrJoinDomain2, +- (ndr_print_function_t) ndr_print_wkssvc_NetrJoinDomain2, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -11212,7 +11212,7 @@ static const struct ndr_interface_call w + sizeof(struct wkssvc_NetrUnjoinDomain2), + (ndr_push_flags_fn_t) ndr_push_wkssvc_NetrUnjoinDomain2, + (ndr_pull_flags_fn_t) ndr_pull_wkssvc_NetrUnjoinDomain2, +- (ndr_print_function_t) ndr_print_wkssvc_NetrUnjoinDomain2, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -11221,7 +11221,7 @@ static const struct ndr_interface_call w + sizeof(struct wkssvc_NetrRenameMachineInDomain2), + (ndr_push_flags_fn_t) ndr_push_wkssvc_NetrRenameMachineInDomain2, + (ndr_pull_flags_fn_t) ndr_pull_wkssvc_NetrRenameMachineInDomain2, +- (ndr_print_function_t) ndr_print_wkssvc_NetrRenameMachineInDomain2, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -11230,7 +11230,7 @@ static const struct ndr_interface_call w + sizeof(struct wkssvc_NetrValidateName2), + (ndr_push_flags_fn_t) ndr_push_wkssvc_NetrValidateName2, + (ndr_pull_flags_fn_t) ndr_pull_wkssvc_NetrValidateName2, +- (ndr_print_function_t) ndr_print_wkssvc_NetrValidateName2, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -11239,7 +11239,7 @@ static const struct ndr_interface_call w + sizeof(struct wkssvc_NetrGetJoinableOus2), + (ndr_push_flags_fn_t) ndr_push_wkssvc_NetrGetJoinableOus2, + (ndr_pull_flags_fn_t) ndr_pull_wkssvc_NetrGetJoinableOus2, +- (ndr_print_function_t) ndr_print_wkssvc_NetrGetJoinableOus2, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -11248,7 +11248,7 @@ static const struct ndr_interface_call w + sizeof(struct wkssvc_NetrAddAlternateComputerName), + (ndr_push_flags_fn_t) ndr_push_wkssvc_NetrAddAlternateComputerName, + (ndr_pull_flags_fn_t) ndr_pull_wkssvc_NetrAddAlternateComputerName, +- (ndr_print_function_t) ndr_print_wkssvc_NetrAddAlternateComputerName, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -11257,7 +11257,7 @@ static const struct ndr_interface_call w + sizeof(struct wkssvc_NetrRemoveAlternateComputerName), + (ndr_push_flags_fn_t) ndr_push_wkssvc_NetrRemoveAlternateComputerName, + (ndr_pull_flags_fn_t) ndr_pull_wkssvc_NetrRemoveAlternateComputerName, +- (ndr_print_function_t) ndr_print_wkssvc_NetrRemoveAlternateComputerName, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -11266,7 +11266,7 @@ static const struct ndr_interface_call w + sizeof(struct wkssvc_NetrSetPrimaryComputername), + (ndr_push_flags_fn_t) ndr_push_wkssvc_NetrSetPrimaryComputername, + (ndr_pull_flags_fn_t) ndr_pull_wkssvc_NetrSetPrimaryComputername, +- (ndr_print_function_t) ndr_print_wkssvc_NetrSetPrimaryComputername, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -11275,7 +11275,7 @@ static const struct ndr_interface_call w + sizeof(struct wkssvc_NetrEnumerateComputerNames), + (ndr_push_flags_fn_t) ndr_push_wkssvc_NetrEnumerateComputerNames, + (ndr_pull_flags_fn_t) ndr_pull_wkssvc_NetrEnumerateComputerNames, +- (ndr_print_function_t) ndr_print_wkssvc_NetrEnumerateComputerNames, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_wmi.c ++++ b/source3/librpc/gen_ndr/ndr_wmi.c +@@ -139,7 +139,7 @@ static const struct ndr_interface_call I + sizeof(struct Delete), + (ndr_push_flags_fn_t) ndr_push_Delete, + (ndr_pull_flags_fn_t) ndr_pull_Delete, +- (ndr_print_function_t) ndr_print_Delete, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3704,7 +3704,7 @@ static const struct ndr_interface_call I + sizeof(struct OpenNamespace), + (ndr_push_flags_fn_t) ndr_push_OpenNamespace, + (ndr_pull_flags_fn_t) ndr_pull_OpenNamespace, +- (ndr_print_function_t) ndr_print_OpenNamespace, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3713,7 +3713,7 @@ static const struct ndr_interface_call I + sizeof(struct CancelAsyncCall), + (ndr_push_flags_fn_t) ndr_push_CancelAsyncCall, + (ndr_pull_flags_fn_t) ndr_pull_CancelAsyncCall, +- (ndr_print_function_t) ndr_print_CancelAsyncCall, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3722,7 +3722,7 @@ static const struct ndr_interface_call I + sizeof(struct QueryObjectSink), + (ndr_push_flags_fn_t) ndr_push_QueryObjectSink, + (ndr_pull_flags_fn_t) ndr_pull_QueryObjectSink, +- (ndr_print_function_t) ndr_print_QueryObjectSink, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3731,7 +3731,7 @@ static const struct ndr_interface_call I + sizeof(struct GetObject), + (ndr_push_flags_fn_t) ndr_push_GetObject, + (ndr_pull_flags_fn_t) ndr_pull_GetObject, +- (ndr_print_function_t) ndr_print_GetObject, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3740,7 +3740,7 @@ static const struct ndr_interface_call I + sizeof(struct GetObjectAsync), + (ndr_push_flags_fn_t) ndr_push_GetObjectAsync, + (ndr_pull_flags_fn_t) ndr_pull_GetObjectAsync, +- (ndr_print_function_t) ndr_print_GetObjectAsync, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3749,7 +3749,7 @@ static const struct ndr_interface_call I + sizeof(struct PutClass), + (ndr_push_flags_fn_t) ndr_push_PutClass, + (ndr_pull_flags_fn_t) ndr_pull_PutClass, +- (ndr_print_function_t) ndr_print_PutClass, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3758,7 +3758,7 @@ static const struct ndr_interface_call I + sizeof(struct PutClassAsync), + (ndr_push_flags_fn_t) ndr_push_PutClassAsync, + (ndr_pull_flags_fn_t) ndr_pull_PutClassAsync, +- (ndr_print_function_t) ndr_print_PutClassAsync, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3767,7 +3767,7 @@ static const struct ndr_interface_call I + sizeof(struct DeleteClass), + (ndr_push_flags_fn_t) ndr_push_DeleteClass, + (ndr_pull_flags_fn_t) ndr_pull_DeleteClass, +- (ndr_print_function_t) ndr_print_DeleteClass, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3776,7 +3776,7 @@ static const struct ndr_interface_call I + sizeof(struct DeleteClassAsync), + (ndr_push_flags_fn_t) ndr_push_DeleteClassAsync, + (ndr_pull_flags_fn_t) ndr_pull_DeleteClassAsync, +- (ndr_print_function_t) ndr_print_DeleteClassAsync, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3785,7 +3785,7 @@ static const struct ndr_interface_call I + sizeof(struct CreateClassEnum), + (ndr_push_flags_fn_t) ndr_push_CreateClassEnum, + (ndr_pull_flags_fn_t) ndr_pull_CreateClassEnum, +- (ndr_print_function_t) ndr_print_CreateClassEnum, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3794,7 +3794,7 @@ static const struct ndr_interface_call I + sizeof(struct CreateClassEnumAsync), + (ndr_push_flags_fn_t) ndr_push_CreateClassEnumAsync, + (ndr_pull_flags_fn_t) ndr_pull_CreateClassEnumAsync, +- (ndr_print_function_t) ndr_print_CreateClassEnumAsync, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3803,7 +3803,7 @@ static const struct ndr_interface_call I + sizeof(struct PutInstance), + (ndr_push_flags_fn_t) ndr_push_PutInstance, + (ndr_pull_flags_fn_t) ndr_pull_PutInstance, +- (ndr_print_function_t) ndr_print_PutInstance, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3812,7 +3812,7 @@ static const struct ndr_interface_call I + sizeof(struct PutInstanceAsync), + (ndr_push_flags_fn_t) ndr_push_PutInstanceAsync, + (ndr_pull_flags_fn_t) ndr_pull_PutInstanceAsync, +- (ndr_print_function_t) ndr_print_PutInstanceAsync, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3821,7 +3821,7 @@ static const struct ndr_interface_call I + sizeof(struct DeleteInstance), + (ndr_push_flags_fn_t) ndr_push_DeleteInstance, + (ndr_pull_flags_fn_t) ndr_pull_DeleteInstance, +- (ndr_print_function_t) ndr_print_DeleteInstance, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3830,7 +3830,7 @@ static const struct ndr_interface_call I + sizeof(struct DeleteInstanceAsync), + (ndr_push_flags_fn_t) ndr_push_DeleteInstanceAsync, + (ndr_pull_flags_fn_t) ndr_pull_DeleteInstanceAsync, +- (ndr_print_function_t) ndr_print_DeleteInstanceAsync, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3839,7 +3839,7 @@ static const struct ndr_interface_call I + sizeof(struct CreateInstanceEnum), + (ndr_push_flags_fn_t) ndr_push_CreateInstanceEnum, + (ndr_pull_flags_fn_t) ndr_pull_CreateInstanceEnum, +- (ndr_print_function_t) ndr_print_CreateInstanceEnum, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3848,7 +3848,7 @@ static const struct ndr_interface_call I + sizeof(struct CreateInstanceEnumAsync), + (ndr_push_flags_fn_t) ndr_push_CreateInstanceEnumAsync, + (ndr_pull_flags_fn_t) ndr_pull_CreateInstanceEnumAsync, +- (ndr_print_function_t) ndr_print_CreateInstanceEnumAsync, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3857,7 +3857,7 @@ static const struct ndr_interface_call I + sizeof(struct ExecQuery), + (ndr_push_flags_fn_t) ndr_push_ExecQuery, + (ndr_pull_flags_fn_t) ndr_pull_ExecQuery, +- (ndr_print_function_t) ndr_print_ExecQuery, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3866,7 +3866,7 @@ static const struct ndr_interface_call I + sizeof(struct ExecQueryAsync), + (ndr_push_flags_fn_t) ndr_push_ExecQueryAsync, + (ndr_pull_flags_fn_t) ndr_pull_ExecQueryAsync, +- (ndr_print_function_t) ndr_print_ExecQueryAsync, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3875,7 +3875,7 @@ static const struct ndr_interface_call I + sizeof(struct ExecNotificationQuery), + (ndr_push_flags_fn_t) ndr_push_ExecNotificationQuery, + (ndr_pull_flags_fn_t) ndr_pull_ExecNotificationQuery, +- (ndr_print_function_t) ndr_print_ExecNotificationQuery, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3884,7 +3884,7 @@ static const struct ndr_interface_call I + sizeof(struct ExecNotificationQueryAsync), + (ndr_push_flags_fn_t) ndr_push_ExecNotificationQueryAsync, + (ndr_pull_flags_fn_t) ndr_pull_ExecNotificationQueryAsync, +- (ndr_print_function_t) ndr_print_ExecNotificationQueryAsync, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3893,7 +3893,7 @@ static const struct ndr_interface_call I + sizeof(struct ExecMethod), + (ndr_push_flags_fn_t) ndr_push_ExecMethod, + (ndr_pull_flags_fn_t) ndr_pull_ExecMethod, +- (ndr_print_function_t) ndr_print_ExecMethod, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -3902,7 +3902,7 @@ static const struct ndr_interface_call I + sizeof(struct ExecMethodAsync), + (ndr_push_flags_fn_t) ndr_push_ExecMethodAsync, + (ndr_pull_flags_fn_t) ndr_pull_ExecMethodAsync, +- (ndr_print_function_t) ndr_print_ExecMethodAsync, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -4434,7 +4434,7 @@ static const struct ndr_interface_call I + sizeof(struct Reset), + (ndr_push_flags_fn_t) ndr_push_Reset, + (ndr_pull_flags_fn_t) ndr_pull_Reset, +- (ndr_print_function_t) ndr_print_Reset, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -4443,7 +4443,7 @@ static const struct ndr_interface_call I + sizeof(struct IEnumWbemClassObject_Next), + (ndr_push_flags_fn_t) ndr_push_IEnumWbemClassObject_Next, + (ndr_pull_flags_fn_t) ndr_pull_IEnumWbemClassObject_Next, +- (ndr_print_function_t) ndr_print_IEnumWbemClassObject_Next, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -4452,7 +4452,7 @@ static const struct ndr_interface_call I + sizeof(struct NextAsync), + (ndr_push_flags_fn_t) ndr_push_NextAsync, + (ndr_pull_flags_fn_t) ndr_pull_NextAsync, +- (ndr_print_function_t) ndr_print_NextAsync, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -4461,7 +4461,7 @@ static const struct ndr_interface_call I + sizeof(struct IEnumWbemClassObject_Clone), + (ndr_push_flags_fn_t) ndr_push_IEnumWbemClassObject_Clone, + (ndr_pull_flags_fn_t) ndr_pull_IEnumWbemClassObject_Clone, +- (ndr_print_function_t) ndr_print_IEnumWbemClassObject_Clone, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -4470,7 +4470,7 @@ static const struct ndr_interface_call I + sizeof(struct Skip), + (ndr_push_flags_fn_t) ndr_push_Skip, + (ndr_pull_flags_fn_t) ndr_pull_Skip, +- (ndr_print_function_t) ndr_print_Skip, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5143,7 +5143,7 @@ static const struct ndr_interface_call I + sizeof(struct Clone), + (ndr_push_flags_fn_t) ndr_push_Clone, + (ndr_pull_flags_fn_t) ndr_pull_Clone, +- (ndr_print_function_t) ndr_print_Clone, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5152,7 +5152,7 @@ static const struct ndr_interface_call I + sizeof(struct GetNames), + (ndr_push_flags_fn_t) ndr_push_GetNames, + (ndr_pull_flags_fn_t) ndr_pull_GetNames, +- (ndr_print_function_t) ndr_print_GetNames, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5161,7 +5161,7 @@ static const struct ndr_interface_call I + sizeof(struct BeginEnumeration), + (ndr_push_flags_fn_t) ndr_push_BeginEnumeration, + (ndr_pull_flags_fn_t) ndr_pull_BeginEnumeration, +- (ndr_print_function_t) ndr_print_BeginEnumeration, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5170,7 +5170,7 @@ static const struct ndr_interface_call I + sizeof(struct Next), + (ndr_push_flags_fn_t) ndr_push_Next, + (ndr_pull_flags_fn_t) ndr_pull_Next, +- (ndr_print_function_t) ndr_print_Next, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5179,7 +5179,7 @@ static const struct ndr_interface_call I + sizeof(struct EndEnumeration), + (ndr_push_flags_fn_t) ndr_push_EndEnumeration, + (ndr_pull_flags_fn_t) ndr_pull_EndEnumeration, +- (ndr_print_function_t) ndr_print_EndEnumeration, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5188,7 +5188,7 @@ static const struct ndr_interface_call I + sizeof(struct SetValue), + (ndr_push_flags_fn_t) ndr_push_SetValue, + (ndr_pull_flags_fn_t) ndr_pull_SetValue, +- (ndr_print_function_t) ndr_print_SetValue, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5197,7 +5197,7 @@ static const struct ndr_interface_call I + sizeof(struct GetValue), + (ndr_push_flags_fn_t) ndr_push_GetValue, + (ndr_pull_flags_fn_t) ndr_pull_GetValue, +- (ndr_print_function_t) ndr_print_GetValue, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5206,7 +5206,7 @@ static const struct ndr_interface_call I + sizeof(struct DeleteValue), + (ndr_push_flags_fn_t) ndr_push_DeleteValue, + (ndr_pull_flags_fn_t) ndr_pull_DeleteValue, +- (ndr_print_function_t) ndr_print_DeleteValue, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5215,7 +5215,7 @@ static const struct ndr_interface_call I + sizeof(struct DeleteAll), + (ndr_push_flags_fn_t) ndr_push_DeleteAll, + (ndr_pull_flags_fn_t) ndr_pull_DeleteAll, +- (ndr_print_function_t) ndr_print_DeleteAll, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5963,7 +5963,7 @@ static const struct ndr_interface_call I + sizeof(struct EstablishPosition), + (ndr_push_flags_fn_t) ndr_push_EstablishPosition, + (ndr_pull_flags_fn_t) ndr_pull_EstablishPosition, +- (ndr_print_function_t) ndr_print_EstablishPosition, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5972,7 +5972,7 @@ static const struct ndr_interface_call I + sizeof(struct RequestChallenge), + (ndr_push_flags_fn_t) ndr_push_RequestChallenge, + (ndr_pull_flags_fn_t) ndr_pull_RequestChallenge, +- (ndr_print_function_t) ndr_print_RequestChallenge, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5981,7 +5981,7 @@ static const struct ndr_interface_call I + sizeof(struct WBEMLogin), + (ndr_push_flags_fn_t) ndr_push_WBEMLogin, + (ndr_pull_flags_fn_t) ndr_pull_WBEMLogin, +- (ndr_print_function_t) ndr_print_WBEMLogin, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -5990,7 +5990,7 @@ static const struct ndr_interface_call I + sizeof(struct NTLMLogin), + (ndr_push_flags_fn_t) ndr_push_NTLMLogin, + (ndr_pull_flags_fn_t) ndr_pull_NTLMLogin, +- (ndr_print_function_t) ndr_print_NTLMLogin, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -6225,7 +6225,7 @@ static const struct ndr_interface_call I + sizeof(struct IWbemWCOSmartEnum_Next), + (ndr_push_flags_fn_t) ndr_push_IWbemWCOSmartEnum_Next, + (ndr_pull_flags_fn_t) ndr_pull_IWbemWCOSmartEnum_Next, +- (ndr_print_function_t) ndr_print_IWbemWCOSmartEnum_Next, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -6479,7 +6479,7 @@ static const struct ndr_interface_call I + sizeof(struct Fetch), + (ndr_push_flags_fn_t) ndr_push_Fetch, + (ndr_pull_flags_fn_t) ndr_pull_Fetch, +- (ndr_print_function_t) ndr_print_Fetch, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -6488,7 +6488,7 @@ static const struct ndr_interface_call I + sizeof(struct Test), + (ndr_push_flags_fn_t) ndr_push_Test, + (ndr_pull_flags_fn_t) ndr_pull_Test, +- (ndr_print_function_t) ndr_print_Test, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -6920,7 +6920,7 @@ static const struct ndr_interface_call I + sizeof(struct GetResultObject), + (ndr_push_flags_fn_t) ndr_push_GetResultObject, + (ndr_pull_flags_fn_t) ndr_pull_GetResultObject, +- (ndr_print_function_t) ndr_print_GetResultObject, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -6929,7 +6929,7 @@ static const struct ndr_interface_call I + sizeof(struct GetResultString), + (ndr_push_flags_fn_t) ndr_push_GetResultString, + (ndr_pull_flags_fn_t) ndr_pull_GetResultString, +- (ndr_print_function_t) ndr_print_GetResultString, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -6938,7 +6938,7 @@ static const struct ndr_interface_call I + sizeof(struct GetResultServices), + (ndr_push_flags_fn_t) ndr_push_GetResultServices, + (ndr_pull_flags_fn_t) ndr_pull_GetResultServices, +- (ndr_print_function_t) ndr_print_GetResultServices, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -6947,7 +6947,7 @@ static const struct ndr_interface_call I + sizeof(struct GetCallStatus), + (ndr_push_flags_fn_t) ndr_push_GetCallStatus, + (ndr_pull_flags_fn_t) ndr_pull_GetCallStatus, +- (ndr_print_function_t) ndr_print_GetCallStatus, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7211,7 +7211,7 @@ static const struct ndr_interface_call I + sizeof(struct SetStatus), + (ndr_push_flags_fn_t) ndr_push_SetStatus, + (ndr_pull_flags_fn_t) ndr_pull_SetStatus, +- (ndr_print_function_t) ndr_print_SetStatus, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -7220,7 +7220,7 @@ static const struct ndr_interface_call I + sizeof(struct Indicate), + (ndr_push_flags_fn_t) ndr_push_Indicate, + (ndr_pull_flags_fn_t) ndr_pull_Indicate, +- (ndr_print_function_t) ndr_print_Indicate, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_wzcsvc.c ++++ b/source3/librpc/gen_ndr/ndr_wzcsvc.c +@@ -711,7 +711,7 @@ static const struct ndr_interface_call w + sizeof(struct wzcsvc_EnumInterfaces), + (ndr_push_flags_fn_t) ndr_push_wzcsvc_EnumInterfaces, + (ndr_pull_flags_fn_t) ndr_pull_wzcsvc_EnumInterfaces, +- (ndr_print_function_t) ndr_print_wzcsvc_EnumInterfaces, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -720,7 +720,7 @@ static const struct ndr_interface_call w + sizeof(struct wzcsvc_QueryInterface), + (ndr_push_flags_fn_t) ndr_push_wzcsvc_QueryInterface, + (ndr_pull_flags_fn_t) ndr_pull_wzcsvc_QueryInterface, +- (ndr_print_function_t) ndr_print_wzcsvc_QueryInterface, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -729,7 +729,7 @@ static const struct ndr_interface_call w + sizeof(struct wzcsvc_SetInterface), + (ndr_push_flags_fn_t) ndr_push_wzcsvc_SetInterface, + (ndr_pull_flags_fn_t) ndr_pull_wzcsvc_SetInterface, +- (ndr_print_function_t) ndr_print_wzcsvc_SetInterface, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -738,7 +738,7 @@ static const struct ndr_interface_call w + sizeof(struct wzcsvc_RefreshInterface), + (ndr_push_flags_fn_t) ndr_push_wzcsvc_RefreshInterface, + (ndr_pull_flags_fn_t) ndr_pull_wzcsvc_RefreshInterface, +- (ndr_print_function_t) ndr_print_wzcsvc_RefreshInterface, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -747,7 +747,7 @@ static const struct ndr_interface_call w + sizeof(struct wzcsvc_QueryContext), + (ndr_push_flags_fn_t) ndr_push_wzcsvc_QueryContext, + (ndr_pull_flags_fn_t) ndr_pull_wzcsvc_QueryContext, +- (ndr_print_function_t) ndr_print_wzcsvc_QueryContext, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -756,7 +756,7 @@ static const struct ndr_interface_call w + sizeof(struct wzcsvc_SetContext), + (ndr_push_flags_fn_t) ndr_push_wzcsvc_SetContext, + (ndr_pull_flags_fn_t) ndr_pull_wzcsvc_SetContext, +- (ndr_print_function_t) ndr_print_wzcsvc_SetContext, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -765,7 +765,7 @@ static const struct ndr_interface_call w + sizeof(struct wzcsvc_EapolUIResponse), + (ndr_push_flags_fn_t) ndr_push_wzcsvc_EapolUIResponse, + (ndr_pull_flags_fn_t) ndr_pull_wzcsvc_EapolUIResponse, +- (ndr_print_function_t) ndr_print_wzcsvc_EapolUIResponse, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -774,7 +774,7 @@ static const struct ndr_interface_call w + sizeof(struct wzcsvc_EapolGetCustomAuthData), + (ndr_push_flags_fn_t) ndr_push_wzcsvc_EapolGetCustomAuthData, + (ndr_pull_flags_fn_t) ndr_pull_wzcsvc_EapolGetCustomAuthData, +- (ndr_print_function_t) ndr_print_wzcsvc_EapolGetCustomAuthData, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -783,7 +783,7 @@ static const struct ndr_interface_call w + sizeof(struct wzcsvc_EapolSetCustomAuthData), + (ndr_push_flags_fn_t) ndr_push_wzcsvc_EapolSetCustomAuthData, + (ndr_pull_flags_fn_t) ndr_pull_wzcsvc_EapolSetCustomAuthData, +- (ndr_print_function_t) ndr_print_wzcsvc_EapolSetCustomAuthData, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -792,7 +792,7 @@ static const struct ndr_interface_call w + sizeof(struct wzcsvc_EapolGetInterfaceParams), + (ndr_push_flags_fn_t) ndr_push_wzcsvc_EapolGetInterfaceParams, + (ndr_pull_flags_fn_t) ndr_pull_wzcsvc_EapolGetInterfaceParams, +- (ndr_print_function_t) ndr_print_wzcsvc_EapolGetInterfaceParams, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -801,7 +801,7 @@ static const struct ndr_interface_call w + sizeof(struct wzcsvc_EapolSetInterfaceParams), + (ndr_push_flags_fn_t) ndr_push_wzcsvc_EapolSetInterfaceParams, + (ndr_pull_flags_fn_t) ndr_pull_wzcsvc_EapolSetInterfaceParams, +- (ndr_print_function_t) ndr_print_wzcsvc_EapolSetInterfaceParams, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -810,7 +810,7 @@ static const struct ndr_interface_call w + sizeof(struct wzcsvc_EapolReAuthenticateInterface), + (ndr_push_flags_fn_t) ndr_push_wzcsvc_EapolReAuthenticateInterface, + (ndr_pull_flags_fn_t) ndr_pull_wzcsvc_EapolReAuthenticateInterface, +- (ndr_print_function_t) ndr_print_wzcsvc_EapolReAuthenticateInterface, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -819,7 +819,7 @@ static const struct ndr_interface_call w + sizeof(struct wzcsvc_EapolQueryInterfaceState), + (ndr_push_flags_fn_t) ndr_push_wzcsvc_EapolQueryInterfaceState, + (ndr_pull_flags_fn_t) ndr_pull_wzcsvc_EapolQueryInterfaceState, +- (ndr_print_function_t) ndr_print_wzcsvc_EapolQueryInterfaceState, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -828,7 +828,7 @@ static const struct ndr_interface_call w + sizeof(struct wzcsvc_OpenWZCDbLogSession), + (ndr_push_flags_fn_t) ndr_push_wzcsvc_OpenWZCDbLogSession, + (ndr_pull_flags_fn_t) ndr_pull_wzcsvc_OpenWZCDbLogSession, +- (ndr_print_function_t) ndr_print_wzcsvc_OpenWZCDbLogSession, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -837,7 +837,7 @@ static const struct ndr_interface_call w + sizeof(struct wzcsvc_CloseWZCDbLogSession), + (ndr_push_flags_fn_t) ndr_push_wzcsvc_CloseWZCDbLogSession, + (ndr_pull_flags_fn_t) ndr_pull_wzcsvc_CloseWZCDbLogSession, +- (ndr_print_function_t) ndr_print_wzcsvc_CloseWZCDbLogSession, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -846,7 +846,7 @@ static const struct ndr_interface_call w + sizeof(struct wzcsvc_EnumWZCDbLogRecords), + (ndr_push_flags_fn_t) ndr_push_wzcsvc_EnumWZCDbLogRecords, + (ndr_pull_flags_fn_t) ndr_pull_wzcsvc_EnumWZCDbLogRecords, +- (ndr_print_function_t) ndr_print_wzcsvc_EnumWZCDbLogRecords, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -855,7 +855,7 @@ static const struct ndr_interface_call w + sizeof(struct wzcsvc_FlushWZCdbLog), + (ndr_push_flags_fn_t) ndr_push_wzcsvc_FlushWZCdbLog, + (ndr_pull_flags_fn_t) ndr_pull_wzcsvc_FlushWZCdbLog, +- (ndr_print_function_t) ndr_print_wzcsvc_FlushWZCdbLog, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +@@ -864,7 +864,7 @@ static const struct ndr_interface_call w + sizeof(struct wzcsvc_GetWZCDbLogRecord), + (ndr_push_flags_fn_t) ndr_push_wzcsvc_GetWZCDbLogRecord, + (ndr_pull_flags_fn_t) ndr_pull_wzcsvc_GetWZCDbLogRecord, +- (ndr_print_function_t) ndr_print_wzcsvc_GetWZCDbLogRecord, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- a/source3/librpc/gen_ndr/ndr_xattr.c ++++ b/source3/librpc/gen_ndr/ndr_xattr.c +@@ -1101,7 +1101,7 @@ static const struct ndr_interface_call x + sizeof(struct xattr_parse_DOSATTRIB), + (ndr_push_flags_fn_t) ndr_push_xattr_parse_DOSATTRIB, + (ndr_pull_flags_fn_t) ndr_pull_xattr_parse_DOSATTRIB, +- (ndr_print_function_t) ndr_print_xattr_parse_DOSATTRIB, ++ (ndr_print_function_t) ndr_print_disabled, + { 0, NULL }, + { 0, NULL }, + }, +--- /dev/null ++++ b/source3/remove-librpc-print-calls.sh +@@ -0,0 +1,22 @@ ++#!/usr/bin/env bash ++set -e ++for file in ${1:-librpc/gen_ndr/ndr_*.c}; do ++ quilt add "$file" || true ++ awk ' ++$0 ~ /^static const struct ndr_interface_call .* = {$/ { ++ replace = 1 ++} ++ ++$0 ~ /^}$/ { ++ replace = 0; ++} ++ ++replace == 1 { ++ gsub(/.ndr_print_function_t. .*,/, "(ndr_print_function_t) ndr_print_disabled,", $0) ++} ++{ ++ print $0 ++} ++ ' < "$file" > "$file.new" ++ mv "$file.new" "$file" ++done +--- a/librpc/ndr/libndr.h ++++ b/librpc/ndr/libndr.h +@@ -603,6 +603,7 @@ _PUBLIC_ enum ndr_err_code ndr_push_enum + _PUBLIC_ enum ndr_err_code ndr_push_enum_uint1632(struct ndr_push *ndr, int ndr_flags, uint16_t v); + + _PUBLIC_ void ndr_print_bool(struct ndr_print *ndr, const char *name, const bool b); ++_PUBLIC_ void ndr_print_disabled(struct ndr_print *ndr, const char *name, int flags, void *r); + + #ifndef VERBOSE_ERROR + #define ndr_print_bool(...) do {} while (0) diff --git a/package/network/services/uhttpd/Makefile b/package/network/services/uhttpd/Makefile new file mode 100644 index 0000000..d14e3a9 --- /dev/null +++ b/package/network/services/uhttpd/Makefile @@ -0,0 +1,146 @@ +# +# Copyright (C) 2010-2015 Jo-Philipp Wich <jow@openwrt.org> +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=uhttpd +PKG_VERSION:=2015-10-20 +PKG_RELEASE=$(PKG_SOURCE_VERSION) + +PKG_SOURCE_PROTO:=git +PKG_SOURCE_URL:=git://nbd.name/uhttpd2.git +PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION) +PKG_SOURCE_VERSION:=618315bc0729c3064e06af2900a86211354f81c9 +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz +PKG_MAINTAINER:=Felix Fietkau <nbd@openwrt.org> +PKG_LICENSE:=ISC + +PKG_BUILD_DEPENDS = ustream-ssl + +include $(INCLUDE_DIR)/package.mk +include $(INCLUDE_DIR)/cmake.mk + +define Package/uhttpd/default + SECTION:=net + CATEGORY:=Network + SUBMENU:=Web Servers/Proxies + TITLE:=uHTTPd - tiny, single threaded HTTP server +endef + +define Package/uhttpd + $(Package/uhttpd/default) + DEPENDS:=+libubox +endef + +define Package/uhttpd/description + uHTTPd is a tiny single threaded HTTP server with TLS, CGI and Lua + support. It is intended as a drop-in replacement for the Busybox + HTTP daemon. +endef + +define Package/uhttpd/config + config PACKAGE_uhttpd_debug + bool "Build with debug messages" + default n +endef + + +define Package/uhttpd-mod-tls + $(Package/uhttpd/default) + TITLE+= (TLS plugin) + DEPENDS:=uhttpd \ + +PACKAGE_uhttpd-mod-tls_polarssl:libustream-polarssl \ + +PACKAGE_uhttpd-mod-tls_cyassl:libustream-cyassl \ + +PACKAGE_uhttpd-mod-tls_openssl:libustream-openssl +endef + +define Package/uhttpd-mod-tls/description + The TLS plugin adds HTTPS support to uHTTPd. +endef + +define Package/uhttpd-mod-tls/config + choice + depends on PACKAGE_uhttpd-mod-tls + prompt "TLS Provider" + default PACKAGE_uhttpd-mod-tls_polarssl + + config PACKAGE_uhttpd-mod-tls_polarssl + bool "PolarSSL" + + config PACKAGE_uhttpd-mod-tls_cyassl + bool "CyaSSL" + + config PACKAGE_uhttpd-mod-tls_openssl + bool "OpenSSL" + endchoice +endef + +define Package/uhttpd-mod-lua + $(Package/uhttpd/default) + TITLE+= (Lua plugin) + DEPENDS:=uhttpd +liblua +endef + +define Package/uhttpd-mod-lua/description + The Lua plugin adds a CGI-like Lua runtime interface to uHTTPd. +endef + + +define Package/uhttpd-mod-ubus + $(Package/uhttpd/default) + TITLE+= (ubus plugin) + DEPENDS:=uhttpd +libubus +libblobmsg-json +endef + +define Package/uhttpd-mod-ubus/description + The ubus plugin adds a HTTP/JSON RPC proxy for ubus and publishes the + session.* namespace and procedures. +endef + +define Package/uhttpd/conffiles +/etc/config/uhttpd +/etc/uhttpd.crt +/etc/uhttpd.key +endef + +ifneq ($(CONFIG_USE_GLIBC),) + TARGET_CFLAGS += -D_DEFAULT_SOURCE +endif + +TARGET_LDFLAGS += -lcrypt + +CMAKE_OPTIONS = -DTLS_SUPPORT=on + +define Package/uhttpd/install + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/uhttpd.init $(1)/etc/init.d/uhttpd + $(INSTALL_DIR) $(1)/etc/config + $(INSTALL_CONF) ./files/uhttpd.config $(1)/etc/config/uhttpd + $(INSTALL_DIR) $(1)/usr/sbin + $(INSTALL_BIN) $(PKG_BUILD_DIR)/uhttpd $(1)/usr/sbin/uhttpd +endef + +define Package/uhttpd-mod-tls/install + true +endef + +define Package/uhttpd-mod-lua/install + $(INSTALL_DIR) $(1)/usr/lib + $(INSTALL_BIN) $(PKG_BUILD_DIR)/uhttpd_lua.so $(1)/usr/lib/ +endef + +define Package/uhttpd-mod-ubus/install + $(INSTALL_DIR) $(1)/usr/lib $(1)/etc/uci-defaults + $(INSTALL_BIN) $(PKG_BUILD_DIR)/uhttpd_ubus.so $(1)/usr/lib/ + $(INSTALL_DATA) ./files/ubus.default $(1)/etc/uci-defaults/00_uhttpd_ubus +endef + + +$(eval $(call BuildPackage,uhttpd)) +$(eval $(call BuildPackage,uhttpd-mod-tls)) +$(eval $(call BuildPackage,uhttpd-mod-lua)) +$(eval $(call BuildPackage,uhttpd-mod-ubus)) diff --git a/package/network/services/uhttpd/files/ubus.default b/package/network/services/uhttpd/files/ubus.default new file mode 100644 index 0000000..f0f71e9 --- /dev/null +++ b/package/network/services/uhttpd/files/ubus.default @@ -0,0 +1,8 @@ +#!/bin/sh + +if [ -z "$(uci -q get uhttpd.main.ubus_prefix)" ]; then + uci set uhttpd.main.ubus_prefix=/ubus + uci commit uhttpd +fi + +exit 0 diff --git a/package/network/services/uhttpd/files/uhttpd.config b/package/network/services/uhttpd/files/uhttpd.config new file mode 100644 index 0000000..61f8a49 --- /dev/null +++ b/package/network/services/uhttpd/files/uhttpd.config @@ -0,0 +1,122 @@ +# Server configuration +config uhttpd main + + # HTTP listen addresses, multiple allowed + list listen_http 0.0.0.0:80 + list listen_http [::]:80 + + # HTTPS listen addresses, multiple allowed + list listen_https 0.0.0.0:443 + list listen_https [::]:443 + + # Redirect HTTP requests to HTTPS if possible + option redirect_https 1 + + # Server document root + option home /www + + # Reject requests from RFC1918 IP addresses + # directed to the servers public IP(s). + # This is a DNS rebinding countermeasure. + option rfc1918_filter 1 + + # Maximum number of concurrent requests. + # If this number is exceeded, further requests are + # queued until the number of running requests drops + # below the limit again. + option max_requests 3 + + # Maximum number of concurrent connections. + # If this number is exceeded, further TCP connection + # attempts are queued until the number of active + # connections drops below the limit again. + option max_connections 100 + + # Certificate and private key for HTTPS. + # If no listen_https addresses are given, + # the key options are ignored. + option cert /etc/uhttpd.crt + option key /etc/uhttpd.key + + # CGI url prefix, will be searched in docroot. + # Default is /cgi-bin + option cgi_prefix /cgi-bin + + # List of extension->interpreter mappings. + # Files with an associated interpreter can + # be called outside of the CGI prefix and do + # not need to be executable. +# list interpreter ".php=/usr/bin/php-cgi" +# list interpreter ".cgi=/usr/bin/perl" + + # Lua url prefix and handler script. + # Lua support is disabled if no prefix given. +# option lua_prefix /luci +# option lua_handler /usr/lib/lua/luci/sgi/uhttpd.lua + + # Specify the ubus-rpc prefix and socket path. +# option ubus_prefix /ubus +# option ubus_socket /var/run/ubus.sock + + # CGI/Lua timeout, if the called script does not + # write data within the given amount of seconds, + # the server will terminate the request with + # 504 Gateway Timeout response. + option script_timeout 60 + + # Network timeout, if the current connection is + # blocked for the specified amount of seconds, + # the server will terminate the associated + # request process. + option network_timeout 30 + + # HTTP Keep-Alive, specifies the timeout for persistent + # HTTP/1.1 connections. Setting this to 0 will disable + # persistent HTTP connections. + option http_keepalive 20 + + # TCP Keep-Alive, send periodic keep-alive probes + # over established connections to detect dead peers. + # The value is given in seconds to specify the + # interval between subsequent probes. + # Setting this to 0 will disable TCP keep-alive. + option tcp_keepalive 1 + + # Basic auth realm, defaults to local hostname +# option realm OpenWrt + + # Configuration file in busybox httpd format +# option config /etc/httpd.conf + + # Do not follow symlinks that point outside of the + # home directory. +# option no_symlinks 0 + + # Do not produce directory listings but send 403 + # instead if a client requests an url pointing to + # a directory without any index file. +# option no_dirlists 0 + + # Do not authenticate any ubus-rpc requests against + # the ubus session/access procedure. + # This is dangerous and should be always left off + # except for development and debug purposes! +# option no_ubusauth 0 + + +# Certificate defaults for px5g key generator +config cert px5g + + # Validity time + option days 730 + + # RSA key size + option bits 1024 + + # Location + option country ZZ + option state Somewhere + option location Uknown + + # Common name + option commonname OpenWrt diff --git a/package/network/services/uhttpd/files/uhttpd.init b/package/network/services/uhttpd/files/uhttpd.init new file mode 100755 index 0000000..fcde52a --- /dev/null +++ b/package/network/services/uhttpd/files/uhttpd.init @@ -0,0 +1,149 @@ +#!/bin/sh /etc/rc.common +# Copyright (C) 2010 Jo-Philipp Wich + +START=50 + +USE_PROCD=1 + +UHTTPD_BIN="/usr/sbin/uhttpd" +PX5G_BIN="/usr/sbin/px5g" + +append_arg() { + local cfg="$1" + local var="$2" + local opt="$3" + local def="$4" + local val + + config_get val "$cfg" "$var" + [ -n "$val" -o -n "$def" ] && procd_append_param command "$opt" "${val:-$def}" +} + +append_bool() { + local cfg="$1" + local var="$2" + local opt="$3" + local def="$4" + local val + + config_get_bool val "$cfg" "$var" "$def" + [ "$val" = 1 ] && procd_append_param command "$opt" +} + +generate_keys() { + local cfg="$1" + local key="$2" + local crt="$3" + local days bits country state location commonname + + config_get days "$cfg" days + config_get bits "$cfg" bits + config_get country "$cfg" country + config_get state "$cfg" state + config_get location "$cfg" location + config_get commonname "$cfg" commonname + + [ -x "$PX5G_BIN" ] && { + $PX5G_BIN selfsigned -der \ + -days ${days:-730} -newkey rsa:${bits:-1024} -keyout "${UHTTPD_KEY}.new" -out "${UHTTPD_CERT}.new" \ + -subj /C="${country:-DE}"/ST="${state:-Saxony}"/L="${location:-Leipzig}"/CN="${commonname:-OpenWrt}" + sync + mv "${UHTTPD_KEY}.new" "${UHTTPD_KEY}" + mv "${UHTTPD_CERT}.new" "${UHTTPD_CERT}" + } +} + +start_instance() +{ + UHTTPD_CERT="" + UHTTPD_KEY="" + + local cfg="$1" + local realm="$(uci_get system.@system[0].hostname)" + local listen http https interpreter indexes path handler + + procd_open_instance + procd_set_param respawn + procd_set_param stderr 1 + procd_set_param command "$UHTTPD_BIN" -f + + append_arg "$cfg" home "-h" + append_arg "$cfg" realm "-r" "${realm:-OpenWrt}" + append_arg "$cfg" config "-c" + append_arg "$cfg" cgi_prefix "-x" + [ -f /usr/lib/uhttpd_lua.so ] && { + config_get handler "$cfg" lua_handler + [ -f "$handler" ] && append_arg "$cfg" lua_prefix "-l" && { + procd_append_param command "-L" "$handler" + } + } + [ -f /usr/lib/uhttpd_ubus.so ] && { + append_arg "$cfg" ubus_prefix "-u" + append_arg "$cfg" ubus_socket "-U" + } + append_arg "$cfg" script_timeout "-t" + append_arg "$cfg" network_timeout "-T" + append_arg "$cfg" http_keepalive "-k" + append_arg "$cfg" tcp_keepalive "-A" + append_arg "$cfg" error_page "-E" + append_arg "$cfg" max_requests "-n" 3 + append_arg "$cfg" max_connections "-N" + + append_bool "$cfg" no_ubusauth "-a" 0 + append_bool "$cfg" no_symlinks "-S" 0 + append_bool "$cfg" no_dirlists "-D" 0 + append_bool "$cfg" rfc1918_filter "-R" 0 + + config_get alias_list "$cfg" alias + for alias in $alias_list; do + procd_append_param command -y "$alias" + done + + config_get http "$cfg" listen_http + for listen in $http; do + procd_append_param command -p "$listen" + done + + config_get interpreter "$cfg" interpreter + for path in $interpreter; do + procd_append_param command -i "$path" + done + + config_get indexes "$cfg" index_page + for path in $indexes; do + procd_append_param command -I "$path" + done + + config_get https "$cfg" listen_https + config_get UHTTPD_KEY "$cfg" key /etc/uhttpd.key + config_get UHTTPD_CERT "$cfg" cert /etc/uhttpd.crt + + [ -f /lib/libustream-ssl.so ] && [ -n "$https" ] && { + [ -s "$UHTTPD_CERT" -a -s "$UHTTPD_KEY" ] || { + config_foreach generate_keys cert + } + + [ -f "$UHTTPD_CERT" -a -f "$UHTTPD_KEY" ] && { + append_arg "$cfg" cert "-C" + append_arg "$cfg" key "-K" + + for listen in $https; do + procd_append_param command -s "$listen" + done + } + + append_bool "$cfg" redirect_https "-q" 0 + } + + procd_close_instance +} + +service_triggers() +{ + procd_add_reload_trigger "uhttpd" +} + +start_service() { + config_load uhttpd + config_foreach start_instance uhttpd +} |