diff options
Diffstat (limited to 'package/network/services/ppp/patches/201-mppe_mppc_1.1.patch')
-rw-r--r-- | package/network/services/ppp/patches/201-mppe_mppc_1.1.patch | 133 |
1 files changed, 78 insertions, 55 deletions
diff --git a/package/network/services/ppp/patches/201-mppe_mppc_1.1.patch b/package/network/services/ppp/patches/201-mppe_mppc_1.1.patch index 9345c10400..3c30517e42 100644 --- a/package/network/services/ppp/patches/201-mppe_mppc_1.1.patch +++ b/package/network/services/ppp/patches/201-mppe_mppc_1.1.patch @@ -88,7 +88,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io> */ --- a/pppd/ccp.c +++ b/pppd/ccp.c -@@ -61,12 +61,10 @@ static int setdeflate __P((char **)); +@@ -61,12 +61,10 @@ static int setdeflate (char **); static char bsd_value[8]; static char deflate_value[8]; @@ -197,7 +197,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io> /* * Local state (mainly for handling reset-reqs and reset-acks). -@@ -343,6 +323,100 @@ setdeflate(argv) +@@ -341,6 +321,100 @@ setdeflate(char **argv) return 1; } @@ -298,7 +298,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io> /* * ccp_init - initialize CCP. */ -@@ -377,6 +451,30 @@ ccp_init(unit) +@@ -374,6 +448,30 @@ ccp_init(int unit) ccp_allowoptions[0].bsd_bits = BSD_MAX_BITS; ccp_allowoptions[0].predictor_1 = 1; @@ -329,7 +329,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io> } /* -@@ -454,11 +552,11 @@ ccp_input(unit, p, len) +@@ -443,11 +541,11 @@ ccp_input(int unit, u_char *p, int len) if (oldstate == OPENED && p[0] == TERMREQ && f->state != OPENED) { notice("Compression disabled by peer."); #ifdef MPPE @@ -343,7 +343,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io> } /* -@@ -486,6 +584,15 @@ ccp_extcode(f, code, id, p, len) +@@ -471,6 +569,15 @@ ccp_extcode(fsm *f, int code, int id, u_ break; /* send a reset-ack, which the transmitter will see and reset its compression state. */ @@ -359,7 +359,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io> fsm_sdata(f, CCP_RESETACK, id, NULL, 0); break; -@@ -514,12 +621,11 @@ ccp_protrej(unit) +@@ -498,12 +605,11 @@ ccp_protrej(int unit) fsm_lowerdown(&ccp_fsm[unit]); #ifdef MPPE @@ -374,7 +374,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io> } /* -@@ -536,7 +642,7 @@ ccp_resetci(f) +@@ -519,7 +625,7 @@ ccp_resetci(fsm *f) all_rejected[f->unit] = 0; #ifdef MPPE @@ -382,11 +382,27 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io> + if (go->mppe || go->mppc) { ccp_options *ao = &ccp_allowoptions[f->unit]; int auth_mschap_bits = auth_done[f->unit]; - int numbits; -@@ -550,80 +656,109 @@ ccp_resetci(f) + #ifdef USE_EAPTLS +@@ -536,95 +642,124 @@ ccp_resetci(fsm *f) * NB: If MPPE is required, all other compression opts are invalid. * So, we return right away if we can't do it. */ +- +- /* Leave only the mschap auth bits set */ +- auth_mschap_bits &= (CHAP_MS_WITHPEER | CHAP_MS_PEER | +- CHAP_MS2_WITHPEER | CHAP_MS2_PEER); +- /* Count the mschap auths */ +- auth_mschap_bits >>= CHAP_MS_SHIFT; +- numbits = 0; +- do { +- numbits += auth_mschap_bits & 1; +- auth_mschap_bits >>= 1; +- } while (auth_mschap_bits); +- if (numbits > 1) { +- error("MPPE required, but auth done in both directions."); +- lcp_close(f->unit, "MPPE required but not available"); +- return; +- } + if (ccp_wantoptions[f->unit].mppe) { + /* Leave only the mschap auth bits set */ + auth_mschap_bits &= (CHAP_MS_WITHPEER | CHAP_MS_PEER | @@ -403,33 +419,42 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io> + lcp_close(f->unit, "MPPE required but not available"); + return; + } -+ if (!numbits) { -+ error("MPPE required, but MS-CHAP[v2] auth not performed."); -+ lcp_close(f->unit, "MPPE required but not available"); -+ return; -+ } -- /* Leave only the mschap auth bits set */ -- auth_mschap_bits &= (CHAP_MS_WITHPEER | CHAP_MS_PEER | -- CHAP_MS2_WITHPEER | CHAP_MS2_PEER); -- /* Count the mschap auths */ -- auth_mschap_bits >>= CHAP_MS_SHIFT; -- numbits = 0; -- do { -- numbits += auth_mschap_bits & 1; -- auth_mschap_bits >>= 1; -- } while (auth_mschap_bits); -- if (numbits > 1) { -- error("MPPE required, but auth done in both directions."); -- lcp_close(f->unit, "MPPE required but not available"); -- return; -- } + #ifdef USE_EAPTLS +- /* +- * MPPE is also possible in combination with EAP-TLS. +- * It is not possible to detect if we're doing EAP or EAP-TLS +- * at this stage, hence we accept all forms of EAP. If TLS is +- * not used then the MPPE keys will not be derived anyway. +- */ +- /* Leave only the eap auth bits set */ +- auth_eap_bits &= (EAP_WITHPEER | EAP_PEER ); ++ /* ++ * MPPE is also possible in combination with EAP-TLS. ++ * It is not possible to detect if we're doing EAP or EAP-TLS ++ * at this stage, hence we accept all forms of EAP. If TLS is ++ * not used then the MPPE keys will not be derived anyway. ++ */ ++ /* Leave only the eap auth bits set */ ++ auth_eap_bits &= (EAP_WITHPEER | EAP_PEER ); + +- if ((numbits == 0) && (auth_eap_bits == 0)) { +- error("MPPE required, but MS-CHAP[v2] nor EAP-TLS auth are performed."); ++ if ((numbits == 0) && (auth_eap_bits == 0)) { ++ error("MPPE required, but MS-CHAP[v2] nor EAP-TLS auth are performed."); + #else - if (!numbits) { - error("MPPE required, but MS-CHAP[v2] auth not performed."); ++ if (!numbits) { ++ error("MPPE required, but MS-CHAP[v2] auth not performed."); + #endif - lcp_close(f->unit, "MPPE required but not available"); - return; - } -- ++ lcp_close(f->unit, "MPPE required but not available"); ++ return; ++ } + - /* A plugin (eg radius) may not have obtained key material. */ - if (!mppe_keys_set) { - error("MPPE required, but keys are not available. " @@ -559,7 +584,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io> if (go->bsd_compress) { opt_buf[0] = CI_BSD_COMPRESS; opt_buf[1] = CILEN_BSD_COMPRESS; -@@ -679,7 +814,8 @@ ccp_cilen(f) +@@ -679,7 +814,8 @@ static int + (go->deflate && go->deflate_draft? CILEN_DEFLATE: 0) + (go->predictor_1? CILEN_PREDICTOR_1: 0) + (go->predictor_2? CILEN_PREDICTOR_2: 0) @@ -569,7 +594,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io> } /* -@@ -693,6 +829,8 @@ ccp_addci(f, p, lenp) +@@ -690,6 +826,8 @@ static void { int res; ccp_options *go = &ccp_gotoptions[f->unit]; @@ -578,7 +603,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io> u_char *p0 = p; /* -@@ -701,22 +839,43 @@ ccp_addci(f, p, lenp) +@@ -698,22 +836,43 @@ static void * in case it gets Acked. */ #ifdef MPPE @@ -631,7 +656,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io> if (go->deflate) { p[0] = go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT; p[1] = CILEN_DEFLATE; -@@ -802,7 +961,7 @@ ccp_addci(f, p, lenp) +@@ -799,30 +958,50 @@ static void /* * ccp_ackci - process a received configure-ack, and return @@ -639,9 +664,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io> + * 1 if the packet was OK. */ static int - ccp_ackci(f, p, len) -@@ -811,24 +970,44 @@ ccp_ackci(f, p, len) - int len; + ccp_ackci(fsm *f, u_char *p, int len) { ccp_options *go = &ccp_gotoptions[f->unit]; + ccp_options *ao = &ccp_allowoptions[f->unit]; @@ -694,8 +717,8 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io> if (go->deflate) { if (len < CILEN_DEFLATE || p[0] != (go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT) -@@ -901,6 +1080,8 @@ ccp_nakci(f, p, len, treat_as_reject) - int treat_as_reject; +@@ -891,6 +1070,8 @@ static int + ccp_nakci(fsm *f, u_char *p, int len, int treat_as_reject) { ccp_options *go = &ccp_gotoptions[f->unit]; + ccp_options *ao = &ccp_allowoptions[f->unit]; @@ -703,7 +726,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io> ccp_options no; /* options we've seen already */ ccp_options try; /* options to ask for next time */ -@@ -908,28 +1089,100 @@ ccp_nakci(f, p, len, treat_as_reject) +@@ -898,28 +1079,100 @@ static int try = *go; #ifdef MPPE @@ -822,7 +845,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io> if (go->deflate && len >= CILEN_DEFLATE && p[0] == (go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT) && p[1] == CILEN_DEFLATE) { -@@ -1002,14 +1255,50 @@ ccp_rejci(f, p, len) +@@ -989,14 +1242,50 @@ ccp_rejci(fsm *f, u_char *p, int len) return -1; #ifdef MPPE @@ -877,8 +900,8 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io> if (go->deflate_correct && len >= CILEN_DEFLATE && p[0] == CI_DEFLATE && p[1] == CILEN_DEFLATE) { if (p[2] != DEFLATE_MAKE_OPT(go->deflate_size) -@@ -1073,14 +1362,15 @@ ccp_reqci(f, p, lenp, dont_nak) - int dont_nak; +@@ -1056,14 +1345,15 @@ static int + ccp_reqci(fsm *f, u_char *p, int *lenp, int dont_nak) { int ret, newret, res; - u_char *p0, *retp; @@ -897,7 +920,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io> ret = CONFACK; retp = p0 = p; -@@ -1103,106 +1393,302 @@ ccp_reqci(f, p, lenp, dont_nak) +@@ -1086,106 +1376,302 @@ ccp_reqci(fsm *f, u_char *p, int *lenp, switch (type) { #ifdef MPPE case CI_MPPE: @@ -910,10 +933,6 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io> - - /* Nak if anything unsupported or unknown are set. */ - if (ho->mppe & MPPE_OPT_UNSUPPORTED) { -- newret = CONFNAK; -- ho->mppe &= ~MPPE_OPT_UNSUPPORTED; -- } -- if (ho->mppe & MPPE_OPT_UNKNOWN) { + p2 = p[2]; + p5 = p[5]; + /* not sure what they want, tell 'em what we got */ @@ -922,6 +941,10 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io> + MPPE_MPPC)) != 0 || p[5] == 0) || + (p[2] == 0 && p[3] == 0 && p[4] == 0 && p[5] == 0)) { newret = CONFNAK; +- ho->mppe &= ~MPPE_OPT_UNSUPPORTED; +- } +- if (ho->mppe & MPPE_OPT_UNKNOWN) { +- newret = CONFNAK; - ho->mppe &= ~MPPE_OPT_UNKNOWN; - } - @@ -1293,7 +1316,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io> case CI_DEFLATE: case CI_DEFLATE_DRAFT: if (!ao->deflate || clen != CILEN_DEFLATE -@@ -1344,12 +1830,6 @@ ccp_reqci(f, p, lenp, dont_nak) +@@ -1327,12 +1813,6 @@ ccp_reqci(fsm *f, u_char *p, int *lenp, else *lenp = retp - p0; } @@ -1306,7 +1329,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io> return ret; } -@@ -1371,24 +1851,35 @@ method_name(opt, opt2) +@@ -1353,24 +1833,35 @@ method_name(ccp_options *opt, ccp_option char *p = result; char *q = result + sizeof(result); /* 1 past result */ @@ -1358,7 +1381,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io> case CI_DEFLATE: case CI_DEFLATE_DRAFT: if (opt2 != NULL && opt2->deflate_size != opt->deflate_size) -@@ -1444,12 +1935,12 @@ ccp_up(f) +@@ -1425,12 +1916,12 @@ ccp_up(fsm *f) } else if (ANY_COMPRESS(*ho)) notice("%s transmit compression enabled", method_name(ho, NULL)); #ifdef MPPE @@ -1373,7 +1396,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io> } /* -@@ -1472,7 +1963,7 @@ ccp_down(f) +@@ -1452,7 +1943,7 @@ ccp_down(fsm *f) lcp_close(f->unit, "MPPE disabled"); } } @@ -1382,7 +1405,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io> } /* -@@ -1532,24 +2023,28 @@ ccp_printpkt(p, plen, printer, arg) +@@ -1509,24 +2000,28 @@ ccp_printpkt(u_char *p, int plen, #ifdef MPPE case CI_MPPE: if (optlen >= CILEN_MPPE) { @@ -1423,7 +1446,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io> case CI_DEFLATE: case CI_DEFLATE_DRAFT: if (optlen >= CILEN_DEFLATE) { -@@ -1635,6 +2130,7 @@ ccp_datainput(unit, pkt, len) +@@ -1609,6 +2104,7 @@ ccp_datainput(int unit, u_char *pkt, int error("Lost compression sync: disabling compression"); ccp_close(unit, "Lost compression sync"); #ifdef MPPE @@ -1431,7 +1454,7 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io> /* * If we were doing MPPE, we must also take the link down. */ -@@ -1642,9 +2138,18 @@ ccp_datainput(unit, pkt, len) +@@ -1616,9 +2112,18 @@ ccp_datainput(int unit, u_char *pkt, int error("Too many MPPE errors, closing LCP"); lcp_close(unit, "Too many MPPE errors"); } |