Compare commits
No commits in common. "8bb5eff3ea0dc07cd3fdd8a3e2cc45cb236ac1cc" and "f1667c8a0fd4e35830ef1f3835361a7520f4f618" have entirely different histories.
8bb5eff3ea
...
f1667c8a0f
26
0020-pppd-put-lock-files-in-var-lock-ppp.patch
Normal file
26
0020-pppd-put-lock-files-in-var-lock-ppp.patch
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
From c5a5f795b1defcb6d168e79c4d1fc371dfc556ca Mon Sep 17 00:00:00 2001
|
||||||
|
From: Jiri Skala <jskala@redhat.com>
|
||||||
|
Date: Wed, 9 Apr 2014 09:29:50 +0200
|
||||||
|
Subject: [PATCH 20/27] pppd: put lock files in /var/lock/ppp
|
||||||
|
|
||||||
|
Resolves: #708260
|
||||||
|
---
|
||||||
|
pppd/utils.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/pppd/utils.c b/pppd/utils.c
|
||||||
|
index 6051b9a..8407492 100644
|
||||||
|
--- a/pppd/utils.c
|
||||||
|
+++ b/pppd/utils.c
|
||||||
|
@@ -846,7 +846,7 @@ complete_read(int fd, void *buf, size_t count)
|
||||||
|
/* Procedures for locking the serial device using a lock file. */
|
||||||
|
#ifndef LOCK_DIR
|
||||||
|
#ifdef __linux__
|
||||||
|
-#define LOCK_DIR "/var/lock"
|
||||||
|
+#define LOCK_DIR "/var/lock/ppp"
|
||||||
|
#else
|
||||||
|
#ifdef SVR4
|
||||||
|
#define LOCK_DIR "/var/spool/locks"
|
||||||
|
--
|
||||||
|
1.8.3.1
|
||||||
|
|
@ -1,898 +0,0 @@
|
|||||||
From d706c95906d996534f13632a747af5dc617f306e Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Eivind=20N=C3=A6ss?= <eivnaes@yahoo.com>
|
|
||||||
Date: Sat, 24 Apr 2021 03:00:34 -0700
|
|
||||||
Subject: [PATCH] pppd: Expose the MPPE keys generated through an API (#267)
|
|
||||||
|
|
||||||
The lengthy part of this fix is to refactor the handling of MPPE keys
|
|
||||||
by moving it into mppe.c and thus reducing the clutter in chap_ms.c.
|
|
||||||
It does so by renaming the mppe_set_keys/2 to the corresponding
|
|
||||||
mppe_set_chapv1/mppe_set_chapv2 versions and updates callers of these
|
|
||||||
functions.
|
|
||||||
|
|
||||||
Having done so, it conveniently allows the name "mppe_set_keys" to be
|
|
||||||
re-used for this new purpose which will copy the key material up to
|
|
||||||
its size and then clear the input parameters (avoids leaving the MPPE
|
|
||||||
keys on the stack).
|
|
||||||
|
|
||||||
Additional functiions added to the MPPE code allow plugins et al. to
|
|
||||||
access the MPPE keys, clear the keys, and check if they are set. All
|
|
||||||
plugin and CCP code has been updated to use this API.
|
|
||||||
|
|
||||||
This fixes GitHub Issue #258
|
|
||||||
|
|
||||||
Signed-off-by: Eivind Naess <eivnaes@yahoo.com>
|
|
||||||
---
|
|
||||||
pppd/Makefile.linux | 2 +
|
|
||||||
pppd/Makefile.sol2 | 2 +-
|
|
||||||
pppd/ccp.c | 15 +--
|
|
||||||
pppd/chap_ms.c | 167 +----------------------
|
|
||||||
pppd/chap_ms.h | 22 +---
|
|
||||||
pppd/eap-tls.c | 21 +--
|
|
||||||
pppd/eap-tls.h | 5 -
|
|
||||||
pppd/mppe.c | 248 +++++++++++++++++++++++++++++++++++
|
|
||||||
pppd/mppe.h | 70 +++++++++-
|
|
||||||
pppd/plugins/radius/radius.c | 14 +-
|
|
||||||
pppd/plugins/winbind.c | 8 +-
|
|
||||||
11 files changed, 348 insertions(+), 226 deletions(-)
|
|
||||||
create mode 100644 pppd/mppe.c
|
|
||||||
|
|
||||||
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
|
|
||||||
index f92f7c0..852945e 100644
|
|
||||||
--- a/pppd/Makefile.linux
|
|
||||||
+++ b/pppd/Makefile.linux
|
|
||||||
@@ -109,6 +109,8 @@ CFLAGS += -DMSLANMAN=1
|
|
||||||
endif
|
|
||||||
ifdef MPPE
|
|
||||||
CFLAGS += -DMPPE=1
|
|
||||||
+PPPDOBJS += mppe.o
|
|
||||||
+PPPDSRC += mppe.c
|
|
||||||
HEADERS += mppe.h
|
|
||||||
endif
|
|
||||||
endif
|
|
||||||
diff --git a/pppd/Makefile.sol2 b/pppd/Makefile.sol2
|
|
||||||
index 809cb4b..3a8681c 100644
|
|
||||||
--- a/pppd/Makefile.sol2
|
|
||||||
+++ b/pppd/Makefile.sol2
|
|
||||||
@@ -37,7 +37,7 @@ OBJS += ipv6cp.o eui64.o
|
|
||||||
|
|
||||||
# Uncomment to enable MS-CHAP
|
|
||||||
CFLAGS += -DUSE_CRYPT -DCHAPMS -DMSLANMAN -DHAVE_CRYPT_H
|
|
||||||
-OBJS += chap_ms.o pppcrypt.o md4.o sha1.o
|
|
||||||
+OBJS += chap_ms.o pppcrypt.o md4.o sha1.o mppe.o
|
|
||||||
|
|
||||||
# Uncomment to enable MPPE (in both CHAP and EAP-TLS)
|
|
||||||
CFLAGS += -DMPPE
|
|
||||||
diff --git a/pppd/ccp.c b/pppd/ccp.c
|
|
||||||
index 052c4c6..387b571 100644
|
|
||||||
--- a/pppd/ccp.c
|
|
||||||
+++ b/pppd/ccp.c
|
|
||||||
@@ -38,10 +38,9 @@
|
|
||||||
#include "ccp.h"
|
|
||||||
#include <net/ppp-comp.h>
|
|
||||||
|
|
||||||
-#ifdef MPPE
|
|
||||||
-#include "chap_ms.h" /* mppe_xxxx_key, mppe_keys_set */
|
|
||||||
+#include "chap_ms.h"
|
|
||||||
+#include "mppe.h"
|
|
||||||
#include "lcp.h" /* lcp_close(), lcp_fsm */
|
|
||||||
-#endif
|
|
||||||
|
|
||||||
|
|
||||||
/*
|
|
||||||
@@ -574,7 +573,7 @@ ccp_resetci(fsm *f)
|
|
||||||
}
|
|
||||||
|
|
||||||
/* A plugin (eg radius) may not have obtained key material. */
|
|
||||||
- if (!mppe_keys_set) {
|
|
||||||
+ if (!mppe_keys_isset()) {
|
|
||||||
error("MPPE required, but keys are not available. "
|
|
||||||
"Possible plugin problem?");
|
|
||||||
lcp_close(f->unit, "MPPE required but not available");
|
|
||||||
@@ -705,7 +704,7 @@ static void
|
|
||||||
p[1] = opt_buf[1] = CILEN_MPPE;
|
|
||||||
MPPE_OPTS_TO_CI(go->mppe, &p[2]);
|
|
||||||
MPPE_OPTS_TO_CI(go->mppe, &opt_buf[2]);
|
|
||||||
- BCOPY(mppe_recv_key, &opt_buf[CILEN_MPPE], MPPE_MAX_KEY_LEN);
|
|
||||||
+ mppe_get_recv_key(&opt_buf[CILEN_MPPE], MPPE_MAX_KEY_LEN);
|
|
||||||
res = ccp_test(f->unit, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN, 0);
|
|
||||||
if (res > 0)
|
|
||||||
p += CILEN_MPPE;
|
|
||||||
@@ -1156,8 +1155,7 @@ ccp_reqci(fsm *f, u_char *p, int *lenp, int dont_nak)
|
|
||||||
int mtu;
|
|
||||||
|
|
||||||
BCOPY(p, opt_buf, CILEN_MPPE);
|
|
||||||
- BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE],
|
|
||||||
- MPPE_MAX_KEY_LEN);
|
|
||||||
+ mppe_get_send_key(&opt_buf[CILEN_MPPE], MPPE_MAX_KEY_LEN);
|
|
||||||
if (ccp_test(f->unit, opt_buf,
|
|
||||||
CILEN_MPPE + MPPE_MAX_KEY_LEN, 1) <= 0) {
|
|
||||||
/* This shouldn't happen, we've already tested it! */
|
|
||||||
@@ -1426,8 +1424,7 @@ ccp_up(fsm *f)
|
|
||||||
notice("%s transmit compression enabled", method_name(ho, NULL));
|
|
||||||
#ifdef MPPE
|
|
||||||
if (go->mppe) {
|
|
||||||
- BZERO(mppe_recv_key, MPPE_MAX_KEY_LEN);
|
|
||||||
- BZERO(mppe_send_key, MPPE_MAX_KEY_LEN);
|
|
||||||
+ mppe_clear_keys();
|
|
||||||
continue_networks(f->unit); /* Bring up IP et al */
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
diff --git a/pppd/chap_ms.c b/pppd/chap_ms.c
|
|
||||||
index df2dadd..d315ab4 100644
|
|
||||||
--- a/pppd/chap_ms.c
|
|
||||||
+++ b/pppd/chap_ms.c
|
|
||||||
@@ -93,8 +93,7 @@
|
|
||||||
#include "sha1.h"
|
|
||||||
#include "pppcrypt.h"
|
|
||||||
#include "magic.h"
|
|
||||||
-
|
|
||||||
-
|
|
||||||
+#include "mppe.h"
|
|
||||||
|
|
||||||
static void ascii2unicode (char[], int, u_char[]);
|
|
||||||
static void NTPasswordHash (u_char *, int, u_char[MD4_SIGNATURE_SIZE]);
|
|
||||||
@@ -109,21 +108,12 @@ static void GenerateAuthenticatorResponsePlain
|
|
||||||
static void ChapMS_LANMan (u_char *, char *, int, u_char *);
|
|
||||||
#endif
|
|
||||||
|
|
||||||
-#ifdef MPPE
|
|
||||||
-static void Set_Start_Key (u_char *, char *, int);
|
|
||||||
-static void SetMasterKeys (char *, int, u_char[24], int);
|
|
||||||
-#endif
|
|
||||||
-
|
|
||||||
#ifdef MSLANMAN
|
|
||||||
bool ms_lanman = 0; /* Use LanMan password instead of NT */
|
|
||||||
/* Has meaning only with MS-CHAP challenges */
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifdef MPPE
|
|
||||||
-u_char mppe_send_key[MPPE_MAX_KEY_LEN];
|
|
||||||
-u_char mppe_recv_key[MPPE_MAX_KEY_LEN];
|
|
||||||
-int mppe_keys_set = 0; /* Have the MPPE keys been set? */
|
|
||||||
-
|
|
||||||
#ifdef DEBUGMPPEKEY
|
|
||||||
/* For MPPE debug */
|
|
||||||
/* Use "[]|}{?/><,`!2&&(" (sans quotes) for RFC 3079 MS-CHAPv2 test value */
|
|
||||||
@@ -719,28 +709,6 @@ GenerateAuthenticatorResponsePlain
|
|
||||||
|
|
||||||
|
|
||||||
#ifdef MPPE
|
|
||||||
-/*
|
|
||||||
- * Set mppe_xxxx_key from the NTPasswordHashHash.
|
|
||||||
- * RFC 2548 (RADIUS support) requires us to export this function (ugh).
|
|
||||||
- */
|
|
||||||
-void
|
|
||||||
-mppe_set_keys(u_char *rchallenge, u_char PasswordHashHash[MD4_SIGNATURE_SIZE])
|
|
||||||
-{
|
|
||||||
- SHA1_CTX sha1Context;
|
|
||||||
- u_char Digest[SHA1_SIGNATURE_SIZE]; /* >= MPPE_MAX_KEY_LEN */
|
|
||||||
-
|
|
||||||
- SHA1_Init(&sha1Context);
|
|
||||||
- SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
|
|
||||||
- SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
|
|
||||||
- SHA1_Update(&sha1Context, rchallenge, 8);
|
|
||||||
- SHA1_Final(Digest, &sha1Context);
|
|
||||||
-
|
|
||||||
- /* Same key in both directions. */
|
|
||||||
- BCOPY(Digest, mppe_send_key, sizeof(mppe_send_key));
|
|
||||||
- BCOPY(Digest, mppe_recv_key, sizeof(mppe_recv_key));
|
|
||||||
-
|
|
||||||
- mppe_keys_set = 1;
|
|
||||||
-}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Set mppe_xxxx_key from MS-CHAP credentials. (see RFC 3079)
|
|
||||||
@@ -757,104 +725,7 @@ Set_Start_Key(u_char *rchallenge, char *secret, int secret_len)
|
|
||||||
NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash);
|
|
||||||
NTPasswordHash(PasswordHash, sizeof(PasswordHash), PasswordHashHash);
|
|
||||||
|
|
||||||
- mppe_set_keys(rchallenge, PasswordHashHash);
|
|
||||||
-}
|
|
||||||
-
|
|
||||||
-/*
|
|
||||||
- * Set mppe_xxxx_key from MS-CHAPv2 credentials. (see RFC 3079)
|
|
||||||
- *
|
|
||||||
- * This helper function used in the Winbind module, which gets the
|
|
||||||
- * NTHashHash from the server.
|
|
||||||
- */
|
|
||||||
-void
|
|
||||||
-mppe_set_keys2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
|
|
||||||
- u_char NTResponse[24], int IsServer)
|
|
||||||
-{
|
|
||||||
- SHA1_CTX sha1Context;
|
|
||||||
- u_char MasterKey[SHA1_SIGNATURE_SIZE]; /* >= MPPE_MAX_KEY_LEN */
|
|
||||||
- u_char Digest[SHA1_SIGNATURE_SIZE]; /* >= MPPE_MAX_KEY_LEN */
|
|
||||||
-
|
|
||||||
- u_char SHApad1[40] =
|
|
||||||
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
||||||
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
||||||
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
||||||
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
|
|
||||||
- u_char SHApad2[40] =
|
|
||||||
- { 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
|
|
||||||
- 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
|
|
||||||
- 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
|
|
||||||
- 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2 };
|
|
||||||
-
|
|
||||||
- /* "This is the MPPE Master Key" */
|
|
||||||
- u_char Magic1[27] =
|
|
||||||
- { 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74,
|
|
||||||
- 0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d,
|
|
||||||
- 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79 };
|
|
||||||
- /* "On the client side, this is the send key; "
|
|
||||||
- "on the server side, it is the receive key." */
|
|
||||||
- u_char Magic2[84] =
|
|
||||||
- { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
|
|
||||||
- 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
|
|
||||||
- 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
|
|
||||||
- 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79,
|
|
||||||
- 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73,
|
|
||||||
- 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 0x69, 0x64, 0x65,
|
|
||||||
- 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
|
|
||||||
- 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
|
|
||||||
- 0x6b, 0x65, 0x79, 0x2e };
|
|
||||||
- /* "On the client side, this is the receive key; "
|
|
||||||
- "on the server side, it is the send key." */
|
|
||||||
- u_char Magic3[84] =
|
|
||||||
- { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
|
|
||||||
- 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
|
|
||||||
- 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
|
|
||||||
- 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
|
|
||||||
- 0x6b, 0x65, 0x79, 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68,
|
|
||||||
- 0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73,
|
|
||||||
- 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73,
|
|
||||||
- 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20,
|
|
||||||
- 0x6b, 0x65, 0x79, 0x2e };
|
|
||||||
- u_char *s;
|
|
||||||
-
|
|
||||||
- SHA1_Init(&sha1Context);
|
|
||||||
- SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
|
|
||||||
- SHA1_Update(&sha1Context, NTResponse, 24);
|
|
||||||
- SHA1_Update(&sha1Context, Magic1, sizeof(Magic1));
|
|
||||||
- SHA1_Final(MasterKey, &sha1Context);
|
|
||||||
-
|
|
||||||
- /*
|
|
||||||
- * generate send key
|
|
||||||
- */
|
|
||||||
- if (IsServer)
|
|
||||||
- s = Magic3;
|
|
||||||
- else
|
|
||||||
- s = Magic2;
|
|
||||||
- SHA1_Init(&sha1Context);
|
|
||||||
- SHA1_Update(&sha1Context, MasterKey, 16);
|
|
||||||
- SHA1_Update(&sha1Context, SHApad1, sizeof(SHApad1));
|
|
||||||
- SHA1_Update(&sha1Context, s, 84);
|
|
||||||
- SHA1_Update(&sha1Context, SHApad2, sizeof(SHApad2));
|
|
||||||
- SHA1_Final(Digest, &sha1Context);
|
|
||||||
-
|
|
||||||
- BCOPY(Digest, mppe_send_key, sizeof(mppe_send_key));
|
|
||||||
-
|
|
||||||
- /*
|
|
||||||
- * generate recv key
|
|
||||||
- */
|
|
||||||
- if (IsServer)
|
|
||||||
- s = Magic2;
|
|
||||||
- else
|
|
||||||
- s = Magic3;
|
|
||||||
- SHA1_Init(&sha1Context);
|
|
||||||
- SHA1_Update(&sha1Context, MasterKey, 16);
|
|
||||||
- SHA1_Update(&sha1Context, SHApad1, sizeof(SHApad1));
|
|
||||||
- SHA1_Update(&sha1Context, s, 84);
|
|
||||||
- SHA1_Update(&sha1Context, SHApad2, sizeof(SHApad2));
|
|
||||||
- SHA1_Final(Digest, &sha1Context);
|
|
||||||
-
|
|
||||||
- BCOPY(Digest, mppe_recv_key, sizeof(mppe_recv_key));
|
|
||||||
-
|
|
||||||
- mppe_keys_set = 1;
|
|
||||||
+ mppe_set_chapv1(rchallenge, PasswordHashHash);
|
|
||||||
}
|
|
||||||
|
|
||||||
/*
|
|
||||||
@@ -870,7 +741,7 @@ SetMasterKeys(char *secret, int secret_len, u_char NTResponse[24], int IsServer)
|
|
||||||
ascii2unicode(secret, secret_len, unicodePassword);
|
|
||||||
NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash);
|
|
||||||
NTPasswordHash(PasswordHash, sizeof(PasswordHash), PasswordHashHash);
|
|
||||||
- mppe_set_keys2(PasswordHashHash, NTResponse, IsServer);
|
|
||||||
+ mppe_set_chapv2(PasswordHashHash, NTResponse, IsServer);
|
|
||||||
}
|
|
||||||
|
|
||||||
#endif /* MPPE */
|
|
||||||
@@ -945,38 +816,6 @@ ChapMS2(u_char *rchallenge, u_char *PeerChallenge,
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
|
|
||||||
-#ifdef MPPE
|
|
||||||
-/*
|
|
||||||
- * Set MPPE options from plugins.
|
|
||||||
- */
|
|
||||||
-void
|
|
||||||
-set_mppe_enc_types(int policy, int types)
|
|
||||||
-{
|
|
||||||
- /* Early exit for unknown policies. */
|
|
||||||
- if (policy != MPPE_ENC_POL_ENC_ALLOWED &&
|
|
||||||
- policy != MPPE_ENC_POL_ENC_REQUIRED)
|
|
||||||
- return;
|
|
||||||
-
|
|
||||||
- /* Don't modify MPPE if it's optional and wasn't already configured. */
|
|
||||||
- if (policy == MPPE_ENC_POL_ENC_ALLOWED && !ccp_wantoptions[0].mppe)
|
|
||||||
- return;
|
|
||||||
-
|
|
||||||
- /*
|
|
||||||
- * Disable undesirable encryption types. Note that we don't ENABLE
|
|
||||||
- * any encryption types, to avoid overriding manual configuration.
|
|
||||||
- */
|
|
||||||
- switch(types) {
|
|
||||||
- case MPPE_ENC_TYPES_RC4_40:
|
|
||||||
- ccp_wantoptions[0].mppe &= ~MPPE_OPT_128; /* disable 128-bit */
|
|
||||||
- break;
|
|
||||||
- case MPPE_ENC_TYPES_RC4_128:
|
|
||||||
- ccp_wantoptions[0].mppe &= ~MPPE_OPT_40; /* disable 40-bit */
|
|
||||||
- break;
|
|
||||||
- default:
|
|
||||||
- break;
|
|
||||||
- }
|
|
||||||
-}
|
|
||||||
-#endif /* MPPE */
|
|
||||||
|
|
||||||
static struct chap_digest_type chapms_digest = {
|
|
||||||
CHAP_MICROSOFT, /* code */
|
|
||||||
diff --git a/pppd/chap_ms.h b/pppd/chap_ms.h
|
|
||||||
index 005eb63..4e6a621 100644
|
|
||||||
--- a/pppd/chap_ms.h
|
|
||||||
+++ b/pppd/chap_ms.h
|
|
||||||
@@ -38,6 +38,7 @@
|
|
||||||
#define MS_CHAP_RESPONSE_LEN 49 /* Response length for MS-CHAP */
|
|
||||||
#define MS_CHAP2_RESPONSE_LEN 49 /* Response length for MS-CHAPv2 */
|
|
||||||
#define MS_AUTH_RESPONSE_LENGTH 40 /* MS-CHAPv2 authenticator response, */
|
|
||||||
+#define MS_AUTH_NTRESP_LEN 24 /* Length of NT-response field */
|
|
||||||
/* as ASCII */
|
|
||||||
|
|
||||||
/* E=eeeeeeeeee error codes for MS-CHAP failure messages. */
|
|
||||||
@@ -67,22 +68,6 @@
|
|
||||||
#define MS_CHAP2_NTRESP_LEN 24
|
|
||||||
#define MS_CHAP2_FLAGS 48
|
|
||||||
|
|
||||||
-#ifdef MPPE
|
|
||||||
-#include "mppe.h" /* MPPE_MAX_KEY_LEN */
|
|
||||||
-extern u_char mppe_send_key[MPPE_MAX_KEY_LEN];
|
|
||||||
-extern u_char mppe_recv_key[MPPE_MAX_KEY_LEN];
|
|
||||||
-extern int mppe_keys_set;
|
|
||||||
-
|
|
||||||
-/* These values are the RADIUS attribute values--see RFC 2548. */
|
|
||||||
-#define MPPE_ENC_POL_ENC_ALLOWED 1
|
|
||||||
-#define MPPE_ENC_POL_ENC_REQUIRED 2
|
|
||||||
-#define MPPE_ENC_TYPES_RC4_40 2
|
|
||||||
-#define MPPE_ENC_TYPES_RC4_128 4
|
|
||||||
-
|
|
||||||
-/* used by plugins (using above values) */
|
|
||||||
-extern void set_mppe_enc_types(int, int);
|
|
||||||
-#endif
|
|
||||||
-
|
|
||||||
/* Are we the authenticator or authenticatee? For MS-CHAPv2 key derivation. */
|
|
||||||
#define MS_CHAP2_AUTHENTICATEE 0
|
|
||||||
#define MS_CHAP2_AUTHENTICATOR 1
|
|
||||||
@@ -90,11 +75,6 @@ extern void set_mppe_enc_types(int, int);
|
|
||||||
void ChapMS (u_char *, char *, int, u_char *);
|
|
||||||
void ChapMS2 (u_char *, u_char *, char *, char *, int,
|
|
||||||
u_char *, u_char[MS_AUTH_RESPONSE_LENGTH+1], int);
|
|
||||||
-#ifdef MPPE
|
|
||||||
-void mppe_set_keys (u_char *, u_char[MD4_SIGNATURE_SIZE]);
|
|
||||||
-void mppe_set_keys2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
|
|
||||||
- u_char NTResponse[24], int IsServer);
|
|
||||||
-#endif
|
|
||||||
|
|
||||||
void ChallengeHash (u_char[16], u_char *, char *, u_char[8]);
|
|
||||||
|
|
||||||
diff --git a/pppd/eap-tls.c b/pppd/eap-tls.c
|
|
||||||
index 5c202c7..bfcf199 100644
|
|
||||||
--- a/pppd/eap-tls.c
|
|
||||||
+++ b/pppd/eap-tls.c
|
|
||||||
@@ -48,6 +48,8 @@
|
|
||||||
#include "eap-tls.h"
|
|
||||||
#include "fsm.h"
|
|
||||||
#include "lcp.h"
|
|
||||||
+#include "chap_ms.h"
|
|
||||||
+#include "mppe.h"
|
|
||||||
#include "pathnames.h"
|
|
||||||
|
|
||||||
typedef struct pw_cb_data
|
|
||||||
@@ -74,10 +76,6 @@ int ssl_new_session_cb(SSL *s, SSL_SESSION *sess);
|
|
||||||
X509 *get_X509_from_file(char *filename);
|
|
||||||
int ssl_cmp_certs(char *filename, X509 * a);
|
|
||||||
|
|
||||||
-#ifdef MPPE
|
|
||||||
-
|
|
||||||
-#define EAPTLS_MPPE_KEY_LEN 32
|
|
||||||
-
|
|
||||||
/*
|
|
||||||
* OpenSSL 1.1+ introduced a generic TLS_method()
|
|
||||||
* For older releases we substitute the appropriate method
|
|
||||||
@@ -119,6 +117,8 @@ static inline int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, long tls_ver_max)
|
|
||||||
|
|
||||||
#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
|
|
||||||
|
|
||||||
+#ifdef MPPE
|
|
||||||
+#define EAPTLS_MPPE_KEY_LEN 32
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Generate keys according to RFC 2716 and add to reply
|
|
||||||
@@ -161,24 +161,17 @@ void eaptls_gen_mppe_keys(struct eaptls_session *ets, int client)
|
|
||||||
*/
|
|
||||||
if (client)
|
|
||||||
{
|
|
||||||
- p = out;
|
|
||||||
- BCOPY( p, mppe_send_key, sizeof(mppe_send_key) );
|
|
||||||
- p += EAPTLS_MPPE_KEY_LEN;
|
|
||||||
- BCOPY( p, mppe_recv_key, sizeof(mppe_recv_key) );
|
|
||||||
+ mppe_set_keys(out, out + EAPTLS_MPPE_KEY_LEN, EAPTLS_MPPE_KEY_LEN);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
- p = out;
|
|
||||||
- BCOPY( p, mppe_recv_key, sizeof(mppe_recv_key) );
|
|
||||||
- p += EAPTLS_MPPE_KEY_LEN;
|
|
||||||
- BCOPY( p, mppe_send_key, sizeof(mppe_send_key) );
|
|
||||||
+ mppe_set_keys(out + EAPTLS_MPPE_KEY_LEN, out, EAPTLS_MPPE_KEY_LEN);
|
|
||||||
}
|
|
||||||
-
|
|
||||||
- mppe_keys_set = 1;
|
|
||||||
}
|
|
||||||
|
|
||||||
#endif /* MPPE */
|
|
||||||
|
|
||||||
+
|
|
||||||
void log_ssl_errors( void )
|
|
||||||
{
|
|
||||||
unsigned long ssl_err = ERR_get_error();
|
|
||||||
diff --git a/pppd/eap-tls.h b/pppd/eap-tls.h
|
|
||||||
index c74a831..b935ec5 100644
|
|
||||||
--- a/pppd/eap-tls.h
|
|
||||||
+++ b/pppd/eap-tls.h
|
|
||||||
@@ -86,11 +86,6 @@ int get_eaptls_secret(int unit, char *client, char *server,
|
|
||||||
char *capath, char *pkfile, int am_server);
|
|
||||||
|
|
||||||
#ifdef MPPE
|
|
||||||
-#include "mppe.h" /* MPPE_MAX_KEY_LEN */
|
|
||||||
-extern u_char mppe_send_key[MPPE_MAX_KEY_LEN];
|
|
||||||
-extern u_char mppe_recv_key[MPPE_MAX_KEY_LEN];
|
|
||||||
-extern int mppe_keys_set;
|
|
||||||
-
|
|
||||||
void eaptls_gen_mppe_keys(struct eaptls_session *ets, int client);
|
|
||||||
#endif
|
|
||||||
|
|
||||||
diff --git a/pppd/mppe.c b/pppd/mppe.c
|
|
||||||
new file mode 100644
|
|
||||||
index 0000000..4f3d131
|
|
||||||
--- /dev/null
|
|
||||||
+++ b/pppd/mppe.c
|
|
||||||
@@ -0,0 +1,248 @@
|
|
||||||
+/* * mppe.c - MPPE key implementation
|
|
||||||
+ *
|
|
||||||
+ * Copyright (c) 2020 Eivind Naess. All rights reserved.
|
|
||||||
+ * Copyright (c) 2008 Paul Mackerras. All rights reserved.
|
|
||||||
+ *
|
|
||||||
+ * Redistribution and use in source and binary forms, with or without
|
|
||||||
+ * modification, are permitted provided that the following conditions
|
|
||||||
+ * are met:
|
|
||||||
+ *
|
|
||||||
+ * 1. Redistributions of source code must retain the above copyright
|
|
||||||
+ * notice, this list of conditions and the following disclaimer.
|
|
||||||
+ *
|
|
||||||
+ * 2. Redistributions in binary form must reproduce the above copyright
|
|
||||||
+ * notice, this list of conditions and the following disclaimer in
|
|
||||||
+ * the documentation and/or other materials provided with the
|
|
||||||
+ * distribution.
|
|
||||||
+ *
|
|
||||||
+ * 3. The name(s) of the authors of this software must not be used to
|
|
||||||
+ * endorse or promote products derived from this software without
|
|
||||||
+ * prior written permission.
|
|
||||||
+ *
|
|
||||||
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
|
|
||||||
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
|
|
||||||
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
|
|
||||||
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
|
||||||
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
|
|
||||||
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
|
|
||||||
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|
||||||
+ *
|
|
||||||
+ */
|
|
||||||
+
|
|
||||||
+#include <string.h>
|
|
||||||
+
|
|
||||||
+#include "pppd.h"
|
|
||||||
+#include "fsm.h"
|
|
||||||
+#include "md4.h"
|
|
||||||
+#include "sha1.h"
|
|
||||||
+#include "ccp.h"
|
|
||||||
+#include "chap_ms.h"
|
|
||||||
+#include "mppe.h"
|
|
||||||
+
|
|
||||||
+u_char mppe_send_key[MPPE_MAX_KEY_SIZE];
|
|
||||||
+u_char mppe_recv_key[MPPE_MAX_KEY_SIZE];
|
|
||||||
+int mppe_keys_set = 0;
|
|
||||||
+
|
|
||||||
+void
|
|
||||||
+mppe_set_keys(u_char *send_key, u_char *recv_key, int keylen)
|
|
||||||
+{
|
|
||||||
+ int length = keylen;
|
|
||||||
+ if (length > MPPE_MAX_KEY_SIZE)
|
|
||||||
+ length = MPPE_MAX_KEY_SIZE;
|
|
||||||
+
|
|
||||||
+ if (send_key) {
|
|
||||||
+ BCOPY(send_key, mppe_send_key, length);
|
|
||||||
+ BZERO(send_key, keylen);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (recv_key) {
|
|
||||||
+ BCOPY(recv_key, mppe_recv_key, length);
|
|
||||||
+ BZERO(recv_key, keylen);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ mppe_keys_set = length;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+bool
|
|
||||||
+mppe_keys_isset()
|
|
||||||
+{
|
|
||||||
+ return !!mppe_keys_set;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+int
|
|
||||||
+mppe_get_recv_key(u_char *recv_key, int length)
|
|
||||||
+{
|
|
||||||
+ if (mppe_keys_isset()) {
|
|
||||||
+ if (length > mppe_keys_set)
|
|
||||||
+ length = mppe_keys_set;
|
|
||||||
+ BCOPY(mppe_recv_key, recv_key, length);
|
|
||||||
+ return length;
|
|
||||||
+ }
|
|
||||||
+ return 0;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+int
|
|
||||||
+mppe_get_send_key(u_char *send_key, int length)
|
|
||||||
+{
|
|
||||||
+ if (mppe_keys_isset()) {
|
|
||||||
+ if (length > mppe_keys_set)
|
|
||||||
+ length = mppe_keys_set;
|
|
||||||
+ BCOPY(mppe_send_key, send_key, length);
|
|
||||||
+ return length;
|
|
||||||
+ }
|
|
||||||
+ return 0;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+void
|
|
||||||
+mppe_clear_keys(void)
|
|
||||||
+{
|
|
||||||
+ mppe_keys_set = 0;
|
|
||||||
+ BZERO(mppe_send_key, sizeof(mppe_send_key));
|
|
||||||
+ BZERO(mppe_recv_key, sizeof(mppe_recv_key));
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
+ * Set mppe_xxxx_key from the NTPasswordHashHash.
|
|
||||||
+ * RFC 2548 (RADIUS support) requires us to export this function (ugh).
|
|
||||||
+ */
|
|
||||||
+void
|
|
||||||
+mppe_set_chapv1(u_char *rchallenge, u_char PasswordHashHash[MD4_SIGNATURE_SIZE])
|
|
||||||
+{
|
|
||||||
+ SHA1_CTX sha1Context;
|
|
||||||
+ u_char Digest[SHA1_SIGNATURE_SIZE];
|
|
||||||
+
|
|
||||||
+ SHA1_Init(&sha1Context);
|
|
||||||
+ SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
|
|
||||||
+ SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
|
|
||||||
+ SHA1_Update(&sha1Context, rchallenge, 8);
|
|
||||||
+ SHA1_Final(Digest, &sha1Context);
|
|
||||||
+
|
|
||||||
+ /* Same key in both directions. */
|
|
||||||
+ mppe_set_keys(Digest, Digest, sizeof(Digest));
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
+ * Set mppe_xxxx_key from MS-CHAPv2 credentials. (see RFC 3079)
|
|
||||||
+ *
|
|
||||||
+ * This helper function used in the Winbind module, which gets the
|
|
||||||
+ * NTHashHash from the server.
|
|
||||||
+ */
|
|
||||||
+void
|
|
||||||
+mppe_set_chapv2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
|
|
||||||
+ u_char NTResponse[MS_AUTH_NTRESP_LEN], int IsServer)
|
|
||||||
+{
|
|
||||||
+ SHA1_CTX sha1Context;
|
|
||||||
+ u_char MasterKey[SHA1_SIGNATURE_SIZE];
|
|
||||||
+ u_char SendKey[SHA1_SIGNATURE_SIZE];
|
|
||||||
+ u_char RecvKey[SHA1_SIGNATURE_SIZE];
|
|
||||||
+
|
|
||||||
+ u_char SHApad1[40] =
|
|
||||||
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
||||||
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
||||||
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
|
||||||
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
|
|
||||||
+ u_char SHApad2[40] =
|
|
||||||
+ { 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
|
|
||||||
+ 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
|
|
||||||
+ 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
|
|
||||||
+ 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2 };
|
|
||||||
+
|
|
||||||
+ /* "This is the MPPE Master Key" */
|
|
||||||
+ u_char Magic1[27] =
|
|
||||||
+ { 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74,
|
|
||||||
+ 0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d,
|
|
||||||
+ 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79 };
|
|
||||||
+ /* "On the client side, this is the send key; "
|
|
||||||
+ "on the server side, it is the receive key." */
|
|
||||||
+ u_char Magic2[84] =
|
|
||||||
+ { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
|
|
||||||
+ 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
|
|
||||||
+ 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
|
|
||||||
+ 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79,
|
|
||||||
+ 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73,
|
|
||||||
+ 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 0x69, 0x64, 0x65,
|
|
||||||
+ 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
|
|
||||||
+ 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
|
|
||||||
+ 0x6b, 0x65, 0x79, 0x2e };
|
|
||||||
+ /* "On the client side, this is the receive key; "
|
|
||||||
+ "on the server side, it is the send key." */
|
|
||||||
+ u_char Magic3[84] =
|
|
||||||
+ { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
|
|
||||||
+ 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
|
|
||||||
+ 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
|
|
||||||
+ 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
|
|
||||||
+ 0x6b, 0x65, 0x79, 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68,
|
|
||||||
+ 0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73,
|
|
||||||
+ 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73,
|
|
||||||
+ 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20,
|
|
||||||
+ 0x6b, 0x65, 0x79, 0x2e };
|
|
||||||
+ u_char *s;
|
|
||||||
+
|
|
||||||
+ SHA1_Init(&sha1Context);
|
|
||||||
+ SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
|
|
||||||
+ SHA1_Update(&sha1Context, NTResponse, 24);
|
|
||||||
+ SHA1_Update(&sha1Context, Magic1, sizeof(Magic1));
|
|
||||||
+ SHA1_Final(MasterKey, &sha1Context);
|
|
||||||
+
|
|
||||||
+ /*
|
|
||||||
+ * generate send key
|
|
||||||
+ */
|
|
||||||
+ if (IsServer)
|
|
||||||
+ s = Magic3;
|
|
||||||
+ else
|
|
||||||
+ s = Magic2;
|
|
||||||
+ SHA1_Init(&sha1Context);
|
|
||||||
+ SHA1_Update(&sha1Context, MasterKey, 16);
|
|
||||||
+ SHA1_Update(&sha1Context, SHApad1, sizeof(SHApad1));
|
|
||||||
+ SHA1_Update(&sha1Context, s, 84);
|
|
||||||
+ SHA1_Update(&sha1Context, SHApad2, sizeof(SHApad2));
|
|
||||||
+ SHA1_Final(SendKey, &sha1Context);
|
|
||||||
+
|
|
||||||
+ /*
|
|
||||||
+ * generate recv key
|
|
||||||
+ */
|
|
||||||
+ if (IsServer)
|
|
||||||
+ s = Magic2;
|
|
||||||
+ else
|
|
||||||
+ s = Magic3;
|
|
||||||
+ SHA1_Init(&sha1Context);
|
|
||||||
+ SHA1_Update(&sha1Context, MasterKey, 16);
|
|
||||||
+ SHA1_Update(&sha1Context, SHApad1, sizeof(SHApad1));
|
|
||||||
+ SHA1_Update(&sha1Context, s, 84);
|
|
||||||
+ SHA1_Update(&sha1Context, SHApad2, sizeof(SHApad2));
|
|
||||||
+ SHA1_Final(RecvKey, &sha1Context);
|
|
||||||
+
|
|
||||||
+ mppe_set_keys(SendKey, RecvKey, SHA1_SIGNATURE_SIZE);
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
+ * Set MPPE options from plugins.
|
|
||||||
+ */
|
|
||||||
+void
|
|
||||||
+mppe_set_enc_types(int policy, int types)
|
|
||||||
+{
|
|
||||||
+ /* Early exit for unknown policies. */
|
|
||||||
+ if (policy != MPPE_ENC_POL_ENC_ALLOWED &&
|
|
||||||
+ policy != MPPE_ENC_POL_ENC_REQUIRED)
|
|
||||||
+ return;
|
|
||||||
+
|
|
||||||
+ /* Don't modify MPPE if it's optional and wasn't already configured. */
|
|
||||||
+ if (policy == MPPE_ENC_POL_ENC_ALLOWED && !ccp_wantoptions[0].mppe)
|
|
||||||
+ return;
|
|
||||||
+
|
|
||||||
+ /*
|
|
||||||
+ * Disable undesirable encryption types. Note that we don't ENABLE
|
|
||||||
+ * any encryption types, to avoid overriding manual configuration.
|
|
||||||
+ */
|
|
||||||
+ switch(types) {
|
|
||||||
+ case MPPE_ENC_TYPES_RC4_40:
|
|
||||||
+ ccp_wantoptions[0].mppe &= ~MPPE_OPT_128; /* disable 128-bit */
|
|
||||||
+ break;
|
|
||||||
+ case MPPE_ENC_TYPES_RC4_128:
|
|
||||||
+ ccp_wantoptions[0].mppe &= ~MPPE_OPT_40; /* disable 40-bit */
|
|
||||||
+ break;
|
|
||||||
+ default:
|
|
||||||
+ break;
|
|
||||||
+ }
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
diff --git a/pppd/mppe.h b/pppd/mppe.h
|
|
||||||
index 5eb3b37..98a89d3 100644
|
|
||||||
--- a/pppd/mppe.h
|
|
||||||
+++ b/pppd/mppe.h
|
|
||||||
@@ -32,9 +32,12 @@
|
|
||||||
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
|
|
||||||
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
|
||||||
*/
|
|
||||||
+#ifndef __MPPE_H__
|
|
||||||
+#define __MPPE_H__
|
|
||||||
|
|
||||||
#define MPPE_PAD 4 /* MPPE growth per frame */
|
|
||||||
-#define MPPE_MAX_KEY_LEN 16 /* largest key length (128-bit) */
|
|
||||||
+#define MPPE_MAX_KEY_SIZE 32 /* Largest key length */
|
|
||||||
+#define MPPE_MAX_KEY_LEN 16 /* Largest key size accepted by the kernel */
|
|
||||||
|
|
||||||
/* option bits for ccp_options.mppe */
|
|
||||||
#define MPPE_OPT_40 0x01 /* 40 bit */
|
|
||||||
@@ -119,3 +122,68 @@
|
|
||||||
if (ptr[3] & ~MPPE_ALL_BITS) \
|
|
||||||
opts |= MPPE_OPT_UNKNOWN; \
|
|
||||||
} while (/* CONSTCOND */ 0)
|
|
||||||
+
|
|
||||||
+
|
|
||||||
+#if MPPE
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
+ * NOTE:
|
|
||||||
+ * Access to these variables directly is discuraged. Please
|
|
||||||
+ * change your code to use below accessor functions.
|
|
||||||
+ */
|
|
||||||
+
|
|
||||||
+/* The key material generated which is used for MPPE send key */
|
|
||||||
+extern u_char mppe_send_key[MPPE_MAX_KEY_SIZE];
|
|
||||||
+/* The key material generated which is used for MPPE recv key */
|
|
||||||
+extern u_char mppe_recv_key[MPPE_MAX_KEY_SIZE];
|
|
||||||
+/* Keys are set if value is non-zero */
|
|
||||||
+extern int mppe_keys_set;
|
|
||||||
+
|
|
||||||
+/* These values are the RADIUS attribute values--see RFC 2548. */
|
|
||||||
+#define MPPE_ENC_POL_ENC_ALLOWED 1
|
|
||||||
+#define MPPE_ENC_POL_ENC_REQUIRED 2
|
|
||||||
+#define MPPE_ENC_TYPES_RC4_40 2
|
|
||||||
+#define MPPE_ENC_TYPES_RC4_128 4
|
|
||||||
+
|
|
||||||
+/* used by plugins (using above values) */
|
|
||||||
+void mppe_set_enc_types (int policy, int types);
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
+ * Set the MPPE send and recv keys. NULL values for keys are ignored
|
|
||||||
+ * and input values are cleared to avoid leaving them on the stack
|
|
||||||
+ */
|
|
||||||
+void mppe_set_keys(u_char *send_key, u_char *recv_key, int keylen);
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
+ * Get the MPPE recv key
|
|
||||||
+ */
|
|
||||||
+int mppe_get_recv_key(u_char *recv_key, int length);
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
+ * Get the MPPE send key
|
|
||||||
+ */
|
|
||||||
+int mppe_get_send_key(u_char *send_key, int length);
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
+ * Clear the MPPE keys
|
|
||||||
+ */
|
|
||||||
+void mppe_clear_keys(void);
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
+ * Check if the MPPE keys are set
|
|
||||||
+ */
|
|
||||||
+bool mppe_keys_isset(void);
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
+ * Set mppe_xxxx_key from NT Password Hash Hash (MSCHAPv1), see RFC3079
|
|
||||||
+ */
|
|
||||||
+void mppe_set_chapv1(u_char *rchallenge, u_char PasswordHashHash[MD4_SIGNATURE_SIZE]);
|
|
||||||
+
|
|
||||||
+/*
|
|
||||||
+ * Set the mppe_xxxx_key from MS-CHAP-v2 credentials, see RFC3079
|
|
||||||
+ */
|
|
||||||
+void mppe_set_chapv2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
|
|
||||||
+ u_char NTResponse[MS_AUTH_NTRESP_LEN], int IsServer);
|
|
||||||
+
|
|
||||||
+#endif // #ifdef MPPE
|
|
||||||
+#endif // #ifdef __MPPE_H__
|
|
||||||
diff --git a/pppd/plugins/radius/radius.c b/pppd/plugins/radius/radius.c
|
|
||||||
index c579831..cf4c0f2 100644
|
|
||||||
--- a/pppd/plugins/radius/radius.c
|
|
||||||
+++ b/pppd/plugins/radius/radius.c
|
|
||||||
@@ -31,6 +31,7 @@ static char const RCSID[] =
|
|
||||||
#ifdef CHAPMS
|
|
||||||
#include "chap_ms.h"
|
|
||||||
#ifdef MPPE
|
|
||||||
+#include "mppe.h"
|
|
||||||
#include "md5.h"
|
|
||||||
#endif
|
|
||||||
#endif
|
|
||||||
@@ -743,11 +744,12 @@ radius_setparams(VALUE_PAIR *vp, char *msg, REQUEST_INFO *req_info,
|
|
||||||
* Note that if the policy value was '0' we don't set the key!
|
|
||||||
*/
|
|
||||||
if (mppe_enc_policy && mppe_enc_keys) {
|
|
||||||
- mppe_keys_set = 1;
|
|
||||||
/* Set/modify allowed encryption types. */
|
|
||||||
if (mppe_enc_types)
|
|
||||||
- set_mppe_enc_types(mppe_enc_policy, mppe_enc_types);
|
|
||||||
+ mppe_set_enc_types(mppe_enc_policy, mppe_enc_types);
|
|
||||||
+ return 0;
|
|
||||||
}
|
|
||||||
+ mppe_clear_keys();
|
|
||||||
#endif
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
@@ -803,7 +805,7 @@ radius_setmppekeys(VALUE_PAIR *vp, REQUEST_INFO *req_info,
|
|
||||||
* the NAS (us) doesn't need; we only need the start key. So we have
|
|
||||||
* to generate the start key, sigh. NB: We do not support the LM-Key.
|
|
||||||
*/
|
|
||||||
- mppe_set_keys(challenge, &plain[8]);
|
|
||||||
+ mppe_set_chapv1(challenge, &plain[8]);
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
@@ -855,7 +857,7 @@ radius_setmppekeys2(VALUE_PAIR *vp, REQUEST_INFO *req_info)
|
|
||||||
for (i = 0; i < 16; i++)
|
|
||||||
plain[i] ^= buf[i];
|
|
||||||
|
|
||||||
- if (plain[0] != sizeof(mppe_send_key) /* 16 */) {
|
|
||||||
+ if (plain[0] != 16) {
|
|
||||||
error("RADIUS: Incorrect key length (%d) for MS-MPPE-%s-Key attribute",
|
|
||||||
(int) plain[0], type);
|
|
||||||
return -1;
|
|
||||||
@@ -869,9 +871,9 @@ radius_setmppekeys2(VALUE_PAIR *vp, REQUEST_INFO *req_info)
|
|
||||||
plain[16] ^= buf[0]; /* only need the first byte */
|
|
||||||
|
|
||||||
if (vp->attribute == PW_MS_MPPE_SEND_KEY)
|
|
||||||
- memcpy(mppe_send_key, plain + 1, 16);
|
|
||||||
+ mppe_set_keys(plain + 1, NULL, 16);
|
|
||||||
else
|
|
||||||
- memcpy(mppe_recv_key, plain + 1, 16);
|
|
||||||
+ mppe_set_keys(NULL, plain + 1, 16);
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
diff --git a/pppd/plugins/winbind.c b/pppd/plugins/winbind.c
|
|
||||||
index 0c395c3..67c72f6 100644
|
|
||||||
--- a/pppd/plugins/winbind.c
|
|
||||||
+++ b/pppd/plugins/winbind.c
|
|
||||||
@@ -37,11 +37,9 @@
|
|
||||||
#include "pppd.h"
|
|
||||||
#include "chap-new.h"
|
|
||||||
#include "chap_ms.h"
|
|
||||||
-#ifdef MPPE
|
|
||||||
-#include "md5.h"
|
|
||||||
-#endif
|
|
||||||
#include "fsm.h"
|
|
||||||
#include "ipcp.h"
|
|
||||||
+#include "mppe.h"
|
|
||||||
#include <syslog.h>
|
|
||||||
#include <sys/types.h>
|
|
||||||
#include <sys/stat.h>
|
|
||||||
@@ -583,7 +581,7 @@ winbind_chap_verify(char *user, char *ourname, int id,
|
|
||||||
nt_response, nt_response_size,
|
|
||||||
session_key,
|
|
||||||
&error_string) == AUTHENTICATED) {
|
|
||||||
- mppe_set_keys(challenge, session_key);
|
|
||||||
+ mppe_set_chapv1(challenge, session_key);
|
|
||||||
slprintf(message, message_space, "Access granted");
|
|
||||||
return AUTHENTICATED;
|
|
||||||
|
|
||||||
@@ -628,7 +626,7 @@ winbind_chap_verify(char *user, char *ourname, int id,
|
|
||||||
&response[MS_CHAP2_NTRESP],
|
|
||||||
&response[MS_CHAP2_PEER_CHALLENGE],
|
|
||||||
challenge, user, saresponse);
|
|
||||||
- mppe_set_keys2(session_key, &response[MS_CHAP2_NTRESP],
|
|
||||||
+ mppe_set_chapv2(session_key, &response[MS_CHAP2_NTRESP],
|
|
||||||
MS_CHAP2_AUTHENTICATOR);
|
|
||||||
if (response[MS_CHAP2_FLAGS]) {
|
|
||||||
slprintf(message, message_space, "S=%s", saresponse);
|
|
||||||
--
|
|
||||||
2.34.1
|
|
||||||
|
|
@ -1,37 +0,0 @@
|
|||||||
From e609ed8bb62e4648568eaa49fbbc858dfda6d122 Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Eivind=20N=C3=A6ss?= <eivnaes@yahoo.com>
|
|
||||||
Date: Sun, 14 Mar 2021 16:20:29 -0700
|
|
||||||
Subject: [PATCH] pppd: Fix logical error in comparing valid encryption
|
|
||||||
policies (#262)
|
|
||||||
|
|
||||||
RFC2548 describes the proper values of the MS-MPPE-Encryption-Policy attribute.
|
|
||||||
and it can only hold 2 values: 1 (encryption allowed) and 2 (encryption required).
|
|
||||||
|
|
||||||
See
|
|
||||||
https://tools.ietf.org/html/rfc2548, section 2.4.4
|
|
||||||
|
|
||||||
The correct comparison should be made with an && and not a ||.
|
|
||||||
|
|
||||||
This fixes github issue #218
|
|
||||||
|
|
||||||
Signed-off-by: Eivind Naess <eivnaes@yahoo.com>
|
|
||||||
---
|
|
||||||
pppd/chap_ms.c | 2 +-
|
|
||||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
||||||
|
|
||||||
diff --git a/pppd/chap_ms.c b/pppd/chap_ms.c
|
|
||||||
index e6b84f2..df2dadd 100644
|
|
||||||
--- a/pppd/chap_ms.c
|
|
||||||
+++ b/pppd/chap_ms.c
|
|
||||||
@@ -953,7 +953,7 @@ void
|
|
||||||
set_mppe_enc_types(int policy, int types)
|
|
||||||
{
|
|
||||||
/* Early exit for unknown policies. */
|
|
||||||
- if (policy != MPPE_ENC_POL_ENC_ALLOWED ||
|
|
||||||
+ if (policy != MPPE_ENC_POL_ENC_ALLOWED &&
|
|
||||||
policy != MPPE_ENC_POL_ENC_REQUIRED)
|
|
||||||
return;
|
|
||||||
|
|
||||||
--
|
|
||||||
2.34.1
|
|
||||||
|
|
@ -1,32 +0,0 @@
|
|||||||
From d7e62a8499c4032d79e05afbd8fd3efd51c5b148 Mon Sep 17 00:00:00 2001
|
|
||||||
From: =?UTF-8?q?Eivind=20N=C3=A6ss?= <eivnaes@yahoo.com>
|
|
||||||
Date: Thu, 3 Feb 2022 14:28:22 -0800
|
|
||||||
Subject: [PATCH] pppd/eap: Fix bug causing incorrect response length (#334)
|
|
||||||
MIME-Version: 1.0
|
|
||||||
Content-Type: text/plain; charset=UTF-8
|
|
||||||
Content-Transfer-Encoding: 8bit
|
|
||||||
|
|
||||||
Need to update the esp->ea_client.ea_namelen variable. A plugin can override the
|
|
||||||
name of the user, and the variable is passed onto the eap_chap2_response generating
|
|
||||||
the wrong response length.
|
|
||||||
|
|
||||||
Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
|
|
||||||
---
|
|
||||||
pppd/eap.c | 1 +
|
|
||||||
1 file changed, 1 insertion(+)
|
|
||||||
|
|
||||||
diff --git a/pppd/eap.c b/pppd/eap.c
|
|
||||||
index 54c3d42..6cb595f 100644
|
|
||||||
--- a/pppd/eap.c
|
|
||||||
+++ b/pppd/eap.c
|
|
||||||
@@ -2182,6 +2182,7 @@ eap_request(eap_state *esp, u_char *inp, int id, int len)
|
|
||||||
eap_send_nak(esp, id, EAPT_SRP);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
+ esp->es_client.ea_namelen = strlen(esp->es_client.ea_name);
|
|
||||||
|
|
||||||
/* Create the MSCHAPv2 response (and add to cache) */
|
|
||||||
unsigned char response[MS_CHAP2_RESPONSE_LEN+1]; // VLEN + VALUE
|
|
||||||
--
|
|
||||||
2.34.1
|
|
||||||
|
|
@ -1 +1,2 @@
|
|||||||
d /run/ppp 0755 root root
|
d /run/ppp 0755 root root
|
||||||
|
d /run/lock/ppp 0755 root root
|
||||||
|
55
ppp.spec
55
ppp.spec
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
Name: ppp
|
Name: ppp
|
||||||
Version: 2.4.9
|
Version: 2.4.9
|
||||||
Release: 9.0.riscv64%{?dist}
|
Release: 1%{?dist}
|
||||||
Summary: The Point-to-Point Protocol daemon
|
Summary: The Point-to-Point Protocol daemon
|
||||||
License: BSD and LGPLv2+ and GPLv2+ and Public Domain
|
License: BSD and LGPLv2+ and GPLv2+ and Public Domain
|
||||||
URL: http://www.samba.org/ppp
|
URL: http://www.samba.org/ppp
|
||||||
@ -33,16 +33,11 @@ Patch0014: 0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
|
|||||||
Patch0015: 0015-pppd-move-pppd-database-to-var-run-ppp.patch
|
Patch0015: 0015-pppd-move-pppd-database-to-var-run-ppp.patch
|
||||||
Patch0016: 0016-rp-pppoe-add-manpage-for-pppoe-discovery.patch
|
Patch0016: 0016-rp-pppoe-add-manpage-for-pppoe-discovery.patch
|
||||||
Patch0018: 0018-scritps-fix-ip-up.local-sample.patch
|
Patch0018: 0018-scritps-fix-ip-up.local-sample.patch
|
||||||
|
Patch0020: 0020-pppd-put-lock-files-in-var-lock-ppp.patch
|
||||||
Patch0023: 0023-build-sys-install-rp-pppoe-plugin-files-with-standar.patch
|
Patch0023: 0023-build-sys-install-rp-pppoe-plugin-files-with-standar.patch
|
||||||
Patch0024: 0024-build-sys-install-pppoatm-plugin-files-with-standard.patch
|
Patch0024: 0024-build-sys-install-pppoatm-plugin-files-with-standard.patch
|
||||||
Patch0025: ppp-2.4.8-pppd-install-pppd-binary-using-standard-perms-755.patch
|
Patch0025: ppp-2.4.8-pppd-install-pppd-binary-using-standard-perms-755.patch
|
||||||
Patch0026: ppp-2.4.9-configure-cflags-allow-commas.patch
|
Patch0026: ppp-2.4.9-configure-cflags-allow-commas.patch
|
||||||
# https://github.com/ppp-project/ppp/commit/d7e62a8499c4032d79e05afbd8fd3efd51c5b148
|
|
||||||
Patch0027: ppp-2.4.9-pppd-eap-Fix-bug-causing-incorrect-response-length-3.patch
|
|
||||||
# https://github.com/ppp-project/ppp/commit/e609ed8bb62e4648568eaa49fbbc858dfda6d122
|
|
||||||
Patch0028: ppp-2.4.9-pppd-Fix-logical-error-in-comparing-valid-encryption.patch
|
|
||||||
# https://github.com/ppp-project/ppp/pull/267/commits/6bfe06b9428a60eb637d5450d65dd3932fe5a83f
|
|
||||||
Patch0029: ppp-2.4.9-pppd-Expose-the-MPPE-keys-generated-through-an-API-2.patch
|
|
||||||
|
|
||||||
BuildRequires: make
|
BuildRequires: make
|
||||||
BuildRequires: gcc
|
BuildRequires: gcc
|
||||||
@ -77,24 +72,11 @@ Requires: %{name}%{?_isa} = %{version}-%{release}
|
|||||||
This package contains the header files for building plugins for ppp.
|
This package contains the header files for building plugins for ppp.
|
||||||
|
|
||||||
%prep
|
%prep
|
||||||
%autosetup -p1 -n %{name}-%{name}-%{version}
|
%setup -qn %{name}-%{name}-%{version}
|
||||||
|
%autopatch -p1
|
||||||
|
|
||||||
tar -xJf %{SOURCE12}
|
tar -xJf %{SOURCE12}
|
||||||
|
|
||||||
# Temporary, see: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85142
|
|
||||||
# This was fixed in GCC, but now we produce /lib64/lpd64d/ path.
|
|
||||||
%ifarch riscv64
|
|
||||||
sed -i'' \
|
|
||||||
-e 's|/$(shell gcc -print-multi-os-directory 2> /dev/null)|64|g' \
|
|
||||||
-e 's|/$(shell $(CC) -print-multi-os-directory 2> /dev/null)|64|g' \
|
|
||||||
pppd/plugins/radius/Makefile.linux \
|
|
||||||
pppd/plugins/pppol2tp/Makefile.linux \
|
|
||||||
pppd/plugins/Makefile.linux \
|
|
||||||
pppd/plugins/pppoatm/Makefile.linux \
|
|
||||||
pppd/plugins/rp-pppoe/Makefile.linux \
|
|
||||||
pppd/Makefile.linux
|
|
||||||
%endif
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
%configure --cflags="$RPM_OPT_FLAGS -fPIC -Wall -fno-strict-aliasing"
|
%configure --cflags="$RPM_OPT_FLAGS -fPIC -Wall -fno-strict-aliasing"
|
||||||
%{make_build} LDFLAGS="%{?build_ldflags} -pie"
|
%{make_build} LDFLAGS="%{?build_ldflags} -pie"
|
||||||
@ -135,6 +117,7 @@ install -p %{SOURCE11} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/ifdo
|
|||||||
|
|
||||||
# ghosts
|
# ghosts
|
||||||
mkdir -p %{buildroot}%{_rundir}/ppp
|
mkdir -p %{buildroot}%{_rundir}/ppp
|
||||||
|
mkdir -p %{buildroot}%{_rundir}/lock/ppp
|
||||||
|
|
||||||
%pre
|
%pre
|
||||||
/usr/bin/getent group dip >/dev/null 2>&1 || /usr/sbin/groupadd -r -g 40 dip >/dev/null 2>&1 || :
|
/usr/bin/getent group dip >/dev/null 2>&1 || /usr/sbin/groupadd -r -g 40 dip >/dev/null 2>&1 || :
|
||||||
@ -167,6 +150,7 @@ mkdir -p %{buildroot}%{_rundir}/ppp
|
|||||||
%{_mandir}/man8/ppp-watch.8*
|
%{_mandir}/man8/ppp-watch.8*
|
||||||
%{_libdir}/pppd
|
%{_libdir}/pppd
|
||||||
%ghost %dir %{_rundir}/ppp
|
%ghost %dir %{_rundir}/ppp
|
||||||
|
%ghost %dir %{_rundir}/lock/ppp
|
||||||
%dir %{_sysconfdir}/logrotate.d
|
%dir %{_sysconfdir}/logrotate.d
|
||||||
%attr(700, root, root) %dir %{_localstatedir}/log/ppp
|
%attr(700, root, root) %dir %{_localstatedir}/log/ppp
|
||||||
%config(noreplace) %{_sysconfdir}/ppp/eaptls-client
|
%config(noreplace) %{_sysconfdir}/ppp/eaptls-client
|
||||||
@ -187,33 +171,6 @@ mkdir -p %{buildroot}%{_rundir}/ppp
|
|||||||
%doc PLUGINS
|
%doc PLUGINS
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Tue Apr 25 2023 David Abdurachmanov <davidlt@rivosinc.com> - 2.4.9-9.0.riscv64
|
|
||||||
- Add workaround for RISC-V (riscv64)
|
|
||||||
|
|
||||||
* Fri Jan 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.9-9
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
|
|
||||||
|
|
||||||
* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.9-8
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
|
|
||||||
|
|
||||||
* Tue Apr 05 2022 Marcin Zajaczkowski <mszpak ATT wp DOTT pl> - 2.4.9-7
|
|
||||||
- Backport patches from master for SSTP to connect using EAP-TLS to Azure VnetGWay and Windows RAS server
|
|
||||||
|
|
||||||
* Fri Jan 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.9-6
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
|
|
||||||
|
|
||||||
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 2.4.9-5
|
|
||||||
- Rebuilt with OpenSSL 3.0.0
|
|
||||||
|
|
||||||
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.9-4
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
|
|
||||||
|
|
||||||
* Mon Mar 8 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.9-3
|
|
||||||
- Keep lock files in /var/lock (https://github.com/ppp-project/ppp/pull/227)
|
|
||||||
|
|
||||||
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.9-2
|
|
||||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
|
||||||
|
|
||||||
* Tue Jan 5 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.9-1
|
* Tue Jan 5 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.9-1
|
||||||
- New version
|
- New version
|
||||||
Resolves: rhbz#1912617
|
Resolves: rhbz#1912617
|
||||||
|
Loading…
Reference in New Issue
Block a user