|
|
|
|
@ -1,6 +1,44 @@
|
|
|
|
|
diff -Naur ppp-2.4.7/README.eap-tls ppp-2.4.7-eaptls-mppe-0.999/README.eap-tls
|
|
|
|
|
--- ppp-2.4.7/README.eap-tls 1970-01-01 01:00:00.000000000 +0100
|
|
|
|
|
+++ ppp-2.4.7-eaptls-mppe-0.999/README.eap-tls 2017-05-09 14:38:55.129084488 +0200
|
|
|
|
|
From 7887b3d84468e1ebfbe5adc373f0816eda2b995a Mon Sep 17 00:00:00 2001
|
|
|
|
|
From: Michal Sekletar <msekleta@redhat.com>
|
|
|
|
|
Date: Fri, 20 Jun 2014 10:31:43 +0200
|
|
|
|
|
Subject: [PATCH 27/27] pppd: EAP-TLS patch v0.997
|
|
|
|
|
|
|
|
|
|
See: http://www.nikhef.nl/~janjust/ppp/download.html
|
|
|
|
|
---
|
|
|
|
|
README.eap-tls | 280 ++++++++++
|
|
|
|
|
etc.ppp/eaptls-client | 10 +
|
|
|
|
|
etc.ppp/eaptls-server | 11 +
|
|
|
|
|
etc.ppp/openssl.cnf | 14 +
|
|
|
|
|
linux/Makefile.top | 6 +-
|
|
|
|
|
pppd/Makefile.linux | 12 +
|
|
|
|
|
pppd/auth.c | 413 ++++++++++++++-
|
|
|
|
|
pppd/ccp.c | 20 +-
|
|
|
|
|
pppd/chap-md5.c | 4 +
|
|
|
|
|
pppd/eap-tls.c | 1212 +++++++++++++++++++++++++++++++++++++++++++
|
|
|
|
|
pppd/eap-tls.h | 107 ++++
|
|
|
|
|
pppd/eap.c | 449 +++++++++++++++-
|
|
|
|
|
pppd/eap.h | 32 +-
|
|
|
|
|
pppd/md5.c | 4 +
|
|
|
|
|
pppd/md5.h | 3 +
|
|
|
|
|
pppd/pathnames.h | 7 +
|
|
|
|
|
pppd/plugins/Makefile.linux | 3 +
|
|
|
|
|
pppd/plugins/passprompt.c | 3 +
|
|
|
|
|
pppd/plugins/passwordfd.c | 4 +
|
|
|
|
|
pppd/pppd.8 | 33 ++
|
|
|
|
|
pppd/pppd.h | 9 +
|
|
|
|
|
21 files changed, 2629 insertions(+), 7 deletions(-)
|
|
|
|
|
create mode 100644 README.eap-tls
|
|
|
|
|
create mode 100644 etc.ppp/eaptls-client
|
|
|
|
|
create mode 100644 etc.ppp/eaptls-server
|
|
|
|
|
create mode 100644 etc.ppp/openssl.cnf
|
|
|
|
|
create mode 100644 pppd/eap-tls.c
|
|
|
|
|
create mode 100644 pppd/eap-tls.h
|
|
|
|
|
|
|
|
|
|
diff --git a/README.eap-tls b/README.eap-tls
|
|
|
|
|
new file mode 100644
|
|
|
|
|
index 0000000..037be0a
|
|
|
|
|
--- /dev/null
|
|
|
|
|
+++ b/README.eap-tls
|
|
|
|
|
@@ -0,0 +1,280 @@
|
|
|
|
|
+EAP-TLS authentication support for PPP
|
|
|
|
|
+======================================
|
|
|
|
|
@ -282,9 +320,11 @@ diff -Naur ppp-2.4.7/README.eap-tls ppp-2.4.7-eaptls-mppe-0.999/README.eap-tls
|
|
|
|
|
+ - change SSL_OP_NO_TICKETS to SSL_OP_NO_TICKET
|
|
|
|
|
+ - fix bug in initialisation code with fragmented packets.
|
|
|
|
|
+
|
|
|
|
|
diff -Naur ppp-2.4.7/etc.ppp/eaptls-client ppp-2.4.7-eaptls-mppe-0.999/etc.ppp/eaptls-client
|
|
|
|
|
--- ppp-2.4.7/etc.ppp/eaptls-client 1970-01-01 01:00:00.000000000 +0100
|
|
|
|
|
+++ ppp-2.4.7-eaptls-mppe-0.999/etc.ppp/eaptls-client 2017-05-09 14:38:55.129084488 +0200
|
|
|
|
|
diff --git a/etc.ppp/eaptls-client b/etc.ppp/eaptls-client
|
|
|
|
|
new file mode 100644
|
|
|
|
|
index 0000000..7782f0e
|
|
|
|
|
--- /dev/null
|
|
|
|
|
+++ b/etc.ppp/eaptls-client
|
|
|
|
|
@@ -0,0 +1,10 @@
|
|
|
|
|
+# Parameters for authentication using EAP-TLS (client)
|
|
|
|
|
+
|
|
|
|
|
@ -296,9 +336,11 @@ diff -Naur ppp-2.4.7/etc.ppp/eaptls-client ppp-2.4.7-eaptls-mppe-0.999/etc.ppp/e
|
|
|
|
|
+# client private key file (required)
|
|
|
|
|
+
|
|
|
|
|
+#client server /root/cert/client.crt - /root/cert/ca.crt /root/cert/client.key
|
|
|
|
|
diff -Naur ppp-2.4.7/etc.ppp/eaptls-server ppp-2.4.7-eaptls-mppe-0.999/etc.ppp/eaptls-server
|
|
|
|
|
--- ppp-2.4.7/etc.ppp/eaptls-server 1970-01-01 01:00:00.000000000 +0100
|
|
|
|
|
+++ ppp-2.4.7-eaptls-mppe-0.999/etc.ppp/eaptls-server 2017-05-09 14:38:55.137084099 +0200
|
|
|
|
|
diff --git a/etc.ppp/eaptls-server b/etc.ppp/eaptls-server
|
|
|
|
|
new file mode 100644
|
|
|
|
|
index 0000000..fa53cbd
|
|
|
|
|
--- /dev/null
|
|
|
|
|
+++ b/etc.ppp/eaptls-server
|
|
|
|
|
@@ -0,0 +1,11 @@
|
|
|
|
|
+# Parameters for authentication using EAP-TLS (server)
|
|
|
|
|
+
|
|
|
|
|
@ -311,9 +353,11 @@ diff -Naur ppp-2.4.7/etc.ppp/eaptls-server ppp-2.4.7-eaptls-mppe-0.999/etc.ppp/e
|
|
|
|
|
+# allowed addresses (required, can be *)
|
|
|
|
|
+
|
|
|
|
|
+#client server - /root/cert/server.crt /root/cert/ca.crt /root/cert/server.key 192.168.1.0/24
|
|
|
|
|
diff -Naur ppp-2.4.7/etc.ppp/openssl.cnf ppp-2.4.7-eaptls-mppe-0.999/etc.ppp/openssl.cnf
|
|
|
|
|
--- ppp-2.4.7/etc.ppp/openssl.cnf 1970-01-01 01:00:00.000000000 +0100
|
|
|
|
|
+++ ppp-2.4.7-eaptls-mppe-0.999/etc.ppp/openssl.cnf 2017-05-09 14:38:55.137084099 +0200
|
|
|
|
|
diff --git a/etc.ppp/openssl.cnf b/etc.ppp/openssl.cnf
|
|
|
|
|
new file mode 100644
|
|
|
|
|
index 0000000..dd32f30
|
|
|
|
|
--- /dev/null
|
|
|
|
|
+++ b/etc.ppp/openssl.cnf
|
|
|
|
|
@@ -0,0 +1,14 @@
|
|
|
|
|
+openssl_conf = openssl_def
|
|
|
|
|
+
|
|
|
|
|
@ -329,10 +373,11 @@ diff -Naur ppp-2.4.7/etc.ppp/openssl.cnf ppp-2.4.7-eaptls-mppe-0.999/etc.ppp/ope
|
|
|
|
|
+MODULE_PATH = /usr/lib64/libeTPkcs11.so
|
|
|
|
|
+init = 0
|
|
|
|
|
+
|
|
|
|
|
diff -Naur ppp-2.4.7/linux/Makefile.top ppp-2.4.7-eaptls-mppe-0.999/linux/Makefile.top
|
|
|
|
|
--- ppp-2.4.7/linux/Makefile.top 2014-08-09 14:31:39.000000000 +0200
|
|
|
|
|
+++ ppp-2.4.7-eaptls-mppe-0.999/linux/Makefile.top 2017-05-09 14:38:55.138084052 +0200
|
|
|
|
|
@@ -26,7 +26,7 @@
|
|
|
|
|
diff --git a/linux/Makefile.top b/linux/Makefile.top
|
|
|
|
|
index f42efd5..9a8945a 100644
|
|
|
|
|
--- a/linux/Makefile.top
|
|
|
|
|
+++ b/linux/Makefile.top
|
|
|
|
|
@@ -28,7 +28,7 @@ install-progs:
|
|
|
|
|
cd pppdump; $(MAKE) $(MFLAGS) install
|
|
|
|
|
|
|
|
|
|
install-etcppp: $(ETCDIR) $(ETCDIR)/options $(ETCDIR)/pap-secrets \
|
|
|
|
|
@ -341,7 +386,7 @@ diff -Naur ppp-2.4.7/linux/Makefile.top ppp-2.4.7-eaptls-mppe-0.999/linux/Makefi
|
|
|
|
|
|
|
|
|
|
install-devel:
|
|
|
|
|
cd pppd; $(MAKE) $(MFLAGS) install-devel
|
|
|
|
|
@@ -37,6 +37,10 @@
|
|
|
|
|
@@ -39,6 +39,10 @@ $(ETCDIR)/pap-secrets:
|
|
|
|
|
$(INSTALL) -c -m 600 etc.ppp/pap-secrets $@
|
|
|
|
|
$(ETCDIR)/chap-secrets:
|
|
|
|
|
$(INSTALL) -c -m 600 etc.ppp/chap-secrets $@
|
|
|
|
|
@ -352,10 +397,11 @@ diff -Naur ppp-2.4.7/linux/Makefile.top ppp-2.4.7-eaptls-mppe-0.999/linux/Makefi
|
|
|
|
|
|
|
|
|
|
$(BINDIR):
|
|
|
|
|
$(INSTALL) -d -m 755 $@
|
|
|
|
|
diff -Naur ppp-2.4.7/pppd/Makefile.linux ppp-2.4.7-eaptls-mppe-0.999/pppd/Makefile.linux
|
|
|
|
|
--- ppp-2.4.7/pppd/Makefile.linux 2014-08-09 14:31:39.000000000 +0200
|
|
|
|
|
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/Makefile.linux 2017-05-09 14:38:55.138084052 +0200
|
|
|
|
|
@@ -76,6 +76,9 @@
|
|
|
|
|
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
|
|
|
|
|
index 943cf83..534ccc2 100644
|
|
|
|
|
--- a/pppd/Makefile.linux
|
|
|
|
|
+++ b/pppd/Makefile.linux
|
|
|
|
|
@@ -79,6 +79,9 @@ CBCP=y
|
|
|
|
|
# Use libutil
|
|
|
|
|
USE_LIBUTIL=y
|
|
|
|
|
|
|
|
|
|
@ -365,7 +411,7 @@ diff -Naur ppp-2.4.7/pppd/Makefile.linux ppp-2.4.7-eaptls-mppe-0.999/pppd/Makefi
|
|
|
|
|
MAXOCTETS=y
|
|
|
|
|
|
|
|
|
|
INCLUDE_DIRS= -I../include
|
|
|
|
|
@@ -115,6 +118,15 @@
|
|
|
|
|
@@ -118,6 +121,15 @@ HEADERS += sha1.h
|
|
|
|
|
PPPDOBJS += sha1.o
|
|
|
|
|
endif
|
|
|
|
|
|
|
|
|
|
@ -381,9 +427,10 @@ diff -Naur ppp-2.4.7/pppd/Makefile.linux ppp-2.4.7-eaptls-mppe-0.999/pppd/Makefi
|
|
|
|
|
ifdef HAS_SHADOW
|
|
|
|
|
CFLAGS += -DHAS_SHADOW
|
|
|
|
|
#LIBS += -lshadow $(LIBS)
|
|
|
|
|
diff -Naur ppp-2.4.7/pppd/auth.c ppp-2.4.7-eaptls-mppe-0.999/pppd/auth.c
|
|
|
|
|
--- ppp-2.4.7/pppd/auth.c 2014-08-09 14:31:39.000000000 +0200
|
|
|
|
|
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/auth.c 2017-05-09 14:38:55.139084004 +0200
|
|
|
|
|
diff --git a/pppd/auth.c b/pppd/auth.c
|
|
|
|
|
index 9e957fa..656ffe9 100644
|
|
|
|
|
--- a/pppd/auth.c
|
|
|
|
|
+++ b/pppd/auth.c
|
|
|
|
|
@@ -109,6 +109,9 @@
|
|
|
|
|
#include "upap.h"
|
|
|
|
|
#include "chap-new.h"
|
|
|
|
|
@ -394,7 +441,7 @@ diff -Naur ppp-2.4.7/pppd/auth.c ppp-2.4.7-eaptls-mppe-0.999/pppd/auth.c
|
|
|
|
|
#ifdef CBCP_SUPPORT
|
|
|
|
|
#include "cbcp.h"
|
|
|
|
|
#endif
|
|
|
|
|
@@ -183,6 +186,11 @@
|
|
|
|
|
@@ -183,6 +186,11 @@ int (*chap_check_hook) __P((void)) = NULL;
|
|
|
|
|
/* Hook for a plugin to get the CHAP password for authenticating us */
|
|
|
|
|
int (*chap_passwd_hook) __P((char *user, char *passwd)) = NULL;
|
|
|
|
|
|
|
|
|
|
@ -406,7 +453,7 @@ diff -Naur ppp-2.4.7/pppd/auth.c ppp-2.4.7-eaptls-mppe-0.999/pppd/auth.c
|
|
|
|
|
/* Hook for a plugin to say whether it is OK if the peer
|
|
|
|
|
refuses to authenticate. */
|
|
|
|
|
int (*null_auth_hook) __P((struct wordlist **paddrs,
|
|
|
|
|
@@ -238,6 +246,14 @@
|
|
|
|
|
@@ -238,6 +246,14 @@ bool explicit_remote = 0; /* User specified explicit remote name */
|
|
|
|
|
bool explicit_user = 0; /* Set if "user" option supplied */
|
|
|
|
|
bool explicit_passwd = 0; /* Set if "password" option supplied */
|
|
|
|
|
char remote_name[MAXNAMELEN]; /* Peer's name for authentication */
|
|
|
|
|
@ -421,7 +468,7 @@ diff -Naur ppp-2.4.7/pppd/auth.c ppp-2.4.7-eaptls-mppe-0.999/pppd/auth.c
|
|
|
|
|
|
|
|
|
|
static char *uafname; /* name of most recent +ua file */
|
|
|
|
|
|
|
|
|
|
@@ -254,6 +270,19 @@
|
|
|
|
|
@@ -254,6 +270,19 @@ static int have_pap_secret __P((int *));
|
|
|
|
|
static int have_chap_secret __P((char *, char *, int, int *));
|
|
|
|
|
static int have_srp_secret __P((char *client, char *server, int need_ip,
|
|
|
|
|
int *lacks_ipp));
|
|
|
|
|
@ -441,7 +488,7 @@ diff -Naur ppp-2.4.7/pppd/auth.c ppp-2.4.7-eaptls-mppe-0.999/pppd/auth.c
|
|
|
|
|
static int ip_addr_check __P((u_int32_t, struct permitted_ip *));
|
|
|
|
|
static int scan_authfile __P((FILE *, char *, char *, char *,
|
|
|
|
|
struct wordlist **, struct wordlist **,
|
|
|
|
|
@@ -401,6 +430,15 @@
|
|
|
|
|
@@ -401,6 +430,15 @@ option_t auth_options[] = {
|
|
|
|
|
"Set telephone number(s) which are allowed to connect",
|
|
|
|
|
OPT_PRIV | OPT_A2LIST },
|
|
|
|
|
|
|
|
|
|
@ -457,7 +504,7 @@ diff -Naur ppp-2.4.7/pppd/auth.c ppp-2.4.7-eaptls-mppe-0.999/pppd/auth.c
|
|
|
|
|
{ NULL }
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
@@ -730,6 +768,9 @@
|
|
|
|
|
@@ -730,6 +768,9 @@ link_established(unit)
|
|
|
|
|
lcp_options *wo = &lcp_wantoptions[unit];
|
|
|
|
|
lcp_options *go = &lcp_gotoptions[unit];
|
|
|
|
|
lcp_options *ho = &lcp_hisoptions[unit];
|
|
|
|
|
@ -467,7 +514,7 @@ diff -Naur ppp-2.4.7/pppd/auth.c ppp-2.4.7-eaptls-mppe-0.999/pppd/auth.c
|
|
|
|
|
int i;
|
|
|
|
|
struct protent *protp;
|
|
|
|
|
|
|
|
|
|
@@ -764,6 +805,22 @@
|
|
|
|
|
@@ -764,6 +805,22 @@ link_established(unit)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@ -490,7 +537,7 @@ diff -Naur ppp-2.4.7/pppd/auth.c ppp-2.4.7-eaptls-mppe-0.999/pppd/auth.c
|
|
|
|
|
new_phase(PHASE_AUTHENTICATE);
|
|
|
|
|
auth = 0;
|
|
|
|
|
if (go->neg_eap) {
|
|
|
|
|
@@ -1277,6 +1334,15 @@
|
|
|
|
|
@@ -1277,6 +1334,15 @@ auth_check_options()
|
|
|
|
|
our_name, 1, &lacks_ip);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
@ -506,7 +553,7 @@ diff -Naur ppp-2.4.7/pppd/auth.c ppp-2.4.7-eaptls-mppe-0.999/pppd/auth.c
|
|
|
|
|
if (auth_required && !can_auth && noauth_addrs == NULL) {
|
|
|
|
|
if (default_auth) {
|
|
|
|
|
option_error(
|
|
|
|
|
@@ -1331,7 +1397,11 @@
|
|
|
|
|
@@ -1331,7 +1397,11 @@ auth_reset(unit)
|
|
|
|
|
passwd[0] != 0 ||
|
|
|
|
|
(hadchap == 1 || (hadchap == -1 && have_chap_secret(user,
|
|
|
|
|
(explicit_remote? remote_name: NULL), 0, NULL))) ||
|
|
|
|
|
@ -519,7 +566,7 @@ diff -Naur ppp-2.4.7/pppd/auth.c ppp-2.4.7-eaptls-mppe-0.999/pppd/auth.c
|
|
|
|
|
|
|
|
|
|
hadchap = -1;
|
|
|
|
|
if (go->neg_upap && !uselogin && !have_pap_secret(NULL))
|
|
|
|
|
@@ -1346,8 +1416,14 @@
|
|
|
|
|
@@ -1346,8 +1416,14 @@ auth_reset(unit)
|
|
|
|
|
!have_chap_secret((explicit_remote? remote_name: NULL), our_name,
|
|
|
|
|
1, NULL))) &&
|
|
|
|
|
!have_srp_secret((explicit_remote? remote_name: NULL), our_name, 1,
|
|
|
|
|
@ -535,7 +582,7 @@ diff -Naur ppp-2.4.7/pppd/auth.c ppp-2.4.7-eaptls-mppe-0.999/pppd/auth.c
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@@ -1707,6 +1783,7 @@
|
|
|
|
|
@@ -1707,6 +1783,7 @@ have_srp_secret(client, server, need_ip, lacks_ipp)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@ -543,7 +590,7 @@ diff -Naur ppp-2.4.7/pppd/auth.c ppp-2.4.7-eaptls-mppe-0.999/pppd/auth.c
|
|
|
|
|
/*
|
|
|
|
|
* get_secret - open the CHAP secret file and return the secret
|
|
|
|
|
* for authenticating the given client on the given server.
|
|
|
|
|
@@ -2359,3 +2436,335 @@
|
|
|
|
|
@@ -2359,3 +2436,335 @@ auth_script(script)
|
|
|
|
|
|
|
|
|
|
auth_script_pid = run_program(script, argv, 0, auth_script_done, NULL, 0);
|
|
|
|
|
}
|
|
|
|
|
@ -879,10 +926,11 @@ diff -Naur ppp-2.4.7/pppd/auth.c ppp-2.4.7-eaptls-mppe-0.999/pppd/auth.c
|
|
|
|
|
+}
|
|
|
|
|
+#endif
|
|
|
|
|
+
|
|
|
|
|
diff -Naur ppp-2.4.7/pppd/ccp.c ppp-2.4.7-eaptls-mppe-0.999/pppd/ccp.c
|
|
|
|
|
--- ppp-2.4.7/pppd/ccp.c 2014-08-09 14:31:39.000000000 +0200
|
|
|
|
|
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/ccp.c 2017-05-09 14:38:55.148083482 +0200
|
|
|
|
|
@@ -540,6 +540,9 @@
|
|
|
|
|
diff --git a/pppd/ccp.c b/pppd/ccp.c
|
|
|
|
|
index 5814f35..7dead23 100644
|
|
|
|
|
--- a/pppd/ccp.c
|
|
|
|
|
+++ b/pppd/ccp.c
|
|
|
|
|
@@ -540,6 +540,9 @@ ccp_resetci(f)
|
|
|
|
|
if (go->mppe) {
|
|
|
|
|
ccp_options *ao = &ccp_allowoptions[f->unit];
|
|
|
|
|
int auth_mschap_bits = auth_done[f->unit];
|
|
|
|
|
@ -892,7 +940,7 @@ diff -Naur ppp-2.4.7/pppd/ccp.c ppp-2.4.7-eaptls-mppe-0.999/pppd/ccp.c
|
|
|
|
|
int numbits;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
@@ -567,8 +570,23 @@
|
|
|
|
|
@@ -567,8 +570,23 @@ ccp_resetci(f)
|
|
|
|
|
lcp_close(f->unit, "MPPE required but not available");
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
@ -917,9 +965,10 @@ diff -Naur ppp-2.4.7/pppd/ccp.c ppp-2.4.7-eaptls-mppe-0.999/pppd/ccp.c
|
|
|
|
|
lcp_close(f->unit, "MPPE required but not available");
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
diff -Naur ppp-2.4.7/pppd/chap-md5.c ppp-2.4.7-eaptls-mppe-0.999/pppd/chap-md5.c
|
|
|
|
|
--- ppp-2.4.7/pppd/chap-md5.c 2014-08-09 14:31:39.000000000 +0200
|
|
|
|
|
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/chap-md5.c 2017-05-09 14:38:55.148083482 +0200
|
|
|
|
|
diff --git a/pppd/chap-md5.c b/pppd/chap-md5.c
|
|
|
|
|
index 77dd4ec..269b52c 100644
|
|
|
|
|
--- a/pppd/chap-md5.c
|
|
|
|
|
+++ b/pppd/chap-md5.c
|
|
|
|
|
@@ -36,7 +36,11 @@
|
|
|
|
|
#include "chap-new.h"
|
|
|
|
|
#include "chap-md5.h"
|
|
|
|
|
@ -932,10 +981,12 @@ diff -Naur ppp-2.4.7/pppd/chap-md5.c ppp-2.4.7-eaptls-mppe-0.999/pppd/chap-md5.c
|
|
|
|
|
|
|
|
|
|
#define MD5_HASH_SIZE 16
|
|
|
|
|
#define MD5_MIN_CHALLENGE 16
|
|
|
|
|
diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap-tls.c
|
|
|
|
|
--- ppp-2.4.7/pppd/eap-tls.c 1970-01-01 01:00:00.000000000 +0100
|
|
|
|
|
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/eap-tls.c 2017-05-11 10:43:00.345739124 +0200
|
|
|
|
|
@@ -0,0 +1,1308 @@
|
|
|
|
|
diff --git a/pppd/eap-tls.c b/pppd/eap-tls.c
|
|
|
|
|
new file mode 100644
|
|
|
|
|
index 0000000..edcb0cb
|
|
|
|
|
--- /dev/null
|
|
|
|
|
+++ b/pppd/eap-tls.c
|
|
|
|
|
@@ -0,0 +1,1212 @@
|
|
|
|
|
+/*
|
|
|
|
|
+ * eap-tls.c - EAP-TLS implementation for PPP
|
|
|
|
|
+ *
|
|
|
|
|
@ -993,72 +1044,6 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap-tls.c
|
|
|
|
|
+
|
|
|
|
|
+#ifdef MPPE
|
|
|
|
|
+
|
|
|
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
|
|
|
|
|
+
|
|
|
|
|
+/*
|
|
|
|
|
+ * https://wiki.openssl.org/index.php/1.1_API_Changes
|
|
|
|
|
+ * tries to provide some guidance but ultimately falls short.
|
|
|
|
|
+ */
|
|
|
|
|
+
|
|
|
|
|
+static void HMAC_CTX_free(HMAC_CTX *ctx)
|
|
|
|
|
+{
|
|
|
|
|
+ if (ctx != NULL) {
|
|
|
|
|
+ HMAC_CTX_cleanup(ctx);
|
|
|
|
|
+ OPENSSL_free(ctx);
|
|
|
|
|
+ }
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
|
|
+static HMAC_CTX *HMAC_CTX_new(void)
|
|
|
|
|
+{
|
|
|
|
|
+ HMAC_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
|
|
|
|
|
+ if (ctx != NULL)
|
|
|
|
|
+ HMAC_CTX_init(ctx);
|
|
|
|
|
+ return ctx;
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
|
|
+/*
|
|
|
|
|
+ * These were basically jacked directly from the OpenSSL tree
|
|
|
|
|
+ * without adjustments.
|
|
|
|
|
+ */
|
|
|
|
|
+
|
|
|
|
|
+static size_t SSL_get_client_random(const SSL *ssl, unsigned char *out,
|
|
|
|
|
+ size_t outlen)
|
|
|
|
|
+{
|
|
|
|
|
+ if (outlen == 0)
|
|
|
|
|
+ return sizeof(ssl->s3->client_random);
|
|
|
|
|
+ if (outlen > sizeof(ssl->s3->client_random))
|
|
|
|
|
+ outlen = sizeof(ssl->s3->client_random);
|
|
|
|
|
+ memcpy(out, ssl->s3->client_random, outlen);
|
|
|
|
|
+ return outlen;
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
|
|
+static size_t SSL_get_server_random(const SSL *ssl, unsigned char *out,
|
|
|
|
|
+ size_t outlen)
|
|
|
|
|
+{
|
|
|
|
|
+ if (outlen == 0)
|
|
|
|
|
+ return sizeof(ssl->s3->server_random);
|
|
|
|
|
+ if (outlen > sizeof(ssl->s3->server_random))
|
|
|
|
|
+ outlen = sizeof(ssl->s3->server_random);
|
|
|
|
|
+ memcpy(out, ssl->s3->server_random, outlen);
|
|
|
|
|
+ return outlen;
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
|
|
+static size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,
|
|
|
|
|
+ unsigned char *out, size_t outlen)
|
|
|
|
|
+{
|
|
|
|
|
+ if (outlen == 0)
|
|
|
|
|
+ return session->master_key_length;
|
|
|
|
|
+ if (outlen > session->master_key_length)
|
|
|
|
|
+ outlen = session->master_key_length;
|
|
|
|
|
+ memcpy(out, session->master_key, outlen);
|
|
|
|
|
+ return outlen;
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
|
|
+/* Avoid a deprecated warning in OpenSSL 1.1 whilst still allowing to build against 1.0.x */
|
|
|
|
|
+#define TLS_method TLSv1_method
|
|
|
|
|
+
|
|
|
|
|
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
|
|
|
|
|
+
|
|
|
|
|
+/*
|
|
|
|
|
+ * TLS PRF from RFC 2246
|
|
|
|
|
+ */
|
|
|
|
|
@ -1067,47 +1052,47 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap-tls.c
|
|
|
|
|
+ const unsigned char *seed, unsigned int seed_len,
|
|
|
|
|
+ unsigned char *out, unsigned int out_len)
|
|
|
|
|
+{
|
|
|
|
|
+ HMAC_CTX *ctx_a, *ctx_out;
|
|
|
|
|
+ HMAC_CTX ctx_a, ctx_out;
|
|
|
|
|
+ unsigned char a[HMAC_MAX_MD_CBLOCK];
|
|
|
|
|
+ unsigned int size;
|
|
|
|
|
+
|
|
|
|
|
+ ctx_a = HMAC_CTX_new();
|
|
|
|
|
+ ctx_out = HMAC_CTX_new();
|
|
|
|
|
+ HMAC_Init_ex(ctx_a, secret, secret_len, evp_md, NULL);
|
|
|
|
|
+ HMAC_Init_ex(ctx_out, secret, secret_len, evp_md, NULL);
|
|
|
|
|
+ HMAC_CTX_init(&ctx_a);
|
|
|
|
|
+ HMAC_CTX_init(&ctx_out);
|
|
|
|
|
+ HMAC_Init_ex(&ctx_a, secret, secret_len, evp_md, NULL);
|
|
|
|
|
+ HMAC_Init_ex(&ctx_out, secret, secret_len, evp_md, NULL);
|
|
|
|
|
+
|
|
|
|
|
+ size = HMAC_size(ctx_out);
|
|
|
|
|
+ size = HMAC_size(&ctx_out);
|
|
|
|
|
+
|
|
|
|
|
+ /* Calculate A(1) */
|
|
|
|
|
+ HMAC_Update(ctx_a, seed, seed_len);
|
|
|
|
|
+ HMAC_Final(ctx_a, a, NULL);
|
|
|
|
|
+ HMAC_Update(&ctx_a, seed, seed_len);
|
|
|
|
|
+ HMAC_Final(&ctx_a, a, NULL);
|
|
|
|
|
+
|
|
|
|
|
+ while (1) {
|
|
|
|
|
+ /* Calculate next part of output */
|
|
|
|
|
+ HMAC_Update(ctx_out, a, size);
|
|
|
|
|
+ HMAC_Update(ctx_out, seed, seed_len);
|
|
|
|
|
+ HMAC_Update(&ctx_out, a, size);
|
|
|
|
|
+ HMAC_Update(&ctx_out, seed, seed_len);
|
|
|
|
|
+
|
|
|
|
|
+ /* Check if last part */
|
|
|
|
|
+ if (out_len < size) {
|
|
|
|
|
+ HMAC_Final(ctx_out, a, NULL);
|
|
|
|
|
+ HMAC_Final(&ctx_out, a, NULL);
|
|
|
|
|
+ memcpy(out, a, out_len);
|
|
|
|
|
+ break;
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ /* Place digest in output buffer */
|
|
|
|
|
+ HMAC_Final(ctx_out, out, NULL);
|
|
|
|
|
+ HMAC_Init_ex(ctx_out, NULL, 0, NULL, NULL);
|
|
|
|
|
+ HMAC_Final(&ctx_out, out, NULL);
|
|
|
|
|
+ HMAC_Init_ex(&ctx_out, NULL, 0, NULL, NULL);
|
|
|
|
|
+ out += size;
|
|
|
|
|
+ out_len -= size;
|
|
|
|
|
+
|
|
|
|
|
+ /* Calculate next A(i) */
|
|
|
|
|
+ HMAC_Init_ex(ctx_a, NULL, 0, NULL, NULL);
|
|
|
|
|
+ HMAC_Update(ctx_a, a, size);
|
|
|
|
|
+ HMAC_Final(ctx_a, a, NULL);
|
|
|
|
|
+ HMAC_Init_ex(&ctx_a, NULL, 0, NULL, NULL);
|
|
|
|
|
+ HMAC_Update(&ctx_a, a, size);
|
|
|
|
|
+ HMAC_Final(&ctx_a, a, NULL);
|
|
|
|
|
+ }
|
|
|
|
|
+
|
|
|
|
|
+ HMAC_CTX_free(ctx_a);
|
|
|
|
|
+ HMAC_CTX_free(ctx_out);
|
|
|
|
|
+ HMAC_CTX_cleanup(&ctx_a);
|
|
|
|
|
+ HMAC_CTX_cleanup(&ctx_out);
|
|
|
|
|
+ memset(a, 0, sizeof(a));
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
|
|
@ -1141,22 +1126,21 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap-tls.c
|
|
|
|
|
+ unsigned char *p = seed;
|
|
|
|
|
+ SSL *s = ets->ssl;
|
|
|
|
|
+ size_t prf_size;
|
|
|
|
|
+ unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
|
|
|
|
|
+ size_t master_key_length;
|
|
|
|
|
+
|
|
|
|
|
+ prf_size = strlen(prf_label);
|
|
|
|
|
+
|
|
|
|
|
+ memcpy(p, prf_label, prf_size);
|
|
|
|
|
+ p += prf_size;
|
|
|
|
|
+
|
|
|
|
|
+ prf_size += SSL_get_client_random(s, p, SSL3_RANDOM_SIZE);
|
|
|
|
|
+ memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
|
|
|
|
|
+ p += SSL3_RANDOM_SIZE;
|
|
|
|
|
+ prf_size += SSL3_RANDOM_SIZE;
|
|
|
|
|
+
|
|
|
|
|
+ prf_size += SSL_get_server_random(s, p, SSL3_RANDOM_SIZE);
|
|
|
|
|
+ memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE);
|
|
|
|
|
+ prf_size += SSL3_RANDOM_SIZE;
|
|
|
|
|
+
|
|
|
|
|
+ master_key_length = SSL_SESSION_get_master_key(SSL_get_session(s), master_key,
|
|
|
|
|
+ sizeof(master_key));
|
|
|
|
|
+ PRF(master_key, master_key_length, seed, prf_size, out, buf, sizeof(out));
|
|
|
|
|
+ PRF(s->session->master_key, s->session->master_key_length,
|
|
|
|
|
+ seed, prf_size, out, buf, sizeof(out));
|
|
|
|
|
+
|
|
|
|
|
+ /*
|
|
|
|
|
+ * We now have the master send and receive keys.
|
|
|
|
|
@ -1324,7 +1308,7 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap-tls.c
|
|
|
|
|
+ SSL_library_init();
|
|
|
|
|
+ SSL_load_error_strings();
|
|
|
|
|
+
|
|
|
|
|
+ ctx = SSL_CTX_new(TLS_method());
|
|
|
|
|
+ ctx = SSL_CTX_new(TLSv1_method());
|
|
|
|
|
+
|
|
|
|
|
+ if (!ctx) {
|
|
|
|
|
+ error("EAP-TLS: Cannot initialize SSL CTX context");
|
|
|
|
|
@ -2128,47 +2112,18 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap-tls.c
|
|
|
|
|
+ char string[256];
|
|
|
|
|
+ struct eaptls_session *ets = (struct eaptls_session *)arg;
|
|
|
|
|
+ unsigned char code;
|
|
|
|
|
+ const unsigned char*msg = buf;
|
|
|
|
|
+ int hvers = msg[1] << 8 | msg[2];
|
|
|
|
|
+
|
|
|
|
|
+ if(write_p)
|
|
|
|
|
+ strcpy(string, " -> ");
|
|
|
|
|
+ else
|
|
|
|
|
+ strcpy(string, " <- ");
|
|
|
|
|
+
|
|
|
|
|
+
|
|
|
|
|
+ switch(content_type) {
|
|
|
|
|
+
|
|
|
|
|
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
|
|
|
|
|
+ case SSL3_RT_HEADER:
|
|
|
|
|
+ strcat(string, "SSL/TLS Header: ");
|
|
|
|
|
+ switch(hvers) {
|
|
|
|
|
+ case SSL3_VERSION:
|
|
|
|
|
+ strcat(string, "SSL 3.0");
|
|
|
|
|
+ break;
|
|
|
|
|
+ case TLS1_VERSION:
|
|
|
|
|
+ strcat(string, "TLS 1.0");
|
|
|
|
|
+ break;
|
|
|
|
|
+ case TLS1_1_VERSION:
|
|
|
|
|
+ strcat(string, "TLS 1.1");
|
|
|
|
|
+ break;
|
|
|
|
|
+ case TLS1_2_VERSION:
|
|
|
|
|
+ strcat(string, "TLS 1.2");
|
|
|
|
|
+ break;
|
|
|
|
|
+ case DTLS1_VERSION:
|
|
|
|
|
+ strcat(string, "DTLS 1.0");
|
|
|
|
|
+ break;
|
|
|
|
|
+ case DTLS1_2_VERSION:
|
|
|
|
|
+ strcat(string, "DTLS 1.2");
|
|
|
|
|
+ break;
|
|
|
|
|
+ default:
|
|
|
|
|
+ strcat(string, "Unknown version");
|
|
|
|
|
+ }
|
|
|
|
|
+ break;
|
|
|
|
|
+#endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */
|
|
|
|
|
+
|
|
|
|
|
+ case SSL3_RT_ALERT:
|
|
|
|
|
+ strcat(string, "Alert: ");
|
|
|
|
|
+ code = msg[1];
|
|
|
|
|
+ code = ((const unsigned char *)buf)[1];
|
|
|
|
|
+
|
|
|
|
|
+ if (write_p) {
|
|
|
|
|
+ ets->alert_sent = 1;
|
|
|
|
|
@ -2188,7 +2143,7 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap-tls.c
|
|
|
|
|
+ case SSL3_RT_HANDSHAKE:
|
|
|
|
|
+
|
|
|
|
|
+ strcat(string, "Handshake: ");
|
|
|
|
|
+ code = msg[0];
|
|
|
|
|
+ code = ((const unsigned char *)buf)[0];
|
|
|
|
|
+
|
|
|
|
|
+ switch(code) {
|
|
|
|
|
+ case SSL3_MT_HELLO_REQUEST:
|
|
|
|
|
@ -2244,9 +2199,11 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap-tls.c
|
|
|
|
|
+ dbglog("%s", string);
|
|
|
|
|
+}
|
|
|
|
|
+
|
|
|
|
|
diff -Naur ppp-2.4.7/pppd/eap-tls.h ppp-2.4.7-eaptls-mppe-0.999/pppd/eap-tls.h
|
|
|
|
|
--- ppp-2.4.7/pppd/eap-tls.h 1970-01-01 01:00:00.000000000 +0100
|
|
|
|
|
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/eap-tls.h 2017-05-09 14:38:55.150083347 +0200
|
|
|
|
|
diff --git a/pppd/eap-tls.h b/pppd/eap-tls.h
|
|
|
|
|
new file mode 100644
|
|
|
|
|
index 0000000..2d45a0b
|
|
|
|
|
--- /dev/null
|
|
|
|
|
+++ b/pppd/eap-tls.h
|
|
|
|
|
@@ -0,0 +1,107 @@
|
|
|
|
|
+/*
|
|
|
|
|
+ * eap-tls.h
|
|
|
|
|
@ -2355,9 +2312,10 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.h ppp-2.4.7-eaptls-mppe-0.999/pppd/eap-tls.h
|
|
|
|
|
+#endif
|
|
|
|
|
+
|
|
|
|
|
+#endif
|
|
|
|
|
diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
|
|
|
|
|
--- ppp-2.4.7/pppd/eap.c 2014-08-09 14:31:39.000000000 +0200
|
|
|
|
|
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c 2017-05-09 14:38:55.151083274 +0200
|
|
|
|
|
diff --git a/pppd/eap.c b/pppd/eap.c
|
|
|
|
|
index faced53..bfbce95 100644
|
|
|
|
|
--- a/pppd/eap.c
|
|
|
|
|
+++ b/pppd/eap.c
|
|
|
|
|
@@ -43,6 +43,11 @@
|
|
|
|
|
* Based on draft-ietf-pppext-eap-srp-03.txt.
|
|
|
|
|
*/
|
|
|
|
|
@ -2384,7 +2342,7 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
|
|
|
|
|
|
|
|
|
|
#ifdef USE_SRP
|
|
|
|
|
#include <t_pwd.h>
|
|
|
|
|
@@ -209,6 +218,9 @@
|
|
|
|
|
@@ -209,6 +218,9 @@ int unit;
|
|
|
|
|
esp->es_server.ea_id = (u_char)(drand48() * 0x100);
|
|
|
|
|
esp->es_client.ea_timeout = EAP_DEFREQTIME;
|
|
|
|
|
esp->es_client.ea_maxrequests = EAP_DEFALLOWREQ;
|
|
|
|
|
@ -2394,7 +2352,7 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
@@ -436,8 +448,16 @@
|
|
|
|
|
@@ -436,8 +448,16 @@ int status;
|
|
|
|
|
u_char vals[2];
|
|
|
|
|
struct b64state bs;
|
|
|
|
|
#endif /* USE_SRP */
|
|
|
|
|
@ -2411,7 +2369,7 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
|
|
|
|
|
switch (esp->es_server.ea_state) {
|
|
|
|
|
case eapBadAuth:
|
|
|
|
|
return;
|
|
|
|
|
@@ -562,9 +582,79 @@
|
|
|
|
|
@@ -562,9 +582,79 @@ int status;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
#endif /* USE_SRP */
|
|
|
|
|
@ -2491,7 +2449,7 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
|
|
|
|
|
case eapSRP1:
|
|
|
|
|
#ifdef USE_SRP
|
|
|
|
|
ts = (struct t_server *)esp->es_server.ea_session;
|
|
|
|
|
@@ -718,6 +808,30 @@
|
|
|
|
|
@@ -718,6 +808,30 @@ eap_state *esp;
|
|
|
|
|
INCPTR(esp->es_server.ea_namelen, outp);
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
@ -2522,7 +2480,7 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
|
|
|
|
|
#ifdef USE_SRP
|
|
|
|
|
case eapSRP1:
|
|
|
|
|
PUTCHAR(EAPT_SRP, outp);
|
|
|
|
|
@@ -904,11 +1018,57 @@
|
|
|
|
|
@@ -904,11 +1018,57 @@ static void
|
|
|
|
|
eap_server_timeout(arg)
|
|
|
|
|
void *arg;
|
|
|
|
|
{
|
|
|
|
|
@ -2580,7 +2538,7 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
|
|
|
|
|
/* EAP ID number must not change on timeout. */
|
|
|
|
|
eap_send_request(esp);
|
|
|
|
|
}
|
|
|
|
|
@@ -1166,6 +1326,81 @@
|
|
|
|
|
@@ -1166,6 +1326,81 @@ u_char *str;
|
|
|
|
|
}
|
|
|
|
|
#endif /* USE_SRP */
|
|
|
|
|
|
|
|
|
|
@ -2662,7 +2620,7 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
|
|
|
|
|
static void
|
|
|
|
|
eap_send_nak(esp, id, type)
|
|
|
|
|
eap_state *esp;
|
|
|
|
|
@@ -1320,6 +1555,11 @@
|
|
|
|
|
@@ -1320,6 +1555,11 @@ int len;
|
|
|
|
|
char rhostname[256];
|
|
|
|
|
MD5_CTX mdContext;
|
|
|
|
|
u_char hash[MD5_SIGNATURE_SIZE];
|
|
|
|
|
@ -2674,7 +2632,7 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
|
|
|
|
|
#ifdef USE_SRP
|
|
|
|
|
struct t_client *tc;
|
|
|
|
|
struct t_num sval, gval, Nval, *Ap, Bval;
|
|
|
|
|
@@ -1456,6 +1696,90 @@
|
|
|
|
|
@@ -1456,6 +1696,90 @@ int len;
|
|
|
|
|
esp->es_client.ea_namelen);
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
@ -2765,7 +2723,7 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
|
|
|
|
|
#ifdef USE_SRP
|
|
|
|
|
case EAPT_SRP:
|
|
|
|
|
if (len < 1) {
|
|
|
|
|
@@ -1737,6 +2061,11 @@
|
|
|
|
|
@@ -1737,6 +2061,11 @@ int len;
|
|
|
|
|
u_char dig[SHA_DIGESTSIZE];
|
|
|
|
|
#endif /* USE_SRP */
|
|
|
|
|
|
|
|
|
|
@ -2777,7 +2735,7 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
|
|
|
|
|
if (esp->es_server.ea_id != id) {
|
|
|
|
|
dbglog("EAP: discarding Response %d; expected ID %d", id,
|
|
|
|
|
esp->es_server.ea_id);
|
|
|
|
|
@@ -1776,6 +2105,60 @@
|
|
|
|
|
@@ -1776,6 +2105,60 @@ int len;
|
|
|
|
|
eap_figure_next_state(esp, 0);
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
@ -2838,7 +2796,7 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
|
|
|
|
|
case EAPT_NOTIFICATION:
|
|
|
|
|
dbglog("EAP unexpected Notification; response discarded");
|
|
|
|
|
break;
|
|
|
|
|
@@ -1807,6 +2190,13 @@
|
|
|
|
|
@@ -1807,6 +2190,13 @@ int len;
|
|
|
|
|
esp->es_server.ea_state = eapMD5Chall;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
@ -2852,7 +2810,7 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
|
|
|
|
|
default:
|
|
|
|
|
dbglog("EAP: peer requesting unknown Type %d", vallen);
|
|
|
|
|
switch (esp->es_server.ea_state) {
|
|
|
|
|
@@ -2018,13 +2408,27 @@
|
|
|
|
|
@@ -2018,13 +2408,27 @@ u_char *inp;
|
|
|
|
|
int id;
|
|
|
|
|
int len;
|
|
|
|
|
{
|
|
|
|
|
@ -2881,7 +2839,7 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
|
|
|
|
|
if (esp->es_client.ea_timeout > 0) {
|
|
|
|
|
UNTIMEOUT(eap_client_timeout, (void *)esp);
|
|
|
|
|
}
|
|
|
|
|
@@ -2150,6 +2554,9 @@
|
|
|
|
|
@@ -2150,6 +2554,9 @@ void *arg;
|
|
|
|
|
int code, id, len, rtype, vallen;
|
|
|
|
|
u_char *pstart;
|
|
|
|
|
u_int32_t uval;
|
|
|
|
|
@ -2891,7 +2849,7 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
|
|
|
|
|
|
|
|
|
|
if (inlen < EAP_HEADERLEN)
|
|
|
|
|
return (0);
|
|
|
|
|
@@ -2214,6 +2621,24 @@
|
|
|
|
|
@@ -2214,6 +2621,24 @@ void *arg;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
@ -2916,7 +2874,7 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
|
|
|
|
|
case EAPT_SRP:
|
|
|
|
|
if (len < 3)
|
|
|
|
|
goto truncated;
|
|
|
|
|
@@ -2325,6 +2750,25 @@
|
|
|
|
|
@@ -2325,6 +2750,25 @@ void *arg;
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
@ -2942,15 +2900,16 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
|
|
|
|
|
case EAPT_NAK:
|
|
|
|
|
if (len <= 0) {
|
|
|
|
|
printer(arg, " <missing hint>");
|
|
|
|
|
@@ -2426,3 +2870,4 @@
|
|
|
|
|
@@ -2426,3 +2870,4 @@ void *arg;
|
|
|
|
|
|
|
|
|
|
return (inp - pstart);
|
|
|
|
|
}
|
|
|
|
|
+
|
|
|
|
|
diff -Naur ppp-2.4.7/pppd/eap.h ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.h
|
|
|
|
|
--- ppp-2.4.7/pppd/eap.h 2014-08-09 14:31:39.000000000 +0200
|
|
|
|
|
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.h 2017-05-09 14:38:55.152083200 +0200
|
|
|
|
|
@@ -84,6 +84,16 @@
|
|
|
|
|
diff --git a/pppd/eap.h b/pppd/eap.h
|
|
|
|
|
index 199d184..3fa5391 100644
|
|
|
|
|
--- a/pppd/eap.h
|
|
|
|
|
+++ b/pppd/eap.h
|
|
|
|
|
@@ -84,6 +84,16 @@ enum eap_state_code {
|
|
|
|
|
eapClosed, /* Authentication not in use */
|
|
|
|
|
eapListen, /* Client ready (and timer running) */
|
|
|
|
|
eapIdentify, /* EAP Identify sent */
|
|
|
|
|
@ -2967,7 +2926,7 @@ diff -Naur ppp-2.4.7/pppd/eap.h ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.h
|
|
|
|
|
eapSRP1, /* Sent EAP SRP-SHA1 Subtype 1 */
|
|
|
|
|
eapSRP2, /* Sent EAP SRP-SHA1 Subtype 2 */
|
|
|
|
|
eapSRP3, /* Sent EAP SRP-SHA1 Subtype 3 */
|
|
|
|
|
@@ -95,9 +105,18 @@
|
|
|
|
|
@@ -95,9 +105,18 @@ enum eap_state_code {
|
|
|
|
|
|
|
|
|
|
#define EAP_STATES \
|
|
|
|
|
"Initial", "Pending", "Closed", "Listen", "Identify", \
|
|
|
|
|
@ -2977,8 +2936,8 @@ diff -Naur ppp-2.4.7/pppd/eap.h ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.h
|
|
|
|
|
|
|
|
|
|
-#define eap_client_active(esp) ((esp)->es_client.ea_state == eapListen)
|
|
|
|
|
+#ifdef USE_EAPTLS
|
|
|
|
|
+#define eap_client_active(esp) ((esp)->es_client.ea_state != eapInitial &&\
|
|
|
|
|
+ (esp)->es_client.ea_state != eapPending &&\
|
|
|
|
|
+#define eap_client_active(esp) ((esp)->es_client.ea_state != eapInitial ||\
|
|
|
|
|
+ (esp)->es_client.ea_state != eapPending ||\
|
|
|
|
|
+ (esp)->es_client.ea_state != eapClosed)
|
|
|
|
|
+#else
|
|
|
|
|
+#define eap_client_active(esp) ((esp)->es_client.ea_state == eapListen)
|
|
|
|
|
@ -2987,7 +2946,7 @@ diff -Naur ppp-2.4.7/pppd/eap.h ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.h
|
|
|
|
|
#define eap_server_active(esp) \
|
|
|
|
|
((esp)->es_server.ea_state >= eapIdentify && \
|
|
|
|
|
(esp)->es_server.ea_state <= eapMD5Chall)
|
|
|
|
|
@@ -112,11 +131,17 @@
|
|
|
|
|
@@ -112,11 +131,17 @@ struct eap_auth {
|
|
|
|
|
u_short ea_namelen; /* Length of our name */
|
|
|
|
|
u_short ea_peerlen; /* Length of peer's name */
|
|
|
|
|
enum eap_state_code ea_state;
|
|
|
|
|
@ -3005,7 +2964,7 @@ diff -Naur ppp-2.4.7/pppd/eap.h ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.h
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
@@ -139,7 +164,12 @@
|
|
|
|
|
@@ -139,7 +164,12 @@ typedef struct eap_state {
|
|
|
|
|
* Timeouts.
|
|
|
|
|
*/
|
|
|
|
|
#define EAP_DEFTIMEOUT 3 /* Timeout (seconds) for rexmit */
|
|
|
|
|
@ -3018,9 +2977,10 @@ diff -Naur ppp-2.4.7/pppd/eap.h ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.h
|
|
|
|
|
#define EAP_DEFREQTIME 20 /* Time to wait for peer request */
|
|
|
|
|
#define EAP_DEFALLOWREQ 20 /* max # times to accept requests */
|
|
|
|
|
|
|
|
|
|
diff -Naur ppp-2.4.7/pppd/md5.c ppp-2.4.7-eaptls-mppe-0.999/pppd/md5.c
|
|
|
|
|
--- ppp-2.4.7/pppd/md5.c 2014-08-09 14:31:39.000000000 +0200
|
|
|
|
|
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/md5.c 2017-05-09 14:38:55.152083200 +0200
|
|
|
|
|
diff --git a/pppd/md5.c b/pppd/md5.c
|
|
|
|
|
index f1291ce..6f8f720 100644
|
|
|
|
|
--- a/pppd/md5.c
|
|
|
|
|
+++ b/pppd/md5.c
|
|
|
|
|
@@ -33,6 +33,8 @@
|
|
|
|
|
***********************************************************************
|
|
|
|
|
*/
|
|
|
|
|
@ -3030,15 +2990,16 @@ diff -Naur ppp-2.4.7/pppd/md5.c ppp-2.4.7-eaptls-mppe-0.999/pppd/md5.c
|
|
|
|
|
#include <string.h>
|
|
|
|
|
#include "md5.h"
|
|
|
|
|
|
|
|
|
|
@@ -305,3 +307,5 @@
|
|
|
|
|
@@ -305,3 +307,5 @@ UINT4 *in;
|
|
|
|
|
** End of md5.c **
|
|
|
|
|
******************************** (cut) ********************************
|
|
|
|
|
*/
|
|
|
|
|
+#endif /* USE_EAPTLS */
|
|
|
|
|
+
|
|
|
|
|
diff -Naur ppp-2.4.7/pppd/md5.h ppp-2.4.7-eaptls-mppe-0.999/pppd/md5.h
|
|
|
|
|
--- ppp-2.4.7/pppd/md5.h 2014-08-09 14:31:39.000000000 +0200
|
|
|
|
|
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/md5.h 2017-05-09 14:38:55.152083200 +0200
|
|
|
|
|
diff --git a/pppd/md5.h b/pppd/md5.h
|
|
|
|
|
index 71e8b00..14d7121 100644
|
|
|
|
|
--- a/pppd/md5.h
|
|
|
|
|
+++ b/pppd/md5.h
|
|
|
|
|
@@ -36,6 +36,7 @@
|
|
|
|
|
** documentation and/or software. **
|
|
|
|
|
***********************************************************************
|
|
|
|
|
@ -3047,16 +3008,17 @@ diff -Naur ppp-2.4.7/pppd/md5.h ppp-2.4.7-eaptls-mppe-0.999/pppd/md5.h
|
|
|
|
|
|
|
|
|
|
#ifndef __MD5_INCLUDE__
|
|
|
|
|
|
|
|
|
|
@@ -63,3 +64,5 @@
|
|
|
|
|
@@ -63,3 +64,5 @@ void MD5_Final (unsigned char hash[], MD5_CTX *mdContext);
|
|
|
|
|
|
|
|
|
|
#define __MD5_INCLUDE__
|
|
|
|
|
#endif /* __MD5_INCLUDE__ */
|
|
|
|
|
+
|
|
|
|
|
+#endif /* USE_EAPTLS */
|
|
|
|
|
diff -Naur ppp-2.4.7/pppd/pathnames.h ppp-2.4.7-eaptls-mppe-0.999/pppd/pathnames.h
|
|
|
|
|
--- ppp-2.4.7/pppd/pathnames.h 2014-08-09 14:31:39.000000000 +0200
|
|
|
|
|
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/pathnames.h 2017-05-09 14:38:55.153083126 +0200
|
|
|
|
|
@@ -21,6 +21,13 @@
|
|
|
|
|
diff --git a/pppd/pathnames.h b/pppd/pathnames.h
|
|
|
|
|
index 24e010c..6275df6 100644
|
|
|
|
|
--- a/pppd/pathnames.h
|
|
|
|
|
+++ b/pppd/pathnames.h
|
|
|
|
|
@@ -22,6 +22,13 @@
|
|
|
|
|
#define _PATH_UPAPFILE _ROOT_PATH "/etc/ppp/pap-secrets"
|
|
|
|
|
#define _PATH_CHAPFILE _ROOT_PATH "/etc/ppp/chap-secrets"
|
|
|
|
|
#define _PATH_SRPFILE _ROOT_PATH "/etc/ppp/srp-secrets"
|
|
|
|
|
@ -3070,10 +3032,11 @@ diff -Naur ppp-2.4.7/pppd/pathnames.h ppp-2.4.7-eaptls-mppe-0.999/pppd/pathnames
|
|
|
|
|
#define _PATH_SYSOPTIONS _ROOT_PATH "/etc/ppp/options"
|
|
|
|
|
#define _PATH_IPUP _ROOT_PATH "/etc/ppp/ip-up"
|
|
|
|
|
#define _PATH_IPDOWN _ROOT_PATH "/etc/ppp/ip-down"
|
|
|
|
|
diff -Naur ppp-2.4.7/pppd/plugins/Makefile.linux ppp-2.4.7-eaptls-mppe-0.999/pppd/plugins/Makefile.linux
|
|
|
|
|
--- ppp-2.4.7/pppd/plugins/Makefile.linux 2014-08-09 14:31:39.000000000 +0200
|
|
|
|
|
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/plugins/Makefile.linux 2017-05-09 14:38:55.153083126 +0200
|
|
|
|
|
@@ -4,6 +4,9 @@
|
|
|
|
|
diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux
|
|
|
|
|
index b474a19..760cad4 100644
|
|
|
|
|
--- a/pppd/plugins/Makefile.linux
|
|
|
|
|
+++ b/pppd/plugins/Makefile.linux
|
|
|
|
|
@@ -4,6 +4,9 @@ CFLAGS = $(COPTS) -I.. -I../../include -fPIC
|
|
|
|
|
LDFLAGS = -shared
|
|
|
|
|
INSTALL = install
|
|
|
|
|
|
|
|
|
|
@ -3083,10 +3046,11 @@ diff -Naur ppp-2.4.7/pppd/plugins/Makefile.linux ppp-2.4.7-eaptls-mppe-0.999/ppp
|
|
|
|
|
DESTDIR = $(INSTROOT)@DESTDIR@
|
|
|
|
|
BINDIR = $(DESTDIR)/sbin
|
|
|
|
|
MANDIR = $(DESTDIR)/share/man/man8
|
|
|
|
|
diff -Naur ppp-2.4.7/pppd/plugins/passprompt.c ppp-2.4.7-eaptls-mppe-0.999/pppd/plugins/passprompt.c
|
|
|
|
|
--- ppp-2.4.7/pppd/plugins/passprompt.c 2014-08-09 14:31:39.000000000 +0200
|
|
|
|
|
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/plugins/passprompt.c 2017-05-09 14:38:55.153083126 +0200
|
|
|
|
|
@@ -107,4 +107,7 @@
|
|
|
|
|
diff --git a/pppd/plugins/passprompt.c b/pppd/plugins/passprompt.c
|
|
|
|
|
index babb6dc..6ba73ca 100644
|
|
|
|
|
--- a/pppd/plugins/passprompt.c
|
|
|
|
|
+++ b/pppd/plugins/passprompt.c
|
|
|
|
|
@@ -107,4 +107,7 @@ void plugin_init(void)
|
|
|
|
|
{
|
|
|
|
|
add_options(options);
|
|
|
|
|
pap_passwd_hook = promptpass;
|
|
|
|
|
@ -3094,10 +3058,11 @@ diff -Naur ppp-2.4.7/pppd/plugins/passprompt.c ppp-2.4.7-eaptls-mppe-0.999/pppd/
|
|
|
|
|
+ eaptls_passwd_hook = promptpass;
|
|
|
|
|
+#endif
|
|
|
|
|
}
|
|
|
|
|
diff -Naur ppp-2.4.7/pppd/plugins/passwordfd.c ppp-2.4.7-eaptls-mppe-0.999/pppd/plugins/passwordfd.c
|
|
|
|
|
--- ppp-2.4.7/pppd/plugins/passwordfd.c 2014-08-09 14:31:39.000000000 +0200
|
|
|
|
|
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/plugins/passwordfd.c 2017-05-09 14:38:55.154083052 +0200
|
|
|
|
|
@@ -79,4 +79,8 @@
|
|
|
|
|
diff --git a/pppd/plugins/passwordfd.c b/pppd/plugins/passwordfd.c
|
|
|
|
|
index d718f3b..c3f9793 100644
|
|
|
|
|
--- a/pppd/plugins/passwordfd.c
|
|
|
|
|
+++ b/pppd/plugins/passwordfd.c
|
|
|
|
|
@@ -79,4 +79,8 @@ void plugin_init (void)
|
|
|
|
|
|
|
|
|
|
chap_check_hook = pwfd_check;
|
|
|
|
|
chap_passwd_hook = pwfd_passwd;
|
|
|
|
|
@ -3106,10 +3071,11 @@ diff -Naur ppp-2.4.7/pppd/plugins/passwordfd.c ppp-2.4.7-eaptls-mppe-0.999/pppd/
|
|
|
|
|
+ eaptls_passwd_hook = pwfd_passwd;
|
|
|
|
|
+#endif
|
|
|
|
|
}
|
|
|
|
|
diff -Naur ppp-2.4.7/pppd/pppd.8 ppp-2.4.7-eaptls-mppe-0.999/pppd/pppd.8
|
|
|
|
|
--- ppp-2.4.7/pppd/pppd.8 2014-08-09 14:31:39.000000000 +0200
|
|
|
|
|
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/pppd.8 2017-05-09 14:38:55.155082978 +0200
|
|
|
|
|
@@ -248,6 +248,12 @@
|
|
|
|
|
diff --git a/pppd/pppd.8 b/pppd/pppd.8
|
|
|
|
|
index 2dd6e1a..75dd6f3 100644
|
|
|
|
|
--- a/pppd/pppd.8
|
|
|
|
|
+++ b/pppd/pppd.8
|
|
|
|
|
@@ -248,6 +248,12 @@ Alternatively, a value of 0 for \fInr\fR or \fInt\fR disables
|
|
|
|
|
compression in the corresponding direction. Use \fInobsdcomp\fR or
|
|
|
|
|
\fIbsdcomp 0\fR to disable BSD-Compress compression entirely.
|
|
|
|
|
.TP
|
|
|
|
|
@ -3122,7 +3088,7 @@ diff -Naur ppp-2.4.7/pppd/pppd.8 ppp-2.4.7-eaptls-mppe-0.999/pppd/pppd.8
|
|
|
|
|
.B cdtrcts
|
|
|
|
|
Use a non-standard hardware flow control (i.e. DTR/CTS) to control
|
|
|
|
|
the flow of data on the serial port. If neither the \fIcrtscts\fR,
|
|
|
|
|
@@ -259,6 +265,12 @@
|
|
|
|
|
@@ -259,6 +265,12 @@ RTS output. Such serial ports use this mode to implement true
|
|
|
|
|
bi-directional flow control. The sacrifice is that this flow
|
|
|
|
|
control mode does not permit using DTR as a modem control line.
|
|
|
|
|
.TP
|
|
|
|
|
@ -3135,7 +3101,7 @@ diff -Naur ppp-2.4.7/pppd/pppd.8 ppp-2.4.7-eaptls-mppe-0.999/pppd/pppd.8
|
|
|
|
|
.B chap\-interval \fIn
|
|
|
|
|
If this option is given, pppd will rechallenge the peer every \fIn\fR
|
|
|
|
|
seconds.
|
|
|
|
|
@@ -287,6 +299,18 @@
|
|
|
|
|
@@ -287,6 +299,18 @@ negotiation by sending its first LCP packet. The default value is
|
|
|
|
|
1000 (1 second). This wait period only applies if the \fBconnect\fR
|
|
|
|
|
or \fBpty\fR option is used.
|
|
|
|
|
.TP
|
|
|
|
|
@ -3154,7 +3120,7 @@ diff -Naur ppp-2.4.7/pppd/pppd.8 ppp-2.4.7-eaptls-mppe-0.999/pppd/pppd.8
|
|
|
|
|
.B debug
|
|
|
|
|
Enables connection debugging facilities.
|
|
|
|
|
If this option is given, pppd will log the contents of all
|
|
|
|
|
@@ -551,6 +575,12 @@
|
|
|
|
|
@@ -551,6 +575,12 @@ transmitted packets be printed. On most systems, messages printed by
|
|
|
|
|
the kernel are logged by syslog(1) to a file as directed in the
|
|
|
|
|
/etc/syslog.conf configuration file.
|
|
|
|
|
.TP
|
|
|
|
|
@ -3167,7 +3133,7 @@ diff -Naur ppp-2.4.7/pppd/pppd.8 ppp-2.4.7-eaptls-mppe-0.999/pppd/pppd.8
|
|
|
|
|
.B ktune
|
|
|
|
|
Enables pppd to alter kernel settings as appropriate. Under Linux,
|
|
|
|
|
pppd will enable IP forwarding (i.e. set /proc/sys/net/ipv4/ip_forward
|
|
|
|
|
@@ -709,6 +739,9 @@
|
|
|
|
|
@@ -709,6 +739,9 @@ name to \fIname\fR.)
|
|
|
|
|
Disable Address/Control compression in both directions (send and
|
|
|
|
|
receive).
|
|
|
|
|
.TP
|
|
|
|
|
@ -3177,10 +3143,11 @@ diff -Naur ppp-2.4.7/pppd/pppd.8 ppp-2.4.7-eaptls-mppe-0.999/pppd/pppd.8
|
|
|
|
|
.B noauth
|
|
|
|
|
Do not require the peer to authenticate itself. This option is
|
|
|
|
|
privileged.
|
|
|
|
|
diff -Naur ppp-2.4.7/pppd/pppd.h ppp-2.4.7-eaptls-mppe-0.999/pppd/pppd.h
|
|
|
|
|
--- ppp-2.4.7/pppd/pppd.h 2014-08-09 14:31:39.000000000 +0200
|
|
|
|
|
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/pppd.h 2017-05-09 14:38:55.156082905 +0200
|
|
|
|
|
@@ -325,6 +325,11 @@
|
|
|
|
|
diff --git a/pppd/pppd.h b/pppd/pppd.h
|
|
|
|
|
index 5f72f72..523f226 100644
|
|
|
|
|
--- a/pppd/pppd.h
|
|
|
|
|
+++ b/pppd/pppd.h
|
|
|
|
|
@@ -324,6 +324,11 @@ extern bool dump_options; /* print out option values */
|
|
|
|
|
extern bool dryrun; /* check everything, print options, exit */
|
|
|
|
|
extern int child_wait; /* # seconds to wait for children at end */
|
|
|
|
|
|
|
|
|
|
@ -3192,7 +3159,7 @@ diff -Naur ppp-2.4.7/pppd/pppd.h ppp-2.4.7-eaptls-mppe-0.999/pppd/pppd.h
|
|
|
|
|
#ifdef MAXOCTETS
|
|
|
|
|
extern unsigned int maxoctets; /* Maximum octetes per session (in bytes) */
|
|
|
|
|
extern int maxoctets_dir; /* Direction :
|
|
|
|
|
@@ -741,6 +746,10 @@
|
|
|
|
|
@@ -738,6 +743,10 @@ extern int (*chap_check_hook) __P((void));
|
|
|
|
|
extern int (*chap_passwd_hook) __P((char *user, char *passwd));
|
|
|
|
|
extern void (*multilink_join_hook) __P((void));
|
|
|
|
|
|
|
|
|
|
@ -3203,3 +3170,6 @@ diff -Naur ppp-2.4.7/pppd/pppd.h ppp-2.4.7-eaptls-mppe-0.999/pppd/pppd.h
|
|
|
|
|
/* Let a plugin snoop sent and received packets. Useful for L2TP */
|
|
|
|
|
extern void (*snoop_recv_hook) __P((unsigned char *p, int len));
|
|
|
|
|
extern void (*snoop_send_hook) __P((unsigned char *p, int len));
|
|
|
|
|
--
|
|
|
|
|
1.8.3.1
|
|
|
|
|
|