Compare commits

..

No commits in common. "master" and "f26" have entirely different histories.
master ... f26

6 changed files with 246 additions and 538 deletions

View File

@ -1,6 +1,44 @@
diff -Naur ppp-2.4.7/README.eap-tls ppp-2.4.7-eaptls-mppe-0.999/README.eap-tls From 7887b3d84468e1ebfbe5adc373f0816eda2b995a Mon Sep 17 00:00:00 2001
--- ppp-2.4.7/README.eap-tls 1970-01-01 01:00:00.000000000 +0100 From: Michal Sekletar <msekleta@redhat.com>
+++ ppp-2.4.7-eaptls-mppe-0.999/README.eap-tls 2017-05-09 14:38:55.129084488 +0200 Date: Fri, 20 Jun 2014 10:31:43 +0200
Subject: [PATCH 27/27] pppd: EAP-TLS patch v0.997
See: http://www.nikhef.nl/~janjust/ppp/download.html
---
README.eap-tls | 280 ++++++++++
etc.ppp/eaptls-client | 10 +
etc.ppp/eaptls-server | 11 +
etc.ppp/openssl.cnf | 14 +
linux/Makefile.top | 6 +-
pppd/Makefile.linux | 12 +
pppd/auth.c | 413 ++++++++++++++-
pppd/ccp.c | 20 +-
pppd/chap-md5.c | 4 +
pppd/eap-tls.c | 1212 +++++++++++++++++++++++++++++++++++++++++++
pppd/eap-tls.h | 107 ++++
pppd/eap.c | 449 +++++++++++++++-
pppd/eap.h | 32 +-
pppd/md5.c | 4 +
pppd/md5.h | 3 +
pppd/pathnames.h | 7 +
pppd/plugins/Makefile.linux | 3 +
pppd/plugins/passprompt.c | 3 +
pppd/plugins/passwordfd.c | 4 +
pppd/pppd.8 | 33 ++
pppd/pppd.h | 9 +
21 files changed, 2629 insertions(+), 7 deletions(-)
create mode 100644 README.eap-tls
create mode 100644 etc.ppp/eaptls-client
create mode 100644 etc.ppp/eaptls-server
create mode 100644 etc.ppp/openssl.cnf
create mode 100644 pppd/eap-tls.c
create mode 100644 pppd/eap-tls.h
diff --git a/README.eap-tls b/README.eap-tls
new file mode 100644
index 0000000..037be0a
--- /dev/null
+++ b/README.eap-tls
@@ -0,0 +1,280 @@ @@ -0,0 +1,280 @@
+EAP-TLS authentication support for PPP +EAP-TLS authentication support for PPP
+====================================== +======================================
@ -282,9 +320,11 @@ diff -Naur ppp-2.4.7/README.eap-tls ppp-2.4.7-eaptls-mppe-0.999/README.eap-tls
+ - change SSL_OP_NO_TICKETS to SSL_OP_NO_TICKET + - change SSL_OP_NO_TICKETS to SSL_OP_NO_TICKET
+ - fix bug in initialisation code with fragmented packets. + - fix bug in initialisation code with fragmented packets.
+ +
diff -Naur ppp-2.4.7/etc.ppp/eaptls-client ppp-2.4.7-eaptls-mppe-0.999/etc.ppp/eaptls-client diff --git a/etc.ppp/eaptls-client b/etc.ppp/eaptls-client
--- ppp-2.4.7/etc.ppp/eaptls-client 1970-01-01 01:00:00.000000000 +0100 new file mode 100644
+++ ppp-2.4.7-eaptls-mppe-0.999/etc.ppp/eaptls-client 2017-05-09 14:38:55.129084488 +0200 index 0000000..7782f0e
--- /dev/null
+++ b/etc.ppp/eaptls-client
@@ -0,0 +1,10 @@ @@ -0,0 +1,10 @@
+# Parameters for authentication using EAP-TLS (client) +# Parameters for authentication using EAP-TLS (client)
+ +
@ -296,9 +336,11 @@ diff -Naur ppp-2.4.7/etc.ppp/eaptls-client ppp-2.4.7-eaptls-mppe-0.999/etc.ppp/e
+# client private key file (required) +# client private key file (required)
+ +
+#client server /root/cert/client.crt - /root/cert/ca.crt /root/cert/client.key +#client server /root/cert/client.crt - /root/cert/ca.crt /root/cert/client.key
diff -Naur ppp-2.4.7/etc.ppp/eaptls-server ppp-2.4.7-eaptls-mppe-0.999/etc.ppp/eaptls-server diff --git a/etc.ppp/eaptls-server b/etc.ppp/eaptls-server
--- ppp-2.4.7/etc.ppp/eaptls-server 1970-01-01 01:00:00.000000000 +0100 new file mode 100644
+++ ppp-2.4.7-eaptls-mppe-0.999/etc.ppp/eaptls-server 2017-05-09 14:38:55.137084099 +0200 index 0000000..fa53cbd
--- /dev/null
+++ b/etc.ppp/eaptls-server
@@ -0,0 +1,11 @@ @@ -0,0 +1,11 @@
+# Parameters for authentication using EAP-TLS (server) +# Parameters for authentication using EAP-TLS (server)
+ +
@ -311,9 +353,11 @@ diff -Naur ppp-2.4.7/etc.ppp/eaptls-server ppp-2.4.7-eaptls-mppe-0.999/etc.ppp/e
+# allowed addresses (required, can be *) +# allowed addresses (required, can be *)
+ +
+#client server - /root/cert/server.crt /root/cert/ca.crt /root/cert/server.key 192.168.1.0/24 +#client server - /root/cert/server.crt /root/cert/ca.crt /root/cert/server.key 192.168.1.0/24
diff -Naur ppp-2.4.7/etc.ppp/openssl.cnf ppp-2.4.7-eaptls-mppe-0.999/etc.ppp/openssl.cnf diff --git a/etc.ppp/openssl.cnf b/etc.ppp/openssl.cnf
--- ppp-2.4.7/etc.ppp/openssl.cnf 1970-01-01 01:00:00.000000000 +0100 new file mode 100644
+++ ppp-2.4.7-eaptls-mppe-0.999/etc.ppp/openssl.cnf 2017-05-09 14:38:55.137084099 +0200 index 0000000..dd32f30
--- /dev/null
+++ b/etc.ppp/openssl.cnf
@@ -0,0 +1,14 @@ @@ -0,0 +1,14 @@
+openssl_conf = openssl_def +openssl_conf = openssl_def
+ +
@ -329,10 +373,11 @@ diff -Naur ppp-2.4.7/etc.ppp/openssl.cnf ppp-2.4.7-eaptls-mppe-0.999/etc.ppp/ope
+MODULE_PATH = /usr/lib64/libeTPkcs11.so +MODULE_PATH = /usr/lib64/libeTPkcs11.so
+init = 0 +init = 0
+ +
diff -Naur ppp-2.4.7/linux/Makefile.top ppp-2.4.7-eaptls-mppe-0.999/linux/Makefile.top diff --git a/linux/Makefile.top b/linux/Makefile.top
--- ppp-2.4.7/linux/Makefile.top 2014-08-09 14:31:39.000000000 +0200 index f42efd5..9a8945a 100644
+++ ppp-2.4.7-eaptls-mppe-0.999/linux/Makefile.top 2017-05-09 14:38:55.138084052 +0200 --- a/linux/Makefile.top
@@ -26,7 +26,7 @@ +++ b/linux/Makefile.top
@@ -28,7 +28,7 @@ install-progs:
cd pppdump; $(MAKE) $(MFLAGS) install cd pppdump; $(MAKE) $(MFLAGS) install
install-etcppp: $(ETCDIR) $(ETCDIR)/options $(ETCDIR)/pap-secrets \ install-etcppp: $(ETCDIR) $(ETCDIR)/options $(ETCDIR)/pap-secrets \
@ -341,7 +386,7 @@ diff -Naur ppp-2.4.7/linux/Makefile.top ppp-2.4.7-eaptls-mppe-0.999/linux/Makefi
install-devel: install-devel:
cd pppd; $(MAKE) $(MFLAGS) install-devel cd pppd; $(MAKE) $(MFLAGS) install-devel
@@ -37,6 +37,10 @@ @@ -39,6 +39,10 @@ $(ETCDIR)/pap-secrets:
$(INSTALL) -c -m 600 etc.ppp/pap-secrets $@ $(INSTALL) -c -m 600 etc.ppp/pap-secrets $@
$(ETCDIR)/chap-secrets: $(ETCDIR)/chap-secrets:
$(INSTALL) -c -m 600 etc.ppp/chap-secrets $@ $(INSTALL) -c -m 600 etc.ppp/chap-secrets $@
@ -352,10 +397,11 @@ diff -Naur ppp-2.4.7/linux/Makefile.top ppp-2.4.7-eaptls-mppe-0.999/linux/Makefi
$(BINDIR): $(BINDIR):
$(INSTALL) -d -m 755 $@ $(INSTALL) -d -m 755 $@
diff -Naur ppp-2.4.7/pppd/Makefile.linux ppp-2.4.7-eaptls-mppe-0.999/pppd/Makefile.linux diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
--- ppp-2.4.7/pppd/Makefile.linux 2014-08-09 14:31:39.000000000 +0200 index 943cf83..534ccc2 100644
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/Makefile.linux 2017-05-09 14:38:55.138084052 +0200 --- a/pppd/Makefile.linux
@@ -76,6 +76,9 @@ +++ b/pppd/Makefile.linux
@@ -79,6 +79,9 @@ CBCP=y
# Use libutil # Use libutil
USE_LIBUTIL=y USE_LIBUTIL=y
@ -365,7 +411,7 @@ diff -Naur ppp-2.4.7/pppd/Makefile.linux ppp-2.4.7-eaptls-mppe-0.999/pppd/Makefi
MAXOCTETS=y MAXOCTETS=y
INCLUDE_DIRS= -I../include INCLUDE_DIRS= -I../include
@@ -115,6 +118,15 @@ @@ -118,6 +121,15 @@ HEADERS += sha1.h
PPPDOBJS += sha1.o PPPDOBJS += sha1.o
endif endif
@ -381,9 +427,10 @@ diff -Naur ppp-2.4.7/pppd/Makefile.linux ppp-2.4.7-eaptls-mppe-0.999/pppd/Makefi
ifdef HAS_SHADOW ifdef HAS_SHADOW
CFLAGS += -DHAS_SHADOW CFLAGS += -DHAS_SHADOW
#LIBS += -lshadow $(LIBS) #LIBS += -lshadow $(LIBS)
diff -Naur ppp-2.4.7/pppd/auth.c ppp-2.4.7-eaptls-mppe-0.999/pppd/auth.c diff --git a/pppd/auth.c b/pppd/auth.c
--- ppp-2.4.7/pppd/auth.c 2014-08-09 14:31:39.000000000 +0200 index 9e957fa..656ffe9 100644
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/auth.c 2017-05-09 14:38:55.139084004 +0200 --- a/pppd/auth.c
+++ b/pppd/auth.c
@@ -109,6 +109,9 @@ @@ -109,6 +109,9 @@
#include "upap.h" #include "upap.h"
#include "chap-new.h" #include "chap-new.h"
@ -394,7 +441,7 @@ diff -Naur ppp-2.4.7/pppd/auth.c ppp-2.4.7-eaptls-mppe-0.999/pppd/auth.c
#ifdef CBCP_SUPPORT #ifdef CBCP_SUPPORT
#include "cbcp.h" #include "cbcp.h"
#endif #endif
@@ -183,6 +186,11 @@ @@ -183,6 +186,11 @@ int (*chap_check_hook) __P((void)) = NULL;
/* Hook for a plugin to get the CHAP password for authenticating us */ /* Hook for a plugin to get the CHAP password for authenticating us */
int (*chap_passwd_hook) __P((char *user, char *passwd)) = NULL; int (*chap_passwd_hook) __P((char *user, char *passwd)) = NULL;
@ -406,7 +453,7 @@ diff -Naur ppp-2.4.7/pppd/auth.c ppp-2.4.7-eaptls-mppe-0.999/pppd/auth.c
/* Hook for a plugin to say whether it is OK if the peer /* Hook for a plugin to say whether it is OK if the peer
refuses to authenticate. */ refuses to authenticate. */
int (*null_auth_hook) __P((struct wordlist **paddrs, int (*null_auth_hook) __P((struct wordlist **paddrs,
@@ -238,6 +246,14 @@ @@ -238,6 +246,14 @@ bool explicit_remote = 0; /* User specified explicit remote name */
bool explicit_user = 0; /* Set if "user" option supplied */ bool explicit_user = 0; /* Set if "user" option supplied */
bool explicit_passwd = 0; /* Set if "password" option supplied */ bool explicit_passwd = 0; /* Set if "password" option supplied */
char remote_name[MAXNAMELEN]; /* Peer's name for authentication */ char remote_name[MAXNAMELEN]; /* Peer's name for authentication */
@ -421,7 +468,7 @@ diff -Naur ppp-2.4.7/pppd/auth.c ppp-2.4.7-eaptls-mppe-0.999/pppd/auth.c
static char *uafname; /* name of most recent +ua file */ static char *uafname; /* name of most recent +ua file */
@@ -254,6 +270,19 @@ @@ -254,6 +270,19 @@ static int have_pap_secret __P((int *));
static int have_chap_secret __P((char *, char *, int, int *)); static int have_chap_secret __P((char *, char *, int, int *));
static int have_srp_secret __P((char *client, char *server, int need_ip, static int have_srp_secret __P((char *client, char *server, int need_ip,
int *lacks_ipp)); int *lacks_ipp));
@ -441,7 +488,7 @@ diff -Naur ppp-2.4.7/pppd/auth.c ppp-2.4.7-eaptls-mppe-0.999/pppd/auth.c
static int ip_addr_check __P((u_int32_t, struct permitted_ip *)); static int ip_addr_check __P((u_int32_t, struct permitted_ip *));
static int scan_authfile __P((FILE *, char *, char *, char *, static int scan_authfile __P((FILE *, char *, char *, char *,
struct wordlist **, struct wordlist **, struct wordlist **, struct wordlist **,
@@ -401,6 +430,15 @@ @@ -401,6 +430,15 @@ option_t auth_options[] = {
"Set telephone number(s) which are allowed to connect", "Set telephone number(s) which are allowed to connect",
OPT_PRIV | OPT_A2LIST }, OPT_PRIV | OPT_A2LIST },
@ -457,7 +504,7 @@ diff -Naur ppp-2.4.7/pppd/auth.c ppp-2.4.7-eaptls-mppe-0.999/pppd/auth.c
{ NULL } { NULL }
}; };
@@ -730,6 +768,9 @@ @@ -730,6 +768,9 @@ link_established(unit)
lcp_options *wo = &lcp_wantoptions[unit]; lcp_options *wo = &lcp_wantoptions[unit];
lcp_options *go = &lcp_gotoptions[unit]; lcp_options *go = &lcp_gotoptions[unit];
lcp_options *ho = &lcp_hisoptions[unit]; lcp_options *ho = &lcp_hisoptions[unit];
@ -467,7 +514,7 @@ diff -Naur ppp-2.4.7/pppd/auth.c ppp-2.4.7-eaptls-mppe-0.999/pppd/auth.c
int i; int i;
struct protent *protp; struct protent *protp;
@@ -764,6 +805,22 @@ @@ -764,6 +805,22 @@ link_established(unit)
} }
} }
@ -490,7 +537,7 @@ diff -Naur ppp-2.4.7/pppd/auth.c ppp-2.4.7-eaptls-mppe-0.999/pppd/auth.c
new_phase(PHASE_AUTHENTICATE); new_phase(PHASE_AUTHENTICATE);
auth = 0; auth = 0;
if (go->neg_eap) { if (go->neg_eap) {
@@ -1277,6 +1334,15 @@ @@ -1277,6 +1334,15 @@ auth_check_options()
our_name, 1, &lacks_ip); our_name, 1, &lacks_ip);
} }
@ -506,7 +553,7 @@ diff -Naur ppp-2.4.7/pppd/auth.c ppp-2.4.7-eaptls-mppe-0.999/pppd/auth.c
if (auth_required && !can_auth && noauth_addrs == NULL) { if (auth_required && !can_auth && noauth_addrs == NULL) {
if (default_auth) { if (default_auth) {
option_error( option_error(
@@ -1331,7 +1397,11 @@ @@ -1331,7 +1397,11 @@ auth_reset(unit)
passwd[0] != 0 || passwd[0] != 0 ||
(hadchap == 1 || (hadchap == -1 && have_chap_secret(user, (hadchap == 1 || (hadchap == -1 && have_chap_secret(user,
(explicit_remote? remote_name: NULL), 0, NULL))) || (explicit_remote? remote_name: NULL), 0, NULL))) ||
@ -519,7 +566,7 @@ diff -Naur ppp-2.4.7/pppd/auth.c ppp-2.4.7-eaptls-mppe-0.999/pppd/auth.c
hadchap = -1; hadchap = -1;
if (go->neg_upap && !uselogin && !have_pap_secret(NULL)) if (go->neg_upap && !uselogin && !have_pap_secret(NULL))
@@ -1346,8 +1416,14 @@ @@ -1346,8 +1416,14 @@ auth_reset(unit)
!have_chap_secret((explicit_remote? remote_name: NULL), our_name, !have_chap_secret((explicit_remote? remote_name: NULL), our_name,
1, NULL))) && 1, NULL))) &&
!have_srp_secret((explicit_remote? remote_name: NULL), our_name, 1, !have_srp_secret((explicit_remote? remote_name: NULL), our_name, 1,
@ -535,7 +582,7 @@ diff -Naur ppp-2.4.7/pppd/auth.c ppp-2.4.7-eaptls-mppe-0.999/pppd/auth.c
} }
@@ -1707,6 +1783,7 @@ @@ -1707,6 +1783,7 @@ have_srp_secret(client, server, need_ip, lacks_ipp)
} }
@ -543,7 +590,7 @@ diff -Naur ppp-2.4.7/pppd/auth.c ppp-2.4.7-eaptls-mppe-0.999/pppd/auth.c
/* /*
* get_secret - open the CHAP secret file and return the secret * get_secret - open the CHAP secret file and return the secret
* for authenticating the given client on the given server. * for authenticating the given client on the given server.
@@ -2359,3 +2436,335 @@ @@ -2359,3 +2436,335 @@ auth_script(script)
auth_script_pid = run_program(script, argv, 0, auth_script_done, NULL, 0); auth_script_pid = run_program(script, argv, 0, auth_script_done, NULL, 0);
} }
@ -879,10 +926,11 @@ diff -Naur ppp-2.4.7/pppd/auth.c ppp-2.4.7-eaptls-mppe-0.999/pppd/auth.c
+} +}
+#endif +#endif
+ +
diff -Naur ppp-2.4.7/pppd/ccp.c ppp-2.4.7-eaptls-mppe-0.999/pppd/ccp.c diff --git a/pppd/ccp.c b/pppd/ccp.c
--- ppp-2.4.7/pppd/ccp.c 2014-08-09 14:31:39.000000000 +0200 index 5814f35..7dead23 100644
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/ccp.c 2017-05-09 14:38:55.148083482 +0200 --- a/pppd/ccp.c
@@ -540,6 +540,9 @@ +++ b/pppd/ccp.c
@@ -540,6 +540,9 @@ ccp_resetci(f)
if (go->mppe) { if (go->mppe) {
ccp_options *ao = &ccp_allowoptions[f->unit]; ccp_options *ao = &ccp_allowoptions[f->unit];
int auth_mschap_bits = auth_done[f->unit]; int auth_mschap_bits = auth_done[f->unit];
@ -892,7 +940,7 @@ diff -Naur ppp-2.4.7/pppd/ccp.c ppp-2.4.7-eaptls-mppe-0.999/pppd/ccp.c
int numbits; int numbits;
/* /*
@@ -567,8 +570,23 @@ @@ -567,8 +570,23 @@ ccp_resetci(f)
lcp_close(f->unit, "MPPE required but not available"); lcp_close(f->unit, "MPPE required but not available");
return; return;
} }
@ -917,9 +965,10 @@ diff -Naur ppp-2.4.7/pppd/ccp.c ppp-2.4.7-eaptls-mppe-0.999/pppd/ccp.c
lcp_close(f->unit, "MPPE required but not available"); lcp_close(f->unit, "MPPE required but not available");
return; return;
} }
diff -Naur ppp-2.4.7/pppd/chap-md5.c ppp-2.4.7-eaptls-mppe-0.999/pppd/chap-md5.c diff --git a/pppd/chap-md5.c b/pppd/chap-md5.c
--- ppp-2.4.7/pppd/chap-md5.c 2014-08-09 14:31:39.000000000 +0200 index 77dd4ec..269b52c 100644
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/chap-md5.c 2017-05-09 14:38:55.148083482 +0200 --- a/pppd/chap-md5.c
+++ b/pppd/chap-md5.c
@@ -36,7 +36,11 @@ @@ -36,7 +36,11 @@
#include "chap-new.h" #include "chap-new.h"
#include "chap-md5.h" #include "chap-md5.h"
@ -932,10 +981,12 @@ diff -Naur ppp-2.4.7/pppd/chap-md5.c ppp-2.4.7-eaptls-mppe-0.999/pppd/chap-md5.c
#define MD5_HASH_SIZE 16 #define MD5_HASH_SIZE 16
#define MD5_MIN_CHALLENGE 16 #define MD5_MIN_CHALLENGE 16
diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap-tls.c diff --git a/pppd/eap-tls.c b/pppd/eap-tls.c
--- ppp-2.4.7/pppd/eap-tls.c 1970-01-01 01:00:00.000000000 +0100 new file mode 100644
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/eap-tls.c 2017-05-11 10:43:00.345739124 +0200 index 0000000..edcb0cb
@@ -0,0 +1,1308 @@ --- /dev/null
+++ b/pppd/eap-tls.c
@@ -0,0 +1,1212 @@
+/* +/*
+ * eap-tls.c - EAP-TLS implementation for PPP + * eap-tls.c - EAP-TLS implementation for PPP
+ * + *
@ -993,72 +1044,6 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap-tls.c
+ +
+#ifdef MPPE +#ifdef MPPE
+ +
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
+/*
+ * https://wiki.openssl.org/index.php/1.1_API_Changes
+ * tries to provide some guidance but ultimately falls short.
+ */
+
+static void HMAC_CTX_free(HMAC_CTX *ctx)
+{
+ if (ctx != NULL) {
+ HMAC_CTX_cleanup(ctx);
+ OPENSSL_free(ctx);
+ }
+}
+
+static HMAC_CTX *HMAC_CTX_new(void)
+{
+ HMAC_CTX *ctx = OPENSSL_malloc(sizeof(*ctx));
+ if (ctx != NULL)
+ HMAC_CTX_init(ctx);
+ return ctx;
+}
+
+/*
+ * These were basically jacked directly from the OpenSSL tree
+ * without adjustments.
+ */
+
+static size_t SSL_get_client_random(const SSL *ssl, unsigned char *out,
+ size_t outlen)
+{
+ if (outlen == 0)
+ return sizeof(ssl->s3->client_random);
+ if (outlen > sizeof(ssl->s3->client_random))
+ outlen = sizeof(ssl->s3->client_random);
+ memcpy(out, ssl->s3->client_random, outlen);
+ return outlen;
+}
+
+static size_t SSL_get_server_random(const SSL *ssl, unsigned char *out,
+ size_t outlen)
+{
+ if (outlen == 0)
+ return sizeof(ssl->s3->server_random);
+ if (outlen > sizeof(ssl->s3->server_random))
+ outlen = sizeof(ssl->s3->server_random);
+ memcpy(out, ssl->s3->server_random, outlen);
+ return outlen;
+}
+
+static size_t SSL_SESSION_get_master_key(const SSL_SESSION *session,
+ unsigned char *out, size_t outlen)
+{
+ if (outlen == 0)
+ return session->master_key_length;
+ if (outlen > session->master_key_length)
+ outlen = session->master_key_length;
+ memcpy(out, session->master_key, outlen);
+ return outlen;
+}
+
+/* Avoid a deprecated warning in OpenSSL 1.1 whilst still allowing to build against 1.0.x */
+#define TLS_method TLSv1_method
+
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+
+/* +/*
+ * TLS PRF from RFC 2246 + * TLS PRF from RFC 2246
+ */ + */
@ -1067,47 +1052,47 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap-tls.c
+ const unsigned char *seed, unsigned int seed_len, + const unsigned char *seed, unsigned int seed_len,
+ unsigned char *out, unsigned int out_len) + unsigned char *out, unsigned int out_len)
+{ +{
+ HMAC_CTX *ctx_a, *ctx_out; + HMAC_CTX ctx_a, ctx_out;
+ unsigned char a[HMAC_MAX_MD_CBLOCK]; + unsigned char a[HMAC_MAX_MD_CBLOCK];
+ unsigned int size; + unsigned int size;
+ +
+ ctx_a = HMAC_CTX_new(); + HMAC_CTX_init(&ctx_a);
+ ctx_out = HMAC_CTX_new(); + HMAC_CTX_init(&ctx_out);
+ HMAC_Init_ex(ctx_a, secret, secret_len, evp_md, NULL); + HMAC_Init_ex(&ctx_a, secret, secret_len, evp_md, NULL);
+ HMAC_Init_ex(ctx_out, secret, secret_len, evp_md, NULL); + HMAC_Init_ex(&ctx_out, secret, secret_len, evp_md, NULL);
+ +
+ size = HMAC_size(ctx_out); + size = HMAC_size(&ctx_out);
+ +
+ /* Calculate A(1) */ + /* Calculate A(1) */
+ HMAC_Update(ctx_a, seed, seed_len); + HMAC_Update(&ctx_a, seed, seed_len);
+ HMAC_Final(ctx_a, a, NULL); + HMAC_Final(&ctx_a, a, NULL);
+ +
+ while (1) { + while (1) {
+ /* Calculate next part of output */ + /* Calculate next part of output */
+ HMAC_Update(ctx_out, a, size); + HMAC_Update(&ctx_out, a, size);
+ HMAC_Update(ctx_out, seed, seed_len); + HMAC_Update(&ctx_out, seed, seed_len);
+ +
+ /* Check if last part */ + /* Check if last part */
+ if (out_len < size) { + if (out_len < size) {
+ HMAC_Final(ctx_out, a, NULL); + HMAC_Final(&ctx_out, a, NULL);
+ memcpy(out, a, out_len); + memcpy(out, a, out_len);
+ break; + break;
+ } + }
+ +
+ /* Place digest in output buffer */ + /* Place digest in output buffer */
+ HMAC_Final(ctx_out, out, NULL); + HMAC_Final(&ctx_out, out, NULL);
+ HMAC_Init_ex(ctx_out, NULL, 0, NULL, NULL); + HMAC_Init_ex(&ctx_out, NULL, 0, NULL, NULL);
+ out += size; + out += size;
+ out_len -= size; + out_len -= size;
+ +
+ /* Calculate next A(i) */ + /* Calculate next A(i) */
+ HMAC_Init_ex(ctx_a, NULL, 0, NULL, NULL); + HMAC_Init_ex(&ctx_a, NULL, 0, NULL, NULL);
+ HMAC_Update(ctx_a, a, size); + HMAC_Update(&ctx_a, a, size);
+ HMAC_Final(ctx_a, a, NULL); + HMAC_Final(&ctx_a, a, NULL);
+ } + }
+ +
+ HMAC_CTX_free(ctx_a); + HMAC_CTX_cleanup(&ctx_a);
+ HMAC_CTX_free(ctx_out); + HMAC_CTX_cleanup(&ctx_out);
+ memset(a, 0, sizeof(a)); + memset(a, 0, sizeof(a));
+} +}
+ +
@ -1141,22 +1126,21 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap-tls.c
+ unsigned char *p = seed; + unsigned char *p = seed;
+ SSL *s = ets->ssl; + SSL *s = ets->ssl;
+ size_t prf_size; + size_t prf_size;
+ unsigned char master_key[SSL_MAX_MASTER_KEY_LENGTH];
+ size_t master_key_length;
+ +
+ prf_size = strlen(prf_label); + prf_size = strlen(prf_label);
+ +
+ memcpy(p, prf_label, prf_size); + memcpy(p, prf_label, prf_size);
+ p += prf_size; + p += prf_size;
+ +
+ prf_size += SSL_get_client_random(s, p, SSL3_RANDOM_SIZE); + memcpy(p, s->s3->client_random, SSL3_RANDOM_SIZE);
+ p += SSL3_RANDOM_SIZE; + p += SSL3_RANDOM_SIZE;
+ prf_size += SSL3_RANDOM_SIZE;
+ +
+ prf_size += SSL_get_server_random(s, p, SSL3_RANDOM_SIZE); + memcpy(p, s->s3->server_random, SSL3_RANDOM_SIZE);
+ prf_size += SSL3_RANDOM_SIZE;
+ +
+ master_key_length = SSL_SESSION_get_master_key(SSL_get_session(s), master_key, + PRF(s->session->master_key, s->session->master_key_length,
+ sizeof(master_key)); + seed, prf_size, out, buf, sizeof(out));
+ PRF(master_key, master_key_length, seed, prf_size, out, buf, sizeof(out));
+ +
+ /* + /*
+ * We now have the master send and receive keys. + * We now have the master send and receive keys.
@ -1324,7 +1308,7 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap-tls.c
+ SSL_library_init(); + SSL_library_init();
+ SSL_load_error_strings(); + SSL_load_error_strings();
+ +
+ ctx = SSL_CTX_new(TLS_method()); + ctx = SSL_CTX_new(TLSv1_method());
+ +
+ if (!ctx) { + if (!ctx) {
+ error("EAP-TLS: Cannot initialize SSL CTX context"); + error("EAP-TLS: Cannot initialize SSL CTX context");
@ -2128,47 +2112,18 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap-tls.c
+ char string[256]; + char string[256];
+ struct eaptls_session *ets = (struct eaptls_session *)arg; + struct eaptls_session *ets = (struct eaptls_session *)arg;
+ unsigned char code; + unsigned char code;
+ const unsigned char*msg = buf;
+ int hvers = msg[1] << 8 | msg[2];
+ +
+ if(write_p) + if(write_p)
+ strcpy(string, " -> "); + strcpy(string, " -> ");
+ else + else
+ strcpy(string, " <- "); + strcpy(string, " <- ");
+ +
+ switch(content_type) {
+ +
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L + switch(content_type) {
+ case SSL3_RT_HEADER:
+ strcat(string, "SSL/TLS Header: ");
+ switch(hvers) {
+ case SSL3_VERSION:
+ strcat(string, "SSL 3.0");
+ break;
+ case TLS1_VERSION:
+ strcat(string, "TLS 1.0");
+ break;
+ case TLS1_1_VERSION:
+ strcat(string, "TLS 1.1");
+ break;
+ case TLS1_2_VERSION:
+ strcat(string, "TLS 1.2");
+ break;
+ case DTLS1_VERSION:
+ strcat(string, "DTLS 1.0");
+ break;
+ case DTLS1_2_VERSION:
+ strcat(string, "DTLS 1.2");
+ break;
+ default:
+ strcat(string, "Unknown version");
+ }
+ break;
+#endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */
+ +
+ case SSL3_RT_ALERT: + case SSL3_RT_ALERT:
+ strcat(string, "Alert: "); + strcat(string, "Alert: ");
+ code = msg[1]; + code = ((const unsigned char *)buf)[1];
+ +
+ if (write_p) { + if (write_p) {
+ ets->alert_sent = 1; + ets->alert_sent = 1;
@ -2188,7 +2143,7 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap-tls.c
+ case SSL3_RT_HANDSHAKE: + case SSL3_RT_HANDSHAKE:
+ +
+ strcat(string, "Handshake: "); + strcat(string, "Handshake: ");
+ code = msg[0]; + code = ((const unsigned char *)buf)[0];
+ +
+ switch(code) { + switch(code) {
+ case SSL3_MT_HELLO_REQUEST: + case SSL3_MT_HELLO_REQUEST:
@ -2244,9 +2199,11 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap-tls.c
+ dbglog("%s", string); + dbglog("%s", string);
+} +}
+ +
diff -Naur ppp-2.4.7/pppd/eap-tls.h ppp-2.4.7-eaptls-mppe-0.999/pppd/eap-tls.h diff --git a/pppd/eap-tls.h b/pppd/eap-tls.h
--- ppp-2.4.7/pppd/eap-tls.h 1970-01-01 01:00:00.000000000 +0100 new file mode 100644
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/eap-tls.h 2017-05-09 14:38:55.150083347 +0200 index 0000000..2d45a0b
--- /dev/null
+++ b/pppd/eap-tls.h
@@ -0,0 +1,107 @@ @@ -0,0 +1,107 @@
+/* +/*
+ * eap-tls.h + * eap-tls.h
@ -2355,9 +2312,10 @@ diff -Naur ppp-2.4.7/pppd/eap-tls.h ppp-2.4.7-eaptls-mppe-0.999/pppd/eap-tls.h
+#endif +#endif
+ +
+#endif +#endif
diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c diff --git a/pppd/eap.c b/pppd/eap.c
--- ppp-2.4.7/pppd/eap.c 2014-08-09 14:31:39.000000000 +0200 index faced53..bfbce95 100644
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c 2017-05-09 14:38:55.151083274 +0200 --- a/pppd/eap.c
+++ b/pppd/eap.c
@@ -43,6 +43,11 @@ @@ -43,6 +43,11 @@
* Based on draft-ietf-pppext-eap-srp-03.txt. * Based on draft-ietf-pppext-eap-srp-03.txt.
*/ */
@ -2384,7 +2342,7 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
#ifdef USE_SRP #ifdef USE_SRP
#include <t_pwd.h> #include <t_pwd.h>
@@ -209,6 +218,9 @@ @@ -209,6 +218,9 @@ int unit;
esp->es_server.ea_id = (u_char)(drand48() * 0x100); esp->es_server.ea_id = (u_char)(drand48() * 0x100);
esp->es_client.ea_timeout = EAP_DEFREQTIME; esp->es_client.ea_timeout = EAP_DEFREQTIME;
esp->es_client.ea_maxrequests = EAP_DEFALLOWREQ; esp->es_client.ea_maxrequests = EAP_DEFALLOWREQ;
@ -2394,7 +2352,7 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
} }
/* /*
@@ -436,8 +448,16 @@ @@ -436,8 +448,16 @@ int status;
u_char vals[2]; u_char vals[2];
struct b64state bs; struct b64state bs;
#endif /* USE_SRP */ #endif /* USE_SRP */
@ -2411,7 +2369,7 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
switch (esp->es_server.ea_state) { switch (esp->es_server.ea_state) {
case eapBadAuth: case eapBadAuth:
return; return;
@@ -562,9 +582,79 @@ @@ -562,9 +582,79 @@ int status;
break; break;
} }
#endif /* USE_SRP */ #endif /* USE_SRP */
@ -2491,7 +2449,7 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
case eapSRP1: case eapSRP1:
#ifdef USE_SRP #ifdef USE_SRP
ts = (struct t_server *)esp->es_server.ea_session; ts = (struct t_server *)esp->es_server.ea_session;
@@ -718,6 +808,30 @@ @@ -718,6 +808,30 @@ eap_state *esp;
INCPTR(esp->es_server.ea_namelen, outp); INCPTR(esp->es_server.ea_namelen, outp);
break; break;
@ -2522,7 +2480,7 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
#ifdef USE_SRP #ifdef USE_SRP
case eapSRP1: case eapSRP1:
PUTCHAR(EAPT_SRP, outp); PUTCHAR(EAPT_SRP, outp);
@@ -904,11 +1018,57 @@ @@ -904,11 +1018,57 @@ static void
eap_server_timeout(arg) eap_server_timeout(arg)
void *arg; void *arg;
{ {
@ -2580,7 +2538,7 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
/* EAP ID number must not change on timeout. */ /* EAP ID number must not change on timeout. */
eap_send_request(esp); eap_send_request(esp);
} }
@@ -1166,6 +1326,81 @@ @@ -1166,6 +1326,81 @@ u_char *str;
} }
#endif /* USE_SRP */ #endif /* USE_SRP */
@ -2662,7 +2620,7 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
static void static void
eap_send_nak(esp, id, type) eap_send_nak(esp, id, type)
eap_state *esp; eap_state *esp;
@@ -1320,6 +1555,11 @@ @@ -1320,6 +1555,11 @@ int len;
char rhostname[256]; char rhostname[256];
MD5_CTX mdContext; MD5_CTX mdContext;
u_char hash[MD5_SIGNATURE_SIZE]; u_char hash[MD5_SIGNATURE_SIZE];
@ -2674,7 +2632,7 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
#ifdef USE_SRP #ifdef USE_SRP
struct t_client *tc; struct t_client *tc;
struct t_num sval, gval, Nval, *Ap, Bval; struct t_num sval, gval, Nval, *Ap, Bval;
@@ -1456,6 +1696,90 @@ @@ -1456,6 +1696,90 @@ int len;
esp->es_client.ea_namelen); esp->es_client.ea_namelen);
break; break;
@ -2765,7 +2723,7 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
#ifdef USE_SRP #ifdef USE_SRP
case EAPT_SRP: case EAPT_SRP:
if (len < 1) { if (len < 1) {
@@ -1737,6 +2061,11 @@ @@ -1737,6 +2061,11 @@ int len;
u_char dig[SHA_DIGESTSIZE]; u_char dig[SHA_DIGESTSIZE];
#endif /* USE_SRP */ #endif /* USE_SRP */
@ -2777,7 +2735,7 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
if (esp->es_server.ea_id != id) { if (esp->es_server.ea_id != id) {
dbglog("EAP: discarding Response %d; expected ID %d", id, dbglog("EAP: discarding Response %d; expected ID %d", id,
esp->es_server.ea_id); esp->es_server.ea_id);
@@ -1776,6 +2105,60 @@ @@ -1776,6 +2105,60 @@ int len;
eap_figure_next_state(esp, 0); eap_figure_next_state(esp, 0);
break; break;
@ -2838,7 +2796,7 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
case EAPT_NOTIFICATION: case EAPT_NOTIFICATION:
dbglog("EAP unexpected Notification; response discarded"); dbglog("EAP unexpected Notification; response discarded");
break; break;
@@ -1807,6 +2190,13 @@ @@ -1807,6 +2190,13 @@ int len;
esp->es_server.ea_state = eapMD5Chall; esp->es_server.ea_state = eapMD5Chall;
break; break;
@ -2852,7 +2810,7 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
default: default:
dbglog("EAP: peer requesting unknown Type %d", vallen); dbglog("EAP: peer requesting unknown Type %d", vallen);
switch (esp->es_server.ea_state) { switch (esp->es_server.ea_state) {
@@ -2018,13 +2408,27 @@ @@ -2018,13 +2408,27 @@ u_char *inp;
int id; int id;
int len; int len;
{ {
@ -2881,7 +2839,7 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
if (esp->es_client.ea_timeout > 0) { if (esp->es_client.ea_timeout > 0) {
UNTIMEOUT(eap_client_timeout, (void *)esp); UNTIMEOUT(eap_client_timeout, (void *)esp);
} }
@@ -2150,6 +2554,9 @@ @@ -2150,6 +2554,9 @@ void *arg;
int code, id, len, rtype, vallen; int code, id, len, rtype, vallen;
u_char *pstart; u_char *pstart;
u_int32_t uval; u_int32_t uval;
@ -2891,7 +2849,7 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
if (inlen < EAP_HEADERLEN) if (inlen < EAP_HEADERLEN)
return (0); return (0);
@@ -2214,6 +2621,24 @@ @@ -2214,6 +2621,24 @@ void *arg;
} }
break; break;
@ -2916,7 +2874,7 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
case EAPT_SRP: case EAPT_SRP:
if (len < 3) if (len < 3)
goto truncated; goto truncated;
@@ -2325,6 +2750,25 @@ @@ -2325,6 +2750,25 @@ void *arg;
} }
break; break;
@ -2942,15 +2900,16 @@ diff -Naur ppp-2.4.7/pppd/eap.c ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.c
case EAPT_NAK: case EAPT_NAK:
if (len <= 0) { if (len <= 0) {
printer(arg, " <missing hint>"); printer(arg, " <missing hint>");
@@ -2426,3 +2870,4 @@ @@ -2426,3 +2870,4 @@ void *arg;
return (inp - pstart); return (inp - pstart);
} }
+ +
diff -Naur ppp-2.4.7/pppd/eap.h ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.h diff --git a/pppd/eap.h b/pppd/eap.h
--- ppp-2.4.7/pppd/eap.h 2014-08-09 14:31:39.000000000 +0200 index 199d184..3fa5391 100644
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.h 2017-05-09 14:38:55.152083200 +0200 --- a/pppd/eap.h
@@ -84,6 +84,16 @@ +++ b/pppd/eap.h
@@ -84,6 +84,16 @@ enum eap_state_code {
eapClosed, /* Authentication not in use */ eapClosed, /* Authentication not in use */
eapListen, /* Client ready (and timer running) */ eapListen, /* Client ready (and timer running) */
eapIdentify, /* EAP Identify sent */ eapIdentify, /* EAP Identify sent */
@ -2967,7 +2926,7 @@ diff -Naur ppp-2.4.7/pppd/eap.h ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.h
eapSRP1, /* Sent EAP SRP-SHA1 Subtype 1 */ eapSRP1, /* Sent EAP SRP-SHA1 Subtype 1 */
eapSRP2, /* Sent EAP SRP-SHA1 Subtype 2 */ eapSRP2, /* Sent EAP SRP-SHA1 Subtype 2 */
eapSRP3, /* Sent EAP SRP-SHA1 Subtype 3 */ eapSRP3, /* Sent EAP SRP-SHA1 Subtype 3 */
@@ -95,9 +105,18 @@ @@ -95,9 +105,18 @@ enum eap_state_code {
#define EAP_STATES \ #define EAP_STATES \
"Initial", "Pending", "Closed", "Listen", "Identify", \ "Initial", "Pending", "Closed", "Listen", "Identify", \
@ -2977,8 +2936,8 @@ diff -Naur ppp-2.4.7/pppd/eap.h ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.h
-#define eap_client_active(esp) ((esp)->es_client.ea_state == eapListen) -#define eap_client_active(esp) ((esp)->es_client.ea_state == eapListen)
+#ifdef USE_EAPTLS +#ifdef USE_EAPTLS
+#define eap_client_active(esp) ((esp)->es_client.ea_state != eapInitial &&\ +#define eap_client_active(esp) ((esp)->es_client.ea_state != eapInitial ||\
+ (esp)->es_client.ea_state != eapPending &&\ + (esp)->es_client.ea_state != eapPending ||\
+ (esp)->es_client.ea_state != eapClosed) + (esp)->es_client.ea_state != eapClosed)
+#else +#else
+#define eap_client_active(esp) ((esp)->es_client.ea_state == eapListen) +#define eap_client_active(esp) ((esp)->es_client.ea_state == eapListen)
@ -2987,7 +2946,7 @@ diff -Naur ppp-2.4.7/pppd/eap.h ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.h
#define eap_server_active(esp) \ #define eap_server_active(esp) \
((esp)->es_server.ea_state >= eapIdentify && \ ((esp)->es_server.ea_state >= eapIdentify && \
(esp)->es_server.ea_state <= eapMD5Chall) (esp)->es_server.ea_state <= eapMD5Chall)
@@ -112,11 +131,17 @@ @@ -112,11 +131,17 @@ struct eap_auth {
u_short ea_namelen; /* Length of our name */ u_short ea_namelen; /* Length of our name */
u_short ea_peerlen; /* Length of peer's name */ u_short ea_peerlen; /* Length of peer's name */
enum eap_state_code ea_state; enum eap_state_code ea_state;
@ -3005,7 +2964,7 @@ diff -Naur ppp-2.4.7/pppd/eap.h ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.h
}; };
/* /*
@@ -139,7 +164,12 @@ @@ -139,7 +164,12 @@ typedef struct eap_state {
* Timeouts. * Timeouts.
*/ */
#define EAP_DEFTIMEOUT 3 /* Timeout (seconds) for rexmit */ #define EAP_DEFTIMEOUT 3 /* Timeout (seconds) for rexmit */
@ -3018,9 +2977,10 @@ diff -Naur ppp-2.4.7/pppd/eap.h ppp-2.4.7-eaptls-mppe-0.999/pppd/eap.h
#define EAP_DEFREQTIME 20 /* Time to wait for peer request */ #define EAP_DEFREQTIME 20 /* Time to wait for peer request */
#define EAP_DEFALLOWREQ 20 /* max # times to accept requests */ #define EAP_DEFALLOWREQ 20 /* max # times to accept requests */
diff -Naur ppp-2.4.7/pppd/md5.c ppp-2.4.7-eaptls-mppe-0.999/pppd/md5.c diff --git a/pppd/md5.c b/pppd/md5.c
--- ppp-2.4.7/pppd/md5.c 2014-08-09 14:31:39.000000000 +0200 index f1291ce..6f8f720 100644
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/md5.c 2017-05-09 14:38:55.152083200 +0200 --- a/pppd/md5.c
+++ b/pppd/md5.c
@@ -33,6 +33,8 @@ @@ -33,6 +33,8 @@
*********************************************************************** ***********************************************************************
*/ */
@ -3030,15 +2990,16 @@ diff -Naur ppp-2.4.7/pppd/md5.c ppp-2.4.7-eaptls-mppe-0.999/pppd/md5.c
#include <string.h> #include <string.h>
#include "md5.h" #include "md5.h"
@@ -305,3 +307,5 @@ @@ -305,3 +307,5 @@ UINT4 *in;
** End of md5.c ** ** End of md5.c **
******************************** (cut) ******************************** ******************************** (cut) ********************************
*/ */
+#endif /* USE_EAPTLS */ +#endif /* USE_EAPTLS */
+ +
diff -Naur ppp-2.4.7/pppd/md5.h ppp-2.4.7-eaptls-mppe-0.999/pppd/md5.h diff --git a/pppd/md5.h b/pppd/md5.h
--- ppp-2.4.7/pppd/md5.h 2014-08-09 14:31:39.000000000 +0200 index 71e8b00..14d7121 100644
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/md5.h 2017-05-09 14:38:55.152083200 +0200 --- a/pppd/md5.h
+++ b/pppd/md5.h
@@ -36,6 +36,7 @@ @@ -36,6 +36,7 @@
** documentation and/or software. ** ** documentation and/or software. **
*********************************************************************** ***********************************************************************
@ -3047,16 +3008,17 @@ diff -Naur ppp-2.4.7/pppd/md5.h ppp-2.4.7-eaptls-mppe-0.999/pppd/md5.h
#ifndef __MD5_INCLUDE__ #ifndef __MD5_INCLUDE__
@@ -63,3 +64,5 @@ @@ -63,3 +64,5 @@ void MD5_Final (unsigned char hash[], MD5_CTX *mdContext);
#define __MD5_INCLUDE__ #define __MD5_INCLUDE__
#endif /* __MD5_INCLUDE__ */ #endif /* __MD5_INCLUDE__ */
+ +
+#endif /* USE_EAPTLS */ +#endif /* USE_EAPTLS */
diff -Naur ppp-2.4.7/pppd/pathnames.h ppp-2.4.7-eaptls-mppe-0.999/pppd/pathnames.h diff --git a/pppd/pathnames.h b/pppd/pathnames.h
--- ppp-2.4.7/pppd/pathnames.h 2014-08-09 14:31:39.000000000 +0200 index 24e010c..6275df6 100644
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/pathnames.h 2017-05-09 14:38:55.153083126 +0200 --- a/pppd/pathnames.h
@@ -21,6 +21,13 @@ +++ b/pppd/pathnames.h
@@ -22,6 +22,13 @@
#define _PATH_UPAPFILE _ROOT_PATH "/etc/ppp/pap-secrets" #define _PATH_UPAPFILE _ROOT_PATH "/etc/ppp/pap-secrets"
#define _PATH_CHAPFILE _ROOT_PATH "/etc/ppp/chap-secrets" #define _PATH_CHAPFILE _ROOT_PATH "/etc/ppp/chap-secrets"
#define _PATH_SRPFILE _ROOT_PATH "/etc/ppp/srp-secrets" #define _PATH_SRPFILE _ROOT_PATH "/etc/ppp/srp-secrets"
@ -3070,10 +3032,11 @@ diff -Naur ppp-2.4.7/pppd/pathnames.h ppp-2.4.7-eaptls-mppe-0.999/pppd/pathnames
#define _PATH_SYSOPTIONS _ROOT_PATH "/etc/ppp/options" #define _PATH_SYSOPTIONS _ROOT_PATH "/etc/ppp/options"
#define _PATH_IPUP _ROOT_PATH "/etc/ppp/ip-up" #define _PATH_IPUP _ROOT_PATH "/etc/ppp/ip-up"
#define _PATH_IPDOWN _ROOT_PATH "/etc/ppp/ip-down" #define _PATH_IPDOWN _ROOT_PATH "/etc/ppp/ip-down"
diff -Naur ppp-2.4.7/pppd/plugins/Makefile.linux ppp-2.4.7-eaptls-mppe-0.999/pppd/plugins/Makefile.linux diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux
--- ppp-2.4.7/pppd/plugins/Makefile.linux 2014-08-09 14:31:39.000000000 +0200 index b474a19..760cad4 100644
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/plugins/Makefile.linux 2017-05-09 14:38:55.153083126 +0200 --- a/pppd/plugins/Makefile.linux
@@ -4,6 +4,9 @@ +++ b/pppd/plugins/Makefile.linux
@@ -4,6 +4,9 @@ CFLAGS = $(COPTS) -I.. -I../../include -fPIC
LDFLAGS = -shared LDFLAGS = -shared
INSTALL = install INSTALL = install
@ -3083,10 +3046,11 @@ diff -Naur ppp-2.4.7/pppd/plugins/Makefile.linux ppp-2.4.7-eaptls-mppe-0.999/ppp
DESTDIR = $(INSTROOT)@DESTDIR@ DESTDIR = $(INSTROOT)@DESTDIR@
BINDIR = $(DESTDIR)/sbin BINDIR = $(DESTDIR)/sbin
MANDIR = $(DESTDIR)/share/man/man8 MANDIR = $(DESTDIR)/share/man/man8
diff -Naur ppp-2.4.7/pppd/plugins/passprompt.c ppp-2.4.7-eaptls-mppe-0.999/pppd/plugins/passprompt.c diff --git a/pppd/plugins/passprompt.c b/pppd/plugins/passprompt.c
--- ppp-2.4.7/pppd/plugins/passprompt.c 2014-08-09 14:31:39.000000000 +0200 index babb6dc..6ba73ca 100644
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/plugins/passprompt.c 2017-05-09 14:38:55.153083126 +0200 --- a/pppd/plugins/passprompt.c
@@ -107,4 +107,7 @@ +++ b/pppd/plugins/passprompt.c
@@ -107,4 +107,7 @@ void plugin_init(void)
{ {
add_options(options); add_options(options);
pap_passwd_hook = promptpass; pap_passwd_hook = promptpass;
@ -3094,10 +3058,11 @@ diff -Naur ppp-2.4.7/pppd/plugins/passprompt.c ppp-2.4.7-eaptls-mppe-0.999/pppd/
+ eaptls_passwd_hook = promptpass; + eaptls_passwd_hook = promptpass;
+#endif +#endif
} }
diff -Naur ppp-2.4.7/pppd/plugins/passwordfd.c ppp-2.4.7-eaptls-mppe-0.999/pppd/plugins/passwordfd.c diff --git a/pppd/plugins/passwordfd.c b/pppd/plugins/passwordfd.c
--- ppp-2.4.7/pppd/plugins/passwordfd.c 2014-08-09 14:31:39.000000000 +0200 index d718f3b..c3f9793 100644
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/plugins/passwordfd.c 2017-05-09 14:38:55.154083052 +0200 --- a/pppd/plugins/passwordfd.c
@@ -79,4 +79,8 @@ +++ b/pppd/plugins/passwordfd.c
@@ -79,4 +79,8 @@ void plugin_init (void)
chap_check_hook = pwfd_check; chap_check_hook = pwfd_check;
chap_passwd_hook = pwfd_passwd; chap_passwd_hook = pwfd_passwd;
@ -3106,10 +3071,11 @@ diff -Naur ppp-2.4.7/pppd/plugins/passwordfd.c ppp-2.4.7-eaptls-mppe-0.999/pppd/
+ eaptls_passwd_hook = pwfd_passwd; + eaptls_passwd_hook = pwfd_passwd;
+#endif +#endif
} }
diff -Naur ppp-2.4.7/pppd/pppd.8 ppp-2.4.7-eaptls-mppe-0.999/pppd/pppd.8 diff --git a/pppd/pppd.8 b/pppd/pppd.8
--- ppp-2.4.7/pppd/pppd.8 2014-08-09 14:31:39.000000000 +0200 index 2dd6e1a..75dd6f3 100644
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/pppd.8 2017-05-09 14:38:55.155082978 +0200 --- a/pppd/pppd.8
@@ -248,6 +248,12 @@ +++ b/pppd/pppd.8
@@ -248,6 +248,12 @@ Alternatively, a value of 0 for \fInr\fR or \fInt\fR disables
compression in the corresponding direction. Use \fInobsdcomp\fR or compression in the corresponding direction. Use \fInobsdcomp\fR or
\fIbsdcomp 0\fR to disable BSD-Compress compression entirely. \fIbsdcomp 0\fR to disable BSD-Compress compression entirely.
.TP .TP
@ -3122,7 +3088,7 @@ diff -Naur ppp-2.4.7/pppd/pppd.8 ppp-2.4.7-eaptls-mppe-0.999/pppd/pppd.8
.B cdtrcts .B cdtrcts
Use a non-standard hardware flow control (i.e. DTR/CTS) to control Use a non-standard hardware flow control (i.e. DTR/CTS) to control
the flow of data on the serial port. If neither the \fIcrtscts\fR, the flow of data on the serial port. If neither the \fIcrtscts\fR,
@@ -259,6 +265,12 @@ @@ -259,6 +265,12 @@ RTS output. Such serial ports use this mode to implement true
bi-directional flow control. The sacrifice is that this flow bi-directional flow control. The sacrifice is that this flow
control mode does not permit using DTR as a modem control line. control mode does not permit using DTR as a modem control line.
.TP .TP
@ -3135,7 +3101,7 @@ diff -Naur ppp-2.4.7/pppd/pppd.8 ppp-2.4.7-eaptls-mppe-0.999/pppd/pppd.8
.B chap\-interval \fIn .B chap\-interval \fIn
If this option is given, pppd will rechallenge the peer every \fIn\fR If this option is given, pppd will rechallenge the peer every \fIn\fR
seconds. seconds.
@@ -287,6 +299,18 @@ @@ -287,6 +299,18 @@ negotiation by sending its first LCP packet. The default value is
1000 (1 second). This wait period only applies if the \fBconnect\fR 1000 (1 second). This wait period only applies if the \fBconnect\fR
or \fBpty\fR option is used. or \fBpty\fR option is used.
.TP .TP
@ -3154,7 +3120,7 @@ diff -Naur ppp-2.4.7/pppd/pppd.8 ppp-2.4.7-eaptls-mppe-0.999/pppd/pppd.8
.B debug .B debug
Enables connection debugging facilities. Enables connection debugging facilities.
If this option is given, pppd will log the contents of all If this option is given, pppd will log the contents of all
@@ -551,6 +575,12 @@ @@ -551,6 +575,12 @@ transmitted packets be printed. On most systems, messages printed by
the kernel are logged by syslog(1) to a file as directed in the the kernel are logged by syslog(1) to a file as directed in the
/etc/syslog.conf configuration file. /etc/syslog.conf configuration file.
.TP .TP
@ -3167,7 +3133,7 @@ diff -Naur ppp-2.4.7/pppd/pppd.8 ppp-2.4.7-eaptls-mppe-0.999/pppd/pppd.8
.B ktune .B ktune
Enables pppd to alter kernel settings as appropriate. Under Linux, Enables pppd to alter kernel settings as appropriate. Under Linux,
pppd will enable IP forwarding (i.e. set /proc/sys/net/ipv4/ip_forward pppd will enable IP forwarding (i.e. set /proc/sys/net/ipv4/ip_forward
@@ -709,6 +739,9 @@ @@ -709,6 +739,9 @@ name to \fIname\fR.)
Disable Address/Control compression in both directions (send and Disable Address/Control compression in both directions (send and
receive). receive).
.TP .TP
@ -3177,10 +3143,11 @@ diff -Naur ppp-2.4.7/pppd/pppd.8 ppp-2.4.7-eaptls-mppe-0.999/pppd/pppd.8
.B noauth .B noauth
Do not require the peer to authenticate itself. This option is Do not require the peer to authenticate itself. This option is
privileged. privileged.
diff -Naur ppp-2.4.7/pppd/pppd.h ppp-2.4.7-eaptls-mppe-0.999/pppd/pppd.h diff --git a/pppd/pppd.h b/pppd/pppd.h
--- ppp-2.4.7/pppd/pppd.h 2014-08-09 14:31:39.000000000 +0200 index 5f72f72..523f226 100644
+++ ppp-2.4.7-eaptls-mppe-0.999/pppd/pppd.h 2017-05-09 14:38:55.156082905 +0200 --- a/pppd/pppd.h
@@ -325,6 +325,11 @@ +++ b/pppd/pppd.h
@@ -324,6 +324,11 @@ extern bool dump_options; /* print out option values */
extern bool dryrun; /* check everything, print options, exit */ extern bool dryrun; /* check everything, print options, exit */
extern int child_wait; /* # seconds to wait for children at end */ extern int child_wait; /* # seconds to wait for children at end */
@ -3192,7 +3159,7 @@ diff -Naur ppp-2.4.7/pppd/pppd.h ppp-2.4.7-eaptls-mppe-0.999/pppd/pppd.h
#ifdef MAXOCTETS #ifdef MAXOCTETS
extern unsigned int maxoctets; /* Maximum octetes per session (in bytes) */ extern unsigned int maxoctets; /* Maximum octetes per session (in bytes) */
extern int maxoctets_dir; /* Direction : extern int maxoctets_dir; /* Direction :
@@ -741,6 +746,10 @@ @@ -738,6 +743,10 @@ extern int (*chap_check_hook) __P((void));
extern int (*chap_passwd_hook) __P((char *user, char *passwd)); extern int (*chap_passwd_hook) __P((char *user, char *passwd));
extern void (*multilink_join_hook) __P((void)); extern void (*multilink_join_hook) __P((void));
@ -3203,3 +3170,6 @@ diff -Naur ppp-2.4.7/pppd/pppd.h ppp-2.4.7-eaptls-mppe-0.999/pppd/pppd.h
/* Let a plugin snoop sent and received packets. Useful for L2TP */ /* Let a plugin snoop sent and received packets. Useful for L2TP */
extern void (*snoop_recv_hook) __P((unsigned char *p, int len)); extern void (*snoop_recv_hook) __P((unsigned char *p, int len));
extern void (*snoop_send_hook) __P((unsigned char *p, int len)); extern void (*snoop_send_hook) __P((unsigned char *p, int len));
--
1.8.3.1

View File

@ -0,0 +1,27 @@
From fcb95abad72ac043f2e5f5ddcffc42b0783a3c2d Mon Sep 17 00:00:00 2001
From: Michal Sekletar <msekleta@redhat.com>
Date: Wed, 10 Dec 2014 12:21:31 +0100
Subject: [PATCH] Fix logical expression in eap_client_active macro
---
pppd/eap.h | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/pppd/eap.h b/pppd/eap.h
index 3fa5391..087baad 100644
--- a/pppd/eap.h
+++ b/pppd/eap.h
@@ -110,8 +110,8 @@ enum eap_state_code {
"SRP1", "SRP2", "SRP3", "MD5Chall", "Open", "SRP4", "BadAuth"
#ifdef USE_EAPTLS
-#define eap_client_active(esp) ((esp)->es_client.ea_state != eapInitial ||\
- (esp)->es_client.ea_state != eapPending ||\
+#define eap_client_active(esp) ((esp)->es_client.ea_state != eapInitial &&\
+ (esp)->es_client.ea_state != eapPending &&\
(esp)->es_client.ea_state != eapClosed)
#else
#define eap_client_active(esp) ((esp)->es_client.ea_state == eapListen)
--
1.8.3.1

View File

@ -1,79 +0,0 @@
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
index 534ccc2..cf11b74 100644
--- a/pppd/Makefile.linux
+++ b/pppd/Makefile.linux
@@ -41,7 +41,7 @@ COPTS = -Wall $(RPM_OPT_FLAGS) -DLIBDIR=\""$(LIBDIR)"\"
# Uncomment the next 2 lines to include support for Microsoft's
# MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux.
CHAPMS=y
-USE_CRYPT=y
+#USE_CRYPT=y
# Don't use MSLANMAN unless you really know what you're doing.
#MSLANMAN=y
# Uncomment the next line to include support for MPPE. CHAPMS (above) must
@@ -147,7 +147,8 @@ endif
ifdef NEEDDES
ifndef USE_CRYPT
-LIBS += -ldes $(LIBS)
+CFLAGS += -I/usr/include/openssl
+LIBS += -lcrypto
else
CFLAGS += -DUSE_CRYPT=1
endif
diff --git a/pppd/pppcrypt.c b/pppd/pppcrypt.c
index 8b85b13..6b35375 100644
--- a/pppd/pppcrypt.c
+++ b/pppd/pppcrypt.c
@@ -64,7 +64,7 @@ u_char *des_key; /* OUT 64 bit DES key with parity bits added */
des_key[7] = Get7Bits(key, 49);
#ifndef USE_CRYPT
- des_set_odd_parity((des_cblock *)des_key);
+ DES_set_odd_parity((DES_cblock *)des_key);
#endif
}
@@ -158,25 +158,25 @@ u_char *clear; /* OUT 8 octets */
}
#else /* USE_CRYPT */
-static des_key_schedule key_schedule;
+static DES_key_schedule key_schedule;
bool
DesSetkey(key)
u_char *key;
{
- des_cblock des_key;
+ DES_cblock des_key;
MakeKey(key, des_key);
- des_set_key(&des_key, key_schedule);
+ DES_set_key(&des_key, &key_schedule);
return (1);
}
bool
-DesEncrypt(clear, key, cipher)
+DesEncrypt(clear, cipher)
u_char *clear; /* IN 8 octets */
u_char *cipher; /* OUT 8 octets */
{
- des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher,
- key_schedule, 1);
+ DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher,
+ &key_schedule, 1);
return (1);
}
@@ -185,8 +185,8 @@ DesDecrypt(cipher, clear)
u_char *cipher; /* IN 8 octets */
u_char *clear; /* OUT 8 octets */
{
- des_ecb_encrypt((des_cblock *)cipher, (des_cblock *)clear,
- key_schedule, 0);
+ DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear,
+ &key_schedule, 0);
return (1);
}

View File

@ -1,170 +0,0 @@
diff --git a/chat/Makefile.linux b/chat/Makefile.linux
index 2445637..83114f1 100644
--- a/chat/Makefile.linux
+++ b/chat/Makefile.linux
@@ -18,7 +18,7 @@ INSTALL= install
all: chat
chat: chat.o
- $(CC) -o chat chat.o
+ $(CC) $(LDFLAGS) -o chat chat.o
chat.o: chat.c
$(CC) -c $(CFLAGS) -o chat.o chat.c
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
index cf11b74..089f164 100644
--- a/pppd/Makefile.linux
+++ b/pppd/Makefile.linux
@@ -188,7 +188,7 @@ endif
ifdef PLUGIN
CFLAGS += -DPLUGIN
-LDFLAGS += -Wl,-E
+LDFLAGS_PLUGIN += -Wl,-E
LIBS += -ldl
endif
@@ -230,7 +230,7 @@ install: pppd
$(INSTALL) -c -m 644 pppd.8 $(MANDIR)
pppd: $(PPPDOBJS)
- $(CC) $(CFLAGS) $(LDFLAGS) -o pppd $(PPPDOBJS) $(LIBS)
+ $(CC) $(CFLAGS) $(LDFLAGS) $(LDFLAGS_PLUGIN) -o pppd $(PPPDOBJS) $(LIBS)
srp-entry: srp-entry.c
$(CC) $(CFLAGS) $(LDFLAGS) -o $@ srp-entry.c $(LIBS)
diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux
index 303833a..04fe876 100644
--- a/pppd/plugins/Makefile.linux
+++ b/pppd/plugins/Makefile.linux
@@ -1,7 +1,7 @@
#CC = gcc
COPTS = $(RPM_OPT_FLAGS)
CFLAGS = $(COPTS) -I.. -I../../include -fPIC
-LDFLAGS = -shared
+LDFLAGS_SHARED = -shared
INSTALL = install
# EAP-TLS
@@ -33,7 +33,7 @@ all: $(PLUGINS)
for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d all; done
%.so: %.c
- $(CC) -o $@ $(LDFLAGS) $(CFLAGS) $^
+ $(CC) -o $@ $(LDFLAGS) $(LDFLAGS_SHARED) $(CFLAGS) $^
VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../patchlevel.h)
diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux
index 4c5826f..1961e0e 100644
--- a/pppd/plugins/pppoatm/Makefile.linux
+++ b/pppd/plugins/pppoatm/Makefile.linux
@@ -1,7 +1,7 @@
#CC = gcc
COPTS = $(RPM_OPT_FLAGS)
CFLAGS = $(COPTS) -I../.. -I../../../include -fPIC
-LDFLAGS = -shared
+LDFLAGS_SHARED = -shared
INSTALL = install
#***********************************************************************
@@ -33,7 +33,7 @@ endif
all: $(PLUGIN)
$(PLUGIN): $(PLUGIN_OBJS)
- $(CC) $(CFLAGS) -o $@ -shared $^ $(LIBS)
+ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(LDFLAGS_SHARED) $^ $(LIBS)
install: all
$(INSTALL) -d -m 755 $(LIBDIR)
diff --git a/pppd/plugins/pppol2tp/Makefile.linux b/pppd/plugins/pppol2tp/Makefile.linux
index 9cb316d..7b23b25 100644
--- a/pppd/plugins/pppol2tp/Makefile.linux
+++ b/pppd/plugins/pppol2tp/Makefile.linux
@@ -1,7 +1,7 @@
#CC = gcc
COPTS = $(RPM_OPT_FLAGS) -DHAVE_MULTILINK
CFLAGS = $(COPTS) -I. -I../.. -I../../../include -fPIC
-LDFLAGS = -shared
+LDFLAGS_SHARED = -shared
INSTALL = install
#***********************************************************************
@@ -16,7 +16,7 @@ PLUGINS := pppol2tp.so openl2tp.so
all: $(PLUGINS)
%.so: %.o
- $(CC) $(CFLAGS) -o $@ -shared $^ $(LIBS)
+ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(LDFLAGS_SHARED) $^ $(LIBS)
install: all
$(INSTALL) -d -m 755 $(LIBDIR)
diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux
index 707326b..2150332 100644
--- a/pppd/plugins/radius/Makefile.linux
+++ b/pppd/plugins/radius/Makefile.linux
@@ -43,13 +43,13 @@ install: all
$(INSTALL) -c -m 444 pppd-radattr.8 $(MANDIR)
radius.so: radius.o libradiusclient.a
- $(CC) -o radius.so -shared radius.o libradiusclient.a
+ $(CC) $(LDFLAGS) -o radius.so -shared radius.o libradiusclient.a
radattr.so: radattr.o
- $(CC) -o radattr.so -shared radattr.o
+ $(CC) $(LDFLAGS) -o radattr.so -shared radattr.o
radrealms.so: radrealms.o
- $(CC) -o radrealms.so -shared radrealms.o
+ $(CC) $(LDFLAGS) -o radrealms.so -shared radrealms.o
CLIENTOBJS = avpair.o buildreq.o config.o dict.o ip_util.o \
clientid.o sendserver.o lock.o util.o md5.o
diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux
index fa49efb..5e06b52 100644
--- a/pppd/plugins/rp-pppoe/Makefile.linux
+++ b/pppd/plugins/rp-pppoe/Makefile.linux
@@ -31,7 +31,7 @@ CFLAGS=$(COPTS) -I../../../include '-DRP_VERSION="$(RP_VERSION)"'
all: rp-pppoe.so pppoe-discovery
pppoe-discovery: pppoe-discovery.o debug.o common.o
- $(CC) -o pppoe-discovery pppoe-discovery.o debug.o -ludev
+ $(CC) $(LDFLAGS) -o pppoe-discovery pppoe-discovery.o debug.o -ludev
pppoe-discovery.o: pppoe-discovery.c
$(CC) $(CFLAGS) -c -o pppoe-discovery.o pppoe-discovery.c
@@ -40,7 +40,7 @@ debug.o: debug.c
$(CC) $(CFLAGS) -c -o debug.o debug.c
rp-pppoe.so: plugin.o discovery.o if.o common.o
- $(CC) -o rp-pppoe.so -shared plugin.o discovery.o if.o common.o
+ $(CC) $(LDFLAGS) -o rp-pppoe.so -shared plugin.o discovery.o if.o common.o
install: all
$(INSTALL) -d -m 755 $(LIBDIR)
diff --git a/pppdump/Makefile.linux b/pppdump/Makefile.linux
index 95c6805..33e5107 100644
--- a/pppdump/Makefile.linux
+++ b/pppdump/Makefile.linux
@@ -10,7 +10,7 @@ INSTALL= install
all: pppdump
pppdump: $(OBJS)
- $(CC) -o pppdump $(OBJS)
+ $(CC) $(LDFLAGS) -o pppdump $(OBJS)
clean:
rm -f pppdump $(OBJS) *~
diff --git a/pppstats/Makefile.linux b/pppstats/Makefile.linux
index c5ba3b1..eeccf83 100644
--- a/pppstats/Makefile.linux
+++ b/pppstats/Makefile.linux
@@ -26,7 +26,7 @@ install: pppstats
$(INSTALL) -c -m 444 pppstats.8 $(MANDIR)
pppstats: $(PPPSTATSRCS)
- $(CC) $(CFLAGS) -o pppstats pppstats.c $(LIBS)
+ $(CC) $(CFLAGS) $(LDFLAGS) -o pppstats pppstats.c $(LIBS)
clean:
rm -f pppstats *~ #* core

View File

@ -3,7 +3,7 @@
Summary: The Point-to-Point Protocol daemon Summary: The Point-to-Point Protocol daemon
Name: ppp Name: ppp
Version: 2.4.7 Version: 2.4.7
Release: 21%{?dist} Release: 11%{?dist}
License: BSD and LGPLv2+ and GPLv2+ and Public Domain License: BSD and LGPLv2+ and GPLv2+ and Public Domain
Group: System Environment/Daemons Group: System Environment/Daemons
URL: http://www.samba.org/ppp URL: http://www.samba.org/ppp
@ -48,16 +48,12 @@ Patch0023: 0023-build-sys-install-rp-pppoe-plugin-files-with-standar.patch
Patch0024: 0024-build-sys-install-pppoatm-plugin-files-with-standard.patch Patch0024: 0024-build-sys-install-pppoatm-plugin-files-with-standard.patch
Patch0025: 0025-pppd-install-pppd-binary-using-standard-perms-755.patch Patch0025: 0025-pppd-install-pppd-binary-using-standard-perms-755.patch
Patch0026: 0026-Revert-pppd-rebase-EAP-TLS-patch-v0.994.patch Patch0026: 0026-Revert-pppd-rebase-EAP-TLS-patch-v0.994.patch
Patch0027: 0027-pppd-EAP-TLS-patch-v0.999.patch Patch0027: 0027-pppd-EAP-TLS-patch-v0.997.patch
Patch0028: 0028-pppoe-include-netinet-in.h-before-linux-in.h.patch Patch0028: 0028-Fix-logical-expression-in-eap_client_active-macro.patch
Patch0029: 0029-pppoe-include-netinet-in.h-before-linux-in.h.patch
# rhbz#1556132
Patch0029: ppp-2.4.7-DES-openssl.patch
# https://github.com/paulusmack/ppp/pull/95
Patch0030: ppp-2.4.7-honor-ldflags.patch
BuildRequires: pam-devel, libpcap-devel, systemd, systemd-devel, glib2-devel BuildRequires: pam-devel, libpcap-devel, systemd, systemd-devel, glib2-devel
BuildRequires: openssl-devel BuildRequires: pkgconfig(openssl) < 1.1
Requires: glibc >= 2.0.6, /etc/pam.d/system-auth, libpcap >= 14:0.8.3-6, systemd, initscripts >= 9.54 Requires: glibc >= 2.0.6, /etc/pam.d/system-auth, libpcap >= 14:0.8.3-6, systemd, initscripts >= 9.54
Requires(pre): /usr/bin/getent Requires(pre): /usr/bin/getent
Requires(pre): /usr/sbin/groupadd Requires(pre): /usr/sbin/groupadd
@ -85,10 +81,9 @@ tar -xJf %{SOURCE12}
%build %build
export RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fPIC -Wall -fno-strict-aliasing" export RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fPIC -Wall -fno-strict-aliasing"
export RPM_LD_FLAGS="$LDFLAGS"
%configure %configure
make %{?_smp_mflags} LDFLAGS="%{?build_ldflags}" make %{?_smp_mflags}
make -C ppp-watch %{?_smp_mflags} LDFLAGS="%{?build_ldflags}" make -C ppp-watch %{?_smp_mflags}
%install %install
make INSTROOT=%{buildroot} install install-etcppp make INSTROOT=%{buildroot} install install-etcppp
@ -175,41 +170,6 @@ install -p %{SOURCE11} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/ifdo
%doc PLUGINS %doc PLUGINS
%changelog %changelog
* Mon Apr 9 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-21
- Link with -E not to break plugins
Resolves: rhbz#1564459
* Fri Apr 6 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-20
- Also build all DSOs with distro's LDFLAGS
Related: rhbz#1563157
* Wed Apr 4 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-19
- Build with distro's LDFLAGS
Resolves: rhbz#1563157
* Tue Mar 27 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-18
- Used openssl for the DES instead of the libcrypt / glibc
Resolves: rhbz#1556132
* Fri Feb 09 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 2.4.7-17
- Escape macros in %%changelog
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.7-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Sat Jan 20 2018 Björn Esser <besser82@fedoraproject.org> - 2.4.7-15
- Rebuilt for switch to libxcrypt
* Mon Aug 21 2017 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-14
- EAP-TLS patch updated to version 0.999
- Switched to openssl-1.1
* Thu Aug 03 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.7-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.7-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.7-11 * Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.7-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
@ -262,7 +222,7 @@ install -p %{SOURCE11} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/ifdo
- fix post installation scriptlet - fix post installation scriptlet
* Fri Jul 12 2013 Michal Sekletar <msekleta@redhat.com> - 2.4.5-32 * Fri Jul 12 2013 Michal Sekletar <msekleta@redhat.com> - 2.4.5-32
- don't ship /var/lock/ppp in rpm payload and create it in %%post instead - don't ship /var/lock/ppp in rpm payload and create it in %post instead
- fix installation of tmpfiles.d configuration - fix installation of tmpfiles.d configuration
- enable hardened build - enable hardened build
- fix bogus dates in changelog - fix bogus dates in changelog
@ -571,7 +531,7 @@ install -p %{SOURCE11} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/ifdo
- automatic rebuild - automatic rebuild
* Mon Jun 5 2000 Nalin Dahyabhai <nalin@redhat.com> * Mon Jun 5 2000 Nalin Dahyabhai <nalin@redhat.com>
- move man pages to %%{_mandir} - move man pages to %{_mandir}
* Thu Jun 1 2000 Nalin Dahyabhai <nalin@redhat.com> * Thu Jun 1 2000 Nalin Dahyabhai <nalin@redhat.com>
- change perms using defattr - change perms using defattr