Compare commits
38 Commits
master
...
f38-riscv6
Author | SHA1 | Date | |
---|---|---|---|
944fdee35a | |||
8bb5eff3ea | |||
|
9e045dfc2d | ||
|
329b6bd0d1 | ||
|
6e51f2673a | ||
|
8c079e9264 | ||
|
879a84b9d8 | ||
|
0221a70cad | ||
|
ebfb905788 | ||
|
bfc43d320d | ||
|
e8f51851e7 | ||
|
f1667c8a0f | ||
|
23f594e008 | ||
|
bf3c413175 | ||
|
61c3711488 | ||
|
02c8201efb | ||
|
4c460e431e | ||
|
a9d0d03ee8 | ||
|
22365d4cf2 | ||
|
568dc9d422 | ||
|
e4e647d22e | ||
|
ad5e2374cc | ||
|
a5cfee84bd | ||
|
47c6e80e42 | ||
|
6d73752ab1 | ||
|
0237a3fb30 | ||
|
be5731e256 | ||
|
ce3286c404 | ||
|
11e6611246 | ||
|
984c17894a | ||
|
332d094cb4 | ||
|
735ece793d | ||
|
bb98696009 | ||
|
0e0bd8ac45 | ||
|
ad2ec1482b | ||
|
eaa5f714f4 | ||
|
1bd88cdb7f | ||
|
ad8f16ddb2 |
2
.gitignore
vendored
2
.gitignore
vendored
@ -2,3 +2,5 @@ ppp-2.4.5.tar.gz
|
||||
/ppp-2.4.6.tar.gz
|
||||
/ppp-watch.tar.xz
|
||||
/ppp-2.4.7.tar.gz
|
||||
/ppp-2.4.8.tar.gz
|
||||
/ppp-2.4.9.tar.gz
|
||||
|
@ -1,25 +0,0 @@
|
||||
From 486e36d184cbaee7e34bb582ea6fdf3bfa9ca531 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekleta@redhat.com>
|
||||
Date: Fri, 4 Apr 2014 11:23:42 +0200
|
||||
Subject: [PATCH 01/27] build-sys: use gcc as our compiler of choice
|
||||
|
||||
---
|
||||
pppd/Makefile.linux | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
|
||||
index a74c914..1d9ea78 100644
|
||||
--- a/pppd/Makefile.linux
|
||||
+++ b/pppd/Makefile.linux
|
||||
@@ -30,7 +30,7 @@ ifeq (.depend,$(wildcard .depend))
|
||||
include .depend
|
||||
endif
|
||||
|
||||
-# CC = gcc
|
||||
+CC = gcc
|
||||
#
|
||||
COPTS = -O2 -pipe -Wall -g
|
||||
LIBS =
|
||||
--
|
||||
1.8.3.1
|
||||
|
@ -1,25 +0,0 @@
|
||||
From 0d71a32b73b71c9793d0b304320858062faf00d1 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekleta@redhat.com>
|
||||
Date: Fri, 4 Apr 2014 11:25:43 +0200
|
||||
Subject: [PATCH 02/27] build-sys: enable PAM support
|
||||
|
||||
---
|
||||
pppd/Makefile.linux | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
|
||||
index 1d9ea78..5a44d30 100644
|
||||
--- a/pppd/Makefile.linux
|
||||
+++ b/pppd/Makefile.linux
|
||||
@@ -61,7 +61,7 @@ HAVE_MULTILINK=y
|
||||
USE_TDB=y
|
||||
|
||||
HAS_SHADOW=y
|
||||
-#USE_PAM=y
|
||||
+USE_PAM=y
|
||||
HAVE_INET6=y
|
||||
|
||||
# Enable plugins
|
||||
--
|
||||
1.8.3.1
|
||||
|
@ -1,121 +0,0 @@
|
||||
From d729b06f0ac7a5ebd3648ef60bef0499b59bf82d Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekleta@redhat.com>
|
||||
Date: Fri, 4 Apr 2014 11:29:39 +0200
|
||||
Subject: [PATCH 03/27] build-sys: utilize compiler flags handed to us by
|
||||
rpmbuild
|
||||
|
||||
---
|
||||
chat/Makefile.linux | 2 +-
|
||||
pppd/Makefile.linux | 3 +--
|
||||
pppd/plugins/Makefile.linux | 2 +-
|
||||
pppd/plugins/pppoatm/Makefile.linux | 2 +-
|
||||
pppd/plugins/radius/Makefile.linux | 2 +-
|
||||
pppd/plugins/rp-pppoe/Makefile.linux | 2 +-
|
||||
pppdump/Makefile.linux | 2 +-
|
||||
pppstats/Makefile.linux | 2 +-
|
||||
8 files changed, 8 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/chat/Makefile.linux b/chat/Makefile.linux
|
||||
index 1065ac5..848cd8d 100644
|
||||
--- a/chat/Makefile.linux
|
||||
+++ b/chat/Makefile.linux
|
||||
@@ -10,7 +10,7 @@ CDEF3= -UNO_SLEEP # Use the usleep function
|
||||
CDEF4= -DFNDELAY=O_NDELAY # Old name value
|
||||
CDEFS= $(CDEF1) $(CDEF2) $(CDEF3) $(CDEF4)
|
||||
|
||||
-COPTS= -O2 -g -pipe
|
||||
+COPTS= $(RPM_OPT_FLAGS)
|
||||
CFLAGS= $(COPTS) $(CDEFS)
|
||||
|
||||
INSTALL= install
|
||||
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
|
||||
index 5a44d30..63872eb 100644
|
||||
--- a/pppd/Makefile.linux
|
||||
+++ b/pppd/Makefile.linux
|
||||
@@ -32,8 +32,7 @@ endif
|
||||
|
||||
CC = gcc
|
||||
#
|
||||
-COPTS = -O2 -pipe -Wall -g
|
||||
-LIBS =
|
||||
+COPTS = -Wall $(RPM_OPT_FLAGS)
|
||||
|
||||
# Uncomment the next 2 lines to include support for Microsoft's
|
||||
# MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux.
|
||||
diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux
|
||||
index 0a7ec7b..e09a369 100644
|
||||
--- a/pppd/plugins/Makefile.linux
|
||||
+++ b/pppd/plugins/Makefile.linux
|
||||
@@ -1,5 +1,5 @@
|
||||
#CC = gcc
|
||||
-COPTS = -O2 -g
|
||||
+COPTS = $(RPM_OPT_FLAGS)
|
||||
CFLAGS = $(COPTS) -I.. -I../../include -fPIC
|
||||
LDFLAGS = -shared
|
||||
INSTALL = install
|
||||
diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux
|
||||
index 20f62e6..5a81447 100644
|
||||
--- a/pppd/plugins/pppoatm/Makefile.linux
|
||||
+++ b/pppd/plugins/pppoatm/Makefile.linux
|
||||
@@ -1,5 +1,5 @@
|
||||
#CC = gcc
|
||||
-COPTS = -O2 -g
|
||||
+COPTS = $(RPM_OPT_FLAGS)
|
||||
CFLAGS = $(COPTS) -I../.. -I../../../include -fPIC
|
||||
LDFLAGS = -shared
|
||||
INSTALL = install
|
||||
diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux
|
||||
index 24ed3e5..45b3b8d 100644
|
||||
--- a/pppd/plugins/radius/Makefile.linux
|
||||
+++ b/pppd/plugins/radius/Makefile.linux
|
||||
@@ -12,7 +12,7 @@ VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
|
||||
INSTALL = install
|
||||
|
||||
PLUGIN=radius.so radattr.so radrealms.so
|
||||
-CFLAGS=-I. -I../.. -I../../../include -O2 -fPIC -DRC_LOG_FACILITY=LOG_DAEMON
|
||||
+CFLAGS=-I. -I../.. -I../../../include $(RPM_OPT_FLAGS) -DRC_LOG_FACILITY=LOG_DAEMON
|
||||
|
||||
# Uncomment the next line to include support for Microsoft's
|
||||
# MS-CHAP authentication protocol.
|
||||
diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux
|
||||
index 5d7a271..352991a 100644
|
||||
--- a/pppd/plugins/rp-pppoe/Makefile.linux
|
||||
+++ b/pppd/plugins/rp-pppoe/Makefile.linux
|
||||
@@ -25,7 +25,7 @@ INSTALL = install
|
||||
# Version is set ONLY IN THE MAKEFILE! Don't delete this!
|
||||
RP_VERSION=3.8p
|
||||
|
||||
-COPTS=-O2 -g
|
||||
+COPTS=$(RPM_OPT_FLAGS)
|
||||
CFLAGS=$(COPTS) -I../../../include '-DRP_VERSION="$(RP_VERSION)"'
|
||||
all: rp-pppoe.so pppoe-discovery
|
||||
|
||||
diff --git a/pppdump/Makefile.linux b/pppdump/Makefile.linux
|
||||
index ac028f6..d0a5032 100644
|
||||
--- a/pppdump/Makefile.linux
|
||||
+++ b/pppdump/Makefile.linux
|
||||
@@ -2,7 +2,7 @@ DESTDIR = $(INSTROOT)@DESTDIR@
|
||||
BINDIR = $(DESTDIR)/sbin
|
||||
MANDIR = $(DESTDIR)/share/man/man8
|
||||
|
||||
-CFLAGS= -O -I../include/net
|
||||
+CFLAGS= $(RPM_OPT_FLAGS) -I../include/net
|
||||
OBJS = pppdump.o bsd-comp.o deflate.o zlib.o
|
||||
|
||||
INSTALL= install
|
||||
diff --git a/pppstats/Makefile.linux b/pppstats/Makefile.linux
|
||||
index cca6f0f..42aba73 100644
|
||||
--- a/pppstats/Makefile.linux
|
||||
+++ b/pppstats/Makefile.linux
|
||||
@@ -10,7 +10,7 @@ PPPSTATSRCS = pppstats.c
|
||||
PPPSTATOBJS = pppstats.o
|
||||
|
||||
#CC = gcc
|
||||
-COPTS = -O
|
||||
+COPTS = $(RPM_OPT_FLAGS)
|
||||
COMPILE_FLAGS = -I../include
|
||||
LIBS =
|
||||
|
||||
--
|
||||
1.8.3.1
|
||||
|
@ -1,111 +0,0 @@
|
||||
From b9fb631a493c5f1b490c8e9645eb6ebab4b25cc8 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekleta@redhat.com>
|
||||
Date: Fri, 4 Apr 2014 18:37:00 +0200
|
||||
Subject: [PATCH 07/27] build-sys: don't strip binaries during installation
|
||||
|
||||
We don't want that when building rpms. rpmbuild does final stripping of binaries
|
||||
for us and generetes debuginfo rpm.
|
||||
---
|
||||
chat/Makefile.linux | 2 +-
|
||||
pppd/Makefile.linux | 4 ++--
|
||||
pppd/plugins/radius/Makefile.linux | 6 +++---
|
||||
pppd/plugins/rp-pppoe/Makefile.linux | 4 ++--
|
||||
pppdump/Makefile.linux | 2 +-
|
||||
pppstats/Makefile.linux | 2 +-
|
||||
6 files changed, 10 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/chat/Makefile.linux b/chat/Makefile.linux
|
||||
index 848cd8d..2445637 100644
|
||||
--- a/chat/Makefile.linux
|
||||
+++ b/chat/Makefile.linux
|
||||
@@ -25,7 +25,7 @@ chat.o: chat.c
|
||||
|
||||
install: chat
|
||||
mkdir -p $(BINDIR) $(MANDIR)
|
||||
- $(INSTALL) -s -c chat $(BINDIR)
|
||||
+ $(INSTALL) -c chat $(BINDIR)
|
||||
$(INSTALL) -c -m 644 chat.8 $(MANDIR)
|
||||
|
||||
clean:
|
||||
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
|
||||
index 8ed56c1..4f27100 100644
|
||||
--- a/pppd/Makefile.linux
|
||||
+++ b/pppd/Makefile.linux
|
||||
@@ -102,7 +102,7 @@ ifdef USE_SRP
|
||||
CFLAGS += -DUSE_SRP -DOPENSSL -I/usr/local/ssl/include
|
||||
LIBS += -lsrp -L/usr/local/ssl/lib -lcrypto
|
||||
TARGETS += srp-entry
|
||||
-EXTRAINSTALL = $(INSTALL) -s -c -m 555 srp-entry $(BINDIR)/srp-entry
|
||||
+EXTRAINSTALL = $(INSTALL) -c -m 555 srp-entry $(BINDIR)/srp-entry
|
||||
MANPAGES += srp-entry.8
|
||||
EXTRACLEAN += srp-entry.o
|
||||
NEEDDES=y
|
||||
@@ -208,7 +208,7 @@ all: $(TARGETS)
|
||||
install: pppd
|
||||
mkdir -p $(BINDIR) $(MANDIR)
|
||||
$(EXTRAINSTALL)
|
||||
- $(INSTALL) -s -c -m 555 pppd $(BINDIR)/pppd
|
||||
+ $(INSTALL) -c -m 555 pppd $(BINDIR)/pppd
|
||||
if chgrp pppusers $(BINDIR)/pppd 2>/dev/null; then \
|
||||
chmod o-rx,u+s $(BINDIR)/pppd; fi
|
||||
$(INSTALL) -c -m 444 pppd.8 $(MANDIR)
|
||||
diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux
|
||||
index 179d0b7..707326b 100644
|
||||
--- a/pppd/plugins/radius/Makefile.linux
|
||||
+++ b/pppd/plugins/radius/Makefile.linux
|
||||
@@ -36,9 +36,9 @@ all: $(PLUGIN)
|
||||
|
||||
install: all
|
||||
$(INSTALL) -d -m 755 $(LIBDIR)
|
||||
- $(INSTALL) -s -c -m 755 radius.so $(LIBDIR)
|
||||
- $(INSTALL) -s -c -m 755 radattr.so $(LIBDIR)
|
||||
- $(INSTALL) -s -c -m 755 radrealms.so $(LIBDIR)
|
||||
+ $(INSTALL) -c -m 755 radius.so $(LIBDIR)
|
||||
+ $(INSTALL) -c -m 755 radattr.so $(LIBDIR)
|
||||
+ $(INSTALL) -c -m 755 radrealms.so $(LIBDIR)
|
||||
$(INSTALL) -c -m 444 pppd-radius.8 $(MANDIR)
|
||||
$(INSTALL) -c -m 444 pppd-radattr.8 $(MANDIR)
|
||||
|
||||
diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux
|
||||
index 1305ed8..3cd9101 100644
|
||||
--- a/pppd/plugins/rp-pppoe/Makefile.linux
|
||||
+++ b/pppd/plugins/rp-pppoe/Makefile.linux
|
||||
@@ -43,9 +43,9 @@ rp-pppoe.so: plugin.o discovery.o if.o common.o
|
||||
|
||||
install: all
|
||||
$(INSTALL) -d -m 755 $(LIBDIR)
|
||||
- $(INSTALL) -s -c -m 4550 rp-pppoe.so $(LIBDIR)
|
||||
+ $(INSTALL) -c -m 4550 rp-pppoe.so $(LIBDIR)
|
||||
$(INSTALL) -d -m 755 $(BINDIR)
|
||||
- $(INSTALL) -s -c -m 555 pppoe-discovery $(BINDIR)
|
||||
+ $(INSTALL) -c -m 555 pppoe-discovery $(BINDIR)
|
||||
|
||||
clean:
|
||||
rm -f *.o *.so pppoe-discovery
|
||||
diff --git a/pppdump/Makefile.linux b/pppdump/Makefile.linux
|
||||
index d0a5032..95c6805 100644
|
||||
--- a/pppdump/Makefile.linux
|
||||
+++ b/pppdump/Makefile.linux
|
||||
@@ -17,5 +17,5 @@ clean:
|
||||
|
||||
install:
|
||||
mkdir -p $(BINDIR) $(MANDIR)
|
||||
- $(INSTALL) -s -c pppdump $(BINDIR)
|
||||
+ $(INSTALL) -c pppdump $(BINDIR)
|
||||
$(INSTALL) -c -m 444 pppdump.8 $(MANDIR)
|
||||
diff --git a/pppstats/Makefile.linux b/pppstats/Makefile.linux
|
||||
index 42aba73..c5ba3b1 100644
|
||||
--- a/pppstats/Makefile.linux
|
||||
+++ b/pppstats/Makefile.linux
|
||||
@@ -22,7 +22,7 @@ all: pppstats
|
||||
|
||||
install: pppstats
|
||||
-mkdir -p $(MANDIR)
|
||||
- $(INSTALL) -s -c pppstats $(BINDIR)
|
||||
+ $(INSTALL) -c pppstats $(BINDIR)
|
||||
$(INSTALL) -c -m 444 pppstats.8 $(MANDIR)
|
||||
|
||||
pppstats: $(PPPSTATSRCS)
|
||||
--
|
||||
1.8.3.1
|
||||
|
@ -1,89 +0,0 @@
|
||||
From 343728d5de6e44bd67923503e62eefaad50760a4 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekleta@redhat.com>
|
||||
Date: Fri, 4 Apr 2014 18:47:01 +0200
|
||||
Subject: [PATCH 08/27] build-sys: use prefix /usr instead of /usr/local
|
||||
|
||||
---
|
||||
configure | 2 +-
|
||||
pppd/Makefile.linux | 4 ++--
|
||||
scripts/ppp-on-rsh | 2 +-
|
||||
scripts/ppp-on-ssh | 4 ++--
|
||||
scripts/secure-card | 2 +-
|
||||
5 files changed, 7 insertions(+), 7 deletions(-)
|
||||
|
||||
diff --git a/configure b/configure
|
||||
index 6a55e0f..db54d77 100755
|
||||
--- a/configure
|
||||
+++ b/configure
|
||||
@@ -2,7 +2,7 @@
|
||||
# $Id: configure,v 1.38 2008/06/15 07:08:49 paulus Exp $
|
||||
|
||||
# Where to install stuff by default
|
||||
-DESTDIR=/usr/local
|
||||
+DESTDIR=/usr
|
||||
SYSCONF=/etc
|
||||
|
||||
# if [ -d /NextApps ]; then
|
||||
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
|
||||
index 4f27100..95c2598 100644
|
||||
--- a/pppd/Makefile.linux
|
||||
+++ b/pppd/Makefile.linux
|
||||
@@ -99,8 +99,8 @@ endif
|
||||
|
||||
# EAP SRP-SHA1
|
||||
ifdef USE_SRP
|
||||
-CFLAGS += -DUSE_SRP -DOPENSSL -I/usr/local/ssl/include
|
||||
-LIBS += -lsrp -L/usr/local/ssl/lib -lcrypto
|
||||
+CFLAGS += -DUSE_SRP -DOPENSSL -I/usr/include/openssl
|
||||
+LIBS += -lsrp -L/usr/lib -lcrypto
|
||||
TARGETS += srp-entry
|
||||
EXTRAINSTALL = $(INSTALL) -c -m 555 srp-entry $(BINDIR)/srp-entry
|
||||
MANPAGES += srp-entry.8
|
||||
diff --git a/scripts/ppp-on-rsh b/scripts/ppp-on-rsh
|
||||
index 30a50db..a80616a 100755
|
||||
--- a/scripts/ppp-on-rsh
|
||||
+++ b/scripts/ppp-on-rsh
|
||||
@@ -26,7 +26,7 @@ PPPD_RHOST=myremotehost
|
||||
# For this example, we assume that pppd on both local and remote
|
||||
# machines reside in the same place, /usr/local/bin/pppd
|
||||
#
|
||||
-PPPD_LOC=/usr/local/bin/pppd
|
||||
+PPPD_LOC=/usr/sbin/pppd
|
||||
|
||||
#
|
||||
# The location of local options file (where rsh client is running).
|
||||
diff --git a/scripts/ppp-on-ssh b/scripts/ppp-on-ssh
|
||||
index 0e41aca..c27e80a 100755
|
||||
--- a/scripts/ppp-on-ssh
|
||||
+++ b/scripts/ppp-on-ssh
|
||||
@@ -26,7 +26,7 @@ PPPD_RHOST=myremotehost
|
||||
# For this example, we assume that pppd on both local and remote
|
||||
# machines reside in the same place, /usr/local/bin/pppd
|
||||
#
|
||||
-PPPD_LOC=/usr/local/bin/pppd
|
||||
+PPPD_LOC=/usr/sbin/pppd
|
||||
|
||||
#
|
||||
# The location of local options file (where ssh client is running).
|
||||
@@ -52,7 +52,7 @@ PPPD_REM_OPT=/etc/ppp/options-ssh-rem
|
||||
#
|
||||
# The location of ssh client on the local machine
|
||||
#
|
||||
-SSH_LOC=/usr/local/bin/ssh
|
||||
+SSH_LOC=/usr/bin/ssh
|
||||
|
||||
export PPPD_LOC PPPD_LOC_OPT PPPD_REM_OPT PPPD_RHOST SSH_LOC
|
||||
|
||||
diff --git a/scripts/secure-card b/scripts/secure-card
|
||||
index 0002365..ae3ae50 100755
|
||||
--- a/scripts/secure-card
|
||||
+++ b/scripts/secure-card
|
||||
@@ -1,4 +1,4 @@
|
||||
-#!/usr/local/bin/expect -f
|
||||
+#!/usr/bin/expect -f
|
||||
#
|
||||
# This script was written by Jim Isaacson <jcisaac@crl.com>. It is
|
||||
# designed to work as a script to use the SecureCARD(tm) device. This
|
||||
--
|
||||
1.8.3.1
|
||||
|
@ -1,57 +0,0 @@
|
||||
From abef895f9d144f05a83045136b77277352dc450f Mon Sep 17 00:00:00 2001
|
||||
From: David Woodhouse <dwmw2@fedoraproject.org>
|
||||
Date: Fri, 4 Apr 2014 18:53:33 +0200
|
||||
Subject: [PATCH 09/27] pppd: introduce ipv6-accept-remote
|
||||
|
||||
---
|
||||
pppd/ipv6cp.c | 5 ++++-
|
||||
pppd/ipv6cp.h | 3 ++-
|
||||
2 files changed, 6 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/pppd/ipv6cp.c b/pppd/ipv6cp.c
|
||||
index caa2b26..5a56c95 100644
|
||||
--- a/pppd/ipv6cp.c
|
||||
+++ b/pppd/ipv6cp.c
|
||||
@@ -245,6 +245,8 @@ static option_t ipv6cp_option_list[] = {
|
||||
|
||||
{ "ipv6cp-accept-local", o_bool, &ipv6cp_allowoptions[0].accept_local,
|
||||
"Accept peer's interface identifier for us", 1 },
|
||||
+ { "ipv6cp-accept-remote", o_bool, &ipv6cp_allowoptions[0].accept_remote,
|
||||
+ "Accept peer's interface identifier for itself", 1 },
|
||||
|
||||
{ "ipv6cp-use-ipaddr", o_bool, &ipv6cp_allowoptions[0].use_ip,
|
||||
"Use (default) IPv4 address as interface identifier", 1 },
|
||||
@@ -437,6 +439,7 @@ ipv6cp_init(unit)
|
||||
memset(ao, 0, sizeof(*ao));
|
||||
|
||||
wo->accept_local = 1;
|
||||
+ wo->accept_remote = 1;
|
||||
wo->neg_ifaceid = 1;
|
||||
ao->neg_ifaceid = 1;
|
||||
|
||||
@@ -962,7 +965,7 @@ ipv6cp_reqci(f, inp, len, reject_if_disagree)
|
||||
orc = CONFREJ; /* Reject CI */
|
||||
break;
|
||||
}
|
||||
- if (!eui64_iszero(wo->hisid) &&
|
||||
+ if (!eui64_iszero(wo->hisid) && !wo->accept_remote &&
|
||||
!eui64_equals(ifaceid, wo->hisid) &&
|
||||
eui64_iszero(go->hisid)) {
|
||||
|
||||
diff --git a/pppd/ipv6cp.h b/pppd/ipv6cp.h
|
||||
index cc4568d..8c7552e 100644
|
||||
--- a/pppd/ipv6cp.h
|
||||
+++ b/pppd/ipv6cp.h
|
||||
@@ -150,7 +150,8 @@
|
||||
typedef struct ipv6cp_options {
|
||||
int neg_ifaceid; /* Negotiate interface identifier? */
|
||||
int req_ifaceid; /* Ask peer to send interface identifier? */
|
||||
- int accept_local; /* accept peer's value for iface id? */
|
||||
+ int accept_local; /* accept peer's value for our iface id? */
|
||||
+ int accept_remote; /* accept peer's value for his iface id? */
|
||||
int opt_local; /* ourtoken set by option */
|
||||
int opt_remote; /* histoken set by option */
|
||||
int use_ip; /* use IP as interface identifier */
|
||||
--
|
||||
1.8.3.1
|
||||
|
@ -1,26 +0,0 @@
|
||||
From 8015a0ef23a874f288d5e77ffafe1d7f4281725d Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekleta@redhat.com>
|
||||
Date: Fri, 4 Apr 2014 18:59:24 +0200
|
||||
Subject: [PATCH 10/27] build-sys: enable CBCP
|
||||
|
||||
Resolves: #199278
|
||||
---
|
||||
pppd/Makefile.linux | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
|
||||
index 95c2598..65700fa 100644
|
||||
--- a/pppd/Makefile.linux
|
||||
+++ b/pppd/Makefile.linux
|
||||
@@ -68,7 +68,7 @@ HAVE_INET6=y
|
||||
PLUGIN=y
|
||||
|
||||
# Enable Microsoft proprietary Callback Control Protocol
|
||||
-#CBCP=y
|
||||
+CBCP=y
|
||||
|
||||
# Enable EAP SRP-SHA1 authentication (requires libsrp)
|
||||
#USE_SRP=y
|
||||
--
|
||||
1.8.3.1
|
||||
|
@ -1,19 +1,3 @@
|
||||
From 2a97ab28ee00586e5f06b3ef3a0e43ea0c7c6499 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekleta@redhat.com>
|
||||
Date: Mon, 7 Apr 2014 14:21:41 +0200
|
||||
Subject: [PATCH 14/27] everywhere: use SOCK_CLOEXEC when creating socket
|
||||
|
||||
---
|
||||
pppd/plugins/pppoatm/pppoatm.c | 2 +-
|
||||
pppd/plugins/pppol2tp/openl2tp.c | 2 +-
|
||||
pppd/plugins/pppol2tp/pppol2tp.c | 2 +-
|
||||
pppd/plugins/rp-pppoe/if.c | 2 +-
|
||||
pppd/plugins/rp-pppoe/plugin.c | 6 +++---
|
||||
pppd/plugins/rp-pppoe/pppoe-discovery.c | 2 +-
|
||||
pppd/sys-linux.c | 10 +++++-----
|
||||
pppd/tty.c | 2 +-
|
||||
8 files changed, 14 insertions(+), 14 deletions(-)
|
||||
|
||||
diff --git a/pppd/plugins/pppoatm/pppoatm.c b/pppd/plugins/pppoatm/pppoatm.c
|
||||
index d693350..c31bb34 100644
|
||||
--- a/pppd/plugins/pppoatm/pppoatm.c
|
||||
@ -53,10 +37,10 @@ index a7e3400..e64a778 100644
|
||||
if (fd >= 0) {
|
||||
memset (&ifr, '\0', sizeof (ifr));
|
||||
strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
|
||||
diff --git a/pppd/plugins/rp-pppoe/if.c b/pppd/plugins/rp-pppoe/if.c
|
||||
diff --git a/pppd/plugins/pppoe/if.c b/pppd/plugins/pppoe/if.c
|
||||
index 91e9a57..72aba41 100644
|
||||
--- a/pppd/plugins/rp-pppoe/if.c
|
||||
+++ b/pppd/plugins/rp-pppoe/if.c
|
||||
--- a/pppd/plugins/pppoe/if.c
|
||||
+++ b/pppd/plugins/pppoe/if.c
|
||||
@@ -116,7 +116,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr)
|
||||
stype = SOCK_PACKET;
|
||||
#endif
|
||||
@ -66,10 +50,10 @@ index 91e9a57..72aba41 100644
|
||||
/* Give a more helpful message for the common error case */
|
||||
if (errno == EPERM) {
|
||||
fatal("Cannot create raw socket -- pppoe must be run as root.");
|
||||
diff --git a/pppd/plugins/rp-pppoe/plugin.c b/pppd/plugins/rp-pppoe/plugin.c
|
||||
diff --git a/pppd/plugins/pppoe/plugin.c b/pppd/plugins/pppoe/plugin.c
|
||||
index a8c2bb4..24bdf8f 100644
|
||||
--- a/pppd/plugins/rp-pppoe/plugin.c
|
||||
+++ b/pppd/plugins/rp-pppoe/plugin.c
|
||||
--- a/pppd/plugins/pppoe/plugin.c
|
||||
+++ b/pppd/plugins/pppoe/plugin.c
|
||||
@@ -137,7 +137,7 @@ PPPOEConnectDevice(void)
|
||||
/* server equipment). */
|
||||
/* Opening this socket just before waitForPADS in the discovery() */
|
||||
@ -97,10 +81,10 @@ index a8c2bb4..24bdf8f 100644
|
||||
r = 0;
|
||||
}
|
||||
|
||||
diff --git a/pppd/plugins/rp-pppoe/pppoe-discovery.c b/pppd/plugins/rp-pppoe/pppoe-discovery.c
|
||||
diff --git a/pppd/plugins/pppoe/pppoe-discovery.c b/pppd/plugins/pppoe/pppoe-discovery.c
|
||||
index 3d3bf4e..c0d927d 100644
|
||||
--- a/pppd/plugins/rp-pppoe/pppoe-discovery.c
|
||||
+++ b/pppd/plugins/rp-pppoe/pppoe-discovery.c
|
||||
--- a/pppd/plugins/pppoe/pppoe-discovery.c
|
||||
+++ b/pppd/plugins/pppoe/pppoe-discovery.c
|
||||
@@ -121,7 +121,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr)
|
||||
stype = SOCK_PACKET;
|
||||
#endif
|
||||
@ -109,7 +93,7 @@ index 3d3bf4e..c0d927d 100644
|
||||
+ if ((fd = socket(domain, stype | SOCK_CLOEXEC, htons(type))) < 0) {
|
||||
/* Give a more helpful message for the common error case */
|
||||
if (errno == EPERM) {
|
||||
rp_fatal("Cannot create raw socket -- pppoe must be run as root.");
|
||||
fatal("Cannot create raw socket -- pppoe must be run as root.");
|
||||
diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c
|
||||
index 00a2cf5..0690019 100644
|
||||
--- a/pppd/sys-linux.c
|
||||
@ -136,7 +120,7 @@ index 00a2cf5..0690019 100644
|
||||
- sock_fd = socket(AF_INET, SOCK_DGRAM, 0);
|
||||
+ sock_fd = socket(AF_INET, SOCK_DGRAM | SOCK_CLOEXEC, 0);
|
||||
if (sock_fd < 0)
|
||||
return 0;
|
||||
return -1;
|
||||
memset(&ifreq.ifr_hwaddr, 0, sizeof(struct sockaddr));
|
||||
@@ -2067,7 +2067,7 @@ int ppp_available(void)
|
||||
/*
|
||||
@ -147,15 +131,6 @@ index 00a2cf5..0690019 100644
|
||||
if (s < 0)
|
||||
return 0;
|
||||
|
||||
@@ -2860,7 +2860,7 @@ ether_to_eui64(eui64_t *p_eui64)
|
||||
int skfd;
|
||||
const unsigned char *ptr;
|
||||
|
||||
- skfd = socket(PF_INET6, SOCK_DGRAM, 0);
|
||||
+ skfd = socket(PF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0);
|
||||
if(skfd == -1)
|
||||
{
|
||||
warn("could not open IPv6 socket");
|
||||
diff --git a/pppd/tty.c b/pppd/tty.c
|
||||
index bc96695..8e76a5d 100644
|
||||
--- a/pppd/tty.c
|
||||
|
@ -1,18 +1,7 @@
|
||||
From a30efa2cc99a5b6ab220de04cbcc7db38888a17a Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekleta@redhat.com>
|
||||
Date: Mon, 7 Apr 2014 14:29:45 +0200
|
||||
Subject: [PATCH 16/27] rp-pppoe: add manpage for pppoe-discovery
|
||||
|
||||
---
|
||||
pppd/plugins/rp-pppoe/Makefile.linux | 2 +
|
||||
pppd/plugins/rp-pppoe/pppoe-discovery.8 | 86 +++++++++++++++++++++++++++++++++
|
||||
2 files changed, 88 insertions(+)
|
||||
create mode 100644 pppd/plugins/rp-pppoe/pppoe-discovery.8
|
||||
|
||||
diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux
|
||||
diff --git a/pppd/plugins/pppoe/Makefile.linux b/pppd/plugins/pppoe/Makefile.linux
|
||||
index 3cd9101..9918091 100644
|
||||
--- a/pppd/plugins/rp-pppoe/Makefile.linux
|
||||
+++ b/pppd/plugins/rp-pppoe/Makefile.linux
|
||||
--- a/pppd/plugins/pppoe/Makefile.linux
|
||||
+++ b/pppd/plugins/pppoe/Makefile.linux
|
||||
@@ -16,6 +16,7 @@
|
||||
|
||||
DESTDIR = $(INSTROOT)@DESTDIR@
|
||||
@ -22,18 +11,18 @@ index 3cd9101..9918091 100644
|
||||
|
||||
PPPDVERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
|
||||
@@ -46,6 +47,7 @@ install: all
|
||||
$(INSTALL) -c -m 4550 rp-pppoe.so $(LIBDIR)
|
||||
$(LN_S) pppoe.so $(LIBDIR)/rp-pppoe.so
|
||||
$(INSTALL) -d -m 755 $(BINDIR)
|
||||
$(INSTALL) -c -m 555 pppoe-discovery $(BINDIR)
|
||||
+ $(INSTALL) -c -m 444 pppoe-discovery.8 $(MANDIR)
|
||||
|
||||
clean:
|
||||
rm -f *.o *.so pppoe-discovery
|
||||
diff --git a/pppd/plugins/rp-pppoe/pppoe-discovery.8 b/pppd/plugins/rp-pppoe/pppoe-discovery.8
|
||||
diff --git a/pppd/plugins/pppoe/pppoe-discovery.8 b/pppd/plugins/pppoe/pppoe-discovery.8
|
||||
new file mode 100644
|
||||
index 0000000..d0a93db
|
||||
--- /dev/null
|
||||
+++ b/pppd/plugins/rp-pppoe/pppoe-discovery.8
|
||||
+++ b/pppd/plugins/pppoe/pppoe-discovery.8
|
||||
@@ -0,0 +1,86 @@
|
||||
+.\" pppoe-discovery.8 written by
|
||||
+.\" Ben Hutchings <ben@decadentplace.org.uk>, based on pppoe.8.
|
||||
|
File diff suppressed because it is too large
Load Diff
@ -1,383 +0,0 @@
|
||||
From 6edc865bd02ab591b9121d4a5f6dc3cdbe5af809 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekleta@redhat.com>
|
||||
Date: Wed, 9 Apr 2014 09:18:24 +0200
|
||||
Subject: [PATCH 19/27] sys-linux: rework get_first_ethernet()
|
||||
|
||||
We can't assume that host has ethernet NIC named "eth0". Rather than guessing we
|
||||
better ask udev. We iterate over symlinks symlinks in /sys/class/net and
|
||||
for each device we determine if it is ethernet device and additionally we query
|
||||
udev database for sub-type of the device. If we find PCI or USB device which has
|
||||
ethernet datalink type and appropriate sub-type we return its name. If we don't
|
||||
succeed in determining more information about device we will return "good
|
||||
enough" device which in turn is first device with ethernet datalink type.
|
||||
|
||||
Note that we now have two copies of get_first_ethernet() in the source code. This
|
||||
is bad and should be fixed in the future.
|
||||
|
||||
This commit replaces ppp-2.4.5-eth.patch.
|
||||
|
||||
Resolves: #682381
|
||||
---
|
||||
pppd/Makefile.linux | 3 +
|
||||
pppd/multilink.c | 4 +-
|
||||
pppd/plugins/rp-pppoe/Makefile.linux | 4 +-
|
||||
pppd/plugins/rp-pppoe/pppoe-discovery.c | 117 +++++++++++++++++++++++++++++++-
|
||||
pppd/pppd.h | 2 +-
|
||||
pppd/sys-linux.c | 115 +++++++++++++++++++++++++++++--
|
||||
6 files changed, 232 insertions(+), 13 deletions(-)
|
||||
|
||||
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
|
||||
index 53df4d2..0e8107f 100644
|
||||
--- a/pppd/Makefile.linux
|
||||
+++ b/pppd/Makefile.linux
|
||||
@@ -32,6 +32,9 @@ include .depend
|
||||
endif
|
||||
|
||||
CC = gcc
|
||||
+
|
||||
+LIBS = -ludev
|
||||
+
|
||||
#
|
||||
COPTS = -Wall $(RPM_OPT_FLAGS) -DLIBDIR=\""$(LIBDIR)"\"
|
||||
|
||||
diff --git a/pppd/multilink.c b/pppd/multilink.c
|
||||
index 135cab0..2f0ed50 100644
|
||||
--- a/pppd/multilink.c
|
||||
+++ b/pppd/multilink.c
|
||||
@@ -436,12 +436,12 @@ static int
|
||||
get_default_epdisc(ep)
|
||||
struct epdisc *ep;
|
||||
{
|
||||
- char *p;
|
||||
+ char *p = NULL;
|
||||
struct hostent *hp;
|
||||
u_int32_t addr;
|
||||
|
||||
/* First try for an ethernet MAC address */
|
||||
- p = get_first_ethernet();
|
||||
+ get_first_ethernet(&p);
|
||||
if (p != 0 && get_if_hwaddr(ep->value, p) >= 0) {
|
||||
ep->class = EPD_MAC;
|
||||
ep->length = 6;
|
||||
diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux
|
||||
index 9918091..b949716 100644
|
||||
--- a/pppd/plugins/rp-pppoe/Makefile.linux
|
||||
+++ b/pppd/plugins/rp-pppoe/Makefile.linux
|
||||
@@ -30,8 +30,8 @@ COPTS=$(RPM_OPT_FLAGS)
|
||||
CFLAGS=$(COPTS) -I../../../include '-DRP_VERSION="$(RP_VERSION)"'
|
||||
all: rp-pppoe.so pppoe-discovery
|
||||
|
||||
-pppoe-discovery: pppoe-discovery.o debug.o
|
||||
- $(CC) -o pppoe-discovery pppoe-discovery.o debug.o
|
||||
+pppoe-discovery: pppoe-discovery.o debug.o common.o
|
||||
+ $(CC) -o pppoe-discovery pppoe-discovery.o debug.o -ludev
|
||||
|
||||
pppoe-discovery.o: pppoe-discovery.c
|
||||
$(CC) $(CFLAGS) -c -o pppoe-discovery.o pppoe-discovery.c
|
||||
diff --git a/pppd/plugins/rp-pppoe/pppoe-discovery.c b/pppd/plugins/rp-pppoe/pppoe-discovery.c
|
||||
index c0d927d..2bd910f 100644
|
||||
--- a/pppd/plugins/rp-pppoe/pppoe-discovery.c
|
||||
+++ b/pppd/plugins/rp-pppoe/pppoe-discovery.c
|
||||
@@ -47,8 +47,13 @@
|
||||
#include <net/if_arp.h>
|
||||
#endif
|
||||
|
||||
+#include <dirent.h>
|
||||
+#include <sys/types.h>
|
||||
+#include <libudev.h>
|
||||
+
|
||||
char *xstrdup(const char *s);
|
||||
void usage(void);
|
||||
+int get_first_ethernet(char **_r);
|
||||
|
||||
void die(int status)
|
||||
{
|
||||
@@ -681,8 +686,15 @@ int main(int argc, char *argv[])
|
||||
}
|
||||
|
||||
/* default interface name */
|
||||
- if (!conn->ifName)
|
||||
- conn->ifName = strdup("eth0");
|
||||
+ if (!conn->ifName) {
|
||||
+ char *eth_dev;
|
||||
+ if (get_first_ethernet(ð_dev) < 0) {
|
||||
+ fprintf(stderr, "No ethernet device on the host.\n");
|
||||
+ exit(1);
|
||||
+ }
|
||||
+ conn->ifName = eth_dev;
|
||||
+ }
|
||||
+
|
||||
|
||||
conn->discoverySocket = -1;
|
||||
conn->sessionSocket = -1;
|
||||
@@ -722,3 +734,104 @@ void usage(void)
|
||||
fprintf(stderr, "Usage: pppoe-discovery [options]\n");
|
||||
fprintf(stderr, "\nVersion " RP_VERSION "\n");
|
||||
}
|
||||
+
|
||||
+/*
|
||||
+ * get_first_ethernet - return the name of the first ethernet-style
|
||||
+ * interface on this system.
|
||||
+ */
|
||||
+int
|
||||
+get_first_ethernet(char **_r)
|
||||
+{
|
||||
+ int r = 0;
|
||||
+ DIR *d = NULL;
|
||||
+ struct dirent *entry = NULL;
|
||||
+ struct udev *udev = NULL;
|
||||
+ struct udev_device *dev = NULL;
|
||||
+ char *eth_dev = NULL;
|
||||
+
|
||||
+ d = opendir("/sys/class/net");
|
||||
+ if (!d) {
|
||||
+ fprintf(stderr, "Failed to open dir /sys/class/net : %m\n");
|
||||
+ r = -errno;
|
||||
+ goto fail;
|
||||
+ }
|
||||
+
|
||||
+ udev = udev_new();
|
||||
+ if (!udev) {
|
||||
+ fprintf(stderr, "Failed to talk to systemd-udevd\n");
|
||||
+ r = -EIO;
|
||||
+ goto fail;
|
||||
+ }
|
||||
+
|
||||
+ while ((entry = readdir(d)) != NULL) {
|
||||
+ char syspath[PATH_MAX] = {};
|
||||
+ const char *type = NULL;
|
||||
+
|
||||
+ if ((strcmp(entry->d_name, ".") == 0) || (strcmp(entry->d_name, "..") == 0))
|
||||
+ continue;
|
||||
+
|
||||
+ sprintf(syspath, "/sys/class/net/%s", entry->d_name);
|
||||
+
|
||||
+ dev = udev_device_new_from_syspath(udev, syspath);
|
||||
+ if (!dev)
|
||||
+ continue;
|
||||
+
|
||||
+ type = udev_device_get_sysattr_value(dev, "type");
|
||||
+ if (strcmp(type, "1") == 0) {
|
||||
+ const char *pci_dev_subclass = NULL, *usb_dev_subclass = NULL;
|
||||
+
|
||||
+ pci_dev_subclass = udev_device_get_property_value(dev,
|
||||
+ "ID_PCI_SUBCLASS_FROM_DATABASE");
|
||||
+ usb_dev_subclass = udev_device_get_property_value(dev,
|
||||
+ "ID_USB_SUBCLASS_FROM_DATABASE");
|
||||
+
|
||||
+ if ((pci_dev_subclass && strcmp(pci_dev_subclass, "Ethernet controller") == 0) ||
|
||||
+ (usb_dev_subclass && (strcmp(usb_dev_subclass, "Ethernet Networking") == 0 ||
|
||||
+ strcmp(usb_dev_subclass, "Ethernet Emulation") == 0))) {
|
||||
+ char *d = NULL;
|
||||
+
|
||||
+ d = strdup(entry->d_name);
|
||||
+ if (!d) {
|
||||
+ r = -ENOMEM;
|
||||
+ goto fail;
|
||||
+ }
|
||||
+
|
||||
+ free(eth_dev);
|
||||
+ eth_dev = d;
|
||||
+ break;
|
||||
+ } else if (!eth_dev) {
|
||||
+ eth_dev = strdup(entry->d_name);
|
||||
+ if (!eth_dev) {
|
||||
+ r = -ENOMEM;
|
||||
+ goto fail;
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ udev_device_unref(dev);
|
||||
+ dev = NULL;
|
||||
+ }
|
||||
+
|
||||
+ if (dev)
|
||||
+ udev_device_unref(dev);
|
||||
+ udev_unref(udev);
|
||||
+ closedir(d);
|
||||
+
|
||||
+ *_r = eth_dev;
|
||||
+
|
||||
+ return 0;
|
||||
+
|
||||
+fail:
|
||||
+ if (dev)
|
||||
+ udev_device_unref(dev);
|
||||
+
|
||||
+ if (udev)
|
||||
+ udev_unref(udev);
|
||||
+
|
||||
+ if (d)
|
||||
+ closedir(d);
|
||||
+
|
||||
+ free(eth_dev);
|
||||
+
|
||||
+ return r;
|
||||
+}
|
||||
diff --git a/pppd/pppd.h b/pppd/pppd.h
|
||||
index de271c1..aaddba1 100644
|
||||
--- a/pppd/pppd.h
|
||||
+++ b/pppd/pppd.h
|
||||
@@ -691,7 +691,7 @@ int sipxfaddr __P((int, unsigned long, unsigned char *));
|
||||
int cipxfaddr __P((int));
|
||||
#endif
|
||||
int get_if_hwaddr __P((u_char *addr, char *name));
|
||||
-char *get_first_ethernet __P((void));
|
||||
+int get_first_ethernet __P((char **_r));
|
||||
|
||||
/* Procedures exported from options.c */
|
||||
int setipaddr __P((char *, char **, int)); /* Set local/remote ip addresses */
|
||||
diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c
|
||||
index 0690019..ec09c50 100644
|
||||
--- a/pppd/sys-linux.c
|
||||
+++ b/pppd/sys-linux.c
|
||||
@@ -92,6 +92,9 @@
|
||||
#include <ctype.h>
|
||||
#include <termios.h>
|
||||
#include <unistd.h>
|
||||
+#include <dirent.h>
|
||||
+
|
||||
+#include <libudev.h>
|
||||
|
||||
/* This is in netdevice.h. However, this compile will fail miserably if
|
||||
you attempt to include netdevice.h because it has so many references
|
||||
@@ -1873,10 +1876,101 @@ get_if_hwaddr(u_char *addr, char *name)
|
||||
* get_first_ethernet - return the name of the first ethernet-style
|
||||
* interface on this system.
|
||||
*/
|
||||
-char *
|
||||
-get_first_ethernet()
|
||||
-{
|
||||
- return "eth0";
|
||||
+int
|
||||
+get_first_ethernet(char **_r)
|
||||
+{
|
||||
+ int r = 0;
|
||||
+ DIR *d = NULL;
|
||||
+ struct dirent *entry = NULL;
|
||||
+ struct udev *udev = NULL;
|
||||
+ struct udev_device *dev = NULL;
|
||||
+ char *eth_dev = NULL;
|
||||
+
|
||||
+ d = opendir("/sys/class/net");
|
||||
+ if (!d) {
|
||||
+ fprintf(stderr, "Failed to open dir /sys/class/net : %m\n");
|
||||
+ r = -errno;
|
||||
+ goto fail;
|
||||
+ }
|
||||
+
|
||||
+ udev = udev_new();
|
||||
+ if (!udev) {
|
||||
+ fprintf(stderr, "Failed to talk to systemd-udevd\n");
|
||||
+ r = -EIO;
|
||||
+ goto fail;
|
||||
+ }
|
||||
+
|
||||
+ while ((entry = readdir(d)) != NULL) {
|
||||
+ char syspath[PATH_MAX] = {};
|
||||
+ const char *type = NULL;
|
||||
+
|
||||
+ if ((strcmp(entry->d_name, ".") == 0) || (strcmp(entry->d_name, "..") == 0))
|
||||
+ continue;
|
||||
+
|
||||
+ sprintf(syspath, "/sys/class/net/%s", entry->d_name);
|
||||
+
|
||||
+ dev = udev_device_new_from_syspath(udev, syspath);
|
||||
+ if (!dev)
|
||||
+ continue;
|
||||
+
|
||||
+ type = udev_device_get_sysattr_value(dev, "type");
|
||||
+ if (strcmp(type, "1") == 0) {
|
||||
+ const char *pci_dev_subclass = NULL, *usb_dev_subclass = NULL;
|
||||
+
|
||||
+ pci_dev_subclass = udev_device_get_property_value(dev,
|
||||
+ "ID_PCI_SUBCLASS_FROM_DATABASE");
|
||||
+ usb_dev_subclass = udev_device_get_property_value(dev,
|
||||
+ "ID_USB_SUBCLASS_FROM_DATABASE");
|
||||
+
|
||||
+ if ((pci_dev_subclass && strcmp(pci_dev_subclass, "Ethernet controller") == 0) ||
|
||||
+ (usb_dev_subclass && (strcmp(usb_dev_subclass, "Ethernet Networking") == 0 ||
|
||||
+ strcmp(usb_dev_subclass, "Ethernet Emulation") == 0))) {
|
||||
+ char *d = NULL;
|
||||
+
|
||||
+ d = strdup(entry->d_name);
|
||||
+ if (!d) {
|
||||
+ r = -ENOMEM;
|
||||
+ goto fail;
|
||||
+ }
|
||||
+
|
||||
+ free(eth_dev);
|
||||
+ eth_dev = d;
|
||||
+ break;
|
||||
+ } else if (!eth_dev) {
|
||||
+ eth_dev = strdup(entry->d_name);
|
||||
+ if (!eth_dev) {
|
||||
+ r = -ENOMEM;
|
||||
+ goto fail;
|
||||
+ }
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ udev_device_unref(dev);
|
||||
+ dev = NULL;
|
||||
+ }
|
||||
+
|
||||
+ if (dev)
|
||||
+ udev_device_unref(dev);
|
||||
+ udev_unref(udev);
|
||||
+ closedir(d);
|
||||
+
|
||||
+ *_r = eth_dev;
|
||||
+
|
||||
+ return 0;
|
||||
+
|
||||
+fail:
|
||||
+ if (dev)
|
||||
+ udev_device_unref(dev);
|
||||
+
|
||||
+ if (udev)
|
||||
+ udev_unref(udev);
|
||||
+
|
||||
+ if (d)
|
||||
+ closedir(d);
|
||||
+
|
||||
+ free(eth_dev);
|
||||
+
|
||||
+ return r;
|
||||
}
|
||||
|
||||
/********************************************************************
|
||||
@@ -2859,6 +2953,7 @@ ether_to_eui64(eui64_t *p_eui64)
|
||||
struct ifreq ifr;
|
||||
int skfd;
|
||||
const unsigned char *ptr;
|
||||
+ char *eth_dev = NULL;
|
||||
|
||||
skfd = socket(PF_INET6, SOCK_DGRAM | SOCK_CLOEXEC, 0);
|
||||
if(skfd == -1)
|
||||
@@ -2867,11 +2962,19 @@ ether_to_eui64(eui64_t *p_eui64)
|
||||
return 0;
|
||||
}
|
||||
|
||||
- strcpy(ifr.ifr_name, "eth0");
|
||||
+ if (get_first_ethernet(ð_dev) < 0)
|
||||
+ {
|
||||
+ warn("no ethernet device present on the host");
|
||||
+ return 0;
|
||||
+ }
|
||||
+
|
||||
+ strcpy(ifr.ifr_name, eth_dev);
|
||||
+ free(eth_dev);
|
||||
+
|
||||
if(ioctl(skfd, SIOCGIFHWADDR, &ifr) < 0)
|
||||
{
|
||||
close(skfd);
|
||||
- warn("could not obtain hardware address for eth0");
|
||||
+ warn("could not obtain hardware address for %s", ifr.ifr_name);
|
||||
return 0;
|
||||
}
|
||||
close(skfd);
|
||||
--
|
||||
1.8.3.1
|
||||
|
@ -1,26 +0,0 @@
|
||||
From c5a5f795b1defcb6d168e79c4d1fc371dfc556ca Mon Sep 17 00:00:00 2001
|
||||
From: Jiri Skala <jskala@redhat.com>
|
||||
Date: Wed, 9 Apr 2014 09:29:50 +0200
|
||||
Subject: [PATCH 20/27] pppd: put lock files in /var/lock/ppp
|
||||
|
||||
Resolves: #708260
|
||||
---
|
||||
pppd/utils.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/pppd/utils.c b/pppd/utils.c
|
||||
index 6051b9a..8407492 100644
|
||||
--- a/pppd/utils.c
|
||||
+++ b/pppd/utils.c
|
||||
@@ -846,7 +846,7 @@ complete_read(int fd, void *buf, size_t count)
|
||||
/* Procedures for locking the serial device using a lock file. */
|
||||
#ifndef LOCK_DIR
|
||||
#ifdef __linux__
|
||||
-#define LOCK_DIR "/var/lock"
|
||||
+#define LOCK_DIR "/var/lock/ppp"
|
||||
#else
|
||||
#ifdef SVR4
|
||||
#define LOCK_DIR "/var/spool/locks"
|
||||
--
|
||||
1.8.3.1
|
||||
|
@ -1,23 +0,0 @@
|
||||
From d69eb9a8aa284014dd7dd282813989eda9d84d74 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekleta@redhat.com>
|
||||
Date: Wed, 9 Apr 2014 09:56:09 +0200
|
||||
Subject: [PATCH 21/27] build-sys: compile pppol2tp plugin with RPM_OPT_FLAGS
|
||||
|
||||
---
|
||||
pppd/plugins/pppol2tp/Makefile.linux | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/pppd/plugins/pppol2tp/Makefile.linux b/pppd/plugins/pppol2tp/Makefile.linux
|
||||
index 4339566..9a635b8 100644
|
||||
--- a/pppd/plugins/pppol2tp/Makefile.linux
|
||||
+++ b/pppd/plugins/pppol2tp/Makefile.linux
|
||||
@@ -1,5 +1,5 @@
|
||||
#CC = gcc
|
||||
-COPTS = -O2 -g
|
||||
+COPTS = $(RPM_OPT_FLAGS)
|
||||
CFLAGS = $(COPTS) -I. -I../.. -I../../../include -fPIC
|
||||
LDFLAGS = -shared
|
||||
INSTALL = install
|
||||
--
|
||||
1.8.3.1
|
||||
|
@ -1,24 +0,0 @@
|
||||
From a0060c5d48ef742bff4fe9ba9c276a5c21795ce8 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekleta@redhat.com>
|
||||
Date: Wed, 9 Apr 2014 09:58:38 +0200
|
||||
Subject: [PATCH 22/27] build-sys: compile pppol2tp with multilink support
|
||||
|
||||
Resolves: #817013
|
||||
---
|
||||
pppd/plugins/pppol2tp/Makefile.linux | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/pppd/plugins/pppol2tp/Makefile.linux b/pppd/plugins/pppol2tp/Makefile.linux
|
||||
index 9a635b8..9cb316d 100644
|
||||
--- a/pppd/plugins/pppol2tp/Makefile.linux
|
||||
+++ b/pppd/plugins/pppol2tp/Makefile.linux
|
||||
@@ -1,5 +1,5 @@
|
||||
#CC = gcc
|
||||
-COPTS = $(RPM_OPT_FLAGS)
|
||||
+COPTS = $(RPM_OPT_FLAGS) -DHAVE_MULTILINK
|
||||
CFLAGS = $(COPTS) -I. -I../.. -I../../../include -fPIC
|
||||
LDFLAGS = -shared
|
||||
INSTALL = install
|
||||
--
|
||||
1.8.3.1
|
||||
|
@ -1,24 +1,15 @@
|
||||
From 769521a3798fd554ddc7333cb1255cd1b40790e8 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekleta@redhat.com>
|
||||
Date: Thu, 10 Apr 2014 10:00:55 +0200
|
||||
Subject: [PATCH 23/27] build-sys: install rp-pppoe plugin files with standard
|
||||
perms
|
||||
|
||||
This is needed to properly generate debuginfo package.
|
||||
---
|
||||
pppd/plugins/rp-pppoe/Makefile.linux | 6 +++---
|
||||
1 file changed, 3 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux
|
||||
index b949716..fa49efb 100644
|
||||
--- a/pppd/plugins/rp-pppoe/Makefile.linux
|
||||
+++ b/pppd/plugins/rp-pppoe/Makefile.linux
|
||||
@@ -44,10 +44,10 @@ rp-pppoe.so: plugin.o discovery.o if.o common.o
|
||||
diff --git a/pppd/plugins/pppoe/Makefile.linux b/pppd/plugins/pppoe/Makefile.linux
|
||||
index 2df887b..6cb8397 100644
|
||||
--- a/pppd/plugins/pppoe/Makefile.linux
|
||||
+++ b/pppd/plugins/pppoe/Makefile.linux
|
||||
@@ -43,12 +43,12 @@ pppoe.so: plugin.o discovery.o if.o common.o
|
||||
|
||||
install: all
|
||||
$(INSTALL) -d -m 755 $(LIBDIR)
|
||||
- $(INSTALL) -c -m 4550 rp-pppoe.so $(LIBDIR)
|
||||
+ $(INSTALL) -c -m 755 rp-pppoe.so $(LIBDIR)
|
||||
- $(INSTALL) -c -m 4550 pppoe.so $(LIBDIR)
|
||||
+ $(INSTALL) -c -m 755 pppoe.so $(LIBDIR)
|
||||
# Symlink for backward compatibility
|
||||
$(LN_S) pppoe.so $(LIBDIR)/rp-pppoe.so
|
||||
$(INSTALL) -d -m 755 $(BINDIR)
|
||||
- $(INSTALL) -c -m 555 pppoe-discovery $(BINDIR)
|
||||
- $(INSTALL) -c -m 444 pppoe-discovery.8 $(MANDIR)
|
||||
@ -27,6 +18,3 @@ index b949716..fa49efb 100644
|
||||
|
||||
clean:
|
||||
rm -f *.o *.so pppoe-discovery
|
||||
--
|
||||
1.8.3.1
|
||||
|
||||
|
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@ -1,35 +0,0 @@
|
||||
From 33797aa193a2751da26f9af120e39c110defe4d1 Mon Sep 17 00:00:00 2001
|
||||
From: Lubomir Rintel <lkundrak@v3.sk>
|
||||
Date: Sat, 10 Dec 2016 19:53:56 +0100
|
||||
Subject: [PATCH] pppoe: include netinet/in.h before linux/in.h
|
||||
|
||||
To fix build breakage.
|
||||
---
|
||||
pppd/plugins/rp-pppoe/pppoe.h | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/pppd/plugins/rp-pppoe/pppoe.h b/pppd/plugins/rp-pppoe/pppoe.h
|
||||
index 9ab2eee..f77f5b7 100644
|
||||
--- a/pppd/plugins/rp-pppoe/pppoe.h
|
||||
+++ b/pppd/plugins/rp-pppoe/pppoe.h
|
||||
@@ -15,6 +15,8 @@
|
||||
|
||||
#include "config.h"
|
||||
|
||||
+#include <netinet/in.h>
|
||||
+
|
||||
#if defined(HAVE_NETPACKET_PACKET_H) || defined(HAVE_LINUX_IF_PACKET_H)
|
||||
#define _POSIX_SOURCE 1 /* For sigaction defines */
|
||||
#endif
|
||||
@@ -84,8 +86,6 @@ typedef unsigned long UINT32_t;
|
||||
#include <linux/if_ether.h>
|
||||
#endif
|
||||
|
||||
-#include <netinet/in.h>
|
||||
-
|
||||
#ifdef HAVE_NETINET_IF_ETHER_H
|
||||
#include <sys/types.h>
|
||||
|
||||
--
|
||||
2.9.3
|
||||
|
@ -1,79 +0,0 @@
|
||||
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
|
||||
index 534ccc2..cf11b74 100644
|
||||
--- a/pppd/Makefile.linux
|
||||
+++ b/pppd/Makefile.linux
|
||||
@@ -41,7 +41,7 @@ COPTS = -Wall $(RPM_OPT_FLAGS) -DLIBDIR=\""$(LIBDIR)"\"
|
||||
# Uncomment the next 2 lines to include support for Microsoft's
|
||||
# MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux.
|
||||
CHAPMS=y
|
||||
-USE_CRYPT=y
|
||||
+#USE_CRYPT=y
|
||||
# Don't use MSLANMAN unless you really know what you're doing.
|
||||
#MSLANMAN=y
|
||||
# Uncomment the next line to include support for MPPE. CHAPMS (above) must
|
||||
@@ -147,7 +147,8 @@ endif
|
||||
|
||||
ifdef NEEDDES
|
||||
ifndef USE_CRYPT
|
||||
-LIBS += -ldes $(LIBS)
|
||||
+CFLAGS += -I/usr/include/openssl
|
||||
+LIBS += -lcrypto
|
||||
else
|
||||
CFLAGS += -DUSE_CRYPT=1
|
||||
endif
|
||||
diff --git a/pppd/pppcrypt.c b/pppd/pppcrypt.c
|
||||
index 8b85b13..6b35375 100644
|
||||
--- a/pppd/pppcrypt.c
|
||||
+++ b/pppd/pppcrypt.c
|
||||
@@ -64,7 +64,7 @@ u_char *des_key; /* OUT 64 bit DES key with parity bits added */
|
||||
des_key[7] = Get7Bits(key, 49);
|
||||
|
||||
#ifndef USE_CRYPT
|
||||
- des_set_odd_parity((des_cblock *)des_key);
|
||||
+ DES_set_odd_parity((DES_cblock *)des_key);
|
||||
#endif
|
||||
}
|
||||
|
||||
@@ -158,25 +158,25 @@ u_char *clear; /* OUT 8 octets */
|
||||
}
|
||||
|
||||
#else /* USE_CRYPT */
|
||||
-static des_key_schedule key_schedule;
|
||||
+static DES_key_schedule key_schedule;
|
||||
|
||||
bool
|
||||
DesSetkey(key)
|
||||
u_char *key;
|
||||
{
|
||||
- des_cblock des_key;
|
||||
+ DES_cblock des_key;
|
||||
MakeKey(key, des_key);
|
||||
- des_set_key(&des_key, key_schedule);
|
||||
+ DES_set_key(&des_key, &key_schedule);
|
||||
return (1);
|
||||
}
|
||||
|
||||
bool
|
||||
-DesEncrypt(clear, key, cipher)
|
||||
+DesEncrypt(clear, cipher)
|
||||
u_char *clear; /* IN 8 octets */
|
||||
u_char *cipher; /* OUT 8 octets */
|
||||
{
|
||||
- des_ecb_encrypt((des_cblock *)clear, (des_cblock *)cipher,
|
||||
- key_schedule, 1);
|
||||
+ DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher,
|
||||
+ &key_schedule, 1);
|
||||
return (1);
|
||||
}
|
||||
|
||||
@@ -185,8 +185,8 @@ DesDecrypt(cipher, clear)
|
||||
u_char *cipher; /* IN 8 octets */
|
||||
u_char *clear; /* OUT 8 octets */
|
||||
{
|
||||
- des_ecb_encrypt((des_cblock *)cipher, (des_cblock *)clear,
|
||||
- key_schedule, 0);
|
||||
+ DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear,
|
||||
+ &key_schedule, 0);
|
||||
return (1);
|
||||
}
|
||||
|
@ -1,170 +0,0 @@
|
||||
diff --git a/chat/Makefile.linux b/chat/Makefile.linux
|
||||
index 2445637..83114f1 100644
|
||||
--- a/chat/Makefile.linux
|
||||
+++ b/chat/Makefile.linux
|
||||
@@ -18,7 +18,7 @@ INSTALL= install
|
||||
all: chat
|
||||
|
||||
chat: chat.o
|
||||
- $(CC) -o chat chat.o
|
||||
+ $(CC) $(LDFLAGS) -o chat chat.o
|
||||
|
||||
chat.o: chat.c
|
||||
$(CC) -c $(CFLAGS) -o chat.o chat.c
|
||||
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
|
||||
index cf11b74..089f164 100644
|
||||
--- a/pppd/Makefile.linux
|
||||
+++ b/pppd/Makefile.linux
|
||||
@@ -188,7 +188,7 @@ endif
|
||||
|
||||
ifdef PLUGIN
|
||||
CFLAGS += -DPLUGIN
|
||||
-LDFLAGS += -Wl,-E
|
||||
+LDFLAGS_PLUGIN += -Wl,-E
|
||||
LIBS += -ldl
|
||||
endif
|
||||
|
||||
@@ -230,7 +230,7 @@ install: pppd
|
||||
$(INSTALL) -c -m 644 pppd.8 $(MANDIR)
|
||||
|
||||
pppd: $(PPPDOBJS)
|
||||
- $(CC) $(CFLAGS) $(LDFLAGS) -o pppd $(PPPDOBJS) $(LIBS)
|
||||
+ $(CC) $(CFLAGS) $(LDFLAGS) $(LDFLAGS_PLUGIN) -o pppd $(PPPDOBJS) $(LIBS)
|
||||
|
||||
srp-entry: srp-entry.c
|
||||
$(CC) $(CFLAGS) $(LDFLAGS) -o $@ srp-entry.c $(LIBS)
|
||||
diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux
|
||||
index 303833a..04fe876 100644
|
||||
--- a/pppd/plugins/Makefile.linux
|
||||
+++ b/pppd/plugins/Makefile.linux
|
||||
@@ -1,7 +1,7 @@
|
||||
#CC = gcc
|
||||
COPTS = $(RPM_OPT_FLAGS)
|
||||
CFLAGS = $(COPTS) -I.. -I../../include -fPIC
|
||||
-LDFLAGS = -shared
|
||||
+LDFLAGS_SHARED = -shared
|
||||
INSTALL = install
|
||||
|
||||
# EAP-TLS
|
||||
@@ -33,7 +33,7 @@ all: $(PLUGINS)
|
||||
for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d all; done
|
||||
|
||||
%.so: %.c
|
||||
- $(CC) -o $@ $(LDFLAGS) $(CFLAGS) $^
|
||||
+ $(CC) -o $@ $(LDFLAGS) $(LDFLAGS_SHARED) $(CFLAGS) $^
|
||||
|
||||
VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../patchlevel.h)
|
||||
|
||||
diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux
|
||||
index 4c5826f..1961e0e 100644
|
||||
--- a/pppd/plugins/pppoatm/Makefile.linux
|
||||
+++ b/pppd/plugins/pppoatm/Makefile.linux
|
||||
@@ -1,7 +1,7 @@
|
||||
#CC = gcc
|
||||
COPTS = $(RPM_OPT_FLAGS)
|
||||
CFLAGS = $(COPTS) -I../.. -I../../../include -fPIC
|
||||
-LDFLAGS = -shared
|
||||
+LDFLAGS_SHARED = -shared
|
||||
INSTALL = install
|
||||
|
||||
#***********************************************************************
|
||||
@@ -33,7 +33,7 @@ endif
|
||||
all: $(PLUGIN)
|
||||
|
||||
$(PLUGIN): $(PLUGIN_OBJS)
|
||||
- $(CC) $(CFLAGS) -o $@ -shared $^ $(LIBS)
|
||||
+ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(LDFLAGS_SHARED) $^ $(LIBS)
|
||||
|
||||
install: all
|
||||
$(INSTALL) -d -m 755 $(LIBDIR)
|
||||
diff --git a/pppd/plugins/pppol2tp/Makefile.linux b/pppd/plugins/pppol2tp/Makefile.linux
|
||||
index 9cb316d..7b23b25 100644
|
||||
--- a/pppd/plugins/pppol2tp/Makefile.linux
|
||||
+++ b/pppd/plugins/pppol2tp/Makefile.linux
|
||||
@@ -1,7 +1,7 @@
|
||||
#CC = gcc
|
||||
COPTS = $(RPM_OPT_FLAGS) -DHAVE_MULTILINK
|
||||
CFLAGS = $(COPTS) -I. -I../.. -I../../../include -fPIC
|
||||
-LDFLAGS = -shared
|
||||
+LDFLAGS_SHARED = -shared
|
||||
INSTALL = install
|
||||
|
||||
#***********************************************************************
|
||||
@@ -16,7 +16,7 @@ PLUGINS := pppol2tp.so openl2tp.so
|
||||
all: $(PLUGINS)
|
||||
|
||||
%.so: %.o
|
||||
- $(CC) $(CFLAGS) -o $@ -shared $^ $(LIBS)
|
||||
+ $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(LDFLAGS_SHARED) $^ $(LIBS)
|
||||
|
||||
install: all
|
||||
$(INSTALL) -d -m 755 $(LIBDIR)
|
||||
diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux
|
||||
index 707326b..2150332 100644
|
||||
--- a/pppd/plugins/radius/Makefile.linux
|
||||
+++ b/pppd/plugins/radius/Makefile.linux
|
||||
@@ -43,13 +43,13 @@ install: all
|
||||
$(INSTALL) -c -m 444 pppd-radattr.8 $(MANDIR)
|
||||
|
||||
radius.so: radius.o libradiusclient.a
|
||||
- $(CC) -o radius.so -shared radius.o libradiusclient.a
|
||||
+ $(CC) $(LDFLAGS) -o radius.so -shared radius.o libradiusclient.a
|
||||
|
||||
radattr.so: radattr.o
|
||||
- $(CC) -o radattr.so -shared radattr.o
|
||||
+ $(CC) $(LDFLAGS) -o radattr.so -shared radattr.o
|
||||
|
||||
radrealms.so: radrealms.o
|
||||
- $(CC) -o radrealms.so -shared radrealms.o
|
||||
+ $(CC) $(LDFLAGS) -o radrealms.so -shared radrealms.o
|
||||
|
||||
CLIENTOBJS = avpair.o buildreq.o config.o dict.o ip_util.o \
|
||||
clientid.o sendserver.o lock.o util.o md5.o
|
||||
diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux
|
||||
index fa49efb..5e06b52 100644
|
||||
--- a/pppd/plugins/rp-pppoe/Makefile.linux
|
||||
+++ b/pppd/plugins/rp-pppoe/Makefile.linux
|
||||
@@ -31,7 +31,7 @@ CFLAGS=$(COPTS) -I../../../include '-DRP_VERSION="$(RP_VERSION)"'
|
||||
all: rp-pppoe.so pppoe-discovery
|
||||
|
||||
pppoe-discovery: pppoe-discovery.o debug.o common.o
|
||||
- $(CC) -o pppoe-discovery pppoe-discovery.o debug.o -ludev
|
||||
+ $(CC) $(LDFLAGS) -o pppoe-discovery pppoe-discovery.o debug.o -ludev
|
||||
|
||||
pppoe-discovery.o: pppoe-discovery.c
|
||||
$(CC) $(CFLAGS) -c -o pppoe-discovery.o pppoe-discovery.c
|
||||
@@ -40,7 +40,7 @@ debug.o: debug.c
|
||||
$(CC) $(CFLAGS) -c -o debug.o debug.c
|
||||
|
||||
rp-pppoe.so: plugin.o discovery.o if.o common.o
|
||||
- $(CC) -o rp-pppoe.so -shared plugin.o discovery.o if.o common.o
|
||||
+ $(CC) $(LDFLAGS) -o rp-pppoe.so -shared plugin.o discovery.o if.o common.o
|
||||
|
||||
install: all
|
||||
$(INSTALL) -d -m 755 $(LIBDIR)
|
||||
diff --git a/pppdump/Makefile.linux b/pppdump/Makefile.linux
|
||||
index 95c6805..33e5107 100644
|
||||
--- a/pppdump/Makefile.linux
|
||||
+++ b/pppdump/Makefile.linux
|
||||
@@ -10,7 +10,7 @@ INSTALL= install
|
||||
all: pppdump
|
||||
|
||||
pppdump: $(OBJS)
|
||||
- $(CC) -o pppdump $(OBJS)
|
||||
+ $(CC) $(LDFLAGS) -o pppdump $(OBJS)
|
||||
|
||||
clean:
|
||||
rm -f pppdump $(OBJS) *~
|
||||
diff --git a/pppstats/Makefile.linux b/pppstats/Makefile.linux
|
||||
index c5ba3b1..eeccf83 100644
|
||||
--- a/pppstats/Makefile.linux
|
||||
+++ b/pppstats/Makefile.linux
|
||||
@@ -26,7 +26,7 @@ install: pppstats
|
||||
$(INSTALL) -c -m 444 pppstats.8 $(MANDIR)
|
||||
|
||||
pppstats: $(PPPSTATSRCS)
|
||||
- $(CC) $(CFLAGS) -o pppstats pppstats.c $(LIBS)
|
||||
+ $(CC) $(CFLAGS) $(LDFLAGS) -o pppstats pppstats.c $(LIBS)
|
||||
|
||||
clean:
|
||||
rm -f pppstats *~ #* core
|
@ -23,7 +23,7 @@ index 0e8107f..534ccc2 100644
|
||||
+ $(INSTALL) -c -m 644 pppd.8 $(MANDIR)
|
||||
|
||||
pppd: $(PPPDOBJS)
|
||||
$(CC) $(CFLAGS) $(LDFLAGS) -o pppd $(PPPDOBJS) $(LIBS)
|
||||
$(CC) $(CFLAGS) $(LDFLAGS) $(LDFLAGS_PLUGIN) -o pppd $(PPPDOBJS) $(LIBS)
|
||||
--
|
||||
1.8.3.1
|
||||
|
@ -14,7 +14,7 @@ index 4271af6..9e957fa 100644
|
||||
--- a/pppd/auth.c
|
||||
+++ b/pppd/auth.c
|
||||
@@ -428,7 +428,7 @@ setupapfile(argv)
|
||||
option_error("unable to reset uid before opening %s: %m", fname);
|
||||
free(fname);
|
||||
return 0;
|
||||
}
|
||||
- ufile = fopen(fname, "r");
|
@ -1,24 +1,8 @@
|
||||
From 69711944745af0078da77e108d30f89fd7e06108 Mon Sep 17 00:00:00 2001
|
||||
From: Michal Sekletar <msekleta@redhat.com>
|
||||
Date: Fri, 4 Apr 2014 12:01:33 +0200
|
||||
Subject: [PATCH 05/27] build-sys: don't hardcode LIBDIR, but set it according
|
||||
to the target platform
|
||||
|
||||
---
|
||||
pppd/Makefile.linux | 3 ++-
|
||||
pppd/pathnames.h | 2 +-
|
||||
pppd/plugins/Makefile.linux | 2 +-
|
||||
pppd/plugins/pppoatm/Makefile.linux | 2 +-
|
||||
pppd/plugins/pppol2tp/Makefile.linux | 4 ++--
|
||||
pppd/plugins/radius/Makefile.linux | 2 +-
|
||||
pppd/plugins/rp-pppoe/Makefile.linux | 2 +-
|
||||
7 files changed, 9 insertions(+), 8 deletions(-)
|
||||
|
||||
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
|
||||
index 63872eb..8ed56c1 100644
|
||||
index 6a4b897..8f29c1f 100644
|
||||
--- a/pppd/Makefile.linux
|
||||
+++ b/pppd/Makefile.linux
|
||||
@@ -8,6 +8,7 @@ DESTDIR = $(INSTROOT)@DESTDIR@
|
||||
@@ -12,6 +12,7 @@ DESTDIR = $(INSTROOT)@DESTDIR@
|
||||
BINDIR = $(DESTDIR)/sbin
|
||||
MANDIR = $(DESTDIR)/share/man/man8
|
||||
INCDIR = $(DESTDIR)/include
|
||||
@ -26,20 +10,20 @@ index 63872eb..8ed56c1 100644
|
||||
|
||||
TARGETS = pppd
|
||||
|
||||
@@ -32,7 +33,7 @@ endif
|
||||
@@ -93,7 +94,7 @@ INCLUDE_DIRS= -I../include
|
||||
|
||||
CC = gcc
|
||||
#
|
||||
-COPTS = -Wall $(RPM_OPT_FLAGS)
|
||||
+COPTS = -Wall $(RPM_OPT_FLAGS) -DLIBDIR=\""$(LIBDIR)"\"
|
||||
COMPILE_FLAGS= -DHAVE_PATHS_H -DIPX_CHANGE -DHAVE_MMAP -pipe
|
||||
|
||||
# Uncomment the next 2 lines to include support for Microsoft's
|
||||
# MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux.
|
||||
-CFLAGS= $(COPTS) $(COMPILE_FLAGS) $(INCLUDE_DIRS) '-DDESTDIR="@DESTDIR@"'
|
||||
+CFLAGS= $(COPTS) $(COMPILE_FLAGS) $(INCLUDE_DIRS) '-DDESTDIR="@DESTDIR@"' -DLIBDIR=\""$(LIBDIR)"\"
|
||||
|
||||
ifdef CHAPMS
|
||||
CFLAGS += -DCHAPMS=1
|
||||
diff --git a/pppd/pathnames.h b/pppd/pathnames.h
|
||||
index a33f046..a427cb8 100644
|
||||
index 524d608..c7eadbb 100644
|
||||
--- a/pppd/pathnames.h
|
||||
+++ b/pppd/pathnames.h
|
||||
@@ -57,7 +57,7 @@
|
||||
@@ -62,7 +62,7 @@
|
||||
|
||||
#ifdef PLUGIN
|
||||
#ifdef __STDC__
|
||||
@ -49,24 +33,24 @@ index a33f046..a427cb8 100644
|
||||
#define _PATH_PLUGIN "/usr/lib/pppd"
|
||||
#endif /* __STDC__ */
|
||||
diff --git a/pppd/plugins/Makefile.linux b/pppd/plugins/Makefile.linux
|
||||
index e09a369..b474a19 100644
|
||||
index 6403e3d..f42d18c 100644
|
||||
--- a/pppd/plugins/Makefile.linux
|
||||
+++ b/pppd/plugins/Makefile.linux
|
||||
@@ -7,7 +7,7 @@ INSTALL = install
|
||||
@@ -5,7 +5,7 @@ COPTS=@CFLAGS@
|
||||
DESTDIR = $(INSTROOT)@DESTDIR@
|
||||
BINDIR = $(DESTDIR)/sbin
|
||||
MANDIR = $(DESTDIR)/share/man/man8
|
||||
-LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION)
|
||||
+LIBDIR = $(DESTDIR)/lib/$(shell $(CC) -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION)
|
||||
+LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION)
|
||||
|
||||
SUBDIRS := rp-pppoe pppoatm pppol2tp
|
||||
# Uncomment the next line to include the radius authentication plugin
|
||||
CFLAGS = $(COPTS) -I.. -I../../include -fPIC
|
||||
LDFLAGS_SHARED = -shared
|
||||
diff --git a/pppd/plugins/pppoatm/Makefile.linux b/pppd/plugins/pppoatm/Makefile.linux
|
||||
index 5a81447..769794b 100644
|
||||
index d3a8086..c2aff0c 100644
|
||||
--- a/pppd/plugins/pppoatm/Makefile.linux
|
||||
+++ b/pppd/plugins/pppoatm/Makefile.linux
|
||||
@@ -7,7 +7,7 @@ INSTALL = install
|
||||
#***********************************************************************
|
||||
@@ -4,7 +4,7 @@ CC=$(CROSS_COMPILE)@CC@
|
||||
COPTS=@CFLAGS@
|
||||
|
||||
DESTDIR = $(INSTROOT)@DESTDIR@
|
||||
-LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION)
|
||||
@ -74,39 +58,11 @@ index 5a81447..769794b 100644
|
||||
|
||||
VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
|
||||
|
||||
diff --git a/pppd/plugins/pppol2tp/Makefile.linux b/pppd/plugins/pppol2tp/Makefile.linux
|
||||
index ea3538e..4339566 100644
|
||||
--- a/pppd/plugins/pppol2tp/Makefile.linux
|
||||
+++ b/pppd/plugins/pppol2tp/Makefile.linux
|
||||
@@ -6,8 +6,8 @@ INSTALL = install
|
||||
|
||||
#***********************************************************************
|
||||
|
||||
-DESTDIR = @DESTDIR@
|
||||
-LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION)
|
||||
+DESTDIR = $(INSTROOT)@DESTDIR@
|
||||
+LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION)
|
||||
|
||||
VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
|
||||
|
||||
diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux
|
||||
index 45b3b8d..179d0b7 100644
|
||||
--- a/pppd/plugins/radius/Makefile.linux
|
||||
+++ b/pppd/plugins/radius/Makefile.linux
|
||||
@@ -5,7 +5,7 @@
|
||||
|
||||
DESTDIR = $(INSTROOT)@DESTDIR@
|
||||
MANDIR = $(DESTDIR)/share/man/man8
|
||||
-LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION)
|
||||
+LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION)
|
||||
|
||||
VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
|
||||
|
||||
diff --git a/pppd/plugins/rp-pppoe/Makefile.linux b/pppd/plugins/rp-pppoe/Makefile.linux
|
||||
index 352991a..1305ed8 100644
|
||||
--- a/pppd/plugins/rp-pppoe/Makefile.linux
|
||||
+++ b/pppd/plugins/rp-pppoe/Makefile.linux
|
||||
@@ -16,7 +16,7 @@
|
||||
diff --git a/pppd/plugins/pppoe/Makefile.linux b/pppd/plugins/pppoe/Makefile.linux
|
||||
index c415ce3..d3b7392 100644
|
||||
--- a/pppd/plugins/pppoe/Makefile.linux
|
||||
+++ b/pppd/plugins/pppoe/Makefile.linux
|
||||
@@ -18,7 +18,7 @@ COPTS=@CFLAGS@
|
||||
|
||||
DESTDIR = $(INSTROOT)@DESTDIR@
|
||||
BINDIR = $(DESTDIR)/sbin
|
||||
@ -115,6 +71,29 @@ index 352991a..1305ed8 100644
|
||||
|
||||
PPPDVERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
|
||||
|
||||
--
|
||||
1.8.3.1
|
||||
diff --git a/pppd/plugins/pppol2tp/Makefile.linux b/pppd/plugins/pppol2tp/Makefile.linux
|
||||
index 1aa1c0b..e4442f9 100644
|
||||
--- a/pppd/plugins/pppol2tp/Makefile.linux
|
||||
+++ b/pppd/plugins/pppol2tp/Makefile.linux
|
||||
@@ -4,7 +4,7 @@ CC=$(CROSS_COMPILE)@CC@
|
||||
COPTS=@CFLAGS@
|
||||
|
||||
DESTDIR = $(INSTROOT)/@DESTDIR@
|
||||
-LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION)
|
||||
+LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION)
|
||||
|
||||
VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
|
||||
|
||||
diff --git a/pppd/plugins/radius/Makefile.linux b/pppd/plugins/radius/Makefile.linux
|
||||
index 489aef2..d2ef044 100644
|
||||
--- a/pppd/plugins/radius/Makefile.linux
|
||||
+++ b/pppd/plugins/radius/Makefile.linux
|
||||
@@ -9,7 +9,7 @@ COPTS=@CFLAGS@
|
||||
|
||||
DESTDIR = $(INSTROOT)@DESTDIR@
|
||||
MANDIR = $(DESTDIR)/share/man/man8
|
||||
-LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION)
|
||||
+LIBDIR = $(DESTDIR)/lib/$(shell gcc -print-multi-os-directory 2> /dev/null)/pppd/$(VERSION)
|
||||
|
||||
VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
|
||||
|
21
ppp-2.4.9-config.patch
Normal file
21
ppp-2.4.9-config.patch
Normal file
@ -0,0 +1,21 @@
|
||||
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
|
||||
index e77373e..07df6a7 100644
|
||||
--- a/pppd/Makefile.linux
|
||||
+++ b/pppd/Makefile.linux
|
||||
@@ -68,14 +68,14 @@ USE_TDB=y
|
||||
#SYSTEMD=y
|
||||
|
||||
HAS_SHADOW=y
|
||||
-#USE_PAM=y
|
||||
+USE_PAM=y
|
||||
HAVE_INET6=y
|
||||
|
||||
# Enable plugins
|
||||
PLUGIN=y
|
||||
|
||||
# Enable Microsoft proprietary Callback Control Protocol
|
||||
-#CBCP=y
|
||||
+CBCP=y
|
||||
|
||||
# Enable EAP SRP-SHA1 authentication (requires libsrp)
|
||||
#USE_SRP=y
|
17
ppp-2.4.9-configure-cflags-allow-commas.patch
Normal file
17
ppp-2.4.9-configure-cflags-allow-commas.patch
Normal file
@ -0,0 +1,17 @@
|
||||
diff --git a/configure b/configure
|
||||
index f977663..c7031c2 100755
|
||||
--- a/configure
|
||||
+++ b/configure
|
||||
@@ -121,9 +121,9 @@ mkmkf() {
|
||||
rm -f $2
|
||||
if [ -f $1 ]; then
|
||||
echo " $2 <= $1"
|
||||
- sed -e "s,@DESTDIR@,$DESTDIR,g" -e "s,@SYSCONF@,$SYSCONF,g" \
|
||||
- -e "s,@CROSS_COMPILE@,$CROSS_COMPILE,g" -e "s,@CC@,$CC,g" \
|
||||
- -e "s,@CFLAGS@,$CFLAGS,g" $1 >$2
|
||||
+ sed -e "s|@DESTDIR@|$DESTDIR|g" -e "s|@SYSCONF@|$SYSCONF|g" \
|
||||
+ -e "s|@CROSS_COMPILE@|$CROSS_COMPILE|g" -e "s|@CC@|$CC|g" \
|
||||
+ -e "s|@CFLAGS@|$CFLAGS|g" $1 >$2
|
||||
fi
|
||||
}
|
||||
|
@ -43,8 +43,8 @@ index 6d50d1b..4880377 100644
|
||||
if (log_to_fd >= 0)
|
||||
errfd = log_to_fd;
|
||||
else
|
||||
- errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0600);
|
||||
+ errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT | O_CLOEXEC, 0600);
|
||||
- errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0644);
|
||||
+ errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT | O_CLOEXEC, 0644);
|
||||
|
||||
++conn_running;
|
||||
pid = safe_fork(in, out, errfd);
|
||||
@ -146,9 +146,9 @@ index 8a12fa0..00a2cf5 100644
|
||||
#endif
|
||||
- if ((sfd = open(pty_name, O_RDWR | O_NOCTTY)) < 0)
|
||||
+ if ((sfd = open(pty_name, O_RDWR | O_NOCTTY | O_CLOEXEC)) < 0)
|
||||
{
|
||||
warn("Couldn't open pty slave %s: %m", pty_name);
|
||||
}
|
||||
}
|
||||
close(mfd);
|
||||
@@ -2592,10 +2592,10 @@ get_pty(master_fdp, slave_fdp, slave_name, uid)
|
||||
for (i = 0; i < 64; ++i) {
|
||||
slprintf(pty_name, sizeof(pty_name), "/dev/pty%c%x",
|
@ -0,0 +1,898 @@
|
||||
From d706c95906d996534f13632a747af5dc617f306e Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Eivind=20N=C3=A6ss?= <eivnaes@yahoo.com>
|
||||
Date: Sat, 24 Apr 2021 03:00:34 -0700
|
||||
Subject: [PATCH] pppd: Expose the MPPE keys generated through an API (#267)
|
||||
|
||||
The lengthy part of this fix is to refactor the handling of MPPE keys
|
||||
by moving it into mppe.c and thus reducing the clutter in chap_ms.c.
|
||||
It does so by renaming the mppe_set_keys/2 to the corresponding
|
||||
mppe_set_chapv1/mppe_set_chapv2 versions and updates callers of these
|
||||
functions.
|
||||
|
||||
Having done so, it conveniently allows the name "mppe_set_keys" to be
|
||||
re-used for this new purpose which will copy the key material up to
|
||||
its size and then clear the input parameters (avoids leaving the MPPE
|
||||
keys on the stack).
|
||||
|
||||
Additional functiions added to the MPPE code allow plugins et al. to
|
||||
access the MPPE keys, clear the keys, and check if they are set. All
|
||||
plugin and CCP code has been updated to use this API.
|
||||
|
||||
This fixes GitHub Issue #258
|
||||
|
||||
Signed-off-by: Eivind Naess <eivnaes@yahoo.com>
|
||||
---
|
||||
pppd/Makefile.linux | 2 +
|
||||
pppd/Makefile.sol2 | 2 +-
|
||||
pppd/ccp.c | 15 +--
|
||||
pppd/chap_ms.c | 167 +----------------------
|
||||
pppd/chap_ms.h | 22 +---
|
||||
pppd/eap-tls.c | 21 +--
|
||||
pppd/eap-tls.h | 5 -
|
||||
pppd/mppe.c | 248 +++++++++++++++++++++++++++++++++++
|
||||
pppd/mppe.h | 70 +++++++++-
|
||||
pppd/plugins/radius/radius.c | 14 +-
|
||||
pppd/plugins/winbind.c | 8 +-
|
||||
11 files changed, 348 insertions(+), 226 deletions(-)
|
||||
create mode 100644 pppd/mppe.c
|
||||
|
||||
diff --git a/pppd/Makefile.linux b/pppd/Makefile.linux
|
||||
index f92f7c0..852945e 100644
|
||||
--- a/pppd/Makefile.linux
|
||||
+++ b/pppd/Makefile.linux
|
||||
@@ -109,6 +109,8 @@ CFLAGS += -DMSLANMAN=1
|
||||
endif
|
||||
ifdef MPPE
|
||||
CFLAGS += -DMPPE=1
|
||||
+PPPDOBJS += mppe.o
|
||||
+PPPDSRC += mppe.c
|
||||
HEADERS += mppe.h
|
||||
endif
|
||||
endif
|
||||
diff --git a/pppd/Makefile.sol2 b/pppd/Makefile.sol2
|
||||
index 809cb4b..3a8681c 100644
|
||||
--- a/pppd/Makefile.sol2
|
||||
+++ b/pppd/Makefile.sol2
|
||||
@@ -37,7 +37,7 @@ OBJS += ipv6cp.o eui64.o
|
||||
|
||||
# Uncomment to enable MS-CHAP
|
||||
CFLAGS += -DUSE_CRYPT -DCHAPMS -DMSLANMAN -DHAVE_CRYPT_H
|
||||
-OBJS += chap_ms.o pppcrypt.o md4.o sha1.o
|
||||
+OBJS += chap_ms.o pppcrypt.o md4.o sha1.o mppe.o
|
||||
|
||||
# Uncomment to enable MPPE (in both CHAP and EAP-TLS)
|
||||
CFLAGS += -DMPPE
|
||||
diff --git a/pppd/ccp.c b/pppd/ccp.c
|
||||
index 052c4c6..387b571 100644
|
||||
--- a/pppd/ccp.c
|
||||
+++ b/pppd/ccp.c
|
||||
@@ -38,10 +38,9 @@
|
||||
#include "ccp.h"
|
||||
#include <net/ppp-comp.h>
|
||||
|
||||
-#ifdef MPPE
|
||||
-#include "chap_ms.h" /* mppe_xxxx_key, mppe_keys_set */
|
||||
+#include "chap_ms.h"
|
||||
+#include "mppe.h"
|
||||
#include "lcp.h" /* lcp_close(), lcp_fsm */
|
||||
-#endif
|
||||
|
||||
|
||||
/*
|
||||
@@ -574,7 +573,7 @@ ccp_resetci(fsm *f)
|
||||
}
|
||||
|
||||
/* A plugin (eg radius) may not have obtained key material. */
|
||||
- if (!mppe_keys_set) {
|
||||
+ if (!mppe_keys_isset()) {
|
||||
error("MPPE required, but keys are not available. "
|
||||
"Possible plugin problem?");
|
||||
lcp_close(f->unit, "MPPE required but not available");
|
||||
@@ -705,7 +704,7 @@ static void
|
||||
p[1] = opt_buf[1] = CILEN_MPPE;
|
||||
MPPE_OPTS_TO_CI(go->mppe, &p[2]);
|
||||
MPPE_OPTS_TO_CI(go->mppe, &opt_buf[2]);
|
||||
- BCOPY(mppe_recv_key, &opt_buf[CILEN_MPPE], MPPE_MAX_KEY_LEN);
|
||||
+ mppe_get_recv_key(&opt_buf[CILEN_MPPE], MPPE_MAX_KEY_LEN);
|
||||
res = ccp_test(f->unit, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN, 0);
|
||||
if (res > 0)
|
||||
p += CILEN_MPPE;
|
||||
@@ -1156,8 +1155,7 @@ ccp_reqci(fsm *f, u_char *p, int *lenp, int dont_nak)
|
||||
int mtu;
|
||||
|
||||
BCOPY(p, opt_buf, CILEN_MPPE);
|
||||
- BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE],
|
||||
- MPPE_MAX_KEY_LEN);
|
||||
+ mppe_get_send_key(&opt_buf[CILEN_MPPE], MPPE_MAX_KEY_LEN);
|
||||
if (ccp_test(f->unit, opt_buf,
|
||||
CILEN_MPPE + MPPE_MAX_KEY_LEN, 1) <= 0) {
|
||||
/* This shouldn't happen, we've already tested it! */
|
||||
@@ -1426,8 +1424,7 @@ ccp_up(fsm *f)
|
||||
notice("%s transmit compression enabled", method_name(ho, NULL));
|
||||
#ifdef MPPE
|
||||
if (go->mppe) {
|
||||
- BZERO(mppe_recv_key, MPPE_MAX_KEY_LEN);
|
||||
- BZERO(mppe_send_key, MPPE_MAX_KEY_LEN);
|
||||
+ mppe_clear_keys();
|
||||
continue_networks(f->unit); /* Bring up IP et al */
|
||||
}
|
||||
#endif
|
||||
diff --git a/pppd/chap_ms.c b/pppd/chap_ms.c
|
||||
index df2dadd..d315ab4 100644
|
||||
--- a/pppd/chap_ms.c
|
||||
+++ b/pppd/chap_ms.c
|
||||
@@ -93,8 +93,7 @@
|
||||
#include "sha1.h"
|
||||
#include "pppcrypt.h"
|
||||
#include "magic.h"
|
||||
-
|
||||
-
|
||||
+#include "mppe.h"
|
||||
|
||||
static void ascii2unicode (char[], int, u_char[]);
|
||||
static void NTPasswordHash (u_char *, int, u_char[MD4_SIGNATURE_SIZE]);
|
||||
@@ -109,21 +108,12 @@ static void GenerateAuthenticatorResponsePlain
|
||||
static void ChapMS_LANMan (u_char *, char *, int, u_char *);
|
||||
#endif
|
||||
|
||||
-#ifdef MPPE
|
||||
-static void Set_Start_Key (u_char *, char *, int);
|
||||
-static void SetMasterKeys (char *, int, u_char[24], int);
|
||||
-#endif
|
||||
-
|
||||
#ifdef MSLANMAN
|
||||
bool ms_lanman = 0; /* Use LanMan password instead of NT */
|
||||
/* Has meaning only with MS-CHAP challenges */
|
||||
#endif
|
||||
|
||||
#ifdef MPPE
|
||||
-u_char mppe_send_key[MPPE_MAX_KEY_LEN];
|
||||
-u_char mppe_recv_key[MPPE_MAX_KEY_LEN];
|
||||
-int mppe_keys_set = 0; /* Have the MPPE keys been set? */
|
||||
-
|
||||
#ifdef DEBUGMPPEKEY
|
||||
/* For MPPE debug */
|
||||
/* Use "[]|}{?/><,`!2&&(" (sans quotes) for RFC 3079 MS-CHAPv2 test value */
|
||||
@@ -719,28 +709,6 @@ GenerateAuthenticatorResponsePlain
|
||||
|
||||
|
||||
#ifdef MPPE
|
||||
-/*
|
||||
- * Set mppe_xxxx_key from the NTPasswordHashHash.
|
||||
- * RFC 2548 (RADIUS support) requires us to export this function (ugh).
|
||||
- */
|
||||
-void
|
||||
-mppe_set_keys(u_char *rchallenge, u_char PasswordHashHash[MD4_SIGNATURE_SIZE])
|
||||
-{
|
||||
- SHA1_CTX sha1Context;
|
||||
- u_char Digest[SHA1_SIGNATURE_SIZE]; /* >= MPPE_MAX_KEY_LEN */
|
||||
-
|
||||
- SHA1_Init(&sha1Context);
|
||||
- SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
|
||||
- SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
|
||||
- SHA1_Update(&sha1Context, rchallenge, 8);
|
||||
- SHA1_Final(Digest, &sha1Context);
|
||||
-
|
||||
- /* Same key in both directions. */
|
||||
- BCOPY(Digest, mppe_send_key, sizeof(mppe_send_key));
|
||||
- BCOPY(Digest, mppe_recv_key, sizeof(mppe_recv_key));
|
||||
-
|
||||
- mppe_keys_set = 1;
|
||||
-}
|
||||
|
||||
/*
|
||||
* Set mppe_xxxx_key from MS-CHAP credentials. (see RFC 3079)
|
||||
@@ -757,104 +725,7 @@ Set_Start_Key(u_char *rchallenge, char *secret, int secret_len)
|
||||
NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash);
|
||||
NTPasswordHash(PasswordHash, sizeof(PasswordHash), PasswordHashHash);
|
||||
|
||||
- mppe_set_keys(rchallenge, PasswordHashHash);
|
||||
-}
|
||||
-
|
||||
-/*
|
||||
- * Set mppe_xxxx_key from MS-CHAPv2 credentials. (see RFC 3079)
|
||||
- *
|
||||
- * This helper function used in the Winbind module, which gets the
|
||||
- * NTHashHash from the server.
|
||||
- */
|
||||
-void
|
||||
-mppe_set_keys2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
|
||||
- u_char NTResponse[24], int IsServer)
|
||||
-{
|
||||
- SHA1_CTX sha1Context;
|
||||
- u_char MasterKey[SHA1_SIGNATURE_SIZE]; /* >= MPPE_MAX_KEY_LEN */
|
||||
- u_char Digest[SHA1_SIGNATURE_SIZE]; /* >= MPPE_MAX_KEY_LEN */
|
||||
-
|
||||
- u_char SHApad1[40] =
|
||||
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
|
||||
- u_char SHApad2[40] =
|
||||
- { 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
|
||||
- 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
|
||||
- 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
|
||||
- 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2 };
|
||||
-
|
||||
- /* "This is the MPPE Master Key" */
|
||||
- u_char Magic1[27] =
|
||||
- { 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74,
|
||||
- 0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d,
|
||||
- 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79 };
|
||||
- /* "On the client side, this is the send key; "
|
||||
- "on the server side, it is the receive key." */
|
||||
- u_char Magic2[84] =
|
||||
- { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
|
||||
- 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
|
||||
- 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
|
||||
- 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79,
|
||||
- 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73,
|
||||
- 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 0x69, 0x64, 0x65,
|
||||
- 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
|
||||
- 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
|
||||
- 0x6b, 0x65, 0x79, 0x2e };
|
||||
- /* "On the client side, this is the receive key; "
|
||||
- "on the server side, it is the send key." */
|
||||
- u_char Magic3[84] =
|
||||
- { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
|
||||
- 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
|
||||
- 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
|
||||
- 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
|
||||
- 0x6b, 0x65, 0x79, 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68,
|
||||
- 0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73,
|
||||
- 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73,
|
||||
- 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20,
|
||||
- 0x6b, 0x65, 0x79, 0x2e };
|
||||
- u_char *s;
|
||||
-
|
||||
- SHA1_Init(&sha1Context);
|
||||
- SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
|
||||
- SHA1_Update(&sha1Context, NTResponse, 24);
|
||||
- SHA1_Update(&sha1Context, Magic1, sizeof(Magic1));
|
||||
- SHA1_Final(MasterKey, &sha1Context);
|
||||
-
|
||||
- /*
|
||||
- * generate send key
|
||||
- */
|
||||
- if (IsServer)
|
||||
- s = Magic3;
|
||||
- else
|
||||
- s = Magic2;
|
||||
- SHA1_Init(&sha1Context);
|
||||
- SHA1_Update(&sha1Context, MasterKey, 16);
|
||||
- SHA1_Update(&sha1Context, SHApad1, sizeof(SHApad1));
|
||||
- SHA1_Update(&sha1Context, s, 84);
|
||||
- SHA1_Update(&sha1Context, SHApad2, sizeof(SHApad2));
|
||||
- SHA1_Final(Digest, &sha1Context);
|
||||
-
|
||||
- BCOPY(Digest, mppe_send_key, sizeof(mppe_send_key));
|
||||
-
|
||||
- /*
|
||||
- * generate recv key
|
||||
- */
|
||||
- if (IsServer)
|
||||
- s = Magic2;
|
||||
- else
|
||||
- s = Magic3;
|
||||
- SHA1_Init(&sha1Context);
|
||||
- SHA1_Update(&sha1Context, MasterKey, 16);
|
||||
- SHA1_Update(&sha1Context, SHApad1, sizeof(SHApad1));
|
||||
- SHA1_Update(&sha1Context, s, 84);
|
||||
- SHA1_Update(&sha1Context, SHApad2, sizeof(SHApad2));
|
||||
- SHA1_Final(Digest, &sha1Context);
|
||||
-
|
||||
- BCOPY(Digest, mppe_recv_key, sizeof(mppe_recv_key));
|
||||
-
|
||||
- mppe_keys_set = 1;
|
||||
+ mppe_set_chapv1(rchallenge, PasswordHashHash);
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -870,7 +741,7 @@ SetMasterKeys(char *secret, int secret_len, u_char NTResponse[24], int IsServer)
|
||||
ascii2unicode(secret, secret_len, unicodePassword);
|
||||
NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash);
|
||||
NTPasswordHash(PasswordHash, sizeof(PasswordHash), PasswordHashHash);
|
||||
- mppe_set_keys2(PasswordHashHash, NTResponse, IsServer);
|
||||
+ mppe_set_chapv2(PasswordHashHash, NTResponse, IsServer);
|
||||
}
|
||||
|
||||
#endif /* MPPE */
|
||||
@@ -945,38 +816,6 @@ ChapMS2(u_char *rchallenge, u_char *PeerChallenge,
|
||||
#endif
|
||||
}
|
||||
|
||||
-#ifdef MPPE
|
||||
-/*
|
||||
- * Set MPPE options from plugins.
|
||||
- */
|
||||
-void
|
||||
-set_mppe_enc_types(int policy, int types)
|
||||
-{
|
||||
- /* Early exit for unknown policies. */
|
||||
- if (policy != MPPE_ENC_POL_ENC_ALLOWED &&
|
||||
- policy != MPPE_ENC_POL_ENC_REQUIRED)
|
||||
- return;
|
||||
-
|
||||
- /* Don't modify MPPE if it's optional and wasn't already configured. */
|
||||
- if (policy == MPPE_ENC_POL_ENC_ALLOWED && !ccp_wantoptions[0].mppe)
|
||||
- return;
|
||||
-
|
||||
- /*
|
||||
- * Disable undesirable encryption types. Note that we don't ENABLE
|
||||
- * any encryption types, to avoid overriding manual configuration.
|
||||
- */
|
||||
- switch(types) {
|
||||
- case MPPE_ENC_TYPES_RC4_40:
|
||||
- ccp_wantoptions[0].mppe &= ~MPPE_OPT_128; /* disable 128-bit */
|
||||
- break;
|
||||
- case MPPE_ENC_TYPES_RC4_128:
|
||||
- ccp_wantoptions[0].mppe &= ~MPPE_OPT_40; /* disable 40-bit */
|
||||
- break;
|
||||
- default:
|
||||
- break;
|
||||
- }
|
||||
-}
|
||||
-#endif /* MPPE */
|
||||
|
||||
static struct chap_digest_type chapms_digest = {
|
||||
CHAP_MICROSOFT, /* code */
|
||||
diff --git a/pppd/chap_ms.h b/pppd/chap_ms.h
|
||||
index 005eb63..4e6a621 100644
|
||||
--- a/pppd/chap_ms.h
|
||||
+++ b/pppd/chap_ms.h
|
||||
@@ -38,6 +38,7 @@
|
||||
#define MS_CHAP_RESPONSE_LEN 49 /* Response length for MS-CHAP */
|
||||
#define MS_CHAP2_RESPONSE_LEN 49 /* Response length for MS-CHAPv2 */
|
||||
#define MS_AUTH_RESPONSE_LENGTH 40 /* MS-CHAPv2 authenticator response, */
|
||||
+#define MS_AUTH_NTRESP_LEN 24 /* Length of NT-response field */
|
||||
/* as ASCII */
|
||||
|
||||
/* E=eeeeeeeeee error codes for MS-CHAP failure messages. */
|
||||
@@ -67,22 +68,6 @@
|
||||
#define MS_CHAP2_NTRESP_LEN 24
|
||||
#define MS_CHAP2_FLAGS 48
|
||||
|
||||
-#ifdef MPPE
|
||||
-#include "mppe.h" /* MPPE_MAX_KEY_LEN */
|
||||
-extern u_char mppe_send_key[MPPE_MAX_KEY_LEN];
|
||||
-extern u_char mppe_recv_key[MPPE_MAX_KEY_LEN];
|
||||
-extern int mppe_keys_set;
|
||||
-
|
||||
-/* These values are the RADIUS attribute values--see RFC 2548. */
|
||||
-#define MPPE_ENC_POL_ENC_ALLOWED 1
|
||||
-#define MPPE_ENC_POL_ENC_REQUIRED 2
|
||||
-#define MPPE_ENC_TYPES_RC4_40 2
|
||||
-#define MPPE_ENC_TYPES_RC4_128 4
|
||||
-
|
||||
-/* used by plugins (using above values) */
|
||||
-extern void set_mppe_enc_types(int, int);
|
||||
-#endif
|
||||
-
|
||||
/* Are we the authenticator or authenticatee? For MS-CHAPv2 key derivation. */
|
||||
#define MS_CHAP2_AUTHENTICATEE 0
|
||||
#define MS_CHAP2_AUTHENTICATOR 1
|
||||
@@ -90,11 +75,6 @@ extern void set_mppe_enc_types(int, int);
|
||||
void ChapMS (u_char *, char *, int, u_char *);
|
||||
void ChapMS2 (u_char *, u_char *, char *, char *, int,
|
||||
u_char *, u_char[MS_AUTH_RESPONSE_LENGTH+1], int);
|
||||
-#ifdef MPPE
|
||||
-void mppe_set_keys (u_char *, u_char[MD4_SIGNATURE_SIZE]);
|
||||
-void mppe_set_keys2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
|
||||
- u_char NTResponse[24], int IsServer);
|
||||
-#endif
|
||||
|
||||
void ChallengeHash (u_char[16], u_char *, char *, u_char[8]);
|
||||
|
||||
diff --git a/pppd/eap-tls.c b/pppd/eap-tls.c
|
||||
index 5c202c7..bfcf199 100644
|
||||
--- a/pppd/eap-tls.c
|
||||
+++ b/pppd/eap-tls.c
|
||||
@@ -48,6 +48,8 @@
|
||||
#include "eap-tls.h"
|
||||
#include "fsm.h"
|
||||
#include "lcp.h"
|
||||
+#include "chap_ms.h"
|
||||
+#include "mppe.h"
|
||||
#include "pathnames.h"
|
||||
|
||||
typedef struct pw_cb_data
|
||||
@@ -74,10 +76,6 @@ int ssl_new_session_cb(SSL *s, SSL_SESSION *sess);
|
||||
X509 *get_X509_from_file(char *filename);
|
||||
int ssl_cmp_certs(char *filename, X509 * a);
|
||||
|
||||
-#ifdef MPPE
|
||||
-
|
||||
-#define EAPTLS_MPPE_KEY_LEN 32
|
||||
-
|
||||
/*
|
||||
* OpenSSL 1.1+ introduced a generic TLS_method()
|
||||
* For older releases we substitute the appropriate method
|
||||
@@ -119,6 +117,8 @@ static inline int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, long tls_ver_max)
|
||||
|
||||
#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
|
||||
|
||||
+#ifdef MPPE
|
||||
+#define EAPTLS_MPPE_KEY_LEN 32
|
||||
|
||||
/*
|
||||
* Generate keys according to RFC 2716 and add to reply
|
||||
@@ -161,24 +161,17 @@ void eaptls_gen_mppe_keys(struct eaptls_session *ets, int client)
|
||||
*/
|
||||
if (client)
|
||||
{
|
||||
- p = out;
|
||||
- BCOPY( p, mppe_send_key, sizeof(mppe_send_key) );
|
||||
- p += EAPTLS_MPPE_KEY_LEN;
|
||||
- BCOPY( p, mppe_recv_key, sizeof(mppe_recv_key) );
|
||||
+ mppe_set_keys(out, out + EAPTLS_MPPE_KEY_LEN, EAPTLS_MPPE_KEY_LEN);
|
||||
}
|
||||
else
|
||||
{
|
||||
- p = out;
|
||||
- BCOPY( p, mppe_recv_key, sizeof(mppe_recv_key) );
|
||||
- p += EAPTLS_MPPE_KEY_LEN;
|
||||
- BCOPY( p, mppe_send_key, sizeof(mppe_send_key) );
|
||||
+ mppe_set_keys(out + EAPTLS_MPPE_KEY_LEN, out, EAPTLS_MPPE_KEY_LEN);
|
||||
}
|
||||
-
|
||||
- mppe_keys_set = 1;
|
||||
}
|
||||
|
||||
#endif /* MPPE */
|
||||
|
||||
+
|
||||
void log_ssl_errors( void )
|
||||
{
|
||||
unsigned long ssl_err = ERR_get_error();
|
||||
diff --git a/pppd/eap-tls.h b/pppd/eap-tls.h
|
||||
index c74a831..b935ec5 100644
|
||||
--- a/pppd/eap-tls.h
|
||||
+++ b/pppd/eap-tls.h
|
||||
@@ -86,11 +86,6 @@ int get_eaptls_secret(int unit, char *client, char *server,
|
||||
char *capath, char *pkfile, int am_server);
|
||||
|
||||
#ifdef MPPE
|
||||
-#include "mppe.h" /* MPPE_MAX_KEY_LEN */
|
||||
-extern u_char mppe_send_key[MPPE_MAX_KEY_LEN];
|
||||
-extern u_char mppe_recv_key[MPPE_MAX_KEY_LEN];
|
||||
-extern int mppe_keys_set;
|
||||
-
|
||||
void eaptls_gen_mppe_keys(struct eaptls_session *ets, int client);
|
||||
#endif
|
||||
|
||||
diff --git a/pppd/mppe.c b/pppd/mppe.c
|
||||
new file mode 100644
|
||||
index 0000000..4f3d131
|
||||
--- /dev/null
|
||||
+++ b/pppd/mppe.c
|
||||
@@ -0,0 +1,248 @@
|
||||
+/* * mppe.c - MPPE key implementation
|
||||
+ *
|
||||
+ * Copyright (c) 2020 Eivind Naess. All rights reserved.
|
||||
+ * Copyright (c) 2008 Paul Mackerras. All rights reserved.
|
||||
+ *
|
||||
+ * Redistribution and use in source and binary forms, with or without
|
||||
+ * modification, are permitted provided that the following conditions
|
||||
+ * are met:
|
||||
+ *
|
||||
+ * 1. Redistributions of source code must retain the above copyright
|
||||
+ * notice, this list of conditions and the following disclaimer.
|
||||
+ *
|
||||
+ * 2. Redistributions in binary form must reproduce the above copyright
|
||||
+ * notice, this list of conditions and the following disclaimer in
|
||||
+ * the documentation and/or other materials provided with the
|
||||
+ * distribution.
|
||||
+ *
|
||||
+ * 3. The name(s) of the authors of this software must not be used to
|
||||
+ * endorse or promote products derived from this software without
|
||||
+ * prior written permission.
|
||||
+ *
|
||||
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
|
||||
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
|
||||
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
|
||||
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
|
||||
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
|
||||
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
+ *
|
||||
+ */
|
||||
+
|
||||
+#include <string.h>
|
||||
+
|
||||
+#include "pppd.h"
|
||||
+#include "fsm.h"
|
||||
+#include "md4.h"
|
||||
+#include "sha1.h"
|
||||
+#include "ccp.h"
|
||||
+#include "chap_ms.h"
|
||||
+#include "mppe.h"
|
||||
+
|
||||
+u_char mppe_send_key[MPPE_MAX_KEY_SIZE];
|
||||
+u_char mppe_recv_key[MPPE_MAX_KEY_SIZE];
|
||||
+int mppe_keys_set = 0;
|
||||
+
|
||||
+void
|
||||
+mppe_set_keys(u_char *send_key, u_char *recv_key, int keylen)
|
||||
+{
|
||||
+ int length = keylen;
|
||||
+ if (length > MPPE_MAX_KEY_SIZE)
|
||||
+ length = MPPE_MAX_KEY_SIZE;
|
||||
+
|
||||
+ if (send_key) {
|
||||
+ BCOPY(send_key, mppe_send_key, length);
|
||||
+ BZERO(send_key, keylen);
|
||||
+ }
|
||||
+
|
||||
+ if (recv_key) {
|
||||
+ BCOPY(recv_key, mppe_recv_key, length);
|
||||
+ BZERO(recv_key, keylen);
|
||||
+ }
|
||||
+
|
||||
+ mppe_keys_set = length;
|
||||
+}
|
||||
+
|
||||
+bool
|
||||
+mppe_keys_isset()
|
||||
+{
|
||||
+ return !!mppe_keys_set;
|
||||
+}
|
||||
+
|
||||
+int
|
||||
+mppe_get_recv_key(u_char *recv_key, int length)
|
||||
+{
|
||||
+ if (mppe_keys_isset()) {
|
||||
+ if (length > mppe_keys_set)
|
||||
+ length = mppe_keys_set;
|
||||
+ BCOPY(mppe_recv_key, recv_key, length);
|
||||
+ return length;
|
||||
+ }
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+int
|
||||
+mppe_get_send_key(u_char *send_key, int length)
|
||||
+{
|
||||
+ if (mppe_keys_isset()) {
|
||||
+ if (length > mppe_keys_set)
|
||||
+ length = mppe_keys_set;
|
||||
+ BCOPY(mppe_send_key, send_key, length);
|
||||
+ return length;
|
||||
+ }
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
+void
|
||||
+mppe_clear_keys(void)
|
||||
+{
|
||||
+ mppe_keys_set = 0;
|
||||
+ BZERO(mppe_send_key, sizeof(mppe_send_key));
|
||||
+ BZERO(mppe_recv_key, sizeof(mppe_recv_key));
|
||||
+}
|
||||
+
|
||||
+/*
|
||||
+ * Set mppe_xxxx_key from the NTPasswordHashHash.
|
||||
+ * RFC 2548 (RADIUS support) requires us to export this function (ugh).
|
||||
+ */
|
||||
+void
|
||||
+mppe_set_chapv1(u_char *rchallenge, u_char PasswordHashHash[MD4_SIGNATURE_SIZE])
|
||||
+{
|
||||
+ SHA1_CTX sha1Context;
|
||||
+ u_char Digest[SHA1_SIGNATURE_SIZE];
|
||||
+
|
||||
+ SHA1_Init(&sha1Context);
|
||||
+ SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
|
||||
+ SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
|
||||
+ SHA1_Update(&sha1Context, rchallenge, 8);
|
||||
+ SHA1_Final(Digest, &sha1Context);
|
||||
+
|
||||
+ /* Same key in both directions. */
|
||||
+ mppe_set_keys(Digest, Digest, sizeof(Digest));
|
||||
+}
|
||||
+
|
||||
+/*
|
||||
+ * Set mppe_xxxx_key from MS-CHAPv2 credentials. (see RFC 3079)
|
||||
+ *
|
||||
+ * This helper function used in the Winbind module, which gets the
|
||||
+ * NTHashHash from the server.
|
||||
+ */
|
||||
+void
|
||||
+mppe_set_chapv2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
|
||||
+ u_char NTResponse[MS_AUTH_NTRESP_LEN], int IsServer)
|
||||
+{
|
||||
+ SHA1_CTX sha1Context;
|
||||
+ u_char MasterKey[SHA1_SIGNATURE_SIZE];
|
||||
+ u_char SendKey[SHA1_SIGNATURE_SIZE];
|
||||
+ u_char RecvKey[SHA1_SIGNATURE_SIZE];
|
||||
+
|
||||
+ u_char SHApad1[40] =
|
||||
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
|
||||
+ u_char SHApad2[40] =
|
||||
+ { 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
|
||||
+ 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
|
||||
+ 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
|
||||
+ 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2 };
|
||||
+
|
||||
+ /* "This is the MPPE Master Key" */
|
||||
+ u_char Magic1[27] =
|
||||
+ { 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74,
|
||||
+ 0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d,
|
||||
+ 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79 };
|
||||
+ /* "On the client side, this is the send key; "
|
||||
+ "on the server side, it is the receive key." */
|
||||
+ u_char Magic2[84] =
|
||||
+ { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
|
||||
+ 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
|
||||
+ 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
|
||||
+ 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79,
|
||||
+ 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73,
|
||||
+ 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 0x69, 0x64, 0x65,
|
||||
+ 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
|
||||
+ 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
|
||||
+ 0x6b, 0x65, 0x79, 0x2e };
|
||||
+ /* "On the client side, this is the receive key; "
|
||||
+ "on the server side, it is the send key." */
|
||||
+ u_char Magic3[84] =
|
||||
+ { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
|
||||
+ 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
|
||||
+ 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
|
||||
+ 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
|
||||
+ 0x6b, 0x65, 0x79, 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68,
|
||||
+ 0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73,
|
||||
+ 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73,
|
||||
+ 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20,
|
||||
+ 0x6b, 0x65, 0x79, 0x2e };
|
||||
+ u_char *s;
|
||||
+
|
||||
+ SHA1_Init(&sha1Context);
|
||||
+ SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
|
||||
+ SHA1_Update(&sha1Context, NTResponse, 24);
|
||||
+ SHA1_Update(&sha1Context, Magic1, sizeof(Magic1));
|
||||
+ SHA1_Final(MasterKey, &sha1Context);
|
||||
+
|
||||
+ /*
|
||||
+ * generate send key
|
||||
+ */
|
||||
+ if (IsServer)
|
||||
+ s = Magic3;
|
||||
+ else
|
||||
+ s = Magic2;
|
||||
+ SHA1_Init(&sha1Context);
|
||||
+ SHA1_Update(&sha1Context, MasterKey, 16);
|
||||
+ SHA1_Update(&sha1Context, SHApad1, sizeof(SHApad1));
|
||||
+ SHA1_Update(&sha1Context, s, 84);
|
||||
+ SHA1_Update(&sha1Context, SHApad2, sizeof(SHApad2));
|
||||
+ SHA1_Final(SendKey, &sha1Context);
|
||||
+
|
||||
+ /*
|
||||
+ * generate recv key
|
||||
+ */
|
||||
+ if (IsServer)
|
||||
+ s = Magic2;
|
||||
+ else
|
||||
+ s = Magic3;
|
||||
+ SHA1_Init(&sha1Context);
|
||||
+ SHA1_Update(&sha1Context, MasterKey, 16);
|
||||
+ SHA1_Update(&sha1Context, SHApad1, sizeof(SHApad1));
|
||||
+ SHA1_Update(&sha1Context, s, 84);
|
||||
+ SHA1_Update(&sha1Context, SHApad2, sizeof(SHApad2));
|
||||
+ SHA1_Final(RecvKey, &sha1Context);
|
||||
+
|
||||
+ mppe_set_keys(SendKey, RecvKey, SHA1_SIGNATURE_SIZE);
|
||||
+}
|
||||
+
|
||||
+/*
|
||||
+ * Set MPPE options from plugins.
|
||||
+ */
|
||||
+void
|
||||
+mppe_set_enc_types(int policy, int types)
|
||||
+{
|
||||
+ /* Early exit for unknown policies. */
|
||||
+ if (policy != MPPE_ENC_POL_ENC_ALLOWED &&
|
||||
+ policy != MPPE_ENC_POL_ENC_REQUIRED)
|
||||
+ return;
|
||||
+
|
||||
+ /* Don't modify MPPE if it's optional and wasn't already configured. */
|
||||
+ if (policy == MPPE_ENC_POL_ENC_ALLOWED && !ccp_wantoptions[0].mppe)
|
||||
+ return;
|
||||
+
|
||||
+ /*
|
||||
+ * Disable undesirable encryption types. Note that we don't ENABLE
|
||||
+ * any encryption types, to avoid overriding manual configuration.
|
||||
+ */
|
||||
+ switch(types) {
|
||||
+ case MPPE_ENC_TYPES_RC4_40:
|
||||
+ ccp_wantoptions[0].mppe &= ~MPPE_OPT_128; /* disable 128-bit */
|
||||
+ break;
|
||||
+ case MPPE_ENC_TYPES_RC4_128:
|
||||
+ ccp_wantoptions[0].mppe &= ~MPPE_OPT_40; /* disable 40-bit */
|
||||
+ break;
|
||||
+ default:
|
||||
+ break;
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
diff --git a/pppd/mppe.h b/pppd/mppe.h
|
||||
index 5eb3b37..98a89d3 100644
|
||||
--- a/pppd/mppe.h
|
||||
+++ b/pppd/mppe.h
|
||||
@@ -32,9 +32,12 @@
|
||||
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
|
||||
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
+#ifndef __MPPE_H__
|
||||
+#define __MPPE_H__
|
||||
|
||||
#define MPPE_PAD 4 /* MPPE growth per frame */
|
||||
-#define MPPE_MAX_KEY_LEN 16 /* largest key length (128-bit) */
|
||||
+#define MPPE_MAX_KEY_SIZE 32 /* Largest key length */
|
||||
+#define MPPE_MAX_KEY_LEN 16 /* Largest key size accepted by the kernel */
|
||||
|
||||
/* option bits for ccp_options.mppe */
|
||||
#define MPPE_OPT_40 0x01 /* 40 bit */
|
||||
@@ -119,3 +122,68 @@
|
||||
if (ptr[3] & ~MPPE_ALL_BITS) \
|
||||
opts |= MPPE_OPT_UNKNOWN; \
|
||||
} while (/* CONSTCOND */ 0)
|
||||
+
|
||||
+
|
||||
+#if MPPE
|
||||
+
|
||||
+/*
|
||||
+ * NOTE:
|
||||
+ * Access to these variables directly is discuraged. Please
|
||||
+ * change your code to use below accessor functions.
|
||||
+ */
|
||||
+
|
||||
+/* The key material generated which is used for MPPE send key */
|
||||
+extern u_char mppe_send_key[MPPE_MAX_KEY_SIZE];
|
||||
+/* The key material generated which is used for MPPE recv key */
|
||||
+extern u_char mppe_recv_key[MPPE_MAX_KEY_SIZE];
|
||||
+/* Keys are set if value is non-zero */
|
||||
+extern int mppe_keys_set;
|
||||
+
|
||||
+/* These values are the RADIUS attribute values--see RFC 2548. */
|
||||
+#define MPPE_ENC_POL_ENC_ALLOWED 1
|
||||
+#define MPPE_ENC_POL_ENC_REQUIRED 2
|
||||
+#define MPPE_ENC_TYPES_RC4_40 2
|
||||
+#define MPPE_ENC_TYPES_RC4_128 4
|
||||
+
|
||||
+/* used by plugins (using above values) */
|
||||
+void mppe_set_enc_types (int policy, int types);
|
||||
+
|
||||
+/*
|
||||
+ * Set the MPPE send and recv keys. NULL values for keys are ignored
|
||||
+ * and input values are cleared to avoid leaving them on the stack
|
||||
+ */
|
||||
+void mppe_set_keys(u_char *send_key, u_char *recv_key, int keylen);
|
||||
+
|
||||
+/*
|
||||
+ * Get the MPPE recv key
|
||||
+ */
|
||||
+int mppe_get_recv_key(u_char *recv_key, int length);
|
||||
+
|
||||
+/*
|
||||
+ * Get the MPPE send key
|
||||
+ */
|
||||
+int mppe_get_send_key(u_char *send_key, int length);
|
||||
+
|
||||
+/*
|
||||
+ * Clear the MPPE keys
|
||||
+ */
|
||||
+void mppe_clear_keys(void);
|
||||
+
|
||||
+/*
|
||||
+ * Check if the MPPE keys are set
|
||||
+ */
|
||||
+bool mppe_keys_isset(void);
|
||||
+
|
||||
+/*
|
||||
+ * Set mppe_xxxx_key from NT Password Hash Hash (MSCHAPv1), see RFC3079
|
||||
+ */
|
||||
+void mppe_set_chapv1(u_char *rchallenge, u_char PasswordHashHash[MD4_SIGNATURE_SIZE]);
|
||||
+
|
||||
+/*
|
||||
+ * Set the mppe_xxxx_key from MS-CHAP-v2 credentials, see RFC3079
|
||||
+ */
|
||||
+void mppe_set_chapv2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
|
||||
+ u_char NTResponse[MS_AUTH_NTRESP_LEN], int IsServer);
|
||||
+
|
||||
+#endif // #ifdef MPPE
|
||||
+#endif // #ifdef __MPPE_H__
|
||||
diff --git a/pppd/plugins/radius/radius.c b/pppd/plugins/radius/radius.c
|
||||
index c579831..cf4c0f2 100644
|
||||
--- a/pppd/plugins/radius/radius.c
|
||||
+++ b/pppd/plugins/radius/radius.c
|
||||
@@ -31,6 +31,7 @@ static char const RCSID[] =
|
||||
#ifdef CHAPMS
|
||||
#include "chap_ms.h"
|
||||
#ifdef MPPE
|
||||
+#include "mppe.h"
|
||||
#include "md5.h"
|
||||
#endif
|
||||
#endif
|
||||
@@ -743,11 +744,12 @@ radius_setparams(VALUE_PAIR *vp, char *msg, REQUEST_INFO *req_info,
|
||||
* Note that if the policy value was '0' we don't set the key!
|
||||
*/
|
||||
if (mppe_enc_policy && mppe_enc_keys) {
|
||||
- mppe_keys_set = 1;
|
||||
/* Set/modify allowed encryption types. */
|
||||
if (mppe_enc_types)
|
||||
- set_mppe_enc_types(mppe_enc_policy, mppe_enc_types);
|
||||
+ mppe_set_enc_types(mppe_enc_policy, mppe_enc_types);
|
||||
+ return 0;
|
||||
}
|
||||
+ mppe_clear_keys();
|
||||
#endif
|
||||
|
||||
return 0;
|
||||
@@ -803,7 +805,7 @@ radius_setmppekeys(VALUE_PAIR *vp, REQUEST_INFO *req_info,
|
||||
* the NAS (us) doesn't need; we only need the start key. So we have
|
||||
* to generate the start key, sigh. NB: We do not support the LM-Key.
|
||||
*/
|
||||
- mppe_set_keys(challenge, &plain[8]);
|
||||
+ mppe_set_chapv1(challenge, &plain[8]);
|
||||
|
||||
return 0;
|
||||
}
|
||||
@@ -855,7 +857,7 @@ radius_setmppekeys2(VALUE_PAIR *vp, REQUEST_INFO *req_info)
|
||||
for (i = 0; i < 16; i++)
|
||||
plain[i] ^= buf[i];
|
||||
|
||||
- if (plain[0] != sizeof(mppe_send_key) /* 16 */) {
|
||||
+ if (plain[0] != 16) {
|
||||
error("RADIUS: Incorrect key length (%d) for MS-MPPE-%s-Key attribute",
|
||||
(int) plain[0], type);
|
||||
return -1;
|
||||
@@ -869,9 +871,9 @@ radius_setmppekeys2(VALUE_PAIR *vp, REQUEST_INFO *req_info)
|
||||
plain[16] ^= buf[0]; /* only need the first byte */
|
||||
|
||||
if (vp->attribute == PW_MS_MPPE_SEND_KEY)
|
||||
- memcpy(mppe_send_key, plain + 1, 16);
|
||||
+ mppe_set_keys(plain + 1, NULL, 16);
|
||||
else
|
||||
- memcpy(mppe_recv_key, plain + 1, 16);
|
||||
+ mppe_set_keys(NULL, plain + 1, 16);
|
||||
|
||||
return 0;
|
||||
}
|
||||
diff --git a/pppd/plugins/winbind.c b/pppd/plugins/winbind.c
|
||||
index 0c395c3..67c72f6 100644
|
||||
--- a/pppd/plugins/winbind.c
|
||||
+++ b/pppd/plugins/winbind.c
|
||||
@@ -37,11 +37,9 @@
|
||||
#include "pppd.h"
|
||||
#include "chap-new.h"
|
||||
#include "chap_ms.h"
|
||||
-#ifdef MPPE
|
||||
-#include "md5.h"
|
||||
-#endif
|
||||
#include "fsm.h"
|
||||
#include "ipcp.h"
|
||||
+#include "mppe.h"
|
||||
#include <syslog.h>
|
||||
#include <sys/types.h>
|
||||
#include <sys/stat.h>
|
||||
@@ -583,7 +581,7 @@ winbind_chap_verify(char *user, char *ourname, int id,
|
||||
nt_response, nt_response_size,
|
||||
session_key,
|
||||
&error_string) == AUTHENTICATED) {
|
||||
- mppe_set_keys(challenge, session_key);
|
||||
+ mppe_set_chapv1(challenge, session_key);
|
||||
slprintf(message, message_space, "Access granted");
|
||||
return AUTHENTICATED;
|
||||
|
||||
@@ -628,7 +626,7 @@ winbind_chap_verify(char *user, char *ourname, int id,
|
||||
&response[MS_CHAP2_NTRESP],
|
||||
&response[MS_CHAP2_PEER_CHALLENGE],
|
||||
challenge, user, saresponse);
|
||||
- mppe_set_keys2(session_key, &response[MS_CHAP2_NTRESP],
|
||||
+ mppe_set_chapv2(session_key, &response[MS_CHAP2_NTRESP],
|
||||
MS_CHAP2_AUTHENTICATOR);
|
||||
if (response[MS_CHAP2_FLAGS]) {
|
||||
slprintf(message, message_space, "S=%s", saresponse);
|
||||
--
|
||||
2.34.1
|
||||
|
@ -0,0 +1,37 @@
|
||||
From e609ed8bb62e4648568eaa49fbbc858dfda6d122 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Eivind=20N=C3=A6ss?= <eivnaes@yahoo.com>
|
||||
Date: Sun, 14 Mar 2021 16:20:29 -0700
|
||||
Subject: [PATCH] pppd: Fix logical error in comparing valid encryption
|
||||
policies (#262)
|
||||
|
||||
RFC2548 describes the proper values of the MS-MPPE-Encryption-Policy attribute.
|
||||
and it can only hold 2 values: 1 (encryption allowed) and 2 (encryption required).
|
||||
|
||||
See
|
||||
https://tools.ietf.org/html/rfc2548, section 2.4.4
|
||||
|
||||
The correct comparison should be made with an && and not a ||.
|
||||
|
||||
This fixes github issue #218
|
||||
|
||||
Signed-off-by: Eivind Naess <eivnaes@yahoo.com>
|
||||
---
|
||||
pppd/chap_ms.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/pppd/chap_ms.c b/pppd/chap_ms.c
|
||||
index e6b84f2..df2dadd 100644
|
||||
--- a/pppd/chap_ms.c
|
||||
+++ b/pppd/chap_ms.c
|
||||
@@ -953,7 +953,7 @@ void
|
||||
set_mppe_enc_types(int policy, int types)
|
||||
{
|
||||
/* Early exit for unknown policies. */
|
||||
- if (policy != MPPE_ENC_POL_ENC_ALLOWED ||
|
||||
+ if (policy != MPPE_ENC_POL_ENC_ALLOWED &&
|
||||
policy != MPPE_ENC_POL_ENC_REQUIRED)
|
||||
return;
|
||||
|
||||
--
|
||||
2.34.1
|
||||
|
@ -0,0 +1,32 @@
|
||||
From d7e62a8499c4032d79e05afbd8fd3efd51c5b148 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Eivind=20N=C3=A6ss?= <eivnaes@yahoo.com>
|
||||
Date: Thu, 3 Feb 2022 14:28:22 -0800
|
||||
Subject: [PATCH] pppd/eap: Fix bug causing incorrect response length (#334)
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
Content-Transfer-Encoding: 8bit
|
||||
|
||||
Need to update the esp->ea_client.ea_namelen variable. A plugin can override the
|
||||
name of the user, and the variable is passed onto the eap_chap2_response generating
|
||||
the wrong response length.
|
||||
|
||||
Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
|
||||
---
|
||||
pppd/eap.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/pppd/eap.c b/pppd/eap.c
|
||||
index 54c3d42..6cb595f 100644
|
||||
--- a/pppd/eap.c
|
||||
+++ b/pppd/eap.c
|
||||
@@ -2182,6 +2182,7 @@ eap_request(eap_state *esp, u_char *inp, int id, int len)
|
||||
eap_send_nak(esp, id, EAPT_SRP);
|
||||
break;
|
||||
}
|
||||
+ esp->es_client.ea_namelen = strlen(esp->es_client.ea_name);
|
||||
|
||||
/* Create the MSCHAPv2 response (and add to cache) */
|
||||
unsigned char response[MS_CHAP2_RESPONSE_LEN+1]; // VLEN + VALUE
|
||||
--
|
||||
2.34.1
|
||||
|
@ -1,2 +1 @@
|
||||
d /run/ppp 0755 root root
|
||||
d /run/lock/ppp 0755 root root
|
||||
|
203
ppp.spec
203
ppp.spec
@ -1,13 +1,13 @@
|
||||
%global _hardened_build 1
|
||||
|
||||
Summary: The Point-to-Point Protocol daemon
|
||||
Name: ppp
|
||||
Version: 2.4.7
|
||||
Release: 21%{?dist}
|
||||
Version: 2.4.9
|
||||
Release: 9.0.riscv64%{?dist}
|
||||
Summary: The Point-to-Point Protocol daemon
|
||||
License: BSD and LGPLv2+ and GPLv2+ and Public Domain
|
||||
Group: System Environment/Daemons
|
||||
URL: http://www.samba.org/ppp
|
||||
Source0: ftp://ftp.samba.org/pub/ppp/ppp-%{version}.tar.gz
|
||||
|
||||
Source0: https://github.com/paulusmack/ppp/archive/ppp-%{version}.tar.gz
|
||||
Source1: ppp-pam.conf
|
||||
Source2: ppp-logrotate.conf
|
||||
Source3: ppp-tmpfiles.conf
|
||||
@ -22,43 +22,34 @@ Source11: ifdown-ppp
|
||||
Source12: ppp-watch.tar.xz
|
||||
|
||||
# Fedora-specific
|
||||
Patch0001: 0001-build-sys-use-gcc-as-our-compiler-of-choice.patch
|
||||
Patch0002: 0002-build-sys-enable-PAM-support.patch
|
||||
Patch0003: 0003-build-sys-utilize-compiler-flags-handed-to-us-by-rpm.patch
|
||||
Patch0002: ppp-2.4.9-config.patch
|
||||
Patch0004: 0004-doc-add-configuration-samples.patch
|
||||
Patch0005: 0005-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch
|
||||
Patch0005: ppp-2.4.9-build-sys-don-t-hardcode-LIBDIR-but-set-it-according.patch
|
||||
Patch0006: 0006-scritps-use-change_resolv_conf-function.patch
|
||||
Patch0007: 0007-build-sys-don-t-strip-binaries-during-installation.patch
|
||||
Patch0008: 0008-build-sys-use-prefix-usr-instead-of-usr-local.patch
|
||||
Patch0009: 0009-pppd-introduce-ipv6-accept-remote.patch
|
||||
Patch0010: 0010-build-sys-enable-CBCP.patch
|
||||
Patch0011: 0011-build-sys-don-t-put-connect-errors-log-to-etc-ppp.patch
|
||||
Patch0012: 0012-pppd-we-don-t-want-to-accidentally-leak-fds.patch
|
||||
Patch0013: 0013-everywhere-O_CLOEXEC-harder.patch
|
||||
Patch0012: ppp-2.4.8-pppd-we-don-t-want-to-accidentally-leak-fds.patch
|
||||
Patch0013: ppp-2.4.9-everywhere-O_CLOEXEC-harder.patch
|
||||
Patch0014: 0014-everywhere-use-SOCK_CLOEXEC-when-creating-socket.patch
|
||||
Patch0015: 0015-pppd-move-pppd-database-to-var-run-ppp.patch
|
||||
Patch0016: 0016-rp-pppoe-add-manpage-for-pppoe-discovery.patch
|
||||
Patch0017: 0017-pppd-rebase-EAP-TLS-patch-v0.994.patch
|
||||
Patch0018: 0018-scritps-fix-ip-up.local-sample.patch
|
||||
Patch0019: 0019-sys-linux-rework-get_first_ethernet.patch
|
||||
Patch0020: 0020-pppd-put-lock-files-in-var-lock-ppp.patch
|
||||
Patch0021: 0021-build-sys-compile-pppol2tp-plugin-with-RPM_OPT_FLAGS.patch
|
||||
Patch0022: 0022-build-sys-compile-pppol2tp-with-multilink-support.patch
|
||||
Patch0023: 0023-build-sys-install-rp-pppoe-plugin-files-with-standar.patch
|
||||
Patch0024: 0024-build-sys-install-pppoatm-plugin-files-with-standard.patch
|
||||
Patch0025: 0025-pppd-install-pppd-binary-using-standard-perms-755.patch
|
||||
Patch0026: 0026-Revert-pppd-rebase-EAP-TLS-patch-v0.994.patch
|
||||
Patch0027: 0027-pppd-EAP-TLS-patch-v0.999.patch
|
||||
Patch0028: 0028-pppoe-include-netinet-in.h-before-linux-in.h.patch
|
||||
|
||||
# rhbz#1556132
|
||||
Patch0029: ppp-2.4.7-DES-openssl.patch
|
||||
# https://github.com/paulusmack/ppp/pull/95
|
||||
Patch0030: ppp-2.4.7-honor-ldflags.patch
|
||||
Patch0025: ppp-2.4.8-pppd-install-pppd-binary-using-standard-perms-755.patch
|
||||
Patch0026: ppp-2.4.9-configure-cflags-allow-commas.patch
|
||||
# https://github.com/ppp-project/ppp/commit/d7e62a8499c4032d79e05afbd8fd3efd51c5b148
|
||||
Patch0027: ppp-2.4.9-pppd-eap-Fix-bug-causing-incorrect-response-length-3.patch
|
||||
# https://github.com/ppp-project/ppp/commit/e609ed8bb62e4648568eaa49fbbc858dfda6d122
|
||||
Patch0028: ppp-2.4.9-pppd-Fix-logical-error-in-comparing-valid-encryption.patch
|
||||
# https://github.com/ppp-project/ppp/pull/267/commits/6bfe06b9428a60eb637d5450d65dd3932fe5a83f
|
||||
Patch0029: ppp-2.4.9-pppd-Expose-the-MPPE-keys-generated-through-an-API-2.patch
|
||||
|
||||
BuildRequires: make
|
||||
BuildRequires: gcc
|
||||
BuildRequires: pam-devel, libpcap-devel, systemd, systemd-devel, glib2-devel
|
||||
BuildRequires: openssl-devel
|
||||
Requires: glibc >= 2.0.6, /etc/pam.d/system-auth, libpcap >= 14:0.8.3-6, systemd, initscripts >= 9.54
|
||||
|
||||
Requires: glibc >= 2.0.6, /etc/pam.d/system-auth, libpcap >= 14:0.8.3-6, systemd
|
||||
Requires(pre): /usr/bin/getent
|
||||
Requires(pre): /usr/sbin/groupadd
|
||||
|
||||
@ -69,26 +60,45 @@ transmitting datagrams over serial point-to-point links. PPP is
|
||||
usually used to dial in to an ISP (Internet Service Provider) or other
|
||||
organization over a modem and phone line.
|
||||
|
||||
%package -n network-scripts-%{name}
|
||||
Summary: PPP legacy network service support
|
||||
Requires: network-scripts
|
||||
Supplements: (%{name} and network-scripts)
|
||||
|
||||
%description -n network-scripts-%{name}
|
||||
This provides the ifup and ifdown scripts for use with the legacy network
|
||||
service.
|
||||
|
||||
%package devel
|
||||
Summary: Headers for ppp plugin development
|
||||
Group: Development/Libraries
|
||||
Requires: %{name}%{?_isa} = %{version}-%{release}
|
||||
|
||||
%description devel
|
||||
This package contains the header files for building plugins for ppp.
|
||||
|
||||
%prep
|
||||
%setup -q
|
||||
%autopatch -p1
|
||||
%autosetup -p1 -n %{name}-%{name}-%{version}
|
||||
|
||||
tar -xJf %{SOURCE12}
|
||||
|
||||
# Temporary, see: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85142
|
||||
# This was fixed in GCC, but now we produce /lib64/lpd64d/ path.
|
||||
%ifarch riscv64
|
||||
sed -i'' \
|
||||
-e 's|/$(shell gcc -print-multi-os-directory 2> /dev/null)|64|g' \
|
||||
-e 's|/$(shell $(CC) -print-multi-os-directory 2> /dev/null)|64|g' \
|
||||
pppd/plugins/radius/Makefile.linux \
|
||||
pppd/plugins/pppol2tp/Makefile.linux \
|
||||
pppd/plugins/Makefile.linux \
|
||||
pppd/plugins/pppoatm/Makefile.linux \
|
||||
pppd/plugins/pppoe/Makefile.linux \
|
||||
pppd/Makefile.linux
|
||||
%endif
|
||||
|
||||
%build
|
||||
export RPM_OPT_FLAGS="$RPM_OPT_FLAGS -fPIC -Wall -fno-strict-aliasing"
|
||||
export RPM_LD_FLAGS="$LDFLAGS"
|
||||
%configure
|
||||
make %{?_smp_mflags} LDFLAGS="%{?build_ldflags}"
|
||||
make -C ppp-watch %{?_smp_mflags} LDFLAGS="%{?build_ldflags}"
|
||||
%configure --cflags="$RPM_OPT_FLAGS -fPIC -Wall -fno-strict-aliasing"
|
||||
%{make_build} LDFLAGS="%{?build_ldflags} -pie"
|
||||
%{make_build} -C ppp-watch LDFLAGS="%{?build_ldflags} -pie"
|
||||
|
||||
%install
|
||||
make INSTROOT=%{buildroot} install install-etcppp
|
||||
@ -123,6 +133,9 @@ install -d %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/
|
||||
install -p %{SOURCE10} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/ifup-ppp
|
||||
install -p %{SOURCE11} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/ifdown-ppp
|
||||
|
||||
# ghosts
|
||||
mkdir -p %{buildroot}%{_rundir}/ppp
|
||||
|
||||
%pre
|
||||
/usr/bin/getent group dip >/dev/null 2>&1 || /usr/sbin/groupadd -r -g 40 dip >/dev/null 2>&1 || :
|
||||
|
||||
@ -130,7 +143,7 @@ install -p %{SOURCE11} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/ifdo
|
||||
%tmpfiles_create ppp.conf
|
||||
|
||||
%files
|
||||
%defattr(-,root,root)
|
||||
%doc FAQ README README.cbcp README.linux README.MPPE README.MSCHAP80 README.MSCHAP81 README.pwfd README.pppoe scripts sample README.eap-tls
|
||||
%{_sbindir}/chat
|
||||
%{_sbindir}/pppd
|
||||
%{_sbindir}/pppdump
|
||||
@ -144,8 +157,6 @@ install -p %{SOURCE11} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/ifdo
|
||||
%{_sysconfdir}/ppp/ip-down.ipv6to4
|
||||
%{_sysconfdir}/ppp/ipv6-up
|
||||
%{_sysconfdir}/ppp/ipv6-down
|
||||
%{_sysconfdir}/sysconfig/network-scripts/ifdown-ppp
|
||||
%{_sysconfdir}/sysconfig/network-scripts/ifup-ppp
|
||||
%{_mandir}/man8/chat.8*
|
||||
%{_mandir}/man8/pppd.8*
|
||||
%{_mandir}/man8/pppdump.8*
|
||||
@ -155,8 +166,7 @@ install -p %{SOURCE11} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/ifdo
|
||||
%{_mandir}/man8/pppoe-discovery.8*
|
||||
%{_mandir}/man8/ppp-watch.8*
|
||||
%{_libdir}/pppd
|
||||
%ghost %dir /run/ppp
|
||||
%ghost %dir /run/lock/ppp
|
||||
%ghost %dir %{_rundir}/ppp
|
||||
%dir %{_sysconfdir}/logrotate.d
|
||||
%attr(700, root, root) %dir %{_localstatedir}/log/ppp
|
||||
%config(noreplace) %{_sysconfdir}/ppp/eaptls-client
|
||||
@ -167,14 +177,117 @@ install -p %{SOURCE11} %{buildroot}%{_sysconfdir}/sysconfig/network-scripts/ifdo
|
||||
%config(noreplace) %{_sysconfdir}/pam.d/ppp
|
||||
%config(noreplace) %{_sysconfdir}/logrotate.d/ppp
|
||||
%{_tmpfilesdir}/ppp.conf
|
||||
%doc FAQ README README.cbcp README.linux README.MPPE README.MSCHAP80 README.MSCHAP81 README.pwfd README.pppoe scripts sample README.eap-tls
|
||||
|
||||
%files -n network-scripts-%{name}
|
||||
%{_sysconfdir}/sysconfig/network-scripts/ifdown-ppp
|
||||
%{_sysconfdir}/sysconfig/network-scripts/ifup-ppp
|
||||
|
||||
%files devel
|
||||
%defattr(-,root,root)
|
||||
%{_includedir}/pppd
|
||||
%doc PLUGINS
|
||||
|
||||
%changelog
|
||||
* Tue Apr 25 2023 David Abdurachmanov <davidlt@rivosinc.com> - 2.4.9-9.0.riscv64
|
||||
- Add workaround for RISC-V (riscv64)
|
||||
|
||||
* Fri Jan 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.9-9
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
|
||||
|
||||
* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.9-8
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
|
||||
|
||||
* Tue Apr 05 2022 Marcin Zajaczkowski <mszpak ATT wp DOTT pl> - 2.4.9-7
|
||||
- Backport patches from master for SSTP to connect using EAP-TLS to Azure VnetGWay and Windows RAS server
|
||||
|
||||
* Fri Jan 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.9-6
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
|
||||
|
||||
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 2.4.9-5
|
||||
- Rebuilt with OpenSSL 3.0.0
|
||||
|
||||
* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.9-4
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
|
||||
|
||||
* Mon Mar 8 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.9-3
|
||||
- Keep lock files in /var/lock (https://github.com/ppp-project/ppp/pull/227)
|
||||
|
||||
* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.9-2
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
|
||||
|
||||
* Tue Jan 5 2021 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.9-1
|
||||
- New version
|
||||
Resolves: rhbz#1912617
|
||||
|
||||
* Mon Aug 10 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.8-8
|
||||
- Added workaround for Windows Server 2019
|
||||
Resolves: rhbz#1867047
|
||||
|
||||
* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.8-7
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
|
||||
|
||||
* Thu May 21 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.8-6
|
||||
- Added missing options to man pages
|
||||
|
||||
* Tue Apr 7 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.8-5
|
||||
- Updated EAP-TLS patch to v1.300
|
||||
|
||||
* Mon Apr 6 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.8-4
|
||||
- Updated EAP-TLS patch to v1.201
|
||||
|
||||
* Fri Feb 28 2020 Tom Stellard <tstellar@redhat.com> - 2.4.8-3
|
||||
- Use make_build macro
|
||||
- https://docs.fedoraproject.org/en-US/packaging-guidelines/#_parallel_make
|
||||
|
||||
* Wed Feb 26 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.8-2
|
||||
- Fixed ghost directories verification
|
||||
|
||||
* Fri Feb 21 2020 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.8-1
|
||||
- New version
|
||||
- Changed sources to github
|
||||
- Dropped 0028-pppoe-include-netinet-in.h-before-linux-in.h,
|
||||
ppp-2.4.7-DES-openssl, ppp-2.4.7-honor-ldflags,
|
||||
ppp-2.4.7-coverity-scan-fixes patches (all upstreamed)
|
||||
- Fixed buffer overflow in the eap_request and eap_response functions
|
||||
Resolves: CVE-2020-8597
|
||||
|
||||
* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.7-33
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
|
||||
|
||||
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.7-32
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
|
||||
|
||||
* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.7-31
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
|
||||
|
||||
* Mon Jan 14 2019 Björn Esser <besser82@fedoraproject.org> - 2.4.7-30
|
||||
- Rebuilt for libcrypt.so.2 (#1666033)
|
||||
|
||||
* Mon Dec 3 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-29
|
||||
- Fixed some issues found by coverity scan
|
||||
|
||||
* Tue Nov 20 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-28
|
||||
- Fixed network scripts related regression caused by release 26
|
||||
|
||||
* Mon Nov 5 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-27
|
||||
- Updated EAP-TLS patch to v1.102
|
||||
|
||||
* Tue Jul 24 2018 Lubomir Rintel <lkundrak@v3.sk> - 2.4.7-26
|
||||
- Split out the network-scripts
|
||||
|
||||
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.7-25
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
|
||||
|
||||
* Sat Jun 30 2018 Peter Robinson <pbrobinson@fedoraproject.org> 2.4.7-24
|
||||
- Remove group/defattr, minor spec cleanups
|
||||
|
||||
* Wed Jun 20 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-23
|
||||
- Replaced initscripts requirement by the network-scripts
|
||||
Resolves: rhbz#1592384
|
||||
|
||||
* Tue Jun 5 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-22
|
||||
- Updated EAP-TLS patch to v1.101
|
||||
Resolves: CVE-2018-11574
|
||||
|
||||
* Mon Apr 9 2018 Jaroslav Škarvada <jskarvad@redhat.com> - 2.4.7-21
|
||||
- Link with -E not to break plugins
|
||||
Resolves: rhbz#1564459
|
||||
|
4
sources
4
sources
@ -1,2 +1,2 @@
|
||||
78818f40e6d33a1d1de68a1551f6595a ppp-2.4.7.tar.gz
|
||||
166cdfbce3391746fde60e86752c7bc7 ppp-watch.tar.xz
|
||||
SHA512 (ppp-watch.tar.xz) = aee10735facf918b9a1e33408c9f19d8240c2cd265837da87ac9f58e097eece6bbe1abcaf426e2f10369d1368f6e9e68d2e07d005a19857f17d6318708ec438a
|
||||
SHA512 (ppp-2.4.9.tar.gz) = c309f8f69f534c05547cd2f66dade0e0f198ea4c2928a7e899e660280786b3e965437a67b8c5bb81c59d0fa1818b4eb7b701d2dce015a420d380422d2bca4e1a
|
||||
|
Loading…
Reference in New Issue
Block a user