Compiling with --enable-mslanman is broken Correcting the call to DesEncrypt() where needed. Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
Fix several issues uncovered by Coverity (#397) * Fix for coverity issue 436265, we should cap copy to size of destination buffer Signed-off-by: Eivind Næss <eivnaes@yahoo.com> * Fix for coverity issue 436262, llv6_ntoa() returns a pointer to a buffer that can be up to 64 bytes long; likely not a problem, but this will quiet coverity Signed-off-by: Eivind Næss <eivnaes@yahoo.com> * Fix for coverity issue 436251, not freeing path in the normal flow of the code Signed-off-by: Eivind Næss <eivnaes@yahoo.com> * Fixing coverity issue #436258, Digest maybe uninitialized in some paths of this code Signed-off-by: Eivind Næss <eivnaes@yahoo.com> * Fix for coverity issue 436254, forgot to free 's' before returning from the function? Signed-off-by: Eivind Næss <eivnaes@yahoo.com> * Fixing coverity issue #436251, memory leak in put_string() function Signed-off-by: Eivind Næss <eivnaes@yahoo.com> * Fixing coverity issue 436215, should copy at most sizeof(devname) bytes Signed-off-by: Eivind Næss <eivnaes@yahoo.com> * Fixing coverity issue #436203, if no authentication (or no accounting) server was found, we still need to free the allocated local instance Signed-off-by: Eivind Næss <eivnaes@yahoo.com> * Fixing coverity issue #436171, use of uninitialized variable Signed-off-by: Eivind Næss <eivnaes@yahoo.com> * Use of signed vs unsigned variable in printf for MD4Update Signed-off-by: Eivind Næss <eivnaes@yahoo.com> * Fixing coverity issue #436182, fixing possible buffer overrun in handling of PW_CLASS attribute Signed-off-by: Eivind Næss <eivnaes@yahoo.com> * Fixing coverity issue #436156 Signed-off-by: Eivind Næss <eivnaes@yahoo.com> * Compile errors Signed-off-by: Eivind Næss <eivnaes@yahoo.com> [paulus@ozlabs.org - Squashed to avoid breaking bisection] Signed-off-by: Eivind Næss <eivnaes@yahoo.com> Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
Fix out-of-bounds accesses to ZPasswordHash arrays (#395) * Add 'const' parameter to input arguments in crypto_ms.* * Round ZPasswordHash buffers up to 24 bytes, as the DES MakeKey() function accesses ZPasswordHash[21] Closes github issue #392 [paulus@ozlabs.org - tidied up headline and commit message] Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
Header file reorganization and cleaning up the public API for pppd version 2.5.0 (#379) This commit does several things, being a squash-and-merge of a series of changes; squashed in order not to break bisection. * Clean up pppd.h, moving declarations that should only be accessed by pppd code (not by users of pppd) to a new pppd-private.h. Also, other parts of pppd.h were moved to multilink.h, chap.h, eap.h, eui64.h, and a new options.h. * Provide an API for access to data that is needed by plugins (in no particular order): - ifname - ifunit - remote_name - remote_number - peer_authname - status (now called "code" internally) - phase - doing_multilink - multilink_master - idle_time_limit - link_connect_time - max_connect_time - link_stats - ipparam - hostname - got_sigterm - got_sigusr2 - got_sighup - session_number - maxoctets - maxoctets_dir - debug - persist - devnam - modem - peer_authname - sync_serial * Update the version number to 2.5.0. * Detect availability of stddef.h and stdarg.h. * Rename some headers: - pppcrypt.c/h to crypto_ms.c/h - ppp-crypto.c/h to crypto.c/h - ppp-crypto-priv.h to crypto-priv.h - chap-new.c/h to chap.c/h * Remove chap-md5.h, crypto-priv.h, eap-tls.h, etc. from the list of header files to be installed. * Provide typedefs for the hook functions. * Provide a typedef for the "phase" variable. * Provide a typedef for the link statistics array. * Remove the option_t typedef. * Rename the following functions by adding a "ppp_" prefix (with the intention that these are a "public" API for use by plugins): - option_error - add_options - int_option, - options_from_file - script_setenv - bad_ip_adrs, - netif_get/set_mtu (renamed to ppp_get/set_mtu) - get_time - timeout - untimeout - safe_fork - sys_close - set_session_number - update_link_stats (renamed to ppp_get_link_stats) - add_notifier (renamed to ppp_add_notify) - remove_notifier (renamed to ppp_del_notify) - generic_[dis]establish_ppp (to ppp_generic_[dis]establish) * Rename ppp_devnam to ppp_devname. * Rename ppp_available() to ppp_check_kernel_support(). * Use unsigned char instead of u_char, unsigned short instead of u_short, uint32_t instead of u_int32_t. * Add const to some declarations * Update comments * Change the interface for notifiers to use an enum to identify which notifier is to be modified. * Provide an API for getting the path to a file, with an enum to identify different types of file. * Link plugins with the -DPLUGIN flag [paulus@ozlabs.org - wrote commit message] Signed-off-by: Eivind Næss <eivnaes@yahoo.com> Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
Adding back DesEncrypt/DesDecrypt functions as they are a special incarnation DES w.r.t. RFC2759 Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
Reduce the clutter by defining the MD4/MD5/SHA digest lengths in one place. Avoid using these variables in function descriptors. Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
Create a new API to abstract the crypto functions used by pppd. This re-introduces the missing DES encryption functions copied from Openssl 3.0 project. Incorporates a new API for performing MD4/MD5/SHA and encryption using DES-ECB mode. Unit tests are included for respective digest/encryption functions using this new API. With this change, you can pass configure --without-openssl to use the internally provided functions. If you do have openssl, then it will default to use these functions. This also provides a framework to allow other vendors to provide crypto. This closes #333, partially addresses #242 (except the pkcs11 engine support). Word has it that openssl is working on support for this, and the libp11 / opensc project are inclined not to support this. Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
The use of <net/ppp_defs.h> isn't guranteed to exist on Linux (e.g. uclibc, buildroot, others) The one provided by glibc simply includes <linux/ppp_defs.h>. This include is still needed on SunOS Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
Changing defines for CHAPMS, MSLANMAN, MPPE to prefix with PPP_WITH_* To avoid bleeding over to third party projects. They are all defined and exported by pppdconf.h either way. These projects will stil have a consistent view of how pppd was compiled. Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
Adding in unit-tests for chap_ms.c in pppd This would have uncovered the change that broke MD4 Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
Using OpenSSL for MD4 isn't compatibile how NTPasswordHash is using it. Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
Use autoconf/automake to configure and make ppp This change brings in autoconf/automake scripts to configure the ppp project. Current change doesn't eliminate the previous build system, but the new script autogen.sh will overwrite configure, and generate the basic Makefile.in and Makefile files. Features can now be enabled by command line: * Microsoft Extensions, - MSCHAP - MPPE - MS LAN Manager support * IPXCP protocol * CBCP protocol * PAM support * EAP-TLS support * EAP-SRP support * Max session lifetime by byte count * Plugins * Packet activity filter support * Multilink * IPv6 support Control linkage with * OpenSSL (-lssl -lcrypto) * systemd (-lsystemd) * libatm (-latm) * libsrp (-lsrp) * pam (-lpam) Also, the configure script is made sensitive to features of OpenSSL. Like the presence or absence of DES, SHA, MD4 and MD5 crypto support. In the cases where either of these are missing, the support will be directly compiled into pppd and plugins. In addition, package maintainers can now control the installation paths with standard --prefix=, or --localstatedir=, or --sysconfdir= to configure. On top of that, they can now control the following directories: * runtime directory w/--with-runtime-dir * logfile directory w/--with-logfile-dir * plugin directory w/--with-plugin-dir In the case where automake isn't the right solution, namely: SunOS kernel module build, the original Makefile infrastructure is preserved and reused. Care was taken to only cosmetically touchup the source files in this change. This means: * Insert HAVE_CONFIG_H and include config.h in all .c files. * Change HAS_SHADOW to HAVE_SHADOW_H * Change HAVE_LOGWTMP to HAVE_UTMP_H * Introduce HAVE_CRYPT_H into the source code where appropriate * Added ifdef MPPE where appropriate * USE_SRP required a few changes as it didn't compile * Touchup some compile warning in pppstats directory on SunOS Introduced a new pppdconf.h file that exports the appropriate defines to a module that wants to provide a module that pppd can dynamically load. This will define/undef features like MPPE, CHAPMS such that the project doesn't have to guess what features pppd is compiled with. Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
pppd: Expose the MPPE keys generated through an API (#267) The lengthy part of this fix is to refactor the handling of MPPE keys by moving it into mppe.c and thus reducing the clutter in chap_ms.c. It does so by renaming the mppe_set_keys/2 to the corresponding mppe_set_chapv1/mppe_set_chapv2 versions and updates callers of these functions. Having done so, it conveniently allows the name "mppe_set_keys" to be re-used for this new purpose which will copy the key material up to its size and then clear the input parameters (avoids leaving the MPPE keys on the stack). Additional functiions added to the MPPE code allow plugins et al. to access the MPPE keys, clear the keys, and check if they are set. All plugin and CCP code has been updated to use this API. This fixes GitHub Issue #258 Signed-off-by: Eivind Naess <eivnaes@yahoo.com>
pppd: Fix logical error in comparing valid encryption policies (#262) RFC2548 describes the proper values of the MS-MPPE-Encryption-Policy attribute. and it can only hold 2 values: 1 (encryption allowed) and 2 (encryption required). See https://tools.ietf.org/html/rfc2548, section 2.4.4 The correct comparison should be made with an && and not a ||. This fixes github issue #218 Signed-off-by: Eivind Naess <eivnaes@yahoo.com>
Convert to ANSI C This gets rid of the __P and __V macros that were used so that the code was in theory compilable by a K&R C compiler, and converts the function definitions to ANSI C style. In fact there were already quite a few function definitions in the ANSI C style, so it would not have been compilable by a K&R C compiler in fact. The Solaris and BSD kernel code modules have had __P removed but the function definitions have not been converted. There are some other minor changes here to remove warnings. Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
Accept Malformed Windows Success Message (#156) Windows Server 2019 skip a space when sending a success message. This commit accepts such a malformed message and continues normally. Signed-off-by: Yannay Linveh <yannayl@gmail.com> Signed-off-by: yannayl <yannayl@users.noreply.github.com>
pppd: Remove unused rcsid variables Signed-off-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be> Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
pppd: Fix a stack variable overflow in MSCHAP-v2 This fixes a bug introduced in 08ef47ca ("pppd: Make MSCHAP-v2 cope better with packet loss"). Signed-off-by: Paul Mackerras <paulus@samba.org>
pppd: Make MSCHAP-v2 cope better with packet loss This implements response caching for MSCHAP-v2. It caches our responses and the responses we expect from the peer. MSCHAP-v2 is unusual in that the authenticatee's CHAP-Response contains what is effectively a challenge to the authenticator, and the authenticator's CHAP-Success packet contains a response to that challenge. Having the response cache lets us (a) answer challenges consistently and (b) cope with a CHAP-Success packet that corresponds to one of our CHAP-Responses that wasn't the last one we sent. This solves a problem where MSCHAP-v2 does not handle replay/retry properly. Here's what a typical normal session looks like: Mar 31 02:47:40 nbm pppd[12895]: rcvd [CHAP Challenge id=0x37 <7ac9de47e66fc440e4b142e28c1a2064>, name = "jeeves"] Mar 31 02:47:40 nbm pppd[12895]: sent [CHAP Response id=0x37 <12986c68266e0d60e7e0de9c8326073200000000000000005da37272ed71b6743f65bc00f7ae2ca148db9210627b646500>, name = "murka"] Mar 31 02:47:40 nbm pppd[12895]: rcvd [CHAP Success id=0x37 "S=ED8FB5829C8049C331AAE0C570F63F8B558DEA2C M=Access granted"] Mar 31 02:47:40 nbm pppd[12895]: CHAP authentication succeeded however, this breaks down if, for whatever reason - packet loss, reordering or whatnot - server sends a second challenge that arrives before the response - it changes client's expectation and the authentication fails. Here's how it looks in the logs: Mar 31 02:47:47 nbm pppd[13014]: rcvd [CHAP Challenge id=0x8a <5070251e94455e2155d2cf4d698d23c9>, name = "jeeves"] Mar 31 02:47:47 nbm pppd[13014]: sent [CHAP Response id=0x8a <14d788f835add58b60d2aff362c183160000000000000000d780f3849076e9e013272f67bcb8c8cfa0e9b51c0fe3ee2100>, name = "murka"] Mar 31 02:47:48 nbm pppd[13014]: rcvd [CHAP Challenge id=0x8a <5070251e94455e2155d2cf4d698d23c9>, name = "jeeves"] Mar 31 02:47:48 nbm pppd[13014]: sent [CHAP Response id=0x8a <df950da43b90e235048810469d3283dd0000000000000000ace042b145f5eb9f118349b5672d4829eb5038192050a90b00>, name = "murka"] Mar 31 02:47:48 nbm pppd[13014]: rcvd [CHAP Success id=0x8a "S=ABAEA4DF5601FADF25F8729455D39BF6D971D501 M=Access granted"] Mar 31 02:47:48 nbm pppd[13014]: MS-CHAPv2 mutual authentication failed. Signed-off-by: Paul Mackerras <paulus@samba.org>
Repaired MSLANMAN so that it doesn't drop core: need to pass offset into response array, not address of stack pointer. (Broken in r1.34.)