From e50870a901749c7390109404e90c095ea3ef7072 Mon Sep 17 00:00:00 2001 From: Frank Cusack Date: Mon, 23 Dec 2002 23:24:37 +0000 Subject: [PATCH] Ensure that MPPE keys are available when using a plugin. --- pppd/ccp.c | 12 ++++++++++-- pppd/chap_ms.c | 5 ++++- pppd/chap_ms.h | 3 ++- pppd/plugins/radius/radius.c | 4 +++- 4 files changed, 19 insertions(+), 5 deletions(-) diff --git a/pppd/ccp.c b/pppd/ccp.c index 18f2dc0..0e768b7 100644 --- a/pppd/ccp.c +++ b/pppd/ccp.c @@ -33,7 +33,7 @@ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -#define RCSID "$Id: ccp.c,v 1.41 2002/12/04 23:03:32 paulus Exp $" +#define RCSID "$Id: ccp.c,v 1.42 2002/12/23 23:24:37 fcusack Exp $" #include #include @@ -44,7 +44,7 @@ #include #ifdef MPPE -#include "chap_ms.h" /* mppe_xxxx_key */ +#include "chap_ms.h" /* mppe_xxxx_key, mppe_keys_set */ #include "lcp.h" /* lcp_close(), lcp_fsm */ #endif @@ -578,6 +578,14 @@ ccp_resetci(f) return; } + /* A plugin (eg radius) may not have obtained key material. */ + if (!mppe_keys_set) { + error("MPPE required, but keys are not available. " + "Possible plugin problem?"); + lcp_close(f->unit, "MPPE required but not available"); + return; + } + /* LM auth not supported for MPPE */ if (auth_done[f->unit] & (CHAP_MS_WITHPEER | CHAP_MS_PEER)) { /* This might be noise */ diff --git a/pppd/chap_ms.c b/pppd/chap_ms.c index e9946c9..0fe1888 100644 --- a/pppd/chap_ms.c +++ b/pppd/chap_ms.c @@ -48,7 +48,7 @@ * Copyright (c) 2002 Google, Inc. */ -#define RCSID "$Id: chap_ms.c,v 1.25 2002/12/04 23:03:32 paulus Exp $" +#define RCSID "$Id: chap_ms.c,v 1.26 2002/12/23 23:24:37 fcusack Exp $" #ifdef CHAPMS @@ -99,6 +99,7 @@ bool ms_lanman = 0; /* Use LanMan password instead of NT */ #ifdef MPPE u_char mppe_send_key[MPPE_MAX_KEY_LEN]; u_char mppe_recv_key[MPPE_MAX_KEY_LEN]; +int mppe_keys_set = 0; /* Have the MPPE keys been set? */ #endif static void @@ -461,6 +462,7 @@ ChapMS(chap_state *cstate, u_char *rchallenge, char *secret, int secret_len, #ifdef MPPE Set_Start_Key(rchallenge, secret, secret_len); + mppe_keys_set = 1; #endif } @@ -507,6 +509,7 @@ ChapMS2(chap_state *cstate, u_char *rchallenge, u_char *PeerChallenge, #ifdef MPPE SetMasterKeys(secret, secret_len, response->NTResp, authenticator); + mppe_keys_set = 1; #endif } diff --git a/pppd/chap_ms.h b/pppd/chap_ms.h index ae6b248..f52f58d 100644 --- a/pppd/chap_ms.h +++ b/pppd/chap_ms.h @@ -27,7 +27,7 @@ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. * - * $Id: chap_ms.h,v 1.7 2002/12/04 23:03:32 paulus Exp $ + * $Id: chap_ms.h,v 1.8 2002/12/23 23:24:37 fcusack Exp $ */ #ifndef __CHAPMS_INCLUDE__ @@ -71,6 +71,7 @@ typedef struct { #include /* MPPE_MAX_KEY_LEN */ extern u_char mppe_send_key[MPPE_MAX_KEY_LEN]; extern u_char mppe_recv_key[MPPE_MAX_KEY_LEN]; +extern int mppe_keys_set; #endif /* Are we the authenticator or authenticatee? For MS-CHAPv2 key derivation. */ diff --git a/pppd/plugins/radius/radius.c b/pppd/plugins/radius/radius.c index 5e27ee0..48882a9 100644 --- a/pppd/plugins/radius/radius.c +++ b/pppd/plugins/radius/radius.c @@ -24,7 +24,7 @@ * ***********************************************************************/ static char const RCSID[] = -"$Id: radius.c,v 1.18 2002/11/13 18:19:26 fcusack Exp $"; +"$Id: radius.c,v 1.19 2002/12/23 23:24:37 fcusack Exp $"; #include "pppd.h" #include "chap.h" @@ -709,6 +709,7 @@ radius_setmppekeys(VALUE_PAIR *vp, REQUEST_INFO *req_info, chap_state *cstate) * to generate the start key, sigh. NB: We do not support the LM-Key. */ mppe_set_keys(cstate->challenge, &plain[8]); + mppe_keys_set = 1; return 0; } @@ -777,6 +778,7 @@ radius_setmppekeys2(VALUE_PAIR *vp, REQUEST_INFO *req_info) memcpy(mppe_send_key, plain + 1, 16); else memcpy(mppe_recv_key, plain + 1, 16); + mppe_keys_set = 1; return 0; } -- 2.39.2