Introduce another global (MPPE_IsServer) so that we initiate the

MPPE session keys correctly. I'm a bit dubious about this code. It seems that the session keys are initialised differently based on whether you're the client or the server. One side is the server if it issues the first challenge, but of course you can issue a challenge from both sides.... at the same time. Sounds like another wonderful M$ assumption... Ppp can now talk to itself correctly using encryption. Problem solved by: Ustimenko Semen <semen@iclub.nsu.ru> Hair torn out by: me
2026-05-28 04:12:45 -04:00 · 2000-11-07 23:19:11 +00:00 · 2000-11-07 23:19:11 +00:00 · 542962ddf9
commit 542962ddf9
parent 17d7bfc3fc
3 changed files with 14 additions and 7 deletions
--- a/usr.sbin/ppp/chap.c
+++ b/usr.sbin/ppp/chap.c
@ -203,7 +203,7 @@ chap_BuildAnswer(char *name, char *key, u_char id, char *challenge, u_char type
                       expkey, klen * 2, ntresponse);

    /* Generate MPPE MASTERKEY */
-    GetMasterKey(pwdhashhash, ntresponse, MPPE_MasterKey);
+    GetMasterKey(pwdhashhash, ntresponse, MPPE_MasterKey);    /* XXX Global ! */

    /* Generate AUTHRESPONSE to verify on auth success */
    GenerateAuthenticatorResponse(expkey, klen * 2, ntresponse, 
@ -371,6 +371,7 @@ chap_Respond(struct chap *chap, char *name, char *key, u_char type
               ans, *ans + 1 + strlen(name), name);
 #ifdef HAVE_DES
    chap->NTRespSent = !lm;
+    MPPE_IsServer = 0;		/* XXX Global ! */
 #endif
    free(ans);
  } else
@ -536,7 +537,7 @@ chap_Success(struct authinfo *authp)
 #ifdef HAVE_DES
  if (authp->physical->link.lcp.want_authtype == 0x81) {
    msg = auth2chap(authp)->authresponse;
-    MPPE_MasterKeyValid = 1;
+    MPPE_MasterKeyValid = 1;		/* XXX Global ! */
  } else
 #endif
    msg = "Welcome!!";
@ -857,9 +858,11 @@ chap_Input(struct bundle *bundle, struct link *l, struct mbuf *bp)
                                       p->link.lcp.want_authtype
 #ifdef HAVE_DES
                                       , chap->challenge.peer,
-                                       chap->authresponse, lanman
-#endif
+                                       chap->authresponse, lanman);
+              MPPE_IsServer = 1;		/* XXX Global ! */
+#else
                                      );
+#endif
              if (myans == NULL)
                key = NULL;
              else {
@ -896,7 +899,7 @@ chap_Input(struct bundle *bundle, struct link *l, struct mbuf *bp)
                
              } else {
                /* Successful login */
-                MPPE_MasterKeyValid = 1;
+                MPPE_MasterKeyValid = 1;		/* XXX Global ! */
                datalink_AuthOk(p->dl);
              }
            } else
--- a/usr.sbin/ppp/mppe.c
+++ b/usr.sbin/ppp/mppe.c
@ -67,6 +67,7 @@ struct mppe_state {
 };

 int MPPE_MasterKeyValid = 0;
+int MPPE_IsServer = 0;
 char MPPE_MasterKey[MPPE_KEY_LEN];

 static void
@ -340,7 +341,8 @@ MPPEInitInput(struct lcp_opt *o)

  log_Printf(LogDEBUG, "MPPE: InitInput: %d-bits\n", mip->keybits);

-  GetAsymetricStartKey(MPPE_MasterKey, mip->mastkey, mip->keylen, 0, 0);
+  GetAsymetricStartKey(MPPE_MasterKey, mip->mastkey, mip->keylen, 0,
+                       MPPE_IsServer);
  GetNewKeyFromSHA(mip->mastkey, mip->mastkey, mip->keylen, mip->sesskey);

  MPPEReduceSessionKey(mip);
@ -381,7 +383,8 @@ MPPEInitOutput(struct lcp_opt *o)

  log_Printf(LogDEBUG, "MPPE: InitOutput: %d-bits\n", mop->keybits);

-  GetAsymetricStartKey(MPPE_MasterKey, mop->mastkey, mop->keylen, 1, 0);
+  GetAsymetricStartKey(MPPE_MasterKey, mop->mastkey, mop->keylen, 1,
+                       MPPE_IsServer);
  GetNewKeyFromSHA(mop->mastkey, mop->mastkey, mop->keylen, mop->sesskey);

  MPPEReduceSessionKey(mop);
--- a/usr.sbin/ppp/mppe.h
+++ b/usr.sbin/ppp/mppe.h
@ -29,4 +29,5 @@
 #define MPPE_KEY_LEN	16
 extern const struct ccp_algorithm MPPEAlgorithm;
 extern int MPPE_MasterKeyValid;
+extern int MPPE_IsServer;
 extern char MPPE_MasterKey[];