ECP patches from Frank Cusack:

- If encryption is required, don't bring up IP/IPv6/IPX until the
  encryption negotiation has completed.
- Shut down LCP if the peer sends an LCP ConfRej instead of CCP ConfRej
  to our MPPE offer.  This fixes a bug where the server could not enforce
  use of encryption in some cases.
- Don't send the M=<message> part of an MS-CHAPv2 success packet to peers
  that don't know how to deal with it.  This allows pre-win2k systems to
  authenticate.
- Don't shut down lcp if MPPE was present in peer's CCP offer along with
  other options.  This allows pre-win2k systems to do MPPE (they offer
  Stac LZS with MPPE).
- Add the beginnings of ecp.c.
- Other minor changes.

Author: David F. Skoll

README.MPPE

@@ -58,14 +58,15 @@ RADIUS support for MPPE is from Ralf Hofmann, <[email protected]>.
 
 BUILDING THE PPPD
 
-The userland component of PPPD has no additional requirements above those
-for MS-CHAP and MS-CHAPv2.  The kernel, however, requires SHA-1 and ARCFOUR.
-Public domain implementations of these are provided.  Until such time as
-MPPE support ships with kernels, you can use the Linux-2.2 implementation
-that comes with PPPD.  Run the linux/mppe/mppeinstall.sh script, then
-rebuild your kernel.  The ppp_mppe.o module is added, and the ppp.o module
-is modified (unfortunately).  You'll need the new ppp.o since it does the
-right thing for the 4 extra bytes problem discussed above.
+The userland component of PPPD has no additional requirements above
+those for MS-CHAP and MS-CHAPv2.  The kernel, however, requires SHA-1
+and ARCFOUR.  Public domain implementations of these are provided.  Until
+such time as MPPE support ships with kernels, you can use the Linux-2.2
+implementation that comes with PPPD.  Run the linux/mppe/mppeinstall.sh
+script, then rebuild your kernel.  The ppp_mppe.o module is added, and the
+ppp.o module (2.2) or ppp_generic.o (2.4) is modified (unfortunately).
+You'll need the new ppp.o/ppp_generic.o since it does the right thing
+for the 4 extra bytes problem discussed above.
 
 
 CONFIGURATION

README.MSCHAP81

@@ -55,7 +55,7 @@ RFC 2759:
 
 You'll see these in your pppd log as a line similar to:
 
-   Remote message: No dialin permission
+   Remote message: E=649 No dialin permission
 
 Previously, pppd would log this as:
 

include/linux/ppp_defs.h

@@ -1,4 +1,4 @@
-/*	$Id: ppp_defs.h,v 1.9 2000/03/27 06:03:36 paulus Exp $	*/
+/*	$Id: ppp_defs.h,v 1.10 2002/05/21 17:26:48 dfs Exp $	*/
 
 /*
  * ppp_defs.h - PPP definitions.
@@ -28,7 +28,7 @@
  */
 
 /*
- *  ==FILEVERSION 20000114==
+ *  ==FILEVERSION 20020521==
  *
  *  NOTE TO MAINTAINERS:
  *     If you modify this file at all, please set the above date.
@@ -80,6 +80,8 @@
 #define PPP_IPV6CP	0x8057	/* IPv6 Control Protocol */
 #define PPP_CCPFRAG	0x80fb	/* CCP at link level (below MP bundle) */
 #define PPP_CCP		0x80fd	/* Compression Control Protocol */
+#define PPP_ECPFRAG	0x8055	/* ECP at link level (below MP bundle) */
+#define PPP_ECP		0x8053	/* Encryption Control Protocol */
 #define PPP_LCP		0xc021	/* Link Control Protocol */
 #define PPP_PAP		0xc023	/* Password Authentication Protocol */
 #define PPP_LQR		0xc025	/* Link Quality Report protocol */

include/net/ppp_defs.h

@@ -1,4 +1,4 @@
-/*	$Id: ppp_defs.h,v 1.14 1999/08/13 01:55:40 paulus Exp $	*/
+/*	$Id: ppp_defs.h,v 1.15 2002/05/21 17:26:48 dfs Exp $	*/
 
 /*
  * ppp_defs.h - PPP definitions.
@@ -79,6 +79,7 @@
 #define PPP_IPXCP	0x802b	/* IPX Control Protocol */
 #define PPP_IPV6CP	0x8057	/* IPv6 Control Protocol */
 #define PPP_CCP		0x80fd	/* Compression Control Protocol */
+#define PPP_ECP		0x8053	/* Encryption Control Protocol */
 #define PPP_LCP		0xc021	/* Link Control Protocol */
 #define PPP_PAP		0xc023	/* Password Authentication Protocol */
 #define PPP_LQR		0xc025	/* Link Quality Report protocol */

linux/mppe/ppp_mppe_compress.c

@@ -1,5 +1,5 @@
 /*
- *  ==FILEVERSION 20020320==
+ *  ==FILEVERSION 20020521==
  *
  * ppp_mppe_compress.c - interface MPPE to the PPP code.
  * This version is for use with Linux kernel 2.2.19+ and 2.4.x.
@@ -62,13 +62,8 @@ typedef struct ppp_mppe_state {
 #define MPPE_CCOUNT(p) ((((p)[4] & 0x0f) << 8) + (p)[5])
 #define MPPE_CCOUNT_SPACE 0x1000	/* The size of the ccount space */
 
-/*
- * MPPE overhead/packet.
- * Note that we use this differently than other compressors.
- */
 #define MPPE_OVHD	2		/* MPPE overhead/packet */
-/* Max bogon factor we will tolerate */
-#define SANITY_MAX	1600
+#define SANITY_MAX	1600		/* Max bogon factor we will tolerate */
 
 static void	GetNewKeyFromSHA __P((unsigned char *StartKey,
 				      unsigned char *SessionKey,
@@ -236,17 +231,17 @@ mppe_init(void *arg, unsigned char *options, int optlen, int unit, int debug,
 
     if (debug) {
 	int i;
-	char mkey[sizeof(state->master_key) * 3 + 1];
-	char skey[sizeof(state->session_key) * 3 + 1];
+	char mkey[sizeof(state->master_key) * 2 + 1];
+	char skey[sizeof(state->session_key) * 2 + 1];
 
 	printk(KERN_DEBUG "%s[%d]: initialized with %d-bit %s mode\n", debugstr,
 	       unit, (state->keylen == 16)? 128: 40,
 	       (state->stateful)? "stateful": "stateless");
 
 	for (i = 0; i < sizeof(state->master_key); i++)
-	    sprintf(mkey + i * 2, "%.2x ", state->master_key[i]);
+	    sprintf(mkey + i * 2, "%.2x", state->master_key[i]);
 	for (i = 0; i < sizeof(state->session_key); i++)
-	    sprintf(skey + i * 2, "%.2x ", state->session_key[i]);
+	    sprintf(skey + i * 2, "%.2x", state->session_key[i]);
 	printk(KERN_DEBUG "%s[%d]: keys: master: %s initial session: %s\n",
 	       debugstr, unit, mkey, skey);
     }
@@ -544,6 +539,7 @@ mppe_incomp(void *arg, unsigned char *ibuf, int icnt)
 {
     ppp_mppe_state *state = (ppp_mppe_state *) arg;
 
+/* XXX */
     if (state->debug &&
 	(PPP_PROTOCOL(ibuf) >= 0x0021 && PPP_PROTOCOL(ibuf) <= 0x00fa))
 	printk(KERN_DEBUG "mppe_incomp[%d]: incompressible (unencrypted) data! "

pppd/Makefile.NeXT

@@ -2,7 +2,7 @@
 # pppd makefile for NeXT
 #
 # $Orignial: Makefile.ultrix,v 1.4 1994/09/01 00:40:40 paulus Exp $
-# $Id: Makefile.NeXT,v 1.6 1999/04/12 06:24:44 paulus Exp $
+# $Id: Makefile.NeXT,v 1.7 2002/05/21 17:26:48 dfs Exp $
 #
 
 ARCHFLAGS = 
@@ -11,7 +11,7 @@ BINDIR = /usr/local/ppp/bin
 MANDIR = /usr/local/ppp/man
 
 OBJS = main.o magic.o fsm.o lcp.o ipcp.o upap.o chap.o md5.o ccp.o \
-	auth.o options.o demand.o utils.o sys-NeXT.o
+	ecp.o auth.o options.o demand.o utils.o sys-NeXT.o
 
 #
 # For HPPA and SPARC, define FIXSIGS to get around posix bugs in

pppd/Makefile.aix4

@@ -1,6 +1,6 @@
 #
 # pppd makefile for AIX 4.1
-# $Id: Makefile.aix4,v 1.4 1999/04/12 06:24:44 paulus Exp $
+# $Id: Makefile.aix4,v 1.5 2002/05/21 17:26:48 dfs Exp $
 #
 #ifndef BINDIR
 BINDIR = /usr/sbin
@@ -10,11 +10,11 @@ MANDIR = /usr/man
 #ENDIF
 
 PPPDSRCS = main.c magic.c fsm.c lcp.c ipcp.c upap.c chap.c md5.c ccp.c \
-	auth.c options.c demand.c utils.c sys-aix4.c \
+	ecp.c auth.c options.c demand.c utils.c sys-aix4.c \
 	gencode.c grammar.c scanner.c nametoaddr.c optimize.c
 
 PPPDOBJS = main.o magic.o fsm.o lcp.o ipcp.o upap.o chap.o md5.o ccp.o \
-	auth.o options.o demand.o utils.o sys-aix4.o \
+	ecp.o auth.o options.o demand.o utils.o sys-aix4.o \
 	gencode.o grammar.o scanner.o nametoaddr.o optimize.o
 
 CC = xlc

pppd/Makefile.bsd

@@ -1,4 +1,4 @@
-#	$Id: Makefile.bsd,v 1.15 1999/04/12 06:24:44 paulus Exp $
+#	$Id: Makefile.bsd,v 1.16 2002/05/21 17:26:48 dfs Exp $
 
 BINDIR?= /usr/sbin
 # -D_BITYPES is for FreeBSD, which doesn't define anything to
@@ -8,7 +8,7 @@ CFLAGS+= -g -I../include -DHAVE_PATHS_H -D_BITYPES
 
 PROG=	pppd
 SRCS=	main.c magic.c fsm.c lcp.c ipcp.c upap.c chap.c md5.c ccp.c \
-	demand.c auth.c options.c utils.c sys-bsd.c
+	ecp.c demand.c auth.c options.c utils.c sys-bsd.c
 MAN=	pppd.cat8
 MAN8=	pppd.8
 BINMODE=4555

pppd/Makefile.linux

@@ -1,19 +1,19 @@
 #
 # pppd makefile for Linux
-# $Id: Makefile.linux,v 1.47 2002/04/02 13:54:59 dfs Exp $
+# $Id: Makefile.linux,v 1.48 2002/05/21 17:26:48 dfs Exp $
 #
 
 # Default installation locations
 BINDIR = /usr/sbin
 MANDIR = /usr/man
 
-PPPDSRCS = main.c magic.c fsm.c lcp.c ipcp.c upap.c chap.c md5.c ccp.c \
+PPPDSRCS = main.c magic.c fsm.c lcp.c ipcp.c upap.c chap.c md5.c ccp.c ecp.c \
 	   ipxcp.c auth.c options.c sys-linux.c md4.c chap_ms.c cbcp.c \
 	   demand.c utils.c tty.c sha1.c
 HEADERS =  callout.h pathnames.h patchlevel.h chap.h md5.h chap_ms.h md4.h \
 	   ipxcp.h cbcp.h tdb.h sha1.h
 MANPAGES = pppd.8
-PPPDOBJS = main.o magic.o fsm.o lcp.o ipcp.o upap.o chap.o md5.o ccp.o \
+PPPDOBJS = main.o magic.o fsm.o lcp.o ipcp.o upap.o chap.o md5.o ccp.o ecp.o \
 	   auth.o options.o demand.o utils.o sys-linux.o ipxcp.o tty.o sha1.o
 
 all: pppd

pppd/Makefile.netbsd-1.2

@@ -3,7 +3,7 @@
 PCAPDIR=${.CURDIR}/../../lib/libpcap
 
 PROG=	pppd
-SRCS=	auth.c cbcp.c ccp.c chap.c chap_ms.c demand.c fsm.c ipcp.c \
+SRCS=	auth.c cbcp.c ccp.c ecp.c chap.c chap_ms.c demand.c fsm.c ipcp.c \
 	ipxcp.c lcp.c magic.c main.c options.c sys-bsd.c upap.c
 
 .PATH:	${PCAPDIR} ${.CURDIR}/../../sys/net

pppd/Makefile.osf

@@ -1,15 +1,15 @@
 #
 # pppd makefile for OSF/1 on DEC Alpha
-# $Id: Makefile.osf,v 1.11 2002/03/05 15:14:04 dfs Exp $
+# $Id: Makefile.osf,v 1.12 2002/05/21 17:26:48 dfs Exp $
 #
 
 BINDIR = /usr/local/etc
 MANDIR = /usr/local/man
 
-PPPDSRCS = main.c magic.c fsm.c lcp.c ipcp.c upap.c chap.c md5.c ccp.c \
+PPPDSRCS = main.c magic.c fsm.c lcp.c ipcp.c upap.c chap.c md5.c ccp.c ecp.c \
 	auth.c options.c demand.c utils.c sys-osf.c md4.c chap_ms.c sha1.c
 
-PPPDOBJS = main.o magic.o fsm.o lcp.o ipcp.o upap.o chap.o md5.o ccp.o \
+PPPDOBJS = main.o magic.o fsm.o lcp.o ipcp.o upap.o chap.o md5.o ccp.o ecp.o \
 	auth.o options.o demand.o utils.o sys-osf.o md4.o chap_ms.o sha1.o
 
 CC = cc

pppd/Makefile.sol2

@@ -1,6 +1,6 @@
 #
 # Makefile for pppd under Solaris 2.
-# $Id: Makefile.sol2,v 1.20 2001/03/08 05:01:03 paulus Exp $
+# $Id: Makefile.sol2,v 1.21 2002/05/21 17:26:48 dfs Exp $
 #
 
 include ../solaris/Makedefs
@@ -10,7 +10,7 @@ CFLAGS	=  -I../include -DSVR4 -DSOL2 $(COPTS)
 LIBS	= -lsocket -lnsl
 
 OBJS	=  main.o magic.o fsm.o lcp.o ipcp.o upap.o chap.o md5.o tty.o \
-	ccp.o auth.o options.o demand.o utils.o	sys-solaris.o tdb.o
+	ccp.o ecp.o auth.o options.o demand.o utils.o sys-solaris.o tdb.o
 
 #
 # uncomment the following to enable plugins

pppd/Makefile.sunos4

@@ -1,6 +1,6 @@
 #
 # Makefile for pppd under SunOS 4.
-# $Id: Makefile.sunos4,v 1.11 2001/03/08 05:01:03 paulus Exp $
+# $Id: Makefile.sunos4,v 1.12 2002/05/21 17:26:48 dfs Exp $
 #
 
 include ../sunos4/Makedefs
@@ -12,7 +12,7 @@ CFLAGS = $(COPTS) -I../include -DSUNOS4 -DGIDSET_TYPE=int \
 
 all: pppd
 
-OBJS = main.o magic.o fsm.o lcp.o ipcp.o upap.o chap.o md5.o ccp.o \
+OBJS = main.o magic.o fsm.o lcp.o ipcp.o upap.o chap.o md5.o ccp.o ecp.o \
 	auth.o options.o demand.o utils.o sys-sunos4.o tty.o
 
 pppd:	$(OBJS)

pppd/Makefile.svr4

@@ -1,6 +1,6 @@
 #
 # Makefile for pppd under Solaris 2.
-# $Id: Makefile.svr4,v 1.14 1999/04/12 06:24:44 paulus Exp $
+# $Id: Makefile.svr4,v 1.15 2002/05/21 17:26:48 dfs Exp $
 #
 
 include ../svr4/Makedefs
@@ -10,7 +10,7 @@ LIBS = -lsocket -lnsl -lc -L/usr/ucblib -lucb
 
 all: pppd
 
-OBJS = main.o magic.o fsm.o lcp.o ipcp.o upap.o chap.o md5.o ccp.o \
+OBJS = main.o magic.o fsm.o lcp.o ipcp.o upap.o chap.o md5.o ccp.o ecp.o \
 	auth.o options.o demand.o utils.o sys-svr4.o
 
 pppd:	$(OBJS)

pppd/Makefile.ultrix

@@ -1,15 +1,15 @@
 #
 # pppd makefile for Ultrix
-# $Id: Makefile.ultrix,v 1.11 1999/04/12 06:24:44 paulus Exp $
+# $Id: Makefile.ultrix,v 1.12 2002/05/21 17:26:49 dfs Exp $
 #
 
 BINDIR = /usr/local/etc
 MANDIR = /usr/local/man
 
-PPPDSRCS = main.c magic.c fsm.c lcp.c ipcp.c upap.c chap.c md5.c ccp.c \
+PPPDSRCS = main.c magic.c fsm.c lcp.c ipcp.c upap.c chap.c md5.c ccp.c ecp.c \
 	auth.c options.c demand.c utils.c sys-ultrix.c
 
-PPPDOBJS = main.o magic.o fsm.o lcp.o ipcp.o upap.o chap.o md5.o ccp.o \
+PPPDOBJS = main.o magic.o fsm.o lcp.o ipcp.o upap.o chap.o md5.o ccp.o ecp.o \
 	auth.o options.o demand.o utils.o sys-ultrix.o
 
 # CC = gcc