├── debian
├── compat
├── shlibs
├── source
│ └── format
├── sstp-client.manpages
├── libsstp-client0.install
├── gbp.conf
├── sstp-client.install
├── sstp-client.postinst
├── libsstp-client-dev.install
├── sstp-client.substvars
├── libsstp-client0.symbols
├── sstp-client.postrm
├── sstp-client.preinst
├── rules
├── copyright
├── control
└── changelog
├── support
├── SSTP-TEST.PCAP
├── [MS-DTYP].pdf
├── [MS-SSTP].pdf
├── deploying sstp remote access step by step guide.doc
├── peer-sstp-example-nopty.txt
├── peer-sstp-example.txt
├── SSTP-TEST-N3ZZ-DC1-CA.PEM
├── HACKING.TXT
├── N3ZZ-DC1-SSTP-TEST-NET.PEM
└── N3ZZ-DC1-SSTP-TEST-NET.KEY
├── src
├── libsstp-compat
│ ├── Makefile.am
│ └── sstp-compat.c
├── libsstp-api
│ ├── Makefile.am
│ └── sstp-api.c
├── libsstp-log
│ ├── Makefile.am
│ ├── sstp-log-std.c
│ ├── sstp-log-file.c
│ ├── sstp-log-private.h
│ └── sstp-log-syslog.c
├── pppd-plugin
│ ├── Makefile.am
│ └── sstp-plugin.c
├── sstp-fcs.h
├── sstp-event.h
├── Makefile.am
├── sstp-chap.h
├── sstp-client.h
├── sstp-private.h
├── sstp-cmac.h
├── sstp-http.h
├── sstp-buff.h
├── sstp-pppd.h
├── sstp-task.h
├── sstp-route.h
├── sstp-util.h
├── sstp-state.h
├── sstp-option.h
├── sstp-buff.c
├── sstp-stream.h
├── sstp-packet.h
├── sstp-task.c
├── sstp-fcs.c
└── sstp-cmac.c
├── include
├── Makefile.am
├── sstp-common.h
├── sstp-compat.h
├── sstp-api.h
└── sstp-log.h
├── sstp-client-1.0.pc.in
├── AUTHORS
├── TODO
├── autogen.sh
├── m4
├── ltversion.m4
├── ax_check_library.m4
├── ax_check_openssl.m4
├── ltsugar.m4
├── pkg.m4
└── lt~obsolete.m4
├── Makefile.am
├── sstp-test-nopty.example
├── sstp-test.example
├── DEVELOPERS
├── NEWS
├── Portfile
├── USING
├── ChangeLog
├── README
├── compile
├── sstp-client.spec
├── sstpc.8
├── configure.ac
└── config.h.in
/debian/compat:
--------------------------------------------------------------------------------
1 | 8
2 |
--------------------------------------------------------------------------------
/debian/shlibs:
--------------------------------------------------------------------------------
1 | libsstp_api 0
2 |
--------------------------------------------------------------------------------
/debian/source/format:
--------------------------------------------------------------------------------
1 | 3.0 (native)
2 |
--------------------------------------------------------------------------------
/debian/sstp-client.manpages:
--------------------------------------------------------------------------------
1 | sstpc.8
2 |
--------------------------------------------------------------------------------
/debian/libsstp-client0.install:
--------------------------------------------------------------------------------
1 | /usr/lib/libsstp_api-0.so
2 |
--------------------------------------------------------------------------------
/debian/gbp.conf:
--------------------------------------------------------------------------------
1 | [DEFAULT]
2 | pristine-tar = True
3 | debian-branch = experimental
4 |
--------------------------------------------------------------------------------
/debian/sstp-client.install:
--------------------------------------------------------------------------------
1 | /usr/sbin/sstpc
2 | /usr/lib/pppd/2.4.5/sstp-pppd-plugin.so
3 |
--------------------------------------------------------------------------------
/support/SSTP-TEST.PCAP:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/reliablehosting/sstp-client/HEAD/support/SSTP-TEST.PCAP
--------------------------------------------------------------------------------
/support/[MS-DTYP].pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/reliablehosting/sstp-client/HEAD/support/[MS-DTYP].pdf
--------------------------------------------------------------------------------
/support/[MS-SSTP].pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/reliablehosting/sstp-client/HEAD/support/[MS-SSTP].pdf
--------------------------------------------------------------------------------
/debian/sstp-client.postinst:
--------------------------------------------------------------------------------
1 | #!/bin/bash -e
2 |
3 | #DEBHELPER#
4 | if [ "$1" = "configure" ]; then
5 | ldconfig
6 | fi
7 |
--------------------------------------------------------------------------------
/debian/libsstp-client-dev.install:
--------------------------------------------------------------------------------
1 | /usr/include/sstp-client
2 | /usr/lib/libsstp_api.a
3 | /usr/lib/libsstp_api.so
4 | /usr/lib/pkgconfig
5 |
--------------------------------------------------------------------------------
/debian/sstp-client.substvars:
--------------------------------------------------------------------------------
1 | shlibs:Depends=libc6 (>= 2.14), libevent-2.0-5 (>= 2.0.10-stable), libssl1.0.0 (>= 1.0.0), sstp-client (>= 1.0.6)
2 | misc:Depends=
3 |
--------------------------------------------------------------------------------
/support/deploying sstp remote access step by step guide.doc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/reliablehosting/sstp-client/HEAD/support/deploying sstp remote access step by step guide.doc
--------------------------------------------------------------------------------
/src/libsstp-compat/Makefile.am:
--------------------------------------------------------------------------------
1 | noinst_LTLIBRARIES = libsstp_compat.la
2 | libsstp_compat_la_CFLAGS = -I$(top_srcdir)/include
3 | libsstp_compat_la_SOURCES = \
4 | sstp-compat.c
5 |
--------------------------------------------------------------------------------
/include/Makefile.am:
--------------------------------------------------------------------------------
1 | sstpc_includedir = $(includedir)/sstp-client
2 | sstpc_include_HEADERS = \
3 | sstp-api.h
4 |
5 | noinst_HEADERS = \
6 | sstp-compat.h \
7 | sstp-common.h \
8 | sstp-log.h
9 |
--------------------------------------------------------------------------------
/src/libsstp-api/Makefile.am:
--------------------------------------------------------------------------------
1 | lib_LTLIBRARIES = libsstp_api.la
2 | libsstp_api_la_LDFLAGS = -export-dynamic -release 0
3 | libsstp_api_la_CFLAGS = -I$(top_srcdir)/include
4 | libsstp_api_la_SOURCES = \
5 | sstp-api.c
6 |
--------------------------------------------------------------------------------
/debian/libsstp-client0.symbols:
--------------------------------------------------------------------------------
1 | libsstp_api-0.so sstp-client (>= 1.0.6)
2 | sstp_api_attr_add@Base 1.0.7
3 | sstp_api_attr_parse@Base 1.0.7
4 | sstp_api_msg_len@Base 1.0.7
5 | sstp_api_msg_new@Base 1.0.7
6 | sstp_api_msg_type@Base 1.0.7
7 |
--------------------------------------------------------------------------------
/debian/sstp-client.postrm:
--------------------------------------------------------------------------------
1 | #!/bin/bash -e
2 |
3 | if [ "$1" = "purge" ]; then
4 | rm -rf /var/run/sstpc
5 | userdel sstpc >/dev/null 2>&1 || true
6 | fi
7 |
8 | #DEBHELPER#
9 | if [ "$1" = "remove" ]; then
10 | ldconfig
11 | fi
12 |
--------------------------------------------------------------------------------
/sstp-client-1.0.pc.in:
--------------------------------------------------------------------------------
1 | prefix=@prefix@
2 | exec_prefix=@exec_prefix@
3 | libdir=@libdir@
4 | includedir=@includedir@
5 |
6 | Name: sstp-client
7 | Description: Library to communciate with the sstp-client software
8 | Version: @PACKAGE_VERSION@
9 | Libs: -L${libdir} -lsstp_api
10 | Cflags: -I${includedir}/sstp-client
11 |
--------------------------------------------------------------------------------
/src/libsstp-log/Makefile.am:
--------------------------------------------------------------------------------
1 | noinst_LTLIBRARIES = libsstp_log.la
2 | libsstp_log_la_CFLAGS = -I$(top_srcdir)/include
3 | libsstp_log_la_SOURCES = \
4 | sstp-log.c \
5 | sstp-log-syslog.c \
6 | sstp-log-std.c \
7 | sstp-log-file.c
8 |
9 | noinst_HEADERS = \
10 | sstp-log-private.h
11 |
--------------------------------------------------------------------------------
/AUTHORS:
--------------------------------------------------------------------------------
1 | The sstp-client Project
2 | http://sourceforge.net/projects/sstp-client
3 |
4 | Primary Author of this package:
5 | * Eivind Naess
6 |
7 | Patches and bug-fixes by:
8 | - Adding route to VPN server, Dmitriy Belokurov.
9 |
10 |
11 | Third-Party Resources:
12 | Nick Mathewson and Niels Provos for libevent.
13 |
14 |
--------------------------------------------------------------------------------
/support/peer-sstp-example-nopty.txt:
--------------------------------------------------------------------------------
1 | remotename sstp-test
2 | linkname sstp-test
3 | ipparam sstp-test
4 | name SSTP-TEST\\jdoe
5 | plugin sstp-pppd-plugin.so
6 | sstp-sock /tmp/sstp-uds-sock
7 | usepeerdns
8 | require-mppe
9 | noauth
10 | refuse-eap
11 | debug
12 |
13 | # adopt defaults from the pptp-linux package
14 | file /etc/ppp/options.pptp
15 |
--------------------------------------------------------------------------------
/src/pppd-plugin/Makefile.am:
--------------------------------------------------------------------------------
1 | if WITH_PPP_PLUGIN
2 | pppd_plugindir = $(PPPD_PLUGIN_DIR)
3 |
4 | pppd_plugin_LTLIBRARIES = sstp-pppd-plugin.la
5 | sstp_pppd_plugin_la_CFLAGS = -I$(top_srcdir)/include
6 | sstp_pppd_plugin_la_LDFLAGS = -module -avoid-version
7 | sstp_pppd_plugin_la_LIBADD = ../libsstp-api/libsstp_api.la
8 | sstp_pppd_plugin_la_SOURCES = sstp-plugin.c
9 |
10 | endif
11 |
--------------------------------------------------------------------------------
/support/peer-sstp-example.txt:
--------------------------------------------------------------------------------
1 | remotename sstp-test
2 | linkname sstp-test
3 | ipparam sstp-test
4 | pty "sstp-client --server n3zz-dc1.sstp-test.net --nolaunchpppd "
5 | name SSTP-TEST\\jdoe
6 | plugin sstp-pppd-plugin.so
7 | sstp-sock /tmp/sstpc-uds-sock
8 | usepeerdns
9 | require-mppe
10 | refuse-eap
11 | noauth
12 | debug
13 |
14 | # adopt defaults from the pptp-linux package
15 | file /etc/ppp/options.pptp
16 |
--------------------------------------------------------------------------------
/TODO:
--------------------------------------------------------------------------------
1 | sstp-client:
2 | * HTTP Proxy Digest Authentication support
3 | * Improve Certificate Verification
4 | - Restrict certain cipher suites.
5 | - Support for CRL and certificate revocation
6 | * Automate the unit-tests
7 | - Autotools to help do this 'make check'
8 | * Build doxygen target
9 | * SSTP Server Support
10 |
11 | network-manager-sstp:
12 | * Sync up to latest git branch for pptp (any bug fixes?)
13 | * Add proxy configuration support
14 | * Additional options to limit the crypto
15 |
--------------------------------------------------------------------------------
/autogen.sh:
--------------------------------------------------------------------------------
1 | #!/bin/sh
2 | # Run this to generate all the initial makefiles, etc.
3 |
4 | srcdir=`dirname $0`
5 | test -z "$srcdir" && srcdir=.
6 | REQUIRED_AUTOMAKE_VERSION=1.9
7 | PKG_NAME=sstp-client
8 |
9 | (test -f $srcdir/configure.ac \
10 | && test -f $srcdir/src/sstp-client.c) || {
11 | echo -n "**Error**: Directory "\`$srcdir\'" does not look like the"
12 | echo " top-level $PKG_NAME directory"
13 | exit 1
14 | }
15 |
16 | (cd $srcdir;
17 | autoreconf --install --symlink &&
18 | autoreconf &&
19 | ./configure
20 | )
21 |
22 |
--------------------------------------------------------------------------------
/debian/sstp-client.preinst:
--------------------------------------------------------------------------------
1 | #!/bin/bash -e
2 |
3 | # creating sstpc group if it isn't already there
4 | if ! getent group sstpc >/dev/null; then
5 | addgroup --system sstpc >/dev/null
6 | fi
7 |
8 | # creating sstpc user if he isn't already there
9 | if ! getent passwd sstpc >/dev/null; then
10 | adduser \
11 | --system \
12 | --ingroup sstpc \
13 | --home /var/run/sstpc/ \
14 | --gecos "Secure Socket Tunneling Protocol (SSTP) Client" \
15 | --shell /bin/false \
16 | sstpc >/dev/null
17 | fi
18 |
19 | #DEBHELPER#
20 |
--------------------------------------------------------------------------------
/m4/ltversion.m4:
--------------------------------------------------------------------------------
1 | # ltversion.m4 -- version numbers -*- Autoconf -*-
2 | #
3 | # Copyright (C) 2004 Free Software Foundation, Inc.
4 | # Written by Scott James Remnant, 2004
5 | #
6 | # This file is free software; the Free Software Foundation gives
7 | # unlimited permission to copy and/or distribute it, with or without
8 | # modifications, as long as this notice is preserved.
9 |
10 | # @configure_input@
11 |
12 | # serial 3337 ltversion.m4
13 | # This file is part of GNU Libtool
14 |
15 | m4_define([LT_PACKAGE_VERSION], [2.4.2])
16 | m4_define([LT_PACKAGE_REVISION], [1.3337])
17 |
18 | AC_DEFUN([LTVERSION_VERSION],
19 | [macro_version='2.4.2'
20 | macro_revision='1.3337'
21 | _LT_DECL(, macro_version, 0, [Which release of libtool.m4 was used?])
22 | _LT_DECL(, macro_revision, 0)
23 | ])
24 |
--------------------------------------------------------------------------------
/Makefile.am:
--------------------------------------------------------------------------------
1 | ACLOCAL_AMFLAGS = -I m4
2 | SUBDIRS = \
3 | src/libsstp-log \
4 | src/libsstp-api \
5 | src/libsstp-compat\
6 | src/pppd-plugin \
7 | include \
8 | src
9 |
10 | docdir = $(datadir)/doc/@PACKAGE@
11 | pkgconfigdir = $(libdir)/pkgconfig
12 | pkgconfig_DATA = sstp-client-1.0.pc
13 |
14 | doc_DATA = \
15 | sstp-test.example \
16 | sstp-test-nopty.example
17 |
18 | man8_MANS = sstpc.8
19 | EXTRA_DIST = \
20 | $(man8_MANS) \
21 | $(doc_DATA) \
22 | support \
23 | debian \
24 | sstp-client.spec\
25 | DEVELOPERS \
26 | USING
27 |
28 | dist-hook:
29 | for i in $(EXTRA_DIST) ; do \
30 | if [ -d $i ] ; then \
31 | rm -rf `find $(distdir)/$i -type d -name .svn` ; \
32 | fi ; \
33 | done
34 |
--------------------------------------------------------------------------------
/debian/rules:
--------------------------------------------------------------------------------
1 | #!/usr/bin/make -f
2 | export DEB_BUILD_HARDENING=1
3 |
4 | include /usr/share/hardening-includes/hardening.make
5 | CFLAGS=$(shell dpkg-buildflags --get CFLAGS)
6 | LDFLAGS=$(shell dpkg-buildflags --get LDFLAGS)
7 | CFLAGS+=$(HARDENING_CFLAGS)
8 | LDFLAGS+=$(HARDENING_LDFLAGS)
9 |
10 | configure:
11 |
12 | ./configure \
13 | --prefix=/usr \
14 | --sysconfdir=/etc \
15 | --localstatedir=/var \
16 | --includedir=${prefix}/include \
17 | --libexecdir=${prefix}/lib/sstp-client \
18 | --mandir=${prefix}/share/man \
19 | --infodir=${prefix}/share/info \
20 | --disable-dependency-tracking \
21 | --with-runtime-dir="/var/run/sstpc" \
22 | --enable-user \
23 | --enable-group
24 |
25 | %:
26 | dh $@
27 |
28 | override_dh_makeshlibs:
29 | dh_makeshlibs -X/usr/lib/pppd/
30 |
31 |
32 | get-orig-source:
33 | cd $(dir $(firstword $(MAKEFILE_LIST)))../ && \
34 | uscan --rename --force-download --watchfile debian/watch --destdir $(CURDIR)
35 |
36 |
--------------------------------------------------------------------------------
/src/sstp-fcs.h:
--------------------------------------------------------------------------------
1 | /* ppp_fcs.h ... header file for PPP-HDLC FCS
2 | * C. Scott Ananian
3 | *
4 | * $Id: ppp_fcs.h,v 1.2 2008/02/19 05:05:03 quozl Exp $
5 | */
6 | #ifndef __SSTP_FCS_H__
7 | #define __SSTP_FCS_H__
8 |
9 |
10 | /*< Initial FCS value */
11 | #define PPPINITFCS16 0xffff
12 |
13 | /*< Good final FCS value */
14 | #define PPPGOODFCS16 0xf0b8
15 |
16 | #define HDLC_FLAG 0x7E
17 | #define HDLC_ESCAPE 0x7D
18 | #define HDLC_TRANSPARENCY 0x20
19 |
20 |
21 | /*!
22 | * @brief Calculate checksum of a frame per RFC1662
23 | */
24 | uint16_t sstp_frame_check(uint16_t fcs, const unsigned char *cp, int len);
25 |
26 |
27 | /*!
28 | * @brief Decode a frame from the buffer and decapsulate it
29 | */
30 | status_t sstp_frame_decode(const unsigned char *buf, int *length,
31 | unsigned char *frame, int *size);
32 |
33 |
34 | status_t sstp_frame_encode(const unsigned char *source, int ilen,
35 | unsigned char *frame, int *flen);
36 |
37 | #endif /* #ifndef __SSTP_FCS_H__ */
38 |
--------------------------------------------------------------------------------
/sstp-test-nopty.example:
--------------------------------------------------------------------------------
1 | #
2 | # Put this file in /etc/ppp/peers/sstp-test-nopty, the name should be the same as
3 | # for remotename, linkname, and ipparam. Update the url for the server as a part
4 | # of the pty statement, and finally update your username.
5 | #
6 | # Make sure your user 'kendo' have an appropriate entry in /etc/ppp/chap-secrets.
7 | # Example:
8 | # #client server secret IP addresses
9 | # kendo * xxxxxxx *
10 | # 'DOMAIN\\kendo' * xxxxxxx
11 | #
12 | # Connect to sstp-test-nopty peer:
13 | # sstpc --log-level 4 --log-stderr sstp-test.yourdomain.com call sstp-test-nopty
14 | #
15 | remotename sstp-test-nopty
16 | linkname sstp-test-nopty
17 | ipparam sstp-test-nopty
18 | name kendo
19 | plugin sstp-pppd-plugin.so
20 | sstp-sock /var/run/sstpc/sstpc-sstp-test-nopty
21 | usepeerdns
22 | require-mppe
23 | require-mschap-v2
24 | noauth
25 | lock
26 | refuse-pap
27 | refuse-eap
28 | refuse-chap
29 | refuse-mschap
30 | nobsdcomp
31 | nodeflate
32 |
33 | # Uncomment this if you want additional debug in your /var/log/messages
34 | # debug
35 |
--------------------------------------------------------------------------------
/sstp-test.example:
--------------------------------------------------------------------------------
1 | #
2 | # Put this file in /etc/ppp/peers/sstp-test, the name should be the same as
3 | # for remotename, linkname, and ipparam. Update the url for the server as a part
4 | # of the pty statement, and finally update your username.
5 | #
6 | # Make sure your user 'kendo' have an appropriate entry in /etc/ppp/chap-secrets.
7 | # Example:
8 | # #client server secret IP addresses
9 | # kendo * xxxxxxx *
10 | # 'DOMAIN\\kendo' * xxxxxxx
11 | #
12 | # Connect to sstp-test peer:
13 | # sudo pon sstp-test
14 | #
15 | remotename sstp-test
16 | linkname sstp-test
17 | ipparam sstp-test
18 | pty "sstpc --ipparam sstp-test --log-level 4 --nolaunchpppd sstp-test.yourdomain.com"
19 | name kendo
20 | plugin sstp-pppd-plugin.so
21 | sstp-sock /var/run/sstpc/sstpc-sstp-test
22 | usepeerdns
23 | require-mppe
24 | require-mschap-v2
25 | noauth
26 | lock
27 | refuse-pap
28 | refuse-eap
29 | refuse-chap
30 | refuse-mschap
31 | nobsdcomp
32 | nodeflate
33 |
34 | # Uncomment this if you want additional debug in your /var/log/messages
35 | # debug
36 |
--------------------------------------------------------------------------------
/DEVELOPERS:
--------------------------------------------------------------------------------
1 | Developers Information
2 |
3 |
4 | Mailing List
5 |
6 | Subscribe to the sstp-client-devel mailing list at sstp-client-devel@lists.sourceforge.net
7 | if you intend to contribute to this project. On this mailing list we discuss problems
8 | and changes.
9 |
10 | http://lists.sourceforge.net/mailman/listinfo/sstp-client-devel
11 |
12 |
13 | Patches
14 |
15 | You may send patches by e-mail, direct or to the mailing list, or if
16 | you have SVN commit rights, you may use them.
17 |
18 | Developers have permission (and encouragement) to adjust more than the
19 | file that they are submitting. Other files that may be adjusted are:
20 |
21 | ChangeLog
22 | documentation of changes at the code level.
23 |
24 | NEWS
25 | a history of changes as far as an end user is concerned.
26 |
27 | AUTHORS
28 | a list of people who want credit for contributions.
29 |
30 | TODO
31 | a list of things yet to be done.
32 |
33 | See section two of Eric Raymond's Software Release Practice HOWTO for
34 | some useful information on good patching practice.
35 |
36 | http://www.linuxdoc.org/HOWTO/Software-Release-Practice-HOWTO/
37 |
--------------------------------------------------------------------------------
/NEWS:
--------------------------------------------------------------------------------
1 | Release 1.0.3: (November 13, 2011)
2 | - Added command line option to specify the uuid of the connection
3 | - Fixed various bugs, to mention:
4 | * Cleanup of unix socket on termination
5 | * Correct parsing of the URL
6 | * Fix connected time error when using --nolaunchpppd option
7 | * Unit tests was added
8 | * Added hardening of ubuntu build scripts
9 |
10 |
11 | Release 1.0.2: (October 20, 2011)
12 | - Added Basic HTTP proxy support
13 | - Allow for user to ignore certificate warnings by specifying '--cert-warn'
14 | - Network Manager SSTP plugin finally works on Ubuntu 11.10
15 | - Covering up passwords per command line.
16 | - Added privilege separation user, group, and directory
17 |
18 |
19 | Release 1.0.1: (October 02, 2011)
20 | - Fixing various bugs found while porting to Fedora Core 15.
21 | - Improved signal handling and summary on connection termination
22 | - Improved task handling of pppd
23 |
24 |
25 | Release 1.0: (September 18, 2011)
26 | - Updated version to 1.0 after 6 months of beta testing.
27 | - Packages provided for Ubuntu 11.04, and Fedora Core 15
28 |
29 |
30 | Release 1.0-beta: (February 12, 2011)
31 | - Connect to a Windows 2K8 server using SSTP
32 | - Async PPP support
33 | - IPv6 support
34 | - Certificate validation
35 |
--------------------------------------------------------------------------------
/support/SSTP-TEST-N3ZZ-DC1-CA.PEM:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIDezCCAmOgAwIBAgIQZ8gUyJXYfY5PTCM+mu8C5DANBgkqhkiG9w0BAQUFADBQ
3 | MRMwEQYKCZImiZPyLGQBGRYDTkVUMRkwFwYKCZImiZPyLGQBGRYJU1NUUC1URVNU
4 | MR4wHAYDVQQDExVTU1RQLVRFU1QtTjNaWi1EQzEtQ0EwHhcNMTEwMjE2MDUxMjE2
5 | WhcNMTYwMjE2MDUyMjE1WjBQMRMwEQYKCZImiZPyLGQBGRYDTkVUMRkwFwYKCZIm
6 | iZPyLGQBGRYJU1NUUC1URVNUMR4wHAYDVQQDExVTU1RQLVRFU1QtTjNaWi1EQzEt
7 | Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQCFJmCCEAb2V2GPOy
8 | RSeAqCRIgI96b5IWysKOHk9BCH3E17jgEmyBRIH9WnhuFBP8qQeGcWW9E0JTQMXF
9 | //VhcBHMOxrDmJN2yDp8JIb3gBfJbinEGQ8yjlKXVZ+VaoWHUfG7vckSTr/H1Yrt
10 | 9eois9pq5M1frHw9JSQrnjd+Xe5ZAcEI7HywWVSLueAt27iMXxMhSu8eMHH5yiia
11 | /CbFbFPp6MhMkE7bmAFcoFc0AkgR2AiNLIC8jtnDQ9LRCaqoA16Cmi/W6qPPvO2/
12 | yX5LKIf4GKoU65Fl8lULBoKviZ0pWmStcsPtHP97CsGXO3ECcxpokkUOJg2kaZRv
13 | 24yNAgMBAAGjUTBPMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1Ud
14 | DgQWBBSOx62oY7+TQnyzxIljVLEL3H8x9DAQBgkrBgEEAYI3FQEEAwIBADANBgkq
15 | hkiG9w0BAQUFAAOCAQEASIQSjmfFg4I7vsS21DE5+Ek91Mc8Vx8q6IzPZ43xTOc4
16 | KmOufqqwt/BkjSzwd5ZYw+TrisevtqKIeppSYMPV6aOrEnZj9KEe72GMY1Cr7mBh
17 | 7uOzkxjrd8aMODmKX7VsVYFJU2/R0s7YY5R/5m2p65x4cOH05bTueCivnc9aaZxY
18 | LHnQELWRcCfMT7/77VVMpBc/peZgmQzqehe9jafc0U14CtRTMfEO5Dc+lNHD2SE6
19 | grKbfDDxHno/lFC+eJUTFOOzUeKsbIET7pXBFkjiaTdstlQGYe7T6fpS6UJi8/hK
20 | N+Fl5hgqQNOzQsBUtH8Vo46VahqeJGsGC9ifUGKneA==
21 | -----END CERTIFICATE-----
22 |
--------------------------------------------------------------------------------
/Portfile:
--------------------------------------------------------------------------------
1 | # -*- coding: utf-8; mode: tcl; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- vim:fenc=utf-8:ft=tcl:et:sw=4:ts=4:sts=4
2 | # $Id$
3 |
4 | PortSystem 1.0
5 |
6 | name sstp-client
7 | version 1.0.7
8 | categories net
9 | platforms darwin
10 | maintainers nomaintainer
11 | license GPL-2+
12 |
13 | description client implementation of Secure Socket Tunneling Protocol (SSTP)
14 |
15 | long_description ${name} is a ${description} for Unix that allows access \
16 | via SSTP VPN to Microsoft Windows 2008 Server. It tunnels \
17 | PPP traffic over SSL.
18 |
19 | homepage http://sstp-client.sourceforge.net/
20 | master_sites sourceforge:project/sstp-client/sstp-client/${version}
21 |
22 | checksums rmd160 71b6c4a7f6370c18ca1988f9d1b17c5bde45f882 \
23 | sha256 fa935f47812944243a31d7c64905f791634993791b974701c963ff05448c9f34
24 |
25 | depends_build port:pkgconfig
26 |
27 | depends_lib port:libevent \
28 | port:openssl
29 |
30 | configure.args --disable-ppp-plugin \
31 | --disable-silent-rules \
32 | --with-libevent=2 \
33 | --with-runtime-dir=${prefix}/var/macports/sstpc
34 |
35 | test.run yes
36 | test.target check
37 |
--------------------------------------------------------------------------------
/src/libsstp-compat/sstp-compat.c:
--------------------------------------------------------------------------------
1 | /*!
2 | * @brief Provide compability layer for sstp-client and other libraries
3 | *
4 | * @file sstp-comapt.c
5 | *
6 | * @author Copyright (C) 2011 Eivind Naess,
7 | * All Rights Reserved
8 | *
9 | * @par License:
10 | * This program is free software; you can redistribute it and/or modify
11 | * it under the terms of the GNU General Public License as published by
12 | * the Free Software Foundation; either version 2 of the License, or
13 | * (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License along
21 | * with this program; if not, write to the Free Software Foundation, Inc.,
22 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 | */
24 |
25 | #include
26 | #include
27 |
28 | #ifndef HAVE_LIBEVENT2
29 |
30 | event_st *event_new(event_base_st *base, int sock, short fl,
31 | event_fn cb, void *arg)
32 | {
33 | event_st *event = calloc(1, sizeof(event_st));
34 | if (event)
35 | {
36 | event_set(event, sock, fl, cb, arg);
37 | event_base_set(base, event);
38 | }
39 |
40 | return event;
41 | }
42 |
43 |
44 | void event_free(event_st *event)
45 | {
46 | free(event);
47 | }
48 |
49 | #endif
50 |
--------------------------------------------------------------------------------
/include/sstp-common.h:
--------------------------------------------------------------------------------
1 | /*!
2 | * @brief Provide common declarations for the sstp project
3 | *
4 | * @file sstp-common.h
5 | *
6 | * @author Copyright (C) 2011 Eivind Naess,
7 | * All Rights Reserved
8 | *
9 | * @par License:
10 | * This program is free software; you can redistribute it and/or modify
11 | * it under the terms of the GNU General Public License as published by
12 | * the Free Software Foundation; either version 2 of the License, or
13 | * (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License along
21 | * with this program; if not, write to the Free Software Foundation, Inc.,
22 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 | */
24 |
25 | #ifndef __SSTP_COMMON_H__
26 | #define __SSTP_COMMON_H__
27 |
28 | /*!
29 | * @brief Common return values
30 | */
31 | typedef enum
32 | {
33 | /*!< Generic failure */
34 | SSTP_FAIL = -1,
35 |
36 | /*!< General okay */
37 | SSTP_OKAY = 0,
38 |
39 | /*!< Operation in progress */
40 | SSTP_INPROG = 1,
41 |
42 | /*!< Socket connected */
43 | SSTP_CONNECTED = 2,
44 |
45 | /*!< Buffer overflow */
46 | SSTP_OVERFLOW = 3,
47 |
48 | /*!< Not implemented (yet) */
49 | SSTP_NOTIMPL = 4,
50 |
51 | /*!< Operation timed out */
52 | SSTP_TIMEOUT = 5,
53 |
54 | /*!< Authentication required */
55 | SSTP_AUTHENTICATE = 6,
56 |
57 | } status_t;
58 |
59 | #endif /* #ifndef __SSTP_COMMON_H__ */
60 |
--------------------------------------------------------------------------------
/debian/copyright:
--------------------------------------------------------------------------------
1 | This package was initially debianized by Eivind Naess,
2 | , on Sat, 18 Sept 2011 12:00:00 -8000.
3 |
4 | The current release is available from:
5 | http://sstpclient.sourceforge.net
6 |
7 | Copyright:
8 |
9 | Copyright (C) 2011 Eivind Naess
10 |
11 | License: GPL-2+ with OpenSSL exception
12 |
13 | This program is free software; you can redistribute it and/or modify it
14 | under the terms of the GNU General Public License as published by the
15 | Free Software Foundation; either version 2 of the License, or (at your
16 | option) any later version.
17 |
18 | This program is distributed in the hope that it will be useful, but
19 | WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
20 | or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
21 | for more details.
22 |
23 | A copy of the GNU General Public License is available as
24 | /usr/share/common-licenses/GPL in the Debian GNU/Linux distribution or on the
25 | World Wide Web at http://www.gnu.org/copyleft/gpl.html. You can also
26 | obtain it by writing to the Free Software Foundation, Inc., 51 Franklin St,
27 | Fifth Floor, Boston, MA 02110-1301, USA.
28 |
29 | In addition, as a special exception, the author of this program gives
30 | permission to link the code of its release with the OpenSSL project's
31 | "OpenSSL" library (or with modified versions of it that use the same
32 | license as the "OpenSSL" library), and distribute the linked executables.
33 |
34 | You must obey the GNU General Public License in all respects for all of
35 | the code used other than "OpenSSL". If you modify this file, you may
36 | extend this exception to your version of the file, but you are not obligated
37 | to do so. If you do not wish to do so, delete this exception statement
38 | from your version.
39 |
--------------------------------------------------------------------------------
/include/sstp-compat.h:
--------------------------------------------------------------------------------
1 | /*!
2 | * @brief Provide compability layer for sstp-client and other libraries
3 | *
4 | * @file sstp-comapt.h
5 | *
6 | * @author Copyright (C) 2011 Eivind Naess,
7 | * All Rights Reserved
8 | *
9 | * @par License:
10 | * This program is free software; you can redistribute it and/or modify
11 | * it under the terms of the GNU General Public License as published by
12 | * the Free Software Foundation; either version 2 of the License, or
13 | * (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License along
21 | * with this program; if not, write to the Free Software Foundation, Inc.,
22 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 | */
24 |
25 | #ifndef __SSTP_COMPAT_H__
26 | #define __SSTP_COMPAT_H__
27 |
28 | #include
29 | #include
30 |
31 | #if HAVE_LIBEVENT2
32 | #include
33 | #include
34 | #include
35 | #include
36 | #else
37 | #include
38 | #endif
39 |
40 |
41 | typedef struct event_base event_base_st;
42 | typedef struct event event_st;
43 | typedef void (*event_fn)(int, short, void *);
44 |
45 | #ifndef HAVE_LIBEVENT2
46 |
47 | /*!
48 | * @brief provide a dummy function for missing event_new of libevent 1.4
49 | */
50 | event_st *event_new(event_base_st *base, int sock, short fl,
51 | event_fn cb, void *arg);
52 |
53 |
54 | /*!
55 | * @brief provide a dummy function for missing event_free of libevent 1.4
56 | */
57 | void event_free(event_st *event);
58 |
59 | #endif /* #ifndef HAVE_LIBEVENT2 */
60 |
61 |
62 |
63 | #endif /* #ifndef __SSTP_COMMON_H__ */
64 |
--------------------------------------------------------------------------------
/src/sstp-event.h:
--------------------------------------------------------------------------------
1 | /*!
2 | * @brief Event API for sstp-client
3 | *
4 | * @file sstp-event.c
5 | *
6 | * @author Copyright (C) 2011 Eivind Naess,
7 | * All Rights Reserved
8 | *
9 | * @par License:
10 | * This program is free software; you can redistribute it and/or modify
11 | * it under the terms of the GNU General Public License as published by
12 | * the Free Software Foundation; either version 2 of the License, or
13 | * (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License along
21 | * with this program; if not, write to the Free Software Foundation, Inc.,
22 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 | */
24 | #ifndef __SSTP_EVENT_H__
25 | #define __SSTP_EVENT_H__
26 |
27 | /*< Forward declare event context */
28 | struct sstp_event;
29 | typedef struct sstp_event sstp_event_st;
30 |
31 |
32 | /*!
33 | * @brief A callback function for when waiting for ip-up from pppd
34 | */
35 | typedef void (*sstp_event_fn)(void *ctx, int status);
36 |
37 |
38 | /*!
39 | * @brief Create an event to listen for callback
40 | */
41 | status_t sstp_event_create(sstp_event_st **ctx, sstp_option_st *opts,
42 | event_base_st *base, sstp_event_fn event_cb, void *arg);
43 |
44 |
45 | /*!
46 | * @brief Get the socket name for the callback
47 | */
48 | const char *sstp_event_sockname(sstp_event_st *ctx);
49 |
50 |
51 | /*!
52 | * @brief Get the results from the event
53 | */
54 | status_t sstp_event_mppe_result(sstp_event_st *ctx, uint8_t **skey,
55 | size_t *slen, uint8_t **rkey, size_t *rlen);
56 |
57 | /*!
58 | * @brief Shutdown and remove the socket
59 | */
60 | void sstp_event_free(sstp_event_st *ctx);
61 |
62 |
63 | #endif
64 |
--------------------------------------------------------------------------------
/support/HACKING.TXT:
--------------------------------------------------------------------------------
1 | 0. The following files are included:
2 | a) The server CA for the SSTP-TEST domain
3 | SSTP-TEST-N3ZZ-DC1-CA.PEM (X509)
4 | b) The server certificate
5 | N3ZZ-DC1-SSTP-TEST-NET.PEM (X509)
6 | c) The server certificate private key
7 | N3ZZ-DC1-SSTP-TEST-NET.KEY (PEM)
8 |
9 | 1. Configure Windows 2008 R2 Server with
10 | a) A domain controller
11 | b) Certificate service
12 | b) RAS VPN + SSTP
13 |
14 | 2. Generate the server certificate based on the trusted CA for the A/D
15 | a) Use the Certificate snap-in with the 'mmc.exe',
16 | - All Tasks -> Create new certificate request
17 | - Select a template based on Client and Server Authentication.
18 | - Make sure you edit the template before creating the
19 | cert, allow export of private keys
20 | - CN must have the domain you anticipate to use for your server
21 | - Create the certificate
22 | b) Right click on certificate, click export
23 | c) Export as PKCS#12, save keys to a location on disk; e.g. c:\sstp-keys.pfx
24 |
25 | 3. Use openssl to convert the keys into a non-encrypted RSA file
26 | Example:
27 | openssl pkcs12 -in sstp--keys.pfx -out sstp-rsa.pem -nodes
28 |
29 | 4. Open Wireshark
30 | a) Edit Preferences (Edit->Preferences)
31 | b) Unfold the protocol list, locate SSL
32 | c) In the textbox for RSA keys List, enter: ,,https,/path/to/sstp-rsa.pem
33 | d) Optionally, you can allow SSL debug file to be redirected to a file of your choice.
34 |
35 | 5. There is not much to the HTTP headers for the SSTP protocol but the
36 | initial HTTP handshake.
37 |
38 | HTTP Request:
39 | SSTP_DUPLEX_POST /sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/ HTTP/1.1
40 | SSTPCORRELATIONID: {2834FD17-10EE-4658-A1E8-BBF3966C211C}
41 | Content-Length: 18446744073709551615
42 | Host: n3zz-dc1.sstp-test.net
43 |
44 | HTTP Response:
45 | HTTP/1.1 200
46 | Content-Length: 18446744073709551615
47 | Server: Microsoft-HTTPAPI/2.0
48 | Date: Sat, 19 Feb 2011 02:13:44 GMT
49 |
--------------------------------------------------------------------------------
/src/Makefile.am:
--------------------------------------------------------------------------------
1 | sbin_PROGRAMS = sstpc
2 | sstpc_CFLAGS = -I$(top_srcdir)/include -DSSTP_RUNTIME_DIR='"$(SSTP_RUNTIME_DIR)"'
3 | sstpc_LDADD = \
4 | libsstp-log/libsstp_log.la \
5 | libsstp-api/libsstp_api.la \
6 | libsstp-compat/libsstp_compat.la
7 |
8 | utest_task_SOURCES = sstp-task.c
9 | utest_task_CFLAGS = -I$(top_srcdir)/include -D__SSTP_UNIT_TEST_TASK=1
10 | utest_cmac_SOURCES = sstp-cmac.c
11 | utest_cmac_CFLAGS = -I$(top_srcdir)/include -D__SSTP_UNIT_TEST_CMAC=1
12 | utest_chap_SOURCES = sstp-chap.c
13 | utest_chap_CFLAGS = -I$(top_srcdir)/include -D__SSTP_UNIT_TEST_CHAP=1
14 | utest_fcs_SOURCES = sstp-fcs.c
15 | utest_fcs_CFLAGS = -I$(top_srcdir)/include -D__SSTP_UNIT_TEST_FCS=1
16 | utest_route_SOURCES = sstp-route.c
17 | utest_route_CFLAGS = -I$(top_srcdir)/include -D__SSTP_UNIT_TEST_ROUTE=1
18 |
19 | check_PROGRAMS = \
20 | utest_task \
21 | utest_cmac \
22 | utest_chap \
23 | utest_fcs \
24 | utest_route
25 |
26 | TESTS= $(check_PROGRAMS)
27 |
28 | sstpc_SOURCES = \
29 | sstp-client.c \
30 | sstp-option.c \
31 | sstp-stream.c \
32 | sstp-packet.c \
33 | sstp-pppd.c \
34 | sstp-util.c \
35 | sstp-cmac.c \
36 | sstp-buff.c \
37 | sstp-http.c \
38 | sstp-task.c \
39 | sstp-event.c \
40 | sstp-state.c \
41 | sstp-chap.c \
42 | sstp-route.c \
43 | sstp-fcs.c
44 |
45 | noinst_HEADERS = \
46 | sstp-buff.h \
47 | sstp-client.h \
48 | sstp-chap.h \
49 | sstp-cmac.h \
50 | sstp-event.h \
51 | sstp-fcs.h \
52 | sstp-http.h \
53 | sstp-option.h \
54 | sstp-packet.h \
55 | sstp-pppd.h \
56 | sstp-private.h \
57 | sstp-route.h \
58 | sstp-state.h \
59 | sstp-stream.h \
60 | sstp-task.h \
61 | sstp-util.h
62 |
--------------------------------------------------------------------------------
/debian/control:
--------------------------------------------------------------------------------
1 | Source: sstp-client
2 | Section: net
3 | Priority: optional
4 | Maintainer: Ubuntu Developers
5 | Uploaders: Eivind Naess
6 | Build-Depends:
7 | debhelper (>= 8),
8 | ppp-dev,
9 | libevent-dev,
10 | libssl-dev,
11 | hardening-includes,
12 | hardening-wrapper
13 | Standards-Version: 3.9.3
14 | Vcs-Svn: https://sstp-client.svn.sourceforge.net/svnroot/sstp-client
15 | Homepage: http://sstp-client.sourceforge.net
16 |
17 | Package: sstp-client
18 | Architecture: any
19 | Depends: ${shlibs:Depends}, ${misc:Depends}, libsstp-client0 (= ${binary:Version}), ppp (>= 2.4.5), adduser
20 | Recommends: network-manager-sstp | network-manager-sstp-gnome
21 | Description: Connect to a Microsoft Windows 2008 server using SSTP VPN
22 | A client implementation of Secure Socket Tunneling Protocol (SSTP) for
23 | Linux / Mac OS-X that allows remote access via SSTP VPN to Microsoft
24 | Windows 2008 Server. It does so by tunneling PPP data over SSL.
25 |
26 | Package: libsstp-client0
27 | Architecture: any
28 | Depends: ${shlibs:Depends}, ${misc:Depends}
29 | Section: libs
30 | Description: Connect to a Microsoft Windows 2008 server using SSTP VPN
31 | A client implementation of Secure Socket Tunneling Protocol (SSTP) for
32 | Linux / Mac OS-X that allows remote access via SSTP VPN to Microsoft
33 | Windows 2008 Server. It does so by tunneling PPP data over SSL.
34 | .
35 | This package provides the shared library libsstp-client0.
36 |
37 | Package: libsstp-client-dev
38 | Architecture: any
39 | Depends: ${misc:Depends}, libsstp-client0 (= ${binary:Version})
40 | Section: libdevel
41 | Description: Connect to a Microsoft Windows 2008 server using SSTP VPN
42 | A client implementation of Secure Socket Tunneling Protocol (SSTP) for
43 | Linux / Mac OS-X that allows remote access via SSTP VPN to Microsoft
44 | Windows 2008 Server. It does so by tunneling PPP data over SSL.
45 | .
46 | This package provides headers for the libsstp-client0 library and
47 | the library itself for static linking.
48 |
--------------------------------------------------------------------------------
/src/sstp-chap.h:
--------------------------------------------------------------------------------
1 | /*!
2 | * @brief Routines for handling CHAP authentication.
3 | *
4 | * @file sstp-chap.c
5 | *
6 | * @author Copyright (C) 2011 Eivind Naess,
7 | * All Rights Reserved
8 | *
9 | * @par License:
10 | * This program is free software; you can redistribute it and/or modify
11 | * it under the terms of the GNU General Public License as published by
12 | * the Free Software Foundation; either version 2 of the License, or
13 | * (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License along
21 | * with this program; if not, write to the Free Software Foundation, Inc.,
22 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 | */
24 |
25 | #ifndef __SSTP_CHAP_H__
26 | #define __SSTP_CHAP_H__
27 |
28 |
29 | #define SSTP_CHAP_SENDING 0x01
30 | #define SSTP_CHAP_SERVER 0x02
31 |
32 |
33 | /*!
34 | * @brief The data snooped from pppd
35 | */
36 | typedef struct sstp_chap
37 | {
38 | /* The challenge field */
39 | unsigned char challenge[16];
40 |
41 | /*! The response field */
42 | unsigned char response[8];
43 |
44 | /*! The NT Response field */
45 | unsigned char nt_response[24];
46 |
47 | /*! Any flags */
48 | unsigned char flags[1];
49 |
50 | } __attribute__((packed)) sstp_chap_st;
51 |
52 |
53 | /*!
54 | * @brief Takes the CHAP context and generate the MPPE key
55 | *
56 | * @param ctx The ms-chap hanshake context
57 | * @param password The user's password
58 | * @param skey The resulting MPEE send key
59 | * @param rkey The resulting MPPE receive key
60 | * @param server Are we acting as a server?
61 | *
62 | * @retval 0: success, -1: failure
63 | */
64 | int sstp_chap_mppe_get(sstp_chap_st *ctx, const char *password,
65 | uint8_t skey[16], uint8_t rkey[16], char server);
66 |
67 | #endif
68 |
--------------------------------------------------------------------------------
/support/N3ZZ-DC1-SSTP-TEST-NET.PEM:
--------------------------------------------------------------------------------
1 | -----BEGIN CERTIFICATE-----
2 | MIIFlDCCBHygAwIBAgIKEcWGdgAAAAAADjANBgkqhkiG9w0BAQUFADBQMRMwEQYK
3 | CZImiZPyLGQBGRYDTkVUMRkwFwYKCZImiZPyLGQBGRYJU1NUUC1URVNUMR4wHAYD
4 | VQQDExVTU1RQLVRFU1QtTjNaWi1EQzEtQ0EwHhcNMTEwMjE5MDEzOTQ1WhcNMTIw
5 | MjE5MDEzOTQ1WjAhMR8wHQYDVQQDExZOM1paLURDMS5TU1RQLVRFU1QuTkVUMIIB
6 | IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+rerg6C+dxL6DyL/pTgvdeYG
7 | pijNOipL46ER3mGpbhb61WxMmN7vDYeJ9QOUSkAYTEMv4lpnyO3ZwyuOdoidrd9a
8 | knfEM53whDiL8gOmkz/IlAk+/By3D2I7ee3XM3lrCRPsYTPTPSyxo4pWAYDzROvH
9 | 0XnLvgbaLKaJHa0C+dubjP/yKhxpznt4RvF7wy7ROe9N9eVAhoE3tn6CdwRAsbiZ
10 | BW35zihqevj9kScpm6tfuLn98lwW8AaGjZ0DjQBleCVU7SLSbVTX74na1WBQo76f
11 | i602opehcJuA5FwHtdWtpvxv3dqktlT5bobNABd/TgczSRtIsrJl0CiuyzBN4QID
12 | AQABo4ICnTCCApkwNwYJKwYBBAGCNxUHBCowKAYgKwYBBAGCNxUIgYuaFIH8lj+D
13 | tZ8xhtDFboHUy04eAR8CAWcCAQAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUF
14 | BwMBMA4GA1UdDwEB/wQEAwIFoDAnBgkrBgEEAYI3FQoEGjAYMAoGCCsGAQUFBwMC
15 | MAoGCCsGAQUFBwMBMB0GA1UdDgQWBBQHopHXQNlHakIJt8Zvn3BDmelwtzAhBgNV
16 | HREEGjAYghZOM1paLURDMS5TU1RQLVRFU1QuTkVUMB8GA1UdIwQYMBaAFI7Hrahj
17 | v5NCfLPEiWNUsQvcfzH0MIHWBgNVHR8Egc4wgcswgciggcWggcKGgb9sZGFwOi8v
18 | L0NOPVNTVFAtVEVTVC1OM1paLURDMS1DQSxDTj1OM1paLURDMSxDTj1DRFAsQ049
19 | UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJh
20 | dGlvbixEQz1TU1RQLVRFU1QsREM9TkVUP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxp
21 | c3Q/YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludDCByQYIKwYB
22 | BQUHAQEEgbwwgbkwgbYGCCsGAQUFBzAChoGpbGRhcDovLy9DTj1TU1RQLVRFU1Qt
23 | TjNaWi1EQzEtQ0EsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENO
24 | PVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9U1NUUC1URVNULERDPU5FVD9j
25 | QUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdGlvbkF1dGhv
26 | cml0eTANBgkqhkiG9w0BAQUFAAOCAQEANmOOjSL6TiMK0+f17g4aHdQ3Ml1g9jsv
27 | Er0o+10V+U2I3Q5f0E5KBAOgYUsDpWBelDpnYv2i0EDA67X7kx6TGleq8/tNtYCI
28 | S8Jp4wKdYL/f/ac3+ZycvxbiF+4T4bsrM0RnnMyy3jbTU0vz8gJAW947Z+uXIz9p
29 | UQ1Xd1FNEABgXjC6wn2SN6V5/qN5xAIbMyOrrewI6hRYR8VtLPvdzfwQL9MXz97B
30 | bavh/0qUVTtViy4Fy9bh6K5eEyKWwBQMGCAEiUThMvAjQ+zft2TNMVrTC/CVINH6
31 | lKJvZr7x++WdHKiziDmqQEc7MljkSrg9lPXeHybLnQsCHAz/wUQhTQ==
32 | -----END CERTIFICATE-----
33 |
--------------------------------------------------------------------------------
/USING:
--------------------------------------------------------------------------------
1 | Usage Notes
2 |
3 | The sstpc binary can be started in a various number of ways as listed below:
4 | * Pseudo-TTY child process
5 | * Use sstpc to start pppd
6 |
7 | You will need to setup provider file for your connection that provides the
8 | most common options and store this file in /etc/ppp/peers/:
9 |
10 | remotename # Used in ip up/down scripts
11 | linkname # Used in ip up/down scripts
12 | ipparam # Used in ip up/down scripts
13 | name # Specifies the DOMAIN and USER
14 | plugin sstp-pppd-plugin.so # REQUIRED (SSTP)
15 | sstp-sock /var/run/sstpc/sstp-uds-sock # REQUIRED (SSTP)
16 | usepeerdns # Use the peer dns addresses
17 | require-mppe # REQUIRED (MPPE)
18 | noauth # We don't need the server to auth itself
19 | require-mschap-v2 # MSCHAPv2 Authentication Support
20 | refuse-eap # Not yet supported
21 | refuse-chap # Don't accept CHAP-MD5
22 | refuse-mschap # Don't accept MSCHAP
23 | lock # Lock the port
24 | nsbsdcomp # Turn off compression protocols
25 | nodeflate # Turn off compression protocols
26 |
27 | You can use the above example to setup a SSTP connection using sstpc. You can
28 | either add the pty option to this file, or execute it by command line:
29 |
30 | pppd call \
31 | pty "/usr/sbin/sstpc [] server --nolaunchpppd"
32 |
33 | Or you can have sstpc launch it directly using the following command line:
34 | sstpc [] \
35 | call
36 |
37 | If your require not to compile/run with the PPP plugin support, there is an
38 | alternative to invoke the sstpc application specifying the username and the
39 | password on command line too.
40 |
41 | sstpc --user --password [] server \
42 | call
43 |
44 | Then remove the 'plugin' and 'sstp-sock' options in the provider file.
45 |
46 | Two examples have been included in the support directory:
47 | - peer-example-sstp-test-nopty
48 | - peer-example-sstp-test
49 |
50 | Additionally, there's sstp-test example files put into your documentation
51 | directory. Dependent on your installation, that should be in the following
52 | location: /usr/share/doc/sstp-client
53 |
54 |
55 | NOTE THAT PPTP MUST BE RUN AS ROOT for the first two venues of invoking the
56 | sstpc application. This is because of the plugin option. If you chose not
57 | to specify the user/password on command line, then you need to make sure
58 | your user have an appropriate entry in the /etc/ppp/chap-secrets file.
59 |
--------------------------------------------------------------------------------
/src/sstp-client.h:
--------------------------------------------------------------------------------
1 | /*!
2 | * @brief This is the sstp-client code
3 | *
4 | * @file sstp-client.c
5 | *
6 | * @author Copyright (C) 2011 Eivind Naess,
7 | * All Rights Reserved
8 | *
9 | * @par License:
10 | * This program is free software; you can redistribute it and/or modify
11 | * it under the terms of the GNU General Public License as published by
12 | * the Free Software Foundation; either version 2 of the License, or
13 | * (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License along
21 | * with this program; if not, write to the Free Software Foundation, Inc.,
22 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 | */
24 |
25 | #ifndef __SSTP_CLIENT_H__
26 | #define __SSTP_CLIENT_H__
27 |
28 | /*!
29 | * @brief Simple peer structure for our oposite end]
30 | *
31 | * @par TODO: Add multiple servers + ipv6 support, async lookup w/libevent
32 | */
33 | typedef struct sstp_peer
34 | {
35 | /*! The peer name */
36 | char name[128];
37 |
38 | /*! The address information of our peer */
39 | struct sockaddr addr;
40 |
41 | /*! The address length */
42 | int alen;
43 |
44 | /*! The peer's ssl session (for re-connect) */
45 | void *ssl_session;
46 |
47 | } sstp_peer_st;
48 |
49 |
50 | /*!
51 | * @brief Client context structure
52 | */
53 | typedef struct
54 | {
55 | /*! The active server url */
56 | sstp_url_st *url;
57 |
58 | /*! The server peer */
59 | sstp_peer_st host;
60 |
61 | /*! The extended options */
62 | sstp_option_st option;
63 |
64 | /*! The SSL I/O streams */
65 | sstp_stream_st *stream;
66 |
67 | /*! The pppd context */
68 | sstp_pppd_st *pppd;
69 |
70 | /*! The HTTP handshake context */
71 | sstp_http_st *http;
72 |
73 | /*! The SSTP layer state machine */
74 | sstp_state_st *state;
75 |
76 | /*! The ip-up notification helper */
77 | sstp_event_st *event;
78 |
79 | /*! The particular server route */
80 | sstp_route_st route;
81 |
82 | /*! The route context */
83 | sstp_route_ctx_st *route_ctx;
84 |
85 | /*! The SSL context */
86 | SSL_CTX *ssl_ctx;
87 |
88 | /*! The event base */
89 | event_base_st *ev_base;
90 |
91 | } sstp_client_st;
92 |
93 |
94 | #endif /* #ifndef __SSTP_CLIENT_H__ */
95 |
--------------------------------------------------------------------------------
/ChangeLog:
--------------------------------------------------------------------------------
1 | Sat Apr 28 20:00:00 2012 Eivind Naess
2 |
3 | * sstp-client 1.0.7 released
4 | - Fixed a problem where client failed to send connected message to server
5 | when specifying user/pass on command line
6 | - Various changes to support Mac OS-X / Darwin via Mac Ports project
7 |
8 | Sat Mar 12 20:00:00 2012 Eivind Naess
9 |
10 | * sstp-client 1.0.6 released
11 | - Fixed a critical bug where the pppd configuration file was deleted before
12 | authentication could proceed (use of --user and --password ).
13 |
14 | Sat Mar 03 20:00:00 2012 Eivind Naess
15 |
16 | * sstp-client 1.0.5 released
17 | - Fixed a critical bug in the pppd plugin, connection would fail after
18 | 60 seconds as the MPPE keys wasn't set correctly.
19 | - Updated the documentation and added a couple of pppd peers examples
20 |
21 | Wed Feb 07 16:00:00 2012 Eivind Naess
22 |
23 | * sstp-client 1.0.4 released
24 | - Added command line to save host route
25 | - Fixed various bugs, to mention
26 | Disconnect of SSL connection when handling multiple SSL_write()
27 |
28 | Sat Nov 12 16:00:00 2011 Eivind Naess
29 |
30 | * sstp-client 1.0.3 released
31 | - Added command line option to specify the uuid of the connection
32 | * Fixed various bugs
33 | - Cleanup of unix socket on termination
34 | - Correct parsing of the URL
35 | - Fix connected time error when using --nolaunchpppd option
36 | - Unit tests was added
37 | - Added hardening of ubuntu build scripts
38 |
39 | Sat Oct 22 08:00:00 2011 Eivind Naess
40 |
41 | * sstp-client 1.0.2 released
42 | - Added http proxy support, using basic authentication
43 | - Adding privilege separation by chroot, and sstpc user.
44 | - Covering up traces of passwords after specifying --password per command line.
45 | - Command line option to ignore cerfificate errors (e.g. does not match host).
46 | - Fixing various bugs
47 |
48 | Sat Sep 18 08:00:00 2011 Eivind Naess
49 |
50 | * sstp-client 1.0.1 released
51 | - Fixing various bug fixes found while porting to Fedora Core 15.
52 | - Adding signal handling, and pretty print of data on termination
53 | - Improved handling of pppd upon termination.
54 |
55 | Sun Oct 2 13:22:00 2011 Eivind Naess
56 |
57 | * sstp-client 1.0 released
58 | - Fixing various bugs found while porting to Fedora Core 15
59 | - Adding support for configure with libevent2 (--with-libevent=2)
60 | which is required for newer distributions.
61 | - Better handling of pppd, and signal handling
62 |
--------------------------------------------------------------------------------
/src/sstp-private.h:
--------------------------------------------------------------------------------
1 | /*!
2 | * @brief Provide a global include point for most files
3 | *
4 | * @file sstp-private.h
5 | *
6 | * @author Copyright (C) 2011 Eivind Naess,
7 | * All Rights Reserved
8 | *
9 | * @par License:
10 | * This program is free software; you can redistribute it and/or modify
11 | * it under the terms of the GNU General Public License as published by
12 | * the Free Software Foundation; either version 2 of the License, or
13 | * (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License along
21 | * with this program; if not, write to the Free Software Foundation, Inc.,
22 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 | */
24 |
25 | #ifndef __SSTP_PRIVATE_H__
26 | #define __SSTP_PRIVATE_H__
27 |
28 | /*< Defined in netdb.h */
29 | struct addrinfo;
30 | typedef struct addrinfo addrinfo_st;
31 | typedef struct timeval timeval_st;
32 |
33 | /*< The max path size */
34 | #define SSTP_PATH_MAX 255
35 |
36 | /*< The default buffer size */
37 | #define SSTP_DFLT_BUFSZ 255
38 |
39 | /*< The default port (HTTPS) */
40 | #define SSTP_DFLT_PORT 443
41 |
42 | /*< The default HTTP method */
43 | #define SSTP_DFLT_METHOD "SSTP_DUPLEX_POST"
44 |
45 | /*< The default URI to connect to */
46 | #define SSTP_DFLT_URI "sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/"
47 |
48 | /*< Temprorary path to store the uds socket */
49 | #define SSTP_TMP_PATH _PATH_TMP
50 |
51 | /*< The unix domain socket name */
52 | #define SSTP_SOCK_NAME "uds-sock"
53 |
54 | /*< The default location for CA certificates */
55 | #define SSTP_DFLT_PATH_CERT "/etc/sstp/certs"
56 |
57 | /*< Are we running in client mode */
58 | #define SSTP_MODE_CLIENT 0x01
59 |
60 | /*< Are we running in server mode */
61 | #define SSTP_MODE_SERVER 0x02
62 |
63 | #include
64 | #include
65 | #include
66 |
67 | #include "sstp-buff.h"
68 | #include "sstp-stream.h"
69 | #include "sstp-chap.h"
70 | #include "sstp-state.h"
71 | #include "sstp-util.h"
72 | #include "sstp-option.h"
73 | #include "sstp-event.h"
74 | #include "sstp-pppd.h"
75 | #include "sstp-cmac.h"
76 | #include "sstp-packet.h"
77 | #include "sstp-route.h"
78 | #include "sstp-task.h"
79 | #include "sstp-fcs.h"
80 | #include "sstp-http.h"
81 |
82 | #endif /* #ifndef __SSTP_PRIVATE_H__ */
83 |
--------------------------------------------------------------------------------
/src/sstp-cmac.h:
--------------------------------------------------------------------------------
1 | /*!
2 | * @brief API to obtain correct Crypto Binding (CMAC Field)
3 | *
4 | * @file sstp-cmac.h
5 | *
6 | * @author Copyright (C) 2011 Eivind Naess,
7 | * All Rights Reserved
8 | *
9 | * @par License:
10 | * This program is free software; you can redistribute it and/or modify
11 | * it under the terms of the GNU General Public License as published by
12 | * the Free Software Foundation; either version 2 of the License, or
13 | * (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License along
21 | * with this program; if not, write to the Free Software Foundation, Inc.,
22 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 | */
24 |
25 | #ifndef __SSTP_CMAC_H__
26 | #define __SSTP_CMAC_H__
27 |
28 |
29 | /*< Set SHA1 operation for the crypto binding */
30 | #define SSTP_CMAC_SHA1 SSTP_PROTO_HASH_SHA1
31 |
32 | /*< Set SHA256 operation for the crypto binding */
33 | #define SSTP_CMAC_SHA256 SSTP_PROTO_HASH_SHA256
34 |
35 | /*< Specify server mode, HLAK: MPPE(RECV) | MPPE(SEND) */
36 | #define SSTP_CMAC_SERVER 0x04
37 |
38 |
39 | /*!
40 | * @brief Structure to generate the crypto binding information
41 | */
42 | typedef struct
43 | {
44 | /*< The magic key to use: HLAK */
45 | uint8_t key[32];
46 |
47 | /*< The seed for our crypto binding */
48 | uint8_t seed[32];
49 |
50 | /*< The seed length */
51 | uint8_t slen;
52 |
53 | /* Particular mode we are generating the CMK */
54 | int flag;
55 |
56 | } cmac_ctx_st;
57 |
58 |
59 | /*!
60 | * @brief Initialize a request to generate the CMAC Attribute
61 | */
62 | void sstp_cmac_init(cmac_ctx_st *ctx, int flag);
63 |
64 |
65 | /*!
66 | * @brief Set the MPPE key for send operation
67 | */
68 | void sstp_cmac_send_key(cmac_ctx_st *ctx, uint8_t *key, int len);
69 |
70 |
71 | /*!
72 | * @brief Set the MPPE key for recv operation
73 | */
74 | void sstp_cmac_recv_key(cmac_ctx_st *ctx, uint8_t *key, int len);
75 |
76 |
77 | /*!
78 | * @brief Generate the CMAC Field
79 | * @param msg [IN] The entire 112 bytes of the CONNECTED w/CMAC zeroed out
80 | * @param mlen [IN] The length of the message
81 | * @param result [IN] The resulting Crypto Binding attribute for CMAC
82 | * @param length [IN] The length of the result buffer
83 | */
84 | void sstp_cmac_result(cmac_ctx_st *ctx, uint8_t *msg, int mlen, uint8_t *result, int length);
85 |
86 |
87 | #endif
88 |
--------------------------------------------------------------------------------
/src/sstp-http.h:
--------------------------------------------------------------------------------
1 | /*!
2 | * @brief This process the HTTP handshake for SSTP
3 | *
4 | * @file sstp-http.h
5 | *
6 | * @author Copyright (C) 2011 Eivind Naess,
7 | * All Rights Reserved
8 | *
9 | * @par License:
10 | * This program is free software; you can redistribute it and/or modify
11 | * it under the terms of the GNU General Public License as published by
12 | * the Free Software Foundation; either version 2 of the License, or
13 | * (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License along
21 | * with this program; if not, write to the Free Software Foundation, Inc.,
22 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 | */
24 | #ifndef __SSTP_HTTP_H__
25 | #define __SSTP_HTTP_H__
26 |
27 | /*! The default path to invoke the SSTP API */
28 | #define SSTP_HTTP_DFLT_PATH \
29 | "/sra_{BA195980-CD49-458b-9E23-C84EE0ADCD75}/"
30 |
31 | /*! The format of the HTTP PROXY connect */
32 | #define SSTP_HTTP_PROXY_CONNECT_FMT \
33 | "CONNECT %s:443 HTTP/1.1\r\n" \
34 | "SSTPVERSION: 1.0\r\n" \
35 | "Connection: keep-alive\r\n" \
36 | "User-Agent: %s\r\n"
37 |
38 | /*! The appended property with user/pass */
39 | #define SSTP_HTTP_PROXY_AUTH_FMT \
40 | "Proxy-Authorization: %s"
41 |
42 |
43 | /*< Forward declare the http context */
44 | struct sstp_http;
45 | typedef struct sstp_http sstp_http_st;
46 |
47 |
48 | /*!
49 | * @brief HTTP hanshake complete callback
50 | */
51 | typedef void (*sstp_http_done_fn)(void *ctx, int result);
52 |
53 |
54 | /*!
55 | * @brief Create a HTTP context
56 | */
57 | status_t sstp_http_create(sstp_http_st **http, const char *server,
58 | sstp_http_done_fn done_cb, void *uarg, int mode);
59 |
60 |
61 | /*!
62 | * @brief Perform a SSTP handshake
63 | */
64 | status_t sstp_http_handshake(sstp_http_st *http, sstp_stream_st *stream);
65 |
66 |
67 | /*!
68 | * @brief Perform the Proxy connect
69 | */
70 | status_t sstp_http_proxy(sstp_http_st *http, sstp_stream_st *stream);
71 |
72 |
73 | /*!
74 | * @brief Set the credentials
75 | */
76 | void sstp_http_setcreds(sstp_http_st *http, const char *user,
77 | const char *password);
78 |
79 |
80 | /*!
81 | * @brief Set the UUID of the connection
82 | */
83 | void sstp_http_setuuid(sstp_http_st *http, const char *uuid);
84 |
85 |
86 | /*!
87 | * @brief Free the HTTP context
88 | */
89 | void sstp_http_free(sstp_http_st *http);
90 |
91 |
92 | #endif /* #ifndef __SSTP_HTTP_H__ */
93 |
--------------------------------------------------------------------------------
/src/sstp-buff.h:
--------------------------------------------------------------------------------
1 | /*!
2 | * @brief Declarations for buffer handling routines
3 | *
4 | * @file sstp-buff.h
5 | *
6 | * @author Copyright (C) 2011 Eivind Naess,
7 | * All Rights Reserved
8 | *
9 | * @par License:
10 | * This program is free software; you can redistribute it and/or modify
11 | * it under the terms of the GNU General Public License as published by
12 | * the Free Software Foundation; either version 2 of the License, or
13 | * (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License along
21 | * with this program; if not, write to the Free Software Foundation, Inc.,
22 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 | */
24 |
25 | #ifndef __SSTP_BUFF_H__
26 | #define __SSTP_BUFF_H__
27 |
28 |
29 | /*!
30 | * @brief The buffer structure
31 | */
32 | typedef struct
33 | {
34 | /*< The current length of the buffer */
35 | int len;
36 |
37 | /*< The maximum size of the buffer */
38 | int max;
39 |
40 | /*< The current number of bytes read/written */
41 | int off;
42 |
43 | /*< The buffer (variable size) */
44 | char data[0];
45 |
46 | } sstp_buff_st;
47 |
48 |
49 | /*!
50 | * @brief Set the number of HTTP headers in the packet
51 | */
52 | typedef struct
53 | {
54 | /*< The typical header name */
55 | char name[32];
56 |
57 | /*< The typical header value */
58 | char value[128];
59 |
60 | } http_header_st;
61 |
62 |
63 | /*!
64 | * @brief Get the HTTP headers and HTTP status code
65 | */
66 | status_t sstp_http_get(sstp_buff_st *buf, int *code, int *count,
67 | http_header_st *array);
68 |
69 |
70 | /*!
71 | * @brief Get the HTTP header as specified
72 | */
73 | http_header_st *sstp_http_get_header(const char *name, int count,
74 | http_header_st *array);
75 |
76 |
77 | /*!
78 | * @brief Check if there is space available
79 | */
80 | status_t sstp_buff_space(sstp_buff_st *buf, int length);
81 |
82 |
83 | /*!
84 | * @brief Reset the length and offset
85 | */
86 | void sstp_buff_reset(sstp_buff_st *buf);
87 |
88 |
89 | /*!
90 | * @brief Print a formatted string to the buffer
91 | */
92 | status_t sstp_buff_print(sstp_buff_st *buf, const char *fmt, ...);
93 |
94 |
95 | /*!
96 | * @brief Get a pointer to the data section
97 | */
98 | void *sstp_buff_data(sstp_buff_st *buf, int index);
99 |
100 |
101 | /*!
102 | * @brief Create a buffer
103 | */
104 | status_t sstp_buff_create(sstp_buff_st **buf, int size);
105 |
106 |
107 | /*!
108 | * @brief Destroy the buffer
109 | */
110 | void sstp_buff_destroy(sstp_buff_st *buf);
111 |
112 |
113 | #endif /* #ifndef __SSTP_BUFF_H__ */
114 |
--------------------------------------------------------------------------------
/src/sstp-pppd.h:
--------------------------------------------------------------------------------
1 | /*!
2 | * @brief Managing the interface with pppd
3 | *
4 | * @file sstp-pppd.h
5 | *
6 | * @author Copyright (C) 2011 Eivind Naess,
7 | * All Rights Reserved
8 | *
9 | * @par License:
10 | * This program is free software; you can redistribute it and/or modify
11 | * it under the terms of the GNU General Public License as published by
12 | * the Free Software Foundation; either version 2 of the License, or
13 | * (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License along
21 | * with this program; if not, write to the Free Software Foundation, Inc.,
22 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 | */
24 | #ifndef __SSTP_PPPD_H__
25 | #define __SSTP_PPPD_H__
26 |
27 | /*! Auth using MS-CHAP-V2 */
28 | #define SSTP_PPP_AUTH_CHAP 0xc223
29 |
30 | /*! Auth using PAP */
31 | #define SSTP_PPP_AUTH_PAP 0xc023
32 |
33 | /*! Check when IPCP layer is up */
34 | #define SSTP_PPP_IPCP 0x8021
35 |
36 | struct sstp_pppd;
37 | typedef struct sstp_pppd sstp_pppd_st;
38 |
39 |
40 | /*!
41 | * @brief PPP state events
42 | */
43 | typedef enum
44 | {
45 | SSTP_PPP_DOWN = 1,
46 | SSTP_PPP_UP = 2,
47 | SSTP_PPP_AUTH = 3,
48 |
49 | } sstp_pppd_event_t;
50 |
51 |
52 | /*!
53 | * @brief PPP Session details
54 | */
55 | typedef struct
56 | {
57 | /*< The established session length */
58 | unsigned long established;
59 |
60 | /*< The number of bytes received from server */
61 | unsigned long long rx_bytes;
62 |
63 | /*< The number of bytes sent to server */
64 | unsigned long long tx_bytes;
65 |
66 | } sstp_session_st;
67 |
68 |
69 | /*!
70 | * @brief Client callback
71 | */
72 | typedef void (*sstp_pppd_fn)(void *ctx, sstp_pppd_event_t ev);
73 |
74 |
75 | /*!
76 | * @brief Log the pppd session
77 | */
78 | void sstp_pppd_session_details(sstp_pppd_st *ctx, sstp_session_st *sess);
79 |
80 |
81 | /*!
82 | * @brief Return the chap context
83 | */
84 | sstp_chap_st *sstp_pppd_getchap(sstp_pppd_st *ctx);
85 |
86 |
87 | /*!
88 | * @brief Start the PPP negotiations
89 | */
90 | status_t sstp_pppd_start(sstp_pppd_st *ctx, sstp_option_st *opts,
91 | const char *sockname);
92 |
93 | /*!
94 | * @brief Try to terminate the PPP process
95 | */
96 | status_t sstp_pppd_stop(sstp_pppd_st *ctx);
97 |
98 |
99 | /*!
100 | * @brief Forward data back to the pppd daemon from server
101 | */
102 | status_t sstp_pppd_send(sstp_pppd_st *ctx, const char *buf, int len);
103 |
104 |
105 | /*!
106 | * @brief Create the pppd context
107 | */
108 | status_t sstp_pppd_create(sstp_pppd_st **ctx, event_base_st *base,
109 | sstp_stream_st *stream, sstp_pppd_fn notify, void *arg);
110 |
111 |
112 | /*!
113 | * @brief Free the pppd context
114 | */
115 | void sstp_pppd_free(sstp_pppd_st *ctx);
116 |
117 |
118 | #endif /* #ifndef __SSTP_SSL_H__ */
119 |
--------------------------------------------------------------------------------
/README:
--------------------------------------------------------------------------------
1 | SSTP-CLIENT
2 | ------------------------------------------
3 |
4 | Background:
5 | SSTP is Microsofts Remote Access Solution (RAS) for PPP over SSL. It can be used
6 | instead of PPTP or L2TP, and is only available with Windows Vista/7 connecting to
7 | a Windows 2008 Server. For further information on SSTP check out wikipedia's
8 | article on Secure Socket Tunneling Protocol.
9 |
10 | http://en.wikipedia.org/wiki/Secure_Socket_Tunneling_Protocol
11 |
12 |
13 | What is SSTP-CLIENT:
14 | SSTP-CLIENT is an SSTP client for Linux. It can be used to establish a SSTP
15 | connection to a Windows 2008 Server. This software is similar commandline
16 | and configuration as the pptp-client software.
17 |
18 |
19 | Features:
20 | * Establish a SSTP connection to a remote Windows 2k8 server.
21 | * Async PPP support (most distributions provide this).
22 | * Similar command line handling as pptp-client for easy integration.
23 | * IPv6 support
24 | * Basic HTTP Proxy support
25 | * Certficate handling and verification
26 | * SSTP plugin integration with NetworkManager v0.9 (available as separate package)
27 |
28 |
29 | SSTP-CLIENT on Ubuntu:
30 | It's pretty simple to integrate sstp-client into the Ubuntu / Debian distribution
31 | distribution. An example script is provided in support/peer-sstp-example.txt
32 |
33 | - Specify your MSCHAP password in /etc/ppp/chap-secrets
34 | Example Entry:
35 | SSTP-TEST\\JonDoe sstp-test 'testme1234!' *
36 | - Create a connect script in /etc/ppp/peers/sstp-test, similar to the example
37 | provided in ./support. Swap out user-name as appropriate
38 | - Start the script as: pon sstp-test
39 |
40 |
41 | Future:
42 | In the future we want to provide a SSTP server functionality as well. Code have
43 | been refactored such that this goal can be accomplishable. Also check out the
44 | TODO file.
45 |
46 |
47 | Help Wanted:
48 | I need help with various features, please drop me an email if you have some
49 | bandwidth to work on any of this. The TODO file should provide you with a
50 | list of wanted features.
51 |
52 |
53 | Compiling:
54 | To compile this on your favorite distribution make sure you have the development
55 | tools and headers available. This project depends on the PPP package, libevent and
56 | OpenSSL.
57 |
58 | For example:
59 | sudo apt-get install ppp-dev
60 | sudo apt-get install libevent-dev
61 | sudo apt-get install libssl-dev
62 |
63 |
64 | Important Links:
65 | * How to setup SSTP on windows 2008 server, technotes from Microsoft
66 | http://technet.microsoft.com/en-us/library/cc731352%28WS.10%29.aspx
67 |
68 | * The SSTP specification:
69 | http://msdn.microsoft.com/en-us/library/cc247338%28v=prot.10%29.aspx
70 |
71 | * A reference to the pptp-client software, this has much in common with
72 | the SSTP protocol. http://pptpclient.sourceforge.net/
73 |
74 | * OpenSSL Examples:
75 | http://www.rtfm.com/openssl-examples/
76 |
77 | * MicroTik have a working server and client version in the router software (as of March 2010).
78 |
79 | * SSToPer is another SSTP client, but doesn't support Async HDLC frames
80 |
81 |
82 | Other related software required to get this working:
83 | * OpenSSL (http://www.openssl.org)
84 | * PPPD (http://ppp.samba.org)
85 | * Libevent (monkey.org/~provos/libevent)
86 |
87 |
--------------------------------------------------------------------------------
/src/sstp-task.h:
--------------------------------------------------------------------------------
1 | /*!
2 | * @brief API for handling sub-tasks
3 | *
4 | * @file sstp-task.c
5 | *
6 | * @author Copyright (C) 2011 Eivind Naess,
7 | * All Rights Reserved
8 | *
9 | * @par License:
10 | * This program is free software; you can redistribute it and/or modify
11 | * it under the terms of the GNU General Public License as published by
12 | * the Free Software Foundation; either version 2 of the License, or
13 | * (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License along
21 | * with this program; if not, write to the Free Software Foundation, Inc.,
22 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 | */
24 | #ifndef __SSTP_TASK_H__
25 | #define __SSTP_TASK_H__
26 |
27 |
28 | typedef enum
29 | {
30 | /*!
31 | * @brief Redirecting standard error and output to /dev/null.
32 | */
33 | SSTP_TASK_SILENT = 0,
34 |
35 | /*!
36 | * @brief If this flag is set, the parent's will be able to
37 | * communicate with the child using the task's standard
38 | * input/ouput descriptors.
39 | */
40 | SSTP_TASK_USEPIPE = 1,
41 |
42 | /*!
43 | * @brief If this flag is set, the parent's task->out is connected
44 | * to the pty, and the child's stdin is connected to the tty
45 | */
46 | SSTP_TASK_USEPTY = 2,
47 |
48 | } sstp_task_t;
49 |
50 |
51 |
52 | /*!
53 | * @brief These are declared in sstp-task.c
54 | */
55 | struct sstp_task;
56 | typedef struct sstp_task sstp_task_st;
57 |
58 |
59 | /*!
60 | * @brief Initialize a task structure
61 | */
62 | status_t sstp_task_new(sstp_task_st **task, sstp_task_t type);
63 |
64 |
65 | /*!
66 | * @brief Starts a task given the command line
67 | */
68 | status_t sstp_task_start(sstp_task_st *task, const char *argv[]);
69 |
70 |
71 | /*!
72 | * @brief Get standard output
73 | */
74 | int sstp_task_stdout(sstp_task_st *task);
75 |
76 |
77 | /*!
78 | * @brief Get the standard input
79 | */
80 | int sstp_task_stdin(sstp_task_st *task);
81 |
82 |
83 | /*!
84 | * @brief Checks if a task is still running
85 | */
86 | int sstp_task_alive(sstp_task_st *task);
87 |
88 |
89 | /*!
90 | * @brief Return a pinter to the pty dev
91 | */
92 | const char *sstp_task_ttydev(sstp_task_st* task);
93 |
94 |
95 | /*!
96 | * @brief Close all I/O descriptors
97 | */
98 | void sstp_task_close(sstp_task_st *task);
99 |
100 |
101 | /*!
102 | * @brief Stops a task sending it a signal (expect SIGCHLD)
103 | */
104 | status_t sstp_task_stop(sstp_task_st *task);
105 |
106 |
107 | /*!
108 | * @brief Wait for the task to finish
109 | */
110 | status_t sstp_task_wait(sstp_task_st *task, int *status, int flag);
111 |
112 |
113 | /*!
114 | * @brief Destroys the task structure, nothing in the structure will
115 | * be accessible.
116 | */
117 | void sstp_task_destroy(sstp_task_st *task);
118 |
119 |
120 | #endif
121 |
--------------------------------------------------------------------------------
/src/libsstp-api/sstp-api.c:
--------------------------------------------------------------------------------
1 | /*!
2 | * @brief Functions for libsstp-api
3 | *
4 | * @file sstp-api.c
5 | *
6 | * @author Copyright (C) 2011 Eivind Naess,
7 | * All Rights Reserved
8 | *
9 | * @par License:
10 | * This program is free software; you can redistribute it and/or modify
11 | * it under the terms of the GNU General Public License as published by
12 | * the Free Software Foundation; either version 2 of the License, or
13 | * (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License along
21 | * with this program; if not, write to the Free Software Foundation, Inc.,
22 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 | */
24 |
25 | #include
26 | #include
27 | #include
28 |
29 | #include
30 |
31 |
32 | SSTP_API
33 | sstp_api_msg_st *sstp_api_msg_new(unsigned char *buf, sstp_api_msg_t type)
34 | {
35 | sstp_api_msg_st *msg = (sstp_api_msg_st*) buf;
36 | msg->msg_magic = SSTP_API_MSG_MAGIC;
37 | msg->msg_type = type;
38 | msg->msg_len = 0;
39 | return msg;
40 | }
41 |
42 |
43 | SSTP_API
44 | int sstp_api_msg_len(sstp_api_msg_st *msg)
45 | {
46 | return (sizeof(*msg) + msg->msg_len);
47 | }
48 |
49 |
50 | SSTP_API
51 | int sstp_api_msg_type(sstp_api_msg_st *msg, sstp_api_msg_t *type)
52 | {
53 | int retval = (-1);
54 |
55 | /* Check the signature */
56 | if (msg->msg_magic != SSTP_API_MSG_MAGIC)
57 | {
58 | goto done;
59 | }
60 |
61 | /* Return the message type */
62 | *type = msg->msg_type;
63 |
64 | /* Success! */
65 | retval = 0;
66 |
67 | done:
68 |
69 | return (retval);
70 | }
71 |
72 |
73 | SSTP_API
74 | void sstp_api_attr_add(sstp_api_msg_st *msg, sstp_api_attr_t type,
75 | unsigned int len, void *data)
76 | {
77 | sstp_api_attr_st *attr = (sstp_api_attr_st*)
78 | &msg->msg_data[msg->msg_len];
79 |
80 | attr->attr_type = type;
81 | attr->attr_len = len;
82 | memcpy(&attr->attr_data[0], data, attr->attr_len);
83 | msg->msg_len += (sizeof(*attr) + ALIGN32(attr->attr_len));
84 | }
85 |
86 |
87 | SSTP_API
88 | int sstp_api_attr_parse(char *buf, int length, sstp_api_attr_st *list[],
89 | int count)
90 | {
91 | int index = 0;
92 |
93 | /* Reset the list of attribute pointers */
94 | memset(list, 0, sizeof(sstp_api_attr_st*) * count);
95 |
96 | /* Iterate over the memory */
97 | while (index < length)
98 | {
99 | /* Get the attribute */
100 | sstp_api_attr_st* attr = (sstp_api_attr_st*) &buf[index];
101 | if (attr->attr_type > SSTP_API_ATTR_MAX ||
102 | attr->attr_type <= SSTP_API_ATTR_UNKNOWN)
103 | {
104 | return -1;
105 | }
106 |
107 | /* Assign the attribute type and increment length */
108 | list[attr->attr_type] = attr;
109 | index += (sizeof(*attr) + ALIGN32(attr->attr_len));
110 | }
111 |
112 | return 0;
113 | }
114 |
115 |
116 |
--------------------------------------------------------------------------------
/src/libsstp-log/sstp-log-std.c:
--------------------------------------------------------------------------------
1 | /*!
2 | * @brief Implements output to stdout/err functions for sstp-client.
3 | *
4 | * @author Copyright (C) 2011 Eivind Naess,
5 | * All Rights Reserved
6 | *
7 | * @par License:
8 | * This program is free software; you can redistribute it and/or modify
9 | * it under the terms of the GNU General Public License as published by
10 | * the Free Software Foundation; either version 2 of the License, or
11 | * (at your option) any later version.
12 | *
13 | * This program is distributed in the hope that it will be useful,
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 | * GNU General Public License for more details.
17 | *
18 | * You should have received a copy of the GNU General Public License along
19 | * with this program; if not, write to the Free Software Foundation, Inc.,
20 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 | */
22 |
23 | #include
24 | #include
25 | #include
26 | #include
27 | #include
28 | #include
29 | #include
30 |
31 | #include
32 | #include
33 | #include "sstp-log-private.h"
34 |
35 |
36 | /*!
37 | * @brief Write a log message to the standard out/err file descriptor
38 | */
39 | static void sstp_logstd_write(log_ctx_st *ctx, log_msg_st *msg,
40 | log_attr_st *table[])
41 | {
42 | char buf[128];
43 | struct iovec vec[3];
44 | int ret = 0;
45 | int cnt = 0;
46 | int len = 0;
47 | log_attr_st *attr = NULL;
48 |
49 | /* Get the time stamp */
50 | attr = table[LOG_ATTR_TIME];
51 | if (!attr)
52 | {
53 | return;
54 | }
55 | len += sprintf(buf + len, "%s ", attr->attr_data);
56 |
57 | /* Get the name and pid */
58 | attr = table[LOG_ATTR_APPNAME];
59 | if (!attr)
60 | {
61 | return;
62 | }
63 | len += sprintf(buf + len, "%s[%d]: ", attr->attr_data, getpid());
64 |
65 | /* Get the line information */
66 | if (ctx->debug)
67 | {
68 | attr = table[LOG_ATTR_LINEINFO];
69 | if (!attr)
70 | {
71 | return;
72 | }
73 | len += sprintf(buf + len, "%s ", attr->attr_data);
74 | }
75 |
76 | /* Get the message */
77 | attr = table[LOG_ATTR_MESSAGE];
78 | if (!attr)
79 | {
80 | return;
81 | }
82 |
83 | /* Setup the iovec structure */
84 | vec[cnt ].iov_base = buf;
85 | vec[cnt++].iov_len = strlen(buf);
86 |
87 | /* Get the attribute length */
88 | vec[cnt ].iov_base = attr->attr_data;
89 | vec[cnt++].iov_len = attr->attr_len;
90 |
91 | /* Add the line terminator */
92 | vec[cnt ].iov_base = "\n";
93 | vec[cnt++].iov_len = 1;
94 |
95 | /* Write the message to the file descriptor */
96 | ret = writev(ctx->sock, vec, cnt);
97 | if (ret != 0)
98 | {
99 | return;
100 | }
101 | }
102 |
103 |
104 | status_t sstp_logstd_init(log_ctx_st *ctx)
105 | {
106 | /*
107 | * At this point the ctx->sock have been setup for us
108 | */
109 |
110 | /* Configure callback */
111 | ctx->write = sstp_logstd_write;
112 | ctx->close = NULL;
113 |
114 | return SSTP_OKAY;
115 | }
116 |
--------------------------------------------------------------------------------
/src/sstp-route.h:
--------------------------------------------------------------------------------
1 | /*!
2 | * @brief This is the sstp-client code
3 | *
4 | * @file sstp-route.h
5 | *
6 | * @author Copyright (C) 2011 Eivind Naess,
7 | * All Rights Reserved
8 | *
9 | * @par License:
10 | * This program is free software; you can redistribute it and/or modify
11 | * it under the terms of the GNU General Public License as published by
12 | * the Free Software Foundation; either version 2 of the License, or
13 | * (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License along
21 | * with this program; if not, write to the Free Software Foundation, Inc.,
22 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 | */
24 |
25 | #ifndef __SSTP_ROUTE_H__
26 | #define __SSTP_ROUTE_H__
27 |
28 | #include
29 |
30 | struct sstp_route_ctx;
31 | typedef struct sstp_route_ctx sstp_route_ctx_st;
32 |
33 |
34 | #if defined(HAVE_NETLINK) || defined(__APPLE__)
35 |
36 | /*!
37 | * @brief Holds either a ipv4 or an ipv6 address
38 | */
39 | typedef union
40 | {
41 | /* Access the IPv4 address */
42 | struct in_addr in4;
43 |
44 | /* Access the IPv6 address */
45 | struct in6_addr in6;
46 |
47 | } inet_addr_t;
48 |
49 | /*!
50 | * @brief Data structure to hold the route information
51 | */
52 | typedef struct
53 | {
54 | /* Specify which attributes are set in this structure */
55 | struct {
56 | int src : 1;
57 | int dst : 1;
58 | int gwy : 1;
59 | int oif : 1;
60 | } have;
61 |
62 | /* The family, AF_UNSPEC, AF_INET, AF_INET6 */
63 | int family;
64 |
65 | /* The byte length of the addresse in this structure */
66 | int rt_blen;
67 |
68 | /* A IPv4 or IPv6 source address */
69 | inet_addr_t src;
70 |
71 | /* A IPv4 or IPv6 dst address */
72 | inet_addr_t dst;
73 |
74 | /* A IPv4 or IPv6 gateway address */
75 | inet_addr_t gwy;
76 |
77 | /* The interface index */
78 | int oif;
79 |
80 | /* The interface name */
81 | char ifname[32];
82 |
83 | } sstp_route_st;
84 |
85 | #else /* #ifdef HAVE_NETLINK */
86 |
87 | typedef struct
88 | {
89 | char ipcmd[512];
90 |
91 | } sstp_route_st;
92 |
93 | #endif /* #ifdef HAVE_NETLINK */
94 |
95 |
96 | /*!
97 | * @brief Create or replace an existing route to a destination
98 | */
99 | int sstp_route_replace(sstp_route_ctx_st *ctx, sstp_route_st *route);
100 |
101 |
102 | /*!
103 | * @brief Delete a route from the route table
104 | */
105 | int sstp_route_delete(sstp_route_ctx_st *ctx, sstp_route_st *route);
106 |
107 |
108 | /*!
109 | * @brief Obtain a particular route to a destination
110 | */
111 | int sstp_route_get(sstp_route_ctx_st *ctx, struct sockaddr *dst,
112 | sstp_route_st *route);
113 |
114 |
115 | /*!
116 | * @brief Initialize the route module
117 | */
118 | int sstp_route_init(sstp_route_ctx_st **ctx);
119 |
120 |
121 | /*!
122 | * @brief Cleanup the route context
123 | */
124 | void sstp_route_done(sstp_route_ctx_st *ctx);
125 |
126 |
127 | #endif /* #ifndef __SSTP_ROUTE_H__ */
128 |
129 |
--------------------------------------------------------------------------------
/src/sstp-util.h:
--------------------------------------------------------------------------------
1 | /*!
2 | * @brief Utility Functions
3 | *
4 | * @file sstp-util.c
5 | *
6 | * @author Copyright (C) 2011 Eivind Naess,
7 | * All Rights Reserved
8 | *
9 | * @par License:
10 | * This program is free software; you can redistribute it and/or modify
11 | * it under the terms of the GNU General Public License as published by
12 | * the Free Software Foundation; either version 2 of the License, or
13 | * (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License along
21 | * with this program; if not, write to the Free Software Foundation, Inc.,
22 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 | */
24 | #ifndef __SSTP_UTIL_H__
25 | #define __SSTP_UTIL_H__
26 |
27 |
28 | /*!
29 | * @brief structure to hold URL components
30 | */
31 | typedef struct
32 | {
33 | /* The service string, or NULL if none */
34 | char *schema;
35 |
36 | /*< The host, either a domain or a ip address */
37 | char *host;
38 |
39 | /*< The username if specified */
40 | char *user;
41 |
42 | /*< The password if specified */
43 | char *password;
44 |
45 | /*< The port component */
46 | char *port;
47 |
48 | /*< The path component of the url */
49 | char *path;
50 |
51 | /* Pointer to the initial buffer */
52 | char *ptr;
53 |
54 | } sstp_url_st;
55 |
56 |
57 | /*!
58 | * @brief Set socket non-blocking
59 | */
60 | status_t sstp_set_nonbl(int sock, int state);
61 |
62 |
63 | /*!
64 | * @brief Generate a UUID string
65 | */
66 | char *sstp_get_guid(char *buf, int len);
67 |
68 |
69 | /*!
70 | * @brief Set socket send buffer size
71 | */
72 | status_t sstp_set_sndbuf(int sock, int size);
73 |
74 |
75 | /*!
76 | * @brief Split the URL up into components (non-rfc complient)
77 | */
78 | status_t sstp_url_parse(sstp_url_st **url, const char *path);
79 |
80 |
81 | /*!
82 | * @brief Normalize into Kb, Mb, Gb, or Tb
83 | */
84 | const char *sstp_norm_data(unsigned long long count, char *buf, int len);
85 |
86 |
87 | /*!
88 | * @brief Normilize into hour, min or sec.
89 | */
90 | const char *sstp_norm_time(unsigned long t, char *buf, int len);
91 |
92 |
93 | /*!
94 | * @brief Free the url structure
95 | */
96 | void sstp_url_free(sstp_url_st *url);
97 |
98 |
99 | /*!
100 | * @brief Convert sockaddr structure to a string
101 | */
102 | const char *sstp_ipaddr(struct sockaddr *addr, char *buf, int len);
103 |
104 |
105 | /*!
106 | * @brief Convert a username into the actual uid value
107 | */
108 | int sstp_get_uid(const char *name);
109 |
110 |
111 | /*!
112 | * @brief Convert a group name into the actua gid value
113 | */
114 | int sstp_get_gid(const char *name);
115 |
116 |
117 | /*!
118 | * @brief Create a new directory @a path and change it's permissions to user and group
119 | */
120 | int sstp_create_dir(const char *path, const char *user, const char *group, mode_t mode);
121 |
122 |
123 | /*!
124 | * @brief Enter a sandbox given the new root @a newroot directory, user and group id.
125 | */
126 | int sstp_sandbox(const char *newroot, const char *user, const char *group);
127 |
128 |
129 | #endif
130 |
--------------------------------------------------------------------------------
/debian/changelog:
--------------------------------------------------------------------------------
1 | sstp-client (1.0.9) quantal; urgency=high
2 |
3 | * Fixed a critical bug that caused received packets to become corrupt, inability to access
4 | internal web-sites and caused random segfaults. Thanks to Damijan A. for reporting and
5 | providing an environment to test in.
6 |
7 | -- Eivind Naess Sat, 12 Oct 2012 08:00:00 -0800
8 |
9 | sstp-client (1.0.8) oneiric; urgency=low
10 |
11 | * Unable to authenticate using --password, causing server to timeout
12 | the connection after 60 seconds.
13 | * Fixed a bug resulting in connection aborted on Ubuntu 12.04 with the
14 | message: "Connection was aborted, value of attribute is incorrect"
15 |
16 | -- Eivind Naess Sat, 12 Oct 2012 08:00:00 -0800
17 |
18 | sstp-client (1.0.7) oneiric; urgency=low
19 |
20 | * Fixed a problem where client failed to send connected message to server
21 | when specifying user/pass on command line
22 | * Various changes to support Mac OS-X / Darwin via Mac Ports project
23 |
24 | -- Eivind Naess Sat, 28 Apr 2012 20:00:00 -0800
25 |
26 | sstp-client (1.0.6) oneiric; urgency=low
27 |
28 | * Fixed a critical bug where the pppd configuration file was deleted before
29 | authentication could proceed (use of --user and --password ).
30 |
31 | -- Eivind Naess Sat, 12 Mar 2012 20:00:00 -0800
32 |
33 | sstp-client (1.0.5) oneiric; urgency=low
34 |
35 | * Fixed a critical bug in the pppd plugin, connection would fail after
36 | 60 seconds as the MPPE keys wasn't set correctly.
37 | * Updated the documentation and added a couple of pppd peers examples
38 |
39 | -- Eivind Naess Sat, 03 Mar 2012 20:00:00 -0800
40 |
41 | sstp-client (1.0.4) oneiric; urgency=low
42 |
43 | * Added command line to save host route
44 | * Fixed various bugs, to mention:
45 | - Disconnect of SSL connection when handling multiple SSL_write()
46 |
47 | -- Eivind Naess Wed, 07 Feb 2012 16:00:00 -0800
48 |
49 | sstp-client (1.0.3) oneiric; urgency=low
50 |
51 | * Added command line option to specify the uuid of the connection
52 | * Fixed various bugs, to mention:
53 | - Cleanup of unix socket on termination
54 | - Correct parsing of the URL
55 | - Fix connected time error when using --nolaunchpppd option
56 | - Unit tests was added
57 | - Added hardening of ubuntu build scripts
58 |
59 | -- Eivind Naess Sat, 12 Nov 2011 16:00:00 -0800
60 |
61 | sstp-client (1.0.2) oneiric; urgency=low
62 |
63 | * Added http proxy support, using basic authentication
64 | * Adding privilege separation by chroot, and sstpc user.
65 | * Covering up traces of passwords after specifying --password per command line.
66 | * Command line option to ignore cerfificate errors (e.g. does not match host).
67 | * Fixing various bugs
68 |
69 | -- Eivind Naess Sat, 22 Oct 2011 08:00:00 -0800
70 |
71 | sstp-client (1.0.1) oneiric; urgency=low
72 |
73 | * Fixing various bug fixes found while porting to Fedora Core 15.
74 | * Adding signal handling, and pretty print of data on termination
75 | * Improved handling of pppd upon termination.
76 |
77 | -- Eivind Naess Sat, 18 Sept 2011 08:00:00 -0800
78 |
79 | sstp-client (1.0) oneiric; urgency=low
80 |
81 | * Initial release
82 |
83 | -- Eivind Naess Sat, 18 Sept 2011 08:00:00 -0800
84 |
85 | Local variables:
86 | mode: debian-changelog
87 | End:
88 |
--------------------------------------------------------------------------------
/src/sstp-state.h:
--------------------------------------------------------------------------------
1 | /*!
2 | * @brief State machine for SSTP layer
3 | *
4 | * @file sstp-state.h
5 | *
6 | * @author Copyright (C) 2011 Eivind Naess,
7 | * All Rights Reserved
8 | *
9 | * @par License:
10 | * This program is free software; you can redistribute it and/or modify
11 | * it under the terms of the GNU General Public License as published by
12 | * the Free Software Foundation; either version 2 of the License, or
13 | * (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License along
21 | * with this program; if not, write to the Free Software Foundation, Inc.,
22 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 | */
24 | #ifndef __SSTP_STATE_H__
25 | #define __SSTP_STATE_H__
26 |
27 |
28 | #define SSTP_ST_CALL_CONNECT_REQ 0x0004
29 | #define SSTP_ST_CALL_CONNECT_ACK 0x0008
30 | #define SSTP_ST_CALL_CONNECTED 0x0010
31 | #define SSTP_ST_CALL_ABORT 0x0020
32 | #define SSTP_ST_DISCONNECT 0x0040
33 | #define SSTP_ST_DISCONNECT_ACK 0x0080
34 | #define SSTP_ST_ESTABLISHED 0x1000
35 |
36 | typedef enum
37 | {
38 | SSTP_CALL_ABORT = 1,
39 | SSTP_CALL_CONNECT = 2,
40 | SSTP_CALL_ESTABLISHED = 3,
41 | SSTP_CALL_DISCONNECT = 4,
42 |
43 | } sstp_state_t;
44 |
45 |
46 | struct sstp_state;
47 | typedef struct sstp_state sstp_state_st;
48 |
49 |
50 | /*!
51 | * @brief Signal to the upper layer any state transitions
52 | * @param state Can be any of the following states:
53 | * - SSTP_ST_ABORT Connection Failed
54 | * - SSTP_ST_CONNECT Start Higher Layer (PPP)
55 | * - SSTP_ST_ESTABLISH Tunnel Established
56 | * - SSTP_ST_DISCONNECT Connection disconnected
57 | */
58 | typedef void (*sstp_state_change_fn)(void *arg, sstp_state_t state);
59 |
60 |
61 | /*!
62 | * @brief Set the data forwarder function
63 | */
64 | typedef status_t (*sstp_state_forward_fn)(void *arg, uint8_t *data,
65 | int size);
66 |
67 | /*!
68 | * @brief Create the SSTP state machine
69 | */
70 | status_t sstp_state_create(sstp_state_st **state, sstp_stream_st *stream,
71 | sstp_state_change_fn state_cb, void *ctx, int mode);
72 |
73 |
74 | /*!
75 | * @brief Set the MPPE keys after PPP negotiation have finished
76 | * @param state The state context
77 | * @param skey The MPPE send key
78 | * @param slen The length of the MPPE send key
79 | * @param rkey The MPPE recv key
80 | * @param rlen The length of the MPPE recv key
81 | */
82 | status_t sstp_state_mppe_keys(sstp_state_st *state, unsigned char *skey,
83 | size_t slen, unsigned char* rkey, size_t rlen);
84 |
85 |
86 | /*!
87 | * @brief Set the forward function to the local peer
88 | */
89 | void sstp_state_set_forward(sstp_state_st *state, sstp_state_forward_fn
90 | forward, void *arg);
91 |
92 | /*!
93 | * @brief Will start the SSTP handshake
94 | */
95 | status_t sstp_state_start(sstp_state_st *state);
96 |
97 |
98 | /*!
99 | * @brief Continue the call connect
100 | */
101 | status_t sstp_state_accept(sstp_state_st *ctx);
102 |
103 |
104 | /*!
105 | * @brief Sets the CHAP context
106 | */
107 | void sstp_state_chap_challenge(sstp_state_st *ctx, sstp_chap_st *chap);
108 |
109 |
110 | /*!
111 | * @brief Return reason for why call was aborted
112 | */
113 | const char *sstp_state_reason(sstp_state_st *ctx);
114 |
115 |
116 | /*!
117 | * @brief Free the SSTP state machine
118 | */
119 | void sstp_state_free(sstp_state_st *state);
120 |
121 |
122 | #endif /* #ifdef __SSTP_STATE_H__ */
123 |
--------------------------------------------------------------------------------
/include/sstp-api.h:
--------------------------------------------------------------------------------
1 | /*!
2 | * @brief Declarations for libsstp-api
3 | *
4 | * @file sstp-api.h
5 | *
6 | * @author Copyright (C) 2011 Eivind Naess,
7 | * All Rights Reserved
8 | *
9 | * @par License:
10 | * This program is free software; you can redistribute it and/or modify
11 | * it under the terms of the GNU General Public License as published by
12 | * the Free Software Foundation; either version 2 of the License, or
13 | * (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License along
21 | * with this program; if not, write to the Free Software Foundation, Inc.,
22 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 | */
24 | #ifndef __SSTP_API_H__
25 | #define __SSTP_API_H__
26 |
27 |
28 | /*! Extern declarations for export of functions */
29 | #define SSTP_API extern
30 |
31 | /*! The message signature */
32 | #define SSTP_API_MSG_MAGIC 0x73737470
33 |
34 | /*! Align to every 4 byte boundary */
35 | #define ALIGN32(n) (((n) + 3) & ~3)
36 |
37 |
38 | /*! Message Type */
39 | typedef enum
40 | {
41 | SSTP_API_MSG_UNKNOWN = 0,
42 | SSTP_API_MSG_AUTH = 1,
43 | SSTP_API_MSG_ADDR = 2,
44 | SSTP_API_MSG_ACK = 3,
45 |
46 | /*
47 | * Add more event message types here
48 | */
49 | _SSTP_API_MSG_MAX,
50 |
51 | } sstp_api_msg_t;
52 |
53 | #define SSTP_API_MSG_MAX (_SSTP_API_MSG_MAX -1)
54 |
55 |
56 | /*! Attribute Types */
57 | typedef enum
58 | {
59 | SSTP_API_ATTR_UNKNOWN = 0,
60 | SSTP_API_ATTR_MPPE_SEND = 1,
61 | SSTP_API_ATTR_MPPE_RECV = 2,
62 | SSTP_API_ATTR_GATEWAY = 3,
63 | SSTP_API_ATTR_ADDR = 4,
64 |
65 | /*
66 | * Add more attribute type here
67 | */
68 | _SSTP_API_ATTR_MAX,
69 |
70 | } sstp_api_attr_t;
71 |
72 | #define SSTP_API_ATTR_MAX (_SSTP_API_ATTR_MAX-1)
73 |
74 |
75 | /*!
76 | * @brief The API message
77 | */
78 | typedef struct
79 | {
80 | /*< The signature of the message */
81 | uint32_t msg_magic;
82 |
83 | /*< The length of the entire payload */
84 | uint16_t msg_len;
85 |
86 | /*< The type of the message */
87 | uint16_t msg_type;
88 |
89 | /*< The payload */
90 | uint8_t msg_data[0];
91 |
92 | } sstp_api_msg_st;
93 |
94 |
95 | /*!
96 | * @brief The API attribute
97 | */
98 | typedef struct
99 | {
100 | /* The attribute type */
101 | uint16_t attr_type;
102 |
103 | /*< The attribute length */
104 | uint16_t attr_len;
105 |
106 | /*< The attribute payload */
107 | uint8_t attr_data[0];
108 |
109 | } sstp_api_attr_st;
110 |
111 |
112 | /*!
113 | * @brief Provide a buffer, and convert it into a message structure
114 | */
115 | SSTP_API
116 | sstp_api_msg_st *sstp_api_msg_new(unsigned char *buf, sstp_api_msg_t type);
117 |
118 |
119 | /*!
120 | * @brief Get the length of the message
121 | */
122 | SSTP_API
123 | int sstp_api_msg_len(sstp_api_msg_st *msg);
124 |
125 |
126 | /*!
127 | * @brief Get the type of the message
128 | */
129 | SSTP_API
130 | int sstp_api_msg_type(sstp_api_msg_st *msg, sstp_api_msg_t *type);
131 |
132 |
133 | /*!
134 | * @brief Append an attribute to the message
135 | */
136 | SSTP_API
137 | void sstp_api_attr_add(sstp_api_msg_st *msg, sstp_api_attr_t type,
138 | unsigned int len, void *data);
139 |
140 |
141 | /*!
142 | * @brief Parse the attributes out of a messagge
143 | */
144 | SSTP_API
145 | int sstp_api_attr_parse(char *payload, int length, sstp_api_attr_st *list[],
146 | int count);
147 |
148 |
149 | #endif /* #ifndef __SSTP_API_H__ */
150 |
--------------------------------------------------------------------------------
/include/sstp-log.h:
--------------------------------------------------------------------------------
1 | /*!
2 | * @brief The header glue for logging messges in sstp-client.
3 | *
4 | * @file sstp-log.h
5 | *
6 | * @author Copyright (C) 2011 Eivind Naess,
7 | * All Rights Reserved
8 | *
9 | * @par License:
10 | * This program is free software; you can redistribute it and/or modify
11 | * it under the terms of the GNU General Public License as published by
12 | * the Free Software Foundation; either version 2 of the License, or
13 | * (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License along
21 | * with this program; if not, write to the Free Software Foundation, Inc.,
22 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 | */
24 |
25 | #ifndef __SSTP_LOG_H__
26 | #define __SSTP_LOG_H__
27 |
28 | /*! Log to syslog */
29 | #define SSTP_OPT_SYSLOG 0x0001
30 |
31 | /*! Log to standard out */
32 | #define SSTP_OPT_STDERR 0x0002
33 |
34 | /*! Log to standard out */
35 | #define SSTP_OPT_STDOUT 0x0004
36 |
37 | /*! Log to log file */
38 | #define SSTP_OPT_LOGFILE 0x0008
39 |
40 | /*! Log using file + line number */
41 | #define SSTP_OPT_LINENO 0x0010
42 |
43 |
44 | /*!
45 | * @brief the enumeration fo the different log-levels
46 | */
47 | typedef enum
48 | {
49 | SSTP_LOG_ERR = 0,
50 | SSTP_LOG_WARN = 1,
51 | SSTP_LOG_INFO = 2,
52 | SSTP_LOG_DEBUG = 3,
53 | SSTP_LOG_TRACE = 4,
54 | SSTP_LOG_DUMP = 5,
55 |
56 | } sstp_level_t;
57 |
58 |
59 | /*! Expand to appropriate function */
60 | #define logmsg(level,fmt,args...) \
61 | sstp_log_msg(level, __FILE__, __LINE__, fmt, ##args)
62 |
63 |
64 | /*! Write a error log */
65 | #define log_err(fmt, args...) \
66 | if (SSTP_LOG_ERR <= sstp_log_level()) \
67 | { \
68 | logmsg(SSTP_LOG_ERR, fmt, ##args); \
69 | }
70 |
71 |
72 | /*! Write a warning log */
73 | #define log_warn(fmt, args...) \
74 | if (SSTP_LOG_WARN <= sstp_log_level()) \
75 | { \
76 | logmsg(SSTP_LOG_WARN, fmt, ##args); \
77 | }
78 |
79 |
80 | /*! Write a info log */
81 | #define log_info(fmt, args...) \
82 | if (SSTP_LOG_INFO <= sstp_log_level()) \
83 | { \
84 | logmsg(SSTP_LOG_INFO, fmt, ##args); \
85 | }
86 |
87 |
88 | /*! Write a debug log */
89 | #define log_debug(fmt, args...) \
90 | if (SSTP_LOG_DEBUG <= sstp_log_level()) \
91 | { \
92 | logmsg(SSTP_LOG_DEBUG, fmt, ##args);\
93 | }
94 |
95 |
96 | /*! Write trace logs */
97 | #define log_trace(fmt, args...) \
98 | if (SSTP_LOG_TRACE <= sstp_log_level()) \
99 | { \
100 | logmsg(SSTP_LOG_TRACE, fmt, ##args);\
101 | }
102 |
103 | /*! Log all levels up to x */
104 | #define sstp_log_upto(x) \
105 | ((1 << ((x) + 1)) - 1)
106 |
107 | /*!
108 | * @brief Get the current log-level
109 | */
110 | sstp_level_t sstp_log_level();
111 |
112 |
113 | /*!
114 | * @brief Log a message
115 | */
116 | void sstp_log_msg(int level, const char *file, int line,
117 | const char *fmt, ...);
118 |
119 | /*!
120 | * @brief Print usage for logging options
121 | */
122 | void sstp_log_usage(void);
123 |
124 |
125 | /*!
126 | * @brief Initialize the log module
127 | */
128 | status_t sstp_log_init(const char *name, int mask, int opts);
129 |
130 |
131 | /*!
132 | * @brief This initializes the log-library given the command line
133 | */
134 | status_t sstp_log_init_argv(int *argc, char *argv[]);
135 |
136 |
137 | /*!
138 | * @brief Cleanup any resources
139 | */
140 | status_t sstp_log_fini(void);
141 |
142 |
143 |
144 | #endif /* #ifndef __SSTP_LOG_H__ */
145 |
--------------------------------------------------------------------------------
/m4/ax_check_library.m4:
--------------------------------------------------------------------------------
1 | # ===========================================================================
2 | # http://www.gnu.org/software/autoconf-archive/ax_check_library.html
3 | # ===========================================================================
4 | #
5 | # SYNOPSIS
6 | #
7 | # AX_CHECK_LIBRARY(VARIABLE-PREFIX, HEADER-FILE, LIBRARY-FILE,
8 | # [ACTION-IF-FOUND], [ACTION-IF-NOT_FOUND])
9 | #
10 | # DESCRIPTION
11 | #
12 | # Provides a generic test for a given library, similar in concept to the
13 | # PKG_CHECK_MODULES macro used by pkg-config.
14 | #
15 | # Most simplest libraries can be checked against simply through the
16 | # presence of a header file and a library to link to. This macro allows to
17 | # wrap around the test s that it doesn't have to be recreated each time.
18 | #
19 | # Rather than define --with-$LIBRARY arguments, it uses variables in the
20 | # same way that PKG_CHECK_MODULES does. It doesn't, though, use the same
21 | # names, since you shouldn't provide a value for LIBS or CFLAGS but rather
22 | # for LDFLAGS and CPPFLAGS, to tell the linker and compiler where to find
23 | # libraries and headers respectively.
24 | #
25 | # If the library is find, HAVE_PREFIX is defined, and in all cases
26 | # PREFIX_LDFLAGS and PREFIX_CPPFLAGS are substituted.
27 | #
28 | # Example:
29 | #
30 | # AX_CHECK_LIBRARY([LIBEVENT], [event.h], [event], [],
31 | # [AC_MSG_ERROR([Unable to find libevent])])
32 | #
33 | # LICENSE
34 | #
35 | # Copyright (c) 2010 Diego Elio Petteno`
36 | #
37 | # This program is free software: you can redistribute it and/or modify it
38 | # under the terms of the GNU General Public License as published by the
39 | # Free Software Foundation, either version 3 of the License, or (at your
40 | # option) any later version.
41 | #
42 | # This program is distributed in the hope that it will be useful, but
43 | # WITHOUT ANY WARRANTY; without even the implied warranty of
44 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
45 | # Public License for more details.
46 | #
47 | # You should have received a copy of the GNU General Public License along
48 | # with this program. If not, see .
49 | #
50 | # As a special exception, the respective Autoconf Macro's copyright owner
51 | # gives unlimited permission to copy, distribute and modify the configure
52 | # scripts that are the output of Autoconf when processing the Macro. You
53 | # need not follow the terms of the GNU General Public License when using
54 | # or distributing such scripts, even though portions of the text of the
55 | # Macro appear in them. The GNU General Public License (GPL) does govern
56 | # all other use of the material that constitutes the Autoconf Macro.
57 | #
58 | # This special exception to the GPL applies to versions of the Autoconf
59 | # Macro released by the Autoconf Archive. When you make and distribute a
60 | # modified version of the Autoconf Macro, you may extend this special
61 | # exception to the GPL to apply to your modified version as well.
62 |
63 | #serial 2
64 |
65 | AC_DEFUN([AX_CHECK_LIBRARY], [
66 | AC_ARG_VAR($1[_CPPFLAGS], [C preprocessor flags for ]$1[ headers])
67 | AC_ARG_VAR($1[_LDFLAGS], [linker flags for ]$1[ libraries])
68 |
69 | AC_CACHE_VAL(AS_TR_SH([ax_cv_have_]$1),
70 | [save_CPPFLAGS="$CPPFLAGS"
71 | save_LDFLAGS="$LDFLAGS"
72 | save_LIBS="$LIBS"
73 |
74 | AS_IF([test "x$]$1[_CPPFLAGS" != "x"],
75 | [CPPFLAGS="$CPPFLAGS $]$1[_CPPFLAGS"])
76 |
77 | AS_IF([test "x$]$1[_LDFLAGS" != "x"],
78 | [LDFLAGS="$LDFLAGS $]$1[_LDFLAGS"])
79 |
80 | AC_CHECK_HEADER($2, [
81 | AC_CHECK_LIB($3, [main],
82 | [AS_TR_SH([ax_cv_have_]$1)=yes],
83 | [AS_TR_SH([ax_cv_have_]$1)=no])
84 | ], [AS_TR_SH([ax_cv_have_]$1)=no])
85 |
86 | CPPFLAGS="$save_CPPFLAGS"
87 | LDFLAGS="$save_LDFLAGS"
88 | LIBS="$save_LIBS"
89 | ])
90 |
91 | AS_IF([test "$]AS_TR_SH([ax_cv_have_]$1)[" = "yes"],
92 | AC_DEFINE([HAVE_]$1, [1], [Define to 1 if ]$1[ is found])
93 | m4_ifnblank([$4], [$4]),
94 | m4_ifnblank([$5], [$5]))
95 | ])
96 |
--------------------------------------------------------------------------------
/src/sstp-option.h:
--------------------------------------------------------------------------------
1 | /*!
2 | * @brief Declarations for sstp-options.c
3 | *
4 | * @file sstp-options.h
5 | *
6 | * @author Copyright (C) 2011 Eivind Naess,
7 | * All Rights Reserved
8 | *
9 | * @par License:
10 | * This program is free software; you can redistribute it and/or modify
11 | * it under the terms of the GNU General Public License as published by
12 | * the Free Software Foundation; either version 2 of the License, or
13 | * (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License along
21 | * with this program; if not, write to the Free Software Foundation, Inc.,
22 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 | */
24 |
25 | #ifndef __SSTP_OPTION_H__
26 | #define __SSTP_OPTION_H__
27 |
28 |
29 | /*< Don't launch the pppd daemon */
30 | #define SSTP_OPT_NOLAUNCH 0x0001
31 | #define SSTP_OPT_NODAEMON 0x0002
32 | #define SSTP_OPT_DEBUG 0x0004
33 | #define SSTP_OPT_NOPLUGIN 0x0008
34 | #define SSTP_OPT_CERTWARN 0x0010
35 | #define SSTP_OPT_SAVEROUTE 0x0020
36 |
37 |
38 | /*!
39 | * @brief Structure to keep all the options enabled
40 | */
41 | typedef struct
42 | {
43 | /*< The range of options enabled */
44 | int enable;
45 |
46 | /*! the CA certificate in PEM format */
47 | char *ca_cert;
48 |
49 | /*! The CA certificate path */
50 | char *ca_path;
51 |
52 | /*! The original server string */
53 | char *server;
54 |
55 | /*! Unique connection parameter */
56 | char *ipparam;
57 |
58 | /*! Password */
59 | char *password;
60 |
61 | /*! The proxy URL */
62 | char *proxy;
63 |
64 | /*! The privilege separation user */
65 | char *priv_user;
66 |
67 | /*! The privilege separation group */
68 | char *priv_group;
69 |
70 | /*! The privilege separation directory */
71 | char *priv_dir;
72 |
73 | /*! Username */
74 | char *user;
75 |
76 | /*! Use a persistent UUID */
77 | char *uuid;
78 |
79 | /*! The number of arguments to pppd */
80 | int pppdargc;
81 |
82 | /*! The arguments vector to pppd */
83 | char **pppdargv;
84 |
85 | } sstp_option_st;
86 |
87 |
88 | /*!
89 | * @brief Program ran into an initiation failure, will exit w/error code
90 | * @param prog [IN] The application name
91 | * @param code [IN] The exit/error code
92 | * @param message [IN] The message containing formatting attributes
93 | * @param ... [IN] The variable list of arguments
94 | *
95 | * @par Note:
96 | * Function never returns
97 | */
98 | void sstp_usage_die(const char *prog, int code, const char *message, ...)
99 | __attribute__((noreturn));
100 |
101 |
102 | /*!
103 | * @brief Terminate program as it ran into an irrecoverable error
104 | * @param message [IN] The message containing formatting attributes
105 | * @param code [IN] The error/exit code
106 | * @param ... [IN] The variable list of arguments
107 | *
108 | * @par Note:
109 | * Function never returns.
110 | */
111 | void sstp_die(const char *message, int code, ...)
112 | __attribute__((noreturn));
113 |
114 |
115 | /*!
116 | * @brief Parse the argument input vector and store options in @a opts
117 | * @param argc [IN] The number of arguments
118 | * @param argv [IN] The vector of arguments
119 | *
120 | * @return 0 on success (always), or die...
121 | */
122 | int sstp_parse_argv(sstp_option_st *ctx, int argc, char **argv);
123 |
124 |
125 | /*!
126 | * @brief Cleanup the option structure
127 | * @param opts [IN] The option structure
128 | *
129 | * @par Note:
130 | * Mostly to report false-positives with valgrind.
131 | *
132 | * @return (none)
133 | */
134 | void sstp_option_free(sstp_option_st *opts);
135 |
136 |
137 | #endif /* #ifndef __SSTP_OPTION_H__ */
138 |
--------------------------------------------------------------------------------
/src/libsstp-log/sstp-log-file.c:
--------------------------------------------------------------------------------
1 | /*!
2 | * @brief Implements output to file functions for sstp-client.
3 | *
4 | * @file sstp-log-file.c
5 | *
6 | * @author Copyright (C) 2011 Eivind Naess,
7 | * All Rights Reserved
8 | *
9 | * @par License:
10 | * This program is free software; you can redistribute it and/or modify
11 | * it under the terms of the GNU General Public License as published by
12 | * the Free Software Foundation; either version 2 of the License, or
13 | * (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License along
21 | * with this program; if not, write to the Free Software Foundation, Inc.,
22 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 | */
24 |
25 | #include
26 | #include
27 | #include
28 | #include
29 | #include
30 | #include
31 | #include
32 | #include
33 | #include
34 | #include
35 |
36 | #include
37 | #include
38 | #include "sstp-log-private.h"
39 |
40 |
41 | static void sstp_logfile_write(log_ctx_st *ctx, log_msg_st *msg,
42 | log_attr_st *table[])
43 | {
44 | char buf[128];
45 | struct iovec vec[3];
46 | int ret = 0;
47 | int cnt = 0;
48 | int len = 0;
49 | log_attr_st *attr = NULL;
50 |
51 | /* Re-open file if necessary */
52 | if (ctx->sock < 0)
53 | {
54 | ret = sstp_logfile_init(ctx);
55 | if (SSTP_OKAY != ret)
56 | {
57 | return;
58 | }
59 | }
60 |
61 | /* Get the time stamp */
62 | attr = table[LOG_ATTR_TIME];
63 | if (!attr)
64 | {
65 | return;
66 | }
67 | len += sprintf(buf + len, "%s ", attr->attr_data);
68 |
69 | /* Get the name and pid */
70 | attr = table[LOG_ATTR_APPNAME];
71 | if (!attr)
72 | {
73 | return;
74 | }
75 | len += sprintf(buf + len, "%s[%d]: ", attr->attr_data, getpid());
76 |
77 | /* Get the line information */
78 | if (ctx->debug)
79 | {
80 | attr = table[LOG_ATTR_LINEINFO];
81 | if (!attr)
82 | {
83 | return;
84 | }
85 | len += sprintf(buf + len, "%s ", attr->attr_data);
86 | }
87 |
88 | /* Get the message */
89 | attr = table[LOG_ATTR_MESSAGE];
90 | if (!attr)
91 | {
92 | return;
93 | }
94 |
95 | /* Setup the iovec structure */
96 | vec[cnt ].iov_base = buf;
97 | vec[cnt++].iov_len = strlen(buf);
98 |
99 | /* Get the attribute length */
100 | vec[cnt ].iov_base = attr->attr_data;
101 | vec[cnt++].iov_len = attr->attr_len;
102 |
103 | /* Add a line terminator */
104 | vec[cnt ].iov_base = "\n";
105 | vec[cnt++].iov_len = 1;
106 |
107 | /* Write the message to the file descriptor */
108 | ret = writev(ctx->sock, vec, cnt);
109 | if (ret != 0)
110 | {
111 | return;
112 | }
113 |
114 | /* Sync data to disk */
115 | fsync(ctx->sock);
116 | }
117 |
118 |
119 | static void sstp_logfile_close(log_ctx_st *ctx)
120 | {
121 | if (ctx->sock >= 0)
122 | {
123 | close(ctx->sock);
124 | ctx->sock = -1;
125 | }
126 | }
127 |
128 |
129 | status_t sstp_logfile_init(log_ctx_st *ctx)
130 | {
131 | int retval = SSTP_FAIL;
132 | int flags = O_TRUNC | O_WRONLY | O_CREAT ;
133 | mode_t mode = S_IRUSR | \
134 | S_IWUSR | \
135 | S_IRGRP | \
136 | S_IROTH;
137 |
138 | /* Open file for writing */
139 | ctx->sock = open(ctx->file, flags, mode);
140 | if (ctx->sock <= 0)
141 | {
142 | goto done;
143 | }
144 |
145 | /* Setup callback */
146 | ctx->write = sstp_logfile_write;
147 | ctx->close = sstp_logfile_close;
148 |
149 | /* Success */
150 | retval = SSTP_OKAY;
151 |
152 | done:
153 |
154 | return retval;
155 | }
156 |
157 |
--------------------------------------------------------------------------------
/support/N3ZZ-DC1-SSTP-TEST-NET.KEY:
--------------------------------------------------------------------------------
1 | Bag Attributes
2 | Microsoft Local Key set:
3 | localKeyID: 01 00 00 00
4 | Microsoft CSP Name: Microsoft RSA SChannel Cryptographic Provider
5 | friendlyName: le-RASAndIASServer-e0274dbb-e76b-4732-a6a4-4cd9599e7cf2
6 | Key Attributes
7 | X509v3 Key Usage: 10
8 | -----BEGIN RSA PRIVATE KEY-----
9 | MIIEpAIBAAKCAQEA+rerg6C+dxL6DyL/pTgvdeYGpijNOipL46ER3mGpbhb61WxM
10 | mN7vDYeJ9QOUSkAYTEMv4lpnyO3ZwyuOdoidrd9aknfEM53whDiL8gOmkz/IlAk+
11 | /By3D2I7ee3XM3lrCRPsYTPTPSyxo4pWAYDzROvH0XnLvgbaLKaJHa0C+dubjP/y
12 | Khxpznt4RvF7wy7ROe9N9eVAhoE3tn6CdwRAsbiZBW35zihqevj9kScpm6tfuLn9
13 | 8lwW8AaGjZ0DjQBleCVU7SLSbVTX74na1WBQo76fi602opehcJuA5FwHtdWtpvxv
14 | 3dqktlT5bobNABd/TgczSRtIsrJl0CiuyzBN4QIDAQABAoIBAQD2RapFHoVYw5w7
15 | eB5ztW/xOGU5nASTaO6ohxPdRENAb3QuZjYLR5i7ynJ56O0lzjXP24NSrYkatoBc
16 | FRHYXzO7khUOoHRqW27hAgZ9UJa0N0gYGcjzrmUmyFAx4a2s00yPWzGq/VQ22AsZ
17 | 4I3A5mCPR6c8nY3DeEmg6GjxbHvq3pn+Wt8RFueIqziJdfBYukcGqB8ysZt0w/bO
18 | KJLeuV1WzOMPF8dIM0IIMCI7JLQhq5fhmFrzbMdo5YscQpaN2weGIJgux4ZZ8CNk
19 | Ko0neTUEmLT1483yUFnPKYMcEIDAfZFLe/JX/1N2ppiFe5lGw8rOaoMpWfTxIvLq
20 | Qhm3AKVBAoGBAP+TOBtXFu93V1YdS09h3I0Lhj6BKiuWdpdYvbE5ZPJr65OGlnLA
21 | E6a0xKZWSyWYHzLcwLpScLDat4jhxD0egmHhjh82KwjB1pLnSBLMB6ygfmJc8yyd
22 | KqpzWN+SDUs7EADVwnuLjB688obHJn8JCc5upef9laBRskLsKL1OwLtZAoGBAPsi
23 | Yh0PmDcyDjBvs2SGRz91DUhgDX+PNxVqeBt17GfeuVNPxTafU/EPIeo/VFp9Wt2u
24 | tLtFwskPgr5e92mP3s4sL4cxGv4zQ4VEQ/y4P3xw/CzygCOZTlPsNwFUI20/c1KM
25 | zGGPyKluNTNG34cvMDPRBd0Qv/+rym5GrXJg4T3JAoGBAKgnxRK4Cm8kpmIShCqG
26 | yQZEPt+BPK3RIdYSnTyt9q1KNIWsV/DIUCWvanPG80qY/G4KsQPmmh7CyV9WrDdK
27 | i567OTdv/ICWiQe/BLzZYXNDZeRyI82G2zurCR6Qig6lnbHu8zc2acsPpsLm5X1Q
28 | BRO92Yr6XihNmGxP1b44wraBAoGABPlPXCf86cryAP+VW/5U1uroknBklAwwGRp8
29 | un6BaiU9ImtICqbpMLMOBueuMgSdkhptte/Rxc2q1z5mRA73aLnzTwgn8rTtN2x8
30 | tDqp9zr9o55B73KP3JWnGT2jXfyNuirTuXLxlHl8UEGtF65VlBElvpUgWF38qmZ3
31 | 9PX6QBECgYBS9Dy/r15rhTTFuNSFXy3bDKMAEZvbmpk/gpaz0plCsZpP6QvdC8KT
32 | CZDeApeisjVnnvdojTGxTwWR+qocgwH7f7QMR6W3NbVw50BPdE+ptp6BlZA8JUJ2
33 | 4Ho5OAVQcVwK4fH657beyey3NxIeHpcgirC3NzSGT5FVFM3N3kpFSg==
34 | -----END RSA PRIVATE KEY-----
35 | Bag Attributes
36 | localKeyID: 01 00 00 00
37 | friendlyName: N3ZZ-DC1.SSTP-TEST.NET
38 | subject=/CN=N3ZZ-DC1.SSTP-TEST.NET
39 | issuer=/DC=NET/DC=SSTP-TEST/CN=SSTP-TEST-N3ZZ-DC1-CA
40 | -----BEGIN CERTIFICATE-----
41 | MIIFlDCCBHygAwIBAgIKEcWGdgAAAAAADjANBgkqhkiG9w0BAQUFADBQMRMwEQYK
42 | CZImiZPyLGQBGRYDTkVUMRkwFwYKCZImiZPyLGQBGRYJU1NUUC1URVNUMR4wHAYD
43 | VQQDExVTU1RQLVRFU1QtTjNaWi1EQzEtQ0EwHhcNMTEwMjE5MDEzOTQ1WhcNMTIw
44 | MjE5MDEzOTQ1WjAhMR8wHQYDVQQDExZOM1paLURDMS5TU1RQLVRFU1QuTkVUMIIB
45 | IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA+rerg6C+dxL6DyL/pTgvdeYG
46 | pijNOipL46ER3mGpbhb61WxMmN7vDYeJ9QOUSkAYTEMv4lpnyO3ZwyuOdoidrd9a
47 | knfEM53whDiL8gOmkz/IlAk+/By3D2I7ee3XM3lrCRPsYTPTPSyxo4pWAYDzROvH
48 | 0XnLvgbaLKaJHa0C+dubjP/yKhxpznt4RvF7wy7ROe9N9eVAhoE3tn6CdwRAsbiZ
49 | BW35zihqevj9kScpm6tfuLn98lwW8AaGjZ0DjQBleCVU7SLSbVTX74na1WBQo76f
50 | i602opehcJuA5FwHtdWtpvxv3dqktlT5bobNABd/TgczSRtIsrJl0CiuyzBN4QID
51 | AQABo4ICnTCCApkwNwYJKwYBBAGCNxUHBCowKAYgKwYBBAGCNxUIgYuaFIH8lj+D
52 | tZ8xhtDFboHUy04eAR8CAWcCAQAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUF
53 | BwMBMA4GA1UdDwEB/wQEAwIFoDAnBgkrBgEEAYI3FQoEGjAYMAoGCCsGAQUFBwMC
54 | MAoGCCsGAQUFBwMBMB0GA1UdDgQWBBQHopHXQNlHakIJt8Zvn3BDmelwtzAhBgNV
55 | HREEGjAYghZOM1paLURDMS5TU1RQLVRFU1QuTkVUMB8GA1UdIwQYMBaAFI7Hrahj
56 | v5NCfLPEiWNUsQvcfzH0MIHWBgNVHR8Egc4wgcswgciggcWggcKGgb9sZGFwOi8v
57 | L0NOPVNTVFAtVEVTVC1OM1paLURDMS1DQSxDTj1OM1paLURDMSxDTj1DRFAsQ049
58 | UHVibGljJTIwS2V5JTIwU2VydmljZXMsQ049U2VydmljZXMsQ049Q29uZmlndXJh
59 | dGlvbixEQz1TU1RQLVRFU1QsREM9TkVUP2NlcnRpZmljYXRlUmV2b2NhdGlvbkxp
60 | c3Q/YmFzZT9vYmplY3RDbGFzcz1jUkxEaXN0cmlidXRpb25Qb2ludDCByQYIKwYB
61 | BQUHAQEEgbwwgbkwgbYGCCsGAQUFBzAChoGpbGRhcDovLy9DTj1TU1RQLVRFU1Qt
62 | TjNaWi1EQzEtQ0EsQ049QUlBLENOPVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENO
63 | PVNlcnZpY2VzLENOPUNvbmZpZ3VyYXRpb24sREM9U1NUUC1URVNULERDPU5FVD9j
64 | QUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdGlvbkF1dGhv
65 | cml0eTANBgkqhkiG9w0BAQUFAAOCAQEANmOOjSL6TiMK0+f17g4aHdQ3Ml1g9jsv
66 | Er0o+10V+U2I3Q5f0E5KBAOgYUsDpWBelDpnYv2i0EDA67X7kx6TGleq8/tNtYCI
67 | S8Jp4wKdYL/f/ac3+ZycvxbiF+4T4bsrM0RnnMyy3jbTU0vz8gJAW947Z+uXIz9p
68 | UQ1Xd1FNEABgXjC6wn2SN6V5/qN5xAIbMyOrrewI6hRYR8VtLPvdzfwQL9MXz97B
69 | bavh/0qUVTtViy4Fy9bh6K5eEyKWwBQMGCAEiUThMvAjQ+zft2TNMVrTC/CVINH6
70 | lKJvZr7x++WdHKiziDmqQEc7MljkSrg9lPXeHybLnQsCHAz/wUQhTQ==
71 | -----END CERTIFICATE-----
72 |
--------------------------------------------------------------------------------
/src/sstp-buff.c:
--------------------------------------------------------------------------------
1 | /*!
2 | * @brief Buffer handling routines
3 | *
4 | * @file sstp-buff.c
5 | *
6 | * @author Copyright (C) 2011 Eivind Naess,
7 | * All Rights Reserved
8 | *
9 | * @par License:
10 | * This program is free software; you can redistribute it and/or modify
11 | * it under the terms of the GNU General Public License as published by
12 | * the Free Software Foundation; either version 2 of the License, or
13 | * (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License along
21 | * with this program; if not, write to the Free Software Foundation, Inc.,
22 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 | */
24 |
25 | #include
26 | #include
27 | #include
28 | #include
29 | #include
30 | #include
31 |
32 | #include "sstp-private.h"
33 |
34 |
35 | status_t sstp_http_get(sstp_buff_st *buf, int *code, int *count,
36 | http_header_st *array)
37 | {
38 | int index = 0;
39 | int ret = 0;
40 | char *ptr1 = NULL;
41 | status_t status = SSTP_FAIL;
42 |
43 | /* Get the HTTP status code */
44 | *code = strtoul(buf->data + 9, NULL, 10);
45 | if (*code == -1 && errno == ERANGE)
46 | {
47 | goto done;
48 | }
49 |
50 | /* Skip the first line */
51 | ptr1 = strchr(buf->data, '\n');
52 | if (!ptr1)
53 | {
54 | goto done;
55 | }
56 |
57 | /* Iterate through the headers */
58 | do
59 | {
60 | ret = sscanf(ptr1+1, "%[^:]: %[^\r\n]", array[index].name,
61 | array[index].value);
62 | if (ret != 2)
63 | {
64 | break;
65 | }
66 |
67 | ptr1 = strchr(ptr1+1, '\n');
68 | if (index++ > *count)
69 | {
70 | break;
71 | }
72 |
73 | } while (ptr1 && ptr1[1] != '\r' && ptr1[1] != '\n');
74 |
75 | /* Save the number of headers */
76 | *count = index;
77 |
78 | /* Success! */
79 | status = SSTP_OKAY;
80 |
81 | done:
82 |
83 |
84 | return status;
85 | }
86 |
87 |
88 | http_header_st *sstp_http_get_header(const char *name, int count,
89 | http_header_st *array)
90 | {
91 | int index = 0;
92 |
93 | for (index = 0; index < count; index++)
94 | {
95 | if (strcasecmp(name, array[index].name))
96 | {
97 | continue;
98 | }
99 |
100 | return &array[index];
101 | }
102 |
103 | return NULL;
104 | }
105 |
106 |
107 | status_t sstp_buff_space(sstp_buff_st *buf, int length)
108 | {
109 | if (buf->max < (buf->len + length))
110 | {
111 | return SSTP_FAIL;
112 | }
113 |
114 | return SSTP_OKAY;
115 | }
116 |
117 |
118 | void sstp_buff_reset(sstp_buff_st *buf)
119 | {
120 | buf->len = 0;
121 | buf->off = 0;
122 | }
123 |
124 |
125 | void *sstp_buff_data(sstp_buff_st *buf, int index)
126 | {
127 | return (&buf->data[index]);
128 | }
129 |
130 |
131 | status_t sstp_buff_print(sstp_buff_st *buf, const char *fmt, ...)
132 | {
133 | va_list list;
134 | int ret;
135 |
136 | va_start(list, fmt);
137 | ret = vsnprintf(buf->data + buf->len, buf->max - buf->len, fmt, list);
138 | va_end(list);
139 |
140 | if (ret <= 0 || ret > (buf->max - buf->len))
141 | {
142 | return SSTP_OVERFLOW;
143 | }
144 |
145 | buf->len += ret;
146 | return SSTP_OKAY;
147 | }
148 |
149 |
150 | status_t sstp_buff_create(sstp_buff_st **buf, int size)
151 | {
152 | /* Allocate the memory */
153 | sstp_buff_st *ctx = calloc(1, sizeof(sstp_buff_st) + size);
154 | if (!ctx)
155 | {
156 | return SSTP_FAIL;
157 | }
158 |
159 | /* Configure the buffer */
160 | ctx->max = size;
161 | ctx->len = 0;
162 | ctx->off = 0;
163 | *buf = ctx;
164 |
165 | /* Success! */
166 | return SSTP_OKAY;
167 | }
168 |
169 |
170 | void sstp_buff_destroy(sstp_buff_st *buf)
171 | {
172 | if (!buf)
173 | {
174 | return;
175 | }
176 |
177 | free(buf);
178 | }
179 |
--------------------------------------------------------------------------------
/compile:
--------------------------------------------------------------------------------
1 | #! /bin/sh
2 | # Wrapper for compilers which do not understand `-c -o'.
3 |
4 | scriptversion=2009-10-06.20; # UTC
5 |
6 | # Copyright (C) 1999, 2000, 2003, 2004, 2005, 2009 Free Software
7 | # Foundation, Inc.
8 | # Written by Tom Tromey .
9 | #
10 | # This program is free software; you can redistribute it and/or modify
11 | # it under the terms of the GNU General Public License as published by
12 | # the Free Software Foundation; either version 2, or (at your option)
13 | # any later version.
14 | #
15 | # This program is distributed in the hope that it will be useful,
16 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | # GNU General Public License for more details.
19 | #
20 | # You should have received a copy of the GNU General Public License
21 | # along with this program. If not, see .
22 |
23 | # As a special exception to the GNU General Public License, if you
24 | # distribute this file as part of a program that contains a
25 | # configuration script generated by Autoconf, you may include it under
26 | # the same distribution terms that you use for the rest of that program.
27 |
28 | # This file is maintained in Automake, please report
29 | # bugs to or send patches to
30 | # .
31 |
32 | case $1 in
33 | '')
34 | echo "$0: No command. Try \`$0 --help' for more information." 1>&2
35 | exit 1;
36 | ;;
37 | -h | --h*)
38 | cat <<\EOF
39 | Usage: compile [--help] [--version] PROGRAM [ARGS]
40 |
41 | Wrapper for compilers which do not understand `-c -o'.
42 | Remove `-o dest.o' from ARGS, run PROGRAM with the remaining
43 | arguments, and rename the output as expected.
44 |
45 | If you are trying to build a whole package this is not the
46 | right script to run: please start by reading the file `INSTALL'.
47 |
48 | Report bugs to .
49 | EOF
50 | exit $?
51 | ;;
52 | -v | --v*)
53 | echo "compile $scriptversion"
54 | exit $?
55 | ;;
56 | esac
57 |
58 | ofile=
59 | cfile=
60 | eat=
61 |
62 | for arg
63 | do
64 | if test -n "$eat"; then
65 | eat=
66 | else
67 | case $1 in
68 | -o)
69 | # configure might choose to run compile as `compile cc -o foo foo.c'.
70 | # So we strip `-o arg' only if arg is an object.
71 | eat=1
72 | case $2 in
73 | *.o | *.obj)
74 | ofile=$2
75 | ;;
76 | *)
77 | set x "$@" -o "$2"
78 | shift
79 | ;;
80 | esac
81 | ;;
82 | *.c)
83 | cfile=$1
84 | set x "$@" "$1"
85 | shift
86 | ;;
87 | *)
88 | set x "$@" "$1"
89 | shift
90 | ;;
91 | esac
92 | fi
93 | shift
94 | done
95 |
96 | if test -z "$ofile" || test -z "$cfile"; then
97 | # If no `-o' option was seen then we might have been invoked from a
98 | # pattern rule where we don't need one. That is ok -- this is a
99 | # normal compilation that the losing compiler can handle. If no
100 | # `.c' file was seen then we are probably linking. That is also
101 | # ok.
102 | exec "$@"
103 | fi
104 |
105 | # Name of file we expect compiler to create.
106 | cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'`
107 |
108 | # Create the lock directory.
109 | # Note: use `[/\\:.-]' here to ensure that we don't use the same name
110 | # that we are using for the .o file. Also, base the name on the expected
111 | # object file name, since that is what matters with a parallel build.
112 | lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d
113 | while true; do
114 | if mkdir "$lockdir" >/dev/null 2>&1; then
115 | break
116 | fi
117 | sleep 1
118 | done
119 | # FIXME: race condition here if user kills between mkdir and trap.
120 | trap "rmdir '$lockdir'; exit 1" 1 2 15
121 |
122 | # Run the compile.
123 | "$@"
124 | ret=$?
125 |
126 | if test -f "$cofile"; then
127 | test "$cofile" = "$ofile" || mv "$cofile" "$ofile"
128 | elif test -f "${cofile}bj"; then
129 | test "${cofile}bj" = "$ofile" || mv "${cofile}bj" "$ofile"
130 | fi
131 |
132 | rmdir "$lockdir"
133 | exit $ret
134 |
135 | # Local Variables:
136 | # mode: shell-script
137 | # sh-indentation: 2
138 | # eval: (add-hook 'write-file-hooks 'time-stamp)
139 | # time-stamp-start: "scriptversion="
140 | # time-stamp-format: "%:y-%02m-%02d.%02H"
141 | # time-stamp-time-zone: "UTC"
142 | # time-stamp-end: "; # UTC"
143 | # End:
144 |
--------------------------------------------------------------------------------
/src/libsstp-log/sstp-log-private.h:
--------------------------------------------------------------------------------
1 | /*!
2 | * @brief Application's main entry point
3 | *
4 | * @file sstp-main.c
5 | *
6 | * @author Copyright (C) 2011 Eivind Naess,
7 | * All Rights Reserved
8 | *
9 | * @par License:
10 | * This program is free software; you can redistribute it and/or modify
11 | * it under the terms of the GNU General Public License as published by
12 | * the Free Software Foundation; either version 2 of the License, or
13 | * (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License along
21 | * with this program; if not, write to the Free Software Foundation, Inc.,
22 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 | */
24 | #ifndef __SSTP_LOG_PRIVATE_H__
25 | #define __SSTP_LOG_PRIVATE_H__
26 |
27 |
28 | /*! Keep attributes aligned to a 32-bit boundary */
29 | #define LOG_ALIGN32(n) \
30 | (((n) + 3) & ~3)
31 |
32 | /*< The default application name */
33 | #define SSTP_DFLT_APPNAME "sstp-client"
34 |
35 | /*< The max path size */
36 | #define SSTP_PATH_MAX 255
37 |
38 |
39 | /*!
40 | * @brief The type of log attribute
41 | */
42 | typedef enum log_type
43 | {
44 | /*! The time string for when the message was logged */
45 | LOG_ATTR_TIME = 1,
46 |
47 | /*! The file information for where the message was logged */
48 | LOG_ATTR_LINEINFO = 2,
49 |
50 | /*! The hostname of the computer */
51 | LOG_ATTR_HOST = 3,
52 |
53 | /*! The application name */
54 | LOG_ATTR_APPNAME = 4,
55 |
56 | /*! The log message is to follow */
57 | LOG_ATTR_MESSAGE = 5,
58 |
59 | /*
60 | * Add any additional attributes here
61 | */
62 |
63 | _LOG_ATTR_MAX
64 |
65 | } log_type_t;
66 |
67 | #define LOG_ATTR_MAX (_LOG_ATTR_MAX - 1)
68 |
69 |
70 | /*!
71 | * @brief The log message
72 | */
73 | typedef struct
74 | {
75 | /*! The level the message was logged with */
76 | uint8_t msg_level;
77 |
78 | /*! The length of the log-message */
79 | uint8_t msg_length;
80 |
81 | /*! The attribute count */
82 | uint8_t msg_acount;
83 |
84 | /*! The current time-stamp of the message */
85 | time_t msg_stamp;
86 |
87 | /*! The attribute section of this message */
88 | uint8_t msg_data[0];
89 |
90 | } log_msg_st;
91 |
92 |
93 | /*!
94 | * @brief A type length value structure to keep log-attributes
95 | */
96 | typedef struct log_attr
97 | {
98 | /*! The log attribute type */
99 | uint8_t attr_type;
100 |
101 | /*! The log attribute length */
102 | uint8_t attr_len;
103 |
104 | /*! The log attribute payload */
105 | uint8_t attr_data[0];
106 |
107 | } log_attr_st;
108 |
109 |
110 | /* Forward declare this structure */
111 | struct log_ctx;
112 |
113 |
114 | /*!
115 | * @brief Write the data to the output module
116 | * @param msg The log message
117 | * @param table The table holding the attributes of the message
118 | */
119 | typedef void (*write_fn)(struct log_ctx *ctx, log_msg_st *msg,
120 | log_attr_st *table[]);
121 |
122 |
123 | /*!
124 | * @brief Close output module
125 | */
126 | typedef void (*close_fn)(struct log_ctx *ctx);
127 |
128 |
129 | /*!
130 | * @brief A log context structure for setting output channels
131 | */
132 | typedef struct log_ctx
133 | {
134 | /*< The associated file descriptor */
135 | int sock;
136 |
137 | /*< The debug flag if enabled by configuration */
138 | int debug;
139 |
140 | /*< Any associated file */
141 | char file[SSTP_PATH_MAX];
142 |
143 | /* Write callback */
144 | write_fn write;
145 |
146 | /*< Close callback */
147 | close_fn close;
148 |
149 | } log_ctx_st;
150 |
151 |
152 | /*!
153 | * @brief Initialize the syslog output module
154 | */
155 | status_t sstp_syslog_init(log_ctx_st *ctx);
156 |
157 |
158 | /*!
159 | * @brief Initialize the stdout/err output module
160 | */
161 | status_t sstp_logstd_init(log_ctx_st *ctx);
162 |
163 |
164 | /*!
165 | * @brief Initialize the stdout/err output module
166 | */
167 | status_t sstp_logfile_init(log_ctx_st *ctx);
168 |
169 |
170 | /*!
171 | * @brief Converts a stream of bytes to a table of log-attributes
172 | */
173 | status_t sstp_logattr_parse(uint8_t stream, log_attr_st *table[], int size);
174 |
175 |
176 | #endif /* #ifndef __SSTP_LOG_PRIVATE_H__ */
177 |
--------------------------------------------------------------------------------
/m4/ax_check_openssl.m4:
--------------------------------------------------------------------------------
1 | # ===========================================================================
2 | # http://www.gnu.org/software/autoconf-archive/ax_check_openssl.html
3 | # ===========================================================================
4 | #
5 | # SYNOPSIS
6 | #
7 | # AX_CHECK_OPENSSL([action-if-found[, action-if-not-found]])
8 | #
9 | # DESCRIPTION
10 | #
11 | # Look for OpenSSL in a number of default spots, or in a user-selected
12 | # spot (via --with-openssl). Sets
13 | #
14 | # OPENSSL_INCLUDES to the include directives required
15 | # OPENSSL_LIBS to the -l directives required
16 | # OPENSSL_LDFLAGS to the -L or -R flags required
17 | #
18 | # and calls ACTION-IF-FOUND or ACTION-IF-NOT-FOUND appropriately
19 | #
20 | # This macro sets OPENSSL_INCLUDES such that source files should use the
21 | # openssl/ directory in include directives:
22 | #
23 | # #include
24 | #
25 | # LICENSE
26 | #
27 | # Copyright (c) 2009,2010 Zmanda Inc.
28 | # Copyright (c) 2009,2010 Dustin J. Mitchell
29 | #
30 | # Copying and distribution of this file, with or without modification, are
31 | # permitted in any medium without royalty provided the copyright notice
32 | # and this notice are preserved. This file is offered as-is, without any
33 | # warranty.
34 |
35 | #serial 8
36 |
37 | AU_ALIAS([CHECK_SSL], [AX_CHECK_OPENSSL])
38 | AC_DEFUN([AX_CHECK_OPENSSL], [
39 | found=false
40 | AC_ARG_WITH([openssl],
41 | [AS_HELP_STRING([--with-openssl=DIR],
42 | [root of the OpenSSL directory])],
43 | [
44 | case "$withval" in
45 | "" | y | ye | yes | n | no)
46 | AC_MSG_ERROR([Invalid --with-openssl value])
47 | ;;
48 | *) ssldirs="$withval"
49 | ;;
50 | esac
51 | ], [
52 | # if pkg-config is installed and openssl has installed a .pc file,
53 | # then use that information and don't search ssldirs
54 | AC_PATH_PROG([PKG_CONFIG], [pkg-config])
55 | if test x"$PKG_CONFIG" != x""; then
56 | OPENSSL_LDFLAGS=`$PKG_CONFIG openssl --libs-only-L 2>/dev/null`
57 | if test $? = 0; then
58 | OPENSSL_LIBS=`$PKG_CONFIG openssl --libs-only-l 2>/dev/null`
59 | OPENSSL_INCLUDES=`$PKG_CONFIG openssl --cflags-only-I 2>/dev/null`
60 | found=true
61 | fi
62 | fi
63 |
64 | # no such luck; use some default ssldirs
65 | if ! $found; then
66 | ssldirs="/usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /usr"
67 | fi
68 | ]
69 | )
70 |
71 |
72 | # note that we #include , so the OpenSSL headers have to be in
73 | # an 'openssl' subdirectory
74 |
75 | if ! $found; then
76 | OPENSSL_INCLUDES=
77 | for ssldir in $ssldirs; do
78 | AC_MSG_CHECKING([for openssl/ssl.h in $ssldir])
79 | if test -f "$ssldir/include/openssl/ssl.h"; then
80 | OPENSSL_INCLUDES="-I$ssldir/include"
81 | OPENSSL_LDFLAGS="-L$ssldir/lib"
82 | OPENSSL_LIBS="-lssl -lcrypto"
83 | found=true
84 | AC_MSG_RESULT([yes])
85 | break
86 | else
87 | AC_MSG_RESULT([no])
88 | fi
89 | done
90 |
91 | # if the file wasn't found, well, go ahead and try the link anyway -- maybe
92 | # it will just work!
93 | fi
94 |
95 | # try the preprocessor and linker with our new flags,
96 | # being careful not to pollute the global LIBS, LDFLAGS, and CPPFLAGS
97 |
98 | AC_MSG_CHECKING([whether compiling and linking against OpenSSL works])
99 | echo "Trying link with OPENSSL_LDFLAGS=$OPENSSL_LDFLAGS;" \
100 | "OPENSSL_LIBS=$OPENSSL_LIBS; OPENSSL_INCLUDES=$OPENSSL_INCLUDES" >&AS_MESSAGE_LOG_FD
101 |
102 | save_LIBS="$LIBS"
103 | save_LDFLAGS="$LDFLAGS"
104 | save_CPPFLAGS="$CPPFLAGS"
105 | LDFLAGS="$LDFLAGS $OPENSSL_LDFLAGS"
106 | LIBS="$OPENSSL_LIBS $LIBS"
107 | CPPFLAGS="$OPENSSL_INCLUDES $CPPFLAGS"
108 | AC_LINK_IFELSE(
109 | [AC_LANG_PROGRAM([#include ], [SSL_new(NULL)])],
110 | [
111 | AC_MSG_RESULT([yes])
112 | $1
113 | ], [
114 | AC_MSG_RESULT([no])
115 | $2
116 | ])
117 | CPPFLAGS="$save_CPPFLAGS"
118 | LDFLAGS="$save_LDFLAGS"
119 | LIBS="$save_LIBS"
120 |
121 | AC_SUBST([OPENSSL_INCLUDES])
122 | AC_SUBST([OPENSSL_LIBS])
123 | AC_SUBST([OPENSSL_LDFLAGS])
124 | ])
125 |
--------------------------------------------------------------------------------
/m4/ltsugar.m4:
--------------------------------------------------------------------------------
1 | # ltsugar.m4 -- libtool m4 base layer. -*-Autoconf-*-
2 | #
3 | # Copyright (C) 2004, 2005, 2007, 2008 Free Software Foundation, Inc.
4 | # Written by Gary V. Vaughan, 2004
5 | #
6 | # This file is free software; the Free Software Foundation gives
7 | # unlimited permission to copy and/or distribute it, with or without
8 | # modifications, as long as this notice is preserved.
9 |
10 | # serial 6 ltsugar.m4
11 |
12 | # This is to help aclocal find these macros, as it can't see m4_define.
13 | AC_DEFUN([LTSUGAR_VERSION], [m4_if([0.1])])
14 |
15 |
16 | # lt_join(SEP, ARG1, [ARG2...])
17 | # -----------------------------
18 | # Produce ARG1SEPARG2...SEPARGn, omitting [] arguments and their
19 | # associated separator.
20 | # Needed until we can rely on m4_join from Autoconf 2.62, since all earlier
21 | # versions in m4sugar had bugs.
22 | m4_define([lt_join],
23 | [m4_if([$#], [1], [],
24 | [$#], [2], [[$2]],
25 | [m4_if([$2], [], [], [[$2]_])$0([$1], m4_shift(m4_shift($@)))])])
26 | m4_define([_lt_join],
27 | [m4_if([$#$2], [2], [],
28 | [m4_if([$2], [], [], [[$1$2]])$0([$1], m4_shift(m4_shift($@)))])])
29 |
30 |
31 | # lt_car(LIST)
32 | # lt_cdr(LIST)
33 | # ------------
34 | # Manipulate m4 lists.
35 | # These macros are necessary as long as will still need to support
36 | # Autoconf-2.59 which quotes differently.
37 | m4_define([lt_car], [[$1]])
38 | m4_define([lt_cdr],
39 | [m4_if([$#], 0, [m4_fatal([$0: cannot be called without arguments])],
40 | [$#], 1, [],
41 | [m4_dquote(m4_shift($@))])])
42 | m4_define([lt_unquote], $1)
43 |
44 |
45 | # lt_append(MACRO-NAME, STRING, [SEPARATOR])
46 | # ------------------------------------------
47 | # Redefine MACRO-NAME to hold its former content plus `SEPARATOR'`STRING'.
48 | # Note that neither SEPARATOR nor STRING are expanded; they are appended
49 | # to MACRO-NAME as is (leaving the expansion for when MACRO-NAME is invoked).
50 | # No SEPARATOR is output if MACRO-NAME was previously undefined (different
51 | # than defined and empty).
52 | #
53 | # This macro is needed until we can rely on Autoconf 2.62, since earlier
54 | # versions of m4sugar mistakenly expanded SEPARATOR but not STRING.
55 | m4_define([lt_append],
56 | [m4_define([$1],
57 | m4_ifdef([$1], [m4_defn([$1])[$3]])[$2])])
58 |
59 |
60 |
61 | # lt_combine(SEP, PREFIX-LIST, INFIX, SUFFIX1, [SUFFIX2...])
62 | # ----------------------------------------------------------
63 | # Produce a SEP delimited list of all paired combinations of elements of
64 | # PREFIX-LIST with SUFFIX1 through SUFFIXn. Each element of the list
65 | # has the form PREFIXmINFIXSUFFIXn.
66 | # Needed until we can rely on m4_combine added in Autoconf 2.62.
67 | m4_define([lt_combine],
68 | [m4_if(m4_eval([$# > 3]), [1],
69 | [m4_pushdef([_Lt_sep], [m4_define([_Lt_sep], m4_defn([lt_car]))])]]dnl
70 | [[m4_foreach([_Lt_prefix], [$2],
71 | [m4_foreach([_Lt_suffix],
72 | ]m4_dquote(m4_dquote(m4_shift(m4_shift(m4_shift($@)))))[,
73 | [_Lt_sep([$1])[]m4_defn([_Lt_prefix])[$3]m4_defn([_Lt_suffix])])])])])
74 |
75 |
76 | # lt_if_append_uniq(MACRO-NAME, VARNAME, [SEPARATOR], [UNIQ], [NOT-UNIQ])
77 | # -----------------------------------------------------------------------
78 | # Iff MACRO-NAME does not yet contain VARNAME, then append it (delimited
79 | # by SEPARATOR if supplied) and expand UNIQ, else NOT-UNIQ.
80 | m4_define([lt_if_append_uniq],
81 | [m4_ifdef([$1],
82 | [m4_if(m4_index([$3]m4_defn([$1])[$3], [$3$2$3]), [-1],
83 | [lt_append([$1], [$2], [$3])$4],
84 | [$5])],
85 | [lt_append([$1], [$2], [$3])$4])])
86 |
87 |
88 | # lt_dict_add(DICT, KEY, VALUE)
89 | # -----------------------------
90 | m4_define([lt_dict_add],
91 | [m4_define([$1($2)], [$3])])
92 |
93 |
94 | # lt_dict_add_subkey(DICT, KEY, SUBKEY, VALUE)
95 | # --------------------------------------------
96 | m4_define([lt_dict_add_subkey],
97 | [m4_define([$1($2:$3)], [$4])])
98 |
99 |
100 | # lt_dict_fetch(DICT, KEY, [SUBKEY])
101 | # ----------------------------------
102 | m4_define([lt_dict_fetch],
103 | [m4_ifval([$3],
104 | m4_ifdef([$1($2:$3)], [m4_defn([$1($2:$3)])]),
105 | m4_ifdef([$1($2)], [m4_defn([$1($2)])]))])
106 |
107 |
108 | # lt_if_dict_fetch(DICT, KEY, [SUBKEY], VALUE, IF-TRUE, [IF-FALSE])
109 | # -----------------------------------------------------------------
110 | m4_define([lt_if_dict_fetch],
111 | [m4_if(lt_dict_fetch([$1], [$2], [$3]), [$4],
112 | [$5],
113 | [$6])])
114 |
115 |
116 | # lt_dict_filter(DICT, [SUBKEY], VALUE, [SEPARATOR], KEY, [...])
117 | # --------------------------------------------------------------
118 | m4_define([lt_dict_filter],
119 | [m4_if([$5], [], [],
120 | [lt_join(m4_quote(m4_default([$4], [[, ]])),
121 | lt_unquote(m4_split(m4_normalize(m4_foreach(_Lt_key, lt_car([m4_shiftn(4, $@)]),
122 | [lt_if_dict_fetch([$1], _Lt_key, [$2], [$3], [_Lt_key ])])))))])[]dnl
123 | ])
124 |
--------------------------------------------------------------------------------
/src/libsstp-log/sstp-log-syslog.c:
--------------------------------------------------------------------------------
1 | /*!
2 | * @brief Implements output to syslog for sstp-client.
3 | *
4 | * @file sstp-log-syslog.c
5 | *
6 | * @author Copyright (C) 2011 Eivind Naess,
7 | * All Rights Reserved
8 | *
9 | * @par License:
10 | * This program is free software; you can redistribute it and/or modify
11 | * it under the terms of the GNU General Public License as published by
12 | * the Free Software Foundation; either version 2 of the License, or
13 | * (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License along
21 | * with this program; if not, write to the Free Software Foundation, Inc.,
22 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 | */
24 |
25 | #include
26 | #include
27 | #include
28 | #include
29 | #include
30 | #include
31 | #include
32 | #include
33 | #include
34 | #include
35 | #include
36 |
37 | #include
38 | #include
39 | #include "sstp-log-private.h"
40 |
41 |
42 | /*!
43 | * @brief Write a syslog message to the /dev/log socket
44 | *
45 | * @par Note:
46 | * There is probably little value in doing all this work over using the syslog
47 | * function, but in the future we could switch to remote syslog and use the
48 | * RFC5424 format. This is just a placeholder for now...
49 | */
50 | static void sstp_syslog_write(log_ctx_st *ctx, log_msg_st *msg,
51 | log_attr_st *table[])
52 | {
53 | char buf[128];
54 | struct iovec vec[2];
55 | int ret = (-1);
56 | int cnt = ( 0);
57 | int len = ( 0);
58 | log_attr_st *attr = NULL;
59 |
60 | /* In case this was closed */
61 | if (ctx->sock < 0)
62 | {
63 | ret = sstp_syslog_init(ctx);
64 | if (SSTP_OKAY != ret)
65 | {
66 | return;
67 | }
68 | }
69 |
70 | /* Configure the log-level of the message */
71 | len += sprintf(buf + len, "<%d>", LOG_LOCAL0 | ((7 - msg->msg_level) & 0x07));
72 |
73 | /* Get the time stamp */
74 | attr = table[LOG_ATTR_TIME];
75 | if (!attr)
76 | {
77 | return;
78 | }
79 | len += sprintf(buf + len, "%s ", attr->attr_data);
80 |
81 | /* Get the application name */
82 | attr = table[LOG_ATTR_APPNAME];
83 | if (!attr)
84 | {
85 | return;
86 | }
87 | len += sprintf(buf + len, "%s[%d]: ", attr->attr_data, getpid());
88 |
89 | /* Get the line information */
90 | if (ctx->debug)
91 | {
92 | attr = table[LOG_ATTR_LINEINFO];
93 | if (!attr)
94 | {
95 | return;
96 | }
97 | len += sprintf(buf + len, "%s ", attr->attr_data);
98 | }
99 |
100 | /* Get the message attribute */
101 | attr = table[LOG_ATTR_MESSAGE];
102 | if (!attr)
103 | {
104 | return;
105 | }
106 |
107 | /* Add the syslog header */
108 | vec[cnt ].iov_base = buf;
109 | vec[cnt++].iov_len = strlen(buf);
110 |
111 | /* Add the message */
112 | vec[cnt ].iov_base = attr->attr_data;
113 | vec[cnt++].iov_len = attr->attr_len;
114 |
115 | /* Write the iovec structure to socket */
116 | ret = writev(ctx->sock, vec, cnt);
117 | if (ret == -1)
118 | {
119 | ctx->close(ctx);
120 | }
121 | }
122 |
123 |
124 | /*!
125 | * @brief Close the output module
126 | */
127 | static void sstp_syslog_close(log_ctx_st *ctx)
128 | {
129 | if (ctx->sock >= 0)
130 | {
131 | close(ctx->sock);
132 | ctx->sock = -1;
133 | }
134 | }
135 |
136 |
137 | /*!
138 | * @brief Create a new syslog socket preparing the log_ctx structure
139 | */
140 | status_t sstp_syslog_init(log_ctx_st *ctx)
141 | {
142 | struct sockaddr_un addr;
143 | int retval = SSTP_FAIL;
144 | int ret = (-1);
145 |
146 | /* Create a unix domain socket */
147 | ctx->sock = socket(AF_UNIX, SOCK_DGRAM, 0);
148 | if (ctx->sock <= -1)
149 | {
150 | goto done;
151 | }
152 |
153 | /* Configure the address */
154 | memset(&addr, 0, sizeof(struct sockaddr_un));
155 | addr.sun_family = AF_UNIX;
156 | strncpy(addr.sun_path, ctx->file, sizeof(addr.sun_path)-1);
157 |
158 | /* Connect the socket */
159 | ret = connect(ctx->sock, (struct sockaddr*) &addr, sizeof(addr));
160 | if (ret != 0)
161 | {
162 | goto done;
163 | }
164 |
165 | /* Configure the write/close callback */
166 | ctx->write = sstp_syslog_write;
167 | ctx->close = sstp_syslog_close;
168 |
169 | /* Success */
170 | retval = SSTP_OKAY;
171 |
172 | done:
173 |
174 | /* In case of failure ... */
175 | if (retval != SSTP_OKAY)
176 | {
177 | if (ctx->sock >= 0)
178 | {
179 | close(ctx->sock);
180 | ctx->sock = -1;
181 | }
182 | }
183 |
184 | return retval;
185 | }
186 |
187 |
--------------------------------------------------------------------------------
/sstp-client.spec:
--------------------------------------------------------------------------------
1 | %define ppp_version 2.4.5
2 | %define event_version 2.0.10
3 |
4 | Name: sstp-client
5 | Version: 1.0.9
6 | Release: 1%{?dist}
7 | Summary: Secure Socket Tunneling Protocol (SSTP) Client
8 | Group: Applications/Internet
9 | License: GPLv2+
10 | Packager: Eivind Naess
11 | Provides: sstp-client
12 | URL: http://sstp-client.sourceforge.net/
13 | Source0: http://downloads.sf.net/sstp-client/sstp-client-%{version}.tar.gz
14 | BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
15 | Requires: ppp >= %ppp_version
16 | Requires: libevent >= %event_version
17 | Requires(pre): /usr/sbin/useradd, /usr/bin/getent
18 | Requires(postun): /usr/sbin/userdel
19 |
20 | %package devel
21 | Summary: Provide development headers for sstp-client
22 | Group: Applications/Internet
23 | Provides: sstp-client-devel
24 |
25 | %description devel
26 | This package contains the necessary header files for sstp-client development
27 |
28 | This package is required to compile plugin's for sstp-client.
29 |
30 | %description
31 | Client for the proprietary Microsoft Secure Socket Tunneling Protocol, SSTP.
32 | Allows connection to a SSTP based VPN as used by employers and some cable
33 | and ADSL service providers.
34 |
35 | %prep
36 | %setup -q
37 |
38 | %build
39 | CFLAGS="-Wall %{optflags}" \
40 | ./configure \
41 | --disable-static \
42 | --prefix=/usr \
43 | --libdir=%_libdir \
44 | --with-libevent=2 \
45 | --with-pppd-plugin-dir=%_libdir/pppd/%ppp_version \
46 | --with-runtime-dir="/var/run/sstpc"
47 | %{__make} %{?_smp_mflags}
48 |
49 | %pre
50 | /usr/bin/getent group sstpc || /usr/sbin/groupadd -r \
51 | sstpc
52 |
53 | /usr/bin/getent passwd sstpc || /usr/sbin/useradd -r \
54 | -c "Secure Socket Tunneling Protocol (SSTP) Client" \
55 | -g sstpc \
56 | -d /var/run/sstpc \
57 | -s /bin/false \
58 | sstpc
59 |
60 | %postun
61 | rm -rf /var/run/sstpc
62 | /usr/sbin/userdel sstpc
63 |
64 | %install
65 | %{__rm} -rf %{buildroot}
66 | %{__make} DESTDIR=%{buildroot} install
67 | %{__install} -c -d -m 755 %{buildroot}/%{_mandir}/man8
68 | %{__install} -c -m 755 sstpc.8 %{buildroot}/%{_mandir}/man8
69 |
70 | %clean
71 | %{__rm} -rf %{buildroot}
72 |
73 | %files
74 | %defattr(-,root,root,-)
75 | %doc AUTHORS COPYING DEVELOPERS NEWS README TODO USING
76 | %doc ChangeLog
77 | %{_sbindir}/sstpc
78 | %{_mandir}/man8/sstpc.8*
79 | %{_libdir}/libsstp_api*.so*
80 | %{_libdir}/pppd/%ppp_version/sstp-pppd-plugin*.so*
81 | %{_libdir}/pkgconfig/sstp-client*.pc
82 | %{_docdir}/sstp-client/sstp-test*
83 |
84 | %exclude %{_libdir}/*.la
85 | %exclude %{_libdir}/pppd/%ppp_version/*.la
86 |
87 |
88 | %files devel
89 | /usr/include/sstp-client/sstp-api.h
90 |
91 | %changelog
92 | * Sat Jan 13 2013 Eivind Naess - 1.0.9-1
93 | * Fixed a critical bug that caused received packets to become corrupt, inability to access
94 | internal web-sites and caused random segfaults. Thanks to Damijan A. for reporting and
95 | providing an environment to test in.
96 |
97 | * Sat Oct 12 2012 Eivind Naess - 1.0.8-1
98 | * Unable to authenticate using --password, causing server to timeout
99 | the connection after 60 seconds.
100 | * Fixed a bug resulting in connection aborted on Ubuntu 12.04 with the
101 | message: "Connection was aborted, value of attribute is incorrect"
102 |
103 | * Sat Apr 28 2012 Eivind Naess - 1.0.7-1
104 | * Fixed a bug where connection failed to authenticate with server when specifying
105 | username / password on command line (first seen by microtik routers).
106 | * Various fixes to support Mac OS-X / Darwin
107 |
108 | * Sat Mar 15 2012 Eivind Naess - 1.0.6-1
109 | * Fixed a bug where the temporary password file was deleted before authentication could
110 | proceed.
111 |
112 | * Sat Mar 3 2012 Eivind Naess - 1.0.5-1
113 | * Fixed a critical bug in the sstp pppd plugin that caused the connection to fail.
114 | * Updated the documentation to better describe how to setup sstp-client
115 |
116 | * Wed Feb 8 2012 Eivind Naess - 1.0.4-1
117 | * Added ability to add host route thanks to Dmitriy Belokurov for providing the inital patch.
118 | * Fixed various bugs, to mention:
119 | - Disconnect of SSL connection during multiple SSL_write() with inconsitent buffers.
120 | - Perform the authentication after IP is up
121 |
122 | * Sun Nov 13 2011 Eivind Naess - 1.0.3-1
123 | * Added command line option to specify the uuid of the connection
124 | * Fixed various bugs, to mention:
125 | - Cleanup of unix socket on termination
126 | - Correct parsing of the URL
127 | - Fix connected time error when using --nolaunchpppd option
128 | - Unit tests was added
129 | - Added hardening of ubuntu build scripts
130 |
131 | * Sun Oct 20 2011 Eivind Naess - 1.2-1
132 | - Added http proxy support, using basic authentication
133 | - Adding privilege separation by chroot, and sstpc user.
134 | - Covering up traces of passwords after specifying --password per command line.
135 | - Command line option to ignore cerfificate errors (e.g. does not match host).
136 | - Fixing various bugs
137 |
138 | * Sun Oct 02 2011 Eivind Naess - 1.0.1-1
139 | - Initial packaging release
140 |
--------------------------------------------------------------------------------
/src/sstp-stream.h:
--------------------------------------------------------------------------------
1 | /*!
2 | * @brief Declarations for SSL Handling Routines
3 | *
4 | * @file sstp-ssl.h
5 | *
6 | * @author Copyright (C) 2011 Eivind Naess,
7 | * All Rights Reserved
8 | *
9 | * @par License:
10 | * This program is free software; you can redistribute it and/or modify
11 | * it under the terms of the GNU General Public License as published by
12 | * the Free Software Foundation; either version 2 of the License, or
13 | * (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License along
21 | * with this program; if not, write to the Free Software Foundation, Inc.,
22 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 | */
24 | #ifndef __SSTP_SSL_H__
25 | #define __SSTP_SSL_H__
26 |
27 | #include
28 | #include
29 |
30 |
31 | #define SSTP_VERIFY_NONE 0x00 // Don't verify certificate
32 | #define SSTP_VERIFY_NAME 0x01 // Verify the Certificate name
33 | #define SSTP_VERIFY_CERT 0x02 // Verify the Certificate with CA
34 | #define SSTP_VERIFY_CRL 0x04 // Verify against CRL service
35 |
36 |
37 | /*
38 | * NOTE:
39 | * The naming convention of sstp_stream is probably not correct. These should
40 | * probably be ssl_sock_st, and we should add functions to accept() in case
41 | * of a server.
42 | */
43 |
44 | struct sstp_stream;
45 | typedef struct sstp_stream sstp_stream_st;
46 |
47 |
48 | /*!
49 | * @brief Get the certificate hash from the peer certificate
50 | */
51 | status_t sstp_get_cert_hash(sstp_stream_st *ctx, int proto,
52 | unsigned char *hash, int hlen);
53 |
54 | /*!
55 | * @brief Verify the certificate
56 | */
57 | status_t sstp_verify_cert(sstp_stream_st *ctx, const char *host, int opts);
58 |
59 |
60 | /*!
61 | * @brief Check if the activity on the socket is longer than @a seconds
62 | */
63 | status_t sstp_last_activity(sstp_stream_st *client, int seconds);
64 |
65 |
66 | /*!
67 | * @brief A function to notify of complete send or receive event
68 | */
69 | typedef void (*sstp_complete_fn)(sstp_stream_st *stream,
70 | sstp_buff_st *buf, void *ctx, status_t status);
71 |
72 | /*!
73 | * @brief The handler function that will handle the receive of the data
74 | */
75 | typedef status_t (*sstp_recv_fn)(sstp_stream_st *ctx, sstp_buff_st *buf,
76 | sstp_complete_fn complete, void *arg, int timeout);
77 |
78 |
79 | /*!
80 | * @brief A Handler for receiving SSTP packets
81 | */
82 | status_t sstp_stream_recv_sstp(sstp_stream_st *ctx, sstp_buff_st *buf,
83 | sstp_complete_fn complete, void *arg, int timeout);
84 |
85 |
86 | /*!
87 | * @brief A generic handler for receiving anything else (blob)
88 | */
89 | status_t sstp_stream_recv(sstp_stream_st *ctx, sstp_buff_st *buf,
90 | sstp_complete_fn complete, void *arg, int timeout);
91 |
92 |
93 | /*!
94 | * @brief A handler for reciving a HTTP request
95 | */
96 | status_t sstp_stream_recv_http(sstp_stream_st *ctx, sstp_buff_st *buf,
97 | sstp_complete_fn complete, void *arg, int timeout);
98 |
99 |
100 | /*!
101 | * @brief Setup a socket handler for the SSL connection
102 | *
103 | * @par Note:
104 | * The @a handler can be either a custom function or it can be any
105 | * of the sstp_stream_recv, sstp_client_recv_sstp, or
106 | * sstp_stream_recv_http functions.
107 | */
108 | void sstp_stream_setrecv(sstp_stream_st *ctx, sstp_recv_fn recv_cb,
109 | sstp_buff_st *buf, sstp_complete_fn complete, void *arg, int timeout);
110 |
111 |
112 | /*!
113 | * @brief Send a buffer using non-blocking I/O on the SSL socket.
114 | * @param client [IN] The client context to communicate on
115 | * @param buf [IN] The buffer structure
116 | * @param complete [IN] The callback to call when SSTP_INPROG is returned
117 | *
118 | * @return SSTP_OKAY when buffer is written successfully to the socket,
119 | * SSTP_FAIL if an error occured during the write, and
120 | * SSTP_INPROG if the operation would block
121 | */
122 | status_t sstp_stream_send(sstp_stream_st *client, sstp_buff_st *buf,
123 | sstp_complete_fn complete, void *ctx, int timeout);
124 |
125 |
126 | /*!
127 | * @brief Send data on a plain text socket
128 | */
129 | status_t sstp_stream_send_plain(sstp_stream_st *stream, sstp_buff_st *buf,
130 | sstp_complete_fn complete, void *arg, int timeout);
131 |
132 |
133 | /*!
134 | * @brief Perform a plain text receive
135 | */
136 | status_t sstp_stream_recv_plain(sstp_stream_st *ctx, sstp_buff_st *buf,
137 | sstp_complete_fn complete, void *arg, int timeout);
138 |
139 |
140 | /*!
141 | * @brief Connect a SSL socket using non-blocking I/O
142 | */
143 | status_t sstp_stream_connect(sstp_stream_st *client, struct sockaddr *addr,
144 | int addrlen, sstp_complete_fn complete, void *ctx, int timout);
145 |
146 |
147 | /*!
148 | * @brief Create the client
149 | */
150 | status_t sstp_stream_create(sstp_stream_st **client, event_base_st *base,
151 | SSL_CTX *ssl, const char* name);
152 |
153 |
154 | /*!
155 | * @brief Destroy a SSL Client
156 | */
157 | status_t sstp_stream_destroy(sstp_stream_st *client);
158 |
159 |
160 | #endif /* #ifndef __SSTP_SSL_H__ */
161 |
--------------------------------------------------------------------------------
/src/sstp-packet.h:
--------------------------------------------------------------------------------
1 | /*!
2 | * @brief The packet decoding / encoding related declarations
3 | *
4 | * @file sstp-packet.h
5 | *
6 | * @author Copyright (C) 2011 Eivind Naess,
7 | * All Rights Reserved
8 | *
9 | * @par License:
10 | * This program is free software; you can redistribute it and/or modify
11 | * it under the terms of the GNU General Public License as published by
12 | * the Free Software Foundation; either version 2 of the License, or
13 | * (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License along
21 | * with this program; if not, write to the Free Software Foundation, Inc.,
22 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 | */
24 |
25 | #ifndef __SSTP_PACKET_H__
26 | #define __SSTP_PACKET_H__
27 |
28 |
29 | /*< The protocol encapsulation, always PPP */
30 | #define SSTP_ENCAP_PROTO_PPP 0x0001
31 |
32 | /*< The hash protocol bit-mask: SHA1 */
33 | #define SSTP_PROTO_HASH_SHA1 0x01
34 |
35 | /*< The hash protocol bit-mask: SHA256 */
36 | #define SSTP_PROTO_HASH_SHA256 0x02
37 |
38 |
39 | /*!
40 | * @brief The message types per specification
41 | */
42 | typedef enum
43 | {
44 | SSTP_MSG_DATA = 0x0000,
45 | SSTP_MSG_CONNECT_REQ = 0x0001,
46 | SSTP_MSG_CONNECT_ACK = 0x0002,
47 | SSTP_MSG_CONNECT_NAK = 0x0003,
48 | SSTP_MSG_CONNECTED = 0x0004,
49 | SSTP_MSG_ABORT = 0x0005,
50 | SSTP_MSG_DISCONNECT = 0x0006,
51 | SSTP_MSG_DISCONNECT_ACK = 0x0007,
52 | SSTP_ECHO_REQUEST = 0x0008,
53 | SSTP_ECHO_REPLY = 0x0009,
54 |
55 | } sstp_msg_t;
56 |
57 |
58 | /*!
59 | * @brief The type of sstp message
60 | */
61 | typedef enum
62 | {
63 | SSTP_PKT_UNKNOWN = 0,
64 | SSTP_PKT_DATA = 1,
65 | SSTP_PKT_CTRL = 2,
66 |
67 | } sstp_pkt_t;
68 |
69 |
70 | /*!
71 | * @brief The defined attributes per specification
72 | */
73 | typedef enum
74 | {
75 | SSTP_ATTR_NO_ERROR = 0x00,
76 | SSTP_ATTR_ENCAP_PROTO = 0x01,
77 | SSTP_ATTR_STATUS_INFO = 0x02,
78 | SSTP_ATTR_CRYPTO_BIND = 0x03,
79 | SSTP_ATTR_CRYPTO_BIND_REQ = 0x04,
80 |
81 | /*
82 | * Add additional attributes here
83 | */
84 |
85 | _SSTP_ATTR_MAX
86 |
87 | } sstp_attr_t;
88 |
89 | #define SSTP_ATTR_MAX (_SSTP_ATTR_MAX - 1)
90 |
91 | /*!
92 | * @brief Help trace the packet
93 | */
94 | #define sstp_pkt_trace(buf) \
95 | if (SSTP_LOG_TRACE <= sstp_log_level()) \
96 | { \
97 | sstp_pkt_dump(buf, __FILE__, __LINE__); \
98 | }
99 |
100 |
101 | /*!
102 | * @brief The defined status attributes per specificiation
103 | */
104 | enum
105 | {
106 | /*< Duplicate Attribute Received */
107 | SSTP_STATUS_DUPLICATE = 0x01,
108 |
109 | /*< Unrecognized Attribute Received */
110 | SSTP_STATUS_UNRECOGNIZED = 0x02,
111 |
112 | /*< Invalid attribute length */
113 | SSTP_STATUS_INVALID_LENGTH = 0x03,
114 |
115 | /*< Value of an attribute not supported */
116 | SSTP_STATUS_VALUE_NOTSUP = 0x04,
117 |
118 | /*< The attribute itself is not supported */
119 | SSTP_STATUS_ATTR_NOTSUP = 0x09,
120 |
121 | /*< Expected attribute is missing */
122 | SSTP_STATUS_ATTR_MISSING = 0x0a,
123 |
124 | /*< Invalid value of the STATUS INFO attribute */
125 | SSTP_STATUS_INFO_NOSUP = 0x0b,
126 | };
127 |
128 |
129 | /*< Forward declare the pkt structure */
130 | struct sstp_pkt;
131 | typedef struct sstp_pkt sstp_pkt_st;
132 |
133 |
134 | /*< Forward declare the attribute */
135 | struct sstp_attr;
136 | typedef struct sstp_attr sstp_attr_st;
137 |
138 |
139 | /*!
140 | * @brief Start writing a SSTP packet to the buffer
141 | */
142 | status_t sstp_pkt_init(sstp_buff_st *buf, sstp_msg_t type);
143 |
144 |
145 | /*!
146 | * @brief Append a SSTP attribute to the buffer
147 | */
148 | status_t sstp_pkt_attr(sstp_buff_st *buf, sstp_attr_t type,
149 | unsigned short len, void *data);
150 |
151 |
152 | /*!
153 | * @brief Get a pointer to the raw data
154 | */
155 | uint8_t *sstp_pkt_data(sstp_buff_st *buf);
156 |
157 |
158 | /*!
159 | * @brief Return the length of the data section
160 | */
161 | int sstp_pkt_data_len(sstp_buff_st *buf);
162 |
163 |
164 | /*!
165 | * @brief Calculate the total length of the packet
166 | */
167 | int sstp_pkt_len(sstp_buff_st *buf);
168 |
169 |
170 | /*!
171 | * @brief Find the packet and ctrl message given the buffer
172 | */
173 | sstp_pkt_t sstp_pkt_type(sstp_buff_st *buf, sstp_msg_t *type);
174 |
175 |
176 | /*!
177 | * @brief Update the header of this packet
178 | */
179 | void sstp_pkt_update(sstp_buff_st *buf);
180 |
181 |
182 | /*!
183 | * @brief Parse a attribute section
184 | */
185 | status_t sstp_pkt_parse(sstp_buff_st *buff, size_t count,
186 | sstp_attr_st *attrs[]);
187 |
188 |
189 | /*!
190 | * @brief Return a pointer to the data in the attribute
191 | */
192 | void *sstp_attr_data(sstp_attr_st *attr);
193 |
194 |
195 | /*!
196 | * @brief Returns the real length of the data section
197 | */
198 | int sstp_attr_len(sstp_attr_st *attr);
199 |
200 |
201 | /*!
202 | * @brief Return the string representation of the status attribute
203 | */
204 | const char *sstp_attr_status_str(int status);
205 |
206 |
207 | void sstp_pkt_dump(sstp_buff_st *buf, const char *file, int line);
208 |
209 | #endif /* #ifdef __SSTP_PACKET_H__ */
210 |
--------------------------------------------------------------------------------
/m4/pkg.m4:
--------------------------------------------------------------------------------
1 | # pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*-
2 | #
3 | # Copyright © 2004 Scott James Remnant .
4 | #
5 | # This program is free software; you can redistribute it and/or modify
6 | # it under the terms of the GNU General Public License as published by
7 | # the Free Software Foundation; either version 2 of the License, or
8 | # (at your option) any later version.
9 | #
10 | # This program is distributed in the hope that it will be useful, but
11 | # WITHOUT ANY WARRANTY; without even the implied warranty of
12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 | # General Public License for more details.
14 | #
15 | # You should have received a copy of the GNU General Public License
16 | # along with this program; if not, write to the Free Software
17 | # Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
18 | #
19 | # As a special exception to the GNU General Public License, if you
20 | # distribute this file as part of a program that contains a
21 | # configuration script generated by Autoconf, you may include it under
22 | # the same distribution terms that you use for the rest of that program.
23 |
24 | # PKG_PROG_PKG_CONFIG([MIN-VERSION])
25 | # ----------------------------------
26 | AC_DEFUN([PKG_PROG_PKG_CONFIG],
27 | [m4_pattern_forbid([^_?PKG_[A-Z_]+$])
28 | m4_pattern_allow([^PKG_CONFIG(_PATH)?$])
29 | AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility])dnl
30 | if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
31 | AC_PATH_TOOL([PKG_CONFIG], [pkg-config])
32 | fi
33 | if test -n "$PKG_CONFIG"; then
34 | _pkg_min_version=m4_default([$1], [0.9.0])
35 | AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version])
36 | if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
37 | AC_MSG_RESULT([yes])
38 | else
39 | AC_MSG_RESULT([no])
40 | PKG_CONFIG=""
41 | fi
42 |
43 | fi[]dnl
44 | ])# PKG_PROG_PKG_CONFIG
45 |
46 | # PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
47 | #
48 | # Check to see whether a particular set of modules exists. Similar
49 | # to PKG_CHECK_MODULES(), but does not set variables or print errors.
50 | #
51 | #
52 | # Similar to PKG_CHECK_MODULES, make sure that the first instance of
53 | # this or PKG_CHECK_MODULES is called, or make sure to call
54 | # PKG_CHECK_EXISTS manually
55 | # --------------------------------------------------------------
56 | AC_DEFUN([PKG_CHECK_EXISTS],
57 | [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
58 | if test -n "$PKG_CONFIG" && \
59 | AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then
60 | m4_ifval([$2], [$2], [:])
61 | m4_ifvaln([$3], [else
62 | $3])dnl
63 | fi])
64 |
65 |
66 | # _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES])
67 | # ---------------------------------------------
68 | m4_define([_PKG_CONFIG],
69 | [if test -n "$PKG_CONFIG"; then
70 | if test -n "$$1"; then
71 | pkg_cv_[]$1="$$1"
72 | else
73 | PKG_CHECK_EXISTS([$3],
74 | [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`],
75 | [pkg_failed=yes])
76 | fi
77 | else
78 | pkg_failed=untried
79 | fi[]dnl
80 | ])# _PKG_CONFIG
81 |
82 | # _PKG_SHORT_ERRORS_SUPPORTED
83 | # -----------------------------
84 | AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED],
85 | [AC_REQUIRE([PKG_PROG_PKG_CONFIG])
86 | if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
87 | _pkg_short_errors_supported=yes
88 | else
89 | _pkg_short_errors_supported=no
90 | fi[]dnl
91 | ])# _PKG_SHORT_ERRORS_SUPPORTED
92 |
93 |
94 | # PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
95 | # [ACTION-IF-NOT-FOUND])
96 | #
97 | #
98 | # Note that if there is a possibility the first call to
99 | # PKG_CHECK_MODULES might not happen, you should be sure to include an
100 | # explicit call to PKG_PROG_PKG_CONFIG in your configure.ac
101 | #
102 | #
103 | # --------------------------------------------------------------
104 | AC_DEFUN([PKG_CHECK_MODULES],
105 | [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
106 | AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl
107 | AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl
108 |
109 | pkg_failed=no
110 | AC_MSG_CHECKING([for $1])
111 |
112 | _PKG_CONFIG([$1][_CFLAGS], [cflags], [$2])
113 | _PKG_CONFIG([$1][_LIBS], [libs], [$2])
114 |
115 | m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS
116 | and $1[]_LIBS to avoid the need to call pkg-config.
117 | See the pkg-config man page for more details.])
118 |
119 | if test $pkg_failed = yes; then
120 | _PKG_SHORT_ERRORS_SUPPORTED
121 | if test $_pkg_short_errors_supported = yes; then
122 | $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --errors-to-stdout --print-errors "$2"`
123 | else
124 | $1[]_PKG_ERRORS=`$PKG_CONFIG --errors-to-stdout --print-errors "$2"`
125 | fi
126 | # Put the nasty error message in config.log where it belongs
127 | echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD
128 |
129 | ifelse([$4], , [AC_MSG_ERROR(dnl
130 | [Package requirements ($2) were not met:
131 |
132 | $$1_PKG_ERRORS
133 |
134 | Consider adjusting the PKG_CONFIG_PATH environment variable if you
135 | installed software in a non-standard prefix.
136 |
137 | _PKG_TEXT
138 | ])],
139 | [$4])
140 | elif test $pkg_failed = untried; then
141 | ifelse([$4], , [AC_MSG_FAILURE(dnl
142 | [The pkg-config script could not be found or is too old. Make sure it
143 | is in your PATH or set the PKG_CONFIG environment variable to the full
144 | path to pkg-config.
145 |
146 | _PKG_TEXT
147 |
148 | To get pkg-config, see .])],
149 | [$4])
150 | else
151 | $1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS
152 | $1[]_LIBS=$pkg_cv_[]$1[]_LIBS
153 | AC_MSG_RESULT([yes])
154 | ifelse([$3], , :, [$3])
155 | fi[]dnl
156 | ])# PKG_CHECK_MODULES
157 |
--------------------------------------------------------------------------------
/sstpc.8:
--------------------------------------------------------------------------------
1 | .\" SH section heading
2 | .\" SS subsection heading
3 | .\" LP paragraph
4 | .\" IP indented paragraph
5 | .\" TP hanging label
6 | .TH SSTPC 8
7 | .\" NAME should be all caps, SECTION should be 1-8, maybe w/ subsection
8 | .\" other parms are allowed: see man(7), man(1)
9 | .SH NAME
10 | sstpc \- SSTP Client
11 | .SH SYNOPSIS
12 | .B sstpc
13 | .I " [ppp-options] ..."
14 | .SH "DESCRIPTION"
15 | .LP
16 | .B sstpc
17 | establishes the client side of a Virtual Private Network (VPN) using the Secure Socket Tunneling Protocol (SSTP). Use this program to connect to an employer's SSTP based VPN when PPTP and L2TP is not working.
18 | .LP
19 | By default, \fBsstpc\fR establishes the SSTP call to the SSTP server, and then starts an instance of \fBpppd\fR to manage the data transfer. However, \fBsstpc\fR can also be run as a connection manager within
20 | \fBpppd\fR.
21 | .SH OPTIONS
22 | .LP
23 | The first non\-option argument on the \fBsstpc\fR command line must be the host name or IP address of the SSTP server.
24 | .LP
25 | All long options (starting with "\-\-") are interpreted as sstpc options, and a fatal error occurs if an unrecognised option is used.
26 | .LP
27 | All command\-line arguments which do not start with "\-" are interpreted as ppp options, and passed as is to \fBpppd\fR unless \fB\-\-nolaunchpppd\fR is given.
28 | .TP
29 | .B \-\-ca-cert
30 | Specify the CA certificate used to verify the server with
31 | .TP
32 | .B \-\-ca-dir
33 | Specify the directory of certificates that contains the CA certificate. If nothing is specified, the system's wide directory is used.
34 | .TP
35 | .B \-\-cert-warn
36 | Ignore certificate warnings like common name instead of terminating the connection.
37 | .TP
38 | .B \-\-debug
39 | Run in foreground (for debugging with gdb)
40 | .TP
41 | .B \-\-ipparam
42 | This will help specify the callback socket that
43 | .B pppd
44 | will try to connect back to
45 | .B sstpc
46 | in order to communciate the MPPE keys as negotiated. The MPPE keys are required to authenticate against the server at the SSL layer. They can be zeroed if no MPPE is negotated. The name is formed based on /tmp/sstpc-.
47 | .TP
48 | .B \-\-nolaunchpppd
49 | Do not launch
50 | .B pppd
51 | but use stdin as the network connection. Use this flag when including
52 | .B sstpc
53 | as a
54 | .B pppd
55 | connection process using the
56 | .B pty
57 | option. See EXAMPLES.
58 | .TP
59 | .B \-\-password
60 | Specify a password per command line instead of setting it up in a configuration file for
61 | .B pppd
62 | in /etc/ppp/peers.
63 | .TP
64 | .B \-\-proxy
65 | Connect to the SSTP server via a proxy on your network. The syntax is http://[:@]:port.
66 | .TP
67 | .B \-\-priv-user
68 | Specify the privilege separation user to run
69 | .B sstpc
70 | .TP
71 | .B \-\-priv-group
72 | Specify the privilege separation group to run
73 | .B sstpc
74 | .TP
75 | .B \-\-priv-dir
76 | Specify the privilege separation directory for the chroot jail to run
77 | .B sstpc
78 | .TP
79 | .B \-\-user
80 | Specify the username to authenticate to the SSTP server instead of setting it up in a configuration file for
81 | .B pppd
82 | in /etc/ppp/peers.
83 | .TP
84 | .B \-\-save-server-route
85 | This will automatically add and remove a route to the SSTP server.
86 | .TP
87 | .B \-\-uuid
88 | Specify a UUID for the connection to simplify the server end debugging.
89 | .SS Troubleshooting
90 | The following options are available to help troubleshoot
91 | .B sstpc
92 | .TP
93 | .B \-\-log-level
94 | Set the debug level for debugging the
95 | .B sstpc
96 | process. Level can be a value between 0 and 4.
97 | .TP
98 | .B \-\-log-syslog
99 | Log messages to syslog (default).
100 | .TP
101 | .B \-\-log-stderr
102 | Log messages to error output
103 | .TP
104 | .B \-\-log-stdout
105 | Log messages to standard output
106 | .TP
107 | .B \-\-log-fileno
108 | Include file and line number with the log messages
109 | .TP
110 | .B \-\-log-filter
111 | Filter the logs by a particular set of files, e.g: sstp-packet,sstp-state
112 |
113 | .SH "EXAMPLES"
114 | Connection to a Microsoft Windows RAS Service using SSTP protocol
115 | .TP
116 | Setup the peer scripts in /etc/ppp/peers, you may start by cloning one of the scripts available in your docs directory, /usr/share/doc/sstp-client, or /usr/local/share/doc/sstp-client. The general content of this file will be close to the following:
117 | .IP
118 | # Example Content of /etc/ppp/peers/sstp-test
119 | .br
120 | remotename sstp-test
121 | .br
122 | linkname sstp-test
123 | .br
124 | ipparam sstp-test
125 | .br
126 | pty "sstpc \-\-ipparam sstp\-test \-\-nolaunchpppd sstp\-test.yourdomain.com"
127 | .br
128 | name eivnaes
129 | .br
130 | plugin sstp-pppd-plugin.so
131 | .br
132 | sstp-sock /var/run/sstpc/sstpc-sstp-test
133 | .br
134 | usepeerdns
135 | .br
136 | require-mppe
137 | .br
138 | require-mschap-v2
139 | .br
140 | refuse-eap
141 | .br
142 | refuse-pap
143 | .br
144 | refuse-chap
145 | .br
146 | refuse-mschap
147 | .br
148 | nobsdcomp
149 | .br
150 | nodeflate
151 | .TP
152 | Note that the \fBchap\-secrets\fR file used by \fBpppd\fR must include an entry for domain\\\\username. For the sstp-test example, the user eivnaes will have a equivalent entry in the /etc/ppp/chap-secrets file.
153 |
154 | # Secrets for authentication using CHAP
155 | .br
156 | # client server secret IP addresses
157 | .br
158 | eivnaes * xxxxxx *
159 | .TP
160 | Starting the sstp-test using the pon script
161 | .B sudo pon sstp-test
162 | .TP
163 | Invoking sstpc using the the call command
164 | .B sstpc \-\-ipparam sstp\-test sstp-test.yourdomain.com call sstp-test-nopty
165 | .TP
166 | The sstp-test-nopty is a pppd script you need to create in /etc/ppp/peers, and you can clone the example sstp-test above; but you must omit the \fBpty\fR statement in the peers configuration.
167 | .SH "SEE ALSO"
168 | .IR pppd (8)
169 | .PP
170 | .SH AUTHOR
171 | This manual page was written by Eivind Naess
172 |
--------------------------------------------------------------------------------
/configure.ac:
--------------------------------------------------------------------------------
1 | AC_PREREQ([2.65])
2 | AC_INIT([sstp-client],
3 | [1.0.9],
4 | [http://sourceforge.net/projects/sstp-client])
5 |
6 | m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])])
7 | AC_CONFIG_MACRO_DIR([m4])
8 | AM_INIT_AUTOMAKE
9 | AC_LANG(C)
10 | AC_CONFIG_SRCDIR([src/sstp-client.c])
11 | AC_CONFIG_HEADERS([config.h])
12 |
13 | # Checks for programs.
14 | AC_PROG_CC
15 | AM_PROG_CC_C_O
16 | AC_PROG_INSTALL
17 | AC_PROG_LIBTOOL
18 | LIBEVENT2_MINIMUM=2.0.10
19 |
20 | # Check if user asked us to compile with 1.4 support
21 | AC_ARG_WITH(libevent,
22 | AC_HELP_STRING([--with-libevent], [Specify the libevent version to compile with]),
23 | [with_libevent="$withval"], [with_libevent="1"])
24 |
25 | AS_CASE([$with_libevent],
26 | ["1"],[AX_CHECK_LIBRARY([LIBEVENT], [event.h], [event],
27 | [AC_CHECK_LIB([event], [event_init], [],
28 | [AC_MSG_ERROR([libevent is not usable])])],
29 | [AC_MSG_ERROR([Required library libevent not found])])],
30 | ["2"],[PKG_CHECK_MODULES([LIBEVENT], [libevent >= $LIBEVENT2_MINIMUM],
31 | [AC_DEFINE([HAVE_LIBEVENT2], [1], [Specify use of libevent >= $LIBEVENT2_MINIMUM])],
32 | [AC_MSG_ERROR([Required library libevent not found])])],
33 | ["*"],[AC_MSG_ERROR([Unknown version of libevent specified])])
34 |
35 | CFLAGS="$CFLAGS $LIBEVENT_CFLAGS"
36 | LDFLAGS="$LDFLAGS $LIBEVENT_LIBS"
37 |
38 | # Check for OpenSSL
39 | AX_CHECK_OPENSSL([],
40 | [AC_MSG_ERROR([OpenSSL not found Hint: apt-get install libssl-dev])])
41 | LIBS="$LIBS $OPENSSL_LIBS"
42 | CFLAGS="$CFLAGS $OPENSSL_INCLUDES"
43 | LDFLAGS="$LDFLAGS $OPENSSL_LDFLAGS"
44 |
45 |
46 | # Check for openpty
47 | AC_CHECK_LIB([util], [openpty])
48 |
49 |
50 | # Specify privilege separation user
51 | AC_ARG_ENABLE(user,
52 | AC_HELP_STRING([--enable-user=user], [Drop privileges after start to this user (default: sstpc)]))
53 | AS_IF([ test "${enable_user}" = "yes" || test x"${enable_user}" = x"" ],
54 | [enable_user="sstpc"],
55 | [enable_user="root"])
56 | AC_SUBST([enable_user])
57 | AC_DEFINE_UNQUOTED(SSTP_USER, "${enable_user}", The sstpc privilege drop user)
58 |
59 |
60 | # Specify privilege separation group
61 | AC_ARG_ENABLE(group,
62 | AC_HELP_STRING([--enable-group=group], [Drop privileges after start to this group (default: sstpc)]))
63 | AS_IF([ test "${enable_group}" = "yes" || test x"${enable_group}" = x"" ],
64 | [enable_group="sstpc"],
65 | [enable_group="root"])
66 | AC_SUBST([enable_group])
67 | AC_DEFINE_UNQUOTED(SSTP_GROUP, "${enable_group}", The sstpc privilege drop group)
68 |
69 |
70 | # Specify runtime directory
71 | AC_ARG_WITH([runtime-dir],
72 | AC_HELP_STRING([--with-runtime-dir=DIR], [Specify the runtime directory for sstpc]))
73 | AS_IF([ test -n "$with_runtime_dir"],
74 | [SSTP_RUNTIME_DIR="$with_runtime_dir"],
75 | [SSTP_RUNTIME_DIR="${localstatedir}/run/sstpc"])
76 | AC_SUBST(SSTP_RUNTIME_DIR)
77 |
78 | # Check to see if we enabled PPP plug-in support (default:yes)
79 | AC_ARG_ENABLE(ppp-plugin,
80 | AC_HELP_STRING([--disable-ppp-plugin=DIR], [disable PPP Plugin support]),
81 | [enable_ppp_plugin=${enableval}], [enable_ppp_plugin=yes])
82 | AS_IF([test "x$enable_ppp_plugin" != "xno"],
83 | AC_CHECK_HEADER(pppd/pppd.h,,
84 | AC_MSG_ERROR([pppd.h missing Hint: apt-get install ppp-dev]))
85 | AC_DEFINE(HAVE_PPP_PLUGIN, 1, [Define if you have PPP support]))
86 |
87 |
88 | # Check to see if the plugin directory was set
89 | AM_CONDITIONAL(WITH_PPP_PLUGIN, test "${enable_ppp_plugin}" = "yes")
90 | AC_ARG_WITH([pppd-plugin-dir],
91 | AS_HELP_STRING([--with-pppd-plugin-dir=DIR], [path to the pppd plugins directory]))
92 | if test -n "$with_pppd_plugin_dir" ; then
93 | PPPD_PLUGIN_DIR="$with_pppd_plugin_dir"
94 | else
95 | PPPD_PLUGIN_DIR="${libdir}/pppd/2.4.5"
96 | fi
97 | AC_SUBST(PPPD_PLUGIN_DIR)
98 |
99 | # Check if we have netlink support
100 | AC_CHECK_HEADER([linux/rtnetlink.h],
101 | AC_DEFINE(HAVE_NETLINK, 1, [Use netlink to add/remove route]),
102 | AC_MSG_WARN([Compiling without netlink support]),
103 | [#include
104 | #include ])
105 |
106 | # Checks for header files.
107 | AC_HEADER_STDBOOL
108 | AC_CHECK_HEADERS([ \
109 | arpa/inet.h \
110 | fcntl.h \
111 | netdb.h \
112 | paths.h \
113 | stdint.h \
114 | stdlib.h \
115 | string.h \
116 | syslog.h \
117 | pty.h \
118 | sys/types.h \
119 | sys/socket.h \
120 | unistd.h])
121 |
122 | # Checks for typedefs, structures, and compiler characteristics.
123 | AC_TYPE_MODE_T
124 | AC_TYPE_SIZE_T
125 | AC_TYPE_UINT16_T
126 | AC_TYPE_UINT32_T
127 | AC_TYPE_UINT8_T
128 |
129 | # Checks for library functions.
130 | AC_FUNC_ALLOCA
131 | AC_FUNC_FORK
132 | AC_FUNC_CHOWN
133 | AC_FUNC_MALLOC
134 | AC_CHECK_FUNCS([ \
135 | dup2 \
136 | gethostname \
137 | localtime_r \
138 | memmove \
139 | memset \
140 | mkdir \
141 | socket \
142 | strcasecmp \
143 | strncasecmp \
144 | strchr \
145 | strdup \
146 | strrchr \
147 | strstr \
148 | strtoul \
149 | strtoull])
150 |
151 | AC_CONFIG_FILES([Makefile
152 | sstp-client-1.0.pc
153 | src/Makefile
154 | include/Makefile
155 | src/libsstp-log/Makefile
156 | src/libsstp-api/Makefile
157 | src/libsstp-compat/Makefile
158 | src/pppd-plugin/Makefile])
159 | AC_OUTPUT
160 |
161 | echo "
162 | $PACKAGE_NAME version $PACKAGE_VERSION
163 | Prefix.........: $prefix
164 | Runtime Dir....: $SSTP_RUNTIME_DIR
165 | PPP Plugin Dir.: $PPPD_PLUGIN_DIR
166 | User:..........: $enable_user
167 | Group:.........: $enable_group
168 | Using OpenSSL..: $OPENSSL_INCLUDES $OPENSSL_LDFLAGS $OPENSSL_LIBS
169 | C Compiler.....: $CC $CFLAGS
170 | Using Event....: $LIBEVENT_CFLAGS $LIBEVENT_LIBS
171 | Linker.........: $LD $LDFLAGS $LIBS
172 | "
173 |
174 |
--------------------------------------------------------------------------------
/m4/lt~obsolete.m4:
--------------------------------------------------------------------------------
1 | # lt~obsolete.m4 -- aclocal satisfying obsolete definitions. -*-Autoconf-*-
2 | #
3 | # Copyright (C) 2004, 2005, 2007, 2009 Free Software Foundation, Inc.
4 | # Written by Scott James Remnant, 2004.
5 | #
6 | # This file is free software; the Free Software Foundation gives
7 | # unlimited permission to copy and/or distribute it, with or without
8 | # modifications, as long as this notice is preserved.
9 |
10 | # serial 5 lt~obsolete.m4
11 |
12 | # These exist entirely to fool aclocal when bootstrapping libtool.
13 | #
14 | # In the past libtool.m4 has provided macros via AC_DEFUN (or AU_DEFUN)
15 | # which have later been changed to m4_define as they aren't part of the
16 | # exported API, or moved to Autoconf or Automake where they belong.
17 | #
18 | # The trouble is, aclocal is a bit thick. It'll see the old AC_DEFUN
19 | # in /usr/share/aclocal/libtool.m4 and remember it, then when it sees us
20 | # using a macro with the same name in our local m4/libtool.m4 it'll
21 | # pull the old libtool.m4 in (it doesn't see our shiny new m4_define
22 | # and doesn't know about Autoconf macros at all.)
23 | #
24 | # So we provide this file, which has a silly filename so it's always
25 | # included after everything else. This provides aclocal with the
26 | # AC_DEFUNs it wants, but when m4 processes it, it doesn't do anything
27 | # because those macros already exist, or will be overwritten later.
28 | # We use AC_DEFUN over AU_DEFUN for compatibility with aclocal-1.6.
29 | #
30 | # Anytime we withdraw an AC_DEFUN or AU_DEFUN, remember to add it here.
31 | # Yes, that means every name once taken will need to remain here until
32 | # we give up compatibility with versions before 1.7, at which point
33 | # we need to keep only those names which we still refer to.
34 |
35 | # This is to help aclocal find these macros, as it can't see m4_define.
36 | AC_DEFUN([LTOBSOLETE_VERSION], [m4_if([1])])
37 |
38 | m4_ifndef([AC_LIBTOOL_LINKER_OPTION], [AC_DEFUN([AC_LIBTOOL_LINKER_OPTION])])
39 | m4_ifndef([AC_PROG_EGREP], [AC_DEFUN([AC_PROG_EGREP])])
40 | m4_ifndef([_LT_AC_PROG_ECHO_BACKSLASH], [AC_DEFUN([_LT_AC_PROG_ECHO_BACKSLASH])])
41 | m4_ifndef([_LT_AC_SHELL_INIT], [AC_DEFUN([_LT_AC_SHELL_INIT])])
42 | m4_ifndef([_LT_AC_SYS_LIBPATH_AIX], [AC_DEFUN([_LT_AC_SYS_LIBPATH_AIX])])
43 | m4_ifndef([_LT_PROG_LTMAIN], [AC_DEFUN([_LT_PROG_LTMAIN])])
44 | m4_ifndef([_LT_AC_TAGVAR], [AC_DEFUN([_LT_AC_TAGVAR])])
45 | m4_ifndef([AC_LTDL_ENABLE_INSTALL], [AC_DEFUN([AC_LTDL_ENABLE_INSTALL])])
46 | m4_ifndef([AC_LTDL_PREOPEN], [AC_DEFUN([AC_LTDL_PREOPEN])])
47 | m4_ifndef([_LT_AC_SYS_COMPILER], [AC_DEFUN([_LT_AC_SYS_COMPILER])])
48 | m4_ifndef([_LT_AC_LOCK], [AC_DEFUN([_LT_AC_LOCK])])
49 | m4_ifndef([AC_LIBTOOL_SYS_OLD_ARCHIVE], [AC_DEFUN([AC_LIBTOOL_SYS_OLD_ARCHIVE])])
50 | m4_ifndef([_LT_AC_TRY_DLOPEN_SELF], [AC_DEFUN([_LT_AC_TRY_DLOPEN_SELF])])
51 | m4_ifndef([AC_LIBTOOL_PROG_CC_C_O], [AC_DEFUN([AC_LIBTOOL_PROG_CC_C_O])])
52 | m4_ifndef([AC_LIBTOOL_SYS_HARD_LINK_LOCKS], [AC_DEFUN([AC_LIBTOOL_SYS_HARD_LINK_LOCKS])])
53 | m4_ifndef([AC_LIBTOOL_OBJDIR], [AC_DEFUN([AC_LIBTOOL_OBJDIR])])
54 | m4_ifndef([AC_LTDL_OBJDIR], [AC_DEFUN([AC_LTDL_OBJDIR])])
55 | m4_ifndef([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH], [AC_DEFUN([AC_LIBTOOL_PROG_LD_HARDCODE_LIBPATH])])
56 | m4_ifndef([AC_LIBTOOL_SYS_LIB_STRIP], [AC_DEFUN([AC_LIBTOOL_SYS_LIB_STRIP])])
57 | m4_ifndef([AC_PATH_MAGIC], [AC_DEFUN([AC_PATH_MAGIC])])
58 | m4_ifndef([AC_PROG_LD_GNU], [AC_DEFUN([AC_PROG_LD_GNU])])
59 | m4_ifndef([AC_PROG_LD_RELOAD_FLAG], [AC_DEFUN([AC_PROG_LD_RELOAD_FLAG])])
60 | m4_ifndef([AC_DEPLIBS_CHECK_METHOD], [AC_DEFUN([AC_DEPLIBS_CHECK_METHOD])])
61 | m4_ifndef([AC_LIBTOOL_PROG_COMPILER_NO_RTTI], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_NO_RTTI])])
62 | m4_ifndef([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE], [AC_DEFUN([AC_LIBTOOL_SYS_GLOBAL_SYMBOL_PIPE])])
63 | m4_ifndef([AC_LIBTOOL_PROG_COMPILER_PIC], [AC_DEFUN([AC_LIBTOOL_PROG_COMPILER_PIC])])
64 | m4_ifndef([AC_LIBTOOL_PROG_LD_SHLIBS], [AC_DEFUN([AC_LIBTOOL_PROG_LD_SHLIBS])])
65 | m4_ifndef([AC_LIBTOOL_POSTDEP_PREDEP], [AC_DEFUN([AC_LIBTOOL_POSTDEP_PREDEP])])
66 | m4_ifndef([LT_AC_PROG_EGREP], [AC_DEFUN([LT_AC_PROG_EGREP])])
67 | m4_ifndef([LT_AC_PROG_SED], [AC_DEFUN([LT_AC_PROG_SED])])
68 | m4_ifndef([_LT_CC_BASENAME], [AC_DEFUN([_LT_CC_BASENAME])])
69 | m4_ifndef([_LT_COMPILER_BOILERPLATE], [AC_DEFUN([_LT_COMPILER_BOILERPLATE])])
70 | m4_ifndef([_LT_LINKER_BOILERPLATE], [AC_DEFUN([_LT_LINKER_BOILERPLATE])])
71 | m4_ifndef([_AC_PROG_LIBTOOL], [AC_DEFUN([_AC_PROG_LIBTOOL])])
72 | m4_ifndef([AC_LIBTOOL_SETUP], [AC_DEFUN([AC_LIBTOOL_SETUP])])
73 | m4_ifndef([_LT_AC_CHECK_DLFCN], [AC_DEFUN([_LT_AC_CHECK_DLFCN])])
74 | m4_ifndef([AC_LIBTOOL_SYS_DYNAMIC_LINKER], [AC_DEFUN([AC_LIBTOOL_SYS_DYNAMIC_LINKER])])
75 | m4_ifndef([_LT_AC_TAGCONFIG], [AC_DEFUN([_LT_AC_TAGCONFIG])])
76 | m4_ifndef([AC_DISABLE_FAST_INSTALL], [AC_DEFUN([AC_DISABLE_FAST_INSTALL])])
77 | m4_ifndef([_LT_AC_LANG_CXX], [AC_DEFUN([_LT_AC_LANG_CXX])])
78 | m4_ifndef([_LT_AC_LANG_F77], [AC_DEFUN([_LT_AC_LANG_F77])])
79 | m4_ifndef([_LT_AC_LANG_GCJ], [AC_DEFUN([_LT_AC_LANG_GCJ])])
80 | m4_ifndef([AC_LIBTOOL_LANG_C_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_C_CONFIG])])
81 | m4_ifndef([_LT_AC_LANG_C_CONFIG], [AC_DEFUN([_LT_AC_LANG_C_CONFIG])])
82 | m4_ifndef([AC_LIBTOOL_LANG_CXX_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_CXX_CONFIG])])
83 | m4_ifndef([_LT_AC_LANG_CXX_CONFIG], [AC_DEFUN([_LT_AC_LANG_CXX_CONFIG])])
84 | m4_ifndef([AC_LIBTOOL_LANG_F77_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_F77_CONFIG])])
85 | m4_ifndef([_LT_AC_LANG_F77_CONFIG], [AC_DEFUN([_LT_AC_LANG_F77_CONFIG])])
86 | m4_ifndef([AC_LIBTOOL_LANG_GCJ_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_GCJ_CONFIG])])
87 | m4_ifndef([_LT_AC_LANG_GCJ_CONFIG], [AC_DEFUN([_LT_AC_LANG_GCJ_CONFIG])])
88 | m4_ifndef([AC_LIBTOOL_LANG_RC_CONFIG], [AC_DEFUN([AC_LIBTOOL_LANG_RC_CONFIG])])
89 | m4_ifndef([_LT_AC_LANG_RC_CONFIG], [AC_DEFUN([_LT_AC_LANG_RC_CONFIG])])
90 | m4_ifndef([AC_LIBTOOL_CONFIG], [AC_DEFUN([AC_LIBTOOL_CONFIG])])
91 | m4_ifndef([_LT_AC_FILE_LTDLL_C], [AC_DEFUN([_LT_AC_FILE_LTDLL_C])])
92 | m4_ifndef([_LT_REQUIRED_DARWIN_CHECKS], [AC_DEFUN([_LT_REQUIRED_DARWIN_CHECKS])])
93 | m4_ifndef([_LT_AC_PROG_CXXCPP], [AC_DEFUN([_LT_AC_PROG_CXXCPP])])
94 | m4_ifndef([_LT_PREPARE_SED_QUOTE_VARS], [AC_DEFUN([_LT_PREPARE_SED_QUOTE_VARS])])
95 | m4_ifndef([_LT_PROG_ECHO_BACKSLASH], [AC_DEFUN([_LT_PROG_ECHO_BACKSLASH])])
96 | m4_ifndef([_LT_PROG_F77], [AC_DEFUN([_LT_PROG_F77])])
97 | m4_ifndef([_LT_PROG_FC], [AC_DEFUN([_LT_PROG_FC])])
98 | m4_ifndef([_LT_PROG_CXX], [AC_DEFUN([_LT_PROG_CXX])])
99 |
--------------------------------------------------------------------------------
/src/pppd-plugin/sstp-plugin.c:
--------------------------------------------------------------------------------
1 | /*!
2 | * @brief Plugin for pppd to relay the MPPE keys to sstp-client
3 | *
4 | * @file sstp-plugin.c
5 | *
6 | * @author Copyright (C) 2011 Eivind Naess,
7 | * All Rights Reserved
8 | *
9 | * @par License:
10 | * This program is free software; you can redistribute it and/or modify
11 | * it under the terms of the GNU General Public License as published by
12 | * the Free Software Foundation; either version 2 of the License, or
13 | * (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License along
21 | * with this program; if not, write to the Free Software Foundation, Inc.,
22 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 | */
24 |
25 | #include
26 | #include
27 | #include
28 | #include
29 | #include
30 | #include
31 | #include
32 | #include
33 |
34 | #include
35 | #include
36 |
37 | #ifndef MPPE
38 | #define MPPE_MAX_KEY_LEN 16
39 | extern u_char mppe_send_key[MPPE_MAX_KEY_LEN];
40 | extern u_char mppe_recv_key[MPPE_MAX_KEY_LEN];
41 | extern int mppe_keys_set;
42 | #endif
43 | #define SSTP_MAX_BUFLEN 255
44 |
45 | static int sstp_notify_sent = 0;
46 |
47 | /*!
48 | * @brief PPP daemon requires this symbol to be exported
49 | */
50 | const char pppd_version [] = VERSION;
51 |
52 | /*! The socket we send sstp-client our MPPE keys */
53 | static char sstp_sock[SSTP_MAX_BUFLEN+1];
54 |
55 | /*! Set of options required for this module */
56 | static option_t sstp_option [] =
57 | {
58 | { "sstp-sock", o_string, &sstp_sock,
59 | "Set the address of the socket to connect back to sstp-client",
60 | OPT_PRIO | OPT_PRIV | OPT_STATIC, NULL, SSTP_MAX_BUFLEN
61 | }
62 | };
63 |
64 |
65 | /*!
66 | * @brief Exchange the MPPE keys with sstp-client
67 | */
68 | static void sstp_send_notify(unsigned char *skey, int slen,
69 | unsigned char *rkey, int rlen)
70 | {
71 | struct sockaddr_un addr;
72 | int ret = (-1);
73 | int sock = (-1);
74 | int alen = (sizeof(addr));
75 | uint8_t buf[SSTP_MAX_BUFLEN+1];
76 | sstp_api_msg_st *msg = NULL;
77 |
78 | /* Open the socket */
79 | sock = socket(AF_UNIX, SOCK_STREAM, 0);
80 | if (sock < 0)
81 | {
82 | fatal("Could not open socket to communicate with sstp-client");
83 | }
84 |
85 | /* Setup the address */
86 | addr.sun_family = AF_UNIX;
87 | strncpy(addr.sun_path, sstp_sock, sizeof(addr.sun_path));
88 |
89 | /* Connect the socket */
90 | ret = connect(sock, (struct sockaddr*) &addr, alen);
91 | if (ret < 0)
92 | {
93 | fatal("Could not connect to sstp-client (%s), %s (%d)", sstp_sock,
94 | strerror(errno), errno);
95 | }
96 |
97 | /* Create a new message */
98 | msg = sstp_api_msg_new(buf, SSTP_API_MSG_AUTH);
99 |
100 | /* Add the MPPE Send Key */
101 | sstp_api_attr_add(msg, SSTP_API_ATTR_MPPE_SEND,
102 | MPPE_MAX_KEY_LEN, skey);
103 |
104 | /* Add the MPPE Recv Key */
105 | sstp_api_attr_add(msg, SSTP_API_ATTR_MPPE_RECV,
106 | MPPE_MAX_KEY_LEN, rkey);
107 |
108 | /* Send the structure */
109 | ret = send(sock, msg, sstp_api_msg_len(msg), 0);
110 | if (ret < 0)
111 | {
112 | fatal("Could not send data to sstp-client");
113 | }
114 |
115 | /* Wait for the ACK to be received */
116 | ret = recv(sock, msg, (sizeof(*msg)), 0);
117 | if (ret < 0 || ret != (sizeof(*msg)))
118 | {
119 | fatal("Could not wait for ack from sstp-client");
120 | }
121 |
122 | /* We have communicated the keys */
123 | sstp_notify_sent = 1;
124 |
125 | /* Close socket */
126 | close(sock);
127 | }
128 |
129 |
130 | /*!
131 | * @brief Make sure we send notification, if we didn't snoop MSCHAPv2
132 | *
133 | * @par Note:
134 | * IF MPPE was enabled, the keys have been zeroed out for security
135 | * reasons.
136 | *
137 | * You can configure PAP, CHAP-MD5 and MSCHAP with the NAP service,
138 | * these are disabled by Microsoft 2008 server by default.
139 | */
140 | static void sstp_ip_up(void *arg, int dummy)
141 | {
142 | if (sstp_notify_sent)
143 | return;
144 |
145 | /* Auth-Type is not MSCHAPv2, reset the keys and send blank keys */
146 | if (!mppe_keys_set)
147 | {
148 | memset(&mppe_send_key, 0, sizeof(mppe_send_key));
149 | memset(&mppe_recv_key, 0, sizeof(mppe_recv_key));
150 | }
151 |
152 | /* Send the MPPE keys to the sstpc client */
153 | sstp_send_notify(mppe_send_key, sizeof(mppe_send_key),
154 | mppe_recv_key, sizeof(mppe_recv_key));
155 | }
156 |
157 |
158 | /*!
159 | * @brief Snoop the Authentication complete packet, steal MPPE keys
160 | */
161 | static void sstp_snoop_send(unsigned char *buf, int len)
162 | {
163 | uint16_t protocol;
164 |
165 | /* Skip the HDLC header */
166 | buf += 2;
167 | len -= 2;
168 |
169 | /* Too short of a packet */
170 | if (len <= 0)
171 | return;
172 |
173 | /* Stop snooping if it is not a LCP Auth Chap packet */
174 | protocol = (buf[0] & 0x10) ? buf[0] : (buf[0] << 8 | buf[1]);
175 | if (protocol != 0xC223)
176 | return;
177 |
178 | /* Skip the LCP header */
179 | buf += 2;
180 | len -= 2;
181 |
182 | /* Too short of a packet */
183 | if (len <= 0)
184 | return;
185 |
186 | /* Check if packet is a CHAP response */
187 | if (buf[0] != 0x02)
188 | return;
189 |
190 | /* We should send sstpc empty keys .. */
191 | if (!mppe_keys_set)
192 | {
193 | return;
194 | }
195 |
196 | /* ChapMS2/ChapMS sets the MPPE keys as a part of the make_response
197 | * call, these might not be enabled dependent on negotiated options
198 | * such as MPPE and compression. If they are enabled, the keys are
199 | * zeroed out in ccp.c before ip-up is called.
200 | *
201 | * Let's steal the keys here over implementing all the code to
202 | * calculate the MPPE keys here.
203 | */
204 | if (debug)
205 | {
206 | char key[255];
207 | dbglog("%s: mppe keys are set", __func__);
208 |
209 | /* Add the MPPE Send Key */
210 | slprintf(key, sizeof(key)-1, "%0.*B", MPPE_MAX_KEY_LEN,
211 | mppe_send_key);
212 | dbglog("%s: The mppe send key: %s", __func__, key);
213 |
214 | /* Add the MPPE Recv Key */
215 | slprintf(key, sizeof(key)-1, "%0.*B", MPPE_MAX_KEY_LEN,
216 | mppe_recv_key );
217 | dbglog("%s: The mppe recv key: %s", __func__, key);
218 | }
219 |
220 | /* Send the MPPE keys to the sstpc client */
221 | sstp_send_notify(mppe_send_key, sizeof(mppe_send_key),
222 | mppe_recv_key, sizeof(mppe_recv_key));
223 | }
224 |
225 |
226 | /*!
227 | * @brief PPP daemon requires this symbol to be exported for initialization
228 | */
229 | void plugin_init(void)
230 | {
231 | /* Clear memory */
232 | memset(&sstp_sock, 0, sizeof(sstp_sock));
233 |
234 | /* Allow us to intercept options */
235 | add_options(sstp_option);
236 |
237 | /* Let's snoop for CHAP authentication */
238 | snoop_send_hook = sstp_snoop_send;
239 |
240 | /* Add ip-up notifier */
241 | add_notifier(&ip_up_notifier, sstp_ip_up, NULL);
242 | }
243 |
244 |
245 |
--------------------------------------------------------------------------------
/config.h.in:
--------------------------------------------------------------------------------
1 | /* config.h.in. Generated from configure.ac by autoheader. */
2 |
3 | /* Define to one of `_getb67', `GETB67', `getb67' for Cray-2 and Cray-YMP
4 | systems. This function is required for `alloca.c' support on those systems.
5 | */
6 | #undef CRAY_STACKSEG_END
7 |
8 | /* Define to 1 if using `alloca.c'. */
9 | #undef C_ALLOCA
10 |
11 | /* Define to 1 if you have `alloca', as a function or macro. */
12 | #undef HAVE_ALLOCA
13 |
14 | /* Define to 1 if you have and it should be used (not on Ultrix).
15 | */
16 | #undef HAVE_ALLOCA_H
17 |
18 | /* Define to 1 if you have the header file. */
19 | #undef HAVE_ARPA_INET_H
20 |
21 | /* Define to 1 if your system has a working `chown' function. */
22 | #undef HAVE_CHOWN
23 |
24 | /* Define to 1 if you have the header file. */
25 | #undef HAVE_DLFCN_H
26 |
27 | /* Define to 1 if you have the `dup2' function. */
28 | #undef HAVE_DUP2
29 |
30 | /* Define to 1 if you have the header file. */
31 | #undef HAVE_FCNTL_H
32 |
33 | /* Define to 1 if you have the `fork' function. */
34 | #undef HAVE_FORK
35 |
36 | /* Define to 1 if you have the `gethostname' function. */
37 | #undef HAVE_GETHOSTNAME
38 |
39 | /* Define to 1 if you have the header file. */
40 | #undef HAVE_INTTYPES_H
41 |
42 | /* Define to 1 if you have the `event' library (-levent). */
43 | #undef HAVE_LIBEVENT
44 |
45 | /* Specify use of libevent >= $LIBEVENT2_MINIMUM */
46 | #undef HAVE_LIBEVENT2
47 |
48 | /* Define to 1 if you have the `util' library (-lutil). */
49 | #undef HAVE_LIBUTIL
50 |
51 | /* Define to 1 if you have the `localtime_r' function. */
52 | #undef HAVE_LOCALTIME_R
53 |
54 | /* Define to 1 if your system has a GNU libc compatible `malloc' function, and
55 | to 0 otherwise. */
56 | #undef HAVE_MALLOC
57 |
58 | /* Define to 1 if you have the `memmove' function. */
59 | #undef HAVE_MEMMOVE
60 |
61 | /* Define to 1 if you have the header file. */
62 | #undef HAVE_MEMORY_H
63 |
64 | /* Define to 1 if you have the `memset' function. */
65 | #undef HAVE_MEMSET
66 |
67 | /* Define to 1 if you have the `mkdir' function. */
68 | #undef HAVE_MKDIR
69 |
70 | /* Define to 1 if you have the header file. */
71 | #undef HAVE_NETDB_H
72 |
73 | /* Use netlink to add/remove route */
74 | #undef HAVE_NETLINK
75 |
76 | /* Define to 1 if you have the header file. */
77 | #undef HAVE_PATHS_H
78 |
79 | /* Define if you have PPP support */
80 | #undef HAVE_PPP_PLUGIN
81 |
82 | /* Define to 1 if you have the header file. */
83 | #undef HAVE_PTY_H
84 |
85 | /* Define to 1 if you have the `socket' function. */
86 | #undef HAVE_SOCKET
87 |
88 | /* Define to 1 if stdbool.h conforms to C99. */
89 | #undef HAVE_STDBOOL_H
90 |
91 | /* Define to 1 if you have the header file. */
92 | #undef HAVE_STDINT_H
93 |
94 | /* Define to 1 if you have the header file. */
95 | #undef HAVE_STDLIB_H
96 |
97 | /* Define to 1 if you have the `strcasecmp' function. */
98 | #undef HAVE_STRCASECMP
99 |
100 | /* Define to 1 if you have the `strchr' function. */
101 | #undef HAVE_STRCHR
102 |
103 | /* Define to 1 if you have the `strdup' function. */
104 | #undef HAVE_STRDUP
105 |
106 | /* Define to 1 if you have the header file. */
107 | #undef HAVE_STRINGS_H
108 |
109 | /* Define to 1 if you have the header file. */
110 | #undef HAVE_STRING_H
111 |
112 | /* Define to 1 if you have the `strncasecmp' function. */
113 | #undef HAVE_STRNCASECMP
114 |
115 | /* Define to 1 if you have the `strrchr' function. */
116 | #undef HAVE_STRRCHR
117 |
118 | /* Define to 1 if you have the `strstr' function. */
119 | #undef HAVE_STRSTR
120 |
121 | /* Define to 1 if you have the `strtoul' function. */
122 | #undef HAVE_STRTOUL
123 |
124 | /* Define to 1 if you have the `strtoull' function. */
125 | #undef HAVE_STRTOULL
126 |
127 | /* Define to 1 if you have the header file. */
128 | #undef HAVE_SYSLOG_H
129 |
130 | /* Define to 1 if you have the header file. */
131 | #undef HAVE_SYS_SOCKET_H
132 |
133 | /* Define to 1 if you have the header file. */
134 | #undef HAVE_SYS_STAT_H
135 |
136 | /* Define to 1 if you have the header file. */
137 | #undef HAVE_SYS_TYPES_H
138 |
139 | /* Define to 1 if you have the header file. */
140 | #undef HAVE_UNISTD_H
141 |
142 | /* Define to 1 if you have the `vfork' function. */
143 | #undef HAVE_VFORK
144 |
145 | /* Define to 1 if you have the header file. */
146 | #undef HAVE_VFORK_H
147 |
148 | /* Define to 1 if `fork' works. */
149 | #undef HAVE_WORKING_FORK
150 |
151 | /* Define to 1 if `vfork' works. */
152 | #undef HAVE_WORKING_VFORK
153 |
154 | /* Define to 1 if the system has the type `_Bool'. */
155 | #undef HAVE__BOOL
156 |
157 | /* Define to the sub-directory in which libtool stores uninstalled libraries.
158 | */
159 | #undef LT_OBJDIR
160 |
161 | /* Define to 1 if your C compiler doesn't accept -c and -o together. */
162 | #undef NO_MINUS_C_MINUS_O
163 |
164 | /* Name of package */
165 | #undef PACKAGE
166 |
167 | /* Define to the address where bug reports for this package should be sent. */
168 | #undef PACKAGE_BUGREPORT
169 |
170 | /* Define to the full name of this package. */
171 | #undef PACKAGE_NAME
172 |
173 | /* Define to the full name and version of this package. */
174 | #undef PACKAGE_STRING
175 |
176 | /* Define to the one symbol short name of this package. */
177 | #undef PACKAGE_TARNAME
178 |
179 | /* Define to the home page for this package. */
180 | #undef PACKAGE_URL
181 |
182 | /* Define to the version of this package. */
183 | #undef PACKAGE_VERSION
184 |
185 | /* The sstpc privilege drop group */
186 | #undef SSTP_GROUP
187 |
188 | /* The sstpc privilege drop user */
189 | #undef SSTP_USER
190 |
191 | /* If using the C implementation of alloca, define if you know the
192 | direction of stack growth for your system; otherwise it will be
193 | automatically deduced at runtime.
194 | STACK_DIRECTION > 0 => grows toward higher addresses
195 | STACK_DIRECTION < 0 => grows toward lower addresses
196 | STACK_DIRECTION = 0 => direction of growth unknown */
197 | #undef STACK_DIRECTION
198 |
199 | /* Define to 1 if you have the ANSI C header files. */
200 | #undef STDC_HEADERS
201 |
202 | /* Version number of package */
203 | #undef VERSION
204 |
205 | /* Define for Solaris 2.5.1 so the uint32_t typedef from ,
206 | , or is not used. If the typedef were allowed, the
207 | #define below would cause a syntax error. */
208 | #undef _UINT32_T
209 |
210 | /* Define for Solaris 2.5.1 so the uint8_t typedef from ,
211 | , or is not used. If the typedef were allowed, the
212 | #define below would cause a syntax error. */
213 | #undef _UINT8_T
214 |
215 | /* Define to `int' if doesn't define. */
216 | #undef gid_t
217 |
218 | /* Define to rpl_malloc if the replacement function should be used. */
219 | #undef malloc
220 |
221 | /* Define to `int' if does not define. */
222 | #undef mode_t
223 |
224 | /* Define to `int' if does not define. */
225 | #undef pid_t
226 |
227 | /* Define to `unsigned int' if does not define. */
228 | #undef size_t
229 |
230 | /* Define to `int' if doesn't define. */
231 | #undef uid_t
232 |
233 | /* Define to the type of an unsigned integer type of width exactly 16 bits if
234 | such a type exists and the standard includes do not define it. */
235 | #undef uint16_t
236 |
237 | /* Define to the type of an unsigned integer type of width exactly 32 bits if
238 | such a type exists and the standard includes do not define it. */
239 | #undef uint32_t
240 |
241 | /* Define to the type of an unsigned integer type of width exactly 8 bits if
242 | such a type exists and the standard includes do not define it. */
243 | #undef uint8_t
244 |
245 | /* Define as `fork' if `vfork' does not work. */
246 | #undef vfork
247 |
--------------------------------------------------------------------------------
/src/sstp-task.c:
--------------------------------------------------------------------------------
1 | /*!
2 | * @brief API for handling sub-tasks
3 | *
4 | * @file sstp-task.c
5 | *
6 | * @author Copyright (C) 2011 Eivind Naess,
7 | * All Rights Reserved
8 | *
9 | * @par License:
10 | * This program is free software; you can redistribute it and/or modify
11 | * it under the terms of the GNU General Public License as published by
12 | * the Free Software Foundation; either version 2 of the License, or
13 | * (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License along
21 | * with this program; if not, write to the Free Software Foundation, Inc.,
22 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 | */
24 | #include
25 | #include
26 | #include
27 | #ifdef HAVE_PTY_H
28 | #include
29 | #else
30 | #include
31 | #endif
32 | #include
33 | #include
34 | #include
35 | #include
36 | #include
37 | #include
38 |
39 | #include "sstp-private.h"
40 |
41 |
42 | /*!
43 | * @brief The task structure
44 | */
45 | struct sstp_task
46 | {
47 | /*< The pid of the process */
48 | int pid;
49 |
50 | /*< The output file descriptor */
51 | int out;
52 |
53 | /*< The input file descriptor */
54 | int in;
55 |
56 | /*< The flags enabled */
57 | sstp_task_t type;
58 |
59 | /*< The ttydev device to use */
60 | char ttydev[SSTP_PATH_MAX];
61 | };
62 |
63 |
64 | static status_t sstp_setup_pty(sstp_task_st *task)
65 | {
66 | int ret = -1;
67 |
68 | /* Open a pseudo-terminal */
69 | ret = openpty(&task->in, &task->out, task->ttydev, NULL, NULL);
70 | if (ret < 0)
71 | {
72 | return SSTP_FAIL;
73 | }
74 |
75 | return SSTP_OKAY;
76 | }
77 |
78 |
79 | static status_t sstp_setup_pipe(sstp_task_st *task)
80 | {
81 | int pair[2];
82 | int ret = 0;
83 | status_t status = SSTP_FAIL;
84 |
85 | /* Create a pipe for input */
86 | ret = socketpair(AF_LOCAL, SOCK_STREAM, 0, pair);
87 | if (ret < 0)
88 | {
89 | goto done;
90 | }
91 |
92 | /*
93 | * Save the socket pair here, but child will be using the out,
94 | * and the parent use the in for I/O.
95 | */
96 | task->in = pair[0];
97 | task->out = pair[1];
98 |
99 | /* Success! */
100 | status = SSTP_OKAY;
101 |
102 | done:
103 |
104 | return status;
105 | }
106 |
107 |
108 | status_t sstp_task_new(sstp_task_st **task, sstp_task_t type)
109 | {
110 | /* Allocate task structure */
111 | *task = calloc(1, sizeof(sstp_task_st));
112 | if (*task == NULL)
113 | {
114 | return SSTP_FAIL;
115 | }
116 |
117 | /* Handle pipe / pty creation */
118 | switch (type)
119 | {
120 | case SSTP_TASK_USEPIPE:
121 | sstp_setup_pipe(*task);
122 | break;
123 |
124 | case SSTP_TASK_USEPTY:
125 | sstp_setup_pty(*task);
126 | break;
127 |
128 | default:
129 | break;
130 | }
131 |
132 | /* Save the flags */
133 | (*task)->type = type;
134 |
135 | /* Success */
136 | return SSTP_OKAY;
137 | }
138 |
139 |
140 | status_t sstp_task_start(sstp_task_st *task, const char *argv[])
141 | {
142 | status_t status = SSTP_FAIL;
143 | int ret = -1;
144 |
145 | /* Fork the process */
146 | ret = fork();
147 | switch (ret)
148 | {
149 | case -1:
150 | goto done;
151 |
152 | case 0:
153 |
154 | /* In case the silent flag was set */
155 | if (task->type == SSTP_TASK_SILENT)
156 | {
157 | task->out = open("/dev/null", O_WRONLY);
158 | dup2(task->out, STDOUT_FILENO);
159 | dup2(task->out, STDERR_FILENO);
160 | }
161 |
162 | /* Setup the standard I/O descriptors for child */
163 | if (SSTP_TASK_USEPIPE == task->type ||
164 | SSTP_TASK_USEPTY == task->type)
165 | {
166 | dup2(task->out, STDOUT_FILENO); // (or tty-fd)
167 | dup2(task->out, STDIN_FILENO); // (or tty-fd)
168 | }
169 |
170 | /* Dispose of any open descriptors */
171 | sstp_task_close(task);
172 |
173 | /* Execute the command given */
174 | execv(argv[0], (char**) &argv[1]);
175 |
176 | /* If we ever could reach here ... */
177 | exit(-1);
178 |
179 | default:
180 |
181 | /* Save a reference to the pid */
182 | task->pid = ret;
183 |
184 | /* Setup the I/O for parrent */
185 | if (SSTP_TASK_USEPIPE == task->type ||
186 | SSTP_TASK_USEPTY == task->type)
187 | {
188 | close(task->out); // (or tty-fd)
189 | task->out = task->in; // (or pty-fd)
190 | }
191 |
192 | break;
193 | }
194 |
195 | /* Success */
196 | status = SSTP_OKAY;
197 |
198 | done:
199 |
200 | return status;
201 | }
202 |
203 |
204 | int sstp_task_stop(sstp_task_st *task)
205 | {
206 | return (kill(task->pid, SIGTERM) == -1)
207 | ? SSTP_FAIL
208 | : SSTP_OKAY;
209 | }
210 |
211 |
212 | int sstp_task_alive(sstp_task_st *task)
213 | {
214 | int ret = kill(task->pid, 0);
215 | if (ret == -1 && errno == ESRCH)
216 | {
217 | return 0;
218 | }
219 |
220 | return 1;
221 | }
222 |
223 |
224 | const char *sstp_task_ttydev(sstp_task_st* task)
225 | {
226 | return (task->ttydev);
227 | }
228 |
229 |
230 | int sstp_task_stdout(sstp_task_st *task)
231 | {
232 | return (task->out);
233 | }
234 |
235 |
236 | int sstp_task_stdin(sstp_task_st *task)
237 | {
238 | return (task->in);
239 | }
240 |
241 |
242 | status_t sstp_task_wait(sstp_task_st *task, int *status, int flag)
243 | {
244 | /* Collect the child if any */
245 | if (task->pid)
246 | {
247 | waitpid(task->pid, status, flag);
248 | task->pid = 0;
249 | return SSTP_OKAY;
250 | }
251 |
252 | return SSTP_FAIL;
253 | }
254 |
255 |
256 | void sstp_task_close(sstp_task_st *task)
257 | {
258 | if (task->in)
259 | {
260 | close(task->in);
261 | task->in = 0;
262 | }
263 |
264 | if (task->out)
265 | {
266 | close(task->out);
267 | task->out = 0;
268 | }
269 | }
270 |
271 |
272 | void sstp_task_destroy(sstp_task_st *task)
273 | {
274 | if (!task)
275 | {
276 | return;
277 | }
278 |
279 | /* Collect child if any */
280 | sstp_task_wait(task, NULL, WNOHANG);
281 |
282 | /* Close I/O descriptors */
283 | sstp_task_close(task);
284 |
285 | /* Free the memory */
286 | free(task);
287 | }
288 |
289 |
290 | #ifdef __SSTP_UNIT_TEST_TASK
291 |
292 | #include
293 |
294 | #define TEST_STRING "Hello World"
295 |
296 | int main(void)
297 | {
298 | const char *args[10] = {};
299 | sstp_task_st *task;
300 | int i = 0;
301 | int ret = 0;
302 | char buf[12] = {};
303 |
304 | args[i++] = "/bin/echo";
305 | args[i++] = "-n";
306 | args[i++] = TEST_STRING;
307 | args[i++] = NULL;
308 |
309 | /* Create the task */
310 | ret = sstp_task_new(&task, SSTP_TASK_USEPTY);
311 | if (SSTP_OKAY != ret)
312 | {
313 | printf("Could not create task\n");
314 | return EXIT_FAILURE;
315 | }
316 |
317 | /* Start the task */
318 | ret = sstp_task_start(task, args);
319 | if (SSTP_OKAY != ret)
320 | {
321 | printf("Could not start the task\n");
322 | return EXIT_FAILURE;
323 | }
324 |
325 | /* Read the string */
326 | ret = read(sstp_task_stdout(task), buf, sizeof(buf)-1);
327 | if (ret != sizeof(TEST_STRING)-1)
328 | {
329 | printf("Could not read bytes from task %d\n", ret);
330 | return EXIT_FAILURE;
331 | }
332 |
333 | /* Make sure it's correct */
334 | if (strcmp(buf, TEST_STRING))
335 | {
336 | printf("The read data was not \"%s\" != \"%s\"\n", TEST_STRING, buf);
337 | return EXIT_FAILURE;
338 | }
339 |
340 | /* Wait for the task to terminate */
341 | ret = sstp_task_wait(task, NULL, 0);
342 | if (SSTP_OKAY != ret)
343 | {
344 | printf("Could not collect child\n");
345 | return EXIT_FAILURE;
346 | }
347 |
348 | printf("Successfully executed /bin/echo and validated the output\n");
349 |
350 | sstp_task_destroy(task);
351 | return EXIT_SUCCESS;
352 | }
353 |
354 | #endif /* #ifdef __SSTP_TASK_UNIT_TEST */
355 |
--------------------------------------------------------------------------------
/src/sstp-fcs.c:
--------------------------------------------------------------------------------
1 | /* Fast Frame Check Sequence (FCS) Implementation, for HDLC-like framing of
2 | * PPP. Adapted by C. Scott Ananian
3 | * from RFC1662:
4 | *
5 | * C.2. 16-bit FCS Computation Method
6 | *
7 | * The following code provides a table lookup computation for
8 | * calculating the Frame Check Sequence as data arrives at the
9 | * interface. This implementation is based on [7], [8], and [9].
10 | *
11 | * [7] Perez, "Byte-wise CRC Calculations", IEEE Micro, June 1983.
12 | *
13 | * [8] Morse, G., "Calculating CRC's by Bits and Bytes", Byte,
14 | * September 1986.
15 | *
16 | * [9] LeVan, J., "A Fast CRC", Byte, November 1987.
17 | */
18 |
19 | #include
20 | #include
21 | #include
22 | #include "sstp-private.h"
23 |
24 |
25 | /*
26 | * FCS lookup table as calculated by the table generator.
27 | */
28 | static uint16_t fcstab[256] =
29 | {
30 | 0x0000, 0x1189, 0x2312, 0x329b, 0x4624, 0x57ad, 0x6536, 0x74bf,
31 | 0x8c48, 0x9dc1, 0xaf5a, 0xbed3, 0xca6c, 0xdbe5, 0xe97e, 0xf8f7,
32 | 0x1081, 0x0108, 0x3393, 0x221a, 0x56a5, 0x472c, 0x75b7, 0x643e,
33 | 0x9cc9, 0x8d40, 0xbfdb, 0xae52, 0xdaed, 0xcb64, 0xf9ff, 0xe876,
34 | 0x2102, 0x308b, 0x0210, 0x1399, 0x6726, 0x76af, 0x4434, 0x55bd,
35 | 0xad4a, 0xbcc3, 0x8e58, 0x9fd1, 0xeb6e, 0xfae7, 0xc87c, 0xd9f5,
36 | 0x3183, 0x200a, 0x1291, 0x0318, 0x77a7, 0x662e, 0x54b5, 0x453c,
37 | 0xbdcb, 0xac42, 0x9ed9, 0x8f50, 0xfbef, 0xea66, 0xd8fd, 0xc974,
38 | 0x4204, 0x538d, 0x6116, 0x709f, 0x0420, 0x15a9, 0x2732, 0x36bb,
39 | 0xce4c, 0xdfc5, 0xed5e, 0xfcd7, 0x8868, 0x99e1, 0xab7a, 0xbaf3,
40 | 0x5285, 0x430c, 0x7197, 0x601e, 0x14a1, 0x0528, 0x37b3, 0x263a,
41 | 0xdecd, 0xcf44, 0xfddf, 0xec56, 0x98e9, 0x8960, 0xbbfb, 0xaa72,
42 | 0x6306, 0x728f, 0x4014, 0x519d, 0x2522, 0x34ab, 0x0630, 0x17b9,
43 | 0xef4e, 0xfec7, 0xcc5c, 0xddd5, 0xa96a, 0xb8e3, 0x8a78, 0x9bf1,
44 | 0x7387, 0x620e, 0x5095, 0x411c, 0x35a3, 0x242a, 0x16b1, 0x0738,
45 | 0xffcf, 0xee46, 0xdcdd, 0xcd54, 0xb9eb, 0xa862, 0x9af9, 0x8b70,
46 | 0x8408, 0x9581, 0xa71a, 0xb693, 0xc22c, 0xd3a5, 0xe13e, 0xf0b7,
47 | 0x0840, 0x19c9, 0x2b52, 0x3adb, 0x4e64, 0x5fed, 0x6d76, 0x7cff,
48 | 0x9489, 0x8500, 0xb79b, 0xa612, 0xd2ad, 0xc324, 0xf1bf, 0xe036,
49 | 0x18c1, 0x0948, 0x3bd3, 0x2a5a, 0x5ee5, 0x4f6c, 0x7df7, 0x6c7e,
50 | 0xa50a, 0xb483, 0x8618, 0x9791, 0xe32e, 0xf2a7, 0xc03c, 0xd1b5,
51 | 0x2942, 0x38cb, 0x0a50, 0x1bd9, 0x6f66, 0x7eef, 0x4c74, 0x5dfd,
52 | 0xb58b, 0xa402, 0x9699, 0x8710, 0xf3af, 0xe226, 0xd0bd, 0xc134,
53 | 0x39c3, 0x284a, 0x1ad1, 0x0b58, 0x7fe7, 0x6e6e, 0x5cf5, 0x4d7c,
54 | 0xc60c, 0xd785, 0xe51e, 0xf497, 0x8028, 0x91a1, 0xa33a, 0xb2b3,
55 | 0x4a44, 0x5bcd, 0x6956, 0x78df, 0x0c60, 0x1de9, 0x2f72, 0x3efb,
56 | 0xd68d, 0xc704, 0xf59f, 0xe416, 0x90a9, 0x8120, 0xb3bb, 0xa232,
57 | 0x5ac5, 0x4b4c, 0x79d7, 0x685e, 0x1ce1, 0x0d68, 0x3ff3, 0x2e7a,
58 | 0xe70e, 0xf687, 0xc41c, 0xd595, 0xa12a, 0xb0a3, 0x8238, 0x93b1,
59 | 0x6b46, 0x7acf, 0x4854, 0x59dd, 0x2d62, 0x3ceb, 0x0e70, 0x1ff9,
60 | 0xf78f, 0xe606, 0xd49d, 0xc514, 0xb1ab, 0xa022, 0x92b9, 0x8330,
61 | 0x7bc7, 0x6a4e, 0x58d5, 0x495c, 0x3de3, 0x2c6a, 0x1ef1, 0x0f78
62 | };
63 |
64 |
65 | /*!
66 | * @brief Calculate a new fcs given the current fcs and the data.
67 | */
68 | uint16_t sstp_frame_check(uint16_t fcs, const unsigned char *cp, int len)
69 | {
70 | while (len--)
71 | {
72 | fcs = (fcs >> 8) ^ fcstab[(fcs ^ *cp++) & 0xff];
73 | }
74 |
75 | return (fcs);
76 | }
77 |
78 |
79 | status_t sstp_frame_decode(const unsigned char *buf, int *length,
80 | unsigned char *frame, int *size)
81 | {
82 | unsigned int index = 0;
83 | unsigned int pos = 0;
84 | unsigned int ret = 0;
85 |
86 | /* Skip the start of the frame */
87 | while (buf[index] == HDLC_FLAG)
88 | {
89 | index++;
90 | }
91 |
92 | do
93 | {
94 | unsigned int escape = 0;
95 |
96 | /* Incase we encounter escapes */
97 | if (buf[index] == HDLC_ESCAPE)
98 | {
99 | escape = HDLC_TRANSPARENCY;
100 | index++;
101 | }
102 |
103 | /* Copy character to the output */
104 | if (pos < *size)
105 | {
106 | frame[pos++] = buf[index] ^ escape;
107 | }
108 |
109 | /* Received incomplete frame */
110 | if (index >= *length)
111 | {
112 | return SSTP_OVERFLOW;
113 | }
114 |
115 | } while (buf[++index] != HDLC_FLAG);
116 |
117 | /* Account for the FCS field */
118 | *size = (pos - sizeof(uint16_t));
119 | *length = index;
120 |
121 | /* Skip short packets */
122 | if (pos < 4)
123 | {
124 | return SSTP_FAIL;
125 | }
126 |
127 | /* Calculate checksum and compare */
128 | ret = sstp_frame_check(PPPINITFCS16, frame, pos);
129 | if (PPPGOODFCS16 != ret) // 0xf0b8
130 | {
131 | return SSTP_FAIL;
132 | }
133 |
134 | return SSTP_OKAY;
135 | }
136 |
137 |
138 | status_t sstp_frame_encode(const unsigned char *source, int ilen,
139 | unsigned char *frame, int *flen)
140 | {
141 | uint16_t fcs = 0;
142 | int pos = 0;
143 | int i = 0;
144 |
145 | fcs = sstp_frame_check(PPPINITFCS16, source, ilen);
146 | fcs ^= PPPINITFCS16;
147 |
148 | /* Set the start of frame marker */
149 | frame[pos++] = HDLC_FLAG;
150 |
151 | /* Escape the payload */
152 | for (i = 0; i < ilen + 2; i++)
153 | {
154 | unsigned char c = 0;
155 |
156 | /* Normal case of iterating the source */
157 | if (i < ilen)
158 | {
159 | c = source[i];
160 | }
161 |
162 | /* Handle the two-byte checksum (first) */
163 | if (i == (ilen+0))
164 | {
165 | c = ((fcs >> 0) & 0xFF);
166 | }
167 |
168 | /* Handle the two-byte checksum (second) */
169 | if (i == (ilen+1))
170 | {
171 | c = ((fcs >> 8) & 0xFF);
172 | }
173 |
174 | /* Buffer overflow */
175 | if (*flen < (pos+3))
176 | {
177 | return SSTP_OVERFLOW;
178 | }
179 |
180 | /* Excape character if needed */
181 | if ((c < HDLC_TRANSPARENCY) ||
182 | (c == HDLC_FLAG) ||
183 | (c == HDLC_ESCAPE))
184 | {
185 | frame[pos++] = (HDLC_ESCAPE);
186 | frame[pos++] = (c ^ HDLC_TRANSPARENCY);
187 | continue;
188 | }
189 |
190 | /* Character does not need escaping */
191 | frame[pos++] = c;
192 | }
193 |
194 | /* Set the End of Frame marker */
195 | frame[pos++] = HDLC_FLAG;
196 |
197 | /* Set the return position */
198 | *flen = pos;
199 |
200 | return SSTP_OKAY;
201 | }
202 |
203 |
204 | #ifdef __SSTP_UNIT_TEST_FCS
205 |
206 | #include
207 | #include
208 |
209 | int main(void)
210 | {
211 | int flen = 0;
212 | int clen = 0;
213 | int ret = 0;
214 | unsigned char *frame = NULL;
215 | unsigned char *check = NULL;
216 | unsigned char byte[] =
217 | {
218 | 0xff, 0x03, 0xc0, 0x21, 0x01, 0x01, 0x00, 0x18, 0x01, 0x04,
219 | 0x05, 0x78, 0x02, 0x06, 0x00, 0x00, 0x00, 0x00, 0x05, 0x06,
220 | 0x37, 0x67, 0x24, 0xc2, 0x07, 0x02, 0x08, 0x02
221 | };
222 |
223 | /* Allocate stack space */
224 | flen = (sizeof(byte) << 1) + 4;
225 | frame = alloca(flen);
226 | if (!frame)
227 | {
228 | printf("Could not allocate memory for frame\n");
229 | return EXIT_FAILURE;
230 | }
231 |
232 | clen = sizeof(byte) << 1;
233 | check = alloca(clen);
234 | if (!check)
235 | {
236 | printf("Could not allocate memory for check\n");
237 | return EXIT_FAILURE;
238 | }
239 |
240 | ret = sstp_frame_encode(byte, sizeof(byte), frame, &flen);
241 | if (SSTP_OKAY != ret)
242 | {
243 | printf("Could not encode frame\n");
244 | return EXIT_FAILURE;
245 | }
246 |
247 | printf("Frame encoded successfully in %d bytes\n", flen);
248 |
249 | ret = sstp_frame_decode(frame, &flen, check, &clen);
250 | if (SSTP_OKAY != ret)
251 | {
252 | printf("Could not decode frame\n");
253 | return EXIT_FAILURE;
254 | }
255 |
256 | if (clen != sizeof(byte))
257 | {
258 | printf("The number of bytes are different, %d != %d\n", clen,
259 | (int)sizeof(byte));
260 | return EXIT_FAILURE;
261 | }
262 |
263 | if (memcmp(byte, check, sizeof(byte)))
264 | {
265 | printf("The bytes encoded is not what was decoded\n");
266 | return EXIT_FAILURE;
267 | }
268 |
269 | printf("Frame decoded successfully in %d bytes\n", clen);
270 | return EXIT_SUCCESS;
271 | }
272 |
273 | #endif /* #ifdef __TEST_SSTP_FCS */
274 |
275 |
276 |
--------------------------------------------------------------------------------
/src/sstp-cmac.c:
--------------------------------------------------------------------------------
1 | /*!
2 | * @brief API to obtain correct Crypto Binding (CMAC Field)
3 | *
4 | * @file sstp-cmac.c
5 | *
6 | * @author Copyright (C) 2011 Eivind Naess,
7 | * All Rights Reserved
8 | *
9 | * @par License:
10 | * This program is free software; you can redistribute it and/or modify
11 | * it under the terms of the GNU General Public License as published by
12 | * the Free Software Foundation; either version 2 of the License, or
13 | * (at your option) any later version.
14 | *
15 | * This program is distributed in the hope that it will be useful,
16 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 | * GNU General Public License for more details.
19 | *
20 | * You should have received a copy of the GNU General Public License along
21 | * with this program; if not, write to the Free Software Foundation, Inc.,
22 | * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
23 | */
24 |
25 | #include
26 | #include
27 | #include
28 | #include
29 | #include
30 | #include
31 | #include
32 | #include
33 |
34 | #include "sstp-private.h"
35 |
36 |
37 | void sstp_cmac_init(cmac_ctx_st *ctx, int flag)
38 | {
39 | /* ASCII: "SSTP inner method derived CMK" */
40 | uint8_t seed [] =
41 | {
42 | 0x53, 0x53, 0x54, 0x50, 0x20, 0x69, 0x6E, 0x6E,
43 | 0x65, 0x72, 0x20, 0x6d, 0x65, 0x74, 0x68, 0x6F,
44 | 0x64, 0x20, 0x64, 0x65, 0x72, 0x69, 0x76, 0x65,
45 | 0x64, 0x20, 0x43, 0x4D, 0x4B
46 | };
47 |
48 | /* Perform the initialization */
49 | memset(ctx, 0, sizeof(cmac_ctx_st));
50 | memcpy(ctx->seed, seed, sizeof(seed));
51 | ctx->flag = flag;
52 | ctx->slen = sizeof(seed);
53 | }
54 |
55 |
56 | void sstp_cmac_send_key(cmac_ctx_st *ctx, uint8_t *key, int len)
57 | {
58 | int off = (SSTP_CMAC_SERVER & ctx->flag)
59 | ? 16
60 | : 0;
61 |
62 | memcpy(&ctx->key[off], key, len);
63 | }
64 |
65 |
66 | void sstp_cmac_recv_key(cmac_ctx_st *ctx, uint8_t *key, int len)
67 | {
68 | int off = (SSTP_CMAC_SERVER & ctx->flag)
69 | ? 0
70 | : 16;
71 |
72 | memcpy(&ctx->key[off], key, len);
73 | }
74 |
75 |
76 | /*!
77 | * @brief Function to create Compound MAC Key (CMK)
78 | *
79 | * @par Note:
80 | * The generation of the key to establish the Compound MAC Field is:
81 | * T1 = HMAC(key, S | LEN | 0x01);
82 | * T2 = HMAC(key, T1 | LEN | 0x02);
83 | * T3 = HMAC(key, T2 | LEN | 0x03);
84 | * CMK = First 32 bytes of: T1 | T2 | T3 | T4 | ...
85 | *
86 | * In simplicity, it really means the output of the first operation as the output
87 | * using the appropriate SHA1/256 always return the wanted output length.
88 | */
89 | void sstp_cmac_result(cmac_ctx_st *ctx, uint8_t *msg, int mlen, uint8_t *result, int length)
90 | {
91 | /* We start with the seed */
92 | HMAC_CTX hmac;
93 | uint8_t key[EVP_MAX_MD_SIZE];
94 | unsigned int klen = sizeof(key);
95 | uint8_t iter = 0x01;
96 | uint16_t len = SHA_DIGEST_LENGTH;
97 | const EVP_MD *(*evp)() = EVP_sha1;
98 |
99 | /* The 256-bit keys are a bit different */
100 | if (SSTP_CMAC_SHA256 & ctx->flag)
101 | {
102 | len = SHA256_DIGEST_LENGTH;
103 | evp = EVP_sha256;
104 | }
105 |
106 | /*
107 | * Generate the Key first, using the T1 = HMAC(HLAK, S | LEN | 0x01),
108 | * CMACK = T1a
109 | */
110 | HMAC_CTX_init(&hmac);
111 | HMAC_Init (&hmac, ctx->key, sizeof(ctx->key), evp());
112 | HMAC_Update (&hmac, (uint8_t*) ctx->seed, ctx->slen);
113 | HMAC_Update (&hmac, (uint8_t*) &len, (int) sizeof(len));
114 | HMAC_Update (&hmac, (uint8_t*) &iter, (int) sizeof(iter));
115 | HMAC_Final (&hmac, key, &klen);
116 | HMAC_CTX_cleanup(&hmac);
117 |
118 | /*
119 | * Generate the Compound MAC Field
120 | */
121 | HMAC_CTX_init(&hmac);
122 | HMAC_Init (&hmac, key, klen, evp());
123 | HMAC_Update (&hmac, msg, mlen);
124 | HMAC_Final (&hmac, result, (unsigned int*) &length);
125 | HMAC_CTX_cleanup(&hmac);
126 | }
127 |
128 |
129 |
130 | #ifdef __SSTP_UNIT_TEST_CMAC
131 |
132 | int sstp_test_sha1(void)
133 | {
134 | int flag = SSTP_CMAC_SHA1;
135 |
136 | /* Call Connected Message wo/MAC */
137 | uint8_t sstp_msg [] =
138 | {
139 | /* SSTP Header */
140 | 0x10, 0x01, 0x00, 0x70, 0x00, 0x04, 0x00, 0x01,
141 | 0x00, 0x03, 0x00, 0x68, 0x00, 0x00, 0x00, 0x01,
142 |
143 | /* Nounce */
144 | 0x0F, 0x1A, 0x2D, 0x58, 0xD4, 0xA3, 0xE3, 0x00,
145 | 0x0F, 0xAD, 0x3C, 0xE4, 0x90, 0x6E, 0x07, 0xB7,
146 | 0x07, 0xAA, 0x9E, 0x44, 0x1C, 0xCE, 0xAC, 0x5C,
147 | 0xBD, 0x7B, 0x2C, 0xC1, 0xC9, 0xD8, 0x6C, 0xDF,
148 |
149 | /* Certificate Hash */
150 | 0x58, 0x26, 0xB6, 0x29, 0xBD, 0xA5, 0x9B, 0x8E,
151 | 0x6F, 0xD8, 0xDC, 0xD2, 0x62, 0x2F, 0xD3, 0x4C,
152 | 0x53, 0x48, 0x05, 0xA5, 0x00, 0x00, 0x00, 0x00,
153 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
154 |
155 | /* MAC Field Zeroed out */
156 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
157 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
158 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
159 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
160 | };
161 |
162 | uint8_t mppe_send_key [] =
163 | {
164 | 0x4B, 0x31, 0x28, 0xF4, 0x39, 0x25, 0xD9, 0x00,
165 | 0x6E, 0xEF, 0xB1, 0xC4, 0xE8, 0x65, 0x15, 0xA1
166 | };
167 |
168 | uint8_t mppe_recv_key [] =
169 | {
170 | 0xD8, 0x8E, 0x56, 0xBA, 0xB3, 0xCA, 0x2B, 0xDF,
171 | 0x03, 0x73, 0xB7, 0xF5, 0xA8, 0xA1, 0x3B, 0x19
172 | };
173 |
174 | uint8_t cmac[] =
175 | {
176 | 0x69, 0x91, 0x5D, 0xD5, 0x83, 0xD8, 0x06, 0x2F,
177 | 0xEF, 0x16, 0xF6, 0x1D, 0xB2, 0xF0, 0x32, 0x90,
178 | 0xEC, 0x27, 0xCB, 0x6C
179 | };
180 |
181 | uint8_t ret = 0;
182 | uint8_t res[20];
183 | cmac_ctx_st ctx;
184 |
185 | /* Use the API as defined */
186 | sstp_cmac_init(&ctx, flag);
187 | sstp_cmac_send_key(&ctx, mppe_send_key, sizeof(mppe_send_key));
188 | sstp_cmac_recv_key(&ctx, mppe_recv_key, sizeof(mppe_recv_key));
189 | sstp_cmac_result(&ctx, sstp_msg, sizeof(sstp_msg), res, sizeof(res));
190 |
191 | /* Compare the result */
192 | ret = memcmp(res, cmac, sizeof(res));
193 | if (ret != 0)
194 | {
195 | printf("The Compound MAC Field (HMAC-SHA1-160) Failed!\n");
196 | return -1;
197 | }
198 |
199 | /* Success! */
200 | printf("The Compound MAC Field (HMAC-SHA1-160) Succeeded!\n");
201 | return 0;
202 | }
203 |
204 |
205 | int sstp_test_sha256(void)
206 | {
207 | int flag = SSTP_CMAC_SHA256;
208 |
209 | /* Call Connected Message wo/MAC */
210 | uint8_t sstp_msg [] =
211 | {
212 | /* Call Connected */
213 | 0x10, 0x01, 0x00, 0x70, 0x00, 0x04, 0x00, 0x01,
214 | 0x00, 0x03, 0x00, 0x68, 0x00, 0x00, 0x00, 0x02,
215 |
216 | /* Nounce */
217 | 0x41, 0x2B, 0x48, 0x9A, 0xEB, 0xD7, 0xEC, 0xC7,
218 | 0xD0, 0x89, 0x66, 0xF2, 0x6B, 0xE7, 0xCD, 0x72,
219 | 0xB2, 0x31, 0xA0, 0xE9, 0x21, 0x0D, 0x7C, 0x91,
220 | 0xB3, 0x08, 0x86, 0x2B, 0x03, 0x44, 0xC4, 0x35,
221 |
222 | /* Certificate Hash */
223 | 0x79, 0x93, 0xEF, 0x31, 0x4C, 0x49, 0x3D, 0xAC,
224 | 0xE9, 0xF0, 0x2D, 0x60, 0xE7, 0xE6, 0x1C, 0x84,
225 | 0xB6, 0x69, 0x0A, 0xAF, 0xE9, 0xD7, 0xAE, 0xEA,
226 | 0x92, 0xCB, 0xBE, 0x8A, 0xD5, 0x99, 0x42, 0x2D,
227 |
228 | /* MAC Field Zero'd out */
229 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
230 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
231 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
232 | 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
233 | };
234 |
235 | /* HLAK send */
236 | uint8_t mppe_send_key [] =
237 | {
238 | 0x2A, 0x1B, 0xB4, 0x0D, 0x55, 0xAB, 0x0F, 0x5E,
239 | 0xF3, 0x2F, 0x06, 0xF2, 0xB3, 0xCC, 0x73, 0xC4,
240 | };
241 |
242 | /* HLAK recv */
243 | uint8_t mppe_recv_key [] =
244 | {
245 | 0x8F, 0xD3, 0xFA, 0xC4, 0x1D, 0x7A, 0x13, 0x15,
246 | 0xA1, 0x92, 0x28, 0xD9, 0x02, 0x4C, 0xA1, 0x64
247 | };
248 |
249 | /* Expected result */
250 | uint8_t cmac [] =
251 | {
252 | 0x52, 0xA6, 0x8E, 0xFD, 0x8C, 0xFF, 0xBF, 0x52,
253 | 0x77, 0x0B, 0x8F, 0x0F, 0xE8, 0xEC, 0x73, 0x71,
254 | 0x65, 0x83, 0xAF, 0x6D, 0x61, 0x1E, 0xB6, 0xD1,
255 | 0x79, 0xB3, 0xB2, 0x08, 0x40, 0x98, 0x54, 0x49
256 | };
257 |
258 | uint8_t ret = 0;
259 | uint8_t res[32];
260 | cmac_ctx_st ctx;
261 |
262 | /* Use the API as defined */
263 | sstp_cmac_init(&ctx, flag);
264 | sstp_cmac_send_key(&ctx, mppe_send_key, sizeof(mppe_send_key));
265 | sstp_cmac_recv_key(&ctx, mppe_recv_key, sizeof(mppe_recv_key));
266 | sstp_cmac_result(&ctx, sstp_msg, sizeof(sstp_msg), res, sizeof(res));
267 |
268 | /* Compare the result */
269 | ret = memcmp(res, cmac, sizeof(res));
270 | if (ret != 0)
271 | {
272 | printf("The Compound MAC Field (HMAC-SHA256-256) Failed!\n");
273 | return -1;
274 | }
275 |
276 | /* Success! */
277 | printf("The Compound MAC Field (HMAC-SHA256-256) Succeeded!\n");
278 | return 0;
279 | }
280 |
281 |
282 | /*!
283 | * @brief Unit test per MS-SSTP specification
284 | */
285 | int main(void)
286 | {
287 | int retval = 0;
288 | int ret = 0;
289 |
290 | /* Test the SHA1 function */
291 | ret = sstp_test_sha1();
292 | if (ret != 0)
293 | {
294 | retval--;
295 | }
296 |
297 | /* Test the SHA256 function */
298 | ret = sstp_test_sha256();
299 | if (ret != 0)
300 | {
301 | retval--;
302 | }
303 |
304 | if (retval != 0)
305 | {
306 | return EXIT_FAILURE;
307 | }
308 |
309 | return EXIT_SUCCESS;
310 | }
311 |
312 | #endif
313 |
--------------------------------------------------------------------------------