wiki.TerraBase.info

PPTPD and Insanity

Revision as of 16:34, 19 June 2026 by Root (talk | contribs) (Created page with "Instead of removing PPTPD or PoPToP, OpenWRT developers have instead decided to take the tact of making one lose their mind. How? By inserting code into the /etc/init.d/pptpd initialization script that guarantees the PPTPD service will never work. Evidence is below; /etc/init.d/pptpd with bogus insanity code;<syntaxhighlight lang="text"> #!/bin/sh /etc/rc.common # Copyright (C) 2015 OpenWrt.org START=60 USE_PROCD=1 BIN=/usr/sbin/pptpd CONFIG=/var/etc/pptpd.conf CHA...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Instead of removing PPTPD or PoPToP, OpenWRT developers have instead decided to take the tact of making one lose their mind. How? By inserting code into the /etc/init.d/pptpd initialization script that guarantees the PPTPD service will never work.

Evidence is below;

/etc/init.d/pptpd with bogus insanity code;

#!/bin/sh /etc/rc.common
# Copyright (C) 2015 OpenWrt.org

START=60
USE_PROCD=1

BIN=/usr/sbin/pptpd
CONFIG=/var/etc/pptpd.conf
CHAP_SECRETS=/var/etc/chap-secrets
OPTIONS_PPTP=/var/etc/options.pptpd

validate_login_section() {
	uci_load_validate pptpd login "$1" "$2" \
		'username:string' \
		'password:string' \
		'remoteip:string'
}

validate_pptpd_section() {
	uci_load_validate pptpd service "$1" "$2" \
		'enabled:bool:1' \
		'localip:string' \
		'remoteip:string' \
		'mppe:list(string):required no40 no56 stateless' \
		'logwtmp:bool:0'
}

setup_login() {
	[ "$2" = 0 ] || {
		echo "validation failed"
		return 1
	}

	[ -n "$username" ] || return 0
	[ -n "$password" ] || return 0
	[ -n "$remoteip" ] || remoteip=*

	echo "$username pptp-server $password $remoteip" >> $CHAP_SECRETS
}

setup_config() {
	[ "$2" = 0 ] || {
		echo "validation failed"
		return 1
	}

	[ "$enabled" -eq 0 ] && return 1

	mkdir -p /var/etc
	cp /etc/pptpd.conf $CONFIG
	cp /etc/ppp/options.pptpd $OPTIONS_PPTP

	[ -n "$localip" ] && echo "localip  $localip" >> $CONFIG
	[ -n "$remoteip" ] && echo "remoteip  $remoteip" >> $CONFIG
	[ "$logwtmp" -eq 1 ] && echo "logwtmp" >> $CONFIG

	echo "mppe $(echo $mppe | sed -e 's/\s/,/g')" >> $OPTIONS_PPTP

	return 0
}

start_service() {
	config_load pptpd
	validate_pptpd_section pptpd setup_config || return
	sed -i -E "/^\w+\s+pptp-server\s+.+$/d" $CHAP_SECRETS
	config_foreach validate_login_section login setup_login

	ln -sfn $CHAP_SECRETS /etc/ppp/chap-secrets

	procd_open_instance
	procd_set_param command $BIN -c $CONFIG --fg -o $OPTIONS_PPTP
	procd_close_instance
}

service_triggers () {
	procd_add_reload_trigger "pptpd"

	procd_open_validate
	validate_pptpd_section
	validate_login_section
	procd_close_validate
}

/etc/init.d/pptpd file with sanity restored;

#!/bin/sh /etc/rc.common
# Copyright (C) 2015 OpenWrt.org

START=60
USE_PROCD=1

BIN=/usr/sbin/pptpd
CONFIG=/var/etc/pptpd.conf
CHAP_SECRETS=/var/etc/chap-secrets
OPTIONS_PPTP=/var/etc/options.pptpd

validate_login_section() {
	uci_load_validate pptpd login "$1" "$2" \
		'username:string' \
		'password:string' \
		'remoteip:string'
}

validate_pptpd_section() {
	uci_load_validate pptpd service "$1" "$2" \
		'enabled:uinteger' \
		'localip:string' \
		'remoteip:string' \
		'mppe:list(string):required no40 no56 stateless' \
		'logwtmp:uinteger'
}

setup_login() {
	[ "$2" = 0 ] || {
		echo "validation failed"
		return 1
	}

	[ -n "$username" ] || return 0
	[ -n "$password" ] || return 0
	[ -n "$remoteip" ] || remoteip=*

	echo "$username pptp-server $password $remoteip" >> $CHAP_SECRETS
}

setup_config() {
	[ "$2" = 0 ] || {
		echo "validation failed"
		return 1
	}

	[ "$enabled" -eq 0 ] && return 1

	mkdir -p /var/etc
	cp /etc/pptpd.conf $CONFIG
	cp /etc/ppp/options.pptpd $OPTIONS_PPTP

	[ -n "$localip" ] && echo "localip  $localip" >> $CONFIG
	[ -n "$remoteip" ] && echo "remoteip  $remoteip" >> $CONFIG
	[ "$logwtmp" -eq 1 ] && echo "logwtmp" >> $CONFIG

	# echo "mppe $(echo $mppe | sed -e 's/\s/,/g')" >> $OPTIONS_PPTP


if echo "$mppe" | grep -qw required; then
	if echo "$mppe" | grep -qw no40 && echo "$mppe" | grep -qw no56; then
		echo "require-mppe-128" >> "$OPTIONS_PPTP"
	else
		echo "require-mppe" >> "$OPTIONS_PPTP"
	fi
fi

if echo "$mppe" | grep -qw stateful; then
	echo "mppe-stateful" >> "$OPTIONS_PPTP"
fi




	return 0
}

start_service() {
	config_load pptpd
	validate_pptpd_section pptpd setup_config || return
	config_foreach validate_login_section login setup_login

	ln -sfn $CHAP_SECRETS /etc/ppp/chap-secrets

	procd_open_instance
	procd_set_param command $BIN -c $CONFIG --fg -o $OPTIONS_PPTP
	procd_close_instance
}

stop_service() {
	rm /var/run/pptpd.pid
	rm /var/etc/chap-secrets
}

service_triggers () {
	procd_add_reload_trigger "pptpd"

	procd_open_validate
	validate_pptpd_section
	validate_login_section
	procd_close_validate
}

See the difference? Here it is (minus the added script that double checks for making sure 128 bit encryption is used);

	# echo "mppe $(echo $mppe | sed -e 's/\s/,/g')" >> $OPTIONS_PPTP

Effectively, the PPTPD package is shipped in a such a condition that it will never work, no matter what proper configuration is done in /etc/pptpd.conf. And worse than that, the sinister hidden method that it is done in the pptpd init.d script.

Conclusion: Pure stupidity or pure evil, one of the two.

Retrieved from "https://wiki.terrabase.info/index.php?title=PPTPD_and_Insanity&oldid=2252"