PPTPD and Insanity
Jump to navigation
Jump to search
Instead of removing PPTPD or PoPToP, OpenWRT developers have instead decided to take the tact of making one lose their mind. How? By inserting code into the /etc/init.d/pptpd initialization script that guarantees the PPTPD service will never work.
Evidence is below;
/etc/init.d/pptpd with bogus insanity code;
#!/bin/sh /etc/rc.common
# Copyright (C) 2015 OpenWrt.org
START=60
USE_PROCD=1
BIN=/usr/sbin/pptpd
CONFIG=/var/etc/pptpd.conf
CHAP_SECRETS=/var/etc/chap-secrets
OPTIONS_PPTP=/var/etc/options.pptpd
validate_login_section() {
uci_load_validate pptpd login "$1" "$2" \
'username:string' \
'password:string' \
'remoteip:string'
}
validate_pptpd_section() {
uci_load_validate pptpd service "$1" "$2" \
'enabled:bool:1' \
'localip:string' \
'remoteip:string' \
'mppe:list(string):required no40 no56 stateless' \
'logwtmp:bool:0'
}
setup_login() {
[ "$2" = 0 ] || {
echo "validation failed"
return 1
}
[ -n "$username" ] || return 0
[ -n "$password" ] || return 0
[ -n "$remoteip" ] || remoteip=*
echo "$username pptp-server $password $remoteip" >> $CHAP_SECRETS
}
setup_config() {
[ "$2" = 0 ] || {
echo "validation failed"
return 1
}
[ "$enabled" -eq 0 ] && return 1
mkdir -p /var/etc
cp /etc/pptpd.conf $CONFIG
cp /etc/ppp/options.pptpd $OPTIONS_PPTP
[ -n "$localip" ] && echo "localip $localip" >> $CONFIG
[ -n "$remoteip" ] && echo "remoteip $remoteip" >> $CONFIG
[ "$logwtmp" -eq 1 ] && echo "logwtmp" >> $CONFIG
echo "mppe $(echo $mppe | sed -e 's/\s/,/g')" >> $OPTIONS_PPTP
return 0
}
start_service() {
config_load pptpd
validate_pptpd_section pptpd setup_config || return
sed -i -E "/^\w+\s+pptp-server\s+.+$/d" $CHAP_SECRETS
config_foreach validate_login_section login setup_login
ln -sfn $CHAP_SECRETS /etc/ppp/chap-secrets
procd_open_instance
procd_set_param command $BIN -c $CONFIG --fg -o $OPTIONS_PPTP
procd_close_instance
}
service_triggers () {
procd_add_reload_trigger "pptpd"
procd_open_validate
validate_pptpd_section
validate_login_section
procd_close_validate
}/etc/init.d/pptpd file with sanity restored;
#!/bin/sh /etc/rc.common
# Copyright (C) 2015 OpenWrt.org
START=60
USE_PROCD=1
BIN=/usr/sbin/pptpd
CONFIG=/var/etc/pptpd.conf
CHAP_SECRETS=/var/etc/chap-secrets
OPTIONS_PPTP=/var/etc/options.pptpd
validate_login_section() {
uci_load_validate pptpd login "$1" "$2" \
'username:string' \
'password:string' \
'remoteip:string'
}
validate_pptpd_section() {
uci_load_validate pptpd service "$1" "$2" \
'enabled:uinteger' \
'localip:string' \
'remoteip:string' \
'mppe:list(string):required no40 no56 stateless' \
'logwtmp:uinteger'
}
setup_login() {
[ "$2" = 0 ] || {
echo "validation failed"
return 1
}
[ -n "$username" ] || return 0
[ -n "$password" ] || return 0
[ -n "$remoteip" ] || remoteip=*
echo "$username pptp-server $password $remoteip" >> $CHAP_SECRETS
}
setup_config() {
[ "$2" = 0 ] || {
echo "validation failed"
return 1
}
[ "$enabled" -eq 0 ] && return 1
mkdir -p /var/etc
cp /etc/pptpd.conf $CONFIG
cp /etc/ppp/options.pptpd $OPTIONS_PPTP
[ -n "$localip" ] && echo "localip $localip" >> $CONFIG
[ -n "$remoteip" ] && echo "remoteip $remoteip" >> $CONFIG
[ "$logwtmp" -eq 1 ] && echo "logwtmp" >> $CONFIG
# echo "mppe $(echo $mppe | sed -e 's/\s/,/g')" >> $OPTIONS_PPTP
if echo "$mppe" | grep -qw required; then
if echo "$mppe" | grep -qw no40 && echo "$mppe" | grep -qw no56; then
echo "require-mppe-128" >> "$OPTIONS_PPTP"
else
echo "require-mppe" >> "$OPTIONS_PPTP"
fi
fi
if echo "$mppe" | grep -qw stateful; then
echo "mppe-stateful" >> "$OPTIONS_PPTP"
fi
return 0
}
start_service() {
config_load pptpd
validate_pptpd_section pptpd setup_config || return
config_foreach validate_login_section login setup_login
ln -sfn $CHAP_SECRETS /etc/ppp/chap-secrets
procd_open_instance
procd_set_param command $BIN -c $CONFIG --fg -o $OPTIONS_PPTP
procd_close_instance
}
stop_service() {
rm /var/run/pptpd.pid
rm /var/etc/chap-secrets
}
service_triggers () {
procd_add_reload_trigger "pptpd"
procd_open_validate
validate_pptpd_section
validate_login_section
procd_close_validate
}See the difference? Here it is (minus the added script that double checks for making sure 128 bit encryption is used);
# echo "mppe $(echo $mppe | sed -e 's/\s/,/g')" >> $OPTIONS_PPTPEffectively, the PPTPD package is shipped in a such a condition that it will never work, no matter what proper configuration is done in /etc/pptpd.conf. And worse than that, the sinister hidden method that it is done in the pptpd init.d script.
Conclusion: Pure stupidity or pure evil, one of the two.