Disallow PAP authentication when MPPE is requested

MPPE cannot work if PAP is used as authentication, so it is not useful
to allow PAP authentication when MPPE is enforced: establishing the
tunnel would fail anyway with "MPPE required, but MS-CHAP[v2] auth not
performed".
Also users enforcing MPPE may assume that this means PAP will not be
used for authentication, so without this change MPPE enforcement gives a
false sense of security, as PAP uses plain-text credentials.

Bug: 201660636
Test: atest VpnTest
Merged-In: Ie318d45fe44294e97cf38da7f1834cf014cb4417
Change-Id: Ie318d45fe44294e97cf38da7f1834cf014cb4417
(cherry picked from commit 997a4a39268b4f3af7ccc388269b5eb1972d3624)

1 files changed, 7 insertions, 0 deletions

diff --git a/services/core/java/com/android/server/connectivity/Vpn.java b/services/core/java/com/android/server/connectivity/Vpn.java
index af4df1a0f8d1..ea1924f2d844 100644
--- a/services/core/java/com/android/server/connectivity/Vpn.java
+++ b/services/core/java/com/android/server/connectivity/Vpn.java
@@ -2023,6 +2023,13 @@ public class Vpn {
                     "usepeerdns", "idle", "1800", "mtu", "1400", "mru", "1400",
                     (profile.mppe ? "+mppe" : "nomppe"),
                 };
+                if (profile.mppe) {
+                    // Disallow PAP authentication when MPPE is requested, as MPPE cannot work
+                    // with PAP anyway, and users may not expect PAP (plain text) to be used when
+                    // MPPE was requested.
+                    mtpd = Arrays.copyOf(mtpd, mtpd.length + 1);
+                    mtpd[mtpd.length - 1] = "-pap";
+                }
                 break;
             case VpnProfile.TYPE_L2TP_IPSEC_PSK:
             case VpnProfile.TYPE_L2TP_IPSEC_RSA: