diff options
author | Remi NGUYEN VAN <reminv@google.com> | 2022-02-28 18:02:27 +0900 |
---|---|---|
committer | Remi NGUYEN VAN <reminv@google.com> | 2022-04-07 01:18:19 +0000 |
commit | 4f319df8ff5a4b9f2bc62cb17df972e40b57fc81 (patch) | |
tree | 68dd975c1f1cbb4cb3d99bb68a243621a3a81636 | |
parent | 74f9b7f43225ac6e4bd88d4e344158cff2417a6d (diff) | |
download | base-4f319df8ff5a4b9f2bc62cb17df972e40b57fc81.tar.gz |
Disallow PAP authentication when MPPE is requested
MPPE cannot work if PAP is used as authentication, so it is not useful
to allow PAP authentication when MPPE is enforced: establishing the
tunnel would fail anyway with "MPPE required, but MS-CHAP[v2] auth not
performed".
Also users enforcing MPPE may assume that this means PAP will not be
used for authentication, so without this change MPPE enforcement gives a
false sense of security, as PAP uses plain-text credentials.
Bug: 201660636
Test: atest VpnTest
Merged-In: Ie318d45fe44294e97cf38da7f1834cf014cb4417
Change-Id: Ie318d45fe44294e97cf38da7f1834cf014cb4417
(cherry picked from commit 997a4a39268b4f3af7ccc388269b5eb1972d3624)
-rw-r--r-- | services/core/java/com/android/server/connectivity/Vpn.java | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/services/core/java/com/android/server/connectivity/Vpn.java b/services/core/java/com/android/server/connectivity/Vpn.java index af4df1a0f8d1..ea1924f2d844 100644 --- a/services/core/java/com/android/server/connectivity/Vpn.java +++ b/services/core/java/com/android/server/connectivity/Vpn.java @@ -2023,6 +2023,13 @@ public class Vpn { "usepeerdns", "idle", "1800", "mtu", "1400", "mru", "1400", (profile.mppe ? "+mppe" : "nomppe"), }; + if (profile.mppe) { + // Disallow PAP authentication when MPPE is requested, as MPPE cannot work + // with PAP anyway, and users may not expect PAP (plain text) to be used when + // MPPE was requested. + mtpd = Arrays.copyOf(mtpd, mtpd.length + 1); + mtpd[mtpd.length - 1] = "-pap"; + } break; case VpnProfile.TYPE_L2TP_IPSEC_PSK: case VpnProfile.TYPE_L2TP_IPSEC_RSA: |