Paul Mackerras [Thu, 9 Nov 2023 06:20:36 +0000 (17:20 +1100)]
Remove <linux/if_ppp.h> and <net/if_ppp.h> headers
The if_ppp.h headers are redundant; all the relevant definitions are
now in ppp_defs.h, ppp-ioctl.h for Linux (which comes from the kernel
headers via the C library) and pppio.h for Solaris.
Paul Mackerras [Wed, 8 Nov 2023 05:54:40 +0000 (16:54 +1100)]
pppoe: Fail if ethernet interface name is too long
If the name of the ethernet interface is longer than can fit in the
relevant structure used for system calls, generate an error rather
than using a truncated interface name.
Brahmajit Das [Thu, 2 Nov 2023 05:56:18 +0000 (11:26 +0530)]
Fix linking error with lld linkers (#438)
When using lld linker, build fails with
ld.lld: error: /usr/lib/gcc/x86_64-pc-linux-gnu/12/../../../../lib64/Scrt1.o is incompatible with elf32-i386
ld.lld: error: /usr/lib/gcc/x86_64-pc-linux-gnu/12/../../../../lib64/crti.o is incompatible with elf32-i386
ld.lld: error: /usr/lib/llvm/16/bin/../../../../lib/clang/16/lib/linux
The fix is to check pkg-config first, and not force manual -L /usr/lib.
If pkg-config succeeded, then we don't bother with -L /usr/lib
Our guess is this what the actual intention was based upon the coments
if pkg-config is installed and openssl has installed a .pc file,
then use that information and don't search ssldirs
First found on gentoo linux with llvm profile, please check out Bug:
section of the commit for more info and a complete build log.
Bug: https://bugs.gentoo.org/905442
Signed-off-by: Brahmajit Das <brahmajit.xyz@gmail.com> Co-authored-by: Sam James <sam@gentoo.org>
Jaco Kroon [Tue, 31 Oct 2023 09:47:21 +0000 (11:47 +0200)]
pppd/sys-linux: Fix compile with older Linux kernel headers (#452)
When compiling pppd against kernel headers which don't provide
the definitions for the NETLINK mechanisms, leave out the code
which uses NETLINK, so as to avoid getting compile errors.
Upstream commit in Linux refers.
commit 10c9ead9f3c6bb24bddc9a96681f7d58e6623966
Author: Roopa Prabhu <roopa@cumulusnetworks.com>
Date: Wed Apr 20 08:43:43 2016 -0700
rtnetlink: add new RTM_GETSTATS message to dump link stats
This commit adds the #defines and structs used, so simply not compiling
this code if the required #defines isn't there should solve the problem.
Jaco Kroon [Thu, 26 Oct 2023 09:52:27 +0000 (11:52 +0200)]
plugins/radius: fix segfault during shutdown. (#455)
ppp_get_ifname() is the wrong thing to use in this slprintf call as
it returns an int which is the length of the interface name, not
a pointer to the interface name, which is what ppp_ifname()
returns.
Runtime dir changed from /run to /run/pppd in commit 66a8c74c3f73 ("Let
./configure control the paths for pppd") and is likely to not exist on
some distros, in which case the pppdb will not be created.
See: #419 (lock directory moved in ppp-2.5.0) Signed-off-by: Dominique Martinet <dominique.martinet@atmark-techno.com>
lock dir changed on linux from /var/lock to /run/pppd/lock with
pppd-2.5.0, which makes pppd fail to start if the distribution does not
pre-create the directory.
This reverts it back to /var/lock.
The paths for other OS should be identical as LOCALSTATEDIR should be
/var, but also revert them back as well just in case.
Since the variable is no longer used remove it from makefiles.
Fixes: 66a8c74c3f73 ("Let ./configure control the paths for pppd") Fixes: #419 Signed-off-by: Dominique Martinet <dominique.martinet@atmark-techno.com> Co-authored-by: Dominique Martinet <dominique.martinet@atmark-techno.com>
pppd: implement net-init, net-pre-up and net-down.
net-init executes as a blocking script directly after the unit number
becomes available. This can be used to initialise aspects related to
the ppp connection that lives outside of the ppp connection. It can
also be used to clean up (in the author's extremely unlikely case) where
a previous pppd crashed, and net-down didn't execute in order to clean
up.
net-pre-up executes as a blocking script after auth, prior to NCPs being
negotiated. Unlike ip-pre-up this is guaranteed to execute prior to the
interface being brought up, and can be used in an NCP agnostic manner to
pre-initialise aspects of the interface for which it still needs to be
down (amongst others it's recommended that firewall changes happen
here).
net-down executes in a non-blocking manner just prior to pppd
terminating and can be used to clean up actions from previous scripts.
You will notice that I mention ip-pre-up doesn't gaurantee that the
interface will still be down, this is because in a Linux world all
protocols runs on the same interface, compared to solaris where I'm
informed each protocol runs on it's own sub-interface, each of which has
it's own operational state. The man page for pppd has also been
adjusted to indicate as much.
Marco d'Itri [Thu, 28 Sep 2023 01:12:36 +0000 (03:12 +0200)]
Escape all minus characters in the man pages (#449)
From man-pages(7):
Where a real minus character is required (e.g., for numbers such as -1,
for man page cross references such as utf-8(7), or when writing options
that have a leading dash, such as in ls -l), use the following form in
the man page source:
Marco d'Itri [Sun, 7 May 2023 15:56:43 +0000 (17:56 +0200)]
implement logging the LCP RTT
This change adds the lcp-rtt-file configuration option, which instructs
pppd to add a timestamp to the data section of each LCP echo request
frame and then log their round-trip time and any detected packet loss
to a circular buffer in that file.
Other programs then can asynchronously read the file and report
statistics about the line.
Eivind Næss [Fri, 4 Aug 2023 06:18:09 +0000 (23:18 -0700)]
pppd: Fix compilation with openssl disabled (#431)
If openssl is disabled at configure time but microsoft extensions are enabled,
we get a compilation error due to an unnecessary include in crypto_ms.c.
This removes the unnecessary include. With this, pppd compiles without
openssl as long as you add the following arguments to the configure script
invocation:
Mike Gilbert [Thu, 3 Aug 2023 08:57:23 +0000 (04:57 -0400)]
passwordfd: read password during option processing (#420)
When configured to detach from the controlling terminal, pppd closes
file descriptors 0, 1, and 2 before the passwd hook is called. If the
user passes 0, 1, or 2 to the passwordfd option, pppd will fail to read
the password.
To work around this, treat passwordfd as a special option and read the
password during option processing, before pppd closes it.
Paul Mackerras [Sat, 18 Mar 2023 07:14:04 +0000 (18:14 +1100)]
radius: Fix list traversal in rc_avpair_insert
In rc_avpair_insert, if the list element "p" is non-NULL but not
actually in the list "a", we can end up with this_node being NULL and
being dereferenced.
By changing the while test to this_node->next we avoid having
this_node being NULL; the loop will terminate when this_node == p or
this_node->next == NULL, which is what we want.
Paul Mackerras [Sat, 18 Mar 2023 06:32:20 +0000 (17:32 +1100)]
pppdump: Remove compression functions from local copy of zlib
They aren't used (pppdump only needs decompression), and removing the
unused code avoids getting reports from automated tools about possible
errors in the unused code.
Eivind Næss [Thu, 9 Mar 2023 23:59:19 +0000 (23:59 +0000)]
Additional fixes for broken build
This change fixes the build when
- ./configure is run with --disable-plugins
- ./configure is run with --disable-peap --disable-eaptls
--disable-microsoft-extensions
The latter disables the MPPE encryption too, but <pppd/crypto.h> is
still needed.
Robert Bartel [Fri, 10 Mar 2023 18:31:52 +0000 (18:31 +0000)]
Fixing buffer overflow issue in chat.c
There were two issues here, the report_buffer is too small to hold the
value, and accessing the memory outside its bounds. The following fixes
was made:
- Expand the size of report_buffer to 4096 from 256, this is to account
for handling of really long GSM USSD report strings
- Make sure to not to access memory outside the bounds of the buffer
Signed-off-by: Robert Bartel <r.bartel@gmx.net> Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
Eivind Næss [Thu, 16 Mar 2023 23:13:25 +0000 (16:13 -0700)]
Fix several issues uncovered by Coverity (#397)
* Fix for coverity issue 436265, we should cap copy to size of destination buffer
Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
* Fix for coverity issue 436262, llv6_ntoa() returns a pointer to a buffer that can be up to 64 bytes long; likely not a problem, but this will quiet coverity
Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
* Fix for coverity issue 436251, not freeing path in the normal flow of the code
Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
* Fixing coverity issue #436258, Digest maybe uninitialized in some paths of this code
Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
* Fix for coverity issue 436254, forgot to free 's' before returning from the function?
Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
* Fixing coverity issue #436251, memory leak in put_string() function
Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
* Fixing coverity issue 436215, should copy at most sizeof(devname) bytes
Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
* Fixing coverity issue #436203, if no authentication (or no accounting) server was found, we still need to free the allocated local instance
Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
* Fixing coverity issue #436171, use of uninitialized variable
Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
* Use of signed vs unsigned variable in printf for MD4Update
Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
* Fixing coverity issue #436182, fixing possible buffer overrun in handling of PW_CLASS attribute
Eivind Næss [Sat, 21 Jan 2023 06:12:58 +0000 (22:12 -0800)]
Header file reorganization and cleaning up the public API for pppd version 2.5.0 (#379)
This commit does several things, being a squash-and-merge of a series
of changes; squashed in order not to break bisection.
* Clean up pppd.h, moving declarations that should only be accessed by
pppd code (not by users of pppd) to a new pppd-private.h. Also,
other parts of pppd.h were moved to multilink.h, chap.h, eap.h,
eui64.h, and a new options.h.
* Provide an API for access to data that is needed by plugins (in no
particular order):
- ifname
- ifunit
- remote_name
- remote_number
- peer_authname
- status (now called "code" internally)
- phase
- doing_multilink
- multilink_master
- idle_time_limit
- link_connect_time
- max_connect_time
- link_stats
- ipparam
- hostname
- got_sigterm
- got_sigusr2
- got_sighup
- session_number
- maxoctets
- maxoctets_dir
- debug
- persist
- devnam
- modem
- peer_authname
- sync_serial
* Update the version number to 2.5.0.
* Detect availability of stddef.h and stdarg.h.
* Rename some headers:
- pppcrypt.c/h to crypto_ms.c/h
- ppp-crypto.c/h to crypto.c/h
- ppp-crypto-priv.h to crypto-priv.h
- chap-new.c/h to chap.c/h
* Remove chap-md5.h, crypto-priv.h, eap-tls.h, etc. from the list of
header files to be installed.
* Provide typedefs for the hook functions.
* Provide a typedef for the "phase" variable.
* Provide a typedef for the link statistics array.
* Remove the option_t typedef.
* Rename the following functions by adding a "ppp_" prefix (with the
intention that these are a "public" API for use by plugins):
- option_error
- add_options
- int_option,
- options_from_file
- script_setenv
- bad_ip_adrs,
- netif_get/set_mtu (renamed to ppp_get/set_mtu)
- get_time
- timeout
- untimeout
- safe_fork
- sys_close
- set_session_number
- update_link_stats (renamed to ppp_get_link_stats)
- add_notifier (renamed to ppp_add_notify)
- remove_notifier (renamed to ppp_del_notify)
- generic_[dis]establish_ppp (to ppp_generic_[dis]establish)
* Rename ppp_devnam to ppp_devname.
* Rename ppp_available() to ppp_check_kernel_support().
* Use unsigned char instead of u_char, unsigned short instead of
u_short, uint32_t instead of u_int32_t.
* Add const to some declarations
* Update comments
* Change the interface for notifiers to use an enum to identify which
notifier is to be modified.
* Provide an API for getting the path to a file, with an enum to
identify different types of file.
* Link plugins with the -DPLUGIN flag
[paulus@ozlabs.org - wrote commit message]
Signed-off-by: Eivind Næss <eivnaes@yahoo.com> Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
Jaco Kroon [Fri, 16 Dec 2022 19:09:31 +0000 (21:09 +0200)]
radius: distinguish between User-Request and Admin-Reset.
For the purposes of our definition:
User-Request - remote side hanging up.
Admin-Reset - local side hanging up.
Reasoning is that typically radius will be used to authentication
dial-in users, so if the pppd gets killed locally, that's not the User
(client) requesting hangup, but rather the local administrator (be that
a manual kill, or as a result of a CoA/Disconnect).
Paul Mackerras [Mon, 5 Dec 2022 06:33:48 +0000 (17:33 +1100)]
pppd: Fix spurious LCP echo failures with lcp-echo-adaptive option
If the lcp-echo-adaptive option is specified, it means that seeing
received traffic on the link is considered to be an indication that
the link is working. Hence, this resets the count of missing LCP
echo-replies to 0 when traffic is seen. Without this, occasional
echo failures interspersed with link traffic can accumulate and end up
causing a disconnection even when the link is working correctly.
Paul Mackerras [Sat, 26 Nov 2022 07:18:03 +0000 (18:18 +1100)]
chat: Improve signal handling
This improves the way that signals are handled in chat.
First, signal handlers should not be calling functions which are not
async-signal-safe; doing so incurs the possibility of deadlock. Thus
we can't call fatal() in signal handlers; instead we set 'fatalsig',
which functions both as a flag and as an indication of which signal
occurred, and check that at various points (basically after any
operation which might block) using the new function checksigs().
Secondly, using sigaction rather than signal() means that we can
control whether calls such as read() get restarted after a signal, and
whether the signal disposition gets reset when the signal is
delivered. That simplifies sigalrm(); we no longer need to
re-register the handler, and we don't need the kludge of setting stdin
to non-blocking mode in order to get the read() in get_char() to
return.
This also removes a #ifdef ultrix since ultrix is no longer supported.
1. Use uppercase for `prefix` parameter
`SYSTEMD_CFLAGS` is used elsewhere so `prefix` cannot be lowercase.
https://autotools.info/pkgconfig/pkg_check_modules.html
2. The module name should be `libsystemd`
Previously it will result in the following compile error when building pppd/auth.c:
> /usr/bin/ld: pppd-auth.o: undefined reference to symbol 'sd_notify@@LIBSYSTEMD_209'
> /usr/bin/ld: /usr/lib/libsystemd.so.0: error adding symbols: DSO missing from command line
This is due to missing `-lsystemd-daemon` flag which is provided by `libsystemd-daemon-devel`
package on Debian or `systemd-libs` on ArchLinux. And the proper .pc file in the package is
`libsystemd` not `systemd`.
https://stackoverflow.com/a/38303241
Pali Rohár [Sat, 7 Aug 2021 17:48:01 +0000 (19:48 +0200)]
pppd: Retry registering interface when on rtnetlink -EBUSY error
Due to workaround in kernel module ppp_generic.ko in function
ppp_nl_newlink(), kernel may return -EBUSY error to prevent possible
mutex deadlock. In this case userspace needs to retry its request.
Proper way would be to fix kernel module to order requests and mutex
locking, so prevent deadlock in kernel and so never return this error to
userspace. Until it happens we need retry code in userspace.
Eivind Næss [Wed, 3 Aug 2022 15:46:28 +0000 (08:46 -0700)]
Create a new API to abstract the crypto functions used by pppd.
This re-introduces the missing DES encryption functions copied from Openssl 3.0 project. Incorporates a new API for performing MD4/MD5/SHA and encryption using DES-ECB mode.
Unit tests are included for respective digest/encryption functions using this new API. With this change, you can pass configure --without-openssl to use the internally provided functions. If you do have openssl, then it will default to use these functions. This also provides a framework to allow other vendors to provide crypto.
This closes #333, partially addresses #242 (except the pkcs11 engine support). Word has it that openssl is working on support for this, and the libp11 / opensc project are inclined not to support this.
pali [Tue, 9 Aug 2022 09:20:15 +0000 (11:20 +0200)]
pppd: Workaround for generating ppp unit id on Linux (#355)
Linux kernel has nasty bug / feature. If PPPIOCNEWUNIT is called with
negative ppp unit id (which is default option when command line argument
"unit" is not specified; and tells kernel to choose some free ppp unit id)
and the lowest unused/free ppp unit id is present in some existing network
interface name prefixed by "ppp" string then this PPPIOCNEWUNIT ioctl
fails. In this case kernel is basically unable to create a new ppp
interface via PPPIOCNEWUNIT ioctl when user does not specify some unused
and non-conflicted unit id.
Linux kernel should be fixed to choose usable ppp unit id when was
requested via PPPIOCNEWUNIT parameter -1.
Until this happens, add a workaround for pppd to help choosing some random
ppp unit id when kernel returns this error.
Simple test case (run on system when there is no ppp interface):
sudo ./pppd ifname ppp1 nodefaultroute noauth nolock local nodetach pty "./pppd nodefaultroute noauth nolock local nodetach notty"
Second pppd process without this patch prints into syslog following error:
pppd 2.4.10-dev started by pali, uid 0
Couldn't create new ppp unit: File exists
Exit.
With this patch it falls back to random ppp unit id and succeeds:
pppd 2.4.10-dev started by pali, uid 0
Using interface ppp1361
Connect: ppp1361 <--> /dev/pts/14
...
This was previously done by specifying an overriding value for _ROOT_PATH. With this change, this variable is now gone.
Instead, pathnames.h will use the SYSCONFDIR and LOCALSTATEDIR to resolve these paths. These directories is already controlled by
configure.
Package maintainers should be aware though that this may change their current configuration. The convential ./configure way is to
specify:
./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var/run --with-plugin-dir=/usr/lib/pppd/2.4.10
If one omit the --sysconfdir option, then the default location is by ${prefix}/etc which may not be what you want.
Paul Mackerras [Fri, 5 Aug 2022 04:06:33 +0000 (14:06 +1000)]
pppd: Fix compilation on Linux when IPV6 is disabled (#360)
This rearranges the PPP_WITH_IPV6CP guards added in commit 80b8744eb42c ("Changing INET6 to PPP_WITH_IPV6CP and adding configure
option", 2021-08-06) so that we (a) always include the rtnetlink
headers, since we need them for get_ppp_stats_rtnetlink(), and (b)
don't include eui64.h unless we have IPV6 support.
Fixes: 80b8744eb42c ("Changing INET6 to PPP_WITH_IPV6CP and adding configure option") Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
Paul Mackerras [Thu, 4 Aug 2022 02:23:08 +0000 (12:23 +1000)]
pppdump: Avoid out-of-range access to packet buffer
This fixes a potential vulnerability where data is written to spkt.buf
and rpkt.buf without a check on the array index. To fix this, we
check the array index (pkt->cnt) before storing the byte or
incrementing the count. This also means we no longer have a potential
signed integer overflow on the increment of pkt->cnt.
Fortunately, pppdump is not used in the normal process of setting up a
PPP connection, is not installed setuid-root, and is not invoked
automatically in any scenario that I am aware of.
Eivind Næss [Mon, 30 May 2022 05:14:08 +0000 (22:14 -0700)]
For Linux, use the Linux / Glibc based defines instead of included headers
This is to ensure compatibility with the OS you are compiling against and that
headers are maintained in upstream projects.
- Moved PPP_EAP and PPP_ECP into respective header files in lieu of not currently
existing in the linux/ppp_defs.h
- Unchained the top-level ${topsrc_dir}/include, this folder is included for
prosterity and may continue to exist on github, but in the future eliminated from
distribution
- Bogus upstream file in glibc for <net/if_ppp.h>, its content should be replaced
with a simple include to <linux/ppp-ioctl.h>. The lack of an appropriate ifreq
structure with ppp_stats or ppp_comp_stats, implementet that inline (and tested).
- Updated instances where PPP_FCS() macro would expand the fcstab, while PPP_GOODFCS
and PPP_INITFCS is provided in <linux/ppp_defs.h>, the latter is tied to a lookup
table. It's used in two places, so add the PPP_FCS macro where applicable.
Cleanup in pppd/pppd.h, eliminate unecessary headers
This removes the need to include the following heades in pppd.h
<limits.h>, this is included where needed (main.c). The number of groups already retrieved is stored in the "int ngroups" variable.
<sys/params.h>, use MAXPATHLEN where needed
<net/if.h>, such that the value of IFNAMSIZ doesn't have to be declared to include <pppd/pppd.h>