Paul Mackerras [Tue, 19 Aug 2008 11:25:58 +0000 (21:25 +1000)]
Remove various warnings, fix pppol2tp install
This fixes a collection of minor things that were resulting in
harmless warnings (accidental trigraphs, missing prototypes,
signed/unsigned char being used interchangeably) and corrects
an error in the pppol2tp makefile, which meant that it wasn't
installing anything.
Paul Mackerras [Mon, 18 Aug 2008 12:21:18 +0000 (22:21 +1000)]
Remove more stuff that we don't need to distribute
This removes some files from include/linux that any halfway-modern
distro will have under /usr/include, and removes the stuff from the
linux/ directory that we haven't included in the tarballs for ages.
This also moves some MPPE macros from include/{linux,net}/ppp-comp.h
to a new pppd/mppe.h.
Paul Mackerras [Tue, 1 Jul 2008 12:27:56 +0000 (12:27 +0000)]
Clear hungup in start_link() instead of connect_tty()
Since hungup gets set in get_input(), which is generic, but only
cleared in connect_tty(), which is specific to the tty channel type,
other channel types were showing various problems on the second and
subsequent connections when the persist option was used. This fixes
it by clearing hungup in start_link() rather than connect_tty().
Paul Mackerras [Mon, 23 Jun 2008 12:27:39 +0000 (12:27 +0000)]
Remove send/recv_config_pppoa
Plugins have no business to be setting the ppp interface mtu.
The send/recv_config functions are only meant to set the channel
mtu/mru, not the ppp interface mtu/mru.
Paul Mackerras [Mon, 23 Jun 2008 11:47:18 +0000 (11:47 +0000)]
Only kill the whole process group if we have detached
Previously we always sent a signal to the whole of our current process
group when we got a signal such as SIGINT or SIGTERM. That's OK if
we have detached, because then we have our own process group, but not
if we haven't, because there might be other processes in our process
group that we don't know about. In the latter case we now just send
the signal individually to the child processes that we have forked off
to run things like the connect script, charshunt or pty command.
Paul Mackerras [Mon, 23 Jun 2008 11:44:06 +0000 (11:44 +0000)]
Flush the tty when welcomer or connector fails
This avoids having the tcsetsf and the close of the tty device block
for long periods waiting for output to drain, as can happen if for
instance the serial port is in CRTSCTS mode and CTS is negated.
Paul Mackerras [Sun, 15 Jun 2008 07:08:49 +0000 (07:08 +0000)]
Add L2TP support.
Patch from James Chapman.
This patch adds support for L2TP. It allows pppd to interface with the
pppol2tp driver in the Linux kernel. All data packets are handled by
the Linux kernel in order that the datapath be as efficient as
possible, while a userspace daemon implements the L2TP control
protocol, handling tunnel/session setup and teardown. The
implementation uses the PPPoX infrastructure; the architecture is
similar to PPPoE/PPPoATM in that a userspace daemon spawns a pppd
process per PPP session and uses a protocol-specific plugin to connect
pppd with the kernel.
The pppol2tp Linux kernel driver was integrated in the Linux kernel
from 2.6.23. For earlier kernels, an out of tree driver is available
from the pppol2tp-kmod package on the OpenL2TP project site at
http://sourceforge.net/projects/openl2tp.
Signed-off-by: James Chapman <jchapman@katalix.com>
Paul Mackerras [Sun, 15 Jun 2008 06:53:06 +0000 (06:53 +0000)]
Make pppd use blank username/password when explicitly specified
Patch from Jon Dubovsky.
Previously pppd would use its default strategies for working out a
username and password/secret to use if the user gave the empty string
to the user and/or password options. Now we set a flag when an
explicit username is given, and don't do the default username
calculation if the flag is set. Similarly for the password.
Paul Mackerras [Sun, 15 Jun 2008 04:35:50 +0000 (04:35 +0000)]
Add pppoe-mac option to rp-pppoe plugin
This allows the user to specify the MAC address of the pppoe
server that s/he wishes to use. With this option, pppd will
ignore PADO packets from any other MAC address.
Paul Mackerras [Mon, 9 Jun 2008 08:34:23 +0000 (08:34 +0000)]
Updates and fixes for the rp-pppoe plugin
1) Imported the good bits from the rp-pppoe-3.8 release. This plugin
was previously based on the 3.3 release.
2) Split apart the plugin from the pppoe-discovery program so that the
plugin could use pppd functions such as error() rather than things
like fprintf() and syslog().
3) Removed the stuff relating to DLPI and BPF, which isn't used on
Linux; this plugin only works on Linux, and Solaris uses something
quite different.
4) Added a PPPoE packet printer.
5) Removed several unused functions.
6) Instead of using bitfields for the 4-bit version and type fields
in PPPoE packet headers, use a single 8-bit field and define macros
to get the version and type fields out. This eliminates any
dependency on how the compiler lays out bitfields.
7) Sundry cleanups, such as removing unnecessary casts.
8) Last but by no means least, removed calls to exit() and die() so
that the plugin doesn't exit, but returns an error where appropriate,
so that the main pppd code can make the decisions about whether to
exit or not. (The plugin still exits if the specified interface is
not a suitable sort of interface.)
Paul Mackerras [Tue, 3 Jun 2008 12:06:37 +0000 (12:06 +0000)]
Minor tweaks to utils.c
Add a const qualifier to the prefix arg for init_pr_log, and
use OUTCHAR in a couple of places in vslprintf instead of
explicitly putting things in the buffer.
This fixes a bug where we didn't cancel a timeout in the radius code
when the link goes down, leaving us with duplicate timeouts if it
comes back up again. Bug report and patch from Richard Kojedzinszky.
Paul Mackerras [Mon, 26 May 2008 08:33:22 +0000 (08:33 +0000)]
Fix bug 1732 - using un-acked DNS settings
This fixes a bug where we could end up using DNS settings that
were requested but nacked or rejected. The problem was that ipcp_up
was only looking at go->dnsaddr, not at go->req_dns{1,2}.
Paul Mackerras [Wed, 26 Mar 2008 11:34:23 +0000 (11:34 +0000)]
Allow operation without an IP address for the peer
Under Linux, a point-to-point interface can operate without having
a destination IP address assigned to it, because routes can be
directed to the device rather than to a gateway IP address. Some
peers expect us to operate in this manner and refuse to give us
an IP address for them, so this adds a new `noremoteip' option that
tells pppd not to ask for the peer's IP address if the peer doesn't
supply it. There is also a `nosendip' option which tells pppd not
to supply its IP address -- mostly intended for testing.
Solaris requires a destination IP address, so the noremoteip option
is not included on Solaris.
Paul Mackerras [Wed, 26 Mar 2008 10:57:11 +0000 (10:57 +0000)]
Some MS-DNS changes: if the peer sends a conf-nak prompting us
to ask for MS-DNS1 or MS-DNS2, do so; and also fix the code that
prints packets - it was printing "ms-dns3" rather than "ms-dns2".
James Carlson [Wed, 30 Jan 2008 14:26:53 +0000 (14:26 +0000)]
Fixed uninitialized 'pw' variable in HAS_SHADOW logic in session.c due
to flaw in initial integration. Enabled HAS_SHADOW for Solaris, which
always has shadow password files. Fixed all of pppd to compile with gcc
-Wall on Solaris. (Still need fixes for kernel modules; blocking
Makedefs.gcc update.) Tested with and without PAM, with gcc and Sun's
cc.
James Carlson [Tue, 19 Jun 2007 02:08:35 +0000 (02:08 +0000)]
Added new "enable-session" option to enable session accounting and
logging without system-based authentication (works with all PPP
authentication types, including CHAP, unlike the "login" option), and
repaired misuse of wtmpx data in Solaris port.
Contributed by Diego Rivera <diego@rivera.net>.
Paul Mackerras [Tue, 19 Dec 2006 08:38:14 +0000 (08:38 +0000)]
Fix bug in CHAP MS v2 handling where we didn't zero enough.
Changing the response parameter of the ChapMS2 function to an
unsigned char * meant that using sizeof(*response) in a BZERO call
was no longer correct. Instead we need to use MS_CHAP2_RESPONSE_LEN.
Patch from Guillaume Knispel.
Paul Mackerras [Tue, 19 Dec 2006 07:48:19 +0000 (07:48 +0000)]
Fix problem with fd 0 getting closed unintentionally by closelog.
Patch from Alan Curry in
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=298582.
Basically, openlog was getting fd 0 for the log in some circumstances,
and safe_fork() was doing closelog after getting the desired stdin
dup'd to fd 0. This fixes it by doing the closelog a little earlier.
Paul Mackerras [Sun, 18 Jun 2006 11:26:00 +0000 (11:26 +0000)]
Restore original EUID rather than 0 during option processing.
When dropping and regaining privileges during option processing,
the seteuid to regain privileges is now the original EUID rather
than a constant zero. This means that `pppd --version' run without
root privilege prints the version number and exits rather than
giving an "unable to regain privileges" error.
Paul Mackerras [Sun, 4 Jun 2006 05:07:46 +0000 (05:07 +0000)]
Add $(INSTDIR) to installation paths in Linux makefiles.
Patch from Robert Vogelgesang.
This patch re-introduces the possibility for package maintainers to
install into a different filesystem tree. This is done by adding
$(INSTROOT) at various places; the package maintainers can then
issue a
make install INSTROOT=/some/where/else
when they package pppd for their distribution. In previous versions
of the ppp package this was possible using the variable DESTDIR, but
this variable is now used for a different purpose and cannot be
changed via additional parameters of the make command.
Paul Mackerras [Sun, 4 Jun 2006 03:52:50 +0000 (03:52 +0000)]
Fix snafu in run_program(). Patch from Robert Vogelgesang.
This patch splits out the major part of reap_kids() into a new
function, forget_child(), and calls this new function instead of
reap_kids() in run_program(), after having waitpid()'ed for a child.
Rationale:
The waitpid() at the start of reap_kids() has no chance to get the
PID of the child already waited for in run_program().
As a consequence, the PID of that child will stay in the list of all
children until the end of the pppd process, which is bad, because
pppd will then try to kill -TERM that PID (and might kill some
innocent third party at this point).
Paul Mackerras [Mon, 29 May 2006 23:29:16 +0000 (23:29 +0000)]
Remove name checks in the rp-pppoe plugin PPPoEDevnameHook function.
Based on a patch from Alin Nastac. I also made the function only
set the device name and initialize the channel if `doit' is set.
Paul Mackerras [Mon, 22 May 2006 00:04:07 +0000 (00:04 +0000)]
This enables plugins called via hooks/notifiers triggered
by the calls to lcp_close() to see the changed "status" value.
Otherwise (i. e. without this patch) the RADIUS plugin cannot set
the attribute PW_ACCT_TERMINATE_CAUSE to the appropriate values.
Patch from Robert Vogelgesang.
Paul Mackerras [Mon, 22 May 2006 00:01:40 +0000 (00:01 +0000)]
This fixes the RADIUS accounting termination cause when
callback is negotiated via CBCP (report PW_CALLBACK instead of
the default PW_NAS_ERROR).
Patch from Robert Vogelgesang.
Paul Mackerras [Sun, 21 May 2006 07:23:15 +0000 (07:23 +0000)]
Fix segfault when secret is exactly 32 bytes long.
Also fixed a potential problem with secrets longer than 64
bytes, and fixed some signed/unsigned warnings in chap_ms.c.
Paul Mackerras [Thu, 25 Aug 2005 23:59:34 +0000 (23:59 +0000)]
Added an /etc/ppp/ip-pre-up script, run before the interface
is brought up. This necessitated adding a "wait" parameter to
run_program, since we need to wait for this script to finish
before proceeding.
Paul Mackerras [Wed, 13 Jul 2005 10:41:58 +0000 (10:41 +0000)]
Log a message when we succeed or fail in authenticating ourselves
to the peer. The message in the success case is printed in
auth_withpeer_success, but the message in the failure case is
printed by the caller of auth_withpeer_fail (since there are
many possible reasons for failure).
Paul Mackerras [Tue, 12 Jul 2005 01:09:05 +0000 (01:09 +0000)]
Stop the charshunt process after running the disconnector,
rather than immediately a signal is received. With this change
we can send a SIGHUP to pppd and actually have it do the
LCP TermReq/TermAck exchange.
Paul Mackerras [Tue, 12 Jul 2005 01:07:59 +0000 (01:07 +0000)]
Bring up the link on an explicit call from main() rather than
doing it in link_required(). With the old way, it was restarting
the link in the middle of link_terminated().
Paul Mackerras [Sun, 10 Jul 2005 07:31:26 +0000 (07:31 +0000)]
Fix the rechallenge behaviour. Previously, once it sent a rechallenge,
it would ignore the response (except to send a reply with a bogus
message) and retransmit the rechallenge every 3 seconds until it
eventually timed out and took down the link.
Paul Mackerras [Sat, 9 Jul 2005 09:12:48 +0000 (09:12 +0000)]
Don't set the interface MTU in PPPOESendConfig, in fact get rid of
it altogether, and instead set the wanted MRU and allowed MTU to
1492 before starting negotiation.
James Carlson [Sun, 26 Jun 2005 19:34:41 +0000 (19:34 +0000)]
Fixed configure breakage in $archvariant support for Solaris
introduced by fix in RCS ID 1.33 -- failed to configure for WorkShop C
compiler correctly because test was changed from -f (file exists) to
"$archvariant" (variable is non-null).
Fixed ccp.c compilation warnings due to missing argument type in RCS
ID 1.48 fix.
James Carlson [Wed, 4 May 2005 21:31:20 +0000 (21:31 +0000)]
Fix for Sun CR 6257917: the right prefix length for an interface token
is 64 bits, not 10. (10 came from the prefix length of a link-layer
address, but it's not actually used by SIOCSLIFADDR, so it wasn't right
in any case.)
Paul Mackerras [Tue, 22 Mar 2005 09:53:53 +0000 (09:53 +0000)]
From Marco D'Itri.
This is a fix for #294232.
If pppd recognized the peer not to ask for encryption in
his initial offer, it refused any further negotiation.
This change tells the peer using a ConfNak what
encryption options we're able to accept.
This makes the peer send a new ConfReq, usually with
one of the options we're able to accept.
Paul Mackerras [Fri, 31 Dec 2004 11:58:56 +0000 (11:58 +0000)]
Call lcp_close(0) in link_required if the channel connect or
establish_ppp functions fail. It's a bit grotty but it is needed
to get lcp back into closed state so that a future lcp_open will
do what it should.
Paul Mackerras [Fri, 31 Dec 2004 11:49:22 +0000 (11:49 +0000)]
Don't close pty_slave and real_ttyfd in connect_tty if an error
occurs; link_required calls cleanup_tty if connect_tty returns
an error, and that does the closing. Doing the closes in connect_tty
meant that the disconnector couldn't run and the tty mode couldn't
be restored.
Paul Mackerras [Mon, 15 Nov 2004 22:13:26 +0000 (22:13 +0000)]
Get rid of the MS_ChapResponse and MS_Chap2Response structures.
Using a struct to represent an on-the-wire format is basically
broken, since the compiler can add padding between members or
assume alignment for the struct. Instead we just use arrays
of unsigned char and define offsets in the arrays for the various
fields.
James Carlson [Mon, 15 Nov 2004 00:57:54 +0000 (00:57 +0000)]
Cut down on spam from Solaris ppp kernel bits: unknown DLPI primitives
(as encountered on Solaris 10) aren't errors, and need to flush out any
queued up (undecoded) data on the read side after pushing ppp_ahdlc.