Paul Mackerras [Fri, 29 Oct 2004 00:12:27 +0000 (00:12 +0000)]
Add --prefix and --sysconfdir options to configure, and put
@DESTDIR@ and @SYSCONF@ tags in various Makefile.linux files.
These tags get expanded by configure.
Paul Mackerras [Thu, 28 Oct 2004 00:33:47 +0000 (00:33 +0000)]
Patch from Robert Vogelgesang:
This patch enables plugins called via hooks/notifiers triggered
by this call to lcp_close() to see status set here.
Otherwise (i. e. without this patch) the RADIUS plugin has
no chance to set the attribute PW_ACCT_TERMINATE_CAUSE to the
value PW_ACCT_SESSION_TIMEOUT.
Paul Mackerras [Thu, 28 Oct 2004 00:32:32 +0000 (00:32 +0000)]
Patch from Robert Vogelgesang:
This patch fixes the link statistics for connections that
go through multiple IPCP up-down cycles. Such connections
happen typically in a setup where pppd is used as a back-end
by a L2TP daemon, in case the PPP session at the other side
of the L2TP tunnel reconnects, but the L2TP daemon at that
side just reuses the old L2TP tunnel instead of creating a
new one.
The patch is most important when RADIUS accounting is in use:
Each IPCP-down initiates a RADIUS-Accounting-Stop packet, which
indicates the end of a session. Without this patch, the
accounting information in each subsequent RADIUS-Accounting-Stop
packet of the very same connection would contain cumulative
data since the connection start, but not the data of the last
"sub-session"; in other words, the accounting data sent to
the RADIUS server would indicate that the client had used much
more session time and transfered much more data.
NOTE: The problem fixed by this patch exists even when the
radius plugin is not in use; when extracting accounting data
from the syslog, you can work around the bug, because you
can see there that the same instance of pppd had multiple
sessions; you cannot see this in the RADIUS accounting data.
Furthermore, this patch suppresses duplicate printing/syslogging
of identical data.
Paul Mackerras [Thu, 28 Oct 2004 00:24:40 +0000 (00:24 +0000)]
Patch from Robert Vogelgesang:
This patch does two things:
o It adds some debugging messages.
o "cleanup()" will no longer be added to the link_down_notifier
chain.
The debugging messages are obvious.
The problem with cleanup() in the link_down_notifier chain is only
half-way that there could be cases where the link would go up again
and without a further authentication -- I just don't know if this
can happen. But this part of the patch is a work-around for a
_real_ problem/bug in the radius plugin (not the radattr plugin):
The radius plugin calls functions registered via the
radius_attributes_hook after each PAP authentication (which is
correct), but only after the _first_ successful CHAP authentication
during a session. Subsequent CHAP authentications are performed,
but the radius_attributes_hook will not be processed again.
This can happen in a setup where pppd is used as a back-end
by a L2TP daemon, in case the PPP session at the other side
of the L2TP tunnel reconnects, but the L2TP daemon at that
side just reuses the old L2TP tunnel instead of creating a
new one. In such situations, an incomming follow-up session
via an existing T2TP tunnel would re-use the same instance of
pppd; the incomming CHAP authentication would first tear down
the old session, which in turn would call the link_down_notifier.
When the _subsequent_ CHAP authentication succeeds, there is
currently no call to the function assigned to
radius_attributes_hook (here: print_attributes(); THIS BUG
REMAINS AND NEEDS TO BE FIXED).
To summarize: The radius plugin calls the function registered
via the radius_attributes_hook after _each_ successful PAP
authentication, but only after the _first_ successful CHAP
authentication; radius_attributes_hook _should_ be processed
after _each_ successful CHAP authentication.
I have currently no patch for this bug; furthermore, I should
first contact the author of the radius plugin and ask him,
_why_ he has programmed a special handling of subsequent
CHAP authentications.
With the following patch, the follow-up session can re-use the
radattr-file left over from the previous session, which is OK
in our application, but may cause problems in others.
Note: This is only a problem when CHAP is used; subsequent
sessions authenticated with PAP are OK, with and without this
patch.
Paul Mackerras [Thu, 28 Oct 2004 00:21:48 +0000 (00:21 +0000)]
Patch from Robert Vogelgesang:
This patch avoids duplicate session IDs in RADIUS accounting,
when the same pppd instance has multiple sessions during
the same second. This can happen when you have a really
fast RADIUS server and fast clients, e. g. when using pppd
as a back-end for PPPoE (either directly or via L2TP).
Paul Mackerras [Sun, 24 Oct 2004 23:53:05 +0000 (23:53 +0000)]
Don't prepend /dev/ to a possible device name if it already begins
with '/' (i.e. just check for / instead of /dev/ as before).
This allows /udev/blah to be used as a tty device name.
Requested by Pawel Sakowski.
Paul Mackerras [Sun, 24 Oct 2004 23:31:20 +0000 (23:31 +0000)]
Don't use unsigned long in the SHA1 code; we want 32-bit variables
and unsigned long is 64 bits on 64-bit platforms. Use unsigned int
or u_int32_t instead. Pointed out by Oleg Makarenko.
James Carlson [Wed, 14 Apr 2004 02:39:39 +0000 (02:39 +0000)]
Tested with MS-CHAP and CBCP options on Solaris and added options
to makefile.
Repaired support for use of gcc on Solaris x86 -- 32 bit modules also
need -fno-builtin.
MPPE changes broke plain MS-CHAP; repaired errors and cleaned up
compilation warnings due to char/unsigned char differences with non-gcc
compilers.
Describe avpair in pppd-radius.8
Add support for:
NAS-Port-Type (Async/Virtual)
Acct-Terminate-Cause
Selectable NAS-Port-Id equal to interface number or try map via libradiusclient
James Carlson [Mon, 2 Feb 2004 02:52:51 +0000 (02:52 +0000)]
Allow *-max-terminate to be set to zero -- meaning that one Terminate-
Request will be sent, but no waiting will be done. Fixed termination
code so that link statistics are printed only once.
Paul Mackerras [Tue, 13 Jan 2004 04:03:58 +0000 (04:03 +0000)]
PPPoE updates: don't exit if discovery fails, cope with both
protocol field compression and no compression, recognize
nasXXX and tapXXX as devices over which we can do PPPoE.
Patches sent by Marco d'Itri.
Paul Mackerras [Tue, 13 Jan 2004 03:55:52 +0000 (03:55 +0000)]
Change references to cuaN in examples and documentation to ttySN.
Yes, rather linux-centric, I know. Patch from Marco d'Itri
(Debian ppp package maintainer).
James Carlson [Mon, 28 Jul 2003 12:25:41 +0000 (12:25 +0000)]
Fixed the old chap.c so that it works with the new auth.c, since
existing makefiles still refer to chap.c for all but Linux.
Fixed unsolicited Configure-Nak handling in *_nakci -- usenet report
that 'while' loop terminates too early if there's a boolean.
Fixed tiny typo in chap-new.c comment.
Paul Mackerras [Wed, 11 Jun 2003 23:56:26 +0000 (23:56 +0000)]
New CHAP implementation, rewritten from scratch to avoid the code
copyrighted by the uncontactable Gregory Christy. The new code is
much cleaner and splits out all the digest-specific code to separate
files. Thus the CHAP-MD5 stuff is now in chap-md5.c and all the
CHAP-MS and CHAP-MSv2 stuff has moved into chap_ms.c, instead of
having half of it in chap.c.
There are a few minor differences in this implementation; we don't
retransmit responses, but instead just wait for a new challenge.
The success/failure messages are more boring as well. In fact the
digest code now sets the success/failure message.
CHAP_DIGEST_MD5 has been renamed to CHAP_MD5 for consistency.
There is a new function random_bytes() in magic.c, which generates
a string of random bytes.
Frank Cusack [Tue, 13 May 2003 01:25:36 +0000 (01:25 +0000)]
modify ppp_generic patch to avoid an if() test and extra additions on
every pass through ppp_send_frame(); make a 2.4.19+ version of it;
improve mppeinstall.sh.
Frank Cusack [Mon, 12 May 2003 07:31:36 +0000 (07:31 +0000)]
When not in demand mode, defer create_linkpidfile() until we successfully
get a ppp interface. This fixes a bug reported by belle_eden@caramail.com
where pppd might wipe out a still-running previous pppd's pid file.
Frank Cusack [Fri, 25 Apr 2003 08:10:46 +0000 (08:10 +0000)]
rc_get_seqnbr(): Avoid "fscanf failure" errors if the sequence file was
empty. This avoids a spurious error at startup if the sequence file is
kept in /var/run, which is cleared on reboot.
Paul Mackerras [Mon, 7 Apr 2003 00:01:46 +0000 (00:01 +0000)]
Revert the previous change that required channel send_config and
recv_config routines to return a status code. Instead we consider
that an error has occurred if the channel routine calls error()
or bumps error_count explicitly.
James Carlson [Mon, 31 Mar 2003 12:07:28 +0000 (12:07 +0000)]
Made path to 'ld' explicit when building kernel modules. This avoids
trouble with systems that have GNU ld installed and on the path before
the normal /usr/ccs/bin/ld that comes with the system.
Frank Cusack [Wed, 5 Mar 2003 23:01:28 +0000 (23:01 +0000)]
If the peer offers mppe stateful mode (H bit clear), accept it if
mppe-stateful was an option.
This bug wasn't discovered earlier because I haven't seen a system
that offers stateful mode "only". A bug report from Dmitry Glushenok
shows that Windows RRAS refuses stateless mode for dialup connections.
For dialup, it almost makes sense that one could use stateful mode safely,
but if you accept that argument (difficult to attack a dialup connection)
then it also follows that mppe as a whole is not useful over dialup.