Paul Mackerras [Sun, 18 Jun 2006 11:26:00 +0000 (11:26 +0000)]
Restore original EUID rather than 0 during option processing.
When dropping and regaining privileges during option processing,
the seteuid to regain privileges is now the original EUID rather
than a constant zero. This means that `pppd --version' run without
root privilege prints the version number and exits rather than
giving an "unable to regain privileges" error.
Paul Mackerras [Sun, 4 Jun 2006 05:07:46 +0000 (05:07 +0000)]
Add $(INSTDIR) to installation paths in Linux makefiles.
Patch from Robert Vogelgesang.
This patch re-introduces the possibility for package maintainers to
install into a different filesystem tree. This is done by adding
$(INSTROOT) at various places; the package maintainers can then
issue a
make install INSTROOT=/some/where/else
when they package pppd for their distribution. In previous versions
of the ppp package this was possible using the variable DESTDIR, but
this variable is now used for a different purpose and cannot be
changed via additional parameters of the make command.
Paul Mackerras [Sun, 4 Jun 2006 03:52:50 +0000 (03:52 +0000)]
Fix snafu in run_program(). Patch from Robert Vogelgesang.
This patch splits out the major part of reap_kids() into a new
function, forget_child(), and calls this new function instead of
reap_kids() in run_program(), after having waitpid()'ed for a child.
Rationale:
The waitpid() at the start of reap_kids() has no chance to get the
PID of the child already waited for in run_program().
As a consequence, the PID of that child will stay in the list of all
children until the end of the pppd process, which is bad, because
pppd will then try to kill -TERM that PID (and might kill some
innocent third party at this point).
Paul Mackerras [Mon, 29 May 2006 23:29:16 +0000 (23:29 +0000)]
Remove name checks in the rp-pppoe plugin PPPoEDevnameHook function.
Based on a patch from Alin Nastac. I also made the function only
set the device name and initialize the channel if `doit' is set.
Paul Mackerras [Mon, 22 May 2006 00:04:07 +0000 (00:04 +0000)]
This enables plugins called via hooks/notifiers triggered
by the calls to lcp_close() to see the changed "status" value.
Otherwise (i. e. without this patch) the RADIUS plugin cannot set
the attribute PW_ACCT_TERMINATE_CAUSE to the appropriate values.
Patch from Robert Vogelgesang.
Paul Mackerras [Mon, 22 May 2006 00:01:40 +0000 (00:01 +0000)]
This fixes the RADIUS accounting termination cause when
callback is negotiated via CBCP (report PW_CALLBACK instead of
the default PW_NAS_ERROR).
Patch from Robert Vogelgesang.
Paul Mackerras [Sun, 21 May 2006 07:23:15 +0000 (07:23 +0000)]
Fix segfault when secret is exactly 32 bytes long.
Also fixed a potential problem with secrets longer than 64
bytes, and fixed some signed/unsigned warnings in chap_ms.c.
Paul Mackerras [Thu, 25 Aug 2005 23:59:34 +0000 (23:59 +0000)]
Added an /etc/ppp/ip-pre-up script, run before the interface
is brought up. This necessitated adding a "wait" parameter to
run_program, since we need to wait for this script to finish
before proceeding.
Paul Mackerras [Wed, 13 Jul 2005 10:41:58 +0000 (10:41 +0000)]
Log a message when we succeed or fail in authenticating ourselves
to the peer. The message in the success case is printed in
auth_withpeer_success, but the message in the failure case is
printed by the caller of auth_withpeer_fail (since there are
many possible reasons for failure).
Paul Mackerras [Tue, 12 Jul 2005 01:09:05 +0000 (01:09 +0000)]
Stop the charshunt process after running the disconnector,
rather than immediately a signal is received. With this change
we can send a SIGHUP to pppd and actually have it do the
LCP TermReq/TermAck exchange.
Paul Mackerras [Tue, 12 Jul 2005 01:07:59 +0000 (01:07 +0000)]
Bring up the link on an explicit call from main() rather than
doing it in link_required(). With the old way, it was restarting
the link in the middle of link_terminated().
Paul Mackerras [Sun, 10 Jul 2005 07:31:26 +0000 (07:31 +0000)]
Fix the rechallenge behaviour. Previously, once it sent a rechallenge,
it would ignore the response (except to send a reply with a bogus
message) and retransmit the rechallenge every 3 seconds until it
eventually timed out and took down the link.
Paul Mackerras [Sat, 9 Jul 2005 09:12:48 +0000 (09:12 +0000)]
Don't set the interface MTU in PPPOESendConfig, in fact get rid of
it altogether, and instead set the wanted MRU and allowed MTU to
1492 before starting negotiation.
James Carlson [Sun, 26 Jun 2005 19:34:41 +0000 (19:34 +0000)]
Fixed configure breakage in $archvariant support for Solaris
introduced by fix in RCS ID 1.33 -- failed to configure for WorkShop C
compiler correctly because test was changed from -f (file exists) to
"$archvariant" (variable is non-null).
Fixed ccp.c compilation warnings due to missing argument type in RCS
ID 1.48 fix.
James Carlson [Wed, 4 May 2005 21:31:20 +0000 (21:31 +0000)]
Fix for Sun CR 6257917: the right prefix length for an interface token
is 64 bits, not 10. (10 came from the prefix length of a link-layer
address, but it's not actually used by SIOCSLIFADDR, so it wasn't right
in any case.)
Paul Mackerras [Tue, 22 Mar 2005 09:53:53 +0000 (09:53 +0000)]
From Marco D'Itri.
This is a fix for #294232.
If pppd recognized the peer not to ask for encryption in
his initial offer, it refused any further negotiation.
This change tells the peer using a ConfNak what
encryption options we're able to accept.
This makes the peer send a new ConfReq, usually with
one of the options we're able to accept.
Paul Mackerras [Fri, 31 Dec 2004 11:58:56 +0000 (11:58 +0000)]
Call lcp_close(0) in link_required if the channel connect or
establish_ppp functions fail. It's a bit grotty but it is needed
to get lcp back into closed state so that a future lcp_open will
do what it should.
Paul Mackerras [Fri, 31 Dec 2004 11:49:22 +0000 (11:49 +0000)]
Don't close pty_slave and real_ttyfd in connect_tty if an error
occurs; link_required calls cleanup_tty if connect_tty returns
an error, and that does the closing. Doing the closes in connect_tty
meant that the disconnector couldn't run and the tty mode couldn't
be restored.
Paul Mackerras [Mon, 15 Nov 2004 22:13:26 +0000 (22:13 +0000)]
Get rid of the MS_ChapResponse and MS_Chap2Response structures.
Using a struct to represent an on-the-wire format is basically
broken, since the compiler can add padding between members or
assume alignment for the struct. Instead we just use arrays
of unsigned char and define offsets in the arrays for the various
fields.
James Carlson [Mon, 15 Nov 2004 00:57:54 +0000 (00:57 +0000)]
Cut down on spam from Solaris ppp kernel bits: unknown DLPI primitives
(as encountered on Solaris 10) aren't errors, and need to flush out any
queued up (undecoded) data on the read side after pushing ppp_ahdlc.
Paul Mackerras [Sun, 14 Nov 2004 07:26:26 +0000 (07:26 +0000)]
Simplified and cleaned up the radiusclient implementation, and
made it use pppd facilities where relevant. All the bits of
radiusclient that we actually need are now in the plugins/radius
directory.
Paul Mackerras [Sat, 13 Nov 2004 12:22:49 +0000 (12:22 +0000)]
Correctly escape or unescape hypens in the man pages.
Without this patch "-" is rendered as the endash in unicode
consoles and then bad things happen. From Marco d'Itri.
Paul Mackerras [Sat, 13 Nov 2004 12:07:29 +0000 (12:07 +0000)]
Exit with an error if both demand and notty are given.
Don't require a connect script with demand if we are using
the pty or socket options.
Enforce the connect_delay if we are using the socket option.
Paul Mackerras [Sat, 13 Nov 2004 02:28:15 +0000 (02:28 +0000)]
Add a 'treat as reject' parameter to the nakci functions.
Use it to make sure we don't keep requesting the same IP
address over and over when it keeps getting nacked.
Paul Mackerras [Fri, 12 Nov 2004 10:30:51 +0000 (10:30 +0000)]
Multilink improvements. This involved moving some logic from the
main loop in main.c into link_required() and link_terminated() in
auth.c and adding code to multilink.c. We now make a tdb entry
with the list of pppd pids for all the links in the bundle, and the
master pppd uses this to send a SIGHUP to each one when the bundle
is terminated.
We still have one pppd controlling both the bundle and the first link,
but when that link goes down, assuming that other links still exist,
the first link's pppd will clean up after that link but then stay
running until all the links have disconnected. So it is possible to
lose the first link without losing the bundle.
This requires a small kernel patch which I will be sending to the
kernel maintainers shortly.
Paul Mackerras [Mon, 8 Nov 2004 11:45:59 +0000 (11:45 +0000)]
Fix an infinite negotiation loop where we would respond to a
configure-reject for the IPCP Addresses option with another
IPCP configure-request containing the Addresses option.