]> git.ozlabs.org Git - ppp.git/log
ppp.git
20 years agoUpdate with info about chap_verify_hook, which has replaced
Paul Mackerras [Tue, 12 Jul 2005 08:56:07 +0000 (08:56 +0000)]
Update with info about chap_verify_hook, which has replaced
chap_auth_hook.

20 years agoUpdate to 2.4.4b1
Paul Mackerras [Tue, 12 Jul 2005 07:45:15 +0000 (07:45 +0000)]
Update to 2.4.4b1

20 years agoClean up base64_encode a bit more.
Paul Mackerras [Tue, 12 Jul 2005 07:44:47 +0000 (07:44 +0000)]
Clean up base64_encode a bit more.

20 years agoAssume that we have libcrypt if we have /usr/include/crypt.h.
Paul Mackerras [Tue, 12 Jul 2005 01:50:23 +0000 (01:50 +0000)]
Assume that we have libcrypt if we have /usr/include/crypt.h.
This should fix linking on 64-bit architectures.

20 years agoStop the charshunt process after running the disconnector,
Paul Mackerras [Tue, 12 Jul 2005 01:09:05 +0000 (01:09 +0000)]
Stop the charshunt process after running the disconnector,
rather than immediately a signal is received.  With this change
we can send a SIGHUP to pppd and actually have it do the
LCP TermReq/TermAck exchange.

20 years agoBring up the link on an explicit call from main() rather than
Paul Mackerras [Tue, 12 Jul 2005 01:07:59 +0000 (01:07 +0000)]
Bring up the link on an explicit call from main() rather than
doing it in link_required().  With the old way, it was restarting
the link in the middle of link_terminated().

20 years agoAdd a bit more space to the output buffer for base64 encoding,
Paul Mackerras [Sun, 10 Jul 2005 11:43:25 +0000 (11:43 +0000)]
Add a bit more space to the output buffer for base64 encoding,
to prevent 4-character usernames getting truncated.

20 years agoGet the plugins from the right directory when DESTDIR isn't /usr.
Paul Mackerras [Sun, 10 Jul 2005 11:19:10 +0000 (11:19 +0000)]
Get the plugins from the right directory when DESTDIR isn't /usr.

20 years agoReturn the message from the radius server to the peer.
Paul Mackerras [Sun, 10 Jul 2005 10:28:55 +0000 (10:28 +0000)]
Return the message from the radius server to the peer.

20 years agoFix the rechallenge behaviour. Previously, once it sent a rechallenge,
Paul Mackerras [Sun, 10 Jul 2005 07:31:26 +0000 (07:31 +0000)]
Fix the rechallenge behaviour.  Previously, once it sent a rechallenge,
it would ignore the response (except to send a reply with a bogus
message) and retransmit the rechallenge every 3 seconds until it
eventually timed out and took down the link.

20 years agoDon't set the interface MTU in PPPOESendConfig, in fact get rid of
Paul Mackerras [Sat, 9 Jul 2005 09:12:48 +0000 (09:12 +0000)]
Don't set the interface MTU in PPPOESendConfig, in fact get rid of
it altogether, and instead set the wanted MRU and allowed MTU to
1492 before starting negotiation.

20 years agoClear the wtmp entry in plogout whether or not USE_PAM is defined,
Paul Mackerras [Sat, 9 Jul 2005 05:49:44 +0000 (05:49 +0000)]
Clear the wtmp entry in plogout whether or not USE_PAM is defined,
for symmetry with plogin, which creates it whether or not USE_PAM
is defined.

20 years agoFix the return value from setpassfilter and setactivefilter - it
Paul Mackerras [Sat, 9 Jul 2005 04:58:36 +0000 (04:58 +0000)]
Fix the return value from setpassfilter and setactivefilter - it
should be 1 if the value was OK or 0 if it wasn't.

20 years agoFixed kernel memory leaks reported by Jin Jiang along with some
James Carlson [Mon, 27 Jun 2005 00:59:57 +0000 (00:59 +0000)]
Fixed kernel memory leaks reported by Jin Jiang along with some
readability and commenting problems that led to the leaks.

20 years agoAdded support for x64 (AMD Opteron/Athlon and Intel EM64T) on Solaris
James Carlson [Sun, 26 Jun 2005 23:53:17 +0000 (23:53 +0000)]
Added support for x64 (AMD Opteron/Athlon and Intel EM64T) on Solaris
using Sun WorkShop or gcc.

20 years agoFixed configure breakage in $archvariant support for Solaris
James Carlson [Sun, 26 Jun 2005 19:34:41 +0000 (19:34 +0000)]
Fixed configure breakage in $archvariant support for Solaris
introduced by fix in RCS ID 1.33 -- failed to configure for WorkShop C
compiler correctly because test was changed from -f (file exists) to
"$archvariant" (variable is non-null).

Fixed ccp.c compilation warnings due to missing argument type in RCS
ID 1.48 fix.

20 years agoFix for Sun CR 6257917: the right prefix length for an interface token
James Carlson [Wed, 4 May 2005 21:31:20 +0000 (21:31 +0000)]
Fix for Sun CR 6257917: the right prefix length for an interface token
is 64 bits, not 10.  (10 came from the prefix length of a link-layer
address, but it's not actually used by SIOCSLIFADDR, so it wasn't right
in any case.)

20 years agoMake the description of the call option more verbose, and
Paul Mackerras [Tue, 22 Mar 2005 10:48:37 +0000 (10:48 +0000)]
Make the description of the call option more verbose, and
allegedly clearer.  From Marco D'Itri.

20 years agoFrom Marco D'Itri: fix for an earlier patch from him.
Paul Mackerras [Tue, 22 Mar 2005 10:27:07 +0000 (10:27 +0000)]
From Marco D'Itri: fix for an earlier patch from him.

20 years agoFrom Marco D'Itri.
Paul Mackerras [Tue, 22 Mar 2005 10:22:32 +0000 (10:22 +0000)]
From Marco D'Itri.

Apparently some French ISPs really send PADO packets from
multicast MAC addresses. :-(

20 years agoFrom Marco D'Itri.
Paul Mackerras [Tue, 22 Mar 2005 09:53:53 +0000 (09:53 +0000)]
From Marco D'Itri.

This is a fix for #294232.

If pppd recognized the peer not to ask for encryption in
his initial offer, it refused any further negotiation.

This change tells the peer using a ConfNak what
encryption options we're able to accept.
This makes the peer send a new ConfReq, usually with
one of the options we're able to accept.

20 years agoDo an lcp_close whenever the link terminates, not just if it
Paul Mackerras [Mon, 21 Mar 2005 09:20:16 +0000 (09:20 +0000)]
Do an lcp_close whenever the link terminates, not just if it
terminates because of an error.  This is needed for persist
to work properly.

20 years agoCall lcp_close(0) in link_required if the channel connect or
Paul Mackerras [Fri, 31 Dec 2004 11:58:56 +0000 (11:58 +0000)]
Call lcp_close(0) in link_required if the channel connect or
establish_ppp functions fail.  It's a bit grotty but it is needed
to get lcp back into closed state so that a future lcp_open will
do what it should.

20 years agoDon't close pty_slave and real_ttyfd in connect_tty if an error
Paul Mackerras [Fri, 31 Dec 2004 11:49:22 +0000 (11:49 +0000)]
Don't close pty_slave and real_ttyfd in connect_tty if an error
occurs; link_required calls cleanup_tty if connect_tty returns
an error, and that does the closing.  Doing the closes in connect_tty
meant that the disconnector couldn't run and the tty mode couldn't
be restored.

20 years agoDLT_PPP_WITH_DIRECTION should be DLT_PPP_WITHDIRECTION.
Paul Mackerras [Fri, 31 Dec 2004 06:19:27 +0000 (06:19 +0000)]
DLT_PPP_WITH_DIRECTION should be DLT_PPP_WITHDIRECTION.
Thanks to Stefan Petersen for pointing this out.

20 years agoGet rid of the MS_ChapResponse and MS_Chap2Response structures.
Paul Mackerras [Mon, 15 Nov 2004 22:13:26 +0000 (22:13 +0000)]
Get rid of the MS_ChapResponse and MS_Chap2Response structures.
Using a struct to represent an on-the-wire format is basically
broken, since the compiler can add padding between members or
assume alignment for the struct.  Instead we just use arrays
of unsigned char and define offsets in the arrays for the various
fields.

20 years agoCut down on spam from Solaris ppp kernel bits: unknown DLPI primitives
James Carlson [Mon, 15 Nov 2004 00:57:54 +0000 (00:57 +0000)]
Cut down on spam from Solaris ppp kernel bits: unknown DLPI primitives
(as encountered on Solaris 10) aren't errors, and need to flush out any
queued up (undecoded) data on the read side after pushing ppp_ahdlc.

20 years agoAdded log messages for LCP Identification, Time-Remaining, and other
James Carlson [Sun, 14 Nov 2004 22:53:42 +0000 (22:53 +0000)]
Added log messages for LCP Identification, Time-Remaining, and other
more obscure protocols.

20 years agoUse the ipparam value as the PW_CALLING_STATION_ID value v2.4.3
Paul Mackerras [Sun, 14 Nov 2004 10:27:57 +0000 (10:27 +0000)]
Use the ipparam value as the PW_CALLING_STATION_ID value
if no value has been set for remote_number.

20 years agoAdd radius to the list of plugins to be compiled by default
Paul Mackerras [Sun, 14 Nov 2004 07:58:58 +0000 (07:58 +0000)]
Add radius to the list of plugins to be compiled by default

20 years agomake sure plugins get installed in the right place
Paul Mackerras [Sun, 14 Nov 2004 07:58:37 +0000 (07:58 +0000)]
make sure plugins get installed in the right place

20 years agoMake sure we install plugins in the right place
Paul Mackerras [Sun, 14 Nov 2004 07:33:45 +0000 (07:33 +0000)]
Make sure we install plugins in the right place

20 years agoSimplified and cleaned up the radiusclient implementation, and
Paul Mackerras [Sun, 14 Nov 2004 07:26:26 +0000 (07:26 +0000)]
Simplified and cleaned up the radiusclient implementation, and
made it use pppd facilities where relevant.  All the bits of
radiusclient that we actually need are now in the plugins/radius
directory.

20 years agoAdd these files, used with TDB.
Paul Mackerras [Sat, 13 Nov 2004 12:34:20 +0000 (12:34 +0000)]
Add these files, used with TDB.

20 years agoApparently the IBM patent on LZW is still pending.
Paul Mackerras [Sat, 13 Nov 2004 12:25:54 +0000 (12:25 +0000)]
Apparently the IBM patent on LZW is still pending.

20 years agoCorrectly escape or unescape hypens in the man pages.
Paul Mackerras [Sat, 13 Nov 2004 12:22:49 +0000 (12:22 +0000)]
Correctly escape or unescape hypens in the man pages.
Without this patch "-" is rendered as the endash in unicode
consoles and then bad things happen.  From Marco d'Itri.

20 years agoAdd pppoe-discovery program, from Marco D'Itri
Paul Mackerras [Sat, 13 Nov 2004 12:14:59 +0000 (12:14 +0000)]
Add pppoe-discovery program, from Marco D'Itri

20 years agoUpdate
Paul Mackerras [Sat, 13 Nov 2004 12:08:01 +0000 (12:08 +0000)]
Update

20 years agoExit with an error if both demand and notty are given.
Paul Mackerras [Sat, 13 Nov 2004 12:07:29 +0000 (12:07 +0000)]
Exit with an error if both demand and notty are given.
Don't require a connect script with demand if we are using
the pty or socket options.
Enforce the connect_delay if we are using the socket option.

20 years agoMake SIGHUP just take down the link now, not the bundle.
Paul Mackerras [Sat, 13 Nov 2004 12:05:48 +0000 (12:05 +0000)]
Make SIGHUP just take down the link now, not the bundle.
Be a bit more careful about quitting when we get a SIGTERM
or SIGINT.

20 years agoUpdate for the recent multilink fixes
Paul Mackerras [Sat, 13 Nov 2004 12:04:02 +0000 (12:04 +0000)]
Update for the recent multilink fixes

20 years agoTerminate IPCP if the peer refuses to agree to our IP address.
Paul Mackerras [Sat, 13 Nov 2004 12:03:26 +0000 (12:03 +0000)]
Terminate IPCP if the peer refuses to agree to our IP address.

20 years agoNew version of TDB code, borrowed from samba.
Paul Mackerras [Sat, 13 Nov 2004 12:02:22 +0000 (12:02 +0000)]
New version of TDB code, borrowed from samba.

20 years agoMention multilink and TDB updates
Paul Mackerras [Sat, 13 Nov 2004 12:00:38 +0000 (12:00 +0000)]
Mention multilink and TDB updates

20 years agoAdd a 'treat as reject' parameter to the nakci functions.
Paul Mackerras [Sat, 13 Nov 2004 02:28:15 +0000 (02:28 +0000)]
Add a 'treat as reject' parameter to the nakci functions.
Use it to make sure we don't keep requesting the same IP
address over and over when it keeps getting nacked.

20 years agoDon't allow the client to ask for callback, since we don't
Paul Mackerras [Fri, 12 Nov 2004 11:42:46 +0000 (11:42 +0000)]
Don't allow the client to ask for callback, since we don't
support it.

20 years agoCreate link pid file (from the linkname option value) straight
Paul Mackerras [Fri, 12 Nov 2004 11:21:41 +0000 (11:21 +0000)]
Create link pid file (from the linkname option value) straight
away when starting pppd.  Suggested by Shun-ichi TAHARA.

20 years agoMultilink improvements. This involved moving some logic from the
Paul Mackerras [Fri, 12 Nov 2004 10:30:51 +0000 (10:30 +0000)]
Multilink improvements.  This involved moving some logic from the
main loop in main.c into link_required() and link_terminated() in
auth.c and adding code to multilink.c.  We now make a tdb entry
with the list of pppd pids for all the links in the bundle, and the
master pppd uses this to send a SIGHUP to each one when the bundle
is terminated.

We still have one pppd controlling both the bundle and the first link,
but when that link goes down, assuming that other links still exist,
the first link's pppd will clean up after that link but then stay
running until all the links have disconnected.  So it is possible to
lose the first link without losing the bundle.

This requires a small kernel patch which I will be sending to the
kernel maintainers shortly.

20 years agosquish a compile warning
Paul Mackerras [Fri, 12 Nov 2004 09:57:43 +0000 (09:57 +0000)]
squish a compile warning

20 years agoWhen using the notty option, close off stdin and stdout once the
Paul Mackerras [Fri, 12 Nov 2004 09:51:23 +0000 (09:51 +0000)]
When using the notty option, close off stdin and stdout once the
charshunt has been started.  Also close off stderr unless it is the
log_to_fd.

20 years agoCope with /proc/net/ipx/interface as well as /proc/net/ipx_interface.
Paul Mackerras [Tue, 9 Nov 2004 22:50:18 +0000 (22:50 +0000)]
Cope with /proc/net/ipx/interface as well as /proc/net/ipx_interface.
Added a couple of unrelated comments as well.

20 years agoAdd __attribute__((__packed__)) to the MS-CHAP response structures
Paul Mackerras [Tue, 9 Nov 2004 22:49:05 +0000 (22:49 +0000)]
Add __attribute__((__packed__)) to the MS-CHAP response structures
since they may be unaligned and may not be padded.

20 years agoAdd an underscore to the MD5 routine names so they can more
Paul Mackerras [Tue, 9 Nov 2004 22:39:25 +0000 (22:39 +0000)]
Add an underscore to the MD5 routine names so they can more
easily be replaced by the openssl versions.

20 years agoMove sys_init call after we have occupied fds 0, 1, 2.
Paul Mackerras [Tue, 9 Nov 2004 22:35:02 +0000 (22:35 +0000)]
Move sys_init call after we have occupied fds 0, 1, 2.

20 years agoArrange for holdoff_specified to be set if the holdoff option
Paul Mackerras [Tue, 9 Nov 2004 22:33:35 +0000 (22:33 +0000)]
Arrange for holdoff_specified to be set if the holdoff option
is used; make child-timeout option use OPT_PRIO.

20 years agoCorrect my email address.
Paul Mackerras [Mon, 8 Nov 2004 11:50:00 +0000 (11:50 +0000)]
Correct my email address.

20 years agoFix an infinite negotiation loop where we would respond to a
Paul Mackerras [Mon, 8 Nov 2004 11:45:59 +0000 (11:45 +0000)]
Fix an infinite negotiation loop where we would respond to a
configure-reject for the IPCP Addresses option with another
IPCP configure-request containing the Addresses option.

20 years agoNew pppoatm plugin, sent in by David Woodhouse.
Paul Mackerras [Sat, 6 Nov 2004 11:36:54 +0000 (11:36 +0000)]
New pppoatm plugin, sent in by David Woodhouse.

20 years agoMention winbind plugin
Paul Mackerras [Sat, 6 Nov 2004 05:59:42 +0000 (05:59 +0000)]
Mention winbind plugin

20 years agoRun ntlm_auth as the user that invoked pppd.
Paul Mackerras [Sat, 6 Nov 2004 05:44:55 +0000 (05:44 +0000)]
Run ntlm_auth as the user that invoked pppd.
Make the ntlm_auth-helper option privileged.
Use safe_fork to manage fds over the fork.

20 years agoExtend safe_fork to include the shuffling of fds to get the
Paul Mackerras [Sat, 6 Nov 2004 05:42:29 +0000 (05:42 +0000)]
Extend safe_fork to include the shuffling of fds to get the
ones we want on fds 0, 1, 2.

20 years agoDon't ask for CHAP if we don't have any digests to use.
Paul Mackerras [Sat, 6 Nov 2004 05:39:23 +0000 (05:39 +0000)]
Don't ask for CHAP if we don't have any digests to use.

20 years agoAdd winbind plugin from Andrew Bartlet.
Paul Mackerras [Thu, 4 Nov 2004 12:00:07 +0000 (12:00 +0000)]
Add winbind plugin from Andrew Bartlet.
Changes to chap_ms.[ch] needed by winbind.

20 years agoUpdate for 2.4.3b1 release
Paul Mackerras [Thu, 4 Nov 2004 11:58:14 +0000 (11:58 +0000)]
Update for 2.4.3b1 release

20 years agoUpdate patch level to 2.4.3b1
Paul Mackerras [Thu, 4 Nov 2004 10:08:28 +0000 (10:08 +0000)]
Update patch level to 2.4.3b1

20 years agoFix an fd leak on the discovery socket.
Paul Mackerras [Thu, 4 Nov 2004 10:07:37 +0000 (10:07 +0000)]
Fix an fd leak on the discovery socket.
Remove some unused code.

20 years agoTake out some ancient debugging code.
Paul Mackerras [Thu, 4 Nov 2004 10:05:23 +0000 (10:05 +0000)]
Take out some ancient debugging code.

20 years agoRemove the requirement that redistributions in binary form reproduce
Paul Mackerras [Thu, 4 Nov 2004 10:02:26 +0000 (10:02 +0000)]
Remove the requirement that redistributions in binary form reproduce
the copyright conditions in documentation from my copyright notice.
It still remains in CMU's and others' copyright notices.

20 years agoFix the error message when a device name and the socket option
Paul Mackerras [Thu, 4 Nov 2004 09:59:12 +0000 (09:59 +0000)]
Fix the error message when a device name and the socket option
are both specified.  Make it clearer how ttyfd gets set.

20 years agodocument the child-timeout option
Paul Mackerras [Thu, 4 Nov 2004 09:57:42 +0000 (09:57 +0000)]
document the child-timeout option

20 years agoDon't log messages in signal handlers; defer it to mainline
Paul Mackerras [Thu, 4 Nov 2004 09:56:26 +0000 (09:56 +0000)]
Don't log messages in signal handlers; defer it to mainline
Logging in signal handlers can cause deadlocks.

20 years agoAdd a timeout when waiting for child processes to exit before pppd
Paul Mackerras [Thu, 4 Nov 2004 09:46:50 +0000 (09:46 +0000)]
Add a timeout when waiting for child processes to exit before pppd
exits.  Send a SIGTERM to the child processes if the timeout expires
or if pppd gets a SIGTERM or SIGINT itself.

20 years agoremove duplicate $(CDEFS)
Paul Mackerras [Wed, 3 Nov 2004 11:51:47 +0000 (11:51 +0000)]
remove duplicate $(CDEFS)

20 years agoUse Makedefs.com rather than solaris/Makedefs, since Makedefs.com
Paul Mackerras [Mon, 1 Nov 2004 09:31:07 +0000 (09:31 +0000)]
Use Makedefs.com rather than solaris/Makedefs, since Makedefs.com
has @DESTDIR@ etc. substituted.
Move installation of kernel modules to a install-modules target
so that it can be compiled and installed in an alternate directory
as non-root for the build farm.

20 years agoFix construction of $ksrc/Makefile for Solaris
Paul Mackerras [Mon, 1 Nov 2004 03:54:47 +0000 (03:54 +0000)]
Fix construction of $ksrc/Makefile for Solaris

20 years agoOnly compile in filtering if /usr/include/pcap-bpf.h exists.
Paul Mackerras [Mon, 1 Nov 2004 03:49:20 +0000 (03:49 +0000)]
Only compile in filtering if /usr/include/pcap-bpf.h exists.

20 years agoAdd installcheck targets to keep the autobuilder happy
Paul Mackerras [Sun, 31 Oct 2004 22:26:25 +0000 (22:26 +0000)]
Add installcheck targets to keep the autobuilder happy
(see http://build.samba.org/)

20 years agoRemove dependencies on CHAPMS definition in header files.
Paul Mackerras [Sun, 31 Oct 2004 22:23:18 +0000 (22:23 +0000)]
Remove dependencies on CHAPMS definition in header files.
Fix bug in filling in mdtype field when we NAK and suggest CHAP.
Ask for/suggest MD5 before MSCHAP{v2,} digest.

20 years agoTake out the -o root argument to install. It is the default anyway
Paul Mackerras [Sun, 31 Oct 2004 22:09:03 +0000 (22:09 +0000)]
Take out the -o root argument to install.  It is the default anyway
when installing as root, and it causes errors in the build farm testing.

20 years agoCope better when prototype Makefiles don't exist.
Paul Mackerras [Sun, 31 Oct 2004 21:31:01 +0000 (21:31 +0000)]
Cope better when prototype Makefiles don't exist.
Restore $archvariant stuff for solaris.

20 years agoPut man pages in /usr/share/man under Linux.
Paul Mackerras [Sun, 31 Oct 2004 21:27:24 +0000 (21:27 +0000)]
Put man pages in /usr/share/man under Linux.

21 years agoSupport --prefix and --sysconfdir on Solaris too
Paul Mackerras [Sun, 31 Oct 2004 00:06:18 +0000 (00:06 +0000)]
Support --prefix and --sysconfdir on Solaris too

21 years agoAdd --prefix and --sysconfdir options to configure, and put
Paul Mackerras [Fri, 29 Oct 2004 00:12:27 +0000 (00:12 +0000)]
Add --prefix and --sysconfdir options to configure, and put
@DESTDIR@ and @SYSCONF@ tags in various Makefile.linux files.
These tags get expanded by configure.

21 years agoPatch from Robert Vogelgesang:
Paul Mackerras [Thu, 28 Oct 2004 00:33:47 +0000 (00:33 +0000)]
Patch from Robert Vogelgesang:
This patch enables plugins called via hooks/notifiers triggered
by this call to lcp_close() to see status set here.
Otherwise (i. e. without this patch) the RADIUS plugin has
no chance to set the attribute PW_ACCT_TERMINATE_CAUSE to the
value PW_ACCT_SESSION_TIMEOUT.

21 years agoPatch from Robert Vogelgesang:
Paul Mackerras [Thu, 28 Oct 2004 00:32:32 +0000 (00:32 +0000)]
Patch from Robert Vogelgesang:
This patch fixes the link statistics for connections that
go through multiple IPCP up-down cycles.  Such connections
happen typically in a setup where pppd is used as a back-end
by a L2TP daemon, in case the PPP session at the other side
of the L2TP tunnel reconnects, but the L2TP daemon at that
side just reuses the old L2TP tunnel instead of creating a
new one.

The patch is most important when RADIUS accounting is in use:
Each IPCP-down initiates a RADIUS-Accounting-Stop packet, which
indicates the end of a session.  Without this patch, the
accounting information in each subsequent RADIUS-Accounting-Stop
packet of the very same connection would contain cumulative
data since the connection start, but not the data of the last
"sub-session"; in other words, the accounting data sent to
the RADIUS server would indicate that the client had used much
more session time and transfered much more data.
NOTE: The problem fixed by this patch exists even when the
radius plugin is not in use; when extracting accounting data
from the syslog, you can work around the bug, because you
can see there that the same instance of pppd had multiple
sessions; you cannot see this in the RADIUS accounting data.

Furthermore, this patch suppresses duplicate printing/syslogging
of identical data.

21 years agoPatch from Robert Vogelgesang:
Paul Mackerras [Thu, 28 Oct 2004 00:24:40 +0000 (00:24 +0000)]
Patch from Robert Vogelgesang:
This patch does two things:
o It adds some debugging messages.
o "cleanup()" will no longer be added to the link_down_notifier
chain.
The debugging messages are obvious.
The problem with cleanup() in the link_down_notifier chain is only
half-way that there could be cases where the link would go up again
and without a further authentication -- I just don't know if this
can happen.  But this part of the patch is a work-around for a
_real_ problem/bug in the radius plugin (not the radattr plugin):

The radius plugin calls functions registered via the
radius_attributes_hook after each PAP authentication (which is
correct), but only after the _first_ successful CHAP authentication
during a session.  Subsequent CHAP authentications are performed,
but the radius_attributes_hook will not be processed again.

This can happen in a setup where pppd is used as a back-end
        by a L2TP daemon, in case the PPP session at the other side
        of the L2TP tunnel reconnects, but the L2TP daemon at that
        side just reuses the old L2TP tunnel instead of creating a
        new one.  In such situations, an incomming follow-up session
via an existing T2TP tunnel would re-use the same instance of
pppd; the incomming CHAP authentication would first tear down
the old session, which in turn would call the link_down_notifier.
When the _subsequent_ CHAP authentication succeeds, there is
currently no call to the function assigned to
radius_attributes_hook (here: print_attributes(); THIS BUG
REMAINS AND NEEDS TO BE FIXED).
To summarize: The radius plugin calls the function registered
via the radius_attributes_hook after _each_ successful PAP
authentication, but only after the _first_ successful CHAP
authentication; radius_attributes_hook _should_ be processed
after _each_ successful CHAP authentication.

I have currently no patch for this bug; furthermore, I should
first contact the author of the radius plugin and ask him,
_why_ he has programmed a special handling of subsequent
CHAP authentications.

With the following patch, the follow-up session can re-use the
radattr-file left over from the previous session, which is OK
in our application, but may cause problems in others.
Note: This is only a problem when CHAP is used; subsequent
sessions authenticated with PAP are OK, with and without this
patch.

21 years agoRemove compile warning resulting from chap_verify_hook prototype change.
Paul Mackerras [Thu, 28 Oct 2004 00:22:54 +0000 (00:22 +0000)]
Remove compile warning resulting from chap_verify_hook prototype change.

21 years agoPatch from Robert Vogelgesang:
Paul Mackerras [Thu, 28 Oct 2004 00:21:48 +0000 (00:21 +0000)]
Patch from Robert Vogelgesang:
        This patch avoids duplicate session IDs in RADIUS accounting,
        when the same pppd instance has multiple sessions during
        the same second.  This can happen when you have a really
        fast RADIUS server and fast clients, e. g. when using pppd
        as a back-end for PPPoE (either directly or via L2TP).

21 years agoGet rid of an unnecessary chmod (it wasn't being used on Linux anyway).
Paul Mackerras [Thu, 28 Oct 2004 00:16:37 +0000 (00:16 +0000)]
Get rid of an unnecessary chmod (it wasn't being used on Linux anyway).

21 years agoFix some places where we weren't checking the received
Paul Mackerras [Thu, 28 Oct 2004 00:15:36 +0000 (00:15 +0000)]
Fix some places where we weren't checking the received
packets carefully enough.

21 years agoMake the filtering stuff work with recent versions of libpcap.
Paul Mackerras [Thu, 28 Oct 2004 00:15:08 +0000 (00:15 +0000)]
Make the filtering stuff work with recent versions of libpcap.

21 years agoDon't prepend /dev/ to a possible device name if it already begins
Paul Mackerras [Sun, 24 Oct 2004 23:53:05 +0000 (23:53 +0000)]
Don't prepend /dev/ to a possible device name if it already begins
with '/' (i.e. just check for / instead of /dev/ as before).
This allows /udev/blah to be used as a tty device name.
Requested by Pawel Sakowski.

21 years agoDon't use unsigned long in the SHA1 code; we want 32-bit variables
Paul Mackerras [Sun, 24 Oct 2004 23:31:20 +0000 (23:31 +0000)]
Don't use unsigned long in the SHA1 code; we want 32-bit variables
and unsigned long is 64 bits on 64-bit platforms.  Use unsigned int
or u_int32_t instead.  Pointed out by Oleg Makarenko.

21 years agoFix use-after-free bug where we were freeing the per-user options
Paul Mackerras [Sun, 24 Oct 2004 23:26:19 +0000 (23:26 +0000)]
Fix use-after-free bug where we were freeing the per-user options
set in the secrets file before they were used.  Patch from
Michael Tokarev.

21 years agoTolerate EINTR on tcsetattr in set_up_tty - just retry.
Paul Mackerras [Sun, 24 Oct 2004 23:18:50 +0000 (23:18 +0000)]
Tolerate EINTR on tcsetattr in set_up_tty - just retry.

21 years agoClose the device fd in device_script() if the channel plugin doesn't
Paul Mackerras [Sun, 24 Oct 2004 23:13:16 +0000 (23:13 +0000)]
Close the device fd in device_script() if the channel plugin doesn't
have a close function.  Change suggested by Alan Hourihane.

21 years agoAllow pppoe to be used on bridging interfaces (br*).
Paul Mackerras [Sun, 24 Oct 2004 23:06:31 +0000 (23:06 +0000)]
Allow pppoe to be used on bridging interfaces (br*).
Get rid of OldDevnameHook, which was never used.

21 years agoHandle PFC on rx side, efficiently, thanks to Jan Dubiec.
Frank Cusack [Tue, 4 May 2004 12:30:18 +0000 (12:30 +0000)]
Handle PFC on rx side, efficiently, thanks to Jan Dubiec.

21 years agofix typos noticed by James Cameron.
Frank Cusack [Tue, 27 Apr 2004 18:22:58 +0000 (18:22 +0000)]
fix typos noticed by James Cameron.

21 years agoTested with MS-CHAP and CBCP options on Solaris and added options
James Carlson [Wed, 14 Apr 2004 02:39:39 +0000 (02:39 +0000)]
Tested with MS-CHAP and CBCP options on Solaris and added options
to makefile.
Repaired support for use of gcc on Solaris x86 -- 32 bit modules also
need -fno-builtin.
MPPE changes broke plain MS-CHAP; repaired errors and cleaned up
compilation warnings due to char/unsigned char differences with non-gcc
compilers.