This merges in one commit, which adds the new "defaultroute-metric" option.
Signed-off-by: Paul Mackerras <paulus@samba.org>
authenticating itself to you, of course.)
-What's new in ppp-2.4.6.
+What's new in ppp-2.4.7.
************************
+* Fixed a potential security issue in parsing option files (CVE-2014-3158).
+
+* There is a new "stop-bits" option, which takes an argument of 1 or 2,
+ indicating the number of stop bits to use for async serial ports.
+
+* Various bug fixes.
+
+
+What was new in ppp-2.4.6.
+**************************
+
* Man page updates.
* Several bug fixes.
ccp_options *go = &ccp_gotoptions[f->unit];
return (go->bsd_compress? CILEN_BSD_COMPRESS: 0)
- + (go->deflate? CILEN_DEFLATE: 0)
+ + (go->deflate && go->deflate_correct? CILEN_DEFLATE: 0)
+ + (go->deflate && go->deflate_draft? CILEN_DEFLATE: 0)
+ (go->predictor_1? CILEN_PREDICTOR_1: 0)
+ (go->predictor_2? CILEN_PREDICTOR_2: 0)
+ (go->mppe? CILEN_MPPE: 0);
bool predictor_2; /* do Predictor-2? */
bool deflate_correct; /* use correct code for deflate? */
bool deflate_draft; /* use draft RFC code for deflate? */
- bool mppe; /* do MPPE? */
+ u_char mppe; /* MPPE bitfield */
u_short bsd_bits; /* # bits/code for BSD Compress */
u_short deflate_size; /* lg(window size) for Deflate */
short method; /* code for chosen compression method */
unsigned char *private)
{
const struct chapms2_response_cache_entry *cache_entry;
- unsigned char auth_response[MS_AUTH_RESPONSE_LENGTH];
+ unsigned char auth_response[MS_AUTH_RESPONSE_LENGTH+1];
challenge++; /* skip length, should be 16 */
*response++ = MS_CHAP2_RESPONSE_LEN;
{ "ipv6cp-use-ipaddr", o_bool, &ipv6cp_allowoptions[0].use_ip,
"Use (default) IPv4 address as interface identifier", 1 },
-#if defined(SOL2) || defined(__linux__)
{ "ipv6cp-use-persistent", o_bool, &ipv6cp_wantoptions[0].use_persistent,
"Use uniquely-available persistent value for link local address", 1 },
-#endif /* defined(SOL2) */
{ "ipv6cp-restart", o_int, &ipv6cp_fsm[0].timeouttime,
"Set timeout for IPv6CP", OPT_PRIO },
if (!ipv6cp_protent.enabled_flag)
return;
-#if defined(SOL2) || defined(__linux__)
/*
* Persistent link-local id is only used when user has not explicitly
* configure/hard-code the id
wo->opt_local = 1;
}
}
-#endif
if (!wo->opt_local) { /* init interface identifier */
if (wo->use_ip && eui64_iszero(wo->ourid)) {
{
ipv6cp_options *wo = &ipv6cp_wantoptions[u];
-#if defined(__linux__) || defined(SOL2) || (defined(SVR4) && (defined(SNI) || defined(__USLC__)))
-#if defined(SOL2)
if (!sif6up(u))
return 0;
-#else
- if (!sifup(u))
- return 0;
-#endif /* defined(SOL2) */
-#endif
if (!sif6addr(u, wo->ourid, wo->hisid))
return 0;
#if !defined(__linux__) && !(defined(SVR4) && (defined(SNI) || defined(__USLC__)))
sifnpmode(f->unit, PPP_IPV6, NPMODE_PASS);
} else {
- /*
- * Set LL addresses
- */
-#if !defined(__linux__) && !defined(SOL2) && !(defined(SVR4) && (defined(SNI) || defined(__USLC__)))
- if (!sif6addr(f->unit, go->ourid, ho->hisid)) {
- if (debug)
- warn("sif6addr failed");
- ipv6cp_close(f->unit, "Interface configuration failed");
- return;
- }
-#endif
-
/* bring the interface up for IPv6 */
-#if defined(SOL2)
if (!sif6up(f->unit)) {
if (debug)
- warn("sifup failed (IPV6)");
+ warn("sif6up failed (IPV6)");
ipv6cp_close(f->unit, "Interface configuration failed");
return;
}
-#else
- if (!sifup(f->unit)) {
- if (debug)
- warn("sifup failed (IPV6)");
- ipv6cp_close(f->unit, "Interface configuration failed");
- return;
- }
-#endif /* defined(SOL2) */
-#if defined(__linux__) || defined(SOL2) || (defined(SVR4) && (defined(SNI) || defined(__USLC__)))
if (!sif6addr(f->unit, go->ourid, ho->hisid)) {
if (debug)
warn("sif6addr failed");
ipv6cp_close(f->unit, "Interface configuration failed");
return;
}
-#endif
sifnpmode(f->unit, PPP_IPV6, NPMODE_PASS);
notice("local LL address %s", llv6_ntoa(go->ourid));
} else {
sifnpmode(f->unit, PPP_IPV6, NPMODE_DROP);
#if !defined(__linux__) && !(defined(SVR4) && (defined(SNI) || defined(__USLC)))
-#if defined(SOL2)
sif6down(f->unit);
-#else
- sifdown(f->unit);
-#endif /* defined(SOL2) */
#endif
ipv6cp_clear_addrs(f->unit,
ipv6cp_gotoptions[f->unit].ourid,
ipv6cp_hisoptions[f->unit].hisid);
-#if defined(__linux__) || (defined(SVR4) && (defined(SNI) || defined(__USLC)))
+#if defined(__linux__)
+ sif6down(f->unit);
+#elif defined(SVR4) && (defined(SNI) || defined(__USLC))
sifdown(f->unit);
#endif
}
int opt_local; /* ourtoken set by option */
int opt_remote; /* histoken set by option */
int use_ip; /* use IP as interface identifier */
-#if defined(SOL2) || defined(__linux__)
int use_persistent; /* use uniquely persistent value for address */
-#endif /* defined(SOL2) */
int neg_vj; /* Van Jacobson Compression? */
u_short vj_protocol; /* protocol value to use in VJ option */
eui64_t ourid, hisid; /* Interface identifiers */
case IPX_ROUTER_NAME:
if (cilen >= CILEN_NAME) {
int name_size = cilen - CILEN_NAME;
- if (name_size > sizeof (ho->name))
+ if (name_size >= sizeof (ho->name))
name_size = sizeof (ho->name) - 1;
memset (ho->name, 0, sizeof (ho->name));
memcpy (ho->name, p, name_size);
if (opt->flags & OPT_STATIC) {
strlcpy((char *)(opt->addr), *argv, opt->upper_limit);
} else {
+ char **optptr = (char **)(opt->addr);
sv = strdup(*argv);
if (sv == NULL)
novm("option argument");
- *(char **)(opt->addr) = sv;
+ if (*optptr)
+ free(*optptr);
+ *optptr = sv;
}
break;
/*
* Store the resulting character for the escape sequence.
*/
- if (len < MAXWORDLEN-1)
+ if (len < MAXWORDLEN) {
word[len] = value;
- ++len;
+ ++len;
+ }
if (!got)
c = getc(f);
/*
* An ordinary character: store it in the word and get another.
*/
- if (len < MAXWORDLEN-1)
+ if (len < MAXWORDLEN) {
word[len] = c;
- ++len;
+ ++len;
+ }
c = getc(f);
}
-#define VERSION "2.4.6"
-#define DATE "2 January 2014"
+#define VERSION "2.4.7"
+#define DATE "9 August 2014"
SUBDIRS += radius
PLUGINS := minconn.so passprompt.so passwordfd.so winbind.so
+# This setting should match the one in ../Makefile.linux
+MPPE=y
+
+ifdef MPPE
+CFLAGS += -DMPPE=1
+endif
+
# include dependencies if present
ifeq (.depend,$(wildcard .depend))
include .depend
static void (*old_snoop_recv_hook)(unsigned char *p, int len) = NULL;
static void (*old_snoop_send_hook)(unsigned char *p, int len) = NULL;
-static void (*old_ip_up_hook)(void) = NULL;
-static void (*old_ip_down_hook)(void) = NULL;
/* Hook provided to allow other plugins to handle ACCM changes */
void (*pppol2tp_send_accm_hook)(int tunnel_id, int session_id,
* Interface up/down events
*****************************************************************************/
-static void pppol2tp_ip_up_hook(void)
+static void pppol2tp_ip_up(void *opaque, int arg)
{
- if (old_ip_up_hook != NULL)
- (*old_ip_up_hook)();
-
+ /* may get called twice (for IPv4 and IPv6) but the hook handles that well */
if (pppol2tp_ip_updown_hook != NULL) {
(*pppol2tp_ip_updown_hook)(pppol2tp_tunnel_id,
pppol2tp_session_id, 1);
}
}
-static void pppol2tp_ip_down_hook(void)
+static void pppol2tp_ip_down(void *opaque, int arg)
{
- if (old_ip_down_hook != NULL)
- (*old_ip_down_hook)();
-
+ /* may get called twice (for IPv4 and IPv6) but the hook handles that well */
if (pppol2tp_ip_updown_hook != NULL) {
(*pppol2tp_ip_updown_hook)(pppol2tp_tunnel_id,
pppol2tp_session_id, 0);
snoop_recv_hook = pppol2tp_lcp_snoop_recv;
snoop_send_hook = pppol2tp_lcp_snoop_send;
}
-
- /* Hook up ip up/down hooks to send indicator to openl2tpd
- * that the link is up
- */
- old_ip_up_hook = ip_up_hook;
- ip_up_hook = pppol2tp_ip_up_hook;
- old_ip_down_hook = ip_down_hook;
- ip_down_hook = pppol2tp_ip_down_hook;
}
/* Called just before pppd exits.
fatal("No PPPoL2TP support on this OS");
#endif
add_options(pppol2tp_options);
+
+ /* Hook up ip up/down notifiers to send indicator to openl2tpd
+ * that the link is up
+ */
+ add_notifier(&ip_up_notifier, pppol2tp_ip_up, NULL);
+ add_notifier(&ip_down_notifier, pppol2tp_ip_down, NULL);
+ add_notifier(&ipv6_up_notifier, pppol2tp_ip_up, NULL);
+ add_notifier(&ipv6_down_notifier, pppol2tp_ip_down, NULL);
}
struct channel pppol2tp_channel = {
char radrealms_config[MAXPATHLEN] = "/etc/radiusclient/realms";
static option_t Options[] = {
- { "realms-config-file", o_string, &radrealms_config },
+ { "realms-config-file", o_string, &radrealms_config,
+ "Configuration file for RADIUS realms", OPT_STATIC, NULL, MAXPATHLEN },
{ NULL }
};
extern int default_device; /* Using /dev/tty or equivalent */
extern char devnam[MAXPATHLEN]; /* Device name */
extern int crtscts; /* Use hardware flow control */
+extern int stop_bits; /* Number of serial port stop bits */
extern bool modem; /* Use modem control lines */
extern int inspeed; /* Input/Output speed requested */
extern u_int32_t netmask; /* IP netmask to set on interface */
/* Reset i/f IP addresses */
#ifdef INET6
int ether_to_eui64(eui64_t *p_eui64); /* convert eth0 hw address to EUI64 */
+int sif6up __P((int)); /* Configure i/f up for IPv6 */
+int sif6down __P((int)); /* Configure i/f down for IPv6 */
int sif6addr __P((int, eui64_t, eui64_t));
/* Configure IPv6 addresses for i/f */
int cif6addr __P((int, eui64_t, eui64_t));
static unsigned char inbuf[512]; /* buffer for chars read from loopback */
static int if_is_up; /* Interface has been marked up */
+static int if6_is_up; /* Interface has been marked up for IPv6, to help differentiate */
static int have_default_route; /* Gateway for default route added */
static u_int32_t proxy_arp_addr; /* Addr for proxy arp entry added */
static char proxy_arp_dev[16]; /* Device for proxy arp entry */
static int set_kdebugflag(int level);
static int ppp_registered(void);
static int make_ppp_unit(void);
+static int setifstate (int u, int state);
extern u_char inpacket_buf[]; /* borrowed from main.c */
if_is_up = 0;
sifdown(0);
}
+ if (if6_is_up)
+ sif6down(0);
+
/*
* Delete any routes through the device.
*/
break;
}
+ if (stop_bits >= 2)
+ tios.c_cflag |= CSTOPB;
+
speed = translate_speed(inspeed);
if (speed) {
cfsetospeed (&tios, speed);
int sifup(int u)
{
- struct ifreq ifr;
-
- memset (&ifr, '\0', sizeof (ifr));
- strlcpy(ifr.ifr_name, ifname, sizeof (ifr.ifr_name));
- if (ioctl(sock_fd, SIOCGIFFLAGS, (caddr_t) &ifr) < 0) {
- if (! ok_error (errno))
- error("ioctl (SIOCGIFFLAGS): %m (line %d)", __LINE__);
- return 0;
- }
+ int ret;
- ifr.ifr_flags |= (IFF_UP | IFF_POINTOPOINT);
- if (ioctl(sock_fd, SIOCSIFFLAGS, (caddr_t) &ifr) < 0) {
- if (! ok_error (errno))
- error("ioctl(SIOCSIFFLAGS): %m (line %d)", __LINE__);
- return 0;
- }
- if_is_up++;
+ if ((ret = setifstate(u, 1)))
+ if_is_up++;
- return 1;
+ return ret;
}
/********************************************************************
int sifdown (int u)
{
- struct ifreq ifr;
-
if (if_is_up && --if_is_up > 0)
return 1;
+#ifdef INET6
+ if (if6_is_up)
+ return 1;
+#endif /* INET6 */
+
+ return setifstate(u, 0);
+}
+
+#ifdef INET6
+/********************************************************************
+ *
+ * sif6up - Config the interface up for IPv6
+ */
+
+int sif6up(int u)
+{
+ int ret;
+
+ if ((ret = setifstate(u, 1)))
+ if6_is_up = 1;
+
+ return ret;
+}
+
+/********************************************************************
+ *
+ * sif6down - Disable the IPv6CP protocol and config the interface
+ * down if there are no remaining protocols.
+ */
+
+int sif6down (int u)
+{
+ if6_is_up = 0;
+
+ if (if_is_up)
+ return 1;
+
+ return setifstate(u, 0);
+}
+#endif /* INET6 */
+
+/********************************************************************
+ *
+ * setifstate - Config the interface up or down
+ */
+
+static int setifstate (int u, int state)
+{
+ struct ifreq ifr;
+
memset (&ifr, '\0', sizeof (ifr));
strlcpy(ifr.ifr_name, ifname, sizeof (ifr.ifr_name));
if (ioctl(sock_fd, SIOCGIFFLAGS, (caddr_t) &ifr) < 0) {
return 0;
}
- ifr.ifr_flags &= ~IFF_UP;
+ if (state)
+ ifr.ifr_flags |= IFF_UP;
+ else
+ ifr.ifr_flags &= ~IFF_UP;
ifr.ifr_flags |= IFF_POINTOPOINT;
if (ioctl(sock_fd, SIOCSIFFLAGS, (caddr_t) &ifr) < 0) {
if (! ok_error (errno))
}
#endif
+ if (stop_bits >= 2)
+ tios.c_cflag |= CSTOPB;
+
tios.c_cflag |= CS8 | CREAD | HUPCL;
if (local || !modem)
tios.c_cflag |= CLOCAL;
/* option variables */
int crtscts = 0; /* Use hardware flow control */
+int stop_bits = 1; /* Number of serial port stop bits */
bool modem = 1; /* Use modem control lines */
int inspeed = 0; /* Input/Output speed requested */
bool lockflag = 0; /* Create lock file to lock the serial dev */
OPT_PRIOSUB | OPT_ALIAS | OPT_NOARG | OPT_VAL(-1) },
{ "xonxoff", o_special_noarg, (void *)setxonxoff,
"Set software (XON/XOFF) flow control", OPT_PRIOSUB },
+ { "stop-bits", o_int, &stop_bits,
+ "Number of stop bits in serial port",
+ OPT_PRIO | OPT_PRIVFIX | OPT_LIMITS, NULL, 2, 1 },
{ "modem", o_bool, &modem,
"Use modem control lines", OPT_PRIO | 1 },
static struct modldrv modldrv = {
&mod_driverops, /* says this is a pseudo driver */
- "PPP-2.4.6 multiplexing driver",
+ "PPP-2.4.7 multiplexing driver",
&ppp_ops /* driver ops */
};
projects / ppp.git / commitdiff