Also remove the obsolete $Id$ tag.
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
jobs:
solaris:
- runs-on: macos-10.15
+ runs-on: ubuntu-22.04
steps:
- name: Checkout PPP sources
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
- name: Build
- uses: vmactions/solaris-vm@v0.0.4
+ uses: vmactions/solaris-vm@v1.0.0
with:
run: |
pkg update
build_and_test:
runs-on: ubuntu-latest
env:
- configure_flags: --enable-ipxcp --enable-multilink
+ configure_flags: --enable-multilink --enable-systemd --enable-cbcp
steps:
- - uses: actions/checkout@v2
+ - uses: actions/checkout@v3
- name: install required packages
- run: sudo DEBIAN_FRONTEND=noninteractive apt-get -y -qq install build-essential autoconf automake pkg-config libtool m4 autoconf-archive libssl-dev libatm1-dev libpcap-dev
+ run: |
+ sudo DEBIAN_FRONTEND=noninteractive apt-get -y -qq update
+ sudo DEBIAN_FRONTEND=noninteractive apt-get -y -qq install \
+ build-essential autoconf automake pkg-config libtool m4 autoconf-archive \
+ libssl-dev libatm1-dev libpcap-dev libsystemd-dev libpam0g-dev
- name: configure
run: ./autogen.sh ${{ env.configure_flags }}
- name: build
run: make V=1 CFLAGS="-O2 -g -Wno-unused-result"
+ - name: run auto tests
+ run: VERBOSE=true make check
+
- name: distcheck
run: make distcheck DISTCHECK_CONFIGURE_FLAGS="${{ env.configure_flags }}"
+
+ build_and_test_asan:
+ runs-on: ubuntu-latest
+ env:
+ configure_flags: --enable-multilink --enable-systemd --enable-cbcp
+ CFLAGS: '-fsanitize=address -ggdb'
+ LDFLAGS: '-fsanitize=address'
+
+ steps:
+ - uses: actions/checkout@v3
+
+ - name: install required packages
+ run: |
+ sudo DEBIAN_FRONTEND=noninteractive apt-get -y -qq update
+ sudo DEBIAN_FRONTEND=noninteractive apt-get -y -qq install \
+ build-essential autoconf automake pkg-config libtool m4 autoconf-archive \
+ libssl-dev libatm1-dev libpcap-dev libsystemd-dev libpam0g-dev
+
+ - name: configure
+ run: ./autogen.sh ${{ env.configure_flags }}
+
+ - name: build
+ run: make V=1 CFLAGS="-O2 -g -Wno-unused-result"
+
+ - name: run auto tests
+ run: VERBOSE=true make check
+
+ - name: distcheck
+ run: make distcheck DISTCHECK_CONFIGURE_FLAGS="${{ env.configure_flags }}"
+
/pppd/config.h
/pppd/config.h.in
/pppd/pppdconf.h
+/pppd/plugins/pppoe/config.h
+/pppd/plugins/pppoe/stamp-h3
# https://www.gnu.org/software/libtool/
/libtool
https://github.com/ppp-project/ppp
Primary Author of this package:
-Linux Paul Mackerras <paulus@samba.org>
+Linux Paul Mackerras <paulus@ozlabs.org>
Solaris James Carlson <carlson@workingcode.com>
--- /dev/null
+What's new in ppp-2.4.9.
+************************
+
+* Support for new EAP (Extensible Authentication Protocol) methods:
+ - Support for EAP-TLS, from Jan Just Keijser and others
+ - Support for EAP-MSCHAPv2, from Eivind Næss, Thomas Omerzu, Tijs
+ Van Buggenhout and others
+
+* New pppd options:
+ - chap-timeout
+ - chapms-strip-domain
+ - replacedefaultroute
+ - noreplacedefaultroute
+ - ipv6cp-accept-remote
+ - lcp-echo-adaptive
+ - ip-up-script
+ - ip-down-script
+ - ca
+ - capath
+ - cert
+ - key
+ - crl-dir
+ - crl
+ - max-tls-version
+ - need-peer-eap
+
+* Fixes for CVE-2020-8597 and CVE-2015-3310.
+
+* libpcap is now required when compiling on Linux (previously, if
+ libpcap was not present, pppd would be compiled without packet
+ filtering support).
+
+* The rp-pppoe plugin has been renamed to pppoe, to distinguish it
+ from the upstream rp-pppoe code. Its options have changed names,
+ but the old names are kept as aliases.
+
+* The configure script now supports cross-compilation.
+
+* Many bug fixes and cleanups.
+
+
+What was new in ppp-2.4.8.
+**************************
+
+* New pppd options have been added:
+ - ifname, to set the name for the PPP interface device
+ - defaultroute-metric, to set the metric for the default route
+ - defaultroute6, to add an IPv6 default route (with nodefaultroute6
+ to prevent adding an IPv6 default route)
+ - up_sdnotify, to have pppd notify systemd when the link is up.
+
+* The rp-pppoe plugin has new options:
+ - host-uniq, to set the Host-Uniq value to send
+ - pppoe-padi-timeout, to set the timeout for discovery packets
+ - pppoe-padi-attempts, to set the number of discovery attempts.
+
+* Added the CLASS attribute in radius packets.
+
+* Sundry bug fixes.
+
+* Fixed warnings and issues found by static analysis.
+
+* Added Submitting-patches.md.
+
+
+What was new in ppp-2.4.7.
+**************************
+
+* Fixed a potential security issue in parsing option files (CVE-2014-3158).
+
+* There is a new "stop-bits" option, which takes an argument of 1 or 2,
+ indicating the number of stop bits to use for async serial ports.
+
+* Various bug fixes.
+
+
+What was new in ppp-2.4.6.
+**************************
+
+* Man page updates.
+
+* Several bug fixes.
+
+* Options files can now set and unset environment variables for
+ scripts.
+
+* The timeout for chat scripts can now be taken from an environment
+ variable.
+
+* There is a new option, master_detach, which allows pppd to detach
+ from the controlling terminal when it is the multilink bundle master
+ but its own link has terminated, even if the nodetach option has
+ been given.
+
+
+What was new in ppp-2.4.5.
+**************************
+
+* Under Linux, pppd can now operate in a mode where it doesn't request
+ the peer's IP address, as some peers refuse to supply an IP address.
+ Since Linux supports device routes as well as gateway routes, it's
+ possible to have no remote IP address assigned to the ppp interface
+ and still route traffic over it.
+
+* Pppd now works better with 3G modems that do strange things such as
+ sending IPCP Configure-Naks with the same values over and over again.
+
+* The PPP over L2TP plugin is included, which works with the pppol2tp
+ PPP channel code in the Linux kernel. This allows pppd to be used
+ to set up tunnels using the Layer 2 Tunneling Protocol.
+
+* A new 'enable-session' option has been added, which enables session
+ accounting via PAM or wtwp/wtmpx, as appropriate. See the pppd man
+ page for details.
+
+* Several bugs have been fixed.
+
+
+What was new in ppp-2.4.4.
+**************************
+
+* Pppd will now run /etc/ppp/ip-pre-up, if it exists, after creating
+ the ppp interface and configuring its IP addresses but before
+ bringing it up. This can be used, for example, for adding firewall
+ rules for the interface.
+
+* Lots of bugs fixed, particularly in the area of demand-dialled and
+ persistent connections.
+
+* The rp-pppoe plugin now accepts any interface name (that isn't an
+ existing pppd option name) without putting "nic-" on the front of
+ it, not just eth*, nas*, tap* and br*.
+
+
+What was new in ppp-2.4.3.
+**************************
+
+* The configure script now accepts --prefix and --sysconfdir options.
+ These default to /usr/local and /etc. If you want pppd put in
+ /usr/sbin as before, use ./configure --prefix=/usr.
+
+* Doing `make install' no longer puts example configuration files in
+ /etc/ppp. Use `make install-etcppp' if you want that.
+
+* The code has been updated to work with version 0.8.3 of libpcap.
+ Unfortunately the libpcap maintainers removed support for the
+ "inbound" and "outbound" keywords on PPP links, meaning that if you
+ link pppd with libpcap-0.8.3, you can't use those keywords in the
+ active-filter and pass-filter expressions. The support has been
+ reinstated in the CVS version and should be in future libpcap
+ releases. If you need the in/outbound keywords, use a later release
+ than 0.8.3, or get the CVS version from http://www.tcpdump.org.
+
+* There is a new option, child-timeout, which sets the length of time
+ that pppd will wait for child processes (such as the command
+ specified with the pty option) to exit before exiting itself. It
+ defaults to 5 seconds. After the timeout, pppd will send a SIGTERM
+ to any remaining child processes and exit. A value of 0 means no
+ timeout.
+
+* Various bugs have been fixed, including some CBCP packet parsing
+ bugs that could lead to the peer being able to crash pppd if CBCP
+ support is enabled.
+
+* Various fixes and enhancements to the radius and rp-pppoe plugins
+ have been added.
+
+* There is a new winbind plugin, from Andrew Bartlet of the Samba
+ team, which provides the ability to authenticate the peer against an
+ NT domain controller using MS-CHAP or MS-CHAPV2.
+
+* There is a new pppoatm plugin, by various authors, sent in by David
+ Woodhouse.
+
+* The multilink code has been substantially reworked. The first pppd
+ for a bundle still controls the ppp interface, but it doesn't exit
+ until all the links in the bundle have terminated. If the first
+ pppd is signalled to exit, it signals all the other pppds
+ controlling links in the bundle.
+
+* The TDB code has been updated to the latest version. This should
+ eliminate the problem that some people have seen where the database
+ file (/var/run/pppd.tdb) keeps on growing. Unfortunately, however,
+ the new code uses an incompatible database format. For this reason,
+ pppd now uses /var/run/pppd2.tdb as the database filename.
+
+
+What was new in ppp-2.4.2.
+**************************
+
+* The CHAP code has been rewritten. Pppd now has support for MS-CHAP
+ V1 and V2 authentication, both as server and client. The new CHAP
+ code is cleaner than the old code and avoids some copyright problems
+ that existed in the old code.
+
+* MPPE (Microsoft Point-to-Point Encryption) support has been added,
+ although the current implementation shouldn't be considered
+ completely secure. (There is no assurance that the current code
+ won't ever transmit an unencrypted packet.)
+
+* James Carlson's implementation of the Extensible Authentication
+ Protocol (EAP) has been added.
+
+* Support for the Encryption Control Protocol (ECP) has been added.
+
+* Some new plug-ins have been included:
+ - A plug-in for kernel-mode PPPoE (PPP over Ethernet)
+ - A plug-in for supplying the PAP password over a pipe from another
+ process
+ - A plug-in for authenticating using a Radius server.
+
+* Updates and bug-fixes for the Solaris port.
+
+* The CBCP (Call Back Control Protocol) code has been updated. There
+ are new options `remotenumber' and `allow-number'.
+
+* Extra hooks for plugins to use have been added.
+
+* There is now a `maxoctets' option, which causes pppd to terminate
+ the link once the number of bytes passed on the link exceeds a given
+ value.
+
+* There are now options to control whether pppd can use the IPCP
+ IP-Address and IP-Addresses options: `ipcp-no-address' and
+ `ipcp-no-addresses'.
+
+* Fixed several bugs, including potential buffer overflows in chat.
+
+
+What was new in ppp-2.4.1.
+**************************
+
+* Pppd can now print out the set of options that are in effect. The
+ new `dump' option causes pppd to print out the option values after
+ option parsing is complete. The `dryrun' option causes pppd to
+ print the options and then exit.
+
+* The option parsing code has been fixed so that options in the
+ per-tty options file are parsed correctly, and don't override values
+ from the command line in most cases.
+
+* The plugin option now looks in /usr/lib/pppd/<pppd-version> (for
+ example, /usr/lib/pppd/2.4.1b1) for shared objects for plugins if
+ there is no slash in the plugin name.
+
+* When loading a plugin, pppd will now check the version of pppd for
+ which the plugin was compiled, and refuse to load it if it is
+ different to pppd's version string. To enable this, the plugin
+ source needs to #include "pppd.h" and have a line saying:
+ char pppd_version[] = VERSION;
+
+* There is a bug in zlib, discovered by James Carlson, which can cause
+ kernel memory corruption if Deflate is used with the lowest setting,
+ 8. As a workaround pppd will now insist on using at least 9.
+
+* Pppd should compile on Solaris and SunOS again.
+
+* Pppd should now set the MTU correctly on demand-dialled interfaces.
+
+
+What was new in ppp-2.4.0.
+**************************
+
+* Multilink: this package now allows you to combine multiple serial
+ links into one logical link or `bundle', for increased bandwidth and
+ reduced latency. This is currently only supported under the
+ 2.4.x and later Linux kernels.
+
+* All the pppd processes running on a system now write information
+ into a common database. I used the `tdb' code from samba for this.
+
+* New hooks have been added.
+
+For a list of the changes made during the 2.3 series releases of this
+package, see the Changes-2.3 file.
--- /dev/null
+Copyright (c) The Regents of the University of California.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+3. Neither the name of the University nor the names of its contributors
+ may be used to endorse or promote products derived from this software
+ without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
--- /dev/null
+ GNU GENERAL PUBLIC LICENSE
+ Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users. This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it. (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.) You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+ To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have. You must make sure that they, too, receive or can get the
+source code. And you must show them these terms so they know their
+rights.
+
+ We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+ Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software. If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+ Finally, any free program is threatened constantly by software
+patents. We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary. To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ GNU GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License. The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language. (Hereinafter, translation is included without limitation in
+the term "modification".) Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+ 1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+ 2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) You must cause the modified files to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ b) You must cause any work that you distribute or publish, that in
+ whole or in part contains or is derived from the Program or any
+ part thereof, to be licensed as a whole at no charge to all third
+ parties under the terms of this License.
+
+ c) If the modified program normally reads commands interactively
+ when run, you must cause it, when started running for such
+ interactive use in the most ordinary way, to print or display an
+ announcement including an appropriate copyright notice and a
+ notice that there is no warranty (or else, saying that you provide
+ a warranty) and that users may redistribute the program under
+ these conditions, and telling the user how to view a copy of this
+ License. (Exception: if the Program itself is interactive but
+ does not normally print such an announcement, your work based on
+ the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+ a) Accompany it with the complete corresponding machine-readable
+ source code, which must be distributed under the terms of Sections
+ 1 and 2 above on a medium customarily used for software interchange; or,
+
+ b) Accompany it with a written offer, valid for at least three
+ years, to give any third party, for a charge no more than your
+ cost of physically performing source distribution, a complete
+ machine-readable copy of the corresponding source code, to be
+ distributed under the terms of Sections 1 and 2 above on a medium
+ customarily used for software interchange; or,
+
+ c) Accompany it with the information you received as to the offer
+ to distribute corresponding source code. (This alternative is
+ allowed only for noncommercial distribution and only if you
+ received the program in object code or executable form with such
+ an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it. For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable. However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+ 4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License. Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+ 5. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Program or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+ 6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+ 7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all. For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+ 8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded. In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+ 9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation. If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+ 10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission. For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this. Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+ NO WARRANTY
+
+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the program's name and a brief idea of what it does.>
+ Copyright (C) <year> <name of author>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+ Gnomovision version 69, Copyright (C) year name of author
+ Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary. Here is a sample; alter the names:
+
+ Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+ `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+ <signature of Ty Coon>, 1 April 1989
+ Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs. If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library. If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.
SUBDIRS = chat contrib pppd pppstats pppdump
-if WITH_PLUGINS
+if PPP_WITH_PLUGINS
SUBDIRS += pppd/plugins
endif
time before the idle timeout applies.
Plugins can access global variables within pppd, so it is useful for
-them to #include "pppd.h" from the pppd source directory.
+them to #include "pppd.h" from the pppd source directory. Other
+header files can be included such as chap.h, mppe.h, and upap.h as
+needed per project.
Every plugin must contain a global procedure called `plugin_init'.
This procedure will get called (with no arguments) immediately after
the plugin is loaded. Every plugin should also contain a variable
called pppd_version declared as follows:
-char pppd_version[] = VERSION;
+char pppd_version[] = PPPD_VERSION;
If this declaration is included, pppd will not load the module if its
version number differs from that compiled into the plugin binary.
Plugins can affect the behaviour of pppd in at least four ways:
1. They can add extra options which pppd will then recognize. This is
- done by calling the add_options() procedure with a pointer to an
+ done by calling the ppp_add_options() procedure with a pointer to an
array of option_t structures. The last entry in the array must
have its name field set to NULL.
A plugin registers itself with a notifier by declaring a procedure of
the form:
-void my_notify_proc(void *opaque, int arg);
+void (ppp_notify_fn)(void *opaque, int arg);
and then registering the procedure with the appropriate notifier with
a call of the form
- add_notifier(&interesting_notifier, my_notify_proc, opaque);
+ ppp_add_notify(ppp_notify_t, ppp_notify_fn, opaque);
+
+The ppp_notify_t is an enumerated type that describes which notifier
+to attach the function to. Example: NF_EXIT, NF_SIGNALED, NF_IP_UP
The `opaque' parameter in the add_notifier call will be passed to
my_notify_proc every time it is called. The `arg' parameter to
A notify procedure can be removed from the list for a notifier with a
call of the form
- remove_notifier(&interesting_notifier, my_notify_proc, opaque);
+ ppp_del_notify(ppp_notify_t, ppp_notify_fn, opaque);
Here is a list of the currently-implemented notifiers in pppd.
-* pidchange. This notifier is called in the parent when pppd has
+* NF_PID_CHANGE. This notifier is called in the parent when pppd has
forked and the child is continuing pppd's processing, i.e. when pppd
detaches from its controlling terminal. The argument is the pid of
the child.
-* phasechange. This is called when pppd moves from one phase of
+* NF_PHASE_CHANGE. This is called when pppd moves from one phase of
operation to another. The argument is the new phase number.
-* exitnotify. This is called just before pppd exits. The argument is
+* NF_EXIT. This is called just before pppd exits. The argument is
the status with which pppd will exit (i.e. the argument to exit()).
-* sigreceived. This is called when a signal is received, from within
+* NF_SIGNALED. This is called when a signal is received, from within
the signal handler. The argument is the signal number.
-* ip_up_notifier. This is called when IPCP has come up.
+* NF_IP_UP. This is called when IPCP has come up.
+
+* NF_IP_DOWN. This is called when IPCP goes down.
+
+* NF_IPV6_UP. This is called when IP6CP has come up.
-* ip_down_notifier. This is called when IPCP goes down.
+* NF_IPV6_DOWN. This is called when IP6CP goes down.
-* auth_up_notifier. This is called when the peer has successfully
+* NF_AUTH_UP. This is called when the peer has successfully
authenticated itself.
-* link_down_notifier. This is called when the link goes down.
+* NF_LINK_DOWN. This is called when the link goes down.
+
+* NF_FORK. Called for each time pppd exists as a new process (child).
+
+
+Regarding MPPE keys and key-material for 2.5.0 release
+
+Sometimes it is necessary for a plugin to access details related to
+the authentication process. The NF_AUTH_UP callback notifier (client only)
+allows a plugin to inspect e.g. key details after authentication has been
+completed, but before the key material is cleared from memory for security
+reasons.
+
+There are in particularly 3 functions that allow one to inspect these
+keys:
+
+* bool mppe_keys_isset()
+* int mppe_get_recv_key(unsigned char *key, int length)
+* int mppe_get_send_key(unsigned char *key, int length)
+
+The first function indicates whether or not the key material is set and
+is valid. The two latter functions will allow one to obtain a copy
+of the respective receive and send keys. The return value of these
+functions is the length of the valid key material. For security reasons,
+one should take care to clear these copies when work is complete. The
+max length of MPPE receive ands send keys are up to 32 bytes long, or
+of MPPE_MAX_KEY_SIZE length.
+
+The previous definitions of MPPE_MAX_KEY_LEN is the maximum length in
+which the Linux kernel will accept for MPPE key lengths. Plugins would
+access the MPPE keys directly via the:
+ extern u_char mppe_send_key[MPPE_MAX_KEY_LEN]
+ extern u_char mppe_recv_key[MPPE_MAX_KEY_LEN]
+variables. The 2.5.0 release prohibits the direct access of these
+variables by making them static and private in favor of using the new
+API.
-## $Id: PLUGINS,v 1.8 2008/06/15 07:02:18 paulus Exp $ ##
+## $Id: PLUGINS,v 1.8 2008/06/15 07:02:18 paulus Exp $ ##
\ No newline at end of file
-This is the README file for ppp-2.4, a package which implements the
+This is the README file for ppp-2.5, a package which implements the
Point-to-Point Protocol (PPP) to provide Internet connections over
-serial lines.
+serial lines and other types of links which can be considered to be
+point-to-point links.
Introduction.
The Point-to-Point Protocol (PPP) provides a standard way to establish
a network connection over a serial link. At present, this package
supports IP and IPV6 and the protocols layered above them, such as TCP
-and UDP. The Linux port of this package also has support for IPX.
+and UDP.
This PPP implementation consists of two parts:
authenticating itself to you, of course.)
-What's new in ppp-2.4.9.
-************************
+What's new in ppp-2.5.1
+***********************
-* Support for new EAP (Extensible Authentication Protocol) methods:
- - Support for EAP-TLS, from Jan Just Keijser and others
- - Support for EAP-MSCHAPv2, from Eivind Næss, Thomas Omerzu, Tijs
- Van Buggenhout and others
-
-* New pppd options:
- - chap-timeout
- - chapms-strip-domain
- - replacedefaultroute
- - noreplacedefaultroute
- - ipv6cp-accept-remote
- - lcp-echo-adaptive
- - ip-up-script
- - ip-down-script
- - ca
- - capath
- - cert
- - key
- - crl-dir
- - crl
- - max-tls-version
- - need-peer-eap
-
-* Fixes for CVE-2020-8597 and CVE-2015-3310.
-
-* libpcap is now required when compiling on Linux (previously, if
- libpcap was not present, pppd would be compiled without packet
- filtering support).
-
-* The rp-pppoe plugin has been renamed to pppoe, to distinguish it
- from the upstream rp-pppoe code. Its options have changed names,
- but the old names are kept as aliases.
-
-* The configure script now supports cross-compilation.
-
-* Many bug fixes and cleanups.
-
-
-What was new in ppp-2.4.8.
-**************************
-
-* New pppd options have been added:
- - ifname, to set the name for the PPP interface device
- - defaultroute-metric, to set the metric for the default route
- - defaultroute6, to add an IPv6 default route (with nodefaultroute6
- to prevent adding an IPv6 default route)
- - up_sdnotify, to have pppd notify systemd when the link is up.
-
-* The rp-pppoe plugin has new options:
- - host-uniq, to set the Host-Uniq value to send
- - pppoe-padi-timeout, to set the timeout for discovery packets
- - pppoe-padi-attempts, to set the number of discovery attempts.
-
-* Added the CLASS attribute in radius packets.
-
-* Sundry bug fixes.
-
-* Fixed warnings and issues found by static analysis.
-
-* Added Submitting-patches.md.
-
-
-What was new in ppp-2.4.7.
-**************************
-
-* Fixed a potential security issue in parsing option files (CVE-2014-3158).
-
-* There is a new "stop-bits" option, which takes an argument of 1 or 2,
- indicating the number of stop bits to use for async serial ports.
-
-* Various bug fixes.
-
-
-What was new in ppp-2.4.6.
-**************************
-
-* Man page updates.
-
-* Several bug fixes.
-
-* Options files can now set and unset environment variables for
- scripts.
-
-* The timeout for chat scripts can now be taken from an environment
- variable.
-
-* There is a new option, master_detach, which allows pppd to detach
- from the controlling terminal when it is the multilink bundle master
- but its own link has terminated, even if the nodetach option has
- been given.
-
-
-What was new in ppp-2.4.5.
-**************************
-
-* Under Linux, pppd can now operate in a mode where it doesn't request
- the peer's IP address, as some peers refuse to supply an IP address.
- Since Linux supports device routes as well as gateway routes, it's
- possible to have no remote IP address assigned to the ppp interface
- and still route traffic over it.
-
-* Pppd now works better with 3G modems that do strange things such as
- sending IPCP Configure-Naks with the same values over and over again.
-
-* The PPP over L2TP plugin is included, which works with the pppol2tp
- PPP channel code in the Linux kernel. This allows pppd to be used
- to set up tunnels using the Layer 2 Tunneling Protocol.
-
-* A new 'enable-session' option has been added, which enables session
- accounting via PAM or wtwp/wtmpx, as appropriate. See the pppd man
- page for details.
-
-* Several bugs have been fixed.
+* Pppd can now measure and log the round-trip time (RTT) of LCP
+ echo-requests and record them in a binary file structured as a
+ circular buffer. Other programs or scripts can examine the file and
+ provide real-time statistics on link latency. This is enabled by a
+ new "lcp-rtt-file" option.
+* New scripts net-init, net-pre-up and net-down are executed in the
+ process of bringing the network interface up and down. They provide
+ additional, more deterministic ways for pppd to interact with the
+ rest of the networking configuration.
-What was new in ppp-2.4.4.
-**************************
-
-* Pppd will now run /etc/ppp/ip-pre-up, if it exists, after creating
- the ppp interface and configuring its IP addresses but before
- bringing it up. This can be used, for example, for adding firewall
- rules for the interface.
-
-* Lots of bugs fixed, particularly in the area of demand-dialled and
- persistent connections.
-
-* The rp-pppoe plugin now accepts any interface name (that isn't an
- existing pppd option name) without putting "nic-" on the front of
- it, not just eth*, nas*, tap* and br*.
+* Pppd will now create the directory for the TDB connection database
+ if it doesn't already exist.
+* Various other bug fixes and minor enhancements.
-What was new in ppp-2.4.3.
-**************************
-* The configure script now accepts --prefix and --sysconfdir options.
- These default to /usr/local and /etc. If you want pppd put in
- /usr/sbin as before, use ./configure --prefix=/usr.
-
-* Doing `make install' no longer puts example configuration files in
- /etc/ppp. Use `make install-etcppp' if you want that.
-
-* The code has been updated to work with version 0.8.3 of libpcap.
- Unfortunately the libpcap maintainers removed support for the
- "inbound" and "outbound" keywords on PPP links, meaning that if you
- link pppd with libpcap-0.8.3, you can't use those keywords in the
- active-filter and pass-filter expressions. The support has been
- reinstated in the CVS version and should be in future libpcap
- releases. If you need the in/outbound keywords, use a later release
- than 0.8.3, or get the CVS version from http://www.tcpdump.org.
-
-* There is a new option, child-timeout, which sets the length of time
- that pppd will wait for child processes (such as the command
- specified with the pty option) to exit before exiting itself. It
- defaults to 5 seconds. After the timeout, pppd will send a SIGTERM
- to any remaining child processes and exit. A value of 0 means no
- timeout.
-
-* Various bugs have been fixed, including some CBCP packet parsing
- bugs that could lead to the peer being able to crash pppd if CBCP
- support is enabled.
-
-* Various fixes and enhancements to the radius and rp-pppoe plugins
- have been added.
-
-* There is a new winbind plugin, from Andrew Bartlet of the Samba
- team, which provides the ability to authenticate the peer against an
- NT domain controller using MS-CHAP or MS-CHAPV2.
-
-* There is a new pppoatm plugin, by various authors, sent in by David
- Woodhouse.
-
-* The multilink code has been substantially reworked. The first pppd
- for a bundle still controls the ppp interface, but it doesn't exit
- until all the links in the bundle have terminated. If the first
- pppd is signalled to exit, it signals all the other pppds
- controlling links in the bundle.
-
-* The TDB code has been updated to the latest version. This should
- eliminate the problem that some people have seen where the database
- file (/var/run/pppd.tdb) keeps on growing. Unfortunately, however,
- the new code uses an incompatible database format. For this reason,
- pppd now uses /var/run/pppd2.tdb as the database filename.
-
-
-What was new in ppp-2.4.2.
+What was new in ppp-2.5.0.
**************************
-* The CHAP code has been rewritten. Pppd now has support for MS-CHAP
- V1 and V2 authentication, both as server and client. The new CHAP
- code is cleaner than the old code and avoids some copyright problems
- that existed in the old code.
-
-* MPPE (Microsoft Point-to-Point Encryption) support has been added,
- although the current implementation shouldn't be considered
- completely secure. (There is no assurance that the current code
- won't ever transmit an unencrypted packet.)
-
-* James Carlson's implementation of the Extensible Authentication
- Protocol (EAP) has been added.
-
-* Support for the Encryption Control Protocol (ECP) has been added.
-
-* Some new plug-ins have been included:
- - A plug-in for kernel-mode PPPoE (PPP over Ethernet)
- - A plug-in for supplying the PAP password over a pipe from another
- process
- - A plug-in for authenticating using a Radius server.
-
-* Updates and bug-fixes for the Solaris port.
-
-* The CBCP (Call Back Control Protocol) code has been updated. There
- are new options `remotenumber' and `allow-number'.
-
-* Extra hooks for plugins to use have been added.
-
-* There is now a `maxoctets' option, which causes pppd to terminate
- the link once the number of bytes passed on the link exceeds a given
- value.
-
-* There are now options to control whether pppd can use the IPCP
- IP-Address and IP-Addresses options: `ipcp-no-address' and
- `ipcp-no-addresses'.
-
-* Fixed several bugs, including potential buffer overflows in chat.
-
-
-What was new in ppp-2.4.1.
-**************************
-
-* Pppd can now print out the set of options that are in effect. The
- new `dump' option causes pppd to print out the option values after
- option parsing is complete. The `dryrun' option causes pppd to
- print the options and then exit.
-
-* The option parsing code has been fixed so that options in the
- per-tty options file are parsed correctly, and don't override values
- from the command line in most cases.
-
-* The plugin option now looks in /usr/lib/pppd/<pppd-version> (for
- example, /usr/lib/pppd/2.4.1b1) for shared objects for plugins if
- there is no slash in the plugin name.
-
-* When loading a plugin, pppd will now check the version of pppd for
- which the plugin was compiled, and refuse to load it if it is
- different to pppd's version string. To enable this, the plugin
- source needs to #include "pppd.h" and have a line saying:
- char pppd_version[] = VERSION;
-
-* There is a bug in zlib, discovered by James Carlson, which can cause
- kernel memory corruption if Deflate is used with the lowest setting,
- 8. As a workaround pppd will now insist on using at least 9.
-
-* Pppd should compile on Solaris and SunOS again.
-
-* Pppd should now set the MTU correctly on demand-dialled interfaces.
-
-
-What was new in ppp-2.4.0.
-**************************
-
-* Multilink: this package now allows you to combine multiple serial
- links into one logical link or `bundle', for increased bandwidth and
- reduced latency. This is currently only supported under the
- 2.4.x and later Linux kernels.
-
-* All the pppd processes running on a system now write information
- into a common database. I used the `tdb' code from samba for this.
+The 2.5.0 release is a major release of pppd which contains breaking
+changes for third-party plugins, a complete revamp of the build-system
+and that allows for flexibility of configuring features as needed.
+
+In Summary:
+* Support for PEAP authentication by Eivind Næss and Rustam Kovhaev
+* Support for loading PKCS12 certificate envelopes
+* Adoption of GNU Autoconf / Automake build environment, by Eivind Næss
+ and others.
+* Support for pkgconfig tool has been added by Eivind Næss.
+* Bunch of fixes and cleanup to PPPoE and IPv6 support by Pali Rohár.
+* Major revision to PPPD's Plugin API by Eivind Næss.
+ - Defines in which describes what features was included in pppd
+ - Functions now prefixed with explicit ppp_* to indicate that
+ pppd functions being called.
+ - Header files were renamed to better align with their features,
+ and now use proper include guards
+ - A pppdconf.h file is supplied to allow third-party modules to use
+ the same feature defines pppd was compiled with.
+ - No extern declarations of internal variable names of pppd,
+ continued use of these extern variables are considered
+ unstable.
+* Lots of internal fixes and cleanups for Radius and PPPoE by Jaco Kroon
+* Dropped IPX support, as Linux has dropped support in version 5.15
+ for this protocol.
+* Many more fixes and cleanups.
+* Pppd is no longer installed setuid-root.
+* New pppd options:
+ - ipv6cp-noremote, ipv6cp-nosend, ipv6cp-use-remotenumber,
+ ipv6-up-script, ipv6-down-script
+ - -v, show-options
+ - usepeerwins, ipcp-no-address, ipcp-no-addresses, nosendip
+* On Linux, any baud rate can be set on a serial port provided the
+ kernel serial driver supports that.
-* New hooks have been added.
+Note that if you have built and installed previous versions of this
+package and you want to continue having configuration and TDB files in
+/etc/ppp, you will need to use the --sysconfdir option to ./configure.
-For a list of the changes made during the 2.3 series releases of this
-package, see the Changes-2.3 file.
+For a list of the changes made during the 2.4 series releases of this
+package, see the Changes-2.4 file.
Compression methods.
Contacts.
*********
-The comp.protocols.ppp newsgroup is a useful place to get help if you
-have trouble getting your ppp connections to work. Please do not send
-me questions of the form "please help me get connected to my ISP" -
-I'm sorry, but I simply do not have the time to answer all the
-questions like this that I get.
+Most communication relating to this package happens on github at
+https://github.com/ppp-project/ppp/. The linux-ppp@vger.kernel.org
+mailing list also exists and can be used.
-If you find bugs in this package, please report them to the maintainer
-for the port for the operating system you are using:
+If you find bugs in this package, the best thing to do is to create an
+issue on github. If you can't or don't want to do that, you can post
+to linux-ppp@vger.kernel.org, or report them to the maintainer for the
+port for the operating system you are using:
-Linux Paul Mackerras <paulus@samba.org>
+Linux Paul Mackerras <paulus@ozlabs.org>
Solaris James Carlson <carlson@workingcode.com>
To send a message to the list, email it to linux-ppp@vger.kernel.org.
You don't have to be subscribed to send messages to the list.
-You can also email me (paulus@samba.org) but I am overloaded with
+You can also email me (paulus@ozlabs.org) but I am overloaded with
email and I can't respond to most messages I get in a timely fashion.
There are also several relevant news groups, such as comp.protocols.ppp,
--- /dev/null
+Security issues are handled by the maintainer, Paul Mackerras <paulus@ozlabs.org>.
+
+If you wish to encrypt an email to the maintainer, use GPG with the
+key 040F1D49EC9DBB8C, obtainable from the usual keyservers.
int clear_abort_next = 0;
char *report_string[MAX_REPORTS] ;
-char report_buffer[256] ;
+char report_buffer[4096] ;
int n_reports = 0, report_next = 0, report_gathering = 0 ;
int clear_report_next = 0;
SIGTYPE sigint (int signo);
SIGTYPE sigterm (int signo);
SIGTYPE sighup (int signo);
-void unalarm (void);
+void checksigs(void);
void init (void);
void set_tty_parameters (void);
int echo_stderr (int);
void chat_expect (register char *s);
char *clean (register char *s, int sending);
void break_sequence (void);
-void terminate (int status);
void pack_array (char **array, int end);
char *expect_strtok (char *, char *);
int vfmtmsg (char *, int, const char *, va_list); /* vsprintf++ */
report_fp = stderr;
if (to_log) {
-#ifdef ultrix
- openlog("chat", LOG_PID);
-#else
openlog("chat", LOG_PID | LOG_NDELAY, LOG_LOCAL2);
if (verbose)
setlogmask(LOG_UPTO(LOG_INFO));
else
setlogmask(LOG_UPTO(LOG_WARNING));
-#endif
}
init();
if ((arg = ARG(argc, argv)) != NULL)
chat_send(arg);
+ checksigs();
}
}
else
chat_expect (arg);
sendflg = !sendflg;
+ checksigs();
}
}
+ checksigs();
fclose (cfp);
}
}
int alarmed = 0;
+int alarmsig = 0;
SIGTYPE sigalrm(int signo)
{
int flags;
alarm(1);
- alarmed = 1; /* Reset alarm to avoid race window */
- signal(SIGALRM, sigalrm); /* that can cause hanging in read() */
-
- if ((flags = fcntl(0, F_GETFL, 0)) == -1)
- fatal(2, "Can't get file mode flags on stdin: %m");
-
- if (fcntl(0, F_SETFL, flags | O_NONBLOCK) == -1)
- fatal(2, "Can't set file mode flags on stdin: %m");
-
- if (verbose)
- msgf("alarm");
+ alarmed = 1;
+ alarmsig = 1;
}
-void unalarm(void)
-{
- int flags;
-
- if ((flags = fcntl(0, F_GETFL, 0)) == -1)
- fatal(2, "Can't get file mode flags on stdin: %m");
-
- if (fcntl(0, F_SETFL, flags & ~O_NONBLOCK) == -1)
- fatal(2, "Can't set file mode flags on stdin: %m");
-}
+const char *fatalsig = NULL;
SIGTYPE sigint(int signo)
{
- fatal(2, "SIGINT");
+ fatalsig = "SIGINT";
}
SIGTYPE sigterm(int signo)
{
- fatal(2, "SIGTERM");
+ fatalsig = "SIGTERM";
}
SIGTYPE sighup(int signo)
{
- fatal(2, "SIGHUP");
+ fatalsig = "SIGHUP";
+}
+
+void checksigs(void)
+{
+ int err;
+ const char *signame;
+
+ if (fatalsig) {
+ signame = fatalsig;
+ fatalsig = NULL;
+ alarmsig = 0;
+ fatal(2, signame);
+ }
+ if (alarmsig && verbose) {
+ err = errno;
+ msgf("alarm");
+ errno = err;
+ alarmsig = 0;
+ }
}
void init(void)
{
- signal(SIGINT, sigint);
- signal(SIGTERM, sigterm);
- signal(SIGHUP, sighup);
+ struct sigaction sa;
+
+ memset(&sa, 0, sizeof(sa));
+ sa.sa_handler = sigint;
+ sigaction(SIGINT, &sa, NULL);
+ sa.sa_handler = sigterm;
+ sigaction(SIGTERM, &sa, NULL);
+ sa.sa_handler = sighup;
+ sigaction(SIGHUP, &sa, NULL);
set_tty_parameters();
- signal(SIGALRM, sigalrm);
+ sa.sa_handler = sigalrm;
+ sigaction(SIGALRM, &sa, NULL);
alarm(0);
alarmed = 0;
}
int c, rep_len;
rep_len = strlen(report_buffer);
- while (rep_len + 1 <= sizeof(report_buffer)) {
+ while (rep_len + 1 < sizeof(report_buffer)) {
alarm(1);
c = get_char();
alarm(0);
break;
chat_send (reply);
+ checksigs();
}
/*
{
char file_data[STR_LEN];
int len, ret = 0;
+ struct sigaction sa;
if (say_next) {
say_next = 0;
if (hup_next) {
hup_next = 0;
+ memset(&sa, 0, sizeof(sa));
+
if (strcmp(s, "OFF") == 0)
- signal(SIGHUP, SIG_IGN);
+ sa.sa_handler = SIG_IGN;
else
- signal(SIGHUP, sighup);
+ sa.sa_handler = sighup;
+ sigaction(SIGHUP, &sa, NULL);
return 0;
}
if (verbose)
msgf("timeout set to %d seconds", timeout);
-
+ free(s);
return 0;
}
char c;
status = read(0, &c, 1);
+ checksigs();
switch (status) {
case 1:
msgf("warning: read() on stdin returned %d", status);
case -1:
- if ((status = fcntl(0, F_GETFL, 0)) == -1)
- fatal(2, "Can't get file mode flags on stdin: %m");
-
- if (fcntl(0, F_SETFL, status & ~O_NONBLOCK) == -1)
- fatal(2, "Can't set file mode flags on stdin: %m");
-
return (-1);
}
}
char ch = c;
usleep(10000); /* inter-character typing delay (?) */
+ checksigs();
status = write(1, &ch, 1);
+ checksigs();
switch (status) {
case 1:
msgf("warning: write() on stdout returned %d", status);
case -1:
- if ((status = fcntl(0, F_GETFL, 0)) == -1)
- fatal(2, "Can't get file mode flags on stdin, %m");
-
- if (fcntl(0, F_SETFL, status & ~O_NONBLOCK) == -1)
- fatal(2, "Can't set file mode flags on stdin: %m");
-
return (-1);
}
}
int put_string(register char *s)
{
+ char *s1;
quiet = 0;
+
s = clean(s, 1);
+ s1 = s;
if (verbose) {
if (quiet)
register char c = *s++;
if (c != '\\') {
- if (!write_char (c))
+ if (!write_char (c)) {
+ free(s1);
return 0;
+ }
continue;
}
break;
default:
- if (!write_char (c))
+ if (!write_char (c)) {
+ free(s1);
return 0;
+ }
break;
}
+ checksigs();
}
alarm(0);
alarmed = 0;
+ free(s1);
return (1);
}
need_lf = 1;
break;
}
+ checksigs();
return ret;
}
char temp[STR_LEN];
int c, printed = 0, len, minlen;
register char *s = temp, *end = s + STR_LEN;
- char *logged = temp;
+ char *s1, *logged = temp;
fail_reason = (char *)0;
- string = clean(string, 0);
+ string = s1 = clean(string, 0);
len = strlen(string);
minlen = (len > sizeof(fail_buffer)? len: sizeof(fail_buffer)) - 1;
if (len > STR_LEN) {
msgf("expect string is too long");
exit_code = 1;
+ free(s1);
return 0;
}
if (len == 0) {
if (verbose)
msgf("got it");
+ free(s1);
return (1);
}
strftime (report_buffer, 20, "%b %d %H:%M:%S ", tm_now);
strcat (report_buffer, report_string[n]);
+ free(report_string[n]);
report_string[n] = (char *) NULL;
report_gathering = 1;
break;
else {
if (!iscntrl (c)) {
int rep_len = strlen (report_buffer);
- report_buffer[rep_len] = c;
- report_buffer[rep_len + 1] = '\0';
+ if ((rep_len + 1) < sizeof(report_buffer)) {
+ report_buffer[rep_len] = c;
+ report_buffer[rep_len + 1] = '\0';
+ }
}
else {
report_gathering = 0;
alarm(0);
alarmed = 0;
+ free(s1);
return (1);
}
alarmed = 0;
exit_code = n + 4;
strcpy(fail_reason = fail_buffer, abort_string[n]);
+ free(s1);
return (0);
}
}
exit_code = 3;
alarmed = 0;
+ free(s1);
return (0);
}
AC_PREREQ([2.69])
AC_INIT([ppp],
- [2.4.10-dev],
+ [2.5.1-dev],
[https://github.com/ppp-project/ppp])
m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])])
AC_LANG(C)
AC_CONFIG_SRCDIR([pppd/main.c])
-AC_CONFIG_HEADERS([pppd/config.h pppd/pppdconf.h])
+AC_CONFIG_HEADERS([pppd/config.h pppd/pppdconf.h pppd/plugins/pppoe/config.h])
+AC_ENABLE_STATIC(no)
# Checks for programs.
AC_PROG_CC
AM_PROG_CC_C_O
AC_PROG_INSTALL
-AC_PROG_LIBTOOL
AC_PROG_LN_S
+LT_INIT
PKG_PROG_PKG_CONFIG
;;
esac
-AM_CONDITIONAL([LINUX], [test "${build_linux}" = "yes" ])
-AM_CONDITIONAL([SUNOS], [test "${build_sunos}" = "yes" ])
+AM_CONDITIONAL([LINUX], [test "x${build_linux}" = "xyes" ])
+AM_CONDITIONAL([SUNOS], [test "x${build_sunos}" = "xyes" ])
AM_COND_IF([SUNOS],
CFLAGS="$CFLAGS -DSOL2 -DSRV4")
crypt.h \
paths.h \
shadow.h \
+ stddef.h \
+ stdarg.h \
sys/dlpi.h \
sys/ioctl.h \
sys/socket.h \
linux/if_ether.h \
linux/if_packet.h \
netinet/if_ether.h \
- netpacket/packet.h])])
+ netpacket/packet.h])
+
+ AC_MSG_CHECKING([for struct sockaddr_ll in <linux/if_packet.h>])
+ AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM([@%:@include <linux/if_packet.h>], [sizeof(struct sockaddr_ll)])],
+ [AC_MSG_RESULT([yes])
+ AC_DEFINE(HAVE_STRUCT_SOCKADDR_LL, 1, [Struct sockaddr_ll is present on system])
+ ],
+ AC_MSG_RESULT([no]))
+])
+
AC_CHECK_SIZEOF(unsigned int)
AC_CHECK_SIZEOF(unsigned long)
# If libc doesn't provide logwtmp, check if libutil provides logwtmp(), and if so link to it.
AS_IF([test "x${ac_cv_func_logwtmp}" != "xyes"], [
AC_CHECK_LIB([util], [logwtmp], [
- AC_DEFINE(HAVE_LOGWTMP, 1, ["System provides the logwtmp() function"])
+ AC_DEFINE(HAVE_LOGWTMP, 1, [System provides the logwtmp() function])
AC_SUBST([UTIL_LIBS], ["-lutil"])
])
])
AM_CONDITIONAL(WITH_SYSTEMD, test "x${enable_systemd}" = "xyes")
AM_COND_IF([WITH_SYSTEMD],
AC_DEFINE([SYSTEMD], 1, [Enable support for systemd notifications]))
+AS_IF([test "x${enable_systemd}" = "xyes"], [
+ PKG_CHECK_MODULES([SYSTEMD], [libsystemd])])
#
# Enable Callback Protocol Support, disabled by default
AC_ARG_ENABLE([cbcp],
AS_HELP_STRING([--enable-cbcp], [Enable Callback Protocol]))
-AM_CONDITIONAL(WITH_CBCP, test "x${enable_cbcp}" = "xyes")
-AM_COND_IF([WITH_CBCP],
- AC_DEFINE([CBCP_SUPPORT], 1, [Have Callback Protocol support]))
-
-#
-# Disable support for IPX control protocol
-AC_ARG_ENABLE([ipxcp],
- AS_HELP_STRING([--enable-ipxcp], [Enable IPX Control Protocol support]))
-AM_CONDITIONAL(WITH_IPXCP, test "x${enable_ipxcp}" = "xyes")
-AM_COND_IF(WITH_IPXCP,
- AC_DEFINE([IPX_CHANGE], 1, ["Have IPX Control Protocol"]))
-AS_IF([test "x${build_sunos}" = "xyes" && test "x${enable_ipxcp}" = "xyes"],
- [AC_MSG_ERROR([IPXCP is not supported on SunOS, disable using --disable-ipxcp])])
-
-#
-# Disable support for limiting session duration by maximum octets
-AC_ARG_ENABLE([maxoctets],
- AS_HELP_STRING([--disable-maxoctets], [Disable support for limiting session by maximum octets]))
-AS_IF([test "x$enable_maxoctets" != "xno"],
- AC_DEFINE([MAXOCTETS], 1, ["Limit sessions by maximum number of octets"]))
+AM_CONDITIONAL(PPP_WITH_CBCP, test "x${enable_cbcp}" = "xyes")
+AM_COND_IF([PPP_WITH_CBCP],
+ AC_DEFINE([PPP_WITH_CBCP], 1, [Have Callback Protocol support]))
#
# Disable Microsoft extensions will remove CHAP and MPPE support
AC_ARG_ENABLE([microsoft-extensions],
AS_HELP_STRING([--disable-microsoft-extensions], [Disable Microsoft CHAP / MPPE extensions]))
-AM_CONDITIONAL(WITH_CHAPMS, test "x${enable_microsoft_extensions}" != "xno")
-AM_COND_IF([WITH_CHAPMS],
- AC_DEFINE([CHAPMS], 1, ["Have Microsoft CHAP support"]))
+AM_CONDITIONAL(PPP_WITH_CHAPMS, test "x${enable_microsoft_extensions}" != "xno")
+AM_COND_IF([PPP_WITH_CHAPMS],
+ AC_DEFINE([PPP_WITH_CHAPMS], 1, [Have Microsoft CHAP support]))
-AM_CONDITIONAL(WITH_MPPE, test "x${enable_microsoft_extensions}" != "xno")
-AM_COND_IF([WITH_MPPE],
- AC_DEFINE([MPPE], 1, ["Have Microsoft MPPE support"]))
+AM_CONDITIONAL(PPP_WITH_MPPE, test "x${enable_microsoft_extensions}" != "xno")
+AM_COND_IF([PPP_WITH_MPPE],
+ AC_DEFINE([PPP_WITH_MPPE], 1, [Have Microsoft MPPE support]))
#
# Enable Microsoft LAN Manager support, depends on Microsoft Extensions
AC_ARG_ENABLE([mslanman],
AS_HELP_STRING([--enable-mslanman], [Enable Microsoft LAN Manager support]))
AS_IF([test "x${enable_mslanman}" = "xyes" && test "x${enable_microsoft_extensions}" != "xno"],
- AC_DEFINE([MSLANMAN], 1, ["Have Microsoft LAN Manager support"]))
+ AC_DEFINE([PPP_WITH_MSLANMAN], 1, [Have Microsoft LAN Manager support]))
#
# Disable IPv6 support
-AC_ARG_ENABLE([ipv6-support],
- AS_HELP_STRING([--disable-ipv6-support], [Disable IPv6 support]))
-AM_CONDITIONAL(WITH_INET6, test "x${enable_ipv6_support}" != "xno")
-AM_COND_IF([WITH_INET6],
- AC_DEFINE(INET6, 1, ["Have IPv6 support"]))
+AC_ARG_ENABLE([ipv6cp],
+ AS_HELP_STRING([--disable-ipv6cp], [Disable IPv6 Control Protocol]))
+AM_CONDITIONAL(PPP_WITH_IPV6CP, test "x${enable_ipv6cp}" != "xno")
+AM_COND_IF([PPP_WITH_IPV6CP],
+ AC_DEFINE(PPP_WITH_IPV6CP, 1, [Have IPv6 Control Protocol]))
#
# Disable Multilink support
AC_ARG_ENABLE([multilink],
AS_HELP_STRING([--enable-multilink], [Enable multilink support]))
-AM_CONDITIONAL(WITH_MULTILINK, test "x${enable_multilink}" = "xyes")
-AM_COND_IF([WITH_MULTILINK],
- AC_DEFINE([HAVE_MULTILINK], 1, ["Have multilink support"]))
+AM_CONDITIONAL(PPP_WITH_MULTILINK, test "x${enable_multilink}" = "xyes")
+AM_COND_IF([PPP_WITH_MULTILINK],
+ AC_DEFINE([PPP_WITH_MULTILINK], 1, [Have multilink support]))
AS_IF([test "x${build_sunos}" = "xyes" && test "x${enable_multilink}" = "xyes"],
[AC_MSG_ERROR([Multilink is not supported on SunOS])])
#
# Multilink require Trivial Database Support
-AM_CONDITIONAL(WITH_TDB, test "x${enable_multilink}" = "xyes")
-AM_COND_IF([WITH_TDB],
- AC_DEFINE([USE_TDB], 1, ["Include TDB support"]))
+AM_CONDITIONAL(PPP_WITH_TDB, test "x${enable_multilink}" = "xyes")
+AM_COND_IF([PPP_WITH_TDB],
+ AC_DEFINE([PPP_WITH_TDB], 1, [Include TDB support]))
#
# Enable support for loadable plugins
AC_ARG_ENABLE([plugins],
AS_HELP_STRING([--disable-plugins], [Disable support for loadable plugins]))
AS_IF([test "x$enable_plugins" != "xno"],
- AC_DEFINE([PLUGIN], 1, ["Have support for loadable plugins"]))
-AM_CONDITIONAL(WITH_PLUGINS, test "${enable_plugins}" != "no")
+ AC_DEFINE([PPP_WITH_PLUGINS], 1, [Have support for loadable plugins]))
+AM_CONDITIONAL(PPP_WITH_PLUGINS, test "x${enable_plugins}" != "xno")
#
# Disable EAP-TLS support
AC_ARG_ENABLE([eaptls],
AS_HELP_STRING([--disable-eaptls], [Disable EAP-TLS authentication support]))
AS_IF([test "x$enable_eaptls" != "xno"],
- AC_DEFINE([USE_EAPTLS], 1, ["Have EAP-TLS authentication support"]))
-AM_CONDITIONAL(WITH_EAPTLS, test "x${enable_eaptls}" != "xno")
+ AC_DEFINE([PPP_WITH_EAPTLS], 1, [Have EAP-TLS authentication support]))
+AM_CONDITIONAL(PPP_WITH_EAPTLS, test "x${enable_eaptls}" != "xno")
#
# Disable PEAP support
AC_ARG_ENABLE([peap],
AS_HELP_STRING([--disable-peap], [Disable PEAP authentication support]))
AS_IF([test "x${enable_peap}" != "xno"],
- AC_DEFINE([USE_PEAP], 1, ["Have PEAP authentication support"]))
-AM_CONDITIONAL([WITH_PEAP], test "x${enable_peap}" != "xno")
+ AC_DEFINE([PPP_WITH_PEAP], 1, [Have PEAP authentication support]))
+AM_CONDITIONAL([PPP_WITH_PEAP], test "x${enable_peap}" != "xno")
#
# Disable OpenSSL engine support
AC_ARG_ENABLE([openssl-engine],
AS_HELP_STRING([--disable-openssl-engine], [Disable OpenSSL engine support]))
AS_IF([test "x$enable_openssl_engine" != "xno"], [],
- AC_DEFINE([OPENSSL_NO_ENGINE], 1, ["OpenSSL engine support"]))
+ AC_DEFINE([OPENSSL_NO_ENGINE], 1, [OpenSSL engine support]))
#
# Specify runtime directory
AC_ARG_WITH([plugin-dir],
- AC_HELP_STRING([--with-plugin-dir=DIR], [Specify the plugin directory for pppd]))
+ AS_HELP_STRING([--with-plugin-dir=DIR],[Specify the plugin directory for pppd]))
AS_IF([test -n "$with_plugin_dir"],
[PPPD_PLUGIN_DIR="$with_plugin_dir"],
[PPPD_PLUGIN_DIR="${libdir}/pppd/$VERSION"])
#
# Specify runtime directory
AC_ARG_WITH([runtime-dir],
- AC_HELP_STRING([--with-runtime-dir=DIR], [Specify the runtime directory for pppd]))
+ AS_HELP_STRING([--with-runtime-dir=DIR],[Specify the runtime directory for pppd]))
AS_IF([test -n "$with_runtime_dir"],
[PPPD_RUNTIME_DIR="$with_runtime_dir"],
- [PPPD_RUNTIME_DIR="${localstatedir}/run/pppd"])
+ [PPPD_RUNTIME_DIR="${runstatedir}/pppd"])
AC_SUBST(PPPD_RUNTIME_DIR)
#
# Specify runtime directory
AC_ARG_WITH([logfile-dir],
- AC_HELP_STRING([--with-logfile-dir=DIR], [Specify the log directory for pppd]))
+ AS_HELP_STRING([--with-logfile-dir=DIR],[Specify the log directory for pppd]))
AS_IF([test -n "$with_logfile_dir"],
[PPPD_LOGFILE_DIR="$with_logfile_dir"],
- [PPPD_LOGFILE_DIR="${localstatedir}/log/pppd"])
+ [PPPD_LOGFILE_DIR="${localstatedir}/log/ppp"])
AC_SUBST(PPPD_LOGFILE_DIR)
+#
+# System CA certificates path
+AC_ARG_WITH(system-ca-path,
+ AS_HELP_STRING([--with-system-ca-path=/path/to/ssl/certs], [path to system CA certificates]),
+ [
+ case "$withval" in
+ "" | y | ye | yes)
+ with_system_ca_path="${sysconfdir}/ssl/certs"
+ ;;
+ n | no)
+ ;;
+ *)
+ with_system_ca_path="$withval"
+ ;;
+ esac
+ ],[with_system_ca_path="${sysconfdir}/ssl/certs"])
+AM_CONDITIONAL(PPP_WITH_SYSTEM_CA_PATH, [test "$with_system_ca_path" != "no"])
+AM_COND_IF(PPP_WITH_SYSTEM_CA_PATH, [
+ SYSTEM_CA_PATH="$with_system_ca_path"
+])
+AC_SUBST(SYSTEM_CA_PATH)
+
#
# Check for OpenSSL
AX_CHECK_OPENSSL
-AM_CONDITIONAL(WITH_OPENSSL, test "${with_openssl}" != "no")
+AM_CONDITIONAL(PPP_WITH_OPENSSL, test "x${with_openssl}" != "xno")
+AM_COND_IF([PPP_WITH_OPENSSL],
+ AC_DEFINE([PPP_WITH_OPENSSL], 1, [PPP is compiled with openssl support]))
#
# Check if OpenSSL has compiled in support for various ciphers
])
AM_CONDITIONAL([OPENSSL_HAVE_MD4], test "x${ac_cv_openssl_md4}" = "xyes")
-AM_COND_IF([OPENSSL_HAVE_MD4],,
- AC_DEFINE([USE_MD4], 1, [Use included md4 included with pppd]))
+AM_COND_IF([OPENSSL_HAVE_MD4],
+ AC_DEFINE([OPENSSL_HAVE_MD4], 1, [Use MD4 included with openssl]))
AM_CONDITIONAL([OPENSSL_HAVE_MD5], test "x${ac_cv_openssl_md5}" = "xyes")
-AM_COND_IF([OPENSSL_HAVE_MD5],,
- AC_DEFINE([USE_MD5], 1, [Use included md5 included with pppd]))
+AM_COND_IF([OPENSSL_HAVE_MD5],
+ AC_DEFINE([OPENSSL_HAVE_MD5], 1, [Use MD5 included with openssl]))
AM_CONDITIONAL([OPENSSL_HAVE_SHA], test "x${ac_cv_openssl_sha}" = "xyes")
-AM_COND_IF([OPENSSL_HAVE_SHA],,
- AC_DEFINE([USE_SHA], 1, [Use included sha included with pppd]))
+AM_COND_IF([OPENSSL_HAVE_SHA],
+ AC_DEFINE([OPENSSL_HAVE_SHA], 1, [Use SHA included with openssl]))
AM_CONDITIONAL([OPENSSL_HAVE_DES], test "x${ac_cv_openssl_des}" = "xyes")
-AM_COND_IF([OPENSSL_HAVE_DES],,
- AC_DEFINE([USE_CRYPT], 1, [Use included des included with pppd]))
-
-#
-# If OpenSSL doesn't support DES, then use the one from libcrypt (glibc dropped support for this in 2.27).
-AS_IF([test "${ac_cv_openssl_des}" = "no" ], [
- AC_CHECK_LIB([crypt], [encrypt],
- [LIBS="$LIBS -lcrypt"],
- [AC_MSG_ERROR([OpenSSL not found or does not support DES, and libcrypt also doesn't support encrypt])]
- )
-])
+AM_COND_IF([OPENSSL_HAVE_DES],
+ AC_DEFINE([OPENSSL_HAVE_DES], 1, [Use DES included with openssl]))
#
# With libsrp support
-AX_CHECK_SRP
+AX_CHECK_SRP([
+ AC_DEFINE([PPP_WITH_SRP], 1, [Support for libsrp authentication module])])
#
# With libatm support
#
# With libpam support
-AX_CHECK_PAM(AC_DEFINE([USE_PAM], 1, ["Support for Pluggable Authentication Modules"]))
-AM_CONDITIONAL(WITH_PAM, test "x${with_pam}" = "xyes")
+AX_CHECK_PAM(AC_DEFINE([PPP_WITH_PAM], 1, [Support for Pluggable Authentication Modules]))
+AM_CONDITIONAL(PPP_WITH_PAM, test "x${with_pam}" = "xyes")
#
# With libpcap support, activate pppd on network activity
#
# SunOS provides a version of libpcap that would work, but SunOS has no support for activity filter
-AM_CONDITIONAL([WITH_FILTER], [ test "x${with_pcap}" = "xyes" && test "x${build_sunos}" != "xyes" ])
-AM_COND_IF([WITH_FILTER], [
- AC_DEFINE([PPP_FILTER], 1, ["Have packet activity filter support"])], [
+AM_CONDITIONAL([PPP_WITH_FILTER], [ test "x${with_pcap}" = "xyes" && test "x${build_sunos}" != "xyes" ])
+AM_COND_IF([PPP_WITH_FILTER], [
+ AC_DEFINE([PPP_WITH_FILTER], 1, [Have packet activity filter support])], [
AS_IF([test "x${build_sunos}" = "xyes"], [
AC_MSG_WARN([Packet activity filter not supported on SunOS])
with_pcap="no"
fi
AM_CONDITIONAL([WITH_GTK], test "x${with_gtk}" = "xyes")
+AC_DEFINE_UNQUOTED(PPPD_VERSION, "$VERSION", [Version of pppd])
AC_CONFIG_FILES([
Makefile
Runtime Dir..........: $PPPD_RUNTIME_DIR
Logfile Dir..........: $PPPD_LOGFILE_DIR
Plugin Dir...........: $PPPD_PLUGIN_DIR
+ System CA Path ......: ${SYSTEM_CA_PATH:-not set}
With OpenSSL.........: ${with_openssl:-yes}
With libatm..........: ${with_atm:-no}
With libpam..........: ${with_pam:-no}
Multilink............: ${enable_multilink:-no}
Plugins..............: ${enable_plugins:-yes}
CBCP.................: ${enable_cbcp:-no}
- IPXCP................: ${enable_ipxcp:-no}
+ IPV6CP...............: ${enable_ipv6cp:-yes}
EAP-TLS..............: ${enable_eaptls:-yes}
PEAP.................: ${enable_peap:-yes}
+ systemd notifications: ${enable_systemd:-no}
"
noinst_PROGRAMS = pppgetpass.vt
-noinst_man8_MANS = pppgetpass.8
pppgetpass_vt_SOURCES = pppgetpass.vt.c
pppgetpass_vt_CPPFLAGS = -Wno-unused-result
endif
EXTRA_DIST = \
- pppgetpass.sh
+ pppgetpass.sh \
+ pppgetpass.8
EXTRA_HEADERS = \
- linux/if_ppp.h \
linux/ppp-comp.h \
linux/ppp_defs.h \
- net/if_ppp.h \
net/ppp-comp.h \
net/ppp_defs.h \
net/pppio.h \
- net/slcompress.h \
net/vjcompress.h
EXTRA_DIST = \
+++ /dev/null
-/* $Id: if_ppp.h,v 1.23 2002/12/06 09:49:15 paulus Exp $ */
-
-/*
- * if_ppp.h - Point-to-Point Protocol definitions.
- *
- * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. The name "Carnegie Mellon University" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For permission or any legal
- * details, please contact
- * Office of Technology Transfer
- * Carnegie Mellon University
- * 5000 Forbes Avenue
- * Pittsburgh, PA 15213-3890
- * (412) 268-4387, fax: (412) 268-7395
- * tech-transfer@andrew.cmu.edu
- *
- * 4. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by Computing Services
- * at Carnegie Mellon University (http://www.cmu.edu/computing/)."
- *
- * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
- * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
- * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
- * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
- * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- *
- */
-
-/*
- * ==FILEVERSION 20000724==
- *
- * NOTE TO MAINTAINERS:
- * If you modify this file at all, please set the above date.
- * if_ppp.h is shipped with a PPP distribution as well as with the kernel;
- * if everyone increases the FILEVERSION number above, then scripts
- * can do the right thing when deciding whether to install a new if_ppp.h
- * file. Don't change the format of that line otherwise, so the
- * installation script can recognize it.
- */
-
-#ifndef _IF_PPP_H_
-#define _IF_PPP_H_
-
-/*
- * Packet sizes
- */
-
-#define PPP_MTU 1500 /* Default MTU (size of Info field) */
-#define PPP_MAXMRU 65000 /* Largest MRU we allow */
-#define PROTO_IPX 0x002b /* protocol numbers */
-#define PROTO_DNA_RT 0x0027 /* DNA Routing */
-
-
-/*
- * Bit definitions for flags.
- */
-
-#define SC_COMP_PROT 0x00000001 /* protocol compression (output) */
-#define SC_COMP_AC 0x00000002 /* header compression (output) */
-#define SC_COMP_TCP 0x00000004 /* TCP (VJ) compression (output) */
-#define SC_NO_TCP_CCID 0x00000008 /* disable VJ connection-id comp. */
-#define SC_REJ_COMP_AC 0x00000010 /* reject adrs/ctrl comp. on input */
-#define SC_REJ_COMP_TCP 0x00000020 /* reject TCP (VJ) comp. on input */
-#define SC_CCP_OPEN 0x00000040 /* Look at CCP packets */
-#define SC_CCP_UP 0x00000080 /* May send/recv compressed packets */
-#define SC_ENABLE_IP 0x00000100 /* IP packets may be exchanged */
-#define SC_LOOP_TRAFFIC 0x00000200 /* send traffic to pppd */
-#define SC_MULTILINK 0x00000400 /* do multilink encapsulation */
-#define SC_MP_SHORTSEQ 0x00000800 /* use short MP sequence numbers */
-#define SC_COMP_RUN 0x00001000 /* compressor has been inited */
-#define SC_DECOMP_RUN 0x00002000 /* decompressor has been inited */
-#define SC_MP_XSHORTSEQ 0x00004000 /* transmit short MP seq numbers */
-#define SC_DEBUG 0x00010000 /* enable debug messages */
-#define SC_LOG_INPKT 0x00020000 /* log contents of good pkts recvd */
-#define SC_LOG_OUTPKT 0x00040000 /* log contents of pkts sent */
-#define SC_LOG_RAWIN 0x00080000 /* log all chars received */
-#define SC_LOG_FLUSH 0x00100000 /* log all chars flushed */
-#define SC_SYNC 0x00200000 /* synchronous serial mode */
-#define SC_MASK 0x0f200fff /* bits that user can change */
-
-/* state bits */
-#define SC_XMIT_BUSY 0x10000000 /* (used by isdn_ppp?) */
-#define SC_RCV_ODDP 0x08000000 /* have rcvd char with odd parity */
-#define SC_RCV_EVNP 0x04000000 /* have rcvd char with even parity */
-#define SC_RCV_B7_1 0x02000000 /* have rcvd char with bit 7 = 1 */
-#define SC_RCV_B7_0 0x01000000 /* have rcvd char with bit 7 = 0 */
-#define SC_DC_FERROR 0x00800000 /* fatal decomp error detected */
-#define SC_DC_ERROR 0x00400000 /* non-fatal decomp error detected */
-
-/*
- * Ioctl definitions.
- */
-
-struct npioctl {
- int protocol; /* PPP protocol, e.g. PPP_IP */
- enum NPmode mode;
-};
-
-/* Structure describing a CCP configuration option, for PPPIOCSCOMPRESS */
-struct ppp_option_data {
- __u8 *ptr;
- __u32 length;
- int transmit;
-};
-
-struct ifpppstatsreq {
- struct ifreq b;
- struct ppp_stats stats; /* statistic information */
-};
-
-struct ifpppcstatsreq {
- struct ifreq b;
- struct ppp_comp_stats stats;
-};
-
-#define ifr__name b.ifr_ifrn.ifrn_name
-#define stats_ptr b.ifr_ifru.ifru_data
-
-/*
- * Ioctl definitions.
- */
-
-#define PPPIOCGFLAGS _IOR('t', 90, int) /* get configuration flags */
-#define PPPIOCSFLAGS _IOW('t', 89, int) /* set configuration flags */
-#define PPPIOCGASYNCMAP _IOR('t', 88, int) /* get async map */
-#define PPPIOCSASYNCMAP _IOW('t', 87, int) /* set async map */
-#define PPPIOCGUNIT _IOR('t', 86, int) /* get ppp unit number */
-#define PPPIOCGRASYNCMAP _IOR('t', 85, int) /* get receive async map */
-#define PPPIOCSRASYNCMAP _IOW('t', 84, int) /* set receive async map */
-#define PPPIOCGMRU _IOR('t', 83, int) /* get max receive unit */
-#define PPPIOCSMRU _IOW('t', 82, int) /* set max receive unit */
-#define PPPIOCSMAXCID _IOW('t', 81, int) /* set VJ max slot ID */
-#define PPPIOCGXASYNCMAP _IOR('t', 80, ext_accm) /* get extended ACCM */
-#define PPPIOCSXASYNCMAP _IOW('t', 79, ext_accm) /* set extended ACCM */
-#define PPPIOCXFERUNIT _IO('t', 78) /* transfer PPP unit */
-#define PPPIOCSCOMPRESS _IOW('t', 77, struct ppp_option_data)
-#define PPPIOCGNPMODE _IOWR('t', 76, struct npioctl) /* get NP mode */
-#define PPPIOCSNPMODE _IOW('t', 75, struct npioctl) /* set NP mode */
-#define PPPIOCSPASS _IOW('t', 71, struct sock_fprog) /* set pass filter */
-#define PPPIOCSACTIVE _IOW('t', 70, struct sock_fprog) /* set active filt */
-#define PPPIOCGDEBUG _IOR('t', 65, int) /* Read debug level */
-#define PPPIOCSDEBUG _IOW('t', 64, int) /* Set debug level */
-#define PPPIOCGIDLE _IOR('t', 63, struct ppp_idle) /* get idle time */
-#define PPPIOCNEWUNIT _IOWR('t', 62, int) /* create new ppp unit */
-#define PPPIOCATTACH _IOW('t', 61, int) /* attach to ppp unit */
-#define PPPIOCDETACH _IOW('t', 60, int) /* detach from ppp unit/chan */
-#define PPPIOCSMRRU _IOW('t', 59, int) /* set multilink MRU */
-#define PPPIOCCONNECT _IOW('t', 58, int) /* connect channel to unit */
-#define PPPIOCDISCONN _IO('t', 57) /* disconnect channel */
-#define PPPIOCATTCHAN _IOW('t', 56, int) /* attach to ppp channel */
-#define PPPIOCGCHAN _IOR('t', 55, int) /* get ppp channel number */
-
-#define SIOCGPPPSTATS (SIOCDEVPRIVATE + 0)
-#define SIOCGPPPVER (SIOCDEVPRIVATE + 1) /* NEVER change this!! */
-#define SIOCGPPPCSTATS (SIOCDEVPRIVATE + 2)
-
-#if !defined(ifr_mtu)
-#define ifr_mtu ifr_ifru.ifru_metric
-#endif
-
-#endif /* _IF_PPP_H_ */
/*
* ppp-comp.h - Definitions for doing PPP packet compression.
*
- * Copyright (c) 1984 Paul Mackerras. All rights reserved.
+ * Copyright (c) 1994 Paul Mackerras. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
/*
* ppp_defs.h - PPP definitions.
*
- * Copyright (c) 1989-2002 Paul Mackerras. All rights reserved.
+ * Copyright (c) 1994-2002 Paul Mackerras. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+++ /dev/null
-/* $Id: if_ppp.h,v 1.19 2002/12/06 09:49:15 paulus Exp $ */
-
-/*
- * if_ppp.h - Point-to-Point Protocol definitions.
- *
- * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. The name "Carnegie Mellon University" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For permission or any legal
- * details, please contact
- * Office of Technology Transfer
- * Carnegie Mellon University
- * 5000 Forbes Avenue
- * Pittsburgh, PA 15213-3890
- * (412) 268-4387, fax: (412) 268-7395
- * tech-transfer@andrew.cmu.edu
- *
- * 4. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by Computing Services
- * at Carnegie Mellon University (http://www.cmu.edu/computing/)."
- *
- * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
- * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
- * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
- * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
- * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#ifndef _IF_PPP_H_
-#define _IF_PPP_H_
-
-/*
- * Bit definitions for flags.
- */
-#define SC_COMP_PROT 0x00000001 /* protocol compression (output) */
-#define SC_COMP_AC 0x00000002 /* header compression (output) */
-#define SC_COMP_TCP 0x00000004 /* TCP (VJ) compression (output) */
-#define SC_NO_TCP_CCID 0x00000008 /* disable VJ connection-id comp. */
-#define SC_REJ_COMP_AC 0x00000010 /* reject adrs/ctrl comp. on input */
-#define SC_REJ_COMP_TCP 0x00000020 /* reject TCP (VJ) comp. on input */
-#define SC_CCP_OPEN 0x00000040 /* Look at CCP packets */
-#define SC_CCP_UP 0x00000080 /* May send/recv compressed packets */
-#define SC_DEBUG 0x00010000 /* enable debug messages */
-#define SC_LOG_INPKT 0x00020000 /* log contents of good pkts recvd */
-#define SC_LOG_OUTPKT 0x00040000 /* log contents of pkts sent */
-#define SC_LOG_RAWIN 0x00080000 /* log all chars received */
-#define SC_LOG_FLUSH 0x00100000 /* log all chars flushed */
-#define SC_RCV_B7_0 0x01000000 /* have rcvd char with bit 7 = 0 */
-#define SC_RCV_B7_1 0x02000000 /* have rcvd char with bit 7 = 1 */
-#define SC_RCV_EVNP 0x04000000 /* have rcvd char with even parity */
-#define SC_RCV_ODDP 0x08000000 /* have rcvd char with odd parity */
-#define SC_SYNC 0x00200000 /* use synchronous HDLC framing */
-#define SC_MASK 0x0fff00ff /* bits that user can change */
-
-/*
- * State bits in sc_flags, not changeable by user.
- */
-#define SC_TIMEOUT 0x00000400 /* timeout is currently pending */
-#define SC_VJ_RESET 0x00000800 /* need to reset VJ decomp */
-#define SC_COMP_RUN 0x00001000 /* compressor has been inited */
-#define SC_DECOMP_RUN 0x00002000 /* decompressor has been inited */
-#define SC_DC_ERROR 0x00004000 /* non-fatal decomp error detected */
-#define SC_DC_FERROR 0x00008000 /* fatal decomp error detected */
-#define SC_TBUSY 0x10000000 /* xmitter doesn't need a packet yet */
-#define SC_PKTLOST 0x20000000 /* have lost or dropped a packet */
-#define SC_FLUSH 0x40000000 /* flush input until next PPP_FLAG */
-#define SC_ESCAPED 0x80000000 /* saw a PPP_ESCAPE */
-
-/*
- * Ioctl definitions.
- */
-
-struct npioctl {
- int protocol; /* PPP procotol, e.g. PPP_IP */
- enum NPmode mode;
-};
-
-/* Structure describing a CCP configuration option, for PPPIOCSCOMPRESS */
-struct ppp_option_data {
- u_char *ptr;
- u_int length;
- int transmit;
-};
-
-struct ifpppstatsreq {
- char ifr_name[IFNAMSIZ];
- struct ppp_stats stats;
-};
-
-struct ifpppcstatsreq {
- char ifr_name[IFNAMSIZ];
- struct ppp_comp_stats stats;
-};
-
-/*
- * Ioctl definitions.
- */
-
-#define PPPIOCGFLAGS _IOR('t', 90, int) /* get configuration flags */
-#define PPPIOCSFLAGS _IOW('t', 89, int) /* set configuration flags */
-#define PPPIOCGASYNCMAP _IOR('t', 88, int) /* get async map */
-#define PPPIOCSASYNCMAP _IOW('t', 87, int) /* set async map */
-#define PPPIOCGUNIT _IOR('t', 86, int) /* get ppp unit number */
-#define PPPIOCGRASYNCMAP _IOR('t', 85, int) /* get receive async map */
-#define PPPIOCSRASYNCMAP _IOW('t', 84, int) /* set receive async map */
-#define PPPIOCGMRU _IOR('t', 83, int) /* get max receive unit */
-#define PPPIOCSMRU _IOW('t', 82, int) /* set max receive unit */
-#define PPPIOCSMAXCID _IOW('t', 81, int) /* set VJ max slot ID */
-#define PPPIOCGXASYNCMAP _IOR('t', 80, ext_accm) /* get extended ACCM */
-#define PPPIOCSXASYNCMAP _IOW('t', 79, ext_accm) /* set extended ACCM */
-#define PPPIOCXFERUNIT _IO('t', 78) /* transfer PPP unit */
-#define PPPIOCSCOMPRESS _IOW('t', 77, struct ppp_option_data)
-#define PPPIOCGNPMODE _IOWR('t', 76, struct npioctl) /* get NP mode */
-#define PPPIOCSNPMODE _IOW('t', 75, struct npioctl) /* set NP mode */
-#define PPPIOCGIDLE _IOR('t', 74, struct ppp_idle) /* get idle time */
-#ifdef PPP_FILTER
-#define PPPIOCSPASS _IOW('t', 71, struct bpf_program) /* set pass filter */
-#define PPPIOCSACTIVE _IOW('t', 70, struct bpf_program) /* set active filt */
-#endif /* PPP_FILTER */
-
-/* PPPIOC[GS]MTU are alternatives to SIOC[GS]IFMTU, used under Ultrix */
-#define PPPIOCGMTU _IOR('t', 73, int) /* get interface MTU */
-#define PPPIOCSMTU _IOW('t', 72, int) /* set interface MTU */
-
-/*
- * These two are interface ioctls so that pppstats can do them on
- * a socket without having to open the serial device.
- */
-#define SIOCGPPPSTATS _IOWR('i', 123, struct ifpppstatsreq)
-#define SIOCGPPPCSTATS _IOWR('i', 122, struct ifpppcstatsreq)
-
-#if !defined(ifr_mtu)
-#define ifr_mtu ifr_ifru.ifru_metric
-#endif
-
-#if (defined(_KERNEL) || defined(KERNEL)) && !defined(NeXT)
-void pppattach(void);
-void pppintr(void);
-#endif
-#endif /* _IF_PPP_H_ */
/*
* ppp-comp.h - Definitions for doing PPP packet compression.
*
- * Copyright (c) 1984 Paul Mackerras. All rights reserved.
+ * Copyright (c) 1994 Paul Mackerras. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
/*
* ppp_defs.h - PPP definitions.
*
- * Copyright (c) 1984 Paul Mackerras. All rights reserved.
+ * Copyright (c) 1994 Paul Mackerras. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+++ /dev/null
-/*
- * Definitions for tcp compression routines.
- *
- * $Id: slcompress.h,v 1.4 1994/09/21 06:50:08 paulus Exp $
- *
- * Copyright (c) 1989 Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms are permitted
- * provided that the above copyright notice and this paragraph are
- * duplicated in all such forms and that any documentation,
- * advertising materials, and other materials related to such
- * distribution and use acknowledge that the software was developed
- * by the University of California, Berkeley. The name of the
- * University may not be used to endorse or promote products derived
- * from this software without specific prior written permission.
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- *
- * Van Jacobson (van@helios.ee.lbl.gov), Dec 31, 1989:
- * - Initial distribution.
- */
-
-#ifndef _SLCOMPRESS_H_
-#define _SLCOMPRESS_H_
-
-#define MAX_STATES 16 /* must be > 2 and < 256 */
-#define MAX_HDR MLEN /* XXX 4bsd-ism: should really be 128 */
-
-/*
- * Compressed packet format:
- *
- * The first octet contains the packet type (top 3 bits), TCP
- * 'push' bit, and flags that indicate which of the 4 TCP sequence
- * numbers have changed (bottom 5 bits). The next octet is a
- * conversation number that associates a saved IP/TCP header with
- * the compressed packet. The next two octets are the TCP checksum
- * from the original datagram. The next 0 to 15 octets are
- * sequence number changes, one change per bit set in the header
- * (there may be no changes and there are two special cases where
- * the receiver implicitly knows what changed -- see below).
- *
- * There are 5 numbers which can change (they are always inserted
- * in the following order): TCP urgent pointer, window,
- * acknowlegement, sequence number and IP ID. (The urgent pointer
- * is different from the others in that its value is sent, not the
- * change in value.) Since typical use of SLIP links is biased
- * toward small packets (see comments on MTU/MSS below), changes
- * use a variable length coding with one octet for numbers in the
- * range 1 - 255 and 3 octets (0, MSB, LSB) for numbers in the
- * range 256 - 65535 or 0. (If the change in sequence number or
- * ack is more than 65535, an uncompressed packet is sent.)
- */
-
-/*
- * Packet types (must not conflict with IP protocol version)
- *
- * The top nibble of the first octet is the packet type. There are
- * three possible types: IP (not proto TCP or tcp with one of the
- * control flags set); uncompressed TCP (a normal IP/TCP packet but
- * with the 8-bit protocol field replaced by an 8-bit connection id --
- * this type of packet syncs the sender & receiver); and compressed
- * TCP (described above).
- *
- * LSB of 4-bit field is TCP "PUSH" bit (a worthless anachronism) and
- * is logically part of the 4-bit "changes" field that follows. Top
- * three bits are actual packet type. For backward compatibility
- * and in the interest of conserving bits, numbers are chosen so the
- * IP protocol version number (4) which normally appears in this nibble
- * means "IP packet".
- */
-
-/* packet types */
-#define TYPE_IP 0x40
-#define TYPE_UNCOMPRESSED_TCP 0x70
-#define TYPE_COMPRESSED_TCP 0x80
-#define TYPE_ERROR 0x00
-
-/* Bits in first octet of compressed packet */
-#define NEW_C 0x40 /* flag bits for what changed in a packet */
-#define NEW_I 0x20
-#define NEW_S 0x08
-#define NEW_A 0x04
-#define NEW_W 0x02
-#define NEW_U 0x01
-
-/* reserved, special-case values of above */
-#define SPECIAL_I (NEW_S|NEW_W|NEW_U) /* echoed interactive traffic */
-#define SPECIAL_D (NEW_S|NEW_A|NEW_W|NEW_U) /* unidirectional data */
-#define SPECIALS_MASK (NEW_S|NEW_A|NEW_W|NEW_U)
-
-#define TCP_PUSH_BIT 0x10
-
-
-/*
- * "state" data for each active tcp conversation on the wire. This is
- * basically a copy of the entire IP/TCP header from the last packet
- * we saw from the conversation together with a small identifier
- * the transmit & receive ends of the line use to locate saved header.
- */
-struct cstate {
- struct cstate *cs_next; /* next most recently used cstate (xmit only) */
- u_short cs_hlen; /* size of hdr (receive only) */
- u_char cs_id; /* connection # associated with this state */
- u_char cs_filler;
- union {
- char csu_hdr[MAX_HDR];
- struct ip csu_ip; /* ip/tcp hdr from most recent packet */
- } slcs_u;
-};
-#define cs_ip slcs_u.csu_ip
-#define cs_hdr slcs_u.csu_hdr
-
-/*
- * all the state data for one serial line (we need one of these
- * per line).
- */
-struct slcompress {
- struct cstate *last_cs; /* most recently used tstate */
- u_char last_recv; /* last rcvd conn. id */
- u_char last_xmit; /* last sent conn. id */
- u_short flags;
-#ifndef SL_NO_STATS
- int sls_packets; /* outbound packets */
- int sls_compressed; /* outbound compressed packets */
- int sls_searches; /* searches for connection state */
- int sls_misses; /* times couldn't find conn. state */
- int sls_uncompressedin; /* inbound uncompressed packets */
- int sls_compressedin; /* inbound compressed packets */
- int sls_errorin; /* inbound unknown type packets */
- int sls_tossed; /* inbound packets tossed because of error */
-#endif
- struct cstate tstate[MAX_STATES]; /* xmit connection states */
- struct cstate rstate[MAX_STATES]; /* receive connection states */
-};
-/* flag values */
-#define SLF_TOSS 1 /* tossing rcvd frames because of input err */
-
-void sl_compress_init(struct slcompress *);
-void sl_compress_setup(struct slcompress *, int);
-u_int sl_compress_tcp(struct mbuf *,
- struct ip *, struct slcompress *, int);
-int sl_uncompress_tcp(u_char **, int, u_int, struct slcompress *);
-int sl_uncompress_tcp_core(u_char *, int, int, u_int,
- struct slcompress *, u_char **, u_int *);
-
-#endif /* _SLCOMPRESS_H_ */
$1
], [
AC_MSG_RESULT([no])
- with_atm=""
+ with_atm="no"
$2
])
CPPFLAGS="$save_CPPFLAGS"
AC_SUBST([ATM_LIBS])
AC_SUBST([ATM_LDFLAGS])
fi
- AM_CONDITIONAL(WITH_LIBATM, test -n "${with_atm}")
+ AM_CONDITIONAL(WITH_LIBATM, test "x${with_atm}" != "xno")
])
])
AS_IF([test "${with_openssl}" != "no"], [
+ # if pkg-config is installed and openssl has installed a .pc file,
+ # then use that information and don't search ssldirs
+ AC_PATH_PROG([PKG_CONFIG], [pkg-config])
+ if test x"$PKG_CONFIG" != x""; then
+ OPENSSL_LDFLAGS=`$PKG_CONFIG openssl --libs-only-L 2>/dev/null`
+ if test $? = 0; then
+ OPENSSL_LIBS=`$PKG_CONFIG openssl --libs-only-l 2>/dev/null`
+ OPENSSL_INCLUDES=`$PKG_CONFIG openssl --cflags-only-I 2>/dev/null`
+ found=true
+ fi
+ fi
+ ])
+
+ AS_IF([test "${with_openssl}" != "no" && test "${found}" != "true"], [
OPENSSL_INCLUDES=
for ssldir in $ssldirs; do
AC_MSG_CHECKING([for openssl/ssl.h in $ssldir])
AC_MSG_RESULT([no])
])
done])
-
- AS_IF([test "${with_openssl}" != "no" && test ! ${found}], [
- # if pkg-config is installed and openssl has installed a .pc file,
- # then use that information and don't search ssldirs
- AC_PATH_PROG([PKG_CONFIG], [pkg-config])
- if test x"$PKG_CONFIG" != x""; then
- OPENSSL_LDFLAGS=`$PKG_CONFIG openssl --libs-only-L 2>/dev/null`
- if test $? = 0; then
- OPENSSL_LIBS=`$PKG_CONFIG openssl --libs-only-l 2>/dev/null`
- OPENSSL_INCLUDES=`$PKG_CONFIG openssl --cflags-only-I 2>/dev/null`
- found=true
- fi
- fi
- ])
- AS_IF([test "${with_openssl}" != "no" && test ${found}], [
+ AS_IF([test "${with_openssl}" != "no" && test "${found}" = "true" ], [
# try the preprocessor and linker with our new flags,
# being careful not to pollute the global LIBS, LDFLAGS, and CPPFLAGS
$1
], [
AC_MSG_RESULT([no])
- with_pam=""
+ with_pam="no"
$2
])
CPPFLAGS="$save_CPPFLAGS"
AC_SUBST([PAM_LIBS])
AC_SUBST([PAM_LDFLAGS])
fi
- AM_CONDITIONAL(WITH_LIBPAM, test -n "${with_pam}")
+ AM_CONDITIONAL(WITH_LIBPAM, test "x${with_pam}" != "xno")
])
$1
], [
AC_MSG_RESULT([no])
- with_pcap=""
+ with_pcap="no"
$2
])
CPPFLAGS="$save_CPPFLAGS"
AC_SUBST([PCAP_LDFLAGS])
fi
- AM_CONDITIONAL(WITH_PCAP, test -n "${with_pcap}")
+ AM_CONDITIONAL(WITH_PCAP, test "x${with_pcap}" != "xno")
])
$1
], [
AC_MSG_RESULT([no])
- with_srp=""
+ with_srp="no"
$2
])
CPPFLAGS="$save_CPPFLAGS"
AC_SUBST([SRP_LDFLAGS])
fi
- AM_CONDITIONAL(WITH_SRP, test -n "${with_srp}")
+ AM_CONDITIONAL(WITH_SRP, test "x${with_srp}" != "xno")
])
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
dist_man8_MANS = pppd.8
check_PROGRAMS =
-utest_chap_SOURCES = chap_ms.c pppcrypt.c utils.c
+utest_chap_SOURCES = chap_ms.c utils.c crypto_ms.c
utest_chap_CPPFLAGS = -DUNIT_TEST
utest_chap_LDFLAGS =
utest_peap_SOURCES = peap.c utils.c mppe.c
-utest_peap_CPPFLAGS = -DUNIT_TEST -I${top_srcdir}/include
+utest_peap_CPPFLAGS = -DUNIT_TEST
utest_peap_LDFLAGS =
+utest_crypto_SOURCES = crypto.c
+utest_crypto_CPPFLAGS = -DUNIT_TEST
+utest_crypto_LDFLAGS =
+
+utest_pppcrypt_SOURCES = crypto_ms.c
+utest_pppcrypt_CPPFLAGS = -DUNIT_TEST_MSCRYPTO
+utest_pppcrypt_LDFLAGS =
+
+check_PROGRAMS += utest_crypto
+
+utest_utils_SOURCES = utils.c utils_utest.c
+utest_utils_CPPFLAGS = -DUNIT_TEST
+utest_utils_LDFLAGS =
+
+check_PROGRAMS += utest_utils
+
if WITH_SRP
sbin_PROGRAMS += srp-entry
dist_man8_MANS += srp-entry.8
pppd_include_HEADERS = \
cbcp.h \
ccp.h \
- chap-md5.h \
+ chap.h \
chap_ms.h \
- chap-new.h \
+ crypto.h \
+ crypto_ms.h \
eap.h \
- eap-tls.h \
ecp.h \
eui64.h \
fsm.h \
ipcp.h \
ipv6cp.h \
- ipxcp.h \
lcp.h \
magic.h \
- md4.h \
- md5.h \
mppe.h \
- patchlevel.h \
- pathnames.h \
- peap.h \
- pppcrypt.h \
+ multilink.h \
pppd.h \
+ options.h \
pppdconf.h \
session.h \
- sha1.h \
+ upap.h
+
+# Headers to be distributed, but not installed in /usr/include/pppd
+noinst_HEADERS = \
+ chap-md5.h \
+ crypto-priv.h \
+ eap-tls.h \
+ pathnames.h \
+ peap.h \
+ pppd-private.h \
spinlock.h \
tls.h \
- tdb.h \
- upap.h
+ tdb.h
pppd_SOURCES = \
auth.c \
ccp.c \
chap-md5.c \
- chap-new.c \
+ chap.c \
demand.c \
eap.c \
ecp.c \
upap.c \
utils.c
-pppd_CPPFLAGS = -I${top_srcdir}/include -DPPPD_RUNTIME_DIR='"@PPPD_RUNTIME_DIR@"' -DPPPD_LOGFILE_DIR='"@PPPD_LOGFILE_DIR@"'
+pppd_CPPFLAGS = -DSYSCONFDIR=\"${sysconfdir}\" -DPPPD_RUNTIME_DIR='"@PPPD_RUNTIME_DIR@"' -DPPPD_LOGFILE_DIR='"@PPPD_LOGFILE_DIR@"'
pppd_LDFLAGS =
pppd_LIBS =
+if PPP_WITH_SYSTEM_CA_PATH
+pppd_CPPFLAGS += -DSYSTEM_CA_PATH='"@SYSTEM_CA_PATH@"'
+endif
+
if LINUX
-pppd_SOURCES += sys-linux.c termios_linux.h
+pppd_SOURCES += sys-linux.c
+noinst_HEADERS += termios_linux.h
pppd_LIBS += $(CRYPT_LIBS) $(UTIL_LIBS)
endif
if SUNOS
pppd_SOURCES += sys-solaris.c
+pppd_CPPFLAGS += -I${top_srcdir}/include
pppd_LIBS += -lsocket -lnsl
endif
-if WITH_CHAPMS
-pppd_SOURCES += chap_ms.c
-pppd_SOURCES += pppcrypt.c
+if PPP_WITH_CHAPMS
+pppd_SOURCES += chap_ms.c crypto_ms.c
check_PROGRAMS += utest_chap
+check_PROGRAMS += utest_pppcrypt
else
if WITH_SRP
-pppd_SOURCES += pppcrypt.c
+pppd_SOURCES += crypto_ms.c
+check_PROGRAMS += utest_pppcrypt
endif
endif
-if WITH_CBCP
+if PPP_WITH_CBCP
pppd_SOURCES += cbcp.c
endif
-if WITH_IPXCP
-pppd_SOURCES += ipxcp.c
-endif
-
-if WITH_MPPE
+if PPP_WITH_MPPE
pppd_SOURCES += mppe.c
endif
-if WITH_FILTER
+if PPP_WITH_FILTER
pppd_CPPFLAGS += $(PCAP_CFLAGS)
pppd_LDFLAGS += $(PCAP_LDFLAGS)
pppd_LIBS += $(PCAP_LIBS)
endif
-if WITH_PLUGINS
+if PPP_WITH_PLUGINS
pppd_CPPFLAGS += -DPPPD_PLUGIN_DIR='"@PPPD_PLUGIN_DIR@"'
pppd_LIBS += -ldl
if LINUX
endif
endif
-if WITH_MULTILINK
+if PPP_WITH_MULTILINK
pppd_SOURCES += multilink.c
endif
-if WITH_TDB
+if PPP_WITH_TDB
pppd_SOURCES += tdb.c spinlock.c
endif
-if WITH_INET6
+if PPP_WITH_IPV6CP
pppd_SOURCES += ipv6cp.c eui64.c
endif
-if WITH_PAM
-pppd_LIBS += -lpam -ldl
+if PPP_WITH_PAM
+pppd_CPPFLAGS += $(PAM_CFLAGS)
+pppd_LIBS += $(PAM_LIBS) -ldl
+pppd_LDFLAGS += $(PAM_LDFLAGS)
endif
-if WITH_EAPTLS
+if PPP_WITH_EAPTLS
pppd_SOURCES += eap-tls.c tls.c
else
-if WITH_PEAP
+if PPP_WITH_PEAP
pppd_SOURCES += tls.c
endif
endif
-if WITH_PEAP
+if PPP_WITH_PEAP
pppd_SOURCES += peap.c
check_PROGRAMS += utest_peap
endif
-noinst_LTLIBRARIES = libppp_crypt.la
-libppp_crypt_la_SOURCES=
+noinst_LTLIBRARIES = libppp_crypto.la
+libppp_crypto_la_SOURCES=crypto.c ppp-md5.c ppp-md4.c ppp-sha1.c ppp-des.c
-if !WITH_OPENSSL
-libppp_crypt_la_SOURCES += md4.c md5.c sha1.c
-else
-libppp_crypt_la_CPPFLAGS=$(OPENSSL_INCLUDES)
-libppp_crypt_la_LDFLAGS=$(OPENSSL_LDFLAGS)
-libppp_crypt_la_LIBADD=$(OPENSSL_LIBS)
-if !OPENSSL_HAVE_SHA
-libppp_crypt_la_SOURCES += sha1.c
-endif
-if !OPENSSL_HAVE_MD5
-libppp_crypt_la_SOURCES += md5.c
-endif
-if !OPENSSL_HAVE_MD4
-libppp_crypt_la_SOURCES += md4.c
-endif
+if PPP_WITH_OPENSSL
+libppp_crypto_la_CPPFLAGS=$(OPENSSL_INCLUDES)
+libppp_crypto_la_LDFLAGS=$(OPENSSL_LDFLAGS)
+libppp_crypto_la_LIBADD=$(OPENSSL_LIBS)
endif
-utest_peap_LDADD = libppp_crypt.la
-utest_chap_LDADD = libppp_crypt.la
-pppd_LIBS += libppp_crypt.la
+utest_peap_LDADD = libppp_crypto.la
+utest_chap_LDADD = libppp_crypto.la
+utest_crypto_LDADD = libppp_crypto.la
+utest_pppcrypt_LDADD = libppp_crypto.la
+
+pppd_LIBS += libppp_crypto.la
if WITH_SYSTEMD
-pppd_LIBS += -lsystemd
+pppd_CPPFLAGS += $(SYSTEMD_CFLAGS)
+pppd_LIBS += $(SYSTEMD_LIBS)
endif
if WITH_SRP
* 3. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
#include <systemd/sd-daemon.h>
#endif
-#include "pppd.h"
+#include "pppd-private.h"
+#include "options.h"
#include "fsm.h"
#include "lcp.h"
#include "ccp.h"
#include "ecp.h"
#include "ipcp.h"
#include "upap.h"
-#include "chap-new.h"
+#include "chap.h"
#include "eap.h"
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
#include "eap-tls.h"
#endif
-#ifdef CBCP_SUPPORT
+#ifdef PPP_WITH_CBCP
#include "cbcp.h"
#endif
+#include "multilink.h"
#include "pathnames.h"
#include "session.h"
int (*idle_time_hook)(struct ppp_idle *) = NULL;
/* Hook for a plugin to say whether we can possibly authenticate any peer */
-int (*pap_check_hook)(void) = NULL;
+pap_check_hook_fn *pap_check_hook = NULL;
/* Hook for a plugin to check the PAP user and password */
-int (*pap_auth_hook)(char *user, char *passwd, char **msgp,
- struct wordlist **paddrs,
- struct wordlist **popts) = NULL;
+pap_auth_hook_fn *pap_auth_hook = NULL;
/* Hook for a plugin to know about the PAP user logout */
-void (*pap_logout_hook)(void) = NULL;
+pap_logout_hook_fn *pap_logout_hook = NULL;
/* Hook for a plugin to get the PAP password for authenticating us */
-int (*pap_passwd_hook)(char *user, char *passwd) = NULL;
+pap_passwd_hook_fn *pap_passwd_hook = NULL;
/* Hook for a plugin to say if we can possibly authenticate a peer using CHAP */
-int (*chap_check_hook)(void) = NULL;
+chap_check_hook_fn *chap_check_hook = NULL;
/* Hook for a plugin to get the CHAP password for authenticating us */
-int (*chap_passwd_hook)(char *user, char *passwd) = NULL;
+chap_passwd_hook_fn *chap_passwd_hook = NULL;
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
/* Hook for a plugin to get the EAP-TLS password for authenticating us */
-int (*eaptls_passwd_hook)(char *user, char *passwd) = NULL;
+eaptls_passwd_hook_fn *eaptls_passwd_hook = NULL;
#endif
/* Hook for a plugin to say whether it is OK if the peer
int (*allowed_address_hook)(u_int32_t addr) = NULL;
-#ifdef HAVE_MULTILINK
-/* Hook for plugin to hear when an interface joins a multilink bundle */
-void (*multilink_join_hook)(void) = NULL;
-#endif
-
/* A notifier for when the peer has authenticated itself,
and we are proceeding to the network phase. */
struct notifier *auth_up_notifier = NULL;
bool refuse_pap = 0; /* Don't wanna auth. ourselves with PAP */
bool refuse_chap = 0; /* Don't wanna auth. ourselves with CHAP */
bool refuse_eap = 0; /* Don't wanna auth. ourselves with EAP */
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
bool refuse_mschap = 0; /* Don't wanna auth. ourselves with MS-CHAP */
bool refuse_mschap_v2 = 0; /* Don't wanna auth. ourselves with MS-CHAPv2 */
#else
bool explicit_passwd = 0; /* Set if "password" option supplied */
char remote_name[MAXNAMELEN]; /* Peer's name for authentication */
-#if defined(USE_EAPTLS) || defined(USE_PEAP)
+#if defined(PPP_WITH_EAPTLS) || defined(PPP_WITH_PEAP)
char *cacert_file = NULL; /* CA certificate file (pem format) */
char *ca_path = NULL; /* Directory with CA certificates */
char *crl_dir = NULL; /* Directory containing CRL files */
bool tls_verify_key_usage = 0; /* Verify peer certificate key usage */
#endif
-#if defined(USE_EAPTLS)
+#if defined(PPP_WITH_EAPTLS)
char *cert_file = NULL; /* Client certificate file (pem format) */
char *privkey_file = NULL; /* Client private key file (pem format) */
char *pkcs12_file = NULL; /* Client private key envelope file (pkcs12 format) */
static int have_srp_secret(char *client, char *server, int need_ip,
int *lacks_ipp);
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
static int have_eaptls_secret_server
(char *client, char *server, int need_ip, int *lacks_ipp);
static int have_eaptls_secret_client (char *client, char *server);
static int set_permitted_number (char **);
static void check_access (FILE *, char *);
static int wordlist_count (struct wordlist *);
-
-#ifdef MAXOCTETS
static void check_maxoctets (void *);
-#endif
/*
* Authentication-related options.
*/
-option_t auth_options[] = {
+struct option auth_options[] = {
{ "auth", o_bool, &auth_required,
"Require authentication from peer", OPT_PRIO | 1 },
{ "noauth", o_bool, &auth_required,
"Require CHAP authentication from peer",
OPT_ALIAS | OPT_PRIOSUB | OPT_A2OR | MDTYPE_MD5,
&lcp_wantoptions[0].chap_mdtype },
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
{ "require-mschap", o_bool, &auth_required,
"Require MS-CHAP authentication from peer",
OPT_PRIOSUB | OPT_A2OR | MDTYPE_MICROSOFT,
"Don't allow CHAP authentication with peer",
OPT_ALIAS | OPT_A2CLRB | MDTYPE_MD5,
&lcp_allowoptions[0].chap_mdtype },
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
{ "refuse-mschap", o_bool, &refuse_mschap,
"Don't agree to auth to peer with MS-CHAP",
OPT_A2CLRB | MDTYPE_MICROSOFT,
"Set telephone number(s) which are allowed to connect",
OPT_PRIV | OPT_A2LIST },
-#if defined(USE_EAPTLS) || defined(USE_PEAP)
+#if defined(PPP_WITH_EAPTLS) || defined(PPP_WITH_PEAP)
{ "ca", o_string, &cacert_file, "CA certificate in PEM format" },
{ "capath", o_string, &ca_path, "TLS CA certificate directory" },
{ "crl-dir", o_string, &crl_dir, "Use CRLs in directory" },
"Verify peer by method (none|subject|name|suffix)" },
#endif
-#if defined(USE_EAPTLS)
+#if defined(PPP_WITH_EAPTLS)
{ "cert", o_string, &cert_file, "client certificate in PEM format" },
{ "key", o_string, &privkey_file, "client private key in PEM format" },
{ "pkcs12", o_string, &pkcs12_file, "EAP-TLS client credentials in PKCS12 format" },
{ "need-peer-eap", o_bool, &need_peer_eap,
"Require the peer to authenticate us", 1 },
-#endif
+#endif /* PPP_WITH_EAPTLS */
{ NULL }
};
+const char *
+ppp_remote_name()
+{
+ return remote_name;
+}
+
+const char *
+ppp_get_remote_number(void)
+{
+ return remote_number;
+}
+
+void
+ppp_set_remote_number(const char *buf)
+{
+ if (buf) {
+ strlcpy(remote_number, buf, sizeof(remote_number));
+ }
+}
+
+const char *
+ppp_peer_authname(char *buf, size_t bufsz)
+{
+ if (buf && bufsz > 0) {
+ strlcpy(buf, peer_authname, bufsz);
+ return buf;
+ }
+ return peer_authname;
+}
+
/*
* setupapfile - specifies UPAP info for authenticating with peer.
*/
novm("+ua file name");
euid = geteuid();
if (seteuid(getuid()) == -1) {
- option_error("unable to reset uid before opening %s: %m", fname);
+ ppp_option_error("unable to reset uid before opening %s: %m", fname);
free(fname);
return 0;
}
if (seteuid(euid) == -1)
fatal("unable to regain privileges: %m");
if (ufile == NULL) {
- option_error("unable to open user login data file %s", fname);
+ ppp_option_error("unable to open user login data file %s", fname);
free(fname);
return 0;
}
if (fgets(u, MAXNAMELEN - 1, ufile) == NULL
|| fgets(p, MAXSECRETLEN - 1, ufile) == NULL) {
fclose(ufile);
- option_error("unable to read user login data file %s", fname);
+ ppp_option_error("unable to read user login data file %s", fname);
free(fname);
return 0;
}
g = getgrnam(*argv);
if (g == 0) {
- option_error("group %s is unknown", *argv);
+ ppp_option_error("group %s is unknown", *argv);
return 0;
}
for (i = 0; i < ngroups; ++i) {
*/
void start_link(int unit)
{
- status = EXIT_CONNECT_FAILED;
+ ppp_set_status(EXIT_CONNECT_FAILED);
new_phase(PHASE_SERIALCONN);
hungup = 0;
*/
fd_ppp = the_channel->establish_ppp(devfd);
if (fd_ppp < 0) {
- status = EXIT_FATAL_ERROR;
+ ppp_set_status(EXIT_FATAL_ERROR);
goto disconnect;
}
* incoming events (reply, timeout, etc.).
*/
if (ifunit >= 0)
- notice("Connect: %s <--> %s", ifname, ppp_devnam);
+ notice("Connect: %s <--> %s", ifname, ppp_devname);
else
- notice("Starting negotiation on %s", ppp_devnam);
+ notice("Starting negotiation on %s", ppp_devname);
add_fd(fd_ppp);
- status = EXIT_NEGOTIATION_FAILED;
+ ppp_set_status(EXIT_NEGOTIATION_FAILED);
new_phase(PHASE_ESTABLISH);
lcp_lowerup(0);
void
link_terminated(int unit)
{
- if (phase == PHASE_DEAD || phase == PHASE_MASTER)
+ if (in_phase(PHASE_DEAD) || in_phase(PHASE_MASTER))
return;
new_phase(PHASE_DISCONNECT);
}
session_end(devnam);
- if (!doing_multilink) {
+ if (!mp_on()) {
notice("Connection terminated.");
print_link_stats();
} else
* can happen that another pppd gets the same unit and then
* we delete its pid file.
*/
- if (!doing_multilink && !demand)
+ if (!demand && !mp_on())
remove_pidfiles();
-
/*
* If we may want to bring the link up again, transfer
* the ppp unit back to the loopback. Set the
remove_fd(fd_ppp);
clean_check();
the_channel->disestablish_ppp(devfd);
- if (doing_multilink)
+ if (mp_on())
mp_exit_bundle();
fd_ppp = -1;
}
if (!hungup)
lcp_lowerdown(0);
- if (!doing_multilink && !demand)
- script_unsetenv("IFNAME");
+ if (!mp_on() && !demand)
+ ppp_script_unsetenv("IFNAME");
/*
* Run disconnector script, if requested.
if (the_channel->cleanup)
(*the_channel->cleanup)();
- if (doing_multilink && multilink_master) {
+ if (mp_on() && mp_master()) {
if (!bundle_terminating) {
new_phase(PHASE_MASTER);
if (master_detach && !detached)
notify(link_down_notifier, 0);
auth_state = s_down;
if (auth_script_state == s_up && auth_script_pid == 0) {
- update_link_stats(unit);
+ ppp_get_link_stats(NULL);
auth_script_state = s_down;
- auth_script(_PATH_AUTHDOWN);
+ auth_script(PPP_PATH_AUTHDOWN);
}
}
- if (!doing_multilink) {
+ if (!mp_on())
+ {
upper_layers_down(unit);
- if (phase != PHASE_DEAD && phase != PHASE_MASTER)
+ if (!in_phase(PHASE_DEAD) && !in_phase(PHASE_MASTER))
new_phase(PHASE_ESTABLISH);
}
/* XXX if doing_multilink, should do something to stop
lcp_options *wo = &lcp_wantoptions[unit];
lcp_options *go = &lcp_gotoptions[unit];
lcp_options *ho = &lcp_hisoptions[unit];
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
lcp_options *ao = &lcp_allowoptions[unit];
#endif
int i;
/*
* Tell higher-level protocols that LCP is up.
*/
- if (!doing_multilink) {
+ if (!mp_on())
for (i = 0; (protp = protocols[i]) != NULL; ++i)
if (protp->protocol != PPP_LCP && protp->enabled_flag
&& protp->lowerup != NULL)
(*protp->lowerup)(unit);
- }
-
if (!auth_required && noauth_addrs != NULL)
set_allowed_addrs(unit, NULL, NULL);
set_allowed_addrs(unit, NULL, NULL);
} else if (!wo->neg_upap || uselogin || !null_login(unit)) {
warn("peer refused to authenticate: terminating link");
- status = EXIT_PEER_AUTH_FAILED;
+ ppp_set_status(EXIT_PEER_AUTH_FAILED);
lcp_close(unit, "peer refused to authenticate");
return;
}
}
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
if (need_peer_eap && !ao->neg_eap) {
warn("eap required to authenticate us but no suitable secrets");
lcp_close(unit, "couldn't negotiate eap");
- status = EXIT_AUTH_TOPEER_FAILED;
+ ppp_set_status(EXIT_AUTH_TOPEER_FAILED);
return;
}
if (need_peer_eap && !ho->neg_eap) {
warn("peer doesn't want to authenticate us with eap");
lcp_close(unit, "couldn't negotiate eap");
- status = EXIT_PEER_AUTH_FAILED;
+ ppp_set_status(EXIT_PEER_AUTH_FAILED);
return;
}
#endif
auth_state = s_up;
if (auth_script_state == s_down && auth_script_pid == 0) {
auth_script_state = s_up;
- auth_script(_PATH_AUTHUP);
+ auth_script(PPP_PATH_AUTHUP);
}
}
-#ifdef CBCP_SUPPORT
+#ifdef PPP_WITH_CBCP
/*
* If we negotiated callback, do it now.
*/
new_phase(PHASE_NETWORK);
-#ifdef HAVE_MULTILINK
+#ifdef PPP_WITH_MULTILINK
if (multilink) {
if (mp_join_bundle()) {
if (multilink_join_hook)
return;
}
}
-#endif /* HAVE_MULTILINK */
+#endif /* PPP_WITH_MULTILINK */
-#ifdef PPP_FILTER
+#ifdef PPP_WITH_FILTER
if (!demand)
set_filters(&pass_filter, &active_filter);
#endif
/*
* Authentication failure: take the link down
*/
- status = EXIT_PEER_AUTH_FAILED;
+ ppp_set_status(EXIT_PEER_AUTH_FAILED);
lcp_close(unit, "Authentication failed");
}
case CHAP_MD5:
bit |= CHAP_MD5_PEER;
break;
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
case CHAP_MICROSOFT:
bit |= CHAP_MS_PEER;
break;
namelen = sizeof(peer_authname) - 1;
BCOPY(name, peer_authname, namelen);
peer_authname[namelen] = 0;
- script_setenv("PEERNAME", peer_authname, 0);
+ ppp_script_setenv("PEERNAME", peer_authname, 0);
/* Save the authentication method for later. */
auth_done[unit] |= bit;
* is no point in persisting without any way to get updated
* authentication secrets.
*/
- status = EXIT_AUTH_TOPEER_FAILED;
+ ppp_set_status(EXIT_AUTH_TOPEER_FAILED);
lcp_close(unit, "Failed to authenticate ourselves to peer");
}
case CHAP_MD5:
bit |= CHAP_MD5_WITHPEER;
break;
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
case CHAP_MICROSOFT:
bit |= CHAP_MS_WITHPEER;
break;
/*
* At this point we consider that the link has come up successfully.
*/
- status = EXIT_OK;
+ ppp_set_status(EXIT_OK);
unsuccess = 0;
new_phase(PHASE_RUNNING);
if (idle_time_hook != 0)
tlim = (*idle_time_hook)(NULL);
else
- tlim = idle_time_limit;
+ tlim = ppp_get_max_idle_time();
if (tlim > 0)
TIMEOUT(check_idle, NULL, tlim);
* Set a timeout to close the connection once the maximum
* connect time has expired.
*/
- if (maxconnect > 0)
- TIMEOUT(connect_time_expired, 0, maxconnect);
+ if (ppp_get_max_connect_time() > 0)
+ TIMEOUT(connect_time_expired, 0, ppp_get_max_connect_time());
-#ifdef MAXOCTETS
+ /*
+ * Configure a check to see if session has outlived it's limit
+ * in terms of octets
+ */
if (maxoctets > 0)
TIMEOUT(check_maxoctets, NULL, maxoctets_timeout);
-#endif
/*
* Detach now, if the updetach option was given.
if (--num_np_up == 0) {
UNTIMEOUT(check_idle, NULL);
UNTIMEOUT(connect_time_expired, NULL);
-#ifdef MAXOCTETS
UNTIMEOUT(check_maxoctets, NULL);
-#endif
new_phase(PHASE_NETWORK);
}
}
}
}
-#ifdef MAXOCTETS
+/*
+ * Periodic callback to check if session has reached its limit. The period defaults
+ * to 1 second and is configurable by setting "mo-timeout" in configuration
+ */
static void
check_maxoctets(void *arg)
{
- unsigned int used;
-
- update_link_stats(ifunit);
- link_stats_valid=0;
-
- switch(maxoctets_dir) {
- case PPP_OCTETS_DIRECTION_IN:
- used = link_stats.bytes_in;
- break;
- case PPP_OCTETS_DIRECTION_OUT:
- used = link_stats.bytes_out;
- break;
- case PPP_OCTETS_DIRECTION_MAXOVERAL:
- case PPP_OCTETS_DIRECTION_MAXSESSION:
- used = (link_stats.bytes_in > link_stats.bytes_out) ? link_stats.bytes_in : link_stats.bytes_out;
- break;
- default:
- used = link_stats.bytes_in+link_stats.bytes_out;
- break;
+ unsigned int used = 0;
+ ppp_link_stats_st stats;
+
+ if (ppp_get_link_stats(&stats)) {
+ switch(maxoctets_dir) {
+ case PPP_OCTETS_DIRECTION_IN:
+ used = stats.bytes_in;
+ break;
+ case PPP_OCTETS_DIRECTION_OUT:
+ used = stats.bytes_out;
+ break;
+ case PPP_OCTETS_DIRECTION_MAXOVERAL:
+ case PPP_OCTETS_DIRECTION_MAXSESSION:
+ used = (stats.bytes_in > stats.bytes_out)
+ ? stats.bytes_in
+ : stats.bytes_out;
+ break;
+ default:
+ used = stats.bytes_in+stats.bytes_out;
+ break;
+ }
}
+
if (used > maxoctets) {
notice("Traffic limit reached. Limit: %u Used: %u", maxoctets, used);
- status = EXIT_TRAFFIC_LIMIT;
+ ppp_set_status(EXIT_TRAFFIC_LIMIT);
lcp_close(0, "Traffic limit");
+ link_stats_print = 0;
need_holdoff = 0;
} else {
TIMEOUT(check_maxoctets, NULL, maxoctets_timeout);
}
}
-#endif
/*
* check_idle - check whether the link has been idle for long
tlim = idle_time_hook(&idle);
} else {
itime = MIN(idle.xmit_idle, idle.recv_idle);
- tlim = idle_time_limit - itime;
+ tlim = ppp_get_max_idle_time() - itime;
}
if (tlim <= 0) {
/* link is idle: shut it down. */
notice("Terminating connection due to lack of activity.");
- status = EXIT_IDLE_TIMEOUT;
+ ppp_set_status(EXIT_IDLE_TIMEOUT);
lcp_close(0, "Link inactive");
need_holdoff = 0;
} else {
connect_time_expired(void *arg)
{
info("Connect time expired");
- status = EXIT_CONNECT_TIME;
+ ppp_set_status(EXIT_CONNECT_TIME);
lcp_close(0, "Connect time expired"); /* Close connection */
}
/* Default our_name to hostname, and user to our_name */
if (our_name[0] == 0 || usehostname)
- strlcpy(our_name, hostname, sizeof(our_name));
+ strlcpy(our_name, hostname, sizeof(our_name));
+
/* If a blank username was explicitly given as an option, trust
the user and don't use our_name */
if (user[0] == 0 && !explicit_user)
strlcpy(user, our_name, sizeof(user));
+#if defined(SYSTEM_CA_PATH) && (defined(PPP_WITH_EAPTLS) || defined(PPP_WITH_PEAP))
+ /* Use system default for CA Path if not specified */
+ if (!ca_path) {
+ ca_path = SYSTEM_CA_PATH;
+ }
+#endif
+
/*
* If we have a default route, require the peer to authenticate
* unless the noauth option was given or the real user is root.
our_name, 1, &lacks_ip);
}
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
if (!can_auth && wo->neg_eap) {
can_auth =
have_eaptls_secret_server((explicit_remote ? remote_name :
if (auth_required && !can_auth && noauth_addrs == NULL) {
if (default_auth) {
- option_error(
+ ppp_option_error(
"By default the remote system is required to authenticate itself");
- option_error(
+ ppp_option_error(
"(because this system has a default route to the internet)");
} else if (explicit_remote)
- option_error(
+ ppp_option_error(
"The remote system (%s) is required to authenticate itself",
remote_name);
else
- option_error(
+ ppp_option_error(
"The remote system is required to authenticate itself");
- option_error(
+ ppp_option_error(
"but I couldn't find any suitable secret (password) for it to use to do so.");
if (lacks_ip)
- option_error(
+ ppp_option_error(
"(None of the available passwords would let it use an IP address.)");
exit(1);
(hadchap == 1 || (hadchap == -1 && have_chap_secret(user,
(explicit_remote? remote_name: NULL), 0, NULL))) ||
have_srp_secret(user, (explicit_remote? remote_name: NULL), 0, NULL)
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
|| have_eaptls_secret_client(user, (explicit_remote? remote_name: NULL))
#endif
);
1, NULL))) &&
!have_srp_secret((explicit_remote? remote_name: NULL), our_name, 1,
NULL)
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
&& !have_eaptls_secret_server((explicit_remote? remote_name: NULL),
our_name, 1, NULL)
#endif
* Open the file of pap secrets and scan for a suitable secret
* for authenticating this user.
*/
- filename = _PATH_UPAPFILE;
+ filename = PPP_PATH_UPAPFILE;
addrs = opts = NULL;
ret = UPAP_AUTHNAK;
f = fopen(filename, "r");
* Open the file of pap secrets and scan for a suitable secret.
*/
if (ret <= 0) {
- filename = _PATH_UPAPFILE;
+ filename = PPP_PATH_UPAPFILE;
addrs = NULL;
f = fopen(filename, "r");
if (f == NULL)
return ret;
}
- filename = _PATH_UPAPFILE;
+ filename = PPP_PATH_UPAPFILE;
f = fopen(filename, "r");
if (f == NULL)
return 0;
return ret;
}
- filename = _PATH_UPAPFILE;
+ filename = PPP_PATH_UPAPFILE;
f = fopen(filename, "r");
if (f == NULL)
return 0;
}
}
- filename = _PATH_CHAPFILE;
+ filename = PPP_PATH_CHAPFILE;
f = fopen(filename, "r");
if (f == NULL)
return 0;
char *filename;
struct wordlist *addrs;
- filename = _PATH_SRPFILE;
+ filename = PPP_PATH_SRPFILE;
f = fopen(filename, "r");
if (f == NULL)
return 0;
return 0;
}
} else {
- filename = _PATH_CHAPFILE;
+ filename = PPP_PATH_CHAPFILE;
addrs = NULL;
secbuf[0] = 0;
if (!am_server && passwd[0] != '\0') {
strlcpy(secret, passwd, MAXWORDLEN);
} else {
- filename = _PATH_SRPFILE;
+ filename = PPP_PATH_SRPFILE;
addrs = NULL;
fp = fopen(filename, "r");
int ok;
/* don't allow loopback or multicast address */
- if (bad_ip_adrs(addr))
+ if (ppp_bad_ip_addr(addr))
return 0;
if (allowed_address_hook) {
}
/*
- * bad_ip_adrs - return 1 if the IP address is one we don't want
- * to use, such as an address in the loopback net or a multicast address.
- * addr is in network byte order.
+ * Check if given addr in network byte order is in the looback network, or a multicast address.
*/
-int
-bad_ip_adrs(u_int32_t addr)
+bool
+ppp_bad_ip_addr(u_int32_t addr)
{
addr = ntohl(addr);
return (addr >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET
case s_up:
if (auth_state == s_down) {
auth_script_state = s_down;
- auth_script(_PATH_AUTHDOWN);
+ auth_script(PPP_PATH_AUTHDOWN);
}
break;
case s_down:
if (auth_state == s_up) {
auth_script_state = s_up;
- auth_script(_PATH_AUTHUP);
+ auth_script(PPP_PATH_AUTHUP);
}
break;
}
argv[3] = user_name;
argv[4] = devnam;
argv[5] = strspeed;
- argv[6] = NULL;
+ argv[6] = ipparam;
+ argv[7] = NULL;
auth_script_pid = run_program(script, argv, 0, auth_script_done, NULL, 0);
}
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
static int
have_eaptls_secret_server(char *client, char *server,
int need_ip, int *lacks_ipp)
char cacertfile[MAXWORDLEN];
char pkfile[MAXWORDLEN];
- filename = _PATH_EAPTLSSERVFILE;
+ filename = PPP_PATH_EAPTLSSERVFILE;
f = fopen(filename, "r");
if (f == NULL)
return 0;
if (pkcs12_file)
return 1;
- filename = _PATH_EAPTLSCLIFILE;
+ filename = PPP_PATH_EAPTLSCLIFILE;
f = fopen(filename, "r");
if (f == NULL)
return 0;
}
else
{
- filename = (am_server ? _PATH_EAPTLSSERVFILE : _PATH_EAPTLSCLIFILE);
+ filename = (am_server ? PPP_PATH_EAPTLSSERVFILE : PPP_PATH_EAPTLSCLIFILE);
addrs = NULL;
fp = fopen(filename, "r");
#include <sys/types.h>
#include <sys/time.h>
-#include "pppd.h"
+#include "pppd-private.h"
#include "cbcp.h"
#include "fsm.h"
#include "lcp.h"
+#include "options.h"
/*
*/
static int setcbcp (char **);
-static option_t cbcp_option_list[] = {
+static struct option cbcp_option_list[] = {
{ "callback", o_special, (void *)setcbcp,
"Ask for callback", OPT_PRIO | OPT_A2STRVAL, &cbcp[0].us_number },
{ NULL }
cbcp_up(cbcp_state *us)
{
persist = 0;
- status = EXIT_CALLBACK;
+ ppp_set_status(EXIT_CALLBACK);
lcp_close(0, "Call me back, please");
}
-#ifndef CBCP_H
-#define CBCP_H
+/*
+ * Copyright (c) 1995 Pedro Roque Marques. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The names of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * 4. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by Pedro Roque Marques
+ * <pedro_m@yahoo.com>"
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#ifndef PPP_CBCP_H
+#define PPP_CBCP_H
#include "pppdconf.h"
+#ifdef __cplusplus
+extern "C" {
+#endif
+
typedef struct cbcp_state {
int us_unit; /* Interface unit number */
u_char us_id; /* Current id */
#define CB_CONF_USER 2
#define CB_CONF_ADMIN 3
#define CB_CONF_LIST 4
+
+#ifdef __cplusplus
+}
#endif
+
+#endif // PPP_CBCP_H
* 3. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
#include <stdlib.h>
#include <string.h>
+#if defined(SOL2)
+#include <net/ppp-comp.h>
+#else
+#include <linux/ppp-comp.h>
+#endif
-#include "pppd.h"
+#include "pppd-private.h"
+#include "options.h"
#include "fsm.h"
#include "ccp.h"
-#include <net/ppp-comp.h>
#include "chap_ms.h"
#include "mppe.h"
/*
* Option variables.
*/
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
bool refuse_mppe_stateful = 1; /* Allow stateful mode? */
#endif
-static option_t ccp_option_list[] = {
+static struct option ccp_option_list[] = {
{ "noccp", o_bool, &ccp_protent.enabled_flag,
"Disable CCP negotiation" },
{ "-ccp", o_bool, &ccp_protent.enabled_flag,
"don't allow Predictor-1", OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLR,
&ccp_allowoptions[0].predictor_1 },
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
/* MPPE options are symmetrical ... we only set wantoptions here */
{ "require-mppe", o_bool, &ccp_wantoptions[0].mppe,
"require MPPE encryption",
abits = strtol(str, &endp, 0);
}
if (*endp != 0 || endp == str) {
- option_error("invalid parameter '%s' for bsdcomp option", *argv);
+ ppp_option_error("invalid parameter '%s' for bsdcomp option", *argv);
return 0;
}
if ((rbits != 0 && (rbits < BSD_MIN_BITS || rbits > BSD_MAX_BITS))
|| (abits != 0 && (abits < BSD_MIN_BITS || abits > BSD_MAX_BITS))) {
- option_error("bsdcomp option values must be 0 or %d .. %d",
+ ppp_option_error("bsdcomp option values must be 0 or %d .. %d",
BSD_MIN_BITS, BSD_MAX_BITS);
return 0;
}
abits = strtol(str, &endp, 0);
}
if (*endp != 0 || endp == str) {
- option_error("invalid parameter '%s' for deflate option", *argv);
+ ppp_option_error("invalid parameter '%s' for deflate option", *argv);
return 0;
}
if ((rbits != 0 && (rbits < DEFLATE_MIN_SIZE || rbits > DEFLATE_MAX_SIZE))
|| (abits != 0 && (abits < DEFLATE_MIN_SIZE
|| abits > DEFLATE_MAX_SIZE))) {
- option_error("deflate option values must be 0 or %d .. %d",
+ ppp_option_error("deflate option values must be 0 or %d .. %d",
DEFLATE_MIN_SIZE, DEFLATE_MAX_SIZE);
return 0;
}
fsm_input(f, p, len);
if (oldstate == OPENED && p[0] == TERMREQ && f->state != OPENED) {
notice("Compression disabled by peer.");
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
if (ccp_gotoptions[unit].mppe) {
error("MPPE disabled, closing LCP");
lcp_close(unit, "MPPE disabled by peer");
ccp_flags_set(unit, 0, 0);
fsm_lowerdown(&ccp_fsm[unit]);
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
if (ccp_gotoptions[unit].mppe) {
error("MPPE required but peer negotiation failed");
lcp_close(unit, "MPPE required but peer negotiation failed");
*go = ccp_wantoptions[f->unit];
all_rejected[f->unit] = 0;
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
if (go->mppe) {
ccp_options *ao = &ccp_allowoptions[f->unit];
int auth_mschap_bits = auth_done[f->unit];
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
int auth_eap_bits = auth_done[f->unit];
#endif
int numbits;
return;
}
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
/*
* MPPE is also possible in combination with EAP-TLS.
* It is not possible to detect if we're doing EAP or EAP-TLS
ao->predictor_2 = go->predictor_2 = 0;
ao->deflate = go->deflate = 0;
}
-#endif /* MPPE */
/*
* Check whether the kernel knows about the various
* compression methods we might request.
*/
-#ifdef MPPE
if (go->mppe) {
opt_buf[0] = CI_MPPE;
opt_buf[1] = CILEN_MPPE;
lcp_close(f->unit, "MPPE required but not available");
}
}
-#endif
+#endif /* PPP_WITH_MPPE */
if (go->bsd_compress) {
opt_buf[0] = CI_BSD_COMPRESS;
opt_buf[1] = CILEN_BSD_COMPRESS;
* preference order. Get the kernel to allocate the first one
* in case it gets Acked.
*/
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
if (go->mppe) {
u_char opt_buf[CILEN_MPPE + MPPE_MAX_KEY_LEN];
ccp_options *go = &ccp_gotoptions[f->unit];
u_char *p0 = p;
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
if (go->mppe) {
u_char opt_buf[CILEN_MPPE];
memset(&no, 0, sizeof(no));
try = *go;
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
if (go->mppe && len >= CILEN_MPPE
&& p[0] == CI_MPPE && p[1] == CILEN_MPPE) {
no.mppe = 1;
lcp_close(f->unit, "MPPE required but peer negotiation failed");
}
}
-#endif /* MPPE */
+#endif /* PPP_WITH_MPPE */
if (go->deflate && len >= CILEN_DEFLATE
&& p[0] == (go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT)
&& p[1] == CILEN_DEFLATE) {
if (len == 0 && all_rejected[f->unit])
return -1;
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
if (go->mppe && len >= CILEN_MPPE
&& p[0] == CI_MPPE && p[1] == CILEN_MPPE) {
error("MPPE required but peer refused");
int len, clen, type, nb;
ccp_options *ho = &ccp_hisoptions[f->unit];
ccp_options *ao = &ccp_allowoptions[f->unit];
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
bool rej_for_ci_mppe = 1; /* Are we rejecting based on a bad/missing */
/* CI_MPPE, or due to other options? */
#endif
clen = p[1];
switch (type) {
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
case CI_MPPE:
if (!ao->mppe || clen != CILEN_MPPE) {
newret = CONFREJ;
* because MPPE frames **grow**. The kernel [must]
* allocate MPPE_PAD extra bytes in xmit buffers.
*/
- mtu = netif_get_mtu(f->unit);
+ mtu = ppp_get_mtu(f->unit);
if (mtu)
- netif_set_mtu(f->unit, mtu - MPPE_PAD);
+ ppp_set_mtu(f->unit, mtu - MPPE_PAD);
else
newret = CONFREJ;
}
*/
rej_for_ci_mppe = 0;
break;
-#endif /* MPPE */
+#endif /* PPP_WITH_MPPE */
case CI_DEFLATE:
case CI_DEFLATE_DRAFT:
if (!ao->deflate || clen != CILEN_DEFLATE
else
*lenp = retp - p0;
}
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
if (ret == CONFREJ && ao->mppe && rej_for_ci_mppe) {
error("MPPE required but peer negotiation failed");
lcp_close(f->unit, "MPPE required but peer negotiation failed");
if (!ANY_COMPRESS(*opt))
return "(none)";
switch (opt->method) {
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
case CI_MPPE:
{
char *p = result;
notice("%s receive compression enabled", method_name(go, NULL));
} else if (ANY_COMPRESS(*ho))
notice("%s transmit compression enabled", method_name(ho, NULL));
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
if (go->mppe) {
mppe_clear_keys();
continue_networks(f->unit); /* Bring up IP et al */
UNTIMEOUT(ccp_rack_timeout, f);
ccp_localstate[f->unit] = 0;
ccp_flags_set(f->unit, 1, 0);
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
if (ccp_gotoptions[f->unit].mppe) {
ccp_gotoptions[f->unit].mppe = 0;
if (lcp_fsm[f->unit].state == OPENED) {
len -= optlen;
optend = p + optlen;
switch (code) {
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
case CI_MPPE:
if (optlen >= CILEN_MPPE) {
u_char mppe_opts;
*/
error("Lost compression sync: disabling compression");
ccp_close(unit, "Lost compression sync");
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
/*
* If we were doing MPPE, we must also take the link down.
*/
* 3. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
*
* $Id: ccp.h,v 1.12 2004/11/04 10:02:26 paulus Exp $
*/
+#ifndef PPP_CCP_H
+#define PPP_CCP_H
+
#include "pppdconf.h"
+#ifdef __cplusplus
+extern "C" {
+#endif
+
typedef struct ccp_options {
bool bsd_compress; /* do BSD Compress? */
bool deflate; /* do Deflate? */
bool predictor_2; /* do Predictor-2? */
bool deflate_correct; /* use correct code for deflate? */
bool deflate_draft; /* use draft RFC code for deflate? */
- u_char mppe; /* MPPE bitfield */
- u_short bsd_bits; /* # bits/code for BSD Compress */
- u_short deflate_size; /* lg(window size) for Deflate */
+ unsigned char mppe; /* MPPE bitfield */
+ unsigned short bsd_bits; /* # bits/code for BSD Compress */
+ unsigned short deflate_size; /* lg(window size) for Deflate */
short method; /* code for chosen compression method */
} ccp_options;
extern ccp_options ccp_hisoptions[];
extern struct protent ccp_protent;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // PPP_CCP_H
* 3. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
#include <stdlib.h>
#include <string.h>
-#include "pppd.h"
-#include "chap-new.h"
+#include "pppd-private.h"
+#include "chap.h"
#include "chap-md5.h"
#include "magic.h"
-#include "md5.h"
+#include "crypto.h"
-#define MD5_HASH_SIZE 16
#define MD5_MIN_CHALLENGE 16
#define MD5_MAX_CHALLENGE 24
unsigned char *challenge, unsigned char *response,
char *message, int message_space)
{
- MD5_CTX ctx;
unsigned char idbyte = id;
- unsigned char hash[MD5_HASH_SIZE];
+ unsigned char hash[MD5_DIGEST_LENGTH];
+ unsigned int hash_len = MD5_DIGEST_LENGTH;
int challenge_len, response_len;
+ bool success = 0;
challenge_len = *challenge++;
response_len = *response++;
- if (response_len == MD5_HASH_SIZE) {
+ if (response_len == MD5_DIGEST_LENGTH) {
+
/* Generate hash of ID, secret, challenge */
- MD5_Init(&ctx);
- MD5_Update(&ctx, &idbyte, 1);
- MD5_Update(&ctx, secret, secret_len);
- MD5_Update(&ctx, challenge, challenge_len);
- MD5_Final(hash, &ctx);
-
- /* Test if our hash matches the peer's response */
- if (memcmp(hash, response, MD5_HASH_SIZE) == 0) {
- slprintf(message, message_space, "Access granted");
- return 1;
+ PPP_MD_CTX* ctx = PPP_MD_CTX_new();
+ if (ctx) {
+
+ if (PPP_DigestInit(ctx, PPP_md5())) {
+
+ if (PPP_DigestUpdate(ctx, &idbyte, 1)) {
+
+ if (PPP_DigestUpdate(ctx, secret, secret_len)) {
+
+ if (PPP_DigestUpdate(ctx, challenge, challenge_len)) {
+
+ if (PPP_DigestFinal(ctx, hash, &hash_len)) {
+
+ success = 1;
+ }
+ }
+ }
+ }
+ }
+ PPP_MD_CTX_free(ctx);
}
}
+ if (success && memcmp(hash, response, hash_len) == 0) {
+ slprintf(message, message_space, "Access granted");
+ return 1;
+ }
slprintf(message, message_space, "Access denied");
return 0;
}
unsigned char *challenge, char *secret, int secret_len,
unsigned char *private)
{
- MD5_CTX ctx;
unsigned char idbyte = id;
int challenge_len = *challenge++;
+ int hash_len = MD5_DIGEST_LENGTH;
- MD5_Init(&ctx);
- MD5_Update(&ctx, &idbyte, 1);
- MD5_Update(&ctx, (u_char *)secret, secret_len);
- MD5_Update(&ctx, challenge, challenge_len);
- MD5_Final(&response[1], &ctx);
- response[0] = MD5_HASH_SIZE;
+ PPP_MD_CTX* ctx = PPP_MD_CTX_new();
+ if (ctx) {
+
+ if (PPP_DigestInit(ctx, PPP_md5())) {
+
+ if (PPP_DigestUpdate(ctx, &idbyte, 1)) {
+
+ if (PPP_DigestUpdate(ctx, secret, secret_len)) {
+
+ if (PPP_DigestUpdate(ctx, challenge, challenge_len)) {
+
+ if (PPP_DigestFinal(ctx, &response[1], &hash_len)) {
+
+ response[0] = hash_len;
+ }
+ }
+ }
+ }
+ }
+ PPP_MD_CTX_free(ctx);
+ }
}
static struct chap_digest_type md5_digest = {
* 3. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+
+#ifndef PPP_CHAP_MD5_H
+#define PPP_CHAP_MD5_H
+
#include "pppdconf.h"
extern void chap_md5_init(void);
+
+#endif
+++ /dev/null
-/*
- * chap-new.c - New CHAP implementation.
- *
- * Copyright (c) 2003 Paul Mackerras. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. The name(s) of the authors of this software must not be used to
- * endorse or promote products derived from this software without
- * prior written permission.
- *
- * 3. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
- *
- * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
- * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
- * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
- * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
- * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#define RCSID "$Id: chap-new.c,v 1.9 2007/06/19 02:08:35 carlsonj Exp $"
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include <stdlib.h>
-#include <string.h>
-#include "pppd.h"
-#include "session.h"
-#include "chap-new.h"
-#include "chap-md5.h"
-
-#ifdef CHAPMS
-#include "chap_ms.h"
-#define MDTYPE_ALL (MDTYPE_MICROSOFT_V2 | MDTYPE_MICROSOFT | MDTYPE_MD5)
-#else
-#define MDTYPE_ALL (MDTYPE_MD5)
-#endif
-
-int chap_mdtype_all = MDTYPE_ALL;
-
-/* Hook for a plugin to validate CHAP challenge */
-int (*chap_verify_hook)(char *name, char *ourname, int id,
- struct chap_digest_type *digest,
- unsigned char *challenge, unsigned char *response,
- char *message, int message_space) = NULL;
-
-/*
- * Option variables.
- */
-int chap_server_timeout_time = 3;
-int chap_max_transmits = 10;
-int chap_rechallenge_time = 0;
-int chap_client_timeout_time = 60;
-int chapms_strip_domain = 0;
-
-/*
- * Command-line options.
- */
-static option_t chap_option_list[] = {
- { "chap-restart", o_int, &chap_server_timeout_time,
- "Set timeout for CHAP (as server)", OPT_PRIO },
- { "chap-max-challenge", o_int, &chap_max_transmits,
- "Set max #xmits for challenge", OPT_PRIO },
- { "chap-interval", o_int, &chap_rechallenge_time,
- "Set interval for rechallenge", OPT_PRIO },
- { "chap-timeout", o_int, &chap_client_timeout_time,
- "Set timeout for CHAP (as client)", OPT_PRIO },
- { "chapms-strip-domain", o_bool, &chapms_strip_domain,
- "Strip the domain prefix before the Username", 1 },
- { NULL }
-};
-
-/*
- * Internal state.
- */
-static struct chap_client_state {
- int flags;
- char *name;
- struct chap_digest_type *digest;
- unsigned char priv[64]; /* private area for digest's use */
-} client;
-
-/*
- * These limits apply to challenge and response packets we send.
- * The +4 is the +1 that we actually need rounded up.
- */
-#define CHAL_MAX_PKTLEN (PPP_HDRLEN + CHAP_HDRLEN + 4 + MAX_CHALLENGE_LEN + MAXNAMELEN)
-#define RESP_MAX_PKTLEN (PPP_HDRLEN + CHAP_HDRLEN + 4 + MAX_RESPONSE_LEN + MAXNAMELEN)
-
-static struct chap_server_state {
- int flags;
- int id;
- char *name;
- struct chap_digest_type *digest;
- int challenge_xmits;
- int challenge_pktlen;
- unsigned char challenge[CHAL_MAX_PKTLEN];
- char message[256];
-} server;
-
-/* Values for flags in chap_client_state and chap_server_state */
-#define LOWERUP 1
-#define AUTH_STARTED 2
-#define AUTH_DONE 4
-#define AUTH_FAILED 8
-#define TIMEOUT_PENDING 0x10
-#define CHALLENGE_VALID 0x20
-
-/*
- * Prototypes.
- */
-static void chap_init(int unit);
-static void chap_lowerup(int unit);
-static void chap_lowerdown(int unit);
-static void chap_server_timeout(void *arg);
-static void chap_client_timeout(void *arg);
-static void chap_generate_challenge(struct chap_server_state *ss);
-static void chap_handle_response(struct chap_server_state *ss, int code,
- unsigned char *pkt, int len);
-static int chap_verify_response(char *name, char *ourname, int id,
- struct chap_digest_type *digest,
- unsigned char *challenge, unsigned char *response,
- char *message, int message_space);
-static void chap_respond(struct chap_client_state *cs, int id,
- unsigned char *pkt, int len);
-static void chap_handle_status(struct chap_client_state *cs, int code, int id,
- unsigned char *pkt, int len);
-static void chap_protrej(int unit);
-static void chap_input(int unit, unsigned char *pkt, int pktlen);
-static int chap_print_pkt(unsigned char *p, int plen,
- void (*printer)(void *, char *, ...), void *arg);
-
-/* List of digest types that we know about */
-static struct chap_digest_type *chap_digests;
-
-/*
- * chap_init - reset to initial state.
- */
-static void
-chap_init(int unit)
-{
- memset(&client, 0, sizeof(client));
- memset(&server, 0, sizeof(server));
-
- chap_md5_init();
-#ifdef CHAPMS
- chapms_init();
-#endif
-}
-
-/*
- * Add a new digest type to the list.
- */
-void
-chap_register_digest(struct chap_digest_type *dp)
-{
- dp->next = chap_digests;
- chap_digests = dp;
-}
-
-/*
- * Lookup a digest type by code
- */
-struct chap_digest_type *
-chap_find_digest(int digest_code) {
- struct chap_digest_type *dp = NULL;
- for (dp = chap_digests; dp != NULL; dp = dp->next)
- if (dp->code == digest_code)
- break;
- return dp;
-}
-
-/*
- * chap_lowerup - we can start doing stuff now.
- */
-static void
-chap_lowerup(int unit)
-{
- struct chap_client_state *cs = &client;
- struct chap_server_state *ss = &server;
-
- cs->flags |= LOWERUP;
- ss->flags |= LOWERUP;
- if (ss->flags & AUTH_STARTED)
- chap_server_timeout(ss);
-}
-
-static void
-chap_lowerdown(int unit)
-{
- struct chap_client_state *cs = &client;
- struct chap_server_state *ss = &server;
-
- if (cs->flags & TIMEOUT_PENDING)
- UNTIMEOUT(chap_client_timeout, cs);
- cs->flags = 0;
- if (ss->flags & TIMEOUT_PENDING)
- UNTIMEOUT(chap_server_timeout, ss);
- ss->flags = 0;
-}
-
-/*
- * chap_auth_peer - Start authenticating the peer.
- * If the lower layer is already up, we start sending challenges,
- * otherwise we wait for the lower layer to come up.
- */
-void
-chap_auth_peer(int unit, char *our_name, int digest_code)
-{
- struct chap_server_state *ss = &server;
- struct chap_digest_type *dp;
-
- if (ss->flags & AUTH_STARTED) {
- error("CHAP: peer authentication already started!");
- return;
- }
-
- dp = chap_find_digest(digest_code);
- if (dp == NULL)
- fatal("CHAP digest 0x%x requested but not available",
- digest_code);
-
- ss->digest = dp;
- ss->name = our_name;
- /* Start with a random ID value */
- ss->id = (unsigned char)(drand48() * 256);
- ss->flags |= AUTH_STARTED;
- if (ss->flags & LOWERUP)
- chap_server_timeout(ss);
-}
-
-/*
- * chap_auth_with_peer - Prepare to authenticate ourselves to the peer.
- * There isn't much to do until we receive a challenge.
- */
-void
-chap_auth_with_peer(int unit, char *our_name, int digest_code)
-{
- struct chap_client_state *cs = &client;
- struct chap_digest_type *dp;
-
- if (cs->flags & AUTH_STARTED) {
- error("CHAP: authentication with peer already started!");
- return;
- }
- for (dp = chap_digests; dp != NULL; dp = dp->next)
- if (dp->code == digest_code)
- break;
- if (dp == NULL)
- fatal("CHAP digest 0x%x requested but not available",
- digest_code);
-
- cs->digest = dp;
- cs->name = our_name;
- cs->flags |= AUTH_STARTED | TIMEOUT_PENDING;
- TIMEOUT(chap_client_timeout, cs, chap_client_timeout_time);
-}
-
-/*
- * chap_server_timeout - It's time to send another challenge to the peer.
- * This could be either a retransmission of a previous challenge,
- * or a new challenge to start re-authentication.
- */
-static void
-chap_server_timeout(void *arg)
-{
- struct chap_server_state *ss = arg;
-
- ss->flags &= ~TIMEOUT_PENDING;
- if ((ss->flags & CHALLENGE_VALID) == 0) {
- ss->challenge_xmits = 0;
- chap_generate_challenge(ss);
- ss->flags |= CHALLENGE_VALID;
- } else if (ss->challenge_xmits >= chap_max_transmits) {
- ss->flags &= ~CHALLENGE_VALID;
- ss->flags |= AUTH_DONE | AUTH_FAILED;
- auth_peer_fail(0, PPP_CHAP);
- return;
- }
-
- output(0, ss->challenge, ss->challenge_pktlen);
- ++ss->challenge_xmits;
- ss->flags |= TIMEOUT_PENDING;
- TIMEOUT(chap_server_timeout, arg, chap_server_timeout_time);
-}
-
-/* chap_client_timeout - Authentication with peer timed out. */
-static void
-chap_client_timeout(void *arg)
-{
- struct chap_client_state *cs = arg;
-
- cs->flags &= ~TIMEOUT_PENDING;
- cs->flags |= AUTH_DONE | AUTH_FAILED;
- error("CHAP authentication timed out");
- auth_withpeer_fail(0, PPP_CHAP);
-}
-
-/*
- * chap_generate_challenge - generate a challenge string and format
- * the challenge packet in ss->challenge_pkt.
- */
-static void
-chap_generate_challenge(struct chap_server_state *ss)
-{
- int clen = 1, nlen, len;
- unsigned char *p;
-
- p = ss->challenge;
- MAKEHEADER(p, PPP_CHAP);
- p += CHAP_HDRLEN;
- ss->digest->generate_challenge(p);
- clen = *p;
- nlen = strlen(ss->name);
- memcpy(p + 1 + clen, ss->name, nlen);
-
- len = CHAP_HDRLEN + 1 + clen + nlen;
- ss->challenge_pktlen = PPP_HDRLEN + len;
-
- p = ss->challenge + PPP_HDRLEN;
- p[0] = CHAP_CHALLENGE;
- p[1] = ++ss->id;
- p[2] = len >> 8;
- p[3] = len;
-}
-
-/*
- * chap_handle_response - check the response to our challenge.
- */
-static void
-chap_handle_response(struct chap_server_state *ss, int id,
- unsigned char *pkt, int len)
-{
- int response_len, ok, mlen;
- unsigned char *response, *p;
- char *name = NULL; /* initialized to shut gcc up */
- int (*verifier)(char *, char *, int, struct chap_digest_type *,
- unsigned char *, unsigned char *, char *, int);
- char rname[MAXNAMELEN+1];
-
- if ((ss->flags & LOWERUP) == 0)
- return;
- if (id != ss->challenge[PPP_HDRLEN+1] || len < 2)
- return;
- if (ss->flags & CHALLENGE_VALID) {
- response = pkt;
- GETCHAR(response_len, pkt);
- len -= response_len + 1; /* length of name */
- name = (char *)pkt + response_len;
- if (len < 0)
- return;
-
- if (ss->flags & TIMEOUT_PENDING) {
- ss->flags &= ~TIMEOUT_PENDING;
- UNTIMEOUT(chap_server_timeout, ss);
- }
-
- if (explicit_remote) {
- name = remote_name;
- } else {
- /* Null terminate and clean remote name. */
- slprintf(rname, sizeof(rname), "%.*v", len, name);
- name = rname;
-
- /* strip the MS domain name */
- if (chapms_strip_domain && strrchr(rname, '\\')) {
- char tmp[MAXNAMELEN+1];
-
- strcpy(tmp, strrchr(rname, '\\') + 1);
- strcpy(rname, tmp);
- }
- }
-
- if (chap_verify_hook)
- verifier = chap_verify_hook;
- else
- verifier = chap_verify_response;
- ok = (*verifier)(name, ss->name, id, ss->digest,
- ss->challenge + PPP_HDRLEN + CHAP_HDRLEN,
- response, ss->message, sizeof(ss->message));
- if (!ok || !auth_number()) {
- ss->flags |= AUTH_FAILED;
- warn("Peer %q failed CHAP authentication", name);
- }
- } else if ((ss->flags & AUTH_DONE) == 0)
- return;
-
- /* send the response */
- p = outpacket_buf;
- MAKEHEADER(p, PPP_CHAP);
- mlen = strlen(ss->message);
- len = CHAP_HDRLEN + mlen;
- p[0] = (ss->flags & AUTH_FAILED)? CHAP_FAILURE: CHAP_SUCCESS;
- p[1] = id;
- p[2] = len >> 8;
- p[3] = len;
- if (mlen > 0)
- memcpy(p + CHAP_HDRLEN, ss->message, mlen);
- output(0, outpacket_buf, PPP_HDRLEN + len);
-
- if (ss->flags & CHALLENGE_VALID) {
- ss->flags &= ~CHALLENGE_VALID;
- if (!(ss->flags & AUTH_DONE) && !(ss->flags & AUTH_FAILED)) {
- /*
- * Auth is OK, so now we need to check session restrictions
- * to ensure everything is OK, but only if we used a
- * plugin, and only if we're configured to check. This
- * allows us to do PAM checks on PPP servers that
- * authenticate against ActiveDirectory, and use AD for
- * account info (like when using Winbind integrated with
- * PAM).
- */
- if (session_mgmt &&
- session_check(name, NULL, devnam, NULL) == 0) {
- ss->flags |= AUTH_FAILED;
- warn("Peer %q failed CHAP Session verification", name);
- }
- }
- if (ss->flags & AUTH_FAILED) {
- auth_peer_fail(0, PPP_CHAP);
- } else {
- if ((ss->flags & AUTH_DONE) == 0)
- auth_peer_success(0, PPP_CHAP,
- ss->digest->code,
- name, strlen(name));
- if (chap_rechallenge_time) {
- ss->flags |= TIMEOUT_PENDING;
- TIMEOUT(chap_server_timeout, ss,
- chap_rechallenge_time);
- }
- }
- ss->flags |= AUTH_DONE;
- }
-}
-
-/*
- * chap_verify_response - check whether the peer's response matches
- * what we think it should be. Returns 1 if it does (authentication
- * succeeded), or 0 if it doesn't.
- */
-static int
-chap_verify_response(char *name, char *ourname, int id,
- struct chap_digest_type *digest,
- unsigned char *challenge, unsigned char *response,
- char *message, int message_space)
-{
- int ok;
- unsigned char secret[MAXSECRETLEN];
- int secret_len;
-
- /* Get the secret that the peer is supposed to know */
- if (!get_secret(0, name, ourname, (char *)secret, &secret_len, 1)) {
- error("No CHAP secret found for authenticating %q", name);
- return 0;
- }
-
- ok = digest->verify_response(id, name, secret, secret_len, challenge,
- response, message, message_space);
- memset(secret, 0, sizeof(secret));
-
- return ok;
-}
-
-/*
- * chap_respond - Generate and send a response to a challenge.
- */
-static void
-chap_respond(struct chap_client_state *cs, int id,
- unsigned char *pkt, int len)
-{
- int clen, nlen;
- int secret_len;
- unsigned char *p;
- unsigned char response[RESP_MAX_PKTLEN];
- char rname[MAXNAMELEN+1];
- char secret[MAXSECRETLEN+1];
-
- if ((cs->flags & (LOWERUP | AUTH_STARTED)) != (LOWERUP | AUTH_STARTED))
- return; /* not ready */
- if (len < 2 || len < pkt[0] + 1)
- return; /* too short */
- clen = pkt[0];
- nlen = len - (clen + 1);
-
- /* Null terminate and clean remote name. */
- slprintf(rname, sizeof(rname), "%.*v", nlen, pkt + clen + 1);
-
- /* Microsoft doesn't send their name back in the PPP packet */
- if (explicit_remote || (remote_name[0] != 0 && rname[0] == 0))
- strlcpy(rname, remote_name, sizeof(rname));
-
- /* get secret for authenticating ourselves with the specified host */
- if (!get_secret(0, cs->name, rname, secret, &secret_len, 0)) {
- secret_len = 0; /* assume null secret if can't find one */
- warn("No CHAP secret found for authenticating us to %q", rname);
- }
-
- p = response;
- MAKEHEADER(p, PPP_CHAP);
- p += CHAP_HDRLEN;
-
- cs->digest->make_response(p, id, cs->name, pkt,
- secret, secret_len, cs->priv);
- memset(secret, 0, secret_len);
-
- clen = *p;
- nlen = strlen(cs->name);
- memcpy(p + clen + 1, cs->name, nlen);
-
- p = response + PPP_HDRLEN;
- len = CHAP_HDRLEN + clen + 1 + nlen;
- p[0] = CHAP_RESPONSE;
- p[1] = id;
- p[2] = len >> 8;
- p[3] = len;
-
- output(0, response, PPP_HDRLEN + len);
-}
-
-static void
-chap_handle_status(struct chap_client_state *cs, int code, int id,
- unsigned char *pkt, int len)
-{
- const char *msg = NULL;
-
- if ((cs->flags & (AUTH_DONE|AUTH_STARTED|LOWERUP))
- != (AUTH_STARTED|LOWERUP))
- return;
- cs->flags |= AUTH_DONE;
-
- UNTIMEOUT(chap_client_timeout, cs);
- cs->flags &= ~TIMEOUT_PENDING;
-
- if (code == CHAP_SUCCESS) {
- /* used for MS-CHAP v2 mutual auth, yuck */
- if (cs->digest->check_success != NULL) {
- if (!(*cs->digest->check_success)(id, pkt, len))
- code = CHAP_FAILURE;
- } else
- msg = "CHAP authentication succeeded";
- } else {
- if (cs->digest->handle_failure != NULL)
- (*cs->digest->handle_failure)(pkt, len);
- else
- msg = "CHAP authentication failed";
- }
- if (msg) {
- if (len > 0)
- info("%s: %.*v", msg, len, pkt);
- else
- info("%s", msg);
- }
- if (code == CHAP_SUCCESS)
- auth_withpeer_success(0, PPP_CHAP, cs->digest->code);
- else {
- cs->flags |= AUTH_FAILED;
- error("CHAP authentication failed");
- auth_withpeer_fail(0, PPP_CHAP);
- }
-}
-
-static void
-chap_input(int unit, unsigned char *pkt, int pktlen)
-{
- struct chap_client_state *cs = &client;
- struct chap_server_state *ss = &server;
- unsigned char code, id;
- int len;
-
- if (pktlen < CHAP_HDRLEN)
- return;
- GETCHAR(code, pkt);
- GETCHAR(id, pkt);
- GETSHORT(len, pkt);
- if (len < CHAP_HDRLEN || len > pktlen)
- return;
- len -= CHAP_HDRLEN;
-
- switch (code) {
- case CHAP_CHALLENGE:
- chap_respond(cs, id, pkt, len);
- break;
- case CHAP_RESPONSE:
- chap_handle_response(ss, id, pkt, len);
- break;
- case CHAP_FAILURE:
- case CHAP_SUCCESS:
- chap_handle_status(cs, code, id, pkt, len);
- break;
- }
-}
-
-static void
-chap_protrej(int unit)
-{
- struct chap_client_state *cs = &client;
- struct chap_server_state *ss = &server;
-
- if (ss->flags & TIMEOUT_PENDING) {
- ss->flags &= ~TIMEOUT_PENDING;
- UNTIMEOUT(chap_server_timeout, ss);
- }
- if (ss->flags & AUTH_STARTED) {
- ss->flags = 0;
- auth_peer_fail(0, PPP_CHAP);
- }
- if ((cs->flags & (AUTH_STARTED|AUTH_DONE)) == AUTH_STARTED) {
- cs->flags &= ~AUTH_STARTED;
- error("CHAP authentication failed due to protocol-reject");
- auth_withpeer_fail(0, PPP_CHAP);
- }
-}
-
-/*
- * chap_print_pkt - print the contents of a CHAP packet.
- */
-static char *chap_code_names[] = {
- "Challenge", "Response", "Success", "Failure"
-};
-
-static int
-chap_print_pkt(unsigned char *p, int plen,
- void (*printer)(void *, char *, ...), void *arg)
-{
- int code, id, len;
- int clen, nlen;
- unsigned char x;
-
- if (plen < CHAP_HDRLEN)
- return 0;
- GETCHAR(code, p);
- GETCHAR(id, p);
- GETSHORT(len, p);
- if (len < CHAP_HDRLEN || len > plen)
- return 0;
-
- if (code >= 1 && code <= sizeof(chap_code_names) / sizeof(char *))
- printer(arg, " %s", chap_code_names[code-1]);
- else
- printer(arg, " code=0x%x", code);
- printer(arg, " id=0x%x", id);
- len -= CHAP_HDRLEN;
- switch (code) {
- case CHAP_CHALLENGE:
- case CHAP_RESPONSE:
- if (len < 1)
- break;
- clen = p[0];
- if (len < clen + 1)
- break;
- ++p;
- nlen = len - clen - 1;
- printer(arg, " <");
- for (; clen > 0; --clen) {
- GETCHAR(x, p);
- printer(arg, "%.2x", x);
- }
- printer(arg, ">, name = ");
- print_string((char *)p, nlen, printer, arg);
- break;
- case CHAP_FAILURE:
- case CHAP_SUCCESS:
- printer(arg, " ");
- print_string((char *)p, len, printer, arg);
- break;
- default:
- for (clen = len; clen > 0; --clen) {
- GETCHAR(x, p);
- printer(arg, " %.2x", x);
- }
- }
-
- return len + CHAP_HDRLEN;
-}
-
-struct protent chap_protent = {
- PPP_CHAP,
- chap_init,
- chap_input,
- chap_protrej,
- chap_lowerup,
- chap_lowerdown,
- NULL, /* open */
- NULL, /* close */
- chap_print_pkt,
- NULL, /* datainput */
- 1, /* enabled_flag */
- "CHAP", /* name */
- NULL, /* data_name */
- chap_option_list,
- NULL, /* check_options */
-};
+++ /dev/null
-/*
- * chap-new.c - New CHAP implementation.
- *
- * Copyright (c) 2003 Paul Mackerras. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. The name(s) of the authors of this software must not be used to
- * endorse or promote products derived from this software without
- * prior written permission.
- *
- * 3. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
- *
- * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
- * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
- * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
- * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
- * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include "pppdconf.h"
-
-/*
- * CHAP packets begin with a standard header with code, id, len (2 bytes).
- */
-#define CHAP_HDRLEN 4
-
-/*
- * Values for the code field.
- */
-#define CHAP_CHALLENGE 1
-#define CHAP_RESPONSE 2
-#define CHAP_SUCCESS 3
-#define CHAP_FAILURE 4
-
-/*
- * CHAP digest codes.
- */
-#define CHAP_MD5 5
-#define CHAP_MICROSOFT 0x80
-#define CHAP_MICROSOFT_V2 0x81
-
-/*
- * Semi-arbitrary limits on challenge and response fields.
- */
-#define MAX_CHALLENGE_LEN 64
-#define MAX_RESPONSE_LEN 64
-
-/* bitmask of supported algorithms */
-#define MDTYPE_MICROSOFT_V2 0x1
-#define MDTYPE_MICROSOFT 0x2
-#define MDTYPE_MD5 0x4
-#define MDTYPE_NONE 0
-
-/* hashes supported by this instance of pppd */
-extern int chap_mdtype_all;
-
-/* Return the digest alg. ID for the most preferred digest type. */
-#define CHAP_DIGEST(mdtype) \
- ((mdtype) & MDTYPE_MD5)? CHAP_MD5: \
- ((mdtype) & MDTYPE_MICROSOFT_V2)? CHAP_MICROSOFT_V2: \
- ((mdtype) & MDTYPE_MICROSOFT)? CHAP_MICROSOFT: \
- 0
-
-/* Return the bit flag (lsb set) for our most preferred digest type. */
-#define CHAP_MDTYPE(mdtype) ((mdtype) ^ ((mdtype) - 1)) & (mdtype)
-
-/* Return the bit flag for a given digest algorithm ID. */
-#define CHAP_MDTYPE_D(digest) \
- ((digest) == CHAP_MICROSOFT_V2)? MDTYPE_MICROSOFT_V2: \
- ((digest) == CHAP_MICROSOFT)? MDTYPE_MICROSOFT: \
- ((digest) == CHAP_MD5)? MDTYPE_MD5: \
- 0
-
-/* Can we do the requested digest? */
-#define CHAP_CANDIGEST(mdtype, digest) \
- ((digest) == CHAP_MICROSOFT_V2)? (mdtype) & MDTYPE_MICROSOFT_V2: \
- ((digest) == CHAP_MICROSOFT)? (mdtype) & MDTYPE_MICROSOFT: \
- ((digest) == CHAP_MD5)? (mdtype) & MDTYPE_MD5: \
- 0
-
-/*
- * The code for each digest type has to supply one of these.
- */
-struct chap_digest_type {
- int code;
-
- /*
- * Note: challenge and response arguments below are formatted as
- * a length byte followed by the actual challenge/response data.
- */
- void (*generate_challenge)(unsigned char *challenge);
- int (*verify_response)(int id, char *name,
- unsigned char *secret, int secret_len,
- unsigned char *challenge, unsigned char *response,
- char *message, int message_space);
- void (*make_response)(unsigned char *response, int id, char *our_name,
- unsigned char *challenge, char *secret, int secret_len,
- unsigned char *priv);
- int (*check_success)(int id, unsigned char *pkt, int len);
- void (*handle_failure)(unsigned char *pkt, int len);
-
- struct chap_digest_type *next;
-};
-
-/* Hook for a plugin to validate CHAP challenge */
-extern int (*chap_verify_hook)(char *name, char *ourname, int id,
- struct chap_digest_type *digest,
- unsigned char *challenge, unsigned char *response,
- char *message, int message_space);
-
-/* Called by digest code to register a digest type */
-extern void chap_register_digest(struct chap_digest_type *);
-
-/* Lookup a digest handler by type */
-extern struct chap_digest_type *chap_find_digest(int digest_code);
-
-/* Called by authentication code to start authenticating the peer. */
-extern void chap_auth_peer(int unit, char *our_name, int digest_code);
-
-/* Called by auth. code to start authenticating us to the peer. */
-extern void chap_auth_with_peer(int unit, char *our_name, int digest_code);
-
-/* Represents the CHAP protocol to the main pppd code */
-extern struct protent chap_protent;
--- /dev/null
+/*
+ * chap-new.c - New CHAP implementation.
+ *
+ * Copyright (c) 2003 Paul Mackerras. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * 3. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by Paul Mackerras
+ * <paulus@ozlabs.org>".
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#define RCSID "$Id: chap-new.c,v 1.9 2007/06/19 02:08:35 carlsonj Exp $"
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <stdlib.h>
+#include <string.h>
+#include "pppd-private.h"
+#include "options.h"
+#include "session.h"
+#include "chap.h"
+#include "chap-md5.h"
+
+#ifdef PPP_WITH_CHAPMS
+#include "chap_ms.h"
+#define MDTYPE_ALL (MDTYPE_MICROSOFT_V2 | MDTYPE_MICROSOFT | MDTYPE_MD5)
+#else
+#define MDTYPE_ALL (MDTYPE_MD5)
+#endif
+
+int chap_mdtype_all = MDTYPE_ALL;
+
+/* Hook for a plugin to validate CHAP challenge */
+chap_verify_hook_fn *chap_verify_hook = NULL;
+
+/*
+ * Option variables.
+ */
+int chap_server_timeout_time = 3;
+int chap_max_transmits = 10;
+int chap_rechallenge_time = 0;
+int chap_client_timeout_time = 60;
+int chapms_strip_domain = 0;
+
+/*
+ * Command-line options.
+ */
+static struct option chap_option_list[] = {
+ { "chap-restart", o_int, &chap_server_timeout_time,
+ "Set timeout for CHAP (as server)", OPT_PRIO },
+ { "chap-max-challenge", o_int, &chap_max_transmits,
+ "Set max #xmits for challenge", OPT_PRIO },
+ { "chap-interval", o_int, &chap_rechallenge_time,
+ "Set interval for rechallenge", OPT_PRIO },
+ { "chap-timeout", o_int, &chap_client_timeout_time,
+ "Set timeout for CHAP (as client)", OPT_PRIO },
+ { "chapms-strip-domain", o_bool, &chapms_strip_domain,
+ "Strip the domain prefix before the Username", 1 },
+ { NULL }
+};
+
+/*
+ * Internal state.
+ */
+static struct chap_client_state {
+ int flags;
+ char *name;
+ struct chap_digest_type *digest;
+ unsigned char priv[64]; /* private area for digest's use */
+} client;
+
+/*
+ * These limits apply to challenge and response packets we send.
+ * The +4 is the +1 that we actually need rounded up.
+ */
+#define CHAL_MAX_PKTLEN (PPP_HDRLEN + CHAP_HDRLEN + 4 + MAX_CHALLENGE_LEN + MAXNAMELEN)
+#define RESP_MAX_PKTLEN (PPP_HDRLEN + CHAP_HDRLEN + 4 + MAX_RESPONSE_LEN + MAXNAMELEN)
+
+static struct chap_server_state {
+ int flags;
+ int id;
+ char *name;
+ struct chap_digest_type *digest;
+ int challenge_xmits;
+ int challenge_pktlen;
+ unsigned char challenge[CHAL_MAX_PKTLEN];
+ char message[256];
+} server;
+
+/* Values for flags in chap_client_state and chap_server_state */
+#define LOWERUP 1
+#define AUTH_STARTED 2
+#define AUTH_DONE 4
+#define AUTH_FAILED 8
+#define TIMEOUT_PENDING 0x10
+#define CHALLENGE_VALID 0x20
+
+/*
+ * Prototypes.
+ */
+static void chap_init(int unit);
+static void chap_lowerup(int unit);
+static void chap_lowerdown(int unit);
+static void chap_server_timeout(void *arg);
+static void chap_client_timeout(void *arg);
+static void chap_generate_challenge(struct chap_server_state *ss);
+static void chap_handle_response(struct chap_server_state *ss, int code,
+ unsigned char *pkt, int len);
+static chap_verify_hook_fn chap_verify_response;
+static void chap_respond(struct chap_client_state *cs, int id,
+ unsigned char *pkt, int len);
+static void chap_handle_status(struct chap_client_state *cs, int code, int id,
+ unsigned char *pkt, int len);
+static void chap_protrej(int unit);
+static void chap_input(int unit, unsigned char *pkt, int pktlen);
+static int chap_print_pkt(unsigned char *p, int plen,
+ void (*printer)(void *, char *, ...), void *arg);
+
+/* List of digest types that we know about */
+static struct chap_digest_type *chap_digests;
+
+/*
+ * chap_init - reset to initial state.
+ */
+static void
+chap_init(int unit)
+{
+ memset(&client, 0, sizeof(client));
+ memset(&server, 0, sizeof(server));
+
+ chap_md5_init();
+#ifdef PPP_WITH_CHAPMS
+ chapms_init();
+#endif
+}
+
+/*
+ * Add a new digest type to the list.
+ */
+void
+chap_register_digest(struct chap_digest_type *dp)
+{
+ dp->next = chap_digests;
+ chap_digests = dp;
+}
+
+/*
+ * Lookup a digest type by code
+ */
+struct chap_digest_type *
+chap_find_digest(int digest_code) {
+ struct chap_digest_type *dp = NULL;
+ for (dp = chap_digests; dp != NULL; dp = dp->next)
+ if (dp->code == digest_code)
+ break;
+ return dp;
+}
+
+/*
+ * chap_lowerup - we can start doing stuff now.
+ */
+static void
+chap_lowerup(int unit)
+{
+ struct chap_client_state *cs = &client;
+ struct chap_server_state *ss = &server;
+
+ cs->flags |= LOWERUP;
+ ss->flags |= LOWERUP;
+ if (ss->flags & AUTH_STARTED)
+ chap_server_timeout(ss);
+}
+
+static void
+chap_lowerdown(int unit)
+{
+ struct chap_client_state *cs = &client;
+ struct chap_server_state *ss = &server;
+
+ if (cs->flags & TIMEOUT_PENDING)
+ UNTIMEOUT(chap_client_timeout, cs);
+ cs->flags = 0;
+ if (ss->flags & TIMEOUT_PENDING)
+ UNTIMEOUT(chap_server_timeout, ss);
+ ss->flags = 0;
+}
+
+/*
+ * chap_auth_peer - Start authenticating the peer.
+ * If the lower layer is already up, we start sending challenges,
+ * otherwise we wait for the lower layer to come up.
+ */
+void
+chap_auth_peer(int unit, char *our_name, int digest_code)
+{
+ struct chap_server_state *ss = &server;
+ struct chap_digest_type *dp;
+
+ if (ss->flags & AUTH_STARTED) {
+ error("CHAP: peer authentication already started!");
+ return;
+ }
+
+ dp = chap_find_digest(digest_code);
+ if (dp == NULL)
+ fatal("CHAP digest 0x%x requested but not available",
+ digest_code);
+
+ ss->digest = dp;
+ ss->name = our_name;
+ /* Start with a random ID value */
+ ss->id = (unsigned char)(drand48() * 256);
+ ss->flags |= AUTH_STARTED;
+ if (ss->flags & LOWERUP)
+ chap_server_timeout(ss);
+}
+
+/*
+ * chap_auth_with_peer - Prepare to authenticate ourselves to the peer.
+ * There isn't much to do until we receive a challenge.
+ */
+void
+chap_auth_with_peer(int unit, char *our_name, int digest_code)
+{
+ struct chap_client_state *cs = &client;
+ struct chap_digest_type *dp;
+
+ if (cs->flags & AUTH_STARTED) {
+ error("CHAP: authentication with peer already started!");
+ return;
+ }
+ for (dp = chap_digests; dp != NULL; dp = dp->next)
+ if (dp->code == digest_code)
+ break;
+ if (dp == NULL)
+ fatal("CHAP digest 0x%x requested but not available",
+ digest_code);
+
+ cs->digest = dp;
+ cs->name = our_name;
+ cs->flags |= AUTH_STARTED | TIMEOUT_PENDING;
+ TIMEOUT(chap_client_timeout, cs, chap_client_timeout_time);
+}
+
+/*
+ * chap_server_timeout - It's time to send another challenge to the peer.
+ * This could be either a retransmission of a previous challenge,
+ * or a new challenge to start re-authentication.
+ */
+static void
+chap_server_timeout(void *arg)
+{
+ struct chap_server_state *ss = arg;
+
+ ss->flags &= ~TIMEOUT_PENDING;
+ if ((ss->flags & CHALLENGE_VALID) == 0) {
+ ss->challenge_xmits = 0;
+ chap_generate_challenge(ss);
+ ss->flags |= CHALLENGE_VALID;
+ } else if (ss->challenge_xmits >= chap_max_transmits) {
+ ss->flags &= ~CHALLENGE_VALID;
+ ss->flags |= AUTH_DONE | AUTH_FAILED;
+ auth_peer_fail(0, PPP_CHAP);
+ return;
+ }
+
+ output(0, ss->challenge, ss->challenge_pktlen);
+ ++ss->challenge_xmits;
+ ss->flags |= TIMEOUT_PENDING;
+ TIMEOUT(chap_server_timeout, arg, chap_server_timeout_time);
+}
+
+/* chap_client_timeout - Authentication with peer timed out. */
+static void
+chap_client_timeout(void *arg)
+{
+ struct chap_client_state *cs = arg;
+
+ cs->flags &= ~TIMEOUT_PENDING;
+ cs->flags |= AUTH_DONE | AUTH_FAILED;
+ error("CHAP authentication timed out");
+ auth_withpeer_fail(0, PPP_CHAP);
+}
+
+/*
+ * chap_generate_challenge - generate a challenge string and format
+ * the challenge packet in ss->challenge_pkt.
+ */
+static void
+chap_generate_challenge(struct chap_server_state *ss)
+{
+ int clen = 1, nlen, len;
+ unsigned char *p;
+
+ p = ss->challenge;
+ MAKEHEADER(p, PPP_CHAP);
+ p += CHAP_HDRLEN;
+ ss->digest->generate_challenge(p);
+ clen = *p;
+ nlen = strlen(ss->name);
+ memcpy(p + 1 + clen, ss->name, nlen);
+
+ len = CHAP_HDRLEN + 1 + clen + nlen;
+ ss->challenge_pktlen = PPP_HDRLEN + len;
+
+ p = ss->challenge + PPP_HDRLEN;
+ p[0] = CHAP_CHALLENGE;
+ p[1] = ++ss->id;
+ p[2] = len >> 8;
+ p[3] = len;
+}
+
+/*
+ * chap_handle_response - check the response to our challenge.
+ */
+static void
+chap_handle_response(struct chap_server_state *ss, int id,
+ unsigned char *pkt, int len)
+{
+ int response_len, ok, mlen;
+ unsigned char *response, *p;
+ char *name = NULL;
+ chap_verify_hook_fn *verifier;
+ char rname[MAXNAMELEN+1];
+
+ if ((ss->flags & LOWERUP) == 0)
+ return;
+ if (id != ss->challenge[PPP_HDRLEN+1] || len < 2)
+ return;
+ if (ss->flags & CHALLENGE_VALID) {
+ response = pkt;
+ GETCHAR(response_len, pkt);
+ len -= response_len + 1; /* length of name */
+ name = (char *)pkt + response_len;
+ if (len < 0)
+ return;
+
+ if (ss->flags & TIMEOUT_PENDING) {
+ ss->flags &= ~TIMEOUT_PENDING;
+ UNTIMEOUT(chap_server_timeout, ss);
+ }
+
+ if (explicit_remote) {
+ name = remote_name;
+ } else {
+ /* Null terminate and clean remote name. */
+ slprintf(rname, sizeof(rname), "%.*v", len, name);
+ name = rname;
+
+ /* strip the MS domain name */
+ if (chapms_strip_domain && strrchr(rname, '\\')) {
+ char tmp[MAXNAMELEN+1];
+
+ strcpy(tmp, strrchr(rname, '\\') + 1);
+ strcpy(rname, tmp);
+ }
+ }
+
+ if (chap_verify_hook)
+ verifier = chap_verify_hook;
+ else
+ verifier = chap_verify_response;
+ ok = (*verifier)(name, ss->name, id, ss->digest,
+ ss->challenge + PPP_HDRLEN + CHAP_HDRLEN,
+ response, ss->message, sizeof(ss->message));
+ if (!ok || !auth_number()) {
+ ss->flags |= AUTH_FAILED;
+ warn("Peer %q failed CHAP authentication", name);
+ }
+ } else if ((ss->flags & AUTH_DONE) == 0)
+ return;
+
+ /* send the response */
+ p = outpacket_buf;
+ MAKEHEADER(p, PPP_CHAP);
+ mlen = strlen(ss->message);
+ len = CHAP_HDRLEN + mlen;
+ p[0] = (ss->flags & AUTH_FAILED)? CHAP_FAILURE: CHAP_SUCCESS;
+ p[1] = id;
+ p[2] = len >> 8;
+ p[3] = len;
+ if (mlen > 0)
+ memcpy(p + CHAP_HDRLEN, ss->message, mlen);
+ output(0, outpacket_buf, PPP_HDRLEN + len);
+
+ if (ss->flags & CHALLENGE_VALID) {
+ ss->flags &= ~CHALLENGE_VALID;
+ if (!(ss->flags & AUTH_DONE) && !(ss->flags & AUTH_FAILED)) {
+ /*
+ * Auth is OK, so now we need to check session restrictions
+ * to ensure everything is OK, but only if we used a
+ * plugin, and only if we're configured to check. This
+ * allows us to do PAM checks on PPP servers that
+ * authenticate against ActiveDirectory, and use AD for
+ * account info (like when using Winbind integrated with
+ * PAM).
+ */
+ if (session_mgmt &&
+ session_check(name, NULL, devnam, NULL) == 0) {
+ ss->flags |= AUTH_FAILED;
+ warn("Peer %q failed CHAP Session verification", name);
+ }
+ }
+ if (ss->flags & AUTH_FAILED) {
+ auth_peer_fail(0, PPP_CHAP);
+ } else {
+ if ((ss->flags & AUTH_DONE) == 0)
+ auth_peer_success(0, PPP_CHAP,
+ ss->digest->code,
+ name, strlen(name));
+ if (chap_rechallenge_time) {
+ ss->flags |= TIMEOUT_PENDING;
+ TIMEOUT(chap_server_timeout, ss,
+ chap_rechallenge_time);
+ }
+ }
+ ss->flags |= AUTH_DONE;
+ }
+}
+
+/*
+ * chap_verify_response - check whether the peer's response matches
+ * what we think it should be. Returns 1 if it does (authentication
+ * succeeded), or 0 if it doesn't.
+ */
+static int
+chap_verify_response(char *name, char *ourname, int id,
+ struct chap_digest_type *digest,
+ unsigned char *challenge, unsigned char *response,
+ char *message, int message_space)
+{
+ int ok;
+ unsigned char secret[MAXSECRETLEN];
+ int secret_len;
+
+ /* Get the secret that the peer is supposed to know */
+ if (!get_secret(0, name, ourname, (char *)secret, &secret_len, 1)) {
+ error("No CHAP secret found for authenticating %q", name);
+ return 0;
+ }
+
+ ok = digest->verify_response(id, name, secret, secret_len, challenge,
+ response, message, message_space);
+ memset(secret, 0, sizeof(secret));
+
+ return ok;
+}
+
+/*
+ * chap_respond - Generate and send a response to a challenge.
+ */
+static void
+chap_respond(struct chap_client_state *cs, int id,
+ unsigned char *pkt, int len)
+{
+ int clen, nlen;
+ int secret_len;
+ unsigned char *p;
+ unsigned char response[RESP_MAX_PKTLEN];
+ char rname[MAXNAMELEN+1];
+ char secret[MAXSECRETLEN+1];
+
+ if ((cs->flags & (LOWERUP | AUTH_STARTED)) != (LOWERUP | AUTH_STARTED))
+ return; /* not ready */
+ if (len < 2 || len < pkt[0] + 1)
+ return; /* too short */
+ clen = pkt[0];
+ nlen = len - (clen + 1);
+
+ /* Null terminate and clean remote name. */
+ slprintf(rname, sizeof(rname), "%.*v", nlen, pkt + clen + 1);
+
+ /* Microsoft doesn't send their name back in the PPP packet */
+ if (explicit_remote || (remote_name[0] != 0 && rname[0] == 0))
+ strlcpy(rname, remote_name, sizeof(rname));
+
+ /* get secret for authenticating ourselves with the specified host */
+ if (!get_secret(0, cs->name, rname, secret, &secret_len, 0)) {
+ secret_len = 0; /* assume null secret if can't find one */
+ warn("No CHAP secret found for authenticating us to %q", rname);
+ }
+
+ p = response;
+ MAKEHEADER(p, PPP_CHAP);
+ p += CHAP_HDRLEN;
+
+ cs->digest->make_response(p, id, cs->name, pkt,
+ secret, secret_len, cs->priv);
+ memset(secret, 0, secret_len);
+
+ clen = *p;
+ nlen = strlen(cs->name);
+ memcpy(p + clen + 1, cs->name, nlen);
+
+ p = response + PPP_HDRLEN;
+ len = CHAP_HDRLEN + clen + 1 + nlen;
+ p[0] = CHAP_RESPONSE;
+ p[1] = id;
+ p[2] = len >> 8;
+ p[3] = len;
+
+ output(0, response, PPP_HDRLEN + len);
+}
+
+static void
+chap_handle_status(struct chap_client_state *cs, int code, int id,
+ unsigned char *pkt, int len)
+{
+ const char *msg = NULL;
+
+ if ((cs->flags & (AUTH_DONE|AUTH_STARTED|LOWERUP))
+ != (AUTH_STARTED|LOWERUP))
+ return;
+ cs->flags |= AUTH_DONE;
+
+ UNTIMEOUT(chap_client_timeout, cs);
+ cs->flags &= ~TIMEOUT_PENDING;
+
+ if (code == CHAP_SUCCESS) {
+ /* used for MS-CHAP v2 mutual auth, yuck */
+ if (cs->digest->check_success != NULL) {
+ if (!(*cs->digest->check_success)(id, pkt, len))
+ code = CHAP_FAILURE;
+ } else
+ msg = "CHAP authentication succeeded";
+ } else {
+ if (cs->digest->handle_failure != NULL)
+ (*cs->digest->handle_failure)(pkt, len);
+ else
+ msg = "CHAP authentication failed";
+ }
+ if (msg) {
+ if (len > 0)
+ info("%s: %.*v", msg, len, pkt);
+ else
+ info("%s", msg);
+ }
+ if (code == CHAP_SUCCESS)
+ auth_withpeer_success(0, PPP_CHAP, cs->digest->code);
+ else {
+ cs->flags |= AUTH_FAILED;
+ error("CHAP authentication failed");
+ auth_withpeer_fail(0, PPP_CHAP);
+ }
+}
+
+static void
+chap_input(int unit, unsigned char *pkt, int pktlen)
+{
+ struct chap_client_state *cs = &client;
+ struct chap_server_state *ss = &server;
+ unsigned char code, id;
+ int len;
+
+ if (pktlen < CHAP_HDRLEN)
+ return;
+ GETCHAR(code, pkt);
+ GETCHAR(id, pkt);
+ GETSHORT(len, pkt);
+ if (len < CHAP_HDRLEN || len > pktlen)
+ return;
+ len -= CHAP_HDRLEN;
+
+ switch (code) {
+ case CHAP_CHALLENGE:
+ chap_respond(cs, id, pkt, len);
+ break;
+ case CHAP_RESPONSE:
+ chap_handle_response(ss, id, pkt, len);
+ break;
+ case CHAP_FAILURE:
+ case CHAP_SUCCESS:
+ chap_handle_status(cs, code, id, pkt, len);
+ break;
+ }
+}
+
+static void
+chap_protrej(int unit)
+{
+ struct chap_client_state *cs = &client;
+ struct chap_server_state *ss = &server;
+
+ if (ss->flags & TIMEOUT_PENDING) {
+ ss->flags &= ~TIMEOUT_PENDING;
+ UNTIMEOUT(chap_server_timeout, ss);
+ }
+ if (ss->flags & AUTH_STARTED) {
+ ss->flags = 0;
+ auth_peer_fail(0, PPP_CHAP);
+ }
+ if ((cs->flags & (AUTH_STARTED|AUTH_DONE)) == AUTH_STARTED) {
+ cs->flags &= ~AUTH_STARTED;
+ error("CHAP authentication failed due to protocol-reject");
+ auth_withpeer_fail(0, PPP_CHAP);
+ }
+}
+
+/*
+ * chap_print_pkt - print the contents of a CHAP packet.
+ */
+static char *chap_code_names[] = {
+ "Challenge", "Response", "Success", "Failure"
+};
+
+static int
+chap_print_pkt(unsigned char *p, int plen,
+ void (*printer)(void *, char *, ...), void *arg)
+{
+ int code, id, len;
+ int clen, nlen;
+ unsigned char x;
+
+ if (plen < CHAP_HDRLEN)
+ return 0;
+ GETCHAR(code, p);
+ GETCHAR(id, p);
+ GETSHORT(len, p);
+ if (len < CHAP_HDRLEN || len > plen)
+ return 0;
+
+ if (code >= 1 && code <= sizeof(chap_code_names) / sizeof(char *))
+ printer(arg, " %s", chap_code_names[code-1]);
+ else
+ printer(arg, " code=0x%x", code);
+ printer(arg, " id=0x%x", id);
+ len -= CHAP_HDRLEN;
+ switch (code) {
+ case CHAP_CHALLENGE:
+ case CHAP_RESPONSE:
+ if (len < 1)
+ break;
+ clen = p[0];
+ if (len < clen + 1)
+ break;
+ ++p;
+ nlen = len - clen - 1;
+ printer(arg, " <");
+ for (; clen > 0; --clen) {
+ GETCHAR(x, p);
+ printer(arg, "%.2x", x);
+ }
+ printer(arg, ">, name = ");
+ print_string((char *)p, nlen, printer, arg);
+ break;
+ case CHAP_FAILURE:
+ case CHAP_SUCCESS:
+ printer(arg, " ");
+ print_string((char *)p, len, printer, arg);
+ break;
+ default:
+ for (clen = len; clen > 0; --clen) {
+ GETCHAR(x, p);
+ printer(arg, " %.2x", x);
+ }
+ }
+
+ return len + CHAP_HDRLEN;
+}
+
+struct protent chap_protent = {
+ PPP_CHAP,
+ chap_init,
+ chap_input,
+ chap_protrej,
+ chap_lowerup,
+ chap_lowerdown,
+ NULL, /* open */
+ NULL, /* close */
+ chap_print_pkt,
+ NULL, /* datainput */
+ 1, /* enabled_flag */
+ "CHAP", /* name */
+ NULL, /* data_name */
+ chap_option_list,
+ NULL, /* check_options */
+};
--- /dev/null
+/*
+ * chap-new.c - New CHAP implementation.
+ *
+ * Copyright (c) 2003 Paul Mackerras. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * 3. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by Paul Mackerras
+ * <paulus@ozlabs.org>".
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef PPP_CHAP_NEW_H
+#define PPP_CHAP_NEW_H
+
+#include "pppdconf.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * CHAP packets begin with a standard header with code, id, len (2 bytes).
+ */
+#define CHAP_HDRLEN 4
+
+/*
+ * Values for the code field.
+ */
+#define CHAP_CHALLENGE 1
+#define CHAP_RESPONSE 2
+#define CHAP_SUCCESS 3
+#define CHAP_FAILURE 4
+
+/*
+ * CHAP digest codes.
+ */
+#define CHAP_MD5 5
+#define CHAP_MICROSOFT 0x80
+#define CHAP_MICROSOFT_V2 0x81
+
+/*
+ * Semi-arbitrary limits on challenge and response fields.
+ */
+#define MAX_CHALLENGE_LEN 64
+#define MAX_RESPONSE_LEN 64
+
+/* bitmask of supported algorithms */
+#define MDTYPE_MICROSOFT_V2 0x1
+#define MDTYPE_MICROSOFT 0x2
+#define MDTYPE_MD5 0x4
+#define MDTYPE_NONE 0
+
+/* hashes supported by this instance of pppd */
+extern int chap_mdtype_all;
+
+/* Return the digest alg. ID for the most preferred digest type. */
+#define CHAP_DIGEST(mdtype) \
+ ((mdtype) & MDTYPE_MD5)? CHAP_MD5: \
+ ((mdtype) & MDTYPE_MICROSOFT_V2)? CHAP_MICROSOFT_V2: \
+ ((mdtype) & MDTYPE_MICROSOFT)? CHAP_MICROSOFT: \
+ 0
+
+/* Return the bit flag (lsb set) for our most preferred digest type. */
+#define CHAP_MDTYPE(mdtype) ((mdtype) ^ ((mdtype) - 1)) & (mdtype)
+
+/* Return the bit flag for a given digest algorithm ID. */
+#define CHAP_MDTYPE_D(digest) \
+ ((digest) == CHAP_MICROSOFT_V2)? MDTYPE_MICROSOFT_V2: \
+ ((digest) == CHAP_MICROSOFT)? MDTYPE_MICROSOFT: \
+ ((digest) == CHAP_MD5)? MDTYPE_MD5: \
+ 0
+
+/* Can we do the requested digest? */
+#define CHAP_CANDIGEST(mdtype, digest) \
+ ((digest) == CHAP_MICROSOFT_V2)? (mdtype) & MDTYPE_MICROSOFT_V2: \
+ ((digest) == CHAP_MICROSOFT)? (mdtype) & MDTYPE_MICROSOFT: \
+ ((digest) == CHAP_MD5)? (mdtype) & MDTYPE_MD5: \
+ 0
+
+
+/*
+ * The code for each digest type has to supply one of these.
+ */
+struct chap_digest_type {
+ int code;
+
+ /*
+ * Note: challenge and response arguments below are formatted as
+ * a length byte followed by the actual challenge/response data.
+ */
+ void (*generate_challenge)(unsigned char *challenge);
+ int (*verify_response)(int id, char *name,
+ unsigned char *secret, int secret_len,
+ unsigned char *challenge, unsigned char *response,
+ char *message, int message_space);
+ void (*make_response)(unsigned char *response, int id, char *our_name,
+ unsigned char *challenge, char *secret, int secret_len,
+ unsigned char *priv);
+ int (*check_success)(int id, unsigned char *pkt, int len);
+ void (*handle_failure)(unsigned char *pkt, int len);
+
+ struct chap_digest_type *next;
+};
+
+/*
+ * This function will return a value of 1 to indicate that a plugin intend to supply
+ * a username or a password to pppd through the chap_passwd_hook callback.
+ *
+ * Return a value > 0 to avoid parsing the chap-secrets file.
+ */
+typedef int (chap_check_hook_fn)(void);
+extern chap_check_hook_fn *chap_check_hook;
+
+/*
+ * A plugin can chose to supply its own user and password overriding whatever
+ * has been provided by the configuration. Hook is only valid when pppd is
+ * acting as a client.
+ *
+ * The maximum size of the user argument is always MAXNAMELEN
+ * The length of the password is always MAXWORDLEN, however; secrets can't be
+ * longer than MAXSECRETLEN
+ *
+ * Return a value < 0 to fail the connection.
+ */
+typedef int (chap_passwd_hook_fn)(char *user, char *password);
+extern chap_passwd_hook_fn *chap_passwd_hook;
+
+/*
+ * A plugin can chose to replace the default chap_verify_response function with
+ * one of their own.
+ */
+typedef int (chap_verify_hook_fn)(char *name, char *ourname, int id,
+ struct chap_digest_type *digest,
+ unsigned char *challenge, unsigned char *response,
+ char *message, int message_space);
+extern chap_verify_hook_fn *chap_verify_hook;
+
+/* Called by digest code to register a digest type */
+extern void chap_register_digest(struct chap_digest_type *);
+
+/* Lookup a digest handler by type */
+extern struct chap_digest_type *chap_find_digest(int digest_code);
+
+/* Called by authentication code to start authenticating the peer. */
+extern void chap_auth_peer(int unit, char *our_name, int digest_code);
+
+/* Called by auth. code to start authenticating us to the peer. */
+extern void chap_auth_with_peer(int unit, char *our_name, int digest_code);
+
+/* Represents the CHAP protocol to the main pppd code */
+extern struct protent chap_protent;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // PPP_CHAP_NEW_H
#include "config.h"
#endif
-#ifdef CHAPMS
-
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/time.h>
#include <unistd.h>
+#if defined(SOL2)
+#include <net/ppp-comp.h>
+#else
+#include <linux/ppp-comp.h>
+#endif
-#include "pppd.h"
-#include "chap-new.h"
+#include "pppd-private.h"
+#include "options.h"
+#include "chap.h"
#include "chap_ms.h"
-#include "md4.h"
-#include "sha1.h"
-#include "pppcrypt.h"
#include "magic.h"
#include "mppe.h"
+#include "crypto.h"
+#include "crypto_ms.h"
#ifdef UNIT_TEST
-#undef MPPE
+#undef PPP_WITH_MPPE
#endif
static void ascii2unicode (char[], int, u_char[]);
-static void NTPasswordHash (u_char *, int, u_char[MD4_SIGNATURE_SIZE]);
-static void ChallengeResponse (u_char *, u_char *, u_char[24]);
+static void NTPasswordHash (u_char *, int, unsigned char *);
+static int ChallengeResponse (u_char *, u_char *, u_char*);
static void ChapMS_NT (u_char *, char *, int, u_char[24]);
static void ChapMS2_NT (u_char *, u_char[16], char *, char *, int,
u_char[24]);
static void GenerateAuthenticatorResponsePlain
(char*, int, u_char[24], u_char[16], u_char *,
char *, u_char[41]);
-#ifdef MSLANMAN
+#ifdef PPP_WITH_MSLANMAN
static void ChapMS_LANMan (u_char *, char *, int, u_char *);
#endif
-#ifdef MSLANMAN
+#ifdef PPP_WITH_MSLANMAN
bool ms_lanman = 0; /* Use LanMan password instead of NT */
/* Has meaning only with MS-CHAP challenges */
#endif
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
#ifdef DEBUGMPPEKEY
/* For MPPE debug */
/* Use "[]|}{?/><,`!2&&(" (sans quotes) for RFC 3079 MS-CHAPv2 test value */
#include "fsm.h" /* Need to poke MPPE options */
#include "ccp.h"
-#include <net/ppp-comp.h>
#endif
/*
* Command-line options.
*/
-static option_t chapms_option_list[] = {
-#ifdef MSLANMAN
+static struct option chapms_option_list[] = {
+#ifdef PPP_WITH_MSLANMAN
{ "ms-lanman", o_bool, &ms_lanman,
"Use LanMan passwd when using MS-CHAP", 1 },
#endif
if (response_len != MS_CHAP_RESPONSE_LEN)
goto bad;
-#ifndef MSLANMAN
+#ifndef PPP_WITH_MSLANMAN
if (!response[MS_CHAP_USENT]) {
/* Should really propagate this into the error packet. */
notice("Peer request for LANMAN auth not supported");
/* Generate the expected response. */
ChapMS(challenge, (char *)secret, secret_len, md);
-#ifdef MSLANMAN
+#ifdef PPP_WITH_MSLANMAN
/* Determine which part of response to verify against */
if (!response[MS_CHAP_USENT])
diff = memcmp(&response[MS_CHAP_LANMANRESP],
free(msg);
}
-static void
+static int
ChallengeResponse(u_char *challenge,
- u_char PasswordHash[MD4_SIGNATURE_SIZE],
- u_char response[24])
+ u_char *PasswordHash,
+ u_char *response)
{
- u_char ZPasswordHash[21];
+ u_char ZPasswordHash[24];
+ PPP_CIPHER_CTX *ctx;
BZERO(ZPasswordHash, sizeof(ZPasswordHash));
- BCOPY(PasswordHash, ZPasswordHash, MD4_SIGNATURE_SIZE);
+ BCOPY(PasswordHash, ZPasswordHash, MD4_DIGEST_LENGTH);
#if 0
dbglog("ChallengeResponse - ZPasswordHash %.*B",
sizeof(ZPasswordHash), ZPasswordHash);
#endif
- (void) DesSetkey(ZPasswordHash + 0);
- DesEncrypt(challenge, response + 0);
- (void) DesSetkey(ZPasswordHash + 7);
- DesEncrypt(challenge, response + 8);
- (void) DesSetkey(ZPasswordHash + 14);
- DesEncrypt(challenge, response + 16);
+ if (DesEncrypt(challenge, ZPasswordHash + 0, response + 0) &&
+ DesEncrypt(challenge, ZPasswordHash + 7, response + 8) &&
+ DesEncrypt(challenge, ZPasswordHash + 14, response + 16))
+ return 1;
#if 0
dbglog("ChallengeResponse - response %.24B", response);
#endif
+ return 0;
}
void
char *username, u_char Challenge[8])
{
- SHA1_CTX sha1Context;
- u_char sha1Hash[SHA1_SIGNATURE_SIZE];
- char *user;
+ PPP_MD_CTX* ctx;
+ u_char hash[SHA_DIGEST_LENGTH];
+ int hash_len;
+ const char *user;
/* remove domain from "domain\username" */
if ((user = strrchr(username, '\\')) != NULL)
++user;
else
user = username;
+
+ ctx = PPP_MD_CTX_new();
+ if (ctx != NULL) {
+
+ if (PPP_DigestInit(ctx, PPP_sha1())) {
- SHA1_Init(&sha1Context);
- SHA1_Update(&sha1Context, PeerChallenge, 16);
- SHA1_Update(&sha1Context, rchallenge, 16);
- SHA1_Update(&sha1Context, (unsigned char *)user, strlen(user));
- SHA1_Final(sha1Hash, &sha1Context);
+ if (PPP_DigestUpdate(ctx, PeerChallenge, 16)) {
- BCOPY(sha1Hash, Challenge, 8);
+ if (PPP_DigestUpdate(ctx, rchallenge, 16)) {
+
+ if (PPP_DigestUpdate(ctx, user, strlen(user))) {
+
+ hash_len = SHA_DIGEST_LENGTH;
+ if (PPP_DigestFinal(ctx, hash, &hash_len)) {
+
+ BCOPY(hash, Challenge, 8);
+ }
+ }
+ }
+ }
+ }
+
+ PPP_MD_CTX_free(ctx);
+ }
}
/*
}
static void
-NTPasswordHash(u_char *secret, int secret_len, u_char hash[MD4_SIGNATURE_SIZE])
+NTPasswordHash(u_char *secret, int secret_len, unsigned char* hash)
{
-#if defined(__NetBSD__) || !defined(USE_MD4)
- /* NetBSD uses the libc md4 routines which take bytes instead of bits */
- int mdlen = secret_len;
-#else
- int mdlen = secret_len * 8;
-#endif
- MD4_CTX md4Context;
-
- MD4Init(&md4Context);
-#if !defined(USE_MD4)
- /* Internal MD4Update can take at most 64 bytes at a time */
- while (mdlen > 512) {
- MD4Update(&md4Context, secret, 512);
- secret += 64;
- mdlen -= 512;
- }
-#endif
- MD4Update(&md4Context, secret, mdlen);
- MD4Final(hash, &md4Context);
+ PPP_MD_CTX* ctx = PPP_MD_CTX_new();
+ if (ctx != NULL) {
+
+ if (PPP_DigestInit(ctx, PPP_md4())) {
+
+ if (PPP_DigestUpdate(ctx, secret, secret_len)) {
+ int hash_len = MD4_DIGEST_LENGTH;
+ PPP_DigestFinal(ctx, hash, &hash_len);
+ }
+ }
+
+ PPP_MD_CTX_free(ctx);
+ }
}
static void
u_char NTResponse[24])
{
u_char unicodePassword[MAX_NT_PASSWORD * 2];
- u_char PasswordHash[MD4_SIGNATURE_SIZE];
+ u_char PasswordHash[MD4_DIGEST_LENGTH];
/* Hash the Unicode version of the secret (== password). */
ascii2unicode(secret, secret_len, unicodePassword);
char *secret, int secret_len, u_char NTResponse[24])
{
u_char unicodePassword[MAX_NT_PASSWORD * 2];
- u_char PasswordHash[MD4_SIGNATURE_SIZE];
+ u_char PasswordHash[MD4_DIGEST_LENGTH];
u_char Challenge[8];
ChallengeHash(PeerChallenge, rchallenge, username, Challenge);
ChallengeResponse(Challenge, PasswordHash, NTResponse);
}
-#ifdef MSLANMAN
+#ifdef PPP_WITH_MSLANMAN
static u_char *StdText = (u_char *)"KGS!@#$%"; /* key from rasapi32.dll */
static void
{
int i;
u_char UcasePassword[MAX_NT_PASSWORD]; /* max is actually 14 */
- u_char PasswordHash[MD4_SIGNATURE_SIZE];
+ u_char PasswordHash[MD4_DIGEST_LENGTH];
/* LANMan password is case insensitive */
BZERO(UcasePassword, sizeof(UcasePassword));
for (i = 0; i < secret_len; i++)
UcasePassword[i] = (u_char)toupper(secret[i]);
- (void) DesSetkey(UcasePassword + 0);
- DesEncrypt( StdText, PasswordHash + 0 );
- (void) DesSetkey(UcasePassword + 7);
- DesEncrypt( StdText, PasswordHash + 8 );
- ChallengeResponse(rchallenge, PasswordHash, &response[MS_CHAP_LANMANRESP]);
+
+ if (DesEncrypt(StdText, UcasePassword + 0, PasswordHash + 0) &&
+ DesEncrypt(StdText, UcasePassword + 7, PasswordHash + 8)) {
+
+ ChallengeResponse(rchallenge, PasswordHash, &response[MS_CHAP_LANMANRESP]);
+ }
}
#endif
void
-GenerateAuthenticatorResponse(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
- u_char NTResponse[24], u_char PeerChallenge[16],
- u_char *rchallenge, char *username,
- u_char authResponse[MS_AUTH_RESPONSE_LENGTH+1])
+GenerateAuthenticatorResponse(unsigned char* PasswordHashHash,
+ unsigned char *NTResponse, unsigned char *PeerChallenge,
+ unsigned char *rchallenge, char *username,
+ unsigned char *authResponse)
{
/*
* "Magic" constants used in response generation, from RFC 2759.
0x6E };
int i;
- SHA1_CTX sha1Context;
- u_char Digest[SHA1_SIGNATURE_SIZE];
+ PPP_MD_CTX *ctx;
+ u_char Digest[SHA_DIGEST_LENGTH] = {};
+ int hash_len;
u_char Challenge[8];
- SHA1_Init(&sha1Context);
- SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
- SHA1_Update(&sha1Context, NTResponse, 24);
- SHA1_Update(&sha1Context, Magic1, sizeof(Magic1));
- SHA1_Final(Digest, &sha1Context);
+ ctx = PPP_MD_CTX_new();
+ if (ctx != NULL) {
+
+ if (PPP_DigestInit(ctx, PPP_sha1())) {
+ if (PPP_DigestUpdate(ctx, PasswordHashHash, MD4_DIGEST_LENGTH)) {
+
+ if (PPP_DigestUpdate(ctx, NTResponse, 24)) {
+
+ if (PPP_DigestUpdate(ctx, Magic1, sizeof(Magic1))) {
+
+ hash_len = sizeof(Digest);
+ PPP_DigestFinal(ctx, Digest, &hash_len);
+ }
+ }
+ }
+ }
+ PPP_MD_CTX_free(ctx);
+ }
+
ChallengeHash(PeerChallenge, rchallenge, username, Challenge);
- SHA1_Init(&sha1Context);
- SHA1_Update(&sha1Context, Digest, sizeof(Digest));
- SHA1_Update(&sha1Context, Challenge, sizeof(Challenge));
- SHA1_Update(&sha1Context, Magic2, sizeof(Magic2));
- SHA1_Final(Digest, &sha1Context);
+ ctx = PPP_MD_CTX_new();
+ if (ctx != NULL) {
+
+ if (PPP_DigestInit(ctx, PPP_sha1())) {
+
+ if (PPP_DigestUpdate(ctx, Digest, sizeof(Digest))) {
+
+ if (PPP_DigestUpdate(ctx, Challenge, sizeof(Challenge))) {
+
+ if (PPP_DigestUpdate(ctx, Magic2, sizeof(Magic2))) {
+
+ hash_len = sizeof(Digest);
+ PPP_DigestFinal(ctx, Digest, &hash_len);
+ }
+ }
+ }
+ }
+
+ PPP_MD_CTX_free(ctx);
+ }
/* Convert to ASCII hex string. */
- for (i = 0; i < MAX((MS_AUTH_RESPONSE_LENGTH / 2), sizeof(Digest)); i++)
- sprintf((char *)&authResponse[i * 2], "%02X", Digest[i]);
+ for (i = 0; i < MAX((MS_AUTH_RESPONSE_LENGTH / 2), sizeof(Digest)); i++) {
+ sprintf((char *)&authResponse[i * 2], "%02X", Digest[i]);
+ }
}
u_char authResponse[MS_AUTH_RESPONSE_LENGTH+1])
{
u_char unicodePassword[MAX_NT_PASSWORD * 2];
- u_char PasswordHash[MD4_SIGNATURE_SIZE];
- u_char PasswordHashHash[MD4_SIGNATURE_SIZE];
+ u_char PasswordHash[MD4_DIGEST_LENGTH];
+ u_char PasswordHashHash[MD4_DIGEST_LENGTH];
/* Hash (x2) the Unicode version of the secret (== password). */
ascii2unicode(secret, secret_len, unicodePassword);
}
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
/*
* Set mppe_xxxx_key from MS-CHAP credentials. (see RFC 3079)
Set_Start_Key(u_char *rchallenge, char *secret, int secret_len)
{
u_char unicodePassword[MAX_NT_PASSWORD * 2];
- u_char PasswordHash[MD4_SIGNATURE_SIZE];
- u_char PasswordHashHash[MD4_SIGNATURE_SIZE];
+ u_char PasswordHash[MD4_DIGEST_LENGTH];
+ u_char PasswordHashHash[MD4_DIGEST_LENGTH];
/* Hash (x2) the Unicode version of the secret (== password). */
ascii2unicode(secret, secret_len, unicodePassword);
SetMasterKeys(char *secret, int secret_len, u_char NTResponse[24], int IsServer)
{
u_char unicodePassword[MAX_NT_PASSWORD * 2];
- u_char PasswordHash[MD4_SIGNATURE_SIZE];
- u_char PasswordHashHash[MD4_SIGNATURE_SIZE];
+ u_char PasswordHash[MD4_DIGEST_LENGTH];
+ u_char PasswordHashHash[MD4_DIGEST_LENGTH];
/* Hash (x2) the Unicode version of the secret (== password). */
ascii2unicode(secret, secret_len, unicodePassword);
NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash);
mppe_set_chapv2(PasswordHashHash, NTResponse, IsServer);
}
-#endif /* MPPE */
+#endif /* PPP_WITH_MPPE */
void
ChapMS_NT(rchallenge, secret, secret_len, &response[MS_CHAP_NTRESP]);
-#ifdef MSLANMAN
+#ifdef PPP_WITH_MSLANMAN
ChapMS_LANMan(rchallenge, secret, secret_len,
&response[MS_CHAP_LANMANRESP]);
response[MS_CHAP_USENT] = 1;
#endif
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
Set_Start_Key(rchallenge, secret, secret_len);
#endif
}
* Authenticator Response.
*/
void
-ChapMS2(u_char *rchallenge, u_char *PeerChallenge,
+ChapMS2(unsigned char *rchallenge, unsigned char *PeerChallenge,
char *user, char *secret, int secret_len, unsigned char *response,
u_char authResponse[], int authenticator)
{
&response[MS_CHAP2_PEER_CHALLENGE],
rchallenge, user, authResponse);
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
SetMasterKeys(secret, secret_len,
&response[MS_CHAP2_NTRESP], authenticator);
#endif
{
chap_register_digest(&chapms_digest);
chap_register_digest(&chapms2_digest);
- add_options(chapms_option_list);
+ ppp_add_options(chapms_option_list);
}
#else
int test_chap_v1(void) {
- char *secret = "TestPassword";
+ char *secret = "MyPw";
unsigned char challenge[8] = {
- 0x6c, 0x8d, 0x4b, 0xa1, 0x2b, 0x5c, 0x13, 0xc3
+ 0x10, 0x2D, 0xB5, 0xDF, 0x08, 0x5D, 0x30, 0x41
};
unsigned char response[MS_CHAP_RESPONSE_LEN] = {
};
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x91, 0x09, 0x61, 0x5a, 0x0c, 0xac, 0xac, 0x55,
- 0x1f, 0x60, 0xe2, 0x9c, 0x00, 0xac, 0x24, 0xda,
- 0x6e, 0xa5, 0x7b, 0xdb, 0x1d, 0x6a, 0x17, 0xc5,
+ 0x4E, 0x9D, 0x3C, 0x8F, 0x9C, 0xFD, 0x38, 0x5D,
+ 0x5B, 0xF4, 0xD3, 0x24, 0x67, 0x91, 0x95, 0x6C,
+ 0xA4, 0xC3, 0x51, 0xAB, 0x40, 0x9A, 0x3D, 0x61,
+
0x01
};
}
int main(int argc, char *argv[]) {
+
+ PPP_crypto_init();
if (test_chap_v1()) {
printf("CHAPv1 failed\n");
return -1;
}
+ PPP_crypto_deinit();
+
printf("Success\n");
return 0;
}
#endif /* UNIT_TEST */
-
-#endif /* CHAPMS */
* $Id: chap_ms.h,v 1.13 2004/11/15 22:13:26 paulus Exp $
*/
+#ifndef PPP_CHAPMS_H
+#define PPP_CHAPMS_H
+
#include "pppdconf.h"
-#ifndef __CHAPMS_INCLUDE__
+#ifdef __cplusplus
+extern "C" {
+#endif
-#define MD4_SIGNATURE_SIZE 16 /* 16 bytes in a MD4 message digest */
#define MAX_NT_PASSWORD 256 /* Max (Unicode) chars in an NT pass */
#define MS_CHAP_RESPONSE_LEN 49 /* Response length for MS-CHAP */
void ChapMS2 (u_char *, u_char *, char *, char *, int,
u_char *, u_char[MS_AUTH_RESPONSE_LENGTH+1], int);
-void ChallengeHash (u_char[16], u_char *, char *, u_char[8]);
+void ChallengeHash (u_char[16], u_char *, char *, u_char[8]);
+
-void GenerateAuthenticatorResponse(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
- u_char NTResponse[24], u_char PeerChallenge[16],
- u_char *rchallenge, char *username,
- u_char authResponse[MS_AUTH_RESPONSE_LENGTH+1]);
+/**
+ * PasswordHashHash - 16 bytes representing the NT Password Hash Hash
+ * NTResponse - 24 bytes represending the NTResponse parameter
+ * PeerChallenge - 16 bytes challange for peer
+ * rchallenge - 16 bytes challenge provided by peer
+ * authResponse - 24 + 1 byte to store the authenticator response
+ */
+void GenerateAuthenticatorResponse(unsigned char *PasswordHashHash,
+ unsigned char *NTResponse, unsigned char *PeerChallenge,
+ unsigned char *rchallenge, char *username,
+ unsigned char *authResponse);
void chapms_init(void);
-#define __CHAPMS_INCLUDE__
-#endif /* __CHAPMS_INCLUDE__ */
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* PPP_CHAPMS_H */
--- /dev/null
+/* ppp-crypo-priv.h - Crypto private data structures
+ *
+ * Copyright (c) 2022 Eivind Næss. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#ifndef PPP_CRYPTO_PRIV_H
+#define PPP_CRYPTO_PRIV_H
+
+#include "crypto.h"
+
+#define MAX_KEY_SIZE 32
+#define MAX_IV_SIZE 32
+
+struct _PPP_MD
+{
+ int (*init_fn)(PPP_MD_CTX *ctx);
+ int (*update_fn)(PPP_MD_CTX *ctx, const void *data, size_t cnt);
+ int (*final_fn)(PPP_MD_CTX *ctx, unsigned char *out, unsigned int *outlen);
+ void (*clean_fn)(PPP_MD_CTX *ctx);
+};
+
+struct _PPP_MD_CTX
+{
+ PPP_MD md;
+ void *priv;
+};
+
+struct _PPP_CIPHER
+{
+ int (*init_fn)(PPP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv);
+ int (*update_fn)(PPP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl);
+ int (*final_fn)(PPP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+ void (*clean_fn)(PPP_CIPHER_CTX *ctx);
+};
+
+struct _PPP_CIPHER_CTX
+{
+ PPP_CIPHER cipher;
+ unsigned char key[MAX_KEY_SIZE];
+ unsigned char iv[MAX_IV_SIZE];
+ int is_encr;
+ void *priv;
+};
+
+
+#endif
--- /dev/null
+/* ppp-crypto.c - Generic API for access to crypto/digest functions.
+ *
+ * Copyright (c) 2022 Eivind Næss. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <stdlib.h>
+#include <string.h>
+
+#include "crypto.h"
+#include "crypto-priv.h"
+
+#ifdef PPP_WITH_OPENSSL
+#include <openssl/opensslv.h>
+#endif
+
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#include <openssl/provider.h>
+struct crypto_ctx {
+
+ OSSL_PROVIDER *legacy;
+ OSSL_PROVIDER *provider;
+} g_crypto_ctx;
+#endif
+
+PPP_MD_CTX *PPP_MD_CTX_new()
+{
+ return (PPP_MD_CTX*) calloc(1, sizeof(PPP_MD_CTX));
+}
+
+void PPP_MD_CTX_free(PPP_MD_CTX* ctx)
+{
+ if (ctx) {
+ if (ctx->md.clean_fn) {
+ ctx->md.clean_fn(ctx);
+ }
+ free(ctx);
+ }
+}
+
+int PPP_DigestInit(PPP_MD_CTX *ctx, const PPP_MD *type)
+{
+ if (ctx) {
+ ctx->md = *type;
+ if (ctx->md.init_fn) {
+ return ctx->md.init_fn(ctx);
+ }
+ }
+ return 0;
+}
+
+int PPP_DigestUpdate(PPP_MD_CTX *ctx, const void *data, size_t length)
+{
+ if (ctx && ctx->md.update_fn) {
+ return ctx->md.update_fn(ctx, data, length);
+ }
+ return 0;
+}
+
+int PPP_DigestFinal(PPP_MD_CTX *ctx, unsigned char *out, unsigned int *outlen)
+{
+ if (ctx && ctx->md.final_fn) {
+ return ctx->md.final_fn(ctx, out, outlen);
+ }
+ return 0;
+}
+
+PPP_CIPHER_CTX *PPP_CIPHER_CTX_new(void)
+{
+ return calloc(1, sizeof(PPP_CIPHER_CTX));
+}
+
+void PPP_CIPHER_CTX_free(PPP_CIPHER_CTX *ctx)
+{
+ if (ctx) {
+ if (ctx->cipher.clean_fn) {
+ ctx->cipher.clean_fn(ctx);
+ }
+ memset(ctx->iv, 0, sizeof(ctx->iv));
+ memset(ctx->key, 0, sizeof(ctx->key));
+ free(ctx);
+ }
+}
+
+int PPP_CipherInit(PPP_CIPHER_CTX *ctx, const PPP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv, int encr)
+{
+ if (ctx && cipher) {
+ ctx->is_encr = encr;
+ ctx->cipher = *cipher;
+ if (ctx->cipher.init_fn) {
+ ctx->cipher.init_fn(ctx, key, iv);
+ }
+ return 1;
+ }
+ return 0;
+}
+
+int PPP_CipherUpdate(PPP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl)
+{
+ if (ctx && ctx->cipher.update_fn) {
+ return ctx->cipher.update_fn(ctx, out, outl, in, inl);
+ }
+ return 0;
+}
+
+int PPP_CipherFinal(PPP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+ if (ctx && ctx->cipher.final_fn) {
+ return ctx->cipher.final_fn(ctx, out, outl);
+ }
+ return 0;
+}
+
+int PPP_crypto_init()
+{
+ int retval = 0;
+
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ g_crypto_ctx.legacy = OSSL_PROVIDER_load(NULL, "legacy");
+ if (g_crypto_ctx.legacy == NULL)
+ {
+ goto done;
+ }
+
+ g_crypto_ctx.provider = OSSL_PROVIDER_load(NULL, "default");
+ if (g_crypto_ctx.provider == NULL)
+ {
+ goto done;
+ }
+#endif
+ retval = 1;
+
+done:
+
+ return retval;
+}
+
+int PPP_crypto_deinit()
+{
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ if (g_crypto_ctx.legacy) {
+ OSSL_PROVIDER_unload(g_crypto_ctx.legacy);
+ g_crypto_ctx.legacy = NULL;
+ }
+
+ if (g_crypto_ctx.provider) {
+ OSSL_PROVIDER_unload(g_crypto_ctx.provider);
+ g_crypto_ctx.provider = NULL;
+ }
+#endif
+ return 1;
+}
+
+#ifdef UNIT_TEST
+#include <stdio.h>
+
+int test_md4()
+{
+ PPP_MD_CTX* ctx = NULL;
+ int success = 0;
+
+ unsigned char data[84] = {
+ 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63,
+ 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69,
+ 0x64, 0x65, 0x2c, 0x20, 0x74, 0x68, 0x69, 0x73,
+ 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20,
+ 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79,
+ 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65,
+ 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20,
+ 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74,
+ 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20,
+ 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
+ 0x6b, 0x65, 0x79, 0x2e
+ };
+
+ unsigned int hash_len;
+ unsigned char hash[MD4_DIGEST_LENGTH];
+ unsigned char result[MD4_DIGEST_LENGTH] = {
+ 0x58, 0xcb, 0x37, 0x91, 0x1d, 0x06, 0x7b, 0xdf,
+ 0xfd, 0x48, 0x6d, 0x87, 0x4a, 0x35, 0x5b, 0xd4
+ };
+
+ ctx = PPP_MD_CTX_new();
+ if (ctx) {
+
+ if (PPP_DigestInit(ctx, PPP_md4())) {
+
+ if (PPP_DigestUpdate(ctx, &data, sizeof(data))) {
+
+ hash_len = sizeof(hash);
+ if (PPP_DigestFinal(ctx, hash, &hash_len)) {
+
+ if (memcmp(hash, result, MD4_DIGEST_LENGTH) == 0) {
+ success = 1;
+ }
+ }
+ }
+ }
+ PPP_MD_CTX_free(ctx);
+ }
+
+ return success;
+}
+
+int test_md5()
+{
+ PPP_MD_CTX* ctx = NULL;
+ int success = 0;
+
+ unsigned char data[84] = {
+ 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63,
+ 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69,
+ 0x64, 0x65, 0x2c, 0x20, 0x74, 0x68, 0x69, 0x73,
+ 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20,
+ 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79,
+ 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65,
+ 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20,
+ 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74,
+ 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20,
+ 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
+ 0x6b, 0x65, 0x79, 0x2e
+ };
+
+ unsigned int hash_len;
+ unsigned char hash[MD5_DIGEST_LENGTH];
+ unsigned char result[MD5_DIGEST_LENGTH] = {
+ 0x8b, 0xe3, 0x5e, 0x2c, 0x9f, 0x95, 0xbf, 0x4e,
+ 0x16, 0xe4, 0x53, 0xbe, 0x52, 0xf4, 0xbc, 0x4e
+ };
+
+ ctx = PPP_MD_CTX_new();
+ if (ctx) {
+
+ if (PPP_DigestInit(ctx, PPP_md5())) {
+
+ if (PPP_DigestUpdate(ctx, &data, sizeof(data))) {
+
+ hash_len = sizeof(hash);
+ if (PPP_DigestFinal(ctx, hash, &hash_len)) {
+
+ if (memcmp(hash, result, MD5_DIGEST_LENGTH) == 0) {
+ success = 1;
+ }
+ }
+ }
+ }
+ PPP_MD_CTX_free(ctx);
+ }
+
+ return success;
+}
+
+int test_sha()
+{
+ PPP_MD_CTX* ctx = NULL;
+ int success = 0;
+
+ unsigned char data[84] = {
+ 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63,
+ 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69,
+ 0x64, 0x65, 0x2c, 0x20, 0x74, 0x68, 0x69, 0x73,
+ 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20,
+ 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79,
+ 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65,
+ 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20,
+ 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74,
+ 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20,
+ 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
+ 0x6b, 0x65, 0x79, 0x2e
+ };
+
+ unsigned int hash_len;
+ unsigned char hash[SHA_DIGEST_LENGTH];
+ unsigned char result[SHA_DIGEST_LENGTH] = {
+ 0xa8, 0x03, 0xae, 0x21, 0x30, 0xd8, 0x40, 0xbe,
+ 0x27, 0xa3, 0x47, 0xc7, 0x7a, 0x90, 0xe6, 0xa3,
+ 0x5b, 0xd5, 0x0e, 0x45
+ };
+
+ ctx = PPP_MD_CTX_new();
+ if (ctx) {
+
+ if (PPP_DigestInit(ctx, PPP_sha1())) {
+
+ if (PPP_DigestUpdate(ctx, &data, sizeof(data))) {
+
+ hash_len = sizeof(hash);
+ if (PPP_DigestFinal(ctx, hash, &hash_len)) {
+
+ if (memcmp(hash, result, SHA_DIGEST_LENGTH) == 0) {
+ success = 1;
+ }
+ }
+ }
+ }
+ PPP_MD_CTX_free(ctx);
+ }
+
+ return success;
+}
+
+int test_des_encrypt()
+{
+ PPP_CIPHER_CTX* ctx = NULL;
+ int success = 0;
+
+ unsigned char key[8] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
+ };
+
+ unsigned char plain[80] = {
+ 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63,
+ 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69,
+ 0x64, 0x65, 0x2c, 0x20, 0x74, 0x68, 0x69, 0x73,
+ 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20,
+ 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79,
+ 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65,
+ 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20,
+ 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74,
+ 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20,
+ 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20
+ };
+ unsigned char expect[80] = {
+ 0x45, 0xdb, 0x80, 0x45, 0x16, 0xd0, 0x6d, 0x60,
+ 0x92, 0x23, 0x4b, 0xd3, 0x9d, 0x36, 0xb8, 0x1a,
+ 0xa4, 0x1a, 0xf7, 0xb1, 0x60, 0xfb, 0x74, 0x16,
+ 0xa6, 0xdc, 0xe1, 0x14, 0xb7, 0xed, 0x48, 0x5a,
+ 0x2b, 0xed, 0x68, 0x9d, 0x19, 0xd6, 0xb1, 0xb8,
+ 0x91, 0xff, 0xea, 0x62, 0xac, 0xe7, 0x49, 0xdd,
+ 0xfa, 0x4d, 0xa4, 0x01, 0x3f, 0xea, 0xca, 0xb4,
+ 0xb6, 0xdc, 0xd3, 0x04, 0x45, 0x07, 0x74, 0xed,
+ 0xa6, 0xdc, 0xe1, 0x14, 0xb7, 0xed, 0x48, 0x5a,
+ 0xbb, 0x9b, 0x13, 0x31, 0xf4, 0xa9, 0x32, 0x49
+ };
+
+ unsigned char cipher[80] = {};
+ int cipher_len = 0;
+ int offset = 0;
+
+
+ ctx = PPP_CIPHER_CTX_new();
+ if (ctx) {
+
+ if (PPP_CipherInit(ctx, PPP_des_ecb(), key, NULL, 1)) {
+
+ if (PPP_CipherUpdate(ctx, cipher, &cipher_len, plain, sizeof(plain))) {
+
+ offset += cipher_len;
+
+ if (PPP_CipherFinal(ctx, cipher+offset, &cipher_len)) {
+
+ if (memcmp(cipher, expect, 80) == 0) {
+
+ success = 1;
+ }
+ }
+ }
+ }
+ PPP_CIPHER_CTX_free(ctx);
+ }
+
+ return success;
+}
+
+
+int test_des_decrypt()
+{
+ PPP_CIPHER_CTX* ctx = NULL;
+ int success = 0;
+
+ unsigned char key[8] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
+ };
+
+ unsigned char cipher[80] = {
+ 0x45, 0xdb, 0x80, 0x45, 0x16, 0xd0, 0x6d, 0x60,
+ 0x92, 0x23, 0x4b, 0xd3, 0x9d, 0x36, 0xb8, 0x1a,
+ 0xa4, 0x1a, 0xf7, 0xb1, 0x60, 0xfb, 0x74, 0x16,
+ 0xa6, 0xdc, 0xe1, 0x14, 0xb7, 0xed, 0x48, 0x5a,
+ 0x2b, 0xed, 0x68, 0x9d, 0x19, 0xd6, 0xb1, 0xb8,
+ 0x91, 0xff, 0xea, 0x62, 0xac, 0xe7, 0x49, 0xdd,
+ 0xfa, 0x4d, 0xa4, 0x01, 0x3f, 0xea, 0xca, 0xb4,
+ 0xb6, 0xdc, 0xd3, 0x04, 0x45, 0x07, 0x74, 0xed,
+ 0xa6, 0xdc, 0xe1, 0x14, 0xb7, 0xed, 0x48, 0x5a,
+ 0xbb, 0x9b, 0x13, 0x31, 0xf4, 0xa9, 0x32, 0x49
+ };
+
+ unsigned char expect[80] = {
+ 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63,
+ 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69,
+ 0x64, 0x65, 0x2c, 0x20, 0x74, 0x68, 0x69, 0x73,
+ 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20,
+ 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79,
+ 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65,
+ 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20,
+ 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74,
+ 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20,
+ 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20
+ };
+
+ unsigned char plain[80] = {};
+ int outlen = 0;
+ int offset = 0;
+
+ ctx = PPP_CIPHER_CTX_new();
+ if (ctx) {
+
+ if (PPP_CipherInit(ctx, PPP_des_ecb(), key, NULL, 0)) {
+
+ if (PPP_CipherUpdate(ctx, plain, &outlen, cipher, sizeof(cipher))) {
+
+ offset += outlen;
+
+ if (PPP_CipherFinal(ctx, plain+offset, &outlen)) {
+
+ if (memcmp(plain, expect, 80) == 0) {
+
+ success = 1;
+ }
+ }
+ }
+ }
+ PPP_CIPHER_CTX_free(ctx);
+ }
+
+ return success;
+}
+
+int main(int argc, char *argv[])
+{
+ int failure = 0;
+
+ if (!PPP_crypto_init()) {
+ printf("Couldn't initialize crypto test\n");
+ return -1;
+ }
+
+ if (!test_md4()) {
+ printf("MD4 test failed\n");
+ failure++;
+ }
+
+ if (!test_md5()) {
+ printf("MD5 test failed\n");
+ failure++;
+ }
+
+ if (!test_sha()) {
+ printf("SHA test failed\n");
+ failure++;
+ }
+
+ if (!test_des_encrypt()) {
+ printf("DES encryption test failed\n");
+ failure++;
+ }
+
+ if (!test_des_decrypt()) {
+ printf("DES decryption test failed\n");
+ failure++;
+ }
+
+ if (!PPP_crypto_deinit()) {
+ printf("Couldn't deinitialize crypto test\n");
+ return -1;
+ }
+
+ return failure;
+}
+
+#endif
--- /dev/null
+/* ppp-crypto.h - Generic API for access to crypto/digest functions.
+ *
+ * Copyright (c) 2022 Eivind Næss. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef PPP_CRYPTO_H
+#define PPP_CRYPTO_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifndef MD5_DIGEST_LENGTH
+#define MD5_DIGEST_LENGTH 16
+#endif
+
+#ifndef MD4_DIGEST_LENGTH
+#define MD4_DIGEST_LENGTH 16
+#endif
+
+#ifndef SHA_DIGEST_LENGTH
+#define SHA_DIGEST_LENGTH 20
+#endif
+
+struct _PPP_MD_CTX;
+struct _PPP_MD;
+
+typedef struct _PPP_MD_CTX PPP_MD_CTX;
+typedef struct _PPP_MD PPP_MD;
+
+/*
+ * Create a new Message Digest context object
+ */
+PPP_MD_CTX *PPP_MD_CTX_new();
+
+/*
+ * Free the Message Digest context
+ */
+void PPP_MD_CTX_free(PPP_MD_CTX*);
+
+/*
+ * Fetch the MD4 algorithm
+ */
+const PPP_MD *PPP_md4(void);
+
+/*
+ * Fetch the MD5 algorithm
+ */
+const PPP_MD *PPP_md5(void);
+
+/*
+ * Fetch the SHA1 algorithm
+ */
+const PPP_MD *PPP_sha1(void);
+
+/*
+ * Initializes a context object
+ */
+int PPP_DigestInit(PPP_MD_CTX *ctx,
+ const PPP_MD *type);
+
+/*
+ * For each iteration update the context with more input
+ */
+int PPP_DigestUpdate(PPP_MD_CTX *ctx,
+ const void *data, size_t cnt);
+
+/*
+ * Perform the final operation, and output the digest
+ */
+int PPP_DigestFinal(PPP_MD_CTX *ctx,
+ unsigned char *out, unsigned int *outlen);
+
+
+struct _PPP_CIPHER_CTX;
+struct _PPP_CIPHER;
+
+typedef struct _PPP_CIPHER_CTX PPP_CIPHER_CTX;
+typedef struct _PPP_CIPHER PPP_CIPHER;
+
+
+/*
+ * Create a new Cipher Context
+ */
+PPP_CIPHER_CTX *PPP_CIPHER_CTX_new(void);
+
+/*
+ * Release the Cipher Context
+ */
+void PPP_CIPHER_CTX_free(PPP_CIPHER_CTX *ctx);
+
+/*
+ * Fetch the DES in ECB mode cipher algorithm
+ */
+const PPP_CIPHER *PPP_des_ecb(void);
+
+/*
+ * Set the particular data directly
+ */
+void PPP_CIPHER_CTX_set_cipher_data(PPP_CIPHER_CTX *ctx,
+ const unsigned char *key);
+
+/*
+ * Initialize the crypto operation
+ */
+int PPP_CipherInit(PPP_CIPHER_CTX *ctx,
+ const PPP_CIPHER *cipher,
+ const unsigned char *key,
+ const unsigned char *iv,
+ int encr);
+
+/*
+ * Encrypt input data, and store it in the output buffer
+ */
+int PPP_CipherUpdate(PPP_CIPHER_CTX *ctx,
+ unsigned char *out, int *outl,
+ const unsigned char *in, int inl);
+
+/*
+ * Finish the crypto operation, and fetch any outstanding bytes
+ */
+int PPP_CipherFinal(PPP_CIPHER_CTX *ctx,
+ unsigned char *out, int *outl);
+
+/*
+ * Global initialization, must be called once per process
+ */
+int PPP_crypto_init();
+
+/*
+ * Global deinitialization
+ */
+int PPP_crypto_deinit();
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // PPP_CRYPTO_H
--- /dev/null
+/*
+ * pppcrypt.c - PPP/DES linkage for MS-CHAP and EAP SRP-SHA1
+ *
+ * Extracted from chap_ms.c by James Carlson.
+ *
+ * Copyright (c) 1995 Eric Rosenquist. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sections of this code holds different copyright information.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <stddef.h>
+
+#include "crypto.h"
+#include "crypto_ms.h"
+
+
+/*
+ * DES_set_odd_parity function are imported from openssl 3.0 project with the
+ * follwoing license:
+ *
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+typedef unsigned char DES_cblock[8];
+#define DES_KEY_SZ (sizeof(DES_cblock))
+
+static const unsigned char odd_parity[256] = {
+ 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14,
+ 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
+ 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
+ 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
+ 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
+ 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
+ 97, 97, 98, 98, 100, 100, 103, 103, 104, 104, 107, 107, 109, 109, 110,
+ 110,
+ 112, 112, 115, 115, 117, 117, 118, 118, 121, 121, 122, 122, 124, 124, 127,
+ 127,
+ 128, 128, 131, 131, 133, 133, 134, 134, 137, 137, 138, 138, 140, 140, 143,
+ 143,
+ 145, 145, 146, 146, 148, 148, 151, 151, 152, 152, 155, 155, 157, 157, 158,
+ 158,
+ 161, 161, 162, 162, 164, 164, 167, 167, 168, 168, 171, 171, 173, 173, 174,
+ 174,
+ 176, 176, 179, 179, 181, 181, 182, 182, 185, 185, 186, 186, 188, 188, 191,
+ 191,
+ 193, 193, 194, 194, 196, 196, 199, 199, 200, 200, 203, 203, 205, 205, 206,
+ 206,
+ 208, 208, 211, 211, 213, 213, 214, 214, 217, 217, 218, 218, 220, 220, 223,
+ 223,
+ 224, 224, 227, 227, 229, 229, 230, 230, 233, 233, 234, 234, 236, 236, 239,
+ 239,
+ 241, 241, 242, 242, 244, 244, 247, 247, 248, 248, 251, 251, 253, 253, 254,
+ 254
+};
+
+static void DES_set_odd_parity(DES_cblock *key)
+{
+ unsigned int i;
+ for (i = 0; i < DES_KEY_SZ; i++)
+ (*key)[i] = odd_parity[(*key)[i]];
+}
+
+static unsigned char
+Get7Bits(const unsigned char *input, int startBit)
+{
+ unsigned int word;
+
+ word = (unsigned)input[startBit / 8] << 8;
+ word |= (unsigned)input[startBit / 8 + 1];
+
+ word >>= 15 - (startBit % 8 + 7);
+
+ return word & 0xFE;
+}
+
+static void
+MakeKey(const unsigned char *key, unsigned char *des_key)
+{
+ /* key IN 56 bit DES key missing parity bits */
+ /* des_key OUT 64 bit DES key with parity bits added */
+ des_key[0] = Get7Bits(key, 0);
+ des_key[1] = Get7Bits(key, 7);
+ des_key[2] = Get7Bits(key, 14);
+ des_key[3] = Get7Bits(key, 21);
+ des_key[4] = Get7Bits(key, 28);
+ des_key[5] = Get7Bits(key, 35);
+ des_key[6] = Get7Bits(key, 42);
+ des_key[7] = Get7Bits(key, 49);
+
+ DES_set_odd_parity((DES_cblock *)des_key);
+}
+
+int
+DesEncrypt(const unsigned char *clear, const unsigned char *key, unsigned char *cipher)
+{
+ int retval = 0;
+ unsigned int clen = 0;
+ unsigned char des_key[8];
+
+ PPP_CIPHER_CTX *ctx = PPP_CIPHER_CTX_new();
+ if (ctx) {
+
+ MakeKey(key, des_key);
+
+ if (PPP_CipherInit(ctx, PPP_des_ecb(), des_key, NULL, 1)) {
+
+ if (PPP_CipherUpdate(ctx, cipher, &clen, clear, 8)) {
+
+ if (PPP_CipherFinal(ctx, cipher + clen, &clen)) {
+
+ retval = 1;
+ }
+ }
+ }
+
+ PPP_CIPHER_CTX_free(ctx);
+ }
+
+ return (retval);
+}
+
+int
+DesDecrypt(const unsigned char *cipher, const unsigned char *key, unsigned char *clear)
+{
+ int retval = 0;
+ unsigned int clen = 0;
+ unsigned char des_key[8];
+
+ PPP_CIPHER_CTX *ctx = PPP_CIPHER_CTX_new();
+ if (ctx) {
+
+ MakeKey(key, des_key);
+
+ if (PPP_CipherInit(ctx, PPP_des_ecb(), des_key, NULL, 0)) {
+
+ if (PPP_CipherUpdate(ctx, clear, &clen, cipher, 8)) {
+
+ if (PPP_CipherFinal(ctx, clear + clen, &clen)) {
+
+ retval = 1;
+ }
+ }
+ }
+
+ PPP_CIPHER_CTX_free(ctx);
+ }
+
+ return (retval);
+}
+
+#ifdef UNIT_TEST_MSCRYPTO
+
+#include <string.h>
+#include <stdio.h>
+
+/**
+ * The test-vectors are taken from RFC2759.
+ */
+int test_encrypt()
+{
+ unsigned char Challenge[8] = {
+ 0xD0, 0x2E, 0x43, 0x86, 0xBC, 0xE9, 0x12, 0x26
+ };
+
+ unsigned char ZPasswordHash[24] = {
+ 0x44, 0xEB, 0xBA, 0x8D, 0x53, 0x12, 0xB8, 0xD6,
+ 0x11, 0x47, 0x44, 0x11, 0xF5, 0x69, 0x89, 0xAE
+ };
+
+ unsigned char expected[24] = {
+ 0x82, 0x30, 0x9E, 0xCD, 0x8D, 0x70, 0x8B, 0x5E,
+ 0xA0, 0x8F, 0xAA, 0x39, 0x81, 0xCD, 0x83, 0x54,
+ 0x42, 0x33, 0x11, 0x4A, 0x3D, 0x85, 0xD6, 0xDF
+ };
+ unsigned char response[24] = {};
+ unsigned int retval = 0;
+
+ DesEncrypt(Challenge, ZPasswordHash + 0, response + 0);
+ DesEncrypt(Challenge, ZPasswordHash + 7, response + 8);
+ DesEncrypt(Challenge, ZPasswordHash + 14, response + 16);
+
+ return memcmp(response, expected, sizeof(response)) == 0;
+}
+
+int test_decrypt()
+{
+ unsigned char Challenge[8] = {
+ 0xD0, 0x2E, 0x43, 0x86, 0xBC, 0xE9, 0x12, 0x26
+ };
+
+ unsigned char ZPasswordHash[24] = {
+ 0x44, 0xEB, 0xBA, 0x8D, 0x53, 0x12, 0xB8, 0xD6,
+ 0x11, 0x47, 0x44, 0x11, 0xF5, 0x69, 0x89, 0xAE
+ };
+
+ unsigned char Response[24] = {
+ 0x82, 0x30, 0x9E, 0xCD, 0x8D, 0x70, 0x8B, 0x5E,
+ 0xA0, 0x8F, 0xAA, 0x39, 0x81, 0xCD, 0x83, 0x54,
+ 0x42, 0x33, 0x11, 0x4A, 0x3D, 0x85, 0xD6, 0xDF
+ };
+ unsigned char Output[8];
+ unsigned int failure = 0;
+
+ if (DesDecrypt(Response + 0, ZPasswordHash + 0, Output)) {
+ failure += memcmp(Challenge, Output, sizeof(Challenge));
+ }
+
+ if (DesDecrypt(Response + 8, ZPasswordHash + 7, Output)) {
+ failure += memcmp(Challenge, Output, sizeof(Challenge));
+ }
+
+ if (DesDecrypt(Response +16, ZPasswordHash +14, Output)) {
+ failure += memcmp(Challenge, Output, sizeof(Challenge));
+ }
+
+ return failure == 0;
+}
+
+int main(int argc, char *argv[])
+{
+ int failure = 0;
+
+ if (!PPP_crypto_init()) {
+ printf("Couldn't initialize crypto test\n");
+ return -1;
+ }
+
+ if (!test_encrypt()) {
+ printf("CHAP DES encryption test failed\n");
+ failure++;
+ }
+
+ if (!test_decrypt()) {
+ printf("CHAP DES decryption test failed\n");
+ failure++;
+ }
+
+ if (!PPP_crypto_deinit()) {
+ printf("Couldn't deinitialize crypto test\n");
+ return -1;
+ }
+
+ return failure;
+}
+
+#endif
--- /dev/null
+/*
+ * pppcrypt.c - PPP/DES linkage for MS-CHAP and EAP SRP-SHA1
+ *
+ * Extracted from chap_ms.c by James Carlson.
+ * Updated to better reflect RFC2759 by Eivind Naess
+ *
+ * Copyright (c) 2022 Eivind Naess. All rights reserved.
+ * Copyright (c) 1995 Eric Rosenquist. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#ifndef PPP_PPPCRYPT_H
+#define PPP_PPPCRYPT_H
+
+#include "pppdconf.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * This is the DES encrypt functions as described by RFC2759.
+ *
+ * Parameters:
+ * const unsigned char *clear:
+ * A 8 byte input array to be encrypted
+ *
+ * const unsigned char *key:
+ * A raw 7-byte array to be expanded to 8 with odd-parity
+ *
+ * unsigned char *cipher:
+ * A 8 byte outut array providing space for the output data
+ *
+ * DesEncrypt returns 1 on success
+ */
+int DesEncrypt(const unsigned char *clear, const unsigned char *key,
+ unsigned char *cipher);
+
+/**
+ * This is the DES decrypt functions as described by RFC2759.
+ *
+ * Parameters:
+ * const unsigned char *cipher:
+ * A 8 byte input array to be decrypted
+ *
+ * const unsigned char *key:
+ * A raw 7-byte array to be expanded to a 8-byte key with odd-parity
+ *
+ * unsigned char *clear:
+ * A 8 byte output array providing space for the output data
+ *
+ * DesDecrypt returns 1 on success
+ */
+int DesDecrypt(const unsigned char *cipher, const unsigned char *key,
+ unsigned char *clear);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* PPP_PPPCRYPT_H */
* 3. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
#include <sys/resource.h>
#include <sys/stat.h>
#include <sys/socket.h>
-#ifdef PPP_FILTER
+#ifdef PPP_WITH_FILTER
#include <pcap-bpf.h>
#endif
-#include "pppd.h"
+#include "pppd-private.h"
#include "fsm.h"
#include "ipcp.h"
#include "lcp.h"
flush_flag = 0;
fcs = PPP_INITFCS;
- netif_set_mtu(0, MIN(lcp_allowoptions[0].mru, PPP_MRU));
+ ppp_set_mtu(0, MIN(lcp_allowoptions[0].mru, PPP_MRU));
if (ppp_send_config(0, PPP_MRU, (u_int32_t) 0, 0, 0) < 0
|| ppp_recv_config(0, PPP_MRU, (u_int32_t) 0, 0, 0) < 0)
fatal("Couldn't set up demand-dialled PPP interface: %m");
-#ifdef PPP_FILTER
+#ifdef PPP_WITH_FILTER
set_filters(&pass_filter, &active_filter);
#endif
0xf78f, 0xe606, 0xd49d, 0xc514, 0xb1ab, 0xa022, 0x92b9, 0x8330,
0x7bc7, 0x6a4e, 0x58d5, 0x495c, 0x3de3, 0x2c6a, 0x1ef1, 0x0f78
};
+#define PPP_FCS(fcs, c) (((fcs) >> 8) ^ fcstab[((fcs) ^ (c)) & 0xff])
/*
* loop_chars - process characters received from the loopback.
if (len < PPP_HDRLEN)
return 0;
proto = PPP_PROTOCOL(p);
-#ifdef PPP_FILTER
+#ifdef PPP_WITH_FILTER
p[0] = 1; /* outbound packet indicator */
if ((pass_filter.bf_len != 0
&& bpf_filter(pass_filter.bf_insns, p, len, len) == 0)
#include <openssl/x509v3.h>
#include <openssl/pkcs12.h>
-#include "pppd.h"
+#include "pppd-private.h"
#include "tls.h"
#include "eap.h"
#include "eap-tls.h"
#include "mppe.h"
#include "pathnames.h"
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
#define SSL3_RT_HEADER 0x100
#endif
size_t len, SSL * ssl, void *arg);
int ssl_new_session_cb(SSL *s, SSL_SESSION *sess);
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
#define EAPTLS_MPPE_KEY_LEN 32
/*
}
}
-#endif /* MPPE */
+#endif /* PPP_WITH_MPPE */
int password_callback (char *buf, int size, int rwflag, void *u)
{
config = NCONF_new( NULL );
dbglog( "Loading OpenSSL config file" );
- ret_code = NCONF_load( config, _PATH_OPENSSLCONFFILE, &error_line );
+ ret_code = NCONF_load( config, PPP_PATH_OPENSSLCONFFILE, &error_line );
if (ret_code == 0)
{
- warn( "EAP-TLS: Error in OpenSSL config file %s at line %d", _PATH_OPENSSLCONFFILE, error_line );
+ warn( "EAP-TLS: Error in OpenSSL config file %s at line %d", PPP_PATH_OPENSSLCONFFILE, error_line );
NCONF_free( config );
config = NULL;
ERR_clear_error();
*
*/
-#include "pppdconf.h"
-
-#ifndef __EAP_TLS_H__
-#define __EAP_TLS_H__
+#ifndef PPP_EAP_TLS_H
+#define PPP_EAP_TLS_H
+#include "pppdconf.h"
#include "eap.h"
#include <openssl/ssl.h>
char *clicertfile, char *servcertfile, char *cacertfile,
char *capath, char *pkfile, char *pkcs12, int am_server);
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
void eaptls_gen_mppe_keys(struct eaptls_session *ets, int client);
#endif
#include <assert.h>
#include <errno.h>
-#include "pppd.h"
+#include "pppd-private.h"
+#include "options.h"
#include "pathnames.h"
-#include "md5.h"
+#include "crypto.h"
+#include "crypto_ms.h"
#include "eap.h"
-#ifdef USE_PEAP
+#ifdef PPP_WITH_PEAP
#include "peap.h"
-#endif /* USE_PEAP */
+#endif /* PPP_WITH_PEAP */
-#ifdef USE_SRP
+#ifdef PPP_WITH_SRP
#ifdef HAVE_TIME_H
#include <time.h>
#endif
#include <t_pwd.h>
#include <t_server.h>
#include <t_client.h>
-#include "pppcrypt.h"
-#endif /* USE_SRP */
+#endif /* PPP_WITH_SRP */
-#ifndef SHA_DIGESTSIZE
-#define SHA_DIGESTSIZE 20
-#endif
-
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
#include "eap-tls.h"
-#endif /* USE_EAPTLS */
+#endif /* PPP_WITH_EAPTLS */
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
+#include "chap.h"
#include "chap_ms.h"
-#include "chap-new.h"
extern int chapms_strip_domain;
-#endif /* CHAPMS */
+#endif /* PPP_WITH_CHAPMS */
eap_state eap_states[NUM_PPP]; /* EAP state; one for each unit */
-#ifdef USE_SRP
+#ifdef PPP_WITH_SRP
static char *pn_secret = NULL; /* Pseudonym generating secret */
#endif
/*
* Command-line options.
*/
-static option_t eap_option_list[] = {
+static struct option eap_option_list[] = {
{ "eap-restart", o_int, &eap_states[0].es_server.ea_timeout,
"Set retransmit timeout for EAP Requests (server)" },
{ "eap-max-sreq", o_int, &eap_states[0].es_server.ea_maxrequests,
"Set max number of EAP Requests allows (client)" },
{ "eap-interval", o_int, &eap_states[0].es_rechallenge,
"Set interval for EAP rechallenge" },
-#ifdef USE_SRP
+#ifdef PPP_WITH_SRP
{ "srp-interval", o_int, &eap_states[0].es_lwrechallenge,
"Set interval for SRP lightweight rechallenge" },
{ "srp-pn-secret", o_string, &pn_secret,
NULL /* say whether to bring up link for this pkt */
};
-#ifdef USE_SRP
+#ifdef PPP_WITH_SRP
/*
* A well-known 2048 bit modulus.
*/
0x9B, 0x65, 0xE3, 0x72, 0xFC, 0xD6, 0x8E, 0xF2,
0x0F, 0xA7, 0x11, 0x1F, 0x9E, 0x4A, 0xFF, 0x73
};
-#endif /* USE_SRP */
+#endif /* PPP_WITH_SRP */
/* Local forward declarations. */
static void eap_server_timeout (void *arg);
esp->es_server.ea_id = (u_char)(drand48() * 0x100);
esp->es_client.ea_timeout = EAP_DEFREQTIME;
esp->es_client.ea_maxrequests = EAP_DEFALLOWREQ;
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
esp->es_client.ea_using_eaptls = 0;
-#endif /* USE_EAPTLS */
-#ifdef CHAPMS
+#endif /* PPP_WITH_EAPTLS */
+#ifdef PPP_WITH_CHAPMS
esp->es_client.digest = chap_find_digest(CHAP_MICROSOFT_V2);
esp->es_server.digest = chap_find_digest(CHAP_MICROSOFT_V2);
#endif
esp->es_server.ea_peer, esp->es_server.ea_peerlen);
}
-#ifdef USE_SRP
+#ifdef PPP_WITH_SRP
/*
* Set DES key according to pseudonym-generating secret and current
* date.
*/
static bool
-pncrypt_setkey(int timeoffs)
+pncrypt_getkey(int timeoffs, unsigned char *key, int keylen)
{
struct tm *tp;
char tbuf[9];
- SHA1_CTX ctxt;
- u_char dig[SHA_DIGESTSIZE];
+ PPP_MD_CTX *ctxt;
time_t reftime;
if (pn_secret == NULL)
return (0);
reftime = time(NULL) + timeoffs;
tp = localtime(&reftime);
- SHA1Init(&ctxt);
- SHA1Update(&ctxt, pn_secret, strlen(pn_secret));
- strftime(tbuf, sizeof (tbuf), "%Y%m%d", tp);
- SHA1Update(&ctxt, tbuf, strlen(tbuf));
- SHA1Final(dig, &ctxt);
- return (DesSetkey(dig));
+
+ ctxt = PPP_MD_CTX_new();
+ if (ctxt) {
+
+ strftime(tbuf, sizeof (tbuf), "%Y%m%d", tp);
+
+ PPP_DigestInit(ctxt, PPP_sha1());
+ PPP_DigestUpdate(ctxt, pn_secret, strlen(pn_secret));
+ PPP_DigestUpdate(ctxt, tbuf, strlen(tbuf));
+ PPP_DigestFinal(ctxt, key, &keylen);
+
+ PPP_MD_CTX_free(ctxt);
+ return 1;
+ }
+
+ return (0);
}
static char base64[] =
}
return (outlen);
}
-#endif /* USE_SRP */
+#endif /* PPP_WITH_SRP */
/*
* Assume that current waiting server state is complete and figure
static void
eap_figure_next_state(eap_state *esp, int status)
{
-#ifdef USE_SRP
- unsigned char secbuf[MAXWORDLEN], clear[8], *sp, *dp;
+#ifdef PPP_WITH_SRP
+ unsigned char secbuf[MAXWORDLEN], clear[8], *sp, *dp, key[SHA_DIGEST_LENGTH];
struct t_pw tpw;
struct t_confent *tce, mytce;
char *cp, *cp2;
struct t_server *ts;
- int id, i, plen, toffs;
+ int id, i, plen, clen, toffs, keylen;
u_char vals[2];
struct b64state bs;
-#endif /* USE_SRP */
-#ifdef USE_EAPTLS
+#endif /* PPP_WITH_SRP */
+#ifdef PPP_WITH_EAPTLS
struct eaptls_session *ets;
int secret_len;
char secret[MAXWORDLEN];
-#endif /* USE_EAPTLS */
+#endif /* PPP_WITH_EAPTLS */
esp->es_server.ea_timeout = esp->es_savedtime;
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
esp->es_server.ea_prev_state = esp->es_server.ea_state;
-#endif /* USE_EAPTLS */
+#endif /* PPP_WITH_EAPTLS */
switch (esp->es_server.ea_state) {
case eapBadAuth:
return;
case eapIdentify:
-#ifdef USE_SRP
+#ifdef PPP_WITH_SRP
/* Discard any previous session. */
ts = (struct t_server *)esp->es_server.ea_session;
if (ts != NULL) {
esp->es_server.ea_session = NULL;
esp->es_server.ea_skey = NULL;
}
-#endif /* USE_SRP */
+#endif /* PPP_WITH_SRP */
if (status != 0) {
esp->es_server.ea_state = eapBadAuth;
break;
}
-#ifdef USE_SRP
+#ifdef PPP_WITH_SRP
/* If we've got a pseudonym, try to decode to real name. */
if (esp->es_server.ea_peerlen > SRP_PSEUDO_LEN &&
strncmp(esp->es_server.ea_peer, SRP_PSEUDO_ID,
secbuf);
toffs = 0;
for (i = 0; i < 5; i++) {
- pncrypt_setkey(toffs);
+ pncrypt_getkey(toffs, key, keylen);
toffs -= 86400;
- if (!DesDecrypt(secbuf, clear)) {
+
+ if (!DesDecrypt(secbuf, key, clear)) {
dbglog("no DES here; cannot decode "
- "pseudonym");
+ "pseudonym");
return;
}
id = *(unsigned char *)clear;
dp += i;
sp = secbuf + 8;
while (plen > 0) {
- (void) DesDecrypt(sp, dp);
+ DesDecrypt(sp, key, dp);
sp += 8;
dp += 8;
plen -= 8;
t_servergenexp(ts);
break;
}
-#endif /* USE_SRP */
-#ifdef USE_EAPTLS
+#endif /* PPP_WITH_SRP */
+#ifdef PPP_WITH_EAPTLS
if (!get_secret(esp->es_unit, esp->es_server.ea_peer,
esp->es_server.ea_name, secret, &secret_len, 1)) {
esp->es_server.ea_state = eapTlsStart;
break;
}
-#endif /* USE_EAPTLS */
+#endif /* PPP_WITH_EAPTLS */
esp->es_server.ea_state = eapMD5Chall;
break;
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
case eapTlsStart:
/* Initialize ssl session */
if(!eaptls_init_ssl_server(esp)) {
case eapTlsSendAlert:
esp->es_server.ea_state = eapTlsRecvAlertAck;
break;
-#endif /* USE_EAPTLS */
+#endif /* PPP_WITH_EAPTLS */
case eapSRP1:
-#ifdef USE_SRP
+#ifdef PPP_WITH_SRP
ts = (struct t_server *)esp->es_server.ea_session;
if (ts != NULL && status != 0) {
t_serverclose(ts);
esp->es_server.ea_session = NULL;
esp->es_server.ea_skey = NULL;
}
-#endif /* USE_SRP */
+#endif /* PPP_WITH_SRP */
if (status == 1) {
esp->es_server.ea_state = eapMD5Chall;
} else if (status != 0 || esp->es_server.ea_session == NULL) {
break;
case eapSRP2:
-#ifdef USE_SRP
+#ifdef PPP_WITH_SRP
ts = (struct t_server *)esp->es_server.ea_session;
if (ts != NULL && status != 0) {
t_serverclose(ts);
esp->es_server.ea_session = NULL;
esp->es_server.ea_skey = NULL;
}
-#endif /* USE_SRP */
+#endif /* PPP_WITH_SRP */
if (status != 0 || esp->es_server.ea_session == NULL) {
esp->es_server.ea_state = eapBadAuth;
} else {
case eapSRP3:
case eapSRP4:
-#ifdef USE_SRP
+#ifdef PPP_WITH_SRP
ts = (struct t_server *)esp->es_server.ea_session;
if (ts != NULL && status != 0) {
t_serverclose(ts);
esp->es_server.ea_session = NULL;
esp->es_server.ea_skey = NULL;
}
-#endif /* USE_SRP */
+#endif /* PPP_WITH_SRP */
if (status != 0 || esp->es_server.ea_session == NULL) {
esp->es_server.ea_state = eapBadAuth;
} else {
}
break;
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
case eapMSCHAPv2Chall:
#endif
case eapMD5Chall:
if (esp->es_server.ea_state == eapBadAuth)
eap_send_failure(esp);
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
dbglog("EAP id=0x%2x '%s' -> '%s'", esp->es_server.ea_id, eap_state_name(esp->es_server.ea_prev_state), eap_state_name(esp->es_server.ea_state));
-#endif /* USE_EAPTLS */
+#endif /* PPP_WITH_EAPTLS */
}
-#if CHAPMS
+#if PPP_WITH_CHAPMS
/*
* eap_chap_verify_response - check whether the peer's response matches
* what we think it should be. Returns 1 if it does (authentication
auth_peer_fail(esp->es_unit, PPP_EAP);
}
}
-#endif /* CHAPMS */
+#endif /* PPP_WITH_CHAPMS */
/*
* Format an EAP Request message and send it to the peer. Message
int outlen;
int challen;
char *str;
-#ifdef USE_SRP
+#ifdef PPP_WITH_SRP
struct t_server *ts;
- u_char clear[8], cipher[8], dig[SHA_DIGESTSIZE], *optr, *cp;
- int i, j;
+ u_char clear[8], cipher[8], dig[SHA_DIGEST_LENGTH], *optr, *cp, key[SHA_DIGEST_LENGTH];
+ int i, j, diglen, clen, keylen = sizeof(key);
struct b64state b64;
- SHA1_CTX ctxt;
-#endif /* USE_SRP */
+ PPP_MD_CTX *ctxt;
+#endif /* PPP_WITH_SRP */
/* Handle both initial auth and restart */
if (esp->es_server.ea_state < eapIdentify &&
INCPTR(esp->es_server.ea_namelen, outp);
break;
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
case eapMSCHAPv2Chall:
esp->es_server.digest->generate_challenge(esp->es_challenge);
challen = esp->es_challenge[0];
esp->es_server.ea_namelen);
INCPTR(esp->es_server.ea_namelen, outp);
break;
-#endif /* CHAPMS */
+#endif /* PPP_WITH_CHAPMS */
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
case eapTlsStart:
PUTCHAR(EAPT_TLS, outp);
PUTCHAR(EAP_TLS_FLAGS_START, outp);
eaptls_send(esp->es_server.ea_session, &outp);
eap_figure_next_state(esp, 0);
break;
-#endif /* USE_EAPTLS */
+#endif /* PPP_WITH_EAPTLS */
-#ifdef USE_SRP
+#ifdef PPP_WITH_SRP
case eapSRP1:
PUTCHAR(EAPT_SRP, outp);
PUTCHAR(EAPSRP_CHALLENGE, outp);
PUTLONG(SRPVAL_EBIT, outp);
ts = (struct t_server *)esp->es_server.ea_session;
assert(ts != NULL);
- BCOPY(t_serverresponse(ts), outp, SHA_DIGESTSIZE);
- INCPTR(SHA_DIGESTSIZE, outp);
+ BCOPY(t_serverresponse(ts), outp, SHA_DIGEST_LENGTH);
+ INCPTR(SHA_DIGEST_LENGTH, outp);
- if (pncrypt_setkey(0)) {
+ if (pncrypt_getkey(0, key, keylen)) {
/* Generate pseudonym */
optr = outp;
cp = (unsigned char *)esp->es_server.ea_peer;
BCOPY(cp, clear + 1, j);
i -= j;
cp += j;
- if (!DesEncrypt(clear, cipher)) {
+
+ if (!DesEncrypt(clear, key, cipher)) {
dbglog("no DES here; not generating pseudonym");
break;
- }
+ }
+
BZERO(&b64, sizeof (b64));
outp++; /* space for pseudonym length */
outp += b64enc(&b64, cipher, 8, outp);
while (i >= 8) {
- (void) DesEncrypt(cp, cipher);
+ DesEncrypt(cp, key, cipher);
outp += b64enc(&b64, cipher, 8, outp);
cp += 8;
i -= 8;
*cp++ = drand48() * 0x100;
i++;
}
- (void) DesEncrypt(clear, cipher);
+
+ DesEncrypt(clear, key, cipher);
outp += b64enc(&b64, cipher, 8, outp);
}
outp += b64flush(&b64, outp);
/* Set length and pad out to next 20 octet boundary */
i = outp - optr - 1;
*optr = i;
- i %= SHA_DIGESTSIZE;
+ i %= SHA_DIGEST_LENGTH;
if (i != 0) {
- while (i < SHA_DIGESTSIZE) {
+ while (i < SHA_DIGEST_LENGTH) {
*outp++ = drand48() * 0x100;
i++;
}
}
/* Obscure the pseudonym with SHA1 hash */
- SHA1Init(&ctxt);
- SHA1Update(&ctxt, &esp->es_server.ea_id, 1);
- SHA1Update(&ctxt, esp->es_server.ea_skey,
- SESSION_KEY_LEN);
- SHA1Update(&ctxt, esp->es_server.ea_peer,
- esp->es_server.ea_peerlen);
- while (optr < outp) {
- SHA1Final(dig, &ctxt);
- cp = dig;
- while (cp < dig + SHA_DIGESTSIZE)
- *optr++ ^= *cp++;
- SHA1Init(&ctxt);
- SHA1Update(&ctxt, &esp->es_server.ea_id, 1);
- SHA1Update(&ctxt, esp->es_server.ea_skey,
- SESSION_KEY_LEN);
- SHA1Update(&ctxt, optr - SHA_DIGESTSIZE,
- SHA_DIGESTSIZE);
+ ctxt = PPP_MD_CTX_new();
+ if (ctxt) {
+
+ PPP_DigestInit(ctxt, PPP_sha1());
+ PPP_DigestUpdate(ctxt, &esp->es_server.ea_id, 1);
+ PPP_DigestUpdate(ctxt, &esp->es_server.ea_skey,
+ SESSION_KEY_LEN);
+ PPP_DigestUpdate(ctxt, esp->es_server.ea_peer,
+ esp->es_server.ea_peerlen);
+ while (optr < outp) {
+ diglen = SHA_DIGEST_LENGTH;
+ PPP_DigestFinal(ctxt, dig, &diglen);
+ cp = dig;
+ while (cp < dig + SHA_DIGEST_LENGTH)
+ *optr++ ^= *cp++;
+
+ PPP_DigestInit(ctxt, PPP_sha1());
+ PPP_DigestUpdate(ctxt, &esp->es_server.ea_id, 1);
+ PPP_DigestUpdate(ctxt, esp->es_server.ea_skey,
+ SESSION_KEY_LEN);
+ PPP_DigestUpdate(ctxt, optr - SHA_DIGEST_LENGTH,
+ SHA_DIGEST_LENGTH);
+ }
+
+ PPP_MD_CTX_free(ctxt);
}
}
break;
BCOPY(esp->es_challenge, outp, esp->es_challen);
INCPTR(esp->es_challen, outp);
break;
-#endif /* USE_SRP */
+#endif /* PPP_WITH_SRP */
default:
return;
static void
eap_server_timeout(void *arg)
{
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
u_char *outp;
u_char *lenloc;
int outlen;
-#endif /* USE_EAPTLS */
+#endif /* PPP_WITH_EAPTLS */
eap_state *esp = (eap_state *) arg;
if (!eap_server_active(esp))
return;
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
switch(esp->es_server.ea_prev_state) {
/*
default:
break;
}
-#endif /* USE_EAPTLS */
+#endif /* PPP_WITH_EAPTLS */
/* EAP ID number must not change on timeout. */
eap_send_request(esp);
int msglen;
outp = outpacket_buf;
-
+
MAKEHEADER(outp, PPP_EAP);
PUTCHAR(EAP_RESPONSE, outp);
PUTCHAR(id, outp);
esp->es_client.ea_id = id;
- msglen = EAP_HEADERLEN + 2 * sizeof (u_char) + MD5_SIGNATURE_SIZE +
+ msglen = EAP_HEADERLEN + 2 * sizeof (u_char) + MD5_DIGEST_LENGTH +
namelen;
PUTSHORT(msglen, outp);
PUTCHAR(EAPT_MD5CHAP, outp);
- PUTCHAR(MD5_SIGNATURE_SIZE, outp);
- BCOPY(hash, outp, MD5_SIGNATURE_SIZE);
- INCPTR(MD5_SIGNATURE_SIZE, outp);
+ PUTCHAR(MD5_DIGEST_LENGTH, outp);
+ BCOPY(hash, outp, MD5_DIGEST_LENGTH);
+ INCPTR(MD5_DIGEST_LENGTH, outp);
if (namelen > 0) {
BCOPY(name, outp, namelen);
}
output(esp->es_unit, outpacket_buf, PPP_HDRLEN + msglen);
}
-#ifdef USE_SRP
+#ifdef PPP_WITH_SRP
/*
* Format and send a SRP EAP Response message.
*/
PUTCHAR(id, outp);
esp->es_client.ea_id = id;
msglen = EAP_HEADERLEN + 2 * sizeof (u_char) + sizeof (u_int32_t) +
- SHA_DIGESTSIZE;
+ SHA_DIGEST_LENGTH;
PUTSHORT(msglen, outp);
PUTCHAR(EAPT_SRP, outp);
PUTCHAR(EAPSRP_CVALIDATOR, outp);
PUTLONG(flags, outp);
- BCOPY(str, outp, SHA_DIGESTSIZE);
+ BCOPY(str, outp, SHA_DIGEST_LENGTH);
output(esp->es_unit, outpacket_buf, PPP_HDRLEN + msglen);
}
-#endif /* USE_SRP */
+#endif /* PPP_WITH_SRP */
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
/*
* Send an EAP-TLS response message with tls data
*/
output(esp->es_unit, outpacket_buf, PPP_HDRLEN + outlen);
}
-#endif /* USE_EAPTLS */
+#endif /* PPP_WITH_EAPTLS */
static void
eap_send_nak(eap_state *esp, u_char id, u_char type)
output(esp->es_unit, outpacket_buf, PPP_HDRLEN + msglen);
}
-#ifdef USE_SRP
+#ifdef PPP_WITH_SRP
static char *
name_of_pn_file(void)
{
errno = EINVAL;
return (NULL);
}
- file = _PATH_PSEUDONYM;
+ file = PPP_PATH_PSEUDONYM;
pl = strlen(user) + strlen(file) + 2;
path = malloc(pl);
if (path == NULL)
{
u_char val;
u_char *datp, *digp;
- SHA1_CTX ctxt;
- u_char dig[SHA_DIGESTSIZE];
- int dsize, fd, olen = len;
+ PPP_MD_CTX *ctxt;
+ u_char dig[SHA_DIGEST_LENGTH];
+ int dsize, fd, olen = len, diglen = sizeof(dig);
/*
* Do the decoding by working backwards. This eliminates the need
*/
val = id;
while (len > 0) {
- if ((dsize = len % SHA_DIGESTSIZE) == 0)
- dsize = SHA_DIGESTSIZE;
+ if ((dsize = len % SHA_DIGEST_LENGTH) == 0)
+ dsize = SHA_DIGEST_LENGTH;
len -= dsize;
datp = inp + len;
- SHA1Init(&ctxt);
- SHA1Update(&ctxt, &val, 1);
- SHA1Update(&ctxt, esp->es_client.ea_skey, SESSION_KEY_LEN);
- if (len > 0) {
- SHA1Update(&ctxt, datp, SHA_DIGESTSIZE);
- } else {
- SHA1Update(&ctxt, esp->es_client.ea_name,
- esp->es_client.ea_namelen);
+ ctxt = PPP_MD_CTX_new();
+ if (ctxt) {
+
+ PPP_DigestInit(ctxt, PPP_sha1());
+ PPP_DigestUpdate(ctxt, &val, 1);
+ PPP_DigestUpdate(ctxt, esp->es_client.ea_skey,
+ SESSION_KEY_LEN);
+ if (len > 0) {
+ PPP_DigestUpdate(ctxt, datp, SHA_DIGEST_LENGTH);
+ } else {
+ PPP_DigestUpdate(ctxt, esp->es_client.ea_name,
+ esp->es_client.ea_namelen);
+ }
+ PPP_DigestFinal(ctxt, dig, &diglen);
+
+ for (digp = dig; digp < dig + SHA_DIGEST_LENGTH; digp++)
+ *datp++ ^= *digp;
+
+ PPP_MD_CTX_free(ctxt);
}
- SHA1Final(dig, &ctxt);
- for (digp = dig; digp < dig + SHA_DIGESTSIZE; digp++)
- *datp++ ^= *digp;
}
/* Now check that the result is sane */
remove_pn_file();
}
}
-#endif /* USE_SRP */
+#endif /* PPP_WITH_SRP */
-#if CHAPMS
+#if PPP_WITH_CHAPMS
/*
* Format and send an CHAPV2-Challenge EAP Response message.
*/
int secret_len;
char secret[MAXWORDLEN];
char rhostname[256];
- MD5_CTX mdContext;
- u_char hash[MD5_SIGNATURE_SIZE];
-#ifdef USE_EAPTLS
+ PPP_MD_CTX *mdctx;
+ u_char hash[MD5_DIGEST_LENGTH];
+ int hashlen = MD5_DIGEST_LENGTH;
+#ifdef PPP_WITH_EAPTLS
u_char flags;
struct eaptls_session *ets = esp->es_client.ea_session;
-#endif /* USE_EAPTLS */
+#endif /* PPP_WITH_EAPTLS */
-#ifdef USE_SRP
+#ifdef PPP_WITH_SRP
struct t_client *tc;
struct t_num sval, gval, Nval, *Ap, Bval;
u_char vals[2];
- SHA1_CTX ctxt;
- u_char dig[SHA_DIGESTSIZE];
+ PPP_MD_CTX *ctxt;
+ u_char dig[SHA_DIGEST_LENGTH];
+ int diglen = sizeof(dig);
int fd;
-#endif /* USE_SRP */
+#endif /* PPP_WITH_SRP */
/*
* Ignore requests if we're not open
case EAPT_IDENTITY:
if (len > 0)
info("EAP: Identity prompt \"%.*q\"", len, inp);
-#ifdef USE_SRP
+#ifdef PPP_WITH_SRP
if (esp->es_usepseudo &&
(esp->es_usedpseudo == 0 ||
(esp->es_usedpseudo == 1 &&
remove_pn_file();
esp->es_usedpseudo = 2;
}
-#endif /* USE_SRP */
+#endif /* PPP_WITH_SRP */
eap_send_response(esp, id, typenum, (u_char *)esp->es_client.ea_name,
esp->es_client.ea_namelen);
break;
eap_send_nak(esp, id, EAPT_SRP);
break;
}
- MD5_Init(&mdContext);
- typenum = id;
- MD5_Update(&mdContext, &typenum, 1);
- MD5_Update(&mdContext, (u_char *)secret, secret_len);
- BZERO(secret, sizeof (secret));
- MD5_Update(&mdContext, inp, vallen);
- MD5_Final(hash, &mdContext);
- eap_chap_response(esp, id, hash, esp->es_client.ea_name,
- esp->es_client.ea_namelen);
+
+ mdctx = PPP_MD_CTX_new();
+ if (mdctx != NULL) {
+ if (PPP_DigestInit(mdctx, PPP_md5())) {
+ typenum = id;
+ if (PPP_DigestUpdate(mdctx, &typenum, 1)) {
+ if (PPP_DigestUpdate(mdctx, secret, secret_len)) {
+ BZERO(secret, sizeof(secret));
+ if (PPP_DigestUpdate(mdctx, inp, vallen)) {
+ if (PPP_DigestFinal(mdctx, hash, &hashlen)) {
+ eap_chap_response(esp, id, hash, esp->es_client.ea_name,
+ esp->es_client.ea_namelen);
+ PPP_MD_CTX_free(mdctx);
+ break;
+ }
+ }
+ }
+ }
+ }
+ PPP_MD_CTX_free(mdctx);
+ }
+ dbglog("EAP: Invalid MD5 checksum");
+ eap_send_nak(esp, id, EAPT_SRP);
break;
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
case EAPT_TLS:
switch(esp->es_client.ea_state) {
/* Check if TLS handshake is finished */
if(eaptls_is_init_finished(ets)) {
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
eaptls_gen_mppe_keys(ets, 1);
#endif
eaptls_free_session(ets);
}
break;
-#endif /* USE_EAPTLS */
+#endif /* PPP_WITH_EAPTLS */
-#ifdef USE_SRP
+#ifdef PPP_WITH_SRP
case EAPT_SRP:
if (len < 1) {
error("EAP: received empty SRP Request");
esp->es_client.ea_id, id);
}
} else {
- len -= sizeof (u_int32_t) + SHA_DIGESTSIZE;
+ len -= sizeof (u_int32_t) + SHA_DIGEST_LENGTH;
if (len < 0 || t_clientverify(tc, inp +
sizeof (u_int32_t)) != 0) {
error("EAP: SRP server verification "
GETLONG(esp->es_client.ea_keyflags, inp);
/* Save pseudonym if user wants it. */
if (len > 0 && esp->es_usepseudo) {
- INCPTR(SHA_DIGESTSIZE, inp);
+ INCPTR(SHA_DIGEST_LENGTH, inp);
write_pseudonym(esp, inp, len, id);
}
}
warn("EAP: malformed Lightweight rechallenge");
return;
}
- SHA1Init(&ctxt);
- vals[0] = id;
- SHA1Update(&ctxt, vals, 1);
- SHA1Update(&ctxt, esp->es_client.ea_skey,
- SESSION_KEY_LEN);
- SHA1Update(&ctxt, inp, len);
- SHA1Update(&ctxt, esp->es_client.ea_name,
- esp->es_client.ea_namelen);
- SHA1Final(dig, &ctxt);
- eap_srp_response(esp, id, EAPSRP_LWRECHALLENGE, dig,
- SHA_DIGESTSIZE);
+ ctxt = PPP_MD_CTX_new();
+ if (ctxt) {
+
+ vals[0] = id;
+ PPP_DigestInit(ctxt, PPP_sha1());
+ PPP_DigestUpdate(ctxt, vals, 1);
+ PPP_DigestUpdate(ctxt, esp->es_client.ea_skey,
+ SESSION_KEY_LEN);
+ PPP_DigestUpdate(ctxt, inp, len);
+ PPP_DigestUpdate(ctxt, esp->es_client.ea_name,
+ esp->es_client.ea_namelen);
+ PPP_DigestFinal(ctxt, dig, &diglen);
+
+ PPP_MD_CTX_free(ctxt);
+
+ eap_srp_response(esp, id, EAPSRP_LWRECHALLENGE, dig,
+ SHA_DIGEST_LENGTH);
+ }
break;
default:
break;
}
break;
-#endif /* USE_SRP */
-
-#ifdef CHAPMS
+#endif /* PPP_WITH_SRP */
+
+#ifdef PPP_WITH_CHAPMS
case EAPT_MSCHAPV2:
if (len < 4) {
error("EAP: received invalid MSCHAPv2 packet, too short");
eap_send_nak(esp, id, EAPT_SRP);
break;
}
+ esp->es_client.ea_namelen = strlen(esp->es_client.ea_name);
/* Create the MSCHAPv2 response (and add to cache) */
unsigned char response[MS_CHAP2_RESPONSE_LEN+1]; // VLEN + VALUE
}
break;
-#endif /* CHAPMS */
-#ifdef USE_PEAP
+#endif /* PPP_WITH_CHAPMS */
+#ifdef PPP_WITH_PEAP
case EAPT_PEAP:
/* Initialize the PEAP context (if not already initialized) */
}
break;
-#endif /* USE_PEAP */
+#endif // PPP_WITH_PEAP
default:
info("EAP: unknown authentication type %d; Naking", typenum);
UNTIMEOUT(eap_client_timeout, (void *)esp);
}
esp->es_client.ea_session = NULL;
-#ifdef USE_SRP
+#ifdef PPP_WITH_SRP
t_clientclose(tc);
auth_withpeer_fail(esp->es_unit, PPP_EAP);
-#endif /* USE_SRP */
+#endif /* PPP_WITH_SRP */
}
/*
int secret_len;
char secret[MAXSECRETLEN];
char rhostname[256];
- MD5_CTX mdContext;
- u_char hash[MD5_SIGNATURE_SIZE];
-#ifdef USE_SRP
+ PPP_MD_CTX *mdctx;
+ u_char hash[MD5_DIGEST_LENGTH];
+ int hashlen = MD5_DIGEST_LENGTH;
+#ifdef PPP_WITH_SRP
struct t_server *ts;
struct t_num A;
- SHA1_CTX ctxt;
- u_char dig[SHA_DIGESTSIZE];
-#endif /* USE_SRP */
+ PPP_MD_CTX *ctxt;
+ u_char dig[SHA_DIGEST_LENGTH];
+ int diglen = sizeof(dig);
+#endif /* PPP_WITH_SRP */
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
struct eaptls_session *ets;
u_char flags;
-#endif /* USE_EAPTLS */
-#ifdef CHAPMS
+#endif /* PPP_WITH_EAPTLS */
+#ifdef PPP_WITH_CHAPMS
u_char opcode;
- int (*chap_verifier)(char *, char *, int, struct chap_digest_type *,
- unsigned char *, unsigned char *, char *, int);
+ chap_verify_hook_fn *chap_verifier;
char response_message[256];
-#endif /* CHAPMS */
+#endif /* PPP_WITH_CHAPMS */
/*
* Ignore responses if we're not open
eap_figure_next_state(esp, 0);
break;
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
case EAPT_TLS:
switch(esp->es_server.ea_state) {
GETCHAR(flags, inp);
if(len == 1 && !flags) { /* Ack = ok */
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
eaptls_gen_mppe_keys( esp->es_server.ea_session, 0 );
#endif
eap_send_success(esp);
break;
}
break;
-#endif /* USE_EAPTLS */
+#endif /* PPP_WITH_EAPTLS */
case EAPT_NOTIFICATION:
dbglog("EAP unexpected Notification; response discarded");
esp->es_server.ea_state = eapMD5Chall;
break;
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
/* Send EAP-TLS start packet */
case EAPT_TLS:
esp->es_server.ea_state = eapTlsStart;
break;
-#endif /* USE_EAPTLS */
+#endif /* PPP_WITH_EAPTLS */
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
case EAPT_MSCHAPV2:
info("EAP: peer proposes MSCHAPv2");
/* If MSCHAPv2 digest was not found, NAK the packet */
}
esp->es_server.ea_state = eapMSCHAPv2Chall;
break;
-#endif /* CHAPMS */
+#endif /* PPP_WITH_CHAPMS */
default:
dbglog("EAP: peer requesting unknown Type %d", vallen);
eap_send_failure(esp);
break;
}
- MD5_Init(&mdContext);
- MD5_Update(&mdContext, &esp->es_server.ea_id, 1);
- MD5_Update(&mdContext, (u_char *)secret, secret_len);
- BZERO(secret, sizeof (secret));
- MD5_Update(&mdContext, esp->es_challenge, esp->es_challen);
- MD5_Final(hash, &mdContext);
- if (BCMP(hash, inp, MD5_SIGNATURE_SIZE) != 0) {
- eap_send_failure(esp);
- break;
+
+ mdctx = PPP_MD_CTX_new();
+ if (mdctx != NULL) {
+
+ if (PPP_DigestInit(mdctx, PPP_md5())) {
+
+ if (PPP_DigestUpdate(mdctx, &esp->es_server.ea_id, 1)) {
+
+ if (PPP_DigestUpdate(mdctx, &secret, secret_len)) {
+
+ BZERO(secret, sizeof(secret));
+ if (PPP_DigestUpdate(mdctx, esp->es_challenge, esp->es_challen)) {
+
+ if (PPP_DigestFinal(mdctx, hash, &hashlen)) {
+
+ if (BCMP(hash, inp, MD5_DIGEST_LENGTH) == 0) {
+ esp->es_server.ea_type = EAPT_MD5CHAP;
+ eap_send_success(esp);
+ eap_figure_next_state(esp, 0);
+
+ if (esp->es_rechallenge != 0) {
+ TIMEOUT(eap_rechallenge, esp, esp->es_rechallenge);
+ }
+ PPP_MD_CTX_free(mdctx);
+ break;
+ }
+ }
+ }
+ }
+ }
+ }
+
+ PPP_MD_CTX_free(mdctx);
}
- esp->es_server.ea_type = EAPT_MD5CHAP;
- eap_send_success(esp);
- eap_figure_next_state(esp, 0);
- if (esp->es_rechallenge != 0)
- TIMEOUT(eap_rechallenge, esp, esp->es_rechallenge);
+
+ eap_send_failure(esp);
break;
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
case EAPT_MSCHAPV2:
if (len < 1) {
error("EAP: received MSCHAPv2 with no data");
char tmp[MAXNAMELEN+1];
strcpy(tmp, strrchr(rhostname, '\\') + 1);
- strcpy(rhostname, tmp);
+ strlcpy(rhostname, tmp, sizeof(rhostname));
}
if (chap_verify_hook)
}
break;
-#endif /* CHAPMS */
+#endif /* PPP_WITH_CHAPMS */
-#ifdef USE_SRP
+#ifdef PPP_WITH_SRP
case EAPT_SRP:
if (len < 1) {
error("EAP: empty SRP Response");
eap_figure_next_state(esp, 1);
break;
}
- if (len < sizeof (u_int32_t) + SHA_DIGESTSIZE) {
+ if (len < sizeof (u_int32_t) + SHA_DIGEST_LENGTH) {
error("EAP: M1 length %d < %d", len,
- sizeof (u_int32_t) + SHA_DIGESTSIZE);
+ sizeof (u_int32_t) + SHA_DIGEST_LENGTH);
eap_figure_next_state(esp, 1);
break;
}
info("EAP: unexpected SRP Subtype 4 Response");
return;
}
- if (len != SHA_DIGESTSIZE) {
+ if (len != SHA_DIGEST_LENGTH) {
error("EAP: bad Lightweight rechallenge "
"response");
return;
}
- SHA1Init(&ctxt);
- vallen = id;
- SHA1Update(&ctxt, &vallen, 1);
- SHA1Update(&ctxt, esp->es_server.ea_skey,
- SESSION_KEY_LEN);
- SHA1Update(&ctxt, esp->es_challenge, esp->es_challen);
- SHA1Update(&ctxt, esp->es_server.ea_peer,
- esp->es_server.ea_peerlen);
- SHA1Final(dig, &ctxt);
- if (BCMP(dig, inp, SHA_DIGESTSIZE) != 0) {
- error("EAP: failed Lightweight rechallenge");
- eap_send_failure(esp);
- break;
+ ctxt = PPP_MD_CTX_new();
+ if (ctxt) {
+ vallen = id;
+
+ PPP_DigestInit(ctxt, PPP_sha1());
+ PPP_DigestUpdate(ctxt, &vallen, 1);
+ PPP_DigestUpdate(ctxt, esp->es_server.ea_skey,
+ SESSION_KEY_LEN);
+ PPP_DigestUpdate(ctxt, esp->es_challenge, esp->es_challen);
+ PPP_DigestUpdate(ctxt, esp->es_server.ea_peer,
+ esp->es_server.ea_peerlen);
+ PPP_DigestFinal(ctxt, dig, &diglen);
+
+ PPP_MD_CTX_free(ctxt);
+
+ if (BCMP(dig, inp, SHA_DIGEST_LENGTH) != 0) {
+ error("EAP: failed Lightweight rechallenge");
+ eap_send_failure(esp);
+ break;
+ }
+
+ esp->es_server.ea_state = eapOpen;
+ if (esp->es_lwrechallenge != 0)
+ TIMEOUT(srp_lwrechallenge, esp,
+ esp->es_lwrechallenge);
}
- esp->es_server.ea_state = eapOpen;
- if (esp->es_lwrechallenge != 0)
- TIMEOUT(srp_lwrechallenge, esp,
- esp->es_lwrechallenge);
break;
}
break;
-#endif /* USE_SRP */
+#endif /* PPP_WITH_SRP */
default:
/* This can't happen. */
eap_success(eap_state *esp, u_char *inp, int id, int len)
{
if (esp->es_client.ea_state != eapOpen && !eap_client_active(esp)
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
&& esp->es_client.ea_state != eapTlsRecvSuccess
-#endif /* USE_EAPTLS */
+#endif /* PPP_WITH_EAPTLS */
) {
dbglog("EAP unexpected success message in state %s (%d)",
eap_state_name(esp->es_client.ea_state),
return;
}
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
if(esp->es_client.ea_using_eaptls && esp->es_client.ea_state !=
eapTlsRecvSuccess) {
dbglog("EAP-TLS unexpected success message in state %s (%d)",
esp->es_client.ea_state);
return;
}
-#endif /* USE_EAPTLS */
+#endif /* PPP_WITH_EAPTLS */
if (esp->es_client.ea_timeout > 0) {
UNTIMEOUT(eap_client_timeout, (void *)esp);
PRINTMSG(inp, len);
}
-#ifdef USE_PEAP
+#ifdef PPP_WITH_PEAP
peap_finish(&esp->ea_peap);
#endif
error("EAP: peer reports authentication failure");
-#ifdef USE_PEAP
+#ifdef PPP_WITH_PEAP
peap_finish(&esp->ea_peap);
#endif
int code, id, len, rtype, vallen;
u_char *pstart;
u_int32_t uval;
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
u_char flags;
-#endif /* USE_EAPTLS */
-#ifdef CHAPMS
+#endif /* PPP_WITH_EAPTLS */
+#ifdef PPP_WITH_CHAPMS
u_char opcode;
-#endif /* CHAPMS */
+#endif /* PPP_WITH_CHAPMS */
if (inlen < EAP_HEADERLEN)
return (0);
}
break;
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
case EAPT_MSCHAPV2:
if (len <= 0)
break;
break;
}
break;
-#endif /* CHAPMS */
+#endif /* PPP_WITH_CHAPMS */
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
case EAPT_TLS:
if (len < 1)
break;
printer(arg, flags & EAP_TLS_FLAGS_MF ? "M":"-");
printer(arg, flags & EAP_TLS_FLAGS_START ? "S":"- ");
break;
-#endif /* USE_EAPTLS */
+#endif /* PPP_WITH_EAPTLS */
-#ifdef USE_SRP
+#ifdef PPP_WITH_SRP
case EAPT_SRP:
if (len < 3)
goto truncated;
if (uval != 0) {
printer(arg, " f<%X>", uval);
}
- if ((vallen = len) > SHA_DIGESTSIZE)
- vallen = SHA_DIGESTSIZE;
+ if ((vallen = len) > SHA_DIGEST_LENGTH)
+ vallen = SHA_DIGEST_LENGTH;
printer(arg, " <M2%.*B%s>", len, inp,
- len < SHA_DIGESTSIZE ? "?" : "");
+ len < SHA_DIGEST_LENGTH ? "?" : "");
INCPTR(vallen, inp);
len -= vallen;
if (len > 0) {
break;
}
break;
-#endif /* USE_SRP */
+#endif /* PPP_WITH_SRP */
}
break;
}
break;
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
case EAPT_TLS:
if (len < 1)
break;
printer(arg, flags & EAP_TLS_FLAGS_START ? "S":"- ");
break;
-#endif /* USE_EAPTLS */
+#endif /* PPP_WITH_EAPTLS */
case EAPT_NAK:
if (len <= 0) {
}
break;
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
case EAPT_MSCHAPV2:
if (len <= 0)
break;
break;
}
break;
-#endif /* CHAPMS */
+#endif /* PPP_WITH_CHAPMS */
-#ifdef USE_SRP
+#ifdef PPP_WITH_SRP
case EAPT_SRP:
if (len < 1)
goto truncated;
printer(arg, " f<%X>", uval);
}
printer(arg, " <M1%.*B%s>", len, inp,
- len == SHA_DIGESTSIZE ? "" : "?");
+ len == SHA_DIGEST_LENGTH ? "" : "?");
INCPTR(len, inp);
len = 0;
break;
case EAPSRP_LWRECHALLENGE:
printer(arg, " <Response%.*B%s>", len, inp,
- len == SHA_DIGESTSIZE ? "" : "?");
- if ((vallen = len) > SHA_DIGESTSIZE)
- vallen = SHA_DIGESTSIZE;
+ len == SHA_DIGEST_LENGTH ? "" : "?");
+ if ((vallen = len) > SHA_DIGEST_LENGTH)
+ vallen = SHA_DIGEST_LENGTH;
INCPTR(vallen, inp);
len -= vallen;
break;
}
break;
-#endif /* USE_SRP */
+#endif /* PPP_WITH_SRP */
}
break;
* $Id: eap.h,v 1.2 2003/06/11 23:56:26 paulus Exp $
*/
-#include "pppdconf.h"
-
#ifndef PPP_EAP_H
#define PPP_EAP_H
+#include "pppdconf.h"
+
#ifdef __cplusplus
extern "C" {
#endif
+
+#ifndef PPP_EAP
+#define PPP_EAP 0xc227
+#endif
+
+
/*
* Packet header = Code, id, length.
*/
#define SRP_PSEUDO_ID "pseudo_"
#define SRP_PSEUDO_LEN 7
-#define MD5_SIGNATURE_SIZE 16
#define MIN_CHALLENGE_LENGTH 16
#define MAX_CHALLENGE_LENGTH 24
"TlsSendAlert", "TlsRecvAlertAck" , "TlsRecvSuccess", "TlsRecvFailure", \
"SRP1", "SRP2", "SRP3", "MD5Chall", "MSCHAPv2Chall", "Open", "SRP4", "BadAuth"
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
#define eap_client_active(esp) ((esp)->es_client.ea_state != eapInitial &&\
(esp)->es_client.ea_state != eapPending &&\
(esp)->es_client.ea_state != eapClosed)
#else
#define eap_client_active(esp) ((esp)->es_client.ea_state == eapListen)
-#endif /* USE_EAPTLS */
+#endif /* PPP_WITH_EAPTLS */
#define eap_server_active(esp) \
((esp)->es_server.ea_state >= eapIdentify && \
char *ea_name; /* Our name */
char *ea_peer; /* Peer's name */
void *ea_session; /* Authentication library linkage */
- u_char *ea_skey; /* Shared encryption key */
+ unsigned char *ea_skey; /* Shared encryption key */
int ea_timeout; /* Time to wait (for retransmit/fail) */
int ea_maxrequests; /* Max Requests allowed */
- u_short ea_namelen; /* Length of our name */
- u_short ea_peerlen; /* Length of peer's name */
+ unsigned short ea_namelen; /* Length of our name */
+ unsigned short ea_peerlen; /* Length of peer's name */
enum eap_state_code ea_state;
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
enum eap_state_code ea_prev_state;
#endif
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
struct chap_digest_type *digest;
#endif
- u_char ea_id; /* Current id */
- u_char ea_requests; /* Number of Requests sent/received */
- u_char ea_responses; /* Number of Responses */
- u_char ea_type; /* One of EAPT_* */
- u_int32_t ea_keyflags; /* SRP shared key usage flags */
-#ifdef USE_EAPTLS
+ unsigned char ea_id; /* Current id */
+ unsigned char ea_requests; /* Number of Requests sent/received */
+ unsigned char ea_responses; /* Number of Responses */
+ unsigned char ea_type; /* One of EAPT_* */
+ uint32_t ea_keyflags; /* SRP shared key usage flags */
+#ifdef PPP_WITH_EAPTLS
bool ea_using_eaptls;
#endif
};
int es_unit; /* Interface unit number */
struct eap_auth es_client; /* Client (authenticatee) data */
struct eap_auth es_server; /* Server (authenticator) data */
-#ifdef USE_PEAP
+#ifdef PPP_WITH_PEAP
struct peap_state *ea_peap; /* Client PEAP (authenticator) data */
#endif
int es_savedtime; /* Saved timeout */
bool es_usepseudo; /* Use SRP Pseudonym if offered one */
int es_usedpseudo; /* Set if we already sent PN */
int es_challen; /* Length of challenge string */
- u_char es_challenge[MAX_CHALLENGE_LENGTH];
+ unsigned char es_challenge[MAX_CHALLENGE_LENGTH];
} eap_state;
/*
* Timeouts.
*/
#define EAP_DEFTIMEOUT 3 /* Timeout (seconds) for rexmit */
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
#define EAP_DEFTRANSMITS 30 /* max # times to transmit */
/* certificates can be long ... */
#else
#define EAP_DEFTRANSMITS 10 /* max # times to transmit */
-#endif /* USE_EAPTLS */
+#endif /* PPP_WITH_EAPTLS */
#define EAP_DEFREQTIME 20 /* Time to wait for peer request */
#define EAP_DEFALLOWREQ 20 /* max # times to accept requests */
extern struct protent eap_protent;
+#ifdef PPP_WITH_EAPTLS
+typedef int (eaptls_passwd_hook_fn)(char *user, char *passwd);
+extern eaptls_passwd_hook_fn *eaptls_passwd_hook;
+#endif
+
#ifdef __cplusplus
}
#endif
* 3. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
#include <string.h>
-#include "pppd.h"
+#include "pppd-private.h"
+#include "options.h"
#include "fsm.h"
#include "ecp.h"
-static option_t ecp_option_list[] = {
+static struct option ecp_option_list[] = {
{ "noecp", o_bool, &ecp_protent.enabled_flag,
"Disable ECP negotiation" },
{ "-ecp", o_bool, &ecp_protent.enabled_flag,
*
* $Id: ecp.h,v 1.2 2003/01/10 07:12:36 fcusack Exp $
*/
+#ifndef PPP_ECP_H
+#define PPP_ECP_H
+
#include "pppdconf.h"
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifndef PPP_ECP
+#define PPP_ECP 0x8053
+#endif
+
+
typedef struct ecp_options {
bool required; /* Is ECP required? */
unsigned enctype; /* Encryption type */
extern ecp_options ecp_hisoptions[];
extern struct protent ecp_protent;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // PPP_ECP_H
#include "config.h"
#endif
-#include "pppd.h"
+#include "pppd-private.h"
/*
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
*/
+#ifndef PPP_EUI64_H
+#define PPP_EUI64_H
#include "pppdconf.h"
-#ifndef __EUI64_H__
-#define __EUI64_H__
-
-#if !defined(INET6)
-#error "this file should only be included when INET6 is defined"
-#endif /* not defined(INET6) */
+#ifdef __cplusplus
+extern "C" {
+#endif
#if defined(SOL2)
#include <netinet/in.h>
char *eui64_ntoa(eui64_t); /* Returns ascii representation of id */
-#endif /* __EUI64_H__ */
+#ifdef __cplusplus
+}
+#endif
+#endif /* PPP_EUI64_H */
#include <string.h>
#include <sys/types.h>
-#include "pppd.h"
+#include "pppd-private.h"
#include "fsm.h"
*
* $Id: fsm.h,v 1.10 2004/11/13 02:28:15 paulus Exp $
*/
+#ifndef PPP_FSM_H
+#define PPP_FSM_H
#include "pppdconf.h"
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/*
* Packet header = Code, id, length.
*/
#define HEADERLEN 4
-
/*
* CP (LCP, IPCP, etc.) codes.
*/
int protocol; /* Data Link Layer Protocol field value */
int state; /* State */
int flags; /* Contains option bits */
- u_char id; /* Current id */
- u_char reqid; /* Current request id */
- u_char seen_ack; /* Have received valid Ack/Nak/Rej to Req */
+ unsigned char id; /* Current id */
+ unsigned char reqid; /* Current request id */
+ unsigned char seen_ack; /* Have received valid Ack/Nak/Rej to Req */
int timeouttime; /* Timeout time in milliseconds */
int maxconfreqtransmits; /* Maximum Configure-Request transmissions */
int retransmits; /* Number of retransmissions left */
void (*resetci)(fsm *); /* Reset our Configuration Information */
int (*cilen)(fsm *); /* Length of our Configuration Information */
void (*addci) /* Add our Configuration Information */
- (fsm *, u_char *, int *);
+ (fsm *, unsigned char *, int *);
int (*ackci) /* ACK our Configuration Information */
- (fsm *, u_char *, int);
+ (fsm *, unsigned char *, int);
int (*nakci) /* NAK our Configuration Information */
- (fsm *, u_char *, int, int);
+ (fsm *, unsigned char *, int, int);
int (*rejci) /* Reject our Configuration Information */
- (fsm *, u_char *, int);
+ (fsm *, unsigned char *, int);
int (*reqci) /* Request peer's Configuration Information */
- (fsm *, u_char *, int *, int);
+ (fsm *, unsigned char *, int *, int);
void (*up)(fsm *); /* Called when fsm reaches OPENED state */
void (*down)(fsm *); /* Called when fsm leaves OPENED state */
void (*starting)(fsm *); /* Called when we want the lower layer */
void (*protreject)(int); /* Called when Protocol-Reject received */
void (*retransmit)(fsm *); /* Retransmission is necessary */
int (*extcode) /* Called when unknown code received */
- (fsm *, int, int, u_char *, int);
+ (fsm *, int, int, unsigned char *, int);
char *proto_name; /* String name for protocol (for messages) */
} fsm_callbacks;
void fsm_lowerdown (fsm *);
void fsm_open (fsm *);
void fsm_close (fsm *, char *);
-void fsm_input (fsm *, u_char *, int);
+void fsm_input (fsm *, unsigned char *, int);
void fsm_protreject (fsm *);
-void fsm_sdata (fsm *, int, int, u_char *, int);
+void fsm_sdata (fsm *, int, int, unsigned char *, int);
/*
* Variables
*/
extern int peer_mru[]; /* currently negotiated peer MRU (per unit) */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // PPP_FSM_H
#include "config.h"
#endif
-/*
- * TODO:
- */
-
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <arpa/inet.h>
#include <net/if.h>
-#include "pppd.h"
+#include "pppd-private.h"
+#include "options.h"
#include "fsm.h"
#include "ipcp.h"
#include "pathnames.h"
ipcp_options ipcp_allowoptions[NUM_PPP]; /* Options we allow peer to request */
ipcp_options ipcp_hisoptions[NUM_PPP]; /* Options that we ack'd */
+char *ipparam = NULL; /* Extra parameter for ip up/down scripts */
u_int32_t netmask = 0; /* IP netmask to set on interface */
bool disable_defaultip = 0; /* Don't use hostname for default IP adrs */
bool noremoteip = 0; /* Let him have no IP address */
-/* Hook for a plugin to know when IP protocol has come up */
-void (*ip_up_hook)(void) = NULL;
-
-/* Hook for a plugin to know when IP protocol has come down */
-void (*ip_down_hook)(void) = NULL;
+ip_up_hook_fn *ip_up_hook = NULL;
+ip_down_hook_fn *ip_down_hook = NULL;
+ip_choose_hook_fn *ip_choose_hook = NULL;
-/* Hook for a plugin to choose the remote IP address */
-void (*ip_choose_hook)(u_int32_t *) = NULL;
/* Notifiers for when IPCP goes up and down */
struct notifier *ip_up_notifier = NULL;
static int setwinsaddr (char **);
static int setnetmask (char **);
int setipaddr (char *, char **, int);
-static void printipaddr (option_t *, void (*)(void *, char *,...),void *);
+static void printipaddr (struct option *, void (*)(void *, char *,...),void *);
-static option_t ipcp_option_list[] = {
+static struct option ipcp_option_list[] = {
{ "noip", o_bool, &ipcp_protent.enabled_flag,
"Disable IP and IPCP" },
{ "-ip", o_bool, &ipcp_protent.enabled_flag,
{
int value;
- if (!int_option(*argv, &value))
+ if (!ppp_int_option(*argv, &value))
return 0;
if (value < 2 || value > 16) {
- option_error("vj-max-slots value must be between 2 and 16");
+ ppp_option_error("vj-max-slots value must be between 2 and 16");
return 0;
}
ipcp_wantoptions [0].maxslotindex =
dns = inet_addr(*argv);
if (dns == (u_int32_t) -1) {
if ((hp = gethostbyname(*argv)) == NULL) {
- option_error("invalid address parameter '%s' for ms-dns option",
+ ppp_option_error("invalid address parameter '%s' for ms-dns option",
*argv);
return 0;
}
wins = inet_addr(*argv);
if (wins == (u_int32_t) -1) {
if ((hp = gethostbyname(*argv)) == NULL) {
- option_error("invalid address parameter '%s' for ms-wins option",
+ ppp_option_error("invalid address parameter '%s' for ms-wins option",
*argv);
return 0;
}
*colon = '\0';
if ((local = inet_addr(arg)) == (u_int32_t) -1) {
if ((hp = gethostbyname(arg)) == NULL) {
- option_error("unknown host: %s", arg);
+ ppp_option_error("unknown host: %s", arg);
return 0;
}
local = *(u_int32_t *)hp->h_addr;
}
- if (bad_ip_adrs(local)) {
- option_error("bad local IP address %s", ip_ntoa(local));
+ if (ppp_bad_ip_addr(local)) {
+ ppp_option_error("bad local IP address %s", ip_ntoa(local));
return 0;
}
if (local != 0)
if (*++colon != '\0' && option_priority >= prio_remote) {
if ((remote = inet_addr(colon)) == (u_int32_t) -1) {
if ((hp = gethostbyname(colon)) == NULL) {
- option_error("unknown host: %s", colon);
+ ppp_option_error("unknown host: %s", colon);
return 0;
}
remote = *(u_int32_t *)hp->h_addr;
if (remote_name[0] == 0)
strlcpy(remote_name, colon, sizeof(remote_name));
}
- if (bad_ip_adrs(remote)) {
- option_error("bad remote IP address %s", ip_ntoa(remote));
+ if (ppp_bad_ip_addr(remote)) {
+ ppp_option_error("bad remote IP address %s", ip_ntoa(remote));
return 0;
}
if (remote != 0)
}
static void
-printipaddr(option_t *opt, void (*printer) (void *, char *, ...), void *arg)
+printipaddr(struct option *opt, void (*printer) (void *, char *, ...), void *arg)
{
ipcp_options *wo = &ipcp_wantoptions[0];
mask = htonl(mask);
if (n == 0 || p[n] != 0 || (netmask & ~mask) != 0) {
- option_error("invalid netmask value '%s'", *argv);
+ ppp_option_error("invalid netmask value '%s'", *argv);
return 0;
}
return p - p0;
}
+const char *ppp_ipparam()
+{
+ return ipparam;
+}
+
/*
* ipcp_init - Initialize IPCP.
wo->accept_local = 1; /* don't insist on this default value */
if ((hp = gethostbyname(hostname)) != NULL) {
local = *(u_int32_t *)hp->h_addr;
- if (local != 0 && !bad_ip_adrs(local))
+ if (local != 0 && !ppp_bad_ip_addr(local))
wo->ouraddr = local;
}
}
}
if (!sifaddr(u, wo->ouraddr, wo->hisaddr, GetMask(wo->ouraddr)))
return 0;
- ipcp_script(_PATH_IPPREUP, 1);
+ ipcp_script(PPP_PATH_IPPREUP, 1);
if (!sifup(u))
return 0;
if (!sifnpmode(u, PPP_IP, NPMODE_QUEUE))
warn("Could not determine remote IP address: defaulting to %I",
ho->hisaddr);
}
- script_setenv("IPLOCAL", ip_ntoa(go->ouraddr), 0);
+ ppp_script_setenv("IPLOCAL", ip_ntoa(go->ouraddr), 0);
if (ho->hisaddr != 0)
- script_setenv("IPREMOTE", ip_ntoa(ho->hisaddr), 1);
+ ppp_script_setenv("IPREMOTE", ip_ntoa(ho->hisaddr), 1);
if (!go->req_dns1)
go->dnsaddr[0] = 0;
if (!go->req_dns2)
go->dnsaddr[1] = 0;
if (go->dnsaddr[0])
- script_setenv("DNS1", ip_ntoa(go->dnsaddr[0]), 0);
+ ppp_script_setenv("DNS1", ip_ntoa(go->dnsaddr[0]), 0);
if (go->dnsaddr[1])
- script_setenv("DNS2", ip_ntoa(go->dnsaddr[1]), 0);
+ ppp_script_setenv("DNS2", ip_ntoa(go->dnsaddr[1]), 0);
if (usepeerdns && (go->dnsaddr[0] || go->dnsaddr[1])) {
- script_setenv("USEPEERDNS", "1", 0);
+ ppp_script_setenv("USEPEERDNS", "1", 0);
create_resolv(go->dnsaddr[0], go->dnsaddr[1]);
}
if (go->winsaddr[0])
- script_setenv("WINS1", ip_ntoa(go->winsaddr[0]), 0);
+ ppp_script_setenv("WINS1", ip_ntoa(go->winsaddr[0]), 0);
if (go->winsaddr[1])
- script_setenv("WINS2", ip_ntoa(go->winsaddr[1]), 0);
+ ppp_script_setenv("WINS2", ip_ntoa(go->winsaddr[1]), 0);
if (usepeerwins && (go->winsaddr[0] || go->winsaddr[1]))
- script_setenv("USEPEERWINS", "1", 0);
+ ppp_script_setenv("USEPEERWINS", "1", 0);
/*
* Check that the peer is allowed to use the IP address it wants.
wo->replace_default_route);
if (go->ouraddr != wo->ouraddr) {
warn("Local IP address changed to %I", go->ouraddr);
- script_setenv("OLDIPLOCAL", ip_ntoa(wo->ouraddr), 0);
+ ppp_script_setenv("OLDIPLOCAL", ip_ntoa(wo->ouraddr), 0);
wo->ouraddr = go->ouraddr;
} else
- script_unsetenv("OLDIPLOCAL");
+ ppp_script_unsetenv("OLDIPLOCAL");
if (ho->hisaddr != wo->hisaddr) {
warn("Remote IP address changed to %I", ho->hisaddr);
if (wo->hisaddr != 0)
- script_setenv("OLDIPREMOTE", ip_ntoa(wo->hisaddr), 0);
+ ppp_script_setenv("OLDIPREMOTE", ip_ntoa(wo->hisaddr), 0);
wo->hisaddr = ho->hisaddr;
} else
- script_unsetenv("OLDIPREMOTE");
+ ppp_script_unsetenv("OLDIPREMOTE");
/* Set the interface to the new addresses */
mask = GetMask(go->ouraddr);
ifindex = if_nametoindex(ifname);
/* run the pre-up script, if any, and wait for it to finish */
- ipcp_script(_PATH_IPPREUP, 1);
+ ipcp_script(PPP_PATH_IPPREUP, 1);
/* check if preup script renamed the interface */
if (!if_indextoname(ifindex, ifname)) {
* before the interface is marked down. */
/* XXX more correct: we must get the stats before running the notifiers,
* at least for the radius plugin */
- update_link_stats(f->unit);
+ ppp_get_link_stats(NULL);
notify(ip_down_notifier, 0);
if (ip_down_hook)
ip_down_hook();
{
FILE *f;
- f = fopen(_PATH_RESOLV, "w");
+ f = fopen(PPP_PATH_RESOLV, "w");
if (f == NULL) {
- error("Failed to create %s: %m", _PATH_RESOLV);
+ error("Failed to create %s: %m", PPP_PATH_RESOLV);
return;
}
if (peerdns1)
fprintf(f, "nameserver %s\n", ip_ntoa(peerdns1));
- if (peerdns2)
+ if (peerdns2 && peerdns2 != peerdns1)
fprintf(f, "nameserver %s\n", ip_ntoa(peerdns2));
if (ferror(f))
- error("Write failed to %s: %m", _PATH_RESOLV);
+ error("Write failed to %s: %m", PPP_PATH_RESOLV);
fclose(f);
}
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#ifndef PPP_IPCP_H
+#define PPP_IPCP_H
+
#include "pppdconf.h"
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/*
* Options.
*/
int vj_protocol; /* protocol value to use in VJ option */
int maxslotindex; /* values for RFC1332 VJ compression neg. */
bool cflag;
- u_int32_t ouraddr, hisaddr; /* Addresses in NETWORK BYTE ORDER */
- u_int32_t dnsaddr[2]; /* Primary and secondary MS DNS entries */
- u_int32_t winsaddr[2]; /* Primary and secondary MS WINS entries */
+ uint32_t ouraddr, hisaddr; /* Addresses in NETWORK BYTE ORDER */
+ uint32_t dnsaddr[2]; /* Primary and secondary MS DNS entries */
+ uint32_t winsaddr[2]; /* Primary and secondary MS WINS entries */
} ipcp_options;
extern fsm ipcp_fsm[];
extern ipcp_options ipcp_allowoptions[];
extern ipcp_options ipcp_hisoptions[];
-char *ip_ntoa(u_int32_t);
+char *ip_ntoa(uint32_t);
extern struct protent ipcp_protent;
+
+/*
+ * Hook for a plugin to know when IP protocol has come up
+ */
+typedef void (ip_up_hook_fn)(void);
+extern ip_up_hook_fn *ip_up_hook;
+
+/*
+ * Hook for a plugin to know when IP protocol has come down
+ */
+typedef void (ip_down_hook_fn)(void);
+extern ip_down_hook_fn *ip_down_hook;
+
+/*
+ * Hook for a plugin to choose the remote IP address
+ */
+typedef void (ip_choose_hook_fn)(uint32_t *);
+extern ip_choose_hook_fn *ip_choose_hook;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* PPP_IPCP_H */
#include <netinet/in.h>
#include <arpa/inet.h>
-#include "pppd.h"
+#include "pppd-private.h"
+#include "options.h"
#include "fsm.h"
+#include "eui64.h"
#include "ipcp.h"
#include "ipv6cp.h"
#include "magic.h"
static int ipv6cp_is_up;
static bool ipv6cp_noremote;
-/* Hook for a plugin to know when IPv6 protocol has come up */
-void (*ipv6_up_hook)(void) = NULL;
-
-/* Hook for a plugin to know when IPv6 protocol has come down */
-void (*ipv6_down_hook)(void) = NULL;
+ipv6_up_hook_fn *ipv6_up_hook = NULL;
+ipv6_down_hook_fn *ipv6_down_hook = NULL;
/* Notifiers for when IPCPv6 goes up and down */
struct notifier *ipv6_up_notifier = NULL;
* Command-line options.
*/
static int setifaceid (char **arg);
-static void printifaceid (option_t *,
+static void printifaceid (struct option *,
void (*)(void *, char *, ...), void *);
-static option_t ipv6cp_option_list[] = {
+static struct option ipv6cp_option_list[] = {
{ "ipv6", o_special, (void *)setifaceid,
"Set interface identifiers for IPV6",
OPT_A2PRINTER, (void *)printifaceid },
*comma = '\0';
if (inet_pton(AF_INET6, arg, &addr) == 0 || !VALIDID(addr)) {
- option_error("Illegal interface identifier (local): %s", arg);
+ ppp_option_error("Illegal interface identifier (local): %s", arg);
return 0;
}
*/
if (*comma != 0 && *++comma != '\0') {
if (inet_pton(AF_INET6, comma, &addr) == 0 || !VALIDID(addr)) {
- option_error("Illegal interface identifier (remote): %s", comma);
+ ppp_option_error("Illegal interface identifier (remote): %s", comma);
return 0;
}
if (option_priority >= prio_remote) {
char *llv6_ntoa(eui64_t ifaceid);
static void
-printifaceid(option_t *opt, void (*printer) (void *, char *, ...), void *arg)
+printifaceid(struct option *opt, void (*printer) (void *, char *, ...), void *arg)
{
ipv6cp_options *wo = &ipv6cp_wantoptions[0];
return;
}
}
- script_setenv("LLLOCAL", llv6_ntoa(go->ourid), 0);
+ ppp_script_setenv("LLLOCAL", llv6_ntoa(go->ourid), 0);
if (!eui64_iszero(ho->hisid))
- script_setenv("LLREMOTE", llv6_ntoa(ho->hisid), 0);
+ ppp_script_setenv("LLREMOTE", llv6_ntoa(ho->hisid), 0);
#ifdef IPV6CP_COMP
/* set tcp compression */
ipv6cp_down(fsm *f)
{
IPV6CPDEBUG(("ipv6cp: down"));
- update_link_stats(f->unit);
+ ppp_get_link_stats(NULL);
notify(ipv6_down_notifier, 0);
if (ipv6_down_hook)
ipv6_down_hook();
static void
ipv6cp_script(char *script)
{
- char strspeed[32], strlocal[32], strremote[32];
+ char strspeed[32], strlocal[64], strremote[64];
char *argv[8];
sprintf(strspeed, "%d", baud_rate);
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
*/
+
+#ifndef PPP_IPV6CP_H
+#define PPP_IPV6CP_H
+
#include "pppdconf.h"
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/* Original version, based on RFC2023 :
Copyright (c) 1995, 1996, 1997 Francis.Dupont@inria.fr, INRIA Rocquencourt,
extern ipv6cp_options ipv6cp_hisoptions[];
extern struct protent ipv6cp_protent;
+
+/*
+ * Hook for a plugin to know when IPv6 protocol has come up
+ */
+typedef void (ipv6_up_hook_fn)(void);
+extern ipv6_up_hook_fn *ipv6_up_hook;
+
+/*
+ * Hook for a plugin to know when IPv6 protocol has come down
+ */
+typedef void (ipv6_down_hook_fn)(void);
+extern ipv6_down_hook_fn *ipv6_down_hook;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+++ /dev/null
-/*
- * ipxcp.c - PPP IPX Control Protocol.
- *
- * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. The name "Carnegie Mellon University" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For permission or any legal
- * details, please contact
- * Office of Technology Transfer
- * Carnegie Mellon University
- * 5000 Forbes Avenue
- * Pittsburgh, PA 15213-3890
- * (412) 268-4387, fax: (412) 268-7395
- * tech-transfer@andrew.cmu.edu
- *
- * 4. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by Computing Services
- * at Carnegie Mellon University (http://www.cmu.edu/computing/)."
- *
- * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
- * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
- * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
- * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
- * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#ifdef IPX_CHANGE
-
-/*
- * TODO:
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-#include <ctype.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-
-#include "pppd.h"
-#include "fsm.h"
-#include "ipxcp.h"
-#include "pathnames.h"
-#include "magic.h"
-
-
-/* global vars */
-ipxcp_options ipxcp_wantoptions[NUM_PPP]; /* Options that we want to request */
-ipxcp_options ipxcp_gotoptions[NUM_PPP]; /* Options that peer ack'd */
-ipxcp_options ipxcp_allowoptions[NUM_PPP]; /* Options we allow peer to request */
-ipxcp_options ipxcp_hisoptions[NUM_PPP]; /* Options that we ack'd */
-
-#define wo (&ipxcp_wantoptions[0])
-#define ao (&ipxcp_allowoptions[0])
-#define go (&ipxcp_gotoptions[0])
-#define ho (&ipxcp_hisoptions[0])
-
-/*
- * Callbacks for fsm code. (CI = Configuration Information)
- */
-static void ipxcp_resetci (fsm *); /* Reset our CI */
-static int ipxcp_cilen (fsm *); /* Return length of our CI */
-static void ipxcp_addci (fsm *, u_char *, int *); /* Add our CI */
-static int ipxcp_ackci (fsm *, u_char *, int); /* Peer ack'd our CI */
-static int ipxcp_nakci (fsm *, u_char *, int, int);/* Peer nak'd our CI */
-static int ipxcp_rejci (fsm *, u_char *, int); /* Peer rej'd our CI */
-static int ipxcp_reqci (fsm *, u_char *, int *, int); /* Rcv CI */
-static void ipxcp_up (fsm *); /* We're UP */
-static void ipxcp_down (fsm *); /* We're DOWN */
-static void ipxcp_finished (fsm *); /* Don't need lower layer */
-static void ipxcp_script (fsm *, char *); /* Run an up/down script */
-
-fsm ipxcp_fsm[NUM_PPP]; /* IPXCP fsm structure */
-
-static fsm_callbacks ipxcp_callbacks = { /* IPXCP callback routines */
- ipxcp_resetci, /* Reset our Configuration Information */
- ipxcp_cilen, /* Length of our Configuration Information */
- ipxcp_addci, /* Add our Configuration Information */
- ipxcp_ackci, /* ACK our Configuration Information */
- ipxcp_nakci, /* NAK our Configuration Information */
- ipxcp_rejci, /* Reject our Configuration Information */
- ipxcp_reqci, /* Request peer's Configuration Information */
- ipxcp_up, /* Called when fsm reaches OPENED state */
- ipxcp_down, /* Called when fsm leaves OPENED state */
- NULL, /* Called when we want the lower layer up */
- ipxcp_finished, /* Called when we want the lower layer down */
- NULL, /* Called when Protocol-Reject received */
- NULL, /* Retransmission is necessary */
- NULL, /* Called to handle protocol-specific codes */
- "IPXCP" /* String name of protocol */
-};
-
-/*
- * Command-line options.
- */
-static int setipxnode (char **);
-static void printipxnode (option_t *,
- void (*)(void *, char *, ...), void *);
-static int setipxname (char **);
-
-static option_t ipxcp_option_list[] = {
- { "ipx", o_bool, &ipxcp_protent.enabled_flag,
- "Enable IPXCP (and IPX)", OPT_PRIO | 1 },
- { "+ipx", o_bool, &ipxcp_protent.enabled_flag,
- "Enable IPXCP (and IPX)", OPT_PRIOSUB | OPT_ALIAS | 1 },
- { "noipx", o_bool, &ipxcp_protent.enabled_flag,
- "Disable IPXCP (and IPX)", OPT_PRIOSUB },
- { "-ipx", o_bool, &ipxcp_protent.enabled_flag,
- "Disable IPXCP (and IPX)", OPT_PRIOSUB | OPT_ALIAS },
-
- { "ipx-network", o_uint32, &ipxcp_wantoptions[0].our_network,
- "Set our IPX network number", OPT_PRIO, &ipxcp_wantoptions[0].neg_nn },
-
- { "ipxcp-accept-network", o_bool, &ipxcp_wantoptions[0].accept_network,
- "Accept peer IPX network number", 1,
- &ipxcp_allowoptions[0].accept_network },
-
- { "ipx-node", o_special, (void *)setipxnode,
- "Set IPX node number", OPT_A2PRINTER, (void *)printipxnode },
-
- { "ipxcp-accept-local", o_bool, &ipxcp_wantoptions[0].accept_local,
- "Accept our IPX address", 1,
- &ipxcp_allowoptions[0].accept_local },
-
- { "ipxcp-accept-remote", o_bool, &ipxcp_wantoptions[0].accept_remote,
- "Accept peer's IPX address", 1,
- &ipxcp_allowoptions[0].accept_remote },
-
- { "ipx-routing", o_int, &ipxcp_wantoptions[0].router,
- "Set IPX routing proto number", OPT_PRIO,
- &ipxcp_wantoptions[0].neg_router },
-
- { "ipx-router-name", o_special, setipxname,
- "Set IPX router name", OPT_PRIO | OPT_A2STRVAL | OPT_STATIC,
- &ipxcp_wantoptions[0].name },
-
- { "ipxcp-restart", o_int, &ipxcp_fsm[0].timeouttime,
- "Set timeout for IPXCP", OPT_PRIO },
- { "ipxcp-max-terminate", o_int, &ipxcp_fsm[0].maxtermtransmits,
- "Set max #xmits for IPXCP term-reqs", OPT_PRIO },
- { "ipxcp-max-configure", o_int, &ipxcp_fsm[0].maxconfreqtransmits,
- "Set max #xmits for IPXCP conf-reqs", OPT_PRIO },
- { "ipxcp-max-failure", o_int, &ipxcp_fsm[0].maxnakloops,
- "Set max #conf-naks for IPXCP", OPT_PRIO },
-
- { NULL }
-};
-
-/*
- * Protocol entry points.
- */
-
-static void ipxcp_init (int);
-static void ipxcp_open (int);
-static void ipxcp_close (int, char *);
-static void ipxcp_lowerup (int);
-static void ipxcp_lowerdown (int);
-static void ipxcp_input (int, u_char *, int);
-static void ipxcp_protrej (int);
-static int ipxcp_printpkt (u_char *, int,
- void (*) (void *, char *, ...), void *);
-
-struct protent ipxcp_protent = {
- PPP_IPXCP,
- ipxcp_init,
- ipxcp_input,
- ipxcp_protrej,
- ipxcp_lowerup,
- ipxcp_lowerdown,
- ipxcp_open,
- ipxcp_close,
- ipxcp_printpkt,
- NULL,
- 0,
- "IPXCP",
- "IPX",
- ipxcp_option_list,
- NULL,
- NULL,
- NULL
-};
-
-/*
- * Lengths of configuration options.
- */
-
-#define CILEN_VOID 2
-#define CILEN_COMPLETE 2 /* length of complete option */
-#define CILEN_NETN 6 /* network number length option */
-#define CILEN_NODEN 8 /* node number length option */
-#define CILEN_PROTOCOL 4 /* Minimum length of routing protocol */
-#define CILEN_NAME 3 /* Minimum length of router name */
-#define CILEN_COMPRESS 4 /* Minimum length of compression protocol */
-
-#define CODENAME(x) ((x) == CONFACK ? "ACK" : \
- (x) == CONFNAK ? "NAK" : "REJ")
-
-static int ipxcp_is_up;
-
-static char *ipx_ntoa (u_int32_t);
-
-/* Used in printing the node number */
-#define NODE(base) base[0], base[1], base[2], base[3], base[4], base[5]
-
-/* Used to generate the proper bit mask */
-#define BIT(num) (1 << (num))
-
-/*
- * Convert from internal to external notation
- */
-
-static short int
-to_external(short int internal)
-{
- short int external;
-
- if (internal & BIT(IPX_NONE) )
- external = IPX_NONE;
- else
- external = RIP_SAP;
-
- return external;
-}
-
-/*
- * Make a string representation of a network IP address.
- */
-
-static char *
-ipx_ntoa(u_int32_t ipxaddr)
-{
- static char b[64];
- slprintf(b, sizeof(b), "%x", ipxaddr);
- return b;
-}
-
-
-static u_char *
-setipxnodevalue(u_char *src, u_char *dst)
-{
- int indx;
- int item;
-
- for (;;) {
- if (!isxdigit (*src))
- break;
-
- for (indx = 0; indx < 5; ++indx) {
- dst[indx] <<= 4;
- dst[indx] |= (dst[indx + 1] >> 4) & 0x0F;
- }
-
- item = toupper (*src) - '0';
- if (item > 9)
- item -= 7;
-
- dst[5] = (dst[5] << 4) | item;
- ++src;
- }
- return src;
-}
-
-static int ipx_prio_our, ipx_prio_his;
-
-static int
-setipxnode(char **argv)
-{
- u_char *end;
- int have_his = 0;
- u_char our_node[6];
- u_char his_node[6];
-
- memset (our_node, 0, 6);
- memset (his_node, 0, 6);
-
- end = setipxnodevalue ((u_char *)*argv, our_node);
- if (*end == ':') {
- have_his = 1;
- end = setipxnodevalue (++end, his_node);
- }
-
- if (*end == '\0') {
- ipxcp_wantoptions[0].neg_node = 1;
- if (option_priority >= ipx_prio_our) {
- memcpy(&ipxcp_wantoptions[0].our_node[0], our_node, 6);
- ipx_prio_our = option_priority;
- }
- if (have_his && option_priority >= ipx_prio_his) {
- memcpy(&ipxcp_wantoptions[0].his_node[0], his_node, 6);
- ipx_prio_his = option_priority;
- }
- return 1;
- }
-
- option_error("invalid parameter '%s' for ipx-node option", *argv);
- return 0;
-}
-
-static void
-printipxnode(option_t *opt, void (*printer) (void *, char *, ...), void *arg)
-{
- unsigned char *p;
-
- p = ipxcp_wantoptions[0].our_node;
- if (ipx_prio_our)
- printer(arg, "%.2x%.2x%.2x%.2x%.2x%.2x",
- p[0], p[1], p[2], p[3], p[4], p[5]);
- printer(arg, ":");
- p = ipxcp_wantoptions[0].his_node;
- if (ipx_prio_his)
- printer(arg, "%.2x%.2x%.2x%.2x%.2x%.2x",
- p[0], p[1], p[2], p[3], p[4], p[5]);
-}
-
-static int
-setipxname (char **argv)
-{
- u_char *dest = ipxcp_wantoptions[0].name;
- char *src = *argv;
- int count;
- char ch;
-
- ipxcp_wantoptions[0].neg_name = 1;
- ipxcp_allowoptions[0].neg_name = 1;
- memset (dest, '\0', sizeof (ipxcp_wantoptions[0].name));
-
- count = 0;
- while (*src) {
- ch = *src++;
- if (! isalnum (ch) && ch != '_') {
- option_error("IPX router name must be alphanumeric or _");
- return 0;
- }
-
- if (count >= sizeof (ipxcp_wantoptions[0].name) - 1) {
- option_error("IPX router name is limited to %d characters",
- sizeof (ipxcp_wantoptions[0].name) - 1);
- return 0;
- }
-
- dest[count++] = toupper (ch);
- }
- dest[count] = 0;
-
- return 1;
-}
-
-/*
- * ipxcp_init - Initialize IPXCP.
- */
-static void
-ipxcp_init(int unit)
-{
- fsm *f = &ipxcp_fsm[unit];
-
- f->unit = unit;
- f->protocol = PPP_IPXCP;
- f->callbacks = &ipxcp_callbacks;
- fsm_init(&ipxcp_fsm[unit]);
-
- memset (wo->name, 0, sizeof (wo->name));
- memset (wo->our_node, 0, sizeof (wo->our_node));
- memset (wo->his_node, 0, sizeof (wo->his_node));
-
- wo->neg_nn = 1;
- wo->neg_complete = 1;
- wo->network = 0;
-
- ao->neg_node = 1;
- ao->neg_nn = 1;
- ao->neg_name = 1;
- ao->neg_complete = 1;
- ao->neg_router = 1;
-
- ao->accept_local = 0;
- ao->accept_remote = 0;
- ao->accept_network = 0;
-
- wo->tried_rip = 0;
- wo->tried_nlsp = 0;
-}
-
-/*
- * Copy the node number
- */
-
-static void
-copy_node (u_char *src, u_char *dst)
-{
- memcpy (dst, src, sizeof (ipxcp_wantoptions[0].our_node));
-}
-
-/*
- * Compare node numbers
- */
-
-static int
-compare_node (u_char *src, u_char *dst)
-{
- return memcmp (dst, src, sizeof (ipxcp_wantoptions[0].our_node)) == 0;
-}
-
-/*
- * Is the node number zero?
- */
-
-static int
-zero_node (u_char *node)
-{
- int indx;
- for (indx = 0; indx < sizeof (ipxcp_wantoptions[0].our_node); ++indx)
- if (node [indx] != 0)
- return 0;
- return 1;
-}
-
-/*
- * Increment the node number
- */
-
-static void
-inc_node (u_char *node)
-{
- u_char *outp;
- u_int32_t magic_num;
-
- outp = node;
- magic_num = magic();
- *outp++ = '\0';
- *outp++ = '\0';
- PUTLONG (magic_num, outp);
-}
-
-/*
- * ipxcp_open - IPXCP is allowed to come up.
- */
-static void
-ipxcp_open(int unit)
-{
- fsm_open(&ipxcp_fsm[unit]);
-}
-
-/*
- * ipxcp_close - Take IPXCP down.
- */
-static void
-ipxcp_close(int unit, char *reason)
-{
- fsm_close(&ipxcp_fsm[unit], reason);
-}
-
-
-/*
- * ipxcp_lowerup - The lower layer is up.
- */
-static void
-ipxcp_lowerup(int unit)
-{
- fsm_lowerup(&ipxcp_fsm[unit]);
-}
-
-
-/*
- * ipxcp_lowerdown - The lower layer is down.
- */
-static void
-ipxcp_lowerdown(int unit)
-{
- fsm_lowerdown(&ipxcp_fsm[unit]);
-}
-
-
-/*
- * ipxcp_input - Input IPXCP packet.
- */
-static void
-ipxcp_input(int unit, u_char *p, int len)
-{
- fsm_input(&ipxcp_fsm[unit], p, len);
-}
-
-
-/*
- * ipxcp_protrej - A Protocol-Reject was received for IPXCP.
- *
- * Pretend the lower layer went down, so we shut up.
- */
-static void
-ipxcp_protrej(int unit)
-{
- fsm_lowerdown(&ipxcp_fsm[unit]);
-}
-
-
-/*
- * ipxcp_resetci - Reset our CI.
- */
-static void
-ipxcp_resetci(fsm *f)
-{
- wo->req_node = wo->neg_node && ao->neg_node;
- wo->req_nn = wo->neg_nn && ao->neg_nn;
-
- if (wo->our_network == 0) {
- wo->neg_node = 1;
- ao->accept_network = 1;
- }
-/*
- * If our node number is zero then change it.
- */
- if (zero_node (wo->our_node)) {
- inc_node (wo->our_node);
- ao->accept_local = 1;
- wo->neg_node = 1;
- }
-/*
- * If his node number is zero then change it.
- */
- if (zero_node (wo->his_node)) {
- inc_node (wo->his_node);
- ao->accept_remote = 1;
- }
-/*
- * If no routing agent was specified then we do RIP/SAP according to the
- * RFC documents. If you have specified something then OK. Otherwise, we
- * do RIP/SAP.
- */
- if (ao->router == 0) {
- ao->router |= BIT(RIP_SAP);
- wo->router |= BIT(RIP_SAP);
- }
-
- /* Always specify a routing protocol unless it was REJected. */
- wo->neg_router = 1;
-/*
- * Start with these default values
- */
- *go = *wo;
-}
-
-/*
- * ipxcp_cilen - Return length of our CI.
- */
-
-static int
-ipxcp_cilen(fsm *f)
-{
- int len;
-
- len = go->neg_nn ? CILEN_NETN : 0;
- len += go->neg_node ? CILEN_NODEN : 0;
- len += go->neg_name ? CILEN_NAME + strlen ((char *)go->name) - 1 : 0;
-
- /* RFC says that defaults should not be included. */
- if (go->neg_router && to_external(go->router) != RIP_SAP)
- len += CILEN_PROTOCOL;
-
- return (len);
-}
-
-
-/*
- * ipxcp_addci - Add our desired CIs to a packet.
- */
-static void
-ipxcp_addci(fsm *f, u_char *ucp, int *lenp)
-{
-/*
- * Add the options to the record.
- */
- if (go->neg_nn) {
- PUTCHAR (IPX_NETWORK_NUMBER, ucp);
- PUTCHAR (CILEN_NETN, ucp);
- PUTLONG (go->our_network, ucp);
- }
-
- if (go->neg_node) {
- int indx;
- PUTCHAR (IPX_NODE_NUMBER, ucp);
- PUTCHAR (CILEN_NODEN, ucp);
- for (indx = 0; indx < sizeof (go->our_node); ++indx)
- PUTCHAR (go->our_node[indx], ucp);
- }
-
- if (go->neg_name) {
- int cilen = strlen ((char *)go->name);
- int indx;
- PUTCHAR (IPX_ROUTER_NAME, ucp);
- PUTCHAR (CILEN_NAME + cilen - 1, ucp);
- for (indx = 0; indx < cilen; ++indx)
- PUTCHAR (go->name [indx], ucp);
- }
-
- if (go->neg_router) {
- short external = to_external (go->router);
- if (external != RIP_SAP) {
- PUTCHAR (IPX_ROUTER_PROTOCOL, ucp);
- PUTCHAR (CILEN_PROTOCOL, ucp);
- PUTSHORT (external, ucp);
- }
- }
-}
-
-/*
- * ipxcp_ackci - Ack our CIs.
- *
- * Returns:
- * 0 - Ack was bad.
- * 1 - Ack was good.
- */
-static int
-ipxcp_ackci(fsm *f, u_char *p, int len)
-{
- u_short cilen, citype, cishort;
- u_char cichar;
- u_int32_t cilong;
-
-#define ACKCIVOID(opt, neg) \
- if (neg) { \
- if ((len -= CILEN_VOID) < 0) \
- break; \
- GETCHAR(citype, p); \
- GETCHAR(cilen, p); \
- if (cilen != CILEN_VOID || \
- citype != opt) \
- break; \
- }
-
-#define ACKCICOMPLETE(opt,neg) ACKCIVOID(opt, neg)
-
-#define ACKCICHARS(opt, neg, val, cnt) \
- if (neg) { \
- int indx, count = cnt; \
- len -= (count + 2); \
- if (len < 0) \
- break; \
- GETCHAR(citype, p); \
- GETCHAR(cilen, p); \
- if (cilen != (count + 2) || \
- citype != opt) \
- break; \
- for (indx = 0; indx < count; ++indx) {\
- GETCHAR(cichar, p); \
- if (cichar != ((u_char *) &val)[indx]) \
- break; \
- }\
- if (indx != count) \
- break; \
- }
-
-#define ACKCINODE(opt,neg,val) ACKCICHARS(opt,neg,val,sizeof(val))
-#define ACKCINAME(opt,neg,val) ACKCICHARS(opt,neg,val,strlen((char *)val))
-
-#define ACKCINETWORK(opt, neg, val) \
- if (neg) { \
- if ((len -= CILEN_NETN) < 0) \
- break; \
- GETCHAR(citype, p); \
- GETCHAR(cilen, p); \
- if (cilen != CILEN_NETN || \
- citype != opt) \
- break; \
- GETLONG(cilong, p); \
- if (cilong != val) \
- break; \
- }
-
-#define ACKCIPROTO(opt, neg, val) \
- if (neg) { \
- if (len < 2) \
- break; \
- GETCHAR(citype, p); \
- GETCHAR(cilen, p); \
- if (cilen != CILEN_PROTOCOL || citype != opt) \
- break; \
- len -= cilen; \
- if (len < 0) \
- break; \
- GETSHORT(cishort, p); \
- if (cishort != to_external (val) || cishort == RIP_SAP) \
- break; \
- }
-/*
- * Process the ACK frame in the order in which the frame was assembled
- */
- do {
- ACKCINETWORK (IPX_NETWORK_NUMBER, go->neg_nn, go->our_network);
- ACKCINODE (IPX_NODE_NUMBER, go->neg_node, go->our_node);
- ACKCINAME (IPX_ROUTER_NAME, go->neg_name, go->name);
- if (len > 0)
- ACKCIPROTO (IPX_ROUTER_PROTOCOL, go->neg_router, go->router);
-/*
- * This is the end of the record.
- */
- if (len == 0)
- return (1);
- } while (0);
-/*
- * The frame is invalid
- */
- IPXCPDEBUG(("ipxcp_ackci: received bad Ack!"));
- return (0);
-}
-
-/*
- * ipxcp_nakci - Peer has sent a NAK for some of our CIs.
- * This should not modify any state if the Nak is bad
- * or if IPXCP is in the OPENED state.
- *
- * Returns:
- * 0 - Nak was bad.
- * 1 - Nak was good.
- */
-
-static int
-ipxcp_nakci(fsm *f, u_char *p, int len, int treat_as_reject)
-{
- u_char citype, cilen, *next;
- u_short s;
- u_int32_t l;
- ipxcp_options no; /* options we've seen Naks for */
- ipxcp_options try; /* options to request next time */
-
- BZERO(&no, sizeof(no));
- try = *go;
-
- while (len >= CILEN_VOID) {
- GETCHAR (citype, p);
- GETCHAR (cilen, p);
- len -= cilen;
- if (cilen < CILEN_VOID || len < 0)
- goto bad;
- next = &p [cilen - CILEN_VOID];
-
- switch (citype) {
- case IPX_NETWORK_NUMBER:
- if (!go->neg_nn || no.neg_nn || (cilen != CILEN_NETN))
- goto bad;
- no.neg_nn = 1;
-
- GETLONG(l, p);
- if (treat_as_reject)
- try.neg_nn = 0;
- else if (l && ao->accept_network)
- try.our_network = l;
- break;
-
- case IPX_NODE_NUMBER:
- if (!go->neg_node || no.neg_node || (cilen != CILEN_NODEN))
- goto bad;
- no.neg_node = 1;
-
- if (treat_as_reject)
- try.neg_node = 0;
- else if (!zero_node (p) && ao->accept_local &&
- ! compare_node (p, ho->his_node))
- copy_node (p, try.our_node);
- break;
-
- /* This has never been sent. Ignore the NAK frame */
- case IPX_COMPRESSION_PROTOCOL:
- goto bad;
-
- case IPX_ROUTER_PROTOCOL:
- if (!go->neg_router || (cilen < CILEN_PROTOCOL))
- goto bad;
-
- GETSHORT (s, p);
- if (s > 15) /* This is just bad, but ignore for now. */
- break;
-
- s = BIT(s);
- if (no.router & s) /* duplicate NAKs are always bad */
- goto bad;
-
- if (no.router == 0) /* Reset on first NAK only */
- try.router = 0;
-
- no.router |= s;
- try.router |= s;
- try.neg_router = 1;
- break;
-
- /* These, according to the RFC, must never be NAKed. */
- case IPX_ROUTER_NAME:
- case IPX_COMPLETE:
- goto bad;
-
- /* These are for options which we have not seen. */
- default:
- break;
- }
- p = next;
- }
-
- /*
- * Do not permit the peer to force a router protocol which we do not
- * support. However, default to the condition that will accept "NONE".
- */
- try.router &= (ao->router | BIT(IPX_NONE));
- if (try.router == 0 && ao->router != 0)
- try.router = BIT(IPX_NONE);
-
- if (try.router != 0)
- try.neg_router = 1;
-
- /*
- * OK, the Nak is good. Now we can update state.
- * If there are any options left, we ignore them.
- */
- if (f->state != OPENED)
- *go = try;
-
- return 1;
-
-bad:
- IPXCPDEBUG(("ipxcp_nakci: received bad Nak!"));
- return 0;
-}
-
-/*
- * ipxcp_rejci - Reject some of our CIs.
- */
-static int
-ipxcp_rejci(fsm *f, u_char *p, int len)
-{
- u_short cilen, citype, cishort;
- u_char cichar;
- u_int32_t cilong;
- ipxcp_options try; /* options to request next time */
-
-#define REJCINETWORK(opt, neg, val) \
- if (neg && p[0] == opt) { \
- if ((len -= CILEN_NETN) < 0) \
- break; \
- GETCHAR(citype, p); \
- GETCHAR(cilen, p); \
- if (cilen != CILEN_NETN || \
- citype != opt) \
- break; \
- GETLONG(cilong, p); \
- if (cilong != val) \
- break; \
- neg = 0; \
- }
-
-#define REJCICHARS(opt, neg, val, cnt) \
- if (neg && p[0] == opt) { \
- int indx, count = cnt; \
- len -= (count + 2); \
- if (len < 0) \
- break; \
- GETCHAR(citype, p); \
- GETCHAR(cilen, p); \
- if (cilen != (count + 2) || \
- citype != opt) \
- break; \
- for (indx = 0; indx < count; ++indx) {\
- GETCHAR(cichar, p); \
- if (cichar != ((u_char *) &val)[indx]) \
- break; \
- }\
- if (indx != count) \
- break; \
- neg = 0; \
- }
-
-#define REJCINODE(opt,neg,val) REJCICHARS(opt,neg,val,sizeof(val))
-#define REJCINAME(opt,neg,val) REJCICHARS(opt,neg,val,strlen((char *)val))
-
-#define REJCIVOID(opt, neg) \
- if (neg && p[0] == opt) { \
- if ((len -= CILEN_VOID) < 0) \
- break; \
- GETCHAR(citype, p); \
- GETCHAR(cilen, p); \
- if (cilen != CILEN_VOID || citype != opt) \
- break; \
- neg = 0; \
- }
-
-/* a reject for RIP/SAP is invalid since we don't send it and you can't
- reject something which is not sent. (You can NAK, but you can't REJ.) */
-#define REJCIPROTO(opt, neg, val, bit) \
- if (neg && p[0] == opt) { \
- if ((len -= CILEN_PROTOCOL) < 0) \
- break; \
- GETCHAR(citype, p); \
- GETCHAR(cilen, p); \
- if (cilen != CILEN_PROTOCOL) \
- break; \
- GETSHORT(cishort, p); \
- if (cishort != to_external (val) || cishort == RIP_SAP) \
- break; \
- neg = 0; \
- }
-/*
- * Any Rejected CIs must be in exactly the same order that we sent.
- * Check packet length and CI length at each step.
- * If we find any deviations, then this packet is bad.
- */
- try = *go;
-
- do {
- REJCINETWORK (IPX_NETWORK_NUMBER, try.neg_nn, try.our_network);
- REJCINODE (IPX_NODE_NUMBER, try.neg_node, try.our_node);
- REJCINAME (IPX_ROUTER_NAME, try.neg_name, try.name);
- REJCIPROTO (IPX_ROUTER_PROTOCOL, try.neg_router, try.router, 0);
-/*
- * This is the end of the record.
- */
- if (len == 0) {
- if (f->state != OPENED)
- *go = try;
- return (1);
- }
- } while (0);
-/*
- * The frame is invalid at this point.
- */
- IPXCPDEBUG(("ipxcp_rejci: received bad Reject!"));
- return 0;
-}
-
-/*
- * ipxcp_reqci - Check the peer's requested CIs and send appropriate response.
- *
- * Returns: CONFACK, CONFNAK or CONFREJ and input packet modified
- * appropriately. If reject_if_disagree is non-zero, doesn't return
- * CONFNAK; returns CONFREJ if it can't return CONFACK.
- */
-static int
-ipxcp_reqci(fsm *f, u_char *inp, int *len, int reject_if_disagree)
-{
- u_char *cip, *next; /* Pointer to current and next CIs */
- u_short cilen, citype; /* Parsed len, type */
- u_short cishort; /* Parsed short value */
- u_int32_t cinetwork; /* Parsed address values */
- int rc = CONFACK; /* Final packet return code */
- int orc; /* Individual option return code */
- u_char *p; /* Pointer to next char to parse */
- u_char *ucp = inp; /* Pointer to current output char */
- int l = *len; /* Length left */
-
- /*
- * Reset all his options.
- */
- BZERO(ho, sizeof(*ho));
-
- /*
- * Process all his options.
- */
- next = inp;
- while (l) {
- orc = CONFACK; /* Assume success */
- cip = p = next; /* Remember begining of CI */
- if (l < 2 || /* Not enough data for CI header or */
- p[1] < 2 || /* CI length too small or */
- p[1] > l) { /* CI length too big? */
- IPXCPDEBUG(("ipxcp_reqci: bad CI length!"));
- orc = CONFREJ; /* Reject bad CI */
- cilen = l; /* Reject till end of packet */
- l = 0; /* Don't loop again */
- goto endswitch;
- }
- GETCHAR(citype, p); /* Parse CI type */
- GETCHAR(cilen, p); /* Parse CI length */
- l -= cilen; /* Adjust remaining length */
- next += cilen; /* Step to next CI */
-
- switch (citype) { /* Check CI type */
-/*
- * The network number must match. Choose the larger of the two.
- */
- case IPX_NETWORK_NUMBER:
- /* if we wont negotiate the network number or the length is wrong
- then reject the option */
- if ( !ao->neg_nn || cilen != CILEN_NETN ) {
- orc = CONFREJ;
- break;
- }
- GETLONG(cinetwork, p);
-
- /* If the network numbers match then acknowledge them. */
- if (cinetwork != 0) {
- ho->his_network = cinetwork;
- ho->neg_nn = 1;
- if (wo->our_network == cinetwork)
- break;
-/*
- * If the network number is not given or we don't accept their change or
- * the network number is too small then NAK it.
- */
- if (! ao->accept_network || cinetwork < wo->our_network) {
- DECPTR (sizeof (u_int32_t), p);
- PUTLONG (wo->our_network, p);
- orc = CONFNAK;
- }
- break;
- }
-/*
- * The peer sent '0' for the network. Give it ours if we have one.
- */
- if (go->our_network != 0) {
- DECPTR (sizeof (u_int32_t), p);
- PUTLONG (wo->our_network, p);
- orc = CONFNAK;
-/*
- * We don't have one. Reject the value.
- */
- } else
- orc = CONFREJ;
-
- break;
-/*
- * The node number is required
- */
- case IPX_NODE_NUMBER:
- /* if we wont negotiate the node number or the length is wrong
- then reject the option */
- if ( cilen != CILEN_NODEN ) {
- orc = CONFREJ;
- break;
- }
-
- copy_node (p, ho->his_node);
- ho->neg_node = 1;
-/*
- * If the remote does not have a number and we do then NAK it with the value
- * which we have for it. (We never have a default value of zero.)
- */
- if (zero_node (ho->his_node)) {
- orc = CONFNAK;
- copy_node (wo->his_node, p);
- INCPTR (sizeof (wo->his_node), p);
- break;
- }
-/*
- * If you have given me the expected network node number then I'll accept
- * it now.
- */
- if (compare_node (wo->his_node, ho->his_node)) {
- orc = CONFACK;
- ho->neg_node = 1;
- INCPTR (sizeof (wo->his_node), p);
- break;
- }
-/*
- * If his node number is the same as ours then ask him to try the next
- * value.
- */
- if (compare_node (ho->his_node, go->our_node)) {
- inc_node (ho->his_node);
- orc = CONFNAK;
- copy_node (ho->his_node, p);
- INCPTR (sizeof (wo->his_node), p);
- break;
- }
-/*
- * If we don't accept a new value then NAK it.
- */
- if (! ao->accept_remote) {
- copy_node (wo->his_node, p);
- INCPTR (sizeof (wo->his_node), p);
- orc = CONFNAK;
- break;
- }
- orc = CONFACK;
- ho->neg_node = 1;
- INCPTR (sizeof (wo->his_node), p);
- break;
-/*
- * Compression is not desired at this time. It is always rejected.
- */
- case IPX_COMPRESSION_PROTOCOL:
- orc = CONFREJ;
- break;
-/*
- * The routing protocol is a bitmask of various types. Any combination
- * of the values RIP_SAP and NLSP are permissible. 'IPX_NONE' for no
- * routing protocol must be specified only once.
- */
- case IPX_ROUTER_PROTOCOL:
- if ( !ao->neg_router || cilen < CILEN_PROTOCOL ) {
- orc = CONFREJ;
- break;
- }
-
- GETSHORT (cishort, p);
-
- if (wo->neg_router == 0) {
- wo->neg_router = 1;
- wo->router = BIT(IPX_NONE);
- }
-
- if ((cishort == IPX_NONE && ho->router != 0) ||
- (ho->router & BIT(IPX_NONE))) {
- orc = CONFREJ;
- break;
- }
-
- cishort = BIT(cishort);
- if (ho->router & cishort) {
- orc = CONFREJ;
- break;
- }
-
- ho->router |= cishort;
- ho->neg_router = 1;
-
- /* Finally do not allow a router protocol which we do not
- support. */
-
- if ((cishort & (ao->router | BIT(IPX_NONE))) == 0) {
- int protocol;
-
- if (cishort == BIT(NLSP) &&
- (ao->router & BIT(RIP_SAP)) &&
- !wo->tried_rip) {
- protocol = RIP_SAP;
- wo->tried_rip = 1;
- } else
- protocol = IPX_NONE;
-
- DECPTR (sizeof (u_int16_t), p);
- PUTSHORT (protocol, p);
- orc = CONFNAK;
- }
- break;
-/*
- * The router name is advisorary. Just accept it if it is not too large.
- */
- case IPX_ROUTER_NAME:
- if (cilen >= CILEN_NAME) {
- int name_size = cilen - CILEN_NAME;
- if (name_size >= sizeof (ho->name))
- name_size = sizeof (ho->name) - 1;
- memset (ho->name, 0, sizeof (ho->name));
- memcpy (ho->name, p, name_size);
- ho->name [name_size] = '\0';
- ho->neg_name = 1;
- orc = CONFACK;
- break;
- }
- orc = CONFREJ;
- break;
-/*
- * This is advisorary.
- */
- case IPX_COMPLETE:
- if (cilen != CILEN_COMPLETE)
- orc = CONFREJ;
- else {
- ho->neg_complete = 1;
- orc = CONFACK;
- }
- break;
-/*
- * All other entries are not known at this time.
- */
- default:
- orc = CONFREJ;
- break;
- }
-endswitch:
- if (orc == CONFACK && /* Good CI */
- rc != CONFACK) /* but prior CI wasnt? */
- continue; /* Don't send this one */
-
- if (orc == CONFNAK) { /* Nak this CI? */
- if (reject_if_disagree) /* Getting fed up with sending NAKs? */
- orc = CONFREJ; /* Get tough if so */
- if (rc == CONFREJ) /* Rejecting prior CI? */
- continue; /* Don't send this one */
- if (rc == CONFACK) { /* Ack'd all prior CIs? */
- rc = CONFNAK; /* Not anymore... */
- ucp = inp; /* Backup */
- }
- }
-
- if (orc == CONFREJ && /* Reject this CI */
- rc != CONFREJ) { /* but no prior ones? */
- rc = CONFREJ;
- ucp = inp; /* Backup */
- }
-
- /* Need to move CI? */
- if (ucp != cip)
- BCOPY(cip, ucp, cilen); /* Move it */
-
- /* Update output pointer */
- INCPTR(cilen, ucp);
- }
-
- /*
- * If we aren't rejecting this packet, and we want to negotiate
- * their address, and they didn't send their address, then we
- * send a NAK with a IPX_NODE_NUMBER option appended. We assume the
- * input buffer is long enough that we can append the extra
- * option safely.
- */
-
- if (rc != CONFREJ && !ho->neg_node &&
- wo->req_nn && !reject_if_disagree) {
- if (rc == CONFACK) {
- rc = CONFNAK;
- wo->req_nn = 0; /* don't ask again */
- ucp = inp; /* reset pointer */
- }
-
- if (zero_node (wo->his_node))
- inc_node (wo->his_node);
-
- PUTCHAR (IPX_NODE_NUMBER, ucp);
- PUTCHAR (CILEN_NODEN, ucp);
- copy_node (wo->his_node, ucp);
- INCPTR (sizeof (wo->his_node), ucp);
- }
-
- *len = ucp - inp; /* Compute output length */
- IPXCPDEBUG(("ipxcp: returning Configure-%s", CODENAME(rc)));
- return (rc); /* Return final code */
-}
-
-/*
- * ipxcp_up - IPXCP has come UP.
- *
- * Configure the IP network interface appropriately and bring it up.
- */
-
-static void
-ipxcp_up(fsm *f)
-{
- int unit = f->unit;
-
- IPXCPDEBUG(("ipxcp: up"));
-
- /* The default router protocol is RIP/SAP. */
- if (ho->router == 0)
- ho->router = BIT(RIP_SAP);
-
- if (go->router == 0)
- go->router = BIT(RIP_SAP);
-
- /* Fetch the network number */
- if (!ho->neg_nn)
- ho->his_network = wo->his_network;
-
- if (!ho->neg_node)
- copy_node (wo->his_node, ho->his_node);
-
- if (!wo->neg_node && !go->neg_node)
- copy_node (wo->our_node, go->our_node);
-
- if (zero_node (go->our_node)) {
- static char errmsg[] = "Could not determine local IPX node address";
- if (debug)
- error(errmsg);
- ipxcp_close(f->unit, errmsg);
- return;
- }
-
- go->network = go->our_network;
- if (ho->his_network != 0 && ho->his_network > go->network)
- go->network = ho->his_network;
-
- if (go->network == 0) {
- static char errmsg[] = "Can not determine network number";
- if (debug)
- error(errmsg);
- ipxcp_close (unit, errmsg);
- return;
- }
-
- /* bring the interface up */
- if (!sifup(unit)) {
- if (debug)
- warn("sifup failed (IPX)");
- ipxcp_close(unit, "Interface configuration failed");
- return;
- }
- ipxcp_is_up = 1;
-
- /* set the network number for IPX */
- if (!sipxfaddr(unit, go->network, go->our_node)) {
- if (debug)
- warn("sipxfaddr failed");
- ipxcp_close(unit, "Interface configuration failed");
- return;
- }
-
- np_up(f->unit, PPP_IPX);
-
- /*
- * Execute the ipx-up script, like this:
- * /etc/ppp/ipx-up interface tty speed local-IPX remote-IPX
- */
-
- ipxcp_script (f, _PATH_IPXUP);
-}
-
-/*
- * ipxcp_down - IPXCP has gone DOWN.
- *
- * Take the IP network interface down, clear its addresses
- * and delete routes through it.
- */
-
-static void
-ipxcp_down(fsm *f)
-{
- IPXCPDEBUG(("ipxcp: down"));
-
- if (!ipxcp_is_up)
- return;
- ipxcp_is_up = 0;
- np_down(f->unit, PPP_IPX);
- cipxfaddr(f->unit);
- sifnpmode(f->unit, PPP_IPX, NPMODE_DROP);
- sifdown(f->unit);
- ipxcp_script (f, _PATH_IPXDOWN);
-}
-
-
-/*
- * ipxcp_finished - possibly shut down the lower layers.
- */
-static void
-ipxcp_finished(fsm *f)
-{
- np_finished(f->unit, PPP_IPX);
-}
-
-
-/*
- * ipxcp_script - Execute a script with arguments
- * interface-name tty-name speed local-IPX remote-IPX networks.
- */
-static void
-ipxcp_script(fsm *f, char *script)
-{
- char strspeed[32], strlocal[32], strremote[32];
- char strnetwork[32], strpid[32];
- char *argv[14], strproto_lcl[32], strproto_rmt[32];
-
- slprintf(strpid, sizeof(strpid), "%d", getpid());
- slprintf(strspeed, sizeof(strspeed),"%d", baud_rate);
-
- strproto_lcl[0] = '\0';
- if (go->neg_router && ((go->router & BIT(IPX_NONE)) == 0)) {
- if (go->router & BIT(RIP_SAP))
- strlcpy (strproto_lcl, "RIP ", sizeof(strproto_lcl));
- if (go->router & BIT(NLSP))
- strlcat (strproto_lcl, "NLSP ", sizeof(strproto_lcl));
- }
-
- if (strproto_lcl[0] == '\0')
- strlcpy (strproto_lcl, "NONE ", sizeof(strproto_lcl));
-
- strproto_lcl[strlen (strproto_lcl)-1] = '\0';
-
- strproto_rmt[0] = '\0';
- if (ho->neg_router && ((ho->router & BIT(IPX_NONE)) == 0)) {
- if (ho->router & BIT(RIP_SAP))
- strlcpy (strproto_rmt, "RIP ", sizeof(strproto_rmt));
- if (ho->router & BIT(NLSP))
- strlcat (strproto_rmt, "NLSP ", sizeof(strproto_rmt));
- }
-
- if (strproto_rmt[0] == '\0')
- strlcpy (strproto_rmt, "NONE ", sizeof(strproto_rmt));
-
- strproto_rmt[strlen (strproto_rmt)-1] = '\0';
-
- strlcpy (strnetwork, ipx_ntoa (go->network), sizeof(strnetwork));
-
- slprintf (strlocal, sizeof(strlocal), "%0.6B", go->our_node);
-
- slprintf (strremote, sizeof(strremote), "%0.6B", ho->his_node);
-
- argv[0] = script;
- argv[1] = ifname;
- argv[2] = devnam;
- argv[3] = strspeed;
- argv[4] = strnetwork;
- argv[5] = strlocal;
- argv[6] = strremote;
- argv[7] = strproto_lcl;
- argv[8] = strproto_rmt;
- argv[9] = (char *)go->name;
- argv[10] = (char *)ho->name;
- argv[11] = ipparam;
- argv[12] = strpid;
- argv[13] = NULL;
- run_program(script, argv, 0, NULL, NULL, 0);
-}
-
-/*
- * ipxcp_printpkt - print the contents of an IPXCP packet.
- */
-static char *ipxcp_codenames[] = {
- "ConfReq", "ConfAck", "ConfNak", "ConfRej",
- "TermReq", "TermAck", "CodeRej"
-};
-
-static int
-ipxcp_printpkt(u_char *p, int plen,
- void (*printer) (void *, char *, ...), void *arg)
-{
- int code, id, len, olen;
- u_char *pstart, *optend;
- u_short cishort;
- u_int32_t cilong;
-
- if (plen < HEADERLEN)
- return 0;
- pstart = p;
- GETCHAR(code, p);
- GETCHAR(id, p);
- GETSHORT(len, p);
- if (len < HEADERLEN || len > plen)
- return 0;
-
- if (code >= 1 && code <= sizeof(ipxcp_codenames) / sizeof(char *))
- printer(arg, " %s", ipxcp_codenames[code-1]);
- else
- printer(arg, " code=0x%x", code);
- printer(arg, " id=0x%x", id);
- len -= HEADERLEN;
- switch (code) {
- case CONFREQ:
- case CONFACK:
- case CONFNAK:
- case CONFREJ:
- /* print option list */
- while (len >= 2) {
- GETCHAR(code, p);
- GETCHAR(olen, p);
- p -= 2;
- if (olen < CILEN_VOID || olen > len) {
- break;
- }
- printer(arg, " <");
- len -= olen;
- optend = p + olen;
- switch (code) {
- case IPX_NETWORK_NUMBER:
- if (olen == CILEN_NETN) {
- p += 2;
- GETLONG(cilong, p);
- printer (arg, "network %s", ipx_ntoa (cilong));
- }
- break;
- case IPX_NODE_NUMBER:
- if (olen == CILEN_NODEN) {
- p += 2;
- printer (arg, "node ");
- while (p < optend) {
- GETCHAR(code, p);
- printer(arg, "%.2x", (int) (unsigned int) (unsigned char) code);
- }
- }
- break;
- case IPX_COMPRESSION_PROTOCOL:
- if (olen == CILEN_COMPRESS) {
- p += 2;
- GETSHORT (cishort, p);
- printer (arg, "compression %d", (int) cishort);
- }
- break;
- case IPX_ROUTER_PROTOCOL:
- if (olen == CILEN_PROTOCOL) {
- p += 2;
- GETSHORT (cishort, p);
- printer (arg, "router proto %d", (int) cishort);
- }
- break;
- case IPX_ROUTER_NAME:
- if (olen >= CILEN_NAME) {
- p += 2;
- printer (arg, "router name \"");
- while (p < optend) {
- GETCHAR(code, p);
- if (code >= 0x20 && code <= 0x7E)
- printer (arg, "%c", (int) (unsigned int) (unsigned char) code);
- else
- printer (arg, " \\%.2x", (int) (unsigned int) (unsigned char) code);
- }
- printer (arg, "\"");
- }
- break;
- case IPX_COMPLETE:
- if (olen == CILEN_COMPLETE) {
- p += 2;
- printer (arg, "complete");
- }
- break;
- default:
- break;
- }
-
- while (p < optend) {
- GETCHAR(code, p);
- printer(arg, " %.2x", (int) (unsigned int) (unsigned char) code);
- }
- printer(arg, ">");
- }
- break;
-
- case TERMACK:
- case TERMREQ:
- if (len > 0 && *p >= ' ' && *p < 0x7f) {
- printer(arg, " ");
- print_string((char *)p, len, printer, arg);
- p += len;
- len = 0;
- }
- break;
- }
-
- /* print the rest of the bytes in the packet */
- for (; len > 0; --len) {
- GETCHAR(code, p);
- printer(arg, " %.2x", (int) (unsigned int) (unsigned char) code);
- }
-
- return p - pstart;
-}
-#endif /* ifdef IPX_CHANGE */
+++ /dev/null
-/*
- * ipxcp.h - IPX Control Protocol definitions.
- *
- * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. The name "Carnegie Mellon University" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For permission or any legal
- * details, please contact
- * Office of Technology Transfer
- * Carnegie Mellon University
- * 5000 Forbes Avenue
- * Pittsburgh, PA 15213-3890
- * (412) 268-4387, fax: (412) 268-7395
- * tech-transfer@andrew.cmu.edu
- *
- * 4. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by Computing Services
- * at Carnegie Mellon University (http://www.cmu.edu/computing/)."
- *
- * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
- * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
- * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
- * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
- * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-#include "pppdconf.h"
-
-/*
- * Options.
- */
-#define IPX_NETWORK_NUMBER 1 /* IPX Network Number */
-#define IPX_NODE_NUMBER 2
-#define IPX_COMPRESSION_PROTOCOL 3
-#define IPX_ROUTER_PROTOCOL 4
-#define IPX_ROUTER_NAME 5
-#define IPX_COMPLETE 6
-
-/* Values for the router protocol */
-#define IPX_NONE 0
-#define RIP_SAP 2
-#define NLSP 4
-
-typedef struct ipxcp_options {
- bool neg_node; /* Negotiate IPX node number? */
- bool req_node; /* Ask peer to send IPX node number? */
-
- bool neg_nn; /* Negotiate IPX network number? */
- bool req_nn; /* Ask peer to send IPX network number */
-
- bool neg_name; /* Negotiate IPX router name */
- bool neg_complete; /* Negotiate completion */
- bool neg_router; /* Negotiate IPX router number */
-
- bool accept_local; /* accept peer's value for ournode */
- bool accept_remote; /* accept peer's value for hisnode */
- bool accept_network; /* accept network number */
-
- bool tried_nlsp; /* I have suggested NLSP already */
- bool tried_rip; /* I have suggested RIP/SAP already */
-
- u_int32_t his_network; /* base network number */
- u_int32_t our_network; /* our value for network number */
- u_int32_t network; /* the final network number */
-
- u_char his_node[6]; /* peer's node number */
- u_char our_node[6]; /* our node number */
- u_char name [48]; /* name of the router */
- int router; /* routing protocol */
-} ipxcp_options;
-
-extern fsm ipxcp_fsm[];
-extern ipxcp_options ipxcp_wantoptions[];
-extern ipxcp_options ipxcp_gotoptions[];
-extern ipxcp_options ipxcp_allowoptions[];
-extern ipxcp_options ipxcp_hisoptions[];
-
-extern struct protent ipxcp_protent;
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
+#include <fcntl.h>
+#include <string.h>
+#include <time.h>
+#include <arpa/inet.h>
+#include <sys/mman.h>
-#include "pppd.h"
+#include "pppd-private.h"
+#include "options.h"
#include "fsm.h"
#include "lcp.h"
-#include "chap-new.h"
+#include "eap.h"
+#include "chap.h"
#include "magic.h"
-
+#include "multilink.h"
/*
* When the link comes up we want to be able to wait for a short while,
static void lcp_delayed_up(void *);
+/*
+ * These definitions relate to the measurement and logging of round-trip
+ * time (RTT) of LCP echo-requests implemented in lcp_rtt_update_buffer().
+ */
+#define LCP_RTT_MAGIC 0x19450425
+#define LCP_RTT_HEADER_LENGTH 4
+#define LCP_RTT_FILE_SIZE 8192
+#define LCP_RTT_ELEMENTS (LCP_RTT_FILE_SIZE / sizeof(u_int32_t) - LCP_RTT_HEADER_LENGTH) / 2
+
/*
* LCP-related command-line options.
*/
int lcp_echo_interval = 0; /* Interval between LCP echo-requests */
int lcp_echo_fails = 0; /* Tolerance to unanswered echo-requests */
bool lcp_echo_adaptive = 0; /* request echo only if the link was idle */
+char *lcp_rtt_file = NULL; /* measure the RTT of LCP echo-requests */
bool lax_recv = 0; /* accept control chars in asyncmap */
bool noendpoint = 0; /* don't send/accept endpoint discriminator */
static int noopt(char **);
-#ifdef HAVE_MULTILINK
+#ifdef PPP_WITH_MULTILINK
static int setendpoint(char **);
static void printendpoint(option_t *, void (*)(void *, char *, ...), void *);
-#endif /* HAVE_MULTILINK */
+#endif /* PPP_WITH_MULTILINK */
-static option_t lcp_option_list[] = {
+static struct option lcp_option_list[] = {
/* LCP options */
{ "-all", o_special_noarg, (void *)noopt,
"Don't request/allow any LCP options" },
"Set time in seconds between LCP echo requests", OPT_PRIO },
{ "lcp-echo-adaptive", o_bool, &lcp_echo_adaptive,
"Suppress LCP echo requests if traffic was received", 1 },
+ { "lcp-rtt-file", o_string, &lcp_rtt_file,
+ "Filename for logging the round-trip time of LCP echo requests",
+ OPT_PRIO | OPT_PRIV },
{ "lcp-restart", o_int, &lcp_fsm[0].timeouttime,
"Set time in seconds between LCP retransmissions", OPT_PRIO },
{ "lcp-max-terminate", o_int, &lcp_fsm[0].maxtermtransmits,
{ "receive-all", o_bool, &lax_recv,
"Accept all received control characters", 1 },
-#ifdef HAVE_MULTILINK
+#ifdef PPP_WITH_MULTILINK
{ "mrru", o_int, &lcp_wantoptions[0].mrru,
"Maximum received packet size for multilink bundle",
OPT_PRIO, &lcp_wantoptions[0].neg_mrru },
{ "endpoint", o_special, (void *) setendpoint,
"Endpoint discriminator for multilink",
OPT_PRIO | OPT_A2PRINTER, (void *) printendpoint },
-#endif /* HAVE_MULTILINK */
+#endif /* PPP_WITH_MULTILINK */
{ "noendpoint", o_bool, &noendpoint,
"Don't send or accept multilink endpoint discriminator", 1 },
static int lcp_echos_pending = 0; /* Number of outstanding echo msgs */
static int lcp_echo_number = 0; /* ID number of next echo frame */
static int lcp_echo_timer_running = 0; /* set if a timer is running */
+static int lcp_rtt_file_fd = 0; /* fd for the opened LCP RTT file */
+static u_int32_t *lcp_rtt_buffer = NULL; /* the mmap'ed LCP RTT file */
static u_char nak_buffer[PPP_MRU]; /* where we construct a nak packet */
return (1);
}
-#ifdef HAVE_MULTILINK
+#ifdef PPP_WITH_MULTILINK
static int
setendpoint(char **argv)
{
lcp_wantoptions[0].neg_endpoint = 1;
return 1;
}
- option_error("Can't parse '%s' as an endpoint discriminator", *argv);
+ ppp_option_error("Can't parse '%s' as an endpoint discriminator", *argv);
return 0;
}
{
printer(arg, "%s", epdisc_to_str(&lcp_wantoptions[0].endpoint));
}
-#endif /* HAVE_MULTILINK */
+#endif /* PPP_WITH_MULTILINK */
/*
* lcp_init - Initialize LCP.
fsm *f = &lcp_fsm[unit];
int oldstate;
- if (phase != PHASE_DEAD && phase != PHASE_MASTER)
+ if (!in_phase(PHASE_DEAD) && !in_phase(PHASE_MASTER))
new_phase(PHASE_TERMINATE);
if (f->flags & DELAYED_UP) {
- untimeout(lcp_delayed_up, f);
+ UNTIMEOUT(lcp_delayed_up, f);
f->state = STOPPED;
}
oldstate = f->state;
if (listen_time != 0) {
f->flags |= DELAYED_UP;
- timeout(lcp_delayed_up, f, 0, listen_time * 1000);
+ ppp_timeout(lcp_delayed_up, f, 0, listen_time * 1000);
} else
fsm_lowerup(f);
}
if (f->flags & DELAYED_UP) {
f->flags &= ~DELAYED_UP;
- untimeout(lcp_delayed_up, f);
+ UNTIMEOUT(lcp_delayed_up, f);
} else
fsm_lowerdown(&lcp_fsm[unit]);
}
if (f->flags & DELAYED_UP) {
f->flags &= ~DELAYED_UP;
- untimeout(lcp_delayed_up, f);
+ UNTIMEOUT(lcp_delayed_up, f);
fsm_lowerup(f);
}
fsm_input(f, p, len);
if (looped_back) {
if (++try.numloops >= lcp_loopbackfail) {
notice("Serial line is looped back.");
- status = EXIT_LOOPBACK;
+ ppp_set_status(EXIT_LOOPBACK);
lcp_close(f->unit, "Loopback detected");
}
} else
*/
mtu = ho->neg_mru? ho->mru: PPP_MRU;
mru = go->neg_mru? MAX(wo->mru, go->mru): PPP_MRU;
-#ifdef HAVE_MULTILINK
+#ifdef PPP_WITH_MULTILINK
if (!(multilink && go->neg_mrru && ho->neg_mrru))
-#endif /* HAVE_MULTILINK */
- netif_set_mtu(f->unit, MIN(MIN(mtu, mru), ao->mru));
+#endif /* PPP_WITH_MULTILINK */
+ ppp_set_mtu(f->unit, MIN(MIN(mtu, mru), ao->mru));
ppp_send_config(f->unit, mtu,
(ho->neg_asyncmap? ho->asyncmap: 0xffffffff),
ho->neg_pcompression, ho->neg_accompression);
}
break;
case CI_EPDISC:
-#ifdef HAVE_MULTILINK
+#ifdef PPP_WITH_MULTILINK
if (olen >= CILEN_CHAR) {
struct epdisc epd;
p += 2;
if (f->state == OPENED) {
info("No response to %d echo-requests", lcp_echos_pending);
notice("Serial link appears to be disconnected.");
- status = EXIT_PEER_DEAD;
+ ppp_set_status(EXIT_PEER_DEAD);
lcp_close(f->unit, "Peer not responding");
}
}
}
}
+/*
+ * Log the round-trip time (RTT) of the received LCP echo-request.
+ *
+ * The header section at the beginning of lcp_rtt_file contains
+ * LCP_RTT_HEADER_LENGTH fields, each a u_int32_t in network byte order:
+ * [0] LCP_RTT_MAGIC
+ * [1] status (1: the file is open and is being written)
+ * [2] index of the most recently updated element
+ * [3] the value of the lcp-echo-interval parameter
+ *
+ * The header is followed by a ring buffer of LCP_RTT_ELEMENTS elements, each
+ * containing a pair of u_int32_t in network byte order with this content:
+ * [0] UNIX timestamp
+ * [1] bits 24-31: the number of lost LCP echo replies
+ * bits 0-23: the measured RTT in microseconds
+ *
+ * The timestamp is unsigned to support storing dates beyond 2038.
+ *
+ * Consumers of lcp_rtt_file are expected to:
+ * - read the complete file of arbitrary length
+ * - check the magic number
+ * - process the data elements starting at the index
+ * - ignore any elements with a timestamp of 0
+ */
+static void
+lcp_rtt_update_buffer (unsigned long rtt)
+{
+ volatile u_int32_t *const ring_header = lcp_rtt_buffer;
+ volatile u_int32_t *const ring_buffer = lcp_rtt_buffer
+ + LCP_RTT_HEADER_LENGTH;
+ unsigned int next_entry, lost;
+
+ /* choose the next entry where the data will be stored */
+ if (ntohl(ring_header[2]) >= (LCP_RTT_ELEMENTS - 1) * 2)
+ next_entry = 0; /* go back to the beginning */
+ else
+ next_entry = ntohl(ring_header[2]) + 2; /* use the next one */
+
+ /* update the data element */
+ /* storing the timestamp in an *unsigned* long allows dates up to 2106 */
+ ring_buffer[next_entry] = htonl((u_int32_t) time(NULL));
+ lost = lcp_echos_pending - 1;
+ if (lost > 0xFF)
+ lost = 0xFF; /* truncate the lost packets count to 256 */
+ if (rtt > 0xFFFFFF)
+ rtt = 0xFFFFFF; /* truncate the RTT to 16777216 */
+ /* use bits 24-31 for the lost packets count and bits 0-23 for the RTT */
+ ring_buffer[next_entry + 1] = htonl((u_int32_t) ((lost << 24) + rtt));
+
+ /* update the pointer to the (just updated) most current data element */
+ ring_header[2] = htonl(next_entry);
+
+ /* In theory, CPUs implementing a weakly-consistent memory model do not
+ * guarantee that these three memory store operations to the buffer will
+ * be seen in the same order by the reader process.
+ * This means that a process reading the file could see the index
+ * having been updated before the element that the index points to had
+ * been written.
+ * But in practice we expect that the read(2) system call used by
+ * consumers processes is atomic with respect to the following msync(2)
+ * call, so we ignore the issue.
+ */
+
+ if (msync(lcp_rtt_buffer, LCP_RTT_FILE_SIZE, MS_ASYNC) < 0)
+ error("msync() for %s failed: %m", lcp_rtt_file);
+}
+
/*
* LcpEchoReply - LCP has received a reply to the echo
*/
return;
}
+ if (lcp_rtt_file_fd && len >= 16) {
+ long lcp_rtt_magic;
+
+ /*
+ * If the magic word is found at the beginning of the data section
+ * of the frame then read the timestamp which follows and subtract
+ * it from the current time to compute the round trip time.
+ */
+ GETLONG(lcp_rtt_magic, inp);
+ if (lcp_rtt_magic == LCP_RTT_MAGIC) {
+ struct timespec ts;
+ unsigned long req_sec, req_nsec, rtt;
+
+ clock_gettime(CLOCK_MONOTONIC, &ts);
+ GETLONG(req_sec, inp);
+ GETLONG(req_nsec, inp);
+ /* compute the RTT in microseconds */
+ rtt = (ts.tv_sec - req_sec) * 1000000
+ + (ts.tv_nsec / 1000 - req_nsec / 1000);
+ /* log the RTT */
+ lcp_rtt_update_buffer(rtt);
+ }
+ }
+
/* Reset the number of outstanding echo frames */
lcp_echos_pending = 0;
}
LcpSendEchoRequest (fsm *f)
{
u_int32_t lcp_magic;
- u_char pkt[4], *pktp;
+ u_char pkt[16], *pktp;
/*
* Detect the failure of the peer at this point.
if (get_ppp_stats(f->unit, &cur_stats) && cur_stats.pkts_in != last_pkts_in) {
last_pkts_in = cur_stats.pkts_in;
+ /* receipt of traffic indicates the link is working... */
+ lcp_echos_pending = 0;
return;
}
}
lcp_magic = lcp_gotoptions[f->unit].magicnumber;
pktp = pkt;
PUTLONG(lcp_magic, pktp);
+
+ /* Put a timestamp in the data section of the frame */
+ if (lcp_rtt_file_fd) {
+ struct timespec ts;
+
+ PUTLONG(LCP_RTT_MAGIC, pktp);
+ clock_gettime(CLOCK_MONOTONIC, &ts);
+ PUTLONG((u_int32_t)ts.tv_sec, pktp);
+ PUTLONG((u_int32_t)ts.tv_nsec, pktp);
+ }
+
fsm_sdata(f, ECHOREQ, lcp_echo_number++ & 0xFF, pkt, pktp - pkt);
++lcp_echos_pending;
}
}
+static void
+lcp_rtt_open_file (void)
+{
+ volatile u_int32_t *ring_header;
+
+ if (!lcp_rtt_file)
+ return;
+
+ lcp_rtt_file_fd = open(lcp_rtt_file, O_RDWR | O_CREAT, 0644);
+ if (lcp_rtt_file_fd < 0) {
+ error("Can't open the RTT log file %s: %m", lcp_rtt_file);
+ lcp_rtt_file_fd = 0;
+ return;
+ }
+
+ if (ftruncate(lcp_rtt_file_fd, LCP_RTT_FILE_SIZE) < 0)
+ fatal("ftruncate() of %s failed: %m", lcp_rtt_file);
+ lcp_rtt_buffer = mmap(0, LCP_RTT_FILE_SIZE, PROT_READ | PROT_WRITE,
+ MAP_SHARED, lcp_rtt_file_fd, 0);
+ if (lcp_rtt_buffer == MAP_FAILED)
+ fatal("mmap() of %s failed: %m", lcp_rtt_file);
+ ring_header = lcp_rtt_buffer;
+
+ /* initialize the ring buffer */
+ if (ring_header[0] != htonl(LCP_RTT_MAGIC)) {
+ memset(lcp_rtt_buffer, 0, LCP_RTT_FILE_SIZE);
+ ring_header[0] = htonl(LCP_RTT_MAGIC);
+ }
+
+ ring_header[3] = htonl(lcp_echo_interval);
+ ring_header[1] = htonl(1); /* status: LCP up, file opened */
+}
+
+static void
+lcp_rtt_close_file (void)
+{
+ volatile u_int32_t *const ring_header = lcp_rtt_buffer;
+
+ if (!lcp_rtt_file_fd)
+ return;
+
+ ring_header[1] = htonl(0); /* status: LCP down, file closed */
+
+ if (munmap(lcp_rtt_buffer, LCP_RTT_FILE_SIZE) < 0)
+ error("munmap() of %s failed: %m", lcp_rtt_file);
+ if (close(lcp_rtt_file_fd) < 0)
+ error("close() of %s failed: %m", lcp_rtt_file);
+ lcp_rtt_buffer = NULL;
+ lcp_rtt_file_fd = 0;
+}
+
/*
* lcp_echo_lowerup - Start the timer for the LCP frame
*/
lcp_echos_pending = 0;
lcp_echo_number = 0;
lcp_echo_timer_running = 0;
+
+ /* Open the file where the LCP RTT data will be logged */
+ lcp_rtt_open_file();
/* If a timeout interval is specified then start the timer */
if (lcp_echo_interval != 0)
UNTIMEOUT (LcpEchoTimeout, f);
lcp_echo_timer_running = 0;
}
+
+ /* Close the file containing the LCP RTT data */
+ lcp_rtt_close_file();
}
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#ifndef PPP_LCP_H
+#define PPP_LCP_H
+
#include "pppdconf.h"
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
/*
* Options.
*/
/* Value used as data for CI_CALLBACK option */
#define CBCP_OPT 6 /* Use callback control protocol */
+/* An endpoint discriminator, used with multilink. */
+#define MAX_ENDP_LEN 20 /* maximum length of discriminator value */
+struct epdisc {
+ unsigned char class;
+ unsigned char length;
+ unsigned char value[MAX_ENDP_LEN];
+};
+
/*
* The state of options is described by an lcp_options structure.
*/
bool neg_endpoint; /* negotiate endpoint discriminator */
int mru; /* Value of MRU */
int mrru; /* Value of MRRU, and multilink enable */
- u_char chap_mdtype; /* which MD types (hashing algorithm) */
- u_int32_t asyncmap; /* Value of async map */
- u_int32_t magicnumber;
+ unsigned char chap_mdtype; /* which MD types (hashing algorithm) */
+ uint32_t asyncmap; /* Value of async map */
+ uint32_t magicnumber;
int numloops; /* Number of loops during magic number neg. */
- u_int32_t lqr_period; /* Reporting period for LQR 1/100ths second */
+ uint32_t lqr_period; /* Reporting period for LQR 1/100ths second */
struct epdisc endpoint; /* endpoint discriminator */
} lcp_options;
void lcp_close(int, char *);
void lcp_lowerup(int);
void lcp_lowerdown(int);
-void lcp_sprotrej(int, u_char *, int); /* send protocol reject */
+void lcp_sprotrej(int, unsigned char *, int); /* send protocol reject */
extern struct protent lcp_protent;
/* Default number of times we receive our magic number from the peer
before deciding the link is looped-back. */
#define DEFLOOPBACKFAIL 10
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // PPP_LCP_H
#include <sys/types.h>
#include <sys/time.h>
-#include "pppd.h"
+#include "pppd-private.h"
#include "magic.h"
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#ifndef PPP_MAGIC_H
+#define PPP_MAGIC_H
+
#include "pppdconf.h"
+#ifdef __cplusplus
+extern "C" {
+#endif
+
void magic_init (void); /* Initialize the magic number generator */
u_int32_t magic (void); /* Returns the next magic number */
/* Fill buffer with random bytes */
void random_bytes (unsigned char *buf, int len);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // PPP_MAGIC_H
* 3. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
+#include <limits.h>
#include <inttypes.h>
+#include <net/if.h>
-#include "pppd.h"
+#include "pppd-private.h"
+#include "options.h"
#include "magic.h"
#include "fsm.h"
#include "lcp.h"
#include "ipcp.h"
-#ifdef INET6
+#ifdef PPP_WITH_IPV6CP
#include "ipv6cp.h"
#endif
#include "upap.h"
-#include "chap-new.h"
+#include "chap.h"
#include "eap.h"
#include "ccp.h"
#include "ecp.h"
#include "pathnames.h"
+#include "crypto.h"
+#include "multilink.h"
-#ifdef USE_TDB
+#ifdef PPP_WITH_TDB
#include "tdb.h"
#endif
-#ifdef CBCP_SUPPORT
+#ifdef PPP_WITH_CBCP
#include "cbcp.h"
#endif
-#ifdef IPX_CHANGE
-#include "ipxcp.h"
-#endif /* IPX_CHANGE */
#ifdef AT_CHANGE
#include "atcp.h"
#endif
-
/* interface vars */
char ifname[IFNAMSIZ]; /* Interface name */
int ifunit; /* Interface unit number */
char hostname[MAXNAMELEN]; /* Our hostname */
static char pidfilename[MAXPATHLEN]; /* name of pid file */
static char linkpidfile[MAXPATHLEN]; /* name of linkname pid file */
-char ppp_devnam[MAXPATHLEN]; /* name of PPP tty (maybe ttypx) */
uid_t uid; /* Our real user-id */
struct notifier *pidchange = NULL;
struct notifier *phasechange = NULL;
int privileged; /* we're running as real uid root */
int need_holdoff; /* need holdoff period before restarting */
int detached; /* have detached from terminal */
-volatile int status; /* exit status for pppd */
+volatile int code; /* exit status for pppd */
int unsuccess; /* # unsuccessful connection attempts */
int do_callback; /* != 0 if we should do callback next */
int doing_callback; /* != 0 if we are doing callback */
concept (eg PPPoE) */
int childwait_done; /* have timed out waiting for children */
-#ifdef USE_TDB
+#ifdef PPP_WITH_TDB
TDB_CONTEXT *pppdb; /* database for storing status etc. */
#endif
int fd_devnull; /* fd for /dev/null */
int devfd = -1; /* fd of underlying device */
int fd_ppp = -1; /* fd for talking PPP */
-int phase; /* where the link is at */
+ppp_phase_t phase; /* where the link is at */
int kill_link;
int asked_to_quit;
int open_ccp_flag;
struct pppd_stats link_stats;
unsigned link_connect_time;
int link_stats_valid;
+int link_stats_print;
int error_count;
static void forget_child(int pid, int status);
static int reap_kids(void);
static void childwait_end(void *);
+static void run_net_script(char* script, int wait);
-#ifdef USE_TDB
+#ifdef PPP_WITH_TDB
static void update_db_entry(void);
static void add_db_key(const char *);
static void delete_db_key(const char *);
extern char *getlogin(void);
int main(int, char *[]);
+const char *ppp_hostname()
+{
+ return hostname;
+}
+
+bool ppp_signaled(int sig)
+{
+ if (sig == SIGTERM)
+ return !!got_sigterm;
+ if (sig == SIGUSR2)
+ return !!got_sigusr2;
+ if (sig == SIGHUP)
+ return !!got_sighup;
+ return false;
+}
+
+ppp_exit_code_t ppp_status()
+{
+ return code;
+}
+
+void ppp_set_status(ppp_exit_code_t value)
+{
+ code = value;
+}
+
+void ppp_set_session_number(int number)
+{
+ ppp_session_number = number;
+}
+
+int ppp_get_session_number()
+{
+ return ppp_session_number;
+}
+
+const char *ppp_ifname()
+{
+ return ifname;
+}
+
+int ppp_get_ifname(char *buf, size_t bufsz)
+{
+ if (buf) {
+ return strlcpy(buf, ifname, bufsz);
+ }
+ return false;
+}
+
+void ppp_set_ifname(const char *name)
+{
+ if (name) {
+ strlcpy(ifname, name, sizeof(ifname));
+ }
+}
+
+int ppp_ifunit()
+{
+ return ifunit;
+}
+
+int ppp_get_link_uptime()
+{
+ return link_connect_time;
+}
+
/*
* PPP Data Link Layer "protocol" table.
* One entry per supported protocol.
&lcp_protent,
&pap_protent,
&chap_protent,
-#ifdef CBCP_SUPPORT
+#ifdef PPP_WITH_CBCP
&cbcp_protent,
#endif
&ipcp_protent,
-#ifdef INET6
+#ifdef PPP_WITH_IPV6CP
&ipv6cp_protent,
#endif
&ccp_protent,
&ecp_protent,
-#ifdef IPX_CHANGE
- &ipxcp_protent,
-#endif
#ifdef AT_CHANGE
&atcp_protent,
#endif
struct protent *protp;
char numbuf[16];
- strlcpy(path_ipup, _PATH_IPUP, sizeof(path_ipup));
- strlcpy(path_ipdown, _PATH_IPDOWN, sizeof(path_ipdown));
+ PPP_crypto_init();
-#ifdef INET6
- strlcpy(path_ipv6up, _PATH_IPV6UP, sizeof(path_ipv6up));
- strlcpy(path_ipv6down, _PATH_IPV6DOWN, sizeof(path_ipv6down));
+ strlcpy(path_ipup, PPP_PATH_IPUP, MAXPATHLEN);
+ strlcpy(path_ipdown, PPP_PATH_IPDOWN, MAXPATHLEN);
+
+#ifdef PPP_WITH_IPV6CP
+ strlcpy(path_ipv6up, PPP_PATH_IPV6UP, MAXPATHLEN);
+ strlcpy(path_ipv6down, PPP_PATH_IPV6DOWN, MAXPATHLEN);
#endif
link_stats_valid = 0;
+ link_stats_print = 1;
new_phase(PHASE_INITIALIZE);
script_env = NULL;
/* Initialize syslog facilities */
reopen_log();
- if (gethostname(hostname, MAXNAMELEN) < 0 ) {
- option_error("Couldn't get hostname: %m");
+ if (gethostname(hostname, sizeof(hostname)) < 0 ) {
+ ppp_option_error("Couldn't get hostname: %m");
exit(1);
}
hostname[MAXNAMELEN-1] = 0;
uid = getuid();
privileged = uid == 0;
slprintf(numbuf, sizeof(numbuf), "%d", uid);
- script_setenv("ORIG_UID", numbuf, 0);
+ ppp_script_setenv("ORIG_UID", numbuf, 0);
ngroups = getgroups(NGROUPS_MAX, groups);
* Parse, in order, the system options file, the user's options file,
* and the command line arguments.
*/
- if (!options_from_file(_PATH_SYSOPTIONS, !privileged, 0, 1)
+ if (!ppp_options_from_file(PPP_PATH_SYSOPTIONS, !privileged, 0, 1)
|| !options_from_user()
|| !parse_args(argc-1, argv+1))
exit(EXIT_OPTION_ERROR);
if (debug)
setlogmask(LOG_UPTO(LOG_DEBUG));
+ if (show_options) {
+ showopts();
+ die(0);
+ }
+
/*
* Check that we are running as root.
*/
if (geteuid() != 0) {
- option_error("must be root to run %s, since it is not setuid-root",
+ ppp_option_error("must be root to run %s, since it is not setuid-root",
argv[0]);
exit(EXIT_NOT_ROOT);
}
- if (!ppp_available()) {
- option_error("%s", no_ppp_msg);
+ if (!ppp_check_kernel_support()) {
+ ppp_option_error("%s", no_ppp_msg);
exit(EXIT_NO_KERNEL_SUPPORT);
}
if (!sys_check_options())
exit(EXIT_OPTION_ERROR);
auth_check_options();
-#ifdef HAVE_MULTILINK
mp_check_options();
-#endif
for (i = 0; (protp = protocols[i]) != NULL; ++i)
if (protp->check_options != NULL)
(*protp->check_options)();
die(0);
/* Make sure fds 0, 1, 2 are open to somewhere. */
- fd_devnull = open(_PATH_DEVNULL, O_RDWR);
+ fd_devnull = open(PPP_DEVNULL, O_RDWR);
if (fd_devnull < 0)
- fatal("Couldn't open %s: %m", _PATH_DEVNULL);
+ fatal("Couldn't open %s: %m", PPP_DEVNULL);
while (fd_devnull <= 2) {
i = dup(fd_devnull);
if (i < 0)
*/
sys_init();
-#ifdef USE_TDB
- pppdb = tdb_open(_PATH_PPPDB, 0, 0, O_RDWR|O_CREAT, 0644);
+#ifdef PPP_WITH_TDB
+ pppdb = tdb_open(PPP_PATH_PPPDB, 0, 0, O_RDWR|O_CREAT, 0644);
if (pppdb != NULL) {
slprintf(db_key, sizeof(db_key), "pppd%d", getpid());
update_db_entry();
} else {
- warn("Warning: couldn't open ppp database %s", _PATH_PPPDB);
+ warn("Warning: couldn't open ppp database %s", PPP_PATH_PPPDB);
if (multilink) {
warn("Warning: disabling multilink");
multilink = 0;
p = "(unknown)";
}
syslog(LOG_NOTICE, "pppd %s started by %s, uid %d", VERSION, p, uid);
- script_setenv("PPPLOGNAME", p, 0);
+ ppp_script_setenv("PPPLOGNAME", p, 0);
if (devnam[0])
- script_setenv("DEVICE", devnam, 1);
+ ppp_script_setenv("DEVICE", devnam, 1);
slprintf(numbuf, sizeof(numbuf), "%d", getpid());
- script_setenv("PPPD_PID", numbuf, 1);
+ ppp_script_setenv("PPPD_PID", numbuf, 1);
setup_signals();
listen_time = 0;
need_holdoff = 1;
devfd = -1;
- status = EXIT_OK;
+ code = EXIT_OK;
++unsuccess;
doing_callback = do_callback;
do_callback = 0;
info("Starting link");
}
- get_time(&start_time);
- script_unsetenv("CONNECT_TIME");
- script_unsetenv("BYTES_SENT");
- script_unsetenv("BYTES_RCVD");
+ ppp_get_time(&start_time);
+ ppp_script_unsetenv("CONNECT_TIME");
+ ppp_script_unsetenv("BYTES_SENT");
+ ppp_script_unsetenv("BYTES_RCVD");
lcp_open(0); /* Start protocol */
start_link(0);
}
}
- die(status);
+ PPP_crypto_deinit();
+ die(code);
return 0;
}
info("Hangup (SIGHUP)");
kill_link = 1;
got_sighup = 0;
- if (status != EXIT_HANGUP)
- status = EXIT_USER_REQUEST;
+ if (code != EXIT_HANGUP)
+ code = EXIT_USER_REQUEST;
}
if (got_sigterm) {
info("Terminating on signal %d", got_sigterm);
kill_link = 1;
asked_to_quit = 1;
persist = 0;
- status = EXIT_USER_REQUEST;
+ code = EXIT_USER_REQUEST;
got_sigterm = 0;
}
if (got_sigchld) {
signal(SIGPIPE, SIG_IGN);
}
+/*
+ * net-* scripts to be run come through here.
+ */
+void run_net_script(char* script, int wait)
+{
+ char strspeed[32];
+ char *argv[6];
+
+ slprintf(strspeed, sizeof(strspeed), "%d", baud_rate);
+
+ argv[0] = script;
+ argv[1] = ifname;
+ argv[2] = devnam;
+ argv[3] = strspeed;
+ argv[4] = ipparam;
+ argv[5] = NULL;
+
+ run_program(script, argv, 0, NULL, NULL, wait);
+}
+
/*
* set_ifunit - do things we need to do once we know which ppp
* unit we are using.
else
slprintf(ifname, sizeof(ifname), "%s%d", PPP_DRV_NAME, ifunit);
info("Using interface %s", ifname);
- script_setenv("IFNAME", ifname, iskey);
+ ppp_script_setenv("IFNAME", ifname, iskey);
slprintf(ifkey, sizeof(ifkey), "%d", ifunit);
- script_setenv("UNIT", ifkey, iskey);
+ ppp_script_setenv("UNIT", ifkey, iskey);
if (iskey) {
create_pidfile(getpid()); /* write pid to file */
create_linkpidfile(getpid());
}
+ run_net_script(PPP_PATH_NET_INIT, 1);
}
/*
if (log_default)
log_to_fd = -1;
slprintf(numbuf, sizeof(numbuf), "%d", getpid());
- script_setenv("PPPD_PID", numbuf, 1);
+ ppp_script_setenv("PPPD_PID", numbuf, 1);
/* wait for parent to finish updating pid & lock files and die */
close(pipefd[1]);
{
FILE *pidfile;
- slprintf(pidfilename, sizeof(pidfilename), "%s%s.pid",
- _PATH_VARRUN, ifname);
+ slprintf(pidfilename, sizeof(pidfilename), "%s/%s.pid",
+ PPP_PATH_VARRUN, ifname);
if ((pidfile = fopen(pidfilename, "w")) != NULL) {
fprintf(pidfile, "%d\n", pid);
(void) fclose(pidfile);
if (linkname[0] == 0)
return;
- script_setenv("LINKNAME", linkname, 1);
- slprintf(linkpidfile, sizeof(linkpidfile), "%sppp-%s.pid",
- _PATH_VARRUN, linkname);
+ ppp_script_setenv("LINKNAME", linkname, 1);
+ slprintf(linkpidfile, sizeof(linkpidfile), "%s/ppp-%s.pid",
+ PPP_PATH_VARRUN, linkname);
if ((pidfile = fopen(linkpidfile, "w")) != NULL) {
fprintf(pidfile, "%d\n", pid);
if (ifname[0])
return;
if (len == 0) {
- if (bundle_eof && multilink_master) {
+ if (bundle_eof && mp_master()) {
notice("Last channel has disconnected");
mp_bundle_terminated();
return;
}
notice("Modem hangup");
hungup = 1;
- status = EXIT_HANGUP;
+ code = EXIT_HANGUP;
lcp_lowerdown(0); /* serial link is no longer available */
link_terminated(0);
return;
* new_phase - signal the start of a new phase of pppd's operation.
*/
void
-new_phase(int p)
+new_phase(ppp_phase_t p)
{
+ switch (p) {
+ case PHASE_NETWORK:
+ if (phase <= PHASE_NETWORK) {
+ char iftmpname[IFNAMSIZ];
+ int ifindex = if_nametoindex(ifname);
+ run_net_script(PPP_PATH_NET_PREUP, 1);
+ if (if_indextoname(ifindex, iftmpname) && strcmp(iftmpname, ifname)) {
+ info("Detected interface name change from %s to %s.", ifname, iftmpname);
+ strcpy(ifname, iftmpname);
+ }
+ }
+ break;
+ case PHASE_DISCONNECT:
+ run_net_script(PPP_PATH_NET_DOWN, 0);
+ break;
+ }
+
phase = p;
if (new_phase_hook)
(*new_phase_hook)(p);
notify(phasechange, p);
}
+bool
+in_phase(ppp_phase_t p)
+{
+ return (phase == p);
+}
+
/*
* die - clean up state and exit with the specified status.
*/
void
die(int status)
{
- if (!doing_multilink || multilink_master)
+
+ if (!mp_on() || mp_master())
print_link_stats();
cleanup();
notify(exitnotify, status);
(*the_channel->cleanup)();
remove_pidfiles();
-#ifdef USE_TDB
+#ifdef PPP_WITH_TDB
if (pppdb != NULL)
cleanup_db();
#endif
/*
* Print connect time and statistics.
*/
- if (link_stats_valid) {
+ if (link_stats_print && link_stats_valid) {
int t = (link_connect_time + 5) / 6; /* 1/10ths of minutes */
info("Connect time %d.%d minutes.", t/10, t%10);
info("Sent %u bytes, received %u bytes.",
link_stats.bytes_out, link_stats.bytes_in);
- link_stats_valid = 0;
+ link_stats_print = 0;
}
}
{
if (!get_ppp_stats(u, &old_link_stats))
return;
- get_time(&start_time);
+ ppp_get_time(&start_time);
}
/*
char numbuf[32];
if (!get_ppp_stats(u, &link_stats)
- || get_time(&now) < 0)
+ || ppp_get_time(&now) < 0)
return;
link_connect_time = now.tv_sec - start_time.tv_sec;
link_stats_valid = 1;
link_stats.pkts_out -= old_link_stats.pkts_out;
slprintf(numbuf, sizeof(numbuf), "%u", link_connect_time);
- script_setenv("CONNECT_TIME", numbuf, 0);
+ ppp_script_setenv("CONNECT_TIME", numbuf, 0);
snprintf(numbuf, sizeof(numbuf), "%" PRIu64, link_stats.bytes_out);
- script_setenv("BYTES_SENT", numbuf, 0);
+ ppp_script_setenv("BYTES_SENT", numbuf, 0);
snprintf(numbuf, sizeof(numbuf), "%" PRIu64, link_stats.bytes_in);
- script_setenv("BYTES_RCVD", numbuf, 0);
+ ppp_script_setenv("BYTES_RCVD", numbuf, 0);
+}
+
+bool
+ppp_get_link_stats(ppp_link_stats_st *stats)
+{
+ update_link_stats(0);
+ if (stats != NULL &&
+ link_stats_valid) {
+
+ memcpy(stats, &link_stats, sizeof(*stats));
+ return true;
+ }
+ return false;
}
* timeout - Schedule a timeout.
*/
void
-timeout(void (*func)(void *), void *arg, int secs, int usecs)
+ppp_timeout(void (*func)(void *), void *arg, int secs, int usecs)
{
struct callout *newp, *p, **pp;
fatal("Out of memory in timeout()!");
newp->c_arg = arg;
newp->c_func = func;
- get_time(&timenow);
+ ppp_get_time(&timenow);
newp->c_time.tv_sec = timenow.tv_sec + secs;
newp->c_time.tv_usec = timenow.tv_usec + usecs;
if (newp->c_time.tv_usec >= 1000000) {
* untimeout - Unschedule a timeout.
*/
void
-untimeout(void (*func)(void *), void *arg)
+ppp_untimeout(void (*func)(void *), void *arg)
{
struct callout **copp, *freep;
while (callout != NULL) {
p = callout;
- if (get_time(&timenow) < 0)
+ if (ppp_get_time(&timenow) < 0)
fatal("Failed to get time of day: %m");
if (!(p->c_time.tv_sec < timenow.tv_sec
|| (p->c_time.tv_sec == timenow.tv_sec
if (callout == NULL)
return NULL;
- get_time(&timenow);
+ ppp_get_time(&timenow);
tvp->tv_sec = callout->c_time.tv_sec - timenow.tv_sec;
tvp->tv_usec = callout->c_time.tv_usec - timenow.tv_usec;
if (tvp->tv_usec < 0) {
}
/*
- * safe_fork - Create a child process. The child closes all the
+ * ppp_safe_fork - Create a child process. The child closes all the
* file descriptors that we don't want to leak to a script.
* The parent waits for the child to do this before returning.
* This also arranges for the specified fds to be dup'd to
* fds 0, 1, 2 in the child.
*/
pid_t
-safe_fork(int infd, int outfd, int errfd)
+ppp_safe_fork(int infd, int outfd, int errfd)
{
pid_t pid;
int fd, pipefd[2];
}
/* Executing in the child */
- sys_close();
-#ifdef USE_TDB
+ ppp_sys_close();
+#ifdef PPP_WITH_TDB
if (pppdb != NULL)
tdb_close(pppdb);
#endif
/*
* device_script - run a program to talk to the specified fds
* (e.g. to run the connector or disconnector script).
- * stderr gets connected to the log fd or to the _PATH_CONNERRS file.
+ * stderr gets connected to the log fd or to the PPP_PATH_CONNERRS file.
*/
int
device_script(char *program, int in, int out, int dont_wait)
if (log_to_fd >= 0)
errfd = log_to_fd;
else
- errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0644);
+ errfd = open(PPP_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0644);
++conn_running;
- pid = safe_fork(in, out, errfd);
+ pid = ppp_safe_fork(in, out, errfd);
if (pid != 0 && log_to_fd < 0)
close(errfd);
* and update the script environment. Note that we intentionally do
* not update the TDB. These changes are layered on top right before
* exec. It is not possible to use script_setenv() or
- * script_unsetenv() safely after this routine is run.
+ * ppp_script_unsetenv() safely after this routine is run.
*/
static void
update_script_environment(void)
* reap_kids) iff the return value is > 0.
*/
pid_t
-run_program(char *prog, char **args, int must_exist, void (*done)(void *), void *arg, int wait)
+run_program(char *prog, char * const *args, int must_exist, void (*done)(void *), void *arg, int wait)
{
int pid, status, ret;
struct stat sbuf;
return 0;
}
- pid = safe_fork(fd_devnull, fd_devnull, fd_devnull);
+ pid = ppp_safe_fork(fd_devnull, fd_devnull, fd_devnull);
if (pid == -1) {
error("Failed to create child process for %s: %m", prog);
return -1;
return 0;
}
+
+struct notifier **get_notifier_by_type(ppp_notify_t type)
+{
+ struct notifier **list[NF_MAX_NOTIFY] = {
+ [NF_PID_CHANGE ] = &pidchange,
+ [NF_PHASE_CHANGE] = &phasechange,
+ [NF_EXIT ] = &exitnotify,
+ [NF_SIGNALED ] = &sigreceived,
+ [NF_IP_UP ] = &ip_up_notifier,
+ [NF_IP_DOWN ] = &ip_down_notifier,
+#ifdef PPP_WITH_IPV6CP
+ [NF_IPV6_UP ] = &ipv6_up_notifier,
+ [NF_IPV6_DOWN ] = &ipv6_down_notifier,
+#endif
+ [NF_AUTH_UP ] = &auth_up_notifier,
+ [NF_LINK_DOWN ] = &link_down_notifier,
+ [NF_FORK ] = &fork_notifier,
+ };
+ return list[type];
+}
+
/*
* add_notifier - add a new function to be called when something happens.
*/
void
-add_notifier(struct notifier **notif, notify_func func, void *arg)
+ppp_add_notify(ppp_notify_t type, ppp_notify_fn *func, void *arg)
{
- struct notifier *np;
-
- np = malloc(sizeof(struct notifier));
- if (np == 0)
- novm("notifier struct");
- np->next = *notif;
- np->func = func;
- np->arg = arg;
- *notif = np;
+ struct notifier **notif = get_notifier_by_type(type);
+ if (notif) {
+
+ struct notifier *np = malloc(sizeof(struct notifier));
+ if (np == 0)
+ novm("notifier struct");
+ np->next = *notif;
+ np->func = func;
+ np->arg = arg;
+ *notif = np;
+ } else {
+ error("Could not find notifier function for: %d", type);
+ }
}
/*
* be called when something happens.
*/
void
-remove_notifier(struct notifier **notif, notify_func func, void *arg)
+ppp_del_notify(ppp_notify_t type, ppp_notify_fn *func, void *arg)
{
- struct notifier *np;
-
- for (; (np = *notif) != 0; notif = &np->next) {
- if (np->func == func && np->arg == arg) {
- *notif = np->next;
- free(np);
- break;
+ struct notifier **notif = get_notifier_by_type(type);
+ if (notif) {
+ struct notifier *np;
+
+ for (; (np = *notif) != 0; notif = &np->next) {
+ if (np->func == func && np->arg == arg) {
+ *notif = np->next;
+ free(np);
+ break;
+ }
}
+ } else {
+ error("Could not find notifier function for: %d", type);
}
}
* novm - log an error message saying we ran out of memory, and die.
*/
void
-novm(char *msg)
+novm(const char *msg)
{
fatal("Virtual memory exhausted allocating %s\n", msg);
}
/*
- * script_setenv - set an environment variable value to be used
+ * ppp_script_setenv - set an environment variable value to be used
* for scripts that we run (e.g. ip-up, auth-up, etc.)
*/
void
-script_setenv(char *var, char *value, int iskey)
+ppp_script_setenv(char *var, char *value, int iskey)
{
size_t varl = strlen(var);
size_t vl = varl + strlen(value) + 2;
if (script_env != 0) {
for (i = 0; (p = script_env[i]) != 0; ++i) {
if (strncmp(p, var, varl) == 0 && p[varl] == '=') {
-#ifdef USE_TDB
+#ifdef PPP_WITH_TDB
if (p[-1] && pppdb != NULL)
delete_db_key(p);
#endif
free(p-1);
script_env[i] = newstring;
-#ifdef USE_TDB
+#ifdef PPP_WITH_TDB
if (pppdb != NULL) {
if (iskey)
add_db_key(newstring);
if (!add_script_env(i, newstring))
return;
-#ifdef USE_TDB
+#ifdef PPP_WITH_TDB
if (pppdb != NULL) {
if (iskey)
add_db_key(newstring);
}
/*
- * script_unsetenv - remove a variable from the environment
+ * ppp_script_unsetenv - remove a variable from the environment
* for scripts.
*/
void
-script_unsetenv(char *var)
+ppp_script_unsetenv(char *var)
{
int vl = strlen(var);
int i;
return;
for (i = 0; (p = script_env[i]) != 0; ++i) {
if (strncmp(p, var, vl) == 0 && p[vl] == '=') {
-#ifdef USE_TDB
+#ifdef PPP_WITH_TDB
if (p[-1] && pppdb != NULL)
delete_db_key(p);
#endif
break;
}
}
-#ifdef USE_TDB
+#ifdef PPP_WITH_TDB
if (pppdb != NULL)
update_db_entry();
#endif
*/
void lock_db(void)
{
-#ifdef USE_TDB
+#ifdef PPP_WITH_TDB
TDB_DATA key;
key.dptr = PPPD_LOCK_KEY;
*/
void unlock_db(void)
{
-#ifdef USE_TDB
+#ifdef PPP_WITH_TDB
TDB_DATA key;
key.dptr = PPPD_LOCK_KEY;
#endif
}
-#ifdef USE_TDB
+#ifdef PPP_WITH_TDB
/*
* update_db_entry - update our entry in the database.
*/
if (p[-1])
delete_db_key(p);
}
-#endif /* USE_TDB */
+#endif /* PPP_WITH_TDB */
+++ /dev/null
-/*
-** ********************************************************************
-** md4.c -- Implementation of MD4 Message Digest Algorithm **
-** Updated: 2/16/90 by Ronald L. Rivest **
-** (C) 1990 RSA Data Security, Inc. **
-** ********************************************************************
-*/
-
-/*
-** To use MD4:
-** -- Include md4.h in your program
-** -- Declare an MDstruct MD to hold the state of the digest
-** computation.
-** -- Initialize MD using MDbegin(&MD)
-** -- For each full block (64 bytes) X you wish to process, call
-** MD4Update(&MD,X,512)
-** (512 is the number of bits in a full block.)
-** -- For the last block (less than 64 bytes) you wish to process,
-** MD4Update(&MD,X,n)
-** where n is the number of bits in the partial block. A partial
-** block terminates the computation, so every MD computation
-** should terminate by processing a partial block, even if it
-** has n = 0.
-** -- The message digest is available in MD.buffer[0] ...
-** MD.buffer[3]. (Least-significant byte of each word
-** should be output first.)
-** -- You can print out the digest using MDprint(&MD)
-*/
-
-/* Implementation notes:
-** This implementation assumes that ints are 32-bit quantities.
-*/
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#define TRUE 1
-#define FALSE 0
-
-/* Compile-time includes
-*/
-#include <stdio.h>
-#include "md4.h"
-#include "pppd.h"
-
-/* Compile-time declarations of MD4 "magic constants".
-*/
-#define I0 0x67452301 /* Initial values for MD buffer */
-#define I1 0xefcdab89
-#define I2 0x98badcfe
-#define I3 0x10325476
-#define C2 013240474631 /* round 2 constant = sqrt(2) in octal */
-#define C3 015666365641 /* round 3 constant = sqrt(3) in octal */
-/* C2 and C3 are from Knuth, The Art of Programming, Volume 2
-** (Seminumerical Algorithms), Second Edition (1981), Addison-Wesley.
-** Table 2, page 660.
-*/
-
-#define fs1 3 /* round 1 shift amounts */
-#define fs2 7
-#define fs3 11
-#define fs4 19
-#define gs1 3 /* round 2 shift amounts */
-#define gs2 5
-#define gs3 9
-#define gs4 13
-#define hs1 3 /* round 3 shift amounts */
-#define hs2 9
-#define hs3 11
-#define hs4 15
-
-/* Compile-time macro declarations for MD4.
-** Note: The "rot" operator uses the variable "tmp".
-** It assumes tmp is declared as unsigned int, so that the >>
-** operator will shift in zeros rather than extending the sign bit.
-*/
-#define f(X,Y,Z) ((X&Y) | ((~X)&Z))
-#define g(X,Y,Z) ((X&Y) | (X&Z) | (Y&Z))
-#define h(X,Y,Z) (X^Y^Z)
-#define rot(X,S) (tmp=X,(tmp<<S) | (tmp>>(32-S)))
-#define ff(A,B,C,D,i,s) A = rot((A + f(B,C,D) + X[i]),s)
-#define gg(A,B,C,D,i,s) A = rot((A + g(B,C,D) + X[i] + C2),s)
-#define hh(A,B,C,D,i,s) A = rot((A + h(B,C,D) + X[i] + C3),s)
-
-/* MD4print(MDp)
-** Print message digest buffer MDp as 32 hexadecimal digits.
-** Order is from low-order byte of buffer[0] to high-order byte of
-** buffer[3].
-** Each byte is printed with high-order hexadecimal digit first.
-** This is a user-callable routine.
-*/
-void
-MD4Print(MD4_CTX *MDp)
-{
- int i,j;
- for (i=0;i<4;i++)
- for (j=0;j<32;j=j+8)
- printf("%02x",(MDp->buffer[i]>>j) & 0xFF);
-}
-
-/* MD4Init(MDp)
-** Initialize message digest buffer MDp.
-** This is a user-callable routine.
-*/
-void
-MD4Init(MD4_CTX *MDp)
-{
- int i;
- MDp->buffer[0] = I0;
- MDp->buffer[1] = I1;
- MDp->buffer[2] = I2;
- MDp->buffer[3] = I3;
- for (i=0;i<8;i++) MDp->count[i] = 0;
- MDp->done = 0;
-}
-
-/* MDblock(MDp,X)
-** Update message digest buffer MDp->buffer using 16-word data block X.
-** Assumes all 16 words of X are full of data.
-** Does not update MDp->count.
-** This routine is not user-callable.
-*/
-static void
-MDblock(MD4_CTX *MDp, unsigned char *Xb)
-{
- register unsigned int tmp, A, B, C, D;
- unsigned int X[16];
- int i;
-
- for (i = 0; i < 16; ++i) {
- X[i] = Xb[0] + (Xb[1] << 8) + (Xb[2] << 16) + (Xb[3] << 24);
- Xb += 4;
- }
-
- A = MDp->buffer[0];
- B = MDp->buffer[1];
- C = MDp->buffer[2];
- D = MDp->buffer[3];
- /* Update the message digest buffer */
- ff(A , B , C , D , 0 , fs1); /* Round 1 */
- ff(D , A , B , C , 1 , fs2);
- ff(C , D , A , B , 2 , fs3);
- ff(B , C , D , A , 3 , fs4);
- ff(A , B , C , D , 4 , fs1);
- ff(D , A , B , C , 5 , fs2);
- ff(C , D , A , B , 6 , fs3);
- ff(B , C , D , A , 7 , fs4);
- ff(A , B , C , D , 8 , fs1);
- ff(D , A , B , C , 9 , fs2);
- ff(C , D , A , B , 10 , fs3);
- ff(B , C , D , A , 11 , fs4);
- ff(A , B , C , D , 12 , fs1);
- ff(D , A , B , C , 13 , fs2);
- ff(C , D , A , B , 14 , fs3);
- ff(B , C , D , A , 15 , fs4);
- gg(A , B , C , D , 0 , gs1); /* Round 2 */
- gg(D , A , B , C , 4 , gs2);
- gg(C , D , A , B , 8 , gs3);
- gg(B , C , D , A , 12 , gs4);
- gg(A , B , C , D , 1 , gs1);
- gg(D , A , B , C , 5 , gs2);
- gg(C , D , A , B , 9 , gs3);
- gg(B , C , D , A , 13 , gs4);
- gg(A , B , C , D , 2 , gs1);
- gg(D , A , B , C , 6 , gs2);
- gg(C , D , A , B , 10 , gs3);
- gg(B , C , D , A , 14 , gs4);
- gg(A , B , C , D , 3 , gs1);
- gg(D , A , B , C , 7 , gs2);
- gg(C , D , A , B , 11 , gs3);
- gg(B , C , D , A , 15 , gs4);
- hh(A , B , C , D , 0 , hs1); /* Round 3 */
- hh(D , A , B , C , 8 , hs2);
- hh(C , D , A , B , 4 , hs3);
- hh(B , C , D , A , 12 , hs4);
- hh(A , B , C , D , 2 , hs1);
- hh(D , A , B , C , 10 , hs2);
- hh(C , D , A , B , 6 , hs3);
- hh(B , C , D , A , 14 , hs4);
- hh(A , B , C , D , 1 , hs1);
- hh(D , A , B , C , 9 , hs2);
- hh(C , D , A , B , 5 , hs3);
- hh(B , C , D , A , 13 , hs4);
- hh(A , B , C , D , 3 , hs1);
- hh(D , A , B , C , 11 , hs2);
- hh(C , D , A , B , 7 , hs3);
- hh(B , C , D , A , 15 , hs4);
- MDp->buffer[0] += A;
- MDp->buffer[1] += B;
- MDp->buffer[2] += C;
- MDp->buffer[3] += D;
-}
-
-/* MD4Update(MDp,X,count)
-** Input: X -- a pointer to an array of unsigned characters.
-** count -- the number of bits of X to use.
-** (if not a multiple of 8, uses high bits of last byte.)
-** Update MDp using the number of bits of X given by count.
-** This is the basic input routine for an MD4 user.
-** The routine completes the MD computation when count < 512, so
-** every MD computation should end with one call to MD4Update with a
-** count less than 512. A call with count 0 will be ignored if the
-** MD has already been terminated (done != 0), so an extra call with
-** count 0 can be given as a "courtesy close" to force termination
-** if desired.
-*/
-void
-MD4Update(MD4_CTX *MDp, unsigned char *X, unsigned int count)
-{
- unsigned int i, tmp, bit, byte, mask;
- unsigned char XX[64];
- unsigned char *p;
-
- /* return with no error if this is a courtesy close with count
- ** zero and MDp->done is true.
- */
- if (count == 0 && MDp->done) return;
- /* check to see if MD is already done and report error */
- if (MDp->done)
- { printf("\nError: MD4Update MD already done."); return; }
-
- /* Add count to MDp->count */
- tmp = count;
- p = MDp->count;
- while (tmp)
- { tmp += *p;
- *p++ = tmp;
- tmp = tmp >> 8;
- }
-
- /* Process data */
- if (count == 512)
- { /* Full block of data to handle */
- MDblock(MDp,X);
- }
- else if (count > 512) /* Check for count too large */
- {
- printf("\nError: MD4Update called with illegal count value %d.",
- count);
- return;
- }
- else /* partial block -- must be last block so finish up */
- {
- /* Find out how many bytes and residual bits there are */
- byte = count >> 3;
- bit = count & 7;
- /* Copy X into XX since we need to modify it */
- if (count)
- for (i=0;i<=byte;i++) XX[i] = X[i];
- for (i=byte+1;i<64;i++) XX[i] = 0;
- /* Add padding '1' bit and low-order zeros in last byte */
- mask = 1 << (7 - bit);
- XX[byte] = (XX[byte] | mask) & ~( mask - 1);
- /* If room for bit count, finish up with this block */
- if (byte <= 55)
- {
- for (i=0;i<8;i++) XX[56+i] = MDp->count[i];
- MDblock(MDp,XX);
- }
- else /* need to do two blocks to finish up */
- {
- MDblock(MDp,XX);
- for (i=0;i<56;i++) XX[i] = 0;
- for (i=0;i<8;i++) XX[56+i] = MDp->count[i];
- MDblock(MDp,XX);
- }
- /* Set flag saying we're done with MD computation */
- MDp->done = 1;
- }
-}
-
-/*
-** Finish up MD4 computation and return message digest.
-*/
-void
-MD4Final(unsigned char *buf, MD4_CTX *MD)
-{
- int i, j;
- unsigned int w;
-
- MD4Update(MD, NULL, 0);
- for (i = 0; i < 4; ++i) {
- w = MD->buffer[i];
- for (j = 0; j < 4; ++j) {
- *buf++ = w;
- w >>= 8;
- }
- }
-}
-
-/*
-** End of md4.c
-****************************(cut)***********************************/
+++ /dev/null
-
-/*
-** ********************************************************************
-** md4.h -- Header file for implementation of **
-** MD4 Message Digest Algorithm **
-** Updated: 2/13/90 by Ronald L. Rivest **
-** (C) 1990 RSA Data Security, Inc. **
-** ********************************************************************
-*/
-#include "pppdconf.h"
-
-#ifndef __MD4_INCLUDE__
-#define __MD4_INCLUDE__
-#ifndef USE_MD4
-#include <openssl/md4.h>
-#define MD4Init MD4_Init
-#define MD4Update MD4_Update
-#define MD4Final MD4_Final
-#else
-
-/* MDstruct is the data structure for a message digest computation.
-*/
-typedef struct {
- unsigned int buffer[4]; /* Holds 4-word result of MD computation */
- unsigned char count[8]; /* Number of bits processed so far */
- unsigned int done; /* Nonzero means MD computation finished */
-} MD4_CTX;
-
-/* MD4Init(MD4_CTX *)
-** Initialize the MD4_CTX prepatory to doing a message digest
-** computation.
-*/
-extern void MD4Init(MD4_CTX *MD);
-
-/* MD4Update(MD,X,count)
-** Input: X -- a pointer to an array of unsigned characters.
-** count -- the number of bits of X to use (an unsigned int).
-** Updates MD using the first "count" bits of X.
-** The array pointed to by X is not modified.
-** If count is not a multiple of 8, MD4Update uses high bits of
-** last byte.
-** This is the basic input routine for a user.
-** The routine terminates the MD computation when count < 512, so
-** every MD computation should end with one call to MD4Update with a
-** count less than 512. Zero is OK for a count.
-*/
-extern void MD4Update(MD4_CTX *MD, unsigned char *X, unsigned int count);
-
-/* MD4Print(MD)
-** Prints message digest buffer MD as 32 hexadecimal digits.
-** Order is from low-order byte of buffer[0] to high-order byte
-** of buffer[3].
-** Each byte is printed with high-order hexadecimal digit first.
-*/
-extern void MD4Print(MD4_CTX *);
-
-/* MD4Final(buf, MD)
-** Returns message digest from MD and terminates the message
-** digest computation.
-*/
-extern void MD4Final(unsigned char *, MD4_CTX *);
-
-/*
-** End of md4.h
-****************************(cut)***********************************/
-#endif /* USE_MD4 */
-#endif /* __MD4_INCLUDE__ */
+++ /dev/null
-
-
-/*
- ***********************************************************************
- ** md5.c -- the source code for MD5 routines **
- ** RSA Data Security, Inc. MD5 Message-Digest Algorithm **
- ** Created: 2/17/90 RLR **
- ** Revised: 1/91 SRD,AJ,BSK,JT Reference C ver., 7/10 constant corr. **
- ***********************************************************************
- */
-
-/*
- ***********************************************************************
- ** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. **
- ** **
- ** License to copy and use this software is granted provided that **
- ** it is identified as the "RSA Data Security, Inc. MD5 Message- **
- ** Digest Algorithm" in all material mentioning or referencing this **
- ** software or this function. **
- ** **
- ** License is also granted to make and use derivative works **
- ** provided that such works are identified as "derived from the RSA **
- ** Data Security, Inc. MD5 Message-Digest Algorithm" in all **
- ** material mentioning or referencing the derived work. **
- ** **
- ** RSA Data Security, Inc. makes no representations concerning **
- ** either the merchantability of this software or the suitability **
- ** of this software for any particular purpose. It is provided "as **
- ** is" without express or implied warranty of any kind. **
- ** **
- ** These notices must be retained in any copies of any part of this **
- ** documentation and/or software. **
- ***********************************************************************
- */
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include <string.h>
-#include "md5.h"
-
-/*
- ***********************************************************************
- ** Message-digest routines: **
- ** To form the message digest for a message M **
- ** (1) Initialize a context buffer mdContext using MD5_Init **
- ** (2) Call MD5_Update on mdContext and M **
- ** (3) Call MD5_Final on mdContext **
- ** The message digest is now in mdContext->digest[0...15] **
- ***********************************************************************
- */
-
-/* forward declaration */
-static void Transform (UINT4 *buf, UINT4 *in);
-
-static unsigned char PADDING[64] = {
- 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
-};
-
-/* F, G, H and I are basic MD5 functions */
-#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
-#define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
-#define H(x, y, z) ((x) ^ (y) ^ (z))
-#define I(x, y, z) ((y) ^ ((x) | (~z)))
-
-/* ROTATE_LEFT rotates x left n bits */
-#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
-
-/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4 */
-/* Rotation is separate from addition to prevent recomputation */
-#define FF(a, b, c, d, x, s, ac) \
- {(a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \
- (a) = ROTATE_LEFT ((a), (s)); \
- (a) += (b); \
- }
-#define GG(a, b, c, d, x, s, ac) \
- {(a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \
- (a) = ROTATE_LEFT ((a), (s)); \
- (a) += (b); \
- }
-#define HH(a, b, c, d, x, s, ac) \
- {(a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \
- (a) = ROTATE_LEFT ((a), (s)); \
- (a) += (b); \
- }
-#define II(a, b, c, d, x, s, ac) \
- {(a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \
- (a) = ROTATE_LEFT ((a), (s)); \
- (a) += (b); \
- }
-
-#ifdef __STDC__
-#define UL(x) x##U
-#else
-#define UL(x) x
-#endif
-
-/* The routine MD5_Init initializes the message-digest context
- mdContext. All fields are set to zero.
- */
-void MD5_Init (MD5_CTX *mdContext)
-{
- mdContext->i[0] = mdContext->i[1] = (UINT4)0;
-
- /* Load magic initialization constants.
- */
- mdContext->buf[0] = (UINT4)0x67452301;
- mdContext->buf[1] = (UINT4)0xefcdab89;
- mdContext->buf[2] = (UINT4)0x98badcfe;
- mdContext->buf[3] = (UINT4)0x10325476;
-}
-
-/* The routine MD5Update updates the message-digest context to
- account for the presence of each of the characters inBuf[0..inLen-1]
- in the message whose digest is being computed.
- */
-void MD5_Update (MD5_CTX *mdContext, unsigned char *inBuf, unsigned int inLen)
-{
- UINT4 in[16];
- int mdi;
- unsigned int i, ii;
-
- /* compute number of bytes mod 64 */
- mdi = (int)((mdContext->i[0] >> 3) & 0x3F);
-
- /* update number of bits */
- if ((mdContext->i[0] + ((UINT4)inLen << 3)) < mdContext->i[0])
- mdContext->i[1]++;
- mdContext->i[0] += ((UINT4)inLen << 3);
- mdContext->i[1] += ((UINT4)inLen >> 29);
-
- while (inLen--) {
- /* add new character to buffer, increment mdi */
- mdContext->in[mdi++] = *inBuf++;
-
- /* transform if necessary */
- if (mdi == 0x40) {
- for (i = 0, ii = 0; i < 16; i++, ii += 4)
- in[i] = (((UINT4)mdContext->in[ii+3]) << 24) |
- (((UINT4)mdContext->in[ii+2]) << 16) |
- (((UINT4)mdContext->in[ii+1]) << 8) |
- ((UINT4)mdContext->in[ii]);
- Transform (mdContext->buf, in);
- mdi = 0;
- }
- }
-}
-
-/* The routine MD5Final terminates the message-digest computation and
- ends with the desired message digest in mdContext->digest[0...15].
- */
-void MD5_Final (unsigned char hash[], MD5_CTX *mdContext)
-{
- UINT4 in[16];
- int mdi;
- unsigned int i, ii;
- unsigned int padLen;
-
- /* save number of bits */
- in[14] = mdContext->i[0];
- in[15] = mdContext->i[1];
-
- /* compute number of bytes mod 64 */
- mdi = (int)((mdContext->i[0] >> 3) & 0x3F);
-
- /* pad out to 56 mod 64 */
- padLen = (mdi < 56) ? (56 - mdi) : (120 - mdi);
- MD5_Update (mdContext, PADDING, padLen);
-
- /* append length in bits and transform */
- for (i = 0, ii = 0; i < 14; i++, ii += 4)
- in[i] = (((UINT4)mdContext->in[ii+3]) << 24) |
- (((UINT4)mdContext->in[ii+2]) << 16) |
- (((UINT4)mdContext->in[ii+1]) << 8) |
- ((UINT4)mdContext->in[ii]);
- Transform (mdContext->buf, in);
-
- /* store buffer in digest */
- for (i = 0, ii = 0; i < 4; i++, ii += 4) {
- mdContext->digest[ii] = (unsigned char)(mdContext->buf[i] & 0xFF);
- mdContext->digest[ii+1] =
- (unsigned char)((mdContext->buf[i] >> 8) & 0xFF);
- mdContext->digest[ii+2] =
- (unsigned char)((mdContext->buf[i] >> 16) & 0xFF);
- mdContext->digest[ii+3] =
- (unsigned char)((mdContext->buf[i] >> 24) & 0xFF);
- }
- memcpy(hash, mdContext->digest, 16);
-}
-
-/* Basic MD5 step. Transforms buf based on in.
- */
-static void Transform (UINT4 *buf, UINT4 *in)
-{
- UINT4 a = buf[0], b = buf[1], c = buf[2], d = buf[3];
-
- /* Round 1 */
-#define S11 7
-#define S12 12
-#define S13 17
-#define S14 22
- FF ( a, b, c, d, in[ 0], S11, UL(3614090360)); /* 1 */
- FF ( d, a, b, c, in[ 1], S12, UL(3905402710)); /* 2 */
- FF ( c, d, a, b, in[ 2], S13, UL( 606105819)); /* 3 */
- FF ( b, c, d, a, in[ 3], S14, UL(3250441966)); /* 4 */
- FF ( a, b, c, d, in[ 4], S11, UL(4118548399)); /* 5 */
- FF ( d, a, b, c, in[ 5], S12, UL(1200080426)); /* 6 */
- FF ( c, d, a, b, in[ 6], S13, UL(2821735955)); /* 7 */
- FF ( b, c, d, a, in[ 7], S14, UL(4249261313)); /* 8 */
- FF ( a, b, c, d, in[ 8], S11, UL(1770035416)); /* 9 */
- FF ( d, a, b, c, in[ 9], S12, UL(2336552879)); /* 10 */
- FF ( c, d, a, b, in[10], S13, UL(4294925233)); /* 11 */
- FF ( b, c, d, a, in[11], S14, UL(2304563134)); /* 12 */
- FF ( a, b, c, d, in[12], S11, UL(1804603682)); /* 13 */
- FF ( d, a, b, c, in[13], S12, UL(4254626195)); /* 14 */
- FF ( c, d, a, b, in[14], S13, UL(2792965006)); /* 15 */
- FF ( b, c, d, a, in[15], S14, UL(1236535329)); /* 16 */
-
- /* Round 2 */
-#define S21 5
-#define S22 9
-#define S23 14
-#define S24 20
- GG ( a, b, c, d, in[ 1], S21, UL(4129170786)); /* 17 */
- GG ( d, a, b, c, in[ 6], S22, UL(3225465664)); /* 18 */
- GG ( c, d, a, b, in[11], S23, UL( 643717713)); /* 19 */
- GG ( b, c, d, a, in[ 0], S24, UL(3921069994)); /* 20 */
- GG ( a, b, c, d, in[ 5], S21, UL(3593408605)); /* 21 */
- GG ( d, a, b, c, in[10], S22, UL( 38016083)); /* 22 */
- GG ( c, d, a, b, in[15], S23, UL(3634488961)); /* 23 */
- GG ( b, c, d, a, in[ 4], S24, UL(3889429448)); /* 24 */
- GG ( a, b, c, d, in[ 9], S21, UL( 568446438)); /* 25 */
- GG ( d, a, b, c, in[14], S22, UL(3275163606)); /* 26 */
- GG ( c, d, a, b, in[ 3], S23, UL(4107603335)); /* 27 */
- GG ( b, c, d, a, in[ 8], S24, UL(1163531501)); /* 28 */
- GG ( a, b, c, d, in[13], S21, UL(2850285829)); /* 29 */
- GG ( d, a, b, c, in[ 2], S22, UL(4243563512)); /* 30 */
- GG ( c, d, a, b, in[ 7], S23, UL(1735328473)); /* 31 */
- GG ( b, c, d, a, in[12], S24, UL(2368359562)); /* 32 */
-
- /* Round 3 */
-#define S31 4
-#define S32 11
-#define S33 16
-#define S34 23
- HH ( a, b, c, d, in[ 5], S31, UL(4294588738)); /* 33 */
- HH ( d, a, b, c, in[ 8], S32, UL(2272392833)); /* 34 */
- HH ( c, d, a, b, in[11], S33, UL(1839030562)); /* 35 */
- HH ( b, c, d, a, in[14], S34, UL(4259657740)); /* 36 */
- HH ( a, b, c, d, in[ 1], S31, UL(2763975236)); /* 37 */
- HH ( d, a, b, c, in[ 4], S32, UL(1272893353)); /* 38 */
- HH ( c, d, a, b, in[ 7], S33, UL(4139469664)); /* 39 */
- HH ( b, c, d, a, in[10], S34, UL(3200236656)); /* 40 */
- HH ( a, b, c, d, in[13], S31, UL( 681279174)); /* 41 */
- HH ( d, a, b, c, in[ 0], S32, UL(3936430074)); /* 42 */
- HH ( c, d, a, b, in[ 3], S33, UL(3572445317)); /* 43 */
- HH ( b, c, d, a, in[ 6], S34, UL( 76029189)); /* 44 */
- HH ( a, b, c, d, in[ 9], S31, UL(3654602809)); /* 45 */
- HH ( d, a, b, c, in[12], S32, UL(3873151461)); /* 46 */
- HH ( c, d, a, b, in[15], S33, UL( 530742520)); /* 47 */
- HH ( b, c, d, a, in[ 2], S34, UL(3299628645)); /* 48 */
-
- /* Round 4 */
-#define S41 6
-#define S42 10
-#define S43 15
-#define S44 21
- II ( a, b, c, d, in[ 0], S41, UL(4096336452)); /* 49 */
- II ( d, a, b, c, in[ 7], S42, UL(1126891415)); /* 50 */
- II ( c, d, a, b, in[14], S43, UL(2878612391)); /* 51 */
- II ( b, c, d, a, in[ 5], S44, UL(4237533241)); /* 52 */
- II ( a, b, c, d, in[12], S41, UL(1700485571)); /* 53 */
- II ( d, a, b, c, in[ 3], S42, UL(2399980690)); /* 54 */
- II ( c, d, a, b, in[10], S43, UL(4293915773)); /* 55 */
- II ( b, c, d, a, in[ 1], S44, UL(2240044497)); /* 56 */
- II ( a, b, c, d, in[ 8], S41, UL(1873313359)); /* 57 */
- II ( d, a, b, c, in[15], S42, UL(4264355552)); /* 58 */
- II ( c, d, a, b, in[ 6], S43, UL(2734768916)); /* 59 */
- II ( b, c, d, a, in[13], S44, UL(1309151649)); /* 60 */
- II ( a, b, c, d, in[ 4], S41, UL(4149444226)); /* 61 */
- II ( d, a, b, c, in[11], S42, UL(3174756917)); /* 62 */
- II ( c, d, a, b, in[ 2], S43, UL( 718787259)); /* 63 */
- II ( b, c, d, a, in[ 9], S44, UL(3951481745)); /* 64 */
-
- buf[0] += a;
- buf[1] += b;
- buf[2] += c;
- buf[3] += d;
-}
-
-/*
- ***********************************************************************
- ** End of md5.c **
- ******************************** (cut) ********************************
- */
+++ /dev/null
-/*
- ***********************************************************************
- ** md5.h -- header file for implementation of MD5 **
- ** RSA Data Security, Inc. MD5 Message-Digest Algorithm **
- ** Created: 2/17/90 RLR **
- ** Revised: 12/27/90 SRD,AJ,BSK,JT Reference C version **
- ** Revised (for MD5): RLR 4/27/91 **
- ** -- G modified to have y&~z instead of y&z **
- ** -- FF, GG, HH modified to add in last register done **
- ** -- Access pattern: round 2 works mod 5, round 3 works mod 3 **
- ** -- distinct additive constant for each step **
- ** -- round 4 added, working mod 7 **
- ***********************************************************************
- */
-
-/*
- ***********************************************************************
- ** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. **
- ** **
- ** License to copy and use this software is granted provided that **
- ** it is identified as the "RSA Data Security, Inc. MD5 Message- **
- ** Digest Algorithm" in all material mentioning or referencing this **
- ** software or this function. **
- ** **
- ** License is also granted to make and use derivative works **
- ** provided that such works are identified as "derived from the RSA **
- ** Data Security, Inc. MD5 Message-Digest Algorithm" in all **
- ** material mentioning or referencing the derived work. **
- ** **
- ** RSA Data Security, Inc. makes no representations concerning **
- ** either the merchantability of this software or the suitability **
- ** of this software for any particular purpose. It is provided "as **
- ** is" without express or implied warranty of any kind. **
- ** **
- ** These notices must be retained in any copies of any part of this **
- ** documentation and/or software. **
- ***********************************************************************
- */
-#include "pppdconf.h"
-
-#ifndef __MD5_INCLUDE__
-#define __MD5_INCLUDE__
-#ifndef USE_MD5
-#include <openssl/md5.h>
-#else
-
-/* typedef a 32-bit type */
-#ifdef _LP64
-typedef unsigned int UINT4;
-typedef int INT4;
-#else
-typedef unsigned long UINT4;
-typedef long INT4;
-#endif
-#define _UINT4_T
-
-/* Data structure for MD5 (Message-Digest) computation */
-typedef struct {
- UINT4 i[2]; /* number of _bits_ handled mod 2^64 */
- UINT4 buf[4]; /* scratch buffer */
- unsigned char in[64]; /* input buffer */
- unsigned char digest[16]; /* actual digest after MD5Final call */
-} MD5_CTX;
-
-void MD5_Init (MD5_CTX *mdContext);
-void MD5_Update (MD5_CTX *mdContext, unsigned char *inBuf, unsigned int inLen);
-void MD5_Final (unsigned char hash[], MD5_CTX *mdContext);
-
-#endif /* USE_MD5 */
-#endif /* __MD5_INCLUDE__ */
-/* * mppe.c - MPPE key implementation
+/* mppe.c - MPPE key implementation
*
* Copyright (c) 2020 Eivind Naess. All rights reserved.
* Copyright (c) 2008 Paul Mackerras. All rights reserved.
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- *
*/
#ifdef HAVE_CONFIG_H
#include <string.h>
-#include "pppd.h"
+#include "pppd-private.h"
#include "fsm.h"
-#include "md4.h"
-#include "sha1.h"
#include "ccp.h"
#include "chap_ms.h"
#include "mppe.h"
+#include "crypto.h"
u_char mppe_send_key[MPPE_MAX_KEY_SIZE];
u_char mppe_recv_key[MPPE_MAX_KEY_SIZE];
* RFC 2548 (RADIUS support) requires us to export this function (ugh).
*/
void
-mppe_set_chapv1(u_char *rchallenge, u_char PasswordHashHash[MD4_SIGNATURE_SIZE])
+mppe_set_chapv1(unsigned char *rchallenge, unsigned char *PasswordHashHash)
{
- SHA1_CTX sha1Context;
- u_char Digest[SHA1_SIGNATURE_SIZE];
+ PPP_MD_CTX *ctx;
+ u_char Digest[SHA_DIGEST_LENGTH];
+ int DigestLen;
+
+ ctx = PPP_MD_CTX_new();
+ if (ctx != NULL) {
+
+ if (PPP_DigestInit(ctx, PPP_sha1())) {
+
+ if (PPP_DigestUpdate(ctx, PasswordHashHash, MD4_DIGEST_LENGTH)) {
+
+ if (PPP_DigestUpdate(ctx, PasswordHashHash, MD4_DIGEST_LENGTH)) {
+
+ if (PPP_DigestUpdate(ctx, rchallenge, 8)) {
+
+ DigestLen = SHA_DIGEST_LENGTH;
+ PPP_DigestFinal(ctx, Digest, &DigestLen);
+ }
+ }
+ }
+ }
+
+ PPP_MD_CTX_free(ctx);
+ }
- SHA1_Init(&sha1Context);
- SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
- SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
- SHA1_Update(&sha1Context, rchallenge, 8);
- SHA1_Final(Digest, &sha1Context);
/* Same key in both directions. */
mppe_set_keys(Digest, Digest, sizeof(Digest));
* NTHashHash from the server.
*/
void
-mppe_set_chapv2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
- u_char NTResponse[MS_AUTH_NTRESP_LEN], int IsServer)
+mppe_set_chapv2(unsigned char *PasswordHashHash, unsigned char *NTResponse,
+ int IsServer)
{
- SHA1_CTX sha1Context;
- u_char MasterKey[SHA1_SIGNATURE_SIZE];
- u_char SendKey[SHA1_SIGNATURE_SIZE];
- u_char RecvKey[SHA1_SIGNATURE_SIZE];
+ PPP_MD_CTX *ctx;
+
+ u_char MasterKey[SHA_DIGEST_LENGTH];
+ u_char SendKey[SHA_DIGEST_LENGTH];
+ u_char RecvKey[SHA_DIGEST_LENGTH];
+ int KeyLen;
u_char SHApad1[40] =
{ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x6b, 0x65, 0x79, 0x2e };
u_char *s;
- SHA1_Init(&sha1Context);
- SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
- SHA1_Update(&sha1Context, NTResponse, 24);
- SHA1_Update(&sha1Context, Magic1, sizeof(Magic1));
- SHA1_Final(MasterKey, &sha1Context);
+ ctx = PPP_MD_CTX_new();
+ if (ctx != NULL) {
+
+ if (PPP_DigestInit(ctx, PPP_sha1())) {
+
+ if (PPP_DigestUpdate(ctx, PasswordHashHash, MD4_DIGEST_LENGTH)) {
+
+ if (PPP_DigestUpdate(ctx, NTResponse, 24)) {
+
+ if (PPP_DigestUpdate(ctx, Magic1, sizeof(Magic1))) {
+
+ KeyLen = SHA_DIGEST_LENGTH;
+ PPP_DigestFinal(ctx, MasterKey, &KeyLen);
+ }
+ }
+ }
+ }
+
+ PPP_MD_CTX_free(ctx);
+ }
/*
* generate send key
s = Magic3;
else
s = Magic2;
- SHA1_Init(&sha1Context);
- SHA1_Update(&sha1Context, MasterKey, 16);
- SHA1_Update(&sha1Context, SHApad1, sizeof(SHApad1));
- SHA1_Update(&sha1Context, s, 84);
- SHA1_Update(&sha1Context, SHApad2, sizeof(SHApad2));
- SHA1_Final(SendKey, &sha1Context);
+
+ ctx = PPP_MD_CTX_new();
+ if (ctx != NULL) {
+
+ if (PPP_DigestInit(ctx, PPP_sha1())) {
+
+ if (PPP_DigestUpdate(ctx, MasterKey, 16)) {
+
+ if (PPP_DigestUpdate(ctx, SHApad1, sizeof(SHApad1))) {
+
+ if (PPP_DigestUpdate(ctx, s, 84)) {
+
+ if (PPP_DigestUpdate(ctx, SHApad2, sizeof(SHApad2))) {
+
+ KeyLen = SHA_DIGEST_LENGTH;
+ PPP_DigestFinal(ctx, SendKey, &KeyLen);
+ }
+ }
+ }
+ }
+ }
+
+ PPP_MD_CTX_free(ctx);
+ }
+
/*
* generate recv key
s = Magic2;
else
s = Magic3;
- SHA1_Init(&sha1Context);
- SHA1_Update(&sha1Context, MasterKey, 16);
- SHA1_Update(&sha1Context, SHApad1, sizeof(SHApad1));
- SHA1_Update(&sha1Context, s, 84);
- SHA1_Update(&sha1Context, SHApad2, sizeof(SHApad2));
- SHA1_Final(RecvKey, &sha1Context);
-
- mppe_set_keys(SendKey, RecvKey, SHA1_SIGNATURE_SIZE);
+
+ ctx = PPP_MD_CTX_new();
+ if (ctx != NULL) {
+
+ if (PPP_DigestInit(ctx, PPP_sha1())) {
+
+ if (PPP_DigestUpdate(ctx, MasterKey, 16)) {
+
+ if (PPP_DigestUpdate(ctx, SHApad1, sizeof(SHApad1))) {
+
+ if (PPP_DigestUpdate(ctx, s, 84)) {
+
+ if (PPP_DigestUpdate(ctx, SHApad2, sizeof(SHApad2))) {
+
+ KeyLen = SHA_DIGEST_LENGTH;
+ PPP_DigestFinal(ctx, RecvKey, &KeyLen);
+ }
+ }
+ }
+ }
+ }
+
+ PPP_MD_CTX_free(ctx);
+ }
+
+ mppe_set_keys(SendKey, RecvKey, SHA_DIGEST_LENGTH);
}
#ifndef UNIT_TEST
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#ifndef PPP_MPPE_H
+#define PPP_MPPE_H
+
#include "pppdconf.h"
-#ifndef __MPPE_H__
-#define __MPPE_H__
+#ifdef __cplusplus
+extern "C" {
+#endif
+
#define MPPE_PAD 4 /* MPPE growth per frame */
#define MPPE_MAX_KEY_SIZE 32 /* Largest key length */
/* Build a CI from mppe opts (see RFC 3078) */
#define MPPE_OPTS_TO_CI(opts, ci) \
do { \
- u_char *ptr = ci; /* u_char[4] */ \
+ unsigned char *ptr = ci; /* unsigned char[4] */ \
\
/* H bit */ \
if (opts & MPPE_OPT_STATEFUL) \
/* The reverse of the above */
#define MPPE_CI_TO_OPTS(ci, opts) \
do { \
- u_char *ptr = ci; /* u_char[4] */ \
+ unsigned char *ptr = ci; /* unsigned char[4] */ \
\
opts = 0; \
\
} while (/* CONSTCOND */ 0)
-#if MPPE
-
-/*
- * NOTE:
- * Access to these variables directly is discuraged. Please
- * change your code to use below accessor functions.
- */
-
-/* The key material generated which is used for MPPE send key */
-extern u_char mppe_send_key[MPPE_MAX_KEY_SIZE];
-/* The key material generated which is used for MPPE recv key */
-extern u_char mppe_recv_key[MPPE_MAX_KEY_SIZE];
-/* Keys are set if value is non-zero */
-extern int mppe_keys_set;
+#if PPP_WITH_MPPE
/* These values are the RADIUS attribute values--see RFC 2548. */
#define MPPE_ENC_POL_ENC_ALLOWED 1
* Set the MPPE send and recv keys. NULL values for keys are ignored
* and input values are cleared to avoid leaving them on the stack
*/
-void mppe_set_keys(u_char *send_key, u_char *recv_key, int keylen);
+void mppe_set_keys(unsigned char *send_key, unsigned char *recv_key, int keylen);
/*
* Get the MPPE recv key
*/
-int mppe_get_recv_key(u_char *recv_key, int length);
+int mppe_get_recv_key(unsigned char *recv_key, int length);
/*
* Get the MPPE send key
*/
-int mppe_get_send_key(u_char *send_key, int length);
+int mppe_get_send_key(unsigned char *send_key, int length);
/*
* Clear the MPPE keys
/*
* Set mppe_xxxx_key from NT Password Hash Hash (MSCHAPv1), see RFC3079
*/
-void mppe_set_chapv1(u_char *rchallenge, u_char PasswordHashHash[MD4_SIGNATURE_SIZE]);
+void mppe_set_chapv1(unsigned char *rchallenge, unsigned char *PasswordHashHash);
/*
* Set the mppe_xxxx_key from MS-CHAP-v2 credentials, see RFC3079
*/
-void mppe_set_chapv2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
- u_char NTResponse[MS_AUTH_NTRESP_LEN], int IsServer);
+void mppe_set_chapv2(unsigned char *PasswordHashHash,
+ unsigned char *NTResponse, int IsServer);
+
+#endif // #ifdef PPP_WITH_MPPE
+
+#ifdef __cplusplus
+}
+#endif
-#endif // #ifdef MPPE
-#endif // #ifdef __MPPE_H__
+#endif // #ifdef PPP_MPPE_H
* 3. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
#include <netinet/in.h>
#include <unistd.h>
-#include "pppd.h"
+#include "pppd-private.h"
#include "fsm.h"
#include "lcp.h"
#include "tdb.h"
+#include "multilink.h"
bool endpoint_specified; /* user gave explicit endpoint discriminator */
char *bundle_id; /* identifier for our bundle */
#define process_exists(n) (kill((n), 0) == 0 || errno != ESRCH)
+multilink_join_hook_fn *multilink_join_hook = NULL;
+
+bool mp_master()
+{
+ return multilink_master;
+}
+
+bool mp_on()
+{
+ return doing_multilink;
+}
+
void
mp_check_options(void)
{
if (demand) {
/* already have a bundle */
cfg_bundle(0, 0, 0, 0);
- netif_set_mtu(0, mtu);
+ ppp_set_mtu(0, mtu);
return 0;
}
make_new_bundle(0, 0, 0, 0);
set_ifunit(1);
- netif_set_mtu(0, mtu);
+ ppp_set_mtu(0, mtu);
return 0;
}
mtu = MIN(ho->mrru, ao->mru);
if (demand) {
cfg_bundle(go->mrru, ho->mrru, go->neg_ssnhf, ho->neg_ssnhf);
- netif_set_mtu(0, mtu);
- script_setenv("BUNDLE", bundle_id + 7, 1);
+ ppp_set_mtu(0, mtu);
+ ppp_script_setenv("BUNDLE", bundle_id + 7, 1);
return 0;
}
/* attach to existing unit */
if (bundle_attach(unit)) {
set_ifunit(0);
- script_setenv("BUNDLE", bundle_id + 7, 0);
+ ppp_script_setenv("BUNDLE", bundle_id + 7, 0);
make_bundle_links(1);
unlock_db();
info("Link attached to %s", ifname);
/* we have to make a new bundle */
make_new_bundle(go->mrru, ho->mrru, go->neg_ssnhf, ho->neg_ssnhf);
set_ifunit(1);
- netif_set_mtu(0, mtu);
- script_setenv("BUNDLE", bundle_id + 7, 1);
+ ppp_set_mtu(0, mtu);
+ ppp_script_setenv("BUNDLE", bundle_id + 7, 1);
make_bundle_links(0);
unlock_db();
info("New bundle %s created", ifname);
print_link_stats();
if (!demand) {
remove_pidfiles();
- script_unsetenv("IFNAME");
+ ppp_script_unsetenv("IFNAME");
}
lock_db();
hp = gethostbyname(hostname);
if (hp != NULL) {
addr = *(u_int32_t *)hp->h_addr;
- if (!bad_ip_adrs(addr)) {
+ if (!ppp_bad_ip_addr(addr)) {
addr = ntohl(addr);
if (!LOCAL_IP_ADDR(addr)) {
ep->class = EPD_IP;
--- /dev/null
+/*
+ * multilink.h - support routines for multilink.
+ *
+ * Copyright (c) 2000-2002 Paul Mackerras. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * 3. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by Paul Mackerras
+ * <paulus@ozlabs.org>".
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef PPP_MULTILINK_H
+#define PPP_MULTILINK_H
+
+#include "pppdconf.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * values for epdisc.class
+ */
+#define EPD_NULL 0 /* null discriminator, no data */
+#define EPD_LOCAL 1
+#define EPD_IP 2
+#define EPD_MAC 3
+#define EPD_MAGIC 4
+#define EPD_PHONENUM 5
+
+struct epdisc;
+
+#ifdef PPP_WITH_MULTILINK
+
+/*
+ * Check multilink-related options
+ */
+void mp_check_options(void);
+
+/*
+ * Join our link to an appropriate bundle
+ */
+int mp_join_bundle(void);
+
+/*
+ * Disconnected our link from the bundle
+ */
+void mp_exit_bundle(void);
+
+/*
+ * Multipoint bundle terminated
+ */
+void mp_bundle_terminated(void);
+
+/*
+ * Acting as a multilink master
+ */
+bool mp_master();
+
+/*
+ * Was multilink negotiated
+ */
+bool mp_on();
+
+/*
+ * Convert an endpoint discriminator to a string
+ */
+char *epdisc_to_str(struct epdisc *);
+
+/*
+ * Convert a string to an endpoint discriminator
+ */
+int str_to_epdisc(struct epdisc *, char *);
+
+/*
+ * Hook for plugin to hear when an interface joins a multilink bundle
+ */
+typedef void (multilink_join_hook_fn)(void);
+extern multilink_join_hook_fn *multilink_join_hook;
+
+#else
+
+#define mp_check_options(x) ((void)0)
+#define mp_join_bundle(x) ((void)0)
+#define mp_exit_bundle(x) ((void)0)
+#define mp_bundle_terminated(x) ((void)0)
+
+static inline bool mp_on() {
+ return false;
+}
+
+static inline bool mp_master() {
+ return false;
+}
+
+#endif // PPP_WITH_MULTILINK
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // PPP_MULTILINK_H
#include <syslog.h>
#include <string.h>
#include <pwd.h>
-#ifdef PLUGIN
+#include <sys/param.h>
+#include <net/if.h>
+#ifdef PPP_WITH_PLUGINS
#include <dlfcn.h>
#endif
-#ifdef PPP_FILTER
+#ifdef PPP_WITH_FILTER
#include <pcap.h>
/*
* There have been 3 or 4 different names for this in libpcap CVS, but
#define DLT_PPP_PPPD DLT_PPP
#endif
#endif
-#endif /* PPP_FILTER */
+#endif /* PPP_WITH_FILTER */
-#include "pppd.h"
+#include "pppd-private.h"
+#include "options.h"
+#include "upap.h"
#include "pathnames.h"
#if defined(ultrix) || defined(NeXT)
int debug = 0; /* Debug flag */
int kdebugflag = 0; /* Tell kernel to print debug messages */
int default_device = 1; /* Using /dev/tty or equivalent */
-char devnam[MAXPATHLEN]; /* Device name */
bool nodetach = 0; /* Don't detach from controlling tty */
bool updetach = 0; /* Detach once link is up */
bool master_detach; /* Detach when we're (only) multilink master */
bool persist = 0; /* Reopen link after it goes down */
char our_name[MAXNAMELEN]; /* Our name for authentication purposes */
bool demand = 0; /* do dial-on-demand */
-char *ipparam = NULL; /* Extra parameter for ip up/down scripts */
int idle_time_limit = 0; /* Disconnect if idle for this many seconds */
int holdoff = 30; /* # seconds to pause before reconnecting */
bool holdoff_specified; /* true if a holdoff value has been given */
bool multilink = 0; /* Enable multilink operation */
char *bundle_name = NULL; /* bundle name for multilink */
bool dump_options; /* print out option values */
+bool show_options; /* print all supported options and exit */
bool dryrun; /* print out option values and exit */
char *domain; /* domain name set by domain option */
int child_wait = 5; /* # seconds to wait for children at exit */
struct userenv *userenv_list; /* user environment variables */
int dfl_route_metric = -1; /* metric of the default route to set over the PPP link */
-#ifdef INET6
+#ifdef PPP_WITH_IPV6CP
char path_ipv6up[MAXPATHLEN]; /* pathname of ipv6-up script */
char path_ipv6down[MAXPATHLEN]; /* pathname of ipv6-down script */
#endif
-#ifdef MAXOCTETS
unsigned int maxoctets = 0; /* default - no limit */
-int maxoctets_dir = 0; /* default - sum of traffic */
+session_limit_dir_t maxoctets_dir = PPP_OCTETS_DIRECTION_SUM; /* default - sum of traffic */
int maxoctets_timeout = 1; /* default 1 second */
-#endif
-extern option_t auth_options[];
+extern struct option auth_options[];
extern struct stat devstat;
-#ifdef PPP_FILTER
+#ifdef PPP_WITH_FILTER
struct bpf_program pass_filter;/* Filter program for packets to pass */
struct bpf_program active_filter; /* Filter program for link-active pkts */
#endif
-static option_t *curopt; /* pointer to option being processed */
+static struct option *curopt; /* pointer to option being processed */
char *current_option; /* the name of the option being parsed */
int privileged_option; /* set iff the current option came from root */
char *option_source; /* string saying where the option came from */
static int logfile_fd = -1; /* fd opened for log file */
static char logfile_name[MAXPATHLEN]; /* name of log file */
+static bool noipx_opt; /* dummy for noipx option */
+
/*
* Prototypes
*/
static int showhelp(char **);
static void usage(void);
static int setlogfile(char **);
-#ifdef PLUGIN
+#ifdef PPP_WITH_PLUGINS
static int loadplugin(char **);
#endif
-#ifdef PPP_FILTER
+#ifdef PPP_WITH_FILTER
static int setpassfilter(char **);
static int setactivefilter(char **);
#endif
-#ifdef MAXOCTETS
static int setmodir(char **);
-#endif
static int user_setenv(char **);
-static void user_setprint(option_t *, printer_func, void *);
+static void user_setprint(struct option *, printer_func, void *);
static int user_unsetenv(char **);
-static void user_unsetprint(option_t *, printer_func, void *);
+static void user_unsetprint(struct option *, printer_func, void *);
-static option_t *find_option(char *name);
-static int process_option(option_t *, char *, char **);
-static int n_arguments(option_t *);
+static struct option *find_option(char *name);
+static int process_option(struct option *, char *, char **);
+static int n_arguments(struct option *);
static int number_option(char *, u_int32_t *, int);
/*
* Structure to store extra lists of options.
*/
struct option_list {
- option_t *options;
+ struct option *options;
struct option_list *next;
};
/*
* Valid arguments.
*/
-option_t general_options[] = {
+struct option general_options[] = {
{ "debug", o_int, &debug,
"Increase debugging level", OPT_INC | OPT_NOARG | 1 },
{ "-d", o_int, &debug,
{ "--version", o_special_noarg, (void *)showversion,
"Show version number" },
+ { "-v", o_special_noarg, (void *)showversion,
+ "Show version number" },
+ { "show-options", o_bool, &show_options,
+ "Show all options and exit", 1 },
{ "--help", o_special_noarg, (void *)showhelp,
"Show brief listing of options" },
{ "-h", o_special_noarg, (void *)showhelp,
"Set pathname of ip-down script",
OPT_PRIV|OPT_STATIC, NULL, MAXPATHLEN },
-#ifdef INET6
+#ifdef PPP_WITH_IPV6CP
{ "ipv6-up-script", o_string, path_ipv6up,
"Set pathname of ipv6-up script",
OPT_PRIV|OPT_STATIC, NULL, MAXPATHLEN },
OPT_PRIV|OPT_STATIC, NULL, MAXPATHLEN },
#endif
-#ifdef HAVE_MULTILINK
+#ifdef PPP_WITH_MULTILINK
{ "multilink", o_bool, &multilink,
"Enable multilink operation", OPT_PRIO | 1 },
{ "mp", o_bool, &multilink,
{ "bundle", o_string, &bundle_name,
"Bundle name for multilink", OPT_PRIO },
-#endif /* HAVE_MULTILINK */
+#endif /* PPP_WITH_MULTILINK */
-#ifdef PLUGIN
+#ifdef PPP_WITH_PLUGINS
{ "plugin", o_special, (void *)loadplugin,
"Load a plug-in module into pppd", OPT_PRIV | OPT_A2LIST },
#endif
-#ifdef PPP_FILTER
+#ifdef PPP_WITH_FILTER
{ "pass-filter", o_special, setpassfilter,
"set filter for packets to pass", OPT_PRIO },
"set filter for active pkts", OPT_PRIO },
#endif
-#ifdef MAXOCTETS
{ "maxoctets", o_int, &maxoctets,
"Set connection traffic limit",
OPT_PRIO | OPT_LLIMIT | OPT_NOINCR | OPT_ZEROINF },
"Set direction for limit traffic (sum,in,out,max)" },
{ "mo-timeout", o_int, &maxoctets_timeout,
"Check for traffic limit every N seconds", OPT_PRIO | OPT_LLIMIT | 1 },
-#endif
+
+ /* Dummy option, does nothing */
+ { "noipx", o_bool, &noipx_opt, NULL, OPT_NOPRINT | 1 },
{ NULL }
};
#define IMPLEMENTATION ""
#endif
-static char *usage_string = "\
-pppd version %s\n\
-Usage: %s [ options ], where options are:\n\
- <device> Communicate over the named device\n\
- <speed> Set the baud rate to <speed>\n\
- <loc>:<rem> Set the local and/or remote interface IP\n\
- addresses. Either one may be omitted.\n\
- asyncmap <n> Set the desired async map to hex <n>\n\
- auth Require authentication from peer\n\
- connect <p> Invoke shell command <p> to set up the serial line\n\
- crtscts Use hardware RTS/CTS flow control\n\
- defaultroute Add default route through interface\n\
- file <f> Take options from file <f>\n\
- modem Use modem control lines\n\
- mru <n> Set MRU value to <n> for negotiation\n\
-See pppd(8) for more options.\n\
-";
+int
+ppp_get_max_idle_time()
+{
+ return idle_time_limit;
+}
+
+void
+ppp_set_max_idle_time(unsigned int max)
+{
+ idle_time_limit = max;
+}
+
+int
+ppp_get_max_connect_time()
+{
+ return maxconnect;
+}
+
+void
+ppp_set_max_connect_time(unsigned int max)
+{
+ maxconnect = max;
+}
+
+void
+ppp_set_session_limit(unsigned int octets)
+{
+ maxoctets = octets;
+}
+
+void
+ppp_set_session_limit_dir(unsigned int dir)
+{
+ if (dir > 4)
+ dir = PPP_OCTETS_DIRECTION_SUM;
+ maxoctets_dir = (session_limit_dir_t) dir;
+}
+
+bool
+debug_on()
+{
+ return !!debug;
+}
+
+int
+ppp_get_path(ppp_path_t type, char *buf, size_t bufsz)
+{
+ const char *path;
+
+ if (buf && bufsz > 0) {
+ switch (type) {
+ case PPP_DIR_LOG:
+ path = PPP_PATH_VARLOG;
+ break;
+ case PPP_DIR_RUNTIME:
+ path = PPP_PATH_VARRUN;
+ break;
+#ifdef PPP_WITH_PLUGINS
+ case PPP_DIR_PLUGIN:
+ path = PPP_PATH_PLUGIN;
+ break;
+#endif
+ case PPP_DIR_CONF:
+ path = PPP_PATH_CONFDIR;
+ break;
+ }
+ return strlcpy(buf, path, bufsz);
+ }
+ return -1;
+}
+
+int
+ppp_get_filepath(ppp_path_t type, const char *name, char *buf, size_t bufsz)
+{
+ const char *path;
+
+ if (buf && bufsz > 0) {
+ switch (type) {
+ case PPP_DIR_LOG:
+ path = PPP_PATH_VARLOG;
+ break;
+ case PPP_DIR_RUNTIME:
+ path = PPP_PATH_VARRUN;
+ break;
+#ifdef PPP_WITH_PLUGINS
+ case PPP_DIR_PLUGIN:
+ path = PPP_PATH_PLUGIN;
+ break;
+#endif
+ case PPP_DIR_CONF:
+ path = PPP_PATH_CONFDIR;
+ break;
+ }
+ return slprintf(buf, bufsz, "%s/%s", path, name);
+ }
+ return -1;
+}
+
+bool ppp_persist()
+{
+ return !!persist;
+}
/*
* parse_args - parse a string of arguments from the command line.
parse_args(int argc, char **argv)
{
char *arg;
- option_t *opt;
+ struct option *opt;
int n;
privileged_option = privileged;
--argc;
opt = find_option(arg);
if (opt == NULL) {
- option_error("unrecognized option '%s'", arg);
+ ppp_option_error("unrecognized option '%s'", arg);
usage();
return 0;
}
n = n_arguments(opt);
if (argc < n) {
- option_error("too few parameters for option %s", arg);
+ ppp_option_error("too few parameters for option %s", arg);
return 0;
}
if (!process_option(opt, arg, argv))
* and interpret them.
*/
int
-options_from_file(char *filename, int must_exist, int check_prot, int priv)
+ppp_options_from_file(char *filename, int must_exist, int check_prot, int priv)
{
FILE *f;
int i, newline, ret, err;
- option_t *opt;
+ struct option *opt;
int oldpriv, n;
char *oldsource;
uid_t euid;
euid = geteuid();
if (check_prot && seteuid(getuid()) == -1) {
- option_error("unable to drop privileges to open %s: %m", filename);
+ ppp_option_error("unable to drop privileges to open %s: %m", filename);
return 0;
}
f = fopen(filename, "r");
warn("Warning: can't open options file %s: %m", filename);
return 1;
}
- option_error("Can't open options file %s: %m", filename);
+ ppp_option_error("Can't open options file %s: %m", filename);
return 0;
}
while (getword(f, cmd, &newline, filename)) {
opt = find_option(cmd);
if (opt == NULL) {
- option_error("In file %s: unrecognized option '%s'",
+ ppp_option_error("In file %s: unrecognized option '%s'",
filename, cmd);
goto err;
}
n = n_arguments(opt);
for (i = 0; i < n; ++i) {
if (!getword(f, args[i], &newline, filename)) {
- option_error(
+ ppp_option_error(
"In file %s: too few parameters for option '%s'",
filename, cmd);
goto err;
err:
fclose(f);
+ free(option_source);
privileged_option = oldpriv;
option_source = oldsource;
return ret;
pw = getpwuid(getuid());
if (pw == NULL || (user = pw->pw_dir) == NULL || user[0] == 0)
return 1;
- file = _PATH_USEROPT;
+ file = PPP_PATH_USEROPT;
pl = strlen(user) + strlen(file) + 2;
path = malloc(pl);
if (path == NULL)
novm("init file name");
slprintf(path, pl, "%s/%s", user, file);
option_priority = OPRIO_CFGFILE;
- ret = options_from_file(path, 0, 1, privileged);
+ ret = ppp_options_from_file(path, 0, 1, privileged);
free(path);
return ret;
}
dev = p + 5;
if (dev[0] == 0 || strcmp(dev, "tty") == 0)
return 1; /* don't look for /etc/ppp/options.tty */
- pl = strlen(_PATH_TTYOPT) + strlen(dev) + 1;
+ pl = strlen(PPP_PATH_TTYOPT) + strlen(dev) + 1;
path = malloc(pl);
if (path == NULL)
novm("tty init file name");
- slprintf(path, pl, "%s%s", _PATH_TTYOPT, dev);
+ slprintf(path, pl, "%s%s", PPP_PATH_TTYOPT, dev);
/* Turn slashes into dots, for Solaris case (e.g. /dev/term/a) */
- for (p = path + strlen(_PATH_TTYOPT); *p != 0; ++p)
+ for (p = path + strlen(PPP_PATH_TTYOPT); *p != 0; ++p)
if (*p == '/')
*p = '.';
option_priority = OPRIO_CFGFILE;
- ret = options_from_file(path, 0, 0, 1);
+ ret = ppp_options_from_file(path, 0, 0, 1);
free(path);
return ret;
}
options_from_list(struct wordlist *w, int priv)
{
char *argv[MAXARGS];
- option_t *opt;
+ struct option *opt;
int i, n, ret = 0;
struct wordlist *w0;
while (w != NULL) {
opt = find_option(w->word);
if (opt == NULL) {
- option_error("In secrets file: unrecognized option '%s'",
+ ppp_option_error("In secrets file: unrecognized option '%s'",
w->word);
goto err;
}
for (i = 0; i < n; ++i) {
w = w->next;
if (w == NULL) {
- option_error(
+ ppp_option_error(
"In secrets file: too few parameters for option '%s'",
w0->word);
goto err;
}
/*
- * match_option - see if this option matches an option_t structure.
+ * match_option - see if this option matches an option structure.
*/
static int
-match_option(char *name, option_t *opt, int dowild)
+match_option(char *name, struct option *opt, int dowild)
{
int (*match)(char *, char **, int);
* looking for an entry with the given name.
* This could be optimized by using a hash table.
*/
-static option_t *
+static struct option *
find_option(char *name)
{
- option_t *opt;
+ struct option *opt;
struct option_list *list;
int i, dowild;
* process_option - process one new-style option.
*/
static int
-process_option(option_t *opt, char *cmd, char **argv)
+process_option(struct option *opt, char *cmd, char **argv)
{
u_int32_t v;
int iv, a;
int (*wildp)(char *, char **, int);
char *optopt = (opt->type == o_wild)? "": " option";
int prio = option_priority;
- option_t *mainopt = opt;
+ struct option *mainopt = opt;
current_option = opt->name;
if ((opt->flags & OPT_PRIVFIX) && privileged_option)
if (prio < mainopt->priority) {
/* new value doesn't override old */
if (prio == OPRIO_CMDLINE && mainopt->priority > OPRIO_ROOT) {
- option_error("%s%s set in %s cannot be overridden\n",
+ ppp_option_error("%s%s set in %s cannot be overridden\n",
opt->name, optopt, mainopt->source);
return 0;
}
opt->name, optopt, option_source);
}
- if ((opt->flags & OPT_INITONLY) && phase != PHASE_INITIALIZE) {
- option_error("%s%s cannot be changed after initialization",
+ if ((opt->flags & OPT_INITONLY) && !in_phase(PHASE_INITIALIZE)) {
+ ppp_option_error("%s%s cannot be changed after initialization",
opt->name, optopt);
return 0;
}
if ((opt->flags & OPT_PRIV) && !privileged_option) {
- option_error("using the %s%s requires root privilege",
+ ppp_option_error("using the %s%s requires root privilege",
opt->name, optopt);
return 0;
}
if ((opt->flags & OPT_ENABLE) && *(bool *)(opt->addr2) == 0) {
- option_error("%s%s is disabled", opt->name, optopt);
+ ppp_option_error("%s%s is disabled", opt->name, optopt);
return 0;
}
if ((opt->flags & OPT_DEVEQUIV) && devnam_fixed) {
- option_error("the %s%s may not be changed in %s",
+ ppp_option_error("the %s%s may not be changed in %s",
opt->name, optopt, option_source);
return 0;
}
case o_int:
iv = 0;
if ((opt->flags & OPT_NOARG) == 0) {
- if (!int_option(*argv, &iv))
+ if (!ppp_int_option(*argv, &iv))
return 0;
if ((((opt->flags & OPT_LLIMIT) && iv < opt->lower_limit)
|| ((opt->flags & OPT_ULIMIT) && iv > opt->upper_limit))
char *zok = (opt->flags & OPT_ZEROOK)? " zero or": "";
switch (opt->flags & OPT_LIMITS) {
case OPT_LLIMIT:
- option_error("%s value must be%s >= %d",
+ ppp_option_error("%s value must be%s >= %d",
opt->name, zok, opt->lower_limit);
break;
case OPT_ULIMIT:
- option_error("%s value must be%s <= %d",
+ ppp_option_error("%s value must be%s <= %d",
opt->name, zok, opt->upper_limit);
break;
case OPT_LIMITS:
- option_error("%s value must be%s between %d and %d",
+ ppp_option_error("%s value must be%s between %d and %d",
opt->name, zok, opt->lower_limit, opt->upper_limit);
break;
}
int oldv = *(int *)(opt->addr);
if ((opt->flags & OPT_ZEROINF) ?
(oldv != 0 && (iv == 0 || iv > oldv)) : (iv > oldv)) {
- option_error("%s value cannot be increased", opt->name);
+ ppp_option_error("%s value cannot be increased", opt->name);
return 0;
}
}
int
override_value(char *option, int priority, const char *source)
{
- option_t *opt;
+ struct option *opt;
opt = find_option(option);
if (opt == NULL)
* n_arguments - tell how many arguments an option takes
*/
static int
-n_arguments(option_t *opt)
+n_arguments(struct option *opt)
{
return (opt->type == o_bool || opt->type == o_special_noarg
|| (opt->flags & OPT_NOARG))? 0: 1;
* add_options - add a list of options to the set we grok.
*/
void
-add_options(option_t *opt)
+ppp_add_options(struct option *opt)
{
struct option_list *list;
* print_option - print out an option and its value
*/
static void
-print_option(option_t *opt, option_t *mainopt, printer_func printer, void *arg)
+print_option(struct option *opt, struct option *mainopt, printer_func printer, void *arg)
{
int i, v;
char *p;
printer(arg, " ");
}
if (opt->flags & OPT_A2PRINTER) {
- void (*oprt)(option_t *, printer_func, void *);
- oprt = (void (*)(option_t *, printer_func, void *))
+ void (*oprt)(struct option *, printer_func, void *);
+ oprt = (void (*)(struct option *, printer_func, void *))
opt->addr2;
(*oprt)(opt, printer, arg);
} else if (opt->flags & OPT_A2STRVAL) {
* array of options.
*/
static void
-print_option_list(option_t *opt, printer_func printer, void *arg)
+print_option_list(struct option *opt, printer_func printer, void *arg)
{
while (opt->name != NULL) {
if (opt->priority != OPRIO_DEFAULT
static void
usage(void)
{
- if (phase == PHASE_INITIALIZE)
- fprintf(stderr, usage_string, VERSION, progname);
+ FILE *fp = stderr;
+ if (in_phase(PHASE_INITIALIZE)) {
+ fprintf(fp, "%s v%s\n", PACKAGE_NAME, PACKAGE_VERSION);
+ fprintf(fp, "Copyright (C) 1999-2022 Paul Mackerras, and others. All rights reserved.\n\n");
+
+
+ fprintf(fp, "License BSD: The 3 clause BSD license <https://opensource.org/licenses/BSD-3-Clause>\n");
+ fprintf(fp, "This is free software: you are free to change and redistribute it.\n");
+ fprintf(fp, "There is NO WARRANTY, to the extent permitted by law.\n\n");
+
+ fprintf(fp, "Report Bugs:\n %s\n\n", PACKAGE_BUGREPORT);
+ fprintf(fp, "Usage: %s [ options ], where options are:\n", progname);
+ fprintf(fp, " <device> Communicate over the named device\n");
+ fprintf(fp, " <speed> Set the baud rate to <speed>\n");
+ fprintf(fp, " <loc>:<rem> Set the local and/or remote interface IP\n");
+ fprintf(fp, " addresses. Either one may be omitted.\n");
+ fprintf(fp, " asyncmap <n> Set the desired async map to hex <n>\n");
+ fprintf(fp, " auth Require authentication from peer\n");
+ fprintf(fp, " connect <p> Invoke shell command <p> to set up the serial line\n");
+ fprintf(fp, " crtscts Use hardware RTS/CTS flow control\n");
+ fprintf(fp, " defaultroute Add default route through interface\n");
+ fprintf(fp, " file <f> Take options from file <f>\n");
+ fprintf(fp, " modem Use modem control lines\n");
+ fprintf(fp, " mru <n> Set MRU value to <n> for negotiation\n");
+ fprintf(fp, " show-options Display an extended list of options\n");
+ fprintf(fp, "See pppd(8) for more options.\n");
+ }
}
/*
static int
showhelp(char **argv)
{
- if (phase == PHASE_INITIALIZE) {
+ if (in_phase(PHASE_INITIALIZE)) {
usage();
exit(0);
}
static int
showversion(char **argv)
{
- if (phase == PHASE_INITIALIZE) {
+ if (in_phase(PHASE_INITIALIZE)) {
fprintf(stdout, "pppd version %s\n", VERSION);
exit(0);
}
}
/*
- * option_error - print a message about an error in an option.
+ * Print a set of options including the name of the group of options
+ */
+static void
+showopts_list(FILE *fp, const char *title, struct option *list, ...)
+{
+ struct option *opt = list;
+ va_list varg;
+
+ if (opt && opt->name) {
+ va_start(varg, list);
+ vfprintf(fp, title, varg);
+ fprintf(fp, ":\n");
+ va_end(varg);
+
+ do {
+ fprintf(fp, " %-22s %s\n", opt->name, opt->description?:"");
+ opt++;
+ } while (opt && opt->name);
+
+ fprintf(fp, "\n");
+ }
+}
+
+/*
+ * Dumps the list of available options
+ */
+void
+showopts(void)
+{
+ struct option_list *list;
+ FILE *fp = stderr;
+ int i = 0;
+
+ showopts_list(fp, "General Options",
+ general_options);
+
+ showopts_list(fp, "Authentication Options",
+ auth_options);
+
+ for (list = extra_options; list != NULL; list = list->next)
+ showopts_list(fp, "Extra Options", list->options);
+
+ showopts_list(fp, "Channel Options",
+ the_channel->options);
+
+ for (i = 0; protocols[i] != NULL; ++i) {
+ if (protocols[i]->options != NULL) {
+ showopts_list(fp, "%s Options",
+ protocols[i]->options,
+ protocols[i]->name);
+ }
+ }
+}
+
+/*
+ * ppp_option_error - print a message about an error in an option.
* The message is logged, and also sent to
- * stderr if phase == PHASE_INITIALIZE.
+ * stderr if in_phase(PHASE_INITIALIZE).
*/
void
-option_error(char *fmt, ...)
+ppp_option_error(char *fmt, ...)
{
va_list args;
char buf[1024];
va_start(args, fmt);
vslprintf(buf, sizeof(buf), fmt, args);
va_end(args);
- if (phase == PHASE_INITIALIZE)
+ if (in_phase(PHASE_INITIALIZE))
fprintf(stderr, "%s: %s\n", progname, buf);
syslog(LOG_ERR, "%s", buf);
}
if (ferror(f)) {
if (errno == 0)
errno = EIO;
- option_error("Error reading %s: %m", filename);
+ ppp_option_error("Error reading %s: %m", filename);
die(1);
}
/*
if (len == 0)
return 0;
if (quoted)
- option_error("warning: quoted word runs to end of file (%.20s...)",
+ ppp_option_error("warning: quoted word runs to end of file (%.20s...)",
filename, word);
}
* Warn if the word was too long, and append a terminating null.
*/
if (len >= MAXWORDLEN) {
- option_error("warning: word in file %s too long (%.20s...)",
+ ppp_option_error("warning: word in file %s too long (%.20s...)",
filename, word);
len = MAXWORDLEN - 1;
}
*valp = strtoul(str, &ptr, base);
if (ptr == str) {
- option_error("invalid numeric parameter '%s' for %s option",
+ ppp_option_error("invalid numeric parameter '%s' for %s option",
str, current_option);
return 0;
}
* if there is an error.
*/
int
-int_option(char *str, int *valp)
+ppp_int_option(char *str, int *valp)
{
u_int32_t v;
static int
readfile(char **argv)
{
- return options_from_file(*argv, 1, 1, privileged_option);
+ return ppp_options_from_file(*argv, 1, 1, privileged_option);
}
/*
}
}
if (!ok) {
- option_error("call option value may not contain .. or start with /");
+ ppp_option_error("call option value may not contain .. or start with /");
return 0;
}
- l = strlen(arg) + strlen(_PATH_PEERFILES) + 1;
+ l = strlen(arg) + strlen(PPP_PATH_PEERFILES) + 1;
if ((fname = (char *) malloc(l)) == NULL)
novm("call file name");
- slprintf(fname, l, "%s%s", _PATH_PEERFILES, arg);
- script_setenv("CALL_FILE", arg, 0);
+ slprintf(fname, l, "%s%s", PPP_PATH_PEERFILES, arg);
+ ppp_script_setenv("CALL_FILE", arg, 0);
- ok = options_from_file(fname, 1, 1, 1);
+ ok = ppp_options_from_file(fname, 1, 1, 1);
free(fname);
return ok;
}
-#ifdef PPP_FILTER
+#ifdef PPP_WITH_FILTER
/*
* setpassfilter - Set the pass filter for packets
*/
pc = pcap_open_dead(DLT_PPP_PPPD, 65535);
if (pcap_compile(pc, &pass_filter, *argv, 1, netmask) == -1) {
- option_error("error in pass-filter expression: %s\n",
+ ppp_option_error("error in pass-filter expression: %s\n",
pcap_geterr(pc));
ret = 0;
}
pc = pcap_open_dead(DLT_PPP_PPPD, 65535);
if (pcap_compile(pc, &active_filter, *argv, 1, netmask) == -1) {
- option_error("error in active-filter expression: %s\n",
+ ppp_option_error("error in active-filter expression: %s\n",
pcap_geterr(pc));
ret = 0;
}
euid = geteuid();
if (!privileged_option && seteuid(getuid()) == -1) {
- option_error("unable to drop permissions to open %s: %m", *argv);
+ ppp_option_error("unable to drop permissions to open %s: %m", *argv);
return 0;
}
fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL, 0644);
fatal("unable to regain privileges: %m");
if (fd < 0) {
errno = err;
- option_error("Can't open log file %s: %m", *argv);
+ ppp_option_error("Can't open log file %s: %m", *argv);
return 0;
}
strlcpy(logfile_name, *argv, sizeof(logfile_name));
return 1;
}
-#ifdef MAXOCTETS
static int
setmodir(char **argv)
{
}
return 1;
}
-#endif
-#ifdef PLUGIN
+#ifdef PPP_WITH_PLUGINS
static int
loadplugin(char **argv)
{
const char *vers;
if (strchr(arg, '/') == 0) {
- const char *base = _PATH_PLUGIN;
+ const char *base = PPP_PATH_PLUGIN;
int l = strlen(base) + strlen(arg) + 2;
path = malloc(l);
if (path == 0)
if (handle == 0) {
err = dlerror();
if (err != 0)
- option_error("%s", err);
- option_error("Couldn't load plugin %s", arg);
+ ppp_option_error("%s", err);
+ ppp_option_error("Couldn't load plugin %s", arg);
goto err;
}
init = (void (*)(void))dlsym(handle, "plugin_init");
if (init == 0) {
- option_error("%s has no initialization entry point", arg);
+ ppp_option_error("%s has no initialization entry point", arg);
goto errclose;
}
vers = (const char *) dlsym(handle, "pppd_version");
if (vers == 0) {
warn("Warning: plugin %s has no version information", arg);
} else if (strcmp(vers, VERSION) != 0) {
- option_error("Plugin %s is for pppd version %s, this is %s",
+ ppp_option_error("Plugin %s is for pppd version %s, this is %s",
arg, vers, VERSION);
goto errclose;
}
info("Plugin %s loaded.", arg);
(*init)();
+ if (path != arg)
+ free(path);
return 1;
errclose:
free(path);
return 0;
}
-#endif /* PLUGIN */
+#endif /* PPP_WITH_PLUGINS */
/*
* Set an environment variable specified by the user.
struct userenv *uep, **insp;
if ((eqp = strchr(arg, '=')) == NULL) {
- option_error("missing = in name=value: %s", arg);
+ ppp_option_error("missing = in name=value: %s", arg);
return 0;
}
if (eqp == arg) {
- option_error("missing variable name: %s", arg);
+ ppp_option_error("missing variable name: %s", arg);
return 0;
}
for (uep = userenv_list; uep != NULL; uep = uep->ue_next) {
/* The name never changes, so allocate it with the structure */
if (uep == NULL) {
uep = malloc(sizeof (*uep) + (eqp-arg));
+ if (uep == NULL) {
+ novm("environment variable");
+ return 1;
+ }
strncpy(uep->ue_name, arg, eqp-arg);
uep->ue_name[eqp-arg] = '\0';
uep->ue_next = NULL;
}
static void
-user_setprint(option_t *opt, printer_func printer, void *arg)
+user_setprint(struct option *opt, printer_func printer, void *arg)
{
struct userenv *uep, *uepnext;
char *arg = argv[0];
if (strchr(arg, '=') != NULL) {
- option_error("unexpected = in name: %s", arg);
+ ppp_option_error("unexpected = in name: %s", arg);
return 0;
}
if (*arg == '\0') {
- option_error("missing variable name for unset");
+ ppp_option_error("missing variable name for unset");
return 0;
}
for (uep = userenv_list; uep != NULL; uep = uep->ue_next) {
/* The name never changes, so allocate it with the structure */
if (uep == NULL) {
uep = malloc(sizeof (*uep) + strlen(arg));
+ if (uep == NULL) {
+ novm("environment variable");
+ return 1;
+ }
strcpy(uep->ue_name, arg);
uep->ue_next = NULL;
insp = &userenv_list;
}
static void
-user_unsetprint(option_t *opt, printer_func printer, void *arg)
+user_unsetprint(struct option *opt, printer_func printer, void *arg)
{
struct userenv *uep, *uepnext;
--- /dev/null
+/*
+ * options.h - header declarations for option processing for PPP.
+ *
+ * Copyright (c) 2000-2002 Paul Mackerras. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * 3. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by Paul Mackerras
+ * <paulus@ozlabs.org>".
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef PPP_OPTIONS_H
+#define PPP_OPTIONS_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+enum opt_type {
+ o_special_noarg,
+ o_special,
+ o_bool,
+ o_int,
+ o_uint32,
+ o_string,
+ o_wild
+};
+
+struct option {
+ char *name; /* name of the option */
+ enum opt_type type;
+ void *addr;
+ char *description;
+ unsigned int flags;
+ void *addr2;
+ int upper_limit;
+ int lower_limit;
+ const char *source;
+ short int priority;
+ short int winner;
+};
+
+typedef struct option option_t;
+
+/* Values for flags */
+#define OPT_VALUE 0xff /* mask for presupplied value */
+#define OPT_HEX 0x100 /* int option is in hex */
+#define OPT_NOARG 0x200 /* option doesn't take argument */
+#define OPT_OR 0x400 /* for u32, OR in argument to value */
+#define OPT_INC 0x400 /* for o_int, increment value */
+#define OPT_A2OR 0x800 /* for o_bool, OR arg to *(u_char *)addr2 */
+#define OPT_PRIV 0x1000 /* privileged option */
+#define OPT_STATIC 0x2000 /* string option goes into static array */
+#define OPT_NOINCR 0x2000 /* for o_int, value mustn't be increased */
+#define OPT_LLIMIT 0x4000 /* check value against lower limit */
+#define OPT_ULIMIT 0x8000 /* check value against upper limit */
+#define OPT_LIMITS (OPT_LLIMIT|OPT_ULIMIT)
+#define OPT_ZEROOK 0x10000 /* 0 value is OK even if not within limits */
+#define OPT_HIDE 0x10000 /* for o_string, print value as ?????? */
+#define OPT_A2LIST 0x20000 /* for o_special, keep list of values */
+#define OPT_A2CLRB 0x20000 /* o_bool, clr val bits in *(u_char *)addr2 */
+#define OPT_ZEROINF 0x40000 /* with OPT_NOINCR, 0 == infinity */
+#define OPT_PRIO 0x80000 /* process option priorities for this option */
+#define OPT_PRIOSUB 0x100000 /* subsidiary member of priority group */
+#define OPT_ALIAS 0x200000 /* option is alias for previous option */
+#define OPT_A2COPY 0x400000 /* addr2 -> second location to rcv value */
+#define OPT_ENABLE 0x800000 /* use *addr2 as enable for option */
+#define OPT_A2CLR 0x1000000 /* clear *(bool *)addr2 */
+#define OPT_PRIVFIX 0x2000000 /* user can't override if set by root */
+#define OPT_INITONLY 0x4000000 /* option can only be set in init phase */
+#define OPT_DEVEQUIV 0x8000000 /* equiv to device name */
+#define OPT_DEVNAM (OPT_INITONLY | OPT_DEVEQUIV)
+#define OPT_A2PRINTER 0x10000000 /* *addr2 printer_func to print option */
+#define OPT_A2STRVAL 0x20000000 /* *addr2 points to current string value */
+#define OPT_NOPRINT 0x40000000 /* don't print this option at all */
+
+#define OPT_VAL(x) ((x) & OPT_VALUE)
+
+/* Values for priority */
+#define OPRIO_DEFAULT 0 /* a default value */
+#define OPRIO_CFGFILE 1 /* value from a configuration file */
+#define OPRIO_CMDLINE 2 /* value from the command line */
+#define OPRIO_SECFILE 3 /* value from options in a secrets file */
+#define OPRIO_ROOT 100 /* added to priority if OPT_PRIVFIX && root */
+
+/* Add additional supported options by e.g. plug-in */
+void ppp_add_options(struct option *options);
+
+/* Parse options from an options file */
+int ppp_options_from_file(char *filename, int must_exist, int check_prot,
+ int privileged);
+
+/* Simplified number_option for decimal ints */
+int ppp_int_option(char *name, int *value);
+
+/* Print an error message about an option */
+void ppp_option_error(char *fmt, ...);
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // PPP_OPTIONS_H
+++ /dev/null
-#define DATE "5 January 2021"
/*
- * define path names
+ * pathnames.h - define default paths for pppd
+ *
+ * Copyright (c) 1999-2002 Paul Mackerras. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * 3. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by Paul Mackerras
+ * <paulus@ozlabs.org>".
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+
+/*
+ * Paths are controlled by configure. Typically, one would pass the following options
+ * to configure:
+ * ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
+ *
+ * Note that if the prefix variable do control all the other directory variables, e.g
+ * sysconfdir is ${prefix}/etc. Setting prefix to /usr, you'll have to override
+ * sysconfdir with /etc to avoid installing config files into /usr/etc.
+ *
+ * In addition, there are three explicit variables that has overrides via configure:
+ * - PPPD_RUNTIME_DIR, set by --with-runtime-dir=<dir>
+ * - PPPD_LOGFILE_DIR, set by --with-logfile-dir=<dir>
+ * - PPPD_PLUGIN_DIR, set by --with-plugin-dir=<dir>
+ */
+#ifndef PPP_PATHNAMES_H
+#define PPP_PATHNAMES_H
+
#include "pppdconf.h"
#ifdef HAVE_PATHS_H
#endif /* HAVE_PATHS_H */
#ifndef _PATH_DEVNULL
-#define _PATH_DEVNULL "/dev/null"
+#define _PATH_DEVNULL "/dev/null"
#endif
+#define PPP_DEVNULL _PATH_DEVNULL
+
+/*
+ * PPPD_RUNTIME_DIR is set by passing --with-runtime-dir=<path> via configure
+ * the default value set by configure when option is absent is ${localstatedir}/run/pppd
+ */
#ifdef PPPD_RUNTIME_DIR
-#undef _PATH_VARRUN
-#define _PATH_VARRUN PPPD_RUNTIME_DIR "/"
+#define PPP_PATH_VARRUN PPPD_RUNTIME_DIR
+#else
+#define PPP_PATH_VARRUN _PATH_VARRUN
#endif
+/*
+ * PPPD_LOGFILE_DIR is set by passing --with-logfile-dir=<path> via configure
+ * the default value set by configure when option is absent is ${localstatedir}/log/ppp
+ */
#ifdef PPPD_LOGFILE_DIR
-#undef _PATH_VARLOG
-#define _PATH_VARLOG PPPD_LOGFILE_DIR
+#define PPP_PATH_VARLOG PPPD_LOGFILE_DIR
+#else
+#define PPP_PATH_VARLOG _PATH_VARRUN "/log/ppp"
#endif
+/*
+ * PPPD_PLUGIN_DIR is set by passing --with-plugin-dir=<path> via configure
+ * the default value set by configure when option is absent is ${libdir}/pppd/${version}
+ */
#ifdef PPPD_PLUGIN_DIR
-#define _PATH_PLUGIN PPPD_PLUGIN_DIR
-#else
-#ifdef __STDC__
-#define _PATH_PLUGIN DESTDIR "/lib/pppd/" VERSION
-#else /* __STDC__ */
-#define _PATH_PLUGIN "/usr/lib/pppd"
-#endif /* __STDC__ */
+#define PPP_PATH_PLUGIN PPPD_PLUGIN_DIR
#endif /* PPPD_PLUGIN_DIR */
-#ifndef _ROOT_PATH
-#define _ROOT_PATH
-#endif
+#define PPP_PATH_CONFDIR SYSCONFDIR "/ppp"
+
+#define PPP_PATH_UPAPFILE PPP_PATH_CONFDIR "/pap-secrets"
+#define PPP_PATH_CHAPFILE PPP_PATH_CONFDIR "/chap-secrets"
+#define PPP_PATH_SRPFILE PPP_PATH_CONFDIR "/srp-secrets"
+
+#ifdef PPP_WITH_EAPTLS
+#define PPP_PATH_EAPTLSCLIFILE PPP_PATH_CONFDIR "/eaptls-client"
+#define PPP_PATH_EAPTLSSERVFILE PPP_PATH_CONFDIR "/eaptls-server"
+#define PPP_PATH_OPENSSLCONFFILE PPP_PATH_CONFDIR "/openssl.cnf"
+#endif /* PPP_WITH_EAPTLS */
+
+#define PPP_PATH_SYSOPTIONS PPP_PATH_CONFDIR "/options"
+#define PPP_PATH_IPUP PPP_PATH_CONFDIR "/ip-up"
+#define PPP_PATH_IPDOWN PPP_PATH_CONFDIR "/ip-down"
+#define PPP_PATH_IPPREUP PPP_PATH_CONFDIR "/ip-pre-up"
+#define PPP_PATH_AUTHUP PPP_PATH_CONFDIR "/auth-up"
+#define PPP_PATH_AUTHDOWN PPP_PATH_CONFDIR "/auth-down"
+#define PPP_PATH_TTYOPT PPP_PATH_CONFDIR "/options."
+#define PPP_PATH_PEERFILES PPP_PATH_CONFDIR "/peers/"
+#define PPP_PATH_RESOLV PPP_PATH_CONFDIR "/resolv.conf"
+
+#define PPP_PATH_NET_INIT PPP_PATH_CONFDIR "/net-init"
+#define PPP_PATH_NET_PREUP PPP_PATH_CONFDIR "/net-pre-up"
+#define PPP_PATH_NET_DOWN PPP_PATH_CONFDIR "/net-down"
+
+#define PPP_PATH_CONNERRS PPP_PATH_VARLOG "/connect-errors"
-#define _PATH_UPAPFILE _ROOT_PATH "/etc/ppp/pap-secrets"
-#define _PATH_CHAPFILE _ROOT_PATH "/etc/ppp/chap-secrets"
-#define _PATH_SRPFILE _ROOT_PATH "/etc/ppp/srp-secrets"
-
-#ifdef USE_EAPTLS
-#define _PATH_EAPTLSCLIFILE _ROOT_PATH "/etc/ppp/eaptls-client"
-#define _PATH_EAPTLSSERVFILE _ROOT_PATH "/etc/ppp/eaptls-server"
-#define _PATH_OPENSSLCONFFILE _ROOT_PATH "/etc/ppp/openssl.cnf"
-#endif /* USE_EAPTLS */
-
-#define _PATH_SYSOPTIONS _ROOT_PATH "/etc/ppp/options"
-#define _PATH_IPUP _ROOT_PATH "/etc/ppp/ip-up"
-#define _PATH_IPDOWN _ROOT_PATH "/etc/ppp/ip-down"
-#define _PATH_IPPREUP _ROOT_PATH "/etc/ppp/ip-pre-up"
-#define _PATH_AUTHUP _ROOT_PATH "/etc/ppp/auth-up"
-#define _PATH_AUTHDOWN _ROOT_PATH "/etc/ppp/auth-down"
-#define _PATH_TTYOPT _ROOT_PATH "/etc/ppp/options."
-#define _PATH_CONNERRS _ROOT_PATH _PATH_VARLOG "/connect-errors"
-#define _PATH_PEERFILES _ROOT_PATH "/etc/ppp/peers/"
-#define _PATH_RESOLV _ROOT_PATH "/etc/ppp/resolv.conf"
-
-#define _PATH_USEROPT ".ppprc"
-#define _PATH_PSEUDONYM ".ppp_pseudonym"
-
-#ifdef INET6
-#define _PATH_IPV6UP _ROOT_PATH "/etc/ppp/ipv6-up"
-#define _PATH_IPV6DOWN _ROOT_PATH "/etc/ppp/ipv6-down"
+#define PPP_PATH_USEROPT ".ppprc"
+#define PPP_PATH_PSEUDONYM ".ppp_pseudonym"
+
+#ifdef PPP_WITH_IPV6CP
+#define PPP_PATH_IPV6UP PPP_PATH_CONFDIR "/ipv6-up"
+#define PPP_PATH_IPV6DOWN PPP_PATH_CONFDIR "/ipv6-down"
#endif
-#ifdef IPX_CHANGE
-#define _PATH_IPXUP _ROOT_PATH "/etc/ppp/ipx-up"
-#define _PATH_IPXDOWN _ROOT_PATH "/etc/ppp/ipx-down"
-#endif /* IPX_CHANGE */
+#define PPP_PATH_PPPDB PPP_PATH_VARRUN "/pppd2.tdb"
+
+#ifdef __linux__
+#define PPP_PATH_LOCKDIR "/var/lock"
+#else
+#ifdef SVR4
+#define PPP_PATH_LOCKDIR "/var/spool/locks"
+#else
+#define PPP_PATH_LOCKDIR "/var/spool/lock"
+#endif
+#endif
-#ifdef __STDC__
-#define _PATH_PPPDB _ROOT_PATH _PATH_VARRUN "pppd2.tdb"
-#else /* __STDC__ */
-#define _PATH_PPPDB _PPP_VARRUN "pppd2.tdb"
-#endif /* __STDC__ */
+#endif /* PPP_PATHNAMES_H */
* https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-peap
*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/hmac.h>
#include <openssl/rand.h>
#include <openssl/err.h>
-#include <net/ppp_defs.h>
-#include "pppd.h"
+#include "pppd-private.h"
#include "eap.h"
#include "tls.h"
-#include "chap-new.h"
+#include "chap.h"
#include "chap_ms.h"
#include "mppe.h"
#include "peap.h"
u_char tk[PEAP_TLV_TK_LEN];
u_char nonce[PEAP_TLV_NONCE_LEN];
struct tls_info *info;
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
struct chap_digest_type *chap;
#endif
};
BCOPY(nonce, (data_tlv + PEAP_TLV_HEADERLEN), PEAP_TLV_NONCE_LEN);
data_tlv[60] = EAPT_PEAP;
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
mppe_get_send_key(isk, MPPE_MAX_KEY_LEN);
mppe_get_recv_key(isk + MPPE_MAX_KEY_LEN, MPPE_MAX_KEY_LEN);
#endif
fatal("server's CMK does not match client's CMK, potential MiTM");
}
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
#define PEAP_MPPE_KEY_LEN 32
static void generate_mppe_keys(u_char *ipmk, int client)
outp = outp + PEAP_TLV_RESULT_LEN;
RAND_bytes(psm->nonce, PEAP_TLV_NONCE_LEN);
generate_cmk(psm->ipmk, psm->tk, psm->nonce, outp, 1);
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
/* set mppe keys */
generate_mppe_keys(psm->ipmk, 1);
#endif
used += 2;
break;
-#if CHAPMS
+#if PPP_WITH_CHAPMS
case EAPT_MSCHAPV2: {
// Must have at least 4 more bytes to process CHAP header
}
case CHAP_FAILURE: {
+ u_char status = CHAP_FAILURE;
psm->chap->handle_failure(in_buf, in_len);
PUTCHAR(EAPT_MSCHAPV2, outp);
PUTCHAR(status, outp);
#ifndef PPP_PEAP_H
#define PPP_PEAP_H
+#include "pppdconf.h"
+
#define PEAP_PHASE_1 1
#define PEAP_PHASE_2 2
pppd_plugin_LTLIBRARIES = minconn.la passprompt.la passwordfd.la winbind.la
pppd_plugindir = $(PPPD_PLUGIN_DIR)
-PLUGIN_CPPFLAGS = -I${top_srcdir}/include -I${top_srcdir}/pppd
+PLUGIN_CPPFLAGS = -I${top_srcdir}
PLUGIN_LDFLAGS = -module -avoid-version
minconn_la_CPPFLAGS = $(PLUGIN_CPPFLAGS)
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
#include <stddef.h>
#include <time.h>
-#include "pppd.h"
+#include <stdint.h>
+#include <stdbool.h>
+#include <stdarg.h>
+#include <sys/types.h>
+
+#include <pppd/pppd.h>
+#include <pppd/options.h>
+
+#if !defined(SOL2)
+#include <linux/ppp_defs.h>
+#else
+#include <net/ppp_defs.h>
+#endif
-char pppd_version[] = VERSION;
+char pppd_version[] = PPPD_VERSION;
static int minconnect = 0;
-static option_t my_options[] = {
+static struct option my_options[] = {
{ "minconnect", o_int, &minconnect,
"Set minimum connect time before idle timeout applies" },
{ NULL }
time_t t;
if (idle == NULL)
- return minconnect? minconnect: idle_time_limit;
+ return minconnect ? minconnect: ppp_get_max_idle_time();
t = idle->xmit_idle;
if (idle->recv_idle < t)
t = idle->recv_idle;
- return idle_time_limit - t;
+ return ppp_get_max_idle_time() - t;
}
void plugin_init(void)
{
info("plugin_init");
- add_options(my_options);
+ ppp_add_options(my_options);
idle_time_hook = my_get_idle;
}
* 2 of the License, or (at your option) any later version.
*/
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
#include <errno.h>
#include <unistd.h>
#include <sys/wait.h>
+#include <sys/param.h>
+#include <limits.h>
+#include <stdio.h>
#include <syslog.h>
-#include "pppd.h"
+#include <stdarg.h>
+#include <stdint.h>
+#include <stdbool.h>
+#include <string.h>
+
+#include <pppd/pppd.h>
+#include <pppd/upap.h>
+#include <pppd/eap.h>
+#include <pppd/options.h>
-char pppd_version[] = VERSION;
+char pppd_version[] = PPPD_VERSION;
static char promptprog[PATH_MAX+1];
static int promptprog_refused = 0;
-static option_t options[] = {
+static struct option options[] = {
{ "promptprog", o_string, promptprog,
"External PAP password prompting program",
OPT_STATIC, NULL, PATH_MAX },
if (!kid) {
/* we are the child, exec the program */
char *argv[5], fdstr[32];
- sys_close();
+ ppp_sys_close();
closelog();
close(p[0]);
ret = seteuid(getuid());
if (ret != 0) {
warn("Couldn't set effective user id");
}
- argv[0] = promptprog;
- argv[1] = user;
- argv[2] = remote_name;
sprintf(fdstr, "%d", p[1]);
+ argv[0] = promptprog;
+ argv[1] = strdup(user);
+ argv[2] = strdup(ppp_remote_name());
argv[3] = fdstr;
argv[4] = 0;
execv(*argv, argv);
if (red == 0)
break;
if (red < 0) {
- if (errno == EINTR && !got_sigterm)
+ if (errno == EINTR && !ppp_signaled(SIGTERM))
continue;
error("Can't read secret from %s: %m", promptprog);
readgood = -1;
/* now wait for child to exit */
while (waitpid(kid, &wstat, 0) < 0) {
- if (errno != EINTR || got_sigterm) {
+ if (errno != EINTR || ppp_signaled(SIGTERM)) {
warn("error waiting for %s: %m", promptprog);
break;
}
void plugin_init(void)
{
- add_options(options);
+ ppp_add_options(options);
pap_passwd_hook = promptpass;
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
eaptls_passwd_hook = promptpass;
#endif
}
* with pap- and chap-secrets files.
*/
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
#include <stdio.h>
#include <errno.h>
#include <string.h>
#include <unistd.h>
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stdint.h>
+#include <sys/time.h>
-#include "pppd.h"
+#include <pppd/pppd.h>
+#include <pppd/upap.h>
+#include <pppd/chap.h>
+#include <pppd/eap.h>
+#include <pppd/options.h>
-char pppd_version[] = VERSION;
+char pppd_version[] = PPPD_VERSION;
-static int passwdfd = -1;
static char save_passwd[MAXSECRETLEN];
-static option_t options[] = {
- { "passwordfd", o_int, &passwdfd,
- "Receive password on this file descriptor" },
- { NULL }
-};
-
-static int pwfd_check (void)
+static int pwfd_read_password(char **argv)
{
- return 1;
-}
-
-static int pwfd_passwd (char *user, char *passwd)
-{
- int readgood, red;
+ ssize_t readgood, red;
+ int passwdfd;
+ char passwd[MAXSECRETLEN];
- if (passwdfd == -1)
- return -1;
-
- if (passwd == NULL)
- return 1;
-
- if (passwdfd == -2) {
- strcpy (passwd, save_passwd);
- return 1;
- }
+ if (!ppp_int_option(argv[0], &passwdfd))
+ return 0;
readgood = 0;
do {
passwd[readgood] = 0;
strcpy (save_passwd, passwd);
- passwdfd = -2;
return 1;
}
+static struct option options[] = {
+ { "passwordfd", o_special, pwfd_read_password,
+ "Receive password on this file descriptor" },
+ { NULL }
+};
+
+static int pwfd_check (void)
+{
+ return 1;
+}
+
+static int pwfd_passwd (char *user, char *passwd)
+{
+ if (passwd != NULL)
+ strcpy(passwd, save_passwd);
+ return 1;
+}
+
void plugin_init (void)
{
- add_options (options);
+ ppp_add_options (options);
pap_check_hook = pwfd_check;
pap_passwd_hook = pwfd_passwd;
chap_check_hook = pwfd_check;
chap_passwd_hook = pwfd_passwd;
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
eaptls_passwd_hook = pwfd_passwd;
#endif
}
atmres.h \
atmsap.h
-pppoatm_la_CPPFLAGS = -I${top_srcdir}/include -I${top_srcdir}/pppd
+pppoatm_la_CPPFLAGS = -I${top_srcdir}
pppoatm_la_LDFLAGS = -module -avoid-version
pppoatm_la_SOURCES = pppoatm.c
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*/
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
#include <unistd.h>
#include <string.h>
#include <stdlib.h>
-#include "pppd.h"
-#include "pathnames.h"
-#include "fsm.h" /* Needed for lcp.h to include cleanly */
-#include "lcp.h"
#include <atm.h>
#include <linux/atmdev.h>
#include <linux/atmppp.h>
#include <sys/stat.h>
#include <net/if.h>
#include <sys/ioctl.h>
+#include <sys/param.h>
+#include <stdbool.h>
+#include <stdarg.h>
+
+#include <pppd/pppd.h>
+#include <pppd/options.h>
+#include <pppd/fsm.h> /* Needed for lcp.h to include cleanly */
+#include <pppd/lcp.h>
+
-const char pppd_version[] = VERSION;
+const char pppd_version[] = PPPD_VERSION;
static struct sockaddr_atmpvc pvcaddr;
static char *qosstr = NULL;
static int setdevname_pppoatm(const char *cp, const char **argv, int doit);
struct channel pppoa_channel;
static int pppoa_fd = -1;
+static char devnam[MAXNAMELEN];
-static option_t pppoa_options[] = {
+static struct option pppoa_options[] = {
{ "device name", o_wild, (void *) &setdevname_pppoatm,
"ATM service provider IDs: VPI.VCI",
OPT_DEVNAM | OPT_PRIVFIX | OPT_NOARG | OPT_A2STRVAL | OPT_STATIC,
return 1;
memcpy(&pvcaddr, &addr, sizeof pvcaddr);
- strlcpy(devnam, cp, sizeof devnam);
+ strlcpy(devnam, cp, sizeof(devnam));
+ ppp_set_devnam(devnam);
devstat.st_mode = S_IFSOCK;
if (the_channel != &pppoa_channel) {
the_channel = &pppoa_channel;
pppoatm_max_mtu = lcp_allowoptions[0].mru;
pppoatm_max_mru = lcp_wantoptions[0].mru;
set_line_discipline_pppoatm(fd);
- strlcpy(ppp_devnam, devnam, sizeof(ppp_devnam));
+ ppp_set_pppdevnam(devnam);
pppoa_fd = fd;
return fd;
}
{
#ifdef linux
extern int new_style_driver; /* From sys-linux.c */
- if (!ppp_available() && !new_style_driver)
+ if (!ppp_check_kernel_support() && !new_style_driver)
fatal("Kernel doesn't support ppp_generic - "
"needed for PPPoATM");
#else
fatal("No PPPoATM support on this OS");
#endif
- add_options(pppoa_options);
+ ppp_add_options(pppoa_options);
}
struct channel pppoa_channel = {
.check_options = NULL,
.connect = &connect_pppoatm,
.disconnect = &disconnect_pppoatm,
- .establish_ppp = &generic_establish_ppp,
- .disestablish_ppp = &generic_disestablish_ppp,
+ .establish_ppp = &ppp_generic_establish,
+ .disestablish_ppp = &ppp_generic_disestablish,
.send_config = NULL,
.recv_config = NULL,
.close = NULL,
noinst_HEADERS = \
pppoe.h
-pppoe_la_CPPFLAGS = -I${top_srcdir} -I${top_srcdir}/include
+pppoe_la_CPPFLAGS = -I${top_srcdir} -DSYSCONFDIR=\"${sysconfdir}\" -DPLUGIN
pppoe_la_LDFLAGS = -module -avoid-version
pppoe_la_SOURCES = plugin.c discovery.c if.c common.c
-pppoe_discovery_CPPFLAGS = -I${top_srcdir} -I${top_srcdir}/include
+pppoe_discovery_CPPFLAGS = -I${top_srcdir}
pppoe_discovery_SOURCES = pppoe-discovery.c discovery.c if.c common.c
"$Id: common.c,v 1.3 2008/06/09 08:34:23 paulus Exp $";
#ifdef HAVE_CONFIG_H
-#include <config.h>
+#include "config.h"
#endif
#define _GNU_SOURCE 1
#include "pppoe.h"
-#include "pppd/pppd.h"
+#include <pppd/pppd.h>
#include <string.h>
#include <errno.h>
--- /dev/null
+/* pppd/config.h.in. Generated from configure.ac by autoheader. */
+
+/* Define to 1 if you have the <asm/types.h> header file. */
+#undef HAVE_ASM_TYPES_H
+
+/* Define to 1 if you have the <linux/if_ether.h> header file. */
+#undef HAVE_LINUX_IF_ETHER_H
+
+/* Define to 1 if you have the <linux/if.h> header file. */
+#undef HAVE_LINUX_IF_H
+
+/* Define to 1 if you have the <linux/if_packet.h> header file. */
+#undef HAVE_LINUX_IF_PACKET_H
+
+/* Define to 1 if you have the <net/if_arp.h> header file. */
+#undef HAVE_NET_IF_ARP_H
+
+/* Define to 1 if you have the <net/if_types.h> header file. */
+#undef HAVE_NET_IF_TYPES_H
+
+/* Define to 1 if you have the <netinet/if_ether.h> header file. */
+#undef HAVE_NETINET_IF_ETHER_H
+
+/* Define to 1 if you have the <netpacket/packet.h> header file. */
+#undef HAVE_NETPACKET_PACKET_H
+
+/* Define to 1 if you have the <net/bpf.h> header file. */
+#undef HAVE_NET_BPF_H
+
+/* Define to 1 if you have the <net/if.h> header file. */
+#undef HAVE_NET_IF_H
+
+/* Define to 1 if you have the <sys/dlpi.h> header file. */
+#undef HAVE_SYS_DLPI_H
+
+/* Define to 1 if you have the <sys/ioctl.h> header file. */
+#undef HAVE_SYS_IOCTL_H
+
+/* Define to 1 if you have the <sys/socket.h> header file. */
+#undef HAVE_SYS_SOCKET_H
+
+/* Define to 1 if you have the <sys/uio.h> header file. */
+#undef HAVE_SYS_UIO_H
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#undef HAVE_UNISTD_H
+
+/* Define to 1 if you have the <stdarg.h> header file. */
+#undef HAVE_STDARG_H
+
+/* Define to 1 if you have the <stdbool.h> header file. */
+#undef HAVE_STDBOOL_H
+
+/* Define to 1 if you have the <stddef.h> header file. */
+#undef HAVE_STDDEF_H
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#undef HAVE_STDINT_H
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#undef HAVE_SYS_TYPES_H
+
+/* The size of `unsigned int', as computed by sizeof. */
+#undef SIZEOF_UNSIGNED_INT
+
+/* The size of `unsigned long', as computed by sizeof. */
+#undef SIZEOF_UNSIGNED_LONG
+
+/* The size of `unsigned short', as computed by sizeof. */
+#undef SIZEOF_UNSIGNED_SHORT
+
+/* Define to 1 if the system has the type `struct sockaddr_ll'. */
+#undef HAVE_STRUCT_SOCKADDR_LL
"$Id: discovery.c,v 1.6 2008/06/15 04:35:50 paulus Exp $";
#ifdef HAVE_CONFIG_H
-#include <config.h>
+#include "config.h"
#endif
#define _GNU_SOURCE 1
#include "pppoe.h"
-#include "pppd/pppd.h"
-#include "pppd/fsm.h"
-#include "pppd/lcp.h"
+#include <pppd/pppd.h>
+#include <pppd/fsm.h>
+#include <pppd/lcp.h>
#include <string.h>
#include <stdlib.h>
#include <signal.h>
+#ifdef PLUGIN
+#define signaled(x) ppp_signaled(x)
+#define get_time(x) ppp_get_time(x)
+#else
+int signaled(int signal);
+int get_time(struct timeval *tv);
+
+#endif
+
/* Calculate time remaining until *exp, return 0 if now >= *exp */
static int time_left(struct timeval *diff, struct timeval *exp)
{
while(1) {
r = select(conn->discoverySocket+1, &readable, NULL, NULL, &tv);
- if (r >= 0 || errno != EINTR || got_sigterm) break;
+ if (r >= 0 || errno != EINTR || signaled(SIGTERM)) break;
}
if (r < 0) {
error("select (waitForPADO): %m");
while(1) {
r = select(conn->discoverySocket+1, &readable, NULL, NULL, &tv);
- if (r >= 0 || errno != EINTR || got_sigterm) break;
+ if (r >= 0 || errno != EINTR || signaled(SIGTERM)) break;
}
if (r < 0) {
error("select (waitForPADS): %m");
do {
padiAttempts++;
- if (got_sigterm || padiAttempts > conn->discoveryAttempts) {
+ if (signaled(SIGTERM) || padiAttempts > conn->discoveryAttempts) {
warn("Timeout waiting for PADO packets");
close(conn->discoverySocket);
conn->discoverySocket = -1;
do {
padrAttempts++;
- if (got_sigterm || padrAttempts > conn->discoveryAttempts) {
+ if (signaled(SIGTERM) || padrAttempts > conn->discoveryAttempts) {
warn("Timeout waiting for PADS packets");
close(conn->discoverySocket);
conn->discoverySocket = -1;
"$Id: if.c,v 1.2 2008/06/09 08:34:23 paulus Exp $";
#ifdef HAVE_CONFIG_H
-#include <config.h>
+#include "config.h"
#endif
#define _GNU_SOURCE 1
#include "pppoe.h"
-#include "pppd/pppd.h"
+#include <pppd/pppd.h>
#ifdef HAVE_UNISTD_H
#include <unistd.h>
int fd;
struct ifreq ifr;
int domain, stype;
+ size_t maxlen;
#ifdef HAVE_STRUCT_SOCKADDR_LL
struct sockaddr_ll sa;
#ifdef HAVE_STRUCT_SOCKADDR_LL
domain = PF_PACKET;
stype = SOCK_RAW;
+ maxlen = IFNAMSIZ;
#else
domain = PF_INET;
stype = SOCK_PACKET;
+ maxlen = sizeof(sa.sa_data);
#endif
+ if (strlen(ifname) >= maxlen) {
+ error("Can't use interface %.16s: name is too long", ifname);
+ return -1;
+ }
+
if ((fd = socket(domain, stype, htons(type))) < 0) {
/* Give a more helpful message for the common error case */
if (errno == EPERM) {
sa.sll_ifindex = ifr.ifr_ifindex;
#else
- strcpy(sa.sa_data, ifname);
+ strlcpy(sa.sa_data, ifname, sizeof(sa.sa_data));
#endif
/* We're only interested in packets on specified interface */
{
int err;
- if (debug)
+ if (debug_on())
pppoe_log_packet("Send ", pkt);
#if defined(HAVE_STRUCT_SOCKADDR_LL)
err = send(sock, pkt, size, 0);
#else
struct sockaddr sa;
- strcpy(sa.sa_data, conn->ifName);
+ strlcpy(sa.sa_data, conn->ifName, sizeof(sa.sa_data));
err = sendto(sock, pkt, size, 0, &sa, sizeof(sa));
#endif
if (err < 0) {
error("error receiving pppoe packet: %m");
return -1;
}
- if (debug)
+ if (debug_on())
pppoe_log_packet("Recv ", pkt);
return 0;
}
"$Id: plugin.c,v 1.17 2008/06/15 04:35:50 paulus Exp $";
#ifdef HAVE_CONFIG_H
-#include <config.h>
+#include "config.h"
#endif
#define _GNU_SOURCE 1
#include "pppoe.h"
-#include "pppd/pppd.h"
-#include "pppd/fsm.h"
-#include "pppd/lcp.h"
-#include "pppd/ipcp.h"
-#include "pppd/ccp.h"
-/* #include "pppd/pathnames.h" */
-
#include <linux/types.h>
#include <sys/ioctl.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/stat.h>
+#include <sys/param.h>
#include <string.h>
#include <stdlib.h>
#include <errno.h>
#include <linux/ppp_defs.h>
#include <linux/if_pppox.h>
-#ifndef _ROOT_PATH
-#define _ROOT_PATH ""
-#endif
-
-#define _PATH_ETHOPT _ROOT_PATH "/etc/ppp/options."
+#include <pppd/pppd.h>
+#include <pppd/options.h>
+#include <pppd/fsm.h>
+#include <pppd/lcp.h>
+#include <pppd/ipcp.h>
+#include <pppd/ccp.h>
-char pppd_version[] = VERSION;
+char pppd_version[] = PPPD_VERSION;
/* From sys-linux.c in pppd -- MUST FIX THIS! */
extern int new_style_driver;
static char *pppoe_host_uniq;
static int pppoe_padi_timeout = PADI_TIMEOUT;
static int pppoe_padi_attempts = MAX_PADI_ATTEMPTS;
+static char devnam[MAXNAMELEN];
static int PPPoEDevnameHook(char *cmd, char **argv, int doit);
-static option_t Options[] = {
+static struct option Options[] = {
{ "device name", o_wild, (void *) &PPPoEDevnameHook,
"PPPoE device name",
OPT_DEVNAM | OPT_PRIVFIX | OPT_NOARG | OPT_A2STRVAL | OPT_STATIC,
struct sockaddr_pppox sp;
struct ifreq ifr;
int s;
+ char remote_number[MAXNAMELEN];
/* Open session socket before discovery phase, to avoid losing session */
/* packets sent by peer just after PADS packet (noted on some Cisco */
conn->acName = acName;
conn->serviceName = pppd_pppoe_service;
- strlcpy(ppp_devnam, devnam, sizeof(ppp_devnam));
+ ppp_set_pppdevnam(devnam);
if (existingSession) {
unsigned int mac[ETH_ALEN];
int i, ses;
}
/* Set PPPoE session-number for further consumption */
- ppp_session_number = ntohs(conn->session);
+ ppp_set_session_number(ntohs(conn->session));
sp.sa_family = AF_PPPOX;
sp.sa_protocol = PX_PROTO_OE;
(unsigned) conn->peerEth[3],
(unsigned) conn->peerEth[4],
(unsigned) conn->peerEth[5]);
+ warn("Connected to %s via interface %s", remote_number, conn->ifName);
+ ppp_set_remote_number(remote_number);
- warn("Connected to %02X:%02X:%02X:%02X:%02X:%02X via interface %s",
- (unsigned) conn->peerEth[0],
- (unsigned) conn->peerEth[1],
- (unsigned) conn->peerEth[2],
- (unsigned) conn->peerEth[3],
- (unsigned) conn->peerEth[4],
- (unsigned) conn->peerEth[5],
- conn->ifName);
-
- script_setenv("MACREMOTE", remote_number, 0);
+ ppp_script_setenv("MACREMOTE", remote_number, 0);
if (connect(conn->sessionSocket, (struct sockaddr *) &sp,
sizeof(struct sockaddr_pppox)) < 0) {
sizeof(struct sockaddr_pppox)) < 0 && errno != EALREADY)
error("Failed to disconnect PPPoE socket: %d %m", errno);
close(conn->sessionSocket);
+ if (conn->discoverySocket < 0)
+ conn->discoverySocket =
+ openInterface(conn->ifName, Eth_PPPOE_Discovery, NULL);
if (conn->discoverySocket >= 0) {
sendPADT(conn, NULL);
close(conn->discoverySocket);
static void
PPPOEDeviceOptions(void)
{
+ char name[MAXPATHLEN];
char buf[MAXPATHLEN];
- strlcpy(buf, _PATH_ETHOPT, MAXPATHLEN);
- strlcat(buf, devnam, MAXPATHLEN);
- if (!options_from_file(buf, 0, 0, 1))
- exit(EXIT_OPTION_ERROR);
-
+ slprintf(name, sizeof(name), "options.%s", devnam);
+ if (ppp_get_filepath(PPP_DIR_CONF, name, buf, sizeof(buf)) < sizeof(buf)) {
+ if (!ppp_options_from_file(buf, 0, 0, 1)) {
+ exit(EXIT_OPTION_ERROR);
+ }
+ } else {
+ exit(EXIT_OPTION_ERROR);
+ }
}
struct channel pppoe_channel;
if (the_channel != &pppoe_channel) {
the_channel = &pppoe_channel;
- modem = 0;
+ ppp_set_modem(0);
PPPOEInitDevice();
}
+ ppp_set_devnam(devnam);
return 1;
}
void
plugin_init(void)
{
- if (!ppp_available() && !new_style_driver) {
+ if (!ppp_check_kernel_support() && !new_style_driver) {
fatal("Linux kernel does not support PPPoE -- are you running 2.4.x?");
}
- add_options(Options);
+ ppp_add_options(Options);
- info("PPPoE plugin from pppd %s", VERSION);
+ info("PPPoE plugin from pppd %s", PPPD_VERSION);
}
void pppoe_check_options(void)
if (sscanf(pppoe_reqd_mac, "%x:%x:%x:%x:%x:%x",
&mac[0], &mac[1], &mac[2], &mac[3],
&mac[4], &mac[5]) != 6) {
- option_error("cannot parse pppoe-mac option value");
+ ppp_option_error("cannot parse pppoe-mac option value");
exit(EXIT_OPTION_ERROR);
}
for (i = 0; i < 6; ++i)
.check_options = pppoe_check_options,
.connect = &PPPOEConnectDevice,
.disconnect = &PPPOEDisconnectDevice,
- .establish_ppp = &generic_establish_ppp,
- .disestablish_ppp = &generic_disestablish_ppp,
+ .establish_ppp = &ppp_generic_establish,
+ .disestablish_ppp = &ppp_generic_disestablish,
.send_config = NULL,
.recv_config = &PPPOERecvConfig,
.close = NULL,
.RE
.SH AUTHORS
\fBpppoe\-discovery\fR was written by Marco d'Itri <md@linux.it>,
-based on \fBpppoe\fR by David F. Skoll <dfs@roaringpenguin.com>.
+based on \fBpppoe\fR by Dianne Skoll <dianne@skoll.ca>.
.SH SEE ALSO
-pppoe(8), pppoe-sniff(8)
+pppoe(8), pppoe\-sniff(8)
*/
#ifdef HAVE_CONFIG_H
-#include <config.h>
+#include "config.h"
#endif
#include <stdarg.h>
#include <string.h>
#include <time.h>
#include <signal.h>
+#include <sys/time.h>
+#include <stdbool.h>
+#include <stdint.h>
#include "pppoe.h"
static FILE *debugFile;
void
-fatal(char *fmt, ...)
+fatal(const char *fmt, ...)
{
va_list pvar;
va_start(pvar, fmt);
}
void
-error(char *fmt, ...)
+error(const char *fmt, ...)
{
va_list pvar;
va_start(pvar, fmt);
}
void
-warn(char *fmt, ...)
+warn(const char *fmt, ...)
{
va_list pvar;
va_start(pvar, fmt);
}
void
-info(char *fmt, ...)
+info(const char *fmt, ...)
{
va_list pvar;
va_start(pvar, fmt);
return gettimeofday(tv, NULL);
}
+int signaled(int signal) {
+ if (signal == SIGTERM)
+ return got_sigterm;
+ return 0;
+}
+
+bool debug_on()
+{
+ return !!debug;
+}
+
static void
term_handler(int signum)
{
optarg, strerror(errno));
exit(1);
}
- fprintf(debugFile, "pppoe-discovery from pppd %s\n", VERSION);
+ fprintf(debugFile, "pppoe-discovery from pppd %s\n", PPPD_VERSION);
break;
case 'I':
conn->ifName = xstrdup(optarg);
" -U -- Use Host-Unique to allow multiple PPPoE sessions.\n"
" -W hexvalue -- Set the Host-Unique to the supplied hex string.\n"
" -h -- Print usage information.\n");
- fprintf(stderr, "\npppoe-discovery from pppd " VERSION "\n");
+ fprintf(stderr, "\npppoe-discovery from pppd " PPPD_VERSION "\n");
}
#include <ctype.h>
#include <string.h>
-#include "pppd/pppd.h" /* For error */
+#include <pppd/pppd.h> /* For error */
/* How do we access raw Ethernet devices? */
#undef USE_LINUX_PACKET
#define NOT_UNICAST(e) ((e[0] & 0x01) != 0)
#define BROADCAST(e) ((e[0] & e[1] & e[2] & e[3] & e[4] & e[5]) == 0xFF)
#define NOT_BROADCAST(e) ((e[0] & e[1] & e[2] & e[3] & e[4] & e[5]) != 0xFF)
+
+#ifndef MIN
+#define MIN(a, b) ((a) < (b)? (a): (b))
+#endif
+#ifndef MAX
+#define MAX(a, b) ((a) > (b)? (a): (b))
+#endif
noinst_HEADERS = \
l2tp_event.h
-pppol2tp_la_CPPFLAGS = -I${top_srcdir}/include -I${top_srcdir}/pppd
+pppol2tp_la_CPPFLAGS = -I${top_srcdir}
pppol2tp_la_LDFLAGS = -module -avoid-version
pppol2tp_la_SOURCES = pppol2tp.c
-openl2tp_la_CPPFLAGS = -I${top_srcdir}/include -I${top_srcdir}/pppd
+openl2tp_la_CPPFLAGS = -I${top_srcdir}
openl2tp_la_LDFLAGS = -module -avoid-version
openl2tp_la_SOURCES = openl2tp.c
/* pppd plugin for interfacing to openl2tpd */
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
#include <unistd.h>
#include <string.h>
#include <stdlib.h>
#include <errno.h>
-#include "pppd.h"
-#include "pathnames.h"
-#include "fsm.h"
-#include "lcp.h"
-#include "ccp.h"
-#include "ipcp.h"
+
#include <sys/stat.h>
#include <net/if.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
#include <sys/un.h>
+#include <sys/time.h>
#include <netinet/in.h>
#include <signal.h>
#include <linux/version.h>
#include <linux/sockios.h>
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stdio.h>
+
+#include <pppd/pppd.h>
+#include <pppd/options.h>
+#include <pppd/fsm.h>
+#include <pppd/lcp.h>
+#include <pppd/ccp.h>
+#include <pppd/ipcp.h>
+#include <pppd/multilink.h>
+
#ifndef aligned_u64
/* should be defined in sys/types.h */
#include <linux/types.h>
#include <linux/if_ether.h>
#include <linux/ppp_defs.h>
-#include <linux/if_ppp.h>
#include <linux/if_pppox.h>
#include <linux/if_pppol2tp.h>
uint32_t send_accm, uint32_t recv_accm);
extern void (*pppol2tp_ip_updown_hook)(int tunnel_id, int session_id, int up);
-const char pppd_version[] = VERSION;
+const char pppd_version[] = PPPD_VERSION;
static int openl2tp_fd = -1;
uint32_t recv_accm) = NULL;
static void (*old_pppol2tp_ip_updown_hook)(int tunnel_id, int session_id,
int up) = NULL;
-static void (*old_multilink_join_hook)(void) = NULL;
+#ifdef PPP_WITH_MULTILINK
+static multilink_join_hook_fn *old_multilink_join_hook = NULL;
+#endif
/*****************************************************************************
* OpenL2TP interface.
uint16_t tid = tunnel_id;
uint16_t sid = session_id;
uint8_t state = up;
- int unit = ifunit;
- char *user_name = NULL;
+ int unit = 0;
+ char ifname[MAXNAMELEN];
+ char user_name[MAXNAMELEN];
+
+ unit = ppp_ifunit();
+ ppp_get_ifname(ifname, sizeof(ifname));
if (openl2tp_fd < 0) {
result = openl2tp_client_create();
}
}
- if (peer_authname[0] != '\0') {
- user_name = strdup(peer_authname);
- }
+ if (!ppp_peer_authname(user_name, sizeof(user_name)))
+ user_name[0] = '\0';
msg->msg_signature = OPENL2TP_MSG_SIGNATURE;
msg->msg_type = OPENL2TP_MSG_TYPE_PPP_UPDOWN_IND;
memcpy(&tlv->tlv_value[0], ifname, tlv->tlv_len);
msg->msg_len += sizeof(*tlv) + ALIGN32(tlv->tlv_len);
- if (user_name != NULL) {
+ if (user_name[0] != '\0') {
tlv = (void *) &msg->msg_data[msg->msg_len];
tlv->tlv_type = OPENL2TP_TLV_TYPE_PPP_USER_NAME;
tlv->tlv_len = strlen(user_name) + 1;
(*old_pppol2tp_ip_updown_hook)(tunnel_id, session_id, up);
}
- if (user_name != NULL)
- free(user_name);
-
return;
}
* multilink bundle.
*****************************************************************************/
+#ifdef PPP_WITH_MULTILINK
static void openl2tp_multilink_join_ind(void)
{
- if (doing_multilink && !multilink_master) {
+ if (mp_on() && !mp_master()) {
/* send event only if not master */
openl2tp_ppp_updown_ind(pppol2tp_tunnel_id,
pppol2tp_session_id, 1);
}
}
+#endif
/*****************************************************************************
* Application init
old_pppol2tp_ip_updown_hook = pppol2tp_ip_updown_hook;
pppol2tp_ip_updown_hook = openl2tp_ppp_updown_ind;
+#ifdef PPP_WITH_MULTILINK
old_multilink_join_hook = multilink_join_hook;
multilink_join_hook = openl2tp_multilink_join_ind;
+#endif
}
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*/
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
#include <unistd.h>
#include <string.h>
#include <stdlib.h>
#include <errno.h>
-#include "pppd.h"
-#include "pathnames.h"
-#include "fsm.h"
-#include "lcp.h"
-#include "ccp.h"
-#include "ipcp.h"
#include <sys/stat.h>
#include <net/if.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
+#include <sys/time.h>
+#include <sys/types.h>
#include <netinet/in.h>
#include <signal.h>
+#include <stdbool.h>
+#include <stdarg.h>
+#include <stdio.h>
+
#include <linux/version.h>
#include <linux/sockios.h>
+#include <linux/ppp-ioctl.h>
+
#ifndef aligned_u64
/* should be defined in sys/types.h */
#define aligned_u64 unsigned long long __attribute__((aligned(8)))
#endif
+
#include <linux/types.h>
#include <linux/if_ether.h>
#include <linux/ppp_defs.h>
-#include <linux/if_ppp.h>
#include <linux/if_pppox.h>
#include <linux/if_pppol2tp.h>
+#include <pppd/pppd.h>
+#include <pppd/options.h>
+#include <pppd/fsm.h>
+#include <pppd/lcp.h>
+#include <pppd/ccp.h>
+#include <pppd/ipcp.h>
+
+
/* should be added to system's socket.h... */
#ifndef SOL_PPPOL2TP
#define SOL_PPPOL2TP 273
#endif
-const char pppd_version[] = VERSION;
+const char pppd_version[] = PPPD_VERSION;
static int setdevname_pppol2tp(char **argv);
/* Hook provided to allow other plugins to handle IP up/down */
void (*pppol2tp_ip_updown_hook)(int tunnel_id, int session_id, int up) = NULL;
-static option_t pppol2tp_options[] = {
+static struct option pppol2tp_options[] = {
{ "pppol2tp", o_special, &setdevname_pppol2tp,
"FD for PPPoL2TP socket", OPT_DEVNAM | OPT_A2STRVAL,
&pppol2tp_fd_str },
if (device_got_set)
return 0;
- if (!int_option(*argv, &pppol2tp_fd))
+ if (!ppp_int_option(*argv, &pppol2tp_fd))
return 0;
if(getsockname(pppol2tp_fd, (struct sockaddr *)&s, &len) < 0) {
/* Setup option defaults. Compression options are disabled! */
- modem = 0;
+ ppp_set_modem(false);
lcp_allowoptions[0].neg_accompression = 1;
lcp_wantoptions[0].neg_accompression = 0;
}
static void send_config_pppol2tp(int mtu,
- u_int32_t asyncmap,
+ uint32_t asyncmap,
int pcomp,
int accomp)
{
fd = socket(AF_INET, SOCK_DGRAM, 0);
if (fd >= 0) {
memset (&ifr, '\0', sizeof (ifr));
- strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
+ ppp_get_ifname(ifr.ifr_name, sizeof(ifr.ifr_name));
strlcpy(ifr.ifr_newname, pppol2tp_ifname,
sizeof(ifr.ifr_name));
ioctl(fd, SIOCSIFNAME, (caddr_t) &ifr);
- strlcpy(ifname, pppol2tp_ifname, 32);
+ ppp_set_ifname(pppol2tp_ifname);
if (pppol2tp_debug_mask & PPPOL2TP_MSG_CONTROL) {
dbglog("ppp%d: interface name %s",
- ifunit, ifname);
+ ppp_ifunit(), ppp_ifname());
}
}
close(fd);
warn("Overriding mtu %d to %d", mtu, lcp_allowoptions[0].mru);
mtu = lcp_allowoptions[0].mru;
}
- netif_set_mtu(ifunit, mtu);
+ ppp_set_mtu(ppp_ifunit(), mtu);
reorderto[0] = '\0';
if (pppol2tp_reorder_timeout > 0)
}
static void recv_config_pppol2tp(int mru,
- u_int32_t asyncmap,
+ uint32_t asyncmap,
int pcomp,
int accomp)
{
lcp_allowoptions[0].mru);
mru = lcp_allowoptions[0].mru;
}
- if ((ifunit >= 0) && ioctl(pppol2tp_fd, PPPIOCSMRU, (caddr_t) &mru) < 0)
+ if ((ppp_ifunit() >= 0) && ioctl(pppol2tp_fd, PPPIOCSMRU, (caddr_t) &mru) < 0)
error("Couldn't set PPP MRU: %m");
}
{
#if defined(__linux__)
extern int new_style_driver; /* From sys-linux.c */
- if (!ppp_available() && !new_style_driver)
+ if (!ppp_check_kernel_support() && !new_style_driver)
fatal("Kernel doesn't support ppp_generic - "
"needed for PPPoL2TP");
#else
fatal("No PPPoL2TP support on this OS");
#endif
- add_options(pppol2tp_options);
+ ppp_add_options(pppol2tp_options);
/* Hook up ip up/down notifiers to send indicator to openl2tpd
* that the link is up
*/
- add_notifier(&ip_up_notifier, pppol2tp_ip_up, NULL);
- add_notifier(&ip_down_notifier, pppol2tp_ip_down, NULL);
-#ifdef INET6
- add_notifier(&ipv6_up_notifier, pppol2tp_ip_up, NULL);
- add_notifier(&ipv6_down_notifier, pppol2tp_ip_down, NULL);
+ ppp_add_notify(NF_IP_UP, pppol2tp_ip_up, NULL);
+ ppp_add_notify(NF_IP_DOWN, pppol2tp_ip_down, NULL);
+#ifdef PPP_WITH_IPV6CP
+ ppp_add_notify(NF_IPV6_UP, pppol2tp_ip_up, NULL);
+ ppp_add_notify(NF_IPV6_DOWN, pppol2tp_ip_down, NULL);
#endif
}
.check_options = &pppol2tp_check_options,
.connect = &connect_pppol2tp,
.disconnect = &disconnect_pppol2tp,
- .establish_ppp = &generic_establish_ppp,
- .disestablish_ppp = &generic_disestablish_ppp,
+ .establish_ppp = &ppp_generic_establish,
+ .disestablish_ppp = &ppp_generic_disestablish,
.send_config = &send_config_pppol2tp,
.recv_config = &recv_config_pppol2tp,
.close = NULL,
etc/realms \
etc/servers
-RADIUS_CPPFLAGS = -I${top_srcdir}/include -I${top_srcdir}/pppd -DRC_LOG_FACILITY=LOG_DAEMON
+RADIUS_CPPFLAGS = -I${top_srcdir} -DRC_LOG_FACILITY=LOG_DAEMON
RADIUS_LDFLAGS = -module -avoid-version $(LDFLAGS)
radius_la_CPPFLAGS = $(RADIUS_CPPFLAGS)
radius_la_LDFLAGS = $(RADIUS_LDFLAGS)
radius_la_SOURCES = radius.c
radius_la_LIBADD = libradiusclient.la
-if WITH_OPENSSL
-radius_la_LIBADD += $(OPENSSL_LIBS)
-endif
radattr_la_CPPFLAGS = $(RADIUS_CPPFLAGS)
radattr_la_LDFLAGS = $(RADIUS_LDFLAGS)
libradiusclient_la_SOURCES = \
avpair.c buildreq.c config.c dict.c ip_util.c \
- clientid.c sendserver.c lock.c util.c
-libradiusclient_la_CPPFLAGS = $(RADIUS_CPPFLAGS)
-
-if !WITH_OPENSSL
-libradiusclient_la_SOURCES += md5.c
-else
-if OPENSSL_HAVE_MD5
-libradiusclient_la_SOURCES += md5.c
-else
-libradiusclient_la_CPPFLAGS += $(OPENSSL_INCLUDES)
-endif
-endif
+ clientid.c sendserver.c lock.c util.c md5.c
+libradiusclient_la_CPPFLAGS = $(RADIUS_CPPFLAGS) -DSYSCONFDIR=\"${sysconfdir}\"
EXTRA_DIST = \
$(EXTRA_FILES) \
*
*/
-VALUE_PAIR *rc_avpair_add (VALUE_PAIR **list, int attrid, void *pval, int len,
+VALUE_PAIR *rc_avpair_add (VALUE_PAIR **list, int attrid, const void *pval, int len,
int vendorcode)
{
VALUE_PAIR *vp;
*
*/
-int rc_avpair_assign (VALUE_PAIR *vp, void *pval, int len)
+int rc_avpair_assign (VALUE_PAIR *vp, const void *pval, int len)
{
int result = -1;
{
case PW_TYPE_STRING:
- if (((len == 0) && (strlen ((char *) pval)) > AUTH_STRING_LEN)
+ if (((len == 0) && (strlen ((const char *) pval)) > AUTH_STRING_LEN)
|| (len > AUTH_STRING_LEN)) {
error("rc_avpair_assign: bad attribute length");
return result;
}
if (len > 0) {
- memcpy(vp->strvalue, (char *)pval, len);
+ memcpy(vp->strvalue, (const char *)pval, len);
vp->strvalue[len] = '\0';
vp->lvalue = len;
} else {
- strncpy ((char*) vp->strvalue, (char *) pval, AUTH_STRING_LEN);
- vp->lvalue = strlen((char *) pval);
+ strncpy ((char*) vp->strvalue, (const char *) pval, AUTH_STRING_LEN);
+ vp->lvalue = strlen((const char *) pval);
}
result = 0;
*
*/
-VALUE_PAIR *rc_avpair_new (int attrid, void *pval, int len, int vendorcode)
+VALUE_PAIR *rc_avpair_new (int attrid, const void *pval, int len, int vendorcode)
{
VALUE_PAIR *vp = (VALUE_PAIR *) NULL;
DICT_ATTR *pda;
else /* look for the "p" entry in the "a" list (or run to end) */
{
this_node = *a;
- while (this_node != (VALUE_PAIR *) NULL)
+ while (this_node->next != (VALUE_PAIR *) NULL)
{
if (this_node == p)
{
if ((adt_vp = rc_avpair_add(&(data.send_pairs), PW_ACCT_DELAY_TIME, &dtime.tv_sec, 0, VENDOR_NONE)) == NULL)
return (ERROR_RC);
- get_time(&start_time);
+ ppp_get_time(&start_time);
result = ERROR_RC;
for(i=0; (i<acctserver->max) && (result != OK_RC) && (result != BADRESP_RC)
; i++)
rc_buildreq(&data, PW_ACCOUNTING_REQUEST, acctserver->name[i],
acctserver->port[i], timeout, retries);
- get_time(&dtime);
+ ppp_get_time(&dtime);
dtime.tv_sec -= start_time.tv_sec;
rc_avpair_assign(adt_vp, &dtime.tv_sec, 0);
if ((p = (struct map2id_s *)malloc(sizeof(*p))) == NULL) {
novm("rc_read_mapfile");
+ fclose(mapfd);
return (-1);
}
} else {
error("rc_read_mapfile: malformed line in %s, line %d", filename, lnr);
+ fclose(mapfd);
return (-1);
}
* Returns: port id, zero if no entry found
*/
-UINT4 rc_map2id(char *name)
+UINT4 rc_map2id(const char *name)
{
struct map2id_s *p;
char ttyname[PATH_MAX];
if ((pos = strcspn(p, "\t ")) == 0) {
error("%s: line %d: bogus format: %s", filename, line, p);
+ fclose(configfd);
return (-1);
}
if (option->status != ST_UNDEF) {
error("%s: line %d: duplicate option line: %s", filename, line, p);
+ fclose(configfd);
return (-1);
}
switch (option->type) {
case OT_STR:
- if (set_option_str(filename, line, option, p) < 0)
+ if (set_option_str(filename, line, option, p) < 0) {
+ fclose(configfd);
return (-1);
+ }
break;
case OT_INT:
- if (set_option_int(filename, line, option, p) < 0)
+ if (set_option_int(filename, line, option, p) < 0) {
+ fclose(configfd);
return (-1);
+ }
break;
case OT_SRV:
- if (set_option_srv(filename, line, option, p) < 0)
+ if (set_option_srv(filename, line, option, p) < 0) {
+ fclose(configfd);
return (-1);
+ }
break;
case OT_AUO:
- if (set_option_auo(filename, line, option, p) < 0)
+ if (set_option_auo(filename, line, option, p) < 0) {
+ fclose(configfd);
return (-1);
+ }
break;
default:
fatal("rc_read_config: impossible case branch!");
#include <time.h>
-#include "magic.h"
+#include <pppd/magic.h>
/* rlib/lock.c */
int do_lock_exclusive(int);
* Returns: 0 on failure
*/
-UINT4 rc_get_ipaddr (char *host)
+UINT4 rc_get_ipaddr (const char *host)
{
struct hostent *hp;
*
*/
-int rc_good_ipaddr (char *addr)
+int rc_good_ipaddr (const char *addr)
{
int dot_count;
int digit_count;
static UINT4 this_host_ipaddr = 0;
if (!this_host_ipaddr) {
- if ((this_host_ipaddr = rc_get_ipaddr (hostname)) == 0) {
+ if ((this_host_ipaddr = rc_get_ipaddr (ppp_hostname())) == 0) {
error("rc_own_ipaddress: couldn't get own IP address");
return 0;
}
/*
* $Id: md5.c,v 1.1 2004/11/14 07:26:26 paulus Exp $
*/
-#include "md5.h"
+#include <stddef.h>
-void rc_md5_calc (unsigned char *output, unsigned char *input, unsigned int inlen)
+#include <pppd/crypto.h>
+
+int rc_md5_calc(unsigned char *out, const unsigned char *in, unsigned int inl)
{
- MD5_CTX context;
+ int retval = 0;
+ int outl = MD5_DIGEST_LENGTH;
+
+ PPP_MD_CTX *ctx = PPP_MD_CTX_new();
+ if (ctx) {
+
+ if (PPP_DigestInit(ctx, PPP_md5())) {
+
+ if (PPP_DigestUpdate(ctx, in, inl)) {
+
+ if (PPP_DigestFinal(ctx, out, &outl)) {
+
+ retval = 1;
+ }
+ }
+ }
- MD5_Init (&context);
- MD5_Update (&context, input, inlen);
- MD5_Final (output, &context);
+ PPP_MD_CTX_free(ctx);
+ }
+ return retval;
}
#ifndef PATHNAMES_H
#define PATHNAMES_H
-#define _PATH_DEV_URANDOM "/dev/urandom" /* Linux only */
-#define _PATH_ETC_ISSUE "/etc/issue"
+#define PPP_PATH_DEV_URANDOM "/dev/urandom" /* Linux only */
+#define PPP_PATH_ETC_ISSUE "/etc/issue"
/* normally defined in the Makefile */
-#ifndef _PATH_ETC_RADIUSCLIENT_CONF
-#define _PATH_ETC_RADIUSCLIENT_CONF "/etc/radiusclient.conf"
+#ifndef PPP_PATH_ETC_RADIUSCLIENT_CONF
+#define PPP_PATH_ETC_RADIUSCLIENT_CONF SYSCONFDIR "/radiusclient.conf"
#endif
#endif /* PATHNAMES_H */
.I pppN
is the name of the PPP interface. The RADIUS attributes are stored
one per line in the format "Attribute-Name Attribute-Value". This
-format is convenient for use in /etc/ppp/ip-up and /etc/ppp/ip-down
+format is convenient for use in /etc/ppp/ip\-up and /etc/ppp/ip\-down
scripts.
.LP
Note that you
options to pppd.
.SH SEE ALSO
-.BR pppd (8) " pppd-radius" (8)
+.BR pppd (8) " pppd\-radius" (8)
.SH AUTHOR
-David F. Skoll <dfs@roaringpenguin.com>
+Dianne Skoll <dianne@skoll.ca>
.LP
The RADIUS plugin for pppd permits pppd to perform PAP, CHAP, MS-CHAP and
MS-CHAPv2 authentication against a RADIUS server instead of the usual
-.I /etc/ppp/pap-secrets
+.I /etc/ppp/pap\-secrets
and
-.I /etc/ppp/chap-secrets
+.I /etc/ppp/chap\-secrets
files.
.LP
The RADIUS plugin is built on a library called
.SH OPTIONS
The RADIUS plugin introduces one additional pppd option:
.TP
-.BI "radius-config-file " filename
+.BI "radius\-config\-file " filename
The file
.I filename
is taken as the radiusclient configuration file. If this option is not
.BI "avpair " attribute=value
Adds an Attribute-Value pair to be passed on to the RADIUS server on each request.
.TP
-.BI map-to-ifname
+.BI map\-to\-ifname
Sets Radius NAS-Port attribute to number equal to interface name (Default)
.TP
-.BI map-to-ttyname
+.BI map\-to\-ttyname
Sets Radius NAS-Port attribute value via libradiusclient library
.SH USAGE
Framed-IP-Address attribute.
.SH SEE ALSO
-.BR pppd (8) " pppd-radattr" (8)
+.BR pppd (8) " pppd\-radattr" (8)
.SH AUTHOR
-David F. Skoll <dfs@roaringpenguin.com>
+Dianne Skoll <dianne@skoll.ca>
static char const RCSID[] =
"$Id: radattr.c,v 1.2 2004/10/28 00:24:40 paulus Exp $";
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include "pppd.h"
-#include "radiusclient.h"
#include <stdio.h>
-#include <sys/types.h>
#include <sys/stat.h>
+#include <sys/types.h>
+#include <stdint.h>
+#include <stdarg.h>
+#include <stdbool.h>
+#include <pppd/pppd.h>
+
+#include "radiusclient.h"
extern void (*radius_attributes_hook)(VALUE_PAIR *);
static void print_attributes(VALUE_PAIR *);
static void cleanup(void *opaque, int arg);
-char pppd_version[] = VERSION;
+char pppd_version[] = PPPD_VERSION;
/**********************************************************************
* %FUNCTION: plugin_init
/* calling cleanup() on link down is problematic because print_attributes()
is called only after PAP or CHAP authentication, but not when the link
should go up again for any other reason */
- add_notifier(&link_down_notifier, cleanup, NULL);
+ ppp_add_notify(NF_LINK_DOWN, cleanup, NULL);
#endif
/* Just in case... */
- add_notifier(&exitnotify, cleanup, NULL);
+ ppp_add_notify(NF_EXIT, cleanup, NULL);
info("RADATTR plugin initialized.");
}
int cnt = 0;
mode_t old_umask;
- slprintf(fname, sizeof(fname), "/var/run/radattr.%s", ifname);
+ slprintf(fname, sizeof(fname), "/var/run/radattr.%s", ppp_ifname());
old_umask = umask(077);
fp = fopen(fname, "w");
umask(old_umask);
{
char fname[512];
- slprintf(fname, sizeof(fname), "/var/run/radattr.%s", ifname);
+ slprintf(fname, sizeof(fname), "/var/run/radattr.%s", ppp_ifname());
(void) remove(fname);
dbglog("RADATTR plugin removed file %s.", fname);
}
static char const RCSID[] =
"$Id: radius.c,v 1.32 2008/05/26 09:18:08 paulus Exp $";
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include "pppd.h"
-#include "chap-new.h"
-#ifdef CHAPMS
-#include "chap_ms.h"
-#ifdef MPPE
-#include "mppe.h"
-#include "md5.h"
-#endif
-#endif
-#include "radiusclient.h"
-#include "fsm.h"
-#include "ipcp.h"
#include <syslog.h>
#include <sys/types.h>
#include <sys/time.h>
+#include <sys/param.h>
#include <string.h>
#include <netinet/in.h>
#include <stdlib.h>
+#include <stdarg.h>
+#include <stdbool.h>
+
+#include <pppd/pppd.h>
+#include <pppd/options.h>
+#include <pppd/chap.h>
+#include <pppd/upap.h>
+#ifdef PPP_WITH_CHAPMS
+#include <pppd/chap_ms.h>
+#ifdef PPP_WITH_MPPE
+#include <pppd/mppe.h>
+#endif
+#endif
+#include <pppd/crypto.h>
+#include <pppd/fsm.h>
+#include <pppd/ipcp.h>
-#define BUF_LEN 1024
+#include "radiusclient.h"
-#define MD5_HASH_SIZE 16
+#define BUF_LEN 1024
#define MSDNS 1
{ NULL }
};
-static int radius_secret_check(void);
-static int radius_pap_auth(char *user,
- char *passwd,
- char **msgp,
- struct wordlist **paddrs,
- struct wordlist **popts);
-static int radius_chap_verify(char *user, char *ourname, int id,
- struct chap_digest_type *digest,
- unsigned char *challenge,
- unsigned char *response,
- char *message, int message_space);
+static pap_check_hook_fn radius_secret_check;
+static pap_auth_hook_fn radius_pap_auth;
+static chap_verify_hook_fn radius_chap_verify;
static void radius_ip_up(void *opaque, int arg);
static void radius_ip_down(void *opaque, int arg);
-static void make_username_realm(char *user);
+static void make_username_realm(const char *user);
static int radius_setparams(VALUE_PAIR *vp, char *msg, REQUEST_INFO *req_info,
struct chap_digest_type *digest,
unsigned char *challenge,
char *message, int message_space);
static void radius_choose_ip(u_int32_t *addrp);
static int radius_init(char *msg);
-static int get_client_port(char *ifname);
+static int get_client_port(const char *ifname);
static int radius_allowed_address(u_int32_t addr);
static void radius_acct_interim(void *);
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
static int radius_setmppekeys(VALUE_PAIR *vp, REQUEST_INFO *req_info,
unsigned char *);
static int radius_setmppekeys2(VALUE_PAIR *vp, REQUEST_INFO *req_info);
static struct radius_state rstate;
-char pppd_version[] = VERSION;
+char pppd_version[] = PPPD_VERSION;
/**********************************************************************
* %FUNCTION: plugin_init
ip_choose_hook = radius_choose_ip;
allowed_address_hook = radius_allowed_address;
- add_notifier(&ip_up_notifier, radius_ip_up, NULL);
- add_notifier(&ip_down_notifier, radius_ip_down, NULL);
+ ppp_add_notify(NF_IP_UP, radius_ip_up, NULL);
+ ppp_add_notify(NF_IP_DOWN, radius_ip_down, NULL);
memset(&rstate, 0, sizeof(rstate));
strlcpy(rstate.config_file, "/etc/radiusclient/radiusclient.conf",
sizeof(rstate.config_file));
- add_options(Options);
+ ppp_add_options(Options);
info("RADIUS plugin initialized.");
}
UINT4 av_type;
int result;
static char radius_msg[BUF_LEN];
+ const char *remote_number;
+ const char *ipparam;
radius_msg[0] = 0;
*msgp = radius_msg;
/* Hack... the "port" is the ppp interface number. Should really be
the tty */
- rstate.client_port = get_client_port(portnummap ? devnam : ifname);
+ rstate.client_port = get_client_port(portnummap ? ppp_devnam() : ppp_ifname());
av_type = PW_FRAMED;
rc_avpair_add(&send, PW_SERVICE_TYPE, &av_type, 0, VENDOR_NONE);
rc_avpair_add(&send, PW_USER_NAME, rstate.user , 0, VENDOR_NONE);
rc_avpair_add(&send, PW_USER_PASSWORD, passwd, 0, VENDOR_NONE);
- if (*remote_number) {
+ remote_number = ppp_get_remote_number();
+ ipparam = ppp_ipparam();
+ if (remote_number) {
rc_avpair_add(&send, PW_CALLING_STATION_ID, remote_number, 0,
VENDOR_NONE);
} else if (ipparam)
int result;
int challenge_len, response_len;
u_char cpassword[MAX_RESPONSE_LEN + 1];
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
/* Need the RADIUS secret and Request Authenticator to decode MPPE */
REQUEST_INFO request_info, *req_info = &request_info;
#else
REQUEST_INFO *req_info = NULL;
#endif
+ const char *remote_number;
+ const char *ipparam;
challenge_len = *challenge++;
response_len = *response++;
/* return error for types we can't handle */
if ((digest->code != CHAP_MD5)
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
&& (digest->code != CHAP_MICROSOFT)
&& (digest->code != CHAP_MICROSOFT_V2)
#endif
/* Put user with potentially realm added in rstate.user */
if (!rstate.done_chap_once) {
make_username_realm(user);
- rstate.client_port = get_client_port (portnummap ? devnam : ifname);
+ rstate.client_port = get_client_port (portnummap ? ppp_devnam() : ppp_ifname());
if (radius_pre_auth_hook) {
radius_pre_auth_hook(rstate.user,
&rstate.authserver,
switch (digest->code) {
case CHAP_MD5:
/* CHAP-Challenge and CHAP-Password */
- if (response_len != MD5_HASH_SIZE)
+ if (response_len != MD5_DIGEST_LENGTH)
return 0;
cpassword[0] = id;
- memcpy(&cpassword[1], response, MD5_HASH_SIZE);
+ memcpy(&cpassword[1], response, MD5_DIGEST_LENGTH);
rc_avpair_add(&send, PW_CHAP_CHALLENGE,
challenge, challenge_len, VENDOR_NONE);
rc_avpair_add(&send, PW_CHAP_PASSWORD,
- cpassword, MD5_HASH_SIZE + 1, VENDOR_NONE);
+ cpassword, MD5_DIGEST_LENGTH + 1, VENDOR_NONE);
break;
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
case CHAP_MICROSOFT:
{
/* MS-CHAP-Challenge and MS-CHAP-Response */
#endif
}
- if (*remote_number) {
+ remote_number = ppp_get_remote_number();
+ ipparam = ppp_ipparam();
+ if (remote_number) {
rc_avpair_add(&send, PW_CALLING_STATION_ID, remote_number, 0,
VENDOR_NONE);
} else if (ipparam)
* then the default realm from the radiusclient config file is added.
***********************************************************************/
static void
-make_username_realm(char *user)
+make_username_realm(const char *user)
{
char *default_realm;
{
u_int32_t remote;
int ms_chap2_success = 0;
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
int mppe_enc_keys = 0; /* whether or not these were received */
int mppe_enc_policy = 0;
int mppe_enc_types = 0;
case PW_SESSION_TIMEOUT:
/* Session timeout */
- maxconnect = vp->lvalue;
+ ppp_set_max_connect_time(vp->lvalue);
break;
case PW_FILTER_ID:
/* packet filter, will be handled via ip-(up|down) script */
- script_setenv("RADIUS_FILTER_ID", (char*) vp->strvalue, 1);
+ ppp_script_setenv("RADIUS_FILTER_ID", (char*) vp->strvalue, 1);
break;
case PW_FRAMED_ROUTE:
/* route, will be handled via ip-(up|down) script */
- script_setenv("RADIUS_FRAMED_ROUTE", (char*) vp->strvalue, 1);
+ ppp_script_setenv("RADIUS_FRAMED_ROUTE", (char*) vp->strvalue, 1);
break;
case PW_IDLE_TIMEOUT:
/* idle parameter */
- idle_time_limit = vp->lvalue;
+ ppp_set_max_idle_time(vp->lvalue);
break;
-#ifdef MAXOCTETS
case PW_SESSION_OCTETS_LIMIT:
/* Session traffic limit */
- maxoctets = vp->lvalue;
+ ppp_set_session_limit(vp->lvalue);
break;
case PW_OCTETS_DIRECTION:
/* Session traffic limit direction check */
- maxoctets_dir = ( vp->lvalue > 4 ) ? 0 : vp->lvalue ;
+ ppp_set_session_limit_dir(vp->lvalue);
break;
-#endif
case PW_ACCT_INTERIM_INTERVAL:
/* Send accounting updates every few seconds */
rstate.acct_interim_interval = vp->lvalue;
} else if (remote != 0xfffffffe) {
/* 0xfffffffe means NAS should select an ip address */
remote = htonl(vp->lvalue);
- if (bad_ip_adrs (remote)) {
+ if (ppp_bad_ip_addr (remote)) {
slprintf(msg, BUF_LEN, "RADIUS: bad remote IP address %I for %s",
remote, rstate.user);
return -1;
break;
case PW_CLASS:
/* Save Class attribute to pass it in accounting request */
- if (vp->lvalue <= MAXCLASSLEN) {
+ // if (vp->lvalue <= MAXCLASSLEN) { // <- Attribute could be this big, but vp->strvalue is limited to AUTH_STRING_LEN characters
+ if (vp->lvalue <= AUTH_STRING_LEN) {
rstate.class_len=vp->lvalue;
memcpy(rstate.class, vp->strvalue, rstate.class_len);
} /* else too big for our buffer - ignore it */
break;
case PW_FRAMED_MTU:
- netif_set_mtu(rstate.client_port,MIN(netif_get_mtu(rstate.client_port),vp->lvalue));
+ ppp_set_mtu(rstate.client_port,MIN(ppp_get_mtu(rstate.client_port),vp->lvalue));
break;
}
} else if (vp->vendorcode == VENDOR_MICROSOFT) {
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
switch (vp->attribute) {
case PW_MS_CHAP2_SUCCESS:
if ((vp->lvalue != 43) || strncmp((char*) vp->strvalue + 1, "S=", 2)) {
ms_chap2_success = 1;
break;
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
case PW_MS_CHAP_MPPE_KEYS:
if (radius_setmppekeys(vp, req_info, challenge) < 0) {
slprintf(msg, BUF_LEN,
mppe_enc_types = vp->lvalue; /* save for later */
break;
-#endif /* MPPE */
+#endif /* PPP_WITH_MPPE */
#ifdef MSDNS
case PW_MS_PRIMARY_DNS_SERVER:
ao->dnsaddr[0] = htonl(vp->lvalue);
break;
#endif /* MSDNS */
}
-#endif /* CHAPMS */
+#endif /* PPP_WITH_CHAPMS */
}
vp = vp->next;
}
if (digest && (digest->code == CHAP_MICROSOFT_V2) && !ms_chap2_success)
return -1;
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
/*
* Require both policy and key attributes to indicate a valid key.
* Note that if the policy value was '0' we don't set the key!
return 0;
}
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
/**********************************************************************
* %FUNCTION: radius_setmppekeys
* %ARGUMENTS:
unsigned char *challenge)
{
int i;
- MD5_CTX Context;
- u_char plain[32];
- u_char buf[16];
+ int status = 0;
+ PPP_MD_CTX *ctx;
+ unsigned char plain[32];
+ unsigned char buf[MD5_DIGEST_LENGTH];
+ unsigned int buflen;
+
if (vp->lvalue != 32) {
error("RADIUS: Incorrect attribute length (%d) for MS-CHAP-MPPE-Keys",
memcpy(plain, vp->strvalue, sizeof(plain));
- MD5_Init(&Context);
- MD5_Update(&Context, req_info->secret, strlen(req_info->secret));
- MD5_Update(&Context, req_info->request_vector, AUTH_VECTOR_LEN);
- MD5_Final(buf, &Context);
+ ctx = PPP_MD_CTX_new();
+ if (ctx) {
- for (i = 0; i < 16; i++)
- plain[i] ^= buf[i];
+ if (PPP_DigestInit(ctx, PPP_md5())) {
- MD5_Init(&Context);
- MD5_Update(&Context, req_info->secret, strlen(req_info->secret));
- MD5_Update(&Context, vp->strvalue, 16);
- MD5_Final(buf, &Context);
+ if (PPP_DigestUpdate(ctx, req_info->secret, strlen(req_info->secret))) {
- for(i = 0; i < 16; i++)
- plain[i + 16] ^= buf[i];
+ if (PPP_DigestUpdate(ctx, req_info->request_vector, AUTH_VECTOR_LEN)) {
- /*
- * Annoying. The "key" returned is just the NTPasswordHashHash, which
- * the NAS (us) doesn't need; we only need the start key. So we have
- * to generate the start key, sigh. NB: We do not support the LM-Key.
- */
- mppe_set_chapv1(challenge, &plain[8]);
+ buflen = sizeof(buf);
+ if (PPP_DigestFinal(ctx, buf, &buflen)) {
+
+ status = 1;
+ }
+ }
+ }
+ }
+ PPP_MD_CTX_free(ctx);
+ }
+
+ if (status) {
+
+ for (i = 0; i < MD5_DIGEST_LENGTH; i++) {
+ plain[i] ^= buf[i];
+ }
+
+ status = 0;
+ ctx = PPP_MD_CTX_new();
+ if (ctx) {
+
+ if (PPP_DigestInit(ctx, PPP_md5())) {
+
+ if (PPP_DigestUpdate(ctx, req_info->secret, strlen(req_info->secret))) {
+
+ if (PPP_DigestUpdate(ctx, vp->strvalue, 16)) {
+
+ buflen = MD5_DIGEST_LENGTH;
+ if (PPP_DigestFinal(ctx, buf, &buflen)) {
+
+ status = 1;
+ }
+ }
+ }
+ }
+ PPP_MD_CTX_free(ctx);
+ }
+
+ if (status) {
+
+ for(i = 0; i < MD5_DIGEST_LENGTH; i++) {
+ plain[i + 16] ^= buf[i];
+ }
+
+ /*
+ * Annoying. The "key" returned is just the NTPasswordHashHash, which
+ * the NAS (us) doesn't need; we only need the start key. So we have
+ * to generate the start key, sigh. NB: We do not support the LM-Key.
+ */
+ mppe_set_chapv1(challenge, &plain[8]);
+ return 0;
+ }
+ }
- return 0;
+ return -1;
}
/**********************************************************************
radius_setmppekeys2(VALUE_PAIR *vp, REQUEST_INFO *req_info)
{
int i;
- MD5_CTX Context;
- u_char *salt = vp->strvalue;
- u_char *crypt = vp->strvalue + 2;
- u_char plain[32];
- u_char buf[MD5_HASH_SIZE];
+ int status = 0;
+ PPP_MD_CTX *ctx;
+ unsigned char *salt = vp->strvalue;
+ unsigned char *crypt = vp->strvalue + 2;
+ unsigned char plain[32];
+ unsigned char buf[MD5_DIGEST_LENGTH];
+ unsigned int buflen;
char *type = "Send";
if (vp->attribute == PW_MS_MPPE_RECV_KEY)
memcpy(plain, crypt, 32);
- MD5_Init(&Context);
- MD5_Update(&Context, req_info->secret, strlen(req_info->secret));
- MD5_Update(&Context, req_info->request_vector, AUTH_VECTOR_LEN);
- MD5_Update(&Context, salt, 2);
- MD5_Final(buf, &Context);
+ ctx = PPP_MD_CTX_new();
+ if (!ctx) {
+ error("RADIUS: Error creating PPP_MD_CTX for MS-MPPE-%s-Key attribute", type);
+ return -1;
+ }
+
+ buflen = sizeof(buf);
+ if (!PPP_DigestInit(ctx, PPP_md5())) {
+ error("RADIUS: Error setting hash algorithm to MD5 for MS-MPPE-%s-Key attribute", type);
+ } else if (!PPP_DigestUpdate(ctx, req_info->secret, strlen(req_info->secret))) {
+ error("RADIUS: Error mixing in radius secret for MS-MPPE-%s-Key attribute", type);
+ } else if (!PPP_DigestUpdate(ctx, req_info->request_vector, AUTH_VECTOR_LEN)) {
+ error("RADIUS: Error mixing in request vector for MS-MPPE-%s-Key attribute", type);
+ } else if (!PPP_DigestUpdate(ctx, salt, 2)) {
+ error("RADIUS: Error mixing in salt for MS-MPPE-%s-Key attribute", type);
+ } else if (!PPP_DigestFinal(ctx, buf, &buflen)) {
+ error("RADIUS: Error finalizing key buffer for MS-MPPE-%s-Key attribute", type);
+ } else {
+ status = 1;
+ }
+
+ PPP_MD_CTX_free(ctx);
- for (i = 0; i < 16; i++)
+ if (!status)
+ return -1;
+
+ for (i = 0; i < 16; i++) {
plain[i] ^= buf[i];
+ }
if (plain[0] != 16) {
error("RADIUS: Incorrect key length (%d) for MS-MPPE-%s-Key attribute",
- (int) plain[0], type);
+ (int) plain[0], type);
return -1;
}
- MD5_Init(&Context);
- MD5_Update(&Context, req_info->secret, strlen(req_info->secret));
- MD5_Update(&Context, crypt, 16);
- MD5_Final(buf, &Context);
+ status = 0;
+ ctx = PPP_MD_CTX_new();
+ if (!ctx) {
+ error("RADIUS: Error creating PPP_MD_CTX for MS-MPPE-%s-Key(2) attribute", type);
+ return -1;
+ }
+
+ buflen = sizeof(buf);
+
+ if (!PPP_DigestInit(ctx, PPP_md5())) {
+ error("RADIUS: Error setting hash algorithm to MD5 for MS-MPPE-%s-Key(2) attribute", type);
+ } else if (!PPP_DigestUpdate(ctx, req_info->secret, strlen(req_info->secret))) {
+ error("RADIUS: Error mixing in radius secret for MS-MPPE-%s-Key(2) attribute", type);
+ } else if (!PPP_DigestUpdate(ctx, crypt, 16)) {
+ error("RADIUS: Error mixing in crypt vector for MS-MPPE-%s-Key(2) attribute", type);
+ } else if (!PPP_DigestFinal(ctx, buf, &buflen)) {
+ error("RADIUS: Error finalizing key buffer for MS-MPPE-%s-Key(2) attribute", type);
+ } else {
+ status = 1;
+ }
+
+ PPP_MD_CTX_free(ctx);
+
+ if (!status)
+ return -1;
plain[16] ^= buf[0]; /* only need the first byte */
- if (vp->attribute == PW_MS_MPPE_SEND_KEY)
+ if (vp->attribute == PW_MS_MPPE_SEND_KEY) {
mppe_set_keys(plain + 1, NULL, 16);
- else
+ } else {
mppe_set_keys(NULL, plain + 1, 16);
-
+ }
return 0;
}
-#endif /* MPPE */
+#endif /* PPP_WITH_MPPE */
/**********************************************************************
* %FUNCTION: radius_acct_start
VALUE_PAIR *send = NULL;
ipcp_options *ho = &ipcp_hisoptions[0];
u_int32_t hisaddr;
+ const char *remote_number;
+ const char *ipparam;
if (!rstate.initialized) {
return;
av_type = PW_PPP;
rc_avpair_add(&send, PW_FRAMED_PROTOCOL, &av_type, 0, VENDOR_NONE);
- if (*remote_number) {
+ remote_number = ppp_get_remote_number();
+ ipparam = ppp_ipparam();
+ if (remote_number) {
rc_avpair_add(&send, PW_CALLING_STATION_ID,
remote_number, 0, VENDOR_NONE);
} else if (ipparam)
rc_avpair_add(&send, PW_ACCT_AUTHENTIC, &av_type, 0, VENDOR_NONE);
- av_type = ( using_pty ? PW_VIRTUAL : ( sync_serial ? PW_SYNC : PW_ASYNC ) );
+ av_type = ( ppp_using_pty() ? PW_VIRTUAL : ( ppp_sync_serial() ? PW_SYNC : PW_ASYNC ) );
rc_avpair_add(&send, PW_NAS_PORT_TYPE, &av_type, 0, VENDOR_NONE);
hisaddr = ho->hisaddr;
/* Kick off periodic accounting reports */
if (rstate.acct_interim_interval) {
- TIMEOUT(radius_acct_interim, NULL, rstate.acct_interim_interval);
+ ppp_timeout(radius_acct_interim, NULL, rstate.acct_interim_interval, 0);
}
}
ipcp_options *ho = &ipcp_hisoptions[0];
u_int32_t hisaddr;
int result;
+ const char *remote_number;
+ const char *ipparam;
+ ppp_link_stats_st stats;
if (!rstate.initialized) {
return;
}
if (rstate.acct_interim_interval)
- UNTIMEOUT(radius_acct_interim, NULL);
+ ppp_untimeout(radius_acct_interim, NULL);
rc_avpair_add(&send, PW_ACCT_SESSION_ID, rstate.session_id,
0, VENDOR_NONE);
av_type = PW_RADIUS;
rc_avpair_add(&send, PW_ACCT_AUTHENTIC, &av_type, 0, VENDOR_NONE);
+ if (ppp_get_link_stats(&stats)) {
- if (link_stats_valid) {
- av_type = link_connect_time;
+ av_type = ppp_get_link_uptime();
rc_avpair_add(&send, PW_ACCT_SESSION_TIME, &av_type, 0, VENDOR_NONE);
- av_type = link_stats.bytes_out & 0xFFFFFFFF;
+ av_type = stats.bytes_out & 0xFFFFFFFF;
rc_avpair_add(&send, PW_ACCT_OUTPUT_OCTETS, &av_type, 0, VENDOR_NONE);
- if (link_stats.bytes_out > 0xFFFFFFFF) {
- av_type = link_stats.bytes_out >> 32;
+ if (stats.bytes_out > 0xFFFFFFFF) {
+ av_type = stats.bytes_out >> 32;
rc_avpair_add(&send, PW_ACCT_OUTPUT_GIGAWORDS, &av_type, 0, VENDOR_NONE);
}
- av_type = link_stats.bytes_in & 0xFFFFFFFF;
+ av_type = stats.bytes_in & 0xFFFFFFFF;
rc_avpair_add(&send, PW_ACCT_INPUT_OCTETS, &av_type, 0, VENDOR_NONE);
- if (link_stats.bytes_in > 0xFFFFFFFF) {
- av_type = link_stats.bytes_in >> 32;
+ if (stats.bytes_in > 0xFFFFFFFF) {
+ av_type = stats.bytes_in >> 32;
rc_avpair_add(&send, PW_ACCT_INPUT_GIGAWORDS, &av_type, 0, VENDOR_NONE);
}
- av_type = link_stats.pkts_out;
+ av_type = stats.pkts_out;
rc_avpair_add(&send, PW_ACCT_OUTPUT_PACKETS, &av_type, 0, VENDOR_NONE);
- av_type = link_stats.pkts_in;
+ av_type = stats.pkts_in;
rc_avpair_add(&send, PW_ACCT_INPUT_PACKETS, &av_type, 0, VENDOR_NONE);
}
- if (*remote_number) {
+ remote_number = ppp_get_remote_number();
+ ipparam = ppp_ipparam();
+ if (remote_number) {
rc_avpair_add(&send, PW_CALLING_STATION_ID,
remote_number, 0, VENDOR_NONE);
} else if (ipparam)
rc_avpair_add(&send, PW_CALLING_STATION_ID, ipparam, 0, VENDOR_NONE);
- av_type = ( using_pty ? PW_VIRTUAL : ( sync_serial ? PW_SYNC : PW_ASYNC ) );
+ av_type = ( ppp_using_pty() ? PW_VIRTUAL : ( ppp_sync_serial() ? PW_SYNC : PW_ASYNC ) );
rc_avpair_add(&send, PW_NAS_PORT_TYPE, &av_type, 0, VENDOR_NONE);
av_type = PW_NAS_ERROR;
- switch( status ) {
+ switch( ppp_status() ) {
case EXIT_OK:
- case EXIT_USER_REQUEST:
av_type = PW_USER_REQUEST;
break;
+ case EXIT_USER_REQUEST:
+ av_type = PW_ADMIN_RESET;
+ break;
+
case EXIT_HANGUP:
case EXIT_PEER_DEAD:
case EXIT_CONNECT_FAILED:
av_type = PW_ACCT_SESSION_TIMEOUT;
break;
-#ifdef MAXOCTETS
case EXIT_TRAFFIC_LIMIT:
av_type = PW_NAS_REQUEST;
break;
-#endif
default:
av_type = PW_NAS_ERROR;
ipcp_options *ho = &ipcp_hisoptions[0];
u_int32_t hisaddr;
int result;
+ const char *remote_number;
+ const char *ipparam;
+ ppp_link_stats_st stats;
if (!rstate.initialized) {
return;
av_type = PW_RADIUS;
rc_avpair_add(&send, PW_ACCT_AUTHENTIC, &av_type, 0, VENDOR_NONE);
- /* Update link stats */
- update_link_stats(0);
-
- if (link_stats_valid) {
- link_stats_valid = 0; /* Force later code to update */
+ if (ppp_get_link_stats(&stats)) {
- av_type = link_connect_time;
+ av_type = ppp_get_link_uptime();
rc_avpair_add(&send, PW_ACCT_SESSION_TIME, &av_type, 0, VENDOR_NONE);
- av_type = link_stats.bytes_out & 0xFFFFFFFF;
+ av_type = stats.bytes_out & 0xFFFFFFFF;
rc_avpair_add(&send, PW_ACCT_OUTPUT_OCTETS, &av_type, 0, VENDOR_NONE);
- if (link_stats.bytes_out > 0xFFFFFFFF) {
- av_type = link_stats.bytes_out >> 32;
+ if (stats.bytes_out > 0xFFFFFFFF) {
+ av_type = stats.bytes_out >> 32;
rc_avpair_add(&send, PW_ACCT_OUTPUT_GIGAWORDS, &av_type, 0, VENDOR_NONE);
}
- av_type = link_stats.bytes_in & 0xFFFFFFFF;
+ av_type = stats.bytes_in & 0xFFFFFFFF;
rc_avpair_add(&send, PW_ACCT_INPUT_OCTETS, &av_type, 0, VENDOR_NONE);
- if (link_stats.bytes_in > 0xFFFFFFFF) {
- av_type = link_stats.bytes_in >> 32;
+ if (stats.bytes_in > 0xFFFFFFFF) {
+ av_type = stats.bytes_in >> 32;
rc_avpair_add(&send, PW_ACCT_INPUT_GIGAWORDS, &av_type, 0, VENDOR_NONE);
}
- av_type = link_stats.pkts_out;
+ av_type = stats.pkts_out;
rc_avpair_add(&send, PW_ACCT_OUTPUT_PACKETS, &av_type, 0, VENDOR_NONE);
- av_type = link_stats.pkts_in;
+ av_type = stats.pkts_in;
rc_avpair_add(&send, PW_ACCT_INPUT_PACKETS, &av_type, 0, VENDOR_NONE);
}
- if (*remote_number) {
+ remote_number = ppp_get_remote_number();
+ ipparam = ppp_ipparam();
+ if (remote_number) {
rc_avpair_add(&send, PW_CALLING_STATION_ID,
remote_number, 0, VENDOR_NONE);
} else if (ipparam)
rc_avpair_add(&send, PW_CALLING_STATION_ID, ipparam, 0, VENDOR_NONE);
- av_type = ( using_pty ? PW_VIRTUAL : ( sync_serial ? PW_SYNC : PW_ASYNC ) );
+ av_type = ( ppp_using_pty() ? PW_VIRTUAL : ( ppp_sync_serial() ? PW_SYNC : PW_ASYNC ) );
rc_avpair_add(&send, PW_NAS_PORT_TYPE, &av_type, 0, VENDOR_NONE);
hisaddr = ho->hisaddr;
rc_avpair_free(send);
/* Schedule another one */
- TIMEOUT(radius_acct_interim, NULL, rstate.acct_interim_interval);
+ ppp_timeout(radius_acct_interim, NULL, rstate.acct_interim_interval, 0);
}
/**********************************************************************
* Extracts the port number from the interface name
***********************************************************************/
static int
-get_client_port(char *ifname)
+get_client_port(const char *ifname)
{
int port;
if (sscanf(ifname, "ppp%d", &port) == 1) {
#ifndef RADIUSCLIENT_H
#define RADIUSCLIENT_H
-#include <sys/types.h>
-#include <stdio.h>
-#include <time.h>
-#include "pppd.h"
+#include <sys/types.h>
+#include <stdio.h>
+#include <time.h>
+#include <stdbool.h>
+
+#include <pppd/pppd.h>
+#include <pppd/options.h>
#ifndef _UINT4_T
/* This works for all machines that Linux runs on... */
/* avpair.c */
-VALUE_PAIR *rc_avpair_add(VALUE_PAIR **, int, void *, int, int);
-int rc_avpair_assign(VALUE_PAIR *, void *, int);
-VALUE_PAIR *rc_avpair_new(int, void *, int, int);
+VALUE_PAIR *rc_avpair_add(VALUE_PAIR **, int, const void *, int, int);
+int rc_avpair_assign(VALUE_PAIR *, const void *, int);
+VALUE_PAIR *rc_avpair_new(int, const void *, int, int);
VALUE_PAIR *rc_avpair_gen(AUTH_HDR *);
VALUE_PAIR *rc_avpair_get(VALUE_PAIR *, UINT4);
VALUE_PAIR *rc_avpair_copy(VALUE_PAIR *);
/* clientid.c */
int rc_read_mapfile(char *);
-UINT4 rc_map2id(char *);
+UINT4 rc_map2id(const char *);
/* config.c */
/* ip_util.c */
-UINT4 rc_get_ipaddr(char *);
-int rc_good_ipaddr(char *);
+UINT4 rc_get_ipaddr(const char *);
+int rc_good_ipaddr(const char *);
const char *rc_ip_hostname(UINT4);
UINT4 rc_own_ipaddress(void);
UINT4 rc_own_bind_ipaddress(void);
/* md5.c */
-void rc_md5_calc(unsigned char *, unsigned char *, unsigned int);
+int rc_md5_calc(unsigned char *out, const unsigned char *in, unsigned int inl);
#endif /* RADIUSCLIENT_H */
static char const RCSID[] =
"$Id: radrealms.c,v 1.2 2004/11/14 07:26:26 paulus Exp $";
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
-
-#include "pppd.h"
-#include "radiusclient.h"
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
+#include <sys/param.h>
+#include <stdbool.h>
+#include <stdint.h>
+#include <stdarg.h>
+#include <sys/types.h>
-char pppd_version[] = VERSION;
+#include <pppd/pppd.h>
+
+#include "radiusclient.h"
+
+char pppd_version[] = PPPD_VERSION;
char radrealms_config[MAXPATHLEN] = "/etc/radiusclient/realms";
}
if ((fd = fopen(radrealms_config, "r")) == NULL) {
- option_error("cannot open %s", radrealms_config);
+ ppp_option_error("cannot open %s", radrealms_config);
free(auths);
free(accts);
return;
if (p == NULL || (strcmp(p, "authserver") !=0
&& strcmp(p, "acctserver"))) {
fclose(fd);
- option_error("%s: invalid line %d: %s", radrealms_config,
+ ppp_option_error("%s: invalid line %d: %s", radrealms_config,
line, buffer);
free(auths);
free(accts);
if ((p = strtok(NULL, "\t ")) == NULL) {
fclose(fd);
- option_error("%s: realm name missing on line %d: %s",
+ ppp_option_error("%s: realm name missing on line %d: %s",
radrealms_config, line, buffer);
free(auths);
free(accts);
info(" - Matched realm %s", p);
if ((p = strtok(NULL, ":")) == NULL) {
fclose(fd);
- option_error("%s: server address missing on line %d: %s",
+ ppp_option_error("%s: server address missing on line %d: %s",
radrealms_config, line, buffer);
free(auths);
free(accts);
info(" - Address is '%s'",p);
if ((p = strtok(NULL, "\t ")) == NULL) {
fclose(fd);
- option_error("%s: server port missing on line %d: %s",
+ ppp_option_error("%s: server port missing on line %d: %s",
radrealms_config, line, buffer);
free(auths);
free(accts);
if (accts->max)
*acctserver = accts;
+ else
+ free(accts);
if (auths->max)
*authserver = auths;
+ else
+ free(auths);
return;
}
{
radius_pre_auth_hook = lookup_realm;
- add_options(Options);
+ ppp_add_options(Options);
info("RADIUS Realms plugin initialized.");
}
#include <includes.h>
#include <radiusclient.h>
#include <pathnames.h>
+#include <signal.h>
static void rc_random_vector (unsigned char *);
static int rc_check_reply (AUTH_HDR *, int, char *, unsigned char *, unsigned char);
FD_SET (sockfd, &readfds);
if (select (sockfd + 1, &readfds, NULL, NULL, &authtime) < 0)
{
- if (errno == EINTR && !got_sigterm)
+ if (errno == EINTR && !ppp_signaled(SIGTERM))
continue;
error("rc_send_server: select: %m");
memset (secret, '\0', sizeof (secret));
we use /dev/urandom here, as /dev/random might block and we don't
need that much randomness. BTW, great idea, Ted! -lf, 03/18/95 */
- if ((fd = open(_PATH_DEV_URANDOM, O_RDONLY)) >= 0)
+ if ((fd = open(PPP_PATH_DEV_URANDOM, O_RDONLY)) >= 0)
{
unsigned char *pos;
int readcount;
*
***********************************************************************/
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include "pppd.h"
-#include "chap-new.h"
-#include "chap_ms.h"
-#include "fsm.h"
-#include "ipcp.h"
-#include "mppe.h"
#include <syslog.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <stdlib.h>
#include <errno.h>
#include <ctype.h>
+#include <stdbool.h>
+#include <stdarg.h>
+#include <stdint.h>
+#include <stdio.h>
+
+#include <pppd/pppd.h>
+#include <pppd/options.h>
+#include <pppd/chap.h>
+#include <pppd/chap_ms.h>
+#include <pppd/upap.h>
+#include <pppd/fsm.h>
+#include <pppd/ipcp.h>
+#include <pppd/mppe.h>
+#include <pppd/crypto.h>
#define BUF_LEN 1024
p = argv[0];
if (p[0] != '/') {
- option_error("ntlm_auth-helper argument must be full path");
+ ppp_option_error("ntlm_auth-helper argument must be full path");
return 0;
}
p = strdup(p);
return 1;
}
-static option_t Options[] = {
+static struct option Options[] = {
{ "ntlm_auth-helper", o_special, (void *) &set_ntlm_auth,
"Path to ntlm_auth executable", OPT_PRIV },
{ NULL }
};
-static int
-winbind_secret_check(void);
-
-static int winbind_pap_auth(char *user,
- char *passwd,
- char **msgp,
- struct wordlist **paddrs,
- struct wordlist **popts);
-static int winbind_chap_verify(char *user, char *ourname, int id,
- struct chap_digest_type *digest,
- unsigned char *challenge,
- unsigned char *response,
- char *message, int message_space);
-static int winbind_allowed_address(u_int32_t addr);
-
-char pppd_version[] = VERSION;
+static pap_check_hook_fn winbind_secret_check;
+static pap_auth_hook_fn winbind_pap_auth;
+static chap_verify_hook_fn winbind_chap_verify;
+static int winbind_allowed_address(uint32_t addr);
+
+char pppd_version[] = PPPD_VERSION;
/**********************************************************************
* %FUNCTION: plugin_init
/* Don't ask the peer for anything other than MS-CHAP or MS-CHAP V2 */
chap_mdtype_all &= (MDTYPE_MICROSOFT_V2 | MDTYPE_MICROSOFT);
- add_options(Options);
+ ppp_add_options(Options);
info("WINBIND plugin initialized.");
}
return NOT_AUTHENTICATED;
}
- forkret = safe_fork(child_in[0], child_out[1], 2);
+ forkret = ppp_safe_fork(child_in[0], child_out[1], 2);
if (forkret == -1) {
if (error_string) {
*error_string = strdup("fork failed!");
return NOT_AUTHENTICATED;
}
- while ((wait(&status) == -1) && errno == EINTR && !got_sigterm)
+ while ((wait(&status) == -1) && errno == EINTR && !ppp_signaled(SIGTERM))
;
if ((authenticated == AUTHENTICATED) && nt_key && !got_user_session_key) {
int challenge_len, response_len;
char domainname[256];
char *domain;
- char *username;
+ const char *username;
char *p;
unsigned char saresponse[MS_AUTH_RESPONSE_LENGTH+1];
u_char *lm_response = NULL;
int nt_response_size = 0;
int lm_response_size = 0;
- u_char session_key[16];
+ u_char session_key[MD4_DIGEST_LENGTH];
if (response_len != MS_CHAP_RESPONSE_LEN)
break; /* not even the right length */
nt_response = &response[MS_CHAP_NTRESP];
nt_response_size = MS_CHAP_NTRESP_LEN;
} else {
-#ifdef MSLANMAN
+#ifdef PPP_WITH_MSLANMAN
lm_response = &response[MS_CHAP_LANMANRESP];
lm_response_size = MS_CHAP_LANMANRESP_LEN;
#else
/* Should really propagate this into the error packet. */
notice("Peer request for LANMAN auth not supported");
return NOT_AUTHENTICATED;
-#endif /* MSLANMAN */
+#endif /* PPP_WITH_MSLANMAN */
}
/* ship off to winbind, and check */
nt_response, nt_response_size,
session_key,
&error_string) == AUTHENTICATED) {
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
mppe_set_chapv1(challenge, session_key);
#endif
slprintf(message, message_space, "Access granted");
case CHAP_MICROSOFT_V2:
{
u_char Challenge[8];
- u_char session_key[MD4_SIGNATURE_SIZE];
+ u_char session_key[MD4_DIGEST_LENGTH];
char *error_string = NULL;
if (response_len != MS_CHAP2_RESPONSE_LEN)
&response[MS_CHAP2_NTRESP],
&response[MS_CHAP2_PEER_CHALLENGE],
challenge, user, saresponse);
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
mppe_set_chapv2(session_key, &response[MS_CHAP2_NTRESP],
MS_CHAP2_AUTHENTICATOR);
#endif
}
static int
-winbind_allowed_address(u_int32_t addr)
+winbind_allowed_address(uint32_t addr)
{
ipcp_options *wo = &ipcp_wantoptions[0];
if (wo->hisaddr !=0 && wo->hisaddr == addr) {
--- /dev/null
+/*
+ * ppp-des.c - PPP/DES implementation for MS-CHAP and EAP SRP-SHA1
+ *
+ * Extracted from chap_ms.c by James Carlson.
+ * Added abstraction via PPP_Digest* callbacks by Eivind Næss
+ *
+ * Copyright (c) 1995 Eric Rosenquist. All rights reserved.
+ * Copyright (c) 2022 Eivind Næss. All rights reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sections of this code holds different copyright information.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "crypto-priv.h"
+
+#ifdef OPENSSL_HAVE_DES
+
+#include <openssl/evp.h>
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define EVP_CIPHER_CTX_reset EVP_CIPHER_CTX_cleanup
+#endif
+
+static int des_init(PPP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv)
+{
+ if (ctx) {
+ EVP_CIPHER_CTX *cc = EVP_CIPHER_CTX_new();
+ if (cc) {
+
+ if (key) {
+ memcpy(ctx->key, key, 8);
+ }
+ if (iv) {
+ memcpy(ctx->iv, iv, 8);
+ }
+
+ if (EVP_CipherInit(cc, EVP_des_ecb(), ctx->key, ctx->iv, ctx->is_encr)) {
+
+ if (EVP_CIPHER_CTX_set_padding(cc, 0)) {
+ ctx->priv = cc;
+ return 1;
+ }
+ }
+
+ EVP_CIPHER_CTX_free(cc);
+ }
+ }
+ return 0;
+}
+
+static int des_update(PPP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl)
+{
+ if (ctx) {
+ return EVP_CipherUpdate((EVP_CIPHER_CTX*) ctx->priv, out, outl, in, inl);
+ }
+ return 0;
+}
+
+static int des_final(PPP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+ if (ctx) {
+ return EVP_CipherFinal((EVP_CIPHER_CTX*) ctx->priv, out, outl);
+ }
+ return 0;
+}
+
+static void des_clean(PPP_CIPHER_CTX *ctx)
+{
+ if (ctx->priv) {
+ EVP_CIPHER_CTX_free((EVP_CIPHER_CTX*) ctx->priv);
+ ctx->priv = NULL;
+ }
+}
+
+#else
+
+/*
+ * DES related functions are imported from openssl 3.0 project with the
+ * follwoing license:
+ *
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+typedef unsigned int DES_LONG;
+typedef unsigned char DES_cblock[8];
+typedef struct DES_ks {
+ union {
+ DES_cblock cblock;
+ /*
+ * make sure things are correct size on machines with 8 byte longs
+ */
+ DES_LONG deslong[2];
+ } ks[16];
+} DES_key_schedule;
+
+
+#define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \
+ l|=((DES_LONG)(*((c)++)))<< 8L, \
+ l|=((DES_LONG)(*((c)++)))<<16L, \
+ l|=((DES_LONG)(*((c)++)))<<24L)
+
+# define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
+ *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+#define ITERATIONS 16
+
+#define ROTATE(a,n) (((a)>>(n))+((a)<<(32-(n))))
+
+# define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
+ (b)^=(t),\
+ (a)^=((t)<<(n)))
+
+#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
+ (a)=(a)^(t)^(t>>(16-(n))))
+
+# define IP(l,r) \
+ { \
+ register DES_LONG tt; \
+ PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \
+ PERM_OP(l,r,tt,16,0x0000ffffL); \
+ PERM_OP(r,l,tt, 2,0x33333333L); \
+ PERM_OP(l,r,tt, 8,0x00ff00ffL); \
+ PERM_OP(r,l,tt, 1,0x55555555L); \
+ }
+
+# define FP(l,r) \
+ { \
+ register DES_LONG tt; \
+ PERM_OP(l,r,tt, 1,0x55555555L); \
+ PERM_OP(r,l,tt, 8,0x00ff00ffL); \
+ PERM_OP(l,r,tt, 2,0x33333333L); \
+ PERM_OP(r,l,tt,16,0x0000ffffL); \
+ PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
+ }
+
+#define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g)
+#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
+ u=R^s[S ]; \
+ t=R^s[S+1]
+
+#define D_ENCRYPT(LL,R,S) { \
+ LOAD_DATA_tmp(R,S,u,t,E0,E1); \
+ t=ROTATE(t,4); \
+ LL^= \
+ DES_SPtrans[0][(u>> 2L)&0x3f]^ \
+ DES_SPtrans[2][(u>>10L)&0x3f]^ \
+ DES_SPtrans[4][(u>>18L)&0x3f]^ \
+ DES_SPtrans[6][(u>>26L)&0x3f]^ \
+ DES_SPtrans[1][(t>> 2L)&0x3f]^ \
+ DES_SPtrans[3][(t>>10L)&0x3f]^ \
+ DES_SPtrans[5][(t>>18L)&0x3f]^ \
+ DES_SPtrans[7][(t>>26L)&0x3f]; }
+
+
+static const DES_LONG DES_SPtrans[8][64] = {
+ {
+ /* nibble 0 */
+ 0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L,
+ 0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L,
+ 0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L,
+ 0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L,
+ 0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L,
+ 0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L,
+ 0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L,
+ 0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L,
+ 0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L,
+ 0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L,
+ 0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L,
+ 0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L,
+ 0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L,
+ 0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L,
+ 0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L,
+ 0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L,
+ },
+ {
+ /* nibble 1 */
+ 0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L,
+ 0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L,
+ 0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L,
+ 0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L,
+ 0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L,
+ 0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L,
+ 0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L,
+ 0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L,
+ 0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L,
+ 0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L,
+ 0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L,
+ 0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L,
+ 0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L,
+ 0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L,
+ 0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L,
+ 0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L,
+ },
+ {
+ /* nibble 2 */
+ 0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L,
+ 0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L,
+ 0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L,
+ 0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L,
+ 0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L,
+ 0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L,
+ 0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L,
+ 0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L,
+ 0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L,
+ 0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L,
+ 0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L,
+ 0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L,
+ 0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L,
+ 0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L,
+ 0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L,
+ 0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L,
+ },
+ {
+ /* nibble 3 */
+ 0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L,
+ 0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L,
+ 0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L,
+ 0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L,
+ 0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L,
+ 0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L,
+ 0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L,
+ 0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L,
+ 0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L,
+ 0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L,
+ 0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L,
+ 0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L,
+ 0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L,
+ 0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L,
+ 0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L,
+ 0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L,
+ },
+ {
+ /* nibble 4 */
+ 0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L,
+ 0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L,
+ 0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L,
+ 0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L,
+ 0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L,
+ 0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L,
+ 0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L,
+ 0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L,
+ 0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L,
+ 0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L,
+ 0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L,
+ 0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L,
+ 0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L,
+ 0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L,
+ 0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L,
+ 0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L,
+ },
+ {
+ /* nibble 5 */
+ 0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L,
+ 0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L,
+ 0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L,
+ 0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L,
+ 0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L,
+ 0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L,
+ 0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L,
+ 0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L,
+ 0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L,
+ 0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L,
+ 0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L,
+ 0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L,
+ 0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L,
+ 0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L,
+ 0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L,
+ 0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L,
+ },
+ {
+ /* nibble 6 */
+ 0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L,
+ 0x01004204L, 0x00004004L, 0x00004200L, 0x00000000L,
+ 0x01000000L, 0x01000204L, 0x00000204L, 0x01004000L,
+ 0x00000004L, 0x01004200L, 0x01004000L, 0x00000204L,
+ 0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L,
+ 0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L,
+ 0x01004004L, 0x00004204L, 0x01004200L, 0x00000004L,
+ 0x00004204L, 0x01004004L, 0x00000200L, 0x01000000L,
+ 0x00004204L, 0x01004000L, 0x01004004L, 0x00000204L,
+ 0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L,
+ 0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L,
+ 0x00000200L, 0x01000004L, 0x00000004L, 0x01000200L,
+ 0x00000000L, 0x01000204L, 0x01000200L, 0x00004200L,
+ 0x00000204L, 0x00004000L, 0x01004204L, 0x01000000L,
+ 0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L,
+ 0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L,
+ },
+ {
+ /* nibble 7 */
+ 0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L,
+ 0x20020000L, 0x00800080L, 0x20800000L, 0x20820080L,
+ 0x00000080L, 0x20000000L, 0x00820000L, 0x00020080L,
+ 0x00820080L, 0x20020080L, 0x20000080L, 0x20800000L,
+ 0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L,
+ 0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L,
+ 0x20000000L, 0x00800000L, 0x20020080L, 0x20800080L,
+ 0x00800000L, 0x00020000L, 0x20820000L, 0x00000080L,
+ 0x00800000L, 0x00020000L, 0x20000080L, 0x20820080L,
+ 0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L,
+ 0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L,
+ 0x20820000L, 0x00000080L, 0x00800080L, 0x20020000L,
+ 0x20820080L, 0x00800000L, 0x20800000L, 0x20000080L,
+ 0x00820000L, 0x00020080L, 0x20020080L, 0x20800000L,
+ 0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L,
+ 0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L,
+ }
+};
+
+static const DES_LONG des_skb[8][64] = {
+ {
+ /* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
+ 0x00000000L, 0x00000010L, 0x20000000L, 0x20000010L,
+ 0x00010000L, 0x00010010L, 0x20010000L, 0x20010010L,
+ 0x00000800L, 0x00000810L, 0x20000800L, 0x20000810L,
+ 0x00010800L, 0x00010810L, 0x20010800L, 0x20010810L,
+ 0x00000020L, 0x00000030L, 0x20000020L, 0x20000030L,
+ 0x00010020L, 0x00010030L, 0x20010020L, 0x20010030L,
+ 0x00000820L, 0x00000830L, 0x20000820L, 0x20000830L,
+ 0x00010820L, 0x00010830L, 0x20010820L, 0x20010830L,
+ 0x00080000L, 0x00080010L, 0x20080000L, 0x20080010L,
+ 0x00090000L, 0x00090010L, 0x20090000L, 0x20090010L,
+ 0x00080800L, 0x00080810L, 0x20080800L, 0x20080810L,
+ 0x00090800L, 0x00090810L, 0x20090800L, 0x20090810L,
+ 0x00080020L, 0x00080030L, 0x20080020L, 0x20080030L,
+ 0x00090020L, 0x00090030L, 0x20090020L, 0x20090030L,
+ 0x00080820L, 0x00080830L, 0x20080820L, 0x20080830L,
+ 0x00090820L, 0x00090830L, 0x20090820L, 0x20090830L,
+ },
+ {
+ /* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */
+ 0x00000000L, 0x02000000L, 0x00002000L, 0x02002000L,
+ 0x00200000L, 0x02200000L, 0x00202000L, 0x02202000L,
+ 0x00000004L, 0x02000004L, 0x00002004L, 0x02002004L,
+ 0x00200004L, 0x02200004L, 0x00202004L, 0x02202004L,
+ 0x00000400L, 0x02000400L, 0x00002400L, 0x02002400L,
+ 0x00200400L, 0x02200400L, 0x00202400L, 0x02202400L,
+ 0x00000404L, 0x02000404L, 0x00002404L, 0x02002404L,
+ 0x00200404L, 0x02200404L, 0x00202404L, 0x02202404L,
+ 0x10000000L, 0x12000000L, 0x10002000L, 0x12002000L,
+ 0x10200000L, 0x12200000L, 0x10202000L, 0x12202000L,
+ 0x10000004L, 0x12000004L, 0x10002004L, 0x12002004L,
+ 0x10200004L, 0x12200004L, 0x10202004L, 0x12202004L,
+ 0x10000400L, 0x12000400L, 0x10002400L, 0x12002400L,
+ 0x10200400L, 0x12200400L, 0x10202400L, 0x12202400L,
+ 0x10000404L, 0x12000404L, 0x10002404L, 0x12002404L,
+ 0x10200404L, 0x12200404L, 0x10202404L, 0x12202404L,
+ },
+ {
+ /* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */
+ 0x00000000L, 0x00000001L, 0x00040000L, 0x00040001L,
+ 0x01000000L, 0x01000001L, 0x01040000L, 0x01040001L,
+ 0x00000002L, 0x00000003L, 0x00040002L, 0x00040003L,
+ 0x01000002L, 0x01000003L, 0x01040002L, 0x01040003L,
+ 0x00000200L, 0x00000201L, 0x00040200L, 0x00040201L,
+ 0x01000200L, 0x01000201L, 0x01040200L, 0x01040201L,
+ 0x00000202L, 0x00000203L, 0x00040202L, 0x00040203L,
+ 0x01000202L, 0x01000203L, 0x01040202L, 0x01040203L,
+ 0x08000000L, 0x08000001L, 0x08040000L, 0x08040001L,
+ 0x09000000L, 0x09000001L, 0x09040000L, 0x09040001L,
+ 0x08000002L, 0x08000003L, 0x08040002L, 0x08040003L,
+ 0x09000002L, 0x09000003L, 0x09040002L, 0x09040003L,
+ 0x08000200L, 0x08000201L, 0x08040200L, 0x08040201L,
+ 0x09000200L, 0x09000201L, 0x09040200L, 0x09040201L,
+ 0x08000202L, 0x08000203L, 0x08040202L, 0x08040203L,
+ 0x09000202L, 0x09000203L, 0x09040202L, 0x09040203L,
+ },
+ {
+ /* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */
+ 0x00000000L, 0x00100000L, 0x00000100L, 0x00100100L,
+ 0x00000008L, 0x00100008L, 0x00000108L, 0x00100108L,
+ 0x00001000L, 0x00101000L, 0x00001100L, 0x00101100L,
+ 0x00001008L, 0x00101008L, 0x00001108L, 0x00101108L,
+ 0x04000000L, 0x04100000L, 0x04000100L, 0x04100100L,
+ 0x04000008L, 0x04100008L, 0x04000108L, 0x04100108L,
+ 0x04001000L, 0x04101000L, 0x04001100L, 0x04101100L,
+ 0x04001008L, 0x04101008L, 0x04001108L, 0x04101108L,
+ 0x00020000L, 0x00120000L, 0x00020100L, 0x00120100L,
+ 0x00020008L, 0x00120008L, 0x00020108L, 0x00120108L,
+ 0x00021000L, 0x00121000L, 0x00021100L, 0x00121100L,
+ 0x00021008L, 0x00121008L, 0x00021108L, 0x00121108L,
+ 0x04020000L, 0x04120000L, 0x04020100L, 0x04120100L,
+ 0x04020008L, 0x04120008L, 0x04020108L, 0x04120108L,
+ 0x04021000L, 0x04121000L, 0x04021100L, 0x04121100L,
+ 0x04021008L, 0x04121008L, 0x04021108L, 0x04121108L,
+ },
+ {
+ /* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
+ 0x00000000L, 0x10000000L, 0x00010000L, 0x10010000L,
+ 0x00000004L, 0x10000004L, 0x00010004L, 0x10010004L,
+ 0x20000000L, 0x30000000L, 0x20010000L, 0x30010000L,
+ 0x20000004L, 0x30000004L, 0x20010004L, 0x30010004L,
+ 0x00100000L, 0x10100000L, 0x00110000L, 0x10110000L,
+ 0x00100004L, 0x10100004L, 0x00110004L, 0x10110004L,
+ 0x20100000L, 0x30100000L, 0x20110000L, 0x30110000L,
+ 0x20100004L, 0x30100004L, 0x20110004L, 0x30110004L,
+ 0x00001000L, 0x10001000L, 0x00011000L, 0x10011000L,
+ 0x00001004L, 0x10001004L, 0x00011004L, 0x10011004L,
+ 0x20001000L, 0x30001000L, 0x20011000L, 0x30011000L,
+ 0x20001004L, 0x30001004L, 0x20011004L, 0x30011004L,
+ 0x00101000L, 0x10101000L, 0x00111000L, 0x10111000L,
+ 0x00101004L, 0x10101004L, 0x00111004L, 0x10111004L,
+ 0x20101000L, 0x30101000L, 0x20111000L, 0x30111000L,
+ 0x20101004L, 0x30101004L, 0x20111004L, 0x30111004L,
+ },
+ {
+ /* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */
+ 0x00000000L, 0x08000000L, 0x00000008L, 0x08000008L,
+ 0x00000400L, 0x08000400L, 0x00000408L, 0x08000408L,
+ 0x00020000L, 0x08020000L, 0x00020008L, 0x08020008L,
+ 0x00020400L, 0x08020400L, 0x00020408L, 0x08020408L,
+ 0x00000001L, 0x08000001L, 0x00000009L, 0x08000009L,
+ 0x00000401L, 0x08000401L, 0x00000409L, 0x08000409L,
+ 0x00020001L, 0x08020001L, 0x00020009L, 0x08020009L,
+ 0x00020401L, 0x08020401L, 0x00020409L, 0x08020409L,
+ 0x02000000L, 0x0A000000L, 0x02000008L, 0x0A000008L,
+ 0x02000400L, 0x0A000400L, 0x02000408L, 0x0A000408L,
+ 0x02020000L, 0x0A020000L, 0x02020008L, 0x0A020008L,
+ 0x02020400L, 0x0A020400L, 0x02020408L, 0x0A020408L,
+ 0x02000001L, 0x0A000001L, 0x02000009L, 0x0A000009L,
+ 0x02000401L, 0x0A000401L, 0x02000409L, 0x0A000409L,
+ 0x02020001L, 0x0A020001L, 0x02020009L, 0x0A020009L,
+ 0x02020401L, 0x0A020401L, 0x02020409L, 0x0A020409L,
+ },
+ {
+ /* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */
+ 0x00000000L, 0x00000100L, 0x00080000L, 0x00080100L,
+ 0x01000000L, 0x01000100L, 0x01080000L, 0x01080100L,
+ 0x00000010L, 0x00000110L, 0x00080010L, 0x00080110L,
+ 0x01000010L, 0x01000110L, 0x01080010L, 0x01080110L,
+ 0x00200000L, 0x00200100L, 0x00280000L, 0x00280100L,
+ 0x01200000L, 0x01200100L, 0x01280000L, 0x01280100L,
+ 0x00200010L, 0x00200110L, 0x00280010L, 0x00280110L,
+ 0x01200010L, 0x01200110L, 0x01280010L, 0x01280110L,
+ 0x00000200L, 0x00000300L, 0x00080200L, 0x00080300L,
+ 0x01000200L, 0x01000300L, 0x01080200L, 0x01080300L,
+ 0x00000210L, 0x00000310L, 0x00080210L, 0x00080310L,
+ 0x01000210L, 0x01000310L, 0x01080210L, 0x01080310L,
+ 0x00200200L, 0x00200300L, 0x00280200L, 0x00280300L,
+ 0x01200200L, 0x01200300L, 0x01280200L, 0x01280300L,
+ 0x00200210L, 0x00200310L, 0x00280210L, 0x00280310L,
+ 0x01200210L, 0x01200310L, 0x01280210L, 0x01280310L,
+ },
+ {
+ /* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */
+ 0x00000000L, 0x04000000L, 0x00040000L, 0x04040000L,
+ 0x00000002L, 0x04000002L, 0x00040002L, 0x04040002L,
+ 0x00002000L, 0x04002000L, 0x00042000L, 0x04042000L,
+ 0x00002002L, 0x04002002L, 0x00042002L, 0x04042002L,
+ 0x00000020L, 0x04000020L, 0x00040020L, 0x04040020L,
+ 0x00000022L, 0x04000022L, 0x00040022L, 0x04040022L,
+ 0x00002020L, 0x04002020L, 0x00042020L, 0x04042020L,
+ 0x00002022L, 0x04002022L, 0x00042022L, 0x04042022L,
+ 0x00000800L, 0x04000800L, 0x00040800L, 0x04040800L,
+ 0x00000802L, 0x04000802L, 0x00040802L, 0x04040802L,
+ 0x00002800L, 0x04002800L, 0x00042800L, 0x04042800L,
+ 0x00002802L, 0x04002802L, 0x00042802L, 0x04042802L,
+ 0x00000820L, 0x04000820L, 0x00040820L, 0x04040820L,
+ 0x00000822L, 0x04000822L, 0x00040822L, 0x04040822L,
+ 0x00002820L, 0x04002820L, 0x00042820L, 0x04042820L,
+ 0x00002822L, 0x04002822L, 0x00042822L, 0x04042822L,
+ }
+};
+
+
+static void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
+{
+ register DES_LONG l, r, t, u;
+ register DES_LONG *s;
+
+ r = data[0];
+ l = data[1];
+
+ IP(r, l);
+ /*
+ * Things have been modified so that the initial rotate is done outside
+ * the loop. This required the DES_SPtrans values in sp.h to be rotated
+ * 1 bit to the right. One perl script later and things have a 5% speed
+ * up on a sparc2. Thanks to Richard Outerbridge for pointing this out.
+ */
+ /* clear the top bits on machines with 8byte longs */
+ /* shift left by 2 */
+ r = ROTATE(r, 29) & 0xffffffffL;
+ l = ROTATE(l, 29) & 0xffffffffL;
+
+ s = ks->ks->deslong;
+ /*
+ * I don't know if it is worth the effort of loop unrolling the inner
+ * loop
+ */
+ if (enc) {
+ D_ENCRYPT(l, r, 0); /* 1 */
+ D_ENCRYPT(r, l, 2); /* 2 */
+ D_ENCRYPT(l, r, 4); /* 3 */
+ D_ENCRYPT(r, l, 6); /* 4 */
+ D_ENCRYPT(l, r, 8); /* 5 */
+ D_ENCRYPT(r, l, 10); /* 6 */
+ D_ENCRYPT(l, r, 12); /* 7 */
+ D_ENCRYPT(r, l, 14); /* 8 */
+ D_ENCRYPT(l, r, 16); /* 9 */
+ D_ENCRYPT(r, l, 18); /* 10 */
+ D_ENCRYPT(l, r, 20); /* 11 */
+ D_ENCRYPT(r, l, 22); /* 12 */
+ D_ENCRYPT(l, r, 24); /* 13 */
+ D_ENCRYPT(r, l, 26); /* 14 */
+ D_ENCRYPT(l, r, 28); /* 15 */
+ D_ENCRYPT(r, l, 30); /* 16 */
+ } else {
+ D_ENCRYPT(l, r, 30); /* 16 */
+ D_ENCRYPT(r, l, 28); /* 15 */
+ D_ENCRYPT(l, r, 26); /* 14 */
+ D_ENCRYPT(r, l, 24); /* 13 */
+ D_ENCRYPT(l, r, 22); /* 12 */
+ D_ENCRYPT(r, l, 20); /* 11 */
+ D_ENCRYPT(l, r, 18); /* 10 */
+ D_ENCRYPT(r, l, 16); /* 9 */
+ D_ENCRYPT(l, r, 14); /* 8 */
+ D_ENCRYPT(r, l, 12); /* 7 */
+ D_ENCRYPT(l, r, 10); /* 6 */
+ D_ENCRYPT(r, l, 8); /* 5 */
+ D_ENCRYPT(l, r, 6); /* 4 */
+ D_ENCRYPT(r, l, 4); /* 3 */
+ D_ENCRYPT(l, r, 2); /* 2 */
+ D_ENCRYPT(r, l, 0); /* 1 */
+ }
+
+ /* rotate and clear the top bits on machines with 8byte longs */
+ l = ROTATE(l, 3) & 0xffffffffL;
+ r = ROTATE(r, 3) & 0xffffffffL;
+
+ FP(r, l);
+ data[0] = l;
+ data[1] = r;
+ l = r = t = u = 0;
+}
+
+
+static void DES_ecb_encrypt(const DES_cblock *input, DES_cblock *output,
+ DES_key_schedule *ks, int enc)
+{
+ register DES_LONG l;
+ DES_LONG ll[2];
+ const unsigned char *in = &(*input)[0];
+ unsigned char *out = &(*output)[0];
+
+ c2l(in, l);
+ ll[0] = l;
+ c2l(in, l);
+ ll[1] = l;
+ DES_encrypt1(ll, ks, enc);
+ l = ll[0];
+ l2c(l, out);
+ l = ll[1];
+ l2c(l, out);
+ l = ll[0] = ll[1] = 0;
+}
+
+
+static void DES_set_key(const DES_cblock *key, DES_key_schedule *schedule)
+{
+ static const int shifts2[16] =
+ { 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0 };
+ register DES_LONG c, d, t, s, t2;
+ register const unsigned char *in;
+ register DES_LONG *k;
+ register int i;
+
+#ifdef OPENBSD_DEV_CRYPTO
+ memcpy(schedule->key, key, sizeof(schedule->key));
+ schedule->session = NULL;
+#endif
+ k = &schedule->ks->deslong[0];
+ in = &(*key)[0];
+
+ c2l(in, c);
+ c2l(in, d);
+
+ /*
+ * do PC1 in 47 simple operations. Thanks to John Fletcher
+ * for the inspiration.
+ */
+ PERM_OP(d, c, t, 4, 0x0f0f0f0fL);
+ HPERM_OP(c, t, -2, 0xcccc0000L);
+ HPERM_OP(d, t, -2, 0xcccc0000L);
+ PERM_OP(d, c, t, 1, 0x55555555L);
+ PERM_OP(c, d, t, 8, 0x00ff00ffL);
+ PERM_OP(d, c, t, 1, 0x55555555L);
+ d = (((d & 0x000000ffL) << 16L) | (d & 0x0000ff00L) |
+ ((d & 0x00ff0000L) >> 16L) | ((c & 0xf0000000L) >> 4L));
+ c &= 0x0fffffffL;
+
+ for (i = 0; i < ITERATIONS; i++) {
+ if (shifts2[i]) {
+ c = ((c >> 2L) | (c << 26L));
+ d = ((d >> 2L) | (d << 26L));
+ } else {
+ c = ((c >> 1L) | (c << 27L));
+ d = ((d >> 1L) | (d << 27L));
+ }
+ c &= 0x0fffffffL;
+ d &= 0x0fffffffL;
+ /*
+ * could be a few less shifts but I am to lazy at this point in time
+ * to investigate
+ */
+ s = des_skb[0][(c) & 0x3f] |
+ des_skb[1][((c >> 6L) & 0x03) | ((c >> 7L) & 0x3c)] |
+ des_skb[2][((c >> 13L) & 0x0f) | ((c >> 14L) & 0x30)] |
+ des_skb[3][((c >> 20L) & 0x01) | ((c >> 21L) & 0x06) |
+ ((c >> 22L) & 0x38)];
+ t = des_skb[4][(d) & 0x3f] |
+ des_skb[5][((d >> 7L) & 0x03) | ((d >> 8L) & 0x3c)] |
+ des_skb[6][(d >> 15L) & 0x3f] |
+ des_skb[7][((d >> 21L) & 0x0f) | ((d >> 22L) & 0x30)];
+
+ /* table contained 0213 4657 */
+ t2 = ((t << 16L) | (s & 0x0000ffffL)) & 0xffffffffL;
+ *(k++) = ROTATE(t2, 30) & 0xffffffffL;
+
+ t2 = ((s >> 16L) | (t & 0xffff0000L));
+ *(k++) = ROTATE(t2, 26) & 0xffffffffL;
+ }
+}
+
+/* End of import of OpenSSL DES encryption functions */
+
+static int des_init(PPP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv)
+{
+ DES_key_schedule *ks = calloc(1, sizeof(DES_key_schedule));
+ if (ks) {
+
+ if (key) {
+ memcpy(ctx->key, key, 8);
+ }
+
+ if (iv) {
+ memcpy(ctx->iv, iv, 8);
+ }
+
+ if (key) {
+ DES_set_key((DES_cblock*) &ctx->key, ks);
+ }
+
+ ctx->priv = ks;
+ return 1;
+ }
+
+ return 0;
+}
+
+static int des_update(PPP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl)
+{
+ int offset = 0;
+ inl = inl / 8;
+ while (offset < inl) {
+ DES_ecb_encrypt((DES_cblock *)in + offset, (DES_cblock *)out + offset,
+ (DES_key_schedule*) ctx->priv, ctx->is_encr);
+ offset ++;
+ }
+
+ *outl = offset * 8;
+ return 1;
+}
+
+static int des_final(PPP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+ return 1;
+}
+
+static void des_clean(PPP_CIPHER_CTX *ctx)
+{
+ if (ctx->priv) {
+ free(ctx->priv);
+ ctx->priv = NULL;
+ }
+}
+
+#endif
+
+static PPP_CIPHER ppp_des = {
+ .init_fn = des_init,
+ .update_fn = des_update,
+ .final_fn = des_final,
+ .clean_fn = des_clean,
+};
+
+const PPP_CIPHER *PPP_des_ecb(void)
+{
+ return &ppp_des;
+}
+
--- /dev/null
+/* ppp-md4.c - MD4 Digest implementation
+ *
+ * Copyright (c) 2022 Eivind Næss. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sections of this code holds different copyright information.
+ */
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "crypto-priv.h"
+
+
+#ifdef OPENSSL_HAVE_MD4
+#include <openssl/evp.h>
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define EVP_MD_CTX_free EVP_MD_CTX_destroy
+#define EVP_MD_CTX_new EVP_MD_CTX_create
+#endif
+
+
+static int md4_init(PPP_MD_CTX *ctx)
+{
+ if (ctx) {
+ EVP_MD_CTX *mctx = EVP_MD_CTX_new();
+ if (mctx) {
+ if (EVP_DigestInit(mctx, EVP_md4())) {
+ ctx->priv = mctx;
+ return 1;
+ }
+ EVP_MD_CTX_free(mctx);
+ }
+ }
+ return 0;
+}
+
+static int md4_update(PPP_MD_CTX *ctx, const void *data, size_t len)
+{
+ if (EVP_DigestUpdate((EVP_MD_CTX*) ctx->priv, data, len)) {
+ return 1;
+ }
+ return 0;
+}
+
+static int md4_final(PPP_MD_CTX *ctx, unsigned char *out, unsigned int *len)
+{
+ if (EVP_DigestFinal((EVP_MD_CTX*) ctx->priv, out, len)) {
+ return 1;
+ }
+ return 0;
+}
+
+static void md4_clean(PPP_MD_CTX *ctx)
+{
+ if (ctx->priv) {
+ EVP_MD_CTX_free(ctx->priv);
+ ctx->priv = NULL;
+ }
+}
+
+
+#else // !OPENSSL_HAVE_MD4
+
+#define TRUE 1
+#define FALSE 0
+
+/*
+** ********************************************************************
+** md4.c -- Implementation of MD4 Message Digest Algorithm **
+** Updated: 2/16/90 by Ronald L. Rivest **
+** (C) 1990 RSA Data Security, Inc. **
+** ********************************************************************
+*/
+
+/*
+** To use MD4:
+** -- Include md4.h in your program
+** -- Declare an MDstruct MD to hold the state of the digest
+** computation.
+** -- Initialize MD using MDbegin(&MD)
+** -- For each full block (64 bytes) X you wish to process, call
+** MD4Update(&MD,X,512)
+** (512 is the number of bits in a full block.)
+** -- For the last block (less than 64 bytes) you wish to process,
+** MD4Update(&MD,X,n)
+** where n is the number of bits in the partial block. A partial
+** block terminates the computation, so every MD computation
+** should terminate by processing a partial block, even if it
+** has n = 0.
+** -- The message digest is available in MD.buffer[0] ...
+** MD.buffer[3]. (Least-significant byte of each word
+** should be output first.)
+** -- You can print out the digest using MDprint(&MD)
+*/
+
+/* Implementation notes:
+** This implementation assumes that ints are 32-bit quantities.
+*/
+
+/* MDstruct is the data structure for a message digest computation.
+*/
+typedef struct {
+ unsigned int buffer[4]; /* Holds 4-word result of MD computation */
+ unsigned char count[8]; /* Number of bits processed so far */
+ unsigned int done; /* Nonzero means MD computation finished */
+} MD4_CTX;
+
+
+/* Compile-time declarations of MD4 "magic constants".
+*/
+#define I0 0x67452301 /* Initial values for MD buffer */
+#define I1 0xefcdab89
+#define I2 0x98badcfe
+#define I3 0x10325476
+#define C2 013240474631 /* round 2 constant = sqrt(2) in octal */
+#define C3 015666365641 /* round 3 constant = sqrt(3) in octal */
+/* C2 and C3 are from Knuth, The Art of Programming, Volume 2
+** (Seminumerical Algorithms), Second Edition (1981), Addison-Wesley.
+** Table 2, page 660.
+*/
+
+#define fs1 3 /* round 1 shift amounts */
+#define fs2 7
+#define fs3 11
+#define fs4 19
+#define gs1 3 /* round 2 shift amounts */
+#define gs2 5
+#define gs3 9
+#define gs4 13
+#define hs1 3 /* round 3 shift amounts */
+#define hs2 9
+#define hs3 11
+#define hs4 15
+
+/* Compile-time macro declarations for MD4.
+** Note: The "rot" operator uses the variable "tmp".
+** It assumes tmp is declared as unsigned int, so that the >>
+** operator will shift in zeros rather than extending the sign bit.
+*/
+#define f(X,Y,Z) ((X&Y) | ((~X)&Z))
+#define g(X,Y,Z) ((X&Y) | (X&Z) | (Y&Z))
+#define h(X,Y,Z) (X^Y^Z)
+#define rot(X,S) (tmp=X,(tmp<<S) | (tmp>>(32-S)))
+#define ff(A,B,C,D,i,s) A = rot((A + f(B,C,D) + X[i]),s)
+#define gg(A,B,C,D,i,s) A = rot((A + g(B,C,D) + X[i] + C2),s)
+#define hh(A,B,C,D,i,s) A = rot((A + h(B,C,D) + X[i] + C3),s)
+
+/* MD4print(MDp)
+** Print message digest buffer MDp as 32 hexadecimal digits.
+** Order is from low-order byte of buffer[0] to high-order byte of
+** buffer[3].
+** Each byte is printed with high-order hexadecimal digit first.
+** This is a user-callable routine.
+*/
+static void
+MD4Print(MD4_CTX *MDp)
+{
+ int i,j;
+ for (i=0;i<4;i++)
+ for (j=0;j<32;j=j+8)
+ printf("%02x",(MDp->buffer[i]>>j) & 0xFF);
+}
+
+/* MD4Init(MDp)
+** Initialize message digest buffer MDp.
+** This is a user-callable routine.
+*/
+static void
+MD4Init(MD4_CTX *MDp)
+{
+ int i;
+ MDp->buffer[0] = I0;
+ MDp->buffer[1] = I1;
+ MDp->buffer[2] = I2;
+ MDp->buffer[3] = I3;
+ for (i=0;i<8;i++) MDp->count[i] = 0;
+ MDp->done = 0;
+}
+
+/* MDblock(MDp,X)
+** Update message digest buffer MDp->buffer using 16-word data block X.
+** Assumes all 16 words of X are full of data.
+** Does not update MDp->count.
+** This routine is not user-callable.
+*/
+static void
+MDblock(MD4_CTX *MDp, unsigned char *Xb)
+{
+ register unsigned int tmp, A, B, C, D;
+ unsigned int X[16];
+ int i;
+
+ for (i = 0; i < 16; ++i) {
+ X[i] = Xb[0] + (Xb[1] << 8) + (Xb[2] << 16) + (Xb[3] << 24);
+ Xb += 4;
+ }
+
+ A = MDp->buffer[0];
+ B = MDp->buffer[1];
+ C = MDp->buffer[2];
+ D = MDp->buffer[3];
+ /* Update the message digest buffer */
+ ff(A , B , C , D , 0 , fs1); /* Round 1 */
+ ff(D , A , B , C , 1 , fs2);
+ ff(C , D , A , B , 2 , fs3);
+ ff(B , C , D , A , 3 , fs4);
+ ff(A , B , C , D , 4 , fs1);
+ ff(D , A , B , C , 5 , fs2);
+ ff(C , D , A , B , 6 , fs3);
+ ff(B , C , D , A , 7 , fs4);
+ ff(A , B , C , D , 8 , fs1);
+ ff(D , A , B , C , 9 , fs2);
+ ff(C , D , A , B , 10 , fs3);
+ ff(B , C , D , A , 11 , fs4);
+ ff(A , B , C , D , 12 , fs1);
+ ff(D , A , B , C , 13 , fs2);
+ ff(C , D , A , B , 14 , fs3);
+ ff(B , C , D , A , 15 , fs4);
+ gg(A , B , C , D , 0 , gs1); /* Round 2 */
+ gg(D , A , B , C , 4 , gs2);
+ gg(C , D , A , B , 8 , gs3);
+ gg(B , C , D , A , 12 , gs4);
+ gg(A , B , C , D , 1 , gs1);
+ gg(D , A , B , C , 5 , gs2);
+ gg(C , D , A , B , 9 , gs3);
+ gg(B , C , D , A , 13 , gs4);
+ gg(A , B , C , D , 2 , gs1);
+ gg(D , A , B , C , 6 , gs2);
+ gg(C , D , A , B , 10 , gs3);
+ gg(B , C , D , A , 14 , gs4);
+ gg(A , B , C , D , 3 , gs1);
+ gg(D , A , B , C , 7 , gs2);
+ gg(C , D , A , B , 11 , gs3);
+ gg(B , C , D , A , 15 , gs4);
+ hh(A , B , C , D , 0 , hs1); /* Round 3 */
+ hh(D , A , B , C , 8 , hs2);
+ hh(C , D , A , B , 4 , hs3);
+ hh(B , C , D , A , 12 , hs4);
+ hh(A , B , C , D , 2 , hs1);
+ hh(D , A , B , C , 10 , hs2);
+ hh(C , D , A , B , 6 , hs3);
+ hh(B , C , D , A , 14 , hs4);
+ hh(A , B , C , D , 1 , hs1);
+ hh(D , A , B , C , 9 , hs2);
+ hh(C , D , A , B , 5 , hs3);
+ hh(B , C , D , A , 13 , hs4);
+ hh(A , B , C , D , 3 , hs1);
+ hh(D , A , B , C , 11 , hs2);
+ hh(C , D , A , B , 7 , hs3);
+ hh(B , C , D , A , 15 , hs4);
+ MDp->buffer[0] += A;
+ MDp->buffer[1] += B;
+ MDp->buffer[2] += C;
+ MDp->buffer[3] += D;
+}
+
+/* MD4Update(MDp,X,count)
+** Input: X -- a pointer to an array of unsigned characters.
+** count -- the number of bits of X to use.
+** (if not a multiple of 8, uses high bits of last byte.)
+** Update MDp using the number of bits of X given by count.
+** This is the basic input routine for an MD4 user.
+** The routine completes the MD computation when count < 512, so
+** every MD computation should end with one call to MD4Update with a
+** count less than 512. A call with count 0 will be ignored if the
+** MD has already been terminated (done != 0), so an extra call with
+** count 0 can be given as a "courtesy close" to force termination
+** if desired.
+*/
+static void
+MD4Update(MD4_CTX *MDp, unsigned char *X, unsigned int count)
+{
+ unsigned int i, tmp, bit, byte, mask;
+ unsigned char XX[64];
+ unsigned char *p;
+
+ /* return with no error if this is a courtesy close with count
+ ** zero and MDp->done is true.
+ */
+ if (count == 0 && MDp->done) return;
+ /* check to see if MD is already done and report error */
+ if (MDp->done)
+ { printf("\nError: MD4Update MD already done."); return; }
+
+ /* Add count to MDp->count */
+ tmp = count;
+ p = MDp->count;
+ while (tmp)
+ { tmp += *p;
+ *p++ = tmp;
+ tmp = tmp >> 8;
+ }
+
+ /* Process data */
+ if (count == 512)
+ { /* Full block of data to handle */
+ MDblock(MDp,X);
+ }
+ else if (count > 512) /* Check for count too large */
+ {
+ printf("\nError: MD4Update called with illegal count value %u.",
+ count);
+ return;
+ }
+ else /* partial block -- must be last block so finish up */
+ {
+ /* Find out how many bytes and residual bits there are */
+ byte = count >> 3;
+ bit = count & 7;
+ /* Copy X into XX since we need to modify it */
+ if (count)
+ for (i=0;i<=byte;i++) XX[i] = X[i];
+ for (i=byte+1;i<64;i++) XX[i] = 0;
+ /* Add padding '1' bit and low-order zeros in last byte */
+ mask = 1 << (7 - bit);
+ XX[byte] = (XX[byte] | mask) & ~( mask - 1);
+ /* If room for bit count, finish up with this block */
+ if (byte <= 55)
+ {
+ for (i=0;i<8;i++) XX[56+i] = MDp->count[i];
+ MDblock(MDp,XX);
+ }
+ else /* need to do two blocks to finish up */
+ {
+ MDblock(MDp,XX);
+ for (i=0;i<56;i++) XX[i] = 0;
+ for (i=0;i<8;i++) XX[56+i] = MDp->count[i];
+ MDblock(MDp,XX);
+ }
+ /* Set flag saying we're done with MD computation */
+ MDp->done = 1;
+ }
+}
+
+/*
+** Finish up MD4 computation and return message digest.
+*/
+static void
+MD4Final(unsigned char *buf, MD4_CTX *MD)
+{
+ int i, j;
+ unsigned int w;
+
+ MD4Update(MD, NULL, 0);
+ for (i = 0; i < 4; ++i) {
+ w = MD->buffer[i];
+ for (j = 0; j < 4; ++j) {
+ *buf++ = w;
+ w >>= 8;
+ }
+ }
+}
+
+/*
+** End of md4.c
+****************************(cut)***********************************/
+
+static int md4_init(PPP_MD_CTX *ctx)
+{
+ if (ctx) {
+ MD4_CTX *mctx = calloc(1, sizeof(MD4_CTX));
+ if (mctx) {
+ MD4Init(mctx);
+ ctx->priv = mctx;
+ return 1;
+ }
+ }
+ return 0;
+}
+
+static int md4_update(PPP_MD_CTX *ctx, const void *data, size_t len)
+{
+#if defined(__NetBSD__)
+ /* NetBSD uses the libc md4 routines which take bytes instead of bits */
+ int mdlen = len;
+#else
+ int mdlen = len * 8;
+#endif
+
+ /* Internal MD4Update can take at most 64 bytes at a time */
+ while (mdlen > 512) {
+ MD4Update((MD4_CTX*) ctx->priv, (unsigned char*) data, 512);
+ data += 64;
+ mdlen -= 512;
+ }
+ MD4Update((MD4_CTX*) ctx->priv, (unsigned char*) data, mdlen);
+ return 1;
+}
+
+static int md4_final(PPP_MD_CTX *ctx, unsigned char *out, unsigned int *len)
+{
+ MD4Final(out, (MD4_CTX*) ctx->priv);
+ return 1;
+}
+
+static void md4_clean(PPP_MD_CTX *ctx)
+{
+ if (ctx->priv) {
+ free(ctx->priv);
+ ctx->priv = NULL;
+ }
+}
+
+#endif
+
+static PPP_MD ppp_md4 = {
+ .init_fn = md4_init,
+ .update_fn = md4_update,
+ .final_fn = md4_final,
+ .clean_fn = md4_clean,
+};
+
+const PPP_MD *PPP_md4(void)
+{
+ return &ppp_md4;
+}
--- /dev/null
+/* ppp-md5.c - MD5 Digest implementation
+ *
+ * Copyright (c) 2022 Eivind Næss. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sections of this code holds different copyright information.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <stdlib.h>
+#include <string.h>
+
+#include "crypto-priv.h"
+
+#ifdef OPENSSL_HAVE_MD5
+#include <openssl/evp.h>
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define EVP_MD_CTX_free EVP_MD_CTX_destroy
+#define EVP_MD_CTX_new EVP_MD_CTX_create
+#endif
+
+static int md5_init(PPP_MD_CTX *ctx)
+{
+ if (ctx) {
+ EVP_MD_CTX *mctx = EVP_MD_CTX_new();
+ if (mctx) {
+ if (EVP_DigestInit((EVP_MD_CTX*) mctx, EVP_md5())) {
+ ctx->priv = mctx;
+ return 1;
+ }
+ EVP_MD_CTX_free(mctx);
+ }
+ }
+ return 0;
+}
+
+static int md5_update(PPP_MD_CTX *ctx, const void *data, size_t len)
+{
+ if (EVP_DigestUpdate((EVP_MD_CTX*) ctx->priv, data, len)) {
+ return 1;
+ }
+ return 0;
+}
+
+static int md5_final(PPP_MD_CTX *ctx, unsigned char *out, unsigned int *len)
+{
+ if (EVP_DigestFinal((EVP_MD_CTX*) ctx->priv, out, len)) {
+ return 1;
+ }
+ return 0;
+}
+
+static void md5_clean(PPP_MD_CTX *ctx)
+{
+ if (ctx->priv) {
+ EVP_MD_CTX_free((EVP_MD_CTX*) ctx->priv);
+ ctx->priv = NULL;
+ }
+}
+
+#else // !OPENSSL_HAVE_MD5
+
+/*
+ ***********************************************************************
+ ** md5.c -- the source code for MD5 routines **
+ ** RSA Data Security, Inc. MD5 Message-Digest Algorithm **
+ ** Created: 2/17/90 RLR **
+ ** Revised: 1/91 SRD,AJ,BSK,JT Reference C ver., 7/10 constant corr. **
+ ***********************************************************************
+ */
+
+/*
+ ***********************************************************************
+ ** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. **
+ ** **
+ ** License to copy and use this software is granted provided that **
+ ** it is identified as the "RSA Data Security, Inc. MD5 Message- **
+ ** Digest Algorithm" in all material mentioning or referencing this **
+ ** software or this function. **
+ ** **
+ ** License is also granted to make and use derivative works **
+ ** provided that such works are identified as "derived from the RSA **
+ ** Data Security, Inc. MD5 Message-Digest Algorithm" in all **
+ ** material mentioning or referencing the derived work. **
+ ** **
+ ** RSA Data Security, Inc. makes no representations concerning **
+ ** either the merchantability of this software or the suitability **
+ ** of this software for any particular purpose. It is provided "as **
+ ** is" without express or implied warranty of any kind. **
+ ** **
+ ** These notices must be retained in any copies of any part of this **
+ ** documentation and/or software. **
+ ***********************************************************************
+ */
+
+
+/* typedef a 32-bit type */
+#ifdef _LP64
+typedef unsigned int UINT4;
+typedef int INT4;
+#else
+typedef unsigned long UINT4;
+typedef long INT4;
+#endif
+#define _UINT4_T
+
+/* Data structure for MD5 (Message-Digest) computation */
+typedef struct {
+ UINT4 i[2]; /* number of _bits_ handled mod 2^64 */
+ UINT4 buf[4]; /* scratch buffer */
+ unsigned char in[64]; /* input buffer */
+ unsigned char digest[16]; /* actual digest after MD5Final call */
+} MD5_CTX;
+
+
+/*
+ ***********************************************************************
+ ** Message-digest routines: **
+ ** To form the message digest for a message M **
+ ** (1) Initialize a context buffer mdContext using MD5_Init **
+ ** (2) Call MD5_Update on mdContext and M **
+ ** (3) Call MD5_Final on mdContext **
+ ** The message digest is now in mdContext->digest[0...15] **
+ ***********************************************************************
+ */
+
+/* forward declaration */
+static void Transform (UINT4 *buf, UINT4 *in);
+
+static unsigned char PADDING[64] = {
+ 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+/* F, G, H and I are basic MD5 functions */
+#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
+#define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
+#define H(x, y, z) ((x) ^ (y) ^ (z))
+#define I(x, y, z) ((y) ^ ((x) | (~z)))
+
+/* ROTATE_LEFT rotates x left n bits */
+#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
+
+/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4 */
+/* Rotation is separate from addition to prevent recomputation */
+#define FF(a, b, c, d, x, s, ac) \
+ {(a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \
+ (a) = ROTATE_LEFT ((a), (s)); \
+ (a) += (b); \
+ }
+#define GG(a, b, c, d, x, s, ac) \
+ {(a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \
+ (a) = ROTATE_LEFT ((a), (s)); \
+ (a) += (b); \
+ }
+#define HH(a, b, c, d, x, s, ac) \
+ {(a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \
+ (a) = ROTATE_LEFT ((a), (s)); \
+ (a) += (b); \
+ }
+#define II(a, b, c, d, x, s, ac) \
+ {(a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \
+ (a) = ROTATE_LEFT ((a), (s)); \
+ (a) += (b); \
+ }
+
+#ifdef __STDC__
+#define UL(x) x##U
+#else
+#define UL(x) x
+#endif
+
+/* The routine MD5_Init initializes the message-digest context
+ mdContext. All fields are set to zero.
+ */
+static void MD5_Init (MD5_CTX *mdContext)
+{
+ mdContext->i[0] = mdContext->i[1] = (UINT4)0;
+
+ /* Load magic initialization constants.
+ */
+ mdContext->buf[0] = (UINT4)0x67452301;
+ mdContext->buf[1] = (UINT4)0xefcdab89;
+ mdContext->buf[2] = (UINT4)0x98badcfe;
+ mdContext->buf[3] = (UINT4)0x10325476;
+}
+
+/* The routine MD5Update updates the message-digest context to
+ account for the presence of each of the characters inBuf[0..inLen-1]
+ in the message whose digest is being computed.
+ */
+static void MD5_Update (MD5_CTX *mdContext, unsigned char *inBuf, unsigned int inLen)
+{
+ UINT4 in[16];
+ int mdi;
+ unsigned int i, ii;
+
+ /* compute number of bytes mod 64 */
+ mdi = (int)((mdContext->i[0] >> 3) & 0x3F);
+
+ /* update number of bits */
+ if ((mdContext->i[0] + ((UINT4)inLen << 3)) < mdContext->i[0])
+ mdContext->i[1]++;
+ mdContext->i[0] += ((UINT4)inLen << 3);
+ mdContext->i[1] += ((UINT4)inLen >> 29);
+
+ while (inLen--) {
+ /* add new character to buffer, increment mdi */
+ mdContext->in[mdi++] = *inBuf++;
+
+ /* transform if necessary */
+ if (mdi == 0x40) {
+ for (i = 0, ii = 0; i < 16; i++, ii += 4)
+ in[i] = (((UINT4)mdContext->in[ii+3]) << 24) |
+ (((UINT4)mdContext->in[ii+2]) << 16) |
+ (((UINT4)mdContext->in[ii+1]) << 8) |
+ ((UINT4)mdContext->in[ii]);
+ Transform (mdContext->buf, in);
+ mdi = 0;
+ }
+ }
+}
+
+/* The routine MD5Final terminates the message-digest computation and
+ ends with the desired message digest in mdContext->digest[0...15].
+ */
+static void MD5_Final (unsigned char hash[], MD5_CTX *mdContext)
+{
+ UINT4 in[16];
+ int mdi;
+ unsigned int i, ii;
+ unsigned int padLen;
+
+ /* save number of bits */
+ in[14] = mdContext->i[0];
+ in[15] = mdContext->i[1];
+
+ /* compute number of bytes mod 64 */
+ mdi = (int)((mdContext->i[0] >> 3) & 0x3F);
+
+ /* pad out to 56 mod 64 */
+ padLen = (mdi < 56) ? (56 - mdi) : (120 - mdi);
+ MD5_Update (mdContext, PADDING, padLen);
+
+ /* append length in bits and transform */
+ for (i = 0, ii = 0; i < 14; i++, ii += 4)
+ in[i] = (((UINT4)mdContext->in[ii+3]) << 24) |
+ (((UINT4)mdContext->in[ii+2]) << 16) |
+ (((UINT4)mdContext->in[ii+1]) << 8) |
+ ((UINT4)mdContext->in[ii]);
+ Transform (mdContext->buf, in);
+
+ /* store buffer in digest */
+ for (i = 0, ii = 0; i < 4; i++, ii += 4) {
+ mdContext->digest[ii] = (unsigned char)(mdContext->buf[i] & 0xFF);
+ mdContext->digest[ii+1] =
+ (unsigned char)((mdContext->buf[i] >> 8) & 0xFF);
+ mdContext->digest[ii+2] =
+ (unsigned char)((mdContext->buf[i] >> 16) & 0xFF);
+ mdContext->digest[ii+3] =
+ (unsigned char)((mdContext->buf[i] >> 24) & 0xFF);
+ }
+ memcpy(hash, mdContext->digest, 16);
+}
+
+/* Basic MD5 step. Transforms buf based on in.
+ */
+static void Transform (UINT4 *buf, UINT4 *in)
+{
+ UINT4 a = buf[0], b = buf[1], c = buf[2], d = buf[3];
+
+ /* Round 1 */
+#define S11 7
+#define S12 12
+#define S13 17
+#define S14 22
+ FF ( a, b, c, d, in[ 0], S11, UL(3614090360)); /* 1 */
+ FF ( d, a, b, c, in[ 1], S12, UL(3905402710)); /* 2 */
+ FF ( c, d, a, b, in[ 2], S13, UL( 606105819)); /* 3 */
+ FF ( b, c, d, a, in[ 3], S14, UL(3250441966)); /* 4 */
+ FF ( a, b, c, d, in[ 4], S11, UL(4118548399)); /* 5 */
+ FF ( d, a, b, c, in[ 5], S12, UL(1200080426)); /* 6 */
+ FF ( c, d, a, b, in[ 6], S13, UL(2821735955)); /* 7 */
+ FF ( b, c, d, a, in[ 7], S14, UL(4249261313)); /* 8 */
+ FF ( a, b, c, d, in[ 8], S11, UL(1770035416)); /* 9 */
+ FF ( d, a, b, c, in[ 9], S12, UL(2336552879)); /* 10 */
+ FF ( c, d, a, b, in[10], S13, UL(4294925233)); /* 11 */
+ FF ( b, c, d, a, in[11], S14, UL(2304563134)); /* 12 */
+ FF ( a, b, c, d, in[12], S11, UL(1804603682)); /* 13 */
+ FF ( d, a, b, c, in[13], S12, UL(4254626195)); /* 14 */
+ FF ( c, d, a, b, in[14], S13, UL(2792965006)); /* 15 */
+ FF ( b, c, d, a, in[15], S14, UL(1236535329)); /* 16 */
+
+ /* Round 2 */
+#define S21 5
+#define S22 9
+#define S23 14
+#define S24 20
+ GG ( a, b, c, d, in[ 1], S21, UL(4129170786)); /* 17 */
+ GG ( d, a, b, c, in[ 6], S22, UL(3225465664)); /* 18 */
+ GG ( c, d, a, b, in[11], S23, UL( 643717713)); /* 19 */
+ GG ( b, c, d, a, in[ 0], S24, UL(3921069994)); /* 20 */
+ GG ( a, b, c, d, in[ 5], S21, UL(3593408605)); /* 21 */
+ GG ( d, a, b, c, in[10], S22, UL( 38016083)); /* 22 */
+ GG ( c, d, a, b, in[15], S23, UL(3634488961)); /* 23 */
+ GG ( b, c, d, a, in[ 4], S24, UL(3889429448)); /* 24 */
+ GG ( a, b, c, d, in[ 9], S21, UL( 568446438)); /* 25 */
+ GG ( d, a, b, c, in[14], S22, UL(3275163606)); /* 26 */
+ GG ( c, d, a, b, in[ 3], S23, UL(4107603335)); /* 27 */
+ GG ( b, c, d, a, in[ 8], S24, UL(1163531501)); /* 28 */
+ GG ( a, b, c, d, in[13], S21, UL(2850285829)); /* 29 */
+ GG ( d, a, b, c, in[ 2], S22, UL(4243563512)); /* 30 */
+ GG ( c, d, a, b, in[ 7], S23, UL(1735328473)); /* 31 */
+ GG ( b, c, d, a, in[12], S24, UL(2368359562)); /* 32 */
+
+ /* Round 3 */
+#define S31 4
+#define S32 11
+#define S33 16
+#define S34 23
+ HH ( a, b, c, d, in[ 5], S31, UL(4294588738)); /* 33 */
+ HH ( d, a, b, c, in[ 8], S32, UL(2272392833)); /* 34 */
+ HH ( c, d, a, b, in[11], S33, UL(1839030562)); /* 35 */
+ HH ( b, c, d, a, in[14], S34, UL(4259657740)); /* 36 */
+ HH ( a, b, c, d, in[ 1], S31, UL(2763975236)); /* 37 */
+ HH ( d, a, b, c, in[ 4], S32, UL(1272893353)); /* 38 */
+ HH ( c, d, a, b, in[ 7], S33, UL(4139469664)); /* 39 */
+ HH ( b, c, d, a, in[10], S34, UL(3200236656)); /* 40 */
+ HH ( a, b, c, d, in[13], S31, UL( 681279174)); /* 41 */
+ HH ( d, a, b, c, in[ 0], S32, UL(3936430074)); /* 42 */
+ HH ( c, d, a, b, in[ 3], S33, UL(3572445317)); /* 43 */
+ HH ( b, c, d, a, in[ 6], S34, UL( 76029189)); /* 44 */
+ HH ( a, b, c, d, in[ 9], S31, UL(3654602809)); /* 45 */
+ HH ( d, a, b, c, in[12], S32, UL(3873151461)); /* 46 */
+ HH ( c, d, a, b, in[15], S33, UL( 530742520)); /* 47 */
+ HH ( b, c, d, a, in[ 2], S34, UL(3299628645)); /* 48 */
+
+ /* Round 4 */
+#define S41 6
+#define S42 10
+#define S43 15
+#define S44 21
+ II ( a, b, c, d, in[ 0], S41, UL(4096336452)); /* 49 */
+ II ( d, a, b, c, in[ 7], S42, UL(1126891415)); /* 50 */
+ II ( c, d, a, b, in[14], S43, UL(2878612391)); /* 51 */
+ II ( b, c, d, a, in[ 5], S44, UL(4237533241)); /* 52 */
+ II ( a, b, c, d, in[12], S41, UL(1700485571)); /* 53 */
+ II ( d, a, b, c, in[ 3], S42, UL(2399980690)); /* 54 */
+ II ( c, d, a, b, in[10], S43, UL(4293915773)); /* 55 */
+ II ( b, c, d, a, in[ 1], S44, UL(2240044497)); /* 56 */
+ II ( a, b, c, d, in[ 8], S41, UL(1873313359)); /* 57 */
+ II ( d, a, b, c, in[15], S42, UL(4264355552)); /* 58 */
+ II ( c, d, a, b, in[ 6], S43, UL(2734768916)); /* 59 */
+ II ( b, c, d, a, in[13], S44, UL(1309151649)); /* 60 */
+ II ( a, b, c, d, in[ 4], S41, UL(4149444226)); /* 61 */
+ II ( d, a, b, c, in[11], S42, UL(3174756917)); /* 62 */
+ II ( c, d, a, b, in[ 2], S43, UL( 718787259)); /* 63 */
+ II ( b, c, d, a, in[ 9], S44, UL(3951481745)); /* 64 */
+
+ buf[0] += a;
+ buf[1] += b;
+ buf[2] += c;
+ buf[3] += d;
+}
+
+/*
+ ***********************************************************************
+ ** End of md5.c **
+ ******************************** (cut) ********************************
+ */
+
+static int md5_init(PPP_MD_CTX *ctx)
+{
+ if (ctx) {
+ MD5_CTX *md5 = calloc(1, sizeof(MD5_CTX));
+ if (md5 != NULL) {
+ MD5_Init(md5);
+ ctx->priv = md5;
+ return 1;
+ }
+ }
+ return 0;
+}
+
+static int md5_update(PPP_MD_CTX *ctx, const void *data, size_t len)
+{
+ MD5_Update((MD5_CTX*) ctx->priv, (void*) data, len);
+ return 1;
+}
+
+static int md5_final(PPP_MD_CTX *ctx, unsigned char *out, unsigned int *len)
+{
+ MD5_Final(out, (MD5_CTX*) ctx->priv);
+ return 1;
+}
+
+static void md5_clean(PPP_MD_CTX *ctx)
+{
+ if (ctx->priv) {
+ free(ctx->priv);
+ ctx->priv = NULL;
+ }
+}
+
+#endif
+
+static PPP_MD ppp_md5 = {
+ .init_fn = md5_init,
+ .update_fn = md5_update,
+ .final_fn = md5_final,
+ .clean_fn = md5_clean,
+};
+
+const PPP_MD *PPP_md5(void)
+{
+ return &ppp_md5;
+}
+
--- /dev/null
+/* ppp-sha1.c - SHA1 Digest implementation
+ *
+ * Copyright (c) 2022 Eivind Næss. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sections of this code holds different copyright information.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <stdlib.h>
+#include <stddef.h>
+
+#include "crypto-priv.h"
+
+
+/* #define SHA1HANDSOFF * Copies data before messing with it. */
+#ifdef OPENSSL_HAVE_SHA
+#include <openssl/evp.h>
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define EVP_MD_CTX_free EVP_MD_CTX_destroy
+#define EVP_MD_CTX_new EVP_MD_CTX_create
+#endif
+
+static int sha1_init(PPP_MD_CTX *ctx)
+{
+ if (ctx) {
+ EVP_MD_CTX *mctx = EVP_MD_CTX_new();
+ if (mctx) {
+ if (EVP_DigestInit(mctx, EVP_sha1())) {
+ ctx->priv = mctx;
+ return 1;
+ }
+ EVP_MD_CTX_free(mctx);
+ }
+ }
+ return 0;
+}
+
+static int sha1_update(PPP_MD_CTX *ctx, const void *data, size_t len)
+{
+ if (EVP_DigestUpdate((EVP_MD_CTX*) ctx->priv, data, len)) {
+ return 1;
+ }
+ return 0;
+}
+
+static int sha1_final(PPP_MD_CTX *ctx, unsigned char *out, unsigned int *len)
+{
+ if (EVP_DigestFinal((EVP_MD_CTX*) ctx->priv, out, len)) {
+ return 1;
+ }
+ return 0;
+}
+
+static void sha1_clean(PPP_MD_CTX *ctx)
+{
+ if (ctx->priv) {
+ EVP_MD_CTX_free((EVP_MD_CTX*) ctx->priv);
+ ctx->priv = NULL;
+ }
+}
+
+
+#else // !OPENSSL_HAVE_SHA
+
+/*
+ * ftp://ftp.funet.fi/pub/crypt/hash/sha/sha1.c
+ *
+ * SHA-1 in C
+ * By Steve Reid <steve@edmweb.com>
+ * 100% Public Domain
+ *
+ * Test Vectors (from FIPS PUB 180-1)
+ * "abc"
+ * A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
+ * "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+ * 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
+ * A million repetitions of "a"
+ * 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
+ */
+
+#include <string.h>
+#include <netinet/in.h> /* htonl() */
+
+typedef struct {
+ uint32_t state[5];
+ uint32_t count[2];
+ unsigned char buffer[64];
+} SHA1_CTX;
+
+
+static void
+SHA1_Transform(uint32_t[5], const unsigned char[64]);
+
+#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
+
+/* blk0() and blk() perform the initial expand. */
+/* I got the idea of expanding during the round function from SSLeay */
+#define blk0(i) (block->l[i] = htonl(block->l[i]))
+#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \
+ ^block->l[(i+2)&15]^block->l[i&15],1))
+
+/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
+#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);
+#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);
+#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);
+#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);
+#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
+
+
+/* Hash a single 512-bit block. This is the core of the algorithm. */
+
+static void
+SHA1_Transform(uint32_t state[5], const unsigned char buffer[64])
+{
+ uint32_t a, b, c, d, e;
+ typedef union {
+ unsigned char c[64];
+ uint32_t l[16];
+ } CHAR64LONG16;
+ CHAR64LONG16 *block;
+
+#ifdef SHA1HANDSOFF
+ static unsigned char workspace[64];
+ block = (CHAR64LONG16 *) workspace;
+ memcpy(block, buffer, 64);
+#else
+ block = (CHAR64LONG16 *) buffer;
+#endif
+ /* Copy context->state[] to working vars */
+ a = state[0];
+ b = state[1];
+ c = state[2];
+ d = state[3];
+ e = state[4];
+ /* 4 rounds of 20 operations each. Loop unrolled. */
+ R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
+ R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
+ R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
+ R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
+ R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
+ R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
+ R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
+ R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
+ R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
+ R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
+ R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
+ R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
+ R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
+ R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
+ R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
+ R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
+ R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
+ R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
+ R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
+ R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
+ /* Add the working vars back into context.state[] */
+ state[0] += a;
+ state[1] += b;
+ state[2] += c;
+ state[3] += d;
+ state[4] += e;
+ /* Wipe variables */
+ a = b = c = d = e = 0;
+}
+
+
+/* SHA1Init - Initialize new context */
+
+static void
+SHA1_Init(SHA1_CTX *context)
+{
+ /* SHA1 initialization constants */
+ context->state[0] = 0x67452301;
+ context->state[1] = 0xEFCDAB89;
+ context->state[2] = 0x98BADCFE;
+ context->state[3] = 0x10325476;
+ context->state[4] = 0xC3D2E1F0;
+ context->count[0] = context->count[1] = 0;
+}
+
+
+/* Run your data through this. */
+
+static void
+SHA1_Update(SHA1_CTX *context, const unsigned char *data, unsigned int len)
+{
+ unsigned int i, j;
+
+ j = (context->count[0] >> 3) & 63;
+ if ((context->count[0] += len << 3) < (len << 3)) context->count[1]++;
+ context->count[1] += (len >> 29);
+ i = 64 - j;
+ while (len >= i) {
+ memcpy(&context->buffer[j], data, i);
+ SHA1_Transform(context->state, context->buffer);
+ data += i;
+ len -= i;
+ i = 64;
+ j = 0;
+ }
+
+ memcpy(&context->buffer[j], data, len);
+}
+
+
+/* Add padding and return the message digest. */
+
+static void
+SHA1_Final(unsigned char digest[20], SHA1_CTX *context)
+{
+ uint32_t i, j;
+ unsigned char finalcount[8];
+
+ for (i = 0; i < 8; i++) {
+ finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)]
+ >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */
+ }
+ SHA1_Update(context, (unsigned char *) "\200", 1);
+ while ((context->count[0] & 504) != 448) {
+ SHA1_Update(context, (unsigned char *) "\0", 1);
+ }
+ SHA1_Update(context, finalcount, 8); /* Should cause a SHA1Transform() */
+ for (i = 0; i < 20; i++) {
+ digest[i] = (unsigned char)
+ ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255);
+ }
+ /* Wipe variables */
+ i = j = 0;
+ memset(context->buffer, 0, 64);
+ memset(context->state, 0, 20);
+ memset(context->count, 0, 8);
+ memset(&finalcount, 0, 8);
+#ifdef SHA1HANDSOFF /* make SHA1Transform overwrite it's own static vars */
+ SHA1Transform(context->state, context->buffer);
+#endif
+}
+
+static int sha1_init(PPP_MD_CTX *ctx)
+{
+ if (ctx) {
+ SHA1_CTX *mctx = calloc(1, sizeof(SHA1_CTX));
+ if (mctx) {
+ SHA1_Init(mctx);
+ ctx->priv = mctx;
+ return 1;
+ }
+ }
+ return 0;
+}
+
+static int sha1_update(PPP_MD_CTX* ctx, const void *data, size_t len)
+{
+ SHA1_Update((SHA1_CTX*) ctx->priv, (void*) data, len);
+ return 1;
+}
+
+static int sha1_final(PPP_MD_CTX *ctx, unsigned char *out, unsigned int *len)
+{
+ SHA1_Final(out, (SHA1_CTX*) ctx->priv);
+ return 1;
+}
+
+static void sha1_clean(PPP_MD_CTX *ctx)
+{
+ if (ctx->priv) {
+ free(ctx->priv);
+ ctx->priv = NULL;
+ }
+}
+
+#endif
+
+static PPP_MD ppp_sha1 = {
+ .init_fn = sha1_init,
+ .update_fn = sha1_update,
+ .final_fn = sha1_final,
+ .clean_fn = sha1_clean,
+};
+
+const PPP_MD *PPP_sha1(void)
+{
+ return &ppp_sha1;
+}
+
+++ /dev/null
-/*
- * pppcrypt.c - PPP/DES linkage for MS-CHAP and EAP SRP-SHA1
- *
- * Extracted from chap_ms.c by James Carlson.
- *
- * Copyright (c) 1995 Eric Rosenquist. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. The name(s) of the authors of this software must not be used to
- * endorse or promote products derived from this software without
- * prior written permission.
- *
- * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
- * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
- * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
- * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
- * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-#include <errno.h>
-
-#include "pppd.h"
-#include "pppcrypt.h"
-
-static u_char
-Get7Bits(u_char *input, int startBit)
-{
- unsigned int word;
-
- word = (unsigned)input[startBit / 8] << 8;
- word |= (unsigned)input[startBit / 8 + 1];
-
- word >>= 15 - (startBit % 8 + 7);
-
- return word & 0xFE;
-}
-
-static void
-MakeKey(u_char *key, u_char *des_key)
-{
- /* key IN 56 bit DES key missing parity bits */
- /* des_key OUT 64 bit DES key with parity bits added */
- des_key[0] = Get7Bits(key, 0);
- des_key[1] = Get7Bits(key, 7);
- des_key[2] = Get7Bits(key, 14);
- des_key[3] = Get7Bits(key, 21);
- des_key[4] = Get7Bits(key, 28);
- des_key[5] = Get7Bits(key, 35);
- des_key[6] = Get7Bits(key, 42);
- des_key[7] = Get7Bits(key, 49);
-
-#ifndef USE_CRYPT
- DES_set_odd_parity((DES_cblock *)des_key);
-#endif
-}
-
-#ifdef USE_CRYPT
-/*
- * in == 8-byte string (expanded version of the 56-bit key)
- * out == 64-byte string where each byte is either 1 or 0
- * Note that the low-order "bit" is always ignored by by setkey()
- */
-static void
-Expand(u_char *in, u_char *out)
-{
- int j, c;
- int i;
-
- for (i = 0; i < 64; in++){
- c = *in;
- for (j = 7; j >= 0; j--)
- *out++ = (c >> j) & 01;
- i += 8;
- }
-}
-
-/* The inverse of Expand
- */
-static void
-Collapse(u_char *in, u_char *out)
-{
- int j;
- int i;
- unsigned int c;
-
- for (i = 0; i < 64; i += 8, out++) {
- c = 0;
- for (j = 7; j >= 0; j--, in++)
- c |= *in << j;
- *out = c & 0xff;
- }
-}
-
-bool
-DesSetkey(u_char *key)
-{
- u_char des_key[8];
- u_char crypt_key[66];
-
- MakeKey(key, des_key);
- Expand(des_key, crypt_key);
- errno = 0;
- setkey((const char *)crypt_key);
- if (errno != 0)
- return (0);
- return (1);
-}
-
-bool
-DesEncrypt(u_char *clear, u_char *cipher)
-{
- u_char des_input[66];
-
- Expand(clear, des_input);
- errno = 0;
- encrypt((char *)des_input, 0);
- if (errno != 0)
- return (0);
- Collapse(des_input, cipher);
- return (1);
-}
-
-bool
-DesDecrypt(u_char *cipher, u_char *clear)
-{
- u_char des_input[66];
-
- Expand(cipher, des_input);
- errno = 0;
- encrypt((char *)des_input, 1);
- if (errno != 0)
- return (0);
- Collapse(des_input, clear);
- return (1);
-}
-
-#else /* USE_CRYPT */
-static DES_key_schedule key_schedule;
-
-bool
-DesSetkey(u_char *key)
-{
- DES_cblock des_key;
- MakeKey(key, des_key);
- DES_set_key(&des_key, &key_schedule);
- return (1);
-}
-
-bool
-DesEncrypt(u_char *clear, u_char *cipher)
-{
- DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher,
- &key_schedule, 1);
- return (1);
-}
-
-bool
-DesDecrypt(u_char *cipher, u_char *clear)
-{
- DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear,
- &key_schedule, 0);
- return (1);
-}
-
-#endif /* USE_CRYPT */
+++ /dev/null
-/*
- * pppcrypt.c - PPP/DES linkage for MS-CHAP and EAP SRP-SHA1
- *
- * Extracted from chap_ms.c by James Carlson.
- *
- * Copyright (c) 1995 Eric Rosenquist. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. The name(s) of the authors of this software must not be used to
- * endorse or promote products derived from this software without
- * prior written permission.
- *
- * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
- * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
- * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
- * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
- * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-#include "pppdconf.h"
-
-#ifndef PPPCRYPT_H
-#define PPPCRYPT_H
-
-#ifdef HAVE_CRYPT_H
-#include <crypt.h>
-#endif
-
-#ifndef USE_CRYPT
-#include <openssl/des.h>
-#endif
-
-extern bool DesSetkey(u_char *);
-extern bool DesEncrypt(u_char *, u_char *);
-extern bool DesDecrypt(u_char *, u_char *);
-
-#endif /* PPPCRYPT_H */
--- /dev/null
+/*
+ * pppd-private.h - PPP daemon private declarations.
+ *
+ * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The name "Carnegie Mellon University" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For permission or any legal
+ * details, please contact
+ * Office of Technology Transfer
+ * Carnegie Mellon University
+ * 5000 Forbes Avenue
+ * Pittsburgh, PA 15213-3890
+ * (412) 268-4387, fax: (412) 268-7395
+ * tech-transfer@andrew.cmu.edu
+ *
+ * 4. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by Computing Services
+ * at Carnegie Mellon University (http://www.cmu.edu/computing/)."
+ *
+ * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
+ * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * $Id: pppd.h,v 1.96 2008/06/23 11:47:18 paulus Exp $
+ */
+
+#ifndef PPP_PPPD_PRIVATE_H
+#define PPP_PPPD_PRIVATE_H
+
+#include <stdio.h> /* for FILE */
+#include <stdlib.h> /* for encrypt */
+#include <unistd.h> /* for setkey */
+#if defined(SOL2)
+#include <net/ppp_defs.h>
+#else
+#include <linux/ppp_defs.h>
+#endif
+
+#include "pppd.h"
+
+#ifdef PPP_WITH_IPV6CP
+#include "eui64.h"
+#endif
+
+/*
+ * If PPP_DRV_NAME is not defined, use the default "ppp" as the device name.
+ * Where should PPP_DRV_NAME come from? Do we include it here?
+ */
+#if !defined(PPP_DRV_NAME)
+#define PPP_DRV_NAME "ppp"
+#endif /* !defined(PPP_DRV_NAME) */
+
+
+#ifndef GIDSET_TYPE
+#define GIDSET_TYPE gid_t
+#endif
+
+/* Structure representing a list of permitted IP addresses. */
+struct permitted_ip {
+ int permit; /* 1 = permit, 0 = forbid */
+ u_int32_t base; /* match if (addr & mask) == base */
+ u_int32_t mask; /* base and mask are in network byte order */
+};
+
+struct notifier {
+ struct notifier *next;
+ ppp_notify_fn *func;
+ void *arg;
+};
+
+/*
+ * Global variables.
+ */
+
+extern int hungup; /* Physical layer has disconnected */
+extern int ifunit; /* Interface unit number */
+extern char ifname[]; /* Interface name (IFNAMSIZ) */
+extern char hostname[]; /* Our hostname */
+extern unsigned char outpacket_buf[]; /* Buffer for outgoing packets */
+extern int devfd; /* fd of underlying device */
+extern int fd_ppp; /* fd for talking PPP */
+extern int baud_rate; /* Current link speed in bits/sec */
+extern char *progname; /* Name of this program */
+extern int redirect_stderr;/* Connector's stderr should go to file */
+extern char peer_authname[];/* Authenticated name of peer */
+extern int auth_done[NUM_PPP]; /* Methods actually used for auth */
+extern int privileged; /* We were run by real-uid root */
+extern int need_holdoff; /* Need holdoff period after link terminates */
+extern char **script_env; /* Environment variables for scripts */
+extern int detached; /* Have detached from controlling tty */
+extern GIDSET_TYPE groups[]; /* groups the user is in */
+extern int ngroups; /* How many groups valid in groups */
+extern int link_stats_valid; /* set if link_stats is valid */
+extern int link_stats_print; /* set if link_stats is to be printed on link termination */
+extern int log_to_fd; /* logging to this fd as well as syslog */
+extern bool log_default; /* log_to_fd is default (stdout) */
+extern char *no_ppp_msg; /* message to print if ppp not in kernel */
+extern bool devnam_fixed; /* can no longer change devnam */
+extern int unsuccess; /* # unsuccessful connection attempts */
+extern int do_callback; /* set if we want to do callback next */
+extern int doing_callback; /* set if this is a callback */
+extern int error_count; /* # of times error() has been called */
+extern char ppp_devname[]; /* name of PPP tty (maybe ttypx) */
+extern int fd_devnull; /* fd open to /dev/null */
+
+extern int listen_time; /* time to listen first (ms) */
+extern bool bundle_eof;
+extern bool bundle_terminating;
+
+extern struct notifier *pidchange; /* for notifications of pid changing */
+extern struct notifier *phasechange; /* for notifications of phase changes */
+extern struct notifier *exitnotify; /* for notification that we're exiting */
+extern struct notifier *sigreceived; /* notification of received signal */
+extern struct notifier *ip_up_notifier; /* IPCP has come up */
+extern struct notifier *ip_down_notifier; /* IPCP has gone down */
+extern struct notifier *ipv6_up_notifier; /* IPV6CP has come up */
+extern struct notifier *ipv6_down_notifier; /* IPV6CP has gone down */
+extern struct notifier *auth_up_notifier; /* peer has authenticated */
+extern struct notifier *link_down_notifier; /* link has gone down */
+extern struct notifier *fork_notifier; /* we are a new child process */
+
+
+/* Values for do_callback and doing_callback */
+#define CALLBACK_DIALIN 1 /* we are expecting the call back */
+#define CALLBACK_DIALOUT 2 /* we are dialling out to call back */
+
+/*
+ * Variables set by command-line options.
+ */
+
+extern int debug; /* Debug flag */
+extern int kdebugflag; /* Tell kernel to print debug messages */
+extern int default_device; /* Using /dev/tty or equivalent */
+extern char devnam[]; /* Device name */
+extern char remote_number[MAXNAMELEN]; /* Remote telephone number, if avail. */
+extern int ppp_session_number; /* Session number (eg PPPoE session) */
+extern int crtscts; /* Use hardware flow control */
+extern int stop_bits; /* Number of serial port stop bits */
+extern bool modem; /* Use modem control lines */
+extern int inspeed; /* Input/Output speed requested */
+extern u_int32_t netmask; /* IP netmask to set on interface */
+extern bool lockflag; /* Create lock file to lock the serial dev */
+extern bool nodetach; /* Don't detach from controlling tty */
+#ifdef SYSTEMD
+extern bool up_sdnotify; /* Notify systemd once link is up (implies nodetach) */
+#endif
+extern bool updetach; /* Detach from controlling tty when link up */
+extern bool master_detach; /* Detach when multilink master without link (options.c) */
+extern char *initializer; /* Script to initialize physical link */
+extern char *connect_script; /* Script to establish physical link */
+extern char *disconnect_script; /* Script to disestablish physical link */
+extern char *welcomer; /* Script to welcome client after connection */
+extern char *ptycommand; /* Command to run on other side of pty */
+extern char user[MAXNAMELEN];/* Our name for authenticating ourselves */
+extern char passwd[MAXSECRETLEN]; /* Password for PAP or CHAP */
+extern bool auth_required; /* Peer is required to authenticate */
+extern bool persist; /* Reopen link after it goes down */
+extern bool uselogin; /* Use /etc/passwd for checking PAP */
+extern bool session_mgmt; /* Do session management (login records) */
+extern char our_name[MAXNAMELEN];/* Our name for authentication purposes */
+extern char remote_name[MAXNAMELEN]; /* Peer's name for authentication */
+extern bool explicit_remote;/* remote_name specified with remotename opt */
+extern bool demand; /* Do dial-on-demand */
+extern char *ipparam; /* Extra parameter for ip up/down scripts */
+extern bool cryptpap; /* Others' PAP passwords are encrypted */
+extern int holdoff; /* Dead time before restarting */
+extern bool holdoff_specified; /* true if user gave a holdoff value */
+extern bool notty; /* Stdin/out is not a tty */
+extern char *pty_socket; /* Socket to connect to pty */
+extern char *record_file; /* File to record chars sent/received */
+extern int maxfail; /* Max # of unsuccessful connection attempts */
+extern char linkname[]; /* logical name for link */
+extern bool tune_kernel; /* May alter kernel settings as necessary */
+extern int connect_delay; /* Time to delay after connect script */
+extern int max_data_rate; /* max bytes/sec through charshunt */
+extern int req_unit; /* interface unit number to use */
+extern char path_ipup[]; /* pathname of ip-up script */
+extern char path_ipdown[]; /* pathname of ip-down script */
+extern char req_ifname[]; /* interface name to use (IFNAMSIZ) */
+extern bool multilink; /* enable multilink operation (options.c) */
+extern bool noendpoint; /* don't send or accept endpt. discrim. */
+extern char *bundle_name; /* bundle name for multilink */
+extern bool dump_options; /* print out option values */
+extern bool show_options; /* show all option names and descriptions */
+extern bool dryrun; /* check everything, print options, exit */
+extern int child_wait; /* # seconds to wait for children at end */
+extern char *current_option; /* the name of the option being parsed */
+extern int privileged_option; /* set iff the current option came from root */
+extern char *option_source; /* string saying where the option came from */
+extern int option_priority; /* priority of current options */
+
+#ifdef PPP_WITH_IPV6CP
+extern char path_ipv6up[]; /* pathname of ipv6-up script */
+extern char path_ipv6down[]; /* pathname of ipv6-down script */
+#endif
+
+#if defined(PPP_WITH_EAPTLS) || defined(PPP_WITH_PEAP)
+#define TLS_VERIFY_NONE "none"
+#define TLS_VERIFY_NAME "name"
+#define TLS_VERIFY_SUBJECT "subject"
+#define TLS_VERIFY_SUFFIX "suffix"
+
+extern char *crl_dir;
+extern char *crl_file;
+extern char *ca_path;
+extern char *cacert_file;
+
+extern char *max_tls_version;
+extern bool tls_verify_key_usage;
+extern char *tls_verify_method;
+#endif /* PPP_WITH_EAPTLS || PPP_WITH_PEAP */
+
+#ifdef PPP_WITH_EAPTLS
+extern char *pkcs12_file;
+#endif /* PPP_WITH_EAPTLS */
+
+typedef enum {
+ PPP_OCTETS_DIRECTION_SUM,
+ PPP_OCTETS_DIRECTION_IN,
+ PPP_OCTETS_DIRECTION_OUT,
+ PPP_OCTETS_DIRECTION_MAXOVERAL,
+ PPP_OCTETS_DIRECTION_MAXSESSION /* Same as MAXOVERALL, but a little different for RADIUS */
+} session_limit_dir_t;
+
+extern unsigned int maxoctets; /* Maximum octetes per session (in bytes) */
+extern session_limit_dir_t maxoctets_dir; /* Direction */
+extern int maxoctets_timeout; /* Timeout for check of octets limit */
+
+#ifdef PPP_WITH_FILTER
+extern struct bpf_program pass_filter; /* Filter for pkts to pass */
+extern struct bpf_program active_filter; /* Filter for link-active pkts */
+#endif
+
+#ifdef PPP_WITH_MSLANMAN
+extern bool ms_lanman; /* Use LanMan password instead of NT */
+ /* Has meaning only with MS-CHAP challenges */
+#endif
+
+/* Values for auth_pending, auth_done */
+#define PAP_WITHPEER 0x1
+#define PAP_PEER 0x2
+#define CHAP_WITHPEER 0x4
+#define CHAP_PEER 0x8
+#define EAP_WITHPEER 0x10
+#define EAP_PEER 0x20
+
+/* Values for auth_done only */
+#define CHAP_MD5_WITHPEER 0x40
+#define CHAP_MD5_PEER 0x80
+#define CHAP_MS_SHIFT 8 /* LSB position for MS auths */
+#define CHAP_MS_WITHPEER 0x100
+#define CHAP_MS_PEER 0x200
+#define CHAP_MS2_WITHPEER 0x400
+#define CHAP_MS2_PEER 0x800
+
+
+/*
+ * This structure contains environment variables that are set or unset
+ * by the user.
+ */
+struct userenv {
+ struct userenv *ue_next;
+ char *ue_value; /* value (set only) */
+ bool ue_isset; /* 1 for set, 0 for unset */
+ bool ue_priv; /* from privileged source */
+ const char *ue_source; /* source name */
+ char ue_name[1]; /* variable name */
+};
+
+extern struct userenv *userenv_list;
+
+/*
+ * Prototypes.
+ */
+
+/* Procedures exported from main.c. */
+void set_ifunit(int); /* set stuff that depends on ifunit */
+void detach(void); /* Detach from controlling tty */
+void die(int); /* Cleanup and exit */
+void quit(void); /* like die(1) */
+
+void record_child(int, char *, void (*) (void *), void *, int);
+int device_script(char *cmd, int in, int out, int dont_wait);
+ /* Run `cmd' with given stdin and stdout */
+pid_t run_program(char *prog, char * const * args, int must_exist,
+ void (*done)(void *), void *arg, int wait);
+ /* Run program prog with args in child */
+void reopen_log(void); /* (re)open the connection to syslog */
+void print_link_stats(void); /* Print stats, if available */
+void reset_link_stats(int); /* Reset (init) stats when link goes up */
+void new_phase(ppp_phase_t); /* signal start of new phase */
+bool in_phase(ppp_phase_t);
+void notify(struct notifier *, int);
+int ppp_send_config(int, int, u_int32_t, int, int);
+int ppp_recv_config(int, int, u_int32_t, int, int);
+const char *protocol_name(int);
+void remove_pidfiles(void);
+void lock_db(void);
+void unlock_db(void);
+
+/* Procedures exported from tty.c. */
+void tty_init(void);
+
+void print_string(char *, int, printer_func, void *);
+ /* Format a string for output */
+ssize_t complete_read(int, void *, size_t);
+ /* read a complete buffer */
+
+/* Procedures exported from auth.c */
+void link_required(int); /* we are starting to use the link */
+void start_link(int); /* bring the link up now */
+void link_terminated(int); /* we are finished with the link */
+void link_down(int); /* the LCP layer has left the Opened state */
+void upper_layers_down(int);/* take all NCPs down */
+void link_established(int); /* the link is up; authenticate now */
+void start_networks(int); /* start all the network control protos */
+void continue_networks(int); /* start network [ip, etc] control protos */
+void np_up(int, int); /* a network protocol has come up */
+void np_down(int, int); /* a network protocol has gone down */
+void np_finished(int, int); /* a network protocol no longer needs link */
+void auth_peer_fail(int, int);
+ /* peer failed to authenticate itself */
+void auth_peer_success(int, int, int, char *, int);
+ /* peer successfully authenticated itself */
+void auth_withpeer_fail(int, int);
+ /* we failed to authenticate ourselves */
+void auth_withpeer_success(int, int, int);
+ /* we successfully authenticated ourselves */
+void auth_check_options(void);
+ /* check authentication options supplied */
+void auth_reset(int); /* check what secrets we have */
+int check_passwd(int, char *, int, char *, int, char **);
+ /* Check peer-supplied username/password */
+int get_secret(int, char *, char *, char *, int *, int);
+ /* get "secret" for chap */
+int get_srp_secret(int unit, char *client, char *server, char *secret,
+ int am_server);
+int auth_ip_addr(int, u_int32_t);
+ /* check if IP address is authorized */
+int auth_number(void); /* check if remote number is authorized */
+
+/* Procedures exported from demand.c */
+void demand_conf(void); /* config interface(s) for demand-dial */
+void demand_block(void); /* set all NPs to queue up packets */
+void demand_unblock(void); /* set all NPs to pass packets */
+void demand_discard(void); /* set all NPs to discard packets */
+void demand_rexmit(int); /* retransmit saved frames for an NP */
+int loop_chars(unsigned char *, int); /* process chars from loopback */
+int loop_frame(unsigned char *, int); /* should we bring link up? */
+
+/* Procedures exported from sys-*.c */
+void sys_init(void); /* Do system-dependent initialization */
+void sys_cleanup(void); /* Restore system state before exiting */
+int sys_check_options(void); /* Check options specified */
+int get_pty(int *, int *, char *, int); /* Get pty master/slave */
+int open_ppp_loopback(void); /* Open loopback for demand-dialling */
+int tty_establish_ppp(int); /* Turn serial port into a ppp interface */
+void tty_disestablish_ppp(int); /* Restore port to normal operation */
+void make_new_bundle(int, int, int, int); /* Create new bundle */
+int bundle_attach(int); /* Attach link to existing bundle */
+void cfg_bundle(int, int, int, int); /* Configure existing bundle */
+void destroy_bundle(void); /* Tell driver to destroy bundle */
+void clean_check(void); /* Check if line was 8-bit clean */
+void set_up_tty(int, int); /* Set up port's speed, parameters, etc. */
+void restore_tty(int); /* Restore port's original parameters */
+void setdtr(int, int); /* Raise or lower port's DTR line */
+void output(int, unsigned char *, int); /* Output a PPP packet */
+void wait_input(struct timeval *);
+ /* Wait for input, with timeout */
+void add_fd(int); /* Add fd to set to wait for */
+void remove_fd(int); /* Remove fd from set to wait for */
+int read_packet(unsigned char *); /* Read PPP packet */
+int get_loop_output(void); /* Read pkts from loopback */
+void tty_send_config(int, u_int32_t, int, int);
+ /* Configure i/f transmit parameters */
+void tty_set_xaccm(ext_accm);
+ /* Set extended transmit ACCM */
+void tty_recv_config(int, u_int32_t, int, int);
+ /* Configure i/f receive parameters */
+int ccp_test(int, unsigned char *, int, int);
+ /* Test support for compression scheme */
+void ccp_flags_set(int, int, int);
+ /* Set kernel CCP state */
+int ccp_fatal_error(int); /* Test for fatal decomp error in kernel */
+int get_idle_time(int, struct ppp_idle *);
+ /* Find out how long link has been idle */
+int get_ppp_stats(int, struct pppd_stats *);
+ /* Return link statistics */
+int sifvjcomp(int, int, int, int);
+ /* Configure VJ TCP header compression */
+int sifup(int); /* Configure i/f up for one protocol */
+int sifnpmode(int u, int proto, enum NPmode mode);
+ /* Set mode for handling packets for proto */
+int sifdown(int); /* Configure i/f down for one protocol */
+int sifaddr(int, u_int32_t, u_int32_t, u_int32_t);
+ /* Configure IPv4 addresses for i/f */
+int cifaddr(int, u_int32_t, u_int32_t);
+ /* Reset i/f IP addresses */
+#ifdef PPP_WITH_IPV6CP
+int sif6up(int); /* Configure i/f up for IPv6 */
+int sif6down(int); /* Configure i/f down for IPv6 */
+int sif6addr(int, eui64_t, eui64_t);
+ /* Configure IPv6 addresses for i/f */
+int cif6addr(int, eui64_t, eui64_t);
+ /* Remove an IPv6 address from i/f */
+#endif
+int sifdefaultroute(int, u_int32_t, u_int32_t, bool replace_default_rt);
+ /* Create default route through i/f */
+int cifdefaultroute(int, u_int32_t, u_int32_t);
+ /* Delete default route through i/f */
+#ifdef PPP_WITH_IPV6CP
+int sif6defaultroute(int, eui64_t, eui64_t);
+ /* Create default IPv6 route through i/f */
+int cif6defaultroute(int, eui64_t, eui64_t);
+ /* Delete default IPv6 route through i/f */
+#endif
+int sifproxyarp(int, u_int32_t);
+ /* Add proxy ARP entry for peer */
+int cifproxyarp(int, u_int32_t);
+ /* Delete proxy ARP entry for peer */
+u_int32_t GetMask(u_int32_t); /* Get appropriate netmask for address */
+int mkdir_recursive(const char *); /* Recursively create directory */
+int lock(char *); /* Create lock file for device */
+int relock(int); /* Rewrite lock file with new pid */
+void unlock(void); /* Delete previously-created lock file */
+void logwtmp(const char *, const char *, const char *);
+ /* Write entry to wtmp file */
+int get_host_seed(void); /* Get host-dependent random number seed */
+int have_route_to(u_int32_t); /* Check if route to addr exists */
+#ifdef PPP_WITH_FILTER
+int set_filters(struct bpf_program *pass, struct bpf_program *active);
+ /* Set filter programs in kernel */
+#endif
+int get_if_hwaddr(unsigned char *addr, char *name);
+int get_first_ether_hwaddr(unsigned char *addr);
+
+/* Procedures exported from options.c */
+int setipaddr(char *, char **, int); /* Set local/remote ip addresses */
+int parse_args(int argc, char **argv);
+ /* Parse options from arguments given */
+int getword(FILE *f, char *word, int *newlinep, char *filename);
+ /* Read a word from a file */
+int options_from_user(void); /* Parse options from user's .ppprc */
+int options_for_tty(void); /* Parse options from /etc/ppp/options.tty */
+struct wordlist;
+int options_from_list(struct wordlist *, int privileged);
+ /* Parse options from a wordlist */
+void check_options(void); /* check values after all options parsed */
+int override_value(char *, int, const char *);
+ /* override value if permitted by priority */
+void print_options(printer_func, void *);
+ /* print out values of all options */
+void showopts(void);
+ /* show all option names and description */
+int parse_dotted_ip(char *, u_int32_t *);
+
+/*
+ * Inline versions of get/put char/short/long.
+ * Pointer is advanced; we assume that both arguments
+ * are lvalues and will already be in registers.
+ * cp MUST be unsigned char *.
+ */
+#define GETCHAR(c, cp) { \
+ (c) = *(cp)++; \
+}
+#define PUTCHAR(c, cp) { \
+ *(cp)++ = (unsigned char) (c); \
+}
+
+
+#define GETSHORT(s, cp) { \
+ (s) = *(cp)++ << 8; \
+ (s) |= *(cp)++; \
+}
+#define PUTSHORT(s, cp) { \
+ *(cp)++ = (unsigned char) ((s) >> 8); \
+ *(cp)++ = (unsigned char) (s); \
+}
+
+#define GETLONG(l, cp) { \
+ (l) = *(cp)++ << 8; \
+ (l) |= *(cp)++; (l) <<= 8; \
+ (l) |= *(cp)++; (l) <<= 8; \
+ (l) |= *(cp)++; \
+}
+#define PUTLONG(l, cp) { \
+ *(cp)++ = (unsigned char) ((l) >> 24); \
+ *(cp)++ = (unsigned char) ((l) >> 16); \
+ *(cp)++ = (unsigned char) ((l) >> 8); \
+ *(cp)++ = (unsigned char) (l); \
+}
+
+#define INCPTR(n, cp) ((cp) += (n))
+#define DECPTR(n, cp) ((cp) -= (n))
+
+/*
+ * System dependent definitions for user-level 4.3BSD UNIX implementation.
+ */
+
+#define TIMEOUT(r, f, t) ppp_timeout((r), (f), (t), 0)
+#define UNTIMEOUT(r, f) ppp_untimeout((r), (f))
+
+#define BCOPY(s, d, l) memcpy(d, s, l)
+#define BZERO(s, n) memset(s, 0, n)
+#define BCMP(s1, s2, l) memcmp(s1, s2, l)
+
+#define PRINTMSG(m, l) { info("Remote message: %0.*v", l, m); }
+
+/*
+ * MAKEHEADER - Add Header fields to a packet.
+ */
+#define MAKEHEADER(p, t) { \
+ PUTCHAR(PPP_ALLSTATIONS, p); \
+ PUTCHAR(PPP_UI, p); \
+ PUTSHORT(t, p); }
+
+/*
+ * Debug macros. Slightly useful for finding bugs in pppd, not particularly
+ * useful for finding out why your connection isn't being established.
+ */
+#ifdef DEBUGALL
+#define DEBUGMAIN 1
+#define DEBUGFSM 1
+#define DEBUGLCP 1
+#define DEBUGIPCP 1
+#define DEBUGIPV6CP 1
+#define DEBUGUPAP 1
+#define DEBUGCHAP 1
+#endif
+
+#ifndef LOG_PPP /* we use LOG_LOCAL2 for syslog by default */
+#if defined(DEBUGMAIN) || defined(DEBUGFSM) || defined(DEBUGSYS) \
+ || defined(DEBUGLCP) || defined(DEBUGIPCP) || defined(DEBUGUPAP) \
+ || defined(DEBUGCHAP) || defined(DEBUG) || defined(DEBUGIPV6CP)
+#define LOG_PPP LOG_LOCAL2
+#else
+#define LOG_PPP LOG_DAEMON
+#endif
+#endif /* LOG_PPP */
+
+#ifdef DEBUGMAIN
+#define MAINDEBUG(x) if (debug) dbglog x
+#else
+#define MAINDEBUG(x)
+#endif
+
+#ifdef DEBUGSYS
+#define SYSDEBUG(x) if (debug) dbglog x
+#else
+#define SYSDEBUG(x)
+#endif
+
+#ifdef DEBUGFSM
+#define FSMDEBUG(x) if (debug) dbglog x
+#else
+#define FSMDEBUG(x)
+#endif
+
+#ifdef DEBUGLCP
+#define LCPDEBUG(x) if (debug) dbglog x
+#else
+#define LCPDEBUG(x)
+#endif
+
+#ifdef DEBUGIPCP
+#define IPCPDEBUG(x) if (debug) dbglog x
+#else
+#define IPCPDEBUG(x)
+#endif
+
+#ifdef DEBUGIPV6CP
+#define IPV6CPDEBUG(x) if (debug) dbglog x
+#else
+#define IPV6CPDEBUG(x)
+#endif
+
+#ifdef DEBUGUPAP
+#define UPAPDEBUG(x) if (debug) dbglog x
+#else
+#define UPAPDEBUG(x)
+#endif
+
+#ifdef DEBUGCHAP
+#define CHAPDEBUG(x) if (debug) dbglog x
+#else
+#define CHAPDEBUG(x)
+#endif
+
+#ifndef SIGTYPE
+#if defined(sun) || defined(SYSV) || defined(POSIX_SOURCE)
+#define SIGTYPE void
+#else
+#define SIGTYPE int
+#endif /* defined(sun) || defined(SYSV) || defined(POSIX_SOURCE) */
+#endif /* SIGTYPE */
+
+#ifndef MIN
+#define MIN(a, b) ((a) < (b)? (a): (b))
+#endif
+#ifndef MAX
+#define MAX(a, b) ((a) > (b)? (a): (b))
+#endif
+
+#ifndef offsetof
+#define offsetof(type, member) ((size_t) &((type *)0)->member)
+#endif
+
+#endif
-.\" manual page [] for pppd 2.4
-.\" $Id: pppd.8,v 1.90 2008/03/26 12:09:40 paulus Exp $
+.\" manual page [] for pppd 2.5.x
.\" SH section heading
.\" SS subsection heading
.\" LP paragraph
.\" IP indented paragraph
.\" TP hanging label
.\"
-.\" Copyright (c) 1993-2003 Paul Mackerras <paulus@samba.org>
+.\" Copyright (c) 1993-2003 Paul Mackerras <paulus@ozlabs.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
seconds (default 3).
.TP
.B ipparam \fIstring
-Provides an extra parameter to the ip\-up, ip\-pre\-up and ip\-down
+Provides an extra parameter most of the notification scripts, most notably
+ip\-up, ip\-pre\-up, ip\-down, ipv6\-up, ipv6\-down, auth\-up and auth\-down
scripts. If this
option is given, the \fIstring\fR supplied is given as the 6th
parameter to those scripts.
Set the IPv6CP restart interval (retransmission timeout) to \fIn\fR
seconds (default 3).
.TP
-.B ipx
-Enable the IPXCP and IPX protocols. This option is presently only
-supported under Linux, and only if your kernel has been configured to
-include IPX support.
-.TP
-.B ipx\-network \fIn
-Set the IPX network number in the IPXCP configure request frame to
-\fIn\fR, a hexadecimal number (without a leading 0x). There is no
-valid default. If this option is not specified, the network number is
-obtained from the peer. If the peer does not have the network number,
-the IPX protocol will not be started.
-.TP
-.B ipx\-node \fIn\fB:\fIm
-Set the IPX node numbers. The two node numbers are separated from each
-other with a colon character. The first number \fIn\fR is the local
-node number. The second number \fIm\fR is the peer's node number. Each
-node number is a hexadecimal number, at most 10 digits long. The node
-numbers on the ipx\-network must be unique. There is no valid
-default. If this option is not specified then the node numbers are
-obtained from the peer.
-.TP
-.B ipx\-router\-name \fI<string>
-Set the name of the router. This is a string and is sent to the peer
-as information data.
-.TP
-.B ipx\-routing \fIn
-Set the routing protocol to be received by this option. More than one
-instance of \fIipx\-routing\fR may be specified. The '\fInone\fR'
-option (0) may be specified as the only instance of ipx\-routing. The
-values may be \fI0\fR for \fINONE\fR, \fI2\fR for \fIRIP/SAP\fR, and
-\fI4\fR for \fINLSP\fR.
-.TP
-.B ipxcp\-accept\-local
-Accept the peer's NAK for the node number specified in the ipx\-node
-option. If a node number was specified, and non-zero, the default is
-to insist that the value be used. If you include this option then you
-will permit the peer to override the entry of the node number.
-.TP
-.B ipxcp\-accept\-network
-Accept the peer's NAK for the network number specified in the
-ipx\-network option. If a network number was specified, and non-zero, the
-default is to insist that the value be used. If you include this
-option then you will permit the peer to override the entry of the node
-number.
-.TP
-.B ipxcp\-accept\-remote
-Use the peer's network number specified in the configure request
-frame. If a node number was specified for the peer and this option was
-not specified, the peer will be forced to use the value which you have
-specified.
-.TP
-.B ipxcp\-max\-configure \fIn
-Set the maximum number of IPXCP configure request frames which the
-system will send to \fIn\fR. The default is 10.
-.TP
-.B ipxcp\-max\-failure \fIn
-Set the maximum number of IPXCP NAK frames which the local system will
-send before it rejects the options. The default value is 3.
-.TP
-.B ipxcp\-max\-terminate \fIn
-Set the maximum number of IPXCP terminate request frames before the
-local system considers that the peer is not listening to them. The
-default value is 3.
-.TP
.B kdebug \fIn
Enable debugging code in the kernel-level PPP driver. The argument
values depend on the specific kernel driver, but in general a value of
Set the LCP restart interval (retransmission timeout) to \fIn\fR
seconds (default 3).
.TP
+.B lcp\-rtt\-file \fIfilename
+Sets the file where the round-trip time (RTT) of LCP echo-request frames
+will be logged.
+.TP
.B linkname \fIname\fR
Sets the logical name of the link to \fIname\fR. Pppd will create a
file named \fBppp\-\fIname\fB.pid\fR in /var/run (or /etc/ppp on some
Terminate after \fIn\fR consecutive failed connection attempts. A
value of 0 means no limit. The default value is 10.
.TP
-.B max-tls-version \fIstring
+.B max\-tls-\version \fIstring
(EAP-TLS, or PEAP) Configures the max allowed TLS version used during
negotiation with a peer. The default value for this is \fI1.2\fR. Values
allowed for this option is \fI1.0.\fR, \fI1.1\fR, \fI1.2\fR, \fI1.3\fR.
Disable Address/Control compression in both directions (send and
receive).
.TP
-.B need-peer-eap
+.B need\-peer\-eap
(EAP-TLS) Require the peer to verify our authentication credentials.
.TP
.B noauth
address during IPCP negotiation (unless it specified explicitly on the
command line or in an options file).
.TP
-.B noipx
-Disable the IPXCP and IPX protocols. This option should only be
-required if the peer is buggy and gets confused by requests from pppd
-for IPXCP negotiation.
-.TP
.B noktune
Opposite of the \fIktune\fR option; disables pppd from changing system
settings.
Currently supports Microgate SyncLink adapters
under Linux and FreeBSD 2.2.8 and later.
.TP
-.B tls-verify-method \fIstring
+.B tls\-verify\-method \fIstring
(EAP-TLS, or PEAP) Match the value specified for \fIremotename\fR to that that
of the X509 certificates subject name, common name, or suffix of the common
name. Respective values allowed for this option is: \fInone\fR, \fIsubject\fR,
\fIname\fR, or \fIsuffix\fR. The default value for this option is \fIname\fR.
.TP
-.B tls-verify-key-usage
+.B tls\-verify\-key\-usage
(EAP-TLS, or PEAP) Enables examination of peer certificate's purpose, and
extended key usage attributes.
.TP
option may be avoided if interface name is unambiguous and does not
look like any other pppd's option.
.TP
-.B pppoe-service \fIname
+.B pppoe\-service \fIname
Connect to specified PPPoE service name. For backward compatibility also
\fBrp_pppoe_service\fP option name is supported.
.TP
-.B pppoe-ac \fIname
+.B pppoe\-ac \fIname
Connect to specified PPPoE access concentrator name. For backward
compatibility also \fBrp_pppoe_ac\fP option name is supported.
.TP
-.B pppoe-sess \fIsessid\fP:\fImacaddr
+.B pppoe\-sess \fIsessid\fP:\fImacaddr
Attach to existing PPPoE session. For backward compatibility also
\fBrp_pppoe_sess\fP option name is supported.
.TP
-.B pppoe-verbose \fIn
+.B pppoe\-verbose \fIn
Be verbose about discovered access concentrators. When set to 2 or bigger
value then dump also discovery packets. For backward compatibility also
\fBrp_pppoe_verbose\fP option name is supported.
.TP
-.B pppoe-mac \fImacaddr
+.B pppoe\-mac \fImacaddr
Connect to specified MAC address.
.TP
-.B pppoe-host-uniq \fIstring
+.B pppoe\-host\-uniq \fIstring
Set the PPPoE Host-Uniq tag to the supplied hex string.
By default PPPoE Host-Uniq tag is set to the pppd's process PID.
For backward compatibility this option may be specified without
\fBpppoe-\fP prefix.
.TP
-.B pppoe-padi-timeout \fIn
+.B pppoe\-padi\-timeout \fIn
Initial timeout for discovery packets in seconds (default 5).
.TP
-.B pppoe-padi-attempts \fIn
+.B pppoe\-padi\-attempts \fIn
Number of discovery attempts (default 3).
.SH OPTIONS FILES
Options can be taken from files as well as the command line. Pppd
Pppd invokes scripts at various stages in its processing which can be
used to perform site-specific ancillary processing. These scripts are
usually shell scripts, but could be executable code files instead.
-Pppd does not wait for the scripts to finish (except for the ip-pre-up
-script). The scripts are
+Pppd does not wait for the scripts to finish (except for the net\-init,
+net\-pre\-up and ip\-pre\-up scripts). The scripts are
executed as root (with the real and effective user-id set to 0), so
that they can do things such as update routing tables or run
privileged daemons. Be careful that the contents of these scripts do
A program or script which is executed after the remote system
successfully authenticates itself. It is executed with the parameters
.IP
-\fIinterface\-name peer\-name user\-name tty\-device speed\fR
+\fIinterface\-name peer\-name user\-name tty\-device speed ipparam\fR
.IP
Note that this script is not executed if the peer doesn't authenticate
itself, for example when the \fInoauth\fR option is used.
add firewall rules before any IP traffic can pass through the
interface. Pppd will wait for this script to finish before bringing
the interface up, so this script should run quickly.
+.PP
+WARNING: Please note that on systems where a single interface carries multiple
+protocols (Linux) ip-pre-up is NOT actually guaranteed to execute prior to the
+interface moving into an up state, although IP information won't be known you
+should consider using net-pre-up instead, alternatively, disable other NCPs
+such that IPv4 is the only negotiated protocol - which will also result in a
+guarantee that ip-pre-up is called prior to the interface going into an UP
+state.
.TP
.B /etc/ppp/ip\-up
A program or script which is executed when the link is available for
longer be transmitted on the link. It is executed with the same parameters
as the ipv6\-up script.
.TP
-.B /etc/ppp/ipx\-up
-A program or script which is executed when the link is available for
-sending and receiving IPX packets (that is, IPXCP has come up). It is
-executed with the parameters
-.IP
-\fIinterface\-name tty\-device speed network\-number local\-IPX\-node\-address
-remote\-IPX\-node\-address local\-IPX\-routing\-protocol remote\-IPX\-routing\-protocol
-local\-IPX\-router\-name remote\-IPX\-router\-name ipparam pppd\-pid\fR
-.IP
-The local\-IPX\-routing\-protocol and remote\-IPX\-routing\-protocol field
-may be one of the following:
+.B /etc/ppp/net\-init
+This script will be executed the moment the ppp unit number is known. This
+script will be waited for and should not cause significant delays. This can be
+used to update book-keeping type systems external to ppp and provides the only
+guaranteed point where a script can be executed knowing the ppp unit number
+prior to LCP being initiated. It is executed with the parameters
.IP
-NONE to indicate that there is no routing protocol
-.br
-RIP to indicate that RIP/SAP should be used
-.br
-NLSP to indicate that Novell NLSP should be used
-.br
-RIP NLSP to indicate that both RIP/SAP and NLSP should be used
+\fIinterface\-name tty\-device speed ipparam
.TP
-.B /etc/ppp/ipx\-down
-A program or script which is executed when the link is no longer
-available for sending and receiving IPX packets. This script can be
-used for undoing the effects of the /etc/ppp/ipx\-up script. It is
-invoked in the same manner and with the same parameters as the ipx\-up
-script.
-.SH FILES
+.B /etc/ppp/net\-pre\-up
+This script will be executed just prior to NCP negotiations initiating, and is
+guaranteed to be executed whilst the interface (Linux) and/or sub-interfaces
+(Solaris) as the case may be is/are still down. ppp will block waiting for
+this script to complete, and the interface may be safely renamed in this script
+(using for example "ip li set dev $1 name ppp-foobar". The parameters are the
+same as for net\-init.
+.TP
+.B /etc/ppp/net\-down
+This script will be executed just prior to ppp terminating and will not be
+waited for. The parameters are the same as for net\-init.
.TP
.B /var/run/ppp\fIn\fB.pid \fR(BSD or Linux), \fB/etc/ppp/ppp\fIn\fB.pid \fR(others)
Process-ID for pppd process on ppp interface unit \fIn\fR.
indicate a bug in one or other implementation.)
.SH AUTHORS
-Paul Mackerras (paulus@samba.org), based on earlier work by
+Paul Mackerras (paulus@ozlabs.org), based on earlier work by
Drew Perkins,
Brad Clements,
Karl Fox,
.br
(412) 268-4387, fax: (412) 268-7395
.br
- tech-transfer@andrew.cmu.edu
+ tech\-transfer@andrew.cmu.edu
.LP
3b. The name(s) of the authors of this software must not be used to
endorse or promote products derived from this software without
at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.br
"This product includes software developed by Paul Mackerras
- <paulus@samba.org>".
+ <paulus@ozlabs.org>".
.br
"This product includes software developed by Pedro Roque Marques
<pedro_m@yahoo.com>".
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- *
- * $Id: pppd.h,v 1.96 2008/06/23 11:47:18 paulus Exp $
*/
-#include "pppdconf.h"
+#ifndef PPP_PPPD_H
+#define PPP_PPPD_H
-/*
- * TODO:
- */
-
-#ifndef __PPPD_H__
-#define __PPPD_H__
-
-#include <stdio.h> /* for FILE */
-#include <stdlib.h> /* for encrypt */
-#include <unistd.h> /* for setkey */
#include <stdarg.h>
+#include <stdbool.h>
+#include <stddef.h>
#include <stdint.h>
-#include <limits.h> /* for NGROUPS_MAX */
-#include <sys/param.h> /* for MAXPATHLEN and BSD4_4, if defined */
-#include <sys/types.h> /* for u_int32_t, if defined */
-#include <sys/time.h> /* for struct timeval */
-#include <net/ppp_defs.h>
-#include <net/if.h>
-#include "patchlevel.h"
-
-#ifdef INET6
-#include "eui64.h"
+#include <sys/types.h>
+
+#include "pppdconf.h"
+
+#ifdef __cplusplus
+extern "C" {
#endif
/*
- * Limits.
+ * Limits
*/
-
#define NUM_PPP 1 /* One PPP interface supported (per process) */
#define MAXWORDLEN 1024 /* max length of word in file (incl null) */
#define MAXARGS 1 /* max # args to a command */
#define MAXNAMELEN 256 /* max length of hostname or name for auth */
#define MAXSECRETLEN 256 /* max length of password or secret */
+
/*
- * If PPP_DRV_NAME is not defined, use the default "ppp" as the device name.
- * Where should PPP_DRV_NAME come from? Do we include it here?
+ * Values for phase.
*/
-#if !defined(PPP_DRV_NAME)
-#define PPP_DRV_NAME "ppp"
-#endif /* !defined(PPP_DRV_NAME) */
+typedef enum ppp_phase
+{
+ PHASE_DEAD,
+ PHASE_INITIALIZE,
+ PHASE_SERIALCONN,
+ PHASE_DORMANT,
+ PHASE_ESTABLISH,
+ PHASE_AUTHENTICATE,
+ PHASE_CALLBACK,
+ PHASE_NETWORK,
+ PHASE_RUNNING,
+ PHASE_TERMINATE,
+ PHASE_DISCONNECT,
+ PHASE_HOLDOFF,
+ PHASE_MASTER,
+} ppp_phase_t;
/*
- * Option descriptor structure.
+ * Values for exit codes
*/
+typedef enum ppp_exit_code
+{
+ EXIT_OK = 0,
+ EXIT_FATAL_ERROR = 1,
+ EXIT_OPTION_ERROR = 2,
+ EXIT_NOT_ROOT = 3,
+ EXIT_NO_KERNEL_SUPPORT = 4,
+ EXIT_USER_REQUEST = 5,
+ EXIT_LOCK_FAILED = 6,
+ EXIT_OPEN_FAILED = 7,
+ EXIT_CONNECT_FAILED = 8,
+ EXIT_PTYCMD_FAILED = 9,
+ EXIT_NEGOTIATION_FAILED = 10,
+ EXIT_PEER_AUTH_FAILED = 11,
+ EXIT_IDLE_TIMEOUT = 12,
+ EXIT_CONNECT_TIME = 13,
+ EXIT_CALLBACK = 14,
+ EXIT_PEER_DEAD = 15,
+ EXIT_HANGUP = 16,
+ EXIT_LOOPBACK = 17,
+ EXIT_INIT_FAILED = 18,
+ EXIT_AUTH_TOPEER_FAILED = 19,
+ EXIT_TRAFFIC_LIMIT = 20,
+ EXIT_CNID_AUTH_FAILED = 21
+} ppp_exit_code_t;
-typedef unsigned char bool;
-
-enum opt_type {
- o_special_noarg = 0,
- o_special = 1,
- o_bool,
- o_int,
- o_uint32,
- o_string,
- o_wild
-};
-
-typedef struct {
- char *name; /* name of the option */
- enum opt_type type;
- void *addr;
- char *description;
- unsigned int flags;
- void *addr2;
- int upper_limit;
- int lower_limit;
- const char *source;
- short int priority;
- short int winner;
-} option_t;
-
-/* Values for flags */
-#define OPT_VALUE 0xff /* mask for presupplied value */
-#define OPT_HEX 0x100 /* int option is in hex */
-#define OPT_NOARG 0x200 /* option doesn't take argument */
-#define OPT_OR 0x400 /* for u32, OR in argument to value */
-#define OPT_INC 0x400 /* for o_int, increment value */
-#define OPT_A2OR 0x800 /* for o_bool, OR arg to *(u_char *)addr2 */
-#define OPT_PRIV 0x1000 /* privileged option */
-#define OPT_STATIC 0x2000 /* string option goes into static array */
-#define OPT_NOINCR 0x2000 /* for o_int, value mustn't be increased */
-#define OPT_LLIMIT 0x4000 /* check value against lower limit */
-#define OPT_ULIMIT 0x8000 /* check value against upper limit */
-#define OPT_LIMITS (OPT_LLIMIT|OPT_ULIMIT)
-#define OPT_ZEROOK 0x10000 /* 0 value is OK even if not within limits */
-#define OPT_HIDE 0x10000 /* for o_string, print value as ?????? */
-#define OPT_A2LIST 0x20000 /* for o_special, keep list of values */
-#define OPT_A2CLRB 0x20000 /* o_bool, clr val bits in *(u_char *)addr2 */
-#define OPT_ZEROINF 0x40000 /* with OPT_NOINCR, 0 == infinity */
-#define OPT_PRIO 0x80000 /* process option priorities for this option */
-#define OPT_PRIOSUB 0x100000 /* subsidiary member of priority group */
-#define OPT_ALIAS 0x200000 /* option is alias for previous option */
-#define OPT_A2COPY 0x400000 /* addr2 -> second location to rcv value */
-#define OPT_ENABLE 0x800000 /* use *addr2 as enable for option */
-#define OPT_A2CLR 0x1000000 /* clear *(bool *)addr2 */
-#define OPT_PRIVFIX 0x2000000 /* user can't override if set by root */
-#define OPT_INITONLY 0x4000000 /* option can only be set in init phase */
-#define OPT_DEVEQUIV 0x8000000 /* equiv to device name */
-#define OPT_DEVNAM (OPT_INITONLY | OPT_DEVEQUIV)
-#define OPT_A2PRINTER 0x10000000 /* *addr2 printer_func to print option */
-#define OPT_A2STRVAL 0x20000000 /* *addr2 points to current string value */
-#define OPT_NOPRINT 0x40000000 /* don't print this option at all */
-
-#define OPT_VAL(x) ((x) & OPT_VALUE)
-
-/* Values for priority */
-#define OPRIO_DEFAULT 0 /* a default value */
-#define OPRIO_CFGFILE 1 /* value from a configuration file */
-#define OPRIO_CMDLINE 2 /* value from the command line */
-#define OPRIO_SECFILE 3 /* value from options in a secrets file */
-#define OPRIO_ROOT 100 /* added to priority if OPT_PRIVFIX && root */
-
-#ifndef GIDSET_TYPE
-#define GIDSET_TYPE gid_t
-#endif
-
-/* Structure representing a list of permitted IP addresses. */
-struct permitted_ip {
- int permit; /* 1 = permit, 0 = forbid */
- u_int32_t base; /* match if (addr & mask) == base */
- u_int32_t mask; /* base and mask are in network byte order */
-};
+/*
+ * Type of notifier callbacks
+ */
+typedef enum
+{
+ NF_PID_CHANGE,
+ NF_PHASE_CHANGE,
+ NF_EXIT,
+ NF_SIGNALED,
+ NF_IP_UP,
+ NF_IP_DOWN,
+ NF_IPV6_UP,
+ NF_IPV6_DOWN,
+ NF_AUTH_UP,
+ NF_LINK_DOWN,
+ NF_FORK,
+ NF_MAX_NOTIFY
+} ppp_notify_t;
+
+typedef enum
+{
+ PPP_DIR_LOG,
+ PPP_DIR_RUNTIME,
+ PPP_DIR_CONF,
+ PPP_DIR_PLUGIN,
+} ppp_path_t;
/*
* Unfortunately, the linux kernel driver uses a different structure
* This structure serves as a common representation for the bits
* pppd needs.
*/
-struct pppd_stats {
+struct pppd_stats
+{
uint64_t bytes_in;
uint64_t bytes_out;
unsigned int pkts_in;
unsigned int pkts_out;
};
+typedef struct pppd_stats ppp_link_stats_st;
-/* Used for storing a sequence of words. Usually malloced. */
+/*
+ * Used for storing a sequence of words. Usually malloced.
+ */
struct wordlist {
struct wordlist *next;
char *word;
};
-/* An endpoint discriminator, used with multilink. */
-#define MAX_ENDP_LEN 20 /* maximum length of discriminator value */
-struct epdisc {
- unsigned char class;
- unsigned char length;
- unsigned char value[MAX_ENDP_LEN];
-};
-
-/* values for epdisc.class */
-#define EPD_NULL 0 /* null discriminator, no data */
-#define EPD_LOCAL 1
-#define EPD_IP 2
-#define EPD_MAC 3
-#define EPD_MAGIC 4
-#define EPD_PHONENUM 5
-
-typedef void (*notify_func)(void *, int);
+struct option;
typedef void (*printer_func)(void *, char *, ...);
-struct notifier {
- struct notifier *next;
- notify_func func;
- void *arg;
-};
-
/*
- * Global variables.
- */
-
-extern int got_sigterm; /* SIGINT or SIGTERM was received */
-extern int hungup; /* Physical layer has disconnected */
-extern int ifunit; /* Interface unit number */
-extern char ifname[]; /* Interface name */
-extern char hostname[]; /* Our hostname */
-extern u_char outpacket_buf[]; /* Buffer for outgoing packets */
-extern int devfd; /* fd of underlying device */
-extern int fd_ppp; /* fd for talking PPP */
-extern int phase; /* Current state of link - see values below */
-extern int baud_rate; /* Current link speed in bits/sec */
-extern char *progname; /* Name of this program */
-extern int redirect_stderr;/* Connector's stderr should go to file */
-extern char peer_authname[];/* Authenticated name of peer */
-extern int auth_done[NUM_PPP]; /* Methods actually used for auth */
-extern int privileged; /* We were run by real-uid root */
-extern int need_holdoff; /* Need holdoff period after link terminates */
-extern char **script_env; /* Environment variables for scripts */
-extern int detached; /* Have detached from controlling tty */
-extern GIDSET_TYPE groups[NGROUPS_MAX]; /* groups the user is in */
-extern int ngroups; /* How many groups valid in groups */
-extern struct pppd_stats link_stats; /* byte/packet counts etc. for link */
-extern int link_stats_valid; /* set if link_stats is valid */
-extern unsigned link_connect_time; /* time the link was up for */
-extern int using_pty; /* using pty as device (notty or pty opt.) */
-extern int log_to_fd; /* logging to this fd as well as syslog */
-extern bool log_default; /* log_to_fd is default (stdout) */
-extern char *no_ppp_msg; /* message to print if ppp not in kernel */
-extern volatile int status; /* exit status for pppd */
-extern bool devnam_fixed; /* can no longer change devnam */
-extern int unsuccess; /* # unsuccessful connection attempts */
-extern int do_callback; /* set if we want to do callback next */
-extern int doing_callback; /* set if this is a callback */
-extern int error_count; /* # of times error() has been called */
-extern char ppp_devnam[MAXPATHLEN];
-extern char remote_number[MAXNAMELEN]; /* Remote telephone number, if avail. */
-extern int ppp_session_number; /* Session number (eg PPPoE session) */
-extern int fd_devnull; /* fd open to /dev/null */
-
-extern int listen_time; /* time to listen first (ms) */
-extern bool doing_multilink;
-extern bool multilink_master;
-extern bool bundle_eof;
-extern bool bundle_terminating;
-
-extern struct notifier *pidchange; /* for notifications of pid changing */
-extern struct notifier *phasechange; /* for notifications of phase changes */
-extern struct notifier *exitnotify; /* for notification that we're exiting */
-extern struct notifier *sigreceived; /* notification of received signal */
-extern struct notifier *ip_up_notifier; /* IPCP has come up */
-extern struct notifier *ip_down_notifier; /* IPCP has gone down */
-extern struct notifier *ipv6_up_notifier; /* IPV6CP has come up */
-extern struct notifier *ipv6_down_notifier; /* IPV6CP has gone down */
-extern struct notifier *auth_up_notifier; /* peer has authenticated */
-extern struct notifier *link_down_notifier; /* link has gone down */
-extern struct notifier *fork_notifier; /* we are a new child process */
-
-/* Values for do_callback and doing_callback */
-#define CALLBACK_DIALIN 1 /* we are expecting the call back */
-#define CALLBACK_DIALOUT 2 /* we are dialling out to call back */
-
-/*
- * Variables set by command-line options.
- */
-
-extern int debug; /* Debug flag */
-extern int kdebugflag; /* Tell kernel to print debug messages */
-extern int default_device; /* Using /dev/tty or equivalent */
-extern char devnam[MAXPATHLEN]; /* Device name */
-extern int crtscts; /* Use hardware flow control */
-extern int stop_bits; /* Number of serial port stop bits */
-extern bool modem; /* Use modem control lines */
-extern int inspeed; /* Input/Output speed requested */
-extern u_int32_t netmask; /* IP netmask to set on interface */
-extern bool lockflag; /* Create lock file to lock the serial dev */
-extern bool nodetach; /* Don't detach from controlling tty */
-#ifdef SYSTEMD
-extern bool up_sdnotify; /* Notify systemd once link is up (implies nodetach) */
-#endif
-extern bool updetach; /* Detach from controlling tty when link up */
-extern bool master_detach; /* Detach when multilink master without link */
-extern char *initializer; /* Script to initialize physical link */
-extern char *connect_script; /* Script to establish physical link */
-extern char *disconnect_script; /* Script to disestablish physical link */
-extern char *welcomer; /* Script to welcome client after connection */
-extern char *ptycommand; /* Command to run on other side of pty */
-extern int maxconnect; /* Maximum connect time (seconds) */
-extern char user[MAXNAMELEN];/* Our name for authenticating ourselves */
-extern char passwd[MAXSECRETLEN]; /* Password for PAP or CHAP */
-extern bool auth_required; /* Peer is required to authenticate */
-extern bool persist; /* Reopen link after it goes down */
-extern bool uselogin; /* Use /etc/passwd for checking PAP */
-extern bool session_mgmt; /* Do session management (login records) */
-extern char our_name[MAXNAMELEN];/* Our name for authentication purposes */
-extern char remote_name[MAXNAMELEN]; /* Peer's name for authentication */
-extern bool explicit_remote;/* remote_name specified with remotename opt */
-extern bool demand; /* Do dial-on-demand */
-extern char *ipparam; /* Extra parameter for ip up/down scripts */
-extern bool cryptpap; /* Others' PAP passwords are encrypted */
-extern int idle_time_limit;/* Shut down link if idle for this long */
-extern int holdoff; /* Dead time before restarting */
-extern bool holdoff_specified; /* true if user gave a holdoff value */
-extern bool notty; /* Stdin/out is not a tty */
-extern char *pty_socket; /* Socket to connect to pty */
-extern char *record_file; /* File to record chars sent/received */
-extern bool sync_serial; /* Device is synchronous serial device */
-extern int maxfail; /* Max # of unsuccessful connection attempts */
-extern char linkname[MAXPATHLEN]; /* logical name for link */
-extern bool tune_kernel; /* May alter kernel settings as necessary */
-extern int connect_delay; /* Time to delay after connect script */
-extern int max_data_rate; /* max bytes/sec through charshunt */
-extern int req_unit; /* interface unit number to use */
-extern char path_ipup[MAXPATHLEN]; /* pathname of ip-up script */
-extern char path_ipdown[MAXPATHLEN]; /* pathname of ip-down script */
-extern char req_ifname[IFNAMSIZ]; /* interface name to use */
-extern bool multilink; /* enable multilink operation */
-extern bool noendpoint; /* don't send or accept endpt. discrim. */
-extern char *bundle_name; /* bundle name for multilink */
-extern bool dump_options; /* print out option values */
-extern bool dryrun; /* check everything, print options, exit */
-extern int child_wait; /* # seconds to wait for children at end */
-
-#ifdef INET6
-extern char path_ipv6up[MAXPATHLEN]; /* pathname of ipv6-up script */
-extern char path_ipv6down[MAXPATHLEN]; /* pathname of ipv6-down script */
-#endif
-
-#if defined(USE_EAPTLS) || defined(USE_PEAP)
-
-#define TLS_VERIFY_NONE "none"
-#define TLS_VERIFY_NAME "name"
-#define TLS_VERIFY_SUBJECT "subject"
-#define TLS_VERIFY_SUFFIX "suffix"
-
-extern char *crl_dir;
-extern char *crl_file;
-extern char *ca_path;
-extern char *cacert_file;
-
-extern char *max_tls_version;
-extern bool tls_verify_key_usage;
-extern char *tls_verify_method;
-#endif /* USE_EAPTLS || USE_PEAP */
-
-#ifdef USE_EAPTLS
-extern char *pkcs12_file;
-#endif /* USE_EAPTLS */
-
-#ifdef MAXOCTETS
-extern unsigned int maxoctets; /* Maximum octetes per session (in bytes) */
-extern int maxoctets_dir; /* Direction :
- 0 - in+out (default)
- 1 - in
- 2 - out
- 3 - max(in,out) */
-extern int maxoctets_timeout; /* Timeout for check of octets limit */
-#define PPP_OCTETS_DIRECTION_SUM 0
-#define PPP_OCTETS_DIRECTION_IN 1
-#define PPP_OCTETS_DIRECTION_OUT 2
-#define PPP_OCTETS_DIRECTION_MAXOVERAL 3
-/* same as previos, but little different on RADIUS side */
-#define PPP_OCTETS_DIRECTION_MAXSESSION 4
-#endif
-
-#ifdef PPP_FILTER
-extern struct bpf_program pass_filter; /* Filter for pkts to pass */
-extern struct bpf_program active_filter; /* Filter for link-active pkts */
-#endif
-
-#ifdef MSLANMAN
-extern bool ms_lanman; /* Use LanMan password instead of NT */
- /* Has meaning only with MS-CHAP challenges */
-#endif
-
-/* Values for auth_pending, auth_done */
-#define PAP_WITHPEER 0x1
-#define PAP_PEER 0x2
-#define CHAP_WITHPEER 0x4
-#define CHAP_PEER 0x8
-#define EAP_WITHPEER 0x10
-#define EAP_PEER 0x20
-
-/* Values for auth_done only */
-#define CHAP_MD5_WITHPEER 0x40
-#define CHAP_MD5_PEER 0x80
-#define CHAP_MS_SHIFT 8 /* LSB position for MS auths */
-#define CHAP_MS_WITHPEER 0x100
-#define CHAP_MS_PEER 0x200
-#define CHAP_MS2_WITHPEER 0x400
-#define CHAP_MS2_PEER 0x800
-
-extern char *current_option; /* the name of the option being parsed */
-extern int privileged_option; /* set iff the current option came from root */
-extern char *option_source; /* string saying where the option came from */
-extern int option_priority; /* priority of current options */
-
-/*
- * Values for phase.
- */
-#define PHASE_DEAD 0
-#define PHASE_INITIALIZE 1
-#define PHASE_SERIALCONN 2
-#define PHASE_DORMANT 3
-#define PHASE_ESTABLISH 4
-#define PHASE_AUTHENTICATE 5
-#define PHASE_CALLBACK 6
-#define PHASE_NETWORK 7
-#define PHASE_RUNNING 8
-#define PHASE_TERMINATE 9
-#define PHASE_DISCONNECT 10
-#define PHASE_HOLDOFF 11
-#define PHASE_MASTER 12
-
-/*
- * The following struct gives the addresses of procedures to call
- * for a particular protocol.
+ * The following struct gives the addresses of procedures to call for a particular protocol.
*/
struct protent {
- u_short protocol; /* PPP protocol number */
+ /* PPP protocol number */
+ unsigned short protocol;
/* Initialization procedure */
void (*init)(int unit);
/* Process a received packet */
- void (*input)(int unit, u_char *pkt, int len);
+ void (*input)(int unit, unsigned char *pkt, int len);
/* Process a received protocol-reject */
void (*protrej)(int unit);
/* Lower layer has come up */
/* Close the protocol */
void (*close)(int unit, char *reason);
/* Print a packet in readable form */
- int (*printpkt)(u_char *pkt, int len, printer_func printer, void *arg);
+ int (*printpkt)(unsigned char *pkt, int len, printer_func printer, void *arg);
/* Process a received data packet */
- void (*datainput)(int unit, u_char *pkt, int len);
- bool enabled_flag; /* 0 iff protocol is disabled */
- char *name; /* Text name of protocol */
- char *data_name; /* Text name of corresponding data protocol */
- option_t *options; /* List of command-line options */
+ void (*datainput)(int unit, unsigned char *pkt, int len);
+ /* 0 iff protocol is disabled */
+ bool enabled_flag;
+ /* Text name of protocol */
+ char *name;
+ /* Text name of corresponding data protocol */
+ char *data_name;
+ /* List of command-line options */
+ struct option *options;
/* Check requested options, assign defaults */
void (*check_options)(void);
/* Configure interface for demand-dial */
int (*demand_conf)(int unit);
/* Say whether to bring up link for this pkt */
- int (*active_pkt)(u_char *pkt, int len);
+ int (*active_pkt)(unsigned char *pkt, int len);
};
/* Table of pointers to supported protocols */
extern struct protent *protocols[];
+
/*
- * This struct contains pointers to a set of procedures for
- * doing operations on a "channel". A channel provides a way
- * to send and receive PPP packets - the canonical example is
- * a serial port device in PPP line discipline (or equivalently
- * with PPP STREAMS modules pushed onto it).
+ * This struct contains pointers to a set of procedures for doing operations on a "channel".
+ * A channel provides a way to send and receive PPP packets - the canonical example is a serial
+ * port device in PPP line discipline (or equivalently with PPP STREAMS modules pushed onto it).
*/
struct channel {
/* set of options for this channel */
- option_t *options;
+ struct option *options;
/* find and process a per-channel options file */
void (*process_extra_options)(void);
/* check all the options that have been given */
/* take the channel out of PPP `mode', restore loopback if demand */
void (*disestablish_ppp)(int);
/* set the transmit-side PPP parameters of the channel */
- void (*send_config)(int, u_int32_t, int, int);
+ void (*send_config)(int, uint32_t, int, int);
/* set the receive-side PPP parameters of the channel */
- void (*recv_config)(int, u_int32_t, int, int);
+ void (*recv_config)(int, uint32_t, int, int);
/* cleanup on error or normal exit */
void (*cleanup)(void);
/* close the device, called in children after fork */
extern struct channel *the_channel;
+
/*
- * This structure contains environment variables that are set or unset
- * by the user.
+ * Functions for string formatting and debugging
*/
-struct userenv {
- struct userenv *ue_next;
- char *ue_value; /* value (set only) */
- bool ue_isset; /* 1 for set, 0 for unset */
- bool ue_priv; /* from privileged source */
- const char *ue_source; /* source name */
- char ue_name[1]; /* variable name */
-};
-extern struct userenv *userenv_list;
-
-/*
- * Prototypes.
- */
-
-/* Procedures exported from main.c. */
-void set_ifunit(int); /* set stuff that depends on ifunit */
-void detach(void); /* Detach from controlling tty */
-void die(int); /* Cleanup and exit */
-void quit(void); /* like die(1) */
-void novm(char *); /* Say we ran out of memory, and die */
-void timeout(void (*func)(void *), void *arg, int s, int us);
- /* Call func(arg) after s.us seconds */
-void untimeout(void (*func)(void *), void *arg);
- /* Cancel call to func(arg) */
-void record_child(int, char *, void (*) (void *), void *, int);
-pid_t safe_fork(int, int, int); /* Fork & close stuff in child */
-int device_script(char *cmd, int in, int out, int dont_wait);
- /* Run `cmd' with given stdin and stdout */
-pid_t run_program(char *prog, char **args, int must_exist,
- void (*done)(void *), void *arg, int wait);
- /* Run program prog with args in child */
-void reopen_log(void); /* (re)open the connection to syslog */
-void print_link_stats(void); /* Print stats, if available */
-void reset_link_stats(int); /* Reset (init) stats when link goes up */
-void update_link_stats(int); /* Get stats at link termination */
-void script_setenv(char *, char *, int); /* set script env var */
-void script_unsetenv(char *); /* unset script env var */
-void new_phase(int); /* signal start of new phase */
-void add_notifier(struct notifier **, notify_func, void *);
-void remove_notifier(struct notifier **, notify_func, void *);
-void notify(struct notifier *, int);
-int ppp_send_config(int, int, u_int32_t, int, int);
-int ppp_recv_config(int, int, u_int32_t, int, int);
-const char *protocol_name(int);
-void remove_pidfiles(void);
-void lock_db(void);
-void unlock_db(void);
-
-/* Procedures exported from tty.c. */
-void tty_init(void);
-
-/* Procedures exported from utils.c. */
-void log_packet(u_char *, int, char *, int);
- /* Format a packet and log it with syslog */
-void print_string(char *, int, printer_func, void *);
- /* Format a string for output */
-int slprintf(char *, int, char *, ...); /* sprintf++ */
-int vslprintf(char *, int, char *, va_list); /* vsprintf++ */
-size_t strlcpy(char *, const char *, size_t); /* safe strcpy */
-size_t strlcat(char *, const char *, size_t); /* safe strncpy */
-void dbglog(char *, ...); /* log a debug message */
-void info(char *, ...); /* log an informational message */
-void notice(char *, ...); /* log a notice-level message */
-void warn(char *, ...); /* log a warning message */
-void error(char *, ...); /* log an error message */
-void fatal(char *, ...); /* log an error message and die(1) */
-void init_pr_log(const char *, int); /* initialize for using pr_log */
-void pr_log(void *, char *, ...); /* printer fn, output to syslog */
-void end_pr_log(void); /* finish up after using pr_log */
-void dump_packet(const char *, u_char *, int);
- /* dump packet to debug log if interesting */
-ssize_t complete_read(int, void *, size_t);
- /* read a complete buffer */
-
-/* Procedures exported from auth.c */
-void link_required(int); /* we are starting to use the link */
-void start_link(int); /* bring the link up now */
-void link_terminated(int); /* we are finished with the link */
-void link_down(int); /* the LCP layer has left the Opened state */
-void upper_layers_down(int);/* take all NCPs down */
-void link_established(int); /* the link is up; authenticate now */
-void start_networks(int); /* start all the network control protos */
-void continue_networks(int); /* start network [ip, etc] control protos */
-void np_up(int, int); /* a network protocol has come up */
-void np_down(int, int); /* a network protocol has gone down */
-void np_finished(int, int); /* a network protocol no longer needs link */
-void auth_peer_fail(int, int);
- /* peer failed to authenticate itself */
-void auth_peer_success(int, int, int, char *, int);
- /* peer successfully authenticated itself */
-void auth_withpeer_fail(int, int);
- /* we failed to authenticate ourselves */
-void auth_withpeer_success(int, int, int);
- /* we successfully authenticated ourselves */
-void auth_check_options(void);
- /* check authentication options supplied */
-void auth_reset(int); /* check what secrets we have */
-int check_passwd(int, char *, int, char *, int, char **);
- /* Check peer-supplied username/password */
-int get_secret(int, char *, char *, char *, int *, int);
- /* get "secret" for chap */
-int get_srp_secret(int unit, char *client, char *server, char *secret,
- int am_server);
-int auth_ip_addr(int, u_int32_t);
- /* check if IP address is authorized */
-int auth_number(void); /* check if remote number is authorized */
-int bad_ip_adrs(u_int32_t);
- /* check if IP address is unreasonable */
-
-/* Procedures exported from demand.c */
-void demand_conf(void); /* config interface(s) for demand-dial */
-void demand_block(void); /* set all NPs to queue up packets */
-void demand_unblock(void); /* set all NPs to pass packets */
-void demand_discard(void); /* set all NPs to discard packets */
-void demand_rexmit(int); /* retransmit saved frames for an NP */
-int loop_chars(unsigned char *, int); /* process chars from loopback */
-int loop_frame(unsigned char *, int); /* should we bring link up? */
-
-/* Procedures exported from multilink.c */
-#ifdef HAVE_MULTILINK
-void mp_check_options(void); /* Check multilink-related options */
-int mp_join_bundle(void); /* join our link to an appropriate bundle */
-void mp_exit_bundle(void); /* have disconnected our link from bundle */
-void mp_bundle_terminated(void);
-char *epdisc_to_str(struct epdisc *); /* string from endpoint discrim. */
-int str_to_epdisc(struct epdisc *, char *); /* endpt disc. from str */
-#else
-#define mp_bundle_terminated() /* nothing */
-#define mp_exit_bundle() /* nothing */
-#define doing_multilink 0
-#define multilink_master 0
-#endif
+/* Is debug enabled */
+bool debug_on();
-/* Procedures exported from sys-*.c */
-void sys_init(void); /* Do system-dependent initialization */
-void sys_cleanup(void); /* Restore system state before exiting */
-int sys_check_options(void); /* Check options specified */
-void sys_close(void); /* Clean up in a child before execing */
-int ppp_available(void); /* Test whether ppp kernel support exists */
-int get_pty(int *, int *, char *, int); /* Get pty master/slave */
-int open_ppp_loopback(void); /* Open loopback for demand-dialling */
-int tty_establish_ppp(int); /* Turn serial port into a ppp interface */
-void tty_disestablish_ppp(int); /* Restore port to normal operation */
-void generic_disestablish_ppp(int dev_fd); /* Restore device setting */
-int generic_establish_ppp(int dev_fd); /* Make a ppp interface */
-void make_new_bundle(int, int, int, int); /* Create new bundle */
-int bundle_attach(int); /* Attach link to existing bundle */
-void cfg_bundle(int, int, int, int); /* Configure existing bundle */
-void destroy_bundle(void); /* Tell driver to destroy bundle */
-void clean_check(void); /* Check if line was 8-bit clean */
-void set_up_tty(int, int); /* Set up port's speed, parameters, etc. */
-void restore_tty(int); /* Restore port's original parameters */
-void setdtr(int, int); /* Raise or lower port's DTR line */
-void output(int, u_char *, int); /* Output a PPP packet */
-void wait_input(struct timeval *);
- /* Wait for input, with timeout */
-void add_fd(int); /* Add fd to set to wait for */
-void remove_fd(int); /* Remove fd from set to wait for */
-int read_packet(u_char *); /* Read PPP packet */
-int get_loop_output(void); /* Read pkts from loopback */
-void tty_send_config(int, u_int32_t, int, int);
- /* Configure i/f transmit parameters */
-void tty_set_xaccm(ext_accm);
- /* Set extended transmit ACCM */
-void tty_recv_config(int, u_int32_t, int, int);
- /* Configure i/f receive parameters */
-int ccp_test(int, u_char *, int, int);
- /* Test support for compression scheme */
-void ccp_flags_set(int, int, int);
- /* Set kernel CCP state */
-int ccp_fatal_error(int); /* Test for fatal decomp error in kernel */
-int get_idle_time(int, struct ppp_idle *);
- /* Find out how long link has been idle */
-int get_ppp_stats(int, struct pppd_stats *);
- /* Return link statistics */
-void netif_set_mtu(int, int); /* Set PPP interface MTU */
-int netif_get_mtu(int); /* Get PPP interface MTU */
-int sifvjcomp(int, int, int, int);
- /* Configure VJ TCP header compression */
-int sifup(int); /* Configure i/f up for one protocol */
-int sifnpmode(int u, int proto, enum NPmode mode);
- /* Set mode for handling packets for proto */
-int sifdown(int); /* Configure i/f down for one protocol */
-int sifaddr(int, u_int32_t, u_int32_t, u_int32_t);
- /* Configure IPv4 addresses for i/f */
-int cifaddr(int, u_int32_t, u_int32_t);
- /* Reset i/f IP addresses */
-#ifdef INET6
-int sif6up(int); /* Configure i/f up for IPv6 */
-int sif6down(int); /* Configure i/f down for IPv6 */
-int sif6addr(int, eui64_t, eui64_t);
- /* Configure IPv6 addresses for i/f */
-int cif6addr(int, eui64_t, eui64_t);
- /* Remove an IPv6 address from i/f */
-#endif
-int sifdefaultroute(int, u_int32_t, u_int32_t, bool replace_default_rt);
- /* Create default route through i/f */
-int cifdefaultroute(int, u_int32_t, u_int32_t);
- /* Delete default route through i/f */
-#ifdef INET6
-int sif6defaultroute(int, eui64_t, eui64_t);
- /* Create default IPv6 route through i/f */
-int cif6defaultroute(int, eui64_t, eui64_t);
- /* Delete default IPv6 route through i/f */
-#endif
-int sifproxyarp(int, u_int32_t);
- /* Add proxy ARP entry for peer */
-int cifproxyarp(int, u_int32_t);
- /* Delete proxy ARP entry for peer */
-u_int32_t GetMask(u_int32_t); /* Get appropriate netmask for address */
-int lock(char *); /* Create lock file for device */
-int relock(int); /* Rewrite lock file with new pid */
-void unlock(void); /* Delete previously-created lock file */
-void logwtmp(const char *, const char *, const char *);
- /* Write entry to wtmp file */
-int get_host_seed(void); /* Get host-dependent random number seed */
-int have_route_to(u_int32_t); /* Check if route to addr exists */
-#ifdef PPP_FILTER
-int set_filters(struct bpf_program *pass, struct bpf_program *active);
- /* Set filter programs in kernel */
-#endif
-#ifdef IPX_CHANGE
-int sipxfaddr(int, unsigned long, unsigned char *);
-int cipxfaddr(int);
-#endif
-int get_if_hwaddr(u_char *addr, char *name);
-int get_first_ether_hwaddr(u_char *addr);
-int get_time(struct timeval *);
- /* Get current time, monotonic if possible. */
-
-/* Procedures exported from options.c */
-int setipaddr(char *, char **, int); /* Set local/remote ip addresses */
-int parse_args(int argc, char **argv);
- /* Parse options from arguments given */
-int options_from_file(char *filename, int must_exist, int check_prot,
- int privileged);
- /* Parse options from an options file */
-int options_from_user(void); /* Parse options from user's .ppprc */
-int options_for_tty(void); /* Parse options from /etc/ppp/options.tty */
-int options_from_list(struct wordlist *, int privileged);
- /* Parse options from a wordlist */
-int getword(FILE *f, char *word, int *newlinep, char *filename);
- /* Read a word from a file */
-void option_error(char *fmt, ...);
- /* Print an error message about an option */
-int int_option(char *, int *);
- /* Simplified number_option for decimal ints */
-void add_options(option_t *); /* Add extra options */
-void check_options(void); /* check values after all options parsed */
-int override_value(char *, int, const char *);
- /* override value if permitted by priority */
-void print_options(printer_func, void *);
- /* print out values of all options */
-
-int parse_dotted_ip(char *, u_int32_t *);
-
-/*
- * Hooks to enable plugins to change various things.
+/* Safe sprintf++ */
+int slprintf(char *, int, const char *, ...);
+
+/* vsprintf++ */
+int vslprintf(char *, int, const char *, va_list);
+
+/* safe strcpy */
+size_t strlcpy(char *, const char *, size_t);
+
+/* safe strncpy */
+size_t strlcat(char *, const char *, size_t);
+
+/* log a debug message */
+void dbglog(const char *, ...);
+
+/* log an informational message */
+void info(const char *, ...);
+
+/* log a notice-level message */
+void notice(const char *, ...);
+
+/* log a warning message */
+void warn(const char *, ...);
+
+/* log an error message */
+void error(const char *, ...);
+
+/* log an error message and die(1) */
+void fatal(const char *, ...);
+
+/* Say we ran out of memory, and die */
+void novm(const char *);
+
+/* Format a packet and log it with syslog */
+void log_packet(unsigned char *, int, char *, int);
+
+/* dump packet to debug log if interesting */
+void dump_packet(const char *, unsigned char *, int);
+
+/* initialize for using pr_log */
+void init_pr_log(const char *, int);
+
+/* printer fn, output to syslog */
+void pr_log(void *, char *, ...);
+
+/* finish up after using pr_log */
+void end_pr_log(void);
+
+/*
+ * Get the current exist status of pppd
*/
-extern int (*new_phase_hook)(int);
-extern int (*idle_time_hook)(struct ppp_idle *);
-extern int (*holdoff_hook)(void);
-extern int (*pap_check_hook)(void);
-extern int (*pap_auth_hook)(char *user, char *passwd, char **msgp,
- struct wordlist **paddrs,
- struct wordlist **popts);
-extern void (*pap_logout_hook)(void);
-extern int (*pap_passwd_hook)(char *user, char *passwd);
-extern int (*allowed_address_hook)(u_int32_t addr);
-extern void (*ip_up_hook)(void);
-extern void (*ip_down_hook)(void);
-extern void (*ip_choose_hook)(u_int32_t *);
-extern void (*ipv6_up_hook)(void);
-extern void (*ipv6_down_hook)(void);
-
-extern int (*chap_check_hook)(void);
-extern int (*chap_passwd_hook)(char *user, char *passwd);
-extern void (*multilink_join_hook)(void);
-
-#ifdef USE_EAPTLS
-extern int (*eaptls_passwd_hook)(char *user, char *passwd);
-#endif
+ppp_exit_code_t ppp_status();
-/* Let a plugin snoop sent and received packets. Useful for L2TP */
-extern void (*snoop_recv_hook)(unsigned char *p, int len);
-extern void (*snoop_send_hook)(unsigned char *p, int len);
+/*
+ * Set the exit status
+ */
+void ppp_set_status(ppp_exit_code_t code);
/*
- * Inline versions of get/put char/short/long.
- * Pointer is advanced; we assume that both arguments
- * are lvalues and will already be in registers.
- * cp MUST be u_char *.
+ * Configure the session's maximum number of octets
*/
-#define GETCHAR(c, cp) { \
- (c) = *(cp)++; \
-}
-#define PUTCHAR(c, cp) { \
- *(cp)++ = (u_char) (c); \
-}
+void ppp_set_session_limit(unsigned int octets);
+/*
+ * Which direction to limit the number of octets
+ */
+void ppp_set_session_limit_dir(unsigned int direction);
-#define GETSHORT(s, cp) { \
- (s) = *(cp)++ << 8; \
- (s) |= *(cp)++; \
-}
-#define PUTSHORT(s, cp) { \
- *(cp)++ = (u_char) ((s) >> 8); \
- *(cp)++ = (u_char) (s); \
-}
+/*
+ * Get the current link stats, returns true when valid and false if otherwise
+ */
+bool ppp_get_link_stats(ppp_link_stats_st *stats);
-#define GETLONG(l, cp) { \
- (l) = *(cp)++ << 8; \
- (l) |= *(cp)++; (l) <<= 8; \
- (l) |= *(cp)++; (l) <<= 8; \
- (l) |= *(cp)++; \
-}
-#define PUTLONG(l, cp) { \
- *(cp)++ = (u_char) ((l) >> 24); \
- *(cp)++ = (u_char) ((l) >> 16); \
- *(cp)++ = (u_char) ((l) >> 8); \
- *(cp)++ = (u_char) (l); \
-}
+/*
+ * Get pppd's notion of time
+ */
+int ppp_get_time(struct timeval *);
-#define INCPTR(n, cp) ((cp) += (n))
-#define DECPTR(n, cp) ((cp) -= (n))
+/*
+ * Schedule a callback in s.us seconds from now
+ */
+typedef void (*ppp_timer_cb)(void *arg);
+void ppp_timeout(ppp_timer_cb func, void *arg, int s, int us);
/*
- * System dependent definitions for user-level 4.3BSD UNIX implementation.
+ * Cancel any pending timer callbacks
*/
+void ppp_untimeout(void (*func)(void *), void *arg);
-#define TIMEOUT(r, f, t) timeout((r), (f), (t), 0)
-#define UNTIMEOUT(r, f) untimeout((r), (f))
+/*
+ * Clean up in a child before execing
+ */
+void ppp_sys_close(void);
-#define BCOPY(s, d, l) memcpy(d, s, l)
-#define BZERO(s, n) memset(s, 0, n)
-#define BCMP(s1, s2, l) memcmp(s1, s2, l)
+/*
+ * Fork & close stuff in child
+ */
+pid_t ppp_safe_fork(int, int, int);
-#define PRINTMSG(m, l) { info("Remote message: %0.*v", l, m); }
+/*
+ * Get the current hostname
+ */
+const char *ppp_hostname();
/*
- * MAKEHEADER - Add Header fields to a packet.
+ * Is pppd using pty as a device (opposed to notty or pty opt).
*/
-#define MAKEHEADER(p, t) { \
- PUTCHAR(PPP_ALLSTATIONS, p); \
- PUTCHAR(PPP_UI, p); \
- PUTSHORT(t, p); }
+bool ppp_using_pty();
/*
- * Exit status values.
+ * Device is synchronous serial device
*/
-#define EXIT_OK 0
-#define EXIT_FATAL_ERROR 1
-#define EXIT_OPTION_ERROR 2
-#define EXIT_NOT_ROOT 3
-#define EXIT_NO_KERNEL_SUPPORT 4
-#define EXIT_USER_REQUEST 5
-#define EXIT_LOCK_FAILED 6
-#define EXIT_OPEN_FAILED 7
-#define EXIT_CONNECT_FAILED 8
-#define EXIT_PTYCMD_FAILED 9
-#define EXIT_NEGOTIATION_FAILED 10
-#define EXIT_PEER_AUTH_FAILED 11
-#define EXIT_IDLE_TIMEOUT 12
-#define EXIT_CONNECT_TIME 13
-#define EXIT_CALLBACK 14
-#define EXIT_PEER_DEAD 15
-#define EXIT_HANGUP 16
-#define EXIT_LOOPBACK 17
-#define EXIT_INIT_FAILED 18
-#define EXIT_AUTH_TOPEER_FAILED 19
-#ifdef MAXOCTETS
-#define EXIT_TRAFFIC_LIMIT 20
-#endif
-#define EXIT_CNID_AUTH_FAILED 21
+bool ppp_sync_serial();
/*
- * Debug macros. Slightly useful for finding bugs in pppd, not particularly
- * useful for finding out why your connection isn't being established.
+ * Modem mode
*/
-#ifdef DEBUGALL
-#define DEBUGMAIN 1
-#define DEBUGFSM 1
-#define DEBUGLCP 1
-#define DEBUGIPCP 1
-#define DEBUGIPV6CP 1
-#define DEBUGUPAP 1
-#define DEBUGCHAP 1
-#endif
+bool ppp_get_modem();
-#ifndef LOG_PPP /* we use LOG_LOCAL2 for syslog by default */
-#if defined(DEBUGMAIN) || defined(DEBUGFSM) || defined(DEBUGSYS) \
- || defined(DEBUGLCP) || defined(DEBUGIPCP) || defined(DEBUGUPAP) \
- || defined(DEBUGCHAP) || defined(DEBUG) || defined(DEBUGIPV6CP)
-#define LOG_PPP LOG_LOCAL2
-#else
-#define LOG_PPP LOG_DAEMON
-#endif
-#endif /* LOG_PPP */
+/*
+ * Control the mode of the tty terminal
+ */
+void ppp_set_modem(bool on);
-#ifdef DEBUGMAIN
-#define MAINDEBUG(x) if (debug) dbglog x
-#else
-#define MAINDEBUG(x)
-#endif
+/*
+ * Set the current session number, e.g. for PPPoE
+ */
+void ppp_set_session_number(int number);
-#ifdef DEBUGSYS
-#define SYSDEBUG(x) if (debug) dbglog x
-#else
-#define SYSDEBUG(x)
-#endif
+/*
+ * Set the current session number, e.g. for PPPoE
+ */
+int ppp_get_session_number(void);
-#ifdef DEBUGFSM
-#define FSMDEBUG(x) if (debug) dbglog x
-#else
-#define FSMDEBUG(x)
-#endif
+/*
+ * Check if pppd got signaled, returns 0 if not signaled, returns -1 on failure, and the signal number when signaled.
+ */
+bool ppp_signaled(int sig);
-#ifdef DEBUGLCP
-#define LCPDEBUG(x) if (debug) dbglog x
-#else
-#define LCPDEBUG(x)
-#endif
+/*
+ * Maximum connect time in seconds
+ */
+int ppp_get_max_connect_time(void);
-#ifdef DEBUGIPCP
-#define IPCPDEBUG(x) if (debug) dbglog x
-#else
-#define IPCPDEBUG(x)
-#endif
+/*
+ * Set the maximum connect time in seconds
+ */
+void ppp_set_max_connect_time(unsigned int max);
-#ifdef DEBUGIPV6CP
-#define IPV6CPDEBUG(x) if (debug) dbglog x
-#else
-#define IPV6CPDEBUG(x)
-#endif
+/*
+ * Get the link idle time before shutting the link down
+ */
+int ppp_get_max_idle_time(void);
-#ifdef DEBUGUPAP
-#define UPAPDEBUG(x) if (debug) dbglog x
-#else
-#define UPAPDEBUG(x)
-#endif
+/*
+ * Set the link idle time before shutting the link down
+ */
+void ppp_set_max_idle_time(unsigned int idle);
-#ifdef DEBUGCHAP
-#define CHAPDEBUG(x) if (debug) dbglog x
-#else
-#define CHAPDEBUG(x)
-#endif
+/*
+ * Get the duration the link was up (uptime)
+ */
+int ppp_get_link_uptime();
-#ifdef DEBUGIPXCP
-#define IPXCPDEBUG(x) if (debug) dbglog x
-#else
-#define IPXCPDEBUG(x)
-#endif
+/*
+ * Get the ipparam configured with pppd
+ */
+const char *ppp_ipparam();
-#ifndef SIGTYPE
-#if defined(sun) || defined(SYSV) || defined(POSIX_SOURCE)
-#define SIGTYPE void
-#else
-#define SIGTYPE int
-#endif /* defined(sun) || defined(SYSV) || defined(POSIX_SOURCE) */
-#endif /* SIGTYPE */
+/*
+ * check if IP address is unreasonable
+ */
+bool ppp_bad_ip_addr(uint32_t);
-#ifndef MIN
-#define MIN(a, b) ((a) < (b)? (a): (b))
-#endif
-#ifndef MAX
-#define MAX(a, b) ((a) > (b)? (a): (b))
-#endif
+/*
+ * Expose an environment variable to scripts
+ */
+void ppp_script_setenv(char *, char *, int);
+
+/*
+ * Unexpose an environment variable to scripts
+ */
+void ppp_script_unsetenv(char *);
+
+/*
+ * Test whether ppp kernel support exists
+ */
+int ppp_check_kernel_support(void);
+
+/*
+ * Restore device setting
+ */
+void ppp_generic_disestablish(int dev_fd);
-#ifndef offsetof
-#define offsetof(type, member) ((size_t) &((type *)0)->member)
+/*
+ * Set the interface MTU
+ */
+void ppp_set_mtu(int, int);
+
+/*
+ * Get the interface MTU
+ */
+int ppp_get_mtu(int);
+
+/*
+ * Make a ppp interface
+ */
+int ppp_generic_establish(int dev_fd);
+
+/*
+ * Get the peer's authentication name
+ */
+const char *ppp_peer_authname(char *buf, size_t bufsz);
+
+/*
+ * Get the remote name
+ */
+const char *ppp_remote_name();
+
+/*
+ * Get the remote number (if set), otherwise return NULL
+ */
+const char *ppp_get_remote_number(void);
+
+/*
+ * Set the remote number, typically it's a MAC address
+ */
+void ppp_set_remote_number(const char *buf);
+
+/*
+ * Get the current interface unit for the pppX device
+ */
+int ppp_ifunit();
+
+/*
+ * Get the current interface name
+ */
+const char *ppp_ifname();
+
+/*
+ * Get the current interface name
+ */
+int ppp_get_ifname(char *buf, size_t bufsz);
+
+/*
+ * Set the current interface name, ifname is a \0 terminated string
+ */
+void ppp_set_ifname(const char *ifname);
+
+/*
+ * Set the original devnam (prior to any renaming, etc).
+ */
+int ppp_set_pppdevnam(const char *name);
+
+/*
+ * Get the original devnam (prior to any renaming, etc).
+ */
+const char *ppp_pppdevnam();
+
+/*
+ * Get the current devnam, e.g. /dev/ttyS0, /dev/ptmx
+ */
+const char *ppp_devnam();
+
+/*
+ * Set the device name
+ */
+int ppp_set_devnam(const char *name);
+
+/*
+ * Definition for the notify callback function
+ * ctx - contextual argument provided with the registration
+ * arg - anything passed by the notification, e.g. phase, pid, etc
+ */
+typedef void (ppp_notify_fn)(void *ctx, int arg);
+
+/*
+ * Add a callback notification for when a given event has occured
+ */
+void ppp_add_notify(ppp_notify_t type, ppp_notify_fn *func, void *ctx);
+
+/*
+ * Remove a callback notification previously registered
+ */
+void ppp_del_notify(ppp_notify_t type, ppp_notify_fn *func, void *ctx);
+
+/*
+ * Get the path prefix in which a file is installed
+ */
+int ppp_get_path(ppp_path_t type, char *buf, size_t bufsz);
+
+/*
+ * Get the file with path prefix
+ */
+int ppp_get_filepath(ppp_path_t type, const char *name, char *buf, size_t bufsz);
+
+/*
+ * Check if pppd is to re-open link after it goes down
+ */
+bool ppp_persist();
+
+/*
+ * Hooks to enable plugins to hook into various parts of the code
+ */
+
+struct ppp_idle; /* Declared in <linux/ppp_defs.h> */
+extern int (*idle_time_hook)(struct ppp_idle *);
+extern int (*new_phase_hook)(int);
+extern int (*holdoff_hook)(void);
+extern int (*allowed_address_hook)(uint32_t addr);
+extern void (*snoop_recv_hook)(unsigned char *p, int len);
+extern void (*snoop_send_hook)(unsigned char *p, int len);
+
+#ifdef __cplusplus
+}
#endif
-#endif /* __PPP_H__ */
+#endif /* PPP_PPPD_H */
+/*
+ * Copyright (c) 2022 Eivind Næss. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
/*
* This file is generated by configure and sets the features enabled
* in pppd when configured.
*/
-/* "Have Microsoft CHAP support" */
-#undef CHAPMS
-
-/* "Have Microsoft MPPE support" */
-#undef MPPE
-
-/* "Have multilink support" */
-#undef HAVE_MULTILINK
-
-/* "Have IPX Control Protocol" */
-#undef IPX_CHANGE
+#ifndef PPP_PPPDCONF_H
+#define PPP_PPPDCONF_H
-/* "Have packet activity filter support" */
-#undef PPP_FILTER
+/* Have Microsoft CHAP support */
+#undef PPP_WITH_CHAPMS
-/* "Have support for loadable plugins" */
-#undef PLUGIN
+/* Have Microsoft LAN Manager support */
+#undef PPP_WITH_MSLANMAN
-/* "Limit sessions by maximum number of octets" */
-#undef MAXOCTETS
+/* Have Microsoft MPPE support */
+#undef PPP_WITH_MPPE
-/* Have Microsoft Callback Protocol support */
-#undef CBCP_SUPPORT
+/* Have multilink support */
+#undef PPP_WITH_MULTILINK
-/* "Include Trivial Database support" */
-#undef USE_TDB
+/* Have packet activity filter support */
+#undef PPP_WITH_FILTER
-/* "Have IPv6 support" */
-#undef INET6
+/* Have support for loadable plugins */
+#undef PPP_WITH_PLUGINS
-/* "Support for Pluggable Authentication Modules" */
-#undef USE_PAM
+/* Have Callback Protocol support */
+#undef PPP_WITH_CBCP
-/* "Have EAP-SRP authentication support" */
-#undef USE_SRP
+/* Include TDB support */
+#undef PPP_WITH_TDB
-/* "Have EAP-TLS authentication support" */
-#undef USE_EAPTLS
+/* Have IPv6 Control Protocol */
+#undef PPP_WITH_IPV6CP
-/* "Have PEAP authentication support" */
-#undef USE_PEAP
+/* Support for Pluggable Authentication Modules */
+#undef PPP_WITH_PAM
-/* Use included des included with pppd */
-#undef USE_CRYPT
+/* Have EAP-SRP authentication support */
+#undef PPP_WITH_SRP
-/* Use included md4 included with pppd */
-#undef USE_MD4
+/* Have EAP-TLS authentication support */
+#undef PPP_WITH_EAPTLS
-/* Use included md5 included with pppd */
-#undef USE_MD5
+/* Have PEAP authentication support */
+#undef PPP_WITH_PEAP
-/* Use included sha included with pppd */
-#undef USE_SHA
+/* The pppd version */
+#undef PPPD_VERSION
-/* Version number of package */
-#undef VERSION
+#endif
* 3. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
#include <utmp.h>
#include <fcntl.h>
#include <unistd.h>
-#include "pppd.h"
+#include "pppd-private.h"
#include "session.h"
-#ifdef USE_PAM
+#ifdef PPP_WITH_PAM
#include <security/pam_appl.h>
-#endif /* #ifdef USE_PAM */
+#endif /* #ifdef PPP_WITH_PAM */
#define SET_MSG(var, msg) if (var != NULL) { var[0] = msg; }
#define COPY_STRING(s) ((s) ? strdup(s) : NULL)
/* We have successfully started a session */
static bool logged_in = 0;
-#ifdef USE_PAM
+#ifdef PPP_WITH_PAM
/*
* Static variables used to communicate between the conversation function
* and the server_login function
&conversation,
NULL
};
-#endif /* #ifdef USE_PAM */
+#endif /* #ifdef PPP_WITH_PAM */
int
session_start(const int flags, const char *user, const char *passwd, const char *ttyName, char **msg)
{
-#ifdef USE_PAM
+#ifdef PPP_WITH_PAM
bool ok = 1;
const char *usr;
int pam_error;
bool try_session = 0;
-#else /* #ifdef USE_PAM */
+#else /* #ifdef PPP_WITH_PAM */
struct passwd *pw;
char *cbuf;
#ifdef HAVE_SHADOW_H
struct spwd *getspnam();
long now = 0;
#endif /* #ifdef HAVE_SHADOW_H */
-#endif /* #ifdef USE_PAM */
+#endif /* #ifdef PPP_WITH_PAM */
SET_MSG(msg, SUCCESS_MSG);
return SESSION_FAILED;
}
-#ifdef USE_PAM
+#ifdef PPP_WITH_PAM
/* Find the '\\' in the username */
/* This needs to be fixed to support different username schemes */
if ((usr = strchr(user, '\\')) == NULL)
/* If our PAM checks have already failed, then we must return a failure */
if (!ok) return SESSION_FAILED;
-#else /* #ifdef USE_PAM */
+#else /* #ifdef PPP_WITH_PAM */
/*
* Use the non-PAM methods directly. 'pw' will remain NULL if the user
return SESSION_FAILED;
}
-#endif /* #ifdef USE_PAM */
+#endif /* #ifdef PPP_WITH_PAM */
/*
* Write a wtmp entry for this user.
logwtmp(ttyName, user, ifname); /* Add wtmp login entry */
logged_in = 1;
-#if defined(_PATH_LASTLOG) && !defined(USE_PAM)
+#if defined(_PATH_LASTLOG) && !defined(PPP_WITH_PAM)
/*
* Enter the user in lastlog only if he has been authenticated using
* local system services. If he has not, then we don't know what his
(void)close(fd);
}
}
-#endif /* _PATH_LASTLOG and not USE_PAM */
+#endif /* _PATH_LASTLOG and not PPP_WITH_PAM */
info("user %s logged in on tty %s intf %s", user, ttyName, ifname);
}
void
session_end(const char* ttyName)
{
-#ifdef USE_PAM
+#ifdef PPP_WITH_PAM
int pam_error = PAM_SUCCESS;
if (pamh != NULL) {
* 3. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#ifndef PPP_SESSION_H
+#define PPP_SESSION_H
+
#include "pppdconf.h"
-#ifndef __SESSION_H
-#define __SESSION_H
+#ifdef __cplusplus
+extern "C" {
+#endif
#define SESS_AUTH 1 /* Check User Authentication */
#define SESS_ACCT 2 /* Check Account Validity */
void
session_end(const char* tty);
+#ifdef __cplusplus
+}
#endif
+
+#endif // PPP_SESSION_H
+++ /dev/null
-/*
- * ftp://ftp.funet.fi/pub/crypt/hash/sha/sha1.c
- *
- * SHA-1 in C
- * By Steve Reid <steve@edmweb.com>
- * 100% Public Domain
- *
- * Test Vectors (from FIPS PUB 180-1)
- * "abc"
- * A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
- * "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
- * 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
- * A million repetitions of "a"
- * 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
- */
-
-#ifdef HAVE_CONFIG_H
-#include "config.h"
-#endif
-
-/* #define SHA1HANDSOFF * Copies data before messing with it. */
-
-#include <string.h>
-#include <time.h>
-#include <netinet/in.h> /* htonl() */
-#include <net/ppp_defs.h>
-#include "sha1.h"
-
-static void
-SHA1_Transform(u_int32_t[5], const unsigned char[64]);
-
-#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
-
-/* blk0() and blk() perform the initial expand. */
-/* I got the idea of expanding during the round function from SSLeay */
-#define blk0(i) (block->l[i] = htonl(block->l[i]))
-#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \
- ^block->l[(i+2)&15]^block->l[i&15],1))
-
-/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
-#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);
-#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);
-#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);
-#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);
-#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
-
-
-/* Hash a single 512-bit block. This is the core of the algorithm. */
-
-static void
-SHA1_Transform(u_int32_t state[5], const unsigned char buffer[64])
-{
- u_int32_t a, b, c, d, e;
- typedef union {
- unsigned char c[64];
- u_int32_t l[16];
- } CHAR64LONG16;
- CHAR64LONG16 *block;
-
-#ifdef SHA1HANDSOFF
- static unsigned char workspace[64];
- block = (CHAR64LONG16 *) workspace;
- memcpy(block, buffer, 64);
-#else
- block = (CHAR64LONG16 *) buffer;
-#endif
- /* Copy context->state[] to working vars */
- a = state[0];
- b = state[1];
- c = state[2];
- d = state[3];
- e = state[4];
- /* 4 rounds of 20 operations each. Loop unrolled. */
- R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
- R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
- R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
- R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
- R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
- R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
- R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
- R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
- R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
- R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
- R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
- R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
- R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
- R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
- R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
- R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
- R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
- R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
- R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
- R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
- /* Add the working vars back into context.state[] */
- state[0] += a;
- state[1] += b;
- state[2] += c;
- state[3] += d;
- state[4] += e;
- /* Wipe variables */
- a = b = c = d = e = 0;
-}
-
-
-/* SHA1Init - Initialize new context */
-
-void
-SHA1_Init(SHA1_CTX *context)
-{
- /* SHA1 initialization constants */
- context->state[0] = 0x67452301;
- context->state[1] = 0xEFCDAB89;
- context->state[2] = 0x98BADCFE;
- context->state[3] = 0x10325476;
- context->state[4] = 0xC3D2E1F0;
- context->count[0] = context->count[1] = 0;
-}
-
-
-/* Run your data through this. */
-
-void
-SHA1_Update(SHA1_CTX *context, const unsigned char *data, unsigned int len)
-{
- unsigned int i, j;
-
- j = (context->count[0] >> 3) & 63;
- if ((context->count[0] += len << 3) < (len << 3)) context->count[1]++;
- context->count[1] += (len >> 29);
- i = 64 - j;
- while (len >= i) {
- memcpy(&context->buffer[j], data, i);
- SHA1_Transform(context->state, context->buffer);
- data += i;
- len -= i;
- i = 64;
- j = 0;
- }
-
- memcpy(&context->buffer[j], data, len);
-}
-
-
-/* Add padding and return the message digest. */
-
-void
-SHA1_Final(unsigned char digest[20], SHA1_CTX *context)
-{
- u_int32_t i, j;
- unsigned char finalcount[8];
-
- for (i = 0; i < 8; i++) {
- finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)]
- >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */
- }
- SHA1_Update(context, (unsigned char *) "\200", 1);
- while ((context->count[0] & 504) != 448) {
- SHA1_Update(context, (unsigned char *) "\0", 1);
- }
- SHA1_Update(context, finalcount, 8); /* Should cause a SHA1Transform() */
- for (i = 0; i < 20; i++) {
- digest[i] = (unsigned char)
- ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255);
- }
- /* Wipe variables */
- i = j = 0;
- memset(context->buffer, 0, 64);
- memset(context->state, 0, 20);
- memset(context->count, 0, 8);
- memset(&finalcount, 0, 8);
-#ifdef SHA1HANDSOFF /* make SHA1Transform overwrite it's own static vars */
- SHA1Transform(context->state, context->buffer);
-#endif
-}
-
+++ /dev/null
-/* sha1.h */
-
-#include "pppdconf.h"
-
-#ifndef __SHA1_INCLUDE_
-#define __SHA1_INCLUDE_
-
-#ifndef USE_SHA
-#include <openssl/sha.h>
-
-#define SHA1_CTX SHA_CTX
-#define SHA1_SIGNATURE_SIZE SHA_DIGEST_LENGTH
-
-#else
-
-#ifndef SHA1_SIGNATURE_SIZE
-#ifdef SHA_DIGESTSIZE
-#define SHA1_SIGNATURE_SIZE SHA_DIGESTSIZE
-#else
-#define SHA1_SIGNATURE_SIZE 20
-#endif
-#endif
-
-typedef struct {
- u_int32_t state[5];
- u_int32_t count[2];
- unsigned char buffer[64];
-} SHA1_CTX;
-
-extern void SHA1_Init(SHA1_CTX *);
-extern void SHA1_Update(SHA1_CTX *, const unsigned char *, unsigned int);
-extern void SHA1_Final(unsigned char[SHA1_SIGNATURE_SIZE], SHA1_CTX *);
-
-#endif /* USE_SHA */
-#endif /* __SHA1_INCLUDE_ */
-#include "pppdconf.h"
+/*
+ Unix SMB/CIFS implementation.
+
+ trivial database library
+
+ Copyright (C) Anton Blanchard 2001
+
+ ** NOTE! The following LGPL license applies to the tdb
+ ** library. This does NOT imply that all of Samba is released
+ ** under the LGPL
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+*/
-#ifndef __SPINLOCK_H__
-#define __SPINLOCK_H__
+#ifndef PPP_SPINLOCK_H
+#define PPP_SPINLOCK_H
+
+#include "pppdconf.h"
#include "tdb.h"
#endif
-#endif
+#endif // PPP_SPINLOCK_H
* 3. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
#include <sys/stat.h>
#include <sys/utsname.h>
#include <sys/sysmacros.h>
+#include <sys/param.h>
#include <errno.h>
#include <stddef.h>
#include <netinet/in.h>
#include <arpa/inet.h>
-#include <linux/ppp_defs.h>
-#include <linux/if_ppp.h>
+#include <linux/ppp-ioctl.h>
#include <linux/netlink.h>
#include <linux/rtnetlink.h>
#include <linux/if_link.h>
-/* Attempt at retaining compile-support with older than 4.7 kernels, or kernels
- * where RTM_NEWSTATS isn't defined for whatever reason.
- */
-#ifndef RTM_NEWSTATS
-#define RTM_NEWSTATS 92
-#define RTM_GETSTATS 94
-#define IFLA_STATS_LINK_64 1
-#endif
-
-#ifdef INET6
#include <linux/if_addr.h>
+
/* glibc versions prior to 2.24 do not define SOL_NETLINK */
#ifndef SOL_NETLINK
#define SOL_NETLINK 270
#endif
+
/* linux kernel versions prior to 4.3 do not define/support NETLINK_CAP_ACK */
#ifndef NETLINK_CAP_ACK
#define NETLINK_CAP_ACK 10
#endif
+
+/* linux kernel versions prior to 4.7 do not define/support IFLA_PPP_DEV_FD */
+#ifndef IFLA_PPP_MAX
+/* IFLA_PPP_DEV_FD is declared as enum when IFLA_PPP_MAX is defined */
+#define IFLA_PPP_DEV_FD 1
#endif
-#include "pppd.h"
+#include "pppd-private.h"
+#include "options.h"
#include "fsm.h"
#include "ipcp.h"
-#ifdef IPX_CHANGE
-#include "ipxcp.h"
-#if __GLIBC__ >= 2 && \
- !(defined(__powerpc__) && __GLIBC__ == 2 && __GLIBC_MINOR__ == 0)
-#include <netipx/ipx.h>
-#else
-#include <linux/ipx.h>
-#endif
-#endif /* IPX_CHANGE */
+#ifdef PPP_WITH_IPV6CP
+#include "eui64.h"
+#endif /* PPP_WITH_IPV6CP */
+
+#include "multilink.h"
-#ifdef PPP_FILTER
+#ifdef PPP_WITH_FILTER
#include <pcap-bpf.h>
#include <linux/filter.h>
-#endif /* PPP_FILTER */
+#endif /* PPP_WITH_FILTER */
#ifdef LOCKLIB
#include <sys/locks.h>
*/
#include "termios_linux.h"
-#ifdef INET6
+#ifdef PPP_WITH_IPV6CP
#ifndef _LINUX_IN6_H
/*
* This is in linux/include/net/ipv6.h.
} while (0)
static const eui64_t nulleui64;
-#endif /* INET6 */
+#endif /* PPP_WITH_IPV6CP */
/* We can get an EIO error on an ioctl if the modem has hung up */
#define ok_error(num) ((num)==EIO)
static int sock_fd = -1; /* socket for doing interface ioctls */
static int slave_fd = -1; /* pty for old-style demand mode, slave */
static int master_fd = -1; /* pty for old-style demand mode, master */
-#ifdef INET6
+#ifdef PPP_WITH_IPV6CP
static int sock6_fd = -1;
-#endif /* INET6 */
+#endif /* PPP_WITH_IPV6CP */
/*
* For the old-style kernel driver, this is the same as ppp_fd.
memset ((char *) &(addr), '\0', sizeof(addr)); \
addr.sa_family = (family);
+
+/*
+ * rtnetlink_msg - send rtnetlink message, receive response
+ * and return received error code:
+ * 0 - success
+ * positive value - error during sending / receiving message
+ * negative value - rtnetlink responce error code
+ */
+static int rtnetlink_msg(const char *desc, int *shared_fd, void *nlreq, size_t nlreq_len, void *nlresp_data, size_t *nlresp_size, unsigned nlresp_type)
+{
+ struct nlresp_hdr {
+ struct nlmsghdr nlh;
+ struct nlmsgerr nlerr;
+ } nlresp_hdr;
+ struct sockaddr_nl nladdr;
+ struct iovec iov[2];
+ struct msghdr msg;
+ ssize_t nlresp_len;
+ int one;
+ int fd;
+
+ if (shared_fd && *shared_fd >= 0) {
+ fd = *shared_fd;
+ } else {
+ fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
+ if (fd < 0) {
+ error("rtnetlink_msg: socket(NETLINK_ROUTE): %m (line %d)", __LINE__);
+ return 1;
+ }
+
+ /*
+ * Tell kernel to not send to us payload of acknowledgment error message.
+ * NETLINK_CAP_ACK option is supported since Linux kernel version 4.3 and
+ * older kernel versions always send full payload in acknowledgment netlink
+ * message. We ignore payload of this message as we need only error code,
+ * to check if our set remote peer address request succeeded or failed.
+ * So ignore return value from the following setsockopt() call as setting
+ * option NETLINK_CAP_ACK means for us just a kernel hint / optimization.
+ */
+ one = 1;
+ setsockopt(fd, SOL_NETLINK, NETLINK_CAP_ACK, &one, sizeof(one));
+
+ memset(&nladdr, 0, sizeof(nladdr));
+ nladdr.nl_family = AF_NETLINK;
+
+ if (bind(fd, (struct sockaddr *)&nladdr, sizeof(nladdr)) < 0) {
+ error("rtnetlink_msg: bind(AF_NETLINK): %m (line %d)", __LINE__);
+ close(fd);
+ return 1;
+ }
+
+ if (shared_fd)
+ *shared_fd = fd;
+ }
+
+ memset(&nladdr, 0, sizeof(nladdr));
+ nladdr.nl_family = AF_NETLINK;
+
+ memset(&iov[0], 0, sizeof(iov[0]));
+ iov[0].iov_base = nlreq;
+ iov[0].iov_len = nlreq_len;
+
+ memset(&msg, 0, sizeof(msg));
+ msg.msg_name = &nladdr;
+ msg.msg_namelen = sizeof(nladdr);
+ msg.msg_iov = &iov[0];
+ msg.msg_iovlen = 1;
+
+ if (sendmsg(fd, &msg, 0) < 0) {
+ error("rtnetlink_msg: sendmsg(%s): %m (line %d)", desc, __LINE__);
+ if (!shared_fd)
+ close(fd);
+ return 1;
+ }
+
+ memset(iov, 0, sizeof(iov));
+ iov[0].iov_base = &nlresp_hdr;
+ if (nlresp_size && *nlresp_size > sizeof(nlresp_hdr)) {
+ iov[0].iov_len = offsetof(struct nlresp_hdr, nlerr);
+ iov[1].iov_base = nlresp_data;
+ iov[1].iov_len = *nlresp_size;
+ } else {
+ iov[0].iov_len = sizeof(nlresp_hdr);
+ }
+
+ memset(&msg, 0, sizeof(msg));
+ msg.msg_name = &nladdr;
+ msg.msg_namelen = sizeof(nladdr);
+ msg.msg_iov = iov;
+ msg.msg_iovlen = (nlresp_size && *nlresp_size > sizeof(nlresp_hdr)) ? 2 : 1;
+
+ nlresp_len = recvmsg(fd, &msg, 0);
+
+ if (!shared_fd)
+ close(fd);
+
+ if (nlresp_len < 0) {
+ error("rtnetlink_msg: recvmsg(%s): %m (line %d)", desc, __LINE__);
+ return 1;
+ }
+
+ if (nladdr.nl_family != AF_NETLINK) {
+ error("rtnetlink_msg: recvmsg(%s): Not a netlink packet (line %d)", desc, __LINE__);
+ return 1;
+ }
+
+ if (!nlresp_size) {
+ if ((size_t)nlresp_len < sizeof(nlresp_hdr) || nlresp_hdr.nlh.nlmsg_len < sizeof(nlresp_hdr)) {
+ error("rtnetlink_msg: recvmsg(%s): Acknowledgment netlink packet too short (line %d)", desc, __LINE__);
+ return 1;
+ }
+
+ /* acknowledgment packet for NLM_F_ACK is NLMSG_ERROR */
+ if (nlresp_hdr.nlh.nlmsg_type != NLMSG_ERROR) {
+ error("rtnetlink_msg: recvmsg(%s): Not an acknowledgment netlink packet (line %d)", desc, __LINE__);
+ return 1;
+ }
+ }
+
+ if (nlresp_size) {
+ if (*nlresp_size > sizeof(nlresp_hdr))
+ memcpy((unsigned char *)&nlresp_hdr + offsetof(struct nlresp_hdr, nlerr), nlresp_data, sizeof(nlresp_hdr.nlerr));
+ else
+ memcpy(nlresp_data, (unsigned char *)&nlresp_hdr + offsetof(struct nlresp_hdr, nlerr), *nlresp_size);
+ }
+
+ /* error == 0 indicates success, negative value is errno code */
+ if (nlresp_hdr.nlh.nlmsg_type == NLMSG_ERROR && nlresp_hdr.nlerr.error)
+ return nlresp_hdr.nlerr.error;
+
+ if (nlresp_size) {
+ if (nlresp_hdr.nlh.nlmsg_type != nlresp_type) {
+ error("rtnetlink_msg: recvmsg(%s): Not a netlink packet of type 0x%x (line %d)", desc, nlresp_type, __LINE__);
+ return 1;
+ }
+ *nlresp_size = nlresp_len - offsetof(struct nlresp_hdr, nlerr);
+ }
+
+ return 0;
+}
+
/*
* Determine if the PPP connection should still be present.
*/
if (sock_fd < 0)
fatal("Couldn't create IP socket: %m(%d)", errno);
-#ifdef INET6
+#ifdef PPP_WITH_IPV6CP
sock6_fd = socket(AF_INET6, SOCK_DGRAM, 0);
if (sock6_fd < 0)
sock6_fd = -errno; /* save errno for later */
if_is_up = 0;
sifdown(0);
}
+#ifdef PPP_WITH_IPV6CP
if (if6_is_up)
sif6down(0);
+#endif
/*
* Delete any routes through the device.
*/
if (have_default_route)
cifdefaultroute(0, 0, 0);
-#ifdef INET6
+#ifdef PPP_WITH_IPV6CP
if (have_default_route6)
cif6defaultroute(0, nulleui64, nulleui64);
#endif
/********************************************************************
*
- * sys_close - Clean up in a child process before execing.
+ * ppp_sys_close - Clean up in a child process before execing.
*/
void
-sys_close(void)
+ppp_sys_close(void)
{
if (new_style_driver && ppp_dev_fd >= 0)
close(ppp_dev_fd);
if (sock_fd >= 0)
close(sock_fd);
-#ifdef INET6
+#ifdef PPP_WITH_IPV6CP
if (sock6_fd >= 0)
close(sock6_fd);
#endif
#ifndef N_SYNC_PPP
#define N_SYNC_PPP 14
#endif
- ppp_disc = (new_style_driver && sync_serial)? N_SYNC_PPP: N_PPP;
+ ppp_disc = (new_style_driver && ppp_sync_serial())? N_SYNC_PPP: N_PPP;
if (ioctl(tty_fd, TIOCSETD, &ppp_disc) < 0) {
if ( ! ok_error (errno) ) {
error("Couldn't set tty to PPP discipline: %m");
}
}
- ret_fd = generic_establish_ppp(tty_fd);
+ ret_fd = ppp_generic_establish(tty_fd);
#define SC_RCVB (SC_RCV_B7_0 | SC_RCV_B7_1 | SC_RCV_EVNP | SC_RCV_ODDP)
#define SC_LOGB (SC_DEBUG | SC_LOG_INPKT | SC_LOG_OUTPKT | SC_LOG_RAWIN \
*
* generic_establish_ppp - Turn the fd into a ppp interface.
*/
-int generic_establish_ppp (int fd)
+int ppp_generic_establish (int fd)
{
int x;
flushfailed:
initfdflags = -1;
- generic_disestablish_ppp(tty_fd);
+ ppp_generic_disestablish(tty_fd);
}
/********************************************************************
*
- * generic_disestablish_ppp - Restore device components to normal
+ * ppp_generic_disestablish - Restore device components to normal
* operation, and reconnect the ppp unit to the loopback if in demand
* mode. This shouldn't call die() because it's called from die().
*/
-void generic_disestablish_ppp(int dev_fd)
+void ppp_generic_disestablish(int dev_fd)
{
if (new_style_driver) {
close(ppp_fd);
if (demand) {
modify_flags(ppp_dev_fd, 0, SC_LOOP_TRAFFIC);
looped = 1;
- } else if (!doing_multilink && ppp_dev_fd >= 0) {
+ } else if (!mp_on() && ppp_dev_fd >= 0) {
close(ppp_dev_fd);
remove_fd(ppp_dev_fd);
ppp_dev_fd = -1;
}
}
+/*
+ * make_ppp_unit_rtnetlink - register a new ppp network interface for ppp_dev_fd
+ * with specified req_ifname via rtnetlink. Interface name req_ifname must not
+ * be empty. Custom ppp unit id req_unit is ignored and kernel choose some free.
+ */
+static int make_ppp_unit_rtnetlink(void)
+{
+ struct {
+ struct nlmsghdr nlh;
+ struct ifinfomsg ifm;
+ struct {
+ struct rtattr rta;
+ char ifname[IFNAMSIZ];
+ } ifn;
+ struct {
+ struct rtattr rta;
+ struct {
+ struct rtattr rta;
+ char ifkind[sizeof("ppp")];
+ } ifik;
+ struct {
+ struct rtattr rta;
+ struct {
+ struct rtattr rta;
+ union {
+ int ppp_dev_fd;
+ } ppp;
+ } ifdata[1];
+ } ifid;
+ } ifli;
+ } nlreq;
+ int resp;
+
+ memset(&nlreq, 0, sizeof(nlreq));
+ nlreq.nlh.nlmsg_len = sizeof(nlreq);
+ nlreq.nlh.nlmsg_type = RTM_NEWLINK;
+ nlreq.nlh.nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | NLM_F_EXCL | NLM_F_CREATE;
+ nlreq.ifm.ifi_family = AF_UNSPEC;
+ nlreq.ifm.ifi_type = ARPHRD_NETROM;
+ nlreq.ifn.rta.rta_len = sizeof(nlreq.ifn);
+ nlreq.ifn.rta.rta_type = IFLA_IFNAME;
+ strlcpy(nlreq.ifn.ifname, req_ifname, sizeof(nlreq.ifn.ifname));
+ nlreq.ifli.rta.rta_len = sizeof(nlreq.ifli);
+ nlreq.ifli.rta.rta_type = IFLA_LINKINFO;
+ nlreq.ifli.ifik.rta.rta_len = sizeof(nlreq.ifli.ifik);
+ nlreq.ifli.ifik.rta.rta_type = IFLA_INFO_KIND;
+ strcpy(nlreq.ifli.ifik.ifkind, "ppp");
+ nlreq.ifli.ifid.rta.rta_len = sizeof(nlreq.ifli.ifid);
+ nlreq.ifli.ifid.rta.rta_type = IFLA_INFO_DATA;
+ nlreq.ifli.ifid.ifdata[0].rta.rta_len = sizeof(nlreq.ifli.ifid.ifdata[0]);
+ nlreq.ifli.ifid.ifdata[0].rta.rta_type = IFLA_PPP_DEV_FD;
+ nlreq.ifli.ifid.ifdata[0].ppp.ppp_dev_fd = ppp_dev_fd;
+
+ /*
+ * See kernel function ppp_nl_newlink(), which may return -EBUSY to prevent
+ * possible deadlock in kernel and ask userspace to retry request again.
+ */
+ do {
+ resp = rtnetlink_msg("RTM_NEWLINK/NLM_F_CREATE", NULL, &nlreq, sizeof(nlreq), NULL, NULL, 0);
+ } while (resp == -EBUSY);
+
+ if (resp) {
+ /*
+ * Linux kernel versions prior to 4.7 do not support creating ppp
+ * interfaces via rtnetlink API and therefore error response is
+ * expected. On older kernel versions do not show this error message.
+ * When error is different than EEXIST then pppd tries to fallback to
+ * the old ioctl method.
+ */
+ errno = (resp < 0) ? -resp : EINVAL;
+ if (kernel_version >= KVERSION(4,7,0))
+ error("Couldn't create ppp interface %s: %m", req_ifname);
+ return 0;
+ }
+
+ return 1;
+}
+
/*
* make_ppp_unit - make a new ppp unit for ppp_dev_fd.
* Assumes new_style_driver.
|| fcntl(ppp_dev_fd, F_SETFL, flags | O_NONBLOCK) == -1)
warn("Couldn't set /dev/ppp to nonblock: %m");
+ /*
+ * Via rtnetlink it is possible to create ppp network interface with
+ * custom ifname atomically. But it is not possible to specify custom
+ * ppp unit id.
+ *
+ * Tools like systemd, udev or NetworkManager are trying to query
+ * interface attributes based on interface name immediately when new
+ * network interface is created. And therefore immediate interface
+ * renaming is causing issues.
+ *
+ * So use rtnetlink API only when user requested custom ifname. It will
+ * avoid system issues with interface renaming.
+ */
+ if (req_unit == -1 && req_ifname[0] != '\0' && kernel_version >= KVERSION(2,1,16)) {
+ if (make_ppp_unit_rtnetlink()) {
+ if (ioctl(ppp_dev_fd, PPPIOCGUNIT, &ifunit))
+ fatal("Couldn't retrieve PPP unit id: %m");
+ return 0;
+ }
+ /*
+ * If interface with requested name already exist return error
+ * otherwise fallback to old ioctl method.
+ */
+ if (errno == EEXIST)
+ return -1;
+ }
+
ifunit = req_unit;
x = ioctl(ppp_dev_fd, PPPIOCNEWUNIT, &ifunit);
if (x < 0 && req_unit >= 0 && errno == EEXIST) {
ifunit = -1;
x = ioctl(ppp_dev_fd, PPPIOCNEWUNIT, &ifunit);
}
+ if (x < 0 && errno == EEXIST) {
+ srand(time(NULL) * getpid());
+ ifunit = rand() % 10000;
+ x = ioctl(ppp_dev_fd, PPPIOCNEWUNIT, &ifunit);
+ }
if (x < 0)
error("Couldn't create new ppp unit: %m");
error("read /dev/ppp: %m");
if (nr < 0 && errno == ENXIO)
nr = 0;
- if (nr == 0 && doing_multilink) {
+ if (nr == 0 && mp_on()) {
remove_fd(ppp_dev_fd);
bundle_eof = 1;
}
* netif_set_mtu - set the MTU on the PPP network interface.
*/
void
-netif_set_mtu(int unit, int mtu)
+ppp_set_mtu(int unit, int mtu)
{
struct ifreq ifr;
* netif_get_mtu - get the MTU on the PPP network interface.
*/
int
-netif_get_mtu(int unit)
+ppp_get_mtu(int unit)
{
struct ifreq ifr;
}
x = (pcomp? SC_COMP_PROT: 0) | (accomp? SC_COMP_AC: 0)
- | (sync_serial? SC_SYNC: 0);
+ | (ppp_sync_serial()? SC_SYNC: 0);
modify_flags(ppp_fd, SC_COMP_PROT|SC_COMP_AC|SC_SYNC, x);
}
modify_flags(ppp_dev_fd, SC_CCP_OPEN|SC_CCP_UP, x);
}
-#ifdef PPP_FILTER
+#ifdef PPP_WITH_FILTER
/*
* set_filters - set the active and pass filters in the kernel driver.
*/
}
return 1;
}
-#endif /* PPP_FILTER */
+#endif /* PPP_WITH_FILTER */
/********************************************************************
*
static u_int32_t iwraps = 0;
static u_int32_t owraps = 0;
- struct ifpppstatsreq req;
+ struct ifreq req;
+ struct ppp_stats data;
memset (&req, 0, sizeof (req));
- req.stats_ptr = (caddr_t) &req.stats;
- strlcpy(req.ifr__name, ifname, sizeof(req.ifr__name));
+ req.ifr_data = (caddr_t) &data;
+ strlcpy(req.ifr_name, ifname, sizeof(req.ifr_name));
if (ioctl(sock_fd, SIOCGPPPSTATS, &req) < 0) {
error("Couldn't get PPP statistics: %m");
return 0;
}
- stats->bytes_in = req.stats.p.ppp_ibytes;
- stats->bytes_out = req.stats.p.ppp_obytes;
- stats->pkts_in = req.stats.p.ppp_ipackets;
- stats->pkts_out = req.stats.p.ppp_opackets;
+ stats->bytes_in = data.p.ppp_ibytes;
+ stats->bytes_out = data.p.ppp_obytes;
+ stats->pkts_in = data.p.ppp_ipackets;
+ stats->pkts_out = data.p.ppp_opackets;
if (stats->bytes_in < previbytes)
++iwraps;
static int
get_ppp_stats_rtnetlink(int u, struct pppd_stats *stats)
{
- static int rtnl_fd = -1;
+#ifdef RTM_NEWSTATS
+ static int fd = -1;
- struct sockaddr_nl nladdr;
struct {
struct nlmsghdr nlh;
struct if_stats_msg ifsm;
} nlreq;
- struct nlresp {
- struct nlmsghdr nlh;
- union {
- struct {
- struct nlmsgerr nlerr;
- char __end_err[0];
- };
- struct {
- struct rtmsg rth;
- struct {
- /* We only case about these first fields from rtnl_link_stats64 */
- uint64_t rx_packets;
- uint64_t tx_packets;
- uint64_t rx_bytes;
- uint64_t tx_bytes;
- } stats;
- char __end_stats[0];
- };
- };
- } nlresp;
- ssize_t nlresplen;
- struct iovec iov;
- struct msghdr msg;
-
- memset(&nladdr, 0, sizeof(nladdr));
- nladdr.nl_family = AF_NETLINK;
-
- if (rtnl_fd < 0) {
- rtnl_fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
- if (rtnl_fd < 0) {
- error("get_ppp_stats_rtnetlink: error creating NETLINK socket: %m (line %d)", __LINE__);
- return 0;
- }
-
- if (bind(rtnl_fd, (struct sockaddr *)&nladdr, sizeof(nladdr)) < 0) {
- error("get_ppp_stats_rtnetlink: bind(AF_NETLINK): %m (line %d)", __LINE__);
- goto err;
- }
- }
+ struct {
+ struct rtmsg rth;
+ struct {
+ /* We only case about these first fields from rtnl_link_stats64 */
+ uint64_t rx_packets;
+ uint64_t tx_packets;
+ uint64_t rx_bytes;
+ uint64_t tx_bytes;
+ } stats;
+ } nlresp_data;
+ size_t nlresp_size;
+ int resp;
memset(&nlreq, 0, sizeof(nlreq));
nlreq.nlh.nlmsg_len = sizeof(nlreq);
nlreq.nlh.nlmsg_type = RTM_GETSTATS;
nlreq.nlh.nlmsg_flags = NLM_F_REQUEST;
-
nlreq.ifsm.ifindex = if_nametoindex(ifname);
nlreq.ifsm.filter_mask = IFLA_STATS_LINK_64;
- memset(&iov, 0, sizeof(iov));
- iov.iov_base = &nlreq;
- iov.iov_len = sizeof(nlreq);
-
- memset(&msg, 0, sizeof(msg));
- msg.msg_name = &nladdr;
- msg.msg_namelen = sizeof(nladdr);
- msg.msg_iov = &iov;
- msg.msg_iovlen = 1;
-
- if (sendmsg(rtnl_fd, &msg, 0) < 0) {
- error("get_ppp_stats_rtnetlink: sendmsg(RTM_GETSTATS): %m (line %d)", __LINE__);
- goto err;
+ nlresp_size = sizeof(nlresp_data);
+ resp = rtnetlink_msg("RTM_GETSTATS/NLM_F_REQUEST", &fd, &nlreq, sizeof(nlreq), &nlresp_data, &nlresp_size, RTM_NEWSTATS);
+ if (resp) {
+ errno = (resp < 0) ? -resp : EINVAL;
+ if (kernel_version >= KVERSION(4,7,0))
+ error("get_ppp_stats_rtnetlink: %m (line %d)", __LINE__);
+ goto err;
}
- /* We just need to repoint to IOV ... everything else stays the same */
- iov.iov_base = &nlresp;
- iov.iov_len = sizeof(nlresp);
-
- nlresplen = recvmsg(rtnl_fd, &msg, 0);
-
- if (nlresplen < 0) {
- error("get_ppp_stats_rtnetlink: recvmsg(RTM_GETSTATS): %m (line %d)", __LINE__);
- goto err;
- }
-
- if (nlresplen < sizeof(nlresp.nlh)) {
- error("get_ppp_stats_rtnetlink: Netlink response message was incomplete (line %d)", __LINE__);
- goto err;
- }
-
- if (nlresp.nlh.nlmsg_type == NLMSG_ERROR) {
- if (nlresplen < offsetof(struct nlresp, __end_err)) {
- if (kernel_version >= KVERSION(4,7,0))
- error("get_ppp_stats_rtnetlink: Netlink responded with error: %s (line %d)", strerror(-nlresp.nlerr.error), __LINE__);
- } else {
- error("get_ppp_stats_rtnetlink: Netlink responded with an error message, but the nlmsgerr structure is incomplete (line %d).",
- __LINE__);
- }
- goto err;
- }
-
- if (nlresp.nlh.nlmsg_type != RTM_NEWSTATS) {
- error("get_ppp_stats_rtnetlink: Expected RTM_NEWSTATS response, found something else (mlmsg_type %d, line %d)",
- nlresp.nlh.nlmsg_type, __LINE__);
- goto err;
- }
-
- if (nlresplen < offsetof(struct nlresp, __end_stats)) {
+ if (nlresp_size < sizeof(nlresp_data)) {
error("get_ppp_stats_rtnetlink: Obtained an insufficiently sized rtnl_link_stats64 struct from the kernel (line %d).", __LINE__);
goto err;
}
- stats->bytes_in = nlresp.stats.rx_bytes;
- stats->bytes_out = nlresp.stats.tx_bytes;
- stats->pkts_in = nlresp.stats.rx_packets;
- stats->pkts_out = nlresp.stats.tx_packets;
+ stats->bytes_in = nlresp_data.stats.rx_bytes;
+ stats->bytes_out = nlresp_data.stats.tx_bytes;
+ stats->pkts_in = nlresp_data.stats.rx_packets;
+ stats->pkts_out = nlresp_data.stats.tx_packets;
return 1;
err:
- close(rtnl_fd);
- rtnl_fd = -1;
+ close(fd);
+ fd = -1;
+#endif
return 0;
}
* - this is normally only the case the doing demand: */
if (defaultroute_exists(&tmp_rt, -1))
del_rt = &tmp_rt;
+ } else if (!replace) {
+ /*
+ * We don't want to replace an existing route.
+ * We may however add our route along an existing route with a different
+ * metric.
+ */
+ if (defaultroute_exists(&rt, dfl_route_metric) && strcmp(rt.rt_dev, ifname) != 0) {
+ if (rt.rt_flags & RTF_GATEWAY)
+ error("not replacing existing default route via %I with metric %d",
+ SIN_ADDR(rt.rt_gateway), dfl_route_metric);
+ else
+ error("not replacing existing default route through %s with metric %d",
+ rt.rt_dev, dfl_route_metric);
+ return 0;
+ }
} else if (defaultroute_exists(&old_def_rt, -1 ) &&
strcmp( old_def_rt.rt_dev, ifname) != 0) {
/*
- * We did not yet replace an existing default route, let's
- * check if we should save and replace a default route:
+ * We want to replace an existing route and did not replace an existing
+ * default route yet, let's check if we should save and replace an
+ * existing default route:
*/
u_int32_t old_gateway = SIN_ADDR(old_def_rt.rt_gateway);
return 1;
}
-#ifdef INET6
+#ifdef PPP_WITH_IPV6CP
/*
* /proc/net/ipv6_route parsing stuff.
*/
return 1;
}
-#endif /* INET6 */
+#endif /* PPP_WITH_IPV6CP */
/********************************************************************
*
/********************************************************************
*
- * ppp_available - check whether the system has any ppp interfaces
+ * ppp_check_kernel_support - check whether the system has any ppp interfaces
* (in fact we check whether we can do an ioctl on ppp0).
*/
-int ppp_available(void)
+int ppp_check_kernel_support(void)
{
int s, ok, fd;
struct ifreq ifr;
if (if_is_up && --if_is_up > 0)
return 1;
-#ifdef INET6
+#ifdef PPP_WITH_IPV6CP
if (if6_is_up)
return 1;
-#endif /* INET6 */
+#endif /* PPP_WITH_IPV6CP */
return setifstate(u, 0);
}
-#ifdef INET6
+#ifdef PPP_WITH_IPV6CP
/********************************************************************
*
* sif6up - Config the interface up for IPv6
return setifstate(u, 0);
}
-#endif /* INET6 */
+#endif /* PPP_WITH_IPV6CP */
/********************************************************************
*
}
}
- /* This way it is possible to have an IPX-only or IPv6-only interface */
+ /* This way it is possible to have an IPv6-only interface */
memset(&ifr, 0, sizeof(ifr));
SET_SA_FAMILY(ifr.ifr_addr, AF_INET);
strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
return 1;
}
-#ifdef INET6
+#ifdef PPP_WITH_IPV6CP
/********************************************************************
*
* sif6addr_rtnetlink - Config the interface with both IPv6 link-local addresses via rtnetlink
struct in6_addr addr;
} addrs[2];
} nlreq;
- struct {
- struct nlmsghdr nlh;
- struct nlmsgerr nlerr;
- } nlresp;
- struct sockaddr_nl nladdr;
- struct iovec iov;
- struct msghdr msg;
- ssize_t nlresplen;
- int one;
- int fd;
-
- fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
- if (fd < 0) {
- error("sif6addr_rtnetlink: socket(NETLINK_ROUTE): %m (line %d)", __LINE__);
- return 0;
- }
-
- /*
- * Tell kernel to not send to us payload of acknowledgment error message.
- * NETLINK_CAP_ACK option is supported since Linux kernel version 4.3 and
- * older kernel versions always send full payload in acknowledgment netlink
- * message. We ignore payload of this message as we need only error code,
- * to check if our set remote peer address request succeeded or failed.
- * So ignore return value from the following setsockopt() call as setting
- * option NETLINK_CAP_ACK means for us just a kernel hint / optimization.
- */
- one = 1;
- setsockopt(fd, SOL_NETLINK, NETLINK_CAP_ACK, &one, sizeof(one));
-
- memset(&nladdr, 0, sizeof(nladdr));
- nladdr.nl_family = AF_NETLINK;
-
- if (bind(fd, (struct sockaddr *)&nladdr, sizeof(nladdr)) < 0) {
- error("sif6addr_rtnetlink: bind(AF_NETLINK): %m (line %d)", __LINE__);
- close(fd);
- return 0;
- }
+ int resp;
memset(&nlreq, 0, sizeof(nlreq));
nlreq.nlh.nlmsg_len = sizeof(nlreq);
else
IN6_LLADDR_FROM_EUI64(nlreq.addrs[1].addr, our_eui64);
- memset(&nladdr, 0, sizeof(nladdr));
- nladdr.nl_family = AF_NETLINK;
-
- memset(&iov, 0, sizeof(iov));
- iov.iov_base = &nlreq;
- iov.iov_len = sizeof(nlreq);
-
- memset(&msg, 0, sizeof(msg));
- msg.msg_name = &nladdr;
- msg.msg_namelen = sizeof(nladdr);
- msg.msg_iov = &iov;
- msg.msg_iovlen = 1;
-
- if (sendmsg(fd, &msg, 0) < 0) {
- error("sif6addr_rtnetlink: sendmsg(RTM_NEWADDR/NLM_F_CREATE): %m (line %d)", __LINE__);
- close(fd);
- return 0;
- }
-
- memset(&iov, 0, sizeof(iov));
- iov.iov_base = &nlresp;
- iov.iov_len = sizeof(nlresp);
-
- memset(&msg, 0, sizeof(msg));
- msg.msg_name = &nladdr;
- msg.msg_namelen = sizeof(nladdr);
- msg.msg_iov = &iov;
- msg.msg_iovlen = 1;
-
- nlresplen = recvmsg(fd, &msg, 0);
-
- if (nlresplen < 0) {
- error("sif6addr_rtnetlink: recvmsg(NLM_F_ACK): %m (line %d)", __LINE__);
- close(fd);
- return 0;
- }
-
- close(fd);
-
- if (nladdr.nl_family != AF_NETLINK) {
- error("sif6addr_rtnetlink: recvmsg(NLM_F_ACK): Not a netlink packet (line %d)", __LINE__);
- return 0;
- }
-
- if ((size_t)nlresplen != sizeof(nlresp) || nlresp.nlh.nlmsg_len < sizeof(nlresp)) {
- error("sif6addr_rtnetlink: recvmsg(NLM_F_ACK): Acknowledgment netlink packet too short (line %d)", __LINE__);
- return 0;
- }
-
- /* acknowledgment packet for NLM_F_ACK is NLMSG_ERROR */
- if (nlresp.nlh.nlmsg_type != NLMSG_ERROR) {
- error("sif6addr_rtnetlink: recvmsg(NLM_F_ACK): Not an acknowledgment netlink packet (line %d)", __LINE__);
- return 0;
- }
-
- /* error == 0 indicates success, negative value is errno code */
- if (nlresp.nlerr.error != 0) {
+ resp = rtnetlink_msg("RTM_NEWADDR/NLM_F_CREATE", NULL, &nlreq, sizeof(nlreq), NULL, NULL, 0);
+ if (resp) {
/*
* Linux kernel versions prior 3.11 do not support setting IPv6 peer
* addresses and error response is expected. On older kernel versions
* do not show this error message. On error pppd tries to fallback to
* the old IOCTL method.
*/
+ errno = (resp < 0) ? -resp : EINVAL;
if (kernel_version >= KVERSION(3,11,0))
- error("sif6addr_rtnetlink: %s (line %d)", strerror(-nlresp.nlerr.error), __LINE__);
+ error("sif6addr_rtnetlink: %m (line %d)", __LINE__);
return 0;
}
}
return 1;
}
-#endif /* INET6 */
+#endif /* PPP_WITH_IPV6CP */
/*
* get_pty - get a pty master/slave pair and chown the slave side
return 1;
}
-\f
-/********************************************************************
- *
- * sipxfaddr - Config the interface IPX networknumber
- */
-
-int sipxfaddr (int unit, unsigned long int network, unsigned char * node )
-{
- int result = 1;
-
-#ifdef IPX_CHANGE
- int skfd;
- struct ifreq ifr;
- struct sockaddr_ipx *sipx = (struct sockaddr_ipx *) &ifr.ifr_addr;
-
- skfd = socket (AF_IPX, SOCK_DGRAM, 0);
- if (skfd < 0) {
- if (! ok_error (errno))
- dbglog("socket(AF_IPX): %m (line %d)", __LINE__);
- result = 0;
- }
- else {
- memset (&ifr, '\0', sizeof (ifr));
- strlcpy (ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
-
- memcpy (sipx->sipx_node, node, IPX_NODE_LEN);
- sipx->sipx_family = AF_IPX;
- sipx->sipx_port = 0;
- sipx->sipx_network = htonl (network);
- sipx->sipx_type = IPX_FRAME_ETHERII;
- sipx->sipx_action = IPX_CRTITF;
-/*
- * Set the IPX device
- */
- if (ioctl(skfd, SIOCSIFADDR, (caddr_t) &ifr) < 0) {
- result = 0;
- if (errno != EEXIST) {
- if (! ok_error (errno))
- dbglog("ioctl(SIOCSIFADDR, CRTITF): %m (line %d)", __LINE__);
- }
- else {
- warn("ioctl(SIOCSIFADDR, CRTITF): Address already exists");
- }
- }
- close (skfd);
- }
-#endif
- return result;
-}
-
-/********************************************************************
- *
- * cipxfaddr - Clear the information for the IPX network. The IPX routes
- * are removed and the device is no longer able to pass IPX
- * frames.
- */
-
-int cipxfaddr (int unit)
-{
- int result = 1;
-
-#ifdef IPX_CHANGE
- int skfd;
- struct ifreq ifr;
- struct sockaddr_ipx *sipx = (struct sockaddr_ipx *) &ifr.ifr_addr;
-
- skfd = socket (AF_IPX, SOCK_DGRAM, 0);
- if (skfd < 0) {
- if (! ok_error (errno))
- dbglog("socket(AF_IPX): %m (line %d)", __LINE__);
- result = 0;
- }
- else {
- memset (&ifr, '\0', sizeof (ifr));
- strlcpy (ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
-
- sipx->sipx_type = IPX_FRAME_ETHERII;
- sipx->sipx_action = IPX_DLTITF;
- sipx->sipx_family = AF_IPX;
-/*
- * Set the IPX device
- */
- if (ioctl(skfd, SIOCSIFADDR, (caddr_t) &ifr) < 0) {
- if (! ok_error (errno))
- info("ioctl(SIOCSIFADDR, IPX_DLTITF): %m (line %d)", __LINE__);
- result = 0;
- }
- close (skfd);
- }
-#endif
- return result;
-}
-
/*
* Use the hostname as part of the random number seed.
*/
get_host_seed(void)
{
int h;
- char *p = hostname;
+ const char *p;
h = 407;
for (p = hostname; *p != 0; ++p)
int
sys_check_options(void)
{
-#ifdef IPX_CHANGE
-/*
- * Disable the IPX protocol if the support is not present in the kernel.
- */
- char *path;
-
- if (ipxcp_protent.enabled_flag) {
- struct stat stat_buf;
- if ( ((path = path_to_procfs("/net/ipx/interface")) == NULL
- && (path = path_to_procfs("/net/ipx_interface")) == NULL)
- || lstat(path, &stat_buf) < 0) {
- error("IPX support is not present in the kernel\n");
- ipxcp_protent.enabled_flag = 0;
- }
- }
-#endif
if (demand && driver_is_old) {
- option_error("demand dialling is not supported by kernel driver "
+ ppp_option_error("demand dialling is not supported by kernel driver "
"version %d.%d.%d", driver_version, driver_modification,
driver_patch);
return 0;
* get_time - Get current time, monotonic if possible.
*/
int
-get_time(struct timeval *tv)
+ppp_get_time(struct timeval *tv)
{
/* Old glibc (< 2.3.4) does define CLOCK_MONOTONIC, but kernel may have it.
* Runtime checking makes it safe. */
* 3. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
#include <sys/ethernet.h>
#endif
-#ifdef PPP_FILTER
+#ifdef PPP_WITH_FILTER
#include <pcap.h>
#endif
-#include "pppd.h"
+#include "pppd-private.h"
#include "fsm.h"
#include "lcp.h"
#include "ipcp.h"
#include "ccp.h"
+#ifdef PPP_WITH_IPV6CP
+#include "eui64.h"
+#endif
+
#if !defined(PPP_DRV_NAME)
#define PPP_DRV_NAME "ppp"
#endif /* !defined(PPP_DRV_NAME) */
static int ipfd;
static int ipmuxid = -1;
-#if defined(INET6) && defined(SOL2)
+#if defined(PPP_WITH_IPV6CP) && defined(SOL2)
static int ip6fd; /* IP file descriptor */
static int ip6muxid = -1; /* Multiplexer file descriptor */
static int if6_is_up = 0; /* IPv6 interface has been marked up */
#define IN6A_LLADDR_FROM_EUI64(s, eui64) \
_IN6A_LLX_FROM_EUI64(s, eui64, 0xfe800000)
-#endif /* defined(INET6) && defined(SOL2) */
+#endif /* defined(PPP_WITH_IPV6CP) && defined(SOL2) */
-#if !defined(INET6) || !defined(SOL2)
+#if !defined(PPP_WITH_IPV6CP) || !defined(SOL2)
#define MAXIFS 256 /* Max # of interfaces */
-#endif /* defined(INET6) && defined(SOL2) */
+#endif /* defined(PPP_WITH_IPV6CP) && defined(SOL2) */
static int restore_term;
static struct termios inittermios;
}
#endif /* SOL2 */
-#if defined(SOL2) && defined(INET6)
+#if defined(SOL2) && defined(PPP_WITH_IPV6CP)
/*
* get_first_ether_hwaddr - get the hardware address for the first
* ethernet-style interface on this system.
else
return -1;
}
-#endif /* defined(SOL2) && defined(INET6) */
+#endif /* defined(SOL2) && defined(PPP_WITH_IPV6CP) */
#if defined(SOL2)
/*
}
#endif /* SOL2 */
-#if defined(SOL2) && defined(INET6)
+#if defined(SOL2) && defined(PPP_WITH_IPV6CP)
/*
* slifname - Sets interface ppa and flags
*
}
-#endif /* defined(SOL2) && defined(INET6) */
+#endif /* defined(SOL2) && defined(PPP_WITH_IPV6CP) */
/*
* sys_init - System-dependent initialization.
{
int ifd, x;
struct ifreq ifr;
-#if defined(INET6) && defined(SOL2)
+#if defined(PPP_WITH_IPV6CP) && defined(SOL2)
int i6fd;
struct lifreq lifr;
-#endif /* defined(INET6) && defined(SOL2) */
+#endif /* defined(PPP_WITH_IPV6CP) && defined(SOL2) */
#if !defined(SOL2)
struct {
union DL_primitives prim;
if (ipfd < 0)
fatal("Couldn't open IP device: %m");
-#if defined(INET6) && defined(SOL2)
+#if defined(PPP_WITH_IPV6CP) && defined(SOL2)
ip6fd = open(UDP6_DEV_NAME, O_RDWR, 0);
if (ip6fd < 0)
fatal("Couldn't open IP device (2): %m");
-#endif /* defined(INET6) && defined(SOL2) */
+#endif /* defined(PPP_WITH_IPV6CP) && defined(SOL2) */
if (default_device && !notty)
tty_sid = getsid((pid_t)0);
strioctl(ifd, PPPIO_DEBUG, &x, sizeof(int), 0);
}
-#if defined(INET6) && defined(SOL2)
+#if defined(PPP_WITH_IPV6CP) && defined(SOL2)
i6fd = open(PPP_DEV_NAME, O_RDWR, 0);
if (i6fd < 0) {
close(ifd);
x = PPPDBG_LOG + PPPDBG_DRIVER;
strioctl(i6fd, PPPIO_DEBUG, &x, sizeof(int), 0);
}
-#endif /* defined(INET6) && defined(SOL2) */
+#endif /* defined(PPP_WITH_IPV6CP) && defined(SOL2) */
#if defined(SOL2)
if (ioctl(ifd, I_PUSH, IP_MOD_NAME) < 0) {
close(ifd);
-#if defined(INET6)
+#if defined(PPP_WITH_IPV6CP)
close(i6fd);
-#endif /* defined(INET6) */
+#endif /* defined(PPP_WITH_IPV6CP) */
fatal("Can't push IP module: %m");
}
*/
if (sifppa(ifd, ifunit) < 0) {
close (ifd);
-#if defined(INET6)
+#if defined(PPP_WITH_IPV6CP)
close(i6fd);
-#endif /* defined(INET6) */
+#endif /* defined(PPP_WITH_IPV6CP) */
fatal("Can't set ppa for unit %d: %m", ifunit);
}
-#if defined(INET6)
+#if defined(PPP_WITH_IPV6CP)
/*
* An IPv6 interface is created anyway, even when the user does not
* explicitly enable it. Note that the interface will be marked
close(i6fd);
fatal("Can't set ifname for unit %d: %m", ifunit);
}
-#endif /* defined(INET6) */
+#endif /* defined(PPP_WITH_IPV6CP) */
ipmuxid = ioctl(ipfd, I_PLINK, ifd);
close(ifd);
if (ipmuxid < 0) {
-#if defined(INET6)
+#if defined(PPP_WITH_IPV6CP)
close(i6fd);
-#endif /* defined(INET6) */
+#endif /* defined(PPP_WITH_IPV6CP) */
fatal("Can't I_PLINK PPP device to IP: %m");
}
*/
if (ioctl(ipfd, SIOCSIFMUXID, &ifr) < 0) {
ioctl(ipfd, I_PUNLINK, ipmuxid);
-#if defined(INET6)
+#if defined(PPP_WITH_IPV6CP)
close(i6fd);
-#endif /* defined(INET6) */
+#endif /* defined(PPP_WITH_IPV6CP) */
fatal("SIOCSIFMUXID: %m");
}
fatal("Can't link PPP device to IP: %m");
#endif /* defined(SOL2) */
-#if defined(INET6) && defined(SOL2)
+#if defined(PPP_WITH_IPV6CP) && defined(SOL2)
ip6muxid = ioctl(ip6fd, I_PLINK, i6fd);
close(i6fd);
if (ip6muxid < 0) {
ioctl(ip6fd, I_PUNLINK, ip6muxid);
fatal("Can't link PPP device to IP (2): %m");
}
-#endif /* defined(INET6) && defined(SOL2) */
+#endif /* defined(PPP_WITH_IPV6CP) && defined(SOL2) */
#if !defined(SOL2)
/* Set the interface name for the link. */
{
#if defined(SOL2)
struct ifreq ifr;
-#if defined(INET6)
+#if defined(PPP_WITH_IPV6CP)
struct lifreq lifr;
-#endif /* defined(INET6) */
+#endif /* defined(PPP_WITH_IPV6CP) */
#endif /* defined(SOL2) */
-#if defined(SOL2) && defined(INET6)
+#if defined(SOL2) && defined(PPP_WITH_IPV6CP)
if (if6_is_up)
sif6down(0);
-#endif /* defined(SOL2) && defined(INET6) */
+#endif /* defined(SOL2) && defined(PPP_WITH_IPV6CP) */
if (if_is_up)
sifdown(0);
if (default_route_gateway)
error("Can't I_PUNLINK PPP from IP: %m");
return;
}
-#if defined(INET6)
+#if defined(PPP_WITH_IPV6CP)
/*
* Make sure we ask ip what the muxid, because 'ifconfig modlist' will
* unlink and re-link the modules, causing the muxid to change.
if (ioctl(ip6fd, I_PUNLINK, ip6muxid) < 0) {
error("Can't I_PUNLINK PPP from IP (2): %m");
}
-#endif /* defined(INET6) */
+#endif /* defined(PPP_WITH_IPV6CP) */
#endif /* defined(SOL2) */
}
* sys_close - Clean up in a child process before execing.
*/
void
-sys_close(void)
+ppp_sys_close(void)
{
close(ipfd);
-#if defined(INET6) && defined(SOL2)
+#if defined(PPP_WITH_IPV6CP) && defined(SOL2)
close(ip6fd);
-#endif /* defined(INET6) && defined(SOL2) */
+#endif /* defined(PPP_WITH_IPV6CP) && defined(SOL2) */
if (pppfd >= 0)
close(pppfd);
}
#endif
/*
- * ppp_available - check whether the system has any ppp interfaces
+ * ppp_check_kernel_support - check whether the system has any ppp interfaces
*/
int
-ppp_available(void)
+ppp_check_kernel_support(void)
{
struct stat buf;
/* Push the async hdlc module and the compressor module. */
tty_npushed = 0;
- if(!sync_serial) {
+ if(!ppp_sync_serial()) {
if (ioctl(fd, I_PUSH, AHDLC_MOD_NAME) < 0) {
error("Couldn't push PPP Async HDLC module: %m");
return -1;
struct termiox tiox;
#endif
- if (!sync_serial && tcgetattr(fd, &tios) < 0)
+ if (!ppp_sync_serial() && tcgetattr(fd, &tios) < 0)
fatal("tcgetattr: %m");
#ifndef CRTSCTS
termiox_ok = 1;
- if (!sync_serial && ioctl (fd, TCGETX, &tiox) < 0) {
+ if (!ppp_sync_serial() && ioctl (fd, TCGETX, &tiox) < 0) {
termiox_ok = 0;
if (errno != ENOTTY)
error("TCGETX: %m");
#ifndef CRTSCTS
inittermiox = tiox;
#endif
- if (!sync_serial)
+ if (!ppp_sync_serial())
ioctl(fd, TIOCGWINSZ, &wsinfo);
}
* We can't proceed if the serial port speed is 0,
* since that implies that the serial port is disabled.
*/
- if ((speed == B0) && !sync_serial)
+ if ((speed == B0) && !ppp_sync_serial())
fatal("Baud rate for %s is 0; need explicit baud rate", devnam);
}
- if (!sync_serial && tcsetattr(fd, TCSAFLUSH, &tios) < 0)
+ if (!ppp_sync_serial() && tcsetattr(fd, TCSAFLUSH, &tios) < 0)
fatal("tcsetattr: %m");
#ifndef CRTSCTS
- if (!sync_serial && termiox_ok && ioctl (fd, TCSETXF, &tiox) < 0){
+ if (!ppp_sync_serial() && termiox_ok && ioctl (fd, TCSETXF, &tiox) < 0){
error("TCSETXF: %m");
}
#endif
baud_rate = inspeed = baud_rate_of(speed);
- if (!sync_serial)
+ if (!ppp_sync_serial())
restore_term = 1;
}
*/
inittermios.c_lflag &= ~(ECHO | ECHONL);
}
- if (!sync_serial && tcsetattr(fd, TCSAFLUSH, &inittermios) < 0)
+ if (!ppp_sync_serial() && tcsetattr(fd, TCSAFLUSH, &inittermios) < 0)
if (!hungup && errno != ENXIO)
warn("tcsetattr: %m");
#ifndef CRTSCTS
- if (!sync_serial && ioctl (fd, TCSETXF, &inittermiox) < 0){
+ if (!ppp_sync_serial() && ioctl (fd, TCSETXF, &inittermiox) < 0){
if (!hungup && errno != ENXIO)
error("TCSETXF: %m");
}
#endif
- if (!sync_serial)
+ if (!ppp_sync_serial())
ioctl(fd, TIOCSWINSZ, &wsinfo);
restore_term = 0;
}
}
/*
- * netif_set_mtu - set the MTU on the PPP network interface.
+ * ppp_set_mtu - set the MTU on the PPP network interface.
*/
void
-netif_set_mtu(int unit, int mtu)
+ppp_set_mtu(int unit, int mtu)
{
struct ifreq ifr;
-#if defined(INET6) && defined(SOL2)
+#if defined(PPP_WITH_IPV6CP) && defined(SOL2)
struct lifreq lifr;
int fd;
-#endif /* defined(INET6) && defined(SOL2) */
+#endif /* defined(PPP_WITH_IPV6CP) && defined(SOL2) */
memset(&ifr, 0, sizeof(ifr));
strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
error("Couldn't set IP MTU (%s): %m", ifr.ifr_name);
}
-#if defined(INET6) && defined(SOL2)
+#if defined(PPP_WITH_IPV6CP) && defined(SOL2)
fd = socket(AF_INET6, SOCK_DGRAM, 0);
if (fd < 0)
error("Couldn't open IPv6 socket: %m");
error("Couldn't set IPv6 MTU (%s): %m", ifr.ifr_name);
}
close(fd);
-#endif /* defined(INET6) && defined(SOL2) */
+#endif /* defined(PPP_WITH_IPV6CP) && defined(SOL2) */
}
/*
- * netif_get_mtu - get the MTU on the PPP network interface.
+ * ppp_get_mtu - get the MTU on the PPP network interface.
*/
int
-netif_get_mtu(int unit)
+ppp_get_mtu(int unit)
{
struct ifreq ifr;
error("Couldn't set MTU: %m");
}
if (fdmuxid >= 0) {
- if (!sync_serial) {
+ if (!ppp_sync_serial()) {
if (strioctl(pppfd, PPPIO_XACCM, &asyncmap, sizeof(asyncmap), 0) < 0)
error("Couldn't set transmit ACCM: %m");
}
void
tty_set_xaccm(ext_accm accm)
{
- if (sync_serial)
+ if (ppp_sync_serial())
return;
if (fdmuxid >= 0
error("Couldn't set MRU: %m");
}
if (fdmuxid >= 0) {
- if (!sync_serial) {
+ if (!ppp_sync_serial()) {
if (strioctl(pppfd, PPPIO_RACCM, &asyncmap, sizeof(asyncmap), 0) < 0)
error("Couldn't set receive ACCM: %m");
}
{
struct ppp_stats s;
- if (!sync_serial &&
+ if (!ppp_sync_serial() &&
strioctl(pppfd, PPPIO_GETSTAT, &s, 0, sizeof(s)) < 0) {
error("Couldn't get link statistics: %m");
return 0;
return 1;
}
-#if defined(SOL2) && defined(INET6)
+#if defined(SOL2) && defined(PPP_WITH_IPV6CP)
/*
* sif6up - Config the IPv6 interface up and enable IPv6 packets to pass.
*/
return 1;
}
-#endif /* defined(SOL2) && defined(INET6) */
+#endif /* defined(SOL2) && defined(PPP_WITH_IPV6CP) */
#define INET_ADDR(x) (((struct sockaddr_in *) &(x))->sin_addr.s_addr)
pfd.events = POLLIN | POLLPRI;
do {
n = poll(&pfd, 1, 1000);
- } while (n == -1 && errno == EINTR && !got_sigterm);
+ } while (n == -1 && errno == EINTR && !ppp_signaled(SIGTERM));
if (n <= 0)
return -1;
* get_time - Get current time, monotonic if possible.
*/
int
-get_time(struct timeval *tv)
+ppp_get_time(struct timeval *tv)
{
return gettimeofday(tv, NULL);
}
#include <sys/mman.h>
#include <sys/stat.h>
#include <signal.h>
+
+#include "pppd-private.h"
#include "tdb.h"
#include "spinlock.h"
+#include "pathnames.h"
#define TDB_MAGIC_FOOD "TDB file\n"
#define TDB_VERSION (0x26011967 + 6)
/* We make it up in memory, then write it out if not internal */
size = sizeof(struct tdb_header) + (hash_size+1)*sizeof(tdb_off);
- if (!(newdb = calloc(size, 1)))
+ if (!(newdb = calloc(1, size)))
return TDB_ERRCODE(TDB_ERR_OOM, -1);
/* Fill in the header */
goto internal;
}
+again:
if ((tdb->fd = open(name, open_flags, mode)) == -1) {
+ if ((open_flags & O_CREAT) && errno == ENOENT &&
+ mkdir_recursive(PPP_PATH_VARRUN) == 0)
+ goto again;
+
TDB_LOG((tdb, 5, "tdb_open_ex: could not open file %s: %s\n",
name, strerror(errno)));
goto fail; /* errno set by open(2) */
-#include "pppdconf.h"
+#ifndef PPP_TDB_H
+#define PPP_TDB_H
-#ifndef __TDB_H__
-#define __TDB_H__
+#include "pppdconf.h"
/*
Unix SMB/CIFS implementation.
}
#endif
-#endif /* tdb.h */
+#endif /* PPP_TBD_H */
* Copyright (c) 2021 Marek Behún <kabel@kernel.org>
*/
-#ifndef _TERMIOS_LINUX_H_
-#define _TERMIOS_LINUX_H_
+#ifndef PPP_TERMIOS_LINUX_H
+#define PPP_TERMIOS_LINUX_H
+
+#include "pppdconf.h"
/*
* We need to use raw TCGETS2/TCSETS2 or TCGETS/TCSETS ioctls with the BOTHER
t->c_cflag |= CS8;
}
-#endif /* _TERMIOS_LINUX_H_ */
+#endif /* PPP_TERMIOS_LINUX_H */
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include <string.h>
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/x509v3.h>
-#include "pppd.h"
+#include "pppd-private.h"
#include "tls.h"
/**
bool client, struct tls_info **out)
{
if (out != NULL) {
- struct tls_info *tmp = calloc(sizeof(struct tls_info), 1);
+ struct tls_info *tmp = calloc(1, sizeof(struct tls_info));
if (!tmp) {
fatal("Allocation error");
}
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-#ifndef TLS_H
-#define TLS_H
+#ifndef PPP_TLS_H
+#define PPP_TLS_H
+
+#include "pppdconf.h"
/**
* Structure used in verifying the peer certificate
*/
void tls_log_sslerr( void );
-#endif /* TLS_H */
+#endif /* PPP_TLS_H */
* 3. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
#include <netinet/in.h>
#include <arpa/inet.h>
-#include "pppd.h"
+#include "pppd-private.h"
+#include "options.h"
#include "fsm.h"
#include "lcp.h"
static int setspeed(char *, char **, int);
static int setxonxoff(char **);
static int setescape(char **);
-static void printescape(option_t *, void (*)(void *, char *,...),void *);
+static void printescape(struct option *, void (*)(void *, char *,...),void *);
static void finish_tty(void);
static int start_charshunt(int, int);
static void stop_charshunt(void *, int);
struct stat devstat; /* result of stat() on devnam */
/* option variables */
+char devnam[MAXPATHLEN]; /* Device name */
+char ppp_devname[MAXPATHLEN];/* name of PPP tty (maybe ttypx) */
int crtscts = 0; /* Use hardware flow control */
int stop_bits = 1; /* Number of serial port stop bits */
bool modem = 1; /* Use modem control lines */
u_int32_t xmit_accm[8]; /* extended transmit ACCM */
/* option descriptors */
-option_t tty_options[] = {
+static struct option tty_options[] = {
/* device name must be first, or change connect_tty() below! */
{ "device name", o_wild, (void *) &setdevname,
"Serial port device name",
&tty_close_fds
};
+bool
+ppp_sync_serial()
+{
+ return sync_serial;
+}
+
+bool
+ppp_get_modem()
+{
+ return modem;
+}
+
+void
+ppp_set_modem(bool on)
+{
+ modem = on;
+}
+
+bool
+ppp_using_pty()
+{
+ return using_pty;
+}
+
+int
+ppp_set_pppdevnam(const char *name)
+{
+ if (name) {
+ return strlcpy(ppp_devname, name, sizeof(ppp_devname));
+ }
+ return -1;
+}
+
+const char *
+ppp_pppdevnam()
+{
+ return ppp_devname;
+}
+
+const char *
+ppp_devnam()
+{
+ return devnam;
+}
+
+int
+ppp_set_devnam(const char *name)
+{
+ if (name) {
+ return strlcpy(devnam, name, sizeof(devnam));
+ }
+ return -1;
+}
+
+
/*
* setspeed - Set the serial port baud rate.
* If doit is 0, the call is to check whether this option is
if (stat(cp, &statbuf) < 0) {
if (!doit)
return errno != ENOENT;
- option_error("Couldn't stat %s: %m", cp);
+ ppp_option_error("Couldn't stat %s: %m", cp);
return 0;
}
if (!S_ISCHR(statbuf.st_mode)) {
if (doit)
- option_error("%s is not a character device", cp);
+ ppp_option_error("%s is not a character device", cp);
return 0;
}
if (doit) {
- strlcpy(devnam, cp, sizeof(devnam));
+ strlcpy(devnam, cp, MAXPATHLEN);
devstat = statbuf;
default_device = 0;
}
while (*p) {
n = strtol(p, &endp, 16);
if (p == endp) {
- option_error("escape parameter contains invalid hex number '%s'",
+ ppp_option_error("escape parameter contains invalid hex number '%s'",
p);
return 0;
}
p = endp;
if (n < 0 || n == 0x5E || n > 0xFF) {
- option_error("can't escape character 0x%x", n);
+ ppp_option_error("can't escape character 0x%x", n);
ret = 0;
} else
- xmit_accm[n >> 5] |= 1 << (n & 0x1F);
+ xmit_accm[n >> 5] |= 1U << (n & 0x1F);
while (*p == ',' || *p == ' ')
++p;
}
}
static void
-printescape(option_t *opt, void (*printer)(void *, char *, ...), void *arg)
+printescape(struct option *opt, void (*printer)(void *, char *, ...), void *arg)
{
int n;
int first = 1;
for (n = 0; n < 256; ++n) {
if (n == 0x7d)
n += 2; /* skip 7d, 7e */
- if (xmit_accm[n >> 5] & (1 << (n & 0x1f))) {
+ if (xmit_accm[n >> 5] & (1U << (n & 0x1f))) {
if (!first)
printer(arg, ",");
else
*/
void tty_init(void)
{
- add_notifier(&pidchange, maybe_relock, 0);
+ ppp_add_notify(NF_PID_CHANGE, maybe_relock, 0);
the_channel = &tty_channel;
- xmit_accm[3] = 0x60000000;
+ xmit_accm[3] = 0x60000000U;
}
/*
if (default_device) {
char *p;
if (!isatty(0) || (p = ttyname(0)) == NULL) {
- option_error("no device specified and stdin is not a tty");
+ ppp_option_error("no device specified and stdin is not a tty");
exit(EXIT_OPTION_ERROR);
}
- strlcpy(devnam, p, sizeof(devnam));
+ strlcpy(devnam, p, MAXPATHLEN);
if (stat(devnam, &devstat) < 0)
fatal("Couldn't stat default device %s: %m", devnam);
}
int fdflags;
if (demand && notty) {
- option_error("demand-dialling is incompatible with notty");
+ ppp_option_error("demand-dialling is incompatible with notty");
exit(EXIT_OPTION_ERROR);
}
if (demand && connect_script == 0 && ptycommand == NULL
&& pty_socket == NULL) {
- option_error("connect script is required for demand-dialling\n");
+ ppp_option_error("connect script is required for demand-dialling\n");
exit(EXIT_OPTION_ERROR);
}
/* default holdoff to 0 if no connect script has been given */
if (using_pty) {
if (!default_device) {
- option_error("%s option precludes specifying device name",
+ ppp_option_error("%s option precludes specifying device name",
pty_socket? "socket": notty? "notty": "pty");
exit(EXIT_OPTION_ERROR);
}
if (ptycommand != NULL && notty) {
- option_error("pty option is incompatible with notty option");
+ ppp_option_error("pty option is incompatible with notty option");
exit(EXIT_OPTION_ERROR);
}
if (pty_socket != NULL && (ptycommand != NULL || notty)) {
- option_error("socket option is incompatible with pty and notty");
+ ppp_option_error("socket option is incompatible with pty and notty");
exit(EXIT_OPTION_ERROR);
}
default_device = notty;
* Get a pty master/slave pair if the pty, notty, socket,
* or record options were specified.
*/
- strlcpy(ppp_devnam, devnam, sizeof(ppp_devnam));
+ strlcpy(ppp_devname, devnam, MAXPATHLEN);
pty_master = -1;
pty_slave = -1;
real_ttyfd = -1;
if (using_pty || record_file != NULL) {
- if (!get_pty(&pty_master, &pty_slave, ppp_devnam, uid)) {
+ if (!get_pty(&pty_master, &pty_slave, ppp_devname, uid)) {
error("Couldn't allocate pseudo-tty");
- status = EXIT_FATAL_ERROR;
+ ppp_set_status(EXIT_FATAL_ERROR);
return -1;
}
set_up_tty(pty_slave, 1);
/*
* Lock the device if we've been asked to.
*/
- status = EXIT_LOCK_FAILED;
+ ppp_set_status(EXIT_LOCK_FAILED);
if (lockflag && !privopen) {
if (lock(devnam) < 0)
goto errret;
if (prio < OPRIO_ROOT && seteuid(uid) == -1) {
error("Unable to drop privileges before opening %s: %m\n",
devnam);
- status = EXIT_OPEN_FAILED;
+ ppp_set_status(EXIT_OPEN_FAILED);
goto errret;
}
real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR, 0);
errno = err;
if (err != EINTR) {
error("Failed to open %s: %m", devnam);
- status = EXIT_OPEN_FAILED;
+ ppp_set_status(EXIT_OPEN_FAILED);
}
if (!persist || err != EINTR)
goto errret;
* If the pty, socket, notty and/or record option was specified,
* start up the character shunt now.
*/
- status = EXIT_PTYCMD_FAILED;
+ ppp_set_status(EXIT_PTYCMD_FAILED);
if (ptycommand != NULL) {
if (record_file != NULL) {
int ipipe[2], opipe[2], ok;
if (initializer && initializer[0]) {
if (device_script(initializer, ttyfd, ttyfd, 0) < 0) {
error("Initializer script failed");
- status = EXIT_INIT_FAILED;
+ ppp_set_status(EXIT_INIT_FAILED);
goto errretf;
}
if (got_sigterm) {
if (connector && connector[0]) {
if (device_script(connector, ttyfd, ttyfd, 0) < 0) {
error("Connect script failed");
- status = EXIT_CONNECT_FAILED;
+ ppp_set_status(EXIT_CONNECT_FAILED);
goto errretf;
}
if (got_sigterm) {
break;
if (errno != EINTR) {
error("Failed to reopen %s: %m", devnam);
- status = EXIT_OPEN_FAILED;
+ ppp_set_status(EXIT_OPEN_FAILED);
}
if (!persist || errno != EINTR || hungup || got_sigterm)
goto errret;
}
slprintf(numbuf, sizeof(numbuf), "%d", baud_rate);
- script_setenv("SPEED", numbuf, 0);
+ ppp_script_setenv("SPEED", numbuf, 0);
/* run welcome script, if any */
if (welcomer && welcomer[0]) {
{
int cpid, ret;
- cpid = safe_fork(ifd, ofd, (log_to_fd >= 0? log_to_fd: 2));
+ cpid = ppp_safe_fork(ifd, ofd, (log_to_fd >= 0? log_to_fd: 2));
if (cpid == -1) {
error("Can't fork process for character shunt: %m");
return 0;
pty_readable = stdin_readable = 1;
ilevel = olevel = 0;
- get_time(&levelt);
+ ppp_get_time(&levelt);
if (max_data_rate) {
max_level = max_data_rate / 10;
if (max_level < 100)
int nbt;
struct timeval now;
- get_time(&now);
+ ppp_get_time(&now);
dt = (now.tv_sec - levelt.tv_sec
+ (now.tv_usec - levelt.tv_usec) / 1e6);
nbt = (int)(dt * max_data_rate);
#include <stdio.h>
#include <string.h>
-#include "pppd.h"
+#include "pppd-private.h"
+#include "options.h"
#include "upap.h"
/*
* Command-line options.
*/
-static option_t pap_option_list[] = {
+static struct option pap_option_list[] = {
{ "hide-password", o_bool, &hide_password,
"Don't output passwords to log", OPT_PRIO | 1 },
{ "show-password", o_bool, &hide_password,
-#include "pppdconf.h"
-
/*
* upap.h - User/Password Authentication Protocol definitions.
*
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#ifndef PPP_UPAP_H
+#define PPP_UPAP_H
+
+#include "pppdconf.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/*
* Packet header = Code, id, length.
int us_passwdlen; /* Password length */
int us_clientstate; /* Client state */
int us_serverstate; /* Server state */
- u_char us_id; /* Current id */
+ unsigned char us_id; /* Current id */
int us_timeouttime; /* Timeout (seconds) for auth-req retrans. */
int us_transmits; /* Number of auth-reqs sent */
int us_maxtransmits; /* Maximum number of auth-reqs to send */
void upap_authpeer(int);
extern struct protent pap_protent;
+
+typedef int (pap_check_hook_fn)(void);
+typedef int (pap_auth_hook_fn)(char *user, char *passwd, char **msgp,
+ struct wordlist **paddrs,
+ struct wordlist **popts);
+typedef void (pap_logout_hook_fn)(void);
+typedef int (pap_passwd_hook_fn)(char *user, char *passwd);
+
+/*
+ * This function will return a value of 1 to indicate that a plugin intent to
+ * supply a username or a password through the pap_auth_hook callback.
+ *
+ * A return value of > 0 will avoid parsing pap-secrets file.
+ */
+extern pap_check_hook_fn *pap_check_hook;
+
+/*
+ * This hook is used to check if a username and password matches against the
+ * PAP secrets.
+ */
+extern pap_auth_hook_fn *pap_auth_hook;
+
+/*
+ * Hook for plugin to know about PAP user logout.
+ */
+extern pap_logout_hook_fn *pap_logout_hook;
+
+/*
+ * A plugin can chose to supply its own user and password overriding what
+ * previously has been configured. Hook is only valid when pppd is acting
+ * as a client
+ */
+extern pap_passwd_hook_fn *pap_passwd_hook;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // PPP_UPAP_H
* 3. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
#include <sys/mkdev.h>
#endif
-#include "pppd.h"
+#include "pppd-private.h"
#include "fsm.h"
#include "lcp.h"
+#include "pathnames.h"
#if defined(SUNOS4)
extern char *strerror();
#endif
-static void logit(int, char *, va_list);
+static void logit(int, const char *, va_list);
static void log_write(int, char *);
static void vslp_printer(void *, char *, ...);
static void format_packet(u_char *, int, printer_func, void *);
* Returns the number of chars put into buf.
*/
int
-slprintf(char *buf, int buflen, char *fmt, ...)
+slprintf(char *buf, int buflen, const char *fmt, ...)
{
va_list args;
int n;
#define OUTCHAR(c) (buflen > 0? (--buflen, *buf++ = (c)): 0)
int
-vslprintf(char *buf, int buflen, char *fmt, va_list args)
+vslprintf(char *buf, int buflen, const char *fmt, va_list args)
{
int c, i, n;
int width, prec, fillch;
int base, len, neg, quoted;
long lval = 0;
unsigned long val = 0;
- char *str, *f, *buf0;
+ char *str, *buf0;
+ const char *f;
unsigned char *p;
char num[32];
time_t t;
* logit - does the hard work for fatal et al.
*/
static void
-logit(int level, char *fmt, va_list args)
+logit(int level, const char *fmt, va_list args)
{
char buf[1024];
* fatal - log an error message and die horribly.
*/
void
-fatal(char *fmt, ...)
+fatal(const char *fmt, ...)
{
va_list pvar;
* error - log an error message.
*/
void
-error(char *fmt, ...)
+error(const char *fmt, ...)
{
va_list pvar;
* warn - log a warning message.
*/
void
-warn(char *fmt, ...)
+warn(const char *fmt, ...)
{
va_list pvar;
* notice - log a notice-level message.
*/
void
-notice(char *fmt, ...)
+notice(const char *fmt, ...)
{
va_list pvar;
* info - log an informational message.
*/
void
-info(char *fmt, ...)
+info(const char *fmt, ...)
{
va_list pvar;
* dbglog - log a debug message.
*/
void
-dbglog(char *fmt, ...)
+dbglog(const char *fmt, ...)
{
va_list pvar;
for (done = 0; done < count; ) {
nb = read(fd, ptr, count - done);
if (nb < 0) {
- if (errno == EINTR && !got_sigterm)
+ if (errno == EINTR && !ppp_signaled(SIGTERM))
continue;
return -1;
}
}
#endif
-/* Procedures for locking the serial device using a lock file. */
-#ifndef LOCK_DIR
-#ifdef __linux__
-#define LOCK_DIR "/var/lock"
-#else
-#ifdef SVR4
-#define LOCK_DIR "/var/spool/locks"
-#else
-#define LOCK_DIR "/var/spool/lock"
-#endif
-#endif
-#endif /* LOCK_DIR */
+/*
+ * mkdir_check - helper for mkdir_recursive, creates a directory
+ * but do not error on EEXIST if and only if entry is a directory
+ * The caller must check for errno == ENOENT if appropriate.
+ */
+static int
+mkdir_check(const char *path)
+{
+ struct stat statbuf;
+
+ if (mkdir(path, 0755) >= 0)
+ return 0;
+ if (errno == EEXIST) {
+ if (stat(path, &statbuf) < 0)
+ /* got raced? */
+ return -1;
+
+ if ((statbuf.st_mode & S_IFMT) == S_IFDIR)
+ return 0;
+
+ /* already exists but not a dir, treat as failure */
+ errno = EEXIST;
+ return -1;
+ }
+
+ return -1;
+}
+
+/*
+ * mkdir_parent - helper for mkdir_recursive, modifies the string in place
+ * Assumes mkdir(path) already failed, so it first creates the parent then
+ * full path again.
+ */
+static int
+mkdir_parent(char *path)
+{
+ char *slash;
+ int rc;
+
+ slash = strrchr(path, '/');
+ if (!slash)
+ return -1;
+
+ *slash = 0;
+ if (mkdir_check(path) < 0) {
+ if (errno != ENOENT) {
+ *slash = '/';
+ return -1;
+ }
+ if (mkdir_parent(path) < 0) {
+ *slash = '/';
+ return -1;
+ }
+ }
+ *slash = '/';
+
+ return mkdir_check(path);
+}
+
+/*
+ * mkdir_recursive - recursively create directory if it didn't exist
+ */
+int
+mkdir_recursive(const char *path)
+{
+ char *copy;
+ int rc;
+
+ // optimistically try on full path first to avoid allocation
+ if (mkdir_check(path) == 0)
+ return 0;
+
+ copy = strdup(path);
+ if (!copy)
+ return -1;
+
+ rc = mkdir_parent(copy);
+ free(copy);
+ return rc;
+}
+
+/* Procedures for locking the serial device using a lock file. */
static char lock_file[MAXPATHLEN];
/*
return -1;
}
slprintf(lock_file, sizeof(lock_file), "%s/LK.%03d.%03d.%03d",
- LOCK_DIR, major(sbuf.st_dev),
+ PPP_PATH_LOCKDIR, major(sbuf.st_dev),
major(sbuf.st_rdev), minor(sbuf.st_rdev));
#else
char *p;
if ((p = strrchr(dev, '/')) != NULL)
dev = p + 1;
- slprintf(lock_file, sizeof(lock_file), "%s/LCK..%s", LOCK_DIR, dev);
+ slprintf(lock_file, sizeof(lock_file), "%s/LCK..%s", PPP_PATH_LOCKDIR, dev);
#endif
while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR, 0644)) < 0) {
--- /dev/null
+#include <fcntl.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
+#include "pppd-private.h"
+
+/* globals used in test.c... */
+int debug = 1;
+int error_count;
+int unsuccess;
+
+/* check if path exists and returns its type */
+static int
+file_type(char *path)
+{
+ struct stat statbuf;
+
+ if (stat(path, &statbuf) < 0)
+ return -1;
+
+ return statbuf.st_mode & S_IFMT;
+}
+
+int
+test_simple() {
+ if (mkdir_recursive("dir"))
+ return -1;
+
+ if (file_type("dir") != S_IFDIR)
+ return -1;
+
+ rmdir("dir");
+ return 0;
+}
+
+int
+test_recurse() {
+ if (mkdir_recursive("dir/subdir/subsubdir"))
+ return -1;
+
+ if (file_type("dir/subdir/subsubdir") != S_IFDIR)
+ return -1;
+
+ rmdir("dir/subdir/subsubdir");
+
+ /* try again with partial existence */
+ if (mkdir_recursive("dir/subdir/subsubdir"))
+ return -1;
+
+ if (file_type("dir/subdir/subsubdir") != S_IFDIR)
+ return -1;
+
+ rmdir("dir/subdir/subsubdir");
+ rmdir("dir/subdir");
+ rmdir("dir");
+ return 0;
+}
+
+int
+test_recurse_multislash() {
+ if (mkdir_recursive("dir/subdir///subsubdir"))
+ return -1;
+
+ if (file_type("dir/subdir/subsubdir") != S_IFDIR)
+ return -1;
+
+ rmdir("dir/subdir/subsubdir");
+ rmdir("dir/subdir");
+
+ /* try again with partial existence */
+ if (mkdir_recursive("dir/subdir/subsubdir///"))
+ return -1;
+
+ if (file_type("dir/subdir/subsubdir") != S_IFDIR)
+ return -1;
+
+ rmdir("dir/subdir/subsubdir");
+ rmdir("dir/subdir");
+ rmdir("dir");
+ return 0;
+}
+
+int
+test_parent_notdir() {
+ int fd = open("file", O_CREAT, 0600);
+ if (fd < 0)
+ return -1;
+ close(fd);
+
+ if (mkdir_recursive("file") == 0)
+ return -1;
+ if (mkdir_recursive("file/dir") == 0)
+ return -1;
+
+ unlink("file");
+ return 0;
+}
+
+int
+main()
+{
+ char *base_dir = strdup("/tmp/ppp_utils_utest.XXXXXX");
+ int failure = 0;
+
+ if (mkdtemp(base_dir) == NULL) {
+ printf("Could not create test directory, aborting\n");
+ return 1;
+ }
+
+ if (chdir(base_dir) < 0) {
+ printf("Could not enter newly created test dir, aborting\n");
+ return 1;
+ }
+
+ if (test_simple()) {
+ printf("Could not create simple directory\n");
+ failure++;
+ }
+
+ if (test_recurse()) {
+ printf("Could not create recursive directory\n");
+ failure++;
+ }
+
+ if (test_recurse_multislash()) {
+ printf("Could not create recursive directory with multiple slashes\n");
+ failure++;
+ }
+
+ if (test_parent_notdir()) {
+ printf("Creating over a file appeared to work?\n");
+ failure++;
+ }
+
+ rmdir(base_dir);
+ free(base_dir);
+ return failure;
+}
dist_man8_MANS = pppdump.8
pppdump_SOURCES = pppdump.c bsd-comp.c deflate.c zlib.c
-pppdump_CFLAGS = -I${top_srcdir}/include/net
noinst_HEADERS = \
ppp-comp.h \
#include <stddef.h>
#include <stdlib.h>
#include <string.h>
-#include "ppp_defs.h"
+
#include "ppp-comp.h"
#if DO_BSD_COMPRESS
stats->comp_packets = db->comp_count;
stats->inc_bytes = db->incomp_bytes;
stats->inc_packets = db->incomp_count;
- stats->ratio = db->in_count;
+
+ u_int ratio = db->in_count;
out = db->bytes_out;
- if (stats->ratio <= 0x7fffff)
- stats->ratio <<= 8;
+ if (ratio <= 0x7fffff)
+ ratio <<= 8;
else
out >>= 8;
if (out != 0)
- stats->ratio /= out;
+ stats->ratio = ratio / out;
}
/*
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
#include <stddef.h>
#include <stdlib.h>
#include <string.h>
-#include "ppp_defs.h"
+
#include "ppp-comp.h"
#include "zlib.h"
*stats = state->stats;
stats->ratio = stats->unc_bytes;
out = stats->comp_bytes + stats->unc_bytes;
- if (stats->ratio <= 0x7ffffff)
- stats->ratio <<= 8;
+ u_int ratio = stats->ratio;
+ if (ratio <= 0x7ffffff)
+ ratio <<= 8;
else
out >>= 8;
if (out != 0)
- stats->ratio /= out;
+ stats->ratio = ratio / out;
}
/*
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
#define DO_PREDICTOR_1 0
#define DO_PREDICTOR_2 0
+#if defined(SOL2)
+#include <net/ppp_defs.h>
+#else
+#include <linux/ppp_defs.h>
+#endif
+
/*
* Structure giving methods for compression/decompression.
*/
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
#include <stdlib.h>
#include <time.h>
#include <sys/types.h>
-#include "ppp_defs.h"
+
#include "ppp-comp.h"
int hexmode;
0xf78f, 0xe606, 0xd49d, 0xc514, 0xb1ab, 0xa022, 0x92b9, 0x8330,
0x7bc7, 0x6a4e, 0x58d5, 0x495c, 0x3de3, 0x2c6a, 0x1ef1, 0x0f78
};
+#define PPP_FCS(fcs, c) (((fcs) >> 8) ^ fcstab[((fcs) ^ (c)) & 0xff])
struct pkt {
int cnt;
printf("%s aborted packet:\n ", dir);
q = " ";
}
+ if (pkt->cnt >= sizeof(pkt->buf)) {
+ printf("%s over-long packet truncated:\n ", dir);
+ q = " ";
+ }
nb = pkt->cnt;
p = pkt->buf;
pkt->cnt = 0;
c ^= 0x20;
pkt->esc = 0;
}
- pkt->buf[pkt->cnt++] = c;
+ if (pkt->cnt < sizeof(pkt->buf))
+ pkt->buf[pkt->cnt++] = c;
break;
}
}
(*((strm)->zfree))((strm)->opaque, (voidpf)(addr), (size))
#define TRY_FREE(s, p, n) {if (p) ZFREE(s, p, n);}
-/* deflate.h -- internal compression state
- * Copyright (C) 1995 Jean-loup Gailly
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-
-/* WARNING: this file should *not* be used by applications. It is
- part of the implementation of the compression library and is
- subject to change. Applications should only use zlib.h.
- */
-
-
-/*+++++*/
-/* From: deflate.h,v 1.5 1995/05/03 17:27:09 jloup Exp */
-
-/* ===========================================================================
- * Internal compression state.
- */
-
-/* Data type */
-#define BINARY 0
-#define ASCII 1
-#define UNKNOWN 2
-
-#define LENGTH_CODES 29
-/* number of length codes, not counting the special END_BLOCK code */
-
-#define LITERALS 256
-/* number of literal bytes 0..255 */
-
-#define L_CODES (LITERALS+1+LENGTH_CODES)
-/* number of Literal or Length codes, including the END_BLOCK code */
-
-#define D_CODES 30
-/* number of distance codes */
-
-#define BL_CODES 19
-/* number of codes used to transfer the bit lengths */
-
-#define HEAP_SIZE (2*L_CODES+1)
-/* maximum heap size */
-
-#define MAX_BITS 15
-/* All codes must not exceed MAX_BITS bits */
-
-#define INIT_STATE 42
-#define BUSY_STATE 113
-#define FLUSH_STATE 124
-#define FINISH_STATE 666
-/* Stream status */
-
-
-/* Data structure describing a single value and its code string. */
-typedef struct ct_data_s {
- union {
- ush freq; /* frequency count */
- ush code; /* bit string */
- } fc;
- union {
- ush dad; /* father node in Huffman tree */
- ush len; /* length of bit string */
- } dl;
-} FAR ct_data;
-
-#define Freq fc.freq
-#define Code fc.code
-#define Dad dl.dad
-#define Len dl.len
-
-typedef struct static_tree_desc_s static_tree_desc;
-
-typedef struct tree_desc_s {
- ct_data *dyn_tree; /* the dynamic tree */
- int max_code; /* largest code with non zero frequency */
- static_tree_desc *stat_desc; /* the corresponding static tree */
-} FAR tree_desc;
-
-typedef ush Pos;
-typedef Pos FAR Posf;
-typedef unsigned IPos;
-
-/* A Pos is an index in the character window. We use short instead of int to
- * save space in the various tables. IPos is used only for parameter passing.
- */
-
-typedef struct deflate_state {
- z_stream *strm; /* pointer back to this zlib stream */
- int status; /* as the name implies */
- Bytef *pending_buf; /* output still pending */
- Bytef *pending_out; /* next pending byte to output to the stream */
- int pending; /* nb of bytes in the pending buffer */
- uLong adler; /* adler32 of uncompressed data */
- int noheader; /* suppress zlib header and adler32 */
- Byte data_type; /* UNKNOWN, BINARY or ASCII */
- Byte method; /* STORED (for zip only) or DEFLATED */
- int minCompr; /* min size decrease for Z_FLUSH_NOSTORE */
-
- /* used by deflate.c: */
-
- uInt w_size; /* LZ77 window size (32K by default) */
- uInt w_bits; /* log2(w_size) (8..16) */
- uInt w_mask; /* w_size - 1 */
-
- Bytef *window;
- /* Sliding window. Input bytes are read into the second half of the window,
- * and move to the first half later to keep a dictionary of at least wSize
- * bytes. With this organization, matches are limited to a distance of
- * wSize-MAX_MATCH bytes, but this ensures that IO is always
- * performed with a length multiple of the block size. Also, it limits
- * the window size to 64K, which is quite useful on MSDOS.
- * To do: use the user input buffer as sliding window.
- */
-
- ulg window_size;
- /* Actual size of window: 2*wSize, except when the user input buffer
- * is directly used as sliding window.
- */
-
- Posf *prev;
- /* Link to older string with same hash index. To limit the size of this
- * array to 64K, this link is maintained only for the last 32K strings.
- * An index in this array is thus a window index modulo 32K.
- */
-
- Posf *head; /* Heads of the hash chains or NIL. */
-
- uInt ins_h; /* hash index of string to be inserted */
- uInt hash_size; /* number of elements in hash table */
- uInt hash_bits; /* log2(hash_size) */
- uInt hash_mask; /* hash_size-1 */
-
- uInt hash_shift;
- /* Number of bits by which ins_h must be shifted at each input
- * step. It must be such that after MIN_MATCH steps, the oldest
- * byte no longer takes part in the hash key, that is:
- * hash_shift * MIN_MATCH >= hash_bits
- */
-
- long block_start;
- /* Window position at the beginning of the current output block. Gets
- * negative when the window is moved backwards.
- */
-
- uInt match_length; /* length of best match */
- IPos prev_match; /* previous match */
- int match_available; /* set if previous match exists */
- uInt strstart; /* start of string to insert */
- uInt match_start; /* start of matching string */
- uInt lookahead; /* number of valid bytes ahead in window */
-
- uInt prev_length;
- /* Length of the best match at previous step. Matches not greater than this
- * are discarded. This is used in the lazy match evaluation.
- */
-
- uInt max_chain_length;
- /* To speed up deflation, hash chains are never searched beyond this
- * length. A higher limit improves compression ratio but degrades the
- * speed.
- */
-
- uInt max_lazy_match;
- /* Attempt to find a better match only when the current match is strictly
- * smaller than this value. This mechanism is used only for compression
- * levels >= 4.
- */
-# define max_insert_length max_lazy_match
- /* Insert new strings in the hash table only if the match length is not
- * greater than this length. This saves time but degrades compression.
- * max_insert_length is used only for compression levels <= 3.
- */
-
- int level; /* compression level (1..9) */
- int strategy; /* favor or force Huffman coding*/
-
- uInt good_match;
- /* Use a faster search when the previous match is longer than this */
-
- int nice_match; /* Stop searching when current match exceeds this */
-
- /* used by trees.c: */
- /* Didn't use ct_data typedef below to supress compiler warning */
- struct ct_data_s dyn_ltree[HEAP_SIZE]; /* literal and length tree */
- struct ct_data_s dyn_dtree[2*D_CODES+1]; /* distance tree */
- struct ct_data_s bl_tree[2*BL_CODES+1]; /* Huffman tree for bit lengths */
-
- struct tree_desc_s l_desc; /* desc. for literal tree */
- struct tree_desc_s d_desc; /* desc. for distance tree */
- struct tree_desc_s bl_desc; /* desc. for bit length tree */
-
- ush bl_count[MAX_BITS+1];
- /* number of codes at each bit length for an optimal tree */
-
- int heap[2*L_CODES+1]; /* heap used to build the Huffman trees */
- int heap_len; /* number of elements in the heap */
- int heap_max; /* element of largest frequency */
- /* The sons of heap[n] are heap[2*n] and heap[2*n+1]. heap[0] is not used.
- * The same heap array is used to build all trees.
- */
-
- uch depth[2*L_CODES+1];
- /* Depth of each subtree used as tie breaker for trees of equal frequency
- */
-
- uchf *l_buf; /* buffer for literals or lengths */
-
- uInt lit_bufsize;
- /* Size of match buffer for literals/lengths. There are 4 reasons for
- * limiting lit_bufsize to 64K:
- * - frequencies can be kept in 16 bit counters
- * - if compression is not successful for the first block, all input
- * data is still in the window so we can still emit a stored block even
- * when input comes from standard input. (This can also be done for
- * all blocks if lit_bufsize is not greater than 32K.)
- * - if compression is not successful for a file smaller than 64K, we can
- * even emit a stored file instead of a stored block (saving 5 bytes).
- * This is applicable only for zip (not gzip or zlib).
- * - creating new Huffman trees less frequently may not provide fast
- * adaptation to changes in the input data statistics. (Take for
- * example a binary file with poorly compressible code followed by
- * a highly compressible string table.) Smaller buffer sizes give
- * fast adaptation but have of course the overhead of transmitting
- * trees more frequently.
- * - I can't count above 4
- */
-
- uInt last_lit; /* running index in l_buf */
-
- ushf *d_buf;
- /* Buffer for distances. To simplify the code, d_buf and l_buf have
- * the same number of elements. To use different lengths, an extra flag
- * array would be necessary.
- */
-
- ulg opt_len; /* bit length of current block with optimal trees */
- ulg static_len; /* bit length of current block with static trees */
- ulg compressed_len; /* total bit length of compressed file */
- uInt matches; /* number of string matches in current block */
- int last_eob_len; /* bit length of EOB code for last block */
-
-#ifdef DEBUG_ZLIB
- ulg bits_sent; /* bit length of the compressed data */
-#endif
-
- ush bi_buf;
- /* Output buffer. bits are inserted starting at the bottom (least
- * significant bits).
- */
- int bi_valid;
- /* Number of valid bits in bi_buf. All bits above the last valid bit
- * are always zero.
- */
-
- uInt blocks_in_packet;
- /* Number of blocks produced since the last time Z_PACKET_FLUSH
- * was used.
- */
-
-} FAR deflate_state;
-
-/* Output a byte on the stream.
- * IN assertion: there is enough room in pending_buf.
- */
-#define put_byte(s, c) {s->pending_buf[s->pending++] = (c);}
-
-
-#define MIN_LOOKAHEAD (MAX_MATCH+MIN_MATCH+1)
-/* Minimum amount of lookahead, except at the end of the input file.
- * See deflate.c for comments about the MIN_MATCH+1.
- */
-
-#define MAX_DIST(s) ((s)->w_size-MIN_LOOKAHEAD)
-/* In order to simplify the code, particularly on 16 bit machines, match
- * distances are limited to MAX_DIST instead of WSIZE.
- */
-
- /* in trees.c */
-local void ct_init OF((deflate_state *s));
-local int ct_tally OF((deflate_state *s, int dist, int lc));
-local ulg ct_flush_block OF((deflate_state *s, charf *buf, ulg stored_len,
- int flush));
-local void ct_align OF((deflate_state *s));
-local void ct_stored_block OF((deflate_state *s, charf *buf, ulg stored_len,
- int eof));
-local void ct_stored_type_only OF((deflate_state *s));
-
-
-/*+++++*/
-/* deflate.c -- compress data using the deflation algorithm
- * Copyright (C) 1995 Jean-loup Gailly.
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-
-/*
- * ALGORITHM
- *
- * The "deflation" process depends on being able to identify portions
- * of the input text which are identical to earlier input (within a
- * sliding window trailing behind the input currently being processed).
- *
- * The most straightforward technique turns out to be the fastest for
- * most input files: try all possible matches and select the longest.
- * The key feature of this algorithm is that insertions into the string
- * dictionary are very simple and thus fast, and deletions are avoided
- * completely. Insertions are performed at each input character, whereas
- * string matches are performed only when the previous match ends. So it
- * is preferable to spend more time in matches to allow very fast string
- * insertions and avoid deletions. The matching algorithm for small
- * strings is inspired from that of Rabin & Karp. A brute force approach
- * is used to find longer strings when a small match has been found.
- * A similar algorithm is used in comic (by Jan-Mark Wams) and freeze
- * (by Leonid Broukhis).
- * A previous version of this file used a more sophisticated algorithm
- * (by Fiala and Greene) which is guaranteed to run in linear amortized
- * time, but has a larger average cost, uses more memory and is patented.
- * However the F&G algorithm may be faster for some highly redundant
- * files if the parameter max_chain_length (described below) is too large.
- *
- * ACKNOWLEDGEMENTS
- *
- * The idea of lazy evaluation of matches is due to Jan-Mark Wams, and
- * I found it in 'freeze' written by Leonid Broukhis.
- * Thanks to many people for bug reports and testing.
- *
- * REFERENCES
- *
- * Deutsch, L.P.,"'Deflate' Compressed Data Format Specification".
- * Available in ftp.uu.net:/pub/archiving/zip/doc/deflate-1.1.doc
- *
- * A description of the Rabin and Karp algorithm is given in the book
- * "Algorithms" by R. Sedgewick, Addison-Wesley, p252.
- *
- * Fiala,E.R., and Greene,D.H.
- * Data Compression with Finite Windows, Comm.ACM, 32,4 (1989) 490-595
- *
- */
-
-/* From: deflate.c,v 1.8 1995/05/03 17:27:08 jloup Exp */
-
-local char zlib_copyright[] = " deflate Copyright 1995 Jean-loup Gailly ";
-/*
- If you use the zlib library in a product, an acknowledgment is welcome
- in the documentation of your product. If for some reason you cannot
- include such an acknowledgment, I would appreciate that you keep this
- copyright string in the executable of your product.
- */
-
-#define NIL 0
-/* Tail of hash chains */
-
-#ifndef TOO_FAR
-# define TOO_FAR 4096
-#endif
-/* Matches of length 3 are discarded if their distance exceeds TOO_FAR */
-
-#define MIN_LOOKAHEAD (MAX_MATCH+MIN_MATCH+1)
-/* Minimum amount of lookahead, except at the end of the input file.
- * See deflate.c for comments about the MIN_MATCH+1.
- */
-
-/* Values for max_lazy_match, good_match and max_chain_length, depending on
- * the desired pack level (0..9). The values given below have been tuned to
- * exclude worst case performance for pathological files. Better values may be
- * found for specific files.
- */
-
-typedef struct config_s {
- ush good_length; /* reduce lazy search above this match length */
- ush max_lazy; /* do not perform lazy search above this match length */
- ush nice_length; /* quit search above this match length */
- ush max_chain;
-} config;
-
-local config configuration_table[10] = {
-/* good lazy nice chain */
-/* 0 */ {0, 0, 0, 0}, /* store only */
-/* 1 */ {4, 4, 8, 4}, /* maximum speed, no lazy matches */
-/* 2 */ {4, 5, 16, 8},
-/* 3 */ {4, 6, 32, 32},
-
-/* 4 */ {4, 4, 16, 16}, /* lazy matches */
-/* 5 */ {8, 16, 32, 32},
-/* 6 */ {8, 16, 128, 128},
-/* 7 */ {8, 32, 128, 256},
-/* 8 */ {32, 128, 258, 1024},
-/* 9 */ {32, 258, 258, 4096}}; /* maximum compression */
-
-/* Note: the deflate() code requires max_lazy >= MIN_MATCH and max_chain >= 4
- * For deflate_fast() (levels <= 3) good is ignored and lazy has a different
- * meaning.
- */
-
-#define EQUAL 0
-/* result of memcmp for equal strings */
-
-/* ===========================================================================
- * Prototypes for local functions.
- */
-
-local void fill_window OF((deflate_state *s));
-local int deflate_fast OF((deflate_state *s, int flush));
-local int deflate_slow OF((deflate_state *s, int flush));
-local void lm_init OF((deflate_state *s));
-local int longest_match OF((deflate_state *s, IPos cur_match));
-local void putShortMSB OF((deflate_state *s, uInt b));
-local void flush_pending OF((z_stream *strm));
-local int read_buf OF((z_stream *strm, charf *buf, unsigned size));
-#ifdef ASMV
- void match_init OF((void)); /* asm code initialization */
-#endif
-
-#ifdef DEBUG_ZLIB
-local void check_match OF((deflate_state *s, IPos start, IPos match,
- int length));
-#endif
-
-
-/* ===========================================================================
- * Update a hash value with the given input byte
- * IN assertion: all calls to to UPDATE_HASH are made with consecutive
- * input characters, so that a running hash key can be computed from the
- * previous key instead of complete recalculation each time.
- */
-#define UPDATE_HASH(s,h,c) (h = (((h)<<s->hash_shift) ^ (c)) & s->hash_mask)
-
-
-/* ===========================================================================
- * Insert string str in the dictionary and set match_head to the previous head
- * of the hash chain (the most recent string with same hash key). Return
- * the previous length of the hash chain.
- * IN assertion: all calls to to INSERT_STRING are made with consecutive
- * input characters and the first MIN_MATCH bytes of str are valid
- * (except for the last MIN_MATCH-1 bytes of the input file).
- */
-#define INSERT_STRING(s, str, match_head) \
- (UPDATE_HASH(s, s->ins_h, s->window[(str) + (MIN_MATCH-1)]), \
- s->prev[(str) & s->w_mask] = match_head = s->head[s->ins_h], \
- s->head[s->ins_h] = (str))
-
-/* ===========================================================================
- * Initialize the hash table (avoiding 64K overflow for 16 bit systems).
- * prev[] will be initialized on the fly.
- */
-#define CLEAR_HASH(s) \
- s->head[s->hash_size-1] = NIL; \
- zmemzero((charf *)s->head, (unsigned)(s->hash_size-1)*sizeof(*s->head));
-
-/* ========================================================================= */
-int deflateInit (strm, level)
- z_stream *strm;
- int level;
-{
- return deflateInit2 (strm, level, DEFLATED, MAX_WBITS, DEF_MEM_LEVEL,
- 0, 0);
- /* To do: ignore strm->next_in if we use it as window */
-}
-
-/* ========================================================================= */
-int deflateInit2 (strm, level, method, windowBits, memLevel,
- strategy, minCompression)
- z_stream *strm;
- int level;
- int method;
- int windowBits;
- int memLevel;
- int strategy;
- int minCompression;
-{
- deflate_state *s;
- int noheader = 0;
-
- if (strm == Z_NULL) return Z_STREAM_ERROR;
-
- strm->msg = Z_NULL;
-/* if (strm->zalloc == Z_NULL) strm->zalloc = zcalloc; */
-/* if (strm->zfree == Z_NULL) strm->zfree = zcfree; */
-
- if (level == Z_DEFAULT_COMPRESSION) level = 6;
-
- if (windowBits < 0) { /* undocumented feature: suppress zlib header */
- noheader = 1;
- windowBits = -windowBits;
- }
- if (memLevel < 1 || memLevel > MAX_MEM_LEVEL || method != DEFLATED ||
- windowBits < 8 || windowBits > 15 || level < 1 || level > 9) {
- return Z_STREAM_ERROR;
- }
- s = (deflate_state *) ZALLOC(strm, 1, sizeof(deflate_state));
- if (s == Z_NULL) return Z_MEM_ERROR;
- strm->state = (struct internal_state FAR *)s;
- s->strm = strm;
-
- s->noheader = noheader;
- s->w_bits = windowBits;
- s->w_size = 1 << s->w_bits;
- s->w_mask = s->w_size - 1;
-
- s->hash_bits = memLevel + 7;
- s->hash_size = 1 << s->hash_bits;
- s->hash_mask = s->hash_size - 1;
- s->hash_shift = ((s->hash_bits+MIN_MATCH-1)/MIN_MATCH);
-
- s->window = (Bytef *) ZALLOC(strm, s->w_size, 2*sizeof(Byte));
- s->prev = (Posf *) ZALLOC(strm, s->w_size, sizeof(Pos));
- s->head = (Posf *) ZALLOC(strm, s->hash_size, sizeof(Pos));
-
- s->lit_bufsize = 1 << (memLevel + 6); /* 16K elements by default */
-
- s->pending_buf = (uchf *) ZALLOC(strm, s->lit_bufsize, 2*sizeof(ush));
-
- if (s->window == Z_NULL || s->prev == Z_NULL || s->head == Z_NULL ||
- s->pending_buf == Z_NULL) {
- strm->msg = z_errmsg[1-Z_MEM_ERROR];
- deflateEnd (strm);
- return Z_MEM_ERROR;
- }
- s->d_buf = (ushf *) &(s->pending_buf[s->lit_bufsize]);
- s->l_buf = (uchf *) &(s->pending_buf[3*s->lit_bufsize]);
- /* We overlay pending_buf and d_buf+l_buf. This works since the average
- * output size for (length,distance) codes is <= 32 bits (worst case
- * is 15+15+13=33).
- */
-
- s->level = level;
- s->strategy = strategy;
- s->method = (Byte)method;
- s->minCompr = minCompression;
- s->blocks_in_packet = 0;
-
- return deflateReset(strm);
-}
-
-/* ========================================================================= */
-int deflateReset (strm)
- z_stream *strm;
-{
- deflate_state *s;
-
- if (strm == Z_NULL || strm->state == Z_NULL ||
- strm->zalloc == Z_NULL || strm->zfree == Z_NULL) return Z_STREAM_ERROR;
-
- strm->total_in = strm->total_out = 0;
- strm->msg = Z_NULL; /* use zfree if we ever allocate msg dynamically */
- strm->data_type = Z_UNKNOWN;
-
- s = (deflate_state *)strm->state;
- s->pending = 0;
- s->pending_out = s->pending_buf;
-
- if (s->noheader < 0) {
- s->noheader = 0; /* was set to -1 by deflate(..., Z_FINISH); */
- }
- s->status = s->noheader ? BUSY_STATE : INIT_STATE;
- s->adler = 1;
-
- ct_init(s);
- lm_init(s);
-
- return Z_OK;
-}
-
-/* =========================================================================
- * Put a short in the pending buffer. The 16-bit value is put in MSB order.
- * IN assertion: the stream state is correct and there is enough room in
- * pending_buf.
- */
-local void putShortMSB (s, b)
- deflate_state *s;
- uInt b;
-{
- put_byte(s, (Byte)(b >> 8));
- put_byte(s, (Byte)(b & 0xff));
-}
-
-/* =========================================================================
- * Flush as much pending output as possible.
- */
-local void flush_pending(strm)
- z_stream *strm;
-{
- deflate_state *state = (deflate_state *) strm->state;
- unsigned len = state->pending;
-
- if (len > strm->avail_out) len = strm->avail_out;
- if (len == 0) return;
-
- if (strm->next_out != NULL) {
- zmemcpy(strm->next_out, state->pending_out, len);
- strm->next_out += len;
- }
- state->pending_out += len;
- strm->total_out += len;
- strm->avail_out -= len;
- state->pending -= len;
- if (state->pending == 0) {
- state->pending_out = state->pending_buf;
- }
-}
-
-/* ========================================================================= */
-int deflate (strm, flush)
- z_stream *strm;
- int flush;
-{
- deflate_state *state = (deflate_state *) strm->state;
-
- if (strm == Z_NULL || state == Z_NULL) return Z_STREAM_ERROR;
-
- if (strm->next_in == Z_NULL && strm->avail_in != 0) {
- ERR_RETURN(strm, Z_STREAM_ERROR);
- }
- if (strm->avail_out == 0) ERR_RETURN(strm, Z_BUF_ERROR);
-
- state->strm = strm; /* just in case */
-
- /* Write the zlib header */
- if (state->status == INIT_STATE) {
-
- uInt header = (DEFLATED + ((state->w_bits-8)<<4)) << 8;
- uInt level_flags = (state->level-1) >> 1;
-
- if (level_flags > 3) level_flags = 3;
- header |= (level_flags << 6);
- header += 31 - (header % 31);
-
- state->status = BUSY_STATE;
- putShortMSB(state, header);
- }
-
- /* Flush as much pending output as possible */
- if (state->pending != 0) {
- flush_pending(strm);
- if (strm->avail_out == 0) return Z_OK;
- }
-
- /* If we came back in here to get the last output from
- * a previous flush, we're done for now.
- */
- if (state->status == FLUSH_STATE) {
- state->status = BUSY_STATE;
- if (flush != Z_NO_FLUSH && flush != Z_FINISH)
- return Z_OK;
- }
-
- /* User must not provide more input after the first FINISH: */
- if (state->status == FINISH_STATE && strm->avail_in != 0) {
- ERR_RETURN(strm, Z_BUF_ERROR);
- }
-
- /* Start a new block or continue the current one.
- */
- if (strm->avail_in != 0 || state->lookahead != 0 ||
- (flush == Z_FINISH && state->status != FINISH_STATE)) {
- int quit;
-
- if (flush == Z_FINISH) {
- state->status = FINISH_STATE;
- }
- if (state->level <= 3) {
- quit = deflate_fast(state, flush);
- } else {
- quit = deflate_slow(state, flush);
- }
- if (quit || strm->avail_out == 0)
- return Z_OK;
- /* If flush != Z_NO_FLUSH && avail_out == 0, the next call
- * of deflate should use the same flush parameter to make sure
- * that the flush is complete. So we don't have to output an
- * empty block here, this will be done at next call. This also
- * ensures that for a very small output buffer, we emit at most
- * one empty block.
- */
- }
-
- /* If a flush was requested, we have a little more to output now. */
- if (flush != Z_NO_FLUSH && flush != Z_FINISH
- && state->status != FINISH_STATE) {
- switch (flush) {
- case Z_PARTIAL_FLUSH:
- ct_align(state);
- break;
- case Z_PACKET_FLUSH:
- /* Output just the 3-bit `stored' block type value,
- but not a zero length. */
- ct_stored_type_only(state);
- break;
- default:
- ct_stored_block(state, (char*)0, 0L, 0);
- /* For a full flush, this empty block will be recognized
- * as a special marker by inflate_sync().
- */
- if (flush == Z_FULL_FLUSH) {
- CLEAR_HASH(state); /* forget history */
- }
- }
- flush_pending(strm);
- if (strm->avail_out == 0) {
- /* We'll have to come back to get the rest of the output;
- * this ensures we don't output a second zero-length stored
- * block (or whatever).
- */
- state->status = FLUSH_STATE;
- return Z_OK;
- }
- }
-
- Assert(strm->avail_out > 0, "bug2");
-
- if (flush != Z_FINISH) return Z_OK;
- if (state->noheader) return Z_STREAM_END;
-
- /* Write the zlib trailer (adler32) */
- putShortMSB(state, (uInt)(state->adler >> 16));
- putShortMSB(state, (uInt)(state->adler & 0xffff));
- flush_pending(strm);
- /* If avail_out is zero, the application will call deflate again
- * to flush the rest.
- */
- state->noheader = -1; /* write the trailer only once! */
- return state->pending != 0 ? Z_OK : Z_STREAM_END;
-}
-
-/* ========================================================================= */
-int deflateEnd (strm)
- z_stream *strm;
-{
- deflate_state *state = (deflate_state *) strm->state;
-
- if (strm == Z_NULL || state == Z_NULL) return Z_STREAM_ERROR;
-
- TRY_FREE(strm, state->window, state->w_size * 2 * sizeof(Byte));
- TRY_FREE(strm, state->prev, state->w_size * sizeof(Pos));
- TRY_FREE(strm, state->head, state->hash_size * sizeof(Pos));
- TRY_FREE(strm, state->pending_buf, state->lit_bufsize * 2 * sizeof(ush));
-
- ZFREE(strm, state, sizeof(deflate_state));
- strm->state = Z_NULL;
-
- return Z_OK;
-}
-
-/* ===========================================================================
- * Read a new buffer from the current input stream, update the adler32
- * and total number of bytes read.
- */
-local int read_buf(strm, buf, size)
- z_stream *strm;
- charf *buf;
- unsigned size;
-{
- unsigned len = strm->avail_in;
- deflate_state *state = (deflate_state *) strm->state;
-
- if (len > size) len = size;
- if (len == 0) return 0;
-
- strm->avail_in -= len;
-
- if (!state->noheader) {
- state->adler = adler32(state->adler, strm->next_in, len);
- }
- zmemcpy(buf, strm->next_in, len);
- strm->next_in += len;
- strm->total_in += len;
-
- return (int)len;
-}
-
-/* ===========================================================================
- * Initialize the "longest match" routines for a new zlib stream
- */
-local void lm_init (s)
- deflate_state *s;
-{
- s->window_size = (ulg)2L*s->w_size;
-
- CLEAR_HASH(s);
-
- /* Set the default configuration parameters:
- */
- s->max_lazy_match = configuration_table[s->level].max_lazy;
- s->good_match = configuration_table[s->level].good_length;
- s->nice_match = configuration_table[s->level].nice_length;
- s->max_chain_length = configuration_table[s->level].max_chain;
-
- s->strstart = 0;
- s->block_start = 0L;
- s->lookahead = 0;
- s->match_length = MIN_MATCH-1;
- s->match_available = 0;
- s->ins_h = 0;
-#ifdef ASMV
- match_init(); /* initialize the asm code */
-#endif
-}
-
-/* ===========================================================================
- * Set match_start to the longest match starting at the given string and
- * return its length. Matches shorter or equal to prev_length are discarded,
- * in which case the result is equal to prev_length and match_start is
- * garbage.
- * IN assertions: cur_match is the head of the hash chain for the current
- * string (strstart) and its distance is <= MAX_DIST, and prev_length >= 1
- */
-#ifndef ASMV
-/* For 80x86 and 680x0, an optimized version will be provided in match.asm or
- * match.S. The code will be functionally equivalent.
- */
-local int longest_match(s, cur_match)
- deflate_state *s;
- IPos cur_match; /* current match */
-{
- unsigned chain_length = s->max_chain_length;/* max hash chain length */
- register Bytef *scan = s->window + s->strstart; /* current string */
- register Bytef *match; /* matched string */
- register int len; /* length of current match */
- int best_len = s->prev_length; /* best match length so far */
- IPos limit = s->strstart > (IPos)MAX_DIST(s) ?
- s->strstart - (IPos)MAX_DIST(s) : NIL;
- /* Stop when cur_match becomes <= limit. To simplify the code,
- * we prevent matches with the string of window index 0.
- */
- Posf *prev = s->prev;
- uInt wmask = s->w_mask;
-
-#ifdef UNALIGNED_OK
- /* Compare two bytes at a time. Note: this is not always beneficial.
- * Try with and without -DUNALIGNED_OK to check.
- */
- register Bytef *strend = s->window + s->strstart + MAX_MATCH - 1;
- register ush scan_start = *(ushf*)scan;
- register ush scan_end = *(ushf*)(scan+best_len-1);
-#else
- register Bytef *strend = s->window + s->strstart + MAX_MATCH;
- register Byte scan_end1 = scan[best_len-1];
- register Byte scan_end = scan[best_len];
-#endif
-
- /* The code is optimized for HASH_BITS >= 8 and MAX_MATCH-2 multiple of 16.
- * It is easy to get rid of this optimization if necessary.
- */
- Assert(s->hash_bits >= 8 && MAX_MATCH == 258, "Code too clever");
-
- /* Do not waste too much time if we already have a good match: */
- if (s->prev_length >= s->good_match) {
- chain_length >>= 2;
- }
- Assert((ulg)s->strstart <= s->window_size-MIN_LOOKAHEAD, "need lookahead");
-
- do {
- Assert(cur_match < s->strstart, "no future");
- match = s->window + cur_match;
-
- /* Skip to next match if the match length cannot increase
- * or if the match length is less than 2:
- */
-#if (defined(UNALIGNED_OK) && MAX_MATCH == 258)
- /* This code assumes sizeof(unsigned short) == 2. Do not use
- * UNALIGNED_OK if your compiler uses a different size.
- */
- if (*(ushf*)(match+best_len-1) != scan_end ||
- *(ushf*)match != scan_start) continue;
-
- /* It is not necessary to compare scan[2] and match[2] since they are
- * always equal when the other bytes match, given that the hash keys
- * are equal and that HASH_BITS >= 8. Compare 2 bytes at a time at
- * strstart+3, +5, ... up to strstart+257. We check for insufficient
- * lookahead only every 4th comparison; the 128th check will be made
- * at strstart+257. If MAX_MATCH-2 is not a multiple of 8, it is
- * necessary to put more guard bytes at the end of the window, or
- * to check more often for insufficient lookahead.
- */
- Assert(scan[2] == match[2], "scan[2]?");
- scan++, match++;
- do {
- } while (*(ushf*)(scan+=2) == *(ushf*)(match+=2) &&
- *(ushf*)(scan+=2) == *(ushf*)(match+=2) &&
- *(ushf*)(scan+=2) == *(ushf*)(match+=2) &&
- *(ushf*)(scan+=2) == *(ushf*)(match+=2) &&
- scan < strend);
- /* The funny "do {}" generates better code on most compilers */
-
- /* Here, scan <= window+strstart+257 */
- Assert(scan <= s->window+(unsigned)(s->window_size-1), "wild scan");
- if (*scan == *match) scan++;
-
- len = (MAX_MATCH - 1) - (int)(strend-scan);
- scan = strend - (MAX_MATCH-1);
-
-#else /* UNALIGNED_OK */
-
- if (match[best_len] != scan_end ||
- match[best_len-1] != scan_end1 ||
- *match != *scan ||
- *++match != scan[1]) continue;
-
- /* The check at best_len-1 can be removed because it will be made
- * again later. (This heuristic is not always a win.)
- * It is not necessary to compare scan[2] and match[2] since they
- * are always equal when the other bytes match, given that
- * the hash keys are equal and that HASH_BITS >= 8.
- */
- scan += 2, match++;
- Assert(*scan == *match, "match[2]?");
-
- /* We check for insufficient lookahead only every 8th comparison;
- * the 256th check will be made at strstart+258.
- */
- do {
- } while (*++scan == *++match && *++scan == *++match &&
- *++scan == *++match && *++scan == *++match &&
- *++scan == *++match && *++scan == *++match &&
- *++scan == *++match && *++scan == *++match &&
- scan < strend);
-
- Assert(scan <= s->window+(unsigned)(s->window_size-1), "wild scan");
-
- len = MAX_MATCH - (int)(strend - scan);
- scan = strend - MAX_MATCH;
-
-#endif /* UNALIGNED_OK */
-
- if (len > best_len) {
- s->match_start = cur_match;
- best_len = len;
- if (len >= s->nice_match) break;
-#ifdef UNALIGNED_OK
- scan_end = *(ushf*)(scan+best_len-1);
-#else
- scan_end1 = scan[best_len-1];
- scan_end = scan[best_len];
-#endif
- }
- } while ((cur_match = prev[cur_match & wmask]) > limit
- && --chain_length != 0);
-
- return best_len;
-}
-#endif /* ASMV */
-
-#ifdef DEBUG_ZLIB
-/* ===========================================================================
- * Check that the match at match_start is indeed a match.
- */
-local void check_match(s, start, match, length)
- deflate_state *s;
- IPos start, match;
- int length;
-{
- /* check that the match is indeed a match */
- if (memcmp((charf *)s->window + match,
- (charf *)s->window + start, length) != EQUAL) {
- fprintf(stderr,
- " start %u, match %u, length %d\n",
- start, match, length);
- do { fprintf(stderr, "%c%c", s->window[match++],
- s->window[start++]); } while (--length != 0);
- z_error("invalid match");
- }
- if (verbose > 1) {
- fprintf(stderr,"\\[%d,%d]", start-match, length);
- do { putc(s->window[start++], stderr); } while (--length != 0);
- }
-}
-#else
-# define check_match(s, start, match, length)
-#endif
-
-/* ===========================================================================
- * Fill the window when the lookahead becomes insufficient.
- * Updates strstart and lookahead.
- *
- * IN assertion: lookahead < MIN_LOOKAHEAD
- * OUT assertions: strstart <= window_size-MIN_LOOKAHEAD
- * At least one byte has been read, or avail_in == 0; reads are
- * performed for at least two bytes (required for the zip translate_eol
- * option -- not supported here).
- */
-local void fill_window(s)
- deflate_state *s;
-{
- register unsigned n, m;
- register Posf *p;
- unsigned more; /* Amount of free space at the end of the window. */
- uInt wsize = s->w_size;
-
- do {
- more = (unsigned)(s->window_size -(ulg)s->lookahead -(ulg)s->strstart);
-
- /* Deal with !@#$% 64K limit: */
- if (more == 0 && s->strstart == 0 && s->lookahead == 0) {
- more = wsize;
- } else if (more == (unsigned)(-1)) {
- /* Very unlikely, but possible on 16 bit machine if strstart == 0
- * and lookahead == 1 (input done one byte at time)
- */
- more--;
-
- /* If the window is almost full and there is insufficient lookahead,
- * move the upper half to the lower one to make room in the upper half.
- */
- } else if (s->strstart >= wsize+MAX_DIST(s)) {
-
- /* By the IN assertion, the window is not empty so we can't confuse
- * more == 0 with more == 64K on a 16 bit machine.
- */
- zmemcpy((charf *)s->window, (charf *)s->window+wsize,
- (unsigned)wsize);
- s->match_start -= wsize;
- s->strstart -= wsize; /* we now have strstart >= MAX_DIST */
-
- s->block_start -= (long) wsize;
-
- /* Slide the hash table (could be avoided with 32 bit values
- at the expense of memory usage):
- */
- n = s->hash_size;
- p = &s->head[n];
- do {
- m = *--p;
- *p = (Pos)(m >= wsize ? m-wsize : NIL);
- } while (--n);
-
- n = wsize;
- p = &s->prev[n];
- do {
- m = *--p;
- *p = (Pos)(m >= wsize ? m-wsize : NIL);
- /* If n is not on any hash chain, prev[n] is garbage but
- * its value will never be used.
- */
- } while (--n);
-
- more += wsize;
- }
- if (s->strm->avail_in == 0) return;
-
- /* If there was no sliding:
- * strstart <= WSIZE+MAX_DIST-1 && lookahead <= MIN_LOOKAHEAD - 1 &&
- * more == window_size - lookahead - strstart
- * => more >= window_size - (MIN_LOOKAHEAD-1 + WSIZE + MAX_DIST-1)
- * => more >= window_size - 2*WSIZE + 2
- * In the BIG_MEM or MMAP case (not yet supported),
- * window_size == input_size + MIN_LOOKAHEAD &&
- * strstart + s->lookahead <= input_size => more >= MIN_LOOKAHEAD.
- * Otherwise, window_size == 2*WSIZE so more >= 2.
- * If there was sliding, more >= WSIZE. So in all cases, more >= 2.
- */
- Assert(more >= 2, "more < 2");
-
- n = read_buf(s->strm, (charf *)s->window + s->strstart + s->lookahead,
- more);
- s->lookahead += n;
-
- /* Initialize the hash value now that we have some input: */
- if (s->lookahead >= MIN_MATCH) {
- s->ins_h = s->window[s->strstart];
- UPDATE_HASH(s, s->ins_h, s->window[s->strstart+1]);
-#if MIN_MATCH != 3
- Call UPDATE_HASH() MIN_MATCH-3 more times
-#endif
- }
- /* If the whole input has less than MIN_MATCH bytes, ins_h is garbage,
- * but this is not important since only literal bytes will be emitted.
- */
-
- } while (s->lookahead < MIN_LOOKAHEAD && s->strm->avail_in != 0);
-}
-
-/* ===========================================================================
- * Flush the current block, with given end-of-file flag.
- * IN assertion: strstart is set to the end of the current match.
- */
-#define FLUSH_BLOCK_ONLY(s, flush) { \
- ct_flush_block(s, (s->block_start >= 0L ? \
- (charf *)&s->window[(unsigned)s->block_start] : \
- (charf *)Z_NULL), (long)s->strstart - s->block_start, (flush)); \
- s->block_start = s->strstart; \
- flush_pending(s->strm); \
- Tracev((stderr,"[FLUSH]")); \
-}
-
-/* Same but force premature exit if necessary. */
-#define FLUSH_BLOCK(s, flush) { \
- FLUSH_BLOCK_ONLY(s, flush); \
- if (s->strm->avail_out == 0) return 1; \
-}
-
-/* ===========================================================================
- * Compress as much as possible from the input stream, return true if
- * processing was terminated prematurely (no more input or output space).
- * This function does not perform lazy evaluationof matches and inserts
- * new strings in the dictionary only for unmatched strings or for short
- * matches. It is used only for the fast compression options.
- */
-local int deflate_fast(s, flush)
- deflate_state *s;
- int flush;
-{
- IPos hash_head = NIL; /* head of the hash chain */
- int bflush; /* set if current block must be flushed */
-
- s->prev_length = MIN_MATCH-1;
-
- for (;;) {
- /* Make sure that we always have enough lookahead, except
- * at the end of the input file. We need MAX_MATCH bytes
- * for the next match, plus MIN_MATCH bytes to insert the
- * string following the next match.
- */
- if (s->lookahead < MIN_LOOKAHEAD) {
- fill_window(s);
- if (s->lookahead < MIN_LOOKAHEAD && flush == Z_NO_FLUSH) return 1;
-
- if (s->lookahead == 0) break; /* flush the current block */
- }
-
- /* Insert the string window[strstart .. strstart+2] in the
- * dictionary, and set hash_head to the head of the hash chain:
- */
- if (s->lookahead >= MIN_MATCH) {
- INSERT_STRING(s, s->strstart, hash_head);
- }
-
- /* Find the longest match, discarding those <= prev_length.
- * At this point we have always match_length < MIN_MATCH
- */
- if (hash_head != NIL && s->strstart - hash_head <= MAX_DIST(s)) {
- /* To simplify the code, we prevent matches with the string
- * of window index 0 (in particular we have to avoid a match
- * of the string with itself at the start of the input file).
- */
- if (s->strategy != Z_HUFFMAN_ONLY) {
- s->match_length = longest_match (s, hash_head);
- }
- /* longest_match() sets match_start */
-
- if (s->match_length > s->lookahead) s->match_length = s->lookahead;
- }
- if (s->match_length >= MIN_MATCH) {
- check_match(s, s->strstart, s->match_start, s->match_length);
-
- bflush = ct_tally(s, s->strstart - s->match_start,
- s->match_length - MIN_MATCH);
-
- s->lookahead -= s->match_length;
-
- /* Insert new strings in the hash table only if the match length
- * is not too large. This saves time but degrades compression.
- */
- if (s->match_length <= s->max_insert_length &&
- s->lookahead >= MIN_MATCH) {
- s->match_length--; /* string at strstart already in hash table */
- do {
- s->strstart++;
- INSERT_STRING(s, s->strstart, hash_head);
- /* strstart never exceeds WSIZE-MAX_MATCH, so there are
- * always MIN_MATCH bytes ahead.
- */
- } while (--s->match_length != 0);
- s->strstart++;
- } else {
- s->strstart += s->match_length;
- s->match_length = 0;
- s->ins_h = s->window[s->strstart];
- UPDATE_HASH(s, s->ins_h, s->window[s->strstart+1]);
-#if MIN_MATCH != 3
- Call UPDATE_HASH() MIN_MATCH-3 more times
-#endif
- /* If lookahead < MIN_MATCH, ins_h is garbage, but it does not
- * matter since it will be recomputed at next deflate call.
- */
- }
- } else {
- /* No match, output a literal byte */
- Tracevv((stderr,"%c", s->window[s->strstart]));
- bflush = ct_tally (s, 0, s->window[s->strstart]);
- s->lookahead--;
- s->strstart++;
- }
- if (bflush) FLUSH_BLOCK(s, Z_NO_FLUSH);
- }
- FLUSH_BLOCK(s, flush);
- return 0; /* normal exit */
-}
-
-/* ===========================================================================
- * Same as above, but achieves better compression. We use a lazy
- * evaluation for matches: a match is finally adopted only if there is
- * no better match at the next window position.
- */
-local int deflate_slow(s, flush)
- deflate_state *s;
- int flush;
-{
- IPos hash_head = NIL; /* head of hash chain */
- int bflush; /* set if current block must be flushed */
-
- /* Process the input block. */
- for (;;) {
- /* Make sure that we always have enough lookahead, except
- * at the end of the input file. We need MAX_MATCH bytes
- * for the next match, plus MIN_MATCH bytes to insert the
- * string following the next match.
- */
- if (s->lookahead < MIN_LOOKAHEAD) {
- fill_window(s);
- if (s->lookahead < MIN_LOOKAHEAD && flush == Z_NO_FLUSH) return 1;
-
- if (s->lookahead == 0) break; /* flush the current block */
- }
-
- /* Insert the string window[strstart .. strstart+2] in the
- * dictionary, and set hash_head to the head of the hash chain:
- */
- if (s->lookahead >= MIN_MATCH) {
- INSERT_STRING(s, s->strstart, hash_head);
- }
-
- /* Find the longest match, discarding those <= prev_length.
- */
- s->prev_length = s->match_length, s->prev_match = s->match_start;
- s->match_length = MIN_MATCH-1;
-
- if (hash_head != NIL && s->prev_length < s->max_lazy_match &&
- s->strstart - hash_head <= MAX_DIST(s)) {
- /* To simplify the code, we prevent matches with the string
- * of window index 0 (in particular we have to avoid a match
- * of the string with itself at the start of the input file).
- */
- if (s->strategy != Z_HUFFMAN_ONLY) {
- s->match_length = longest_match (s, hash_head);
- }
- /* longest_match() sets match_start */
- if (s->match_length > s->lookahead) s->match_length = s->lookahead;
-
- if (s->match_length <= 5 && (s->strategy == Z_FILTERED ||
- (s->match_length == MIN_MATCH &&
- s->strstart - s->match_start > TOO_FAR))) {
-
- /* If prev_match is also MIN_MATCH, match_start is garbage
- * but we will ignore the current match anyway.
- */
- s->match_length = MIN_MATCH-1;
- }
- }
- /* If there was a match at the previous step and the current
- * match is not better, output the previous match:
- */
- if (s->prev_length >= MIN_MATCH && s->match_length <= s->prev_length) {
- uInt max_insert = s->strstart + s->lookahead - MIN_MATCH;
- /* Do not insert strings in hash table beyond this. */
-
- check_match(s, s->strstart-1, s->prev_match, s->prev_length);
-
- bflush = ct_tally(s, s->strstart -1 - s->prev_match,
- s->prev_length - MIN_MATCH);
-
- /* Insert in hash table all strings up to the end of the match.
- * strstart-1 and strstart are already inserted. If there is not
- * enough lookahead, the last two strings are not inserted in
- * the hash table.
- */
- s->lookahead -= s->prev_length-1;
- s->prev_length -= 2;
- do {
- if (++s->strstart <= max_insert) {
- INSERT_STRING(s, s->strstart, hash_head);
- }
- } while (--s->prev_length != 0);
- s->match_available = 0;
- s->match_length = MIN_MATCH-1;
- s->strstart++;
-
- if (bflush) FLUSH_BLOCK(s, Z_NO_FLUSH);
-
- } else if (s->match_available) {
- /* If there was no match at the previous position, output a
- * single literal. If there was a match but the current match
- * is longer, truncate the previous match to a single literal.
- */
- Tracevv((stderr,"%c", s->window[s->strstart-1]));
- if (ct_tally (s, 0, s->window[s->strstart-1])) {
- FLUSH_BLOCK_ONLY(s, Z_NO_FLUSH);
- }
- s->strstart++;
- s->lookahead--;
- if (s->strm->avail_out == 0) return 1;
- } else {
- /* There is no previous match to compare with, wait for
- * the next step to decide.
- */
- s->match_available = 1;
- s->strstart++;
- s->lookahead--;
- }
- }
- Assert (flush != Z_NO_FLUSH, "no flush?");
- if (s->match_available) {
- Tracevv((stderr,"%c", s->window[s->strstart-1]));
- ct_tally (s, 0, s->window[s->strstart-1]);
- s->match_available = 0;
- }
- FLUSH_BLOCK(s, flush);
- return 0;
-}
-
-
-/*+++++*/
-/* trees.c -- output deflated data using Huffman coding
- * Copyright (C) 1995 Jean-loup Gailly
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-
-/*
- * ALGORITHM
- *
- * The "deflation" process uses several Huffman trees. The more
- * common source values are represented by shorter bit sequences.
- *
- * Each code tree is stored in a compressed form which is itself
- * a Huffman encoding of the lengths of all the code strings (in
- * ascending order by source values). The actual code strings are
- * reconstructed from the lengths in the inflate process, as described
- * in the deflate specification.
- *
- * REFERENCES
- *
- * Deutsch, L.P.,"'Deflate' Compressed Data Format Specification".
- * Available in ftp.uu.net:/pub/archiving/zip/doc/deflate-1.1.doc
- *
- * Storer, James A.
- * Data Compression: Methods and Theory, pp. 49-50.
- * Computer Science Press, 1988. ISBN 0-7167-8156-5.
- *
- * Sedgewick, R.
- * Algorithms, p290.
- * Addison-Wesley, 1983. ISBN 0-201-06672-6.
- */
-
-/* From: trees.c,v 1.5 1995/05/03 17:27:12 jloup Exp */
-
-#ifdef DEBUG_ZLIB
-# include <ctype.h>
-#endif
-
-/* ===========================================================================
- * Constants
- */
-
-#define MAX_BL_BITS 7
-/* Bit length codes must not exceed MAX_BL_BITS bits */
-
-#define END_BLOCK 256
-/* end of block literal code */
-
-#define REP_3_6 16
-/* repeat previous bit length 3-6 times (2 bits of repeat count) */
-
-#define REPZ_3_10 17
-/* repeat a zero length 3-10 times (3 bits of repeat count) */
-
-#define REPZ_11_138 18
-/* repeat a zero length 11-138 times (7 bits of repeat count) */
-
-local int extra_lbits[LENGTH_CODES] /* extra bits for each length code */
- = {0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0};
-
-local int extra_dbits[D_CODES] /* extra bits for each distance code */
- = {0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13};
-
-local int extra_blbits[BL_CODES]/* extra bits for each bit length code */
- = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,3,7};
-
-local uch bl_order[BL_CODES]
- = {16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15};
-/* The lengths of the bit length codes are sent in order of decreasing
- * probability, to avoid transmitting the lengths for unused bit length codes.
- */
-
-#define Buf_size (8 * 2*sizeof(char))
-/* Number of bits used within bi_buf. (bi_buf might be implemented on
- * more than 16 bits on some systems.)
- */
-
-/* ===========================================================================
- * Local data. These are initialized only once.
- * To do: initialize at compile time to be completely reentrant. ???
- */
-
-local ct_data static_ltree[L_CODES+2];
-/* The static literal tree. Since the bit lengths are imposed, there is no
- * need for the L_CODES extra codes used during heap construction. However
- * The codes 286 and 287 are needed to build a canonical tree (see ct_init
- * below).
- */
-
-local ct_data static_dtree[D_CODES];
-/* The static distance tree. (Actually a trivial tree since all codes use
- * 5 bits.)
- */
-
-local uch dist_code[512];
-/* distance codes. The first 256 values correspond to the distances
- * 3 .. 258, the last 256 values correspond to the top 8 bits of
- * the 15 bit distances.
- */
-
-local uch length_code[MAX_MATCH-MIN_MATCH+1];
-/* length code for each normalized match length (0 == MIN_MATCH) */
-
-local int base_length[LENGTH_CODES];
-/* First normalized length for each code (0 = MIN_MATCH) */
-
-local int base_dist[D_CODES];
-/* First normalized distance for each code (0 = distance of 1) */
-
-struct static_tree_desc_s {
- ct_data *static_tree; /* static tree or NULL */
- intf *extra_bits; /* extra bits for each code or NULL */
- int extra_base; /* base index for extra_bits */
- int elems; /* max number of elements in the tree */
- int max_length; /* max bit length for the codes */
-};
-
-local static_tree_desc static_l_desc =
-{static_ltree, extra_lbits, LITERALS+1, L_CODES, MAX_BITS};
-
-local static_tree_desc static_d_desc =
-{static_dtree, extra_dbits, 0, D_CODES, MAX_BITS};
-
-local static_tree_desc static_bl_desc =
-{(ct_data *)0, extra_blbits, 0, BL_CODES, MAX_BL_BITS};
-
-/* ===========================================================================
- * Local (static) routines in this file.
- */
-
-local void ct_static_init OF((void));
-local void init_block OF((deflate_state *s));
-local void pqdownheap OF((deflate_state *s, ct_data *tree, int k));
-local void gen_bitlen OF((deflate_state *s, tree_desc *desc));
-local void gen_codes OF((ct_data *tree, int max_code, ushf *bl_count));
-local void build_tree OF((deflate_state *s, tree_desc *desc));
-local void scan_tree OF((deflate_state *s, ct_data *tree, int max_code));
-local void send_tree OF((deflate_state *s, ct_data *tree, int max_code));
-local int build_bl_tree OF((deflate_state *s));
-local void send_all_trees OF((deflate_state *s, int lcodes, int dcodes,
- int blcodes));
-local void compress_block OF((deflate_state *s, ct_data *ltree,
- ct_data *dtree));
-local void set_data_type OF((deflate_state *s));
-local unsigned bi_reverse OF((unsigned value, int length));
-local void bi_windup OF((deflate_state *s));
-local void bi_flush OF((deflate_state *s));
-local void copy_block OF((deflate_state *s, charf *buf, unsigned len,
- int header));
-
-#ifndef DEBUG_ZLIB
-# define send_code(s, c, tree) send_bits(s, tree[c].Code, tree[c].Len)
- /* Send a code of the given tree. c and tree must not have side effects */
-
-#else /* DEBUG_ZLIB */
-# define send_code(s, c, tree) \
- { if (verbose>1) fprintf(stderr,"\ncd %3d ",(c)); \
- send_bits(s, tree[c].Code, tree[c].Len); }
-#endif
-
-#define d_code(dist) \
- ((dist) < 256 ? dist_code[dist] : dist_code[256+((dist)>>7)])
-/* Mapping from a distance to a distance code. dist is the distance - 1 and
- * must not have side effects. dist_code[256] and dist_code[257] are never
- * used.
- */
-
-/* ===========================================================================
- * Output a short LSB first on the stream.
- * IN assertion: there is enough room in pendingBuf.
- */
-#define put_short(s, w) { \
- put_byte(s, (uch)((w) & 0xff)); \
- put_byte(s, (uch)((ush)(w) >> 8)); \
-}
-
-/* ===========================================================================
- * Send a value on a given number of bits.
- * IN assertion: length <= 16 and value fits in length bits.
- */
-#ifdef DEBUG_ZLIB
-local void send_bits OF((deflate_state *s, int value, int length));
-
-local void send_bits(s, value, length)
- deflate_state *s;
- int value; /* value to send */
- int length; /* number of bits */
-{
- Tracev((stderr," l %2d v %4x ", length, value));
- Assert(length > 0 && length <= 15, "invalid length");
- s->bits_sent += (ulg)length;
-
- /* If not enough room in bi_buf, use (valid) bits from bi_buf and
- * (16 - bi_valid) bits from value, leaving (width - (16-bi_valid))
- * unused bits in value.
- */
- if (s->bi_valid > (int)Buf_size - length) {
- s->bi_buf |= (value << s->bi_valid);
- put_short(s, s->bi_buf);
- s->bi_buf = (ush)value >> (Buf_size - s->bi_valid);
- s->bi_valid += length - Buf_size;
- } else {
- s->bi_buf |= value << s->bi_valid;
- s->bi_valid += length;
- }
-}
-#else /* !DEBUG_ZLIB */
-
-#define send_bits(s, value, length) \
-{ int len = length;\
- if (s->bi_valid > (int)Buf_size - len) {\
- int val = value;\
- s->bi_buf |= (val << s->bi_valid);\
- put_short(s, s->bi_buf);\
- s->bi_buf = (ush)val >> (Buf_size - s->bi_valid);\
- s->bi_valid += len - Buf_size;\
- } else {\
- s->bi_buf |= (value) << s->bi_valid;\
- s->bi_valid += len;\
- }\
-}
-#endif /* DEBUG_ZLIB */
-
-
-#define MAX(a,b) (a >= b ? a : b)
-/* the arguments must not have side effects */
-
-/* ===========================================================================
- * Initialize the various 'constant' tables.
- * To do: do this at compile time.
- */
-local void ct_static_init()
-{
- int n; /* iterates over tree elements */
- int bits; /* bit counter */
- int length; /* length value */
- int code; /* code value */
- int dist; /* distance index */
- ush bl_count[MAX_BITS+1];
- /* number of codes at each bit length for an optimal tree */
-
- /* Initialize the mapping length (0..255) -> length code (0..28) */
- length = 0;
- for (code = 0; code < LENGTH_CODES-1; code++) {
- base_length[code] = length;
- for (n = 0; n < (1<<extra_lbits[code]); n++) {
- length_code[length++] = (uch)code;
- }
- }
- Assert (length == 256, "ct_static_init: length != 256");
- /* Note that the length 255 (match length 258) can be represented
- * in two different ways: code 284 + 5 bits or code 285, so we
- * overwrite length_code[255] to use the best encoding:
- */
- length_code[length-1] = (uch)code;
-
- /* Initialize the mapping dist (0..32K) -> dist code (0..29) */
- dist = 0;
- for (code = 0 ; code < 16; code++) {
- base_dist[code] = dist;
- for (n = 0; n < (1<<extra_dbits[code]); n++) {
- dist_code[dist++] = (uch)code;
- }
- }
- Assert (dist == 256, "ct_static_init: dist != 256");
- dist >>= 7; /* from now on, all distances are divided by 128 */
- for ( ; code < D_CODES; code++) {
- base_dist[code] = dist << 7;
- for (n = 0; n < (1<<(extra_dbits[code]-7)); n++) {
- dist_code[256 + dist++] = (uch)code;
- }
- }
- Assert (dist == 256, "ct_static_init: 256+dist != 512");
-
- /* Construct the codes of the static literal tree */
- for (bits = 0; bits <= MAX_BITS; bits++) bl_count[bits] = 0;
- n = 0;
- while (n <= 143) static_ltree[n++].Len = 8, bl_count[8]++;
- while (n <= 255) static_ltree[n++].Len = 9, bl_count[9]++;
- while (n <= 279) static_ltree[n++].Len = 7, bl_count[7]++;
- while (n <= 287) static_ltree[n++].Len = 8, bl_count[8]++;
- /* Codes 286 and 287 do not exist, but we must include them in the
- * tree construction to get a canonical Huffman tree (longest code
- * all ones)
- */
- gen_codes((ct_data *)static_ltree, L_CODES+1, bl_count);
-
- /* The static distance tree is trivial: */
- for (n = 0; n < D_CODES; n++) {
- static_dtree[n].Len = 5;
- static_dtree[n].Code = bi_reverse(n, 5);
- }
-}
-
-/* ===========================================================================
- * Initialize the tree data structures for a new zlib stream.
- */
-local void ct_init(s)
- deflate_state *s;
-{
- if (static_dtree[0].Len == 0) {
- ct_static_init(); /* To do: at compile time */
- }
-
- s->compressed_len = 0L;
-
- s->l_desc.dyn_tree = s->dyn_ltree;
- s->l_desc.stat_desc = &static_l_desc;
-
- s->d_desc.dyn_tree = s->dyn_dtree;
- s->d_desc.stat_desc = &static_d_desc;
-
- s->bl_desc.dyn_tree = s->bl_tree;
- s->bl_desc.stat_desc = &static_bl_desc;
-
- s->bi_buf = 0;
- s->bi_valid = 0;
- s->last_eob_len = 8; /* enough lookahead for inflate */
-#ifdef DEBUG_ZLIB
- s->bits_sent = 0L;
-#endif
- s->blocks_in_packet = 0;
-
- /* Initialize the first block of the first file: */
- init_block(s);
-}
-
-/* ===========================================================================
- * Initialize a new block.
- */
-local void init_block(s)
- deflate_state *s;
-{
- int n; /* iterates over tree elements */
-
- /* Initialize the trees. */
- for (n = 0; n < L_CODES; n++) s->dyn_ltree[n].Freq = 0;
- for (n = 0; n < D_CODES; n++) s->dyn_dtree[n].Freq = 0;
- for (n = 0; n < BL_CODES; n++) s->bl_tree[n].Freq = 0;
-
- s->dyn_ltree[END_BLOCK].Freq = 1;
- s->opt_len = s->static_len = 0L;
- s->last_lit = s->matches = 0;
-}
-
-#define SMALLEST 1
-/* Index within the heap array of least frequent node in the Huffman tree */
-
-
-/* ===========================================================================
- * Remove the smallest element from the heap and recreate the heap with
- * one less element. Updates heap and heap_len.
- */
-#define pqremove(s, tree, top) \
-{\
- top = s->heap[SMALLEST]; \
- s->heap[SMALLEST] = s->heap[s->heap_len--]; \
- pqdownheap(s, tree, SMALLEST); \
-}
-
-/* ===========================================================================
- * Compares to subtrees, using the tree depth as tie breaker when
- * the subtrees have equal frequency. This minimizes the worst case length.
- */
-#define smaller(tree, n, m, depth) \
- (tree[n].Freq < tree[m].Freq || \
- (tree[n].Freq == tree[m].Freq && depth[n] <= depth[m]))
-
-/* ===========================================================================
- * Restore the heap property by moving down the tree starting at node k,
- * exchanging a node with the smallest of its two sons if necessary, stopping
- * when the heap property is re-established (each father smaller than its
- * two sons).
- */
-local void pqdownheap(s, tree, k)
- deflate_state *s;
- ct_data *tree; /* the tree to restore */
- int k; /* node to move down */
-{
- int v = s->heap[k];
- int j = k << 1; /* left son of k */
- while (j <= s->heap_len) {
- /* Set j to the smallest of the two sons: */
- if (j < s->heap_len &&
- smaller(tree, s->heap[j+1], s->heap[j], s->depth)) {
- j++;
- }
- /* Exit if v is smaller than both sons */
- if (smaller(tree, v, s->heap[j], s->depth)) break;
-
- /* Exchange v with the smallest son */
- s->heap[k] = s->heap[j]; k = j;
-
- /* And continue down the tree, setting j to the left son of k */
- j <<= 1;
- }
- s->heap[k] = v;
-}
-
-/* ===========================================================================
- * Compute the optimal bit lengths for a tree and update the total bit length
- * for the current block.
- * IN assertion: the fields freq and dad are set, heap[heap_max] and
- * above are the tree nodes sorted by increasing frequency.
- * OUT assertions: the field len is set to the optimal bit length, the
- * array bl_count contains the frequencies for each bit length.
- * The length opt_len is updated; static_len is also updated if stree is
- * not null.
- */
-local void gen_bitlen(s, desc)
- deflate_state *s;
- tree_desc *desc; /* the tree descriptor */
-{
- ct_data *tree = desc->dyn_tree;
- int max_code = desc->max_code;
- ct_data *stree = desc->stat_desc->static_tree;
- intf *extra = desc->stat_desc->extra_bits;
- int base = desc->stat_desc->extra_base;
- int max_length = desc->stat_desc->max_length;
- int h; /* heap index */
- int n, m; /* iterate over the tree elements */
- int bits; /* bit length */
- int xbits; /* extra bits */
- ush f; /* frequency */
- int overflow = 0; /* number of elements with bit length too large */
-
- for (bits = 0; bits <= MAX_BITS; bits++) s->bl_count[bits] = 0;
-
- /* In a first pass, compute the optimal bit lengths (which may
- * overflow in the case of the bit length tree).
- */
- tree[s->heap[s->heap_max]].Len = 0; /* root of the heap */
-
- for (h = s->heap_max+1; h < HEAP_SIZE; h++) {
- n = s->heap[h];
- bits = tree[tree[n].Dad].Len + 1;
- if (bits > max_length) bits = max_length, overflow++;
- tree[n].Len = (ush)bits;
- /* We overwrite tree[n].Dad which is no longer needed */
-
- if (n > max_code) continue; /* not a leaf node */
-
- s->bl_count[bits]++;
- xbits = 0;
- if (n >= base) xbits = extra[n-base];
- f = tree[n].Freq;
- s->opt_len += (ulg)f * (bits + xbits);
- if (stree) s->static_len += (ulg)f * (stree[n].Len + xbits);
- }
- if (overflow == 0) return;
-
- Trace((stderr,"\nbit length overflow\n"));
- /* This happens for example on obj2 and pic of the Calgary corpus */
-
- /* Find the first bit length which could increase: */
- do {
- bits = max_length-1;
- while (s->bl_count[bits] == 0) bits--;
- s->bl_count[bits]--; /* move one leaf down the tree */
- s->bl_count[bits+1] += 2; /* move one overflow item as its brother */
- s->bl_count[max_length]--;
- /* The brother of the overflow item also moves one step up,
- * but this does not affect bl_count[max_length]
- */
- overflow -= 2;
- } while (overflow > 0);
-
- /* Now recompute all bit lengths, scanning in increasing frequency.
- * h is still equal to HEAP_SIZE. (It is simpler to reconstruct all
- * lengths instead of fixing only the wrong ones. This idea is taken
- * from 'ar' written by Haruhiko Okumura.)
- */
- for (bits = max_length; bits != 0; bits--) {
- n = s->bl_count[bits];
- while (n != 0) {
- m = s->heap[--h];
- if (m > max_code) continue;
- if (tree[m].Len != (unsigned) bits) {
- Trace((stderr,"code %d bits %d->%d\n", m, tree[m].Len, bits));
- s->opt_len += ((long)bits - (long)tree[m].Len)
- *(long)tree[m].Freq;
- tree[m].Len = (ush)bits;
- }
- n--;
- }
- }
-}
-
-/* ===========================================================================
- * Generate the codes for a given tree and bit counts (which need not be
- * optimal).
- * IN assertion: the array bl_count contains the bit length statistics for
- * the given tree and the field len is set for all tree elements.
- * OUT assertion: the field code is set for all tree elements of non
- * zero code length.
- */
-local void gen_codes (tree, max_code, bl_count)
- ct_data *tree; /* the tree to decorate */
- int max_code; /* largest code with non zero frequency */
- ushf *bl_count; /* number of codes at each bit length */
-{
- ush next_code[MAX_BITS+1]; /* next code value for each bit length */
- ush code = 0; /* running code value */
- int bits; /* bit index */
- int n; /* code index */
-
- /* The distribution counts are first used to generate the code values
- * without bit reversal.
- */
- for (bits = 1; bits <= MAX_BITS; bits++) {
- next_code[bits] = code = (code + bl_count[bits-1]) << 1;
- }
- /* Check that the bit counts in bl_count are consistent. The last code
- * must be all ones.
- */
- Assert (code + bl_count[MAX_BITS]-1 == (1<<MAX_BITS)-1,
- "inconsistent bit counts");
- Tracev((stderr,"\ngen_codes: max_code %d ", max_code));
-
- for (n = 0; n <= max_code; n++) {
- int len = tree[n].Len;
- if (len == 0) continue;
- /* Now reverse the bits */
- tree[n].Code = bi_reverse(next_code[len]++, len);
-
- Tracec(tree != static_ltree, (stderr,"\nn %3d %c l %2d c %4x (%x) ",
- n, (isgraph(n) ? n : ' '), len, tree[n].Code, next_code[len]-1));
- }
-}
-
-/* ===========================================================================
- * Construct one Huffman tree and assigns the code bit strings and lengths.
- * Update the total bit length for the current block.
- * IN assertion: the field freq is set for all tree elements.
- * OUT assertions: the fields len and code are set to the optimal bit length
- * and corresponding code. The length opt_len is updated; static_len is
- * also updated if stree is not null. The field max_code is set.
- */
-local void build_tree(s, desc)
- deflate_state *s;
- tree_desc *desc; /* the tree descriptor */
-{
- ct_data *tree = desc->dyn_tree;
- ct_data *stree = desc->stat_desc->static_tree;
- int elems = desc->stat_desc->elems;
- int n, m; /* iterate over heap elements */
- int max_code = -1; /* largest code with non zero frequency */
- int node; /* new node being created */
-
- /* Construct the initial heap, with least frequent element in
- * heap[SMALLEST]. The sons of heap[n] are heap[2*n] and heap[2*n+1].
- * heap[0] is not used.
- */
- s->heap_len = 0, s->heap_max = HEAP_SIZE;
-
- for (n = 0; n < elems; n++) {
- if (tree[n].Freq != 0) {
- s->heap[++(s->heap_len)] = max_code = n;
- s->depth[n] = 0;
- } else {
- tree[n].Len = 0;
- }
- }
-
- /* The pkzip format requires that at least one distance code exists,
- * and that at least one bit should be sent even if there is only one
- * possible code. So to avoid special checks later on we force at least
- * two codes of non zero frequency.
- */
- while (s->heap_len < 2) {
- node = s->heap[++(s->heap_len)] = (max_code < 2 ? ++max_code : 0);
- tree[node].Freq = 1;
- s->depth[node] = 0;
- s->opt_len--; if (stree) s->static_len -= stree[node].Len;
- /* node is 0 or 1 so it does not have extra bits */
- }
- desc->max_code = max_code;
-
- /* The elements heap[heap_len/2+1 .. heap_len] are leaves of the tree,
- * establish sub-heaps of increasing lengths:
- */
- for (n = s->heap_len/2; n >= 1; n--) pqdownheap(s, tree, n);
-
- /* Construct the Huffman tree by repeatedly combining the least two
- * frequent nodes.
- */
- node = elems; /* next internal node of the tree */
- do {
- pqremove(s, tree, n); /* n = node of least frequency */
- m = s->heap[SMALLEST]; /* m = node of next least frequency */
-
- s->heap[--(s->heap_max)] = n; /* keep the nodes sorted by frequency */
- s->heap[--(s->heap_max)] = m;
-
- /* Create a new node father of n and m */
- tree[node].Freq = tree[n].Freq + tree[m].Freq;
- s->depth[node] = (uch) (MAX(s->depth[n], s->depth[m]) + 1);
- tree[n].Dad = tree[m].Dad = (ush)node;
-#ifdef DUMP_BL_TREE
- if (tree == s->bl_tree) {
- fprintf(stderr,"\nnode %d(%d), sons %d(%d) %d(%d)",
- node, tree[node].Freq, n, tree[n].Freq, m, tree[m].Freq);
- }
-#endif
- /* and insert the new node in the heap */
- s->heap[SMALLEST] = node++;
- pqdownheap(s, tree, SMALLEST);
-
- } while (s->heap_len >= 2);
-
- s->heap[--(s->heap_max)] = s->heap[SMALLEST];
-
- /* At this point, the fields freq and dad are set. We can now
- * generate the bit lengths.
- */
- gen_bitlen(s, (tree_desc *)desc);
-
- /* The field len is now set, we can generate the bit codes */
- gen_codes ((ct_data *)tree, max_code, s->bl_count);
-}
-
-/* ===========================================================================
- * Scan a literal or distance tree to determine the frequencies of the codes
- * in the bit length tree.
- */
-local void scan_tree (s, tree, max_code)
- deflate_state *s;
- ct_data *tree; /* the tree to be scanned */
- int max_code; /* and its largest code of non zero frequency */
-{
- int n; /* iterates over all tree elements */
- int prevlen = -1; /* last emitted length */
- int curlen; /* length of current code */
- int nextlen = tree[0].Len; /* length of next code */
- int count = 0; /* repeat count of the current code */
- int max_count = 7; /* max repeat count */
- int min_count = 4; /* min repeat count */
-
- if (nextlen == 0) max_count = 138, min_count = 3;
- tree[max_code+1].Len = (ush)0xffff; /* guard */
-
- for (n = 0; n <= max_code; n++) {
- curlen = nextlen; nextlen = tree[n+1].Len;
- if (++count < max_count && curlen == nextlen) {
- continue;
- } else if (count < min_count) {
- s->bl_tree[curlen].Freq += count;
- } else if (curlen != 0) {
- if (curlen != prevlen) s->bl_tree[curlen].Freq++;
- s->bl_tree[REP_3_6].Freq++;
- } else if (count <= 10) {
- s->bl_tree[REPZ_3_10].Freq++;
- } else {
- s->bl_tree[REPZ_11_138].Freq++;
- }
- count = 0; prevlen = curlen;
- if (nextlen == 0) {
- max_count = 138, min_count = 3;
- } else if (curlen == nextlen) {
- max_count = 6, min_count = 3;
- } else {
- max_count = 7, min_count = 4;
- }
- }
-}
-
-/* ===========================================================================
- * Send a literal or distance tree in compressed form, using the codes in
- * bl_tree.
- */
-local void send_tree (s, tree, max_code)
- deflate_state *s;
- ct_data *tree; /* the tree to be scanned */
- int max_code; /* and its largest code of non zero frequency */
-{
- int n; /* iterates over all tree elements */
- int prevlen = -1; /* last emitted length */
- int curlen; /* length of current code */
- int nextlen = tree[0].Len; /* length of next code */
- int count = 0; /* repeat count of the current code */
- int max_count = 7; /* max repeat count */
- int min_count = 4; /* min repeat count */
-
- /* tree[max_code+1].Len = -1; */ /* guard already set */
- if (nextlen == 0) max_count = 138, min_count = 3;
-
- for (n = 0; n <= max_code; n++) {
- curlen = nextlen; nextlen = tree[n+1].Len;
- if (++count < max_count && curlen == nextlen) {
- continue;
- } else if (count < min_count) {
- do { send_code(s, curlen, s->bl_tree); } while (--count != 0);
-
- } else if (curlen != 0) {
- if (curlen != prevlen) {
- send_code(s, curlen, s->bl_tree); count--;
- }
- Assert(count >= 3 && count <= 6, " 3_6?");
- send_code(s, REP_3_6, s->bl_tree); send_bits(s, count-3, 2);
-
- } else if (count <= 10) {
- send_code(s, REPZ_3_10, s->bl_tree); send_bits(s, count-3, 3);
-
- } else {
- send_code(s, REPZ_11_138, s->bl_tree); send_bits(s, count-11, 7);
- }
- count = 0; prevlen = curlen;
- if (nextlen == 0) {
- max_count = 138, min_count = 3;
- } else if (curlen == nextlen) {
- max_count = 6, min_count = 3;
- } else {
- max_count = 7, min_count = 4;
- }
- }
-}
-
-/* ===========================================================================
- * Construct the Huffman tree for the bit lengths and return the index in
- * bl_order of the last bit length code to send.
- */
-local int build_bl_tree(s)
- deflate_state *s;
-{
- int max_blindex; /* index of last bit length code of non zero freq */
-
- /* Determine the bit length frequencies for literal and distance trees */
- scan_tree(s, (ct_data *)s->dyn_ltree, s->l_desc.max_code);
- scan_tree(s, (ct_data *)s->dyn_dtree, s->d_desc.max_code);
-
- /* Build the bit length tree: */
- build_tree(s, (tree_desc *)(&(s->bl_desc)));
- /* opt_len now includes the length of the tree representations, except
- * the lengths of the bit lengths codes and the 5+5+4 bits for the counts.
- */
-
- /* Determine the number of bit length codes to send. The pkzip format
- * requires that at least 4 bit length codes be sent. (appnote.txt says
- * 3 but the actual value used is 4.)
- */
- for (max_blindex = BL_CODES-1; max_blindex >= 3; max_blindex--) {
- if (s->bl_tree[bl_order[max_blindex]].Len != 0) break;
- }
- /* Update opt_len to include the bit length tree and counts */
- s->opt_len += 3*(max_blindex+1) + 5+5+4;
- Tracev((stderr, "\ndyn trees: dyn %ld, stat %ld",
- s->opt_len, s->static_len));
-
- return max_blindex;
-}
-
-/* ===========================================================================
- * Send the header for a block using dynamic Huffman trees: the counts, the
- * lengths of the bit length codes, the literal tree and the distance tree.
- * IN assertion: lcodes >= 257, dcodes >= 1, blcodes >= 4.
- */
-local void send_all_trees(s, lcodes, dcodes, blcodes)
- deflate_state *s;
- int lcodes, dcodes, blcodes; /* number of codes for each tree */
-{
- int rank; /* index in bl_order */
-
- Assert (lcodes >= 257 && dcodes >= 1 && blcodes >= 4, "not enough codes");
- Assert (lcodes <= L_CODES && dcodes <= D_CODES && blcodes <= BL_CODES,
- "too many codes");
- Tracev((stderr, "\nbl counts: "));
- send_bits(s, lcodes-257, 5); /* not +255 as stated in appnote.txt */
- send_bits(s, dcodes-1, 5);
- send_bits(s, blcodes-4, 4); /* not -3 as stated in appnote.txt */
- for (rank = 0; rank < blcodes; rank++) {
- Tracev((stderr, "\nbl code %2d ", bl_order[rank]));
- send_bits(s, s->bl_tree[bl_order[rank]].Len, 3);
- }
- Tracev((stderr, "\nbl tree: sent %ld", s->bits_sent));
-
- send_tree(s, (ct_data *)s->dyn_ltree, lcodes-1); /* literal tree */
- Tracev((stderr, "\nlit tree: sent %ld", s->bits_sent));
-
- send_tree(s, (ct_data *)s->dyn_dtree, dcodes-1); /* distance tree */
- Tracev((stderr, "\ndist tree: sent %ld", s->bits_sent));
-}
-
-/* ===========================================================================
- * Send a stored block
- */
-local void ct_stored_block(s, buf, stored_len, eof)
- deflate_state *s;
- charf *buf; /* input block */
- ulg stored_len; /* length of input block */
- int eof; /* true if this is the last block for a file */
-{
- send_bits(s, (STORED_BLOCK<<1)+eof, 3); /* send block type */
- s->compressed_len = (s->compressed_len + 3 + 7) & ~7L;
- s->compressed_len += (stored_len + 4) << 3;
-
- copy_block(s, buf, (unsigned)stored_len, 1); /* with header */
-}
-
-/* Send just the `stored block' type code without any length bytes or data.
- */
-local void ct_stored_type_only(s)
- deflate_state *s;
-{
- send_bits(s, (STORED_BLOCK << 1), 3);
- bi_windup(s);
- s->compressed_len = (s->compressed_len + 3) & ~7L;
-}
-
-
-/* ===========================================================================
- * Send one empty static block to give enough lookahead for inflate.
- * This takes 10 bits, of which 7 may remain in the bit buffer.
- * The current inflate code requires 9 bits of lookahead. If the EOB
- * code for the previous block was coded on 5 bits or less, inflate
- * may have only 5+3 bits of lookahead to decode this EOB.
- * (There are no problems if the previous block is stored or fixed.)
- */
-local void ct_align(s)
- deflate_state *s;
-{
- send_bits(s, STATIC_TREES<<1, 3);
- send_code(s, END_BLOCK, static_ltree);
- s->compressed_len += 10L; /* 3 for block type, 7 for EOB */
- bi_flush(s);
- /* Of the 10 bits for the empty block, we have already sent
- * (10 - bi_valid) bits. The lookahead for the EOB of the previous
- * block was thus its length plus what we have just sent.
- */
- if (s->last_eob_len + 10 - s->bi_valid < 9) {
- send_bits(s, STATIC_TREES<<1, 3);
- send_code(s, END_BLOCK, static_ltree);
- s->compressed_len += 10L;
- bi_flush(s);
- }
- s->last_eob_len = 7;
-}
-
-/* ===========================================================================
- * Determine the best encoding for the current block: dynamic trees, static
- * trees or store, and output the encoded block to the zip file. This function
- * returns the total compressed length for the file so far.
- */
-local ulg ct_flush_block(s, buf, stored_len, flush)
- deflate_state *s;
- charf *buf; /* input block, or NULL if too old */
- ulg stored_len; /* length of input block */
- int flush; /* Z_FINISH if this is the last block for a file */
-{
- ulg opt_lenb, static_lenb; /* opt_len and static_len in bytes */
- int max_blindex; /* index of last bit length code of non zero freq */
- int eof = flush == Z_FINISH;
-
- ++s->blocks_in_packet;
-
- /* Check if the file is ascii or binary */
- if (s->data_type == UNKNOWN) set_data_type(s);
-
- /* Construct the literal and distance trees */
- build_tree(s, (tree_desc *)(&(s->l_desc)));
- Tracev((stderr, "\nlit data: dyn %ld, stat %ld", s->opt_len,
- s->static_len));
-
- build_tree(s, (tree_desc *)(&(s->d_desc)));
- Tracev((stderr, "\ndist data: dyn %ld, stat %ld", s->opt_len,
- s->static_len));
- /* At this point, opt_len and static_len are the total bit lengths of
- * the compressed block data, excluding the tree representations.
- */
-
- /* Build the bit length tree for the above two trees, and get the index
- * in bl_order of the last bit length code to send.
- */
- max_blindex = build_bl_tree(s);
-
- /* Determine the best encoding. Compute first the block length in bytes */
- opt_lenb = (s->opt_len+3+7)>>3;
- static_lenb = (s->static_len+3+7)>>3;
-
- Tracev((stderr, "\nopt %lu(%lu) stat %lu(%lu) stored %lu lit %u ",
- opt_lenb, s->opt_len, static_lenb, s->static_len, stored_len,
- s->last_lit));
-
- if (static_lenb <= opt_lenb) opt_lenb = static_lenb;
-
- /* If compression failed and this is the first and last block,
- * and if the .zip file can be seeked (to rewrite the local header),
- * the whole file is transformed into a stored file:
- */
-#ifdef STORED_FILE_OK
-# ifdef FORCE_STORED_FILE
- if (eof && compressed_len == 0L) /* force stored file */
-# else
- if (stored_len <= opt_lenb && eof && s->compressed_len==0L && seekable())
-# endif
- {
- /* Since LIT_BUFSIZE <= 2*WSIZE, the input data must be there: */
- if (buf == (charf*)0) error ("block vanished");
-
- copy_block(buf, (unsigned)stored_len, 0); /* without header */
- s->compressed_len = stored_len << 3;
- s->method = STORED;
- } else
-#endif /* STORED_FILE_OK */
-
- /* For Z_PACKET_FLUSH, if we don't achieve the required minimum
- * compression, and this block contains all the data since the last
- * time we used Z_PACKET_FLUSH, then just omit this block completely
- * from the output.
- */
- if (flush == Z_PACKET_FLUSH && s->blocks_in_packet == 1
- && opt_lenb > stored_len - s->minCompr) {
- s->blocks_in_packet = 0;
- /* output nothing */
- } else
-
-#ifdef FORCE_STORED
- if (buf != (char*)0) /* force stored block */
-#else
- if (stored_len+4 <= opt_lenb && buf != (char*)0)
- /* 4: two words for the lengths */
-#endif
- {
- /* The test buf != NULL is only necessary if LIT_BUFSIZE > WSIZE.
- * Otherwise we can't have processed more than WSIZE input bytes since
- * the last block flush, because compression would have been
- * successful. If LIT_BUFSIZE <= WSIZE, it is never too late to
- * transform a block into a stored block.
- */
- ct_stored_block(s, buf, stored_len, eof);
- } else
-
-#ifdef FORCE_STATIC
- if (static_lenb >= 0) /* force static trees */
-#else
- if (static_lenb == opt_lenb)
-#endif
- {
- send_bits(s, (STATIC_TREES<<1)+eof, 3);
- compress_block(s, (ct_data *)static_ltree, (ct_data *)static_dtree);
- s->compressed_len += 3 + s->static_len;
- } else {
- send_bits(s, (DYN_TREES<<1)+eof, 3);
- send_all_trees(s, s->l_desc.max_code+1, s->d_desc.max_code+1,
- max_blindex+1);
- compress_block(s, (ct_data *)s->dyn_ltree, (ct_data *)s->dyn_dtree);
- s->compressed_len += 3 + s->opt_len;
- }
- Assert (s->compressed_len == s->bits_sent, "bad compressed size");
- init_block(s);
-
- if (eof) {
- bi_windup(s);
- s->compressed_len += 7; /* align on byte boundary */
- }
- Tracev((stderr,"\ncomprlen %lu(%lu) ", s->compressed_len>>3,
- s->compressed_len-7*eof));
-
- return s->compressed_len >> 3;
-}
-
-/* ===========================================================================
- * Save the match info and tally the frequency counts. Return true if
- * the current block must be flushed.
- */
-local int ct_tally (s, dist, lc)
- deflate_state *s;
- int dist; /* distance of matched string */
- int lc; /* match length-MIN_MATCH or unmatched char (if dist==0) */
-{
- s->d_buf[s->last_lit] = (ush)dist;
- s->l_buf[s->last_lit++] = (uch)lc;
- if (dist == 0) {
- /* lc is the unmatched char */
- s->dyn_ltree[lc].Freq++;
- } else {
- s->matches++;
- /* Here, lc is the match length - MIN_MATCH */
- dist--; /* dist = match distance - 1 */
- Assert((ush)dist < (ush)MAX_DIST(s) &&
- (ush)lc <= (ush)(MAX_MATCH-MIN_MATCH) &&
- (ush)d_code(dist) < (ush)D_CODES, "ct_tally: bad match");
-
- s->dyn_ltree[length_code[lc]+LITERALS+1].Freq++;
- s->dyn_dtree[d_code(dist)].Freq++;
- }
-
- /* Try to guess if it is profitable to stop the current block here */
- if (s->level > 2 && (s->last_lit & 0xfff) == 0) {
- /* Compute an upper bound for the compressed length */
- ulg out_length = (ulg)s->last_lit*8L;
- ulg in_length = (ulg)s->strstart - s->block_start;
- int dcode;
- for (dcode = 0; dcode < D_CODES; dcode++) {
- out_length += (ulg)s->dyn_dtree[dcode].Freq *
- (5L+extra_dbits[dcode]);
- }
- out_length >>= 3;
- Tracev((stderr,"\nlast_lit %u, in %ld, out ~%ld(%ld%%) ",
- s->last_lit, in_length, out_length,
- 100L - out_length*100L/in_length));
- if (s->matches < s->last_lit/2 && out_length < in_length/2) return 1;
- }
- return (s->last_lit == s->lit_bufsize-1);
- /* We avoid equality with lit_bufsize because of wraparound at 64K
- * on 16 bit machines and because stored blocks are restricted to
- * 64K-1 bytes.
- */
-}
-
-/* ===========================================================================
- * Send the block data compressed using the given Huffman trees
- */
-local void compress_block(s, ltree, dtree)
- deflate_state *s;
- ct_data *ltree; /* literal tree */
- ct_data *dtree; /* distance tree */
-{
- unsigned dist; /* distance of matched string */
- int lc; /* match length or unmatched char (if dist == 0) */
- unsigned lx = 0; /* running index in l_buf */
- unsigned code; /* the code to send */
- int extra; /* number of extra bits to send */
-
- if (s->last_lit != 0) do {
- dist = s->d_buf[lx];
- lc = s->l_buf[lx++];
- if (dist == 0) {
- send_code(s, lc, ltree); /* send a literal byte */
- Tracecv(isgraph(lc), (stderr," '%c' ", lc));
- } else {
- /* Here, lc is the match length - MIN_MATCH */
- code = length_code[lc];
- send_code(s, code+LITERALS+1, ltree); /* send the length code */
- extra = extra_lbits[code];
- if (extra != 0) {
- lc -= base_length[code];
- send_bits(s, lc, extra); /* send the extra length bits */
- }
- dist--; /* dist is now the match distance - 1 */
- code = d_code(dist);
- Assert (code < D_CODES, "bad d_code");
-
- send_code(s, code, dtree); /* send the distance code */
- extra = extra_dbits[code];
- if (extra != 0) {
- dist -= base_dist[code];
- send_bits(s, dist, extra); /* send the extra distance bits */
- }
- } /* literal or match pair ? */
-
- /* Check that the overlay between pending_buf and d_buf+l_buf is ok: */
- Assert(s->pending < s->lit_bufsize + 2*lx, "pendingBuf overflow");
-
- } while (lx < s->last_lit);
-
- send_code(s, END_BLOCK, ltree);
- s->last_eob_len = ltree[END_BLOCK].Len;
-}
-
-/* ===========================================================================
- * Set the data type to ASCII or BINARY, using a crude approximation:
- * binary if more than 20% of the bytes are <= 6 or >= 128, ascii otherwise.
- * IN assertion: the fields freq of dyn_ltree are set and the total of all
- * frequencies does not exceed 64K (to fit in an int on 16 bit machines).
- */
-local void set_data_type(s)
- deflate_state *s;
-{
- int n = 0;
- unsigned ascii_freq = 0;
- unsigned bin_freq = 0;
- while (n < 7) bin_freq += s->dyn_ltree[n++].Freq;
- while (n < 128) ascii_freq += s->dyn_ltree[n++].Freq;
- while (n < LITERALS) bin_freq += s->dyn_ltree[n++].Freq;
- s->data_type = (Byte)(bin_freq > (ascii_freq >> 2) ? BINARY : ASCII);
-}
-
-/* ===========================================================================
- * Reverse the first len bits of a code, using straightforward code (a faster
- * method would use a table)
- * IN assertion: 1 <= len <= 15
- */
-local unsigned bi_reverse(code, len)
- unsigned code; /* the value to invert */
- int len; /* its bit length */
-{
- register unsigned res = 0;
- do {
- res |= code & 1;
- code >>= 1, res <<= 1;
- } while (--len > 0);
- return res >> 1;
-}
-
-/* ===========================================================================
- * Flush the bit buffer, keeping at most 7 bits in it.
- */
-local void bi_flush(s)
- deflate_state *s;
-{
- if (s->bi_valid == 16) {
- put_short(s, s->bi_buf);
- s->bi_buf = 0;
- s->bi_valid = 0;
- } else if (s->bi_valid >= 8) {
- put_byte(s, (Byte)s->bi_buf);
- s->bi_buf >>= 8;
- s->bi_valid -= 8;
- }
-}
-
-/* ===========================================================================
- * Flush the bit buffer and align the output on a byte boundary
- */
-local void bi_windup(s)
- deflate_state *s;
-{
- if (s->bi_valid > 8) {
- put_short(s, s->bi_buf);
- } else if (s->bi_valid > 0) {
- put_byte(s, (Byte)s->bi_buf);
- }
- s->bi_buf = 0;
- s->bi_valid = 0;
-#ifdef DEBUG_ZLIB
- s->bits_sent = (s->bits_sent+7) & ~7;
-#endif
-}
-
-/* ===========================================================================
- * Copy a stored block, storing first the length and its
- * one's complement if requested.
- */
-local void copy_block(s, buf, len, header)
- deflate_state *s;
- charf *buf; /* the input data */
- unsigned len; /* its length */
- int header; /* true if block header must be written */
-{
- bi_windup(s); /* align on byte boundary */
- s->last_eob_len = 8; /* enough lookahead for inflate */
-
- if (header) {
- put_short(s, (ush)len);
- put_short(s, (ush)~len);
-#ifdef DEBUG_ZLIB
- s->bits_sent += 2*16;
-#endif
- }
-#ifdef DEBUG_ZLIB
- s->bits_sent += (ulg)len<<3;
-#endif
- while (len--) {
- put_byte(s, *buf++);
- }
-}
-
-
/*+++++*/
/* infblock.h -- header to use infblock.c
* Copyright (C) 1995 Mark Adler
# include <unix.h>
#endif
-/* Maximum value for memLevel in deflateInit2 */
-#ifndef MAX_MEM_LEVEL
-# ifdef MAXSEG_64K
-# define MAX_MEM_LEVEL 8
-# else
-# define MAX_MEM_LEVEL 9
-# endif
-#endif
-
#ifndef FAR
# define FAR
#endif
# define MAX_WBITS 15 /* 32K LZ77 window */
#endif
-/* The memory requirements for deflate are (in bytes):
- 1 << (windowBits+2) + 1 << (memLevel+9)
- that is: 128K for windowBits=15 + 128K for memLevel = 8 (default values)
- plus a few kilobytes for small objects. For example, if you want to reduce
- the default memory requirements from 256K to 128K, compile with
- make CFLAGS="-O -DMAX_WBITS=14 -DMAX_MEM_LEVEL=7"
- Of course this will generally degrade compression (there's no free lunch).
-
+/*
The memory requirements for inflate are (in bytes) 1 << windowBits
that is, 32K for windowBits=15 (default value) plus a few kilobytes
for small objects.
/* basic functions */
-extern int deflateInit OF((z_stream *strm, int level));
-/*
- Initializes the internal stream state for compression. The fields
- zalloc, zfree and opaque must be initialized before by the caller.
- If zalloc and zfree are set to Z_NULL, deflateInit updates them to
- use default allocation functions.
-
- The compression level must be Z_DEFAULT_COMPRESSION, or between 1 and 9:
- 1 gives best speed, 9 gives best compression. Z_DEFAULT_COMPRESSION requests
- a default compromise between speed and compression (currently equivalent
- to level 6).
-
- deflateInit returns Z_OK if success, Z_MEM_ERROR if there was not
- enough memory, Z_STREAM_ERROR if level is not a valid compression level.
- msg is set to null if there is no error message. deflateInit does not
- perform any compression: this will be done by deflate().
-*/
-
-
-extern int deflate OF((z_stream *strm, int flush));
-/*
- Performs one or both of the following actions:
-
- - Compress more input starting at next_in and update next_in and avail_in
- accordingly. If not all input can be processed (because there is not
- enough room in the output buffer), next_in and avail_in are updated and
- processing will resume at this point for the next call of deflate().
-
- - Provide more output starting at next_out and update next_out and avail_out
- accordingly. This action is forced if the parameter flush is non zero.
- Forcing flush frequently degrades the compression ratio, so this parameter
- should be set only when necessary (in interactive applications).
- Some output may be provided even if flush is not set.
-
- Before the call of deflate(), the application should ensure that at least
- one of the actions is possible, by providing more input and/or consuming
- more output, and updating avail_in or avail_out accordingly; avail_out
- should never be zero before the call. The application can consume the
- compressed output when it wants, for example when the output buffer is full
- (avail_out == 0), or after each call of deflate().
-
- If the parameter flush is set to Z_PARTIAL_FLUSH, the current compression
- block is terminated and flushed to the output buffer so that the
- decompressor can get all input data available so far. For method 9, a future
- variant on method 8, the current block will be flushed but not terminated.
- If flush is set to Z_FULL_FLUSH, the compression block is terminated, a
- special marker is output and the compression dictionary is discarded; this
- is useful to allow the decompressor to synchronize if one compressed block
- has been damaged (see inflateSync below). Flushing degrades compression and
- so should be used only when necessary. Using Z_FULL_FLUSH too often can
- seriously degrade the compression. If deflate returns with avail_out == 0,
- this function must be called again with the same value of the flush
- parameter and more output space (updated avail_out), until the flush is
- complete (deflate returns with non-zero avail_out).
-
- If the parameter flush is set to Z_PACKET_FLUSH, the compression
- block is terminated, and a zero-length stored block is output,
- omitting the length bytes (the effect of this is that the 3-bit type
- code 000 for a stored block is output, and the output is then
- byte-aligned). This is designed for use at the end of a PPP packet.
- In addition, if the current compression block contains all the data
- since the last Z_PACKET_FLUSH, it is never output as a stored block.
- If the current compression block output as a static or dynamic block
- would not be at least `minCompression' bytes smaller than the
- original data, then nothing is output for that block. (The type
- code for the zero-length stored block is still output, resulting in
- a single zero byte being output for the whole packet.)
- `MinCompression' is a parameter to deflateInit2, or 0 if deflateInit
- is used.
-
- If the parameter flush is set to Z_FINISH, all pending input is processed,
- all pending output is flushed and deflate returns with Z_STREAM_END if there
- was enough output space; if deflate returns with Z_OK, this function must be
- called again with Z_FINISH and more output space (updated avail_out) but no
- more input data, until it returns with Z_STREAM_END or an error. After
- deflate has returned Z_STREAM_END, the only possible operations on the
- stream are deflateReset or deflateEnd.
-
- Z_FINISH can be used immediately after deflateInit if all the compression
- is to be done in a single step. In this case, avail_out must be at least
- 0.1% larger than avail_in plus 12 bytes. If deflate does not return
- Z_STREAM_END, then it must be called again as described above.
-
- deflate() may update data_type if it can make a good guess about
- the input data type (Z_ASCII or Z_BINARY). In doubt, the data is considered
- binary. This field is only for information purposes and does not affect
- the compression algorithm in any manner.
-
- deflate() returns Z_OK if some progress has been made (more input
- processed or more output produced), Z_STREAM_END if all input has been
- consumed and all output has been produced (only when flush is set to
- Z_FINISH), Z_STREAM_ERROR if the stream state was inconsistent (for example
- if next_in or next_out was NULL), Z_BUF_ERROR if no progress is possible.
-*/
-
-
-extern int deflateEnd OF((z_stream *strm));
-/*
- All dynamically allocated data structures for this stream are freed.
- This function discards any unprocessed input and does not flush any
- pending output.
-
- deflateEnd returns Z_OK if success, Z_STREAM_ERROR if the
- stream state was inconsistent. In the error case, msg may be set
- but then points to a static string (which must not be deallocated).
-*/
-
-
extern int inflateInit OF((z_stream *strm));
/*
Initializes the internal stream state for decompression. The fields
The following functions are needed only in some special applications.
*/
-extern int deflateInit2 OF((z_stream *strm,
- int level,
- int method,
- int windowBits,
- int memLevel,
- int strategy,
- int minCompression));
-/*
- This is another version of deflateInit with more compression options. The
- fields next_in, zalloc and zfree must be initialized before by the caller.
-
- The method parameter is the compression method. It must be 8 in this
- version of the library. (Method 9 will allow a 64K history buffer and
- partial block flushes.)
-
- The windowBits parameter is the base two logarithm of the window size
- (the size of the history buffer). It should be in the range 8..15 for this
- version of the library (the value 16 will be allowed for method 9). Larger
- values of this parameter result in better compression at the expense of
- memory usage. The default value is 15 if deflateInit is used instead.
-
- The memLevel parameter specifies how much memory should be allocated
- for the internal compression state. memLevel=1 uses minimum memory but
- is slow and reduces compression ratio; memLevel=9 uses maximum memory
- for optimal speed. The default value is 8. See zconf.h for total memory
- usage as a function of windowBits and memLevel.
-
- The strategy parameter is used to tune the compression algorithm. Use
- the value Z_DEFAULT_STRATEGY for normal data, Z_FILTERED for data
- produced by a filter (or predictor), or Z_HUFFMAN_ONLY to force Huffman
- encoding only (no string match). Filtered data consists mostly of small
- values with a somewhat random distribution. In this case, the
- compression algorithm is tuned to compress them better. The strategy
- parameter only affects the compression ratio but not the correctness of
- the compressed output even if it is not set appropriately.
-
- The minCompression parameter specifies the minimum reduction in size
- required for a compressed block to be output when Z_PACKET_FLUSH is
- used (see the description of deflate above).
-
- If next_in is not null, the library will use this buffer to hold also
- some history information; the buffer must either hold the entire input
- data, or have at least 1<<(windowBits+1) bytes and be writable. If next_in
- is null, the library will allocate its own history buffer (and leave next_in
- null). next_out need not be provided here but must be provided by the
- application for the next call of deflate().
-
- If the history buffer is provided by the application, next_in must
- must never be changed by the application since the compressor maintains
- information inside this buffer from call to call; the application
- must provide more input only by increasing avail_in. next_in is always
- reset by the library in this case.
-
- deflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was
- not enough memory, Z_STREAM_ERROR if a parameter is invalid (such as
- an invalid method). msg is set to null if there is no error message.
- deflateInit2 does not perform any compression: this will be done by
- deflate().
-*/
-
-extern int deflateCopy OF((z_stream *dest,
- z_stream *source));
-/*
- Sets the destination stream as a complete copy of the source stream. If
- the source stream is using an application-supplied history buffer, a new
- buffer is allocated for the destination stream. The compressed output
- buffer is always application-supplied. It's the responsibility of the
- application to provide the correct values of next_out and avail_out for the
- next call of deflate.
-
- This function is useful when several compression strategies will be
- tried, for example when there are several ways of pre-processing the input
- data with a filter. The streams that will be discarded should then be freed
- by calling deflateEnd. Note that deflateCopy duplicates the internal
- compression state which can be quite large, so this strategy is slow and
- can consume lots of memory.
-
- deflateCopy returns Z_OK if success, Z_MEM_ERROR if there was not
- enough memory, Z_STREAM_ERROR if the source stream state was inconsistent
- (such as zalloc being NULL). msg is left unchanged in both source and
- destination.
-*/
-
-extern int deflateReset OF((z_stream *strm));
-/*
- This function is equivalent to deflateEnd followed by deflateInit,
- but does not free and reallocate all the internal compression state.
- The stream will keep the same compression level and any other attributes
- that may have been set by deflateInit2.
-
- deflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source
- stream state was inconsistent (such as zalloc or state being NULL).
-*/
-
extern int inflateInit2 OF((z_stream *strm,
int windowBits));
/*
pppstats_CFLAGS =
pppstats_CPPFLAGS =
-if LINUX
-pppstats_CFLAGS += -I${top_srcdir}/include
-endif
-
if SUNOS
pppstats_CPPFLAGS += -DSTREAMS
endif
#ifndef __linux__
#include <net/if.h>
#include <net/ppp_defs.h>
-#include <net/if_ppp.h>
#else
/* Linux */
#if __GLIBC__ >= 2
#include <linux/if.h>
#endif
#include <linux/ppp_defs.h>
-#include <linux/if_ppp.h>
+#include <linux/ppp-ioctl.h>
+
#endif /* __linux__ */
#else /* STREAMS */
static void
get_ppp_stats(struct ppp_stats *curp)
{
- struct ifpppstatsreq req;
+ struct ifreq req;
memset (&req, 0, sizeof (req));
-#ifdef __linux__
- req.stats_ptr = (caddr_t) &req.stats;
-#undef ifr_name
-#define ifr_name ifr__name
-#endif
+ req.ifr_data = (caddr_t) curp;
strncpy(req.ifr_name, interface, IFNAMSIZ);
req.ifr_name[IFNAMSIZ - 1] = 0;
perror("couldn't get PPP statistics");
exit(1);
}
- *curp = req.stats;
}
static void
get_ppp_cstats(struct ppp_comp_stats *csp)
{
- struct ifpppcstatsreq creq;
+ struct ifreq req;
+ struct ppp_comp_stats stats;
- memset (&creq, 0, sizeof (creq));
+ memset (&req, 0, sizeof (req));
-#ifdef __linux__
- creq.stats_ptr = (caddr_t) &creq.stats;
-#undef ifr_name
-#define ifr_name ifr__name
-#endif
+ req.ifr_data = (caddr_t) &stats;
- strncpy(creq.ifr_name, interface, IFNAMSIZ);
- creq.ifr_name[IFNAMSIZ - 1] = 0;
- if (ioctl(s, SIOCGPPPCSTATS, &creq) < 0) {
+ strncpy(req.ifr_name, interface, IFNAMSIZ);
+ req.ifr_name[IFNAMSIZ - 1] = 0;
+ if (ioctl(s, SIOCGPPPCSTATS, &req) < 0) {
fprintf(stderr, "%s: ", progname);
if (errno == ENOTTY) {
fprintf(stderr, "no kernel compression support\n");
}
#ifdef __linux__
- if (creq.stats.c.bytes_out == 0) {
- creq.stats.c.bytes_out = creq.stats.c.comp_bytes + creq.stats.c.inc_bytes;
- creq.stats.c.in_count = creq.stats.c.unc_bytes;
+ if (stats.c.bytes_out == 0) {
+ stats.c.bytes_out = stats.c.comp_bytes + stats.c.inc_bytes;
+ stats.c.in_count = stats.c.unc_bytes;
}
- if (creq.stats.c.bytes_out == 0)
- creq.stats.c.ratio = 0.0;
+ if (stats.c.bytes_out == 0)
+ stats.c.ratio = 0.0;
else
- creq.stats.c.ratio = 256.0 * creq.stats.c.in_count /
- creq.stats.c.bytes_out;
+ stats.c.ratio = 256.0 * stats.c.in_count / stats.c.bytes_out;
- if (creq.stats.d.bytes_out == 0) {
- creq.stats.d.bytes_out = creq.stats.d.comp_bytes + creq.stats.d.inc_bytes;
- creq.stats.d.in_count = creq.stats.d.unc_bytes;
+ if (stats.d.bytes_out == 0) {
+ stats.d.bytes_out = stats.d.comp_bytes + stats.d.inc_bytes;
+ stats.d.in_count = stats.d.unc_bytes;
}
- if (creq.stats.d.bytes_out == 0)
- creq.stats.d.ratio = 0.0;
+ if (stats.d.bytes_out == 0)
+ stats.d.ratio = 0.0;
else
- creq.stats.d.ratio = 256.0 * creq.stats.d.in_count /
- creq.stats.d.bytes_out;
+ stats.d.ratio = 256.0 * stats.d.in_count / stats.d.bytes_out;
#endif
- *csp = creq.stats;
+ *csp = stats;
}
#else /* STREAMS */
# Specifies that pppd should disconnect if the link is idle for n seconds.
idle 600
-# Disable the IPXCP and IPX protocols.
-noipx
-
# ---<End of File>---
syslog('err', "pppd returned: unknown error ($pppd_code), delayed retry");
$pppd_fail = 1;
}
- # if it hasn't ran for at least an hour, then somthing went wrong
+ # if it hasn't ran for at least an hour, then something went wrong
elsif ($pppd_run_time < toseconds("01:00:00")) {
syslog('err',"pppd session didn't last 1 hour, delayed retry");
$pppd_fail = 1;
--- /dev/null
+#!/usr/bin/perl
+# vim: shiftwidth=4 tabstop=4
+#
+# This program dumps to standard output the content of the file written
+# by pppd's lcp-rtt-file configuration option.
+#
+# Copyright (C) Marco d'Itri <md@linux.it>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+
+use v5.14;
+use warnings;
+use autodie;
+
+use POSIX qw(strftime);
+
+{
+ my $data = read_data($ARGV[0] || '/run/ppp-rtt.data');
+ die "The data file is invalid!\n" if not $data;
+ dump_data($data);
+}
+
+sub dump_data {
+ my ($s) = @_;
+
+ say "status: $s->{status}";
+ say "interval: $s->{echo_interval}";
+ say "position: $s->{position}";
+ say 'elements: ' . scalar(@{ $s->{data} });
+ say '';
+
+ foreach (my $i= 0; $i < @{ $s->{data} }; $i++) {
+ my $date = strftime('%F %T', localtime($s->{data}->[$i]->[0]));
+ print "$i\t$date\t$s->{data}->[$i]->[1]\t$s->{data}->[$i]->[2]\n";
+ }
+}
+
+sub read_data {
+ my ($file) = @_;
+
+ my $data;
+ open(my $fh, '<', $file);
+ binmode($fh);
+ my $bytes_read;
+ do {
+ $bytes_read = sysread($fh, $data, 8192, length($data));
+ } while ($bytes_read == 8192);
+ close($fh);
+
+ my ($magic, $status, $position, $echo_interval, $rest)
+ = unpack('NNNN a*', $data);
+ return undef if $magic != 0x19450425;
+
+ # the position is relative to the C array, not to the logical entries
+ $position /= 2;
+
+ my @rawdata = unpack('(N C a3)*', $rest);
+ my @data;
+ while (my ($time, $loss, $rtt) = splice(@rawdata, 0, 3)) {
+ push(@data, [ $time, unpack('N', "\000$rtt"), $loss ]);
+ }
+
+ if (0) {
+ @data =
+ # skip any "empty" (null) entries
+ grep { $_->[0] }
+ # rearrange the list in chronological order
+ (@data[$position+1 .. $#data], @data[0 .. $position]);
+ }
+
+ return {
+ status => $status,
+ echo_interval => $echo_interval,
+ position => $position,
+ data => \@data,
+ };
+}
+
--- /dev/null
+#!/usr/bin/perl
+# vim: shiftwidth=4 tabstop=4
+#
+# This CGI program is a Prometheus exporter for pppd's lcp-rtt-file feature.
+#
+# Copyright (C) Marco d'Itri <md@linux.it>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+
+use v5.14;
+use warnings;
+use autodie;
+
+use List::Util qw(sum max min);
+
+{
+ my $data = read_data('/run/ppp-rtt.data');
+ my $stats = compute_statistics($data, 60);
+
+ my $s = metrics($stats);
+ my $length = length($s);
+
+ print "Content-type: text/plain\n";
+ print "Content-length: $length\n\n$s";
+ exit;
+}
+
+sub metrics {
+ my ($stats) = @_;
+
+ my $s = <<END;
+# TYPE lcp_rtt_status gauge
+# HELP LCP RTT status
+lcp_rtt_status $stats->{status}
+END
+ foreach (qw(average min max loss)) {
+ next if not exists $stats->{$_};
+ $s .= <<END;
+# TYPE lcp_rtt_$_ gauge
+# HELP LCP RTT $_
+lcp_rtt_$_ $stats->{$_}
+END
+ }
+
+ return $s;
+}
+
+sub compute_statistics {
+ my ($data, $length) = @_;
+
+ my $cutoff = time() - $length;
+ my @e = grep { $_->[0] >= $cutoff } @{ $data->{data} };
+ return { status => -1 } if not @e; # no data
+
+ my $average = (sum map { $_->[1] } @e) / scalar(@e);
+ my $min = min map { $_->[1] } @e;
+ my $max = max map { $_->[1] } @e;
+ my $loss = sum map { $_->[2] } @e;
+
+ return {
+ status => $data->{status},
+ average => $average,
+ min => $min,
+ max => $max,
+ loss => $loss,
+ };
+}
+
+sub read_data {
+ my ($file) = @_;
+
+ my $data;
+ open(my $fh, '<', $file);
+ binmode($fh);
+ my $bytes_read;
+ do {
+ $bytes_read = sysread($fh, $data, 8192, length($data));
+ } while ($bytes_read == 8192);
+ close($fh);
+
+ my ($magic, $status, $position, $echo_interval, $rest)
+ = unpack('NNNN a*', $data);
+ return undef if $magic != 0x19450425;
+
+ # the position is relative to the C array, not to the logical entries
+ $position /= 2;
+
+ my @rawdata = unpack('(N C a3)*', $rest);
+ my @data;
+ while (my ($time, $loss, $rtt) = splice(@rawdata, 0, 3)) {
+ push(@data, [ $time, unpack('N', "\000$rtt"), $loss ]);
+ }
+
+ @data =
+ # skip any "empty" (null) entries
+ grep { $_->[0] }
+ # rearrange the list in chronological order
+ (@data[$position+1 .. $#data], @data[0 .. $position]);
+
+ return {
+ status => $status,
+ echo_interval => $echo_interval,
+ position => $position,
+ data => \@data,
+ };
+}
+
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
projects / ppp.git / commitdiff