Also remove the obsolete $Id$ tag.
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
jobs:
buildroot:
- runs-on: ubuntu-latest
+ name: Buildroot
+ runs-on: ubuntu-20.04
strategy:
matrix:
defconfig_name: [qemu_x86_defconfig, qemu_x86_64_defconfig, raspberrypi4_defconfig, raspberrypi4_64_defconfig, qemu_ppc64le_pseries_defconfig, qemu_mips32r2_malta_defconfig, qemu_mips64_malta_defconfig]
libc_name: [glibc, uclibc, musl]
+ env:
+ PPP_CI_VERSION: v1.0
+ BUILDROOT_DIRECTORY_NAME: buildroot-${{ matrix.defconfig_name }}-${{ matrix.libc_name }}
steps:
- - name: Checkout Buildroot sources
- run: git clone --depth=1 --branch=2020.11.1 https://git.busybox.net/buildroot
- - name: Select latest PPP version
- working-directory: buildroot/package/pppd
+ - name: Retrieve prebuilt Buildroot image...
+ working-directory: /home/runner
run: |
- # Allow package to build when musl libc is selected
- sed -i '/depends on !BR2_TOOLCHAIN_USES_MUSL/d' Config.in
- # Upstream version always needs OpenSSL
- sed -i '/select BR2_PACKAGE_OPENSSL/c\\select BR2_PACKAGE_OPENSSL' Config.in
- # Do not check for package hash, so there is no need to compute it
- rm pppd.hash
- # Buildroot patch is already applied upstream
- rm -f 0001-pppd-Fix-bounds-check.patch
- # Get package sources from head of master branch
- sed -i "/PPPD_VERSION =/c\\PPPD_VERSION = ${GITHUB_SHA}" pppd.mk
- sed -i '/PPPD_SITE =/c\\PPPD_SITE = https://github.com/paulusmack/ppp' pppd.mk
- sed -i '9iPPPD_SITE_METHOD = git' pppd.mk
- # Plugin rp-pppoe has been renamed in "pppoe"
- sed -i 's/rp-pppoe/pppoe/g' pppd.mk
- - name: Enable PPP build
- working-directory: buildroot
+ wget https://github.com/ppp-project/ppp-ci/releases/download/${{ env.PPP_CI_VERSION }}/${{ env.BUILDROOT_DIRECTORY_NAME }}.tar.zst
+ tar -xf ${{ env.BUILDROOT_DIRECTORY_NAME }}.tar.zst
+ - name: Select latest PPP upstream version
+ working-directory: /home/runner/${{ env.BUILDROOT_DIRECTORY_NAME }}/package/pppd
run: |
- # Enable all Buildroot PPP options as everything is built by upstream build system
- echo "BR2_PACKAGE_PPPD=y" >> configs/${{ matrix.defconfig_name }}
- echo "BR2_PACKAGE_PPPD_FILTER=y" >> configs/${{ matrix.defconfig_name }}
- echo "BR2_PACKAGE_PPPD_RADIUS=y" >> configs/${{ matrix.defconfig_name }}
- echo "BR2_PACKAGE_PPPD_OVERWRITE_RESOLV_CONF=y" >> configs/${{ matrix.defconfig_name }}
- - name: Select glibc
- if: ${{ matrix.libc_name == 'glibc' }}
- working-directory: buildroot
- run: echo "BR2_TOOLCHAIN_BUILDROOT_GLIBC=y" >> configs/${{ matrix.defconfig_name }}
- - name: Select uClibc
- if: ${{ matrix.libc_name == 'uclibc' }}
- working-directory: buildroot
- run: echo "BR2_TOOLCHAIN_BUILDROOT_UCLIBC=y" >> configs/${{ matrix.defconfig_name }}
- - name: Select musl
- if: ${{ matrix.libc_name == 'musl' }}
- working-directory: buildroot
- run: echo "BR2_TOOLCHAIN_BUILDROOT_MUSL=y" >> configs/${{ matrix.defconfig_name }}
- - name: Configure Buildroot
- working-directory: buildroot
- run: make ${{ matrix.defconfig_name }}
+ # Get package sources from head of current branch
+ sed -i "/PPPD_VERSION =/c\\PPPD_VERSION = ${GITHUB_SHA}" pppd.mk
+ - name: Trigger a PPP package rebuild
+ working-directory: /home/runner/${{ env.BUILDROOT_DIRECTORY_NAME }}/output/build
+ run: rm -rf pppd*
- name: Build
- working-directory: buildroot
+ working-directory: /home/runner/${{ env.BUILDROOT_DIRECTORY_NAME }}
run: make
jobs:
solaris:
- runs-on: macos-latest
+ runs-on: ubuntu-22.04
steps:
- name: Checkout PPP sources
- uses: actions/checkout@v2
+ uses: actions/checkout@v3
- name: Build
- uses: vmactions/solaris-vm@v0.0.1
+ uses: vmactions/solaris-vm@v1.0.0
with:
run: |
pkg update
- pkg install gcc
- ./configure
+ pkg install gcc automake autoconf libtool
+ ./autogen.sh CFLAGS="-Wno-deprecated-declarations"
make
+ make install
--- /dev/null
+name: Build and Test
+on: [push, pull_request]
+
+jobs:
+ build_and_test:
+ runs-on: ubuntu-latest
+ env:
+ configure_flags: --enable-multilink --enable-systemd --enable-cbcp
+
+ steps:
+ - uses: actions/checkout@v3
+
+ - name: install required packages
+ run: |
+ sudo DEBIAN_FRONTEND=noninteractive apt-get -y -qq update
+ sudo DEBIAN_FRONTEND=noninteractive apt-get -y -qq install \
+ build-essential autoconf automake pkg-config libtool m4 autoconf-archive \
+ libssl-dev libatm1-dev libpcap-dev libsystemd-dev libpam0g-dev
+
+ - name: configure
+ run: ./autogen.sh ${{ env.configure_flags }}
+
+ - name: build
+ run: make V=1 CFLAGS="-O2 -g -Wno-unused-result"
+
+ - name: run auto tests
+ run: VERBOSE=true make check
+
+ - name: distcheck
+ run: make distcheck DISTCHECK_CONFIGURE_FLAGS="${{ env.configure_flags }}"
+
+ build_and_test_asan:
+ runs-on: ubuntu-latest
+ env:
+ configure_flags: --enable-multilink --enable-systemd --enable-cbcp
+ CFLAGS: '-fsanitize=address -ggdb'
+ LDFLAGS: '-fsanitize=address'
+
+ steps:
+ - uses: actions/checkout@v3
+
+ - name: install required packages
+ run: |
+ sudo DEBIAN_FRONTEND=noninteractive apt-get -y -qq update
+ sudo DEBIAN_FRONTEND=noninteractive apt-get -y -qq install \
+ build-essential autoconf automake pkg-config libtool m4 autoconf-archive \
+ libssl-dev libatm1-dev libpcap-dev libsystemd-dev libpam0g-dev
+
+ - name: configure
+ run: ./autogen.sh ${{ env.configure_flags }}
+
+ - name: build
+ run: make V=1 CFLAGS="-O2 -g -Wno-unused-result"
+
+ - name: run auto tests
+ run: VERBOSE=true make check
+
+ - name: distcheck
+ run: make distcheck DISTCHECK_CONFIGURE_FLAGS="${{ env.configure_flags }}"
+
*.o
*.so
*.a
+*.pc
*.cat8
+*.lo
+*.la
+*.swp
+.deps
+.libs
+
+
+# http://www.gnu.org/software/autoconf
+autom4te.cache
+/autoscan.log
+/autoscan-*.log
+/aclocal.m4
+/compile
+/config.cache
+/config.guess
+/config.log
+/config.status
+/config.sub
+/configure
+/configure.scan
+/depcomp
+/install-sh
+/test-driver
+/missing
+/INSTALL
+/pppd/stamp-h1
+/pppd/stamp-h2
+/pppd/config.h
+/pppd/config.h.in
+/pppd/pppdconf.h
+/pppd/plugins/pppoe/config.h
+/pppd/plugins/pppoe/stamp-h3
+
+# https://www.gnu.org/software/libtool/
+/libtool
+/ltmain.sh
+
+# http://www.gnu.org/software/m4/
+m4/libtool.m4
+m4/ltoptions.m4
+m4/ltsugar.m4
+m4/ltversion.m4
+m4/lt~obsolete.m4
+
+# Generated Makefile
Makefile
+Makefile.in
+
+# Test related stuff
+utest_*
+test-suite.log
+
+# Distfiles
+/ppp-*.tar.gz
--- /dev/null
+The pppd Project
+https://github.com/ppp-project/ppp
+
+Primary Author of this package:
+Linux Paul Mackerras <paulus@ozlabs.org>
+Solaris James Carlson <carlson@workingcode.com>
+
--- /dev/null
+Copyrights:
+***********
+
+All of the code can be freely used and redistributed. The individual
+source files each have their own copyright and permission notice.
+Pppd, pppstats and pppdump are under BSD-style notices. Some of the
+pppd plugins are GPL'd. Chat is public domain.
--- /dev/null
+2021-07-11 Eivind Naess <eivnaes@yahoo.com>
+
+ Introduction of Autotools to pppd project
+
--- /dev/null
+What's new in ppp-2.4.9.
+************************
+
+* Support for new EAP (Extensible Authentication Protocol) methods:
+ - Support for EAP-TLS, from Jan Just Keijser and others
+ - Support for EAP-MSCHAPv2, from Eivind Næss, Thomas Omerzu, Tijs
+ Van Buggenhout and others
+
+* New pppd options:
+ - chap-timeout
+ - chapms-strip-domain
+ - replacedefaultroute
+ - noreplacedefaultroute
+ - ipv6cp-accept-remote
+ - lcp-echo-adaptive
+ - ip-up-script
+ - ip-down-script
+ - ca
+ - capath
+ - cert
+ - key
+ - crl-dir
+ - crl
+ - max-tls-version
+ - need-peer-eap
+
+* Fixes for CVE-2020-8597 and CVE-2015-3310.
+
+* libpcap is now required when compiling on Linux (previously, if
+ libpcap was not present, pppd would be compiled without packet
+ filtering support).
+
+* The rp-pppoe plugin has been renamed to pppoe, to distinguish it
+ from the upstream rp-pppoe code. Its options have changed names,
+ but the old names are kept as aliases.
+
+* The configure script now supports cross-compilation.
+
+* Many bug fixes and cleanups.
+
+
+What was new in ppp-2.4.8.
+**************************
+
+* New pppd options have been added:
+ - ifname, to set the name for the PPP interface device
+ - defaultroute-metric, to set the metric for the default route
+ - defaultroute6, to add an IPv6 default route (with nodefaultroute6
+ to prevent adding an IPv6 default route)
+ - up_sdnotify, to have pppd notify systemd when the link is up.
+
+* The rp-pppoe plugin has new options:
+ - host-uniq, to set the Host-Uniq value to send
+ - pppoe-padi-timeout, to set the timeout for discovery packets
+ - pppoe-padi-attempts, to set the number of discovery attempts.
+
+* Added the CLASS attribute in radius packets.
+
+* Sundry bug fixes.
+
+* Fixed warnings and issues found by static analysis.
+
+* Added Submitting-patches.md.
+
+
+What was new in ppp-2.4.7.
+**************************
+
+* Fixed a potential security issue in parsing option files (CVE-2014-3158).
+
+* There is a new "stop-bits" option, which takes an argument of 1 or 2,
+ indicating the number of stop bits to use for async serial ports.
+
+* Various bug fixes.
+
+
+What was new in ppp-2.4.6.
+**************************
+
+* Man page updates.
+
+* Several bug fixes.
+
+* Options files can now set and unset environment variables for
+ scripts.
+
+* The timeout for chat scripts can now be taken from an environment
+ variable.
+
+* There is a new option, master_detach, which allows pppd to detach
+ from the controlling terminal when it is the multilink bundle master
+ but its own link has terminated, even if the nodetach option has
+ been given.
+
+
+What was new in ppp-2.4.5.
+**************************
+
+* Under Linux, pppd can now operate in a mode where it doesn't request
+ the peer's IP address, as some peers refuse to supply an IP address.
+ Since Linux supports device routes as well as gateway routes, it's
+ possible to have no remote IP address assigned to the ppp interface
+ and still route traffic over it.
+
+* Pppd now works better with 3G modems that do strange things such as
+ sending IPCP Configure-Naks with the same values over and over again.
+
+* The PPP over L2TP plugin is included, which works with the pppol2tp
+ PPP channel code in the Linux kernel. This allows pppd to be used
+ to set up tunnels using the Layer 2 Tunneling Protocol.
+
+* A new 'enable-session' option has been added, which enables session
+ accounting via PAM or wtwp/wtmpx, as appropriate. See the pppd man
+ page for details.
+
+* Several bugs have been fixed.
+
+
+What was new in ppp-2.4.4.
+**************************
+
+* Pppd will now run /etc/ppp/ip-pre-up, if it exists, after creating
+ the ppp interface and configuring its IP addresses but before
+ bringing it up. This can be used, for example, for adding firewall
+ rules for the interface.
+
+* Lots of bugs fixed, particularly in the area of demand-dialled and
+ persistent connections.
+
+* The rp-pppoe plugin now accepts any interface name (that isn't an
+ existing pppd option name) without putting "nic-" on the front of
+ it, not just eth*, nas*, tap* and br*.
+
+
+What was new in ppp-2.4.3.
+**************************
+
+* The configure script now accepts --prefix and --sysconfdir options.
+ These default to /usr/local and /etc. If you want pppd put in
+ /usr/sbin as before, use ./configure --prefix=/usr.
+
+* Doing `make install' no longer puts example configuration files in
+ /etc/ppp. Use `make install-etcppp' if you want that.
+
+* The code has been updated to work with version 0.8.3 of libpcap.
+ Unfortunately the libpcap maintainers removed support for the
+ "inbound" and "outbound" keywords on PPP links, meaning that if you
+ link pppd with libpcap-0.8.3, you can't use those keywords in the
+ active-filter and pass-filter expressions. The support has been
+ reinstated in the CVS version and should be in future libpcap
+ releases. If you need the in/outbound keywords, use a later release
+ than 0.8.3, or get the CVS version from http://www.tcpdump.org.
+
+* There is a new option, child-timeout, which sets the length of time
+ that pppd will wait for child processes (such as the command
+ specified with the pty option) to exit before exiting itself. It
+ defaults to 5 seconds. After the timeout, pppd will send a SIGTERM
+ to any remaining child processes and exit. A value of 0 means no
+ timeout.
+
+* Various bugs have been fixed, including some CBCP packet parsing
+ bugs that could lead to the peer being able to crash pppd if CBCP
+ support is enabled.
+
+* Various fixes and enhancements to the radius and rp-pppoe plugins
+ have been added.
+
+* There is a new winbind plugin, from Andrew Bartlet of the Samba
+ team, which provides the ability to authenticate the peer against an
+ NT domain controller using MS-CHAP or MS-CHAPV2.
+
+* There is a new pppoatm plugin, by various authors, sent in by David
+ Woodhouse.
+
+* The multilink code has been substantially reworked. The first pppd
+ for a bundle still controls the ppp interface, but it doesn't exit
+ until all the links in the bundle have terminated. If the first
+ pppd is signalled to exit, it signals all the other pppds
+ controlling links in the bundle.
+
+* The TDB code has been updated to the latest version. This should
+ eliminate the problem that some people have seen where the database
+ file (/var/run/pppd.tdb) keeps on growing. Unfortunately, however,
+ the new code uses an incompatible database format. For this reason,
+ pppd now uses /var/run/pppd2.tdb as the database filename.
+
+
+What was new in ppp-2.4.2.
+**************************
+
+* The CHAP code has been rewritten. Pppd now has support for MS-CHAP
+ V1 and V2 authentication, both as server and client. The new CHAP
+ code is cleaner than the old code and avoids some copyright problems
+ that existed in the old code.
+
+* MPPE (Microsoft Point-to-Point Encryption) support has been added,
+ although the current implementation shouldn't be considered
+ completely secure. (There is no assurance that the current code
+ won't ever transmit an unencrypted packet.)
+
+* James Carlson's implementation of the Extensible Authentication
+ Protocol (EAP) has been added.
+
+* Support for the Encryption Control Protocol (ECP) has been added.
+
+* Some new plug-ins have been included:
+ - A plug-in for kernel-mode PPPoE (PPP over Ethernet)
+ - A plug-in for supplying the PAP password over a pipe from another
+ process
+ - A plug-in for authenticating using a Radius server.
+
+* Updates and bug-fixes for the Solaris port.
+
+* The CBCP (Call Back Control Protocol) code has been updated. There
+ are new options `remotenumber' and `allow-number'.
+
+* Extra hooks for plugins to use have been added.
+
+* There is now a `maxoctets' option, which causes pppd to terminate
+ the link once the number of bytes passed on the link exceeds a given
+ value.
+
+* There are now options to control whether pppd can use the IPCP
+ IP-Address and IP-Addresses options: `ipcp-no-address' and
+ `ipcp-no-addresses'.
+
+* Fixed several bugs, including potential buffer overflows in chat.
+
+
+What was new in ppp-2.4.1.
+**************************
+
+* Pppd can now print out the set of options that are in effect. The
+ new `dump' option causes pppd to print out the option values after
+ option parsing is complete. The `dryrun' option causes pppd to
+ print the options and then exit.
+
+* The option parsing code has been fixed so that options in the
+ per-tty options file are parsed correctly, and don't override values
+ from the command line in most cases.
+
+* The plugin option now looks in /usr/lib/pppd/<pppd-version> (for
+ example, /usr/lib/pppd/2.4.1b1) for shared objects for plugins if
+ there is no slash in the plugin name.
+
+* When loading a plugin, pppd will now check the version of pppd for
+ which the plugin was compiled, and refuse to load it if it is
+ different to pppd's version string. To enable this, the plugin
+ source needs to #include "pppd.h" and have a line saying:
+ char pppd_version[] = VERSION;
+
+* There is a bug in zlib, discovered by James Carlson, which can cause
+ kernel memory corruption if Deflate is used with the lowest setting,
+ 8. As a workaround pppd will now insist on using at least 9.
+
+* Pppd should compile on Solaris and SunOS again.
+
+* Pppd should now set the MTU correctly on demand-dialled interfaces.
+
+
+What was new in ppp-2.4.0.
+**************************
+
+* Multilink: this package now allows you to combine multiple serial
+ links into one logical link or `bundle', for increased bandwidth and
+ reduced latency. This is currently only supported under the
+ 2.4.x and later Linux kernels.
+
+* All the pppd processes running on a system now write information
+ into a common database. I used the `tdb' code from samba for this.
+
+* New hooks have been added.
+
+For a list of the changes made during the 2.3 series releases of this
+package, see the Changes-2.3 file.
--- /dev/null
+Copyright (c) The Regents of the University of California.
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+3. Neither the name of the University nor the names of its contributors
+ may be used to endorse or promote products derived from this software
+ without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
--- /dev/null
+ GNU GENERAL PUBLIC LICENSE
+ Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+ Preamble
+
+ The licenses for most software are designed to take away your
+freedom to share and change it. By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users. This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it. (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.) You can apply it to
+your programs, too.
+
+ When we speak of free software, we are referring to freedom, not
+price. Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+ To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+ For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have. You must make sure that they, too, receive or can get the
+source code. And you must show them these terms so they know their
+rights.
+
+ We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+ Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software. If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+ Finally, any free program is threatened constantly by software
+patents. We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary. To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+ The precise terms and conditions for copying, distribution and
+modification follow.
+
+ GNU GENERAL PUBLIC LICENSE
+ TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+ 0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License. The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language. (Hereinafter, translation is included without limitation in
+the term "modification".) Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope. The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+ 1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+ 2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+ a) You must cause the modified files to carry prominent notices
+ stating that you changed the files and the date of any change.
+
+ b) You must cause any work that you distribute or publish, that in
+ whole or in part contains or is derived from the Program or any
+ part thereof, to be licensed as a whole at no charge to all third
+ parties under the terms of this License.
+
+ c) If the modified program normally reads commands interactively
+ when run, you must cause it, when started running for such
+ interactive use in the most ordinary way, to print or display an
+ announcement including an appropriate copyright notice and a
+ notice that there is no warranty (or else, saying that you provide
+ a warranty) and that users may redistribute the program under
+ these conditions, and telling the user how to view a copy of this
+ License. (Exception: if the Program itself is interactive but
+ does not normally print such an announcement, your work based on
+ the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole. If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works. But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+ 3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+ a) Accompany it with the complete corresponding machine-readable
+ source code, which must be distributed under the terms of Sections
+ 1 and 2 above on a medium customarily used for software interchange; or,
+
+ b) Accompany it with a written offer, valid for at least three
+ years, to give any third party, for a charge no more than your
+ cost of physically performing source distribution, a complete
+ machine-readable copy of the corresponding source code, to be
+ distributed under the terms of Sections 1 and 2 above on a medium
+ customarily used for software interchange; or,
+
+ c) Accompany it with the information you received as to the offer
+ to distribute corresponding source code. (This alternative is
+ allowed only for noncommercial distribution and only if you
+ received the program in object code or executable form with such
+ an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it. For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable. However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+ 4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License. Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+ 5. You are not required to accept this License, since you have not
+signed it. However, nothing else grants you permission to modify or
+distribute the Program or its derivative works. These actions are
+prohibited by law if you do not accept this License. Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+ 6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions. You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+ 7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License. If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all. For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices. Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+ 8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded. In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+ 9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time. Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number. If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation. If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+ 10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission. For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this. Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+ NO WARRANTY
+
+ 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+ 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+ END OF TERMS AND CONDITIONS
+
+ How to Apply These Terms to Your New Programs
+
+ If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+ To do so, attach the following notices to the program. It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+ <one line to give the program's name and a brief idea of what it does.>
+ Copyright (C) <year> <name of author>
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License along
+ with this program; if not, write to the Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+ Gnomovision version 69, Copyright (C) year name of author
+ Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+ This is free software, and you are welcome to redistribute it
+ under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License. Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary. Here is a sample; alter the names:
+
+ Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+ `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+ <signature of Ty Coon>, 1 April 1989
+ Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs. If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library. If this is what you want to do, use the GNU Lesser General
+Public License instead of this License.
--- /dev/null
+ACLOCAL_AMFLAGS="-Im4"
+
+SUBDIRS = chat contrib pppd pppstats pppdump
+
+if PPP_WITH_PLUGINS
+SUBDIRS += pppd/plugins
+endif
+
+DIST_SUBDIRS = $(SUBDIRS) common include modules scripts
+
+#
+# *HACK*
+# This is to work around the kernel module for PPP on Sun Solaris
+if SUNOS
+all-am:
+ (cd solaris ; $(MAKE) -f Makefile)
+
+clean-generic:
+ (cd solaris ; $(MAKE) -f Makefile clean)
+
+install-am:
+ (cd solaris ; $(MAKE) -f Makefile install)
+endif
+
+install-data-hook:
+ (cd $(DESTDIR)/$(sysconfdir)/$(PACKAGE) ; \
+ chmod 600 chap-secrets pap-secrets eaptls-server eaptls-client)
+
+sampledir = $(sysconfdir)/$(PACKAGE)
+sample_DATA = \
+ etc.ppp/options \
+ etc.ppp/chap-secrets \
+ etc.ppp/pap-secrets \
+ etc.ppp/eaptls-server \
+ etc.ppp/eaptls-client \
+ etc.ppp/openssl.cnf
+
+EXTRA_README = \
+ Changes-2.3 \
+ FAQ \
+ README \
+ README.cbcp \
+ README.eap-srp \
+ README.eap-tls \
+ README.linux \
+ README.MPPE \
+ README.MSCHAP80 \
+ README.MSCHAP81 \
+ README.pppoe \
+ README.pppol2tp \
+ README.pwfd \
+ README.sol2 \
+ PLUGINS \
+ SETUP \
+ Submitting-patches.md
+
+EXTRA_SOLARIS = \
+ solaris/Makedefs \
+ solaris/Makedefs.gcc \
+ solaris/Makedefs.sol2 \
+ solaris/Makefile.sol2 \
+ solaris/Makefile.sol2-64 \
+ solaris/Makefile.sol2-64x \
+ solaris/Makefile.sol2gcc \
+ solaris/Makefile.sol2gcc-64 \
+ solaris/Makefile.sol2gcc-64x \
+ solaris/Makefile.top \
+ solaris/ppp_ahdlc.c \
+ solaris/ppp_ahdlc_mod.c \
+ solaris/ppp.c \
+ solaris/ppp_comp.c \
+ solaris/ppp_comp_mod.c \
+ solaris/ppp.conf \
+ solaris/ppp_mod.c \
+ solaris/ppp_mod.h
+
+EXTRA_DIST= \
+ $(sample_DATA) \
+ $(EXTRA_README) \
+ $(EXTRA_SOLARIS)
--- /dev/null
+What's new since ppp-2.4.9 (unreleased)
+***************************************
+
+* New pppd options:
+ - ipv6-up-script
+ - ipv6-down-script
+
+What's new in ppp-2.4.9.
+************************
+
+* Support for new EAP (Extensible Authentication Protocol) methods:
+ - Support for EAP-TLS, from Jan Just Keijser and others
+ - Support for EAP-MSCHAPv2, from Eivind Næss, Thomas Omerzu, Tijs
+ Van Buggenhout and others
+
+* New pppd options:
+ - chap-timeout
+ - chapms-strip-domain
+ - replacedefaultroute
+ - noreplacedefaultroute
+ - ipv6cp-accept-remote
+ - lcp-echo-adaptive
+ - ip-up-script
+ - ip-down-script
+ - ca
+ - capath
+ - cert
+ - key
+ - crl-dir
+ - crl
+ - max-tls-version
+ - need-peer-eap
+
+* Fixes for CVE-2020-8597 and CVE-2015-3310.
+
+* libpcap is now required when compiling on Linux (previously, if
+ libpcap was not present, pppd would be compiled without packet
+ filtering support).
+
+* The rp-pppoe plugin has been renamed to pppoe, to distinguish it
+ from the upstream rp-pppoe code. Its options have changed names,
+ but the old names are kept as aliases.
+
+* The configure script now supports cross-compilation.
+
+* Many bug fixes and cleanups.
+
+
+What was new in ppp-2.4.8.
+**************************
+
+* New pppd options have been added:
+ - ifname, to set the name for the PPP interface device
+ - defaultroute-metric, to set the metric for the default route
+ - defaultroute6, to add an IPv6 default route (with nodefaultroute6
+ to prevent adding an IPv6 default route)
+ - up_sdnotify, to have pppd notify systemd when the link is up.
+
+* The rp-pppoe plugin has new options:
+ - host-uniq, to set the Host-Uniq value to send
+ - pppoe-padi-timeout, to set the timeout for discovery packets
+ - pppoe-padi-attempts, to set the number of discovery attempts.
+
+* Added the CLASS attribute in radius packets.
+
+* Sundry bug fixes.
+
+* Fixed warnings and issues found by static analysis.
+
+* Added Submitting-patches.md.
+
+
+What was new in ppp-2.4.7.
+**************************
+
+* Fixed a potential security issue in parsing option files (CVE-2014-3158).
+
+* There is a new "stop-bits" option, which takes an argument of 1 or 2,
+ indicating the number of stop bits to use for async serial ports.
+
+* Various bug fixes.
+
+
+What was new in ppp-2.4.6.
+**************************
+
+* Man page updates.
+
+* Several bug fixes.
+
+* Options files can now set and unset environment variables for
+ scripts.
+
+* The timeout for chat scripts can now be taken from an environment
+ variable.
+
+* There is a new option, master_detach, which allows pppd to detach
+ from the controlling terminal when it is the multilink bundle master
+ but its own link has terminated, even if the nodetach option has
+ been given.
+
+
+What was new in ppp-2.4.5.
+**************************
+
+* Under Linux, pppd can now operate in a mode where it doesn't request
+ the peer's IP address, as some peers refuse to supply an IP address.
+ Since Linux supports device routes as well as gateway routes, it's
+ possible to have no remote IP address assigned to the ppp interface
+ and still route traffic over it.
+
+* Pppd now works better with 3G modems that do strange things such as
+ sending IPCP Configure-Naks with the same values over and over again.
+
+* The PPP over L2TP plugin is included, which works with the pppol2tp
+ PPP channel code in the Linux kernel. This allows pppd to be used
+ to set up tunnels using the Layer 2 Tunneling Protocol.
+
+* A new 'enable-session' option has been added, which enables session
+ accounting via PAM or wtwp/wtmpx, as appropriate. See the pppd man
+ page for details.
+
+* Several bugs have been fixed.
+
+
+What was new in ppp-2.4.4.
+**************************
+
+* Pppd will now run /etc/ppp/ip-pre-up, if it exists, after creating
+ the ppp interface and configuring its IP addresses but before
+ bringing it up. This can be used, for example, for adding firewall
+ rules for the interface.
+
+* Lots of bugs fixed, particularly in the area of demand-dialled and
+ persistent connections.
+
+* The rp-pppoe plugin now accepts any interface name (that isn't an
+ existing pppd option name) without putting "nic-" on the front of
+ it, not just eth*, nas*, tap* and br*.
+
+
+What was new in ppp-2.4.3.
+**************************
+
+* The configure script now accepts --prefix and --sysconfdir options.
+ These default to /usr/local and /etc. If you want pppd put in
+ /usr/sbin as before, use ./configure --prefix=/usr.
+
+* Doing `make install' no longer puts example configuration files in
+ /etc/ppp. Use `make install-etcppp' if you want that.
+
+* The code has been updated to work with version 0.8.3 of libpcap.
+ Unfortunately the libpcap maintainers removed support for the
+ "inbound" and "outbound" keywords on PPP links, meaning that if you
+ link pppd with libpcap-0.8.3, you can't use those keywords in the
+ active-filter and pass-filter expressions. The support has been
+ reinstated in the CVS version and should be in future libpcap
+ releases. If you need the in/outbound keywords, use a later release
+ than 0.8.3, or get the CVS version from http://www.tcpdump.org.
+
+* There is a new option, child-timeout, which sets the length of time
+ that pppd will wait for child processes (such as the command
+ specified with the pty option) to exit before exiting itself. It
+ defaults to 5 seconds. After the timeout, pppd will send a SIGTERM
+ to any remaining child processes and exit. A value of 0 means no
+ timeout.
+
+* Various bugs have been fixed, including some CBCP packet parsing
+ bugs that could lead to the peer being able to crash pppd if CBCP
+ support is enabled.
+
+* Various fixes and enhancements to the radius and rp-pppoe plugins
+ have been added.
+
+* There is a new winbind plugin, from Andrew Bartlet of the Samba
+ team, which provides the ability to authenticate the peer against an
+ NT domain controller using MS-CHAP or MS-CHAPV2.
+
+* There is a new pppoatm plugin, by various authors, sent in by David
+ Woodhouse.
+
+* The multilink code has been substantially reworked. The first pppd
+ for a bundle still controls the ppp interface, but it doesn't exit
+ until all the links in the bundle have terminated. If the first
+ pppd is signalled to exit, it signals all the other pppds
+ controlling links in the bundle.
+
+* The TDB code has been updated to the latest version. This should
+ eliminate the problem that some people have seen where the database
+ file (/var/run/pppd.tdb) keeps on growing. Unfortunately, however,
+ the new code uses an incompatible database format. For this reason,
+ pppd now uses /var/run/pppd2.tdb as the database filename.
+
+
+What was new in ppp-2.4.2.
+**************************
+
+* The CHAP code has been rewritten. Pppd now has support for MS-CHAP
+ V1 and V2 authentication, both as server and client. The new CHAP
+ code is cleaner than the old code and avoids some copyright problems
+ that existed in the old code.
+
+* MPPE (Microsoft Point-to-Point Encryption) support has been added,
+ although the current implementation shouldn't be considered
+ completely secure. (There is no assurance that the current code
+ won't ever transmit an unencrypted packet.)
+
+* James Carlson's implementation of the Extensible Authentication
+ Protocol (EAP) has been added.
+
+* Support for the Encryption Control Protocol (ECP) has been added.
+
+* Some new plug-ins have been included:
+ - A plug-in for kernel-mode PPPoE (PPP over Ethernet)
+ - A plug-in for supplying the PAP password over a pipe from another
+ process
+ - A plug-in for authenticating using a Radius server.
+
+* Updates and bug-fixes for the Solaris port.
+
+* The CBCP (Call Back Control Protocol) code has been updated. There
+ are new options `remotenumber' and `allow-number'.
+
+* Extra hooks for plugins to use have been added.
+
+* There is now a `maxoctets' option, which causes pppd to terminate
+ the link once the number of bytes passed on the link exceeds a given
+ value.
+
+* There are now options to control whether pppd can use the IPCP
+ IP-Address and IP-Addresses options: `ipcp-no-address' and
+ `ipcp-no-addresses'.
+
+* Fixed several bugs, including potential buffer overflows in chat.
+
+
+What was new in ppp-2.4.1.
+**************************
+
+* Pppd can now print out the set of options that are in effect. The
+ new `dump' option causes pppd to print out the option values after
+ option parsing is complete. The `dryrun' option causes pppd to
+ print the options and then exit.
+
+* The option parsing code has been fixed so that options in the
+ per-tty options file are parsed correctly, and don't override values
+ from the command line in most cases.
+
+* The plugin option now looks in /usr/lib/pppd/<pppd-version> (for
+ example, /usr/lib/pppd/2.4.1b1) for shared objects for plugins if
+ there is no slash in the plugin name.
+
+* When loading a plugin, pppd will now check the version of pppd for
+ which the plugin was compiled, and refuse to load it if it is
+ different to pppd's version string. To enable this, the plugin
+ source needs to #include "pppd.h" and have a line saying:
+ char pppd_version[] = VERSION;
+
+* There is a bug in zlib, discovered by James Carlson, which can cause
+ kernel memory corruption if Deflate is used with the lowest setting,
+ 8. As a workaround pppd will now insist on using at least 9.
+
+* Pppd should compile on Solaris and SunOS again.
+
+* Pppd should now set the MTU correctly on demand-dialled interfaces.
+
+
+What was new in ppp-2.4.0.
+**************************
+
+* Multilink: this package now allows you to combine multiple serial
+ links into one logical link or `bundle', for increased bandwidth and
+ reduced latency. This is currently only supported under the
+ 2.4.x and later Linux kernels.
+
+* All the pppd processes running on a system now write information
+ into a common database. I used the `tdb' code from samba for this.
+
+* New hooks have been added.
+
+For a list of the changes made during the 2.3 series releases of this
+package, see the Changes-2.3 file.
+
+
+
time before the idle timeout applies.
Plugins can access global variables within pppd, so it is useful for
-them to #include "pppd.h" from the pppd source directory.
+them to #include "pppd.h" from the pppd source directory. Other
+header files can be included such as chap.h, mppe.h, and upap.h as
+needed per project.
Every plugin must contain a global procedure called `plugin_init'.
This procedure will get called (with no arguments) immediately after
the plugin is loaded. Every plugin should also contain a variable
called pppd_version declared as follows:
-char pppd_version[] = VERSION;
+char pppd_version[] = PPPD_VERSION;
If this declaration is included, pppd will not load the module if its
version number differs from that compiled into the plugin binary.
Plugins can affect the behaviour of pppd in at least four ways:
1. They can add extra options which pppd will then recognize. This is
- done by calling the add_options() procedure with a pointer to an
+ done by calling the ppp_add_options() procedure with a pointer to an
array of option_t structures. The last entry in the array must
have its name field set to NULL.
A plugin registers itself with a notifier by declaring a procedure of
the form:
-void my_notify_proc(void *opaque, int arg);
+void (ppp_notify_fn)(void *opaque, int arg);
and then registering the procedure with the appropriate notifier with
a call of the form
- add_notifier(&interesting_notifier, my_notify_proc, opaque);
+ ppp_add_notify(ppp_notify_t, ppp_notify_fn, opaque);
+
+The ppp_notify_t is an enumerated type that describes which notifier
+to attach the function to. Example: NF_EXIT, NF_SIGNALED, NF_IP_UP
The `opaque' parameter in the add_notifier call will be passed to
my_notify_proc every time it is called. The `arg' parameter to
A notify procedure can be removed from the list for a notifier with a
call of the form
- remove_notifier(&interesting_notifier, my_notify_proc, opaque);
+ ppp_del_notify(ppp_notify_t, ppp_notify_fn, opaque);
Here is a list of the currently-implemented notifiers in pppd.
-* pidchange. This notifier is called in the parent when pppd has
+* NF_PID_CHANGE. This notifier is called in the parent when pppd has
forked and the child is continuing pppd's processing, i.e. when pppd
detaches from its controlling terminal. The argument is the pid of
the child.
-* phasechange. This is called when pppd moves from one phase of
+* NF_PHASE_CHANGE. This is called when pppd moves from one phase of
operation to another. The argument is the new phase number.
-* exitnotify. This is called just before pppd exits. The argument is
+* NF_EXIT. This is called just before pppd exits. The argument is
the status with which pppd will exit (i.e. the argument to exit()).
-* sigreceived. This is called when a signal is received, from within
+* NF_SIGNALED. This is called when a signal is received, from within
the signal handler. The argument is the signal number.
-* ip_up_notifier. This is called when IPCP has come up.
+* NF_IP_UP. This is called when IPCP has come up.
+
+* NF_IP_DOWN. This is called when IPCP goes down.
+
+* NF_IPV6_UP. This is called when IP6CP has come up.
-* ip_down_notifier. This is called when IPCP goes down.
+* NF_IPV6_DOWN. This is called when IP6CP goes down.
-* auth_up_notifier. This is called when the peer has successfully
+* NF_AUTH_UP. This is called when the peer has successfully
authenticated itself.
-* link_down_notifier. This is called when the link goes down.
+* NF_LINK_DOWN. This is called when the link goes down.
+
+* NF_FORK. Called for each time pppd exists as a new process (child).
+
+
+Regarding MPPE keys and key-material for 2.5.0 release
+
+Sometimes it is necessary for a plugin to access details related to
+the authentication process. The NF_AUTH_UP callback notifier (client only)
+allows a plugin to inspect e.g. key details after authentication has been
+completed, but before the key material is cleared from memory for security
+reasons.
+
+There are in particularly 3 functions that allow one to inspect these
+keys:
+
+* bool mppe_keys_isset()
+* int mppe_get_recv_key(unsigned char *key, int length)
+* int mppe_get_send_key(unsigned char *key, int length)
+
+The first function indicates whether or not the key material is set and
+is valid. The two latter functions will allow one to obtain a copy
+of the respective receive and send keys. The return value of these
+functions is the length of the valid key material. For security reasons,
+one should take care to clear these copies when work is complete. The
+max length of MPPE receive ands send keys are up to 32 bytes long, or
+of MPPE_MAX_KEY_SIZE length.
+
+The previous definitions of MPPE_MAX_KEY_LEN is the maximum length in
+which the Linux kernel will accept for MPPE key lengths. Plugins would
+access the MPPE keys directly via the:
+ extern u_char mppe_send_key[MPPE_MAX_KEY_LEN]
+ extern u_char mppe_recv_key[MPPE_MAX_KEY_LEN]
+variables. The 2.5.0 release prohibits the direct access of these
+variables by making them static and private in favor of using the new
+API.
-## $Id: PLUGINS,v 1.8 2008/06/15 07:02:18 paulus Exp $ ##
+## $Id: PLUGINS,v 1.8 2008/06/15 07:02:18 paulus Exp $ ##
\ No newline at end of file
-This is the README file for ppp-2.4, a package which implements the
+This is the README file for ppp-2.5, a package which implements the
Point-to-Point Protocol (PPP) to provide Internet connections over
-serial lines.
+serial lines and other types of links which can be considered to be
+point-to-point links.
Introduction.
The Point-to-Point Protocol (PPP) provides a standard way to establish
a network connection over a serial link. At present, this package
supports IP and IPV6 and the protocols layered above them, such as TCP
-and UDP. The Linux port of this package also has support for IPX.
+and UDP.
This PPP implementation consists of two parts:
authenticating itself to you, of course.)
-What's new in ppp-2.4.9.
-************************
+What's new in ppp-2.5.1
+***********************
-* Support for new EAP (Extensible Authentication Protocol) methods:
- - Support for EAP-TLS, from Jan Just Keijser and others
- - Support for EAP-MSCHAPv2, from Eivind Næss, Thomas Omerzu, Tijs
- Van Buggenhout and others
-
-* New pppd options:
- - chap-timeout
- - chapms-strip-domain
- - replacedefaultroute
- - noreplacedefaultroute
- - ipv6cp-accept-remote
- - lcp-echo-adaptive
- - ip-up-script
- - ip-down-script
- - ca
- - capath
- - cert
- - key
- - crl-dir
- - crl
- - max-tls-version
- - need-peer-eap
-
-* Fixes for CVE-2020-8597 and CVE-2015-3310.
-
-* libpcap is now required when compiling on Linux (previously, if
- libpcap was not present, pppd would be compiled without packet
- filtering support).
-
-* The rp-pppoe plugin has been renamed to pppoe, to distinguish it
- from the upstream rp-pppoe code. Its options have changed names,
- but the old names are kept as aliases.
-
-* The configure script now supports cross-compilation.
-
-* Many bug fixes and cleanups.
-
-
-What was new in ppp-2.4.8.
-**************************
-
-* New pppd options have been added:
- - ifname, to set the name for the PPP interface device
- - defaultroute-metric, to set the metric for the default route
- - defaultroute6, to add an IPv6 default route (with nodefaultroute6
- to prevent adding an IPv6 default route)
- - up_sdnotify, to have pppd notify systemd when the link is up.
-
-* The rp-pppoe plugin has new options:
- - host-uniq, to set the Host-Uniq value to send
- - pppoe-padi-timeout, to set the timeout for discovery packets
- - pppoe-padi-attempts, to set the number of discovery attempts.
-
-* Added the CLASS attribute in radius packets.
-
-* Sundry bug fixes.
-
-* Fixed warnings and issues found by static analysis.
-
-* Added Submitting-patches.md.
-
-
-What was new in ppp-2.4.7.
-**************************
-
-* Fixed a potential security issue in parsing option files (CVE-2014-3158).
-
-* There is a new "stop-bits" option, which takes an argument of 1 or 2,
- indicating the number of stop bits to use for async serial ports.
-
-* Various bug fixes.
-
-
-What was new in ppp-2.4.6.
-**************************
-
-* Man page updates.
-
-* Several bug fixes.
-
-* Options files can now set and unset environment variables for
- scripts.
-
-* The timeout for chat scripts can now be taken from an environment
- variable.
-
-* There is a new option, master_detach, which allows pppd to detach
- from the controlling terminal when it is the multilink bundle master
- but its own link has terminated, even if the nodetach option has
- been given.
-
-
-What was new in ppp-2.4.5.
-**************************
-
-* Under Linux, pppd can now operate in a mode where it doesn't request
- the peer's IP address, as some peers refuse to supply an IP address.
- Since Linux supports device routes as well as gateway routes, it's
- possible to have no remote IP address assigned to the ppp interface
- and still route traffic over it.
-
-* Pppd now works better with 3G modems that do strange things such as
- sending IPCP Configure-Naks with the same values over and over again.
-
-* The PPP over L2TP plugin is included, which works with the pppol2tp
- PPP channel code in the Linux kernel. This allows pppd to be used
- to set up tunnels using the Layer 2 Tunneling Protocol.
-
-* A new 'enable-session' option has been added, which enables session
- accounting via PAM or wtwp/wtmpx, as appropriate. See the pppd man
- page for details.
-
-* Several bugs have been fixed.
+* Pppd can now measure and log the round-trip time (RTT) of LCP
+ echo-requests and record them in a binary file structured as a
+ circular buffer. Other programs or scripts can examine the file and
+ provide real-time statistics on link latency. This is enabled by a
+ new "lcp-rtt-file" option.
+* New scripts net-init, net-pre-up and net-down are executed in the
+ process of bringing the network interface up and down. They provide
+ additional, more deterministic ways for pppd to interact with the
+ rest of the networking configuration.
-What was new in ppp-2.4.4.
-**************************
-
-* Pppd will now run /etc/ppp/ip-pre-up, if it exists, after creating
- the ppp interface and configuring its IP addresses but before
- bringing it up. This can be used, for example, for adding firewall
- rules for the interface.
-
-* Lots of bugs fixed, particularly in the area of demand-dialled and
- persistent connections.
-
-* The rp-pppoe plugin now accepts any interface name (that isn't an
- existing pppd option name) without putting "nic-" on the front of
- it, not just eth*, nas*, tap* and br*.
+* Pppd will now create the directory for the TDB connection database
+ if it doesn't already exist.
+* Various other bug fixes and minor enhancements.
-What was new in ppp-2.4.3.
-**************************
-* The configure script now accepts --prefix and --sysconfdir options.
- These default to /usr/local and /etc. If you want pppd put in
- /usr/sbin as before, use ./configure --prefix=/usr.
-
-* Doing `make install' no longer puts example configuration files in
- /etc/ppp. Use `make install-etcppp' if you want that.
-
-* The code has been updated to work with version 0.8.3 of libpcap.
- Unfortunately the libpcap maintainers removed support for the
- "inbound" and "outbound" keywords on PPP links, meaning that if you
- link pppd with libpcap-0.8.3, you can't use those keywords in the
- active-filter and pass-filter expressions. The support has been
- reinstated in the CVS version and should be in future libpcap
- releases. If you need the in/outbound keywords, use a later release
- than 0.8.3, or get the CVS version from http://www.tcpdump.org.
-
-* There is a new option, child-timeout, which sets the length of time
- that pppd will wait for child processes (such as the command
- specified with the pty option) to exit before exiting itself. It
- defaults to 5 seconds. After the timeout, pppd will send a SIGTERM
- to any remaining child processes and exit. A value of 0 means no
- timeout.
-
-* Various bugs have been fixed, including some CBCP packet parsing
- bugs that could lead to the peer being able to crash pppd if CBCP
- support is enabled.
-
-* Various fixes and enhancements to the radius and rp-pppoe plugins
- have been added.
-
-* There is a new winbind plugin, from Andrew Bartlet of the Samba
- team, which provides the ability to authenticate the peer against an
- NT domain controller using MS-CHAP or MS-CHAPV2.
-
-* There is a new pppoatm plugin, by various authors, sent in by David
- Woodhouse.
-
-* The multilink code has been substantially reworked. The first pppd
- for a bundle still controls the ppp interface, but it doesn't exit
- until all the links in the bundle have terminated. If the first
- pppd is signalled to exit, it signals all the other pppds
- controlling links in the bundle.
-
-* The TDB code has been updated to the latest version. This should
- eliminate the problem that some people have seen where the database
- file (/var/run/pppd.tdb) keeps on growing. Unfortunately, however,
- the new code uses an incompatible database format. For this reason,
- pppd now uses /var/run/pppd2.tdb as the database filename.
-
-
-What was new in ppp-2.4.2.
+What was new in ppp-2.5.0.
**************************
-* The CHAP code has been rewritten. Pppd now has support for MS-CHAP
- V1 and V2 authentication, both as server and client. The new CHAP
- code is cleaner than the old code and avoids some copyright problems
- that existed in the old code.
-
-* MPPE (Microsoft Point-to-Point Encryption) support has been added,
- although the current implementation shouldn't be considered
- completely secure. (There is no assurance that the current code
- won't ever transmit an unencrypted packet.)
-
-* James Carlson's implementation of the Extensible Authentication
- Protocol (EAP) has been added.
-
-* Support for the Encryption Control Protocol (ECP) has been added.
-
-* Some new plug-ins have been included:
- - A plug-in for kernel-mode PPPoE (PPP over Ethernet)
- - A plug-in for supplying the PAP password over a pipe from another
- process
- - A plug-in for authenticating using a Radius server.
-
-* Updates and bug-fixes for the Solaris port.
-
-* The CBCP (Call Back Control Protocol) code has been updated. There
- are new options `remotenumber' and `allow-number'.
-
-* Extra hooks for plugins to use have been added.
-
-* There is now a `maxoctets' option, which causes pppd to terminate
- the link once the number of bytes passed on the link exceeds a given
- value.
-
-* There are now options to control whether pppd can use the IPCP
- IP-Address and IP-Addresses options: `ipcp-no-address' and
- `ipcp-no-addresses'.
-
-* Fixed several bugs, including potential buffer overflows in chat.
-
-
-What was new in ppp-2.4.1.
-**************************
-
-* Pppd can now print out the set of options that are in effect. The
- new `dump' option causes pppd to print out the option values after
- option parsing is complete. The `dryrun' option causes pppd to
- print the options and then exit.
-
-* The option parsing code has been fixed so that options in the
- per-tty options file are parsed correctly, and don't override values
- from the command line in most cases.
-
-* The plugin option now looks in /usr/lib/pppd/<pppd-version> (for
- example, /usr/lib/pppd/2.4.1b1) for shared objects for plugins if
- there is no slash in the plugin name.
-
-* When loading a plugin, pppd will now check the version of pppd for
- which the plugin was compiled, and refuse to load it if it is
- different to pppd's version string. To enable this, the plugin
- source needs to #include "pppd.h" and have a line saying:
- char pppd_version[] = VERSION;
-
-* There is a bug in zlib, discovered by James Carlson, which can cause
- kernel memory corruption if Deflate is used with the lowest setting,
- 8. As a workaround pppd will now insist on using at least 9.
-
-* Pppd should compile on Solaris and SunOS again.
-
-* Pppd should now set the MTU correctly on demand-dialled interfaces.
-
-
-What was new in ppp-2.4.0.
-**************************
-
-* Multilink: this package now allows you to combine multiple serial
- links into one logical link or `bundle', for increased bandwidth and
- reduced latency. This is currently only supported under the
- 2.4.x and later Linux kernels.
-
-* All the pppd processes running on a system now write information
- into a common database. I used the `tdb' code from samba for this.
+The 2.5.0 release is a major release of pppd which contains breaking
+changes for third-party plugins, a complete revamp of the build-system
+and that allows for flexibility of configuring features as needed.
+
+In Summary:
+* Support for PEAP authentication by Eivind Næss and Rustam Kovhaev
+* Support for loading PKCS12 certificate envelopes
+* Adoption of GNU Autoconf / Automake build environment, by Eivind Næss
+ and others.
+* Support for pkgconfig tool has been added by Eivind Næss.
+* Bunch of fixes and cleanup to PPPoE and IPv6 support by Pali Rohár.
+* Major revision to PPPD's Plugin API by Eivind Næss.
+ - Defines in which describes what features was included in pppd
+ - Functions now prefixed with explicit ppp_* to indicate that
+ pppd functions being called.
+ - Header files were renamed to better align with their features,
+ and now use proper include guards
+ - A pppdconf.h file is supplied to allow third-party modules to use
+ the same feature defines pppd was compiled with.
+ - No extern declarations of internal variable names of pppd,
+ continued use of these extern variables are considered
+ unstable.
+* Lots of internal fixes and cleanups for Radius and PPPoE by Jaco Kroon
+* Dropped IPX support, as Linux has dropped support in version 5.15
+ for this protocol.
+* Many more fixes and cleanups.
+* Pppd is no longer installed setuid-root.
+* New pppd options:
+ - ipv6cp-noremote, ipv6cp-nosend, ipv6cp-use-remotenumber,
+ ipv6-up-script, ipv6-down-script
+ - -v, show-options
+ - usepeerwins, ipcp-no-address, ipcp-no-addresses, nosendip
+* On Linux, any baud rate can be set on a serial port provided the
+ kernel serial driver supports that.
-* New hooks have been added.
+Note that if you have built and installed previous versions of this
+package and you want to continue having configuration and TDB files in
+/etc/ppp, you will need to use the --sysconfdir option to ./configure.
-For a list of the changes made during the 2.3 series releases of this
-package, see the Changes-2.3 file.
+For a list of the changes made during the 2.4 series releases of this
+package, see the Changes-2.4 file.
Compression methods.
Contacts.
*********
-The comp.protocols.ppp newsgroup is a useful place to get help if you
-have trouble getting your ppp connections to work. Please do not send
-me questions of the form "please help me get connected to my ISP" -
-I'm sorry, but I simply do not have the time to answer all the
-questions like this that I get.
+Most communication relating to this package happens on github at
+https://github.com/ppp-project/ppp/. The linux-ppp@vger.kernel.org
+mailing list also exists and can be used.
-If you find bugs in this package, please report them to the maintainer
-for the port for the operating system you are using:
+If you find bugs in this package, the best thing to do is to create an
+issue on github. If you can't or don't want to do that, you can post
+to linux-ppp@vger.kernel.org, or report them to the maintainer for the
+port for the operating system you are using:
-Linux Paul Mackerras <paulus@samba.org>
+Linux Paul Mackerras <paulus@ozlabs.org>
Solaris James Carlson <carlson@workingcode.com>
key <key-file>
Use the client private key found in <key-file> in PEM format
or in engine:engine_id format
+ pkcs12 <pkcs12-file>
+ Use a pkcs12 envelope as a substitute for cert and key. A password may be
+ required to use this file.
crl <crl-file>
Use the Certificate Revocation List (CRL) file <crl-file> in PEM format.
crl-dir <dir>
max-tls-version <1.0|1.1|1.2 (default)|1.3>
Specify the maximum TLS protocol version to negotiate with peers. Defaults
to TLSv1.2 as the TLSv1.3 code is experimental.
- verify-tls-peer <none|subject|name|suffix>
+ tls-verify-key-usage
+ Validate certificate purpose and extended key usage
+ tls-verify-method <none|subject|name|suffix>
Compare the remotename against the subject, certificate name, or
match by suffix. Default is 'name'.
To send a message to the list, email it to linux-ppp@vger.kernel.org.
You don't have to be subscribed to send messages to the list.
-You can also email me (paulus@samba.org) but I am overloaded with
+You can also email me (paulus@ozlabs.org) but I am overloaded with
email and I can't respond to most messages I get in a timely fashion.
There are also several relevant news groups, such as comp.protocols.ppp,
5. Add the necessary authentication options to your pppd
configuration (i.e. PAP/CHAP information). If you wish to
- maintain seperate configurations for different devices you may
+ maintain separate configurations for different devices you may
place configuration options in device-specific configuration
files: /etc/ppp/options.devname (devname=ttyS0, ttyS1, eth0, eth1
or any other valid device name).
--- /dev/null
+Security issues are handled by the maintainer, Paul Mackerras <paulus@ozlabs.org>.
+
+If you wish to encrypt an email to the maintainer, use GPG with the
+key 040F1D49EC9DBB8C, obtainable from the usual keyservers.
--- /dev/null
+#!/bin/sh
+# Run this to generate all the initial makefiles, etc.
+
+srcdir=`dirname $0`
+test -z "$srcdir" && srcdir=.
+REQUIRED_AUTOMAKE_VERSION=1.9
+PKG_NAME=pppd
+
+(test -f $srcdir/configure.ac \
+ && test -f $srcdir/pppd/main.c) || {
+ echo -n "**Error**: Directory "\`$srcdir\'" does not look like the"
+ echo " top-level $PKG_NAME directory"
+ exit 1
+ }
+
+(cd $srcdir;
+ autoreconf --install --symlink &&
+ autoreconf &&
+ ./configure --enable-maintainer-mode $@
+)
+
--- /dev/null
+sbin_PROGRAMS = chat
+dist_man8_MANS = chat.8
+
+chat_SOURCES = chat.c
+chat_CPPFLAGS = -DTERMIOS -DSIGTYPE=void -UNO_SLEEP -DFNDELAY=O_NDELAY
+++ /dev/null
-CROSS_COMPILE=@CROSS_COMPILE@
-CC=$(CROSS_COMPILE)@CC@
-COPTS=@CFLAGS@
-
-DESTDIR = $(INSTROOT)@DESTDIR@
-BINDIR = $(DESTDIR)/sbin
-MANDIR = $(DESTDIR)/share/man/man8
-
-CDEF1= -DTERMIOS # Use the termios structure
-CDEF2= -DSIGTYPE=void # Standard definition
-CDEF3= -UNO_SLEEP # Use the usleep function
-CDEF4= -DFNDELAY=O_NDELAY # Old name value
-CDEFS= $(CDEF1) $(CDEF2) $(CDEF3) $(CDEF4)
-
-CFLAGS= $(COPTS) $(CDEFS)
-
-INSTALL= install
-
-all: chat
-
-chat: chat.o
- $(CC) $(LDFLAGS) -o chat chat.o
-
-chat.o: chat.c
- $(CC) -c $(CFLAGS) -o chat.o chat.c
-
-install: chat
- mkdir -p $(BINDIR) $(MANDIR)
- $(INSTALL) -c chat $(BINDIR)
- $(INSTALL) -c -m 644 chat.8 $(MANDIR)
-
-clean:
- rm -f chat.o chat *~
+++ /dev/null
-#
-# Makefile for chat on Solaris 2
-#
-
-include ../Makedefs.com
-
-CFLAGS = $(COPTS) -DNO_USLEEP -DSOL2
-
-all: chat
-
-chat: chat.o
- $(CC) -o chat chat.o
-
-install: chat
- $(INSTALL) -f $(BINDIR) chat
- $(INSTALL) -m 444 -f $(MANDIR)/man8 chat.8
-
-clean:
- rm -f *~ *.o chat
int clear_abort_next = 0;
char *report_string[MAX_REPORTS] ;
-char report_buffer[256] ;
+char report_buffer[4096] ;
int n_reports = 0, report_next = 0, report_gathering = 0 ;
int clear_report_next = 0;
SIGTYPE sigint (int signo);
SIGTYPE sigterm (int signo);
SIGTYPE sighup (int signo);
-void unalarm (void);
+void checksigs(void);
void init (void);
void set_tty_parameters (void);
-void echo_stderr (int);
+int echo_stderr (int);
void break_sequence (void);
void terminate (int status);
void do_file (char *chat_file);
int write_char (int c);
int put_char (int c);
int get_char (void);
-void chat_send (register char *s);
+int chat_send (register char *s);
char *character (int c);
void chat_expect (register char *s);
char *clean (register char *s, int sending);
void break_sequence (void);
-void terminate (int status);
void pack_array (char **array, int end);
char *expect_strtok (char *, char *);
int vfmtmsg (char *, int, const char *, va_list); /* vsprintf++ */
report_fp = stderr;
if (to_log) {
-#ifdef ultrix
- openlog("chat", LOG_PID);
-#else
openlog("chat", LOG_PID | LOG_NDELAY, LOG_LOCAL2);
if (verbose)
setlogmask(LOG_UPTO(LOG_INFO));
else
setlogmask(LOG_UPTO(LOG_WARNING));
-#endif
}
init();
if ((arg = ARG(argc, argv)) != NULL)
chat_send(arg);
+ checksigs();
}
}
else
chat_expect (arg);
sendflg = !sendflg;
+ checksigs();
}
}
+ checksigs();
fclose (cfp);
}
}
int alarmed = 0;
+int alarmsig = 0;
SIGTYPE sigalrm(int signo)
{
int flags;
alarm(1);
- alarmed = 1; /* Reset alarm to avoid race window */
- signal(SIGALRM, sigalrm); /* that can cause hanging in read() */
-
- if ((flags = fcntl(0, F_GETFL, 0)) == -1)
- fatal(2, "Can't get file mode flags on stdin: %m");
-
- if (fcntl(0, F_SETFL, flags | O_NONBLOCK) == -1)
- fatal(2, "Can't set file mode flags on stdin: %m");
-
- if (verbose)
- msgf("alarm");
+ alarmed = 1;
+ alarmsig = 1;
}
-void unalarm(void)
-{
- int flags;
-
- if ((flags = fcntl(0, F_GETFL, 0)) == -1)
- fatal(2, "Can't get file mode flags on stdin: %m");
-
- if (fcntl(0, F_SETFL, flags & ~O_NONBLOCK) == -1)
- fatal(2, "Can't set file mode flags on stdin: %m");
-}
+const char *fatalsig = NULL;
SIGTYPE sigint(int signo)
{
- fatal(2, "SIGINT");
+ fatalsig = "SIGINT";
}
SIGTYPE sigterm(int signo)
{
- fatal(2, "SIGTERM");
+ fatalsig = "SIGTERM";
}
SIGTYPE sighup(int signo)
{
- fatal(2, "SIGHUP");
+ fatalsig = "SIGHUP";
+}
+
+void checksigs(void)
+{
+ int err;
+ const char *signame;
+
+ if (fatalsig) {
+ signame = fatalsig;
+ fatalsig = NULL;
+ alarmsig = 0;
+ fatal(2, signame);
+ }
+ if (alarmsig && verbose) {
+ err = errno;
+ msgf("alarm");
+ errno = err;
+ alarmsig = 0;
+ }
}
void init(void)
{
- signal(SIGINT, sigint);
- signal(SIGTERM, sigterm);
- signal(SIGHUP, sighup);
+ struct sigaction sa;
+
+ memset(&sa, 0, sizeof(sa));
+ sa.sa_handler = sigint;
+ sigaction(SIGINT, &sa, NULL);
+ sa.sa_handler = sigterm;
+ sigaction(SIGTERM, &sa, NULL);
+ sa.sa_handler = sighup;
+ sigaction(SIGHUP, &sa, NULL);
set_tty_parameters();
- signal(SIGALRM, sigalrm);
+ sa.sa_handler = sigalrm;
+ sigaction(SIGALRM, &sa, NULL);
alarm(0);
alarmed = 0;
}
int c, rep_len;
rep_len = strlen(report_buffer);
- while (rep_len + 1 <= sizeof(report_buffer)) {
+ while (rep_len + 1 < sizeof(report_buffer)) {
alarm(1);
c = get_char();
alarm(0);
break;
chat_send (reply);
+ checksigs();
}
/*
/*
* process the reply string
*/
-void chat_send (register char *s)
+int chat_send (register char *s)
{
char file_data[STR_LEN];
+ int len, ret = 0;
+ struct sigaction sa;
if (say_next) {
say_next = 0;
s = clean(s, 1);
- write(2, s, strlen(s));
+ len = strlen(s);
+ ret = write(2, s, len) != len;
free(s);
- return;
+ return ret;
}
if (hup_next) {
hup_next = 0;
+ memset(&sa, 0, sizeof(sa));
+
if (strcmp(s, "OFF") == 0)
- signal(SIGHUP, SIG_IGN);
+ sa.sa_handler = SIG_IGN;
else
- signal(SIGHUP, sighup);
- return;
+ sa.sa_handler = sighup;
+ sigaction(SIGHUP, &sa, NULL);
+ return 0;
}
if (echo_next) {
echo_next = 0;
echo = (strcmp(s, "ON") == 0);
- return;
+ return 0;
}
if (abort_next) {
s1 = clean(s, 0);
- if (strlen(s1) > strlen(s)
- || strlen(s1) + 1 > sizeof(fail_buffer))
+ if (strlen(s1) + 1 > sizeof(fail_buffer))
fatal(1, "Illegal or too-long ABORT string ('%v')", s);
abort_string[n_aborts++] = s1;
if (verbose)
- msgf("abort on (%v)", s);
- return;
+ msgf("abort on (%v)", s1);
+ return 0;
}
if (clear_abort_next) {
s1 = clean(s, 0);
- if (strlen(s1) > strlen(s)
- || strlen(s1) + 1 > sizeof(fail_buffer))
+ if (strlen(s1) + 1 > sizeof(fail_buffer))
fatal(1, "Illegal or too-long CLR_ABORT string ('%v')", s);
old_max = n_aborts;
pack++;
n_aborts--;
if (verbose)
- msgf("clear abort on (%v)", s);
+ msgf("clear abort on (%v)", s1);
}
}
free(s1);
if (pack)
pack_array(abort_string,old_max);
- return;
+ return 0;
}
if (report_next) {
fatal(2, "Too many REPORT strings");
s1 = clean(s, 0);
- if (strlen(s1) > strlen(s)
- || strlen(s1) + 1 > sizeof(fail_buffer))
+ if (strlen(s1) + 1 > sizeof(fail_buffer))
fatal(1, "Illegal or too-long REPORT string ('%v')", s);
report_string[n_reports++] = s1;
if (verbose)
- msgf("report (%v)", s);
- return;
+ msgf("report (%v)", s1);
+ return 0;
}
if (clear_report_next) {
s1 = clean(s, 0);
- if (strlen(s1) > strlen(s)
- || strlen(s1) + 1 > sizeof(fail_buffer))
+ if (strlen(s1) + 1 > sizeof(fail_buffer))
fatal(1, "Illegal or too-long REPORT string ('%v')", s);
old_max = n_reports;
pack++;
n_reports--;
if (verbose)
- msgf("clear report (%v)", s);
+ msgf("clear report (%v)", s1);
}
}
free(s1);
if (pack)
pack_array(report_string,old_max);
- return;
+ return 0;
}
if (timeout_next) {
if (verbose)
msgf("timeout set to %d seconds", timeout);
-
- return;
+ free(s);
+ return 0;
}
/*
if (!put_string(s))
fatal(1, "Failed");
+
+ return 0;
}
int get_char(void)
char c;
status = read(0, &c, 1);
+ checksigs();
switch (status) {
case 1:
msgf("warning: read() on stdin returned %d", status);
case -1:
- if ((status = fcntl(0, F_GETFL, 0)) == -1)
- fatal(2, "Can't get file mode flags on stdin: %m");
-
- if (fcntl(0, F_SETFL, status & ~O_NONBLOCK) == -1)
- fatal(2, "Can't set file mode flags on stdin: %m");
-
return (-1);
}
}
char ch = c;
usleep(10000); /* inter-character typing delay (?) */
+ checksigs();
status = write(1, &ch, 1);
+ checksigs();
switch (status) {
case 1:
msgf("warning: write() on stdout returned %d", status);
case -1:
- if ((status = fcntl(0, F_GETFL, 0)) == -1)
- fatal(2, "Can't get file mode flags on stdin, %m");
-
- if (fcntl(0, F_SETFL, status & ~O_NONBLOCK) == -1)
- fatal(2, "Can't set file mode flags on stdin: %m");
-
return (-1);
}
}
int put_string(register char *s)
{
+ char *s1;
quiet = 0;
+
s = clean(s, 1);
+ s1 = s;
if (verbose) {
if (quiet)
register char c = *s++;
if (c != '\\') {
- if (!write_char (c))
+ if (!write_char (c)) {
+ free(s1);
return 0;
+ }
continue;
}
break;
default:
- if (!write_char (c))
+ if (!write_char (c)) {
+ free(s1);
return 0;
+ }
break;
}
+ checksigs();
}
alarm(0);
alarmed = 0;
+ free(s1);
return (1);
}
* When called with -1, a '\n' character is generated when
* the cursor is not at the beginning of a line.
*/
-void echo_stderr(int n)
+int echo_stderr(int n)
{
static int need_lf;
char *s;
+ int len, ret = 0;
switch (n) {
case '\r': /* ignore '\r' */
break;
/* fall through */
case '\n':
- write(2, "\n", 1);
+ ret = write(2, "\n", 1) != 1;
need_lf = 0;
break;
default:
s = character(n);
- write(2, s, strlen(s));
+ len = strlen(s);
+ ret = write(2, s, len) != len;
need_lf = 1;
break;
}
+ checksigs();
+ return ret;
}
/*
char temp[STR_LEN];
int c, printed = 0, len, minlen;
register char *s = temp, *end = s + STR_LEN;
- char *logged = temp;
+ char *s1, *logged = temp;
fail_reason = (char *)0;
- string = clean(string, 0);
+ string = s1 = clean(string, 0);
len = strlen(string);
minlen = (len > sizeof(fail_buffer)? len: sizeof(fail_buffer)) - 1;
if (len > STR_LEN) {
msgf("expect string is too long");
exit_code = 1;
+ free(s1);
return 0;
}
if (len == 0) {
if (verbose)
msgf("got it");
+ free(s1);
return (1);
}
while ( ! alarmed && (c = get_char()) >= 0) {
int n, abort_len, report_len;
- if (echo)
- echo_stderr(c);
+ if (echo) {
+ if (echo_stderr(c) != 0) {
+ fatal(2, "Could not write to stderr, %m");
+ }
+ }
if (verbose && c == '\n') {
if (s == logged)
msgf(""); /* blank line */
strftime (report_buffer, 20, "%b %d %H:%M:%S ", tm_now);
strcat (report_buffer, report_string[n]);
+ free(report_string[n]);
report_string[n] = (char *) NULL;
report_gathering = 1;
break;
else {
if (!iscntrl (c)) {
int rep_len = strlen (report_buffer);
- report_buffer[rep_len] = c;
- report_buffer[rep_len + 1] = '\0';
+ if ((rep_len + 1) < sizeof(report_buffer)) {
+ report_buffer[rep_len] = c;
+ report_buffer[rep_len + 1] = '\0';
+ }
}
else {
report_gathering = 0;
alarm(0);
alarmed = 0;
+ free(s1);
return (1);
}
alarmed = 0;
exit_code = n + 4;
strcpy(fail_reason = fail_buffer, abort_string[n]);
+ free(s1);
return (0);
}
}
exit_code = 3;
alarmed = 0;
+ free(s1);
return (0);
}
--- /dev/null
+EXTRA_ZLIB = \
+ zlib.c \
+ zlib.h
+
+EXTRA_DIST = \
+ $(EXTRA_ZLIB)
+++ /dev/null
-#!/bin/sh
-# $Id: configure,v 1.38 2008/06/15 07:08:49 paulus Exp $
-
-# Where to install stuff by default
-DESTDIR=/usr/local
-SYSCONF=/etc
-
-# Compile defaults
-CROSS_COMPILE=
-CC=cc
-CFLAGS=
-
-system=`uname -s`
-release=`uname -r`
-arch=`uname -m`
-state="unknown"
-
-case $system in
- Linux)
- makext="linux";
- ksrc="linux";
- state="known";
- CFLAGS="-O2 -g -pipe";;
- SunOS)
- karch=`/usr/bin/isainfo -k`
- case $release in
- 5.[7-9]*|5.[1-9][0-9]*) state="known"; ksrc="solaris"; makext="sol2";
- case "$karch" in
- amd64) archvariant='-64x';;
- sparcv9) archvariant='-64';;
- *) ;;
- esac;;
- 5.[1-6]*) state="known"; ksrc="solaris"; makext="sol2";;
- esac
- if [ "$1" = gcc ]; then
- shift
- usegcc=gcc
- fi
- if [ "$1" = 32 ]; then
- shift
- archvariant=
- fi
- if [ -x /opt/SUNWspro/bin/cc -a "$usegcc" != gcc ] &&
- /opt/SUNWspro/bin/cc -flags >/dev/null 2>&1; then
- if [ "$archvariant" = "-64x" ]; then
- ( cd /tmp; echo "int x;" > ppp$$.c
- /opt/SUNWspro/bin/cc -c -errwarn -xchip=opteron -m64 ppp$$.c >/dev/null 2>&1 || (
- echo "WorkShop C is unable to make 64 bit modules, and your $karch system needs"
- echo "them. Consider upgrading cc on this machine."
- rm -f ppp$$.c
- exit 1
- ) || exit 1
- rm -f ppp$$.c ppp$$.o
- ) || exit 1
- fi
- elif gcc --version >/dev/null 2>&1; then
- archvariant=gcc$archvariant
- compiletype=.gcc
- if [ "$archvariant" = "gcc-64" -o"$archvariant" = "gcc-64x" ]; then
- ( cd /tmp; touch ppp$$.c
- gcc -c -m64 ppp$$.c >/dev/null 2>&1 || (
- echo "gcc is unable to make 64 bit modules, and your $karch system needs them."
- echo "Consider upgrading gcc on this machine, or switching to Sun WorkShop."
- rm -f ppp$$.c
- exit 1
- ) || exit 1
- rm -f ppp$$.c ppp$$.o
- ) || exit 1
- fi
- else
- echo "C compiler not found; hoping for the best."
- fi;;
- NetBSD|FreeBSD|ULTRIX|OSF1|NeXTStep|SINIX-?|UNIX_SV|UNIX_System_V)
- state="notincluded";;
-esac
-
-if [ -d "$ksrc" ]; then :; else
- state="notincluded"
- unset ksrc
-fi
-
-case $state in
- unknown)
- echo "This software has not been ported to $system. Sorry.";;
- notincluded)
- echo "Support for $system has not been included"
- echo "in this distribution. Sorry.";;
- known)
- echo "Configuring for $system";;
-esac
-
-# Parse arguments
-while [ $# -gt 0 ]; do
- arg=$1
- val=
- shift
- case $arg in
- *=*)
- val=`expr "x$arg" : 'x[^=]*=\(.*\)'`
- arg=`expr "x$arg" : 'x\([^=]*\)=.*'`
- ;;
- --prefix|--sysconf)
- if [ $# -eq 0 ]; then
- echo "error: the $arg argument requires a value" 1>&2
- exit 1
- fi
- val=$1
- shift
- ;;
- esac
- case $arg in
- --prefix) DESTDIR=$val ;;
- --sysconfdir) SYSCONF=$val ;;
- --cross_compile) CROSS_COMPILE=$val ;;
- --cc) CC=$val ;;
- --cflags) CFLAGS=$val ;;
- esac
-done
-
-mkmkf() {
- rm -f $2
- if [ -f $1 ]; then
- echo " $2 <= $1"
- sed -e "s,@DESTDIR@,$DESTDIR,g" -e "s,@SYSCONF@,$SYSCONF,g" \
- -e "s,@CROSS_COMPILE@,$CROSS_COMPILE,g" -e "s,@CC@,$CC,g" \
- -e "s|@CFLAGS@|$CFLAGS|g" $1 >$2
- fi
-}
-
-if [ -d "$ksrc" ]; then
- echo "Creating Makefiles."
- mkmkf $ksrc/Makefile.top Makefile
- mkmkf $ksrc/Makedefs$compiletype Makedefs.com
- for dir in pppd pppstats chat pppdump pppd/plugins pppd/plugins/pppoe \
- pppd/plugins/radius pppd/plugins/pppoatm \
- pppd/plugins/pppol2tp; do
- mkmkf $dir/Makefile.$makext $dir/Makefile
- done
- if [ -f $ksrc/Makefile.$makext$archvariant ]; then
- mkmkf $ksrc/Makefile.$makext$archvariant $ksrc/Makefile
- fi
-else
- echo "Unable to locate kernel source $ksrc"
- exit 1
-fi
--- /dev/null
+AC_PREREQ([2.69])
+AC_INIT([ppp],
+ [2.5.1-dev],
+ [https://github.com/ppp-project/ppp])
+
+m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])])
+AC_CONFIG_MACRO_DIR([m4])
+
+AM_INIT_AUTOMAKE
+AM_MAINTAINER_MODE([enable])
+
+AC_LANG(C)
+AC_CONFIG_SRCDIR([pppd/main.c])
+AC_CONFIG_HEADERS([pppd/config.h pppd/pppdconf.h pppd/plugins/pppoe/config.h])
+AC_ENABLE_STATIC(no)
+
+# Checks for programs.
+AC_PROG_CC
+AM_PROG_CC_C_O
+AC_PROG_INSTALL
+AC_PROG_LN_S
+LT_INIT
+
+PKG_PROG_PKG_CONFIG
+
+AC_CANONICAL_HOST
+build_linux=no
+build_sunos=no
+
+case "${host_os}" in
+ linux*)
+ build_linux=yes
+ ;;
+ solaris2*)
+ build_sunos=yes
+ ;;
+ *)
+ AC_MSG_ERROR(["OS ${host_os} not supported"])
+ ;;
+esac
+
+AM_CONDITIONAL([LINUX], [test "x${build_linux}" = "xyes" ])
+AM_CONDITIONAL([SUNOS], [test "x${build_sunos}" = "xyes" ])
+AM_COND_IF([SUNOS],
+ CFLAGS="$CFLAGS -DSOL2 -DSRV4")
+
+#
+# Checks for header files, these will set the HAVE_[FILE]_H macros in config.h
+AC_HEADER_STDBOOL
+AC_CHECK_HEADERS([ \
+ asm/types.h \
+ crypt.h \
+ paths.h \
+ shadow.h \
+ stddef.h \
+ stdarg.h \
+ sys/dlpi.h \
+ sys/ioctl.h \
+ sys/socket.h \
+ sys/time.h \
+ sys/uio.h \
+ time.h \
+ unistd.h \
+ utmp.h])
+
+#
+# Check for linux specific headers, required by pppoe, or pppol2tp
+AM_COND_IF([LINUX], [
+ AC_CHECK_HEADERS([ \
+ net/bpf.h \
+ net/if.h \
+ net/if_types.h \
+ net/if_arp.h \
+ linux/if.h \
+ linux/if_ether.h \
+ linux/if_packet.h \
+ netinet/if_ether.h \
+ netpacket/packet.h])
+
+ AC_MSG_CHECKING([for struct sockaddr_ll in <linux/if_packet.h>])
+ AC_COMPILE_IFELSE(
+ [AC_LANG_PROGRAM([@%:@include <linux/if_packet.h>], [sizeof(struct sockaddr_ll)])],
+ [AC_MSG_RESULT([yes])
+ AC_DEFINE(HAVE_STRUCT_SOCKADDR_LL, 1, [Struct sockaddr_ll is present on system])
+ ],
+ AC_MSG_RESULT([no]))
+])
+
+
+AC_CHECK_SIZEOF(unsigned int)
+AC_CHECK_SIZEOF(unsigned long)
+AC_CHECK_SIZEOF(unsigned short)
+
+# Checks for library functions.
+AC_CHECK_FUNCS([ \
+ mmap \
+ logwtmp \
+ strerror])
+
+#
+# If libc doesn't provide logwtmp, check if libutil provides logwtmp(), and if so link to it.
+AS_IF([test "x${ac_cv_func_logwtmp}" != "xyes"], [
+ AC_CHECK_LIB([util], [logwtmp], [
+ AC_DEFINE(HAVE_LOGWTMP, 1, [System provides the logwtmp() function])
+ AC_SUBST([UTIL_LIBS], ["-lutil"])
+ ])
+])
+
+#
+# Check if libcrypt have crypt() function
+AC_CHECK_LIB([crypt], [crypt],
+ AC_SUBST([CRYPT_LIBS], ["-lcrypt"]))
+
+#
+# Should pppd link with -lsystemd (Linux only)
+AC_ARG_ENABLE([systemd],
+ AS_HELP_STRING([--enable-systemd], [Enable support for systemd notification]))
+AM_CONDITIONAL(WITH_SYSTEMD, test "x${enable_systemd}" = "xyes")
+AM_COND_IF([WITH_SYSTEMD],
+ AC_DEFINE([SYSTEMD], 1, [Enable support for systemd notifications]))
+AS_IF([test "x${enable_systemd}" = "xyes"], [
+ PKG_CHECK_MODULES([SYSTEMD], [libsystemd])])
+
+#
+# Enable Callback Protocol Support, disabled by default
+AC_ARG_ENABLE([cbcp],
+ AS_HELP_STRING([--enable-cbcp], [Enable Callback Protocol]))
+AM_CONDITIONAL(PPP_WITH_CBCP, test "x${enable_cbcp}" = "xyes")
+AM_COND_IF([PPP_WITH_CBCP],
+ AC_DEFINE([PPP_WITH_CBCP], 1, [Have Callback Protocol support]))
+
+#
+# Disable Microsoft extensions will remove CHAP and MPPE support
+AC_ARG_ENABLE([microsoft-extensions],
+ AS_HELP_STRING([--disable-microsoft-extensions], [Disable Microsoft CHAP / MPPE extensions]))
+
+AM_CONDITIONAL(PPP_WITH_CHAPMS, test "x${enable_microsoft_extensions}" != "xno")
+AM_COND_IF([PPP_WITH_CHAPMS],
+ AC_DEFINE([PPP_WITH_CHAPMS], 1, [Have Microsoft CHAP support]))
+
+AM_CONDITIONAL(PPP_WITH_MPPE, test "x${enable_microsoft_extensions}" != "xno")
+AM_COND_IF([PPP_WITH_MPPE],
+ AC_DEFINE([PPP_WITH_MPPE], 1, [Have Microsoft MPPE support]))
+
+#
+# Enable Microsoft LAN Manager support, depends on Microsoft Extensions
+AC_ARG_ENABLE([mslanman],
+ AS_HELP_STRING([--enable-mslanman], [Enable Microsoft LAN Manager support]))
+AS_IF([test "x${enable_mslanman}" = "xyes" && test "x${enable_microsoft_extensions}" != "xno"],
+ AC_DEFINE([PPP_WITH_MSLANMAN], 1, [Have Microsoft LAN Manager support]))
+
+#
+# Disable IPv6 support
+AC_ARG_ENABLE([ipv6cp],
+ AS_HELP_STRING([--disable-ipv6cp], [Disable IPv6 Control Protocol]))
+AM_CONDITIONAL(PPP_WITH_IPV6CP, test "x${enable_ipv6cp}" != "xno")
+AM_COND_IF([PPP_WITH_IPV6CP],
+ AC_DEFINE(PPP_WITH_IPV6CP, 1, [Have IPv6 Control Protocol]))
+
+#
+# Disable Multilink support
+AC_ARG_ENABLE([multilink],
+ AS_HELP_STRING([--enable-multilink], [Enable multilink support]))
+AM_CONDITIONAL(PPP_WITH_MULTILINK, test "x${enable_multilink}" = "xyes")
+AM_COND_IF([PPP_WITH_MULTILINK],
+ AC_DEFINE([PPP_WITH_MULTILINK], 1, [Have multilink support]))
+AS_IF([test "x${build_sunos}" = "xyes" && test "x${enable_multilink}" = "xyes"],
+ [AC_MSG_ERROR([Multilink is not supported on SunOS])])
+
+#
+# Multilink require Trivial Database Support
+AM_CONDITIONAL(PPP_WITH_TDB, test "x${enable_multilink}" = "xyes")
+AM_COND_IF([PPP_WITH_TDB],
+ AC_DEFINE([PPP_WITH_TDB], 1, [Include TDB support]))
+
+#
+# Enable support for loadable plugins
+AC_ARG_ENABLE([plugins],
+ AS_HELP_STRING([--disable-plugins], [Disable support for loadable plugins]))
+AS_IF([test "x$enable_plugins" != "xno"],
+ AC_DEFINE([PPP_WITH_PLUGINS], 1, [Have support for loadable plugins]))
+AM_CONDITIONAL(PPP_WITH_PLUGINS, test "x${enable_plugins}" != "xno")
+
+#
+# Disable EAP-TLS support
+AC_ARG_ENABLE([eaptls],
+ AS_HELP_STRING([--disable-eaptls], [Disable EAP-TLS authentication support]))
+AS_IF([test "x$enable_eaptls" != "xno"],
+ AC_DEFINE([PPP_WITH_EAPTLS], 1, [Have EAP-TLS authentication support]))
+AM_CONDITIONAL(PPP_WITH_EAPTLS, test "x${enable_eaptls}" != "xno")
+
+#
+# Disable PEAP support
+AC_ARG_ENABLE([peap],
+ AS_HELP_STRING([--disable-peap], [Disable PEAP authentication support]))
+AS_IF([test "x${enable_peap}" != "xno"],
+ AC_DEFINE([PPP_WITH_PEAP], 1, [Have PEAP authentication support]))
+AM_CONDITIONAL([PPP_WITH_PEAP], test "x${enable_peap}" != "xno")
+
+#
+# Disable OpenSSL engine support
+AC_ARG_ENABLE([openssl-engine],
+ AS_HELP_STRING([--disable-openssl-engine], [Disable OpenSSL engine support]))
+AS_IF([test "x$enable_openssl_engine" != "xno"], [],
+ AC_DEFINE([OPENSSL_NO_ENGINE], 1, [OpenSSL engine support]))
+
+#
+# Specify runtime directory
+AC_ARG_WITH([plugin-dir],
+ AS_HELP_STRING([--with-plugin-dir=DIR],[Specify the plugin directory for pppd]))
+AS_IF([test -n "$with_plugin_dir"],
+ [PPPD_PLUGIN_DIR="$with_plugin_dir"],
+ [PPPD_PLUGIN_DIR="${libdir}/pppd/$VERSION"])
+AC_SUBST(PPPD_PLUGIN_DIR, "$PPPD_PLUGIN_DIR", [The pppd plugin directory])
+
+#
+# Specify runtime directory
+AC_ARG_WITH([runtime-dir],
+ AS_HELP_STRING([--with-runtime-dir=DIR],[Specify the runtime directory for pppd]))
+AS_IF([test -n "$with_runtime_dir"],
+ [PPPD_RUNTIME_DIR="$with_runtime_dir"],
+ [PPPD_RUNTIME_DIR="${runstatedir}/pppd"])
+AC_SUBST(PPPD_RUNTIME_DIR)
+
+#
+# Specify runtime directory
+AC_ARG_WITH([logfile-dir],
+ AS_HELP_STRING([--with-logfile-dir=DIR],[Specify the log directory for pppd]))
+AS_IF([test -n "$with_logfile_dir"],
+ [PPPD_LOGFILE_DIR="$with_logfile_dir"],
+ [PPPD_LOGFILE_DIR="${localstatedir}/log/ppp"])
+AC_SUBST(PPPD_LOGFILE_DIR)
+
+#
+# System CA certificates path
+AC_ARG_WITH(system-ca-path,
+ AS_HELP_STRING([--with-system-ca-path=/path/to/ssl/certs], [path to system CA certificates]),
+ [
+ case "$withval" in
+ "" | y | ye | yes)
+ with_system_ca_path="${sysconfdir}/ssl/certs"
+ ;;
+ n | no)
+ ;;
+ *)
+ with_system_ca_path="$withval"
+ ;;
+ esac
+ ],[with_system_ca_path="${sysconfdir}/ssl/certs"])
+AM_CONDITIONAL(PPP_WITH_SYSTEM_CA_PATH, [test "$with_system_ca_path" != "no"])
+AM_COND_IF(PPP_WITH_SYSTEM_CA_PATH, [
+ SYSTEM_CA_PATH="$with_system_ca_path"
+])
+AC_SUBST(SYSTEM_CA_PATH)
+
+#
+# Check for OpenSSL
+AX_CHECK_OPENSSL
+AM_CONDITIONAL(PPP_WITH_OPENSSL, test "x${with_openssl}" != "xno")
+AM_COND_IF([PPP_WITH_OPENSSL],
+ AC_DEFINE([PPP_WITH_OPENSSL], 1, [PPP is compiled with openssl support]))
+
+#
+# Check if OpenSSL has compiled in support for various ciphers
+AS_IF([test "x${with_openssl}" != "xno" ], [
+ AX_CHECK_OPENSSL_DEFINE([OPENSSL_NO_MD4], [md4])
+ AX_CHECK_OPENSSL_DEFINE([OPENSSL_NO_MD5], [md5])
+ AX_CHECK_OPENSSL_DEFINE([OPENSSL_NO_DES], [des])
+ AX_CHECK_OPENSSL_DEFINE([OPENSSL_NO_SHA], [sha])
+], [
+ AS_IF([test "x${enable_eaptls}" != "xno" || test "x${enable_peap}" != "xno"],
+ [AC_MSG_ERROR([OpenSSL not found, and if this is your intention then run configure --disable-eaptls and --disable-peap])])
+])
+
+AM_CONDITIONAL([OPENSSL_HAVE_MD4], test "x${ac_cv_openssl_md4}" = "xyes")
+AM_COND_IF([OPENSSL_HAVE_MD4],
+ AC_DEFINE([OPENSSL_HAVE_MD4], 1, [Use MD4 included with openssl]))
+
+AM_CONDITIONAL([OPENSSL_HAVE_MD5], test "x${ac_cv_openssl_md5}" = "xyes")
+AM_COND_IF([OPENSSL_HAVE_MD5],
+ AC_DEFINE([OPENSSL_HAVE_MD5], 1, [Use MD5 included with openssl]))
+
+AM_CONDITIONAL([OPENSSL_HAVE_SHA], test "x${ac_cv_openssl_sha}" = "xyes")
+AM_COND_IF([OPENSSL_HAVE_SHA],
+ AC_DEFINE([OPENSSL_HAVE_SHA], 1, [Use SHA included with openssl]))
+
+AM_CONDITIONAL([OPENSSL_HAVE_DES], test "x${ac_cv_openssl_des}" = "xyes")
+AM_COND_IF([OPENSSL_HAVE_DES],
+ AC_DEFINE([OPENSSL_HAVE_DES], 1, [Use DES included with openssl]))
+
+#
+# With libsrp support
+AX_CHECK_SRP([
+ AC_DEFINE([PPP_WITH_SRP], 1, [Support for libsrp authentication module])])
+
+#
+# With libatm support
+AX_CHECK_ATM
+
+#
+# With libpam support
+AX_CHECK_PAM(AC_DEFINE([PPP_WITH_PAM], 1, [Support for Pluggable Authentication Modules]))
+AM_CONDITIONAL(PPP_WITH_PAM, test "x${with_pam}" = "xyes")
+
+#
+# With libpcap support, activate pppd on network activity
+AX_CHECK_PCAP
+
+#
+# SunOS provides a version of libpcap that would work, but SunOS has no support for activity filter
+AM_CONDITIONAL([PPP_WITH_FILTER], [ test "x${with_pcap}" = "xyes" && test "x${build_sunos}" != "xyes" ])
+AM_COND_IF([PPP_WITH_FILTER], [
+ AC_DEFINE([PPP_WITH_FILTER], 1, [Have packet activity filter support])], [
+ AS_IF([test "x${build_sunos}" = "xyes"], [
+ AC_MSG_WARN([Packet activity filter not supported on SunOS])
+ with_pcap="no"
+ ])
+ ])
+
+#
+# Some contributions require GTK/GLIB
+AC_ARG_WITH([gtk], AS_HELP_STRING([--with-gtk], [Build contributions with the GTK+ interface]))
+if test "x${with_gtk}" = "xyes"; then
+ PKG_CHECK_MODULES([GTK], [gtk+-2.0])
+ PKG_CHECK_MODULES([GLIB], [glib-2.0])
+fi
+AM_CONDITIONAL([WITH_GTK], test "x${with_gtk}" = "xyes")
+
+AC_DEFINE_UNQUOTED(PPPD_VERSION, "$VERSION", [Version of pppd])
+
+AC_CONFIG_FILES([
+ Makefile
+ chat/Makefile
+ contrib/Makefile
+ contrib/pppgetpass/Makefile
+ common/Makefile
+ include/Makefile
+ modules/Makefile
+ pppd/Makefile
+ pppd/pppd.pc
+ pppd/plugins/Makefile
+ pppd/plugins/pppoe/Makefile
+ pppd/plugins/pppoatm/Makefile
+ pppd/plugins/pppol2tp/Makefile
+ pppd/plugins/radius/Makefile
+ pppdump/Makefile
+ pppstats/Makefile
+ scripts/Makefile
+ ])
+AC_OUTPUT
+
+
+AS_IF([test "x${build_sunos}" = "xyes" ], [[
+ echo "
+Setting up SunOS kernel module(s)"
+ mkmkf() {
+ rm -f $2
+ if [ -f $1 ]; then
+ echo " $2 <= $1"
+ sed -e "s,@DESTDIR@,$prefix,g" \
+ -e "s,@SYSCONF@,$sysconfdir,g" \
+ -e "s,@CC@,$CC,g" \
+ -e "s|@CFLAGS@|$CFLAGS|g" $1 > $2
+ fi
+ }
+
+ release=`uname -r`
+ karch=`/usr/bin/isainfo -k`
+ makext="sol2"
+ archvariant=
+
+ case "$karch" in
+ amd64)
+ archvariant='-64x'
+ ;;
+ sparcv9)
+ archvariant='-64'
+ ;;
+ *)
+ ;;
+ esac
+
+ usegcc=$CC
+ if [ -x /opt/SUNWspro/bin/cc -a "$usegcc" != gcc ] &&
+ /opt/SUNWspro/bin/cc -flags >/dev/null 2>&1; then
+ if [ "$archvariant" = "-64x" ]; then
+ ( cd /tmp; echo "int x;" > ppp$$.c
+ /opt/SUNWspro/bin/cc -c -errwarn -xchip=opteron -m64 ppp$$.c >/dev/null 2>&1 || (
+ echo "WorkShop C is unable to make 64 bit modules, and your $karch system needs"
+ echo "them. Consider upgrading cc on this machine."
+ rm -f ppp$$.c
+ exit 1
+ ) || exit 1
+ rm -f ppp$$.c ppp$$.o
+ ) || exit 1
+ fi
+ elif gcc --version >/dev/null 2>&1; then
+ archvariant=gcc$archvariant
+ compiletype=.gcc
+ if [ "$archvariant" = "gcc-64" -o"$archvariant" = "gcc-64x" ]; then
+ ( cd /tmp; touch ppp$$.c
+ gcc -c -m64 ppp$$.c >/dev/null 2>&1 || (
+ echo "gcc is unable to make 64 bit modules, and your $karch system needs them."
+ echo "Consider upgrading gcc on this machine, or switching to Sun WorkShop."
+ rm -f ppp$$.c
+ exit 1
+ ) || exit 1
+ rm -f ppp$$.c ppp$$.o
+ ) || exit 1
+ fi
+ else
+ echo "C compiler not found; hoping for the best."
+ fi
+
+ mkmkf solaris/Makedefs$compiletype Makedefs.com
+ mkmkf solaris/Makefile.sol2$archvariant solaris/Makefile
+]])
+
+echo "
+$PACKAGE_NAME version $PACKAGE_VERSION
+ Prefix...............: $prefix
+ Runtime Dir..........: $PPPD_RUNTIME_DIR
+ Logfile Dir..........: $PPPD_LOGFILE_DIR
+ Plugin Dir...........: $PPPD_PLUGIN_DIR
+ System CA Path ......: ${SYSTEM_CA_PATH:-not set}
+ With OpenSSL.........: ${with_openssl:-yes}
+ With libatm..........: ${with_atm:-no}
+ With libpam..........: ${with_pam:-no}
+ With libpcap.........: ${with_pcap:-no}
+ With libsrp..........: ${with_srp:-no}
+ C Compiler...........: $CC $CFLAGS
+ Linker...............: $LD $LDFLAGS $LIBS
+
+Features enabled
+ Microsoft Extensions.: ${enable_microsoft_extensions:-yes}
+ Multilink............: ${enable_multilink:-no}
+ Plugins..............: ${enable_plugins:-yes}
+ CBCP.................: ${enable_cbcp:-no}
+ IPV6CP...............: ${enable_ipv6cp:-yes}
+ EAP-TLS..............: ${enable_eaptls:-yes}
+ PEAP.................: ${enable_peap:-yes}
+ systemd notifications: ${enable_systemd:-no}
+"
--- /dev/null
+SUBDIRS = pppgetpass
--- /dev/null
+pppgetpass.vt
+pppgetpass.gtk
--- /dev/null
+noinst_PROGRAMS = pppgetpass.vt
+
+pppgetpass_vt_SOURCES = pppgetpass.vt.c
+pppgetpass_vt_CPPFLAGS = -Wno-unused-result
+
+if WITH_GTK
+noinst_PROGRAMS += pppgetpass.gtk
+
+pppgetpass_gtk_SOURCES = pppgetpass.gtk.c
+pppgetpass_gtk_CPPFLAGS = -Wno-deprecated-declarations -Wno-discarded-qualifiers
+pppgetpass_gtk_CPPFLAGS += $(GLIB_CFLAGS) $(GTK_CFLAGS)
+pppgetpass_gtk_LDADD = $(GLIB_LIBS) $(GTK_LIBS)
+endif
+
+EXTRA_DIST = \
+ pppgetpass.sh \
+ pppgetpass.8
+++ /dev/null
-all: pppgetpass.vt pppgetpass.gtk
-
-pppgetpass.vt: pppgetpass.vt.o
-
-pppgetpass.gtk: pppgetpass.gtk.o
- $(CC) $(LDFLAGS) pppgetpass.gtk.o -o pppgetpass.gtk `pkg-config --libs glib-2.0 gtk+-2.0`
-pppgetpass.gtk.o: pppgetpass.gtk.c
- $(CC) $(CFLAGS) -c pppgetpass.gtk.c `pkg-config --cflags glib-2.0 gtk+-2.0`
-
-install: all
- install -m 755 pppgetpass.sh /usr/bin/pppgetpass
- install -m 4755 -o root -g root pppgetpass.vt /usr/bin/
- install -m 755 -o root -g root pppgetpass.gtk /usr/X11/bin/
-
-clean:
- rm -f *.o pppgetpass.gtk pppgetpass.vt core
--- /dev/null
+EXTRA_HEADERS = \
+ linux/ppp-comp.h \
+ linux/ppp_defs.h \
+ net/ppp-comp.h \
+ net/ppp_defs.h \
+ net/pppio.h \
+ net/vjcompress.h
+
+EXTRA_DIST = \
+ $(EXTRA_HEADERS)
+++ /dev/null
-/* $Id: if_ppp.h,v 1.23 2002/12/06 09:49:15 paulus Exp $ */
-
-/*
- * if_ppp.h - Point-to-Point Protocol definitions.
- *
- * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. The name "Carnegie Mellon University" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For permission or any legal
- * details, please contact
- * Office of Technology Transfer
- * Carnegie Mellon University
- * 5000 Forbes Avenue
- * Pittsburgh, PA 15213-3890
- * (412) 268-4387, fax: (412) 268-7395
- * tech-transfer@andrew.cmu.edu
- *
- * 4. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by Computing Services
- * at Carnegie Mellon University (http://www.cmu.edu/computing/)."
- *
- * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
- * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
- * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
- * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
- * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- *
- */
-
-/*
- * ==FILEVERSION 20000724==
- *
- * NOTE TO MAINTAINERS:
- * If you modify this file at all, please set the above date.
- * if_ppp.h is shipped with a PPP distribution as well as with the kernel;
- * if everyone increases the FILEVERSION number above, then scripts
- * can do the right thing when deciding whether to install a new if_ppp.h
- * file. Don't change the format of that line otherwise, so the
- * installation script can recognize it.
- */
-
-#ifndef _IF_PPP_H_
-#define _IF_PPP_H_
-
-/*
- * Packet sizes
- */
-
-#define PPP_MTU 1500 /* Default MTU (size of Info field) */
-#define PPP_MAXMRU 65000 /* Largest MRU we allow */
-#define PROTO_IPX 0x002b /* protocol numbers */
-#define PROTO_DNA_RT 0x0027 /* DNA Routing */
-
-
-/*
- * Bit definitions for flags.
- */
-
-#define SC_COMP_PROT 0x00000001 /* protocol compression (output) */
-#define SC_COMP_AC 0x00000002 /* header compression (output) */
-#define SC_COMP_TCP 0x00000004 /* TCP (VJ) compression (output) */
-#define SC_NO_TCP_CCID 0x00000008 /* disable VJ connection-id comp. */
-#define SC_REJ_COMP_AC 0x00000010 /* reject adrs/ctrl comp. on input */
-#define SC_REJ_COMP_TCP 0x00000020 /* reject TCP (VJ) comp. on input */
-#define SC_CCP_OPEN 0x00000040 /* Look at CCP packets */
-#define SC_CCP_UP 0x00000080 /* May send/recv compressed packets */
-#define SC_ENABLE_IP 0x00000100 /* IP packets may be exchanged */
-#define SC_LOOP_TRAFFIC 0x00000200 /* send traffic to pppd */
-#define SC_MULTILINK 0x00000400 /* do multilink encapsulation */
-#define SC_MP_SHORTSEQ 0x00000800 /* use short MP sequence numbers */
-#define SC_COMP_RUN 0x00001000 /* compressor has been inited */
-#define SC_DECOMP_RUN 0x00002000 /* decompressor has been inited */
-#define SC_MP_XSHORTSEQ 0x00004000 /* transmit short MP seq numbers */
-#define SC_DEBUG 0x00010000 /* enable debug messages */
-#define SC_LOG_INPKT 0x00020000 /* log contents of good pkts recvd */
-#define SC_LOG_OUTPKT 0x00040000 /* log contents of pkts sent */
-#define SC_LOG_RAWIN 0x00080000 /* log all chars received */
-#define SC_LOG_FLUSH 0x00100000 /* log all chars flushed */
-#define SC_SYNC 0x00200000 /* synchronous serial mode */
-#define SC_MASK 0x0f200fff /* bits that user can change */
-
-/* state bits */
-#define SC_XMIT_BUSY 0x10000000 /* (used by isdn_ppp?) */
-#define SC_RCV_ODDP 0x08000000 /* have rcvd char with odd parity */
-#define SC_RCV_EVNP 0x04000000 /* have rcvd char with even parity */
-#define SC_RCV_B7_1 0x02000000 /* have rcvd char with bit 7 = 1 */
-#define SC_RCV_B7_0 0x01000000 /* have rcvd char with bit 7 = 0 */
-#define SC_DC_FERROR 0x00800000 /* fatal decomp error detected */
-#define SC_DC_ERROR 0x00400000 /* non-fatal decomp error detected */
-
-/*
- * Ioctl definitions.
- */
-
-struct npioctl {
- int protocol; /* PPP protocol, e.g. PPP_IP */
- enum NPmode mode;
-};
-
-/* Structure describing a CCP configuration option, for PPPIOCSCOMPRESS */
-struct ppp_option_data {
- __u8 *ptr;
- __u32 length;
- int transmit;
-};
-
-struct ifpppstatsreq {
- struct ifreq b;
- struct ppp_stats stats; /* statistic information */
-};
-
-struct ifpppcstatsreq {
- struct ifreq b;
- struct ppp_comp_stats stats;
-};
-
-#define ifr__name b.ifr_ifrn.ifrn_name
-#define stats_ptr b.ifr_ifru.ifru_data
-
-/*
- * Ioctl definitions.
- */
-
-#define PPPIOCGFLAGS _IOR('t', 90, int) /* get configuration flags */
-#define PPPIOCSFLAGS _IOW('t', 89, int) /* set configuration flags */
-#define PPPIOCGASYNCMAP _IOR('t', 88, int) /* get async map */
-#define PPPIOCSASYNCMAP _IOW('t', 87, int) /* set async map */
-#define PPPIOCGUNIT _IOR('t', 86, int) /* get ppp unit number */
-#define PPPIOCGRASYNCMAP _IOR('t', 85, int) /* get receive async map */
-#define PPPIOCSRASYNCMAP _IOW('t', 84, int) /* set receive async map */
-#define PPPIOCGMRU _IOR('t', 83, int) /* get max receive unit */
-#define PPPIOCSMRU _IOW('t', 82, int) /* set max receive unit */
-#define PPPIOCSMAXCID _IOW('t', 81, int) /* set VJ max slot ID */
-#define PPPIOCGXASYNCMAP _IOR('t', 80, ext_accm) /* get extended ACCM */
-#define PPPIOCSXASYNCMAP _IOW('t', 79, ext_accm) /* set extended ACCM */
-#define PPPIOCXFERUNIT _IO('t', 78) /* transfer PPP unit */
-#define PPPIOCSCOMPRESS _IOW('t', 77, struct ppp_option_data)
-#define PPPIOCGNPMODE _IOWR('t', 76, struct npioctl) /* get NP mode */
-#define PPPIOCSNPMODE _IOW('t', 75, struct npioctl) /* set NP mode */
-#define PPPIOCSPASS _IOW('t', 71, struct sock_fprog) /* set pass filter */
-#define PPPIOCSACTIVE _IOW('t', 70, struct sock_fprog) /* set active filt */
-#define PPPIOCGDEBUG _IOR('t', 65, int) /* Read debug level */
-#define PPPIOCSDEBUG _IOW('t', 64, int) /* Set debug level */
-#define PPPIOCGIDLE _IOR('t', 63, struct ppp_idle) /* get idle time */
-#define PPPIOCNEWUNIT _IOWR('t', 62, int) /* create new ppp unit */
-#define PPPIOCATTACH _IOW('t', 61, int) /* attach to ppp unit */
-#define PPPIOCDETACH _IOW('t', 60, int) /* detach from ppp unit/chan */
-#define PPPIOCSMRRU _IOW('t', 59, int) /* set multilink MRU */
-#define PPPIOCCONNECT _IOW('t', 58, int) /* connect channel to unit */
-#define PPPIOCDISCONN _IO('t', 57) /* disconnect channel */
-#define PPPIOCATTCHAN _IOW('t', 56, int) /* attach to ppp channel */
-#define PPPIOCGCHAN _IOR('t', 55, int) /* get ppp channel number */
-
-#define SIOCGPPPSTATS (SIOCDEVPRIVATE + 0)
-#define SIOCGPPPVER (SIOCDEVPRIVATE + 1) /* NEVER change this!! */
-#define SIOCGPPPCSTATS (SIOCDEVPRIVATE + 2)
-
-#if !defined(ifr_mtu)
-#define ifr_mtu ifr_ifru.ifru_metric
-#endif
-
-#endif /* _IF_PPP_H_ */
/*
* ppp-comp.h - Definitions for doing PPP packet compression.
*
- * Copyright (c) 1984 Paul Mackerras. All rights reserved.
+ * Copyright (c) 1994 Paul Mackerras. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
/*
* ppp_defs.h - PPP definitions.
*
- * Copyright (c) 1989-2002 Paul Mackerras. All rights reserved.
+ * Copyright (c) 1994-2002 Paul Mackerras. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+++ /dev/null
-/* $Id: if_ppp.h,v 1.19 2002/12/06 09:49:15 paulus Exp $ */
-
-/*
- * if_ppp.h - Point-to-Point Protocol definitions.
- *
- * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. The name "Carnegie Mellon University" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For permission or any legal
- * details, please contact
- * Office of Technology Transfer
- * Carnegie Mellon University
- * 5000 Forbes Avenue
- * Pittsburgh, PA 15213-3890
- * (412) 268-4387, fax: (412) 268-7395
- * tech-transfer@andrew.cmu.edu
- *
- * 4. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by Computing Services
- * at Carnegie Mellon University (http://www.cmu.edu/computing/)."
- *
- * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
- * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
- * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
- * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
- * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#ifndef _IF_PPP_H_
-#define _IF_PPP_H_
-
-/*
- * Bit definitions for flags.
- */
-#define SC_COMP_PROT 0x00000001 /* protocol compression (output) */
-#define SC_COMP_AC 0x00000002 /* header compression (output) */
-#define SC_COMP_TCP 0x00000004 /* TCP (VJ) compression (output) */
-#define SC_NO_TCP_CCID 0x00000008 /* disable VJ connection-id comp. */
-#define SC_REJ_COMP_AC 0x00000010 /* reject adrs/ctrl comp. on input */
-#define SC_REJ_COMP_TCP 0x00000020 /* reject TCP (VJ) comp. on input */
-#define SC_CCP_OPEN 0x00000040 /* Look at CCP packets */
-#define SC_CCP_UP 0x00000080 /* May send/recv compressed packets */
-#define SC_DEBUG 0x00010000 /* enable debug messages */
-#define SC_LOG_INPKT 0x00020000 /* log contents of good pkts recvd */
-#define SC_LOG_OUTPKT 0x00040000 /* log contents of pkts sent */
-#define SC_LOG_RAWIN 0x00080000 /* log all chars received */
-#define SC_LOG_FLUSH 0x00100000 /* log all chars flushed */
-#define SC_RCV_B7_0 0x01000000 /* have rcvd char with bit 7 = 0 */
-#define SC_RCV_B7_1 0x02000000 /* have rcvd char with bit 7 = 1 */
-#define SC_RCV_EVNP 0x04000000 /* have rcvd char with even parity */
-#define SC_RCV_ODDP 0x08000000 /* have rcvd char with odd parity */
-#define SC_SYNC 0x00200000 /* use synchronous HDLC framing */
-#define SC_MASK 0x0fff00ff /* bits that user can change */
-
-/*
- * State bits in sc_flags, not changeable by user.
- */
-#define SC_TIMEOUT 0x00000400 /* timeout is currently pending */
-#define SC_VJ_RESET 0x00000800 /* need to reset VJ decomp */
-#define SC_COMP_RUN 0x00001000 /* compressor has been inited */
-#define SC_DECOMP_RUN 0x00002000 /* decompressor has been inited */
-#define SC_DC_ERROR 0x00004000 /* non-fatal decomp error detected */
-#define SC_DC_FERROR 0x00008000 /* fatal decomp error detected */
-#define SC_TBUSY 0x10000000 /* xmitter doesn't need a packet yet */
-#define SC_PKTLOST 0x20000000 /* have lost or dropped a packet */
-#define SC_FLUSH 0x40000000 /* flush input until next PPP_FLAG */
-#define SC_ESCAPED 0x80000000 /* saw a PPP_ESCAPE */
-
-/*
- * Ioctl definitions.
- */
-
-struct npioctl {
- int protocol; /* PPP procotol, e.g. PPP_IP */
- enum NPmode mode;
-};
-
-/* Structure describing a CCP configuration option, for PPPIOCSCOMPRESS */
-struct ppp_option_data {
- u_char *ptr;
- u_int length;
- int transmit;
-};
-
-struct ifpppstatsreq {
- char ifr_name[IFNAMSIZ];
- struct ppp_stats stats;
-};
-
-struct ifpppcstatsreq {
- char ifr_name[IFNAMSIZ];
- struct ppp_comp_stats stats;
-};
-
-/*
- * Ioctl definitions.
- */
-
-#define PPPIOCGFLAGS _IOR('t', 90, int) /* get configuration flags */
-#define PPPIOCSFLAGS _IOW('t', 89, int) /* set configuration flags */
-#define PPPIOCGASYNCMAP _IOR('t', 88, int) /* get async map */
-#define PPPIOCSASYNCMAP _IOW('t', 87, int) /* set async map */
-#define PPPIOCGUNIT _IOR('t', 86, int) /* get ppp unit number */
-#define PPPIOCGRASYNCMAP _IOR('t', 85, int) /* get receive async map */
-#define PPPIOCSRASYNCMAP _IOW('t', 84, int) /* set receive async map */
-#define PPPIOCGMRU _IOR('t', 83, int) /* get max receive unit */
-#define PPPIOCSMRU _IOW('t', 82, int) /* set max receive unit */
-#define PPPIOCSMAXCID _IOW('t', 81, int) /* set VJ max slot ID */
-#define PPPIOCGXASYNCMAP _IOR('t', 80, ext_accm) /* get extended ACCM */
-#define PPPIOCSXASYNCMAP _IOW('t', 79, ext_accm) /* set extended ACCM */
-#define PPPIOCXFERUNIT _IO('t', 78) /* transfer PPP unit */
-#define PPPIOCSCOMPRESS _IOW('t', 77, struct ppp_option_data)
-#define PPPIOCGNPMODE _IOWR('t', 76, struct npioctl) /* get NP mode */
-#define PPPIOCSNPMODE _IOW('t', 75, struct npioctl) /* set NP mode */
-#define PPPIOCGIDLE _IOR('t', 74, struct ppp_idle) /* get idle time */
-#ifdef PPP_FILTER
-#define PPPIOCSPASS _IOW('t', 71, struct bpf_program) /* set pass filter */
-#define PPPIOCSACTIVE _IOW('t', 70, struct bpf_program) /* set active filt */
-#endif /* PPP_FILTER */
-
-/* PPPIOC[GS]MTU are alternatives to SIOC[GS]IFMTU, used under Ultrix */
-#define PPPIOCGMTU _IOR('t', 73, int) /* get interface MTU */
-#define PPPIOCSMTU _IOW('t', 72, int) /* set interface MTU */
-
-/*
- * These two are interface ioctls so that pppstats can do them on
- * a socket without having to open the serial device.
- */
-#define SIOCGPPPSTATS _IOWR('i', 123, struct ifpppstatsreq)
-#define SIOCGPPPCSTATS _IOWR('i', 122, struct ifpppcstatsreq)
-
-#if !defined(ifr_mtu)
-#define ifr_mtu ifr_ifru.ifru_metric
-#endif
-
-#if (defined(_KERNEL) || defined(KERNEL)) && !defined(NeXT)
-void pppattach(void);
-void pppintr(void);
-#endif
-#endif /* _IF_PPP_H_ */
/*
* ppp-comp.h - Definitions for doing PPP packet compression.
*
- * Copyright (c) 1984 Paul Mackerras. All rights reserved.
+ * Copyright (c) 1994 Paul Mackerras. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
/*
* ppp_defs.h - PPP definitions.
*
- * Copyright (c) 1984 Paul Mackerras. All rights reserved.
+ * Copyright (c) 1994 Paul Mackerras. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+++ /dev/null
-/*
- * Definitions for tcp compression routines.
- *
- * $Id: slcompress.h,v 1.4 1994/09/21 06:50:08 paulus Exp $
- *
- * Copyright (c) 1989 Regents of the University of California.
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms are permitted
- * provided that the above copyright notice and this paragraph are
- * duplicated in all such forms and that any documentation,
- * advertising materials, and other materials related to such
- * distribution and use acknowledge that the software was developed
- * by the University of California, Berkeley. The name of the
- * University may not be used to endorse or promote products derived
- * from this software without specific prior written permission.
- * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
- * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
- *
- * Van Jacobson (van@helios.ee.lbl.gov), Dec 31, 1989:
- * - Initial distribution.
- */
-
-#ifndef _SLCOMPRESS_H_
-#define _SLCOMPRESS_H_
-
-#define MAX_STATES 16 /* must be > 2 and < 256 */
-#define MAX_HDR MLEN /* XXX 4bsd-ism: should really be 128 */
-
-/*
- * Compressed packet format:
- *
- * The first octet contains the packet type (top 3 bits), TCP
- * 'push' bit, and flags that indicate which of the 4 TCP sequence
- * numbers have changed (bottom 5 bits). The next octet is a
- * conversation number that associates a saved IP/TCP header with
- * the compressed packet. The next two octets are the TCP checksum
- * from the original datagram. The next 0 to 15 octets are
- * sequence number changes, one change per bit set in the header
- * (there may be no changes and there are two special cases where
- * the receiver implicitly knows what changed -- see below).
- *
- * There are 5 numbers which can change (they are always inserted
- * in the following order): TCP urgent pointer, window,
- * acknowlegement, sequence number and IP ID. (The urgent pointer
- * is different from the others in that its value is sent, not the
- * change in value.) Since typical use of SLIP links is biased
- * toward small packets (see comments on MTU/MSS below), changes
- * use a variable length coding with one octet for numbers in the
- * range 1 - 255 and 3 octets (0, MSB, LSB) for numbers in the
- * range 256 - 65535 or 0. (If the change in sequence number or
- * ack is more than 65535, an uncompressed packet is sent.)
- */
-
-/*
- * Packet types (must not conflict with IP protocol version)
- *
- * The top nibble of the first octet is the packet type. There are
- * three possible types: IP (not proto TCP or tcp with one of the
- * control flags set); uncompressed TCP (a normal IP/TCP packet but
- * with the 8-bit protocol field replaced by an 8-bit connection id --
- * this type of packet syncs the sender & receiver); and compressed
- * TCP (described above).
- *
- * LSB of 4-bit field is TCP "PUSH" bit (a worthless anachronism) and
- * is logically part of the 4-bit "changes" field that follows. Top
- * three bits are actual packet type. For backward compatibility
- * and in the interest of conserving bits, numbers are chosen so the
- * IP protocol version number (4) which normally appears in this nibble
- * means "IP packet".
- */
-
-/* packet types */
-#define TYPE_IP 0x40
-#define TYPE_UNCOMPRESSED_TCP 0x70
-#define TYPE_COMPRESSED_TCP 0x80
-#define TYPE_ERROR 0x00
-
-/* Bits in first octet of compressed packet */
-#define NEW_C 0x40 /* flag bits for what changed in a packet */
-#define NEW_I 0x20
-#define NEW_S 0x08
-#define NEW_A 0x04
-#define NEW_W 0x02
-#define NEW_U 0x01
-
-/* reserved, special-case values of above */
-#define SPECIAL_I (NEW_S|NEW_W|NEW_U) /* echoed interactive traffic */
-#define SPECIAL_D (NEW_S|NEW_A|NEW_W|NEW_U) /* unidirectional data */
-#define SPECIALS_MASK (NEW_S|NEW_A|NEW_W|NEW_U)
-
-#define TCP_PUSH_BIT 0x10
-
-
-/*
- * "state" data for each active tcp conversation on the wire. This is
- * basically a copy of the entire IP/TCP header from the last packet
- * we saw from the conversation together with a small identifier
- * the transmit & receive ends of the line use to locate saved header.
- */
-struct cstate {
- struct cstate *cs_next; /* next most recently used cstate (xmit only) */
- u_short cs_hlen; /* size of hdr (receive only) */
- u_char cs_id; /* connection # associated with this state */
- u_char cs_filler;
- union {
- char csu_hdr[MAX_HDR];
- struct ip csu_ip; /* ip/tcp hdr from most recent packet */
- } slcs_u;
-};
-#define cs_ip slcs_u.csu_ip
-#define cs_hdr slcs_u.csu_hdr
-
-/*
- * all the state data for one serial line (we need one of these
- * per line).
- */
-struct slcompress {
- struct cstate *last_cs; /* most recently used tstate */
- u_char last_recv; /* last rcvd conn. id */
- u_char last_xmit; /* last sent conn. id */
- u_short flags;
-#ifndef SL_NO_STATS
- int sls_packets; /* outbound packets */
- int sls_compressed; /* outbound compressed packets */
- int sls_searches; /* searches for connection state */
- int sls_misses; /* times couldn't find conn. state */
- int sls_uncompressedin; /* inbound uncompressed packets */
- int sls_compressedin; /* inbound compressed packets */
- int sls_errorin; /* inbound unknown type packets */
- int sls_tossed; /* inbound packets tossed because of error */
-#endif
- struct cstate tstate[MAX_STATES]; /* xmit connection states */
- struct cstate rstate[MAX_STATES]; /* receive connection states */
-};
-/* flag values */
-#define SLF_TOSS 1 /* tossing rcvd frames because of input err */
-
-void sl_compress_init(struct slcompress *);
-void sl_compress_setup(struct slcompress *, int);
-u_int sl_compress_tcp(struct mbuf *,
- struct ip *, struct slcompress *, int);
-int sl_uncompress_tcp(u_char **, int, u_int, struct slcompress *);
-int sl_uncompress_tcp_core(u_char *, int, int, u_int,
- struct slcompress *, u_char **, u_int *);
-
-#endif /* _SLCOMPRESS_H_ */
+++ /dev/null
-# PPP top-level Makefile for Linux.
-
-DESTDIR = $(INSTROOT)@DESTDIR@
-BINDIR = $(DESTDIR)/sbin
-INCDIR = $(DESTDIR)/include
-MANDIR = $(DESTDIR)/share/man
-ETCDIR = $(INSTROOT)@SYSCONF@/ppp
-
-# uid 0 = root
-INSTALL= install
-
-all:
- cd chat; $(MAKE) $(MFLAGS) all
- cd pppd/plugins; $(MAKE) $(MFLAGS) all
- cd pppd; $(MAKE) $(MFLAGS) all
- cd pppstats; $(MAKE) $(MFLAGS) all
- cd pppdump; $(MAKE) $(MFLAGS) all
-
-install: $(BINDIR) $(MANDIR)/man8 install-progs install-devel
-
-install-progs:
- cd chat; $(MAKE) $(MFLAGS) install
- cd pppd/plugins; $(MAKE) $(MFLAGS) install
- cd pppd; $(MAKE) $(MFLAGS) install
- cd pppstats; $(MAKE) $(MFLAGS) install
- cd pppdump; $(MAKE) $(MFLAGS) install
-
-install-etcppp: $(ETCDIR) $(ETCDIR)/options $(ETCDIR)/pap-secrets \
- $(ETCDIR)/chap-secrets $(ETCDIR)/eaptls-server $(ETCDIR)/eaptls-client
-
-install-devel:
- cd pppd; $(MAKE) $(MFLAGS) install-devel
-
-$(ETCDIR)/options:
- $(INSTALL) -c -m 644 etc.ppp/options $@
-$(ETCDIR)/pap-secrets:
- $(INSTALL) -c -m 600 etc.ppp/pap-secrets $@
-$(ETCDIR)/chap-secrets:
- $(INSTALL) -c -m 600 etc.ppp/chap-secrets $@
-$(ETCDIR)/eaptls-server:
- $(INSTALL) -c -m 600 etc.ppp/eaptls-server $@
-$(ETCDIR)/eaptls-client:
- $(INSTALL) -c -m 600 etc.ppp/eaptls-client $@
-
-$(BINDIR):
- $(INSTALL) -d -m 755 $@
-$(MANDIR)/man8:
- $(INSTALL) -d -m 755 $@
-$(ETCDIR):
- $(INSTALL) -d -m 755 $@
-
-clean:
- rm -f `find . -name '*.[oas]' -print`
- rm -f `find . -name 'core' -print`
- rm -f `find . -name '*~' -print`
- cd chat; $(MAKE) clean
- cd pppd/plugins; $(MAKE) clean
- cd pppd; $(MAKE) clean
- cd pppstats; $(MAKE) clean
- cd pppdump; $(MAKE) clean
-
-dist-clean: clean
- rm -f Makefile `find . -name Makefile -print`
-
-#kernel:
-# cd linux; ./kinstall.sh
-
-# no tests yet, one day...
-installcheck:
- true
--- /dev/null
+# SYNOPSIS
+#
+# AX_CHECK_ATM([action-if-found[, action-if-not-found]])
+#
+# DESCRIPTION
+#
+# Look for libatm in a number of default locations, or in a provided location
+# (via --with-atm=). Sets
+# ATM_CFLAGS
+# ATM_LDFLAGS
+# ATM_LIBS
+#
+# and calls ACTION-IF-FOUND or ACTION-IF-NOT-FOUND appropriately
+#
+# LICENSE
+#
+# Copyright (c) 2021 Eivind Naess <eivnaes@yahoo.com>
+#
+# Copying and distribution of this file, with or without modification, are
+# permitted in any medium without royalty provided the copyright notice
+# and this notice are preserved. This file is offered as-is, without any
+# warranty.
+
+#serial 1
+
+AC_DEFUN([AX_CHECK_ATM], [
+ AC_ARG_WITH([atm],
+ [AS_HELP_STRING([--with-atm=DIR],
+ [With libatm support, see http://linux-atm.sourceforge.net])],
+ [
+ case "$withval" in
+ "" | y | ye | yes)
+ atmdirs="/usr/local /usr/lib /usr"
+ ;;
+ n | no)
+ with_atm="no"
+ ;;
+ *)
+ atmdirs="$withval"
+ ;;
+ esac
+ ])
+
+ if [ test "x${with_atm}" != "xno" ] ; then
+ ATM_LIBS="-latm"
+ for atmdir in $atmdirs; do
+ AC_MSG_CHECKING([for atm.h in $atmdir])
+ if test -f "$atmdir/include/atm.h"; then
+ ATM_CFLAGS="-I$atmdir/include"
+ ATM_LDFLAGS="-L$atmdir/lib"
+ AC_MSG_RESULT([yes])
+ break
+ else
+ AC_MSG_RESULT([no])
+ fi
+ done
+
+ # try the preprocessor and linker with our new flags,
+ # being careful not to pollute the global LIBS, LDFLAGS, and CPPFLAGS
+
+ AC_MSG_CHECKING([if compiling and linking against libatm works])
+
+ save_LIBS="$LIBS"
+ save_LDFLAGS="$LDFLAGS"
+ save_CPPFLAGS="$CPPFLAGS"
+ LDFLAGS="$LDFLAGS $ATM_LDFLAGS"
+ LIBS="$ATM_LIBS $LIBS"
+ CPPFLAGS="$ATM_CFLAGS $CPPFLAGS"
+ AC_LINK_IFELSE(
+ [AC_LANG_PROGRAM(
+ [#include <atm.h>
+ #include <stddef.h>],
+ [text2atm(NULL,NULL,0,0);])],
+ [
+ AC_MSG_RESULT([yes])
+ with_atm=yes
+ $1
+ ], [
+ AC_MSG_RESULT([no])
+ with_atm="no"
+ $2
+ ])
+ CPPFLAGS="$save_CPPFLAGS"
+ LDFLAGS="$save_LDFLAGS"
+ LIBS="$save_LIBS"
+
+ AC_SUBST([ATM_CFLAGS])
+ AC_SUBST([ATM_LIBS])
+ AC_SUBST([ATM_LDFLAGS])
+ fi
+ AM_CONDITIONAL(WITH_LIBATM, test "x${with_atm}" != "xno")
+])
+
--- /dev/null
+# ===========================================================================
+# http://www.gnu.org/software/autoconf-archive/ax_check_openssl.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+# AX_CHECK_OPENSSL([action-if-found[, action-if-not-found]])
+#
+# DESCRIPTION
+#
+# Look for OpenSSL in a number of default spots, or in a user-selected
+# spot (via --with-openssl). Sets
+#
+# OPENSSL_INCLUDES to the include directives required
+# OPENSSL_LIBS to the -l directives required
+# OPENSSL_LDFLAGS to the -L or -R flags required
+#
+# and calls ACTION-IF-FOUND or ACTION-IF-NOT-FOUND appropriately
+#
+# This macro sets OPENSSL_INCLUDES such that source files should use the
+# openssl/ directory in include directives:
+#
+# #include <openssl/hmac.h>
+#
+# LICENSE
+#
+# Copyright (c) 2009,2010 Zmanda Inc. <http://www.zmanda.com/>
+# Copyright (c) 2009,2010 Dustin J. Mitchell <dustin@zmanda.com>
+#
+# Copying and distribution of this file, with or without modification, are
+# permitted in any medium without royalty provided the copyright notice
+# and this notice are preserved. This file is offered as-is, without any
+# warranty.
+
+#serial 9
+
+AU_ALIAS([CHECK_SSL], [AX_CHECK_OPENSSL])
+AC_DEFUN([AX_CHECK_OPENSSL], [
+ found=false
+ AC_ARG_WITH([openssl],
+ [AS_HELP_STRING([--with-openssl=DIR],
+ [With openssl support, see http://www.openssl.org])],
+ [
+ case "$withval" in
+ "" | y | ye | yes )
+ ssldirs="/usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /usr"
+ ;;
+ n | no )
+ ;;
+ *) ssldirs="$withval"
+ ;;
+ esac
+ ], [
+ ssldirs="/usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /usr"
+ ])
+
+ AS_IF([test "${with_openssl}" != "no"], [
+ # if pkg-config is installed and openssl has installed a .pc file,
+ # then use that information and don't search ssldirs
+ AC_PATH_PROG([PKG_CONFIG], [pkg-config])
+ if test x"$PKG_CONFIG" != x""; then
+ OPENSSL_LDFLAGS=`$PKG_CONFIG openssl --libs-only-L 2>/dev/null`
+ if test $? = 0; then
+ OPENSSL_LIBS=`$PKG_CONFIG openssl --libs-only-l 2>/dev/null`
+ OPENSSL_INCLUDES=`$PKG_CONFIG openssl --cflags-only-I 2>/dev/null`
+ found=true
+ fi
+ fi
+ ])
+
+ AS_IF([test "${with_openssl}" != "no" && test "${found}" != "true"], [
+ OPENSSL_INCLUDES=
+ for ssldir in $ssldirs; do
+ AC_MSG_CHECKING([for openssl/ssl.h in $ssldir])
+ AS_IF([ test -f "$ssldir/include/openssl/ssl.h" ], [
+ OPENSSL_INCLUDES="-I$ssldir/include"
+ OPENSSL_LDFLAGS="-L$ssldir/lib"
+ OPENSSL_LIBS="-lssl -lcrypto"
+ found=true
+ AC_MSG_RESULT([yes])
+ break
+ ], [
+ AC_MSG_RESULT([no])
+ ])
+ done])
+
+ AS_IF([test "${with_openssl}" != "no" && test "${found}" = "true" ], [
+
+ # try the preprocessor and linker with our new flags,
+ # being careful not to pollute the global LIBS, LDFLAGS, and CPPFLAGS
+
+ AC_MSG_CHECKING([whether compiling and linking against OpenSSL works])
+ echo "Trying link with OPENSSL_LDFLAGS=$OPENSSL_LDFLAGS;" \
+ "OPENSSL_LIBS=$OPENSSL_LIBS; OPENSSL_INCLUDES=$OPENSSL_INCLUDES" >&AS_MESSAGE_LOG_FD
+
+ save_LIBS="$LIBS"
+ save_LDFLAGS="$LDFLAGS"
+ save_CPPFLAGS="$CPPFLAGS"
+ LDFLAGS="$LDFLAGS $OPENSSL_LDFLAGS"
+ LIBS="$OPENSSL_LIBS $LIBS"
+ CPPFLAGS="$OPENSSL_INCLUDES $CPPFLAGS"
+ AC_LINK_IFELSE(
+ [AC_LANG_PROGRAM([#include <openssl/ssl.h>], [SSL_new(NULL)])],
+ [
+ AC_MSG_RESULT([yes])
+ $1
+ ], [
+ AC_MSG_RESULT([no])
+ $2
+ ])
+ CPPFLAGS="$save_CPPFLAGS"
+ LDFLAGS="$save_LDFLAGS"
+ LIBS="$save_LIBS"
+
+ AC_SUBST([OPENSSL_INCLUDES])
+ AC_SUBST([OPENSSL_LIBS])
+ AC_SUBST([OPENSSL_LDFLAGS])
+ ], [ $2 ])
+])
--- /dev/null
+# SYNOPSIS
+#
+# AX_CHECK_OPENSSL_DEFINE([DEFINE], [VAR][, action-if-found[, action-if-not-found]])
+#
+# DESCRIPTION
+#
+# Check if OpenSSL has a define set in it's features provided, i.e. OPENSSL_NO_MD4.
+# If so, the var argument ac_cv_openssl_[VAR] is set to yes, and action-is-found is
+# run, else action-if-not-found is executed.
+#
+# This module require AX_CHECK_OPENSSL
+#
+# LICENSE
+#
+# Copyright (c) 2021 Eivind Naess <eivnaes@yahoo.com>
+#
+# Copying and distribution of this file, with or without modification, are
+# permitted in any medium without royalty provided the copyright notice
+# and this notice are preserved. This file is offered as-is, without any
+# warranty.
+
+#serial 1
+
+AC_DEFUN([AX_CHECK_OPENSSL_DEFINE], [
+ AC_REQUIRE([AX_CHECK_OPENSSL])
+ AC_MSG_CHECKING([for $2 support in openssl])
+ save_CPPFLAGS="$CPPFLAGS"
+ CPPFLAGS="$OPENSSL_INCLUDES $CPPFLAGS"
+ AC_PREPROC_IFELSE([
+ AC_LANG_PROGRAM(
+ [[@%:@include <openssl/opensslconf.h>]],
+ [[#ifdef $1
+ #error "No support for $1"
+ #endif]])],
+ AC_MSG_RESULT([yes])
+ [ac_cv_openssl_$2=yes]
+ $3,
+ AC_MSG_RESULT([no])
+ [ac_cv_openssl_$2=no]
+ $4
+ )
+ CPPFLAGS="$save_CPPFLAGS"
+])
+
--- /dev/null
+# SYNOPSIS
+#
+# AX_CHECK_PAM([action-if-found[, action-if-not-found]])
+#
+# DESCRIPTION
+#
+# Look for libpam in a number of default locations, or in a provided location
+# (via --with-pam=). Sets
+# PAM_CFLAGS
+# PAM_LDFLAGS
+# PAM_LIBS
+#
+# and calls ACTION-IF-FOUND or ACTION-IF-NOT-FOUND appropriately
+#
+# LICENSE
+#
+# Copyright (c) 2021 Eivind Naess <eivnaes@yahoo.com>
+#
+# Copying and distribution of this file, with or without modification, are
+# permitted in any medium without royalty provided the copyright notice
+# and this notice are preserved. This file is offered as-is, without any
+# warranty.
+
+#serial 1
+
+AC_DEFUN([AX_CHECK_PAM], [
+ AC_ARG_WITH([pam],
+ [AS_HELP_STRING([--with-pam=DIR],
+ [With libpam support, see ftp.redhat.com:/pub/pam])],
+ [
+ case "$withval" in
+ "" | y | ye | yes)
+ pamdirs="/usr/local /usr/lib /usr"
+ ;;
+ n | no)
+ with_pam="no"
+ ;;
+ *)
+ pamdirs="$withval"
+ ;;
+ esac
+ ])
+
+ if [ test "x${with_pam}" != "xno" ] ; then
+ PAM_LIBS="-lpam"
+ for pamdir in $pamdirs; do
+ AC_MSG_CHECKING([for pam_appl.h in $pamdir])
+ if test -f "$pamdir/include/security/pam_appl.h"; then
+ PAM_CFLAGS="-I$pamdir/include"
+ PAM_LDFLAGS="-L$pamdir/lib"
+ AC_MSG_RESULT([yes])
+ break
+ else
+ AC_MSG_RESULT([no])
+ fi
+ done
+
+ # try the preprocessor and linker with our new flags,
+ # being careful not to pollute the global LIBS, LDFLAGS, and CPPFLAGS
+
+ AC_MSG_CHECKING([if compiling and linking against libpam works])
+
+ save_LIBS="$LIBS"
+ save_LDFLAGS="$LDFLAGS"
+ save_CPPFLAGS="$CPPFLAGS"
+ LDFLAGS="$LDFLAGS $PAM_LDFLAGS"
+ LIBS="$PAM_LIBS $LIBS"
+ CPPFLAGS="$PAM_CFLAGS $CPPFLAGS"
+ AC_LINK_IFELSE(
+ [AC_LANG_PROGRAM(
+ [#include <security/pam_appl.h>
+ #include <stddef.h>],
+ [pam_authenticate(NULL, 0);])],
+ [
+ AC_MSG_RESULT([yes])
+ with_pam=yes
+ $1
+ ], [
+ AC_MSG_RESULT([no])
+ with_pam="no"
+ $2
+ ])
+ CPPFLAGS="$save_CPPFLAGS"
+ LDFLAGS="$save_LDFLAGS"
+ LIBS="$save_LIBS"
+
+ AC_SUBST([PAM_CFLAGS])
+ AC_SUBST([PAM_LIBS])
+ AC_SUBST([PAM_LDFLAGS])
+ fi
+ AM_CONDITIONAL(WITH_LIBPAM, test "x${with_pam}" != "xno")
+])
+
--- /dev/null
+# SYNOPSIS
+#
+# AX_CHECK_PCAP([action-if-found[, action-if-not-found]]
+#
+# DESCRIPTION
+#
+# Look for libpcap in a number of default locations, or in a provided location
+# (via --with-pcap=). Sets
+# PCAP_CFLAGS
+# PCAP_LDFLAGS
+# PCAP_LIBS
+#
+# and calls ACTION-IF-FOUND or ACTION-IF-NOT-FOUND appropriately
+#
+# LICENSE
+#
+# Copyright (c) 2021 Eivind Naess <eivnaes@yahoo.com>
+#
+# Copying and distribution of this file, with or without modification, are
+# permitted in any medium without royalty provided the copyright notice
+# and this notice are preserved. This file is offered as-is, without any
+# warranty.
+
+#serial 1
+
+AC_DEFUN([AX_CHECK_PCAP], [
+ AC_ARG_WITH([pcap],
+ [AS_HELP_STRING([--with-pcap=DIR],
+ [With libpcap support, see https://www.tcpdump.org])],
+ [
+ case "$withval" in
+ "" | y | ye | yes)
+ pcapdirs="/usr/local /usr/lib /usr"
+ ;;
+ n | no)
+ with_pcap="no"
+ ;;
+ *)
+ pcapdirs="$withval"
+ ;;
+ esac
+ ])
+
+ if [ test "x${with_pcap}" != "xno" ] ; then
+ PCAP_LIBS="-lpcap"
+ for pcapdir in $pcapdirs; do
+ AC_MSG_CHECKING([for pcap.h in $pcapdir])
+ if test -f "$pcapdir/include/pcap.h"; then
+ PCAP_CFLAGS="-I$pcapdir/include"
+ PCAP_LDFLAGS="-L$pcapdir/lib"
+ AC_MSG_RESULT([yes])
+ break
+ else
+ AC_MSG_RESULT([no])
+ fi
+ done
+
+ # try the preprocessor and linker with our new flags,
+ # being careful not to pollute the global LIBS, LDFLAGS, and CPPFLAGS
+
+ AC_MSG_CHECKING([if compiling and linking against libpcap works])
+
+ save_LIBS="$LIBS"
+ save_LDFLAGS="$LDFLAGS"
+ save_CPPFLAGS="$CPPFLAGS"
+ LDFLAGS="$PCAP_LDFLAGS $LDFLAGS"
+ LIBS="$PCAP_LIBS $LIBS"
+ CPPFLAGS="$PCAP_CFLAGS $CPPFLAGS"
+ AC_LINK_IFELSE(
+ [AC_LANG_PROGRAM(
+ [@%:@include <pcap.h>],
+ [pcap_create(0,0);])],
+ [
+ AC_MSG_RESULT([yes])
+ with_pcap=yes
+ $1
+ ], [
+ AC_MSG_RESULT([no])
+ with_pcap="no"
+ $2
+ ])
+ CPPFLAGS="$save_CPPFLAGS"
+ LDFLAGS="$save_LDFLAGS"
+ LIBS="$save_LIBS"
+
+ AC_SUBST([PCAP_CFLAGS])
+ AC_SUBST([PCAP_LIBS])
+ AC_SUBST([PCAP_LDFLAGS])
+ fi
+
+ AM_CONDITIONAL(WITH_PCAP, test "x${with_pcap}" != "xno")
+])
+
--- /dev/null
+# SYNOPSIS
+#
+# AX_CHECK_SRP([action-if-found[, action-if-not-found]])
+#
+# DESCRIPTION
+#
+# Look for libsrp in a number of default locations, or in a provided location
+# (via --with-srp=). Sets
+# SRP_CFLAGS
+# SRP_LDFLAGS
+# SRP_LIBS
+#
+# and calls ACTION-IF-FOUND or ACTION-IF-NOT-FOUND appropriately
+#
+# LICENSE
+#
+# Copyright (c) 2021 Eivind Naess <eivnaes@yahoo.com>
+#
+# Copying and distribution of this file, with or without modification, are
+# permitted in any medium without royalty provided the copyright notice
+# and this notice are preserved. This file is offered as-is, without any
+# warranty.
+
+#serial 1
+
+AC_DEFUN([AX_CHECK_SRP], [
+ AC_ARG_WITH([srp],
+ [AS_HELP_STRING([--with-srp=DIR],
+ [With libsrp support, see http://srp.stanford.edu])],
+ [
+ case "$withval" in
+ "" | y | ye | yes)
+ srpdirs="/usr/local /usr/lib /usr"
+ ;;
+ n | no)
+ with_srp="no"
+ ;;
+ *)
+ srpdirs="$withval"
+ ;;
+ esac
+ ])
+
+ if [ test "x${with_srp}" != "xno" ] ; then
+ SRP_LIBS="-lsrp"
+ for srpdir in $srpdirs; do
+ AC_MSG_CHECKING([for srp.h in $srpdir])
+ if test -f "$srpdir/include/srp.h"; then
+ SRP_CFLAGS="-I$srpdir/include"
+ SRP_LDFLAGS="-L$srpdir/lib"
+ AC_MSG_RESULT([yes])
+ break
+ else
+ AC_MSG_RESULT([no])
+ fi
+ done
+
+ # try the preprocessor and linker with our new flags,
+ # being careful not to pollute the global LIBS, LDFLAGS, and CPPFLAGS
+
+ AC_MSG_CHECKING([if compiling and linking against libsrp works])
+
+ save_LIBS="$LIBS"
+ save_LDFLAGS="$LDFLAGS"
+ save_CPPFLAGS="$CPPFLAGS"
+ LDFLAGS="$SRP_LDFLAGS $OPENSSL_LDFLAGS $LDFLAGS"
+ LIBS="$SRP_LIBS $OPENSSL_LIBS $LIBS"
+ CPPFLAGS="$SRP_CFLAGS $OPENSSL_INCLUDES $CPPFLAGS"
+ AC_LINK_IFELSE(
+ [AC_LANG_PROGRAM(
+ [#include <srp.h>
+ #include <stddef.h>],
+ [SRP_use_engine(NULL);])],
+ [
+ AC_MSG_RESULT([yes])
+ with_srp=yes
+ $1
+ ], [
+ AC_MSG_RESULT([no])
+ with_srp="no"
+ $2
+ ])
+ CPPFLAGS="$save_CPPFLAGS"
+ LDFLAGS="$save_LDFLAGS"
+ LIBS="$save_LIBS"
+
+ AC_SUBST([SRP_CFLAGS])
+ AC_SUBST([SRP_LIBS])
+ AC_SUBST([SRP_LDFLAGS])
+ fi
+
+ AM_CONDITIONAL(WITH_SRP, test "x${with_srp}" != "xno")
+])
+
--- /dev/null
+# pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*-
+# serial 12 (pkg-config-0.29.2)
+
+dnl Copyright © 2004 Scott James Remnant <scott@netsplit.com>.
+dnl Copyright © 2012-2015 Dan Nicholson <dbn.lists@gmail.com>
+dnl
+dnl This program is free software; you can redistribute it and/or modify
+dnl it under the terms of the GNU General Public License as published by
+dnl the Free Software Foundation; either version 2 of the License, or
+dnl (at your option) any later version.
+dnl
+dnl This program is distributed in the hope that it will be useful, but
+dnl WITHOUT ANY WARRANTY; without even the implied warranty of
+dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+dnl General Public License for more details.
+dnl
+dnl You should have received a copy of the GNU General Public License
+dnl along with this program; if not, write to the Free Software
+dnl Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
+dnl 02111-1307, USA.
+dnl
+dnl As a special exception to the GNU General Public License, if you
+dnl distribute this file as part of a program that contains a
+dnl configuration script generated by Autoconf, you may include it under
+dnl the same distribution terms that you use for the rest of that
+dnl program.
+
+dnl PKG_PREREQ(MIN-VERSION)
+dnl -----------------------
+dnl Since: 0.29
+dnl
+dnl Verify that the version of the pkg-config macros are at least
+dnl MIN-VERSION. Unlike PKG_PROG_PKG_CONFIG, which checks the user's
+dnl installed version of pkg-config, this checks the developer's version
+dnl of pkg.m4 when generating configure.
+dnl
+dnl To ensure that this macro is defined, also add:
+dnl m4_ifndef([PKG_PREREQ],
+dnl [m4_fatal([must install pkg-config 0.29 or later before running autoconf/autogen])])
+dnl
+dnl See the "Since" comment for each macro you use to see what version
+dnl of the macros you require.
+m4_defun([PKG_PREREQ],
+[m4_define([PKG_MACROS_VERSION], [0.29.2])
+m4_if(m4_version_compare(PKG_MACROS_VERSION, [$1]), -1,
+ [m4_fatal([pkg.m4 version $1 or higher is required but ]PKG_MACROS_VERSION[ found])])
+])dnl PKG_PREREQ
+
+dnl PKG_PROG_PKG_CONFIG([MIN-VERSION])
+dnl ----------------------------------
+dnl Since: 0.16
+dnl
+dnl Search for the pkg-config tool and set the PKG_CONFIG variable to
+dnl first found in the path. Checks that the version of pkg-config found
+dnl is at least MIN-VERSION. If MIN-VERSION is not specified, 0.9.0 is
+dnl used since that's the first version where most current features of
+dnl pkg-config existed.
+AC_DEFUN([PKG_PROG_PKG_CONFIG],
+[m4_pattern_forbid([^_?PKG_[A-Z_]+$])
+m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$])
+m4_pattern_allow([^PKG_CONFIG_(DISABLE_UNINSTALLED|TOP_BUILD_DIR|DEBUG_SPEW)$])
+AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility])
+AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path])
+AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search path])
+
+if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
+ AC_PATH_TOOL([PKG_CONFIG], [pkg-config])
+fi
+if test -n "$PKG_CONFIG"; then
+ _pkg_min_version=m4_default([$1], [0.9.0])
+ AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version])
+ if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
+ AC_MSG_RESULT([yes])
+ else
+ AC_MSG_RESULT([no])
+ PKG_CONFIG=""
+ fi
+fi[]dnl
+])dnl PKG_PROG_PKG_CONFIG
+
+dnl PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
+dnl -------------------------------------------------------------------
+dnl Since: 0.18
+dnl
+dnl Check to see whether a particular set of modules exists. Similar to
+dnl PKG_CHECK_MODULES(), but does not set variables or print errors.
+dnl
+dnl Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG])
+dnl only at the first occurence in configure.ac, so if the first place
+dnl it's called might be skipped (such as if it is within an "if", you
+dnl have to call PKG_CHECK_EXISTS manually
+AC_DEFUN([PKG_CHECK_EXISTS],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+if test -n "$PKG_CONFIG" && \
+ AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then
+ m4_default([$2], [:])
+m4_ifvaln([$3], [else
+ $3])dnl
+fi])
+
+dnl _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES])
+dnl ---------------------------------------------
+dnl Internal wrapper calling pkg-config via PKG_CONFIG and setting
+dnl pkg_failed based on the result.
+m4_define([_PKG_CONFIG],
+[if test -n "$$1"; then
+ pkg_cv_[]$1="$$1"
+ elif test -n "$PKG_CONFIG"; then
+ PKG_CHECK_EXISTS([$3],
+ [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`
+ test "x$?" != "x0" && pkg_failed=yes ],
+ [pkg_failed=yes])
+ else
+ pkg_failed=untried
+fi[]dnl
+])dnl _PKG_CONFIG
+
+dnl _PKG_SHORT_ERRORS_SUPPORTED
+dnl ---------------------------
+dnl Internal check to see if pkg-config supports short errors.
+AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])
+if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
+ _pkg_short_errors_supported=yes
+else
+ _pkg_short_errors_supported=no
+fi[]dnl
+])dnl _PKG_SHORT_ERRORS_SUPPORTED
+
+
+dnl PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
+dnl [ACTION-IF-NOT-FOUND])
+dnl --------------------------------------------------------------
+dnl Since: 0.4.0
+dnl
+dnl Note that if there is a possibility the first call to
+dnl PKG_CHECK_MODULES might not happen, you should be sure to include an
+dnl explicit call to PKG_PROG_PKG_CONFIG in your configure.ac
+AC_DEFUN([PKG_CHECK_MODULES],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl
+AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl
+
+pkg_failed=no
+AC_MSG_CHECKING([for $2])
+
+_PKG_CONFIG([$1][_CFLAGS], [cflags], [$2])
+_PKG_CONFIG([$1][_LIBS], [libs], [$2])
+
+m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS
+and $1[]_LIBS to avoid the need to call pkg-config.
+See the pkg-config man page for more details.])
+
+if test $pkg_failed = yes; then
+ AC_MSG_RESULT([no])
+ _PKG_SHORT_ERRORS_SUPPORTED
+ if test $_pkg_short_errors_supported = yes; then
+ $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1`
+ else
+ $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1`
+ fi
+ # Put the nasty error message in config.log where it belongs
+ echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD
+
+ m4_default([$4], [AC_MSG_ERROR(
+[Package requirements ($2) were not met:
+
+$$1_PKG_ERRORS
+
+Consider adjusting the PKG_CONFIG_PATH environment variable if you
+installed software in a non-standard prefix.
+
+_PKG_TEXT])[]dnl
+ ])
+elif test $pkg_failed = untried; then
+ AC_MSG_RESULT([no])
+ m4_default([$4], [AC_MSG_FAILURE(
+[The pkg-config script could not be found or is too old. Make sure it
+is in your PATH or set the PKG_CONFIG environment variable to the full
+path to pkg-config.
+
+_PKG_TEXT
+
+To get pkg-config, see <http://pkg-config.freedesktop.org/>.])[]dnl
+ ])
+else
+ $1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS
+ $1[]_LIBS=$pkg_cv_[]$1[]_LIBS
+ AC_MSG_RESULT([yes])
+ $3
+fi[]dnl
+])dnl PKG_CHECK_MODULES
+
+
+dnl PKG_CHECK_MODULES_STATIC(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
+dnl [ACTION-IF-NOT-FOUND])
+dnl ---------------------------------------------------------------------
+dnl Since: 0.29
+dnl
+dnl Checks for existence of MODULES and gathers its build flags with
+dnl static libraries enabled. Sets VARIABLE-PREFIX_CFLAGS from --cflags
+dnl and VARIABLE-PREFIX_LIBS from --libs.
+dnl
+dnl Note that if there is a possibility the first call to
+dnl PKG_CHECK_MODULES_STATIC might not happen, you should be sure to
+dnl include an explicit call to PKG_PROG_PKG_CONFIG in your
+dnl configure.ac.
+AC_DEFUN([PKG_CHECK_MODULES_STATIC],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+_save_PKG_CONFIG=$PKG_CONFIG
+PKG_CONFIG="$PKG_CONFIG --static"
+PKG_CHECK_MODULES($@)
+PKG_CONFIG=$_save_PKG_CONFIG[]dnl
+])dnl PKG_CHECK_MODULES_STATIC
+
+
+dnl PKG_INSTALLDIR([DIRECTORY])
+dnl -------------------------
+dnl Since: 0.27
+dnl
+dnl Substitutes the variable pkgconfigdir as the location where a module
+dnl should install pkg-config .pc files. By default the directory is
+dnl $libdir/pkgconfig, but the default can be changed by passing
+dnl DIRECTORY. The user can override through the --with-pkgconfigdir
+dnl parameter.
+AC_DEFUN([PKG_INSTALLDIR],
+[m4_pushdef([pkg_default], [m4_default([$1], ['${libdir}/pkgconfig'])])
+m4_pushdef([pkg_description],
+ [pkg-config installation directory @<:@]pkg_default[@:>@])
+AC_ARG_WITH([pkgconfigdir],
+ [AS_HELP_STRING([--with-pkgconfigdir], pkg_description)],,
+ [with_pkgconfigdir=]pkg_default)
+AC_SUBST([pkgconfigdir], [$with_pkgconfigdir])
+m4_popdef([pkg_default])
+m4_popdef([pkg_description])
+])dnl PKG_INSTALLDIR
+
+
+dnl PKG_NOARCH_INSTALLDIR([DIRECTORY])
+dnl --------------------------------
+dnl Since: 0.27
+dnl
+dnl Substitutes the variable noarch_pkgconfigdir as the location where a
+dnl module should install arch-independent pkg-config .pc files. By
+dnl default the directory is $datadir/pkgconfig, but the default can be
+dnl changed by passing DIRECTORY. The user can override through the
+dnl --with-noarch-pkgconfigdir parameter.
+AC_DEFUN([PKG_NOARCH_INSTALLDIR],
+[m4_pushdef([pkg_default], [m4_default([$1], ['${datadir}/pkgconfig'])])
+m4_pushdef([pkg_description],
+ [pkg-config arch-independent installation directory @<:@]pkg_default[@:>@])
+AC_ARG_WITH([noarch-pkgconfigdir],
+ [AS_HELP_STRING([--with-noarch-pkgconfigdir], pkg_description)],,
+ [with_noarch_pkgconfigdir=]pkg_default)
+AC_SUBST([noarch_pkgconfigdir], [$with_noarch_pkgconfigdir])
+m4_popdef([pkg_default])
+m4_popdef([pkg_description])
+])dnl PKG_NOARCH_INSTALLDIR
+
+
+dnl PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE,
+dnl [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
+dnl -------------------------------------------
+dnl Since: 0.28
+dnl
+dnl Retrieves the value of the pkg-config variable for the given module.
+AC_DEFUN([PKG_CHECK_VAR],
+[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
+AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl
+
+_PKG_CONFIG([$1], [variable="][$3]["], [$2])
+AS_VAR_COPY([$1], [pkg_cv_][$1])
+
+AS_VAR_IF([$1], [""], [$5], [$4])dnl
+])dnl PKG_CHECK_VAR
--- /dev/null
+EXTRA_MODULE = \
+ bsd-comp.c \
+ deflate.c \
+ if_ppp.c \
+ ppp_ahdlc.c \
+ ppp.c \
+ ppp_comp.c \
+ ppp_mod.h \
+ vjcompress.c
+
+EXTRA_DIST = \
+ $(EXTRA_MODULE)
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
--- /dev/null
+sbin_PROGRAMS = pppd
+dist_man8_MANS = pppd.8
+check_PROGRAMS =
+
+utest_chap_SOURCES = chap_ms.c utils.c crypto_ms.c
+utest_chap_CPPFLAGS = -DUNIT_TEST
+utest_chap_LDFLAGS =
+
+utest_peap_SOURCES = peap.c utils.c mppe.c
+utest_peap_CPPFLAGS = -DUNIT_TEST
+utest_peap_LDFLAGS =
+
+utest_crypto_SOURCES = crypto.c
+utest_crypto_CPPFLAGS = -DUNIT_TEST
+utest_crypto_LDFLAGS =
+
+utest_pppcrypt_SOURCES = crypto_ms.c
+utest_pppcrypt_CPPFLAGS = -DUNIT_TEST_MSCRYPTO
+utest_pppcrypt_LDFLAGS =
+
+check_PROGRAMS += utest_crypto
+
+utest_utils_SOURCES = utils.c utils_utest.c
+utest_utils_CPPFLAGS = -DUNIT_TEST
+utest_utils_LDFLAGS =
+
+check_PROGRAMS += utest_utils
+
+if WITH_SRP
+sbin_PROGRAMS += srp-entry
+dist_man8_MANS += srp-entry.8
+endif
+
+pkgconfigdir = $(libdir)/pkgconfig
+pkgconfig_DATA = pppd.pc
+
+pppd_includedir = $(includedir)/pppd
+pppd_include_HEADERS = \
+ cbcp.h \
+ ccp.h \
+ chap.h \
+ chap_ms.h \
+ crypto.h \
+ crypto_ms.h \
+ eap.h \
+ ecp.h \
+ eui64.h \
+ fsm.h \
+ ipcp.h \
+ ipv6cp.h \
+ lcp.h \
+ magic.h \
+ mppe.h \
+ multilink.h \
+ pppd.h \
+ options.h \
+ pppdconf.h \
+ session.h \
+ upap.h
+
+# Headers to be distributed, but not installed in /usr/include/pppd
+noinst_HEADERS = \
+ chap-md5.h \
+ crypto-priv.h \
+ eap-tls.h \
+ pathnames.h \
+ peap.h \
+ pppd-private.h \
+ spinlock.h \
+ tls.h \
+ tdb.h
+
+pppd_SOURCES = \
+ auth.c \
+ ccp.c \
+ chap-md5.c \
+ chap.c \
+ demand.c \
+ eap.c \
+ ecp.c \
+ fsm.c \
+ ipcp.c \
+ lcp.c \
+ magic.c \
+ main.c \
+ options.c \
+ session.c \
+ tty.c \
+ upap.c \
+ utils.c
+
+pppd_CPPFLAGS = -DSYSCONFDIR=\"${sysconfdir}\" -DPPPD_RUNTIME_DIR='"@PPPD_RUNTIME_DIR@"' -DPPPD_LOGFILE_DIR='"@PPPD_LOGFILE_DIR@"'
+pppd_LDFLAGS =
+pppd_LIBS =
+
+if PPP_WITH_SYSTEM_CA_PATH
+pppd_CPPFLAGS += -DSYSTEM_CA_PATH='"@SYSTEM_CA_PATH@"'
+endif
+
+if LINUX
+pppd_SOURCES += sys-linux.c
+noinst_HEADERS += termios_linux.h
+pppd_LIBS += $(CRYPT_LIBS) $(UTIL_LIBS)
+endif
+
+if SUNOS
+pppd_SOURCES += sys-solaris.c
+pppd_CPPFLAGS += -I${top_srcdir}/include
+pppd_LIBS += -lsocket -lnsl
+endif
+
+if PPP_WITH_CHAPMS
+pppd_SOURCES += chap_ms.c crypto_ms.c
+check_PROGRAMS += utest_chap
+check_PROGRAMS += utest_pppcrypt
+else
+if WITH_SRP
+pppd_SOURCES += crypto_ms.c
+check_PROGRAMS += utest_pppcrypt
+endif
+endif
+
+if PPP_WITH_CBCP
+pppd_SOURCES += cbcp.c
+endif
+
+if PPP_WITH_MPPE
+pppd_SOURCES += mppe.c
+endif
+
+if PPP_WITH_FILTER
+pppd_CPPFLAGS += $(PCAP_CFLAGS)
+pppd_LDFLAGS += $(PCAP_LDFLAGS)
+pppd_LIBS += $(PCAP_LIBS)
+endif
+
+if PPP_WITH_PLUGINS
+pppd_CPPFLAGS += -DPPPD_PLUGIN_DIR='"@PPPD_PLUGIN_DIR@"'
+pppd_LIBS += -ldl
+if LINUX
+pppd_LDFLAGS += -Wl,-E
+endif
+endif
+
+if PPP_WITH_MULTILINK
+pppd_SOURCES += multilink.c
+endif
+
+if PPP_WITH_TDB
+pppd_SOURCES += tdb.c spinlock.c
+endif
+
+if PPP_WITH_IPV6CP
+pppd_SOURCES += ipv6cp.c eui64.c
+endif
+
+if PPP_WITH_PAM
+pppd_CPPFLAGS += $(PAM_CFLAGS)
+pppd_LIBS += $(PAM_LIBS) -ldl
+pppd_LDFLAGS += $(PAM_LDFLAGS)
+endif
+
+if PPP_WITH_EAPTLS
+pppd_SOURCES += eap-tls.c tls.c
+else
+if PPP_WITH_PEAP
+pppd_SOURCES += tls.c
+endif
+endif
+
+if PPP_WITH_PEAP
+pppd_SOURCES += peap.c
+check_PROGRAMS += utest_peap
+endif
+
+noinst_LTLIBRARIES = libppp_crypto.la
+libppp_crypto_la_SOURCES=crypto.c ppp-md5.c ppp-md4.c ppp-sha1.c ppp-des.c
+
+if PPP_WITH_OPENSSL
+libppp_crypto_la_CPPFLAGS=$(OPENSSL_INCLUDES)
+libppp_crypto_la_LDFLAGS=$(OPENSSL_LDFLAGS)
+libppp_crypto_la_LIBADD=$(OPENSSL_LIBS)
+endif
+
+utest_peap_LDADD = libppp_crypto.la
+utest_chap_LDADD = libppp_crypto.la
+utest_crypto_LDADD = libppp_crypto.la
+utest_pppcrypt_LDADD = libppp_crypto.la
+
+pppd_LIBS += libppp_crypto.la
+
+if WITH_SYSTEMD
+pppd_CPPFLAGS += $(SYSTEMD_CFLAGS)
+pppd_LIBS += $(SYSTEMD_LIBS)
+endif
+
+if WITH_SRP
+srp_entry_SOURCES = srp-entry.c
+srp_entry_CPPFLAGS = $(OPENSSL_INCLUDES) $(SRP_CFLAGS)
+srp_entry_LDADD = $(SRP_LIBS) $(OPENSSL_LIBS)
+srp_entry_LDFLAGS = $(OPENSSL_LDFLAGS) $(SRP_LDFLAGS)
+
+pppd_CPPFLAGS += $(SRP_CFLAGS)
+pppd_LDFLAGS += $(SRP_LDFLAGS)
+pppd_LIBS += $(SRP_LIBS)
+endif
+
+pppd_LDADD = $(pppd_LIBS)
+
+EXTRA_DIST = \
+ ppp.pam
+
+TESTS = $(check_PROGRAMS)
+
+++ /dev/null
-#
-# pppd makefile for Linux
-# Processed by configure to produce pppd/Makefile
-#
-
-CROSS_COMPILE=@CROSS_COMPILE@
-CC=$(CROSS_COMPILE)@CC@
-COPTS=@CFLAGS@
-
-# Default installation locations
-DESTDIR = $(INSTROOT)@DESTDIR@
-BINDIR = $(DESTDIR)/sbin
-MANDIR = $(DESTDIR)/share/man/man8
-INCDIR = $(DESTDIR)/include
-
-TARGETS = pppd
-
-PPPDSRCS = main.c magic.c fsm.c lcp.c ipcp.c upap.c chap-new.c md5.c ccp.c \
- ecp.c ipxcp.c auth.c options.c sys-linux.c md4.c chap_ms.c \
- demand.c utils.c tty.c eap.c chap-md5.c session.c
-
-HEADERS = ccp.h session.h chap-new.h ecp.h fsm.h ipcp.h \
- ipxcp.h lcp.h magic.h md5.h patchlevel.h pathnames.h pppd.h \
- upap.h eap.h
-
-MANPAGES = pppd.8
-PPPDOBJS = main.o magic.o fsm.o lcp.o ipcp.o upap.o chap-new.o md5.o ccp.o \
- ecp.o auth.o options.o demand.o utils.o sys-linux.o ipxcp.o tty.o \
- eap.o chap-md5.o session.o
-
-#
-# include dependencies if present
-ifeq (.depend,$(wildcard .depend))
-include .depend
-endif
-
-LIBS = -lrt
-
-# Uncomment the next line to include support for Microsoft's
-# MS-CHAP authentication protocol. Also, edit plugins/radius/Makefile.linux.
-CHAPMS=y
-#USE_CRYPT=y
-# Don't use MSLANMAN unless you really know what you're doing.
-#MSLANMAN=y
-# Uncomment the next line to include support for MPPE. CHAPMS (above) must
-# also be enabled. Also, edit plugins/radius/Makefile.linux.
-MPPE=y
-
-# Uncomment the next line to include support for PPP packet filtering.
-# This requires that the libpcap library and headers be installed
-# and that the kernel driver support PPP packet filtering.
-FILTER=y
-
-# Uncomment the next line to enable multilink PPP (enabled by default)
-# Linux distributions: Please leave multilink ENABLED in your builds
-# of pppd!
-HAVE_MULTILINK=y
-
-# Uncomment the next line to enable the TDB database (enabled by default.)
-# If you enable multilink, then TDB is automatically enabled also.
-# Linux distributions: Please leave TDB ENABLED in your builds.
-USE_TDB=y
-
-# Uncomment the next line to enable Type=notify services in systemd
-# If enabled, and the user sets the up_sdnotify option, then
-# pppd will not detach and will notify systemd when up.
-#SYSTEMD=y
-
-HAS_SHADOW=y
-#USE_PAM=y
-HAVE_INET6=y
-
-# Enable plugins
-PLUGIN=y
-
-# Enable Microsoft proprietary Callback Control Protocol
-#CBCP=y
-
-# Enable EAP SRP-SHA1 authentication (requires libsrp)
-#USE_SRP=y
-
-# Use libutil; test if logwtmp is declared in <utmp.h> to detect
-UTMPHEADER = "\#include <utmp.h>"
-ifeq ($(shell echo $(UTMPHEADER) | $(CC) -E - 2>/dev/null | grep -q logwtmp && echo yes),yes)
-USE_LIBUTIL=y
-endif
-
-# Enable EAP-TLS authentication (requires MPPE support, libssl and libcrypto)
-USE_EAPTLS=y
-
-MAXOCTETS=y
-
-INCLUDE_DIRS= -I../include
-
-COMPILE_FLAGS= -DHAVE_PATHS_H -DIPX_CHANGE -DHAVE_MMAP -pipe
-
-CFLAGS= $(COPTS) $(COMPILE_FLAGS) $(INCLUDE_DIRS) '-DDESTDIR="@DESTDIR@"'
-
-ifdef CHAPMS
-CFLAGS += -DCHAPMS=1
-NEEDDES=y
-PPPDOBJS += md4.o chap_ms.o
-HEADERS += md4.h chap_ms.h
-ifdef MSLANMAN
-CFLAGS += -DMSLANMAN=1
-endif
-ifdef MPPE
-CFLAGS += -DMPPE=1
-HEADERS += mppe.h
-endif
-endif
-
-# EAP SRP-SHA1
-ifdef USE_SRP
-CFLAGS += -DUSE_SRP -DOPENSSL -I/usr/local/ssl/include
-LIBS += -lsrp -L/usr/local/ssl/lib
-NEEDCRYPTOLIB = y
-TARGETS += srp-entry
-EXTRAINSTALL = $(INSTALL) -c -m 555 srp-entry $(BINDIR)/srp-entry
-MANPAGES += srp-entry.8
-EXTRACLEAN += srp-entry.o
-NEEDDES=y
-else
-# OpenSSL has an integrated version of SHA-1, and its implementation
-# is incompatible with this local SHA-1 implementation. We must use
-# one or the other, not both.
-PPPDSRCS += sha1.c
-HEADERS += sha1.h
-PPPDOBJS += sha1.o
-endif
-
-# EAP-TLS
-ifdef USE_EAPTLS
-CFLAGS += -DUSE_EAPTLS=1
-LIBS += -lssl
-NEEDCRYPTOLIB = y
-PPPDSRC += eap-tls.c
-HEADERS += eap-tls.h
-PPPDOBJS += eap-tls.o
-endif
-
-ifdef HAS_SHADOW
-CFLAGS += -DHAS_SHADOW
-#LIBS += -lshadow $(LIBS)
-endif
-
-CRYPTHEADER = "\#include <crypt.h>"
-ifeq ($(shell echo $(CRYPTHEADER) | $(CC) -E - >/dev/null 2>&1 && echo yes),yes)
-CFLAGS += -DHAVE_CRYPT_H=1
-LIBS += -lcrypt
-endif
-
-ifdef USE_LIBUTIL
-CFLAGS += -DHAVE_LOGWTMP=1
-LIBS += -lutil
-endif
-
-ifdef NEEDDES
-ifndef USE_CRYPT
-NEEDCRYPTOLIB = y
-else
-CFLAGS += -DUSE_CRYPT=1
-endif
-PPPDOBJS += pppcrypt.o
-HEADERS += pppcrypt.h
-endif
-
-ifdef NEEDCRYPTOLIB
-LIBS += -lcrypto
-endif
-
-# For "Pluggable Authentication Modules", see ftp.redhat.com:/pub/pam/.
-ifdef USE_PAM
-CFLAGS += -DUSE_PAM
-LIBS += -lpam -ldl
-endif
-
-# Multi-linnk
-ifdef HAVE_MULTILINK
- # Multilink implies the use of TDB
- USE_TDB=y
-
- CFLAGS += -DHAVE_MULTILINK
- PPPDSRCS += multilink.c
- PPPDOBJS += multilink.o
-endif
-
-# TDB
-ifdef USE_TDB
- CFLAGS += -DUSE_TDB=1
- PPPDSRCS += tdb.c spinlock.c
- PPPDOBJS += tdb.o spinlock.o
- HEADERS += tdb.h spinlock.h
-endif
-
-# Lock library binary for Linux is included in 'linux' subdirectory.
-ifdef LOCKLIB
-LIBS += -llock
-CFLAGS += -DLOCKLIB=1
-endif
-
-ifdef SYSTEMD
-LIBS += -lsystemd
-CFLAGS += -DSYSTEMD=1
-endif
-
-ifdef PLUGIN
-CFLAGS += -DPLUGIN
-LDFLAGS_PLUGIN += -Wl,-E
-LIBS += -ldl
-endif
-
-ifdef FILTER
-LIBS += -lpcap
-CFLAGS += -DPPP_FILTER
-endif
-
-ifdef HAVE_INET6
- PPPDSRCS += ipv6cp.c eui64.c
- HEADERS += ipv6cp.h eui64.h
- PPPDOBJS += ipv6cp.o eui64.o
- CFLAGS += -DINET6=1
-endif
-
-ifdef CBCP
- PPPDSRCS += cbcp.c
- PPPDOBJS += cbcp.o
- CFLAGS += -DCBCP_SUPPORT
- HEADERS += cbcp.h
-endif
-
-ifdef MAXOCTETS
- CFLAGS += -DMAXOCTETS
-endif
-
-INSTALL= install
-
-all: $(TARGETS)
-
-install: pppd
- mkdir -p $(BINDIR) $(MANDIR)
- $(EXTRAINSTALL)
- $(INSTALL) -c -m 755 pppd $(BINDIR)/pppd
- if chgrp pppusers $(BINDIR)/pppd 2>/dev/null; then \
- chmod o-rx,u+s $(BINDIR)/pppd; fi
- $(INSTALL) -c -m 644 pppd.8 $(MANDIR)
-
-pppd: $(PPPDOBJS)
- $(CC) $(CFLAGS) $(LDFLAGS) $(LDFLAGS_PLUGIN) -o pppd $(PPPDOBJS) $(LIBS)
-
-srp-entry: srp-entry.c
- $(CC) $(CFLAGS) $(LDFLAGS) -o $@ srp-entry.c $(LIBS)
-
-install-devel:
- mkdir -p $(INCDIR)/pppd
- $(INSTALL) -c -m 644 $(HEADERS) $(INCDIR)/pppd
-
-clean:
- rm -f $(PPPDOBJS) $(EXTRACLEAN) $(TARGETS) *~ #* core
-
-depend:
- $(CPP) -M $(CFLAGS) $(PPPDSRCS) >.depend
+++ /dev/null
-#
-# Makefile for pppd under Solaris 2.
-# $Id: Makefile.sol2,v 1.30 2008/01/30 14:26:52 carlsonj Exp $
-#
-
-include ../Makedefs.com
-
-CFLAGS = -I../include -DSVR4 -DSOL2 $(COPTS) '-DDESTDIR="@DESTDIR@"'
-LIBS = -lsocket -lnsl
-
-OBJS = main.o magic.o fsm.o lcp.o ipcp.o upap.o chap-new.o eap.o md5.o \
- tty.o ccp.o ecp.o auth.o options.o demand.o utils.o sys-solaris.o \
- chap-md5.o session.o
-
-# Solaris uses shadow passwords
-CFLAGS += -DHAS_SHADOW
-
-#
-# Comment the following out to disable plugins
-#
-CFLAGS += -DPLUGIN
-LIBS += -ldl
-
-#
-# Solaris 8 and above accomodates /var/run, so uncomment the
-# following to place pppd process IDs on that location
-#
-#CFLAGS += -D_PATH_VARRUN='"/var/run/"'
-
-#
-# uncomment the following to enable IPv6
-#
-# Solaris 8 and on includes support for IPv6
-#
-CFLAGS += -DINET6
-OBJS += ipv6cp.o eui64.o
-
-# Uncomment to enable MS-CHAP
-CFLAGS += -DUSE_CRYPT -DCHAPMS -DMSLANMAN -DHAVE_CRYPT_H
-OBJS += chap_ms.o pppcrypt.o md4.o sha1.o
-
-# Uncomment to enable MPPE (in both CHAP and EAP-TLS)
-CFLAGS += -DMPPE
-
-# Uncomment to enable EAP-TLS
-CFLAGS += -DUSE_EAPTLS
-LIBS += -lcrypto -lssl
-OBJS += eap-tls.o
-
-# Uncomment for CBCP
-#CFLAGS += -DCBCP_SUPPORT
-#OBJS += cbcp.o
-
-# Uncomment for PAM
-#CFLAGS += -DUSE_PAM
-#LIBS += -lpam
-
-#
-# Make targets
-#
-all: pppd
-
-pppd: $(OBJS)
- $(CC) -o pppd $(OBJS) $(LIBS)
-
-install:
- $(INSTALL) -f $(BINDIR) -m 4755 -u root pppd
- $(INSTALL) -f $(MANDIR)/man8 -m 444 pppd.8
-
-clean:
- rm -f $(OBJS) pppd *~ core y.tab.c y.tab.h
* 3. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
#define RCSID "$Id: auth.c,v 1.117 2008/07/01 12:27:56 paulus Exp $"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include <stdio.h>
#include <stddef.h>
#include <stdlib.h>
#include <arpa/inet.h>
-#ifdef HAS_SHADOW
+#ifdef HAVE_SHADOW_H
#include <shadow.h>
#ifndef PW_PPP
#define PW_PPP PW_LOGIN
#endif
#include <time.h>
+#ifdef HAVE_CRYPT_H
+#include <crypt.h>
+#endif
+
#ifdef SYSTEMD
#include <systemd/sd-daemon.h>
#endif
-#include "pppd.h"
+#include "pppd-private.h"
+#include "options.h"
#include "fsm.h"
#include "lcp.h"
#include "ccp.h"
#include "ecp.h"
#include "ipcp.h"
#include "upap.h"
-#include "chap-new.h"
+#include "chap.h"
#include "eap.h"
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
#include "eap-tls.h"
#endif
-#ifdef CBCP_SUPPORT
+#ifdef PPP_WITH_CBCP
#include "cbcp.h"
#endif
+#include "multilink.h"
#include "pathnames.h"
#include "session.h"
int (*idle_time_hook)(struct ppp_idle *) = NULL;
/* Hook for a plugin to say whether we can possibly authenticate any peer */
-int (*pap_check_hook)(void) = NULL;
+pap_check_hook_fn *pap_check_hook = NULL;
/* Hook for a plugin to check the PAP user and password */
-int (*pap_auth_hook)(char *user, char *passwd, char **msgp,
- struct wordlist **paddrs,
- struct wordlist **popts) = NULL;
+pap_auth_hook_fn *pap_auth_hook = NULL;
/* Hook for a plugin to know about the PAP user logout */
-void (*pap_logout_hook)(void) = NULL;
+pap_logout_hook_fn *pap_logout_hook = NULL;
/* Hook for a plugin to get the PAP password for authenticating us */
-int (*pap_passwd_hook)(char *user, char *passwd) = NULL;
+pap_passwd_hook_fn *pap_passwd_hook = NULL;
/* Hook for a plugin to say if we can possibly authenticate a peer using CHAP */
-int (*chap_check_hook)(void) = NULL;
+chap_check_hook_fn *chap_check_hook = NULL;
/* Hook for a plugin to get the CHAP password for authenticating us */
-int (*chap_passwd_hook)(char *user, char *passwd) = NULL;
+chap_passwd_hook_fn *chap_passwd_hook = NULL;
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
/* Hook for a plugin to get the EAP-TLS password for authenticating us */
-int (*eaptls_passwd_hook)(char *user, char *passwd) = NULL;
+eaptls_passwd_hook_fn *eaptls_passwd_hook = NULL;
#endif
/* Hook for a plugin to say whether it is OK if the peer
int (*allowed_address_hook)(u_int32_t addr) = NULL;
-#ifdef HAVE_MULTILINK
-/* Hook for plugin to hear when an interface joins a multilink bundle */
-void (*multilink_join_hook)(void) = NULL;
-#endif
-
/* A notifier for when the peer has authenticated itself,
and we are proceeding to the network phase. */
struct notifier *auth_up_notifier = NULL;
bool refuse_pap = 0; /* Don't wanna auth. ourselves with PAP */
bool refuse_chap = 0; /* Don't wanna auth. ourselves with CHAP */
bool refuse_eap = 0; /* Don't wanna auth. ourselves with EAP */
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
bool refuse_mschap = 0; /* Don't wanna auth. ourselves with MS-CHAP */
bool refuse_mschap_v2 = 0; /* Don't wanna auth. ourselves with MS-CHAPv2 */
#else
bool explicit_user = 0; /* Set if "user" option supplied */
bool explicit_passwd = 0; /* Set if "password" option supplied */
char remote_name[MAXNAMELEN]; /* Peer's name for authentication */
-#ifdef USE_EAPTLS
-char *cacert_file = NULL; /* CA certificate file (pem format) */
-char *ca_path = NULL; /* directory with CA certificates */
-char *cert_file = NULL; /* client certificate file (pem format) */
-char *privkey_file = NULL; /* client private key file (pem format) */
-char *crl_dir = NULL; /* directory containing CRL files */
-char *crl_file = NULL; /* Certificate Revocation List (CRL) file (pem format) */
-char *max_tls_version = NULL; /* Maximum TLS protocol version (default=1.2) */
-char *tls_verify_method = NULL;
-bool tls_verify_key_usage = 0;
-bool need_peer_eap = 0; /* Require peer to authenticate us */
+
+#if defined(PPP_WITH_EAPTLS) || defined(PPP_WITH_PEAP)
+char *cacert_file = NULL; /* CA certificate file (pem format) */
+char *ca_path = NULL; /* Directory with CA certificates */
+char *crl_dir = NULL; /* Directory containing CRL files */
+char *crl_file = NULL; /* Certificate Revocation List (CRL) file (pem format) */
+char *max_tls_version = NULL; /* Maximum TLS protocol version (default=1.2) */
+char *tls_verify_method = NULL; /* Verify certificate method */
+bool tls_verify_key_usage = 0; /* Verify peer certificate key usage */
#endif
-static char *uafname; /* name of most recent +ua file */
+#if defined(PPP_WITH_EAPTLS)
+char *cert_file = NULL; /* Client certificate file (pem format) */
+char *privkey_file = NULL; /* Client private key file (pem format) */
+char *pkcs12_file = NULL; /* Client private key envelope file (pkcs12 format) */
+bool need_peer_eap = 0; /* Require peer to authenticate us */
+#endif
-extern char *crypt (const char *, const char *);
+static char *uafname; /* name of most recent +ua file */
/* Prototypes for procedures local to this file. */
static int have_srp_secret(char *client, char *server, int need_ip,
int *lacks_ipp);
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
static int have_eaptls_secret_server
(char *client, char *server, int need_ip, int *lacks_ipp);
static int have_eaptls_secret_client (char *client, char *server);
static int set_permitted_number (char **);
static void check_access (FILE *, char *);
static int wordlist_count (struct wordlist *);
-
-#ifdef MAXOCTETS
static void check_maxoctets (void *);
-#endif
/*
* Authentication-related options.
*/
-option_t auth_options[] = {
+struct option auth_options[] = {
{ "auth", o_bool, &auth_required,
"Require authentication from peer", OPT_PRIO | 1 },
{ "noauth", o_bool, &auth_required,
"Require CHAP authentication from peer",
OPT_ALIAS | OPT_PRIOSUB | OPT_A2OR | MDTYPE_MD5,
&lcp_wantoptions[0].chap_mdtype },
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
{ "require-mschap", o_bool, &auth_required,
"Require MS-CHAP authentication from peer",
OPT_PRIOSUB | OPT_A2OR | MDTYPE_MICROSOFT,
"Don't allow CHAP authentication with peer",
OPT_ALIAS | OPT_A2CLRB | MDTYPE_MD5,
&lcp_allowoptions[0].chap_mdtype },
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
{ "refuse-mschap", o_bool, &refuse_mschap,
"Don't agree to auth to peer with MS-CHAP",
OPT_A2CLRB | MDTYPE_MICROSOFT,
"Set telephone number(s) which are allowed to connect",
OPT_PRIV | OPT_A2LIST },
-#ifdef USE_EAPTLS
- { "ca", o_string, &cacert_file, "EAP-TLS CA certificate in PEM format" },
- { "capath", o_string, &ca_path, "EAP-TLS CA certificate directory" },
- { "cert", o_string, &cert_file, "EAP-TLS client certificate in PEM format" },
- { "key", o_string, &privkey_file, "EAP-TLS client private key in PEM format" },
- { "crl-dir", o_string, &crl_dir, "Use CRLs in directory" },
- { "crl", o_string, &crl_file, "Use specific CRL file" },
+#if defined(PPP_WITH_EAPTLS) || defined(PPP_WITH_PEAP)
+ { "ca", o_string, &cacert_file, "CA certificate in PEM format" },
+ { "capath", o_string, &ca_path, "TLS CA certificate directory" },
+ { "crl-dir", o_string, &crl_dir, "Use CRLs in directory" },
+ { "crl", o_string, &crl_file, "Use specific CRL file" },
{ "max-tls-version", o_string, &max_tls_version,
"Maximum TLS version (1.0/1.1/1.2 (default)/1.3)" },
{ "tls-verify-key-usage", o_bool, &tls_verify_key_usage,
"Verify certificate type and extended key usage" },
{ "tls-verify-method", o_string, &tls_verify_method,
"Verify peer by method (none|subject|name|suffix)" },
+#endif
+
+#if defined(PPP_WITH_EAPTLS)
+ { "cert", o_string, &cert_file, "client certificate in PEM format" },
+ { "key", o_string, &privkey_file, "client private key in PEM format" },
+ { "pkcs12", o_string, &pkcs12_file, "EAP-TLS client credentials in PKCS12 format" },
{ "need-peer-eap", o_bool, &need_peer_eap,
"Require the peer to authenticate us", 1 },
-#endif /* USE_EAPTLS */
+#endif /* PPP_WITH_EAPTLS */
{ NULL }
};
+const char *
+ppp_remote_name()
+{
+ return remote_name;
+}
+
+const char *
+ppp_get_remote_number(void)
+{
+ return remote_number;
+}
+
+void
+ppp_set_remote_number(const char *buf)
+{
+ if (buf) {
+ strlcpy(remote_number, buf, sizeof(remote_number));
+ }
+}
+
+const char *
+ppp_peer_authname(char *buf, size_t bufsz)
+{
+ if (buf && bufsz > 0) {
+ strlcpy(buf, peer_authname, bufsz);
+ return buf;
+ }
+ return peer_authname;
+}
+
/*
* setupapfile - specifies UPAP info for authenticating with peer.
*/
novm("+ua file name");
euid = geteuid();
if (seteuid(getuid()) == -1) {
- option_error("unable to reset uid before opening %s: %m", fname);
+ ppp_option_error("unable to reset uid before opening %s: %m", fname);
free(fname);
return 0;
}
if (seteuid(euid) == -1)
fatal("unable to regain privileges: %m");
if (ufile == NULL) {
- option_error("unable to open user login data file %s", fname);
+ ppp_option_error("unable to open user login data file %s", fname);
free(fname);
return 0;
}
if (fgets(u, MAXNAMELEN - 1, ufile) == NULL
|| fgets(p, MAXSECRETLEN - 1, ufile) == NULL) {
fclose(ufile);
- option_error("unable to read user login data file %s", fname);
+ ppp_option_error("unable to read user login data file %s", fname);
free(fname);
return 0;
}
g = getgrnam(*argv);
if (g == 0) {
- option_error("group %s is unknown", *argv);
+ ppp_option_error("group %s is unknown", *argv);
return 0;
}
for (i = 0; i < ngroups; ++i) {
*/
void start_link(int unit)
{
- status = EXIT_CONNECT_FAILED;
+ ppp_set_status(EXIT_CONNECT_FAILED);
new_phase(PHASE_SERIALCONN);
hungup = 0;
*/
fd_ppp = the_channel->establish_ppp(devfd);
if (fd_ppp < 0) {
- status = EXIT_FATAL_ERROR;
+ ppp_set_status(EXIT_FATAL_ERROR);
goto disconnect;
}
* incoming events (reply, timeout, etc.).
*/
if (ifunit >= 0)
- notice("Connect: %s <--> %s", ifname, ppp_devnam);
+ notice("Connect: %s <--> %s", ifname, ppp_devname);
else
- notice("Starting negotiation on %s", ppp_devnam);
+ notice("Starting negotiation on %s", ppp_devname);
add_fd(fd_ppp);
- status = EXIT_NEGOTIATION_FAILED;
+ ppp_set_status(EXIT_NEGOTIATION_FAILED);
new_phase(PHASE_ESTABLISH);
lcp_lowerup(0);
void
link_terminated(int unit)
{
- if (phase == PHASE_DEAD || phase == PHASE_MASTER)
+ if (in_phase(PHASE_DEAD) || in_phase(PHASE_MASTER))
return;
new_phase(PHASE_DISCONNECT);
}
session_end(devnam);
- if (!doing_multilink) {
+ if (!mp_on()) {
notice("Connection terminated.");
print_link_stats();
} else
* can happen that another pppd gets the same unit and then
* we delete its pid file.
*/
- if (!doing_multilink && !demand)
+ if (!demand && !mp_on())
remove_pidfiles();
-
/*
* If we may want to bring the link up again, transfer
* the ppp unit back to the loopback. Set the
remove_fd(fd_ppp);
clean_check();
the_channel->disestablish_ppp(devfd);
- if (doing_multilink)
+ if (mp_on())
mp_exit_bundle();
fd_ppp = -1;
}
if (!hungup)
lcp_lowerdown(0);
- if (!doing_multilink && !demand)
- script_unsetenv("IFNAME");
+ if (!mp_on() && !demand)
+ ppp_script_unsetenv("IFNAME");
/*
* Run disconnector script, if requested.
if (the_channel->cleanup)
(*the_channel->cleanup)();
- if (doing_multilink && multilink_master) {
+ if (mp_on() && mp_master()) {
if (!bundle_terminating) {
new_phase(PHASE_MASTER);
if (master_detach && !detached)
notify(link_down_notifier, 0);
auth_state = s_down;
if (auth_script_state == s_up && auth_script_pid == 0) {
- update_link_stats(unit);
+ ppp_get_link_stats(NULL);
auth_script_state = s_down;
- auth_script(_PATH_AUTHDOWN);
+ auth_script(PPP_PATH_AUTHDOWN);
}
}
- if (!doing_multilink) {
+ if (!mp_on())
+ {
upper_layers_down(unit);
- if (phase != PHASE_DEAD && phase != PHASE_MASTER)
+ if (!in_phase(PHASE_DEAD) && !in_phase(PHASE_MASTER))
new_phase(PHASE_ESTABLISH);
}
/* XXX if doing_multilink, should do something to stop
lcp_options *wo = &lcp_wantoptions[unit];
lcp_options *go = &lcp_gotoptions[unit];
lcp_options *ho = &lcp_hisoptions[unit];
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
lcp_options *ao = &lcp_allowoptions[unit];
#endif
int i;
/*
* Tell higher-level protocols that LCP is up.
*/
- if (!doing_multilink) {
+ if (!mp_on())
for (i = 0; (protp = protocols[i]) != NULL; ++i)
if (protp->protocol != PPP_LCP && protp->enabled_flag
&& protp->lowerup != NULL)
(*protp->lowerup)(unit);
- }
-
if (!auth_required && noauth_addrs != NULL)
set_allowed_addrs(unit, NULL, NULL);
set_allowed_addrs(unit, NULL, NULL);
} else if (!wo->neg_upap || uselogin || !null_login(unit)) {
warn("peer refused to authenticate: terminating link");
- status = EXIT_PEER_AUTH_FAILED;
+ ppp_set_status(EXIT_PEER_AUTH_FAILED);
lcp_close(unit, "peer refused to authenticate");
return;
}
}
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
if (need_peer_eap && !ao->neg_eap) {
warn("eap required to authenticate us but no suitable secrets");
lcp_close(unit, "couldn't negotiate eap");
- status = EXIT_AUTH_TOPEER_FAILED;
+ ppp_set_status(EXIT_AUTH_TOPEER_FAILED);
return;
}
if (need_peer_eap && !ho->neg_eap) {
warn("peer doesn't want to authenticate us with eap");
lcp_close(unit, "couldn't negotiate eap");
- status = EXIT_PEER_AUTH_FAILED;
+ ppp_set_status(EXIT_PEER_AUTH_FAILED);
return;
}
#endif
auth_state = s_up;
if (auth_script_state == s_down && auth_script_pid == 0) {
auth_script_state = s_up;
- auth_script(_PATH_AUTHUP);
+ auth_script(PPP_PATH_AUTHUP);
}
}
-#ifdef CBCP_SUPPORT
+#ifdef PPP_WITH_CBCP
/*
* If we negotiated callback, do it now.
*/
new_phase(PHASE_NETWORK);
-#ifdef HAVE_MULTILINK
+#ifdef PPP_WITH_MULTILINK
if (multilink) {
if (mp_join_bundle()) {
if (multilink_join_hook)
return;
}
}
-#endif /* HAVE_MULTILINK */
+#endif /* PPP_WITH_MULTILINK */
-#ifdef PPP_FILTER
+#ifdef PPP_WITH_FILTER
if (!demand)
set_filters(&pass_filter, &active_filter);
#endif
/*
* Authentication failure: take the link down
*/
- status = EXIT_PEER_AUTH_FAILED;
+ ppp_set_status(EXIT_PEER_AUTH_FAILED);
lcp_close(unit, "Authentication failed");
}
case CHAP_MD5:
bit |= CHAP_MD5_PEER;
break;
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
case CHAP_MICROSOFT:
bit |= CHAP_MS_PEER;
break;
namelen = sizeof(peer_authname) - 1;
BCOPY(name, peer_authname, namelen);
peer_authname[namelen] = 0;
- script_setenv("PEERNAME", peer_authname, 0);
+ ppp_script_setenv("PEERNAME", peer_authname, 0);
/* Save the authentication method for later. */
auth_done[unit] |= bit;
* is no point in persisting without any way to get updated
* authentication secrets.
*/
- status = EXIT_AUTH_TOPEER_FAILED;
+ ppp_set_status(EXIT_AUTH_TOPEER_FAILED);
lcp_close(unit, "Failed to authenticate ourselves to peer");
}
case CHAP_MD5:
bit |= CHAP_MD5_WITHPEER;
break;
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
case CHAP_MICROSOFT:
bit |= CHAP_MS_WITHPEER;
break;
/*
* At this point we consider that the link has come up successfully.
*/
- status = EXIT_OK;
+ ppp_set_status(EXIT_OK);
unsuccess = 0;
new_phase(PHASE_RUNNING);
if (idle_time_hook != 0)
tlim = (*idle_time_hook)(NULL);
else
- tlim = idle_time_limit;
+ tlim = ppp_get_max_idle_time();
if (tlim > 0)
TIMEOUT(check_idle, NULL, tlim);
* Set a timeout to close the connection once the maximum
* connect time has expired.
*/
- if (maxconnect > 0)
- TIMEOUT(connect_time_expired, 0, maxconnect);
+ if (ppp_get_max_connect_time() > 0)
+ TIMEOUT(connect_time_expired, 0, ppp_get_max_connect_time());
-#ifdef MAXOCTETS
+ /*
+ * Configure a check to see if session has outlived it's limit
+ * in terms of octets
+ */
if (maxoctets > 0)
TIMEOUT(check_maxoctets, NULL, maxoctets_timeout);
-#endif
/*
* Detach now, if the updetach option was given.
if (--num_np_up == 0) {
UNTIMEOUT(check_idle, NULL);
UNTIMEOUT(connect_time_expired, NULL);
-#ifdef MAXOCTETS
UNTIMEOUT(check_maxoctets, NULL);
-#endif
new_phase(PHASE_NETWORK);
}
}
}
}
-#ifdef MAXOCTETS
+/*
+ * Periodic callback to check if session has reached its limit. The period defaults
+ * to 1 second and is configurable by setting "mo-timeout" in configuration
+ */
static void
check_maxoctets(void *arg)
{
- unsigned int used;
-
- update_link_stats(ifunit);
- link_stats_valid=0;
-
- switch(maxoctets_dir) {
- case PPP_OCTETS_DIRECTION_IN:
- used = link_stats.bytes_in;
- break;
- case PPP_OCTETS_DIRECTION_OUT:
- used = link_stats.bytes_out;
- break;
- case PPP_OCTETS_DIRECTION_MAXOVERAL:
- case PPP_OCTETS_DIRECTION_MAXSESSION:
- used = (link_stats.bytes_in > link_stats.bytes_out) ? link_stats.bytes_in : link_stats.bytes_out;
- break;
- default:
- used = link_stats.bytes_in+link_stats.bytes_out;
- break;
+ unsigned int used = 0;
+ ppp_link_stats_st stats;
+
+ if (ppp_get_link_stats(&stats)) {
+ switch(maxoctets_dir) {
+ case PPP_OCTETS_DIRECTION_IN:
+ used = stats.bytes_in;
+ break;
+ case PPP_OCTETS_DIRECTION_OUT:
+ used = stats.bytes_out;
+ break;
+ case PPP_OCTETS_DIRECTION_MAXOVERAL:
+ case PPP_OCTETS_DIRECTION_MAXSESSION:
+ used = (stats.bytes_in > stats.bytes_out)
+ ? stats.bytes_in
+ : stats.bytes_out;
+ break;
+ default:
+ used = stats.bytes_in+stats.bytes_out;
+ break;
+ }
}
+
if (used > maxoctets) {
notice("Traffic limit reached. Limit: %u Used: %u", maxoctets, used);
- status = EXIT_TRAFFIC_LIMIT;
+ ppp_set_status(EXIT_TRAFFIC_LIMIT);
lcp_close(0, "Traffic limit");
+ link_stats_print = 0;
need_holdoff = 0;
} else {
TIMEOUT(check_maxoctets, NULL, maxoctets_timeout);
}
}
-#endif
/*
* check_idle - check whether the link has been idle for long
tlim = idle_time_hook(&idle);
} else {
itime = MIN(idle.xmit_idle, idle.recv_idle);
- tlim = idle_time_limit - itime;
+ tlim = ppp_get_max_idle_time() - itime;
}
if (tlim <= 0) {
/* link is idle: shut it down. */
notice("Terminating connection due to lack of activity.");
- status = EXIT_IDLE_TIMEOUT;
+ ppp_set_status(EXIT_IDLE_TIMEOUT);
lcp_close(0, "Link inactive");
need_holdoff = 0;
} else {
connect_time_expired(void *arg)
{
info("Connect time expired");
- status = EXIT_CONNECT_TIME;
+ ppp_set_status(EXIT_CONNECT_TIME);
lcp_close(0, "Connect time expired"); /* Close connection */
}
/* Default our_name to hostname, and user to our_name */
if (our_name[0] == 0 || usehostname)
- strlcpy(our_name, hostname, sizeof(our_name));
+ strlcpy(our_name, hostname, sizeof(our_name));
+
/* If a blank username was explicitly given as an option, trust
the user and don't use our_name */
if (user[0] == 0 && !explicit_user)
strlcpy(user, our_name, sizeof(user));
+#if defined(SYSTEM_CA_PATH) && (defined(PPP_WITH_EAPTLS) || defined(PPP_WITH_PEAP))
+ /* Use system default for CA Path if not specified */
+ if (!ca_path) {
+ ca_path = SYSTEM_CA_PATH;
+ }
+#endif
+
/*
* If we have a default route, require the peer to authenticate
* unless the noauth option was given or the real user is root.
our_name, 1, &lacks_ip);
}
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
if (!can_auth && wo->neg_eap) {
can_auth =
have_eaptls_secret_server((explicit_remote ? remote_name :
if (auth_required && !can_auth && noauth_addrs == NULL) {
if (default_auth) {
- option_error(
+ ppp_option_error(
"By default the remote system is required to authenticate itself");
- option_error(
+ ppp_option_error(
"(because this system has a default route to the internet)");
} else if (explicit_remote)
- option_error(
+ ppp_option_error(
"The remote system (%s) is required to authenticate itself",
remote_name);
else
- option_error(
+ ppp_option_error(
"The remote system is required to authenticate itself");
- option_error(
+ ppp_option_error(
"but I couldn't find any suitable secret (password) for it to use to do so.");
if (lacks_ip)
- option_error(
+ ppp_option_error(
"(None of the available passwords would let it use an IP address.)");
exit(1);
(hadchap == 1 || (hadchap == -1 && have_chap_secret(user,
(explicit_remote? remote_name: NULL), 0, NULL))) ||
have_srp_secret(user, (explicit_remote? remote_name: NULL), 0, NULL)
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
|| have_eaptls_secret_client(user, (explicit_remote? remote_name: NULL))
#endif
);
1, NULL))) &&
!have_srp_secret((explicit_remote? remote_name: NULL), our_name, 1,
NULL)
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
&& !have_eaptls_secret_server((explicit_remote? remote_name: NULL),
our_name, 1, NULL)
#endif
* Open the file of pap secrets and scan for a suitable secret
* for authenticating this user.
*/
- filename = _PATH_UPAPFILE;
+ filename = PPP_PATH_UPAPFILE;
addrs = opts = NULL;
ret = UPAP_AUTHNAK;
f = fopen(filename, "r");
if (secret[0] != 0 && !login_secret) {
/* password given in pap-secrets - must match */
if (cryptpap || strcmp(passwd, secret) != 0) {
+#ifdef HAVE_CRYPT_H
char *cbuf = crypt(passwd, secret);
if (!cbuf || strcmp(cbuf, secret) != 0)
+#endif
ret = UPAP_AUTHNAK;
}
}
* Open the file of pap secrets and scan for a suitable secret.
*/
if (ret <= 0) {
- filename = _PATH_UPAPFILE;
+ filename = PPP_PATH_UPAPFILE;
addrs = NULL;
f = fopen(filename, "r");
if (f == NULL)
return ret;
}
- filename = _PATH_UPAPFILE;
+ filename = PPP_PATH_UPAPFILE;
f = fopen(filename, "r");
if (f == NULL)
return 0;
return ret;
}
- filename = _PATH_UPAPFILE;
+ filename = PPP_PATH_UPAPFILE;
f = fopen(filename, "r");
if (f == NULL)
return 0;
}
}
- filename = _PATH_CHAPFILE;
+ filename = PPP_PATH_CHAPFILE;
f = fopen(filename, "r");
if (f == NULL)
return 0;
char *filename;
struct wordlist *addrs;
- filename = _PATH_SRPFILE;
+ filename = PPP_PATH_SRPFILE;
f = fopen(filename, "r");
if (f == NULL)
return 0;
return 0;
}
} else {
- filename = _PATH_CHAPFILE;
+ filename = PPP_PATH_CHAPFILE;
addrs = NULL;
secbuf[0] = 0;
if (!am_server && passwd[0] != '\0') {
strlcpy(secret, passwd, MAXWORDLEN);
} else {
- filename = _PATH_SRPFILE;
+ filename = PPP_PATH_SRPFILE;
addrs = NULL;
fp = fopen(filename, "r");
int ok;
/* don't allow loopback or multicast address */
- if (bad_ip_adrs(addr))
+ if (ppp_bad_ip_addr(addr))
return 0;
if (allowed_address_hook) {
}
/*
- * bad_ip_adrs - return 1 if the IP address is one we don't want
- * to use, such as an address in the loopback net or a multicast address.
- * addr is in network byte order.
+ * Check if given addr in network byte order is in the looback network, or a multicast address.
*/
-int
-bad_ip_adrs(u_int32_t addr)
+bool
+ppp_bad_ip_addr(u_int32_t addr)
{
addr = ntohl(addr);
return (addr >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET
case s_up:
if (auth_state == s_down) {
auth_script_state = s_down;
- auth_script(_PATH_AUTHDOWN);
+ auth_script(PPP_PATH_AUTHDOWN);
}
break;
case s_down:
if (auth_state == s_up) {
auth_script_state = s_up;
- auth_script(_PATH_AUTHUP);
+ auth_script(PPP_PATH_AUTHUP);
}
break;
}
argv[3] = user_name;
argv[4] = devnam;
argv[5] = strspeed;
- argv[6] = NULL;
+ argv[6] = ipparam;
+ argv[7] = NULL;
auth_script_pid = run_program(script, argv, 0, auth_script_done, NULL, 0);
}
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
static int
have_eaptls_secret_server(char *client, char *server,
int need_ip, int *lacks_ipp)
char cacertfile[MAXWORDLEN];
char pkfile[MAXWORDLEN];
- filename = _PATH_EAPTLSSERVFILE;
+ filename = PPP_PATH_EAPTLSSERVFILE;
f = fopen(filename, "r");
if (f == NULL)
return 0;
if ((cacert_file || ca_path) && cert_file && privkey_file)
return 1;
+ if (pkcs12_file)
+ return 1;
- filename = _PATH_EAPTLSCLIFILE;
+ filename = PPP_PATH_EAPTLSCLIFILE;
f = fopen(filename, "r");
if (f == NULL)
return 0;
int
get_eaptls_secret(int unit, char *client, char *server,
char *clicertfile, char *servcertfile, char *cacertfile,
- char *capath, char *pkfile, int am_server)
+ char *capath, char *pkfile, char *pkcs12, int am_server)
{
FILE *fp;
int ret;
bzero(cacertfile, MAXWORDLEN);
bzero(capath, MAXWORDLEN);
bzero(pkfile, MAXWORDLEN);
+ bzero(pkcs12, MAXWORDLEN);
/* the ca+cert+privkey can also be specified as options */
if (!am_server && (cacert_file || ca_path) && cert_file && privkey_file )
strlcpy( capath, ca_path, MAXWORDLEN );
strlcpy( pkfile, privkey_file, MAXWORDLEN );
}
+ else if (!am_server && pkcs12_file)
+ {
+ strlcpy( pkcs12, pkcs12_file, MAXWORDLEN );
+ if (cacert_file)
+ strlcpy( cacertfile, cacert_file, MAXWORDLEN );
+ if (ca_path)
+ strlcpy( capath, ca_path, MAXWORDLEN );
+ }
else
{
- filename = (am_server ? _PATH_EAPTLSSERVFILE : _PATH_EAPTLSCLIFILE);
+ filename = (am_server ? PPP_PATH_EAPTLSSERVFILE : PPP_PATH_EAPTLSCLIFILE);
addrs = NULL;
fp = fopen(filename, "r");
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
#include <stdio.h>
#include <string.h>
#include <sys/types.h>
#include <sys/time.h>
-#include "pppd.h"
+#include "pppd-private.h"
#include "cbcp.h"
#include "fsm.h"
#include "lcp.h"
+#include "options.h"
/*
*/
static int setcbcp (char **);
-static option_t cbcp_option_list[] = {
+static struct option cbcp_option_list[] = {
{ "callback", o_special, (void *)setcbcp,
"Ask for callback", OPT_PRIO | OPT_A2STRVAL, &cbcp[0].us_number },
{ NULL }
cbcp_up(cbcp_state *us)
{
persist = 0;
- status = EXIT_CALLBACK;
+ ppp_set_status(EXIT_CALLBACK);
lcp_close(0, "Call me back, please");
}
-#ifndef CBCP_H
-#define CBCP_H
+/*
+ * Copyright (c) 1995 Pedro Roque Marques. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The names of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * 4. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by Pedro Roque Marques
+ * <pedro_m@yahoo.com>"
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#ifndef PPP_CBCP_H
+#define PPP_CBCP_H
+
+#include "pppdconf.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
typedef struct cbcp_state {
int us_unit; /* Interface unit number */
#define CB_CONF_USER 2
#define CB_CONF_ADMIN 3
#define CB_CONF_LIST 4
+
+#ifdef __cplusplus
+}
#endif
+
+#endif // PPP_CBCP_H
* 3. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#define RCSID "$Id: ccp.c,v 1.50 2005/06/26 19:34:41 carlsonj Exp $"
#include <stdlib.h>
#include <string.h>
+#if defined(SOL2)
+#include <net/ppp-comp.h>
+#else
+#include <linux/ppp-comp.h>
+#endif
-#include "pppd.h"
+#include "pppd-private.h"
+#include "options.h"
#include "fsm.h"
#include "ccp.h"
-#include <net/ppp-comp.h>
-#ifdef MPPE
-#include "chap_ms.h" /* mppe_xxxx_key, mppe_keys_set */
+#include "chap_ms.h"
+#include "mppe.h"
#include "lcp.h" /* lcp_close(), lcp_fsm */
-#endif
/*
/*
* Option variables.
*/
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
bool refuse_mppe_stateful = 1; /* Allow stateful mode? */
#endif
-static option_t ccp_option_list[] = {
+static struct option ccp_option_list[] = {
{ "noccp", o_bool, &ccp_protent.enabled_flag,
"Disable CCP negotiation" },
{ "-ccp", o_bool, &ccp_protent.enabled_flag,
"don't allow Predictor-1", OPT_ALIAS | OPT_PRIOSUB | OPT_A2CLR,
&ccp_allowoptions[0].predictor_1 },
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
/* MPPE options are symmetrical ... we only set wantoptions here */
{ "require-mppe", o_bool, &ccp_wantoptions[0].mppe,
"require MPPE encryption",
abits = strtol(str, &endp, 0);
}
if (*endp != 0 || endp == str) {
- option_error("invalid parameter '%s' for bsdcomp option", *argv);
+ ppp_option_error("invalid parameter '%s' for bsdcomp option", *argv);
return 0;
}
if ((rbits != 0 && (rbits < BSD_MIN_BITS || rbits > BSD_MAX_BITS))
|| (abits != 0 && (abits < BSD_MIN_BITS || abits > BSD_MAX_BITS))) {
- option_error("bsdcomp option values must be 0 or %d .. %d",
+ ppp_option_error("bsdcomp option values must be 0 or %d .. %d",
BSD_MIN_BITS, BSD_MAX_BITS);
return 0;
}
abits = strtol(str, &endp, 0);
}
if (*endp != 0 || endp == str) {
- option_error("invalid parameter '%s' for deflate option", *argv);
+ ppp_option_error("invalid parameter '%s' for deflate option", *argv);
return 0;
}
if ((rbits != 0 && (rbits < DEFLATE_MIN_SIZE || rbits > DEFLATE_MAX_SIZE))
|| (abits != 0 && (abits < DEFLATE_MIN_SIZE
|| abits > DEFLATE_MAX_SIZE))) {
- option_error("deflate option values must be 0 or %d .. %d",
+ ppp_option_error("deflate option values must be 0 or %d .. %d",
DEFLATE_MIN_SIZE, DEFLATE_MAX_SIZE);
return 0;
}
fsm_input(f, p, len);
if (oldstate == OPENED && p[0] == TERMREQ && f->state != OPENED) {
notice("Compression disabled by peer.");
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
if (ccp_gotoptions[unit].mppe) {
error("MPPE disabled, closing LCP");
lcp_close(unit, "MPPE disabled by peer");
ccp_flags_set(unit, 0, 0);
fsm_lowerdown(&ccp_fsm[unit]);
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
if (ccp_gotoptions[unit].mppe) {
error("MPPE required but peer negotiation failed");
lcp_close(unit, "MPPE required but peer negotiation failed");
*go = ccp_wantoptions[f->unit];
all_rejected[f->unit] = 0;
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
if (go->mppe) {
ccp_options *ao = &ccp_allowoptions[f->unit];
int auth_mschap_bits = auth_done[f->unit];
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
int auth_eap_bits = auth_done[f->unit];
#endif
int numbits;
return;
}
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
/*
* MPPE is also possible in combination with EAP-TLS.
* It is not possible to detect if we're doing EAP or EAP-TLS
}
/* A plugin (eg radius) may not have obtained key material. */
- if (!mppe_keys_set) {
+ if (!mppe_keys_isset()) {
error("MPPE required, but keys are not available. "
"Possible plugin problem?");
lcp_close(f->unit, "MPPE required but not available");
ao->predictor_2 = go->predictor_2 = 0;
ao->deflate = go->deflate = 0;
}
-#endif /* MPPE */
/*
* Check whether the kernel knows about the various
* compression methods we might request.
*/
-#ifdef MPPE
if (go->mppe) {
opt_buf[0] = CI_MPPE;
opt_buf[1] = CILEN_MPPE;
lcp_close(f->unit, "MPPE required but not available");
}
}
-#endif
+#endif /* PPP_WITH_MPPE */
if (go->bsd_compress) {
opt_buf[0] = CI_BSD_COMPRESS;
opt_buf[1] = CILEN_BSD_COMPRESS;
* preference order. Get the kernel to allocate the first one
* in case it gets Acked.
*/
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
if (go->mppe) {
u_char opt_buf[CILEN_MPPE + MPPE_MAX_KEY_LEN];
p[1] = opt_buf[1] = CILEN_MPPE;
MPPE_OPTS_TO_CI(go->mppe, &p[2]);
MPPE_OPTS_TO_CI(go->mppe, &opt_buf[2]);
- BCOPY(mppe_recv_key, &opt_buf[CILEN_MPPE], MPPE_MAX_KEY_LEN);
+ mppe_get_recv_key(&opt_buf[CILEN_MPPE], MPPE_MAX_KEY_LEN);
res = ccp_test(f->unit, opt_buf, CILEN_MPPE + MPPE_MAX_KEY_LEN, 0);
if (res > 0)
p += CILEN_MPPE;
ccp_options *go = &ccp_gotoptions[f->unit];
u_char *p0 = p;
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
if (go->mppe) {
u_char opt_buf[CILEN_MPPE];
memset(&no, 0, sizeof(no));
try = *go;
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
if (go->mppe && len >= CILEN_MPPE
&& p[0] == CI_MPPE && p[1] == CILEN_MPPE) {
no.mppe = 1;
lcp_close(f->unit, "MPPE required but peer negotiation failed");
}
}
-#endif /* MPPE */
+#endif /* PPP_WITH_MPPE */
if (go->deflate && len >= CILEN_DEFLATE
&& p[0] == (go->deflate_correct? CI_DEFLATE: CI_DEFLATE_DRAFT)
&& p[1] == CILEN_DEFLATE) {
if (len == 0 && all_rejected[f->unit])
return -1;
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
if (go->mppe && len >= CILEN_MPPE
&& p[0] == CI_MPPE && p[1] == CILEN_MPPE) {
error("MPPE required but peer refused");
int len, clen, type, nb;
ccp_options *ho = &ccp_hisoptions[f->unit];
ccp_options *ao = &ccp_allowoptions[f->unit];
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
bool rej_for_ci_mppe = 1; /* Are we rejecting based on a bad/missing */
/* CI_MPPE, or due to other options? */
#endif
clen = p[1];
switch (type) {
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
case CI_MPPE:
if (!ao->mppe || clen != CILEN_MPPE) {
newret = CONFREJ;
int mtu;
BCOPY(p, opt_buf, CILEN_MPPE);
- BCOPY(mppe_send_key, &opt_buf[CILEN_MPPE],
- MPPE_MAX_KEY_LEN);
+ mppe_get_send_key(&opt_buf[CILEN_MPPE], MPPE_MAX_KEY_LEN);
if (ccp_test(f->unit, opt_buf,
CILEN_MPPE + MPPE_MAX_KEY_LEN, 1) <= 0) {
/* This shouldn't happen, we've already tested it! */
* because MPPE frames **grow**. The kernel [must]
* allocate MPPE_PAD extra bytes in xmit buffers.
*/
- mtu = netif_get_mtu(f->unit);
+ mtu = ppp_get_mtu(f->unit);
if (mtu)
- netif_set_mtu(f->unit, mtu - MPPE_PAD);
+ ppp_set_mtu(f->unit, mtu - MPPE_PAD);
else
newret = CONFREJ;
}
*/
rej_for_ci_mppe = 0;
break;
-#endif /* MPPE */
+#endif /* PPP_WITH_MPPE */
case CI_DEFLATE:
case CI_DEFLATE_DRAFT:
if (!ao->deflate || clen != CILEN_DEFLATE
else
*lenp = retp - p0;
}
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
if (ret == CONFREJ && ao->mppe && rej_for_ci_mppe) {
error("MPPE required but peer negotiation failed");
lcp_close(f->unit, "MPPE required but peer negotiation failed");
if (!ANY_COMPRESS(*opt))
return "(none)";
switch (opt->method) {
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
case CI_MPPE:
{
char *p = result;
notice("%s receive compression enabled", method_name(go, NULL));
} else if (ANY_COMPRESS(*ho))
notice("%s transmit compression enabled", method_name(ho, NULL));
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
if (go->mppe) {
- BZERO(mppe_recv_key, MPPE_MAX_KEY_LEN);
- BZERO(mppe_send_key, MPPE_MAX_KEY_LEN);
+ mppe_clear_keys();
continue_networks(f->unit); /* Bring up IP et al */
}
#endif
UNTIMEOUT(ccp_rack_timeout, f);
ccp_localstate[f->unit] = 0;
ccp_flags_set(f->unit, 1, 0);
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
if (ccp_gotoptions[f->unit].mppe) {
ccp_gotoptions[f->unit].mppe = 0;
if (lcp_fsm[f->unit].state == OPENED) {
len -= optlen;
optend = p + optlen;
switch (code) {
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
case CI_MPPE:
if (optlen >= CILEN_MPPE) {
u_char mppe_opts;
*/
error("Lost compression sync: disabling compression");
ccp_close(unit, "Lost compression sync");
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
/*
* If we were doing MPPE, we must also take the link down.
*/
* 3. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
*
* $Id: ccp.h,v 1.12 2004/11/04 10:02:26 paulus Exp $
*/
+#ifndef PPP_CCP_H
+#define PPP_CCP_H
+
+#include "pppdconf.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
typedef struct ccp_options {
bool bsd_compress; /* do BSD Compress? */
bool predictor_2; /* do Predictor-2? */
bool deflate_correct; /* use correct code for deflate? */
bool deflate_draft; /* use draft RFC code for deflate? */
- u_char mppe; /* MPPE bitfield */
- u_short bsd_bits; /* # bits/code for BSD Compress */
- u_short deflate_size; /* lg(window size) for Deflate */
+ unsigned char mppe; /* MPPE bitfield */
+ unsigned short bsd_bits; /* # bits/code for BSD Compress */
+ unsigned short deflate_size; /* lg(window size) for Deflate */
short method; /* code for chosen compression method */
} ccp_options;
extern ccp_options ccp_hisoptions[];
extern struct protent ccp_protent;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // PPP_CCP_H
* 3. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
#define RCSID "$Id: chap-md5.c,v 1.4 2004/11/09 22:39:25 paulus Exp $"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include <stdlib.h>
#include <string.h>
-#include "pppd.h"
-#include "chap-new.h"
+#include "pppd-private.h"
+#include "chap.h"
#include "chap-md5.h"
#include "magic.h"
-#include "md5.h"
+#include "crypto.h"
-#define MD5_HASH_SIZE 16
#define MD5_MIN_CHALLENGE 16
#define MD5_MAX_CHALLENGE 24
unsigned char *challenge, unsigned char *response,
char *message, int message_space)
{
- MD5_CTX ctx;
unsigned char idbyte = id;
- unsigned char hash[MD5_HASH_SIZE];
+ unsigned char hash[MD5_DIGEST_LENGTH];
+ unsigned int hash_len = MD5_DIGEST_LENGTH;
int challenge_len, response_len;
+ bool success = 0;
challenge_len = *challenge++;
response_len = *response++;
- if (response_len == MD5_HASH_SIZE) {
+ if (response_len == MD5_DIGEST_LENGTH) {
+
/* Generate hash of ID, secret, challenge */
- MD5_Init(&ctx);
- MD5_Update(&ctx, &idbyte, 1);
- MD5_Update(&ctx, secret, secret_len);
- MD5_Update(&ctx, challenge, challenge_len);
- MD5_Final(hash, &ctx);
-
- /* Test if our hash matches the peer's response */
- if (memcmp(hash, response, MD5_HASH_SIZE) == 0) {
- slprintf(message, message_space, "Access granted");
- return 1;
+ PPP_MD_CTX* ctx = PPP_MD_CTX_new();
+ if (ctx) {
+
+ if (PPP_DigestInit(ctx, PPP_md5())) {
+
+ if (PPP_DigestUpdate(ctx, &idbyte, 1)) {
+
+ if (PPP_DigestUpdate(ctx, secret, secret_len)) {
+
+ if (PPP_DigestUpdate(ctx, challenge, challenge_len)) {
+
+ if (PPP_DigestFinal(ctx, hash, &hash_len)) {
+
+ success = 1;
+ }
+ }
+ }
+ }
+ }
+ PPP_MD_CTX_free(ctx);
}
}
+ if (success && memcmp(hash, response, hash_len) == 0) {
+ slprintf(message, message_space, "Access granted");
+ return 1;
+ }
slprintf(message, message_space, "Access denied");
return 0;
}
unsigned char *challenge, char *secret, int secret_len,
unsigned char *private)
{
- MD5_CTX ctx;
unsigned char idbyte = id;
int challenge_len = *challenge++;
+ int hash_len = MD5_DIGEST_LENGTH;
- MD5_Init(&ctx);
- MD5_Update(&ctx, &idbyte, 1);
- MD5_Update(&ctx, (u_char *)secret, secret_len);
- MD5_Update(&ctx, challenge, challenge_len);
- MD5_Final(&response[1], &ctx);
- response[0] = MD5_HASH_SIZE;
+ PPP_MD_CTX* ctx = PPP_MD_CTX_new();
+ if (ctx) {
+
+ if (PPP_DigestInit(ctx, PPP_md5())) {
+
+ if (PPP_DigestUpdate(ctx, &idbyte, 1)) {
+
+ if (PPP_DigestUpdate(ctx, secret, secret_len)) {
+
+ if (PPP_DigestUpdate(ctx, challenge, challenge_len)) {
+
+ if (PPP_DigestFinal(ctx, &response[1], &hash_len)) {
+
+ response[0] = hash_len;
+ }
+ }
+ }
+ }
+ }
+ PPP_MD_CTX_free(ctx);
+ }
}
static struct chap_digest_type md5_digest = {
* 3. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#ifndef PPP_CHAP_MD5_H
+#define PPP_CHAP_MD5_H
+
+#include "pppdconf.h"
+
extern void chap_md5_init(void);
+
+#endif
+++ /dev/null
-/*
- * chap-new.c - New CHAP implementation.
- *
- * Copyright (c) 2003 Paul Mackerras. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. The name(s) of the authors of this software must not be used to
- * endorse or promote products derived from this software without
- * prior written permission.
- *
- * 3. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
- *
- * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
- * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
- * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
- * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
- * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#define RCSID "$Id: chap-new.c,v 1.9 2007/06/19 02:08:35 carlsonj Exp $"
-
-#include <stdlib.h>
-#include <string.h>
-#include "pppd.h"
-#include "session.h"
-#include "chap-new.h"
-#include "chap-md5.h"
-
-#ifdef CHAPMS
-#include "chap_ms.h"
-#define MDTYPE_ALL (MDTYPE_MICROSOFT_V2 | MDTYPE_MICROSOFT | MDTYPE_MD5)
-#else
-#define MDTYPE_ALL (MDTYPE_MD5)
-#endif
-
-int chap_mdtype_all = MDTYPE_ALL;
-
-/* Hook for a plugin to validate CHAP challenge */
-int (*chap_verify_hook)(char *name, char *ourname, int id,
- struct chap_digest_type *digest,
- unsigned char *challenge, unsigned char *response,
- char *message, int message_space) = NULL;
-
-/*
- * Option variables.
- */
-int chap_server_timeout_time = 3;
-int chap_max_transmits = 10;
-int chap_rechallenge_time = 0;
-int chap_client_timeout_time = 60;
-int chapms_strip_domain = 0;
-
-/*
- * Command-line options.
- */
-static option_t chap_option_list[] = {
- { "chap-restart", o_int, &chap_server_timeout_time,
- "Set timeout for CHAP (as server)", OPT_PRIO },
- { "chap-max-challenge", o_int, &chap_max_transmits,
- "Set max #xmits for challenge", OPT_PRIO },
- { "chap-interval", o_int, &chap_rechallenge_time,
- "Set interval for rechallenge", OPT_PRIO },
- { "chap-timeout", o_int, &chap_client_timeout_time,
- "Set timeout for CHAP (as client)", OPT_PRIO },
- { "chapms-strip-domain", o_bool, &chapms_strip_domain,
- "Strip the domain prefix before the Username", 1 },
- { NULL }
-};
-
-/*
- * Internal state.
- */
-static struct chap_client_state {
- int flags;
- char *name;
- struct chap_digest_type *digest;
- unsigned char priv[64]; /* private area for digest's use */
-} client;
-
-/*
- * These limits apply to challenge and response packets we send.
- * The +4 is the +1 that we actually need rounded up.
- */
-#define CHAL_MAX_PKTLEN (PPP_HDRLEN + CHAP_HDRLEN + 4 + MAX_CHALLENGE_LEN + MAXNAMELEN)
-#define RESP_MAX_PKTLEN (PPP_HDRLEN + CHAP_HDRLEN + 4 + MAX_RESPONSE_LEN + MAXNAMELEN)
-
-static struct chap_server_state {
- int flags;
- int id;
- char *name;
- struct chap_digest_type *digest;
- int challenge_xmits;
- int challenge_pktlen;
- unsigned char challenge[CHAL_MAX_PKTLEN];
- char message[256];
-} server;
-
-/* Values for flags in chap_client_state and chap_server_state */
-#define LOWERUP 1
-#define AUTH_STARTED 2
-#define AUTH_DONE 4
-#define AUTH_FAILED 8
-#define TIMEOUT_PENDING 0x10
-#define CHALLENGE_VALID 0x20
-
-/*
- * Prototypes.
- */
-static void chap_init(int unit);
-static void chap_lowerup(int unit);
-static void chap_lowerdown(int unit);
-static void chap_server_timeout(void *arg);
-static void chap_client_timeout(void *arg);
-static void chap_generate_challenge(struct chap_server_state *ss);
-static void chap_handle_response(struct chap_server_state *ss, int code,
- unsigned char *pkt, int len);
-static int chap_verify_response(char *name, char *ourname, int id,
- struct chap_digest_type *digest,
- unsigned char *challenge, unsigned char *response,
- char *message, int message_space);
-static void chap_respond(struct chap_client_state *cs, int id,
- unsigned char *pkt, int len);
-static void chap_handle_status(struct chap_client_state *cs, int code, int id,
- unsigned char *pkt, int len);
-static void chap_protrej(int unit);
-static void chap_input(int unit, unsigned char *pkt, int pktlen);
-static int chap_print_pkt(unsigned char *p, int plen,
- void (*printer)(void *, char *, ...), void *arg);
-
-/* List of digest types that we know about */
-static struct chap_digest_type *chap_digests;
-
-/*
- * chap_init - reset to initial state.
- */
-static void
-chap_init(int unit)
-{
- memset(&client, 0, sizeof(client));
- memset(&server, 0, sizeof(server));
-
- chap_md5_init();
-#ifdef CHAPMS
- chapms_init();
-#endif
-}
-
-/*
- * Add a new digest type to the list.
- */
-void
-chap_register_digest(struct chap_digest_type *dp)
-{
- dp->next = chap_digests;
- chap_digests = dp;
-}
-
-/*
- * Lookup a digest type by code
- */
-struct chap_digest_type *
-chap_find_digest(int digest_code) {
- struct chap_digest_type *dp = NULL;
- for (dp = chap_digests; dp != NULL; dp = dp->next)
- if (dp->code == digest_code)
- break;
- return dp;
-}
-
-/*
- * chap_lowerup - we can start doing stuff now.
- */
-static void
-chap_lowerup(int unit)
-{
- struct chap_client_state *cs = &client;
- struct chap_server_state *ss = &server;
-
- cs->flags |= LOWERUP;
- ss->flags |= LOWERUP;
- if (ss->flags & AUTH_STARTED)
- chap_server_timeout(ss);
-}
-
-static void
-chap_lowerdown(int unit)
-{
- struct chap_client_state *cs = &client;
- struct chap_server_state *ss = &server;
-
- if (cs->flags & TIMEOUT_PENDING)
- UNTIMEOUT(chap_client_timeout, cs);
- cs->flags = 0;
- if (ss->flags & TIMEOUT_PENDING)
- UNTIMEOUT(chap_server_timeout, ss);
- ss->flags = 0;
-}
-
-/*
- * chap_auth_peer - Start authenticating the peer.
- * If the lower layer is already up, we start sending challenges,
- * otherwise we wait for the lower layer to come up.
- */
-void
-chap_auth_peer(int unit, char *our_name, int digest_code)
-{
- struct chap_server_state *ss = &server;
- struct chap_digest_type *dp;
-
- if (ss->flags & AUTH_STARTED) {
- error("CHAP: peer authentication already started!");
- return;
- }
-
- dp = chap_find_digest(digest_code);
- if (dp == NULL)
- fatal("CHAP digest 0x%x requested but not available",
- digest_code);
-
- ss->digest = dp;
- ss->name = our_name;
- /* Start with a random ID value */
- ss->id = (unsigned char)(drand48() * 256);
- ss->flags |= AUTH_STARTED;
- if (ss->flags & LOWERUP)
- chap_server_timeout(ss);
-}
-
-/*
- * chap_auth_with_peer - Prepare to authenticate ourselves to the peer.
- * There isn't much to do until we receive a challenge.
- */
-void
-chap_auth_with_peer(int unit, char *our_name, int digest_code)
-{
- struct chap_client_state *cs = &client;
- struct chap_digest_type *dp;
-
- if (cs->flags & AUTH_STARTED) {
- error("CHAP: authentication with peer already started!");
- return;
- }
- for (dp = chap_digests; dp != NULL; dp = dp->next)
- if (dp->code == digest_code)
- break;
- if (dp == NULL)
- fatal("CHAP digest 0x%x requested but not available",
- digest_code);
-
- cs->digest = dp;
- cs->name = our_name;
- cs->flags |= AUTH_STARTED | TIMEOUT_PENDING;
- TIMEOUT(chap_client_timeout, cs, chap_client_timeout_time);
-}
-
-/*
- * chap_server_timeout - It's time to send another challenge to the peer.
- * This could be either a retransmission of a previous challenge,
- * or a new challenge to start re-authentication.
- */
-static void
-chap_server_timeout(void *arg)
-{
- struct chap_server_state *ss = arg;
-
- ss->flags &= ~TIMEOUT_PENDING;
- if ((ss->flags & CHALLENGE_VALID) == 0) {
- ss->challenge_xmits = 0;
- chap_generate_challenge(ss);
- ss->flags |= CHALLENGE_VALID;
- } else if (ss->challenge_xmits >= chap_max_transmits) {
- ss->flags &= ~CHALLENGE_VALID;
- ss->flags |= AUTH_DONE | AUTH_FAILED;
- auth_peer_fail(0, PPP_CHAP);
- return;
- }
-
- output(0, ss->challenge, ss->challenge_pktlen);
- ++ss->challenge_xmits;
- ss->flags |= TIMEOUT_PENDING;
- TIMEOUT(chap_server_timeout, arg, chap_server_timeout_time);
-}
-
-/* chap_client_timeout - Authentication with peer timed out. */
-static void
-chap_client_timeout(void *arg)
-{
- struct chap_client_state *cs = arg;
-
- cs->flags &= ~TIMEOUT_PENDING;
- cs->flags |= AUTH_DONE | AUTH_FAILED;
- error("CHAP authentication timed out");
- auth_withpeer_fail(0, PPP_CHAP);
-}
-
-/*
- * chap_generate_challenge - generate a challenge string and format
- * the challenge packet in ss->challenge_pkt.
- */
-static void
-chap_generate_challenge(struct chap_server_state *ss)
-{
- int clen = 1, nlen, len;
- unsigned char *p;
-
- p = ss->challenge;
- MAKEHEADER(p, PPP_CHAP);
- p += CHAP_HDRLEN;
- ss->digest->generate_challenge(p);
- clen = *p;
- nlen = strlen(ss->name);
- memcpy(p + 1 + clen, ss->name, nlen);
-
- len = CHAP_HDRLEN + 1 + clen + nlen;
- ss->challenge_pktlen = PPP_HDRLEN + len;
-
- p = ss->challenge + PPP_HDRLEN;
- p[0] = CHAP_CHALLENGE;
- p[1] = ++ss->id;
- p[2] = len >> 8;
- p[3] = len;
-}
-
-/*
- * chap_handle_response - check the response to our challenge.
- */
-static void
-chap_handle_response(struct chap_server_state *ss, int id,
- unsigned char *pkt, int len)
-{
- int response_len, ok, mlen;
- unsigned char *response, *p;
- char *name = NULL; /* initialized to shut gcc up */
- int (*verifier)(char *, char *, int, struct chap_digest_type *,
- unsigned char *, unsigned char *, char *, int);
- char rname[MAXNAMELEN+1];
-
- if ((ss->flags & LOWERUP) == 0)
- return;
- if (id != ss->challenge[PPP_HDRLEN+1] || len < 2)
- return;
- if (ss->flags & CHALLENGE_VALID) {
- response = pkt;
- GETCHAR(response_len, pkt);
- len -= response_len + 1; /* length of name */
- name = (char *)pkt + response_len;
- if (len < 0)
- return;
-
- if (ss->flags & TIMEOUT_PENDING) {
- ss->flags &= ~TIMEOUT_PENDING;
- UNTIMEOUT(chap_server_timeout, ss);
- }
-
- if (explicit_remote) {
- name = remote_name;
- } else {
- /* Null terminate and clean remote name. */
- slprintf(rname, sizeof(rname), "%.*v", len, name);
- name = rname;
-
- /* strip the MS domain name */
- if (chapms_strip_domain && strrchr(rname, '\\')) {
- char tmp[MAXNAMELEN+1];
-
- strcpy(tmp, strrchr(rname, '\\') + 1);
- strcpy(rname, tmp);
- }
- }
-
- if (chap_verify_hook)
- verifier = chap_verify_hook;
- else
- verifier = chap_verify_response;
- ok = (*verifier)(name, ss->name, id, ss->digest,
- ss->challenge + PPP_HDRLEN + CHAP_HDRLEN,
- response, ss->message, sizeof(ss->message));
- if (!ok || !auth_number()) {
- ss->flags |= AUTH_FAILED;
- warn("Peer %q failed CHAP authentication", name);
- }
- } else if ((ss->flags & AUTH_DONE) == 0)
- return;
-
- /* send the response */
- p = outpacket_buf;
- MAKEHEADER(p, PPP_CHAP);
- mlen = strlen(ss->message);
- len = CHAP_HDRLEN + mlen;
- p[0] = (ss->flags & AUTH_FAILED)? CHAP_FAILURE: CHAP_SUCCESS;
- p[1] = id;
- p[2] = len >> 8;
- p[3] = len;
- if (mlen > 0)
- memcpy(p + CHAP_HDRLEN, ss->message, mlen);
- output(0, outpacket_buf, PPP_HDRLEN + len);
-
- if (ss->flags & CHALLENGE_VALID) {
- ss->flags &= ~CHALLENGE_VALID;
- if (!(ss->flags & AUTH_DONE) && !(ss->flags & AUTH_FAILED)) {
- /*
- * Auth is OK, so now we need to check session restrictions
- * to ensure everything is OK, but only if we used a
- * plugin, and only if we're configured to check. This
- * allows us to do PAM checks on PPP servers that
- * authenticate against ActiveDirectory, and use AD for
- * account info (like when using Winbind integrated with
- * PAM).
- */
- if (session_mgmt &&
- session_check(name, NULL, devnam, NULL) == 0) {
- ss->flags |= AUTH_FAILED;
- warn("Peer %q failed CHAP Session verification", name);
- }
- }
- if (ss->flags & AUTH_FAILED) {
- auth_peer_fail(0, PPP_CHAP);
- } else {
- if ((ss->flags & AUTH_DONE) == 0)
- auth_peer_success(0, PPP_CHAP,
- ss->digest->code,
- name, strlen(name));
- if (chap_rechallenge_time) {
- ss->flags |= TIMEOUT_PENDING;
- TIMEOUT(chap_server_timeout, ss,
- chap_rechallenge_time);
- }
- }
- ss->flags |= AUTH_DONE;
- }
-}
-
-/*
- * chap_verify_response - check whether the peer's response matches
- * what we think it should be. Returns 1 if it does (authentication
- * succeeded), or 0 if it doesn't.
- */
-static int
-chap_verify_response(char *name, char *ourname, int id,
- struct chap_digest_type *digest,
- unsigned char *challenge, unsigned char *response,
- char *message, int message_space)
-{
- int ok;
- unsigned char secret[MAXSECRETLEN];
- int secret_len;
-
- /* Get the secret that the peer is supposed to know */
- if (!get_secret(0, name, ourname, (char *)secret, &secret_len, 1)) {
- error("No CHAP secret found for authenticating %q", name);
- return 0;
- }
-
- ok = digest->verify_response(id, name, secret, secret_len, challenge,
- response, message, message_space);
- memset(secret, 0, sizeof(secret));
-
- return ok;
-}
-
-/*
- * chap_respond - Generate and send a response to a challenge.
- */
-static void
-chap_respond(struct chap_client_state *cs, int id,
- unsigned char *pkt, int len)
-{
- int clen, nlen;
- int secret_len;
- unsigned char *p;
- unsigned char response[RESP_MAX_PKTLEN];
- char rname[MAXNAMELEN+1];
- char secret[MAXSECRETLEN+1];
-
- if ((cs->flags & (LOWERUP | AUTH_STARTED)) != (LOWERUP | AUTH_STARTED))
- return; /* not ready */
- if (len < 2 || len < pkt[0] + 1)
- return; /* too short */
- clen = pkt[0];
- nlen = len - (clen + 1);
-
- /* Null terminate and clean remote name. */
- slprintf(rname, sizeof(rname), "%.*v", nlen, pkt + clen + 1);
-
- /* Microsoft doesn't send their name back in the PPP packet */
- if (explicit_remote || (remote_name[0] != 0 && rname[0] == 0))
- strlcpy(rname, remote_name, sizeof(rname));
-
- /* get secret for authenticating ourselves with the specified host */
- if (!get_secret(0, cs->name, rname, secret, &secret_len, 0)) {
- secret_len = 0; /* assume null secret if can't find one */
- warn("No CHAP secret found for authenticating us to %q", rname);
- }
-
- p = response;
- MAKEHEADER(p, PPP_CHAP);
- p += CHAP_HDRLEN;
-
- cs->digest->make_response(p, id, cs->name, pkt,
- secret, secret_len, cs->priv);
- memset(secret, 0, secret_len);
-
- clen = *p;
- nlen = strlen(cs->name);
- memcpy(p + clen + 1, cs->name, nlen);
-
- p = response + PPP_HDRLEN;
- len = CHAP_HDRLEN + clen + 1 + nlen;
- p[0] = CHAP_RESPONSE;
- p[1] = id;
- p[2] = len >> 8;
- p[3] = len;
-
- output(0, response, PPP_HDRLEN + len);
-}
-
-static void
-chap_handle_status(struct chap_client_state *cs, int code, int id,
- unsigned char *pkt, int len)
-{
- const char *msg = NULL;
-
- if ((cs->flags & (AUTH_DONE|AUTH_STARTED|LOWERUP))
- != (AUTH_STARTED|LOWERUP))
- return;
- cs->flags |= AUTH_DONE;
-
- UNTIMEOUT(chap_client_timeout, cs);
- cs->flags &= ~TIMEOUT_PENDING;
-
- if (code == CHAP_SUCCESS) {
- /* used for MS-CHAP v2 mutual auth, yuck */
- if (cs->digest->check_success != NULL) {
- if (!(*cs->digest->check_success)(id, pkt, len))
- code = CHAP_FAILURE;
- } else
- msg = "CHAP authentication succeeded";
- } else {
- if (cs->digest->handle_failure != NULL)
- (*cs->digest->handle_failure)(pkt, len);
- else
- msg = "CHAP authentication failed";
- }
- if (msg) {
- if (len > 0)
- info("%s: %.*v", msg, len, pkt);
- else
- info("%s", msg);
- }
- if (code == CHAP_SUCCESS)
- auth_withpeer_success(0, PPP_CHAP, cs->digest->code);
- else {
- cs->flags |= AUTH_FAILED;
- error("CHAP authentication failed");
- auth_withpeer_fail(0, PPP_CHAP);
- }
-}
-
-static void
-chap_input(int unit, unsigned char *pkt, int pktlen)
-{
- struct chap_client_state *cs = &client;
- struct chap_server_state *ss = &server;
- unsigned char code, id;
- int len;
-
- if (pktlen < CHAP_HDRLEN)
- return;
- GETCHAR(code, pkt);
- GETCHAR(id, pkt);
- GETSHORT(len, pkt);
- if (len < CHAP_HDRLEN || len > pktlen)
- return;
- len -= CHAP_HDRLEN;
-
- switch (code) {
- case CHAP_CHALLENGE:
- chap_respond(cs, id, pkt, len);
- break;
- case CHAP_RESPONSE:
- chap_handle_response(ss, id, pkt, len);
- break;
- case CHAP_FAILURE:
- case CHAP_SUCCESS:
- chap_handle_status(cs, code, id, pkt, len);
- break;
- }
-}
-
-static void
-chap_protrej(int unit)
-{
- struct chap_client_state *cs = &client;
- struct chap_server_state *ss = &server;
-
- if (ss->flags & TIMEOUT_PENDING) {
- ss->flags &= ~TIMEOUT_PENDING;
- UNTIMEOUT(chap_server_timeout, ss);
- }
- if (ss->flags & AUTH_STARTED) {
- ss->flags = 0;
- auth_peer_fail(0, PPP_CHAP);
- }
- if ((cs->flags & (AUTH_STARTED|AUTH_DONE)) == AUTH_STARTED) {
- cs->flags &= ~AUTH_STARTED;
- error("CHAP authentication failed due to protocol-reject");
- auth_withpeer_fail(0, PPP_CHAP);
- }
-}
-
-/*
- * chap_print_pkt - print the contents of a CHAP packet.
- */
-static char *chap_code_names[] = {
- "Challenge", "Response", "Success", "Failure"
-};
-
-static int
-chap_print_pkt(unsigned char *p, int plen,
- void (*printer)(void *, char *, ...), void *arg)
-{
- int code, id, len;
- int clen, nlen;
- unsigned char x;
-
- if (plen < CHAP_HDRLEN)
- return 0;
- GETCHAR(code, p);
- GETCHAR(id, p);
- GETSHORT(len, p);
- if (len < CHAP_HDRLEN || len > plen)
- return 0;
-
- if (code >= 1 && code <= sizeof(chap_code_names) / sizeof(char *))
- printer(arg, " %s", chap_code_names[code-1]);
- else
- printer(arg, " code=0x%x", code);
- printer(arg, " id=0x%x", id);
- len -= CHAP_HDRLEN;
- switch (code) {
- case CHAP_CHALLENGE:
- case CHAP_RESPONSE:
- if (len < 1)
- break;
- clen = p[0];
- if (len < clen + 1)
- break;
- ++p;
- nlen = len - clen - 1;
- printer(arg, " <");
- for (; clen > 0; --clen) {
- GETCHAR(x, p);
- printer(arg, "%.2x", x);
- }
- printer(arg, ">, name = ");
- print_string((char *)p, nlen, printer, arg);
- break;
- case CHAP_FAILURE:
- case CHAP_SUCCESS:
- printer(arg, " ");
- print_string((char *)p, len, printer, arg);
- break;
- default:
- for (clen = len; clen > 0; --clen) {
- GETCHAR(x, p);
- printer(arg, " %.2x", x);
- }
- }
-
- return len + CHAP_HDRLEN;
-}
-
-struct protent chap_protent = {
- PPP_CHAP,
- chap_init,
- chap_input,
- chap_protrej,
- chap_lowerup,
- chap_lowerdown,
- NULL, /* open */
- NULL, /* close */
- chap_print_pkt,
- NULL, /* datainput */
- 1, /* enabled_flag */
- "CHAP", /* name */
- NULL, /* data_name */
- chap_option_list,
- NULL, /* check_options */
-};
+++ /dev/null
-/*
- * chap-new.c - New CHAP implementation.
- *
- * Copyright (c) 2003 Paul Mackerras. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. The name(s) of the authors of this software must not be used to
- * endorse or promote products derived from this software without
- * prior written permission.
- *
- * 3. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
- *
- * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
- * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
- * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
- * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
- * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
- * CHAP packets begin with a standard header with code, id, len (2 bytes).
- */
-#define CHAP_HDRLEN 4
-
-/*
- * Values for the code field.
- */
-#define CHAP_CHALLENGE 1
-#define CHAP_RESPONSE 2
-#define CHAP_SUCCESS 3
-#define CHAP_FAILURE 4
-
-/*
- * CHAP digest codes.
- */
-#define CHAP_MD5 5
-#define CHAP_MICROSOFT 0x80
-#define CHAP_MICROSOFT_V2 0x81
-
-/*
- * Semi-arbitrary limits on challenge and response fields.
- */
-#define MAX_CHALLENGE_LEN 64
-#define MAX_RESPONSE_LEN 64
-
-/* bitmask of supported algorithms */
-#define MDTYPE_MICROSOFT_V2 0x1
-#define MDTYPE_MICROSOFT 0x2
-#define MDTYPE_MD5 0x4
-#define MDTYPE_NONE 0
-
-/* hashes supported by this instance of pppd */
-extern int chap_mdtype_all;
-
-/* Return the digest alg. ID for the most preferred digest type. */
-#define CHAP_DIGEST(mdtype) \
- ((mdtype) & MDTYPE_MD5)? CHAP_MD5: \
- ((mdtype) & MDTYPE_MICROSOFT_V2)? CHAP_MICROSOFT_V2: \
- ((mdtype) & MDTYPE_MICROSOFT)? CHAP_MICROSOFT: \
- 0
-
-/* Return the bit flag (lsb set) for our most preferred digest type. */
-#define CHAP_MDTYPE(mdtype) ((mdtype) ^ ((mdtype) - 1)) & (mdtype)
-
-/* Return the bit flag for a given digest algorithm ID. */
-#define CHAP_MDTYPE_D(digest) \
- ((digest) == CHAP_MICROSOFT_V2)? MDTYPE_MICROSOFT_V2: \
- ((digest) == CHAP_MICROSOFT)? MDTYPE_MICROSOFT: \
- ((digest) == CHAP_MD5)? MDTYPE_MD5: \
- 0
-
-/* Can we do the requested digest? */
-#define CHAP_CANDIGEST(mdtype, digest) \
- ((digest) == CHAP_MICROSOFT_V2)? (mdtype) & MDTYPE_MICROSOFT_V2: \
- ((digest) == CHAP_MICROSOFT)? (mdtype) & MDTYPE_MICROSOFT: \
- ((digest) == CHAP_MD5)? (mdtype) & MDTYPE_MD5: \
- 0
-
-/*
- * The code for each digest type has to supply one of these.
- */
-struct chap_digest_type {
- int code;
-
- /*
- * Note: challenge and response arguments below are formatted as
- * a length byte followed by the actual challenge/response data.
- */
- void (*generate_challenge)(unsigned char *challenge);
- int (*verify_response)(int id, char *name,
- unsigned char *secret, int secret_len,
- unsigned char *challenge, unsigned char *response,
- char *message, int message_space);
- void (*make_response)(unsigned char *response, int id, char *our_name,
- unsigned char *challenge, char *secret, int secret_len,
- unsigned char *priv);
- int (*check_success)(int id, unsigned char *pkt, int len);
- void (*handle_failure)(unsigned char *pkt, int len);
-
- struct chap_digest_type *next;
-};
-
-/* Hook for a plugin to validate CHAP challenge */
-extern int (*chap_verify_hook)(char *name, char *ourname, int id,
- struct chap_digest_type *digest,
- unsigned char *challenge, unsigned char *response,
- char *message, int message_space);
-
-/* Called by digest code to register a digest type */
-extern void chap_register_digest(struct chap_digest_type *);
-
-/* Lookup a digest handler by type */
-extern struct chap_digest_type *chap_find_digest(int digest_code);
-
-/* Called by authentication code to start authenticating the peer. */
-extern void chap_auth_peer(int unit, char *our_name, int digest_code);
-
-/* Called by auth. code to start authenticating us to the peer. */
-extern void chap_auth_with_peer(int unit, char *our_name, int digest_code);
-
-/* Represents the CHAP protocol to the main pppd code */
-extern struct protent chap_protent;
--- /dev/null
+/*
+ * chap-new.c - New CHAP implementation.
+ *
+ * Copyright (c) 2003 Paul Mackerras. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * 3. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by Paul Mackerras
+ * <paulus@ozlabs.org>".
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#define RCSID "$Id: chap-new.c,v 1.9 2007/06/19 02:08:35 carlsonj Exp $"
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <stdlib.h>
+#include <string.h>
+#include "pppd-private.h"
+#include "options.h"
+#include "session.h"
+#include "chap.h"
+#include "chap-md5.h"
+
+#ifdef PPP_WITH_CHAPMS
+#include "chap_ms.h"
+#define MDTYPE_ALL (MDTYPE_MICROSOFT_V2 | MDTYPE_MICROSOFT | MDTYPE_MD5)
+#else
+#define MDTYPE_ALL (MDTYPE_MD5)
+#endif
+
+int chap_mdtype_all = MDTYPE_ALL;
+
+/* Hook for a plugin to validate CHAP challenge */
+chap_verify_hook_fn *chap_verify_hook = NULL;
+
+/*
+ * Option variables.
+ */
+int chap_server_timeout_time = 3;
+int chap_max_transmits = 10;
+int chap_rechallenge_time = 0;
+int chap_client_timeout_time = 60;
+int chapms_strip_domain = 0;
+
+/*
+ * Command-line options.
+ */
+static struct option chap_option_list[] = {
+ { "chap-restart", o_int, &chap_server_timeout_time,
+ "Set timeout for CHAP (as server)", OPT_PRIO },
+ { "chap-max-challenge", o_int, &chap_max_transmits,
+ "Set max #xmits for challenge", OPT_PRIO },
+ { "chap-interval", o_int, &chap_rechallenge_time,
+ "Set interval for rechallenge", OPT_PRIO },
+ { "chap-timeout", o_int, &chap_client_timeout_time,
+ "Set timeout for CHAP (as client)", OPT_PRIO },
+ { "chapms-strip-domain", o_bool, &chapms_strip_domain,
+ "Strip the domain prefix before the Username", 1 },
+ { NULL }
+};
+
+/*
+ * Internal state.
+ */
+static struct chap_client_state {
+ int flags;
+ char *name;
+ struct chap_digest_type *digest;
+ unsigned char priv[64]; /* private area for digest's use */
+} client;
+
+/*
+ * These limits apply to challenge and response packets we send.
+ * The +4 is the +1 that we actually need rounded up.
+ */
+#define CHAL_MAX_PKTLEN (PPP_HDRLEN + CHAP_HDRLEN + 4 + MAX_CHALLENGE_LEN + MAXNAMELEN)
+#define RESP_MAX_PKTLEN (PPP_HDRLEN + CHAP_HDRLEN + 4 + MAX_RESPONSE_LEN + MAXNAMELEN)
+
+static struct chap_server_state {
+ int flags;
+ int id;
+ char *name;
+ struct chap_digest_type *digest;
+ int challenge_xmits;
+ int challenge_pktlen;
+ unsigned char challenge[CHAL_MAX_PKTLEN];
+ char message[256];
+} server;
+
+/* Values for flags in chap_client_state and chap_server_state */
+#define LOWERUP 1
+#define AUTH_STARTED 2
+#define AUTH_DONE 4
+#define AUTH_FAILED 8
+#define TIMEOUT_PENDING 0x10
+#define CHALLENGE_VALID 0x20
+
+/*
+ * Prototypes.
+ */
+static void chap_init(int unit);
+static void chap_lowerup(int unit);
+static void chap_lowerdown(int unit);
+static void chap_server_timeout(void *arg);
+static void chap_client_timeout(void *arg);
+static void chap_generate_challenge(struct chap_server_state *ss);
+static void chap_handle_response(struct chap_server_state *ss, int code,
+ unsigned char *pkt, int len);
+static chap_verify_hook_fn chap_verify_response;
+static void chap_respond(struct chap_client_state *cs, int id,
+ unsigned char *pkt, int len);
+static void chap_handle_status(struct chap_client_state *cs, int code, int id,
+ unsigned char *pkt, int len);
+static void chap_protrej(int unit);
+static void chap_input(int unit, unsigned char *pkt, int pktlen);
+static int chap_print_pkt(unsigned char *p, int plen,
+ void (*printer)(void *, char *, ...), void *arg);
+
+/* List of digest types that we know about */
+static struct chap_digest_type *chap_digests;
+
+/*
+ * chap_init - reset to initial state.
+ */
+static void
+chap_init(int unit)
+{
+ memset(&client, 0, sizeof(client));
+ memset(&server, 0, sizeof(server));
+
+ chap_md5_init();
+#ifdef PPP_WITH_CHAPMS
+ chapms_init();
+#endif
+}
+
+/*
+ * Add a new digest type to the list.
+ */
+void
+chap_register_digest(struct chap_digest_type *dp)
+{
+ dp->next = chap_digests;
+ chap_digests = dp;
+}
+
+/*
+ * Lookup a digest type by code
+ */
+struct chap_digest_type *
+chap_find_digest(int digest_code) {
+ struct chap_digest_type *dp = NULL;
+ for (dp = chap_digests; dp != NULL; dp = dp->next)
+ if (dp->code == digest_code)
+ break;
+ return dp;
+}
+
+/*
+ * chap_lowerup - we can start doing stuff now.
+ */
+static void
+chap_lowerup(int unit)
+{
+ struct chap_client_state *cs = &client;
+ struct chap_server_state *ss = &server;
+
+ cs->flags |= LOWERUP;
+ ss->flags |= LOWERUP;
+ if (ss->flags & AUTH_STARTED)
+ chap_server_timeout(ss);
+}
+
+static void
+chap_lowerdown(int unit)
+{
+ struct chap_client_state *cs = &client;
+ struct chap_server_state *ss = &server;
+
+ if (cs->flags & TIMEOUT_PENDING)
+ UNTIMEOUT(chap_client_timeout, cs);
+ cs->flags = 0;
+ if (ss->flags & TIMEOUT_PENDING)
+ UNTIMEOUT(chap_server_timeout, ss);
+ ss->flags = 0;
+}
+
+/*
+ * chap_auth_peer - Start authenticating the peer.
+ * If the lower layer is already up, we start sending challenges,
+ * otherwise we wait for the lower layer to come up.
+ */
+void
+chap_auth_peer(int unit, char *our_name, int digest_code)
+{
+ struct chap_server_state *ss = &server;
+ struct chap_digest_type *dp;
+
+ if (ss->flags & AUTH_STARTED) {
+ error("CHAP: peer authentication already started!");
+ return;
+ }
+
+ dp = chap_find_digest(digest_code);
+ if (dp == NULL)
+ fatal("CHAP digest 0x%x requested but not available",
+ digest_code);
+
+ ss->digest = dp;
+ ss->name = our_name;
+ /* Start with a random ID value */
+ ss->id = (unsigned char)(drand48() * 256);
+ ss->flags |= AUTH_STARTED;
+ if (ss->flags & LOWERUP)
+ chap_server_timeout(ss);
+}
+
+/*
+ * chap_auth_with_peer - Prepare to authenticate ourselves to the peer.
+ * There isn't much to do until we receive a challenge.
+ */
+void
+chap_auth_with_peer(int unit, char *our_name, int digest_code)
+{
+ struct chap_client_state *cs = &client;
+ struct chap_digest_type *dp;
+
+ if (cs->flags & AUTH_STARTED) {
+ error("CHAP: authentication with peer already started!");
+ return;
+ }
+ for (dp = chap_digests; dp != NULL; dp = dp->next)
+ if (dp->code == digest_code)
+ break;
+ if (dp == NULL)
+ fatal("CHAP digest 0x%x requested but not available",
+ digest_code);
+
+ cs->digest = dp;
+ cs->name = our_name;
+ cs->flags |= AUTH_STARTED | TIMEOUT_PENDING;
+ TIMEOUT(chap_client_timeout, cs, chap_client_timeout_time);
+}
+
+/*
+ * chap_server_timeout - It's time to send another challenge to the peer.
+ * This could be either a retransmission of a previous challenge,
+ * or a new challenge to start re-authentication.
+ */
+static void
+chap_server_timeout(void *arg)
+{
+ struct chap_server_state *ss = arg;
+
+ ss->flags &= ~TIMEOUT_PENDING;
+ if ((ss->flags & CHALLENGE_VALID) == 0) {
+ ss->challenge_xmits = 0;
+ chap_generate_challenge(ss);
+ ss->flags |= CHALLENGE_VALID;
+ } else if (ss->challenge_xmits >= chap_max_transmits) {
+ ss->flags &= ~CHALLENGE_VALID;
+ ss->flags |= AUTH_DONE | AUTH_FAILED;
+ auth_peer_fail(0, PPP_CHAP);
+ return;
+ }
+
+ output(0, ss->challenge, ss->challenge_pktlen);
+ ++ss->challenge_xmits;
+ ss->flags |= TIMEOUT_PENDING;
+ TIMEOUT(chap_server_timeout, arg, chap_server_timeout_time);
+}
+
+/* chap_client_timeout - Authentication with peer timed out. */
+static void
+chap_client_timeout(void *arg)
+{
+ struct chap_client_state *cs = arg;
+
+ cs->flags &= ~TIMEOUT_PENDING;
+ cs->flags |= AUTH_DONE | AUTH_FAILED;
+ error("CHAP authentication timed out");
+ auth_withpeer_fail(0, PPP_CHAP);
+}
+
+/*
+ * chap_generate_challenge - generate a challenge string and format
+ * the challenge packet in ss->challenge_pkt.
+ */
+static void
+chap_generate_challenge(struct chap_server_state *ss)
+{
+ int clen = 1, nlen, len;
+ unsigned char *p;
+
+ p = ss->challenge;
+ MAKEHEADER(p, PPP_CHAP);
+ p += CHAP_HDRLEN;
+ ss->digest->generate_challenge(p);
+ clen = *p;
+ nlen = strlen(ss->name);
+ memcpy(p + 1 + clen, ss->name, nlen);
+
+ len = CHAP_HDRLEN + 1 + clen + nlen;
+ ss->challenge_pktlen = PPP_HDRLEN + len;
+
+ p = ss->challenge + PPP_HDRLEN;
+ p[0] = CHAP_CHALLENGE;
+ p[1] = ++ss->id;
+ p[2] = len >> 8;
+ p[3] = len;
+}
+
+/*
+ * chap_handle_response - check the response to our challenge.
+ */
+static void
+chap_handle_response(struct chap_server_state *ss, int id,
+ unsigned char *pkt, int len)
+{
+ int response_len, ok, mlen;
+ unsigned char *response, *p;
+ char *name = NULL;
+ chap_verify_hook_fn *verifier;
+ char rname[MAXNAMELEN+1];
+
+ if ((ss->flags & LOWERUP) == 0)
+ return;
+ if (id != ss->challenge[PPP_HDRLEN+1] || len < 2)
+ return;
+ if (ss->flags & CHALLENGE_VALID) {
+ response = pkt;
+ GETCHAR(response_len, pkt);
+ len -= response_len + 1; /* length of name */
+ name = (char *)pkt + response_len;
+ if (len < 0)
+ return;
+
+ if (ss->flags & TIMEOUT_PENDING) {
+ ss->flags &= ~TIMEOUT_PENDING;
+ UNTIMEOUT(chap_server_timeout, ss);
+ }
+
+ if (explicit_remote) {
+ name = remote_name;
+ } else {
+ /* Null terminate and clean remote name. */
+ slprintf(rname, sizeof(rname), "%.*v", len, name);
+ name = rname;
+
+ /* strip the MS domain name */
+ if (chapms_strip_domain && strrchr(rname, '\\')) {
+ char tmp[MAXNAMELEN+1];
+
+ strcpy(tmp, strrchr(rname, '\\') + 1);
+ strcpy(rname, tmp);
+ }
+ }
+
+ if (chap_verify_hook)
+ verifier = chap_verify_hook;
+ else
+ verifier = chap_verify_response;
+ ok = (*verifier)(name, ss->name, id, ss->digest,
+ ss->challenge + PPP_HDRLEN + CHAP_HDRLEN,
+ response, ss->message, sizeof(ss->message));
+ if (!ok || !auth_number()) {
+ ss->flags |= AUTH_FAILED;
+ warn("Peer %q failed CHAP authentication", name);
+ }
+ } else if ((ss->flags & AUTH_DONE) == 0)
+ return;
+
+ /* send the response */
+ p = outpacket_buf;
+ MAKEHEADER(p, PPP_CHAP);
+ mlen = strlen(ss->message);
+ len = CHAP_HDRLEN + mlen;
+ p[0] = (ss->flags & AUTH_FAILED)? CHAP_FAILURE: CHAP_SUCCESS;
+ p[1] = id;
+ p[2] = len >> 8;
+ p[3] = len;
+ if (mlen > 0)
+ memcpy(p + CHAP_HDRLEN, ss->message, mlen);
+ output(0, outpacket_buf, PPP_HDRLEN + len);
+
+ if (ss->flags & CHALLENGE_VALID) {
+ ss->flags &= ~CHALLENGE_VALID;
+ if (!(ss->flags & AUTH_DONE) && !(ss->flags & AUTH_FAILED)) {
+ /*
+ * Auth is OK, so now we need to check session restrictions
+ * to ensure everything is OK, but only if we used a
+ * plugin, and only if we're configured to check. This
+ * allows us to do PAM checks on PPP servers that
+ * authenticate against ActiveDirectory, and use AD for
+ * account info (like when using Winbind integrated with
+ * PAM).
+ */
+ if (session_mgmt &&
+ session_check(name, NULL, devnam, NULL) == 0) {
+ ss->flags |= AUTH_FAILED;
+ warn("Peer %q failed CHAP Session verification", name);
+ }
+ }
+ if (ss->flags & AUTH_FAILED) {
+ auth_peer_fail(0, PPP_CHAP);
+ } else {
+ if ((ss->flags & AUTH_DONE) == 0)
+ auth_peer_success(0, PPP_CHAP,
+ ss->digest->code,
+ name, strlen(name));
+ if (chap_rechallenge_time) {
+ ss->flags |= TIMEOUT_PENDING;
+ TIMEOUT(chap_server_timeout, ss,
+ chap_rechallenge_time);
+ }
+ }
+ ss->flags |= AUTH_DONE;
+ }
+}
+
+/*
+ * chap_verify_response - check whether the peer's response matches
+ * what we think it should be. Returns 1 if it does (authentication
+ * succeeded), or 0 if it doesn't.
+ */
+static int
+chap_verify_response(char *name, char *ourname, int id,
+ struct chap_digest_type *digest,
+ unsigned char *challenge, unsigned char *response,
+ char *message, int message_space)
+{
+ int ok;
+ unsigned char secret[MAXSECRETLEN];
+ int secret_len;
+
+ /* Get the secret that the peer is supposed to know */
+ if (!get_secret(0, name, ourname, (char *)secret, &secret_len, 1)) {
+ error("No CHAP secret found for authenticating %q", name);
+ return 0;
+ }
+
+ ok = digest->verify_response(id, name, secret, secret_len, challenge,
+ response, message, message_space);
+ memset(secret, 0, sizeof(secret));
+
+ return ok;
+}
+
+/*
+ * chap_respond - Generate and send a response to a challenge.
+ */
+static void
+chap_respond(struct chap_client_state *cs, int id,
+ unsigned char *pkt, int len)
+{
+ int clen, nlen;
+ int secret_len;
+ unsigned char *p;
+ unsigned char response[RESP_MAX_PKTLEN];
+ char rname[MAXNAMELEN+1];
+ char secret[MAXSECRETLEN+1];
+
+ if ((cs->flags & (LOWERUP | AUTH_STARTED)) != (LOWERUP | AUTH_STARTED))
+ return; /* not ready */
+ if (len < 2 || len < pkt[0] + 1)
+ return; /* too short */
+ clen = pkt[0];
+ nlen = len - (clen + 1);
+
+ /* Null terminate and clean remote name. */
+ slprintf(rname, sizeof(rname), "%.*v", nlen, pkt + clen + 1);
+
+ /* Microsoft doesn't send their name back in the PPP packet */
+ if (explicit_remote || (remote_name[0] != 0 && rname[0] == 0))
+ strlcpy(rname, remote_name, sizeof(rname));
+
+ /* get secret for authenticating ourselves with the specified host */
+ if (!get_secret(0, cs->name, rname, secret, &secret_len, 0)) {
+ secret_len = 0; /* assume null secret if can't find one */
+ warn("No CHAP secret found for authenticating us to %q", rname);
+ }
+
+ p = response;
+ MAKEHEADER(p, PPP_CHAP);
+ p += CHAP_HDRLEN;
+
+ cs->digest->make_response(p, id, cs->name, pkt,
+ secret, secret_len, cs->priv);
+ memset(secret, 0, secret_len);
+
+ clen = *p;
+ nlen = strlen(cs->name);
+ memcpy(p + clen + 1, cs->name, nlen);
+
+ p = response + PPP_HDRLEN;
+ len = CHAP_HDRLEN + clen + 1 + nlen;
+ p[0] = CHAP_RESPONSE;
+ p[1] = id;
+ p[2] = len >> 8;
+ p[3] = len;
+
+ output(0, response, PPP_HDRLEN + len);
+}
+
+static void
+chap_handle_status(struct chap_client_state *cs, int code, int id,
+ unsigned char *pkt, int len)
+{
+ const char *msg = NULL;
+
+ if ((cs->flags & (AUTH_DONE|AUTH_STARTED|LOWERUP))
+ != (AUTH_STARTED|LOWERUP))
+ return;
+ cs->flags |= AUTH_DONE;
+
+ UNTIMEOUT(chap_client_timeout, cs);
+ cs->flags &= ~TIMEOUT_PENDING;
+
+ if (code == CHAP_SUCCESS) {
+ /* used for MS-CHAP v2 mutual auth, yuck */
+ if (cs->digest->check_success != NULL) {
+ if (!(*cs->digest->check_success)(id, pkt, len))
+ code = CHAP_FAILURE;
+ } else
+ msg = "CHAP authentication succeeded";
+ } else {
+ if (cs->digest->handle_failure != NULL)
+ (*cs->digest->handle_failure)(pkt, len);
+ else
+ msg = "CHAP authentication failed";
+ }
+ if (msg) {
+ if (len > 0)
+ info("%s: %.*v", msg, len, pkt);
+ else
+ info("%s", msg);
+ }
+ if (code == CHAP_SUCCESS)
+ auth_withpeer_success(0, PPP_CHAP, cs->digest->code);
+ else {
+ cs->flags |= AUTH_FAILED;
+ error("CHAP authentication failed");
+ auth_withpeer_fail(0, PPP_CHAP);
+ }
+}
+
+static void
+chap_input(int unit, unsigned char *pkt, int pktlen)
+{
+ struct chap_client_state *cs = &client;
+ struct chap_server_state *ss = &server;
+ unsigned char code, id;
+ int len;
+
+ if (pktlen < CHAP_HDRLEN)
+ return;
+ GETCHAR(code, pkt);
+ GETCHAR(id, pkt);
+ GETSHORT(len, pkt);
+ if (len < CHAP_HDRLEN || len > pktlen)
+ return;
+ len -= CHAP_HDRLEN;
+
+ switch (code) {
+ case CHAP_CHALLENGE:
+ chap_respond(cs, id, pkt, len);
+ break;
+ case CHAP_RESPONSE:
+ chap_handle_response(ss, id, pkt, len);
+ break;
+ case CHAP_FAILURE:
+ case CHAP_SUCCESS:
+ chap_handle_status(cs, code, id, pkt, len);
+ break;
+ }
+}
+
+static void
+chap_protrej(int unit)
+{
+ struct chap_client_state *cs = &client;
+ struct chap_server_state *ss = &server;
+
+ if (ss->flags & TIMEOUT_PENDING) {
+ ss->flags &= ~TIMEOUT_PENDING;
+ UNTIMEOUT(chap_server_timeout, ss);
+ }
+ if (ss->flags & AUTH_STARTED) {
+ ss->flags = 0;
+ auth_peer_fail(0, PPP_CHAP);
+ }
+ if ((cs->flags & (AUTH_STARTED|AUTH_DONE)) == AUTH_STARTED) {
+ cs->flags &= ~AUTH_STARTED;
+ error("CHAP authentication failed due to protocol-reject");
+ auth_withpeer_fail(0, PPP_CHAP);
+ }
+}
+
+/*
+ * chap_print_pkt - print the contents of a CHAP packet.
+ */
+static char *chap_code_names[] = {
+ "Challenge", "Response", "Success", "Failure"
+};
+
+static int
+chap_print_pkt(unsigned char *p, int plen,
+ void (*printer)(void *, char *, ...), void *arg)
+{
+ int code, id, len;
+ int clen, nlen;
+ unsigned char x;
+
+ if (plen < CHAP_HDRLEN)
+ return 0;
+ GETCHAR(code, p);
+ GETCHAR(id, p);
+ GETSHORT(len, p);
+ if (len < CHAP_HDRLEN || len > plen)
+ return 0;
+
+ if (code >= 1 && code <= sizeof(chap_code_names) / sizeof(char *))
+ printer(arg, " %s", chap_code_names[code-1]);
+ else
+ printer(arg, " code=0x%x", code);
+ printer(arg, " id=0x%x", id);
+ len -= CHAP_HDRLEN;
+ switch (code) {
+ case CHAP_CHALLENGE:
+ case CHAP_RESPONSE:
+ if (len < 1)
+ break;
+ clen = p[0];
+ if (len < clen + 1)
+ break;
+ ++p;
+ nlen = len - clen - 1;
+ printer(arg, " <");
+ for (; clen > 0; --clen) {
+ GETCHAR(x, p);
+ printer(arg, "%.2x", x);
+ }
+ printer(arg, ">, name = ");
+ print_string((char *)p, nlen, printer, arg);
+ break;
+ case CHAP_FAILURE:
+ case CHAP_SUCCESS:
+ printer(arg, " ");
+ print_string((char *)p, len, printer, arg);
+ break;
+ default:
+ for (clen = len; clen > 0; --clen) {
+ GETCHAR(x, p);
+ printer(arg, " %.2x", x);
+ }
+ }
+
+ return len + CHAP_HDRLEN;
+}
+
+struct protent chap_protent = {
+ PPP_CHAP,
+ chap_init,
+ chap_input,
+ chap_protrej,
+ chap_lowerup,
+ chap_lowerdown,
+ NULL, /* open */
+ NULL, /* close */
+ chap_print_pkt,
+ NULL, /* datainput */
+ 1, /* enabled_flag */
+ "CHAP", /* name */
+ NULL, /* data_name */
+ chap_option_list,
+ NULL, /* check_options */
+};
--- /dev/null
+/*
+ * chap-new.c - New CHAP implementation.
+ *
+ * Copyright (c) 2003 Paul Mackerras. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * 3. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by Paul Mackerras
+ * <paulus@ozlabs.org>".
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef PPP_CHAP_NEW_H
+#define PPP_CHAP_NEW_H
+
+#include "pppdconf.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * CHAP packets begin with a standard header with code, id, len (2 bytes).
+ */
+#define CHAP_HDRLEN 4
+
+/*
+ * Values for the code field.
+ */
+#define CHAP_CHALLENGE 1
+#define CHAP_RESPONSE 2
+#define CHAP_SUCCESS 3
+#define CHAP_FAILURE 4
+
+/*
+ * CHAP digest codes.
+ */
+#define CHAP_MD5 5
+#define CHAP_MICROSOFT 0x80
+#define CHAP_MICROSOFT_V2 0x81
+
+/*
+ * Semi-arbitrary limits on challenge and response fields.
+ */
+#define MAX_CHALLENGE_LEN 64
+#define MAX_RESPONSE_LEN 64
+
+/* bitmask of supported algorithms */
+#define MDTYPE_MICROSOFT_V2 0x1
+#define MDTYPE_MICROSOFT 0x2
+#define MDTYPE_MD5 0x4
+#define MDTYPE_NONE 0
+
+/* hashes supported by this instance of pppd */
+extern int chap_mdtype_all;
+
+/* Return the digest alg. ID for the most preferred digest type. */
+#define CHAP_DIGEST(mdtype) \
+ ((mdtype) & MDTYPE_MD5)? CHAP_MD5: \
+ ((mdtype) & MDTYPE_MICROSOFT_V2)? CHAP_MICROSOFT_V2: \
+ ((mdtype) & MDTYPE_MICROSOFT)? CHAP_MICROSOFT: \
+ 0
+
+/* Return the bit flag (lsb set) for our most preferred digest type. */
+#define CHAP_MDTYPE(mdtype) ((mdtype) ^ ((mdtype) - 1)) & (mdtype)
+
+/* Return the bit flag for a given digest algorithm ID. */
+#define CHAP_MDTYPE_D(digest) \
+ ((digest) == CHAP_MICROSOFT_V2)? MDTYPE_MICROSOFT_V2: \
+ ((digest) == CHAP_MICROSOFT)? MDTYPE_MICROSOFT: \
+ ((digest) == CHAP_MD5)? MDTYPE_MD5: \
+ 0
+
+/* Can we do the requested digest? */
+#define CHAP_CANDIGEST(mdtype, digest) \
+ ((digest) == CHAP_MICROSOFT_V2)? (mdtype) & MDTYPE_MICROSOFT_V2: \
+ ((digest) == CHAP_MICROSOFT)? (mdtype) & MDTYPE_MICROSOFT: \
+ ((digest) == CHAP_MD5)? (mdtype) & MDTYPE_MD5: \
+ 0
+
+
+/*
+ * The code for each digest type has to supply one of these.
+ */
+struct chap_digest_type {
+ int code;
+
+ /*
+ * Note: challenge and response arguments below are formatted as
+ * a length byte followed by the actual challenge/response data.
+ */
+ void (*generate_challenge)(unsigned char *challenge);
+ int (*verify_response)(int id, char *name,
+ unsigned char *secret, int secret_len,
+ unsigned char *challenge, unsigned char *response,
+ char *message, int message_space);
+ void (*make_response)(unsigned char *response, int id, char *our_name,
+ unsigned char *challenge, char *secret, int secret_len,
+ unsigned char *priv);
+ int (*check_success)(int id, unsigned char *pkt, int len);
+ void (*handle_failure)(unsigned char *pkt, int len);
+
+ struct chap_digest_type *next;
+};
+
+/*
+ * This function will return a value of 1 to indicate that a plugin intend to supply
+ * a username or a password to pppd through the chap_passwd_hook callback.
+ *
+ * Return a value > 0 to avoid parsing the chap-secrets file.
+ */
+typedef int (chap_check_hook_fn)(void);
+extern chap_check_hook_fn *chap_check_hook;
+
+/*
+ * A plugin can chose to supply its own user and password overriding whatever
+ * has been provided by the configuration. Hook is only valid when pppd is
+ * acting as a client.
+ *
+ * The maximum size of the user argument is always MAXNAMELEN
+ * The length of the password is always MAXWORDLEN, however; secrets can't be
+ * longer than MAXSECRETLEN
+ *
+ * Return a value < 0 to fail the connection.
+ */
+typedef int (chap_passwd_hook_fn)(char *user, char *password);
+extern chap_passwd_hook_fn *chap_passwd_hook;
+
+/*
+ * A plugin can chose to replace the default chap_verify_response function with
+ * one of their own.
+ */
+typedef int (chap_verify_hook_fn)(char *name, char *ourname, int id,
+ struct chap_digest_type *digest,
+ unsigned char *challenge, unsigned char *response,
+ char *message, int message_space);
+extern chap_verify_hook_fn *chap_verify_hook;
+
+/* Called by digest code to register a digest type */
+extern void chap_register_digest(struct chap_digest_type *);
+
+/* Lookup a digest handler by type */
+extern struct chap_digest_type *chap_find_digest(int digest_code);
+
+/* Called by authentication code to start authenticating the peer. */
+extern void chap_auth_peer(int unit, char *our_name, int digest_code);
+
+/* Called by auth. code to start authenticating us to the peer. */
+extern void chap_auth_with_peer(int unit, char *our_name, int digest_code);
+
+/* Represents the CHAP protocol to the main pppd code */
+extern struct protent chap_protent;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // PPP_CHAP_NEW_H
#define RCSID "$Id: chap_ms.c,v 1.38 2007/12/01 20:10:51 carlsonj Exp $"
-#ifdef CHAPMS
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/time.h>
#include <unistd.h>
+#if defined(SOL2)
+#include <net/ppp-comp.h>
+#else
+#include <linux/ppp-comp.h>
+#endif
-#include "pppd.h"
-#include "chap-new.h"
+#include "pppd-private.h"
+#include "options.h"
+#include "chap.h"
#include "chap_ms.h"
-#include "md4.h"
-#include "sha1.h"
-#include "pppcrypt.h"
#include "magic.h"
+#include "mppe.h"
+#include "crypto.h"
+#include "crypto_ms.h"
-
+#ifdef UNIT_TEST
+#undef PPP_WITH_MPPE
+#endif
static void ascii2unicode (char[], int, u_char[]);
-static void NTPasswordHash (u_char *, int, u_char[MD4_SIGNATURE_SIZE]);
-static void ChallengeResponse (u_char *, u_char *, u_char[24]);
+static void NTPasswordHash (u_char *, int, unsigned char *);
+static int ChallengeResponse (u_char *, u_char *, u_char*);
static void ChapMS_NT (u_char *, char *, int, u_char[24]);
static void ChapMS2_NT (u_char *, u_char[16], char *, char *, int,
u_char[24]);
static void GenerateAuthenticatorResponsePlain
(char*, int, u_char[24], u_char[16], u_char *,
char *, u_char[41]);
-#ifdef MSLANMAN
+#ifdef PPP_WITH_MSLANMAN
static void ChapMS_LANMan (u_char *, char *, int, u_char *);
#endif
-#ifdef MPPE
-static void Set_Start_Key (u_char *, char *, int);
-static void SetMasterKeys (char *, int, u_char[24], int);
-#endif
-
-#ifdef MSLANMAN
+#ifdef PPP_WITH_MSLANMAN
bool ms_lanman = 0; /* Use LanMan password instead of NT */
/* Has meaning only with MS-CHAP challenges */
#endif
-#ifdef MPPE
-u_char mppe_send_key[MPPE_MAX_KEY_LEN];
-u_char mppe_recv_key[MPPE_MAX_KEY_LEN];
-int mppe_keys_set = 0; /* Have the MPPE keys been set? */
-
+#ifdef PPP_WITH_MPPE
#ifdef DEBUGMPPEKEY
/* For MPPE debug */
/* Use "[]|}{?/><,`!2&&(" (sans quotes) for RFC 3079 MS-CHAPv2 test value */
#include "fsm.h" /* Need to poke MPPE options */
#include "ccp.h"
-#include <net/ppp-comp.h>
#endif
/*
* Command-line options.
*/
-static option_t chapms_option_list[] = {
-#ifdef MSLANMAN
+static struct option chapms_option_list[] = {
+#ifdef PPP_WITH_MSLANMAN
{ "ms-lanman", o_bool, &ms_lanman,
"Use LanMan passwd when using MS-CHAP", 1 },
#endif
if (response_len != MS_CHAP_RESPONSE_LEN)
goto bad;
-#ifndef MSLANMAN
+#ifndef PPP_WITH_MSLANMAN
if (!response[MS_CHAP_USENT]) {
/* Should really propagate this into the error packet. */
notice("Peer request for LANMAN auth not supported");
/* Generate the expected response. */
ChapMS(challenge, (char *)secret, secret_len, md);
-#ifdef MSLANMAN
+#ifdef PPP_WITH_MSLANMAN
/* Determine which part of response to verify against */
if (!response[MS_CHAP_USENT])
diff = memcmp(&response[MS_CHAP_LANMANRESP],
free(msg);
}
-static void
+static int
ChallengeResponse(u_char *challenge,
- u_char PasswordHash[MD4_SIGNATURE_SIZE],
- u_char response[24])
+ u_char *PasswordHash,
+ u_char *response)
{
- u_char ZPasswordHash[21];
+ u_char ZPasswordHash[24];
+ PPP_CIPHER_CTX *ctx;
BZERO(ZPasswordHash, sizeof(ZPasswordHash));
- BCOPY(PasswordHash, ZPasswordHash, MD4_SIGNATURE_SIZE);
+ BCOPY(PasswordHash, ZPasswordHash, MD4_DIGEST_LENGTH);
#if 0
dbglog("ChallengeResponse - ZPasswordHash %.*B",
sizeof(ZPasswordHash), ZPasswordHash);
#endif
- (void) DesSetkey(ZPasswordHash + 0);
- DesEncrypt(challenge, response + 0);
- (void) DesSetkey(ZPasswordHash + 7);
- DesEncrypt(challenge, response + 8);
- (void) DesSetkey(ZPasswordHash + 14);
- DesEncrypt(challenge, response + 16);
+ if (DesEncrypt(challenge, ZPasswordHash + 0, response + 0) &&
+ DesEncrypt(challenge, ZPasswordHash + 7, response + 8) &&
+ DesEncrypt(challenge, ZPasswordHash + 14, response + 16))
+ return 1;
#if 0
dbglog("ChallengeResponse - response %.24B", response);
#endif
+ return 0;
}
void
char *username, u_char Challenge[8])
{
- SHA1_CTX sha1Context;
- u_char sha1Hash[SHA1_SIGNATURE_SIZE];
- char *user;
+ PPP_MD_CTX* ctx;
+ u_char hash[SHA_DIGEST_LENGTH];
+ int hash_len;
+ const char *user;
/* remove domain from "domain\username" */
if ((user = strrchr(username, '\\')) != NULL)
++user;
else
user = username;
+
+ ctx = PPP_MD_CTX_new();
+ if (ctx != NULL) {
- SHA1_Init(&sha1Context);
- SHA1_Update(&sha1Context, PeerChallenge, 16);
- SHA1_Update(&sha1Context, rchallenge, 16);
- SHA1_Update(&sha1Context, (unsigned char *)user, strlen(user));
- SHA1_Final(sha1Hash, &sha1Context);
+ if (PPP_DigestInit(ctx, PPP_sha1())) {
- BCOPY(sha1Hash, Challenge, 8);
+ if (PPP_DigestUpdate(ctx, PeerChallenge, 16)) {
+
+ if (PPP_DigestUpdate(ctx, rchallenge, 16)) {
+
+ if (PPP_DigestUpdate(ctx, user, strlen(user))) {
+
+ hash_len = SHA_DIGEST_LENGTH;
+ if (PPP_DigestFinal(ctx, hash, &hash_len)) {
+
+ BCOPY(hash, Challenge, 8);
+ }
+ }
+ }
+ }
+ }
+
+ PPP_MD_CTX_free(ctx);
+ }
}
/*
}
static void
-NTPasswordHash(u_char *secret, int secret_len, u_char hash[MD4_SIGNATURE_SIZE])
+NTPasswordHash(u_char *secret, int secret_len, unsigned char* hash)
{
-#ifdef __NetBSD__
- /* NetBSD uses the libc md4 routines which take bytes instead of bits */
- int mdlen = secret_len;
-#else
- int mdlen = secret_len * 8;
-#endif
- MD4_CTX md4Context;
-
- MD4Init(&md4Context);
- /* MD4Update can take at most 64 bytes at a time */
- while (mdlen > 512) {
- MD4Update(&md4Context, secret, 512);
- secret += 64;
- mdlen -= 512;
- }
- MD4Update(&md4Context, secret, mdlen);
- MD4Final(hash, &md4Context);
+ PPP_MD_CTX* ctx = PPP_MD_CTX_new();
+ if (ctx != NULL) {
+
+ if (PPP_DigestInit(ctx, PPP_md4())) {
+
+ if (PPP_DigestUpdate(ctx, secret, secret_len)) {
+ int hash_len = MD4_DIGEST_LENGTH;
+ PPP_DigestFinal(ctx, hash, &hash_len);
+ }
+ }
+
+ PPP_MD_CTX_free(ctx);
+ }
}
static void
u_char NTResponse[24])
{
u_char unicodePassword[MAX_NT_PASSWORD * 2];
- u_char PasswordHash[MD4_SIGNATURE_SIZE];
+ u_char PasswordHash[MD4_DIGEST_LENGTH];
/* Hash the Unicode version of the secret (== password). */
ascii2unicode(secret, secret_len, unicodePassword);
char *secret, int secret_len, u_char NTResponse[24])
{
u_char unicodePassword[MAX_NT_PASSWORD * 2];
- u_char PasswordHash[MD4_SIGNATURE_SIZE];
+ u_char PasswordHash[MD4_DIGEST_LENGTH];
u_char Challenge[8];
ChallengeHash(PeerChallenge, rchallenge, username, Challenge);
ChallengeResponse(Challenge, PasswordHash, NTResponse);
}
-#ifdef MSLANMAN
+#ifdef PPP_WITH_MSLANMAN
static u_char *StdText = (u_char *)"KGS!@#$%"; /* key from rasapi32.dll */
static void
{
int i;
u_char UcasePassword[MAX_NT_PASSWORD]; /* max is actually 14 */
- u_char PasswordHash[MD4_SIGNATURE_SIZE];
+ u_char PasswordHash[MD4_DIGEST_LENGTH];
/* LANMan password is case insensitive */
BZERO(UcasePassword, sizeof(UcasePassword));
for (i = 0; i < secret_len; i++)
UcasePassword[i] = (u_char)toupper(secret[i]);
- (void) DesSetkey(UcasePassword + 0);
- DesEncrypt( StdText, PasswordHash + 0 );
- (void) DesSetkey(UcasePassword + 7);
- DesEncrypt( StdText, PasswordHash + 8 );
- ChallengeResponse(rchallenge, PasswordHash, &response[MS_CHAP_LANMANRESP]);
+
+ if (DesEncrypt(StdText, UcasePassword + 0, PasswordHash + 0) &&
+ DesEncrypt(StdText, UcasePassword + 7, PasswordHash + 8)) {
+
+ ChallengeResponse(rchallenge, PasswordHash, &response[MS_CHAP_LANMANRESP]);
+ }
}
#endif
void
-GenerateAuthenticatorResponse(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
- u_char NTResponse[24], u_char PeerChallenge[16],
- u_char *rchallenge, char *username,
- u_char authResponse[MS_AUTH_RESPONSE_LENGTH+1])
+GenerateAuthenticatorResponse(unsigned char* PasswordHashHash,
+ unsigned char *NTResponse, unsigned char *PeerChallenge,
+ unsigned char *rchallenge, char *username,
+ unsigned char *authResponse)
{
/*
* "Magic" constants used in response generation, from RFC 2759.
0x6E };
int i;
- SHA1_CTX sha1Context;
- u_char Digest[SHA1_SIGNATURE_SIZE];
+ PPP_MD_CTX *ctx;
+ u_char Digest[SHA_DIGEST_LENGTH] = {};
+ int hash_len;
u_char Challenge[8];
- SHA1_Init(&sha1Context);
- SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
- SHA1_Update(&sha1Context, NTResponse, 24);
- SHA1_Update(&sha1Context, Magic1, sizeof(Magic1));
- SHA1_Final(Digest, &sha1Context);
+ ctx = PPP_MD_CTX_new();
+ if (ctx != NULL) {
+
+ if (PPP_DigestInit(ctx, PPP_sha1())) {
+
+ if (PPP_DigestUpdate(ctx, PasswordHashHash, MD4_DIGEST_LENGTH)) {
+
+ if (PPP_DigestUpdate(ctx, NTResponse, 24)) {
+ if (PPP_DigestUpdate(ctx, Magic1, sizeof(Magic1))) {
+
+ hash_len = sizeof(Digest);
+ PPP_DigestFinal(ctx, Digest, &hash_len);
+ }
+ }
+ }
+ }
+ PPP_MD_CTX_free(ctx);
+ }
+
ChallengeHash(PeerChallenge, rchallenge, username, Challenge);
- SHA1_Init(&sha1Context);
- SHA1_Update(&sha1Context, Digest, sizeof(Digest));
- SHA1_Update(&sha1Context, Challenge, sizeof(Challenge));
- SHA1_Update(&sha1Context, Magic2, sizeof(Magic2));
- SHA1_Final(Digest, &sha1Context);
+ ctx = PPP_MD_CTX_new();
+ if (ctx != NULL) {
+
+ if (PPP_DigestInit(ctx, PPP_sha1())) {
+
+ if (PPP_DigestUpdate(ctx, Digest, sizeof(Digest))) {
+
+ if (PPP_DigestUpdate(ctx, Challenge, sizeof(Challenge))) {
+
+ if (PPP_DigestUpdate(ctx, Magic2, sizeof(Magic2))) {
+
+ hash_len = sizeof(Digest);
+ PPP_DigestFinal(ctx, Digest, &hash_len);
+ }
+ }
+ }
+ }
+
+ PPP_MD_CTX_free(ctx);
+ }
/* Convert to ASCII hex string. */
- for (i = 0; i < MAX((MS_AUTH_RESPONSE_LENGTH / 2), sizeof(Digest)); i++)
- sprintf((char *)&authResponse[i * 2], "%02X", Digest[i]);
+ for (i = 0; i < MAX((MS_AUTH_RESPONSE_LENGTH / 2), sizeof(Digest)); i++) {
+ sprintf((char *)&authResponse[i * 2], "%02X", Digest[i]);
+ }
}
u_char authResponse[MS_AUTH_RESPONSE_LENGTH+1])
{
u_char unicodePassword[MAX_NT_PASSWORD * 2];
- u_char PasswordHash[MD4_SIGNATURE_SIZE];
- u_char PasswordHashHash[MD4_SIGNATURE_SIZE];
+ u_char PasswordHash[MD4_DIGEST_LENGTH];
+ u_char PasswordHashHash[MD4_DIGEST_LENGTH];
/* Hash (x2) the Unicode version of the secret (== password). */
ascii2unicode(secret, secret_len, unicodePassword);
}
-#ifdef MPPE
-/*
- * Set mppe_xxxx_key from the NTPasswordHashHash.
- * RFC 2548 (RADIUS support) requires us to export this function (ugh).
- */
-void
-mppe_set_keys(u_char *rchallenge, u_char PasswordHashHash[MD4_SIGNATURE_SIZE])
-{
- SHA1_CTX sha1Context;
- u_char Digest[SHA1_SIGNATURE_SIZE]; /* >= MPPE_MAX_KEY_LEN */
-
- SHA1_Init(&sha1Context);
- SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
- SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
- SHA1_Update(&sha1Context, rchallenge, 8);
- SHA1_Final(Digest, &sha1Context);
-
- /* Same key in both directions. */
- BCOPY(Digest, mppe_send_key, sizeof(mppe_send_key));
- BCOPY(Digest, mppe_recv_key, sizeof(mppe_recv_key));
-
- mppe_keys_set = 1;
-}
+#ifdef PPP_WITH_MPPE
/*
* Set mppe_xxxx_key from MS-CHAP credentials. (see RFC 3079)
Set_Start_Key(u_char *rchallenge, char *secret, int secret_len)
{
u_char unicodePassword[MAX_NT_PASSWORD * 2];
- u_char PasswordHash[MD4_SIGNATURE_SIZE];
- u_char PasswordHashHash[MD4_SIGNATURE_SIZE];
+ u_char PasswordHash[MD4_DIGEST_LENGTH];
+ u_char PasswordHashHash[MD4_DIGEST_LENGTH];
/* Hash (x2) the Unicode version of the secret (== password). */
ascii2unicode(secret, secret_len, unicodePassword);
NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash);
NTPasswordHash(PasswordHash, sizeof(PasswordHash), PasswordHashHash);
- mppe_set_keys(rchallenge, PasswordHashHash);
-}
-
-/*
- * Set mppe_xxxx_key from MS-CHAPv2 credentials. (see RFC 3079)
- *
- * This helper function used in the Winbind module, which gets the
- * NTHashHash from the server.
- */
-void
-mppe_set_keys2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
- u_char NTResponse[24], int IsServer)
-{
- SHA1_CTX sha1Context;
- u_char MasterKey[SHA1_SIGNATURE_SIZE]; /* >= MPPE_MAX_KEY_LEN */
- u_char Digest[SHA1_SIGNATURE_SIZE]; /* >= MPPE_MAX_KEY_LEN */
-
- u_char SHApad1[40] =
- { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
- u_char SHApad2[40] =
- { 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
- 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
- 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
- 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2 };
-
- /* "This is the MPPE Master Key" */
- u_char Magic1[27] =
- { 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74,
- 0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d,
- 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79 };
- /* "On the client side, this is the send key; "
- "on the server side, it is the receive key." */
- u_char Magic2[84] =
- { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
- 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
- 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
- 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79,
- 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73,
- 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 0x69, 0x64, 0x65,
- 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
- 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
- 0x6b, 0x65, 0x79, 0x2e };
- /* "On the client side, this is the receive key; "
- "on the server side, it is the send key." */
- u_char Magic3[84] =
- { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
- 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
- 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
- 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
- 0x6b, 0x65, 0x79, 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68,
- 0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73,
- 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73,
- 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20,
- 0x6b, 0x65, 0x79, 0x2e };
- u_char *s;
-
- SHA1_Init(&sha1Context);
- SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE);
- SHA1_Update(&sha1Context, NTResponse, 24);
- SHA1_Update(&sha1Context, Magic1, sizeof(Magic1));
- SHA1_Final(MasterKey, &sha1Context);
-
- /*
- * generate send key
- */
- if (IsServer)
- s = Magic3;
- else
- s = Magic2;
- SHA1_Init(&sha1Context);
- SHA1_Update(&sha1Context, MasterKey, 16);
- SHA1_Update(&sha1Context, SHApad1, sizeof(SHApad1));
- SHA1_Update(&sha1Context, s, 84);
- SHA1_Update(&sha1Context, SHApad2, sizeof(SHApad2));
- SHA1_Final(Digest, &sha1Context);
-
- BCOPY(Digest, mppe_send_key, sizeof(mppe_send_key));
-
- /*
- * generate recv key
- */
- if (IsServer)
- s = Magic2;
- else
- s = Magic3;
- SHA1_Init(&sha1Context);
- SHA1_Update(&sha1Context, MasterKey, 16);
- SHA1_Update(&sha1Context, SHApad1, sizeof(SHApad1));
- SHA1_Update(&sha1Context, s, 84);
- SHA1_Update(&sha1Context, SHApad2, sizeof(SHApad2));
- SHA1_Final(Digest, &sha1Context);
-
- BCOPY(Digest, mppe_recv_key, sizeof(mppe_recv_key));
-
- mppe_keys_set = 1;
+ mppe_set_chapv1(rchallenge, PasswordHashHash);
}
/*
SetMasterKeys(char *secret, int secret_len, u_char NTResponse[24], int IsServer)
{
u_char unicodePassword[MAX_NT_PASSWORD * 2];
- u_char PasswordHash[MD4_SIGNATURE_SIZE];
- u_char PasswordHashHash[MD4_SIGNATURE_SIZE];
+ u_char PasswordHash[MD4_DIGEST_LENGTH];
+ u_char PasswordHashHash[MD4_DIGEST_LENGTH];
/* Hash (x2) the Unicode version of the secret (== password). */
ascii2unicode(secret, secret_len, unicodePassword);
NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash);
NTPasswordHash(PasswordHash, sizeof(PasswordHash), PasswordHashHash);
- mppe_set_keys2(PasswordHashHash, NTResponse, IsServer);
+ mppe_set_chapv2(PasswordHashHash, NTResponse, IsServer);
}
-#endif /* MPPE */
+#endif /* PPP_WITH_MPPE */
void
ChapMS_NT(rchallenge, secret, secret_len, &response[MS_CHAP_NTRESP]);
-#ifdef MSLANMAN
+#ifdef PPP_WITH_MSLANMAN
ChapMS_LANMan(rchallenge, secret, secret_len,
&response[MS_CHAP_LANMANRESP]);
response[MS_CHAP_USENT] = 1;
#endif
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
Set_Start_Key(rchallenge, secret, secret_len);
#endif
}
* Authenticator Response.
*/
void
-ChapMS2(u_char *rchallenge, u_char *PeerChallenge,
+ChapMS2(unsigned char *rchallenge, unsigned char *PeerChallenge,
char *user, char *secret, int secret_len, unsigned char *response,
u_char authResponse[], int authenticator)
{
&response[MS_CHAP2_PEER_CHALLENGE],
rchallenge, user, authResponse);
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
SetMasterKeys(secret, secret_len,
&response[MS_CHAP2_NTRESP], authenticator);
#endif
}
-#ifdef MPPE
-/*
- * Set MPPE options from plugins.
- */
-void
-set_mppe_enc_types(int policy, int types)
-{
- /* Early exit for unknown policies. */
- if (policy != MPPE_ENC_POL_ENC_ALLOWED ||
- policy != MPPE_ENC_POL_ENC_REQUIRED)
- return;
-
- /* Don't modify MPPE if it's optional and wasn't already configured. */
- if (policy == MPPE_ENC_POL_ENC_ALLOWED && !ccp_wantoptions[0].mppe)
- return;
-
- /*
- * Disable undesirable encryption types. Note that we don't ENABLE
- * any encryption types, to avoid overriding manual configuration.
- */
- switch(types) {
- case MPPE_ENC_TYPES_RC4_40:
- ccp_wantoptions[0].mppe &= ~MPPE_OPT_128; /* disable 128-bit */
- break;
- case MPPE_ENC_TYPES_RC4_128:
- ccp_wantoptions[0].mppe &= ~MPPE_OPT_40; /* disable 40-bit */
- break;
- default:
- break;
- }
-}
-#endif /* MPPE */
static struct chap_digest_type chapms_digest = {
CHAP_MICROSOFT, /* code */
chapms_handle_failure,
};
+#ifndef UNIT_TEST
void
chapms_init(void)
{
chap_register_digest(&chapms_digest);
chap_register_digest(&chapms2_digest);
- add_options(chapms_option_list);
+ ppp_add_options(chapms_option_list);
+}
+#else
+
+#include <time.h>
+
+int debug = 1;
+int error_count = 0;
+int unsuccess = 0;
+
+void random_bytes(unsigned char *bytes, int len)
+{
+ int i = 0;
+ srand(time(NULL));
+ while (i < len) {
+ bytes[i++] = (unsigned char) rand();
+ }
+}
+
+
+int test_chap_v1(void) {
+ char *secret = "MyPw";
+
+ unsigned char challenge[8] = {
+ 0x10, 0x2D, 0xB5, 0xDF, 0x08, 0x5D, 0x30, 0x41
+ };
+ unsigned char response[MS_CHAP_RESPONSE_LEN] = {
+ };
+ unsigned char result[MS_CHAP_RESPONSE_LEN] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+
+ 0x4E, 0x9D, 0x3C, 0x8F, 0x9C, 0xFD, 0x38, 0x5D,
+ 0x5B, 0xF4, 0xD3, 0x24, 0x67, 0x91, 0x95, 0x6C,
+ 0xA4, 0xC3, 0x51, 0xAB, 0x40, 0x9A, 0x3D, 0x61,
+
+ 0x01
+ };
+
+ ChapMS(challenge, secret, strlen(secret), response);
+ return memcmp(response, result, MS_CHAP_RESPONSE_LEN);
+}
+
+int test_chap_v2(void) {
+ char *secret = "clientPass";
+ char *name = "User";
+
+ char saresponse[MS_AUTH_RESPONSE_LENGTH+1];
+ char *saresult = "407A5589115FD0D6209F510FE9C04566932CDA56";
+
+ unsigned char authenticator[16] = {
+ 0x5B, 0x5D, 0x7C, 0x7D, 0x7B, 0x3F, 0x2F, 0x3E,
+ 0x3C, 0x2C, 0x60, 0x21, 0x32, 0x26, 0x26, 0x28
+ };
+ unsigned char peerchallenge[16] = {
+ 0x21, 0x40, 0x23, 0x24, 0x25, 0x5E, 0x26, 0x2A,
+ 0x28, 0x29, 0x5F, 0x2B, 0x3A, 0x33, 0x7C, 0x7E
+ };
+ unsigned char result[MS_CHAP_NTRESP_LEN] = {
+ 0x82, 0x30, 0x9E, 0xCD, 0x8D, 0x70, 0x8B, 0x5E,
+ 0xA0, 0x8F, 0xAA, 0x39, 0x81, 0xCD, 0x83, 0x54,
+ 0x42, 0x33, 0x11, 0x4A, 0x3D, 0x85, 0xD6, 0xDF
+ };
+
+ unsigned char response[MS_CHAP2_RESPONSE_LEN] = {
+ };
+
+ ChapMS2(authenticator, peerchallenge, name,
+ secret, strlen(secret), response,
+ (unsigned char *)saresponse, MS_CHAP2_AUTHENTICATOR);
+
+ return memcmp(&response[MS_CHAP2_NTRESP], result, MS_CHAP2_NTRESP_LEN) ||
+ strncmp(saresponse, saresult, MS_AUTH_RESPONSE_LENGTH);
}
-#endif /* CHAPMS */
+int main(int argc, char *argv[]) {
+
+ PPP_crypto_init();
+
+ if (test_chap_v1()) {
+ printf("CHAPv1 failed\n");
+ return -1;
+ }
+
+ if (test_chap_v2()) {
+ printf("CHAPv2 failed\n");
+ return -1;
+ }
+
+ PPP_crypto_deinit();
+
+ printf("Success\n");
+ return 0;
+}
+
+#endif /* UNIT_TEST */
+
* $Id: chap_ms.h,v 1.13 2004/11/15 22:13:26 paulus Exp $
*/
-#ifndef __CHAPMS_INCLUDE__
+#ifndef PPP_CHAPMS_H
+#define PPP_CHAPMS_H
+
+#include "pppdconf.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
-#define MD4_SIGNATURE_SIZE 16 /* 16 bytes in a MD4 message digest */
#define MAX_NT_PASSWORD 256 /* Max (Unicode) chars in an NT pass */
#define MS_CHAP_RESPONSE_LEN 49 /* Response length for MS-CHAP */
#define MS_CHAP2_RESPONSE_LEN 49 /* Response length for MS-CHAPv2 */
#define MS_AUTH_RESPONSE_LENGTH 40 /* MS-CHAPv2 authenticator response, */
+#define MS_AUTH_NTRESP_LEN 24 /* Length of NT-response field */
/* as ASCII */
/* E=eeeeeeeeee error codes for MS-CHAP failure messages. */
#define MS_CHAP2_NTRESP_LEN 24
#define MS_CHAP2_FLAGS 48
-#ifdef MPPE
-#include "mppe.h" /* MPPE_MAX_KEY_LEN */
-extern u_char mppe_send_key[MPPE_MAX_KEY_LEN];
-extern u_char mppe_recv_key[MPPE_MAX_KEY_LEN];
-extern int mppe_keys_set;
-
-/* These values are the RADIUS attribute values--see RFC 2548. */
-#define MPPE_ENC_POL_ENC_ALLOWED 1
-#define MPPE_ENC_POL_ENC_REQUIRED 2
-#define MPPE_ENC_TYPES_RC4_40 2
-#define MPPE_ENC_TYPES_RC4_128 4
-
-/* used by plugins (using above values) */
-extern void set_mppe_enc_types(int, int);
-#endif
-
/* Are we the authenticator or authenticatee? For MS-CHAPv2 key derivation. */
#define MS_CHAP2_AUTHENTICATEE 0
#define MS_CHAP2_AUTHENTICATOR 1
void ChapMS (u_char *, char *, int, u_char *);
void ChapMS2 (u_char *, u_char *, char *, char *, int,
u_char *, u_char[MS_AUTH_RESPONSE_LENGTH+1], int);
-#ifdef MPPE
-void mppe_set_keys (u_char *, u_char[MD4_SIGNATURE_SIZE]);
-void mppe_set_keys2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
- u_char NTResponse[24], int IsServer);
-#endif
-void ChallengeHash (u_char[16], u_char *, char *, u_char[8]);
+void ChallengeHash (u_char[16], u_char *, char *, u_char[8]);
+
-void GenerateAuthenticatorResponse(u_char PasswordHashHash[MD4_SIGNATURE_SIZE],
- u_char NTResponse[24], u_char PeerChallenge[16],
- u_char *rchallenge, char *username,
- u_char authResponse[MS_AUTH_RESPONSE_LENGTH+1]);
+/**
+ * PasswordHashHash - 16 bytes representing the NT Password Hash Hash
+ * NTResponse - 24 bytes represending the NTResponse parameter
+ * PeerChallenge - 16 bytes challange for peer
+ * rchallenge - 16 bytes challenge provided by peer
+ * authResponse - 24 + 1 byte to store the authenticator response
+ */
+void GenerateAuthenticatorResponse(unsigned char *PasswordHashHash,
+ unsigned char *NTResponse, unsigned char *PeerChallenge,
+ unsigned char *rchallenge, char *username,
+ unsigned char *authResponse);
void chapms_init(void);
-#define __CHAPMS_INCLUDE__
-#endif /* __CHAPMS_INCLUDE__ */
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* PPP_CHAPMS_H */
--- /dev/null
+/* ppp-crypo-priv.h - Crypto private data structures
+ *
+ * Copyright (c) 2022 Eivind Næss. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#ifndef PPP_CRYPTO_PRIV_H
+#define PPP_CRYPTO_PRIV_H
+
+#include "crypto.h"
+
+#define MAX_KEY_SIZE 32
+#define MAX_IV_SIZE 32
+
+struct _PPP_MD
+{
+ int (*init_fn)(PPP_MD_CTX *ctx);
+ int (*update_fn)(PPP_MD_CTX *ctx, const void *data, size_t cnt);
+ int (*final_fn)(PPP_MD_CTX *ctx, unsigned char *out, unsigned int *outlen);
+ void (*clean_fn)(PPP_MD_CTX *ctx);
+};
+
+struct _PPP_MD_CTX
+{
+ PPP_MD md;
+ void *priv;
+};
+
+struct _PPP_CIPHER
+{
+ int (*init_fn)(PPP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv);
+ int (*update_fn)(PPP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl);
+ int (*final_fn)(PPP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
+ void (*clean_fn)(PPP_CIPHER_CTX *ctx);
+};
+
+struct _PPP_CIPHER_CTX
+{
+ PPP_CIPHER cipher;
+ unsigned char key[MAX_KEY_SIZE];
+ unsigned char iv[MAX_IV_SIZE];
+ int is_encr;
+ void *priv;
+};
+
+
+#endif
--- /dev/null
+/* ppp-crypto.c - Generic API for access to crypto/digest functions.
+ *
+ * Copyright (c) 2022 Eivind Næss. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <stdlib.h>
+#include <string.h>
+
+#include "crypto.h"
+#include "crypto-priv.h"
+
+#ifdef PPP_WITH_OPENSSL
+#include <openssl/opensslv.h>
+#endif
+
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+#include <openssl/provider.h>
+struct crypto_ctx {
+
+ OSSL_PROVIDER *legacy;
+ OSSL_PROVIDER *provider;
+} g_crypto_ctx;
+#endif
+
+PPP_MD_CTX *PPP_MD_CTX_new()
+{
+ return (PPP_MD_CTX*) calloc(1, sizeof(PPP_MD_CTX));
+}
+
+void PPP_MD_CTX_free(PPP_MD_CTX* ctx)
+{
+ if (ctx) {
+ if (ctx->md.clean_fn) {
+ ctx->md.clean_fn(ctx);
+ }
+ free(ctx);
+ }
+}
+
+int PPP_DigestInit(PPP_MD_CTX *ctx, const PPP_MD *type)
+{
+ if (ctx) {
+ ctx->md = *type;
+ if (ctx->md.init_fn) {
+ return ctx->md.init_fn(ctx);
+ }
+ }
+ return 0;
+}
+
+int PPP_DigestUpdate(PPP_MD_CTX *ctx, const void *data, size_t length)
+{
+ if (ctx && ctx->md.update_fn) {
+ return ctx->md.update_fn(ctx, data, length);
+ }
+ return 0;
+}
+
+int PPP_DigestFinal(PPP_MD_CTX *ctx, unsigned char *out, unsigned int *outlen)
+{
+ if (ctx && ctx->md.final_fn) {
+ return ctx->md.final_fn(ctx, out, outlen);
+ }
+ return 0;
+}
+
+PPP_CIPHER_CTX *PPP_CIPHER_CTX_new(void)
+{
+ return calloc(1, sizeof(PPP_CIPHER_CTX));
+}
+
+void PPP_CIPHER_CTX_free(PPP_CIPHER_CTX *ctx)
+{
+ if (ctx) {
+ if (ctx->cipher.clean_fn) {
+ ctx->cipher.clean_fn(ctx);
+ }
+ memset(ctx->iv, 0, sizeof(ctx->iv));
+ memset(ctx->key, 0, sizeof(ctx->key));
+ free(ctx);
+ }
+}
+
+int PPP_CipherInit(PPP_CIPHER_CTX *ctx, const PPP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv, int encr)
+{
+ if (ctx && cipher) {
+ ctx->is_encr = encr;
+ ctx->cipher = *cipher;
+ if (ctx->cipher.init_fn) {
+ ctx->cipher.init_fn(ctx, key, iv);
+ }
+ return 1;
+ }
+ return 0;
+}
+
+int PPP_CipherUpdate(PPP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl)
+{
+ if (ctx && ctx->cipher.update_fn) {
+ return ctx->cipher.update_fn(ctx, out, outl, in, inl);
+ }
+ return 0;
+}
+
+int PPP_CipherFinal(PPP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+ if (ctx && ctx->cipher.final_fn) {
+ return ctx->cipher.final_fn(ctx, out, outl);
+ }
+ return 0;
+}
+
+int PPP_crypto_init()
+{
+ int retval = 0;
+
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ g_crypto_ctx.legacy = OSSL_PROVIDER_load(NULL, "legacy");
+ if (g_crypto_ctx.legacy == NULL)
+ {
+ goto done;
+ }
+
+ g_crypto_ctx.provider = OSSL_PROVIDER_load(NULL, "default");
+ if (g_crypto_ctx.provider == NULL)
+ {
+ goto done;
+ }
+#endif
+ retval = 1;
+
+done:
+
+ return retval;
+}
+
+int PPP_crypto_deinit()
+{
+#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+ if (g_crypto_ctx.legacy) {
+ OSSL_PROVIDER_unload(g_crypto_ctx.legacy);
+ g_crypto_ctx.legacy = NULL;
+ }
+
+ if (g_crypto_ctx.provider) {
+ OSSL_PROVIDER_unload(g_crypto_ctx.provider);
+ g_crypto_ctx.provider = NULL;
+ }
+#endif
+ return 1;
+}
+
+#ifdef UNIT_TEST
+#include <stdio.h>
+
+int test_md4()
+{
+ PPP_MD_CTX* ctx = NULL;
+ int success = 0;
+
+ unsigned char data[84] = {
+ 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63,
+ 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69,
+ 0x64, 0x65, 0x2c, 0x20, 0x74, 0x68, 0x69, 0x73,
+ 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20,
+ 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79,
+ 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65,
+ 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20,
+ 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74,
+ 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20,
+ 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
+ 0x6b, 0x65, 0x79, 0x2e
+ };
+
+ unsigned int hash_len;
+ unsigned char hash[MD4_DIGEST_LENGTH];
+ unsigned char result[MD4_DIGEST_LENGTH] = {
+ 0x58, 0xcb, 0x37, 0x91, 0x1d, 0x06, 0x7b, 0xdf,
+ 0xfd, 0x48, 0x6d, 0x87, 0x4a, 0x35, 0x5b, 0xd4
+ };
+
+ ctx = PPP_MD_CTX_new();
+ if (ctx) {
+
+ if (PPP_DigestInit(ctx, PPP_md4())) {
+
+ if (PPP_DigestUpdate(ctx, &data, sizeof(data))) {
+
+ hash_len = sizeof(hash);
+ if (PPP_DigestFinal(ctx, hash, &hash_len)) {
+
+ if (memcmp(hash, result, MD4_DIGEST_LENGTH) == 0) {
+ success = 1;
+ }
+ }
+ }
+ }
+ PPP_MD_CTX_free(ctx);
+ }
+
+ return success;
+}
+
+int test_md5()
+{
+ PPP_MD_CTX* ctx = NULL;
+ int success = 0;
+
+ unsigned char data[84] = {
+ 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63,
+ 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69,
+ 0x64, 0x65, 0x2c, 0x20, 0x74, 0x68, 0x69, 0x73,
+ 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20,
+ 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79,
+ 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65,
+ 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20,
+ 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74,
+ 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20,
+ 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
+ 0x6b, 0x65, 0x79, 0x2e
+ };
+
+ unsigned int hash_len;
+ unsigned char hash[MD5_DIGEST_LENGTH];
+ unsigned char result[MD5_DIGEST_LENGTH] = {
+ 0x8b, 0xe3, 0x5e, 0x2c, 0x9f, 0x95, 0xbf, 0x4e,
+ 0x16, 0xe4, 0x53, 0xbe, 0x52, 0xf4, 0xbc, 0x4e
+ };
+
+ ctx = PPP_MD_CTX_new();
+ if (ctx) {
+
+ if (PPP_DigestInit(ctx, PPP_md5())) {
+
+ if (PPP_DigestUpdate(ctx, &data, sizeof(data))) {
+
+ hash_len = sizeof(hash);
+ if (PPP_DigestFinal(ctx, hash, &hash_len)) {
+
+ if (memcmp(hash, result, MD5_DIGEST_LENGTH) == 0) {
+ success = 1;
+ }
+ }
+ }
+ }
+ PPP_MD_CTX_free(ctx);
+ }
+
+ return success;
+}
+
+int test_sha()
+{
+ PPP_MD_CTX* ctx = NULL;
+ int success = 0;
+
+ unsigned char data[84] = {
+ 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63,
+ 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69,
+ 0x64, 0x65, 0x2c, 0x20, 0x74, 0x68, 0x69, 0x73,
+ 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20,
+ 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79,
+ 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65,
+ 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20,
+ 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74,
+ 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20,
+ 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
+ 0x6b, 0x65, 0x79, 0x2e
+ };
+
+ unsigned int hash_len;
+ unsigned char hash[SHA_DIGEST_LENGTH];
+ unsigned char result[SHA_DIGEST_LENGTH] = {
+ 0xa8, 0x03, 0xae, 0x21, 0x30, 0xd8, 0x40, 0xbe,
+ 0x27, 0xa3, 0x47, 0xc7, 0x7a, 0x90, 0xe6, 0xa3,
+ 0x5b, 0xd5, 0x0e, 0x45
+ };
+
+ ctx = PPP_MD_CTX_new();
+ if (ctx) {
+
+ if (PPP_DigestInit(ctx, PPP_sha1())) {
+
+ if (PPP_DigestUpdate(ctx, &data, sizeof(data))) {
+
+ hash_len = sizeof(hash);
+ if (PPP_DigestFinal(ctx, hash, &hash_len)) {
+
+ if (memcmp(hash, result, SHA_DIGEST_LENGTH) == 0) {
+ success = 1;
+ }
+ }
+ }
+ }
+ PPP_MD_CTX_free(ctx);
+ }
+
+ return success;
+}
+
+int test_des_encrypt()
+{
+ PPP_CIPHER_CTX* ctx = NULL;
+ int success = 0;
+
+ unsigned char key[8] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
+ };
+
+ unsigned char plain[80] = {
+ 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63,
+ 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69,
+ 0x64, 0x65, 0x2c, 0x20, 0x74, 0x68, 0x69, 0x73,
+ 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20,
+ 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79,
+ 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65,
+ 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20,
+ 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74,
+ 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20,
+ 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20
+ };
+ unsigned char expect[80] = {
+ 0x45, 0xdb, 0x80, 0x45, 0x16, 0xd0, 0x6d, 0x60,
+ 0x92, 0x23, 0x4b, 0xd3, 0x9d, 0x36, 0xb8, 0x1a,
+ 0xa4, 0x1a, 0xf7, 0xb1, 0x60, 0xfb, 0x74, 0x16,
+ 0xa6, 0xdc, 0xe1, 0x14, 0xb7, 0xed, 0x48, 0x5a,
+ 0x2b, 0xed, 0x68, 0x9d, 0x19, 0xd6, 0xb1, 0xb8,
+ 0x91, 0xff, 0xea, 0x62, 0xac, 0xe7, 0x49, 0xdd,
+ 0xfa, 0x4d, 0xa4, 0x01, 0x3f, 0xea, 0xca, 0xb4,
+ 0xb6, 0xdc, 0xd3, 0x04, 0x45, 0x07, 0x74, 0xed,
+ 0xa6, 0xdc, 0xe1, 0x14, 0xb7, 0xed, 0x48, 0x5a,
+ 0xbb, 0x9b, 0x13, 0x31, 0xf4, 0xa9, 0x32, 0x49
+ };
+
+ unsigned char cipher[80] = {};
+ int cipher_len = 0;
+ int offset = 0;
+
+
+ ctx = PPP_CIPHER_CTX_new();
+ if (ctx) {
+
+ if (PPP_CipherInit(ctx, PPP_des_ecb(), key, NULL, 1)) {
+
+ if (PPP_CipherUpdate(ctx, cipher, &cipher_len, plain, sizeof(plain))) {
+
+ offset += cipher_len;
+
+ if (PPP_CipherFinal(ctx, cipher+offset, &cipher_len)) {
+
+ if (memcmp(cipher, expect, 80) == 0) {
+
+ success = 1;
+ }
+ }
+ }
+ }
+ PPP_CIPHER_CTX_free(ctx);
+ }
+
+ return success;
+}
+
+
+int test_des_decrypt()
+{
+ PPP_CIPHER_CTX* ctx = NULL;
+ int success = 0;
+
+ unsigned char key[8] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07
+ };
+
+ unsigned char cipher[80] = {
+ 0x45, 0xdb, 0x80, 0x45, 0x16, 0xd0, 0x6d, 0x60,
+ 0x92, 0x23, 0x4b, 0xd3, 0x9d, 0x36, 0xb8, 0x1a,
+ 0xa4, 0x1a, 0xf7, 0xb1, 0x60, 0xfb, 0x74, 0x16,
+ 0xa6, 0xdc, 0xe1, 0x14, 0xb7, 0xed, 0x48, 0x5a,
+ 0x2b, 0xed, 0x68, 0x9d, 0x19, 0xd6, 0xb1, 0xb8,
+ 0x91, 0xff, 0xea, 0x62, 0xac, 0xe7, 0x49, 0xdd,
+ 0xfa, 0x4d, 0xa4, 0x01, 0x3f, 0xea, 0xca, 0xb4,
+ 0xb6, 0xdc, 0xd3, 0x04, 0x45, 0x07, 0x74, 0xed,
+ 0xa6, 0xdc, 0xe1, 0x14, 0xb7, 0xed, 0x48, 0x5a,
+ 0xbb, 0x9b, 0x13, 0x31, 0xf4, 0xa9, 0x32, 0x49
+ };
+
+ unsigned char expect[80] = {
+ 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63,
+ 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69,
+ 0x64, 0x65, 0x2c, 0x20, 0x74, 0x68, 0x69, 0x73,
+ 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20,
+ 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79,
+ 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65,
+ 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20,
+ 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74,
+ 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20,
+ 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20
+ };
+
+ unsigned char plain[80] = {};
+ int outlen = 0;
+ int offset = 0;
+
+ ctx = PPP_CIPHER_CTX_new();
+ if (ctx) {
+
+ if (PPP_CipherInit(ctx, PPP_des_ecb(), key, NULL, 0)) {
+
+ if (PPP_CipherUpdate(ctx, plain, &outlen, cipher, sizeof(cipher))) {
+
+ offset += outlen;
+
+ if (PPP_CipherFinal(ctx, plain+offset, &outlen)) {
+
+ if (memcmp(plain, expect, 80) == 0) {
+
+ success = 1;
+ }
+ }
+ }
+ }
+ PPP_CIPHER_CTX_free(ctx);
+ }
+
+ return success;
+}
+
+int main(int argc, char *argv[])
+{
+ int failure = 0;
+
+ if (!PPP_crypto_init()) {
+ printf("Couldn't initialize crypto test\n");
+ return -1;
+ }
+
+ if (!test_md4()) {
+ printf("MD4 test failed\n");
+ failure++;
+ }
+
+ if (!test_md5()) {
+ printf("MD5 test failed\n");
+ failure++;
+ }
+
+ if (!test_sha()) {
+ printf("SHA test failed\n");
+ failure++;
+ }
+
+ if (!test_des_encrypt()) {
+ printf("DES encryption test failed\n");
+ failure++;
+ }
+
+ if (!test_des_decrypt()) {
+ printf("DES decryption test failed\n");
+ failure++;
+ }
+
+ if (!PPP_crypto_deinit()) {
+ printf("Couldn't deinitialize crypto test\n");
+ return -1;
+ }
+
+ return failure;
+}
+
+#endif
--- /dev/null
+/* ppp-crypto.h - Generic API for access to crypto/digest functions.
+ *
+ * Copyright (c) 2022 Eivind Næss. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef PPP_CRYPTO_H
+#define PPP_CRYPTO_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifndef MD5_DIGEST_LENGTH
+#define MD5_DIGEST_LENGTH 16
+#endif
+
+#ifndef MD4_DIGEST_LENGTH
+#define MD4_DIGEST_LENGTH 16
+#endif
+
+#ifndef SHA_DIGEST_LENGTH
+#define SHA_DIGEST_LENGTH 20
+#endif
+
+struct _PPP_MD_CTX;
+struct _PPP_MD;
+
+typedef struct _PPP_MD_CTX PPP_MD_CTX;
+typedef struct _PPP_MD PPP_MD;
+
+/*
+ * Create a new Message Digest context object
+ */
+PPP_MD_CTX *PPP_MD_CTX_new();
+
+/*
+ * Free the Message Digest context
+ */
+void PPP_MD_CTX_free(PPP_MD_CTX*);
+
+/*
+ * Fetch the MD4 algorithm
+ */
+const PPP_MD *PPP_md4(void);
+
+/*
+ * Fetch the MD5 algorithm
+ */
+const PPP_MD *PPP_md5(void);
+
+/*
+ * Fetch the SHA1 algorithm
+ */
+const PPP_MD *PPP_sha1(void);
+
+/*
+ * Initializes a context object
+ */
+int PPP_DigestInit(PPP_MD_CTX *ctx,
+ const PPP_MD *type);
+
+/*
+ * For each iteration update the context with more input
+ */
+int PPP_DigestUpdate(PPP_MD_CTX *ctx,
+ const void *data, size_t cnt);
+
+/*
+ * Perform the final operation, and output the digest
+ */
+int PPP_DigestFinal(PPP_MD_CTX *ctx,
+ unsigned char *out, unsigned int *outlen);
+
+
+struct _PPP_CIPHER_CTX;
+struct _PPP_CIPHER;
+
+typedef struct _PPP_CIPHER_CTX PPP_CIPHER_CTX;
+typedef struct _PPP_CIPHER PPP_CIPHER;
+
+
+/*
+ * Create a new Cipher Context
+ */
+PPP_CIPHER_CTX *PPP_CIPHER_CTX_new(void);
+
+/*
+ * Release the Cipher Context
+ */
+void PPP_CIPHER_CTX_free(PPP_CIPHER_CTX *ctx);
+
+/*
+ * Fetch the DES in ECB mode cipher algorithm
+ */
+const PPP_CIPHER *PPP_des_ecb(void);
+
+/*
+ * Set the particular data directly
+ */
+void PPP_CIPHER_CTX_set_cipher_data(PPP_CIPHER_CTX *ctx,
+ const unsigned char *key);
+
+/*
+ * Initialize the crypto operation
+ */
+int PPP_CipherInit(PPP_CIPHER_CTX *ctx,
+ const PPP_CIPHER *cipher,
+ const unsigned char *key,
+ const unsigned char *iv,
+ int encr);
+
+/*
+ * Encrypt input data, and store it in the output buffer
+ */
+int PPP_CipherUpdate(PPP_CIPHER_CTX *ctx,
+ unsigned char *out, int *outl,
+ const unsigned char *in, int inl);
+
+/*
+ * Finish the crypto operation, and fetch any outstanding bytes
+ */
+int PPP_CipherFinal(PPP_CIPHER_CTX *ctx,
+ unsigned char *out, int *outl);
+
+/*
+ * Global initialization, must be called once per process
+ */
+int PPP_crypto_init();
+
+/*
+ * Global deinitialization
+ */
+int PPP_crypto_deinit();
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // PPP_CRYPTO_H
--- /dev/null
+/*
+ * pppcrypt.c - PPP/DES linkage for MS-CHAP and EAP SRP-SHA1
+ *
+ * Extracted from chap_ms.c by James Carlson.
+ *
+ * Copyright (c) 1995 Eric Rosenquist. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sections of this code holds different copyright information.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <stddef.h>
+
+#include "crypto.h"
+#include "crypto_ms.h"
+
+
+/*
+ * DES_set_odd_parity function are imported from openssl 3.0 project with the
+ * follwoing license:
+ *
+ * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+typedef unsigned char DES_cblock[8];
+#define DES_KEY_SZ (sizeof(DES_cblock))
+
+static const unsigned char odd_parity[256] = {
+ 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14,
+ 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31,
+ 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47,
+ 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62,
+ 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79,
+ 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94,
+ 97, 97, 98, 98, 100, 100, 103, 103, 104, 104, 107, 107, 109, 109, 110,
+ 110,
+ 112, 112, 115, 115, 117, 117, 118, 118, 121, 121, 122, 122, 124, 124, 127,
+ 127,
+ 128, 128, 131, 131, 133, 133, 134, 134, 137, 137, 138, 138, 140, 140, 143,
+ 143,
+ 145, 145, 146, 146, 148, 148, 151, 151, 152, 152, 155, 155, 157, 157, 158,
+ 158,
+ 161, 161, 162, 162, 164, 164, 167, 167, 168, 168, 171, 171, 173, 173, 174,
+ 174,
+ 176, 176, 179, 179, 181, 181, 182, 182, 185, 185, 186, 186, 188, 188, 191,
+ 191,
+ 193, 193, 194, 194, 196, 196, 199, 199, 200, 200, 203, 203, 205, 205, 206,
+ 206,
+ 208, 208, 211, 211, 213, 213, 214, 214, 217, 217, 218, 218, 220, 220, 223,
+ 223,
+ 224, 224, 227, 227, 229, 229, 230, 230, 233, 233, 234, 234, 236, 236, 239,
+ 239,
+ 241, 241, 242, 242, 244, 244, 247, 247, 248, 248, 251, 251, 253, 253, 254,
+ 254
+};
+
+static void DES_set_odd_parity(DES_cblock *key)
+{
+ unsigned int i;
+ for (i = 0; i < DES_KEY_SZ; i++)
+ (*key)[i] = odd_parity[(*key)[i]];
+}
+
+static unsigned char
+Get7Bits(const unsigned char *input, int startBit)
+{
+ unsigned int word;
+
+ word = (unsigned)input[startBit / 8] << 8;
+ word |= (unsigned)input[startBit / 8 + 1];
+
+ word >>= 15 - (startBit % 8 + 7);
+
+ return word & 0xFE;
+}
+
+static void
+MakeKey(const unsigned char *key, unsigned char *des_key)
+{
+ /* key IN 56 bit DES key missing parity bits */
+ /* des_key OUT 64 bit DES key with parity bits added */
+ des_key[0] = Get7Bits(key, 0);
+ des_key[1] = Get7Bits(key, 7);
+ des_key[2] = Get7Bits(key, 14);
+ des_key[3] = Get7Bits(key, 21);
+ des_key[4] = Get7Bits(key, 28);
+ des_key[5] = Get7Bits(key, 35);
+ des_key[6] = Get7Bits(key, 42);
+ des_key[7] = Get7Bits(key, 49);
+
+ DES_set_odd_parity((DES_cblock *)des_key);
+}
+
+int
+DesEncrypt(const unsigned char *clear, const unsigned char *key, unsigned char *cipher)
+{
+ int retval = 0;
+ unsigned int clen = 0;
+ unsigned char des_key[8];
+
+ PPP_CIPHER_CTX *ctx = PPP_CIPHER_CTX_new();
+ if (ctx) {
+
+ MakeKey(key, des_key);
+
+ if (PPP_CipherInit(ctx, PPP_des_ecb(), des_key, NULL, 1)) {
+
+ if (PPP_CipherUpdate(ctx, cipher, &clen, clear, 8)) {
+
+ if (PPP_CipherFinal(ctx, cipher + clen, &clen)) {
+
+ retval = 1;
+ }
+ }
+ }
+
+ PPP_CIPHER_CTX_free(ctx);
+ }
+
+ return (retval);
+}
+
+int
+DesDecrypt(const unsigned char *cipher, const unsigned char *key, unsigned char *clear)
+{
+ int retval = 0;
+ unsigned int clen = 0;
+ unsigned char des_key[8];
+
+ PPP_CIPHER_CTX *ctx = PPP_CIPHER_CTX_new();
+ if (ctx) {
+
+ MakeKey(key, des_key);
+
+ if (PPP_CipherInit(ctx, PPP_des_ecb(), des_key, NULL, 0)) {
+
+ if (PPP_CipherUpdate(ctx, clear, &clen, cipher, 8)) {
+
+ if (PPP_CipherFinal(ctx, clear + clen, &clen)) {
+
+ retval = 1;
+ }
+ }
+ }
+
+ PPP_CIPHER_CTX_free(ctx);
+ }
+
+ return (retval);
+}
+
+#ifdef UNIT_TEST_MSCRYPTO
+
+#include <string.h>
+#include <stdio.h>
+
+/**
+ * The test-vectors are taken from RFC2759.
+ */
+int test_encrypt()
+{
+ unsigned char Challenge[8] = {
+ 0xD0, 0x2E, 0x43, 0x86, 0xBC, 0xE9, 0x12, 0x26
+ };
+
+ unsigned char ZPasswordHash[24] = {
+ 0x44, 0xEB, 0xBA, 0x8D, 0x53, 0x12, 0xB8, 0xD6,
+ 0x11, 0x47, 0x44, 0x11, 0xF5, 0x69, 0x89, 0xAE
+ };
+
+ unsigned char expected[24] = {
+ 0x82, 0x30, 0x9E, 0xCD, 0x8D, 0x70, 0x8B, 0x5E,
+ 0xA0, 0x8F, 0xAA, 0x39, 0x81, 0xCD, 0x83, 0x54,
+ 0x42, 0x33, 0x11, 0x4A, 0x3D, 0x85, 0xD6, 0xDF
+ };
+ unsigned char response[24] = {};
+ unsigned int retval = 0;
+
+ DesEncrypt(Challenge, ZPasswordHash + 0, response + 0);
+ DesEncrypt(Challenge, ZPasswordHash + 7, response + 8);
+ DesEncrypt(Challenge, ZPasswordHash + 14, response + 16);
+
+ return memcmp(response, expected, sizeof(response)) == 0;
+}
+
+int test_decrypt()
+{
+ unsigned char Challenge[8] = {
+ 0xD0, 0x2E, 0x43, 0x86, 0xBC, 0xE9, 0x12, 0x26
+ };
+
+ unsigned char ZPasswordHash[24] = {
+ 0x44, 0xEB, 0xBA, 0x8D, 0x53, 0x12, 0xB8, 0xD6,
+ 0x11, 0x47, 0x44, 0x11, 0xF5, 0x69, 0x89, 0xAE
+ };
+
+ unsigned char Response[24] = {
+ 0x82, 0x30, 0x9E, 0xCD, 0x8D, 0x70, 0x8B, 0x5E,
+ 0xA0, 0x8F, 0xAA, 0x39, 0x81, 0xCD, 0x83, 0x54,
+ 0x42, 0x33, 0x11, 0x4A, 0x3D, 0x85, 0xD6, 0xDF
+ };
+ unsigned char Output[8];
+ unsigned int failure = 0;
+
+ if (DesDecrypt(Response + 0, ZPasswordHash + 0, Output)) {
+ failure += memcmp(Challenge, Output, sizeof(Challenge));
+ }
+
+ if (DesDecrypt(Response + 8, ZPasswordHash + 7, Output)) {
+ failure += memcmp(Challenge, Output, sizeof(Challenge));
+ }
+
+ if (DesDecrypt(Response +16, ZPasswordHash +14, Output)) {
+ failure += memcmp(Challenge, Output, sizeof(Challenge));
+ }
+
+ return failure == 0;
+}
+
+int main(int argc, char *argv[])
+{
+ int failure = 0;
+
+ if (!PPP_crypto_init()) {
+ printf("Couldn't initialize crypto test\n");
+ return -1;
+ }
+
+ if (!test_encrypt()) {
+ printf("CHAP DES encryption test failed\n");
+ failure++;
+ }
+
+ if (!test_decrypt()) {
+ printf("CHAP DES decryption test failed\n");
+ failure++;
+ }
+
+ if (!PPP_crypto_deinit()) {
+ printf("Couldn't deinitialize crypto test\n");
+ return -1;
+ }
+
+ return failure;
+}
+
+#endif
--- /dev/null
+/*
+ * pppcrypt.c - PPP/DES linkage for MS-CHAP and EAP SRP-SHA1
+ *
+ * Extracted from chap_ms.c by James Carlson.
+ * Updated to better reflect RFC2759 by Eivind Naess
+ *
+ * Copyright (c) 2022 Eivind Naess. All rights reserved.
+ * Copyright (c) 1995 Eric Rosenquist. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#ifndef PPP_PPPCRYPT_H
+#define PPP_PPPCRYPT_H
+
+#include "pppdconf.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/**
+ * This is the DES encrypt functions as described by RFC2759.
+ *
+ * Parameters:
+ * const unsigned char *clear:
+ * A 8 byte input array to be encrypted
+ *
+ * const unsigned char *key:
+ * A raw 7-byte array to be expanded to 8 with odd-parity
+ *
+ * unsigned char *cipher:
+ * A 8 byte outut array providing space for the output data
+ *
+ * DesEncrypt returns 1 on success
+ */
+int DesEncrypt(const unsigned char *clear, const unsigned char *key,
+ unsigned char *cipher);
+
+/**
+ * This is the DES decrypt functions as described by RFC2759.
+ *
+ * Parameters:
+ * const unsigned char *cipher:
+ * A 8 byte input array to be decrypted
+ *
+ * const unsigned char *key:
+ * A raw 7-byte array to be expanded to a 8-byte key with odd-parity
+ *
+ * unsigned char *clear:
+ * A 8 byte output array providing space for the output data
+ *
+ * DesDecrypt returns 1 on success
+ */
+int DesDecrypt(const unsigned char *cipher, const unsigned char *key,
+ unsigned char *clear);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* PPP_PPPCRYPT_H */
* 3. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
#define RCSID "$Id: demand.c,v 1.20 2005/08/25 12:14:18 paulus Exp $"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/resource.h>
#include <sys/stat.h>
#include <sys/socket.h>
-#ifdef PPP_FILTER
+#ifdef PPP_WITH_FILTER
#include <pcap-bpf.h>
#endif
-#include "pppd.h"
+#include "pppd-private.h"
#include "fsm.h"
#include "ipcp.h"
#include "lcp.h"
flush_flag = 0;
fcs = PPP_INITFCS;
- netif_set_mtu(0, MIN(lcp_allowoptions[0].mru, PPP_MRU));
+ ppp_set_mtu(0, MIN(lcp_allowoptions[0].mru, PPP_MRU));
if (ppp_send_config(0, PPP_MRU, (u_int32_t) 0, 0, 0) < 0
|| ppp_recv_config(0, PPP_MRU, (u_int32_t) 0, 0, 0) < 0)
fatal("Couldn't set up demand-dialled PPP interface: %m");
-#ifdef PPP_FILTER
+#ifdef PPP_WITH_FILTER
set_filters(&pass_filter, &active_filter);
#endif
0xf78f, 0xe606, 0xd49d, 0xc514, 0xb1ab, 0xa022, 0x92b9, 0x8330,
0x7bc7, 0x6a4e, 0x58d5, 0x495c, 0x3de3, 0x2c6a, 0x1ef1, 0x0f78
};
+#define PPP_FCS(fcs, c) (((fcs) >> 8) ^ fcstab[((fcs) ^ (c)) & 0xff])
/*
* loop_chars - process characters received from the loopback.
if (len < PPP_HDRLEN)
return 0;
proto = PPP_PROTOCOL(p);
-#ifdef PPP_FILTER
+#ifdef PPP_WITH_FILTER
p[0] = 1; /* outbound packet indicator */
if ((pass_filter.bf_len != 0
&& bpf_filter(pass_filter.bf_insns, p, len, len) == 0)
*
*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include <string.h>
#include <strings.h>
#include <unistd.h>
#include <fcntl.h>
#include <openssl/conf.h>
+#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
+#endif
+#include <openssl/ssl.h>
#include <openssl/hmac.h>
#include <openssl/err.h>
#include <openssl/ui.h>
#include <openssl/x509v3.h>
+#include <openssl/pkcs12.h>
-#include "pppd.h"
+#include "pppd-private.h"
+#include "tls.h"
#include "eap.h"
#include "eap-tls.h"
#include "fsm.h"
#include "lcp.h"
+#include "chap_ms.h"
+#include "mppe.h"
#include "pathnames.h"
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER)
+#define SSL3_RT_HEADER 0x100
+#endif
+
typedef struct pw_cb_data
{
const void *password;
const char *prompt_info;
} PW_CB_DATA;
+#ifndef OPENSSL_NO_ENGINE
/* The openssl configuration file and engines can be loaded only once */
static CONF *ssl_config = NULL;
static ENGINE *cert_engine = NULL;
static ENGINE *pkey_engine = NULL;
+#endif
/* TLSv1.3 do we have a session ticket ? */
static int have_session_ticket = 0;
-int ssl_verify_callback(int, X509_STORE_CTX *);
void ssl_msg_callback(int write_p, int version, int ct, const void *buf,
size_t len, SSL * ssl, void *arg);
int ssl_new_session_cb(SSL *s, SSL_SESSION *sess);
-X509 *get_X509_from_file(char *filename);
-int ssl_cmp_certs(char *filename, X509 * a);
-
-#ifdef MPPE
-
+#ifdef PPP_WITH_MPPE
#define EAPTLS_MPPE_KEY_LEN 32
-/*
- * OpenSSL 1.1+ introduced a generic TLS_method()
- * For older releases we substitute the appropriate method
- */
-
-#if OPENSSL_VERSION_NUMBER < 0x10100000L
-
-#define TLS_method SSLv23_method
-
-#define SSL3_RT_HEADER 0x100
-
-#ifndef SSL_CTX_set_max_proto_version
-/** Mimics SSL_CTX_set_max_proto_version for OpenSSL < 1.1 */
-static inline int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, long tls_ver_max)
-{
- long sslopt = 0;
-
- if (tls_ver_max < TLS1_VERSION)
- {
- sslopt |= SSL_OP_NO_TLSv1;
- }
-#ifdef SSL_OP_NO_TLSv1_1
- if (tls_ver_max < TLS1_1_VERSION)
- {
- sslopt |= SSL_OP_NO_TLSv1_1;
- }
-#endif
-#ifdef SSL_OP_NO_TLSv1_2
- if (tls_ver_max < TLS1_2_VERSION)
- {
- sslopt |= SSL_OP_NO_TLSv1_2;
- }
-#endif
- SSL_CTX_set_options(ctx, sslopt);
-
- return 1;
-}
-#endif /* SSL_CTX_set_max_proto_version */
-
-#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
-
-
/*
* Generate keys according to RFC 2716 and add to reply
*/
*/
if (client)
{
- p = out;
- BCOPY( p, mppe_send_key, sizeof(mppe_send_key) );
- p += EAPTLS_MPPE_KEY_LEN;
- BCOPY( p, mppe_recv_key, sizeof(mppe_recv_key) );
+ mppe_set_keys(out, out + EAPTLS_MPPE_KEY_LEN, EAPTLS_MPPE_KEY_LEN);
}
else
{
- p = out;
- BCOPY( p, mppe_recv_key, sizeof(mppe_recv_key) );
- p += EAPTLS_MPPE_KEY_LEN;
- BCOPY( p, mppe_send_key, sizeof(mppe_send_key) );
- }
-
- mppe_keys_set = 1;
-}
-
-#endif /* MPPE */
-
-void log_ssl_errors( void )
-{
- unsigned long ssl_err = ERR_get_error();
-
- if (ssl_err != 0)
- dbglog("EAP-TLS SSL error stack:");
- while (ssl_err != 0) {
- dbglog( ERR_error_string( ssl_err, NULL ) );
- ssl_err = ERR_get_error();
+ mppe_set_keys(out + EAPTLS_MPPE_KEY_LEN, out, EAPTLS_MPPE_KEY_LEN);
}
}
+#endif /* PPP_WITH_MPPE */
int password_callback (char *buf, int size, int rwflag, void *u)
{
config = NCONF_new( NULL );
dbglog( "Loading OpenSSL config file" );
- ret_code = NCONF_load( config, _PATH_OPENSSLCONFFILE, &error_line );
+ ret_code = NCONF_load( config, PPP_PATH_OPENSSLCONFFILE, &error_line );
if (ret_code == 0)
{
- warn( "EAP-TLS: Error in OpenSSL config file %s at line %d", _PATH_OPENSSLCONFFILE, error_line );
+ warn( "EAP-TLS: Error in OpenSSL config file %s at line %d", PPP_PATH_OPENSSLCONFFILE, error_line );
NCONF_free( config );
config = NULL;
ERR_clear_error();
}
dbglog( "Loading OpenSSL built-ins" );
+#ifndef OPENSSL_NO_ENGINE
ENGINE_load_builtin_engines();
+#endif
OPENSSL_load_builtin_modules();
dbglog( "Loading OpenSSL configured modules" );
if (CONF_modules_load( config, NULL, 0 ) <= 0 )
{
warn( "EAP-TLS: Error loading OpenSSL modules" );
- log_ssl_errors();
+ tls_log_sslerr();
config = NULL;
}
return config;
}
+#ifndef OPENSSL_NO_ENGINE
ENGINE *eaptls_ssl_load_engine( char *engine_name )
{
ENGINE *e = NULL;
|| !ENGINE_ctrl_cmd_string(e, "LOAD", NULL, 0))
{
warn( "EAP-TLS: Error loading dynamic engine '%s'", engine_name );
- log_ssl_errors();
+ tls_log_sslerr();
ENGINE_free(e);
e = NULL;
}
if(!ENGINE_set_default(e, ENGINE_METHOD_ALL))
{
warn( "EAP-TLS: Cannot use that engine" );
- log_ssl_errors();
+ tls_log_sslerr();
ENGINE_free(e);
e = NULL;
}
return e;
}
+#endif
+#ifndef OPENSSL_NO_ENGINE
+static int eaptls_UI_writer(UI *ui, UI_STRING *uis)
+{
+ PW_CB_DATA* cb_data = (PW_CB_DATA*)UI_get0_user_data(ui);
+ UI_set_result(ui, uis, cb_data->password);
+ return 1;
+}
+
+static int eaptls_UI_stub(UI* ui) {
+ return 1;
+}
+
+static int eaptls_UI_reader(UI *ui, UI_STRING *uis) {
+ return 1;
+}
+#endif
/*
* Initialize the SSL stacks and tests if certificates, key and crl
* for client or server use can be loaded.
*/
SSL_CTX *eaptls_init_ssl(int init_server, char *cacertfile, char *capath,
- char *certfile, char *peer_certfile, char *privkeyfile)
+ char *certfile, char *privkeyfile, char *pkcs12)
{
+#ifndef OPENSSL_NO_ENGINE
char *cert_engine_name = NULL;
- char *cert_identifier = NULL;
char *pkey_engine_name = NULL;
- char *pkey_identifier = NULL;
+ char *idx;
+#endif
SSL_CTX *ctx;
SSL *ssl;
- X509_STORE *certstore;
- X509_LOOKUP *lookup;
X509 *tmp;
+ X509 *cert = NULL;
+ PKCS12 *p12 = NULL;
+ EVP_PKEY *pkey = NULL;
+ STACK_OF(X509) *chain = NULL;
+ BIO *input;
int ret;
-#if defined(TLS1_2_VERSION)
- long tls_version = TLS1_2_VERSION;
-#elif defined(TLS1_1_VERSION)
- long tls_version = TLS1_1_VERSION;
-#else
- long tls_version = TLS1_VERSION;
-#endif
+ int reason;
/*
* Without these can't continue
*/
- if (!(cacertfile[0] || capath[0]))
+ if (!pkcs12[0])
{
- error("EAP-TLS: CA certificate file or path missing");
- return NULL;
- }
+ if (!(cacertfile[0] || capath[0]))
+ {
+ error("EAP-TLS: CA certificate file or path missing");
+ return NULL;
+ }
- if (!certfile[0])
- {
- error("EAP-TLS: Certificate missing");
- return NULL;
- }
+ if (!certfile[0])
+ {
+ error("EAP-TLS: Certificate missing");
+ return NULL;
+ }
- if (!privkeyfile[0])
- {
- error("EAP-TLS: Private key missing");
- return NULL;
+ if (!privkeyfile[0])
+ {
+ error("EAP-TLS: Private key missing");
+ return NULL;
+ }
}
- SSL_library_init();
- SSL_load_error_strings();
+ tls_init();
+#ifndef OPENSSL_NO_ENGINE
/* load the openssl config file only once and load it before triggering
the loading of a global openssl config file via SSL_CTX_new()
*/
if (!ssl_config)
ssl_config = eaptls_ssl_load_config();
+#endif
- ctx = SSL_CTX_new(TLS_method());
-
+ ctx = SSL_CTX_new(tls_method());
if (!ctx) {
error("EAP-TLS: Cannot initialize SSL CTX context");
goto fail;
}
+#ifndef OPENSSL_NO_ENGINE
/* if the certificate filename is of the form engine:id. e.g.
pkcs11:12345
then we try to load and use this engine.
If the certificate filename starts with a / or . then we
ALWAYS assume it is a file and not an engine/pkcs11 identifier
*/
- if ( index( certfile, '/' ) == NULL && index( certfile, '.') == NULL )
+ if ( (idx = index( certfile, ':' )) != NULL )
{
- cert_identifier = index( certfile, ':' );
-
- if (cert_identifier)
- {
- cert_engine_name = certfile;
- *cert_identifier = '\0';
- cert_identifier++;
+ cert_engine_name = strdup( certfile );
+ cert_engine_name[idx - certfile] = 0;
- dbglog( "Found certificate engine '%s'", cert_engine_name );
- dbglog( "Found certificate identifier '%s'", cert_identifier );
- }
+ dbglog( "Using engine '%s' for certificate, URI: '%s'",
+ cert_engine_name, certfile );
}
/* if the privatekey filename is of the form engine:id. e.g.
If the privatekey filename starts with a / or . then we
ALWAYS assume it is a file and not an engine/pkcs11 identifier
*/
- if ( index( privkeyfile, '/' ) == NULL && index( privkeyfile, '.') == NULL )
+ if ( (idx = index( privkeyfile, ':' )) != NULL )
{
- pkey_identifier = index( privkeyfile, ':' );
-
- if (pkey_identifier)
- {
- pkey_engine_name = privkeyfile;
- *pkey_identifier = '\0';
- pkey_identifier++;
+ pkey_engine_name = strdup( privkeyfile );
+ pkey_engine_name[idx - privkeyfile] = 0;
- dbglog( "Found privatekey engine '%s'", pkey_engine_name );
- dbglog( "Found privatekey identifier '%s'", pkey_identifier );
- }
+ dbglog( "Using engine '%s' for private key, URI: '%s'",
+ pkey_engine_name, privkeyfile );
}
- if (cert_identifier && pkey_identifier)
+ if (cert_engine_name && pkey_engine_name)
{
- if (strlen( cert_identifier ) == 0)
+ if (strlen( certfile ) - strlen( cert_engine_name ) == 1)
{
- if (strlen( pkey_identifier ) == 0)
+ if (strlen( privkeyfile ) - strlen( pkey_engine_name ) == 1)
error( "EAP-TLS: both the certificate and privatekey identifiers are missing!" );
else
{
dbglog( "Substituting privatekey identifier for certificate identifier" );
- cert_identifier = pkey_identifier;
+ certfile = privkeyfile;
}
}
else
{
- if (strlen( pkey_identifier ) == 0)
+ if (strlen( privkeyfile ) - strlen( pkey_engine_name ) == 1)
{
dbglog( "Substituting certificate identifier for privatekey identifier" );
- pkey_identifier = cert_identifier;
+ privkeyfile = certfile;
}
}
}
pkey_engine = eaptls_ssl_load_engine( pkey_engine_name );
}
- SSL_CTX_set_default_passwd_cb (ctx, password_callback);
+ if (cert_engine_name)
+ free(cert_engine_name);
- if (strlen(cacertfile) == 0) cacertfile = NULL;
- if (strlen(capath) == 0) capath = NULL;
+ if (pkey_engine_name)
+ free(pkey_engine_name);
- if (!SSL_CTX_load_verify_locations(ctx, cacertfile, capath))
- {
- error("EAP-TLS: Cannot load verify locations");
- if (cacertfile) dbglog("CA certificate file = [%s]", cacertfile);
- if (capath) dbglog("CA certificate path = [%s]", capath);
+#endif
+
+ SSL_CTX_set_default_passwd_cb (ctx, password_callback);
+
+ if (tls_set_ca(ctx, capath, cacertfile) != 0) {
goto fail;
}
if (init_server)
SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(cacertfile));
+#ifndef OPENSSL_NO_ENGINE
if (cert_engine)
{
struct
X509 *cert;
} cert_info;
- cert_info.s_slot_cert_id = cert_identifier;
+ cert_info.s_slot_cert_id = certfile;
cert_info.cert = NULL;
if (!ENGINE_ctrl_cmd( cert_engine, "LOAD_CERT_CTRL", 0, &cert_info, NULL, 0 ) )
{
- error( "EAP-TLS: Error loading certificate with id '%s' from engine", cert_identifier );
+ error( "EAP-TLS: Error loading certificate with URI '%s' from engine", certfile );
goto fail;
}
if (cert_info.cert)
{
- dbglog( "Got the certificate, adding it to SSL context" );
+ dbglog( "Got the certificate" );
dbglog( "subject = %s", X509_NAME_oneline( X509_get_subject_name( cert_info.cert ), NULL, 0 ) );
- if (SSL_CTX_use_certificate(ctx, cert_info.cert) <= 0)
+ cert = cert_info.cert;
+ }
+ else
+ {
+ warn("EAP-TLS: Cannot load key with URI: '%s'", certfile );
+ tls_log_sslerr();
+ }
+ }
+ else
+#endif
+ {
+ if (pkcs12[0])
+ {
+ input = BIO_new_file(pkcs12, "r");
+ if (input == NULL)
+ {
+ error("EAP-TLS: Cannot open `%s' PKCS12 for input", pkcs12);
+ goto fail;
+ }
+
+ p12 = d2i_PKCS12_bio(input, NULL);
+ BIO_free(input);
+ if (!p12)
+ {
+ error("EAP-TLS: Cannot load PKCS12 certificate");
+ goto fail;
+ }
+
+ if (PKCS12_parse(p12, passwd, &pkey, &cert, &chain) != 1)
{
- error("EAP-TLS: Cannot use PKCS11 certificate %s", cert_identifier);
+ error("EAP-TLS: Cannot parse PKCS12 certificate, invalid password");
+ PKCS12_free(p12);
goto fail;
}
+
+ PKCS12_free(p12);
}
- else
+ else
{
- warn("EAP-TLS: Cannot load PKCS11 key %s", cert_identifier);
- log_ssl_errors();
+ if (!SSL_CTX_use_certificate_chain_file(ctx, certfile))
+ {
+ error( "EAP-TLS: Cannot load certificate %s", certfile );
+ goto fail;
+ }
}
}
- else
+
+ if (cert)
{
- if (!SSL_CTX_use_certificate_chain_file(ctx, certfile))
+ if (!SSL_CTX_use_certificate(ctx, cert))
{
- error( "EAP-TLS: Cannot use public certificate %s", certfile );
+ error("EAP-TLS: Cannot use load certificate");
goto fail;
}
- }
+ if (chain)
+ {
+ int i;
+ for (i = 0; i < sk_X509_num(chain); i++)
+ {
+ if (!SSL_CTX_add_extra_chain_cert(ctx, sk_X509_value(chain, i)))
+ {
+ error("EAP-TLS: Cannot add extra chain certificate");
+ goto fail;
+ }
+ }
+ }
+ }
/*
* Check the Before and After dates of the certificate
}
SSL_free(ssl);
+#ifndef OPENSSL_NO_ENGINE
if (pkey_engine)
{
- EVP_PKEY *pkey = NULL;
PW_CB_DATA cb_data;
cb_data.password = passwd;
- cb_data.prompt_info = pkey_identifier;
+ cb_data.prompt_info = privkeyfile;
if (passwd[0] != 0)
{
UI_METHOD* transfer_pin = UI_create_method("transfer_pin");
- int writer (UI *ui, UI_STRING *uis)
- {
- PW_CB_DATA* cb_data = (PW_CB_DATA*)UI_get0_user_data(ui);
- UI_set_result(ui, uis, cb_data->password);
- return 1;
- };
- int stub (UI* ui) {return 1;};
- int stub_reader (UI *ui, UI_STRING *uis) {return 1;};
-
- UI_method_set_writer(transfer_pin, writer);
- UI_method_set_opener(transfer_pin, stub);
- UI_method_set_closer(transfer_pin, stub);
- UI_method_set_flusher(transfer_pin, stub);
- UI_method_set_reader(transfer_pin, stub_reader);
-
- dbglog( "Using our private key '%s' in engine", pkey_identifier );
- pkey = ENGINE_load_private_key(pkey_engine, pkey_identifier, transfer_pin, &cb_data);
+ UI_method_set_writer(transfer_pin, eaptls_UI_writer);
+ UI_method_set_opener(transfer_pin, eaptls_UI_stub);
+ UI_method_set_closer(transfer_pin, eaptls_UI_stub);
+ UI_method_set_flusher(transfer_pin, eaptls_UI_stub);
+ UI_method_set_reader(transfer_pin, eaptls_UI_reader);
+
+ dbglog( "Using our private key URI: '%s' in engine", privkeyfile );
+ pkey = ENGINE_load_private_key(pkey_engine, privkeyfile, transfer_pin, &cb_data);
if (transfer_pin) UI_destroy_method(transfer_pin);
}
else {
- dbglog( "Loading private key '%s' from engine", pkey_identifier );
- pkey = ENGINE_load_private_key(pkey_engine, pkey_identifier, NULL, NULL);
+ dbglog( "Loading private key URI: '%s' from engine", privkeyfile );
+ pkey = ENGINE_load_private_key(pkey_engine, privkeyfile, NULL, NULL);
}
- if (pkey)
+ }
+ else
+#endif
+ {
+ if (!pkey)
{
- dbglog( "Got the private key, adding it to SSL context" );
- if (SSL_CTX_use_PrivateKey(ctx, pkey) <= 0)
+ input = BIO_new_file(privkeyfile, "r");
+ if (!input)
{
- error("EAP-TLS: Cannot use PKCS11 key %s", pkey_identifier);
+ error("EAP-TLS: Could not open private key, %s", privkeyfile);
+ goto fail;
+ }
+
+ pkey = PEM_read_bio_PrivateKey(input, NULL, password_callback, NULL);
+ BIO_free(input);
+ if (!pkey)
+ {
+ error("EAP-TLS: Cannot load private key, %s", privkeyfile);
goto fail;
}
- }
- else
- {
- warn("EAP-TLS: Cannot load PKCS11 key %s", pkey_identifier);
- log_ssl_errors();
}
}
- else
+
+ if (SSL_CTX_use_PrivateKey(ctx, pkey) != 1)
{
- if (!SSL_CTX_use_PrivateKey_file(ctx, privkeyfile, SSL_FILETYPE_PEM))
- {
- error("EAP-TLS: Cannot use private key %s", privkeyfile);
- goto fail;
- }
+ error("EAP-TLS: Cannot use private key");
+ goto fail;
}
- if (SSL_CTX_check_private_key(ctx) != 1) {
- error("EAP-TLS: Private key %s fails security check", privkeyfile);
+ if (SSL_CTX_check_private_key(ctx) != 1)
+ {
+ error("EAP-TLS: Private key fails security check");
goto fail;
}
- /* Explicitly set the NO_TICKETS flag to support Win7/Win8 clients */
- SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3
-#ifdef SSL_OP_NO_TICKET
- | SSL_OP_NO_TICKET
-#endif
- );
-
- /* OpenSSL 1.1.1+ does not include RC4 ciphers by default.
- * This causes totally obsolete WinXP clients to fail. If you really
- * need ppp+EAP-TLS+openssl 1.1.1+WinXP then enable RC4 cipers and
- * make sure that you use an OpenSSL that supports them
-
- SSL_CTX_set_cipher_list(ctx, "RC4");
- */
-
+ /* Configure the default options */
+ tls_set_opts(ctx);
/* Set up a SSL Session cache with a callback. This is needed for TLSv1.3+.
* During the initial handshake the server signals to the client early on
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_CLIENT | SSL_SESS_CACHE_NO_INTERNAL_STORE);
SSL_CTX_sess_set_new_cb(ctx, ssl_new_session_cb);
- /* As EAP-TLS+TLSv1.3 is highly experimental we offer the user a chance to override */
- if (max_tls_version)
- {
- if (strncmp(max_tls_version, "1.0", 3) == 0)
- tls_version = TLS1_VERSION;
- else if (strncmp(max_tls_version, "1.1", 3) == 0)
- tls_version = TLS1_1_VERSION;
- else if (strncmp(max_tls_version, "1.2", 3) == 0)
-#ifdef TLS1_2_VERSION
- tls_version = TLS1_2_VERSION;
-#else
- {
- warn("TLSv1.2 not available. Defaulting to TLSv1.1");
- tls_version = TLS_1_1_VERSION;
- }
-#endif
- else if (strncmp(max_tls_version, "1.3", 3) == 0)
-#ifdef TLS1_3_VERSION
- tls_version = TLS1_3_VERSION;
-#else
- warn("TLSv1.3 not available.");
-#endif
- }
-
- dbglog("EAP-TLS: Setting max protocol version to 0x%X", tls_version);
- SSL_CTX_set_max_proto_version(ctx, tls_version);
-
- SSL_CTX_set_verify_depth(ctx, 5);
- SSL_CTX_set_verify(ctx,
- SSL_VERIFY_PEER |
- SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
- &ssl_verify_callback);
+ /* Configure the maximum SSL version */
+ tls_set_version(ctx, max_tls_version);
- if (crl_dir) {
- if (!(certstore = SSL_CTX_get_cert_store(ctx))) {
- error("EAP-TLS: Failed to get certificate store");
- goto fail;
- }
-
- if (!(lookup =
- X509_STORE_add_lookup(certstore, X509_LOOKUP_hash_dir()))) {
- error("EAP-TLS: Store lookup for CRL failed");
-
- goto fail;
- }
-
- X509_LOOKUP_add_dir(lookup, crl_dir, X509_FILETYPE_PEM);
- X509_STORE_set_flags(certstore, X509_V_FLAG_CRL_CHECK);
+ /* Configure the callback */
+ if (tls_set_verify(ctx, 5)) {
+ goto fail;
}
- if (crl_file) {
- FILE *fp = NULL;
- X509_CRL *crl = NULL;
+ /* Configure CRL check (if any) */
+ if (tls_set_crl(ctx, crl_dir, crl_file)) {
+ goto fail;
+ }
- fp = fopen(crl_file, "r");
- if (!fp) {
- error("EAP-TLS: Cannot open CRL file '%s'", crl_file);
- goto fail;
- }
+ return ctx;
- crl = PEM_read_X509_CRL(fp, NULL, NULL, NULL);
- if (!crl) {
- error("EAP-TLS: Cannot read CRL file '%s'", crl_file);
- goto fail;
- }
+fail:
- if (!(certstore = SSL_CTX_get_cert_store(ctx))) {
- error("EAP-TLS: Failed to get certificate store");
- goto fail;
- }
- if (!X509_STORE_add_crl(certstore, crl)) {
- error("EAP-TLS: Cannot add CRL to certificate store");
- goto fail;
- }
- X509_STORE_set_flags(certstore, X509_V_FLAG_CRL_CHECK);
+ if (cert)
+ X509_free(cert);
- }
+ if (pkey)
+ EVP_PKEY_free(pkey);
- /*
- * If a peer certificate file was specified, it must be valid, else fail
- */
- if (peer_certfile[0]) {
- if (!(tmp = get_X509_from_file(peer_certfile))) {
- error("EAP-TLS: Error loading client certificate from file %s",
- peer_certfile);
- goto fail;
- }
- X509_free(tmp);
- }
+ if (chain)
+ sk_X509_pop_free(chain, X509_free);
- return ctx;
-
-fail:
- log_ssl_errors();
+ tls_log_sslerr();
SSL_CTX_free(ctx);
return NULL;
}
char cacertfile[MAXWORDLEN];
char capath[MAXWORDLEN];
char pkfile[MAXWORDLEN];
+ char pkcs12[MAXWORDLEN];
+
/*
* Allocate new eaptls session
*/
if (!esp->es_server.ea_session)
fatal("Allocation error");
ets = esp->es_server.ea_session;
- ets->client = 0;
if (!esp->es_server.ea_peer) {
error("EAP-TLS: Error: client name not set (BUG)");
return 0;
}
- strlcpy(ets->peer, esp->es_server.ea_peer, MAXWORDLEN-1);
-
dbglog( "getting eaptls secret" );
if (!get_eaptls_secret(esp->es_unit, esp->es_server.ea_peer,
esp->es_server.ea_name, clicertfile,
- servcertfile, cacertfile, capath, pkfile, 1)) {
+ servcertfile, cacertfile, capath, pkfile, pkcs12, 1)) {
error( "EAP-TLS: Cannot get secret/password for client \"%s\", server \"%s\"",
esp->es_server.ea_peer, esp->es_server.ea_name );
return 0;
ets->mtu = eaptls_get_mtu(esp->es_unit);
- ets->ctx = eaptls_init_ssl(1, cacertfile, capath, servcertfile, clicertfile, pkfile);
+ ets->ctx = eaptls_init_ssl(1, cacertfile, capath, servcertfile, pkfile, pkcs12);
if (!ets->ctx)
goto fail;
if (!(ets->ssl = SSL_new(ets->ctx)))
goto fail;
+ if (tls_set_verify_info(ets->ssl, esp->es_server.ea_peer,
+ clicertfile, 0, &ets->info))
+ goto fail;
+
/*
* Set auto-retry to avoid timeouts on BIO_read
*/
SSL_set_msg_callback(ets->ssl, ssl_msg_callback);
SSL_set_msg_callback_arg(ets->ssl, ets);
- /*
- * Attach the session struct to the connection, so we can later
- * retrieve it when doing certificate verification
- */
- SSL_set_ex_data(ets->ssl, 0, ets);
-
SSL_set_accept_state(ets->ssl);
ets->tls_v13 = 0;
ets->datalen = 0;
ets->alert_sent = 0;
ets->alert_recv = 0;
-
- /*
- * If we specified the client certificate file, store it in ets->peercertfile,
- * so we can check it later in ssl_verify_callback()
- */
- if (clicertfile[0])
- strlcpy(&ets->peercertfile[0], clicertfile, MAXWORDLEN);
- else
- ets->peercertfile[0] = 0;
-
return 1;
fail:
char cacertfile[MAXWORDLEN];
char capath[MAXWORDLEN];
char pkfile[MAXWORDLEN];
+ char pkcs12[MAXWORDLEN];
/*
* Allocate new eaptls session
if (!esp->es_client.ea_session)
fatal("Allocation error");
ets = esp->es_client.ea_session;
- ets->client = 1;
-
- /*
- * If available, copy server name in ets; it will be used in cert
- * verify
- */
- if (esp->es_client.ea_peer)
- strlcpy(ets->peer, esp->es_client.ea_peer, MAXWORDLEN-1);
- else
- ets->peer[0] = 0;
-
ets->mtu = eaptls_get_mtu(esp->es_unit);
dbglog( "calling get_eaptls_secret" );
if (!get_eaptls_secret(esp->es_unit, esp->es_client.ea_name,
- ets->peer, clicertfile,
- servcertfile, cacertfile, capath, pkfile, 0)) {
+ esp->es_client.ea_peer, clicertfile,
+ servcertfile, cacertfile, capath, pkfile, pkcs12, 0)) {
error( "EAP-TLS: Cannot get secret/password for client \"%s\", server \"%s\"",
- esp->es_client.ea_name, ets->peer );
+ esp->es_client.ea_name, esp->es_client.ea_peer);
return 0;
}
dbglog( "calling eaptls_init_ssl" );
- ets->ctx = eaptls_init_ssl(0, cacertfile, capath, clicertfile, servcertfile, pkfile);
+ ets->ctx = eaptls_init_ssl(0, cacertfile, capath, clicertfile, pkfile, pkcs12);
if (!ets->ctx)
goto fail;
ets->ssl = SSL_new(ets->ctx);
-
if (!ets->ssl)
goto fail;
+ if (tls_set_verify_info(ets->ssl, esp->es_client.ea_peer,
+ servcertfile, 0, &ets->info))
+ goto fail;
+
/*
* Initialize the BIOs we use to read/write to ssl engine
*/
SSL_set_msg_callback(ets->ssl, ssl_msg_callback);
SSL_set_msg_callback_arg(ets->ssl, ets);
-
- /*
- * Attach the session struct to the connection, so we can later
- * retrieve it when doing certificate verification
- */
- SSL_set_ex_data(ets->ssl, 0, ets);
-
SSL_set_connect_state(ets->ssl);
ets->tls_v13 = 0;
ets->datalen = 0;
ets->alert_sent = 0;
ets->alert_recv = 0;
-
- /*
- * If we specified the server certificate file, store it in
- * ets->peercertfile, so we can check it later in
- * ssl_verify_callback()
- */
- if (servcertfile[0])
- strlcpy(ets->peercertfile, servcertfile, MAXWORDLEN);
- else
- ets->peercertfile[0] = 0;
-
return 1;
fail:
if (ets->ctx)
SSL_CTX_free(ets->ctx);
+ if (ets->info)
+ tls_free_verify_info(&ets->info);
+
free(ets);
}
}
if (BIO_write(ets->into_ssl, ets->data, ets->datalen) == -1)
- log_ssl_errors();
+ tls_log_sslerr();
SSL_read(ets->ssl, dummy, 65536);
INCPTR(ets->rtx_len, *outp);
}
-/*
- * Verify a certificate.
- * Most of the work (signatures and issuer attributes checking)
- * is done by ssl; we check the CN in the peer certificate
- * against the peer name.
- */
-int ssl_verify_callback(int ok, X509_STORE_CTX * ctx)
-{
- char subject[256];
- char cn_str[256];
- X509 *peer_cert;
- int err, depth;
- SSL *ssl;
- struct eaptls_session *ets;
- char *ptr1 = NULL, *ptr2 = NULL;
-
- peer_cert = X509_STORE_CTX_get_current_cert(ctx);
- err = X509_STORE_CTX_get_error(ctx);
- depth = X509_STORE_CTX_get_error_depth(ctx);
-
- dbglog("certificate verify depth: %d", depth);
-
- if (auth_required && !ok) {
- X509_NAME_oneline(X509_get_subject_name(peer_cert),
- subject, 256);
-
- X509_NAME_get_text_by_NID(X509_get_subject_name(peer_cert),
- NID_commonName, cn_str, 256);
-
- dbglog("Certificate verification error:\n depth: %d CN: %s"
- "\n err: %d (%s)\n", depth, cn_str, err,
- X509_verify_cert_error_string(err));
-
- return 0;
- }
-
- ssl = X509_STORE_CTX_get_ex_data(ctx,
- SSL_get_ex_data_X509_STORE_CTX_idx());
-
- ets = (struct eaptls_session *)SSL_get_ex_data(ssl, 0);
-
- if (ets == NULL) {
- error("Error: SSL_get_ex_data returned NULL");
- return 0;
- }
-
- log_ssl_errors();
-
- if (!depth)
- {
- /* Verify certificate based on certificate type and extended key usage */
- if (tls_verify_key_usage) {
- int purpose = ets->client ? X509_PURPOSE_SSL_SERVER : X509_PURPOSE_SSL_CLIENT ;
- if (X509_check_purpose(peer_cert, purpose, 0) == 0) {
- error("Certificate verification error: nsCertType mismatch");
- return 0;
- }
-
-#if OPENSSL_VERSION_NUMBER >= 0x10100000L
- int flags = ets->client ? XKU_SSL_SERVER : XKU_SSL_CLIENT;
- if (!(X509_get_extended_key_usage(peer_cert) & flags)) {
- error("Certificate verification error: invalid extended key usage");
- return 0;
- }
-#endif
- info("Certificate key usage: OK");
- }
-
- /*
- * If acting as client and the name of the server wasn't specified
- * explicitely, we can't verify the server authenticity
- */
- if (!ets->peer[0] || !strcmp(tls_verify_method, TLS_VERIFY_NONE)) {
- warn("Certificate verication disabled or no peer name was specified");
- return ok;
- }
-
- /* This is the peer certificate */
- X509_NAME_oneline(X509_get_subject_name(peer_cert),
- subject, 256);
-
- X509_NAME_get_text_by_NID(X509_get_subject_name(peer_cert),
- NID_commonName, cn_str, 256);
-
- /* Verify based on subject name */
- ptr1 = ets->peer;
- if (!strcmp(TLS_VERIFY_SUBJECT, tls_verify_method)) {
- ptr2 = subject;
- }
-
- /* Verify based on common name (default) */
- if (strlen(tls_verify_method) == 0 ||
- !strcmp(TLS_VERIFY_NAME, tls_verify_method)) {
- ptr2 = cn_str;
- }
-
- /* Match the suffix of common name */
- if (!strcmp(TLS_VERIFY_SUFFIX, tls_verify_method)) {
- int len = strlen(ptr1);
- int off = strlen(cn_str) - len;
- ptr2 = cn_str;
- if (off > 0) {
- ptr2 = cn_str + off;
- }
- }
-
- if (strcmp(ptr1, ptr2)) {
- error("Certificate verification error: CN (%s) != %s", ptr1, ptr2);
- return 0;
- }
-
- info("Certificate CN: %s, peer name %s", cn_str, ets->peer);
-
- /*
- * If a peer certificate file was specified, here we check it
- */
- if (ets->peercertfile[0]) {
- if (ssl_cmp_certs(&ets->peercertfile[0], peer_cert)
- != 0) {
- error
- ("Peer certificate doesn't match stored certificate");
- return 0;
- }
- }
- }
-
- return ok;
-}
-
-/*
- * Compare a certificate with the one stored in a file
- */
-int ssl_cmp_certs(char *filename, X509 * a)
-{
- X509 *b;
- int ret;
-
- if (!(b = get_X509_from_file(filename)))
- return 1;
-
- ret = X509_cmp(a, b);
- X509_free(b);
-
- return ret;
-
-}
-
-X509 *get_X509_from_file(char *filename)
-{
- FILE *fp;
- X509 *ret;
-
- if (!(fp = fopen(filename, "r")))
- return NULL;
-
- ret = PEM_read_X509(fp, NULL, NULL, NULL);
-
- fclose(fp);
-
- return ret;
-}
-
/*
* Every sent & received message this callback function is invoked,
* so we know when alert messages have arrived or are sent and
*
*/
-#ifndef __EAP_TLS_H__
-#define __EAP_TLS_H__
+#ifndef PPP_EAP_TLS_H
+#define PPP_EAP_TLS_H
+#include "pppdconf.h"
#include "eap.h"
#include <openssl/ssl.h>
#define EAP_TLS_MAX_LEN 65536 /* max eap tls packet size */
+struct tls_info;
+
struct eaptls_session
{
u_char *data; /* buffered data */
SSL *ssl; /* ssl connection */
BIO *from_ssl;
BIO *into_ssl;
- char peer[MAXWORDLEN]; /* peer name */
char peercertfile[MAXWORDLEN];
bool alert_sent;
u_char alert_sent_desc;
char rtx[EAP_TLS_MAX_LEN]; /* retransmission buffer */
int rtx_len;
int mtu; /* unit mtu */
- bool client;
+ struct tls_info *info;
};
SSL_CTX *eaptls_init_ssl(int init_server, char *cacertfile, char *capath,
- char *certfile, char *peer_certfile, char *privkeyfile);
+ char *certfile, char *privkeyfile, char *pkcs12);
int eaptls_init_ssl_server(eap_state * esp);
int eaptls_init_ssl_client(eap_state * esp);
void eaptls_free_session(struct eaptls_session *ets);
int get_eaptls_secret(int unit, char *client, char *server,
char *clicertfile, char *servcertfile, char *cacertfile,
- char *capath, char *pkfile, int am_server);
-
-#ifdef MPPE
-#include "mppe.h" /* MPPE_MAX_KEY_LEN */
-extern u_char mppe_send_key[MPPE_MAX_KEY_LEN];
-extern u_char mppe_recv_key[MPPE_MAX_KEY_LEN];
-extern int mppe_keys_set;
+ char *capath, char *pkfile, char *pkcs12, int am_server);
+#ifdef PPP_WITH_MPPE
void eaptls_gen_mppe_keys(struct eaptls_session *ets, int client);
#endif
* Implemented EAP-TLS authentication
*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <assert.h>
#include <errno.h>
-#include "pppd.h"
+#include "pppd-private.h"
+#include "options.h"
#include "pathnames.h"
-#include "md5.h"
+#include "crypto.h"
+#include "crypto_ms.h"
#include "eap.h"
+#ifdef PPP_WITH_PEAP
+#include "peap.h"
+#endif /* PPP_WITH_PEAP */
-#ifdef USE_SRP
+#ifdef PPP_WITH_SRP
+#ifdef HAVE_TIME_H
+#include <time.h>
+#endif
#include <t_pwd.h>
#include <t_server.h>
#include <t_client.h>
-#include "pppcrypt.h"
-#endif /* USE_SRP */
-
-#ifndef SHA_DIGESTSIZE
-#define SHA_DIGESTSIZE 20
-#endif
+#endif /* PPP_WITH_SRP */
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
#include "eap-tls.h"
-#endif /* USE_EAPTLS */
+#endif /* PPP_WITH_EAPTLS */
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
+#include "chap.h"
#include "chap_ms.h"
-#include "chap-new.h"
extern int chapms_strip_domain;
-#endif /* CHAPMS */
+#endif /* PPP_WITH_CHAPMS */
eap_state eap_states[NUM_PPP]; /* EAP state; one for each unit */
-#ifdef USE_SRP
+#ifdef PPP_WITH_SRP
static char *pn_secret = NULL; /* Pseudonym generating secret */
#endif
/*
* Command-line options.
*/
-static option_t eap_option_list[] = {
+static struct option eap_option_list[] = {
{ "eap-restart", o_int, &eap_states[0].es_server.ea_timeout,
"Set retransmit timeout for EAP Requests (server)" },
{ "eap-max-sreq", o_int, &eap_states[0].es_server.ea_maxrequests,
"Set max number of EAP Requests allows (client)" },
{ "eap-interval", o_int, &eap_states[0].es_rechallenge,
"Set interval for EAP rechallenge" },
-#ifdef USE_SRP
+#ifdef PPP_WITH_SRP
{ "srp-interval", o_int, &eap_states[0].es_lwrechallenge,
"Set interval for SRP lightweight rechallenge" },
{ "srp-pn-secret", o_string, &pn_secret,
NULL /* say whether to bring up link for this pkt */
};
-#ifdef USE_SRP
+#ifdef PPP_WITH_SRP
/*
* A well-known 2048 bit modulus.
*/
0x9B, 0x65, 0xE3, 0x72, 0xFC, 0xD6, 0x8E, 0xF2,
0x0F, 0xA7, 0x11, 0x1F, 0x9E, 0x4A, 0xFF, 0x73
};
-#endif /* USE_SRP */
+#endif /* PPP_WITH_SRP */
/* Local forward declarations. */
static void eap_server_timeout (void *arg);
esp->es_server.ea_id = (u_char)(drand48() * 0x100);
esp->es_client.ea_timeout = EAP_DEFREQTIME;
esp->es_client.ea_maxrequests = EAP_DEFALLOWREQ;
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
esp->es_client.ea_using_eaptls = 0;
-#endif /* USE_EAPTLS */
-#ifdef CHAPMS
+#endif /* PPP_WITH_EAPTLS */
+#ifdef PPP_WITH_CHAPMS
esp->es_client.digest = chap_find_digest(CHAP_MICROSOFT_V2);
esp->es_server.digest = chap_find_digest(CHAP_MICROSOFT_V2);
#endif
esp->es_server.ea_peer, esp->es_server.ea_peerlen);
}
-#ifdef USE_SRP
+#ifdef PPP_WITH_SRP
/*
* Set DES key according to pseudonym-generating secret and current
* date.
*/
static bool
-pncrypt_setkey(int timeoffs)
+pncrypt_getkey(int timeoffs, unsigned char *key, int keylen)
{
struct tm *tp;
char tbuf[9];
- SHA1_CTX ctxt;
- u_char dig[SHA_DIGESTSIZE];
+ PPP_MD_CTX *ctxt;
time_t reftime;
if (pn_secret == NULL)
return (0);
reftime = time(NULL) + timeoffs;
tp = localtime(&reftime);
- SHA1Init(&ctxt);
- SHA1Update(&ctxt, pn_secret, strlen(pn_secret));
- strftime(tbuf, sizeof (tbuf), "%Y%m%d", tp);
- SHA1Update(&ctxt, tbuf, strlen(tbuf));
- SHA1Final(dig, &ctxt);
- return (DesSetkey(dig));
+
+ ctxt = PPP_MD_CTX_new();
+ if (ctxt) {
+
+ strftime(tbuf, sizeof (tbuf), "%Y%m%d", tp);
+
+ PPP_DigestInit(ctxt, PPP_sha1());
+ PPP_DigestUpdate(ctxt, pn_secret, strlen(pn_secret));
+ PPP_DigestUpdate(ctxt, tbuf, strlen(tbuf));
+ PPP_DigestFinal(ctxt, key, &keylen);
+
+ PPP_MD_CTX_free(ctxt);
+ return 1;
+ }
+
+ return (0);
}
static char base64[] =
}
return (outlen);
}
-#endif /* USE_SRP */
+#endif /* PPP_WITH_SRP */
/*
* Assume that current waiting server state is complete and figure
static void
eap_figure_next_state(eap_state *esp, int status)
{
-#ifdef USE_SRP
- unsigned char secbuf[MAXWORDLEN], clear[8], *sp, *dp;
+#ifdef PPP_WITH_SRP
+ unsigned char secbuf[MAXWORDLEN], clear[8], *sp, *dp, key[SHA_DIGEST_LENGTH];
struct t_pw tpw;
struct t_confent *tce, mytce;
char *cp, *cp2;
struct t_server *ts;
- int id, i, plen, toffs;
+ int id, i, plen, clen, toffs, keylen;
u_char vals[2];
struct b64state bs;
-#endif /* USE_SRP */
-#ifdef USE_EAPTLS
+#endif /* PPP_WITH_SRP */
+#ifdef PPP_WITH_EAPTLS
struct eaptls_session *ets;
int secret_len;
char secret[MAXWORDLEN];
-#endif /* USE_EAPTLS */
+#endif /* PPP_WITH_EAPTLS */
esp->es_server.ea_timeout = esp->es_savedtime;
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
esp->es_server.ea_prev_state = esp->es_server.ea_state;
-#endif /* USE_EAPTLS */
+#endif /* PPP_WITH_EAPTLS */
switch (esp->es_server.ea_state) {
case eapBadAuth:
return;
case eapIdentify:
-#ifdef USE_SRP
+#ifdef PPP_WITH_SRP
/* Discard any previous session. */
ts = (struct t_server *)esp->es_server.ea_session;
if (ts != NULL) {
esp->es_server.ea_session = NULL;
esp->es_server.ea_skey = NULL;
}
-#endif /* USE_SRP */
+#endif /* PPP_WITH_SRP */
if (status != 0) {
esp->es_server.ea_state = eapBadAuth;
break;
}
-#ifdef USE_SRP
+#ifdef PPP_WITH_SRP
/* If we've got a pseudonym, try to decode to real name. */
if (esp->es_server.ea_peerlen > SRP_PSEUDO_LEN &&
strncmp(esp->es_server.ea_peer, SRP_PSEUDO_ID,
secbuf);
toffs = 0;
for (i = 0; i < 5; i++) {
- pncrypt_setkey(toffs);
+ pncrypt_getkey(toffs, key, keylen);
toffs -= 86400;
- if (!DesDecrypt(secbuf, clear)) {
+
+ if (!DesDecrypt(secbuf, key, clear)) {
dbglog("no DES here; cannot decode "
- "pseudonym");
+ "pseudonym");
return;
}
id = *(unsigned char *)clear;
dp += i;
sp = secbuf + 8;
while (plen > 0) {
- (void) DesDecrypt(sp, dp);
+ DesDecrypt(sp, key, dp);
sp += 8;
dp += 8;
plen -= 8;
tpw.pebuf.name = esp->es_server.ea_peer;
tpw.pebuf.password.len = t_fromb64((char *)tpw.pwbuf,
cp);
- tpw.pebuf.password.data = tpw.pwbuf;
+ tpw.pebuf.password.data = (char*) tpw.pwbuf;
tpw.pebuf.salt.len = t_fromb64((char *)tpw.saltbuf,
cp2);
tpw.pebuf.salt.data = tpw.saltbuf;
t_servergenexp(ts);
break;
}
-#endif /* USE_SRP */
-#ifdef USE_EAPTLS
+#endif /* PPP_WITH_SRP */
+#ifdef PPP_WITH_EAPTLS
if (!get_secret(esp->es_unit, esp->es_server.ea_peer,
esp->es_server.ea_name, secret, &secret_len, 1)) {
esp->es_server.ea_state = eapTlsStart;
break;
}
-#endif /* USE_EAPTLS */
+#endif /* PPP_WITH_EAPTLS */
esp->es_server.ea_state = eapMD5Chall;
break;
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
case eapTlsStart:
/* Initialize ssl session */
if(!eaptls_init_ssl_server(esp)) {
case eapTlsSendAlert:
esp->es_server.ea_state = eapTlsRecvAlertAck;
break;
-#endif /* USE_EAPTLS */
+#endif /* PPP_WITH_EAPTLS */
case eapSRP1:
-#ifdef USE_SRP
+#ifdef PPP_WITH_SRP
ts = (struct t_server *)esp->es_server.ea_session;
if (ts != NULL && status != 0) {
t_serverclose(ts);
esp->es_server.ea_session = NULL;
esp->es_server.ea_skey = NULL;
}
-#endif /* USE_SRP */
+#endif /* PPP_WITH_SRP */
if (status == 1) {
esp->es_server.ea_state = eapMD5Chall;
} else if (status != 0 || esp->es_server.ea_session == NULL) {
break;
case eapSRP2:
-#ifdef USE_SRP
+#ifdef PPP_WITH_SRP
ts = (struct t_server *)esp->es_server.ea_session;
if (ts != NULL && status != 0) {
t_serverclose(ts);
esp->es_server.ea_session = NULL;
esp->es_server.ea_skey = NULL;
}
-#endif /* USE_SRP */
+#endif /* PPP_WITH_SRP */
if (status != 0 || esp->es_server.ea_session == NULL) {
esp->es_server.ea_state = eapBadAuth;
} else {
case eapSRP3:
case eapSRP4:
-#ifdef USE_SRP
+#ifdef PPP_WITH_SRP
ts = (struct t_server *)esp->es_server.ea_session;
if (ts != NULL && status != 0) {
t_serverclose(ts);
esp->es_server.ea_session = NULL;
esp->es_server.ea_skey = NULL;
}
-#endif /* USE_SRP */
+#endif /* PPP_WITH_SRP */
if (status != 0 || esp->es_server.ea_session == NULL) {
esp->es_server.ea_state = eapBadAuth;
} else {
}
break;
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
case eapMSCHAPv2Chall:
#endif
case eapMD5Chall:
if (esp->es_server.ea_state == eapBadAuth)
eap_send_failure(esp);
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
dbglog("EAP id=0x%2x '%s' -> '%s'", esp->es_server.ea_id, eap_state_name(esp->es_server.ea_prev_state), eap_state_name(esp->es_server.ea_state));
-#endif /* USE_EAPTLS */
+#endif /* PPP_WITH_EAPTLS */
}
-#if CHAPMS
+#if PPP_WITH_CHAPMS
/*
* eap_chap_verify_response - check whether the peer's response matches
* what we think it should be. Returns 1 if it does (authentication
auth_peer_fail(esp->es_unit, PPP_EAP);
}
}
-#endif /* CHAPMS */
+#endif /* PPP_WITH_CHAPMS */
/*
* Format an EAP Request message and send it to the peer. Message
int outlen;
int challen;
char *str;
-#ifdef USE_SRP
+#ifdef PPP_WITH_SRP
struct t_server *ts;
- u_char clear[8], cipher[8], dig[SHA_DIGESTSIZE], *optr, *cp;
- int i, j;
+ u_char clear[8], cipher[8], dig[SHA_DIGEST_LENGTH], *optr, *cp, key[SHA_DIGEST_LENGTH];
+ int i, j, diglen, clen, keylen = sizeof(key);
struct b64state b64;
- SHA1_CTX ctxt;
-#endif /* USE_SRP */
+ PPP_MD_CTX *ctxt;
+#endif /* PPP_WITH_SRP */
/* Handle both initial auth and restart */
if (esp->es_server.ea_state < eapIdentify &&
INCPTR(esp->es_server.ea_namelen, outp);
break;
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
case eapMSCHAPv2Chall:
esp->es_server.digest->generate_challenge(esp->es_challenge);
challen = esp->es_challenge[0];
esp->es_server.ea_namelen);
INCPTR(esp->es_server.ea_namelen, outp);
break;
-#endif /* CHAPMS */
+#endif /* PPP_WITH_CHAPMS */
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
case eapTlsStart:
PUTCHAR(EAPT_TLS, outp);
PUTCHAR(EAP_TLS_FLAGS_START, outp);
eaptls_send(esp->es_server.ea_session, &outp);
eap_figure_next_state(esp, 0);
break;
-#endif /* USE_EAPTLS */
+#endif /* PPP_WITH_EAPTLS */
-#ifdef USE_SRP
+#ifdef PPP_WITH_SRP
case eapSRP1:
PUTCHAR(EAPT_SRP, outp);
PUTCHAR(EAPSRP_CHALLENGE, outp);
PUTLONG(SRPVAL_EBIT, outp);
ts = (struct t_server *)esp->es_server.ea_session;
assert(ts != NULL);
- BCOPY(t_serverresponse(ts), outp, SHA_DIGESTSIZE);
- INCPTR(SHA_DIGESTSIZE, outp);
+ BCOPY(t_serverresponse(ts), outp, SHA_DIGEST_LENGTH);
+ INCPTR(SHA_DIGEST_LENGTH, outp);
- if (pncrypt_setkey(0)) {
+ if (pncrypt_getkey(0, key, keylen)) {
/* Generate pseudonym */
optr = outp;
cp = (unsigned char *)esp->es_server.ea_peer;
BCOPY(cp, clear + 1, j);
i -= j;
cp += j;
- if (!DesEncrypt(clear, cipher)) {
+
+ if (!DesEncrypt(clear, key, cipher)) {
dbglog("no DES here; not generating pseudonym");
break;
- }
+ }
+
BZERO(&b64, sizeof (b64));
outp++; /* space for pseudonym length */
outp += b64enc(&b64, cipher, 8, outp);
while (i >= 8) {
- (void) DesEncrypt(cp, cipher);
+ DesEncrypt(cp, key, cipher);
outp += b64enc(&b64, cipher, 8, outp);
cp += 8;
i -= 8;
*cp++ = drand48() * 0x100;
i++;
}
- (void) DesEncrypt(clear, cipher);
+
+ DesEncrypt(clear, key, cipher);
outp += b64enc(&b64, cipher, 8, outp);
}
outp += b64flush(&b64, outp);
/* Set length and pad out to next 20 octet boundary */
i = outp - optr - 1;
*optr = i;
- i %= SHA_DIGESTSIZE;
+ i %= SHA_DIGEST_LENGTH;
if (i != 0) {
- while (i < SHA_DIGESTSIZE) {
+ while (i < SHA_DIGEST_LENGTH) {
*outp++ = drand48() * 0x100;
i++;
}
}
/* Obscure the pseudonym with SHA1 hash */
- SHA1Init(&ctxt);
- SHA1Update(&ctxt, &esp->es_server.ea_id, 1);
- SHA1Update(&ctxt, esp->es_server.ea_skey,
- SESSION_KEY_LEN);
- SHA1Update(&ctxt, esp->es_server.ea_peer,
- esp->es_server.ea_peerlen);
- while (optr < outp) {
- SHA1Final(dig, &ctxt);
- cp = dig;
- while (cp < dig + SHA_DIGESTSIZE)
- *optr++ ^= *cp++;
- SHA1Init(&ctxt);
- SHA1Update(&ctxt, &esp->es_server.ea_id, 1);
- SHA1Update(&ctxt, esp->es_server.ea_skey,
- SESSION_KEY_LEN);
- SHA1Update(&ctxt, optr - SHA_DIGESTSIZE,
- SHA_DIGESTSIZE);
+ ctxt = PPP_MD_CTX_new();
+ if (ctxt) {
+
+ PPP_DigestInit(ctxt, PPP_sha1());
+ PPP_DigestUpdate(ctxt, &esp->es_server.ea_id, 1);
+ PPP_DigestUpdate(ctxt, &esp->es_server.ea_skey,
+ SESSION_KEY_LEN);
+ PPP_DigestUpdate(ctxt, esp->es_server.ea_peer,
+ esp->es_server.ea_peerlen);
+ while (optr < outp) {
+ diglen = SHA_DIGEST_LENGTH;
+ PPP_DigestFinal(ctxt, dig, &diglen);
+ cp = dig;
+ while (cp < dig + SHA_DIGEST_LENGTH)
+ *optr++ ^= *cp++;
+
+ PPP_DigestInit(ctxt, PPP_sha1());
+ PPP_DigestUpdate(ctxt, &esp->es_server.ea_id, 1);
+ PPP_DigestUpdate(ctxt, esp->es_server.ea_skey,
+ SESSION_KEY_LEN);
+ PPP_DigestUpdate(ctxt, optr - SHA_DIGEST_LENGTH,
+ SHA_DIGEST_LENGTH);
+ }
+
+ PPP_MD_CTX_free(ctxt);
}
}
break;
BCOPY(esp->es_challenge, outp, esp->es_challen);
INCPTR(esp->es_challen, outp);
break;
-#endif /* USE_SRP */
+#endif /* PPP_WITH_SRP */
default:
return;
static void
eap_server_timeout(void *arg)
{
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
u_char *outp;
u_char *lenloc;
int outlen;
-#endif /* USE_EAPTLS */
+#endif /* PPP_WITH_EAPTLS */
eap_state *esp = (eap_state *) arg;
if (!eap_server_active(esp))
return;
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
switch(esp->es_server.ea_prev_state) {
/*
default:
break;
}
-#endif /* USE_EAPTLS */
+#endif /* PPP_WITH_EAPTLS */
/* EAP ID number must not change on timeout. */
eap_send_request(esp);
int msglen;
outp = outpacket_buf;
-
+
MAKEHEADER(outp, PPP_EAP);
PUTCHAR(EAP_RESPONSE, outp);
PUTCHAR(id, outp);
esp->es_client.ea_id = id;
- msglen = EAP_HEADERLEN + 2 * sizeof (u_char) + MD5_SIGNATURE_SIZE +
+ msglen = EAP_HEADERLEN + 2 * sizeof (u_char) + MD5_DIGEST_LENGTH +
namelen;
PUTSHORT(msglen, outp);
PUTCHAR(EAPT_MD5CHAP, outp);
- PUTCHAR(MD5_SIGNATURE_SIZE, outp);
- BCOPY(hash, outp, MD5_SIGNATURE_SIZE);
- INCPTR(MD5_SIGNATURE_SIZE, outp);
+ PUTCHAR(MD5_DIGEST_LENGTH, outp);
+ BCOPY(hash, outp, MD5_DIGEST_LENGTH);
+ INCPTR(MD5_DIGEST_LENGTH, outp);
if (namelen > 0) {
BCOPY(name, outp, namelen);
}
output(esp->es_unit, outpacket_buf, PPP_HDRLEN + msglen);
}
-#ifdef USE_SRP
+#ifdef PPP_WITH_SRP
/*
* Format and send a SRP EAP Response message.
*/
PUTCHAR(id, outp);
esp->es_client.ea_id = id;
msglen = EAP_HEADERLEN + 2 * sizeof (u_char) + sizeof (u_int32_t) +
- SHA_DIGESTSIZE;
+ SHA_DIGEST_LENGTH;
PUTSHORT(msglen, outp);
PUTCHAR(EAPT_SRP, outp);
PUTCHAR(EAPSRP_CVALIDATOR, outp);
PUTLONG(flags, outp);
- BCOPY(str, outp, SHA_DIGESTSIZE);
+ BCOPY(str, outp, SHA_DIGEST_LENGTH);
output(esp->es_unit, outpacket_buf, PPP_HDRLEN + msglen);
}
-#endif /* USE_SRP */
+#endif /* PPP_WITH_SRP */
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
/*
* Send an EAP-TLS response message with tls data
*/
output(esp->es_unit, outpacket_buf, PPP_HDRLEN + outlen);
}
-#endif /* USE_EAPTLS */
+#endif /* PPP_WITH_EAPTLS */
static void
eap_send_nak(eap_state *esp, u_char id, u_char type)
output(esp->es_unit, outpacket_buf, PPP_HDRLEN + msglen);
}
-#ifdef USE_SRP
+#ifdef PPP_WITH_SRP
static char *
name_of_pn_file(void)
{
errno = EINVAL;
return (NULL);
}
- file = _PATH_PSEUDONYM;
+ file = PPP_PATH_PSEUDONYM;
pl = strlen(user) + strlen(file) + 2;
path = malloc(pl);
if (path == NULL)
{
u_char val;
u_char *datp, *digp;
- SHA1_CTX ctxt;
- u_char dig[SHA_DIGESTSIZE];
- int dsize, fd, olen = len;
+ PPP_MD_CTX *ctxt;
+ u_char dig[SHA_DIGEST_LENGTH];
+ int dsize, fd, olen = len, diglen = sizeof(dig);
/*
* Do the decoding by working backwards. This eliminates the need
*/
val = id;
while (len > 0) {
- if ((dsize = len % SHA_DIGESTSIZE) == 0)
- dsize = SHA_DIGESTSIZE;
+ if ((dsize = len % SHA_DIGEST_LENGTH) == 0)
+ dsize = SHA_DIGEST_LENGTH;
len -= dsize;
datp = inp + len;
- SHA1Init(&ctxt);
- SHA1Update(&ctxt, &val, 1);
- SHA1Update(&ctxt, esp->es_client.ea_skey, SESSION_KEY_LEN);
- if (len > 0) {
- SHA1Update(&ctxt, datp, SHA_DIGESTSIZE);
- } else {
- SHA1Update(&ctxt, esp->es_client.ea_name,
- esp->es_client.ea_namelen);
+ ctxt = PPP_MD_CTX_new();
+ if (ctxt) {
+
+ PPP_DigestInit(ctxt, PPP_sha1());
+ PPP_DigestUpdate(ctxt, &val, 1);
+ PPP_DigestUpdate(ctxt, esp->es_client.ea_skey,
+ SESSION_KEY_LEN);
+ if (len > 0) {
+ PPP_DigestUpdate(ctxt, datp, SHA_DIGEST_LENGTH);
+ } else {
+ PPP_DigestUpdate(ctxt, esp->es_client.ea_name,
+ esp->es_client.ea_namelen);
+ }
+ PPP_DigestFinal(ctxt, dig, &diglen);
+
+ for (digp = dig; digp < dig + SHA_DIGEST_LENGTH; digp++)
+ *datp++ ^= *digp;
+
+ PPP_MD_CTX_free(ctxt);
}
- SHA1Final(dig, &ctxt);
- for (digp = dig; digp < dig + SHA_DIGESTSIZE; digp++)
- *datp++ ^= *digp;
}
/* Now check that the result is sane */
remove_pn_file();
}
}
-#endif /* USE_SRP */
+#endif /* PPP_WITH_SRP */
-#if CHAPMS
+#if PPP_WITH_CHAPMS
/*
* Format and send an CHAPV2-Challenge EAP Response message.
*/
int secret_len;
char secret[MAXWORDLEN];
char rhostname[256];
- MD5_CTX mdContext;
- u_char hash[MD5_SIGNATURE_SIZE];
-#ifdef USE_EAPTLS
+ PPP_MD_CTX *mdctx;
+ u_char hash[MD5_DIGEST_LENGTH];
+ int hashlen = MD5_DIGEST_LENGTH;
+#ifdef PPP_WITH_EAPTLS
u_char flags;
struct eaptls_session *ets = esp->es_client.ea_session;
-#endif /* USE_EAPTLS */
+#endif /* PPP_WITH_EAPTLS */
-#ifdef USE_SRP
+#ifdef PPP_WITH_SRP
struct t_client *tc;
struct t_num sval, gval, Nval, *Ap, Bval;
u_char vals[2];
- SHA1_CTX ctxt;
- u_char dig[SHA_DIGESTSIZE];
+ PPP_MD_CTX *ctxt;
+ u_char dig[SHA_DIGEST_LENGTH];
+ int diglen = sizeof(dig);
int fd;
-#endif /* USE_SRP */
+#endif /* PPP_WITH_SRP */
/*
* Ignore requests if we're not open
case EAPT_IDENTITY:
if (len > 0)
info("EAP: Identity prompt \"%.*q\"", len, inp);
-#ifdef USE_SRP
+#ifdef PPP_WITH_SRP
if (esp->es_usepseudo &&
(esp->es_usedpseudo == 0 ||
(esp->es_usedpseudo == 1 &&
remove_pn_file();
esp->es_usedpseudo = 2;
}
-#endif /* USE_SRP */
+#endif /* PPP_WITH_SRP */
eap_send_response(esp, id, typenum, (u_char *)esp->es_client.ea_name,
esp->es_client.ea_namelen);
break;
eap_send_nak(esp, id, EAPT_SRP);
break;
}
- MD5_Init(&mdContext);
- typenum = id;
- MD5_Update(&mdContext, &typenum, 1);
- MD5_Update(&mdContext, (u_char *)secret, secret_len);
- BZERO(secret, sizeof (secret));
- MD5_Update(&mdContext, inp, vallen);
- MD5_Final(hash, &mdContext);
- eap_chap_response(esp, id, hash, esp->es_client.ea_name,
- esp->es_client.ea_namelen);
+
+ mdctx = PPP_MD_CTX_new();
+ if (mdctx != NULL) {
+ if (PPP_DigestInit(mdctx, PPP_md5())) {
+ typenum = id;
+ if (PPP_DigestUpdate(mdctx, &typenum, 1)) {
+ if (PPP_DigestUpdate(mdctx, secret, secret_len)) {
+ BZERO(secret, sizeof(secret));
+ if (PPP_DigestUpdate(mdctx, inp, vallen)) {
+ if (PPP_DigestFinal(mdctx, hash, &hashlen)) {
+ eap_chap_response(esp, id, hash, esp->es_client.ea_name,
+ esp->es_client.ea_namelen);
+ PPP_MD_CTX_free(mdctx);
+ break;
+ }
+ }
+ }
+ }
+ }
+ PPP_MD_CTX_free(mdctx);
+ }
+ dbglog("EAP: Invalid MD5 checksum");
+ eap_send_nak(esp, id, EAPT_SRP);
break;
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
case EAPT_TLS:
switch(esp->es_client.ea_state) {
/* Check if TLS handshake is finished */
if(eaptls_is_init_finished(ets)) {
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
eaptls_gen_mppe_keys(ets, 1);
#endif
eaptls_free_session(ets);
}
break;
-#endif /* USE_EAPTLS */
+#endif /* PPP_WITH_EAPTLS */
-#ifdef USE_SRP
+#ifdef PPP_WITH_SRP
case EAPT_SRP:
if (len < 1) {
error("EAP: received empty SRP Request");
esp->es_client.ea_id, id);
}
} else {
- len -= sizeof (u_int32_t) + SHA_DIGESTSIZE;
+ len -= sizeof (u_int32_t) + SHA_DIGEST_LENGTH;
if (len < 0 || t_clientverify(tc, inp +
sizeof (u_int32_t)) != 0) {
error("EAP: SRP server verification "
GETLONG(esp->es_client.ea_keyflags, inp);
/* Save pseudonym if user wants it. */
if (len > 0 && esp->es_usepseudo) {
- INCPTR(SHA_DIGESTSIZE, inp);
+ INCPTR(SHA_DIGEST_LENGTH, inp);
write_pseudonym(esp, inp, len, id);
}
}
warn("EAP: malformed Lightweight rechallenge");
return;
}
- SHA1Init(&ctxt);
- vals[0] = id;
- SHA1Update(&ctxt, vals, 1);
- SHA1Update(&ctxt, esp->es_client.ea_skey,
- SESSION_KEY_LEN);
- SHA1Update(&ctxt, inp, len);
- SHA1Update(&ctxt, esp->es_client.ea_name,
- esp->es_client.ea_namelen);
- SHA1Final(dig, &ctxt);
- eap_srp_response(esp, id, EAPSRP_LWRECHALLENGE, dig,
- SHA_DIGESTSIZE);
+ ctxt = PPP_MD_CTX_new();
+ if (ctxt) {
+
+ vals[0] = id;
+ PPP_DigestInit(ctxt, PPP_sha1());
+ PPP_DigestUpdate(ctxt, vals, 1);
+ PPP_DigestUpdate(ctxt, esp->es_client.ea_skey,
+ SESSION_KEY_LEN);
+ PPP_DigestUpdate(ctxt, inp, len);
+ PPP_DigestUpdate(ctxt, esp->es_client.ea_name,
+ esp->es_client.ea_namelen);
+ PPP_DigestFinal(ctxt, dig, &diglen);
+
+ PPP_MD_CTX_free(ctxt);
+
+ eap_srp_response(esp, id, EAPSRP_LWRECHALLENGE, dig,
+ SHA_DIGEST_LENGTH);
+ }
break;
default:
break;
}
break;
-#endif /* USE_SRP */
-
-#ifdef CHAPMS
+#endif /* PPP_WITH_SRP */
+
+#ifdef PPP_WITH_CHAPMS
case EAPT_MSCHAPV2:
if (len < 4) {
error("EAP: received invalid MSCHAPv2 packet, too short");
eap_send_nak(esp, id, EAPT_SRP);
break;
}
+ esp->es_client.ea_namelen = strlen(esp->es_client.ea_name);
/* Create the MSCHAPv2 response (and add to cache) */
unsigned char response[MS_CHAP2_RESPONSE_LEN+1]; // VLEN + VALUE
}
break;
-#endif /* CHAPMS */
+#endif /* PPP_WITH_CHAPMS */
+#ifdef PPP_WITH_PEAP
+ case EAPT_PEAP:
+
+ /* Initialize the PEAP context (if not already initialized) */
+ if (!esp->ea_peap) {
+ rhostname[0] = '\0';
+ if (explicit_remote || (remote_name[0] != '\0')) {
+ strlcpy(rhostname, remote_name, sizeof (rhostname));
+ }
+ if (peap_init(&esp->ea_peap, rhostname)) {
+ eap_send_nak(esp, id, EAPT_TLS);
+ break;
+ }
+ }
+
+ /* Process the PEAP packet */
+ if (peap_process(esp, id, inp, len)) {
+ eap_send_nak(esp, id, EAPT_TLS);
+ }
+
+ break;
+#endif // PPP_WITH_PEAP
default:
info("EAP: unknown authentication type %d; Naking", typenum);
UNTIMEOUT(eap_client_timeout, (void *)esp);
}
esp->es_client.ea_session = NULL;
-#ifdef USE_SRP
+#ifdef PPP_WITH_SRP
t_clientclose(tc);
auth_withpeer_fail(esp->es_unit, PPP_EAP);
-#endif /* USE_SRP */
+#endif /* PPP_WITH_SRP */
}
/*
int secret_len;
char secret[MAXSECRETLEN];
char rhostname[256];
- MD5_CTX mdContext;
- u_char hash[MD5_SIGNATURE_SIZE];
-#ifdef USE_SRP
+ PPP_MD_CTX *mdctx;
+ u_char hash[MD5_DIGEST_LENGTH];
+ int hashlen = MD5_DIGEST_LENGTH;
+#ifdef PPP_WITH_SRP
struct t_server *ts;
struct t_num A;
- SHA1_CTX ctxt;
- u_char dig[SHA_DIGESTSIZE];
- SHA1_CTX ctxt;
- u_char dig[SHA_DIGESTSIZE];
-#endif /* USE_SRP */
+ PPP_MD_CTX *ctxt;
+ u_char dig[SHA_DIGEST_LENGTH];
+ int diglen = sizeof(dig);
+#endif /* PPP_WITH_SRP */
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
struct eaptls_session *ets;
u_char flags;
-#endif /* USE_EAPTLS */
-#ifdef CHAPMS
+#endif /* PPP_WITH_EAPTLS */
+#ifdef PPP_WITH_CHAPMS
u_char opcode;
- int (*chap_verifier)(char *, char *, int, struct chap_digest_type *,
- unsigned char *, unsigned char *, char *, int);
+ chap_verify_hook_fn *chap_verifier;
char response_message[256];
-#endif /* CHAPMS */
+#endif /* PPP_WITH_CHAPMS */
/*
* Ignore responses if we're not open
eap_figure_next_state(esp, 0);
break;
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
case EAPT_TLS:
switch(esp->es_server.ea_state) {
GETCHAR(flags, inp);
if(len == 1 && !flags) { /* Ack = ok */
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
eaptls_gen_mppe_keys( esp->es_server.ea_session, 0 );
#endif
eap_send_success(esp);
break;
}
break;
-#endif /* USE_EAPTLS */
+#endif /* PPP_WITH_EAPTLS */
case EAPT_NOTIFICATION:
dbglog("EAP unexpected Notification; response discarded");
esp->es_server.ea_state = eapMD5Chall;
break;
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
/* Send EAP-TLS start packet */
case EAPT_TLS:
esp->es_server.ea_state = eapTlsStart;
break;
-#endif /* USE_EAPTLS */
+#endif /* PPP_WITH_EAPTLS */
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
case EAPT_MSCHAPV2:
info("EAP: peer proposes MSCHAPv2");
/* If MSCHAPv2 digest was not found, NAK the packet */
}
esp->es_server.ea_state = eapMSCHAPv2Chall;
break;
-#endif /* CHAPMS */
+#endif /* PPP_WITH_CHAPMS */
default:
dbglog("EAP: peer requesting unknown Type %d", vallen);
eap_send_failure(esp);
break;
}
- MD5_Init(&mdContext);
- MD5_Update(&mdContext, &esp->es_server.ea_id, 1);
- MD5_Update(&mdContext, (u_char *)secret, secret_len);
- BZERO(secret, sizeof (secret));
- MD5_Update(&mdContext, esp->es_challenge, esp->es_challen);
- MD5_Final(hash, &mdContext);
- if (BCMP(hash, inp, MD5_SIGNATURE_SIZE) != 0) {
- eap_send_failure(esp);
- break;
+
+ mdctx = PPP_MD_CTX_new();
+ if (mdctx != NULL) {
+
+ if (PPP_DigestInit(mdctx, PPP_md5())) {
+
+ if (PPP_DigestUpdate(mdctx, &esp->es_server.ea_id, 1)) {
+
+ if (PPP_DigestUpdate(mdctx, &secret, secret_len)) {
+
+ BZERO(secret, sizeof(secret));
+ if (PPP_DigestUpdate(mdctx, esp->es_challenge, esp->es_challen)) {
+
+ if (PPP_DigestFinal(mdctx, hash, &hashlen)) {
+
+ if (BCMP(hash, inp, MD5_DIGEST_LENGTH) == 0) {
+ esp->es_server.ea_type = EAPT_MD5CHAP;
+ eap_send_success(esp);
+ eap_figure_next_state(esp, 0);
+
+ if (esp->es_rechallenge != 0) {
+ TIMEOUT(eap_rechallenge, esp, esp->es_rechallenge);
+ }
+ PPP_MD_CTX_free(mdctx);
+ break;
+ }
+ }
+ }
+ }
+ }
+ }
+
+ PPP_MD_CTX_free(mdctx);
}
- esp->es_server.ea_type = EAPT_MD5CHAP;
- eap_send_success(esp);
- eap_figure_next_state(esp, 0);
- if (esp->es_rechallenge != 0)
- TIMEOUT(eap_rechallenge, esp, esp->es_rechallenge);
+
+ eap_send_failure(esp);
break;
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
case EAPT_MSCHAPV2:
if (len < 1) {
error("EAP: received MSCHAPv2 with no data");
char tmp[MAXNAMELEN+1];
strcpy(tmp, strrchr(rhostname, '\\') + 1);
- strcpy(rhostname, tmp);
+ strlcpy(rhostname, tmp, sizeof(rhostname));
}
if (chap_verify_hook)
}
break;
-#endif /* CHAPMS */
+#endif /* PPP_WITH_CHAPMS */
-#ifdef USE_SRP
+#ifdef PPP_WITH_SRP
case EAPT_SRP:
if (len < 1) {
error("EAP: empty SRP Response");
eap_figure_next_state(esp, 1);
break;
}
- if (len < sizeof (u_int32_t) + SHA_DIGESTSIZE) {
+ if (len < sizeof (u_int32_t) + SHA_DIGEST_LENGTH) {
error("EAP: M1 length %d < %d", len,
- sizeof (u_int32_t) + SHA_DIGESTSIZE);
+ sizeof (u_int32_t) + SHA_DIGEST_LENGTH);
eap_figure_next_state(esp, 1);
break;
}
info("EAP: unexpected SRP Subtype 4 Response");
return;
}
- if (len != SHA_DIGESTSIZE) {
+ if (len != SHA_DIGEST_LENGTH) {
error("EAP: bad Lightweight rechallenge "
"response");
return;
}
- SHA1Init(&ctxt);
- vallen = id;
- SHA1Update(&ctxt, &vallen, 1);
- SHA1Update(&ctxt, esp->es_server.ea_skey,
- SESSION_KEY_LEN);
- SHA1Update(&ctxt, esp->es_challenge, esp->es_challen);
- SHA1Update(&ctxt, esp->es_server.ea_peer,
- esp->es_server.ea_peerlen);
- SHA1Final(dig, &ctxt);
- if (BCMP(dig, inp, SHA_DIGESTSIZE) != 0) {
- error("EAP: failed Lightweight rechallenge");
- eap_send_failure(esp);
- break;
+ ctxt = PPP_MD_CTX_new();
+ if (ctxt) {
+ vallen = id;
+
+ PPP_DigestInit(ctxt, PPP_sha1());
+ PPP_DigestUpdate(ctxt, &vallen, 1);
+ PPP_DigestUpdate(ctxt, esp->es_server.ea_skey,
+ SESSION_KEY_LEN);
+ PPP_DigestUpdate(ctxt, esp->es_challenge, esp->es_challen);
+ PPP_DigestUpdate(ctxt, esp->es_server.ea_peer,
+ esp->es_server.ea_peerlen);
+ PPP_DigestFinal(ctxt, dig, &diglen);
+
+ PPP_MD_CTX_free(ctxt);
+
+ if (BCMP(dig, inp, SHA_DIGEST_LENGTH) != 0) {
+ error("EAP: failed Lightweight rechallenge");
+ eap_send_failure(esp);
+ break;
+ }
+
+ esp->es_server.ea_state = eapOpen;
+ if (esp->es_lwrechallenge != 0)
+ TIMEOUT(srp_lwrechallenge, esp,
+ esp->es_lwrechallenge);
}
- esp->es_server.ea_state = eapOpen;
- if (esp->es_lwrechallenge != 0)
- TIMEOUT(srp_lwrechallenge, esp,
- esp->es_lwrechallenge);
break;
}
break;
-#endif /* USE_SRP */
+#endif /* PPP_WITH_SRP */
default:
/* This can't happen. */
eap_success(eap_state *esp, u_char *inp, int id, int len)
{
if (esp->es_client.ea_state != eapOpen && !eap_client_active(esp)
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
&& esp->es_client.ea_state != eapTlsRecvSuccess
-#endif /* USE_EAPTLS */
+#endif /* PPP_WITH_EAPTLS */
) {
dbglog("EAP unexpected success message in state %s (%d)",
eap_state_name(esp->es_client.ea_state),
return;
}
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
if(esp->es_client.ea_using_eaptls && esp->es_client.ea_state !=
eapTlsRecvSuccess) {
dbglog("EAP-TLS unexpected success message in state %s (%d)",
esp->es_client.ea_state);
return;
}
-#endif /* USE_EAPTLS */
+#endif /* PPP_WITH_EAPTLS */
if (esp->es_client.ea_timeout > 0) {
UNTIMEOUT(eap_client_timeout, (void *)esp);
PRINTMSG(inp, len);
}
+#ifdef PPP_WITH_PEAP
+ peap_finish(&esp->ea_peap);
+#endif
+
esp->es_client.ea_state = eapOpen;
auth_withpeer_success(esp->es_unit, PPP_EAP, 0);
}
esp->es_client.ea_state = eapBadAuth;
error("EAP: peer reports authentication failure");
+
+#ifdef PPP_WITH_PEAP
+ peap_finish(&esp->ea_peap);
+#endif
+
auth_withpeer_fail(esp->es_unit, PPP_EAP);
}
int code, id, len, rtype, vallen;
u_char *pstart;
u_int32_t uval;
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
u_char flags;
-#endif /* USE_EAPTLS */
-#ifdef CHAPMS
+#endif /* PPP_WITH_EAPTLS */
+#ifdef PPP_WITH_CHAPMS
u_char opcode;
-#endif /* CHAPMS */
+#endif /* PPP_WITH_CHAPMS */
if (inlen < EAP_HEADERLEN)
return (0);
}
break;
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
case EAPT_MSCHAPV2:
if (len <= 0)
break;
break;
}
break;
-#endif /* CHAPMS */
+#endif /* PPP_WITH_CHAPMS */
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
case EAPT_TLS:
if (len < 1)
break;
printer(arg, flags & EAP_TLS_FLAGS_MF ? "M":"-");
printer(arg, flags & EAP_TLS_FLAGS_START ? "S":"- ");
break;
-#endif /* USE_EAPTLS */
+#endif /* PPP_WITH_EAPTLS */
+#ifdef PPP_WITH_SRP
case EAPT_SRP:
if (len < 3)
goto truncated;
if (uval != 0) {
printer(arg, " f<%X>", uval);
}
- if ((vallen = len) > SHA_DIGESTSIZE)
- vallen = SHA_DIGESTSIZE;
+ if ((vallen = len) > SHA_DIGEST_LENGTH)
+ vallen = SHA_DIGEST_LENGTH;
printer(arg, " <M2%.*B%s>", len, inp,
- len < SHA_DIGESTSIZE ? "?" : "");
+ len < SHA_DIGEST_LENGTH ? "?" : "");
INCPTR(vallen, inp);
len -= vallen;
if (len > 0) {
break;
}
break;
+#endif /* PPP_WITH_SRP */
}
break;
}
break;
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
case EAPT_TLS:
if (len < 1)
break;
printer(arg, flags & EAP_TLS_FLAGS_START ? "S":"- ");
break;
-#endif /* USE_EAPTLS */
+#endif /* PPP_WITH_EAPTLS */
case EAPT_NAK:
if (len <= 0) {
}
break;
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
case EAPT_MSCHAPV2:
if (len <= 0)
break;
break;
}
break;
-#endif /* CHAPMS */
+#endif /* PPP_WITH_CHAPMS */
+#ifdef PPP_WITH_SRP
case EAPT_SRP:
if (len < 1)
goto truncated;
printer(arg, " f<%X>", uval);
}
printer(arg, " <M1%.*B%s>", len, inp,
- len == SHA_DIGESTSIZE ? "" : "?");
+ len == SHA_DIGEST_LENGTH ? "" : "?");
INCPTR(len, inp);
len = 0;
break;
case EAPSRP_LWRECHALLENGE:
printer(arg, " <Response%.*B%s>", len, inp,
- len == SHA_DIGESTSIZE ? "" : "?");
- if ((vallen = len) > SHA_DIGESTSIZE)
- vallen = SHA_DIGESTSIZE;
+ len == SHA_DIGEST_LENGTH ? "" : "?");
+ if ((vallen = len) > SHA_DIGEST_LENGTH)
+ vallen = SHA_DIGEST_LENGTH;
INCPTR(vallen, inp);
len -= vallen;
break;
}
break;
+#endif /* PPP_WITH_SRP */
}
break;
#ifndef PPP_EAP_H
#define PPP_EAP_H
+#include "pppdconf.h"
+
#ifdef __cplusplus
extern "C" {
#endif
+
+#ifndef PPP_EAP
+#define PPP_EAP 0xc227
+#endif
+
+
/*
* Packet header = Code, id, length.
*/
#define SRP_PSEUDO_ID "pseudo_"
#define SRP_PSEUDO_LEN 7
-#define MD5_SIGNATURE_SIZE 16
#define MIN_CHALLENGE_LENGTH 16
#define MAX_CHALLENGE_LENGTH 24
"TlsSendAlert", "TlsRecvAlertAck" , "TlsRecvSuccess", "TlsRecvFailure", \
"SRP1", "SRP2", "SRP3", "MD5Chall", "MSCHAPv2Chall", "Open", "SRP4", "BadAuth"
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
#define eap_client_active(esp) ((esp)->es_client.ea_state != eapInitial &&\
(esp)->es_client.ea_state != eapPending &&\
(esp)->es_client.ea_state != eapClosed)
#else
#define eap_client_active(esp) ((esp)->es_client.ea_state == eapListen)
-#endif /* USE_EAPTLS */
+#endif /* PPP_WITH_EAPTLS */
#define eap_server_active(esp) \
((esp)->es_server.ea_state >= eapIdentify && \
char *ea_name; /* Our name */
char *ea_peer; /* Peer's name */
void *ea_session; /* Authentication library linkage */
- u_char *ea_skey; /* Shared encryption key */
+ unsigned char *ea_skey; /* Shared encryption key */
int ea_timeout; /* Time to wait (for retransmit/fail) */
int ea_maxrequests; /* Max Requests allowed */
- u_short ea_namelen; /* Length of our name */
- u_short ea_peerlen; /* Length of peer's name */
+ unsigned short ea_namelen; /* Length of our name */
+ unsigned short ea_peerlen; /* Length of peer's name */
enum eap_state_code ea_state;
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
enum eap_state_code ea_prev_state;
#endif
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
struct chap_digest_type *digest;
#endif
- u_char ea_id; /* Current id */
- u_char ea_requests; /* Number of Requests sent/received */
- u_char ea_responses; /* Number of Responses */
- u_char ea_type; /* One of EAPT_* */
- u_int32_t ea_keyflags; /* SRP shared key usage flags */
-#ifdef USE_EAPTLS
+ unsigned char ea_id; /* Current id */
+ unsigned char ea_requests; /* Number of Requests sent/received */
+ unsigned char ea_responses; /* Number of Responses */
+ unsigned char ea_type; /* One of EAPT_* */
+ uint32_t ea_keyflags; /* SRP shared key usage flags */
+#ifdef PPP_WITH_EAPTLS
bool ea_using_eaptls;
#endif
};
int es_unit; /* Interface unit number */
struct eap_auth es_client; /* Client (authenticatee) data */
struct eap_auth es_server; /* Server (authenticator) data */
+#ifdef PPP_WITH_PEAP
+ struct peap_state *ea_peap; /* Client PEAP (authenticator) data */
+#endif
int es_savedtime; /* Saved timeout */
int es_rechallenge; /* EAP rechallenge interval */
int es_lwrechallenge; /* SRP lightweight rechallenge inter */
bool es_usepseudo; /* Use SRP Pseudonym if offered one */
int es_usedpseudo; /* Set if we already sent PN */
int es_challen; /* Length of challenge string */
- u_char es_challenge[MAX_CHALLENGE_LENGTH];
+ unsigned char es_challenge[MAX_CHALLENGE_LENGTH];
} eap_state;
/*
* Timeouts.
*/
#define EAP_DEFTIMEOUT 3 /* Timeout (seconds) for rexmit */
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
#define EAP_DEFTRANSMITS 30 /* max # times to transmit */
/* certificates can be long ... */
#else
#define EAP_DEFTRANSMITS 10 /* max # times to transmit */
-#endif /* USE_EAPTLS */
+#endif /* PPP_WITH_EAPTLS */
#define EAP_DEFREQTIME 20 /* Time to wait for peer request */
#define EAP_DEFALLOWREQ 20 /* max # times to accept requests */
extern struct protent eap_protent;
+#ifdef PPP_WITH_EAPTLS
+typedef int (eaptls_passwd_hook_fn)(char *user, char *passwd);
+extern eaptls_passwd_hook_fn *eaptls_passwd_hook;
+#endif
+
#ifdef __cplusplus
}
#endif
* 3. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include <string.h>
-#include "pppd.h"
+#include "pppd-private.h"
+#include "options.h"
#include "fsm.h"
#include "ecp.h"
-static option_t ecp_option_list[] = {
+static struct option ecp_option_list[] = {
{ "noecp", o_bool, &ecp_protent.enabled_flag,
"Disable ECP negotiation" },
{ "-ecp", o_bool, &ecp_protent.enabled_flag,
*
* $Id: ecp.h,v 1.2 2003/01/10 07:12:36 fcusack Exp $
*/
+#ifndef PPP_ECP_H
+#define PPP_ECP_H
+
+#include "pppdconf.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifndef PPP_ECP
+#define PPP_ECP 0x8053
+#endif
+
typedef struct ecp_options {
bool required; /* Is ECP required? */
extern ecp_options ecp_hisoptions[];
extern struct protent ecp_protent;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // PPP_ECP_H
*
*/
-#include "pppd.h"
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include "pppd-private.h"
/*
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
*/
+#ifndef PPP_EUI64_H
+#define PPP_EUI64_H
-#ifndef __EUI64_H__
-#define __EUI64_H__
+#include "pppdconf.h"
-#if !defined(INET6)
-#error "this file should only be included when INET6 is defined"
-#endif /* not defined(INET6) */
+#ifdef __cplusplus
+extern "C" {
+#endif
#if defined(SOL2)
#include <netinet/in.h>
char *eui64_ntoa(eui64_t); /* Returns ascii representation of id */
-#endif /* __EUI64_H__ */
+#ifdef __cplusplus
+}
+#endif
+#endif /* PPP_EUI64_H */
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
/*
* TODO:
* Randomize fsm id on link/init.
#include <string.h>
#include <sys/types.h>
-#include "pppd.h"
+#include "pppd-private.h"
#include "fsm.h"
*
* $Id: fsm.h,v 1.10 2004/11/13 02:28:15 paulus Exp $
*/
+#ifndef PPP_FSM_H
+#define PPP_FSM_H
+
+#include "pppdconf.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
/*
* Packet header = Code, id, length.
*/
#define HEADERLEN 4
-
/*
* CP (LCP, IPCP, etc.) codes.
*/
int protocol; /* Data Link Layer Protocol field value */
int state; /* State */
int flags; /* Contains option bits */
- u_char id; /* Current id */
- u_char reqid; /* Current request id */
- u_char seen_ack; /* Have received valid Ack/Nak/Rej to Req */
+ unsigned char id; /* Current id */
+ unsigned char reqid; /* Current request id */
+ unsigned char seen_ack; /* Have received valid Ack/Nak/Rej to Req */
int timeouttime; /* Timeout time in milliseconds */
int maxconfreqtransmits; /* Maximum Configure-Request transmissions */
int retransmits; /* Number of retransmissions left */
void (*resetci)(fsm *); /* Reset our Configuration Information */
int (*cilen)(fsm *); /* Length of our Configuration Information */
void (*addci) /* Add our Configuration Information */
- (fsm *, u_char *, int *);
+ (fsm *, unsigned char *, int *);
int (*ackci) /* ACK our Configuration Information */
- (fsm *, u_char *, int);
+ (fsm *, unsigned char *, int);
int (*nakci) /* NAK our Configuration Information */
- (fsm *, u_char *, int, int);
+ (fsm *, unsigned char *, int, int);
int (*rejci) /* Reject our Configuration Information */
- (fsm *, u_char *, int);
+ (fsm *, unsigned char *, int);
int (*reqci) /* Request peer's Configuration Information */
- (fsm *, u_char *, int *, int);
+ (fsm *, unsigned char *, int *, int);
void (*up)(fsm *); /* Called when fsm reaches OPENED state */
void (*down)(fsm *); /* Called when fsm leaves OPENED state */
void (*starting)(fsm *); /* Called when we want the lower layer */
void (*protreject)(int); /* Called when Protocol-Reject received */
void (*retransmit)(fsm *); /* Retransmission is necessary */
int (*extcode) /* Called when unknown code received */
- (fsm *, int, int, u_char *, int);
+ (fsm *, int, int, unsigned char *, int);
char *proto_name; /* String name for protocol (for messages) */
} fsm_callbacks;
void fsm_lowerdown (fsm *);
void fsm_open (fsm *);
void fsm_close (fsm *, char *);
-void fsm_input (fsm *, u_char *, int);
+void fsm_input (fsm *, unsigned char *, int);
void fsm_protreject (fsm *);
-void fsm_sdata (fsm *, int, int, u_char *, int);
+void fsm_sdata (fsm *, int, int, unsigned char *, int);
/*
* Variables
*/
extern int peer_mru[]; /* currently negotiated peer MRU (per unit) */
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // PPP_FSM_H
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/*
- * TODO:
- */
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
#include <stdio.h>
#include <string.h>
#include <arpa/inet.h>
#include <net/if.h>
-#include "pppd.h"
+#include "pppd-private.h"
+#include "options.h"
#include "fsm.h"
#include "ipcp.h"
#include "pathnames.h"
ipcp_options ipcp_allowoptions[NUM_PPP]; /* Options we allow peer to request */
ipcp_options ipcp_hisoptions[NUM_PPP]; /* Options that we ack'd */
+char *ipparam = NULL; /* Extra parameter for ip up/down scripts */
u_int32_t netmask = 0; /* IP netmask to set on interface */
bool disable_defaultip = 0; /* Don't use hostname for default IP adrs */
bool noremoteip = 0; /* Let him have no IP address */
-/* Hook for a plugin to know when IP protocol has come up */
-void (*ip_up_hook)(void) = NULL;
+ip_up_hook_fn *ip_up_hook = NULL;
+ip_down_hook_fn *ip_down_hook = NULL;
+ip_choose_hook_fn *ip_choose_hook = NULL;
-/* Hook for a plugin to know when IP protocol has come down */
-void (*ip_down_hook)(void) = NULL;
-
-/* Hook for a plugin to choose the remote IP address */
-void (*ip_choose_hook)(u_int32_t *) = NULL;
/* Notifiers for when IPCP goes up and down */
struct notifier *ip_up_notifier = NULL;
static int default_route_set[NUM_PPP]; /* Have set up a default route */
static int proxy_arp_set[NUM_PPP]; /* Have created proxy arp entry */
static bool usepeerdns; /* Ask peer for DNS addrs */
+static bool usepeerwins; /* Ask peer for WINS addrs */
static int ipcp_is_up; /* have called np_up() */
static int ipcp_is_open; /* haven't called np_finished() */
static bool ask_for_local; /* request our address from peer */
static int setwinsaddr (char **);
static int setnetmask (char **);
int setipaddr (char *, char **, int);
-static void printipaddr (option_t *, void (*)(void *, char *,...),void *);
+static void printipaddr (struct option *, void (*)(void *, char *,...),void *);
-static option_t ipcp_option_list[] = {
+static struct option ipcp_option_list[] = {
{ "noip", o_bool, &ipcp_protent.enabled_flag,
"Disable IP and IPCP" },
{ "-ip", o_bool, &ipcp_protent.enabled_flag,
{ "usepeerdns", o_bool, &usepeerdns,
"Ask peer for DNS address(es)", 1 },
+ { "usepeerwins", o_bool, &usepeerwins,
+ "Ask peer for WINS address(es)", 1 },
+
{ "netmask", o_special, (void *)setnetmask,
"set netmask", OPT_PRIO | OPT_A2STRVAL | OPT_STATIC, netmask_str },
{
int value;
- if (!int_option(*argv, &value))
+ if (!ppp_int_option(*argv, &value))
return 0;
if (value < 2 || value > 16) {
- option_error("vj-max-slots value must be between 2 and 16");
+ ppp_option_error("vj-max-slots value must be between 2 and 16");
return 0;
}
ipcp_wantoptions [0].maxslotindex =
dns = inet_addr(*argv);
if (dns == (u_int32_t) -1) {
if ((hp = gethostbyname(*argv)) == NULL) {
- option_error("invalid address parameter '%s' for ms-dns option",
+ ppp_option_error("invalid address parameter '%s' for ms-dns option",
*argv);
return 0;
}
wins = inet_addr(*argv);
if (wins == (u_int32_t) -1) {
if ((hp = gethostbyname(*argv)) == NULL) {
- option_error("invalid address parameter '%s' for ms-wins option",
+ ppp_option_error("invalid address parameter '%s' for ms-wins option",
*argv);
return 0;
}
*colon = '\0';
if ((local = inet_addr(arg)) == (u_int32_t) -1) {
if ((hp = gethostbyname(arg)) == NULL) {
- option_error("unknown host: %s", arg);
+ ppp_option_error("unknown host: %s", arg);
return 0;
}
local = *(u_int32_t *)hp->h_addr;
}
- if (bad_ip_adrs(local)) {
- option_error("bad local IP address %s", ip_ntoa(local));
+ if (ppp_bad_ip_addr(local)) {
+ ppp_option_error("bad local IP address %s", ip_ntoa(local));
return 0;
}
if (local != 0)
if (*++colon != '\0' && option_priority >= prio_remote) {
if ((remote = inet_addr(colon)) == (u_int32_t) -1) {
if ((hp = gethostbyname(colon)) == NULL) {
- option_error("unknown host: %s", colon);
+ ppp_option_error("unknown host: %s", colon);
return 0;
}
remote = *(u_int32_t *)hp->h_addr;
if (remote_name[0] == 0)
strlcpy(remote_name, colon, sizeof(remote_name));
}
- if (bad_ip_adrs(remote)) {
- option_error("bad remote IP address %s", ip_ntoa(remote));
+ if (ppp_bad_ip_addr(remote)) {
+ ppp_option_error("bad remote IP address %s", ip_ntoa(remote));
return 0;
}
if (remote != 0)
}
static void
-printipaddr(option_t *opt, void (*printer) (void *, char *, ...), void *arg)
+printipaddr(struct option *opt, void (*printer) (void *, char *, ...), void *arg)
{
ipcp_options *wo = &ipcp_wantoptions[0];
mask = htonl(mask);
if (n == 0 || p[n] != 0 || (netmask & ~mask) != 0) {
- option_error("invalid netmask value '%s'", *argv);
+ ppp_option_error("invalid netmask value '%s'", *argv);
return 0;
}
return p - p0;
}
+const char *ppp_ipparam()
+{
+ return ipparam;
+}
+
/*
* ipcp_init - Initialize IPCP.
wo->accept_remote = 1;
wo->req_dns1 = usepeerdns; /* Request DNS addresses from the peer */
wo->req_dns2 = usepeerdns;
+ wo->req_wins1 = usepeerwins; /* Request WINS addresses from the peer */
+ wo->req_wins2 = usepeerwins;
*go = *wo;
if (!ask_for_local)
go->ouraddr = 0;
LENCIADDR(go->neg_addr) +
LENCIDNS(go->req_dns1) +
LENCIDNS(go->req_dns2) +
- LENCIWINS(go->winsaddr[0]) +
- LENCIWINS(go->winsaddr[1])) ;
+ LENCIWINS(go->req_wins1) +
+ LENCIWINS(go->req_wins2)) ;
}
neg = 0; \
}
-#define ADDCIWINS(opt, addr) \
- if (addr) { \
+#define ADDCIWINS(opt, neg, addr) \
+ if (neg) { \
if (len >= CILEN_ADDR) { \
u_int32_t l; \
PUTCHAR(opt, ucp); \
PUTLONG(l, ucp); \
len -= CILEN_ADDR; \
} else \
- addr = 0; \
+ neg = 0; \
}
ADDCIADDRS(CI_ADDRS, !go->neg_addr && go->old_addrs, go->ouraddr,
ADDCIDNS(CI_MS_DNS2, go->req_dns2, go->dnsaddr[1]);
- ADDCIWINS(CI_MS_WINS1, go->winsaddr[0]);
+ ADDCIWINS(CI_MS_WINS1, go->req_wins1, go->winsaddr[0]);
- ADDCIWINS(CI_MS_WINS2, go->winsaddr[1]);
+ ADDCIWINS(CI_MS_WINS2, go->req_wins2, go->winsaddr[1]);
*lenp -= len;
}
goto bad; \
}
-#define ACKCIWINS(opt, addr) \
- if (addr) { \
+#define ACKCIWINS(opt, neg, addr) \
+ if (neg) { \
u_int32_t l; \
if ((len -= CILEN_ADDR) < 0) \
goto bad; \
ACKCIDNS(CI_MS_DNS2, go->req_dns2, go->dnsaddr[1]);
- ACKCIWINS(CI_MS_WINS1, go->winsaddr[0]);
+ ACKCIWINS(CI_MS_WINS1, go->req_wins1, go->winsaddr[0]);
- ACKCIWINS(CI_MS_WINS2, go->winsaddr[1]);
+ ACKCIWINS(CI_MS_WINS2, go->req_wins2, go->winsaddr[1]);
/*
* If there are any remaining CIs, then this packet is bad.
u_char cimaxslotindex, cicflag;
u_char citype, cilen, *next;
u_short cishort;
- u_int32_t ciaddr1, ciaddr2, l, cidnsaddr;
+ u_int32_t ciaddr1, ciaddr2, l, cidnsaddr, ciwinsaddr;
ipcp_options no; /* options we've seen Naks for */
ipcp_options try; /* options to request next time */
code \
}
+#define NAKCIWINS(opt, neg, code) \
+ if (go->neg && \
+ ((cilen = p[1]) == CILEN_ADDR) && \
+ len >= cilen && \
+ p[0] == opt) { \
+ len -= cilen; \
+ INCPTR(2, p); \
+ GETLONG(l, p); \
+ ciwinsaddr = htonl(l); \
+ no.neg = 1; \
+ code \
+ }
+
/*
* Accept the peer's idea of {our,his} address, if different
* from our idea, only if the accept_{local,remote} flag is set.
}
);
+ NAKCIWINS(CI_MS_WINS1, req_wins1,
+ if (treat_as_reject) {
+ try.req_wins1 = 0;
+ } else {
+ try.winsaddr[0] = ciwinsaddr;
+ }
+ );
+
+ NAKCIWINS(CI_MS_WINS2, req_wins2,
+ if (treat_as_reject) {
+ try.req_wins2 = 0;
+ } else {
+ try.winsaddr[1] = ciwinsaddr;
+ }
+ );
+
/*
* There may be remaining CIs, if the peer is requesting negotiation
* on an option that we didn't include in our request packet.
no.req_dns2 = 1;
break;
case CI_MS_WINS1:
+ if (go->req_wins1 || no.req_wins1 || cilen != CILEN_ADDR)
+ goto bad;
+ GETLONG(l, p);
+ try.winsaddr[0] = htonl(l);
+ try.req_wins1 = 1;
+ no.req_wins1 = 1;
+ break;
case CI_MS_WINS2:
- if (cilen != CILEN_ADDR)
+ if (go->req_wins2 || no.req_wins2 || cilen != CILEN_ADDR)
goto bad;
GETLONG(l, p);
- ciaddr1 = htonl(l);
- if (ciaddr1)
- try.winsaddr[citype == CI_MS_WINS2] = ciaddr1;
+ try.winsaddr[1] = htonl(l);
+ try.req_wins2 = 1;
+ no.req_wins2 = 1;
break;
}
p = next;
return 0;
}
-
/*
* ipcp_rejci - Reject some of our CIs.
* Callback from fsm_rconfnakrej.
try.neg = 0; \
}
-#define REJCIWINS(opt, addr) \
- if (addr && \
+#define REJCIWINS(opt, neg, addr) \
+ if (go->neg && \
((cilen = p[1]) == CILEN_ADDR) && \
len >= cilen && \
p[0] == opt) { \
/* Check rejected value. */ \
if (cilong != addr) \
goto bad; \
- try.winsaddr[opt == CI_MS_WINS2] = 0; \
+ try.neg = 0; \
}
REJCIADDRS(CI_ADDRS, !go->neg_addr && go->old_addrs,
REJCIDNS(CI_MS_DNS2, req_dns2, go->dnsaddr[1]);
- REJCIWINS(CI_MS_WINS1, go->winsaddr[0]);
+ REJCIWINS(CI_MS_WINS1, req_wins1, go->winsaddr[0]);
- REJCIWINS(CI_MS_WINS2, go->winsaddr[1]);
+ REJCIWINS(CI_MS_WINS2, req_wins2, go->winsaddr[1]);
/*
* If there are any remaining CIs, then this packet is bad.
/* Microsoft primary or secondary WINS request */
d = citype == CI_MS_WINS2;
- /* If we do not have a DNS address then we cannot send it */
+ /* If we do not have a WINS address then we cannot send it */
if (ao->winsaddr[d] == 0 ||
cilen != CILEN_ADDR) { /* Check CI length */
orc = CONFREJ; /* Reject CI */
wo->accept_local = 1; /* don't insist on this default value */
if ((hp = gethostbyname(hostname)) != NULL) {
local = *(u_int32_t *)hp->h_addr;
- if (local != 0 && !bad_ip_adrs(local))
+ if (local != 0 && !ppp_bad_ip_addr(local))
wo->ouraddr = local;
}
}
}
if (!sifaddr(u, wo->ouraddr, wo->hisaddr, GetMask(wo->ouraddr)))
return 0;
- ipcp_script(_PATH_IPPREUP, 1);
+ ipcp_script(PPP_PATH_IPPREUP, 1);
if (!sifup(u))
return 0;
if (!sifnpmode(u, PPP_IP, NPMODE_QUEUE))
warn("Could not determine remote IP address: defaulting to %I",
ho->hisaddr);
}
- script_setenv("IPLOCAL", ip_ntoa(go->ouraddr), 0);
+ ppp_script_setenv("IPLOCAL", ip_ntoa(go->ouraddr), 0);
if (ho->hisaddr != 0)
- script_setenv("IPREMOTE", ip_ntoa(ho->hisaddr), 1);
+ ppp_script_setenv("IPREMOTE", ip_ntoa(ho->hisaddr), 1);
if (!go->req_dns1)
go->dnsaddr[0] = 0;
if (!go->req_dns2)
go->dnsaddr[1] = 0;
if (go->dnsaddr[0])
- script_setenv("DNS1", ip_ntoa(go->dnsaddr[0]), 0);
+ ppp_script_setenv("DNS1", ip_ntoa(go->dnsaddr[0]), 0);
if (go->dnsaddr[1])
- script_setenv("DNS2", ip_ntoa(go->dnsaddr[1]), 0);
+ ppp_script_setenv("DNS2", ip_ntoa(go->dnsaddr[1]), 0);
if (usepeerdns && (go->dnsaddr[0] || go->dnsaddr[1])) {
- script_setenv("USEPEERDNS", "1", 0);
+ ppp_script_setenv("USEPEERDNS", "1", 0);
create_resolv(go->dnsaddr[0], go->dnsaddr[1]);
}
+ if (go->winsaddr[0])
+ ppp_script_setenv("WINS1", ip_ntoa(go->winsaddr[0]), 0);
+ if (go->winsaddr[1])
+ ppp_script_setenv("WINS2", ip_ntoa(go->winsaddr[1]), 0);
+ if (usepeerwins && (go->winsaddr[0] || go->winsaddr[1]))
+ ppp_script_setenv("USEPEERWINS", "1", 0);
+
/*
* Check that the peer is allowed to use the IP address it wants.
*/
wo->replace_default_route);
if (go->ouraddr != wo->ouraddr) {
warn("Local IP address changed to %I", go->ouraddr);
- script_setenv("OLDIPLOCAL", ip_ntoa(wo->ouraddr), 0);
+ ppp_script_setenv("OLDIPLOCAL", ip_ntoa(wo->ouraddr), 0);
wo->ouraddr = go->ouraddr;
} else
- script_unsetenv("OLDIPLOCAL");
+ ppp_script_unsetenv("OLDIPLOCAL");
if (ho->hisaddr != wo->hisaddr) {
warn("Remote IP address changed to %I", ho->hisaddr);
if (wo->hisaddr != 0)
- script_setenv("OLDIPREMOTE", ip_ntoa(wo->hisaddr), 0);
+ ppp_script_setenv("OLDIPREMOTE", ip_ntoa(wo->hisaddr), 0);
wo->hisaddr = ho->hisaddr;
} else
- script_unsetenv("OLDIPREMOTE");
+ ppp_script_unsetenv("OLDIPREMOTE");
/* Set the interface to the new addresses */
mask = GetMask(go->ouraddr);
ifindex = if_nametoindex(ifname);
/* run the pre-up script, if any, and wait for it to finish */
- ipcp_script(_PATH_IPPREUP, 1);
+ ipcp_script(PPP_PATH_IPPREUP, 1);
/* check if preup script renamed the interface */
if (!if_indextoname(ifindex, ifname)) {
* before the interface is marked down. */
/* XXX more correct: we must get the stats before running the notifiers,
* at least for the radius plugin */
- update_link_stats(f->unit);
+ ppp_get_link_stats(NULL);
notify(ip_down_notifier, 0);
if (ip_down_hook)
ip_down_hook();
{
FILE *f;
- f = fopen(_PATH_RESOLV, "w");
+ f = fopen(PPP_PATH_RESOLV, "w");
if (f == NULL) {
- error("Failed to create %s: %m", _PATH_RESOLV);
+ error("Failed to create %s: %m", PPP_PATH_RESOLV);
return;
}
if (peerdns1)
fprintf(f, "nameserver %s\n", ip_ntoa(peerdns1));
- if (peerdns2)
+ if (peerdns2 && peerdns2 != peerdns1)
fprintf(f, "nameserver %s\n", ip_ntoa(peerdns2));
if (ferror(f))
- error("Write failed to %s: %m", _PATH_RESOLV);
+ error("Write failed to %s: %m", PPP_PATH_RESOLV);
fclose(f);
}
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#ifndef PPP_IPCP_H
+#define PPP_IPCP_H
+
+#include "pppdconf.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
/*
* Options.
bool accept_remote; /* accept peer's value for hisaddr */
bool req_dns1; /* Ask peer to send primary DNS address? */
bool req_dns2; /* Ask peer to send secondary DNS address? */
+ bool req_wins1; /* Ask peer to send primary WINS address? */
+ bool req_wins2; /* Ask peer to send secondary WINS address? */
int vj_protocol; /* protocol value to use in VJ option */
int maxslotindex; /* values for RFC1332 VJ compression neg. */
bool cflag;
- u_int32_t ouraddr, hisaddr; /* Addresses in NETWORK BYTE ORDER */
- u_int32_t dnsaddr[2]; /* Primary and secondary MS DNS entries */
- u_int32_t winsaddr[2]; /* Primary and secondary MS WINS entries */
+ uint32_t ouraddr, hisaddr; /* Addresses in NETWORK BYTE ORDER */
+ uint32_t dnsaddr[2]; /* Primary and secondary MS DNS entries */
+ uint32_t winsaddr[2]; /* Primary and secondary MS WINS entries */
} ipcp_options;
extern fsm ipcp_fsm[];
extern ipcp_options ipcp_allowoptions[];
extern ipcp_options ipcp_hisoptions[];
-char *ip_ntoa(u_int32_t);
+char *ip_ntoa(uint32_t);
extern struct protent ipcp_protent;
+
+/*
+ * Hook for a plugin to know when IP protocol has come up
+ */
+typedef void (ip_up_hook_fn)(void);
+extern ip_up_hook_fn *ip_up_hook;
+
+/*
+ * Hook for a plugin to know when IP protocol has come down
+ */
+typedef void (ip_down_hook_fn)(void);
+extern ip_down_hook_fn *ip_down_hook;
+
+/*
+ * Hook for a plugin to choose the remote IP address
+ */
+typedef void (ip_choose_hook_fn)(uint32_t *);
+extern ip_choose_hook_fn *ip_choose_hook;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* PPP_IPCP_H */
* since SVR4 && (SNI || __USLC__) didn't work properly)
*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <errno.h>
#include <unistd.h>
#include <netdb.h>
#include <sys/param.h>
#include <netinet/in.h>
#include <arpa/inet.h>
-#include "pppd.h"
+#include "pppd-private.h"
+#include "options.h"
#include "fsm.h"
+#include "eui64.h"
#include "ipcp.h"
#include "ipv6cp.h"
#include "magic.h"
/* local vars */
static int default_route_set[NUM_PPP]; /* Have set up a default route */
static int ipv6cp_is_up;
+static bool ipv6cp_noremote;
-/* Hook for a plugin to know when IPv6 protocol has come up */
-void (*ipv6_up_hook)(void) = NULL;
-
-/* Hook for a plugin to know when IPv6 protocol has come down */
-void (*ipv6_down_hook)(void) = NULL;
+ipv6_up_hook_fn *ipv6_up_hook = NULL;
+ipv6_down_hook_fn *ipv6_down_hook = NULL;
/* Notifiers for when IPCPv6 goes up and down */
struct notifier *ipv6_up_notifier = NULL;
* Command-line options.
*/
static int setifaceid (char **arg);
-static void printifaceid (option_t *,
+static void printifaceid (struct option *,
void (*)(void *, char *, ...), void *);
-static option_t ipv6cp_option_list[] = {
+static struct option ipv6cp_option_list[] = {
{ "ipv6", o_special, (void *)setifaceid,
"Set interface identifiers for IPV6",
OPT_A2PRINTER, (void *)printifaceid },
{ "-ipv6", o_bool, &ipv6cp_protent.enabled_flag,
"Disable IPv6 and IPv6CP", OPT_PRIOSUB | OPT_ALIAS },
- { "ipv6cp-accept-local", o_bool, &ipv6cp_allowoptions[0].accept_local,
+ { "ipv6cp-accept-local", o_bool, &ipv6cp_wantoptions[0].accept_local,
"Accept peer's interface identifier for us", 1 },
- { "ipv6cp-accept-remote", o_bool, &ipv6cp_allowoptions[0].accept_remote,
+ { "ipv6cp-accept-remote", o_bool, &ipv6cp_wantoptions[0].accept_remote,
"Accept peer's interface identifier for itself", 1 },
{ "defaultroute6", o_bool, &ipv6cp_wantoptions[0].default_route,
&ipv6cp_wantoptions[0].default_route },
{ "ipv6cp-use-ipaddr", o_bool, &ipv6cp_allowoptions[0].use_ip,
- "Use (default) IPv4 address as interface identifier", 1 },
-
+ "Use (default) IPv4 addresses for both local and remote interface identifiers", 1 },
{ "ipv6cp-use-persistent", o_bool, &ipv6cp_wantoptions[0].use_persistent,
- "Use uniquely-available persistent value for link local address", 1 },
+ "Use uniquely-available persistent value for local interface identifier", 1 },
+ { "ipv6cp-use-remotenumber", o_bool, &ipv6cp_wantoptions[0].use_remotenumber,
+ "Use remotenumber value for remote interface identifier", 1 },
+
+#ifdef __linux__
+ { "ipv6cp-noremote", o_bool, &ipv6cp_noremote,
+ "Allow peer to have no interface identifier", 1 },
+#endif
+ { "ipv6cp-nosend", o_bool, &ipv6cp_wantoptions[0].neg_ifaceid,
+ "Don't send local interface identifier to peer", OPT_A2CLR },
{ "ipv6cp-restart", o_int, &ipv6cp_fsm[0].timeouttime,
"Set timeout for IPv6CP", OPT_PRIO },
*comma = '\0';
if (inet_pton(AF_INET6, arg, &addr) == 0 || !VALIDID(addr)) {
- option_error("Illegal interface identifier (local): %s", arg);
+ ppp_option_error("Illegal interface identifier (local): %s", arg);
return 0;
}
*/
if (*comma != 0 && *++comma != '\0') {
if (inet_pton(AF_INET6, comma, &addr) == 0 || !VALIDID(addr)) {
- option_error("Illegal interface identifier (remote): %s", comma);
+ ppp_option_error("Illegal interface identifier (remote): %s", comma);
return 0;
}
if (option_priority >= prio_remote) {
char *llv6_ntoa(eui64_t ifaceid);
static void
-printifaceid(option_t *opt, void (*printer) (void *, char *, ...), void *arg)
+printifaceid(struct option *opt, void (*printer) (void *, char *, ...), void *arg)
{
ipv6cp_options *wo = &ipv6cp_wantoptions[0];
static int
ipv6cp_nakci(fsm *f, u_char *p, int len, int treat_as_reject)
{
+ ipv6cp_options *wo = &ipv6cp_wantoptions[f->unit];
ipv6cp_options *go = &ipv6cp_gotoptions[f->unit];
u_char citype, cilen, *next;
u_short cishort;
NAKCIIFACEID(CI_IFACEID, neg_ifaceid,
if (treat_as_reject) {
try.neg_ifaceid = 0;
- } else if (go->accept_local) {
+ } else if (go->accept_local && !eui64_iszero(ifaceid) && !eui64_equals(ifaceid, go->hisid)) {
+ try.ourid = ifaceid;
+ } else if (eui64_iszero(ifaceid) && !go->opt_local && wo->neg_ifaceid) {
while (eui64_iszero(ifaceid) ||
eui64_equals(ifaceid, go->hisid)) /* bad luck */
eui64_magic(ifaceid);
goto bad;
try.neg_ifaceid = 1;
eui64_get(ifaceid, p);
- if (go->accept_local) {
+ if (go->accept_local && !eui64_iszero(ifaceid) && !eui64_equals(ifaceid, go->hisid)) {
+ try.ourid = ifaceid;
+ } else if (eui64_iszero(ifaceid) && !go->opt_local && wo->neg_ifaceid) {
while (eui64_iszero(ifaceid) ||
eui64_equals(ifaceid, go->hisid)) /* bad luck */
eui64_magic(ifaceid);
try.ourid = ifaceid;
+ } else {
+ try.neg_ifaceid = 0;
}
no.neg_ifaceid = 1;
break;
break;
}
if (!eui64_iszero(wo->hisid) && !wo->accept_remote &&
- !eui64_equals(ifaceid, wo->hisid) &&
- eui64_iszero(go->hisid)) {
+ !eui64_equals(ifaceid, wo->hisid)) {
orc = CONFNAK;
ifaceid = wo->hisid;
orc = CONFNAK;
if (eui64_iszero(go->hisid)) /* first time, try option */
ifaceid = wo->hisid;
- while (eui64_iszero(ifaceid) ||
- eui64_equals(ifaceid, go->ourid)) /* bad luck */
- eui64_magic(ifaceid);
+ if (eui64_equals(ifaceid, go->ourid)) /* bad luck */
+ eui64_zero(ifaceid);
+ if (eui64_iszero(ifaceid)) {
+ if (wo->opt_remote)
+ ifaceid = wo->hisid;
+ else {
+ while (eui64_iszero(ifaceid) ||
+ eui64_equals(ifaceid, go->ourid)) /* bad luck */
+ eui64_magic(ifaceid);
+ }
+ }
go->hisid = ifaceid;
DECPTR(sizeof(ifaceid), p);
eui64_put(ifaceid, p);
}
+/*
+ * eui48_to_eui64 - Convert the EUI-48 into EUI-64, per RFC 2472 [sec 4.1]
+ */
+static void
+eui48_to_eui64(eui64_t *p_eui64, const u_char addr[6])
+{
+ p_eui64->e8[0] = addr[0] | 0x02;
+ p_eui64->e8[1] = addr[1];
+ p_eui64->e8[2] = addr[2];
+ p_eui64->e8[3] = 0xFF;
+ p_eui64->e8[4] = 0xFE;
+ p_eui64->e8[5] = addr[3];
+ p_eui64->e8[6] = addr[4];
+ p_eui64->e8[7] = addr[5];
+}
+
+
/*
* ether_to_eui64 - Convert 48-bit Ethernet address into 64-bit EUI
*
return 0;
}
- /*
- * And convert the EUI-48 into EUI-64, per RFC 2472 [sec 4.1]
- */
- p_eui64->e8[0] = addr[0] | 0x02;
- p_eui64->e8[1] = addr[1];
- p_eui64->e8[2] = addr[2];
- p_eui64->e8[3] = 0xFF;
- p_eui64->e8[4] = 0xFE;
- p_eui64->e8[5] = addr[3];
- p_eui64->e8[6] = addr[4];
- p_eui64->e8[7] = addr[5];
-
+ eui48_to_eui64(p_eui64, addr);
return 1;
}
}
}
+ if (!wo->opt_remote && wo->use_remotenumber && *remote_number) {
+ /* remote number can be either MAC address, IPv4 address, IPv6 address or telephone number */
+ struct in_addr addr;
+ struct in6_addr addr6;
+ unsigned long long tel;
+ unsigned char mac[6];
+ const char *str;
+ char *endptr;
+ if (sscanf(remote_number, "%hhx:%hhx:%hhx:%hhx:%hhx:%hhx",
+ &mac[0], &mac[1], &mac[2],
+ &mac[3], &mac[4], &mac[5]) == 6) {
+ eui48_to_eui64(&wo->hisid, mac);
+ } else if (inet_pton(AF_INET, remote_number, &addr) == 1) {
+ eui64_setlo32(wo->hisid, ntohl(addr.s_addr));
+ } else if (inet_pton(AF_INET6, remote_number, &addr6) == 1) {
+ /* use low 64 bits of IPv6 address for interface identifier */
+ wo->hisid.e8[0] = addr6.s6_addr[8];
+ wo->hisid.e8[1] = addr6.s6_addr[9];
+ wo->hisid.e8[2] = addr6.s6_addr[10];
+ wo->hisid.e8[3] = addr6.s6_addr[11];
+ wo->hisid.e8[4] = addr6.s6_addr[12];
+ wo->hisid.e8[5] = addr6.s6_addr[13];
+ wo->hisid.e8[6] = addr6.s6_addr[14];
+ wo->hisid.e8[7] = addr6.s6_addr[15];
+ } else {
+ str = remote_number;
+ /* telephone number may start with leading '+' sign, so skip it */
+ if (str[0] == '+')
+ str++;
+ errno = 0;
+ tel = strtoull(str, &endptr, 10);
+ if (!errno && *str && !*endptr && tel) {
+ wo->hisid.e32[0] = htonl(tel >> 32);
+ wo->hisid.e32[1] = htonl(tel & 0xFFFFFFFF);
+ }
+ }
+ if (!eui64_iszero(wo->hisid))
+ wo->opt_remote = 1;
+ }
+
if (!wo->opt_local) { /* init interface identifier */
if (wo->use_ip && eui64_iszero(wo->ourid)) {
eui64_setlo32(wo->ourid, ntohl(ipcp_wantoptions[0].ouraddr));
{
ipv6cp_options *wo = &ipv6cp_wantoptions[u];
- if (eui64_iszero(wo->hisid)) {
+ if (eui64_iszero(wo->hisid) && !ipv6cp_noremote) {
/* make up an arbitrary identifier for the peer */
eui64_magic_nz(wo->hisid);
}
default_route_set[u] = 1;
notice("local LL address %s", llv6_ntoa(wo->ourid));
- notice("remote LL address %s", llv6_ntoa(wo->hisid));
+ if (!eui64_iszero(wo->hisid))
+ notice("remote LL address %s", llv6_ntoa(wo->hisid));
return 1;
}
/*
* We must have a non-zero LL address for both ends of the link.
*/
+
+ if (!eui64_iszero(wo->hisid) && !wo->accept_remote && (!ho->neg_ifaceid || !eui64_equals(ho->hisid, wo->hisid))) {
+ error("Peer refused to agree to his interface identifier");
+ ipv6cp_close(f->unit, "Refused his interface identifier");
+ return;
+ }
if (!ho->neg_ifaceid)
ho->hisid = wo->hisid;
if(!no_ifaceid_neg) {
- if (eui64_iszero(ho->hisid)) {
+ if (eui64_iszero(ho->hisid) && !ipv6cp_noremote) {
error("Could not determine remote LL address");
ipv6cp_close(f->unit, "Could not determine remote LL address");
return;
return;
}
}
- script_setenv("LLLOCAL", llv6_ntoa(go->ourid), 0);
- script_setenv("LLREMOTE", llv6_ntoa(ho->hisid), 0);
+ ppp_script_setenv("LLLOCAL", llv6_ntoa(go->ourid), 0);
+ if (!eui64_iszero(ho->hisid))
+ ppp_script_setenv("LLREMOTE", llv6_ntoa(ho->hisid), 0);
#ifdef IPV6CP_COMP
/* set tcp compression */
default_route_set[f->unit] = 1;
notice("local LL address %s", llv6_ntoa(go->ourid));
- notice("remote LL address %s", llv6_ntoa(ho->hisid));
+ if (!eui64_iszero(ho->hisid))
+ notice("remote LL address %s", llv6_ntoa(ho->hisid));
}
np_up(f->unit, PPP_IPV6);
*/
if (ipv6cp_script_state == s_down && ipv6cp_script_pid == 0) {
ipv6cp_script_state = s_up;
- ipv6cp_script(_PATH_IPV6UP);
+ ipv6cp_script(path_ipv6up);
}
}
ipv6cp_down(fsm *f)
{
IPV6CPDEBUG(("ipv6cp: down"));
- update_link_stats(f->unit);
+ ppp_get_link_stats(NULL);
notify(ipv6_down_notifier, 0);
if (ipv6_down_hook)
ipv6_down_hook();
/* Execute the ipv6-down script */
if (ipv6cp_script_state == s_up && ipv6cp_script_pid == 0) {
ipv6cp_script_state = s_down;
- ipv6cp_script(_PATH_IPV6DOWN);
+ ipv6cp_script(path_ipv6down);
}
}
case s_up:
if (ipv6cp_fsm[0].state != OPENED) {
ipv6cp_script_state = s_down;
- ipv6cp_script(_PATH_IPV6DOWN);
+ ipv6cp_script(path_ipv6down);
}
break;
case s_down:
if (ipv6cp_fsm[0].state == OPENED) {
ipv6cp_script_state = s_up;
- ipv6cp_script(_PATH_IPV6UP);
+ ipv6cp_script(path_ipv6up);
}
break;
}
static void
ipv6cp_script(char *script)
{
- char strspeed[32], strlocal[32], strremote[32];
+ char strspeed[32], strlocal[64], strremote[64];
char *argv[8];
sprintf(strspeed, "%d", baud_rate);
*
*/
+#ifndef PPP_IPV6CP_H
+#define PPP_IPV6CP_H
+
+#include "pppdconf.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/* Original version, based on RFC2023 :
Copyright (c) 1995, 1996, 1997 Francis.Dupont@inria.fr, INRIA Rocquencourt,
int opt_remote; /* histoken set by option */
int use_ip; /* use IP as interface identifier */
int use_persistent; /* use uniquely persistent value for address */
+ int use_remotenumber; /* use remote number value for address */
int neg_vj; /* Van Jacobson Compression? */
u_short vj_protocol; /* protocol value to use in VJ option */
eui64_t ourid, hisid; /* Interface identifiers */
extern ipv6cp_options ipv6cp_hisoptions[];
extern struct protent ipv6cp_protent;
+
+/*
+ * Hook for a plugin to know when IPv6 protocol has come up
+ */
+typedef void (ipv6_up_hook_fn)(void);
+extern ipv6_up_hook_fn *ipv6_up_hook;
+
+/*
+ * Hook for a plugin to know when IPv6 protocol has come down
+ */
+typedef void (ipv6_down_hook_fn)(void);
+extern ipv6_down_hook_fn *ipv6_down_hook;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif
+++ /dev/null
-/*
- * ipxcp.c - PPP IPX Control Protocol.
- *
- * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. The name "Carnegie Mellon University" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For permission or any legal
- * details, please contact
- * Office of Technology Transfer
- * Carnegie Mellon University
- * 5000 Forbes Avenue
- * Pittsburgh, PA 15213-3890
- * (412) 268-4387, fax: (412) 268-7395
- * tech-transfer@andrew.cmu.edu
- *
- * 4. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by Computing Services
- * at Carnegie Mellon University (http://www.cmu.edu/computing/)."
- *
- * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
- * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
- * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
- * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
- * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#ifdef IPX_CHANGE
-
-/*
- * TODO:
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <unistd.h>
-#include <ctype.h>
-#include <sys/types.h>
-#include <sys/socket.h>
-#include <netinet/in.h>
-
-#include "pppd.h"
-#include "fsm.h"
-#include "ipxcp.h"
-#include "pathnames.h"
-#include "magic.h"
-
-
-/* global vars */
-ipxcp_options ipxcp_wantoptions[NUM_PPP]; /* Options that we want to request */
-ipxcp_options ipxcp_gotoptions[NUM_PPP]; /* Options that peer ack'd */
-ipxcp_options ipxcp_allowoptions[NUM_PPP]; /* Options we allow peer to request */
-ipxcp_options ipxcp_hisoptions[NUM_PPP]; /* Options that we ack'd */
-
-#define wo (&ipxcp_wantoptions[0])
-#define ao (&ipxcp_allowoptions[0])
-#define go (&ipxcp_gotoptions[0])
-#define ho (&ipxcp_hisoptions[0])
-
-/*
- * Callbacks for fsm code. (CI = Configuration Information)
- */
-static void ipxcp_resetci (fsm *); /* Reset our CI */
-static int ipxcp_cilen (fsm *); /* Return length of our CI */
-static void ipxcp_addci (fsm *, u_char *, int *); /* Add our CI */
-static int ipxcp_ackci (fsm *, u_char *, int); /* Peer ack'd our CI */
-static int ipxcp_nakci (fsm *, u_char *, int, int);/* Peer nak'd our CI */
-static int ipxcp_rejci (fsm *, u_char *, int); /* Peer rej'd our CI */
-static int ipxcp_reqci (fsm *, u_char *, int *, int); /* Rcv CI */
-static void ipxcp_up (fsm *); /* We're UP */
-static void ipxcp_down (fsm *); /* We're DOWN */
-static void ipxcp_finished (fsm *); /* Don't need lower layer */
-static void ipxcp_script (fsm *, char *); /* Run an up/down script */
-
-fsm ipxcp_fsm[NUM_PPP]; /* IPXCP fsm structure */
-
-static fsm_callbacks ipxcp_callbacks = { /* IPXCP callback routines */
- ipxcp_resetci, /* Reset our Configuration Information */
- ipxcp_cilen, /* Length of our Configuration Information */
- ipxcp_addci, /* Add our Configuration Information */
- ipxcp_ackci, /* ACK our Configuration Information */
- ipxcp_nakci, /* NAK our Configuration Information */
- ipxcp_rejci, /* Reject our Configuration Information */
- ipxcp_reqci, /* Request peer's Configuration Information */
- ipxcp_up, /* Called when fsm reaches OPENED state */
- ipxcp_down, /* Called when fsm leaves OPENED state */
- NULL, /* Called when we want the lower layer up */
- ipxcp_finished, /* Called when we want the lower layer down */
- NULL, /* Called when Protocol-Reject received */
- NULL, /* Retransmission is necessary */
- NULL, /* Called to handle protocol-specific codes */
- "IPXCP" /* String name of protocol */
-};
-
-/*
- * Command-line options.
- */
-static int setipxnode (char **);
-static void printipxnode (option_t *,
- void (*)(void *, char *, ...), void *);
-static int setipxname (char **);
-
-static option_t ipxcp_option_list[] = {
- { "ipx", o_bool, &ipxcp_protent.enabled_flag,
- "Enable IPXCP (and IPX)", OPT_PRIO | 1 },
- { "+ipx", o_bool, &ipxcp_protent.enabled_flag,
- "Enable IPXCP (and IPX)", OPT_PRIOSUB | OPT_ALIAS | 1 },
- { "noipx", o_bool, &ipxcp_protent.enabled_flag,
- "Disable IPXCP (and IPX)", OPT_PRIOSUB },
- { "-ipx", o_bool, &ipxcp_protent.enabled_flag,
- "Disable IPXCP (and IPX)", OPT_PRIOSUB | OPT_ALIAS },
-
- { "ipx-network", o_uint32, &ipxcp_wantoptions[0].our_network,
- "Set our IPX network number", OPT_PRIO, &ipxcp_wantoptions[0].neg_nn },
-
- { "ipxcp-accept-network", o_bool, &ipxcp_wantoptions[0].accept_network,
- "Accept peer IPX network number", 1,
- &ipxcp_allowoptions[0].accept_network },
-
- { "ipx-node", o_special, (void *)setipxnode,
- "Set IPX node number", OPT_A2PRINTER, (void *)printipxnode },
-
- { "ipxcp-accept-local", o_bool, &ipxcp_wantoptions[0].accept_local,
- "Accept our IPX address", 1,
- &ipxcp_allowoptions[0].accept_local },
-
- { "ipxcp-accept-remote", o_bool, &ipxcp_wantoptions[0].accept_remote,
- "Accept peer's IPX address", 1,
- &ipxcp_allowoptions[0].accept_remote },
-
- { "ipx-routing", o_int, &ipxcp_wantoptions[0].router,
- "Set IPX routing proto number", OPT_PRIO,
- &ipxcp_wantoptions[0].neg_router },
-
- { "ipx-router-name", o_special, setipxname,
- "Set IPX router name", OPT_PRIO | OPT_A2STRVAL | OPT_STATIC,
- &ipxcp_wantoptions[0].name },
-
- { "ipxcp-restart", o_int, &ipxcp_fsm[0].timeouttime,
- "Set timeout for IPXCP", OPT_PRIO },
- { "ipxcp-max-terminate", o_int, &ipxcp_fsm[0].maxtermtransmits,
- "Set max #xmits for IPXCP term-reqs", OPT_PRIO },
- { "ipxcp-max-configure", o_int, &ipxcp_fsm[0].maxconfreqtransmits,
- "Set max #xmits for IPXCP conf-reqs", OPT_PRIO },
- { "ipxcp-max-failure", o_int, &ipxcp_fsm[0].maxnakloops,
- "Set max #conf-naks for IPXCP", OPT_PRIO },
-
- { NULL }
-};
-
-/*
- * Protocol entry points.
- */
-
-static void ipxcp_init (int);
-static void ipxcp_open (int);
-static void ipxcp_close (int, char *);
-static void ipxcp_lowerup (int);
-static void ipxcp_lowerdown (int);
-static void ipxcp_input (int, u_char *, int);
-static void ipxcp_protrej (int);
-static int ipxcp_printpkt (u_char *, int,
- void (*) (void *, char *, ...), void *);
-
-struct protent ipxcp_protent = {
- PPP_IPXCP,
- ipxcp_init,
- ipxcp_input,
- ipxcp_protrej,
- ipxcp_lowerup,
- ipxcp_lowerdown,
- ipxcp_open,
- ipxcp_close,
- ipxcp_printpkt,
- NULL,
- 0,
- "IPXCP",
- "IPX",
- ipxcp_option_list,
- NULL,
- NULL,
- NULL
-};
-
-/*
- * Lengths of configuration options.
- */
-
-#define CILEN_VOID 2
-#define CILEN_COMPLETE 2 /* length of complete option */
-#define CILEN_NETN 6 /* network number length option */
-#define CILEN_NODEN 8 /* node number length option */
-#define CILEN_PROTOCOL 4 /* Minimum length of routing protocol */
-#define CILEN_NAME 3 /* Minimum length of router name */
-#define CILEN_COMPRESS 4 /* Minimum length of compression protocol */
-
-#define CODENAME(x) ((x) == CONFACK ? "ACK" : \
- (x) == CONFNAK ? "NAK" : "REJ")
-
-static int ipxcp_is_up;
-
-static char *ipx_ntoa (u_int32_t);
-
-/* Used in printing the node number */
-#define NODE(base) base[0], base[1], base[2], base[3], base[4], base[5]
-
-/* Used to generate the proper bit mask */
-#define BIT(num) (1 << (num))
-
-/*
- * Convert from internal to external notation
- */
-
-static short int
-to_external(short int internal)
-{
- short int external;
-
- if (internal & BIT(IPX_NONE) )
- external = IPX_NONE;
- else
- external = RIP_SAP;
-
- return external;
-}
-
-/*
- * Make a string representation of a network IP address.
- */
-
-static char *
-ipx_ntoa(u_int32_t ipxaddr)
-{
- static char b[64];
- slprintf(b, sizeof(b), "%x", ipxaddr);
- return b;
-}
-
-
-static u_char *
-setipxnodevalue(u_char *src, u_char *dst)
-{
- int indx;
- int item;
-
- for (;;) {
- if (!isxdigit (*src))
- break;
-
- for (indx = 0; indx < 5; ++indx) {
- dst[indx] <<= 4;
- dst[indx] |= (dst[indx + 1] >> 4) & 0x0F;
- }
-
- item = toupper (*src) - '0';
- if (item > 9)
- item -= 7;
-
- dst[5] = (dst[5] << 4) | item;
- ++src;
- }
- return src;
-}
-
-static int ipx_prio_our, ipx_prio_his;
-
-static int
-setipxnode(char **argv)
-{
- u_char *end;
- int have_his = 0;
- u_char our_node[6];
- u_char his_node[6];
-
- memset (our_node, 0, 6);
- memset (his_node, 0, 6);
-
- end = setipxnodevalue ((u_char *)*argv, our_node);
- if (*end == ':') {
- have_his = 1;
- end = setipxnodevalue (++end, his_node);
- }
-
- if (*end == '\0') {
- ipxcp_wantoptions[0].neg_node = 1;
- if (option_priority >= ipx_prio_our) {
- memcpy(&ipxcp_wantoptions[0].our_node[0], our_node, 6);
- ipx_prio_our = option_priority;
- }
- if (have_his && option_priority >= ipx_prio_his) {
- memcpy(&ipxcp_wantoptions[0].his_node[0], his_node, 6);
- ipx_prio_his = option_priority;
- }
- return 1;
- }
-
- option_error("invalid parameter '%s' for ipx-node option", *argv);
- return 0;
-}
-
-static void
-printipxnode(option_t *opt, void (*printer) (void *, char *, ...), void *arg)
-{
- unsigned char *p;
-
- p = ipxcp_wantoptions[0].our_node;
- if (ipx_prio_our)
- printer(arg, "%.2x%.2x%.2x%.2x%.2x%.2x",
- p[0], p[1], p[2], p[3], p[4], p[5]);
- printer(arg, ":");
- p = ipxcp_wantoptions[0].his_node;
- if (ipx_prio_his)
- printer(arg, "%.2x%.2x%.2x%.2x%.2x%.2x",
- p[0], p[1], p[2], p[3], p[4], p[5]);
-}
-
-static int
-setipxname (char **argv)
-{
- u_char *dest = ipxcp_wantoptions[0].name;
- char *src = *argv;
- int count;
- char ch;
-
- ipxcp_wantoptions[0].neg_name = 1;
- ipxcp_allowoptions[0].neg_name = 1;
- memset (dest, '\0', sizeof (ipxcp_wantoptions[0].name));
-
- count = 0;
- while (*src) {
- ch = *src++;
- if (! isalnum (ch) && ch != '_') {
- option_error("IPX router name must be alphanumeric or _");
- return 0;
- }
-
- if (count >= sizeof (ipxcp_wantoptions[0].name) - 1) {
- option_error("IPX router name is limited to %d characters",
- sizeof (ipxcp_wantoptions[0].name) - 1);
- return 0;
- }
-
- dest[count++] = toupper (ch);
- }
- dest[count] = 0;
-
- return 1;
-}
-
-/*
- * ipxcp_init - Initialize IPXCP.
- */
-static void
-ipxcp_init(int unit)
-{
- fsm *f = &ipxcp_fsm[unit];
-
- f->unit = unit;
- f->protocol = PPP_IPXCP;
- f->callbacks = &ipxcp_callbacks;
- fsm_init(&ipxcp_fsm[unit]);
-
- memset (wo->name, 0, sizeof (wo->name));
- memset (wo->our_node, 0, sizeof (wo->our_node));
- memset (wo->his_node, 0, sizeof (wo->his_node));
-
- wo->neg_nn = 1;
- wo->neg_complete = 1;
- wo->network = 0;
-
- ao->neg_node = 1;
- ao->neg_nn = 1;
- ao->neg_name = 1;
- ao->neg_complete = 1;
- ao->neg_router = 1;
-
- ao->accept_local = 0;
- ao->accept_remote = 0;
- ao->accept_network = 0;
-
- wo->tried_rip = 0;
- wo->tried_nlsp = 0;
-}
-
-/*
- * Copy the node number
- */
-
-static void
-copy_node (u_char *src, u_char *dst)
-{
- memcpy (dst, src, sizeof (ipxcp_wantoptions[0].our_node));
-}
-
-/*
- * Compare node numbers
- */
-
-static int
-compare_node (u_char *src, u_char *dst)
-{
- return memcmp (dst, src, sizeof (ipxcp_wantoptions[0].our_node)) == 0;
-}
-
-/*
- * Is the node number zero?
- */
-
-static int
-zero_node (u_char *node)
-{
- int indx;
- for (indx = 0; indx < sizeof (ipxcp_wantoptions[0].our_node); ++indx)
- if (node [indx] != 0)
- return 0;
- return 1;
-}
-
-/*
- * Increment the node number
- */
-
-static void
-inc_node (u_char *node)
-{
- u_char *outp;
- u_int32_t magic_num;
-
- outp = node;
- magic_num = magic();
- *outp++ = '\0';
- *outp++ = '\0';
- PUTLONG (magic_num, outp);
-}
-
-/*
- * ipxcp_open - IPXCP is allowed to come up.
- */
-static void
-ipxcp_open(int unit)
-{
- fsm_open(&ipxcp_fsm[unit]);
-}
-
-/*
- * ipxcp_close - Take IPXCP down.
- */
-static void
-ipxcp_close(int unit, char *reason)
-{
- fsm_close(&ipxcp_fsm[unit], reason);
-}
-
-
-/*
- * ipxcp_lowerup - The lower layer is up.
- */
-static void
-ipxcp_lowerup(int unit)
-{
- fsm_lowerup(&ipxcp_fsm[unit]);
-}
-
-
-/*
- * ipxcp_lowerdown - The lower layer is down.
- */
-static void
-ipxcp_lowerdown(int unit)
-{
- fsm_lowerdown(&ipxcp_fsm[unit]);
-}
-
-
-/*
- * ipxcp_input - Input IPXCP packet.
- */
-static void
-ipxcp_input(int unit, u_char *p, int len)
-{
- fsm_input(&ipxcp_fsm[unit], p, len);
-}
-
-
-/*
- * ipxcp_protrej - A Protocol-Reject was received for IPXCP.
- *
- * Pretend the lower layer went down, so we shut up.
- */
-static void
-ipxcp_protrej(int unit)
-{
- fsm_lowerdown(&ipxcp_fsm[unit]);
-}
-
-
-/*
- * ipxcp_resetci - Reset our CI.
- */
-static void
-ipxcp_resetci(fsm *f)
-{
- wo->req_node = wo->neg_node && ao->neg_node;
- wo->req_nn = wo->neg_nn && ao->neg_nn;
-
- if (wo->our_network == 0) {
- wo->neg_node = 1;
- ao->accept_network = 1;
- }
-/*
- * If our node number is zero then change it.
- */
- if (zero_node (wo->our_node)) {
- inc_node (wo->our_node);
- ao->accept_local = 1;
- wo->neg_node = 1;
- }
-/*
- * If his node number is zero then change it.
- */
- if (zero_node (wo->his_node)) {
- inc_node (wo->his_node);
- ao->accept_remote = 1;
- }
-/*
- * If no routing agent was specified then we do RIP/SAP according to the
- * RFC documents. If you have specified something then OK. Otherwise, we
- * do RIP/SAP.
- */
- if (ao->router == 0) {
- ao->router |= BIT(RIP_SAP);
- wo->router |= BIT(RIP_SAP);
- }
-
- /* Always specify a routing protocol unless it was REJected. */
- wo->neg_router = 1;
-/*
- * Start with these default values
- */
- *go = *wo;
-}
-
-/*
- * ipxcp_cilen - Return length of our CI.
- */
-
-static int
-ipxcp_cilen(fsm *f)
-{
- int len;
-
- len = go->neg_nn ? CILEN_NETN : 0;
- len += go->neg_node ? CILEN_NODEN : 0;
- len += go->neg_name ? CILEN_NAME + strlen ((char *)go->name) - 1 : 0;
-
- /* RFC says that defaults should not be included. */
- if (go->neg_router && to_external(go->router) != RIP_SAP)
- len += CILEN_PROTOCOL;
-
- return (len);
-}
-
-
-/*
- * ipxcp_addci - Add our desired CIs to a packet.
- */
-static void
-ipxcp_addci(fsm *f, u_char *ucp, int *lenp)
-{
-/*
- * Add the options to the record.
- */
- if (go->neg_nn) {
- PUTCHAR (IPX_NETWORK_NUMBER, ucp);
- PUTCHAR (CILEN_NETN, ucp);
- PUTLONG (go->our_network, ucp);
- }
-
- if (go->neg_node) {
- int indx;
- PUTCHAR (IPX_NODE_NUMBER, ucp);
- PUTCHAR (CILEN_NODEN, ucp);
- for (indx = 0; indx < sizeof (go->our_node); ++indx)
- PUTCHAR (go->our_node[indx], ucp);
- }
-
- if (go->neg_name) {
- int cilen = strlen ((char *)go->name);
- int indx;
- PUTCHAR (IPX_ROUTER_NAME, ucp);
- PUTCHAR (CILEN_NAME + cilen - 1, ucp);
- for (indx = 0; indx < cilen; ++indx)
- PUTCHAR (go->name [indx], ucp);
- }
-
- if (go->neg_router) {
- short external = to_external (go->router);
- if (external != RIP_SAP) {
- PUTCHAR (IPX_ROUTER_PROTOCOL, ucp);
- PUTCHAR (CILEN_PROTOCOL, ucp);
- PUTSHORT (external, ucp);
- }
- }
-}
-
-/*
- * ipxcp_ackci - Ack our CIs.
- *
- * Returns:
- * 0 - Ack was bad.
- * 1 - Ack was good.
- */
-static int
-ipxcp_ackci(fsm *f, u_char *p, int len)
-{
- u_short cilen, citype, cishort;
- u_char cichar;
- u_int32_t cilong;
-
-#define ACKCIVOID(opt, neg) \
- if (neg) { \
- if ((len -= CILEN_VOID) < 0) \
- break; \
- GETCHAR(citype, p); \
- GETCHAR(cilen, p); \
- if (cilen != CILEN_VOID || \
- citype != opt) \
- break; \
- }
-
-#define ACKCICOMPLETE(opt,neg) ACKCIVOID(opt, neg)
-
-#define ACKCICHARS(opt, neg, val, cnt) \
- if (neg) { \
- int indx, count = cnt; \
- len -= (count + 2); \
- if (len < 0) \
- break; \
- GETCHAR(citype, p); \
- GETCHAR(cilen, p); \
- if (cilen != (count + 2) || \
- citype != opt) \
- break; \
- for (indx = 0; indx < count; ++indx) {\
- GETCHAR(cichar, p); \
- if (cichar != ((u_char *) &val)[indx]) \
- break; \
- }\
- if (indx != count) \
- break; \
- }
-
-#define ACKCINODE(opt,neg,val) ACKCICHARS(opt,neg,val,sizeof(val))
-#define ACKCINAME(opt,neg,val) ACKCICHARS(opt,neg,val,strlen((char *)val))
-
-#define ACKCINETWORK(opt, neg, val) \
- if (neg) { \
- if ((len -= CILEN_NETN) < 0) \
- break; \
- GETCHAR(citype, p); \
- GETCHAR(cilen, p); \
- if (cilen != CILEN_NETN || \
- citype != opt) \
- break; \
- GETLONG(cilong, p); \
- if (cilong != val) \
- break; \
- }
-
-#define ACKCIPROTO(opt, neg, val) \
- if (neg) { \
- if (len < 2) \
- break; \
- GETCHAR(citype, p); \
- GETCHAR(cilen, p); \
- if (cilen != CILEN_PROTOCOL || citype != opt) \
- break; \
- len -= cilen; \
- if (len < 0) \
- break; \
- GETSHORT(cishort, p); \
- if (cishort != to_external (val) || cishort == RIP_SAP) \
- break; \
- }
-/*
- * Process the ACK frame in the order in which the frame was assembled
- */
- do {
- ACKCINETWORK (IPX_NETWORK_NUMBER, go->neg_nn, go->our_network);
- ACKCINODE (IPX_NODE_NUMBER, go->neg_node, go->our_node);
- ACKCINAME (IPX_ROUTER_NAME, go->neg_name, go->name);
- if (len > 0)
- ACKCIPROTO (IPX_ROUTER_PROTOCOL, go->neg_router, go->router);
-/*
- * This is the end of the record.
- */
- if (len == 0)
- return (1);
- } while (0);
-/*
- * The frame is invalid
- */
- IPXCPDEBUG(("ipxcp_ackci: received bad Ack!"));
- return (0);
-}
-
-/*
- * ipxcp_nakci - Peer has sent a NAK for some of our CIs.
- * This should not modify any state if the Nak is bad
- * or if IPXCP is in the OPENED state.
- *
- * Returns:
- * 0 - Nak was bad.
- * 1 - Nak was good.
- */
-
-static int
-ipxcp_nakci(fsm *f, u_char *p, int len, int treat_as_reject)
-{
- u_char citype, cilen, *next;
- u_short s;
- u_int32_t l;
- ipxcp_options no; /* options we've seen Naks for */
- ipxcp_options try; /* options to request next time */
-
- BZERO(&no, sizeof(no));
- try = *go;
-
- while (len >= CILEN_VOID) {
- GETCHAR (citype, p);
- GETCHAR (cilen, p);
- len -= cilen;
- if (cilen < CILEN_VOID || len < 0)
- goto bad;
- next = &p [cilen - CILEN_VOID];
-
- switch (citype) {
- case IPX_NETWORK_NUMBER:
- if (!go->neg_nn || no.neg_nn || (cilen != CILEN_NETN))
- goto bad;
- no.neg_nn = 1;
-
- GETLONG(l, p);
- if (treat_as_reject)
- try.neg_nn = 0;
- else if (l && ao->accept_network)
- try.our_network = l;
- break;
-
- case IPX_NODE_NUMBER:
- if (!go->neg_node || no.neg_node || (cilen != CILEN_NODEN))
- goto bad;
- no.neg_node = 1;
-
- if (treat_as_reject)
- try.neg_node = 0;
- else if (!zero_node (p) && ao->accept_local &&
- ! compare_node (p, ho->his_node))
- copy_node (p, try.our_node);
- break;
-
- /* This has never been sent. Ignore the NAK frame */
- case IPX_COMPRESSION_PROTOCOL:
- goto bad;
-
- case IPX_ROUTER_PROTOCOL:
- if (!go->neg_router || (cilen < CILEN_PROTOCOL))
- goto bad;
-
- GETSHORT (s, p);
- if (s > 15) /* This is just bad, but ignore for now. */
- break;
-
- s = BIT(s);
- if (no.router & s) /* duplicate NAKs are always bad */
- goto bad;
-
- if (no.router == 0) /* Reset on first NAK only */
- try.router = 0;
-
- no.router |= s;
- try.router |= s;
- try.neg_router = 1;
- break;
-
- /* These, according to the RFC, must never be NAKed. */
- case IPX_ROUTER_NAME:
- case IPX_COMPLETE:
- goto bad;
-
- /* These are for options which we have not seen. */
- default:
- break;
- }
- p = next;
- }
-
- /*
- * Do not permit the peer to force a router protocol which we do not
- * support. However, default to the condition that will accept "NONE".
- */
- try.router &= (ao->router | BIT(IPX_NONE));
- if (try.router == 0 && ao->router != 0)
- try.router = BIT(IPX_NONE);
-
- if (try.router != 0)
- try.neg_router = 1;
-
- /*
- * OK, the Nak is good. Now we can update state.
- * If there are any options left, we ignore them.
- */
- if (f->state != OPENED)
- *go = try;
-
- return 1;
-
-bad:
- IPXCPDEBUG(("ipxcp_nakci: received bad Nak!"));
- return 0;
-}
-
-/*
- * ipxcp_rejci - Reject some of our CIs.
- */
-static int
-ipxcp_rejci(fsm *f, u_char *p, int len)
-{
- u_short cilen, citype, cishort;
- u_char cichar;
- u_int32_t cilong;
- ipxcp_options try; /* options to request next time */
-
-#define REJCINETWORK(opt, neg, val) \
- if (neg && p[0] == opt) { \
- if ((len -= CILEN_NETN) < 0) \
- break; \
- GETCHAR(citype, p); \
- GETCHAR(cilen, p); \
- if (cilen != CILEN_NETN || \
- citype != opt) \
- break; \
- GETLONG(cilong, p); \
- if (cilong != val) \
- break; \
- neg = 0; \
- }
-
-#define REJCICHARS(opt, neg, val, cnt) \
- if (neg && p[0] == opt) { \
- int indx, count = cnt; \
- len -= (count + 2); \
- if (len < 0) \
- break; \
- GETCHAR(citype, p); \
- GETCHAR(cilen, p); \
- if (cilen != (count + 2) || \
- citype != opt) \
- break; \
- for (indx = 0; indx < count; ++indx) {\
- GETCHAR(cichar, p); \
- if (cichar != ((u_char *) &val)[indx]) \
- break; \
- }\
- if (indx != count) \
- break; \
- neg = 0; \
- }
-
-#define REJCINODE(opt,neg,val) REJCICHARS(opt,neg,val,sizeof(val))
-#define REJCINAME(opt,neg,val) REJCICHARS(opt,neg,val,strlen((char *)val))
-
-#define REJCIVOID(opt, neg) \
- if (neg && p[0] == opt) { \
- if ((len -= CILEN_VOID) < 0) \
- break; \
- GETCHAR(citype, p); \
- GETCHAR(cilen, p); \
- if (cilen != CILEN_VOID || citype != opt) \
- break; \
- neg = 0; \
- }
-
-/* a reject for RIP/SAP is invalid since we don't send it and you can't
- reject something which is not sent. (You can NAK, but you can't REJ.) */
-#define REJCIPROTO(opt, neg, val, bit) \
- if (neg && p[0] == opt) { \
- if ((len -= CILEN_PROTOCOL) < 0) \
- break; \
- GETCHAR(citype, p); \
- GETCHAR(cilen, p); \
- if (cilen != CILEN_PROTOCOL) \
- break; \
- GETSHORT(cishort, p); \
- if (cishort != to_external (val) || cishort == RIP_SAP) \
- break; \
- neg = 0; \
- }
-/*
- * Any Rejected CIs must be in exactly the same order that we sent.
- * Check packet length and CI length at each step.
- * If we find any deviations, then this packet is bad.
- */
- try = *go;
-
- do {
- REJCINETWORK (IPX_NETWORK_NUMBER, try.neg_nn, try.our_network);
- REJCINODE (IPX_NODE_NUMBER, try.neg_node, try.our_node);
- REJCINAME (IPX_ROUTER_NAME, try.neg_name, try.name);
- REJCIPROTO (IPX_ROUTER_PROTOCOL, try.neg_router, try.router, 0);
-/*
- * This is the end of the record.
- */
- if (len == 0) {
- if (f->state != OPENED)
- *go = try;
- return (1);
- }
- } while (0);
-/*
- * The frame is invalid at this point.
- */
- IPXCPDEBUG(("ipxcp_rejci: received bad Reject!"));
- return 0;
-}
-
-/*
- * ipxcp_reqci - Check the peer's requested CIs and send appropriate response.
- *
- * Returns: CONFACK, CONFNAK or CONFREJ and input packet modified
- * appropriately. If reject_if_disagree is non-zero, doesn't return
- * CONFNAK; returns CONFREJ if it can't return CONFACK.
- */
-static int
-ipxcp_reqci(fsm *f, u_char *inp, int *len, int reject_if_disagree)
-{
- u_char *cip, *next; /* Pointer to current and next CIs */
- u_short cilen, citype; /* Parsed len, type */
- u_short cishort; /* Parsed short value */
- u_int32_t cinetwork; /* Parsed address values */
- int rc = CONFACK; /* Final packet return code */
- int orc; /* Individual option return code */
- u_char *p; /* Pointer to next char to parse */
- u_char *ucp = inp; /* Pointer to current output char */
- int l = *len; /* Length left */
-
- /*
- * Reset all his options.
- */
- BZERO(ho, sizeof(*ho));
-
- /*
- * Process all his options.
- */
- next = inp;
- while (l) {
- orc = CONFACK; /* Assume success */
- cip = p = next; /* Remember begining of CI */
- if (l < 2 || /* Not enough data for CI header or */
- p[1] < 2 || /* CI length too small or */
- p[1] > l) { /* CI length too big? */
- IPXCPDEBUG(("ipxcp_reqci: bad CI length!"));
- orc = CONFREJ; /* Reject bad CI */
- cilen = l; /* Reject till end of packet */
- l = 0; /* Don't loop again */
- goto endswitch;
- }
- GETCHAR(citype, p); /* Parse CI type */
- GETCHAR(cilen, p); /* Parse CI length */
- l -= cilen; /* Adjust remaining length */
- next += cilen; /* Step to next CI */
-
- switch (citype) { /* Check CI type */
-/*
- * The network number must match. Choose the larger of the two.
- */
- case IPX_NETWORK_NUMBER:
- /* if we wont negotiate the network number or the length is wrong
- then reject the option */
- if ( !ao->neg_nn || cilen != CILEN_NETN ) {
- orc = CONFREJ;
- break;
- }
- GETLONG(cinetwork, p);
-
- /* If the network numbers match then acknowledge them. */
- if (cinetwork != 0) {
- ho->his_network = cinetwork;
- ho->neg_nn = 1;
- if (wo->our_network == cinetwork)
- break;
-/*
- * If the network number is not given or we don't accept their change or
- * the network number is too small then NAK it.
- */
- if (! ao->accept_network || cinetwork < wo->our_network) {
- DECPTR (sizeof (u_int32_t), p);
- PUTLONG (wo->our_network, p);
- orc = CONFNAK;
- }
- break;
- }
-/*
- * The peer sent '0' for the network. Give it ours if we have one.
- */
- if (go->our_network != 0) {
- DECPTR (sizeof (u_int32_t), p);
- PUTLONG (wo->our_network, p);
- orc = CONFNAK;
-/*
- * We don't have one. Reject the value.
- */
- } else
- orc = CONFREJ;
-
- break;
-/*
- * The node number is required
- */
- case IPX_NODE_NUMBER:
- /* if we wont negotiate the node number or the length is wrong
- then reject the option */
- if ( cilen != CILEN_NODEN ) {
- orc = CONFREJ;
- break;
- }
-
- copy_node (p, ho->his_node);
- ho->neg_node = 1;
-/*
- * If the remote does not have a number and we do then NAK it with the value
- * which we have for it. (We never have a default value of zero.)
- */
- if (zero_node (ho->his_node)) {
- orc = CONFNAK;
- copy_node (wo->his_node, p);
- INCPTR (sizeof (wo->his_node), p);
- break;
- }
-/*
- * If you have given me the expected network node number then I'll accept
- * it now.
- */
- if (compare_node (wo->his_node, ho->his_node)) {
- orc = CONFACK;
- ho->neg_node = 1;
- INCPTR (sizeof (wo->his_node), p);
- break;
- }
-/*
- * If his node number is the same as ours then ask him to try the next
- * value.
- */
- if (compare_node (ho->his_node, go->our_node)) {
- inc_node (ho->his_node);
- orc = CONFNAK;
- copy_node (ho->his_node, p);
- INCPTR (sizeof (wo->his_node), p);
- break;
- }
-/*
- * If we don't accept a new value then NAK it.
- */
- if (! ao->accept_remote) {
- copy_node (wo->his_node, p);
- INCPTR (sizeof (wo->his_node), p);
- orc = CONFNAK;
- break;
- }
- orc = CONFACK;
- ho->neg_node = 1;
- INCPTR (sizeof (wo->his_node), p);
- break;
-/*
- * Compression is not desired at this time. It is always rejected.
- */
- case IPX_COMPRESSION_PROTOCOL:
- orc = CONFREJ;
- break;
-/*
- * The routing protocol is a bitmask of various types. Any combination
- * of the values RIP_SAP and NLSP are permissible. 'IPX_NONE' for no
- * routing protocol must be specified only once.
- */
- case IPX_ROUTER_PROTOCOL:
- if ( !ao->neg_router || cilen < CILEN_PROTOCOL ) {
- orc = CONFREJ;
- break;
- }
-
- GETSHORT (cishort, p);
-
- if (wo->neg_router == 0) {
- wo->neg_router = 1;
- wo->router = BIT(IPX_NONE);
- }
-
- if ((cishort == IPX_NONE && ho->router != 0) ||
- (ho->router & BIT(IPX_NONE))) {
- orc = CONFREJ;
- break;
- }
-
- cishort = BIT(cishort);
- if (ho->router & cishort) {
- orc = CONFREJ;
- break;
- }
-
- ho->router |= cishort;
- ho->neg_router = 1;
-
- /* Finally do not allow a router protocol which we do not
- support. */
-
- if ((cishort & (ao->router | BIT(IPX_NONE))) == 0) {
- int protocol;
-
- if (cishort == BIT(NLSP) &&
- (ao->router & BIT(RIP_SAP)) &&
- !wo->tried_rip) {
- protocol = RIP_SAP;
- wo->tried_rip = 1;
- } else
- protocol = IPX_NONE;
-
- DECPTR (sizeof (u_int16_t), p);
- PUTSHORT (protocol, p);
- orc = CONFNAK;
- }
- break;
-/*
- * The router name is advisorary. Just accept it if it is not too large.
- */
- case IPX_ROUTER_NAME:
- if (cilen >= CILEN_NAME) {
- int name_size = cilen - CILEN_NAME;
- if (name_size >= sizeof (ho->name))
- name_size = sizeof (ho->name) - 1;
- memset (ho->name, 0, sizeof (ho->name));
- memcpy (ho->name, p, name_size);
- ho->name [name_size] = '\0';
- ho->neg_name = 1;
- orc = CONFACK;
- break;
- }
- orc = CONFREJ;
- break;
-/*
- * This is advisorary.
- */
- case IPX_COMPLETE:
- if (cilen != CILEN_COMPLETE)
- orc = CONFREJ;
- else {
- ho->neg_complete = 1;
- orc = CONFACK;
- }
- break;
-/*
- * All other entries are not known at this time.
- */
- default:
- orc = CONFREJ;
- break;
- }
-endswitch:
- if (orc == CONFACK && /* Good CI */
- rc != CONFACK) /* but prior CI wasnt? */
- continue; /* Don't send this one */
-
- if (orc == CONFNAK) { /* Nak this CI? */
- if (reject_if_disagree) /* Getting fed up with sending NAKs? */
- orc = CONFREJ; /* Get tough if so */
- if (rc == CONFREJ) /* Rejecting prior CI? */
- continue; /* Don't send this one */
- if (rc == CONFACK) { /* Ack'd all prior CIs? */
- rc = CONFNAK; /* Not anymore... */
- ucp = inp; /* Backup */
- }
- }
-
- if (orc == CONFREJ && /* Reject this CI */
- rc != CONFREJ) { /* but no prior ones? */
- rc = CONFREJ;
- ucp = inp; /* Backup */
- }
-
- /* Need to move CI? */
- if (ucp != cip)
- BCOPY(cip, ucp, cilen); /* Move it */
-
- /* Update output pointer */
- INCPTR(cilen, ucp);
- }
-
- /*
- * If we aren't rejecting this packet, and we want to negotiate
- * their address, and they didn't send their address, then we
- * send a NAK with a IPX_NODE_NUMBER option appended. We assume the
- * input buffer is long enough that we can append the extra
- * option safely.
- */
-
- if (rc != CONFREJ && !ho->neg_node &&
- wo->req_nn && !reject_if_disagree) {
- if (rc == CONFACK) {
- rc = CONFNAK;
- wo->req_nn = 0; /* don't ask again */
- ucp = inp; /* reset pointer */
- }
-
- if (zero_node (wo->his_node))
- inc_node (wo->his_node);
-
- PUTCHAR (IPX_NODE_NUMBER, ucp);
- PUTCHAR (CILEN_NODEN, ucp);
- copy_node (wo->his_node, ucp);
- INCPTR (sizeof (wo->his_node), ucp);
- }
-
- *len = ucp - inp; /* Compute output length */
- IPXCPDEBUG(("ipxcp: returning Configure-%s", CODENAME(rc)));
- return (rc); /* Return final code */
-}
-
-/*
- * ipxcp_up - IPXCP has come UP.
- *
- * Configure the IP network interface appropriately and bring it up.
- */
-
-static void
-ipxcp_up(fsm *f)
-{
- int unit = f->unit;
-
- IPXCPDEBUG(("ipxcp: up"));
-
- /* The default router protocol is RIP/SAP. */
- if (ho->router == 0)
- ho->router = BIT(RIP_SAP);
-
- if (go->router == 0)
- go->router = BIT(RIP_SAP);
-
- /* Fetch the network number */
- if (!ho->neg_nn)
- ho->his_network = wo->his_network;
-
- if (!ho->neg_node)
- copy_node (wo->his_node, ho->his_node);
-
- if (!wo->neg_node && !go->neg_node)
- copy_node (wo->our_node, go->our_node);
-
- if (zero_node (go->our_node)) {
- static char errmsg[] = "Could not determine local IPX node address";
- if (debug)
- error(errmsg);
- ipxcp_close(f->unit, errmsg);
- return;
- }
-
- go->network = go->our_network;
- if (ho->his_network != 0 && ho->his_network > go->network)
- go->network = ho->his_network;
-
- if (go->network == 0) {
- static char errmsg[] = "Can not determine network number";
- if (debug)
- error(errmsg);
- ipxcp_close (unit, errmsg);
- return;
- }
-
- /* bring the interface up */
- if (!sifup(unit)) {
- if (debug)
- warn("sifup failed (IPX)");
- ipxcp_close(unit, "Interface configuration failed");
- return;
- }
- ipxcp_is_up = 1;
-
- /* set the network number for IPX */
- if (!sipxfaddr(unit, go->network, go->our_node)) {
- if (debug)
- warn("sipxfaddr failed");
- ipxcp_close(unit, "Interface configuration failed");
- return;
- }
-
- np_up(f->unit, PPP_IPX);
-
- /*
- * Execute the ipx-up script, like this:
- * /etc/ppp/ipx-up interface tty speed local-IPX remote-IPX
- */
-
- ipxcp_script (f, _PATH_IPXUP);
-}
-
-/*
- * ipxcp_down - IPXCP has gone DOWN.
- *
- * Take the IP network interface down, clear its addresses
- * and delete routes through it.
- */
-
-static void
-ipxcp_down(fsm *f)
-{
- IPXCPDEBUG(("ipxcp: down"));
-
- if (!ipxcp_is_up)
- return;
- ipxcp_is_up = 0;
- np_down(f->unit, PPP_IPX);
- cipxfaddr(f->unit);
- sifnpmode(f->unit, PPP_IPX, NPMODE_DROP);
- sifdown(f->unit);
- ipxcp_script (f, _PATH_IPXDOWN);
-}
-
-
-/*
- * ipxcp_finished - possibly shut down the lower layers.
- */
-static void
-ipxcp_finished(fsm *f)
-{
- np_finished(f->unit, PPP_IPX);
-}
-
-
-/*
- * ipxcp_script - Execute a script with arguments
- * interface-name tty-name speed local-IPX remote-IPX networks.
- */
-static void
-ipxcp_script(fsm *f, char *script)
-{
- char strspeed[32], strlocal[32], strremote[32];
- char strnetwork[32], strpid[32];
- char *argv[14], strproto_lcl[32], strproto_rmt[32];
-
- slprintf(strpid, sizeof(strpid), "%d", getpid());
- slprintf(strspeed, sizeof(strspeed),"%d", baud_rate);
-
- strproto_lcl[0] = '\0';
- if (go->neg_router && ((go->router & BIT(IPX_NONE)) == 0)) {
- if (go->router & BIT(RIP_SAP))
- strlcpy (strproto_lcl, "RIP ", sizeof(strproto_lcl));
- if (go->router & BIT(NLSP))
- strlcat (strproto_lcl, "NLSP ", sizeof(strproto_lcl));
- }
-
- if (strproto_lcl[0] == '\0')
- strlcpy (strproto_lcl, "NONE ", sizeof(strproto_lcl));
-
- strproto_lcl[strlen (strproto_lcl)-1] = '\0';
-
- strproto_rmt[0] = '\0';
- if (ho->neg_router && ((ho->router & BIT(IPX_NONE)) == 0)) {
- if (ho->router & BIT(RIP_SAP))
- strlcpy (strproto_rmt, "RIP ", sizeof(strproto_rmt));
- if (ho->router & BIT(NLSP))
- strlcat (strproto_rmt, "NLSP ", sizeof(strproto_rmt));
- }
-
- if (strproto_rmt[0] == '\0')
- strlcpy (strproto_rmt, "NONE ", sizeof(strproto_rmt));
-
- strproto_rmt[strlen (strproto_rmt)-1] = '\0';
-
- strlcpy (strnetwork, ipx_ntoa (go->network), sizeof(strnetwork));
-
- slprintf (strlocal, sizeof(strlocal), "%0.6B", go->our_node);
-
- slprintf (strremote, sizeof(strremote), "%0.6B", ho->his_node);
-
- argv[0] = script;
- argv[1] = ifname;
- argv[2] = devnam;
- argv[3] = strspeed;
- argv[4] = strnetwork;
- argv[5] = strlocal;
- argv[6] = strremote;
- argv[7] = strproto_lcl;
- argv[8] = strproto_rmt;
- argv[9] = (char *)go->name;
- argv[10] = (char *)ho->name;
- argv[11] = ipparam;
- argv[12] = strpid;
- argv[13] = NULL;
- run_program(script, argv, 0, NULL, NULL, 0);
-}
-
-/*
- * ipxcp_printpkt - print the contents of an IPXCP packet.
- */
-static char *ipxcp_codenames[] = {
- "ConfReq", "ConfAck", "ConfNak", "ConfRej",
- "TermReq", "TermAck", "CodeRej"
-};
-
-static int
-ipxcp_printpkt(u_char *p, int plen,
- void (*printer) (void *, char *, ...), void *arg)
-{
- int code, id, len, olen;
- u_char *pstart, *optend;
- u_short cishort;
- u_int32_t cilong;
-
- if (plen < HEADERLEN)
- return 0;
- pstart = p;
- GETCHAR(code, p);
- GETCHAR(id, p);
- GETSHORT(len, p);
- if (len < HEADERLEN || len > plen)
- return 0;
-
- if (code >= 1 && code <= sizeof(ipxcp_codenames) / sizeof(char *))
- printer(arg, " %s", ipxcp_codenames[code-1]);
- else
- printer(arg, " code=0x%x", code);
- printer(arg, " id=0x%x", id);
- len -= HEADERLEN;
- switch (code) {
- case CONFREQ:
- case CONFACK:
- case CONFNAK:
- case CONFREJ:
- /* print option list */
- while (len >= 2) {
- GETCHAR(code, p);
- GETCHAR(olen, p);
- p -= 2;
- if (olen < CILEN_VOID || olen > len) {
- break;
- }
- printer(arg, " <");
- len -= olen;
- optend = p + olen;
- switch (code) {
- case IPX_NETWORK_NUMBER:
- if (olen == CILEN_NETN) {
- p += 2;
- GETLONG(cilong, p);
- printer (arg, "network %s", ipx_ntoa (cilong));
- }
- break;
- case IPX_NODE_NUMBER:
- if (olen == CILEN_NODEN) {
- p += 2;
- printer (arg, "node ");
- while (p < optend) {
- GETCHAR(code, p);
- printer(arg, "%.2x", (int) (unsigned int) (unsigned char) code);
- }
- }
- break;
- case IPX_COMPRESSION_PROTOCOL:
- if (olen == CILEN_COMPRESS) {
- p += 2;
- GETSHORT (cishort, p);
- printer (arg, "compression %d", (int) cishort);
- }
- break;
- case IPX_ROUTER_PROTOCOL:
- if (olen == CILEN_PROTOCOL) {
- p += 2;
- GETSHORT (cishort, p);
- printer (arg, "router proto %d", (int) cishort);
- }
- break;
- case IPX_ROUTER_NAME:
- if (olen >= CILEN_NAME) {
- p += 2;
- printer (arg, "router name \"");
- while (p < optend) {
- GETCHAR(code, p);
- if (code >= 0x20 && code <= 0x7E)
- printer (arg, "%c", (int) (unsigned int) (unsigned char) code);
- else
- printer (arg, " \\%.2x", (int) (unsigned int) (unsigned char) code);
- }
- printer (arg, "\"");
- }
- break;
- case IPX_COMPLETE:
- if (olen == CILEN_COMPLETE) {
- p += 2;
- printer (arg, "complete");
- }
- break;
- default:
- break;
- }
-
- while (p < optend) {
- GETCHAR(code, p);
- printer(arg, " %.2x", (int) (unsigned int) (unsigned char) code);
- }
- printer(arg, ">");
- }
- break;
-
- case TERMACK:
- case TERMREQ:
- if (len > 0 && *p >= ' ' && *p < 0x7f) {
- printer(arg, " ");
- print_string((char *)p, len, printer, arg);
- p += len;
- len = 0;
- }
- break;
- }
-
- /* print the rest of the bytes in the packet */
- for (; len > 0; --len) {
- GETCHAR(code, p);
- printer(arg, " %.2x", (int) (unsigned int) (unsigned char) code);
- }
-
- return p - pstart;
-}
-#endif /* ifdef IPX_CHANGE */
+++ /dev/null
-/*
- * ipxcp.h - IPX Control Protocol definitions.
- *
- * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. The name "Carnegie Mellon University" must not be used to
- * endorse or promote products derived from this software without
- * prior written permission. For permission or any legal
- * details, please contact
- * Office of Technology Transfer
- * Carnegie Mellon University
- * 5000 Forbes Avenue
- * Pittsburgh, PA 15213-3890
- * (412) 268-4387, fax: (412) 268-7395
- * tech-transfer@andrew.cmu.edu
- *
- * 4. Redistributions of any form whatsoever must retain the following
- * acknowledgment:
- * "This product includes software developed by Computing Services
- * at Carnegie Mellon University (http://www.cmu.edu/computing/)."
- *
- * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
- * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
- * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
- * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
- * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*
- * Options.
- */
-#define IPX_NETWORK_NUMBER 1 /* IPX Network Number */
-#define IPX_NODE_NUMBER 2
-#define IPX_COMPRESSION_PROTOCOL 3
-#define IPX_ROUTER_PROTOCOL 4
-#define IPX_ROUTER_NAME 5
-#define IPX_COMPLETE 6
-
-/* Values for the router protocol */
-#define IPX_NONE 0
-#define RIP_SAP 2
-#define NLSP 4
-
-typedef struct ipxcp_options {
- bool neg_node; /* Negotiate IPX node number? */
- bool req_node; /* Ask peer to send IPX node number? */
-
- bool neg_nn; /* Negotiate IPX network number? */
- bool req_nn; /* Ask peer to send IPX network number */
-
- bool neg_name; /* Negotiate IPX router name */
- bool neg_complete; /* Negotiate completion */
- bool neg_router; /* Negotiate IPX router number */
-
- bool accept_local; /* accept peer's value for ournode */
- bool accept_remote; /* accept peer's value for hisnode */
- bool accept_network; /* accept network number */
-
- bool tried_nlsp; /* I have suggested NLSP already */
- bool tried_rip; /* I have suggested RIP/SAP already */
-
- u_int32_t his_network; /* base network number */
- u_int32_t our_network; /* our value for network number */
- u_int32_t network; /* the final network number */
-
- u_char his_node[6]; /* peer's node number */
- u_char our_node[6]; /* our node number */
- u_char name [48]; /* name of the router */
- int router; /* routing protocol */
-} ipxcp_options;
-
-extern fsm ipxcp_fsm[];
-extern ipxcp_options ipxcp_wantoptions[];
-extern ipxcp_options ipxcp_gotoptions[];
-extern ipxcp_options ipxcp_allowoptions[];
-extern ipxcp_options ipxcp_hisoptions[];
-
-extern struct protent ipxcp_protent;
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
+#include <fcntl.h>
+#include <string.h>
+#include <time.h>
+#include <arpa/inet.h>
+#include <sys/mman.h>
-#include "pppd.h"
+#include "pppd-private.h"
+#include "options.h"
#include "fsm.h"
#include "lcp.h"
-#include "chap-new.h"
+#include "eap.h"
+#include "chap.h"
#include "magic.h"
-
+#include "multilink.h"
/*
* When the link comes up we want to be able to wait for a short while,
static void lcp_delayed_up(void *);
+/*
+ * These definitions relate to the measurement and logging of round-trip
+ * time (RTT) of LCP echo-requests implemented in lcp_rtt_update_buffer().
+ */
+#define LCP_RTT_MAGIC 0x19450425
+#define LCP_RTT_HEADER_LENGTH 4
+#define LCP_RTT_FILE_SIZE 8192
+#define LCP_RTT_ELEMENTS (LCP_RTT_FILE_SIZE / sizeof(u_int32_t) - LCP_RTT_HEADER_LENGTH) / 2
+
/*
* LCP-related command-line options.
*/
int lcp_echo_interval = 0; /* Interval between LCP echo-requests */
int lcp_echo_fails = 0; /* Tolerance to unanswered echo-requests */
bool lcp_echo_adaptive = 0; /* request echo only if the link was idle */
+char *lcp_rtt_file = NULL; /* measure the RTT of LCP echo-requests */
bool lax_recv = 0; /* accept control chars in asyncmap */
bool noendpoint = 0; /* don't send/accept endpoint discriminator */
static int noopt(char **);
-#ifdef HAVE_MULTILINK
+#ifdef PPP_WITH_MULTILINK
static int setendpoint(char **);
static void printendpoint(option_t *, void (*)(void *, char *, ...), void *);
-#endif /* HAVE_MULTILINK */
+#endif /* PPP_WITH_MULTILINK */
-static option_t lcp_option_list[] = {
+static struct option lcp_option_list[] = {
/* LCP options */
{ "-all", o_special_noarg, (void *)noopt,
"Don't request/allow any LCP options" },
"Set time in seconds between LCP echo requests", OPT_PRIO },
{ "lcp-echo-adaptive", o_bool, &lcp_echo_adaptive,
"Suppress LCP echo requests if traffic was received", 1 },
+ { "lcp-rtt-file", o_string, &lcp_rtt_file,
+ "Filename for logging the round-trip time of LCP echo requests",
+ OPT_PRIO | OPT_PRIV },
{ "lcp-restart", o_int, &lcp_fsm[0].timeouttime,
"Set time in seconds between LCP retransmissions", OPT_PRIO },
{ "lcp-max-terminate", o_int, &lcp_fsm[0].maxtermtransmits,
{ "receive-all", o_bool, &lax_recv,
"Accept all received control characters", 1 },
-#ifdef HAVE_MULTILINK
+#ifdef PPP_WITH_MULTILINK
{ "mrru", o_int, &lcp_wantoptions[0].mrru,
"Maximum received packet size for multilink bundle",
OPT_PRIO, &lcp_wantoptions[0].neg_mrru },
{ "endpoint", o_special, (void *) setendpoint,
"Endpoint discriminator for multilink",
OPT_PRIO | OPT_A2PRINTER, (void *) printendpoint },
-#endif /* HAVE_MULTILINK */
+#endif /* PPP_WITH_MULTILINK */
{ "noendpoint", o_bool, &noendpoint,
"Don't send or accept multilink endpoint discriminator", 1 },
static int lcp_echos_pending = 0; /* Number of outstanding echo msgs */
static int lcp_echo_number = 0; /* ID number of next echo frame */
static int lcp_echo_timer_running = 0; /* set if a timer is running */
+static int lcp_rtt_file_fd = 0; /* fd for the opened LCP RTT file */
+static u_int32_t *lcp_rtt_buffer = NULL; /* the mmap'ed LCP RTT file */
static u_char nak_buffer[PPP_MRU]; /* where we construct a nak packet */
return (1);
}
-#ifdef HAVE_MULTILINK
+#ifdef PPP_WITH_MULTILINK
static int
setendpoint(char **argv)
{
lcp_wantoptions[0].neg_endpoint = 1;
return 1;
}
- option_error("Can't parse '%s' as an endpoint discriminator", *argv);
+ ppp_option_error("Can't parse '%s' as an endpoint discriminator", *argv);
return 0;
}
{
printer(arg, "%s", epdisc_to_str(&lcp_wantoptions[0].endpoint));
}
-#endif /* HAVE_MULTILINK */
+#endif /* PPP_WITH_MULTILINK */
/*
* lcp_init - Initialize LCP.
fsm *f = &lcp_fsm[unit];
int oldstate;
- if (phase != PHASE_DEAD && phase != PHASE_MASTER)
+ if (!in_phase(PHASE_DEAD) && !in_phase(PHASE_MASTER))
new_phase(PHASE_TERMINATE);
if (f->flags & DELAYED_UP) {
- untimeout(lcp_delayed_up, f);
+ UNTIMEOUT(lcp_delayed_up, f);
f->state = STOPPED;
}
oldstate = f->state;
if (listen_time != 0) {
f->flags |= DELAYED_UP;
- timeout(lcp_delayed_up, f, 0, listen_time * 1000);
+ ppp_timeout(lcp_delayed_up, f, 0, listen_time * 1000);
} else
fsm_lowerup(f);
}
if (f->flags & DELAYED_UP) {
f->flags &= ~DELAYED_UP;
- untimeout(lcp_delayed_up, f);
+ UNTIMEOUT(lcp_delayed_up, f);
} else
fsm_lowerdown(&lcp_fsm[unit]);
}
if (f->flags & DELAYED_UP) {
f->flags &= ~DELAYED_UP;
- untimeout(lcp_delayed_up, f);
+ UNTIMEOUT(lcp_delayed_up, f);
fsm_lowerup(f);
}
fsm_input(f, p, len);
if (looped_back) {
if (++try.numloops >= lcp_loopbackfail) {
notice("Serial line is looped back.");
- status = EXIT_LOOPBACK;
+ ppp_set_status(EXIT_LOOPBACK);
lcp_close(f->unit, "Loopback detected");
}
} else
*/
mtu = ho->neg_mru? ho->mru: PPP_MRU;
mru = go->neg_mru? MAX(wo->mru, go->mru): PPP_MRU;
-#ifdef HAVE_MULTILINK
+#ifdef PPP_WITH_MULTILINK
if (!(multilink && go->neg_mrru && ho->neg_mrru))
-#endif /* HAVE_MULTILINK */
- netif_set_mtu(f->unit, MIN(MIN(mtu, mru), ao->mru));
+#endif /* PPP_WITH_MULTILINK */
+ ppp_set_mtu(f->unit, MIN(MIN(mtu, mru), ao->mru));
ppp_send_config(f->unit, mtu,
(ho->neg_asyncmap? ho->asyncmap: 0xffffffff),
ho->neg_pcompression, ho->neg_accompression);
}
break;
case CI_EPDISC:
-#ifdef HAVE_MULTILINK
+#ifdef PPP_WITH_MULTILINK
if (olen >= CILEN_CHAR) {
struct epdisc epd;
p += 2;
if (f->state == OPENED) {
info("No response to %d echo-requests", lcp_echos_pending);
notice("Serial link appears to be disconnected.");
- status = EXIT_PEER_DEAD;
+ ppp_set_status(EXIT_PEER_DEAD);
lcp_close(f->unit, "Peer not responding");
}
}
}
}
+/*
+ * Log the round-trip time (RTT) of the received LCP echo-request.
+ *
+ * The header section at the beginning of lcp_rtt_file contains
+ * LCP_RTT_HEADER_LENGTH fields, each a u_int32_t in network byte order:
+ * [0] LCP_RTT_MAGIC
+ * [1] status (1: the file is open and is being written)
+ * [2] index of the most recently updated element
+ * [3] the value of the lcp-echo-interval parameter
+ *
+ * The header is followed by a ring buffer of LCP_RTT_ELEMENTS elements, each
+ * containing a pair of u_int32_t in network byte order with this content:
+ * [0] UNIX timestamp
+ * [1] bits 24-31: the number of lost LCP echo replies
+ * bits 0-23: the measured RTT in microseconds
+ *
+ * The timestamp is unsigned to support storing dates beyond 2038.
+ *
+ * Consumers of lcp_rtt_file are expected to:
+ * - read the complete file of arbitrary length
+ * - check the magic number
+ * - process the data elements starting at the index
+ * - ignore any elements with a timestamp of 0
+ */
+static void
+lcp_rtt_update_buffer (unsigned long rtt)
+{
+ volatile u_int32_t *const ring_header = lcp_rtt_buffer;
+ volatile u_int32_t *const ring_buffer = lcp_rtt_buffer
+ + LCP_RTT_HEADER_LENGTH;
+ unsigned int next_entry, lost;
+
+ /* choose the next entry where the data will be stored */
+ if (ntohl(ring_header[2]) >= (LCP_RTT_ELEMENTS - 1) * 2)
+ next_entry = 0; /* go back to the beginning */
+ else
+ next_entry = ntohl(ring_header[2]) + 2; /* use the next one */
+
+ /* update the data element */
+ /* storing the timestamp in an *unsigned* long allows dates up to 2106 */
+ ring_buffer[next_entry] = htonl((u_int32_t) time(NULL));
+ lost = lcp_echos_pending - 1;
+ if (lost > 0xFF)
+ lost = 0xFF; /* truncate the lost packets count to 256 */
+ if (rtt > 0xFFFFFF)
+ rtt = 0xFFFFFF; /* truncate the RTT to 16777216 */
+ /* use bits 24-31 for the lost packets count and bits 0-23 for the RTT */
+ ring_buffer[next_entry + 1] = htonl((u_int32_t) ((lost << 24) + rtt));
+
+ /* update the pointer to the (just updated) most current data element */
+ ring_header[2] = htonl(next_entry);
+
+ /* In theory, CPUs implementing a weakly-consistent memory model do not
+ * guarantee that these three memory store operations to the buffer will
+ * be seen in the same order by the reader process.
+ * This means that a process reading the file could see the index
+ * having been updated before the element that the index points to had
+ * been written.
+ * But in practice we expect that the read(2) system call used by
+ * consumers processes is atomic with respect to the following msync(2)
+ * call, so we ignore the issue.
+ */
+
+ if (msync(lcp_rtt_buffer, LCP_RTT_FILE_SIZE, MS_ASYNC) < 0)
+ error("msync() for %s failed: %m", lcp_rtt_file);
+}
+
/*
* LcpEchoReply - LCP has received a reply to the echo
*/
return;
}
+ if (lcp_rtt_file_fd && len >= 16) {
+ long lcp_rtt_magic;
+
+ /*
+ * If the magic word is found at the beginning of the data section
+ * of the frame then read the timestamp which follows and subtract
+ * it from the current time to compute the round trip time.
+ */
+ GETLONG(lcp_rtt_magic, inp);
+ if (lcp_rtt_magic == LCP_RTT_MAGIC) {
+ struct timespec ts;
+ unsigned long req_sec, req_nsec, rtt;
+
+ clock_gettime(CLOCK_MONOTONIC, &ts);
+ GETLONG(req_sec, inp);
+ GETLONG(req_nsec, inp);
+ /* compute the RTT in microseconds */
+ rtt = (ts.tv_sec - req_sec) * 1000000
+ + (ts.tv_nsec / 1000 - req_nsec / 1000);
+ /* log the RTT */
+ lcp_rtt_update_buffer(rtt);
+ }
+ }
+
/* Reset the number of outstanding echo frames */
lcp_echos_pending = 0;
}
LcpSendEchoRequest (fsm *f)
{
u_int32_t lcp_magic;
- u_char pkt[4], *pktp;
+ u_char pkt[16], *pktp;
/*
* Detect the failure of the peer at this point.
if (get_ppp_stats(f->unit, &cur_stats) && cur_stats.pkts_in != last_pkts_in) {
last_pkts_in = cur_stats.pkts_in;
+ /* receipt of traffic indicates the link is working... */
+ lcp_echos_pending = 0;
return;
}
}
lcp_magic = lcp_gotoptions[f->unit].magicnumber;
pktp = pkt;
PUTLONG(lcp_magic, pktp);
+
+ /* Put a timestamp in the data section of the frame */
+ if (lcp_rtt_file_fd) {
+ struct timespec ts;
+
+ PUTLONG(LCP_RTT_MAGIC, pktp);
+ clock_gettime(CLOCK_MONOTONIC, &ts);
+ PUTLONG((u_int32_t)ts.tv_sec, pktp);
+ PUTLONG((u_int32_t)ts.tv_nsec, pktp);
+ }
+
fsm_sdata(f, ECHOREQ, lcp_echo_number++ & 0xFF, pkt, pktp - pkt);
++lcp_echos_pending;
}
}
+static void
+lcp_rtt_open_file (void)
+{
+ volatile u_int32_t *ring_header;
+
+ if (!lcp_rtt_file)
+ return;
+
+ lcp_rtt_file_fd = open(lcp_rtt_file, O_RDWR | O_CREAT, 0644);
+ if (lcp_rtt_file_fd < 0) {
+ error("Can't open the RTT log file %s: %m", lcp_rtt_file);
+ lcp_rtt_file_fd = 0;
+ return;
+ }
+
+ if (ftruncate(lcp_rtt_file_fd, LCP_RTT_FILE_SIZE) < 0)
+ fatal("ftruncate() of %s failed: %m", lcp_rtt_file);
+ lcp_rtt_buffer = mmap(0, LCP_RTT_FILE_SIZE, PROT_READ | PROT_WRITE,
+ MAP_SHARED, lcp_rtt_file_fd, 0);
+ if (lcp_rtt_buffer == MAP_FAILED)
+ fatal("mmap() of %s failed: %m", lcp_rtt_file);
+ ring_header = lcp_rtt_buffer;
+
+ /* initialize the ring buffer */
+ if (ring_header[0] != htonl(LCP_RTT_MAGIC)) {
+ memset(lcp_rtt_buffer, 0, LCP_RTT_FILE_SIZE);
+ ring_header[0] = htonl(LCP_RTT_MAGIC);
+ }
+
+ ring_header[3] = htonl(lcp_echo_interval);
+ ring_header[1] = htonl(1); /* status: LCP up, file opened */
+}
+
+static void
+lcp_rtt_close_file (void)
+{
+ volatile u_int32_t *const ring_header = lcp_rtt_buffer;
+
+ if (!lcp_rtt_file_fd)
+ return;
+
+ ring_header[1] = htonl(0); /* status: LCP down, file closed */
+
+ if (munmap(lcp_rtt_buffer, LCP_RTT_FILE_SIZE) < 0)
+ error("munmap() of %s failed: %m", lcp_rtt_file);
+ if (close(lcp_rtt_file_fd) < 0)
+ error("close() of %s failed: %m", lcp_rtt_file);
+ lcp_rtt_buffer = NULL;
+ lcp_rtt_file_fd = 0;
+}
+
/*
* lcp_echo_lowerup - Start the timer for the LCP frame
*/
lcp_echos_pending = 0;
lcp_echo_number = 0;
lcp_echo_timer_running = 0;
+
+ /* Open the file where the LCP RTT data will be logged */
+ lcp_rtt_open_file();
/* If a timeout interval is specified then start the timer */
if (lcp_echo_interval != 0)
UNTIMEOUT (LcpEchoTimeout, f);
lcp_echo_timer_running = 0;
}
+
+ /* Close the file containing the LCP RTT data */
+ lcp_rtt_close_file();
}
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#ifndef PPP_LCP_H
+#define PPP_LCP_H
+
+#include "pppdconf.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/*
* Options.
/* Value used as data for CI_CALLBACK option */
#define CBCP_OPT 6 /* Use callback control protocol */
+/* An endpoint discriminator, used with multilink. */
+#define MAX_ENDP_LEN 20 /* maximum length of discriminator value */
+struct epdisc {
+ unsigned char class;
+ unsigned char length;
+ unsigned char value[MAX_ENDP_LEN];
+};
+
/*
* The state of options is described by an lcp_options structure.
*/
bool neg_endpoint; /* negotiate endpoint discriminator */
int mru; /* Value of MRU */
int mrru; /* Value of MRRU, and multilink enable */
- u_char chap_mdtype; /* which MD types (hashing algorithm) */
- u_int32_t asyncmap; /* Value of async map */
- u_int32_t magicnumber;
+ unsigned char chap_mdtype; /* which MD types (hashing algorithm) */
+ uint32_t asyncmap; /* Value of async map */
+ uint32_t magicnumber;
int numloops; /* Number of loops during magic number neg. */
- u_int32_t lqr_period; /* Reporting period for LQR 1/100ths second */
+ uint32_t lqr_period; /* Reporting period for LQR 1/100ths second */
struct epdisc endpoint; /* endpoint discriminator */
} lcp_options;
void lcp_close(int, char *);
void lcp_lowerup(int);
void lcp_lowerdown(int);
-void lcp_sprotrej(int, u_char *, int); /* send protocol reject */
+void lcp_sprotrej(int, unsigned char *, int); /* send protocol reject */
extern struct protent lcp_protent;
/* Default number of times we receive our magic number from the peer
before deciding the link is looped-back. */
#define DEFLOOPBACKFAIL 10
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // PPP_LCP_H
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/time.h>
-#include "pppd.h"
+#include "pppd-private.h"
#include "magic.h"
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#ifndef PPP_MAGIC_H
+#define PPP_MAGIC_H
+
+#include "pppdconf.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
void magic_init (void); /* Initialize the magic number generator */
u_int32_t magic (void); /* Returns the next magic number */
/* Fill buffer with random bytes */
void random_bytes (unsigned char *buf, int len);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // PPP_MAGIC_H
* 3. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include <stdio.h>
#include <ctype.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
+#include <limits.h>
+#include <inttypes.h>
+#include <net/if.h>
-#include "pppd.h"
+#include "pppd-private.h"
+#include "options.h"
#include "magic.h"
#include "fsm.h"
#include "lcp.h"
#include "ipcp.h"
-#ifdef INET6
+#ifdef PPP_WITH_IPV6CP
#include "ipv6cp.h"
#endif
#include "upap.h"
-#include "chap-new.h"
+#include "chap.h"
#include "eap.h"
#include "ccp.h"
#include "ecp.h"
#include "pathnames.h"
+#include "crypto.h"
+#include "multilink.h"
-#ifdef USE_TDB
+#ifdef PPP_WITH_TDB
#include "tdb.h"
#endif
-#ifdef CBCP_SUPPORT
+#ifdef PPP_WITH_CBCP
#include "cbcp.h"
#endif
-#ifdef IPX_CHANGE
-#include "ipxcp.h"
-#endif /* IPX_CHANGE */
#ifdef AT_CHANGE
#include "atcp.h"
#endif
-
/* interface vars */
-char ifname[MAXIFNAMELEN]; /* Interface name */
+char ifname[IFNAMSIZ]; /* Interface name */
int ifunit; /* Interface unit number */
struct channel *the_channel;
char hostname[MAXNAMELEN]; /* Our hostname */
static char pidfilename[MAXPATHLEN]; /* name of pid file */
static char linkpidfile[MAXPATHLEN]; /* name of linkname pid file */
-char ppp_devnam[MAXPATHLEN]; /* name of PPP tty (maybe ttypx) */
uid_t uid; /* Our real user-id */
struct notifier *pidchange = NULL;
struct notifier *phasechange = NULL;
int privileged; /* we're running as real uid root */
int need_holdoff; /* need holdoff period before restarting */
int detached; /* have detached from terminal */
-volatile int status; /* exit status for pppd */
+volatile int code; /* exit status for pppd */
int unsuccess; /* # unsuccessful connection attempts */
int do_callback; /* != 0 if we should do callback next */
int doing_callback; /* != 0 if we are doing callback */
concept (eg PPPoE) */
int childwait_done; /* have timed out waiting for children */
-#ifdef USE_TDB
+#ifdef PPP_WITH_TDB
TDB_CONTEXT *pppdb; /* database for storing status etc. */
#endif
int fd_devnull; /* fd for /dev/null */
int devfd = -1; /* fd of underlying device */
int fd_ppp = -1; /* fd for talking PPP */
-int phase; /* where the link is at */
+ppp_phase_t phase; /* where the link is at */
int kill_link;
int asked_to_quit;
int open_ccp_flag;
struct pppd_stats link_stats;
unsigned link_connect_time;
int link_stats_valid;
+int link_stats_print;
int error_count;
static void forget_child(int pid, int status);
static int reap_kids(void);
static void childwait_end(void *);
+static void run_net_script(char* script, int wait);
-#ifdef USE_TDB
+#ifdef PPP_WITH_TDB
static void update_db_entry(void);
static void add_db_key(const char *);
static void delete_db_key(const char *);
extern char *getlogin(void);
int main(int, char *[]);
+const char *ppp_hostname()
+{
+ return hostname;
+}
+
+bool ppp_signaled(int sig)
+{
+ if (sig == SIGTERM)
+ return !!got_sigterm;
+ if (sig == SIGUSR2)
+ return !!got_sigusr2;
+ if (sig == SIGHUP)
+ return !!got_sighup;
+ return false;
+}
+
+ppp_exit_code_t ppp_status()
+{
+ return code;
+}
+
+void ppp_set_status(ppp_exit_code_t value)
+{
+ code = value;
+}
+
+void ppp_set_session_number(int number)
+{
+ ppp_session_number = number;
+}
+
+int ppp_get_session_number()
+{
+ return ppp_session_number;
+}
+
+const char *ppp_ifname()
+{
+ return ifname;
+}
+
+int ppp_get_ifname(char *buf, size_t bufsz)
+{
+ if (buf) {
+ return strlcpy(buf, ifname, bufsz);
+ }
+ return false;
+}
+
+void ppp_set_ifname(const char *name)
+{
+ if (name) {
+ strlcpy(ifname, name, sizeof(ifname));
+ }
+}
+
+int ppp_ifunit()
+{
+ return ifunit;
+}
+
+int ppp_get_link_uptime()
+{
+ return link_connect_time;
+}
+
/*
* PPP Data Link Layer "protocol" table.
* One entry per supported protocol.
&lcp_protent,
&pap_protent,
&chap_protent,
-#ifdef CBCP_SUPPORT
+#ifdef PPP_WITH_CBCP
&cbcp_protent,
#endif
&ipcp_protent,
-#ifdef INET6
+#ifdef PPP_WITH_IPV6CP
&ipv6cp_protent,
#endif
&ccp_protent,
&ecp_protent,
-#ifdef IPX_CHANGE
- &ipxcp_protent,
-#endif
#ifdef AT_CHANGE
&atcp_protent,
#endif
struct protent *protp;
char numbuf[16];
- strlcpy(path_ipup, _PATH_IPUP, sizeof(path_ipup));
- strlcpy(path_ipdown, _PATH_IPDOWN, sizeof(path_ipdown));
+ PPP_crypto_init();
+ strlcpy(path_ipup, PPP_PATH_IPUP, MAXPATHLEN);
+ strlcpy(path_ipdown, PPP_PATH_IPDOWN, MAXPATHLEN);
+
+#ifdef PPP_WITH_IPV6CP
+ strlcpy(path_ipv6up, PPP_PATH_IPV6UP, MAXPATHLEN);
+ strlcpy(path_ipv6down, PPP_PATH_IPV6DOWN, MAXPATHLEN);
+#endif
link_stats_valid = 0;
+ link_stats_print = 1;
new_phase(PHASE_INITIALIZE);
script_env = NULL;
/* Initialize syslog facilities */
reopen_log();
- if (gethostname(hostname, MAXNAMELEN) < 0 ) {
- option_error("Couldn't get hostname: %m");
+ if (gethostname(hostname, sizeof(hostname)) < 0 ) {
+ ppp_option_error("Couldn't get hostname: %m");
exit(1);
}
hostname[MAXNAMELEN-1] = 0;
uid = getuid();
privileged = uid == 0;
slprintf(numbuf, sizeof(numbuf), "%d", uid);
- script_setenv("ORIG_UID", numbuf, 0);
+ ppp_script_setenv("ORIG_UID", numbuf, 0);
ngroups = getgroups(NGROUPS_MAX, groups);
* Parse, in order, the system options file, the user's options file,
* and the command line arguments.
*/
- if (!options_from_file(_PATH_SYSOPTIONS, !privileged, 0, 1)
+ if (!ppp_options_from_file(PPP_PATH_SYSOPTIONS, !privileged, 0, 1)
|| !options_from_user()
|| !parse_args(argc-1, argv+1))
exit(EXIT_OPTION_ERROR);
if (debug)
setlogmask(LOG_UPTO(LOG_DEBUG));
+ if (show_options) {
+ showopts();
+ die(0);
+ }
+
/*
* Check that we are running as root.
*/
if (geteuid() != 0) {
- option_error("must be root to run %s, since it is not setuid-root",
+ ppp_option_error("must be root to run %s, since it is not setuid-root",
argv[0]);
exit(EXIT_NOT_ROOT);
}
- if (!ppp_available()) {
- option_error("%s", no_ppp_msg);
+ if (!ppp_check_kernel_support()) {
+ ppp_option_error("%s", no_ppp_msg);
exit(EXIT_NO_KERNEL_SUPPORT);
}
if (!sys_check_options())
exit(EXIT_OPTION_ERROR);
auth_check_options();
-#ifdef HAVE_MULTILINK
mp_check_options();
-#endif
for (i = 0; (protp = protocols[i]) != NULL; ++i)
if (protp->check_options != NULL)
(*protp->check_options)();
die(0);
/* Make sure fds 0, 1, 2 are open to somewhere. */
- fd_devnull = open(_PATH_DEVNULL, O_RDWR);
+ fd_devnull = open(PPP_DEVNULL, O_RDWR);
if (fd_devnull < 0)
- fatal("Couldn't open %s: %m", _PATH_DEVNULL);
+ fatal("Couldn't open %s: %m", PPP_DEVNULL);
while (fd_devnull <= 2) {
i = dup(fd_devnull);
if (i < 0)
*/
sys_init();
-#ifdef USE_TDB
- pppdb = tdb_open(_PATH_PPPDB, 0, 0, O_RDWR|O_CREAT, 0644);
+#ifdef PPP_WITH_TDB
+ pppdb = tdb_open(PPP_PATH_PPPDB, 0, 0, O_RDWR|O_CREAT, 0644);
if (pppdb != NULL) {
slprintf(db_key, sizeof(db_key), "pppd%d", getpid());
update_db_entry();
} else {
- warn("Warning: couldn't open ppp database %s", _PATH_PPPDB);
+ warn("Warning: couldn't open ppp database %s", PPP_PATH_PPPDB);
if (multilink) {
warn("Warning: disabling multilink");
multilink = 0;
p = "(unknown)";
}
syslog(LOG_NOTICE, "pppd %s started by %s, uid %d", VERSION, p, uid);
- script_setenv("PPPLOGNAME", p, 0);
+ ppp_script_setenv("PPPLOGNAME", p, 0);
if (devnam[0])
- script_setenv("DEVICE", devnam, 1);
+ ppp_script_setenv("DEVICE", devnam, 1);
slprintf(numbuf, sizeof(numbuf), "%d", getpid());
- script_setenv("PPPD_PID", numbuf, 1);
+ ppp_script_setenv("PPPD_PID", numbuf, 1);
setup_signals();
listen_time = 0;
need_holdoff = 1;
devfd = -1;
- status = EXIT_OK;
+ code = EXIT_OK;
++unsuccess;
doing_callback = do_callback;
do_callback = 0;
info("Starting link");
}
- get_time(&start_time);
- script_unsetenv("CONNECT_TIME");
- script_unsetenv("BYTES_SENT");
- script_unsetenv("BYTES_RCVD");
+ ppp_get_time(&start_time);
+ ppp_script_unsetenv("CONNECT_TIME");
+ ppp_script_unsetenv("BYTES_SENT");
+ ppp_script_unsetenv("BYTES_RCVD");
lcp_open(0); /* Start protocol */
start_link(0);
}
}
- die(status);
+ PPP_crypto_deinit();
+ die(code);
return 0;
}
info("Hangup (SIGHUP)");
kill_link = 1;
got_sighup = 0;
- if (status != EXIT_HANGUP)
- status = EXIT_USER_REQUEST;
+ if (code != EXIT_HANGUP)
+ code = EXIT_USER_REQUEST;
}
if (got_sigterm) {
info("Terminating on signal %d", got_sigterm);
kill_link = 1;
asked_to_quit = 1;
persist = 0;
- status = EXIT_USER_REQUEST;
+ code = EXIT_USER_REQUEST;
got_sigterm = 0;
}
if (got_sigchld) {
signal(SIGPIPE, SIG_IGN);
}
+/*
+ * net-* scripts to be run come through here.
+ */
+void run_net_script(char* script, int wait)
+{
+ char strspeed[32];
+ char *argv[6];
+
+ slprintf(strspeed, sizeof(strspeed), "%d", baud_rate);
+
+ argv[0] = script;
+ argv[1] = ifname;
+ argv[2] = devnam;
+ argv[3] = strspeed;
+ argv[4] = ipparam;
+ argv[5] = NULL;
+
+ run_program(script, argv, 0, NULL, NULL, wait);
+}
+
/*
* set_ifunit - do things we need to do once we know which ppp
* unit we are using.
else
slprintf(ifname, sizeof(ifname), "%s%d", PPP_DRV_NAME, ifunit);
info("Using interface %s", ifname);
- script_setenv("IFNAME", ifname, iskey);
+ ppp_script_setenv("IFNAME", ifname, iskey);
slprintf(ifkey, sizeof(ifkey), "%d", ifunit);
- script_setenv("UNIT", ifkey, iskey);
+ ppp_script_setenv("UNIT", ifkey, iskey);
if (iskey) {
create_pidfile(getpid()); /* write pid to file */
create_linkpidfile(getpid());
}
+ run_net_script(PPP_PATH_NET_INIT, 1);
}
/*
detach(void)
{
int pid;
+ int ret;
char numbuf[16];
int pipefd[2];
exit(0); /* parent dies */
}
setsid();
- chdir("/");
+ ret = chdir("/");
+ if (ret != 0) {
+ fatal("Could not change directory to '/', %m");
+ }
dup2(fd_devnull, 0);
dup2(fd_devnull, 1);
dup2(fd_devnull, 2);
if (log_default)
log_to_fd = -1;
slprintf(numbuf, sizeof(numbuf), "%d", getpid());
- script_setenv("PPPD_PID", numbuf, 1);
+ ppp_script_setenv("PPPD_PID", numbuf, 1);
/* wait for parent to finish updating pid & lock files and die */
close(pipefd[1]);
{
FILE *pidfile;
- slprintf(pidfilename, sizeof(pidfilename), "%s%s.pid",
- _PATH_VARRUN, ifname);
+ slprintf(pidfilename, sizeof(pidfilename), "%s/%s.pid",
+ PPP_PATH_VARRUN, ifname);
if ((pidfile = fopen(pidfilename, "w")) != NULL) {
fprintf(pidfile, "%d\n", pid);
(void) fclose(pidfile);
if (linkname[0] == 0)
return;
- script_setenv("LINKNAME", linkname, 1);
- slprintf(linkpidfile, sizeof(linkpidfile), "%sppp-%s.pid",
- _PATH_VARRUN, linkname);
+ ppp_script_setenv("LINKNAME", linkname, 1);
+ slprintf(linkpidfile, sizeof(linkpidfile), "%s/ppp-%s.pid",
+ PPP_PATH_VARRUN, linkname);
if ((pidfile = fopen(linkpidfile, "w")) != NULL) {
fprintf(pidfile, "%d\n", pid);
if (ifname[0])
return;
if (len == 0) {
- if (bundle_eof && multilink_master) {
+ if (bundle_eof && mp_master()) {
notice("Last channel has disconnected");
mp_bundle_terminated();
return;
}
notice("Modem hangup");
hungup = 1;
- status = EXIT_HANGUP;
+ code = EXIT_HANGUP;
lcp_lowerdown(0); /* serial link is no longer available */
link_terminated(0);
return;
* new_phase - signal the start of a new phase of pppd's operation.
*/
void
-new_phase(int p)
+new_phase(ppp_phase_t p)
{
+ switch (p) {
+ case PHASE_NETWORK:
+ if (phase <= PHASE_NETWORK) {
+ char iftmpname[IFNAMSIZ];
+ int ifindex = if_nametoindex(ifname);
+ run_net_script(PPP_PATH_NET_PREUP, 1);
+ if (if_indextoname(ifindex, iftmpname) && strcmp(iftmpname, ifname)) {
+ info("Detected interface name change from %s to %s.", ifname, iftmpname);
+ strcpy(ifname, iftmpname);
+ }
+ }
+ break;
+ case PHASE_DISCONNECT:
+ run_net_script(PPP_PATH_NET_DOWN, 0);
+ break;
+ }
+
phase = p;
if (new_phase_hook)
(*new_phase_hook)(p);
notify(phasechange, p);
}
+bool
+in_phase(ppp_phase_t p)
+{
+ return (phase == p);
+}
+
/*
* die - clean up state and exit with the specified status.
*/
void
die(int status)
{
- if (!doing_multilink || multilink_master)
+
+ if (!mp_on() || mp_master())
print_link_stats();
cleanup();
notify(exitnotify, status);
(*the_channel->cleanup)();
remove_pidfiles();
-#ifdef USE_TDB
+#ifdef PPP_WITH_TDB
if (pppdb != NULL)
cleanup_db();
#endif
/*
* Print connect time and statistics.
*/
- if (link_stats_valid) {
+ if (link_stats_print && link_stats_valid) {
int t = (link_connect_time + 5) / 6; /* 1/10ths of minutes */
info("Connect time %d.%d minutes.", t/10, t%10);
info("Sent %u bytes, received %u bytes.",
link_stats.bytes_out, link_stats.bytes_in);
- link_stats_valid = 0;
+ link_stats_print = 0;
}
}
{
if (!get_ppp_stats(u, &old_link_stats))
return;
- get_time(&start_time);
+ ppp_get_time(&start_time);
}
/*
char numbuf[32];
if (!get_ppp_stats(u, &link_stats)
- || get_time(&now) < 0)
+ || ppp_get_time(&now) < 0)
return;
link_connect_time = now.tv_sec - start_time.tv_sec;
link_stats_valid = 1;
link_stats.pkts_out -= old_link_stats.pkts_out;
slprintf(numbuf, sizeof(numbuf), "%u", link_connect_time);
- script_setenv("CONNECT_TIME", numbuf, 0);
- slprintf(numbuf, sizeof(numbuf), "%u", link_stats.bytes_out);
- script_setenv("BYTES_SENT", numbuf, 0);
- slprintf(numbuf, sizeof(numbuf), "%u", link_stats.bytes_in);
- script_setenv("BYTES_RCVD", numbuf, 0);
+ ppp_script_setenv("CONNECT_TIME", numbuf, 0);
+ snprintf(numbuf, sizeof(numbuf), "%" PRIu64, link_stats.bytes_out);
+ ppp_script_setenv("BYTES_SENT", numbuf, 0);
+ snprintf(numbuf, sizeof(numbuf), "%" PRIu64, link_stats.bytes_in);
+ ppp_script_setenv("BYTES_RCVD", numbuf, 0);
+}
+
+bool
+ppp_get_link_stats(ppp_link_stats_st *stats)
+{
+ update_link_stats(0);
+ if (stats != NULL &&
+ link_stats_valid) {
+
+ memcpy(stats, &link_stats, sizeof(*stats));
+ return true;
+ }
+ return false;
}
* timeout - Schedule a timeout.
*/
void
-timeout(void (*func)(void *), void *arg, int secs, int usecs)
+ppp_timeout(void (*func)(void *), void *arg, int secs, int usecs)
{
struct callout *newp, *p, **pp;
fatal("Out of memory in timeout()!");
newp->c_arg = arg;
newp->c_func = func;
- get_time(&timenow);
+ ppp_get_time(&timenow);
newp->c_time.tv_sec = timenow.tv_sec + secs;
newp->c_time.tv_usec = timenow.tv_usec + usecs;
if (newp->c_time.tv_usec >= 1000000) {
* untimeout - Unschedule a timeout.
*/
void
-untimeout(void (*func)(void *), void *arg)
+ppp_untimeout(void (*func)(void *), void *arg)
{
struct callout **copp, *freep;
while (callout != NULL) {
p = callout;
- if (get_time(&timenow) < 0)
+ if (ppp_get_time(&timenow) < 0)
fatal("Failed to get time of day: %m");
if (!(p->c_time.tv_sec < timenow.tv_sec
|| (p->c_time.tv_sec == timenow.tv_sec
if (callout == NULL)
return NULL;
- get_time(&timenow);
+ ppp_get_time(&timenow);
tvp->tv_sec = callout->c_time.tv_sec - timenow.tv_sec;
tvp->tv_usec = callout->c_time.tv_usec - timenow.tv_usec;
if (tvp->tv_usec < 0) {
/* Send the signal to the [dis]connector process(es) also */
kill_my_pg(sig);
notify(sigreceived, sig);
- if (waiting)
+ if (waiting) {
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wunused-result"
write(sigpipe[1], &sig, sizeof(sig));
+#pragma GCC diagnostic pop
+ }
}
/* Send the signal to the [dis]connector process(es) also */
kill_my_pg(sig);
notify(sigreceived, sig);
- if (waiting)
+ if (waiting) {
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wunused-result"
write(sigpipe[1], &sig, sizeof(sig));
+#pragma GCC diagnostic pop
+ }
}
chld(int sig)
{
got_sigchld = 1;
- if (waiting)
+ if (waiting) {
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wunused-result"
write(sigpipe[1], &sig, sizeof(sig));
+#pragma GCC diagnostic pop
+ }
}
open_ccp(int sig)
{
got_sigusr2 = 1;
- if (waiting)
+ if (waiting) {
+#pragma GCC diagnostic push
+#pragma GCC diagnostic ignored "-Wunused-result"
write(sigpipe[1], &sig, sizeof(sig));
+#pragma GCC diagnostic pop
+ }
}
}
/*
- * safe_fork - Create a child process. The child closes all the
+ * ppp_safe_fork - Create a child process. The child closes all the
* file descriptors that we don't want to leak to a script.
* The parent waits for the child to do this before returning.
* This also arranges for the specified fds to be dup'd to
* fds 0, 1, 2 in the child.
*/
pid_t
-safe_fork(int infd, int outfd, int errfd)
+ppp_safe_fork(int infd, int outfd, int errfd)
{
pid_t pid;
int fd, pipefd[2];
}
/* Executing in the child */
- sys_close();
-#ifdef USE_TDB
+ ppp_sys_close();
+#ifdef PPP_WITH_TDB
if (pppdb != NULL)
tdb_close(pppdb);
#endif
/*
* device_script - run a program to talk to the specified fds
* (e.g. to run the connector or disconnector script).
- * stderr gets connected to the log fd or to the _PATH_CONNERRS file.
+ * stderr gets connected to the log fd or to the PPP_PATH_CONNERRS file.
*/
int
device_script(char *program, int in, int out, int dont_wait)
int pid;
int status = -1;
int errfd;
+ int ret;
if (log_to_fd >= 0)
errfd = log_to_fd;
else
- errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0644);
+ errfd = open(PPP_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0644);
++conn_running;
- pid = safe_fork(in, out, errfd);
+ pid = ppp_safe_fork(in, out, errfd);
if (pid != 0 && log_to_fd < 0)
close(errfd);
}
/* here we are executing in the child */
-
- setgid(getgid());
- setuid(uid);
- if (getuid() != uid) {
- fprintf(stderr, "pppd: setuid failed\n");
- exit(1);
+ ret = setgid(getgid());
+ if (ret != 0) {
+ perror("pppd: setgid failed\n");
+ exit(1);
+ }
+ ret = setuid(uid);
+ if (ret != 0 || getuid() != uid) {
+ perror("pppd: setuid failed\n");
+ exit(1);
}
update_system_environment();
execl("/bin/sh", "sh", "-c", program, (char *)0);
* and update the script environment. Note that we intentionally do
* not update the TDB. These changes are layered on top right before
* exec. It is not possible to use script_setenv() or
- * script_unsetenv() safely after this routine is run.
+ * ppp_script_unsetenv() safely after this routine is run.
*/
static void
update_script_environment(void)
* reap_kids) iff the return value is > 0.
*/
pid_t
-run_program(char *prog, char **args, int must_exist, void (*done)(void *), void *arg, int wait)
+run_program(char *prog, char * const *args, int must_exist, void (*done)(void *), void *arg, int wait)
{
- int pid, status;
+ int pid, status, ret;
struct stat sbuf;
/*
return 0;
}
- pid = safe_fork(fd_devnull, fd_devnull, fd_devnull);
+ pid = ppp_safe_fork(fd_devnull, fd_devnull, fd_devnull);
if (pid == -1) {
error("Failed to create child process for %s: %m", prog);
return -1;
/* Leave the current location */
(void) setsid(); /* No controlling tty. */
(void) umask (S_IRWXG|S_IRWXO);
- (void) chdir ("/"); /* no current directory. */
- setuid(0); /* set real UID = root */
- setgid(getegid());
+ ret = chdir ("/"); /* no current directory. */
+ if (ret != 0) {
+ fatal("Failed to change directory to '/', %m");
+ }
+ ret = setuid(0); /* set real UID = root */
+ if (ret != 0) {
+ fatal("Failed to set uid, %m");
+ }
+ ret = setgid(getegid());
+ if (ret != 0) {
+ fatal("failed to set gid, %m");
+ }
#ifdef BSD
/* Force the priority back to zero if pppd is running higher. */
return 0;
}
+
+struct notifier **get_notifier_by_type(ppp_notify_t type)
+{
+ struct notifier **list[NF_MAX_NOTIFY] = {
+ [NF_PID_CHANGE ] = &pidchange,
+ [NF_PHASE_CHANGE] = &phasechange,
+ [NF_EXIT ] = &exitnotify,
+ [NF_SIGNALED ] = &sigreceived,
+ [NF_IP_UP ] = &ip_up_notifier,
+ [NF_IP_DOWN ] = &ip_down_notifier,
+#ifdef PPP_WITH_IPV6CP
+ [NF_IPV6_UP ] = &ipv6_up_notifier,
+ [NF_IPV6_DOWN ] = &ipv6_down_notifier,
+#endif
+ [NF_AUTH_UP ] = &auth_up_notifier,
+ [NF_LINK_DOWN ] = &link_down_notifier,
+ [NF_FORK ] = &fork_notifier,
+ };
+ return list[type];
+}
+
/*
* add_notifier - add a new function to be called when something happens.
*/
void
-add_notifier(struct notifier **notif, notify_func func, void *arg)
+ppp_add_notify(ppp_notify_t type, ppp_notify_fn *func, void *arg)
{
- struct notifier *np;
-
- np = malloc(sizeof(struct notifier));
- if (np == 0)
- novm("notifier struct");
- np->next = *notif;
- np->func = func;
- np->arg = arg;
- *notif = np;
+ struct notifier **notif = get_notifier_by_type(type);
+ if (notif) {
+
+ struct notifier *np = malloc(sizeof(struct notifier));
+ if (np == 0)
+ novm("notifier struct");
+ np->next = *notif;
+ np->func = func;
+ np->arg = arg;
+ *notif = np;
+ } else {
+ error("Could not find notifier function for: %d", type);
+ }
}
/*
* be called when something happens.
*/
void
-remove_notifier(struct notifier **notif, notify_func func, void *arg)
+ppp_del_notify(ppp_notify_t type, ppp_notify_fn *func, void *arg)
{
- struct notifier *np;
-
- for (; (np = *notif) != 0; notif = &np->next) {
- if (np->func == func && np->arg == arg) {
- *notif = np->next;
- free(np);
- break;
+ struct notifier **notif = get_notifier_by_type(type);
+ if (notif) {
+ struct notifier *np;
+
+ for (; (np = *notif) != 0; notif = &np->next) {
+ if (np->func == func && np->arg == arg) {
+ *notif = np->next;
+ free(np);
+ break;
+ }
}
+ } else {
+ error("Could not find notifier function for: %d", type);
}
}
* novm - log an error message saying we ran out of memory, and die.
*/
void
-novm(char *msg)
+novm(const char *msg)
{
fatal("Virtual memory exhausted allocating %s\n", msg);
}
/*
- * script_setenv - set an environment variable value to be used
+ * ppp_script_setenv - set an environment variable value to be used
* for scripts that we run (e.g. ip-up, auth-up, etc.)
*/
void
-script_setenv(char *var, char *value, int iskey)
+ppp_script_setenv(char *var, char *value, int iskey)
{
size_t varl = strlen(var);
size_t vl = varl + strlen(value) + 2;
if (script_env != 0) {
for (i = 0; (p = script_env[i]) != 0; ++i) {
if (strncmp(p, var, varl) == 0 && p[varl] == '=') {
-#ifdef USE_TDB
+#ifdef PPP_WITH_TDB
if (p[-1] && pppdb != NULL)
delete_db_key(p);
#endif
free(p-1);
script_env[i] = newstring;
-#ifdef USE_TDB
+#ifdef PPP_WITH_TDB
if (pppdb != NULL) {
if (iskey)
add_db_key(newstring);
if (!add_script_env(i, newstring))
return;
-#ifdef USE_TDB
+#ifdef PPP_WITH_TDB
if (pppdb != NULL) {
if (iskey)
add_db_key(newstring);
}
/*
- * script_unsetenv - remove a variable from the environment
+ * ppp_script_unsetenv - remove a variable from the environment
* for scripts.
*/
void
-script_unsetenv(char *var)
+ppp_script_unsetenv(char *var)
{
int vl = strlen(var);
int i;
return;
for (i = 0; (p = script_env[i]) != 0; ++i) {
if (strncmp(p, var, vl) == 0 && p[vl] == '=') {
-#ifdef USE_TDB
+#ifdef PPP_WITH_TDB
if (p[-1] && pppdb != NULL)
delete_db_key(p);
#endif
break;
}
}
-#ifdef USE_TDB
+#ifdef PPP_WITH_TDB
if (pppdb != NULL)
update_db_entry();
#endif
*/
void lock_db(void)
{
-#ifdef USE_TDB
+#ifdef PPP_WITH_TDB
TDB_DATA key;
key.dptr = PPPD_LOCK_KEY;
*/
void unlock_db(void)
{
-#ifdef USE_TDB
+#ifdef PPP_WITH_TDB
TDB_DATA key;
key.dptr = PPPD_LOCK_KEY;
#endif
}
-#ifdef USE_TDB
+#ifdef PPP_WITH_TDB
/*
* update_db_entry - update our entry in the database.
*/
if (p[-1])
delete_db_key(p);
}
-#endif /* USE_TDB */
+#endif /* PPP_WITH_TDB */
+++ /dev/null
-/*
-** ********************************************************************
-** md4.c -- Implementation of MD4 Message Digest Algorithm **
-** Updated: 2/16/90 by Ronald L. Rivest **
-** (C) 1990 RSA Data Security, Inc. **
-** ********************************************************************
-*/
-
-/*
-** To use MD4:
-** -- Include md4.h in your program
-** -- Declare an MDstruct MD to hold the state of the digest
-** computation.
-** -- Initialize MD using MDbegin(&MD)
-** -- For each full block (64 bytes) X you wish to process, call
-** MD4Update(&MD,X,512)
-** (512 is the number of bits in a full block.)
-** -- For the last block (less than 64 bytes) you wish to process,
-** MD4Update(&MD,X,n)
-** where n is the number of bits in the partial block. A partial
-** block terminates the computation, so every MD computation
-** should terminate by processing a partial block, even if it
-** has n = 0.
-** -- The message digest is available in MD.buffer[0] ...
-** MD.buffer[3]. (Least-significant byte of each word
-** should be output first.)
-** -- You can print out the digest using MDprint(&MD)
-*/
-
-/* Implementation notes:
-** This implementation assumes that ints are 32-bit quantities.
-*/
-
-#define TRUE 1
-#define FALSE 0
-
-/* Compile-time includes
-*/
-#include <stdio.h>
-#include "md4.h"
-#include "pppd.h"
-
-/* Compile-time declarations of MD4 "magic constants".
-*/
-#define I0 0x67452301 /* Initial values for MD buffer */
-#define I1 0xefcdab89
-#define I2 0x98badcfe
-#define I3 0x10325476
-#define C2 013240474631 /* round 2 constant = sqrt(2) in octal */
-#define C3 015666365641 /* round 3 constant = sqrt(3) in octal */
-/* C2 and C3 are from Knuth, The Art of Programming, Volume 2
-** (Seminumerical Algorithms), Second Edition (1981), Addison-Wesley.
-** Table 2, page 660.
-*/
-
-#define fs1 3 /* round 1 shift amounts */
-#define fs2 7
-#define fs3 11
-#define fs4 19
-#define gs1 3 /* round 2 shift amounts */
-#define gs2 5
-#define gs3 9
-#define gs4 13
-#define hs1 3 /* round 3 shift amounts */
-#define hs2 9
-#define hs3 11
-#define hs4 15
-
-/* Compile-time macro declarations for MD4.
-** Note: The "rot" operator uses the variable "tmp".
-** It assumes tmp is declared as unsigned int, so that the >>
-** operator will shift in zeros rather than extending the sign bit.
-*/
-#define f(X,Y,Z) ((X&Y) | ((~X)&Z))
-#define g(X,Y,Z) ((X&Y) | (X&Z) | (Y&Z))
-#define h(X,Y,Z) (X^Y^Z)
-#define rot(X,S) (tmp=X,(tmp<<S) | (tmp>>(32-S)))
-#define ff(A,B,C,D,i,s) A = rot((A + f(B,C,D) + X[i]),s)
-#define gg(A,B,C,D,i,s) A = rot((A + g(B,C,D) + X[i] + C2),s)
-#define hh(A,B,C,D,i,s) A = rot((A + h(B,C,D) + X[i] + C3),s)
-
-/* MD4print(MDp)
-** Print message digest buffer MDp as 32 hexadecimal digits.
-** Order is from low-order byte of buffer[0] to high-order byte of
-** buffer[3].
-** Each byte is printed with high-order hexadecimal digit first.
-** This is a user-callable routine.
-*/
-void
-MD4Print(MD4_CTX *MDp)
-{
- int i,j;
- for (i=0;i<4;i++)
- for (j=0;j<32;j=j+8)
- printf("%02x",(MDp->buffer[i]>>j) & 0xFF);
-}
-
-/* MD4Init(MDp)
-** Initialize message digest buffer MDp.
-** This is a user-callable routine.
-*/
-void
-MD4Init(MD4_CTX *MDp)
-{
- int i;
- MDp->buffer[0] = I0;
- MDp->buffer[1] = I1;
- MDp->buffer[2] = I2;
- MDp->buffer[3] = I3;
- for (i=0;i<8;i++) MDp->count[i] = 0;
- MDp->done = 0;
-}
-
-/* MDblock(MDp,X)
-** Update message digest buffer MDp->buffer using 16-word data block X.
-** Assumes all 16 words of X are full of data.
-** Does not update MDp->count.
-** This routine is not user-callable.
-*/
-static void
-MDblock(MD4_CTX *MDp, unsigned char *Xb)
-{
- register unsigned int tmp, A, B, C, D;
- unsigned int X[16];
- int i;
-
- for (i = 0; i < 16; ++i) {
- X[i] = Xb[0] + (Xb[1] << 8) + (Xb[2] << 16) + (Xb[3] << 24);
- Xb += 4;
- }
-
- A = MDp->buffer[0];
- B = MDp->buffer[1];
- C = MDp->buffer[2];
- D = MDp->buffer[3];
- /* Update the message digest buffer */
- ff(A , B , C , D , 0 , fs1); /* Round 1 */
- ff(D , A , B , C , 1 , fs2);
- ff(C , D , A , B , 2 , fs3);
- ff(B , C , D , A , 3 , fs4);
- ff(A , B , C , D , 4 , fs1);
- ff(D , A , B , C , 5 , fs2);
- ff(C , D , A , B , 6 , fs3);
- ff(B , C , D , A , 7 , fs4);
- ff(A , B , C , D , 8 , fs1);
- ff(D , A , B , C , 9 , fs2);
- ff(C , D , A , B , 10 , fs3);
- ff(B , C , D , A , 11 , fs4);
- ff(A , B , C , D , 12 , fs1);
- ff(D , A , B , C , 13 , fs2);
- ff(C , D , A , B , 14 , fs3);
- ff(B , C , D , A , 15 , fs4);
- gg(A , B , C , D , 0 , gs1); /* Round 2 */
- gg(D , A , B , C , 4 , gs2);
- gg(C , D , A , B , 8 , gs3);
- gg(B , C , D , A , 12 , gs4);
- gg(A , B , C , D , 1 , gs1);
- gg(D , A , B , C , 5 , gs2);
- gg(C , D , A , B , 9 , gs3);
- gg(B , C , D , A , 13 , gs4);
- gg(A , B , C , D , 2 , gs1);
- gg(D , A , B , C , 6 , gs2);
- gg(C , D , A , B , 10 , gs3);
- gg(B , C , D , A , 14 , gs4);
- gg(A , B , C , D , 3 , gs1);
- gg(D , A , B , C , 7 , gs2);
- gg(C , D , A , B , 11 , gs3);
- gg(B , C , D , A , 15 , gs4);
- hh(A , B , C , D , 0 , hs1); /* Round 3 */
- hh(D , A , B , C , 8 , hs2);
- hh(C , D , A , B , 4 , hs3);
- hh(B , C , D , A , 12 , hs4);
- hh(A , B , C , D , 2 , hs1);
- hh(D , A , B , C , 10 , hs2);
- hh(C , D , A , B , 6 , hs3);
- hh(B , C , D , A , 14 , hs4);
- hh(A , B , C , D , 1 , hs1);
- hh(D , A , B , C , 9 , hs2);
- hh(C , D , A , B , 5 , hs3);
- hh(B , C , D , A , 13 , hs4);
- hh(A , B , C , D , 3 , hs1);
- hh(D , A , B , C , 11 , hs2);
- hh(C , D , A , B , 7 , hs3);
- hh(B , C , D , A , 15 , hs4);
- MDp->buffer[0] += A;
- MDp->buffer[1] += B;
- MDp->buffer[2] += C;
- MDp->buffer[3] += D;
-}
-
-/* MD4Update(MDp,X,count)
-** Input: X -- a pointer to an array of unsigned characters.
-** count -- the number of bits of X to use.
-** (if not a multiple of 8, uses high bits of last byte.)
-** Update MDp using the number of bits of X given by count.
-** This is the basic input routine for an MD4 user.
-** The routine completes the MD computation when count < 512, so
-** every MD computation should end with one call to MD4Update with a
-** count less than 512. A call with count 0 will be ignored if the
-** MD has already been terminated (done != 0), so an extra call with
-** count 0 can be given as a "courtesy close" to force termination
-** if desired.
-*/
-void
-MD4Update(MD4_CTX *MDp, unsigned char *X, unsigned int count)
-{
- unsigned int i, tmp, bit, byte, mask;
- unsigned char XX[64];
- unsigned char *p;
-
- /* return with no error if this is a courtesy close with count
- ** zero and MDp->done is true.
- */
- if (count == 0 && MDp->done) return;
- /* check to see if MD is already done and report error */
- if (MDp->done)
- { printf("\nError: MD4Update MD already done."); return; }
-
- /* Add count to MDp->count */
- tmp = count;
- p = MDp->count;
- while (tmp)
- { tmp += *p;
- *p++ = tmp;
- tmp = tmp >> 8;
- }
-
- /* Process data */
- if (count == 512)
- { /* Full block of data to handle */
- MDblock(MDp,X);
- }
- else if (count > 512) /* Check for count too large */
- {
- printf("\nError: MD4Update called with illegal count value %d.",
- count);
- return;
- }
- else /* partial block -- must be last block so finish up */
- {
- /* Find out how many bytes and residual bits there are */
- byte = count >> 3;
- bit = count & 7;
- /* Copy X into XX since we need to modify it */
- if (count)
- for (i=0;i<=byte;i++) XX[i] = X[i];
- for (i=byte+1;i<64;i++) XX[i] = 0;
- /* Add padding '1' bit and low-order zeros in last byte */
- mask = 1 << (7 - bit);
- XX[byte] = (XX[byte] | mask) & ~( mask - 1);
- /* If room for bit count, finish up with this block */
- if (byte <= 55)
- {
- for (i=0;i<8;i++) XX[56+i] = MDp->count[i];
- MDblock(MDp,XX);
- }
- else /* need to do two blocks to finish up */
- {
- MDblock(MDp,XX);
- for (i=0;i<56;i++) XX[i] = 0;
- for (i=0;i<8;i++) XX[56+i] = MDp->count[i];
- MDblock(MDp,XX);
- }
- /* Set flag saying we're done with MD computation */
- MDp->done = 1;
- }
-}
-
-/*
-** Finish up MD4 computation and return message digest.
-*/
-void
-MD4Final(unsigned char *buf, MD4_CTX *MD)
-{
- int i, j;
- unsigned int w;
-
- MD4Update(MD, NULL, 0);
- for (i = 0; i < 4; ++i) {
- w = MD->buffer[i];
- for (j = 0; j < 4; ++j) {
- *buf++ = w;
- w >>= 8;
- }
- }
-}
-
-/*
-** End of md4.c
-****************************(cut)***********************************/
+++ /dev/null
-
-/*
-** ********************************************************************
-** md4.h -- Header file for implementation of **
-** MD4 Message Digest Algorithm **
-** Updated: 2/13/90 by Ronald L. Rivest **
-** (C) 1990 RSA Data Security, Inc. **
-** ********************************************************************
-*/
-
-/* MDstruct is the data structure for a message digest computation.
-*/
-typedef struct {
- unsigned int buffer[4]; /* Holds 4-word result of MD computation */
- unsigned char count[8]; /* Number of bits processed so far */
- unsigned int done; /* Nonzero means MD computation finished */
-} MD4_CTX;
-
-/* MD4Init(MD4_CTX *)
-** Initialize the MD4_CTX prepatory to doing a message digest
-** computation.
-*/
-extern void MD4Init(MD4_CTX *MD);
-
-/* MD4Update(MD,X,count)
-** Input: X -- a pointer to an array of unsigned characters.
-** count -- the number of bits of X to use (an unsigned int).
-** Updates MD using the first "count" bits of X.
-** The array pointed to by X is not modified.
-** If count is not a multiple of 8, MD4Update uses high bits of
-** last byte.
-** This is the basic input routine for a user.
-** The routine terminates the MD computation when count < 512, so
-** every MD computation should end with one call to MD4Update with a
-** count less than 512. Zero is OK for a count.
-*/
-extern void MD4Update(MD4_CTX *MD, unsigned char *X, unsigned int count);
-
-/* MD4Print(MD)
-** Prints message digest buffer MD as 32 hexadecimal digits.
-** Order is from low-order byte of buffer[0] to high-order byte
-** of buffer[3].
-** Each byte is printed with high-order hexadecimal digit first.
-*/
-extern void MD4Print(MD4_CTX *);
-
-/* MD4Final(buf, MD)
-** Returns message digest from MD and terminates the message
-** digest computation.
-*/
-extern void MD4Final(unsigned char *, MD4_CTX *);
-
-/*
-** End of md4.h
-****************************(cut)***********************************/
+++ /dev/null
-
-
-/*
- ***********************************************************************
- ** md5.c -- the source code for MD5 routines **
- ** RSA Data Security, Inc. MD5 Message-Digest Algorithm **
- ** Created: 2/17/90 RLR **
- ** Revised: 1/91 SRD,AJ,BSK,JT Reference C ver., 7/10 constant corr. **
- ***********************************************************************
- */
-
-/*
- ***********************************************************************
- ** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. **
- ** **
- ** License to copy and use this software is granted provided that **
- ** it is identified as the "RSA Data Security, Inc. MD5 Message- **
- ** Digest Algorithm" in all material mentioning or referencing this **
- ** software or this function. **
- ** **
- ** License is also granted to make and use derivative works **
- ** provided that such works are identified as "derived from the RSA **
- ** Data Security, Inc. MD5 Message-Digest Algorithm" in all **
- ** material mentioning or referencing the derived work. **
- ** **
- ** RSA Data Security, Inc. makes no representations concerning **
- ** either the merchantability of this software or the suitability **
- ** of this software for any particular purpose. It is provided "as **
- ** is" without express or implied warranty of any kind. **
- ** **
- ** These notices must be retained in any copies of any part of this **
- ** documentation and/or software. **
- ***********************************************************************
- */
-
-#include <string.h>
-#include "md5.h"
-
-/*
- ***********************************************************************
- ** Message-digest routines: **
- ** To form the message digest for a message M **
- ** (1) Initialize a context buffer mdContext using MD5_Init **
- ** (2) Call MD5_Update on mdContext and M **
- ** (3) Call MD5_Final on mdContext **
- ** The message digest is now in mdContext->digest[0...15] **
- ***********************************************************************
- */
-
-/* forward declaration */
-static void Transform (UINT4 *buf, UINT4 *in);
-
-static unsigned char PADDING[64] = {
- 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
-};
-
-/* F, G, H and I are basic MD5 functions */
-#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
-#define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
-#define H(x, y, z) ((x) ^ (y) ^ (z))
-#define I(x, y, z) ((y) ^ ((x) | (~z)))
-
-/* ROTATE_LEFT rotates x left n bits */
-#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
-
-/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4 */
-/* Rotation is separate from addition to prevent recomputation */
-#define FF(a, b, c, d, x, s, ac) \
- {(a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \
- (a) = ROTATE_LEFT ((a), (s)); \
- (a) += (b); \
- }
-#define GG(a, b, c, d, x, s, ac) \
- {(a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \
- (a) = ROTATE_LEFT ((a), (s)); \
- (a) += (b); \
- }
-#define HH(a, b, c, d, x, s, ac) \
- {(a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \
- (a) = ROTATE_LEFT ((a), (s)); \
- (a) += (b); \
- }
-#define II(a, b, c, d, x, s, ac) \
- {(a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \
- (a) = ROTATE_LEFT ((a), (s)); \
- (a) += (b); \
- }
-
-#ifdef __STDC__
-#define UL(x) x##U
-#else
-#define UL(x) x
-#endif
-
-/* The routine MD5_Init initializes the message-digest context
- mdContext. All fields are set to zero.
- */
-void MD5_Init (MD5_CTX *mdContext)
-{
- mdContext->i[0] = mdContext->i[1] = (UINT4)0;
-
- /* Load magic initialization constants.
- */
- mdContext->buf[0] = (UINT4)0x67452301;
- mdContext->buf[1] = (UINT4)0xefcdab89;
- mdContext->buf[2] = (UINT4)0x98badcfe;
- mdContext->buf[3] = (UINT4)0x10325476;
-}
-
-/* The routine MD5Update updates the message-digest context to
- account for the presence of each of the characters inBuf[0..inLen-1]
- in the message whose digest is being computed.
- */
-void MD5_Update (MD5_CTX *mdContext, unsigned char *inBuf, unsigned int inLen)
-{
- UINT4 in[16];
- int mdi;
- unsigned int i, ii;
-
- /* compute number of bytes mod 64 */
- mdi = (int)((mdContext->i[0] >> 3) & 0x3F);
-
- /* update number of bits */
- if ((mdContext->i[0] + ((UINT4)inLen << 3)) < mdContext->i[0])
- mdContext->i[1]++;
- mdContext->i[0] += ((UINT4)inLen << 3);
- mdContext->i[1] += ((UINT4)inLen >> 29);
-
- while (inLen--) {
- /* add new character to buffer, increment mdi */
- mdContext->in[mdi++] = *inBuf++;
-
- /* transform if necessary */
- if (mdi == 0x40) {
- for (i = 0, ii = 0; i < 16; i++, ii += 4)
- in[i] = (((UINT4)mdContext->in[ii+3]) << 24) |
- (((UINT4)mdContext->in[ii+2]) << 16) |
- (((UINT4)mdContext->in[ii+1]) << 8) |
- ((UINT4)mdContext->in[ii]);
- Transform (mdContext->buf, in);
- mdi = 0;
- }
- }
-}
-
-/* The routine MD5Final terminates the message-digest computation and
- ends with the desired message digest in mdContext->digest[0...15].
- */
-void MD5_Final (unsigned char hash[], MD5_CTX *mdContext)
-{
- UINT4 in[16];
- int mdi;
- unsigned int i, ii;
- unsigned int padLen;
-
- /* save number of bits */
- in[14] = mdContext->i[0];
- in[15] = mdContext->i[1];
-
- /* compute number of bytes mod 64 */
- mdi = (int)((mdContext->i[0] >> 3) & 0x3F);
-
- /* pad out to 56 mod 64 */
- padLen = (mdi < 56) ? (56 - mdi) : (120 - mdi);
- MD5_Update (mdContext, PADDING, padLen);
-
- /* append length in bits and transform */
- for (i = 0, ii = 0; i < 14; i++, ii += 4)
- in[i] = (((UINT4)mdContext->in[ii+3]) << 24) |
- (((UINT4)mdContext->in[ii+2]) << 16) |
- (((UINT4)mdContext->in[ii+1]) << 8) |
- ((UINT4)mdContext->in[ii]);
- Transform (mdContext->buf, in);
-
- /* store buffer in digest */
- for (i = 0, ii = 0; i < 4; i++, ii += 4) {
- mdContext->digest[ii] = (unsigned char)(mdContext->buf[i] & 0xFF);
- mdContext->digest[ii+1] =
- (unsigned char)((mdContext->buf[i] >> 8) & 0xFF);
- mdContext->digest[ii+2] =
- (unsigned char)((mdContext->buf[i] >> 16) & 0xFF);
- mdContext->digest[ii+3] =
- (unsigned char)((mdContext->buf[i] >> 24) & 0xFF);
- }
- memcpy(hash, mdContext->digest, 16);
-}
-
-/* Basic MD5 step. Transforms buf based on in.
- */
-static void Transform (UINT4 *buf, UINT4 *in)
-{
- UINT4 a = buf[0], b = buf[1], c = buf[2], d = buf[3];
-
- /* Round 1 */
-#define S11 7
-#define S12 12
-#define S13 17
-#define S14 22
- FF ( a, b, c, d, in[ 0], S11, UL(3614090360)); /* 1 */
- FF ( d, a, b, c, in[ 1], S12, UL(3905402710)); /* 2 */
- FF ( c, d, a, b, in[ 2], S13, UL( 606105819)); /* 3 */
- FF ( b, c, d, a, in[ 3], S14, UL(3250441966)); /* 4 */
- FF ( a, b, c, d, in[ 4], S11, UL(4118548399)); /* 5 */
- FF ( d, a, b, c, in[ 5], S12, UL(1200080426)); /* 6 */
- FF ( c, d, a, b, in[ 6], S13, UL(2821735955)); /* 7 */
- FF ( b, c, d, a, in[ 7], S14, UL(4249261313)); /* 8 */
- FF ( a, b, c, d, in[ 8], S11, UL(1770035416)); /* 9 */
- FF ( d, a, b, c, in[ 9], S12, UL(2336552879)); /* 10 */
- FF ( c, d, a, b, in[10], S13, UL(4294925233)); /* 11 */
- FF ( b, c, d, a, in[11], S14, UL(2304563134)); /* 12 */
- FF ( a, b, c, d, in[12], S11, UL(1804603682)); /* 13 */
- FF ( d, a, b, c, in[13], S12, UL(4254626195)); /* 14 */
- FF ( c, d, a, b, in[14], S13, UL(2792965006)); /* 15 */
- FF ( b, c, d, a, in[15], S14, UL(1236535329)); /* 16 */
-
- /* Round 2 */
-#define S21 5
-#define S22 9
-#define S23 14
-#define S24 20
- GG ( a, b, c, d, in[ 1], S21, UL(4129170786)); /* 17 */
- GG ( d, a, b, c, in[ 6], S22, UL(3225465664)); /* 18 */
- GG ( c, d, a, b, in[11], S23, UL( 643717713)); /* 19 */
- GG ( b, c, d, a, in[ 0], S24, UL(3921069994)); /* 20 */
- GG ( a, b, c, d, in[ 5], S21, UL(3593408605)); /* 21 */
- GG ( d, a, b, c, in[10], S22, UL( 38016083)); /* 22 */
- GG ( c, d, a, b, in[15], S23, UL(3634488961)); /* 23 */
- GG ( b, c, d, a, in[ 4], S24, UL(3889429448)); /* 24 */
- GG ( a, b, c, d, in[ 9], S21, UL( 568446438)); /* 25 */
- GG ( d, a, b, c, in[14], S22, UL(3275163606)); /* 26 */
- GG ( c, d, a, b, in[ 3], S23, UL(4107603335)); /* 27 */
- GG ( b, c, d, a, in[ 8], S24, UL(1163531501)); /* 28 */
- GG ( a, b, c, d, in[13], S21, UL(2850285829)); /* 29 */
- GG ( d, a, b, c, in[ 2], S22, UL(4243563512)); /* 30 */
- GG ( c, d, a, b, in[ 7], S23, UL(1735328473)); /* 31 */
- GG ( b, c, d, a, in[12], S24, UL(2368359562)); /* 32 */
-
- /* Round 3 */
-#define S31 4
-#define S32 11
-#define S33 16
-#define S34 23
- HH ( a, b, c, d, in[ 5], S31, UL(4294588738)); /* 33 */
- HH ( d, a, b, c, in[ 8], S32, UL(2272392833)); /* 34 */
- HH ( c, d, a, b, in[11], S33, UL(1839030562)); /* 35 */
- HH ( b, c, d, a, in[14], S34, UL(4259657740)); /* 36 */
- HH ( a, b, c, d, in[ 1], S31, UL(2763975236)); /* 37 */
- HH ( d, a, b, c, in[ 4], S32, UL(1272893353)); /* 38 */
- HH ( c, d, a, b, in[ 7], S33, UL(4139469664)); /* 39 */
- HH ( b, c, d, a, in[10], S34, UL(3200236656)); /* 40 */
- HH ( a, b, c, d, in[13], S31, UL( 681279174)); /* 41 */
- HH ( d, a, b, c, in[ 0], S32, UL(3936430074)); /* 42 */
- HH ( c, d, a, b, in[ 3], S33, UL(3572445317)); /* 43 */
- HH ( b, c, d, a, in[ 6], S34, UL( 76029189)); /* 44 */
- HH ( a, b, c, d, in[ 9], S31, UL(3654602809)); /* 45 */
- HH ( d, a, b, c, in[12], S32, UL(3873151461)); /* 46 */
- HH ( c, d, a, b, in[15], S33, UL( 530742520)); /* 47 */
- HH ( b, c, d, a, in[ 2], S34, UL(3299628645)); /* 48 */
-
- /* Round 4 */
-#define S41 6
-#define S42 10
-#define S43 15
-#define S44 21
- II ( a, b, c, d, in[ 0], S41, UL(4096336452)); /* 49 */
- II ( d, a, b, c, in[ 7], S42, UL(1126891415)); /* 50 */
- II ( c, d, a, b, in[14], S43, UL(2878612391)); /* 51 */
- II ( b, c, d, a, in[ 5], S44, UL(4237533241)); /* 52 */
- II ( a, b, c, d, in[12], S41, UL(1700485571)); /* 53 */
- II ( d, a, b, c, in[ 3], S42, UL(2399980690)); /* 54 */
- II ( c, d, a, b, in[10], S43, UL(4293915773)); /* 55 */
- II ( b, c, d, a, in[ 1], S44, UL(2240044497)); /* 56 */
- II ( a, b, c, d, in[ 8], S41, UL(1873313359)); /* 57 */
- II ( d, a, b, c, in[15], S42, UL(4264355552)); /* 58 */
- II ( c, d, a, b, in[ 6], S43, UL(2734768916)); /* 59 */
- II ( b, c, d, a, in[13], S44, UL(1309151649)); /* 60 */
- II ( a, b, c, d, in[ 4], S41, UL(4149444226)); /* 61 */
- II ( d, a, b, c, in[11], S42, UL(3174756917)); /* 62 */
- II ( c, d, a, b, in[ 2], S43, UL( 718787259)); /* 63 */
- II ( b, c, d, a, in[ 9], S44, UL(3951481745)); /* 64 */
-
- buf[0] += a;
- buf[1] += b;
- buf[2] += c;
- buf[3] += d;
-}
-
-/*
- ***********************************************************************
- ** End of md5.c **
- ******************************** (cut) ********************************
- */
+++ /dev/null
-/*
- ***********************************************************************
- ** md5.h -- header file for implementation of MD5 **
- ** RSA Data Security, Inc. MD5 Message-Digest Algorithm **
- ** Created: 2/17/90 RLR **
- ** Revised: 12/27/90 SRD,AJ,BSK,JT Reference C version **
- ** Revised (for MD5): RLR 4/27/91 **
- ** -- G modified to have y&~z instead of y&z **
- ** -- FF, GG, HH modified to add in last register done **
- ** -- Access pattern: round 2 works mod 5, round 3 works mod 3 **
- ** -- distinct additive constant for each step **
- ** -- round 4 added, working mod 7 **
- ***********************************************************************
- */
-
-/*
- ***********************************************************************
- ** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. **
- ** **
- ** License to copy and use this software is granted provided that **
- ** it is identified as the "RSA Data Security, Inc. MD5 Message- **
- ** Digest Algorithm" in all material mentioning or referencing this **
- ** software or this function. **
- ** **
- ** License is also granted to make and use derivative works **
- ** provided that such works are identified as "derived from the RSA **
- ** Data Security, Inc. MD5 Message-Digest Algorithm" in all **
- ** material mentioning or referencing the derived work. **
- ** **
- ** RSA Data Security, Inc. makes no representations concerning **
- ** either the merchantability of this software or the suitability **
- ** of this software for any particular purpose. It is provided "as **
- ** is" without express or implied warranty of any kind. **
- ** **
- ** These notices must be retained in any copies of any part of this **
- ** documentation and/or software. **
- ***********************************************************************
- */
-
-#ifndef __MD5_INCLUDE__
-
-/* typedef a 32-bit type */
-#ifdef _LP64
-typedef unsigned int UINT4;
-typedef int INT4;
-#else
-typedef unsigned long UINT4;
-typedef long INT4;
-#endif
-#define _UINT4_T
-
-/* Data structure for MD5 (Message-Digest) computation */
-typedef struct {
- UINT4 i[2]; /* number of _bits_ handled mod 2^64 */
- UINT4 buf[4]; /* scratch buffer */
- unsigned char in[64]; /* input buffer */
- unsigned char digest[16]; /* actual digest after MD5Final call */
-} MD5_CTX;
-
-void MD5_Init (MD5_CTX *mdContext);
-void MD5_Update (MD5_CTX *mdContext, unsigned char *inBuf, unsigned int inLen);
-void MD5_Final (unsigned char hash[], MD5_CTX *mdContext);
-
-#define __MD5_INCLUDE__
-#endif /* __MD5_INCLUDE__ */
--- /dev/null
+/* mppe.c - MPPE key implementation
+ *
+ * Copyright (c) 2020 Eivind Naess. All rights reserved.
+ * Copyright (c) 2008 Paul Mackerras. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <string.h>
+
+
+#include "pppd-private.h"
+#include "fsm.h"
+#include "ccp.h"
+#include "chap_ms.h"
+#include "mppe.h"
+#include "crypto.h"
+
+u_char mppe_send_key[MPPE_MAX_KEY_SIZE];
+u_char mppe_recv_key[MPPE_MAX_KEY_SIZE];
+int mppe_keys_set = 0;
+
+void
+mppe_set_keys(u_char *send_key, u_char *recv_key, int keylen)
+{
+ int length = keylen;
+ if (length > MPPE_MAX_KEY_SIZE)
+ length = MPPE_MAX_KEY_SIZE;
+
+ if (send_key) {
+ BCOPY(send_key, mppe_send_key, length);
+ BZERO(send_key, keylen);
+ }
+
+ if (recv_key) {
+ BCOPY(recv_key, mppe_recv_key, length);
+ BZERO(recv_key, keylen);
+ }
+
+ mppe_keys_set = length;
+}
+
+bool
+mppe_keys_isset()
+{
+ return !!mppe_keys_set;
+}
+
+int
+mppe_get_recv_key(u_char *recv_key, int length)
+{
+ if (mppe_keys_isset()) {
+ if (length > mppe_keys_set)
+ length = mppe_keys_set;
+ BCOPY(mppe_recv_key, recv_key, length);
+ return length;
+ }
+ return 0;
+}
+
+int
+mppe_get_send_key(u_char *send_key, int length)
+{
+ if (mppe_keys_isset()) {
+ if (length > mppe_keys_set)
+ length = mppe_keys_set;
+ BCOPY(mppe_send_key, send_key, length);
+ return length;
+ }
+ return 0;
+}
+
+void
+mppe_clear_keys(void)
+{
+ mppe_keys_set = 0;
+ BZERO(mppe_send_key, sizeof(mppe_send_key));
+ BZERO(mppe_recv_key, sizeof(mppe_recv_key));
+}
+
+/*
+ * Set mppe_xxxx_key from the NTPasswordHashHash.
+ * RFC 2548 (RADIUS support) requires us to export this function (ugh).
+ */
+void
+mppe_set_chapv1(unsigned char *rchallenge, unsigned char *PasswordHashHash)
+{
+ PPP_MD_CTX *ctx;
+ u_char Digest[SHA_DIGEST_LENGTH];
+ int DigestLen;
+
+ ctx = PPP_MD_CTX_new();
+ if (ctx != NULL) {
+
+ if (PPP_DigestInit(ctx, PPP_sha1())) {
+
+ if (PPP_DigestUpdate(ctx, PasswordHashHash, MD4_DIGEST_LENGTH)) {
+
+ if (PPP_DigestUpdate(ctx, PasswordHashHash, MD4_DIGEST_LENGTH)) {
+
+ if (PPP_DigestUpdate(ctx, rchallenge, 8)) {
+
+ DigestLen = SHA_DIGEST_LENGTH;
+ PPP_DigestFinal(ctx, Digest, &DigestLen);
+ }
+ }
+ }
+ }
+
+ PPP_MD_CTX_free(ctx);
+ }
+
+
+ /* Same key in both directions. */
+ mppe_set_keys(Digest, Digest, sizeof(Digest));
+}
+
+/*
+ * Set mppe_xxxx_key from MS-CHAPv2 credentials. (see RFC 3079)
+ *
+ * This helper function used in the Winbind module, which gets the
+ * NTHashHash from the server.
+ */
+void
+mppe_set_chapv2(unsigned char *PasswordHashHash, unsigned char *NTResponse,
+ int IsServer)
+{
+ PPP_MD_CTX *ctx;
+
+ u_char MasterKey[SHA_DIGEST_LENGTH];
+ u_char SendKey[SHA_DIGEST_LENGTH];
+ u_char RecvKey[SHA_DIGEST_LENGTH];
+ int KeyLen;
+
+ u_char SHApad1[40] =
+ { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
+ u_char SHApad2[40] =
+ { 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
+ 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
+ 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2,
+ 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2 };
+
+ /* "This is the MPPE Master Key" */
+ u_char Magic1[27] =
+ { 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74,
+ 0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d,
+ 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79 };
+ /* "On the client side, this is the send key; "
+ "on the server side, it is the receive key." */
+ u_char Magic2[84] =
+ { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
+ 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
+ 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
+ 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79,
+ 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73,
+ 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 0x69, 0x64, 0x65,
+ 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
+ 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
+ 0x6b, 0x65, 0x79, 0x2e };
+ /* "On the client side, this is the receive key; "
+ "on the server side, it is the send key." */
+ u_char Magic3[84] =
+ { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69,
+ 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20,
+ 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68,
+ 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20,
+ 0x6b, 0x65, 0x79, 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68,
+ 0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73,
+ 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73,
+ 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20,
+ 0x6b, 0x65, 0x79, 0x2e };
+ u_char *s;
+
+ ctx = PPP_MD_CTX_new();
+ if (ctx != NULL) {
+
+ if (PPP_DigestInit(ctx, PPP_sha1())) {
+
+ if (PPP_DigestUpdate(ctx, PasswordHashHash, MD4_DIGEST_LENGTH)) {
+
+ if (PPP_DigestUpdate(ctx, NTResponse, 24)) {
+
+ if (PPP_DigestUpdate(ctx, Magic1, sizeof(Magic1))) {
+
+ KeyLen = SHA_DIGEST_LENGTH;
+ PPP_DigestFinal(ctx, MasterKey, &KeyLen);
+ }
+ }
+ }
+ }
+
+ PPP_MD_CTX_free(ctx);
+ }
+
+ /*
+ * generate send key
+ */
+ if (IsServer)
+ s = Magic3;
+ else
+ s = Magic2;
+
+ ctx = PPP_MD_CTX_new();
+ if (ctx != NULL) {
+
+ if (PPP_DigestInit(ctx, PPP_sha1())) {
+
+ if (PPP_DigestUpdate(ctx, MasterKey, 16)) {
+
+ if (PPP_DigestUpdate(ctx, SHApad1, sizeof(SHApad1))) {
+
+ if (PPP_DigestUpdate(ctx, s, 84)) {
+
+ if (PPP_DigestUpdate(ctx, SHApad2, sizeof(SHApad2))) {
+
+ KeyLen = SHA_DIGEST_LENGTH;
+ PPP_DigestFinal(ctx, SendKey, &KeyLen);
+ }
+ }
+ }
+ }
+ }
+
+ PPP_MD_CTX_free(ctx);
+ }
+
+
+ /*
+ * generate recv key
+ */
+ if (IsServer)
+ s = Magic2;
+ else
+ s = Magic3;
+
+ ctx = PPP_MD_CTX_new();
+ if (ctx != NULL) {
+
+ if (PPP_DigestInit(ctx, PPP_sha1())) {
+
+ if (PPP_DigestUpdate(ctx, MasterKey, 16)) {
+
+ if (PPP_DigestUpdate(ctx, SHApad1, sizeof(SHApad1))) {
+
+ if (PPP_DigestUpdate(ctx, s, 84)) {
+
+ if (PPP_DigestUpdate(ctx, SHApad2, sizeof(SHApad2))) {
+
+ KeyLen = SHA_DIGEST_LENGTH;
+ PPP_DigestFinal(ctx, RecvKey, &KeyLen);
+ }
+ }
+ }
+ }
+ }
+
+ PPP_MD_CTX_free(ctx);
+ }
+
+ mppe_set_keys(SendKey, RecvKey, SHA_DIGEST_LENGTH);
+}
+
+#ifndef UNIT_TEST
+
+/*
+ * Set MPPE options from plugins.
+ */
+void
+mppe_set_enc_types(int policy, int types)
+{
+ /* Early exit for unknown policies. */
+ if (policy != MPPE_ENC_POL_ENC_ALLOWED &&
+ policy != MPPE_ENC_POL_ENC_REQUIRED)
+ return;
+
+ /* Don't modify MPPE if it's optional and wasn't already configured. */
+ if (policy == MPPE_ENC_POL_ENC_ALLOWED && !ccp_wantoptions[0].mppe)
+ return;
+
+ /*
+ * Disable undesirable encryption types. Note that we don't ENABLE
+ * any encryption types, to avoid overriding manual configuration.
+ */
+ switch(types) {
+ case MPPE_ENC_TYPES_RC4_40:
+ ccp_wantoptions[0].mppe &= ~MPPE_OPT_128; /* disable 128-bit */
+ break;
+ case MPPE_ENC_TYPES_RC4_128:
+ ccp_wantoptions[0].mppe &= ~MPPE_OPT_40; /* disable 40-bit */
+ break;
+ default:
+ break;
+ }
+}
+
+#endif
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#ifndef PPP_MPPE_H
+#define PPP_MPPE_H
+
+#include "pppdconf.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
#define MPPE_PAD 4 /* MPPE growth per frame */
-#define MPPE_MAX_KEY_LEN 16 /* largest key length (128-bit) */
+#define MPPE_MAX_KEY_SIZE 32 /* Largest key length */
+#define MPPE_MAX_KEY_LEN 16 /* Largest key size accepted by the kernel */
/* option bits for ccp_options.mppe */
#define MPPE_OPT_40 0x01 /* 40 bit */
/* Build a CI from mppe opts (see RFC 3078) */
#define MPPE_OPTS_TO_CI(opts, ci) \
do { \
- u_char *ptr = ci; /* u_char[4] */ \
+ unsigned char *ptr = ci; /* unsigned char[4] */ \
\
/* H bit */ \
if (opts & MPPE_OPT_STATEFUL) \
/* The reverse of the above */
#define MPPE_CI_TO_OPTS(ci, opts) \
do { \
- u_char *ptr = ci; /* u_char[4] */ \
+ unsigned char *ptr = ci; /* unsigned char[4] */ \
\
opts = 0; \
\
if (ptr[3] & ~MPPE_ALL_BITS) \
opts |= MPPE_OPT_UNKNOWN; \
} while (/* CONSTCOND */ 0)
+
+
+#if PPP_WITH_MPPE
+
+/* These values are the RADIUS attribute values--see RFC 2548. */
+#define MPPE_ENC_POL_ENC_ALLOWED 1
+#define MPPE_ENC_POL_ENC_REQUIRED 2
+#define MPPE_ENC_TYPES_RC4_40 2
+#define MPPE_ENC_TYPES_RC4_128 4
+
+/* used by plugins (using above values) */
+void mppe_set_enc_types (int policy, int types);
+
+/*
+ * Set the MPPE send and recv keys. NULL values for keys are ignored
+ * and input values are cleared to avoid leaving them on the stack
+ */
+void mppe_set_keys(unsigned char *send_key, unsigned char *recv_key, int keylen);
+
+/*
+ * Get the MPPE recv key
+ */
+int mppe_get_recv_key(unsigned char *recv_key, int length);
+
+/*
+ * Get the MPPE send key
+ */
+int mppe_get_send_key(unsigned char *send_key, int length);
+
+/*
+ * Clear the MPPE keys
+ */
+void mppe_clear_keys(void);
+
+/*
+ * Check if the MPPE keys are set
+ */
+bool mppe_keys_isset(void);
+
+/*
+ * Set mppe_xxxx_key from NT Password Hash Hash (MSCHAPv1), see RFC3079
+ */
+void mppe_set_chapv1(unsigned char *rchallenge, unsigned char *PasswordHashHash);
+
+/*
+ * Set the mppe_xxxx_key from MS-CHAP-v2 credentials, see RFC3079
+ */
+void mppe_set_chapv2(unsigned char *PasswordHashHash,
+ unsigned char *NTResponse, int IsServer);
+
+#endif // #ifdef PPP_WITH_MPPE
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // #ifdef PPP_MPPE_H
* 3. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include <string.h>
#include <ctype.h>
#include <stdlib.h>
#include <netinet/in.h>
#include <unistd.h>
-#include "pppd.h"
+#include "pppd-private.h"
#include "fsm.h"
#include "lcp.h"
#include "tdb.h"
+#include "multilink.h"
bool endpoint_specified; /* user gave explicit endpoint discriminator */
char *bundle_id; /* identifier for our bundle */
#define process_exists(n) (kill((n), 0) == 0 || errno != ESRCH)
+multilink_join_hook_fn *multilink_join_hook = NULL;
+
+bool mp_master()
+{
+ return multilink_master;
+}
+
+bool mp_on()
+{
+ return doing_multilink;
+}
+
void
mp_check_options(void)
{
if (demand) {
/* already have a bundle */
cfg_bundle(0, 0, 0, 0);
- netif_set_mtu(0, mtu);
+ ppp_set_mtu(0, mtu);
return 0;
}
make_new_bundle(0, 0, 0, 0);
set_ifunit(1);
- netif_set_mtu(0, mtu);
+ ppp_set_mtu(0, mtu);
return 0;
}
mtu = MIN(ho->mrru, ao->mru);
if (demand) {
cfg_bundle(go->mrru, ho->mrru, go->neg_ssnhf, ho->neg_ssnhf);
- netif_set_mtu(0, mtu);
- script_setenv("BUNDLE", bundle_id + 7, 1);
+ ppp_set_mtu(0, mtu);
+ ppp_script_setenv("BUNDLE", bundle_id + 7, 1);
return 0;
}
/* attach to existing unit */
if (bundle_attach(unit)) {
set_ifunit(0);
- script_setenv("BUNDLE", bundle_id + 7, 0);
+ ppp_script_setenv("BUNDLE", bundle_id + 7, 0);
make_bundle_links(1);
unlock_db();
info("Link attached to %s", ifname);
/* we have to make a new bundle */
make_new_bundle(go->mrru, ho->mrru, go->neg_ssnhf, ho->neg_ssnhf);
set_ifunit(1);
- netif_set_mtu(0, mtu);
- script_setenv("BUNDLE", bundle_id + 7, 1);
+ ppp_set_mtu(0, mtu);
+ ppp_script_setenv("BUNDLE", bundle_id + 7, 1);
make_bundle_links(0);
unlock_db();
info("New bundle %s created", ifname);
print_link_stats();
if (!demand) {
remove_pidfiles();
- script_unsetenv("IFNAME");
+ ppp_script_unsetenv("IFNAME");
}
lock_db();
hp = gethostbyname(hostname);
if (hp != NULL) {
addr = *(u_int32_t *)hp->h_addr;
- if (!bad_ip_adrs(addr)) {
+ if (!ppp_bad_ip_addr(addr)) {
addr = ntohl(addr);
if (!LOCAL_IP_ADDR(addr)) {
ep->class = EPD_IP;
--- /dev/null
+/*
+ * multilink.h - support routines for multilink.
+ *
+ * Copyright (c) 2000-2002 Paul Mackerras. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * 3. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by Paul Mackerras
+ * <paulus@ozlabs.org>".
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef PPP_MULTILINK_H
+#define PPP_MULTILINK_H
+
+#include "pppdconf.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+/*
+ * values for epdisc.class
+ */
+#define EPD_NULL 0 /* null discriminator, no data */
+#define EPD_LOCAL 1
+#define EPD_IP 2
+#define EPD_MAC 3
+#define EPD_MAGIC 4
+#define EPD_PHONENUM 5
+
+struct epdisc;
+
+#ifdef PPP_WITH_MULTILINK
+
+/*
+ * Check multilink-related options
+ */
+void mp_check_options(void);
+
+/*
+ * Join our link to an appropriate bundle
+ */
+int mp_join_bundle(void);
+
+/*
+ * Disconnected our link from the bundle
+ */
+void mp_exit_bundle(void);
+
+/*
+ * Multipoint bundle terminated
+ */
+void mp_bundle_terminated(void);
+
+/*
+ * Acting as a multilink master
+ */
+bool mp_master();
+
+/*
+ * Was multilink negotiated
+ */
+bool mp_on();
+
+/*
+ * Convert an endpoint discriminator to a string
+ */
+char *epdisc_to_str(struct epdisc *);
+
+/*
+ * Convert a string to an endpoint discriminator
+ */
+int str_to_epdisc(struct epdisc *, char *);
+
+/*
+ * Hook for plugin to hear when an interface joins a multilink bundle
+ */
+typedef void (multilink_join_hook_fn)(void);
+extern multilink_join_hook_fn *multilink_join_hook;
+
+#else
+
+#define mp_check_options(x) ((void)0)
+#define mp_join_bundle(x) ((void)0)
+#define mp_exit_bundle(x) ((void)0)
+#define mp_bundle_terminated(x) ((void)0)
+
+static inline bool mp_on() {
+ return false;
+}
+
+static inline bool mp_master() {
+ return false;
+}
+
+#endif // PPP_WITH_MULTILINK
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // PPP_MULTILINK_H
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include <ctype.h>
#include <stdarg.h>
#include <stdio.h>
#include <syslog.h>
#include <string.h>
#include <pwd.h>
-#ifdef PLUGIN
+#include <sys/param.h>
+#include <net/if.h>
+#ifdef PPP_WITH_PLUGINS
#include <dlfcn.h>
#endif
-#ifdef PPP_FILTER
+#ifdef PPP_WITH_FILTER
#include <pcap.h>
/*
* There have been 3 or 4 different names for this in libpcap CVS, but
#define DLT_PPP_PPPD DLT_PPP
#endif
#endif
-#endif /* PPP_FILTER */
+#endif /* PPP_WITH_FILTER */
-#include "pppd.h"
+#include "pppd-private.h"
+#include "options.h"
+#include "upap.h"
#include "pathnames.h"
#if defined(ultrix) || defined(NeXT)
int debug = 0; /* Debug flag */
int kdebugflag = 0; /* Tell kernel to print debug messages */
int default_device = 1; /* Using /dev/tty or equivalent */
-char devnam[MAXPATHLEN]; /* Device name */
bool nodetach = 0; /* Don't detach from controlling tty */
bool updetach = 0; /* Detach once link is up */
bool master_detach; /* Detach when we're (only) multilink master */
bool persist = 0; /* Reopen link after it goes down */
char our_name[MAXNAMELEN]; /* Our name for authentication purposes */
bool demand = 0; /* do dial-on-demand */
-char *ipparam = NULL; /* Extra parameter for ip up/down scripts */
int idle_time_limit = 0; /* Disconnect if idle for this many seconds */
int holdoff = 30; /* # seconds to pause before reconnecting */
bool holdoff_specified; /* true if a holdoff value has been given */
int req_unit = -1; /* requested interface unit */
char path_ipup[MAXPATHLEN]; /* pathname of ip-up script */
char path_ipdown[MAXPATHLEN];/* pathname of ip-down script */
-char req_ifname[MAXIFNAMELEN]; /* requested interface name */
+char req_ifname[IFNAMSIZ]; /* requested interface name */
bool multilink = 0; /* Enable multilink operation */
char *bundle_name = NULL; /* bundle name for multilink */
bool dump_options; /* print out option values */
+bool show_options; /* print all supported options and exit */
bool dryrun; /* print out option values and exit */
char *domain; /* domain name set by domain option */
int child_wait = 5; /* # seconds to wait for children at exit */
struct userenv *userenv_list; /* user environment variables */
int dfl_route_metric = -1; /* metric of the default route to set over the PPP link */
-#ifdef MAXOCTETS
+#ifdef PPP_WITH_IPV6CP
+char path_ipv6up[MAXPATHLEN]; /* pathname of ipv6-up script */
+char path_ipv6down[MAXPATHLEN]; /* pathname of ipv6-down script */
+#endif
+
unsigned int maxoctets = 0; /* default - no limit */
-int maxoctets_dir = 0; /* default - sum of traffic */
+session_limit_dir_t maxoctets_dir = PPP_OCTETS_DIRECTION_SUM; /* default - sum of traffic */
int maxoctets_timeout = 1; /* default 1 second */
-#endif
-extern option_t auth_options[];
+extern struct option auth_options[];
extern struct stat devstat;
-#ifdef PPP_FILTER
+#ifdef PPP_WITH_FILTER
struct bpf_program pass_filter;/* Filter program for packets to pass */
struct bpf_program active_filter; /* Filter program for link-active pkts */
#endif
-static option_t *curopt; /* pointer to option being processed */
+static struct option *curopt; /* pointer to option being processed */
char *current_option; /* the name of the option being parsed */
int privileged_option; /* set iff the current option came from root */
char *option_source; /* string saying where the option came from */
static int logfile_fd = -1; /* fd opened for log file */
static char logfile_name[MAXPATHLEN]; /* name of log file */
+static bool noipx_opt; /* dummy for noipx option */
+
/*
* Prototypes
*/
static int showhelp(char **);
static void usage(void);
static int setlogfile(char **);
-#ifdef PLUGIN
+#ifdef PPP_WITH_PLUGINS
static int loadplugin(char **);
#endif
-#ifdef PPP_FILTER
+#ifdef PPP_WITH_FILTER
static int setpassfilter(char **);
static int setactivefilter(char **);
#endif
-#ifdef MAXOCTETS
static int setmodir(char **);
-#endif
static int user_setenv(char **);
-static void user_setprint(option_t *, printer_func, void *);
+static void user_setprint(struct option *, printer_func, void *);
static int user_unsetenv(char **);
-static void user_unsetprint(option_t *, printer_func, void *);
+static void user_unsetprint(struct option *, printer_func, void *);
-static option_t *find_option(char *name);
-static int process_option(option_t *, char *, char **);
-static int n_arguments(option_t *);
+static struct option *find_option(char *name);
+static int process_option(struct option *, char *, char **);
+static int n_arguments(struct option *);
static int number_option(char *, u_int32_t *, int);
/*
* Structure to store extra lists of options.
*/
struct option_list {
- option_t *options;
+ struct option *options;
struct option_list *next;
};
/*
* Valid arguments.
*/
-option_t general_options[] = {
+struct option general_options[] = {
{ "debug", o_int, &debug,
"Increase debugging level", OPT_INC | OPT_NOARG | 1 },
{ "-d", o_int, &debug,
{ "--version", o_special_noarg, (void *)showversion,
"Show version number" },
+ { "-v", o_special_noarg, (void *)showversion,
+ "Show version number" },
+ { "show-options", o_bool, &show_options,
+ "Show all options and exit", 1 },
{ "--help", o_special_noarg, (void *)showhelp,
"Show brief listing of options" },
{ "-h", o_special_noarg, (void *)showhelp,
{ "ifname", o_string, req_ifname,
"Set PPP interface name",
- OPT_PRIO | OPT_PRIV | OPT_STATIC, NULL, MAXIFNAMELEN },
+ OPT_PRIO | OPT_PRIV | OPT_STATIC, NULL, IFNAMSIZ },
{ "dump", o_bool, &dump_options,
"Print out option values after parsing all options", 1 },
"Set pathname of ip-down script",
OPT_PRIV|OPT_STATIC, NULL, MAXPATHLEN },
-#ifdef HAVE_MULTILINK
+#ifdef PPP_WITH_IPV6CP
+ { "ipv6-up-script", o_string, path_ipv6up,
+ "Set pathname of ipv6-up script",
+ OPT_PRIV|OPT_STATIC, NULL, MAXPATHLEN },
+ { "ipv6-down-script", o_string, path_ipv6down,
+ "Set pathname of ipv6-down script",
+ OPT_PRIV|OPT_STATIC, NULL, MAXPATHLEN },
+#endif
+
+#ifdef PPP_WITH_MULTILINK
{ "multilink", o_bool, &multilink,
"Enable multilink operation", OPT_PRIO | 1 },
{ "mp", o_bool, &multilink,
{ "bundle", o_string, &bundle_name,
"Bundle name for multilink", OPT_PRIO },
-#endif /* HAVE_MULTILINK */
+#endif /* PPP_WITH_MULTILINK */
-#ifdef PLUGIN
+#ifdef PPP_WITH_PLUGINS
{ "plugin", o_special, (void *)loadplugin,
"Load a plug-in module into pppd", OPT_PRIV | OPT_A2LIST },
#endif
-#ifdef PPP_FILTER
+#ifdef PPP_WITH_FILTER
{ "pass-filter", o_special, setpassfilter,
"set filter for packets to pass", OPT_PRIO },
"set filter for active pkts", OPT_PRIO },
#endif
-#ifdef MAXOCTETS
{ "maxoctets", o_int, &maxoctets,
"Set connection traffic limit",
OPT_PRIO | OPT_LLIMIT | OPT_NOINCR | OPT_ZEROINF },
"Set direction for limit traffic (sum,in,out,max)" },
{ "mo-timeout", o_int, &maxoctets_timeout,
"Check for traffic limit every N seconds", OPT_PRIO | OPT_LLIMIT | 1 },
-#endif
+
+ /* Dummy option, does nothing */
+ { "noipx", o_bool, &noipx_opt, NULL, OPT_NOPRINT | 1 },
{ NULL }
};
#define IMPLEMENTATION ""
#endif
-static char *usage_string = "\
-pppd version %s\n\
-Usage: %s [ options ], where options are:\n\
- <device> Communicate over the named device\n\
- <speed> Set the baud rate to <speed>\n\
- <loc>:<rem> Set the local and/or remote interface IP\n\
- addresses. Either one may be omitted.\n\
- asyncmap <n> Set the desired async map to hex <n>\n\
- auth Require authentication from peer\n\
- connect <p> Invoke shell command <p> to set up the serial line\n\
- crtscts Use hardware RTS/CTS flow control\n\
- defaultroute Add default route through interface\n\
- file <f> Take options from file <f>\n\
- modem Use modem control lines\n\
- mru <n> Set MRU value to <n> for negotiation\n\
-See pppd(8) for more options.\n\
-";
+int
+ppp_get_max_idle_time()
+{
+ return idle_time_limit;
+}
+
+void
+ppp_set_max_idle_time(unsigned int max)
+{
+ idle_time_limit = max;
+}
+
+int
+ppp_get_max_connect_time()
+{
+ return maxconnect;
+}
+
+void
+ppp_set_max_connect_time(unsigned int max)
+{
+ maxconnect = max;
+}
+
+void
+ppp_set_session_limit(unsigned int octets)
+{
+ maxoctets = octets;
+}
+
+void
+ppp_set_session_limit_dir(unsigned int dir)
+{
+ if (dir > 4)
+ dir = PPP_OCTETS_DIRECTION_SUM;
+ maxoctets_dir = (session_limit_dir_t) dir;
+}
+
+bool
+debug_on()
+{
+ return !!debug;
+}
+
+int
+ppp_get_path(ppp_path_t type, char *buf, size_t bufsz)
+{
+ const char *path;
+
+ if (buf && bufsz > 0) {
+ switch (type) {
+ case PPP_DIR_LOG:
+ path = PPP_PATH_VARLOG;
+ break;
+ case PPP_DIR_RUNTIME:
+ path = PPP_PATH_VARRUN;
+ break;
+#ifdef PPP_WITH_PLUGINS
+ case PPP_DIR_PLUGIN:
+ path = PPP_PATH_PLUGIN;
+ break;
+#endif
+ case PPP_DIR_CONF:
+ path = PPP_PATH_CONFDIR;
+ break;
+ }
+ return strlcpy(buf, path, bufsz);
+ }
+ return -1;
+}
+
+int
+ppp_get_filepath(ppp_path_t type, const char *name, char *buf, size_t bufsz)
+{
+ const char *path;
+
+ if (buf && bufsz > 0) {
+ switch (type) {
+ case PPP_DIR_LOG:
+ path = PPP_PATH_VARLOG;
+ break;
+ case PPP_DIR_RUNTIME:
+ path = PPP_PATH_VARRUN;
+ break;
+#ifdef PPP_WITH_PLUGINS
+ case PPP_DIR_PLUGIN:
+ path = PPP_PATH_PLUGIN;
+ break;
+#endif
+ case PPP_DIR_CONF:
+ path = PPP_PATH_CONFDIR;
+ break;
+ }
+ return slprintf(buf, bufsz, "%s/%s", path, name);
+ }
+ return -1;
+}
+
+bool ppp_persist()
+{
+ return !!persist;
+}
/*
* parse_args - parse a string of arguments from the command line.
parse_args(int argc, char **argv)
{
char *arg;
- option_t *opt;
+ struct option *opt;
int n;
privileged_option = privileged;
--argc;
opt = find_option(arg);
if (opt == NULL) {
- option_error("unrecognized option '%s'", arg);
+ ppp_option_error("unrecognized option '%s'", arg);
usage();
return 0;
}
n = n_arguments(opt);
if (argc < n) {
- option_error("too few parameters for option %s", arg);
+ ppp_option_error("too few parameters for option %s", arg);
return 0;
}
if (!process_option(opt, arg, argv))
* and interpret them.
*/
int
-options_from_file(char *filename, int must_exist, int check_prot, int priv)
+ppp_options_from_file(char *filename, int must_exist, int check_prot, int priv)
{
FILE *f;
int i, newline, ret, err;
- option_t *opt;
+ struct option *opt;
int oldpriv, n;
char *oldsource;
uid_t euid;
euid = geteuid();
if (check_prot && seteuid(getuid()) == -1) {
- option_error("unable to drop privileges to open %s: %m", filename);
+ ppp_option_error("unable to drop privileges to open %s: %m", filename);
return 0;
}
f = fopen(filename, "r");
warn("Warning: can't open options file %s: %m", filename);
return 1;
}
- option_error("Can't open options file %s: %m", filename);
+ ppp_option_error("Can't open options file %s: %m", filename);
return 0;
}
while (getword(f, cmd, &newline, filename)) {
opt = find_option(cmd);
if (opt == NULL) {
- option_error("In file %s: unrecognized option '%s'",
+ ppp_option_error("In file %s: unrecognized option '%s'",
filename, cmd);
goto err;
}
n = n_arguments(opt);
for (i = 0; i < n; ++i) {
if (!getword(f, args[i], &newline, filename)) {
- option_error(
+ ppp_option_error(
"In file %s: too few parameters for option '%s'",
filename, cmd);
goto err;
err:
fclose(f);
+ free(option_source);
privileged_option = oldpriv;
option_source = oldsource;
return ret;
pw = getpwuid(getuid());
if (pw == NULL || (user = pw->pw_dir) == NULL || user[0] == 0)
return 1;
- file = _PATH_USEROPT;
+ file = PPP_PATH_USEROPT;
pl = strlen(user) + strlen(file) + 2;
path = malloc(pl);
if (path == NULL)
novm("init file name");
slprintf(path, pl, "%s/%s", user, file);
option_priority = OPRIO_CFGFILE;
- ret = options_from_file(path, 0, 1, privileged);
+ ret = ppp_options_from_file(path, 0, 1, privileged);
free(path);
return ret;
}
dev = p + 5;
if (dev[0] == 0 || strcmp(dev, "tty") == 0)
return 1; /* don't look for /etc/ppp/options.tty */
- pl = strlen(_PATH_TTYOPT) + strlen(dev) + 1;
+ pl = strlen(PPP_PATH_TTYOPT) + strlen(dev) + 1;
path = malloc(pl);
if (path == NULL)
novm("tty init file name");
- slprintf(path, pl, "%s%s", _PATH_TTYOPT, dev);
+ slprintf(path, pl, "%s%s", PPP_PATH_TTYOPT, dev);
/* Turn slashes into dots, for Solaris case (e.g. /dev/term/a) */
- for (p = path + strlen(_PATH_TTYOPT); *p != 0; ++p)
+ for (p = path + strlen(PPP_PATH_TTYOPT); *p != 0; ++p)
if (*p == '/')
*p = '.';
option_priority = OPRIO_CFGFILE;
- ret = options_from_file(path, 0, 0, 1);
+ ret = ppp_options_from_file(path, 0, 0, 1);
free(path);
return ret;
}
options_from_list(struct wordlist *w, int priv)
{
char *argv[MAXARGS];
- option_t *opt;
+ struct option *opt;
int i, n, ret = 0;
struct wordlist *w0;
while (w != NULL) {
opt = find_option(w->word);
if (opt == NULL) {
- option_error("In secrets file: unrecognized option '%s'",
+ ppp_option_error("In secrets file: unrecognized option '%s'",
w->word);
goto err;
}
for (i = 0; i < n; ++i) {
w = w->next;
if (w == NULL) {
- option_error(
+ ppp_option_error(
"In secrets file: too few parameters for option '%s'",
w0->word);
goto err;
}
/*
- * match_option - see if this option matches an option_t structure.
+ * match_option - see if this option matches an option structure.
*/
static int
-match_option(char *name, option_t *opt, int dowild)
+match_option(char *name, struct option *opt, int dowild)
{
int (*match)(char *, char **, int);
* looking for an entry with the given name.
* This could be optimized by using a hash table.
*/
-static option_t *
+static struct option *
find_option(char *name)
{
- option_t *opt;
+ struct option *opt;
struct option_list *list;
int i, dowild;
* process_option - process one new-style option.
*/
static int
-process_option(option_t *opt, char *cmd, char **argv)
+process_option(struct option *opt, char *cmd, char **argv)
{
u_int32_t v;
int iv, a;
int (*wildp)(char *, char **, int);
char *optopt = (opt->type == o_wild)? "": " option";
int prio = option_priority;
- option_t *mainopt = opt;
+ struct option *mainopt = opt;
current_option = opt->name;
if ((opt->flags & OPT_PRIVFIX) && privileged_option)
if (prio < mainopt->priority) {
/* new value doesn't override old */
if (prio == OPRIO_CMDLINE && mainopt->priority > OPRIO_ROOT) {
- option_error("%s%s set in %s cannot be overridden\n",
+ ppp_option_error("%s%s set in %s cannot be overridden\n",
opt->name, optopt, mainopt->source);
return 0;
}
opt->name, optopt, option_source);
}
- if ((opt->flags & OPT_INITONLY) && phase != PHASE_INITIALIZE) {
- option_error("%s%s cannot be changed after initialization",
+ if ((opt->flags & OPT_INITONLY) && !in_phase(PHASE_INITIALIZE)) {
+ ppp_option_error("%s%s cannot be changed after initialization",
opt->name, optopt);
return 0;
}
if ((opt->flags & OPT_PRIV) && !privileged_option) {
- option_error("using the %s%s requires root privilege",
+ ppp_option_error("using the %s%s requires root privilege",
opt->name, optopt);
return 0;
}
if ((opt->flags & OPT_ENABLE) && *(bool *)(opt->addr2) == 0) {
- option_error("%s%s is disabled", opt->name, optopt);
+ ppp_option_error("%s%s is disabled", opt->name, optopt);
return 0;
}
if ((opt->flags & OPT_DEVEQUIV) && devnam_fixed) {
- option_error("the %s%s may not be changed in %s",
+ ppp_option_error("the %s%s may not be changed in %s",
opt->name, optopt, option_source);
return 0;
}
case o_int:
iv = 0;
if ((opt->flags & OPT_NOARG) == 0) {
- if (!int_option(*argv, &iv))
+ if (!ppp_int_option(*argv, &iv))
return 0;
if ((((opt->flags & OPT_LLIMIT) && iv < opt->lower_limit)
|| ((opt->flags & OPT_ULIMIT) && iv > opt->upper_limit))
char *zok = (opt->flags & OPT_ZEROOK)? " zero or": "";
switch (opt->flags & OPT_LIMITS) {
case OPT_LLIMIT:
- option_error("%s value must be%s >= %d",
+ ppp_option_error("%s value must be%s >= %d",
opt->name, zok, opt->lower_limit);
break;
case OPT_ULIMIT:
- option_error("%s value must be%s <= %d",
+ ppp_option_error("%s value must be%s <= %d",
opt->name, zok, opt->upper_limit);
break;
case OPT_LIMITS:
- option_error("%s value must be%s between %d and %d",
+ ppp_option_error("%s value must be%s between %d and %d",
opt->name, zok, opt->lower_limit, opt->upper_limit);
break;
}
int oldv = *(int *)(opt->addr);
if ((opt->flags & OPT_ZEROINF) ?
(oldv != 0 && (iv == 0 || iv > oldv)) : (iv > oldv)) {
- option_error("%s value cannot be increased", opt->name);
+ ppp_option_error("%s value cannot be increased", opt->name);
return 0;
}
}
int
override_value(char *option, int priority, const char *source)
{
- option_t *opt;
+ struct option *opt;
opt = find_option(option);
if (opt == NULL)
* n_arguments - tell how many arguments an option takes
*/
static int
-n_arguments(option_t *opt)
+n_arguments(struct option *opt)
{
return (opt->type == o_bool || opt->type == o_special_noarg
|| (opt->flags & OPT_NOARG))? 0: 1;
* add_options - add a list of options to the set we grok.
*/
void
-add_options(option_t *opt)
+ppp_add_options(struct option *opt)
{
struct option_list *list;
* print_option - print out an option and its value
*/
static void
-print_option(option_t *opt, option_t *mainopt, printer_func printer, void *arg)
+print_option(struct option *opt, struct option *mainopt, printer_func printer, void *arg)
{
int i, v;
char *p;
printer(arg, " ");
}
if (opt->flags & OPT_A2PRINTER) {
- void (*oprt)(option_t *, printer_func, void *);
- oprt = (void (*)(option_t *, printer_func, void *))
+ void (*oprt)(struct option *, printer_func, void *);
+ oprt = (void (*)(struct option *, printer_func, void *))
opt->addr2;
(*oprt)(opt, printer, arg);
} else if (opt->flags & OPT_A2STRVAL) {
* array of options.
*/
static void
-print_option_list(option_t *opt, printer_func printer, void *arg)
+print_option_list(struct option *opt, printer_func printer, void *arg)
{
while (opt->name != NULL) {
if (opt->priority != OPRIO_DEFAULT
static void
usage(void)
{
- if (phase == PHASE_INITIALIZE)
- fprintf(stderr, usage_string, VERSION, progname);
+ FILE *fp = stderr;
+ if (in_phase(PHASE_INITIALIZE)) {
+ fprintf(fp, "%s v%s\n", PACKAGE_NAME, PACKAGE_VERSION);
+ fprintf(fp, "Copyright (C) 1999-2022 Paul Mackerras, and others. All rights reserved.\n\n");
+
+
+ fprintf(fp, "License BSD: The 3 clause BSD license <https://opensource.org/licenses/BSD-3-Clause>\n");
+ fprintf(fp, "This is free software: you are free to change and redistribute it.\n");
+ fprintf(fp, "There is NO WARRANTY, to the extent permitted by law.\n\n");
+
+ fprintf(fp, "Report Bugs:\n %s\n\n", PACKAGE_BUGREPORT);
+ fprintf(fp, "Usage: %s [ options ], where options are:\n", progname);
+ fprintf(fp, " <device> Communicate over the named device\n");
+ fprintf(fp, " <speed> Set the baud rate to <speed>\n");
+ fprintf(fp, " <loc>:<rem> Set the local and/or remote interface IP\n");
+ fprintf(fp, " addresses. Either one may be omitted.\n");
+ fprintf(fp, " asyncmap <n> Set the desired async map to hex <n>\n");
+ fprintf(fp, " auth Require authentication from peer\n");
+ fprintf(fp, " connect <p> Invoke shell command <p> to set up the serial line\n");
+ fprintf(fp, " crtscts Use hardware RTS/CTS flow control\n");
+ fprintf(fp, " defaultroute Add default route through interface\n");
+ fprintf(fp, " file <f> Take options from file <f>\n");
+ fprintf(fp, " modem Use modem control lines\n");
+ fprintf(fp, " mru <n> Set MRU value to <n> for negotiation\n");
+ fprintf(fp, " show-options Display an extended list of options\n");
+ fprintf(fp, "See pppd(8) for more options.\n");
+ }
}
/*
static int
showhelp(char **argv)
{
- if (phase == PHASE_INITIALIZE) {
+ if (in_phase(PHASE_INITIALIZE)) {
usage();
exit(0);
}
static int
showversion(char **argv)
{
- if (phase == PHASE_INITIALIZE) {
+ if (in_phase(PHASE_INITIALIZE)) {
fprintf(stdout, "pppd version %s\n", VERSION);
exit(0);
}
}
/*
- * option_error - print a message about an error in an option.
+ * Print a set of options including the name of the group of options
+ */
+static void
+showopts_list(FILE *fp, const char *title, struct option *list, ...)
+{
+ struct option *opt = list;
+ va_list varg;
+
+ if (opt && opt->name) {
+ va_start(varg, list);
+ vfprintf(fp, title, varg);
+ fprintf(fp, ":\n");
+ va_end(varg);
+
+ do {
+ fprintf(fp, " %-22s %s\n", opt->name, opt->description?:"");
+ opt++;
+ } while (opt && opt->name);
+
+ fprintf(fp, "\n");
+ }
+}
+
+/*
+ * Dumps the list of available options
+ */
+void
+showopts(void)
+{
+ struct option_list *list;
+ FILE *fp = stderr;
+ int i = 0;
+
+ showopts_list(fp, "General Options",
+ general_options);
+
+ showopts_list(fp, "Authentication Options",
+ auth_options);
+
+ for (list = extra_options; list != NULL; list = list->next)
+ showopts_list(fp, "Extra Options", list->options);
+
+ showopts_list(fp, "Channel Options",
+ the_channel->options);
+
+ for (i = 0; protocols[i] != NULL; ++i) {
+ if (protocols[i]->options != NULL) {
+ showopts_list(fp, "%s Options",
+ protocols[i]->options,
+ protocols[i]->name);
+ }
+ }
+}
+
+/*
+ * ppp_option_error - print a message about an error in an option.
* The message is logged, and also sent to
- * stderr if phase == PHASE_INITIALIZE.
+ * stderr if in_phase(PHASE_INITIALIZE).
*/
void
-option_error(char *fmt, ...)
+ppp_option_error(char *fmt, ...)
{
va_list args;
char buf[1024];
va_start(args, fmt);
vslprintf(buf, sizeof(buf), fmt, args);
va_end(args);
- if (phase == PHASE_INITIALIZE)
+ if (in_phase(PHASE_INITIALIZE))
fprintf(stderr, "%s: %s\n", progname, buf);
syslog(LOG_ERR, "%s", buf);
}
if (ferror(f)) {
if (errno == 0)
errno = EIO;
- option_error("Error reading %s: %m", filename);
+ ppp_option_error("Error reading %s: %m", filename);
die(1);
}
/*
if (len == 0)
return 0;
if (quoted)
- option_error("warning: quoted word runs to end of file (%.20s...)",
+ ppp_option_error("warning: quoted word runs to end of file (%.20s...)",
filename, word);
}
* Warn if the word was too long, and append a terminating null.
*/
if (len >= MAXWORDLEN) {
- option_error("warning: word in file %s too long (%.20s...)",
+ ppp_option_error("warning: word in file %s too long (%.20s...)",
filename, word);
len = MAXWORDLEN - 1;
}
*valp = strtoul(str, &ptr, base);
if (ptr == str) {
- option_error("invalid numeric parameter '%s' for %s option",
+ ppp_option_error("invalid numeric parameter '%s' for %s option",
str, current_option);
return 0;
}
* if there is an error.
*/
int
-int_option(char *str, int *valp)
+ppp_int_option(char *str, int *valp)
{
u_int32_t v;
static int
readfile(char **argv)
{
- return options_from_file(*argv, 1, 1, privileged_option);
+ return ppp_options_from_file(*argv, 1, 1, privileged_option);
}
/*
}
}
if (!ok) {
- option_error("call option value may not contain .. or start with /");
+ ppp_option_error("call option value may not contain .. or start with /");
return 0;
}
- l = strlen(arg) + strlen(_PATH_PEERFILES) + 1;
+ l = strlen(arg) + strlen(PPP_PATH_PEERFILES) + 1;
if ((fname = (char *) malloc(l)) == NULL)
novm("call file name");
- slprintf(fname, l, "%s%s", _PATH_PEERFILES, arg);
- script_setenv("CALL_FILE", arg, 0);
+ slprintf(fname, l, "%s%s", PPP_PATH_PEERFILES, arg);
+ ppp_script_setenv("CALL_FILE", arg, 0);
- ok = options_from_file(fname, 1, 1, 1);
+ ok = ppp_options_from_file(fname, 1, 1, 1);
free(fname);
return ok;
}
-#ifdef PPP_FILTER
+#ifdef PPP_WITH_FILTER
/*
* setpassfilter - Set the pass filter for packets
*/
pc = pcap_open_dead(DLT_PPP_PPPD, 65535);
if (pcap_compile(pc, &pass_filter, *argv, 1, netmask) == -1) {
- option_error("error in pass-filter expression: %s\n",
+ ppp_option_error("error in pass-filter expression: %s\n",
pcap_geterr(pc));
ret = 0;
}
pc = pcap_open_dead(DLT_PPP_PPPD, 65535);
if (pcap_compile(pc, &active_filter, *argv, 1, netmask) == -1) {
- option_error("error in active-filter expression: %s\n",
+ ppp_option_error("error in active-filter expression: %s\n",
pcap_geterr(pc));
ret = 0;
}
euid = geteuid();
if (!privileged_option && seteuid(getuid()) == -1) {
- option_error("unable to drop permissions to open %s: %m", *argv);
+ ppp_option_error("unable to drop permissions to open %s: %m", *argv);
return 0;
}
fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL, 0644);
fatal("unable to regain privileges: %m");
if (fd < 0) {
errno = err;
- option_error("Can't open log file %s: %m", *argv);
+ ppp_option_error("Can't open log file %s: %m", *argv);
return 0;
}
strlcpy(logfile_name, *argv, sizeof(logfile_name));
return 1;
}
-#ifdef MAXOCTETS
static int
setmodir(char **argv)
{
}
return 1;
}
-#endif
-#ifdef PLUGIN
+#ifdef PPP_WITH_PLUGINS
static int
loadplugin(char **argv)
{
const char *vers;
if (strchr(arg, '/') == 0) {
- const char *base = _PATH_PLUGIN;
+ const char *base = PPP_PATH_PLUGIN;
int l = strlen(base) + strlen(arg) + 2;
path = malloc(l);
if (path == 0)
if (handle == 0) {
err = dlerror();
if (err != 0)
- option_error("%s", err);
- option_error("Couldn't load plugin %s", arg);
+ ppp_option_error("%s", err);
+ ppp_option_error("Couldn't load plugin %s", arg);
goto err;
}
init = (void (*)(void))dlsym(handle, "plugin_init");
if (init == 0) {
- option_error("%s has no initialization entry point", arg);
+ ppp_option_error("%s has no initialization entry point", arg);
goto errclose;
}
vers = (const char *) dlsym(handle, "pppd_version");
if (vers == 0) {
warn("Warning: plugin %s has no version information", arg);
} else if (strcmp(vers, VERSION) != 0) {
- option_error("Plugin %s is for pppd version %s, this is %s",
+ ppp_option_error("Plugin %s is for pppd version %s, this is %s",
arg, vers, VERSION);
goto errclose;
}
info("Plugin %s loaded.", arg);
(*init)();
+ if (path != arg)
+ free(path);
return 1;
errclose:
free(path);
return 0;
}
-#endif /* PLUGIN */
+#endif /* PPP_WITH_PLUGINS */
/*
* Set an environment variable specified by the user.
struct userenv *uep, **insp;
if ((eqp = strchr(arg, '=')) == NULL) {
- option_error("missing = in name=value: %s", arg);
+ ppp_option_error("missing = in name=value: %s", arg);
return 0;
}
if (eqp == arg) {
- option_error("missing variable name: %s", arg);
+ ppp_option_error("missing variable name: %s", arg);
return 0;
}
for (uep = userenv_list; uep != NULL; uep = uep->ue_next) {
/* The name never changes, so allocate it with the structure */
if (uep == NULL) {
uep = malloc(sizeof (*uep) + (eqp-arg));
+ if (uep == NULL) {
+ novm("environment variable");
+ return 1;
+ }
strncpy(uep->ue_name, arg, eqp-arg);
uep->ue_name[eqp-arg] = '\0';
uep->ue_next = NULL;
}
static void
-user_setprint(option_t *opt, printer_func printer, void *arg)
+user_setprint(struct option *opt, printer_func printer, void *arg)
{
struct userenv *uep, *uepnext;
char *arg = argv[0];
if (strchr(arg, '=') != NULL) {
- option_error("unexpected = in name: %s", arg);
+ ppp_option_error("unexpected = in name: %s", arg);
return 0;
}
if (*arg == '\0') {
- option_error("missing variable name for unset");
+ ppp_option_error("missing variable name for unset");
return 0;
}
for (uep = userenv_list; uep != NULL; uep = uep->ue_next) {
/* The name never changes, so allocate it with the structure */
if (uep == NULL) {
uep = malloc(sizeof (*uep) + strlen(arg));
+ if (uep == NULL) {
+ novm("environment variable");
+ return 1;
+ }
strcpy(uep->ue_name, arg);
uep->ue_next = NULL;
insp = &userenv_list;
}
static void
-user_unsetprint(option_t *opt, printer_func printer, void *arg)
+user_unsetprint(struct option *opt, printer_func printer, void *arg)
{
struct userenv *uep, *uepnext;
--- /dev/null
+/*
+ * options.h - header declarations for option processing for PPP.
+ *
+ * Copyright (c) 2000-2002 Paul Mackerras. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * 3. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by Paul Mackerras
+ * <paulus@ozlabs.org>".
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef PPP_OPTIONS_H
+#define PPP_OPTIONS_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+enum opt_type {
+ o_special_noarg,
+ o_special,
+ o_bool,
+ o_int,
+ o_uint32,
+ o_string,
+ o_wild
+};
+
+struct option {
+ char *name; /* name of the option */
+ enum opt_type type;
+ void *addr;
+ char *description;
+ unsigned int flags;
+ void *addr2;
+ int upper_limit;
+ int lower_limit;
+ const char *source;
+ short int priority;
+ short int winner;
+};
+
+typedef struct option option_t;
+
+/* Values for flags */
+#define OPT_VALUE 0xff /* mask for presupplied value */
+#define OPT_HEX 0x100 /* int option is in hex */
+#define OPT_NOARG 0x200 /* option doesn't take argument */
+#define OPT_OR 0x400 /* for u32, OR in argument to value */
+#define OPT_INC 0x400 /* for o_int, increment value */
+#define OPT_A2OR 0x800 /* for o_bool, OR arg to *(u_char *)addr2 */
+#define OPT_PRIV 0x1000 /* privileged option */
+#define OPT_STATIC 0x2000 /* string option goes into static array */
+#define OPT_NOINCR 0x2000 /* for o_int, value mustn't be increased */
+#define OPT_LLIMIT 0x4000 /* check value against lower limit */
+#define OPT_ULIMIT 0x8000 /* check value against upper limit */
+#define OPT_LIMITS (OPT_LLIMIT|OPT_ULIMIT)
+#define OPT_ZEROOK 0x10000 /* 0 value is OK even if not within limits */
+#define OPT_HIDE 0x10000 /* for o_string, print value as ?????? */
+#define OPT_A2LIST 0x20000 /* for o_special, keep list of values */
+#define OPT_A2CLRB 0x20000 /* o_bool, clr val bits in *(u_char *)addr2 */
+#define OPT_ZEROINF 0x40000 /* with OPT_NOINCR, 0 == infinity */
+#define OPT_PRIO 0x80000 /* process option priorities for this option */
+#define OPT_PRIOSUB 0x100000 /* subsidiary member of priority group */
+#define OPT_ALIAS 0x200000 /* option is alias for previous option */
+#define OPT_A2COPY 0x400000 /* addr2 -> second location to rcv value */
+#define OPT_ENABLE 0x800000 /* use *addr2 as enable for option */
+#define OPT_A2CLR 0x1000000 /* clear *(bool *)addr2 */
+#define OPT_PRIVFIX 0x2000000 /* user can't override if set by root */
+#define OPT_INITONLY 0x4000000 /* option can only be set in init phase */
+#define OPT_DEVEQUIV 0x8000000 /* equiv to device name */
+#define OPT_DEVNAM (OPT_INITONLY | OPT_DEVEQUIV)
+#define OPT_A2PRINTER 0x10000000 /* *addr2 printer_func to print option */
+#define OPT_A2STRVAL 0x20000000 /* *addr2 points to current string value */
+#define OPT_NOPRINT 0x40000000 /* don't print this option at all */
+
+#define OPT_VAL(x) ((x) & OPT_VALUE)
+
+/* Values for priority */
+#define OPRIO_DEFAULT 0 /* a default value */
+#define OPRIO_CFGFILE 1 /* value from a configuration file */
+#define OPRIO_CMDLINE 2 /* value from the command line */
+#define OPRIO_SECFILE 3 /* value from options in a secrets file */
+#define OPRIO_ROOT 100 /* added to priority if OPT_PRIVFIX && root */
+
+/* Add additional supported options by e.g. plug-in */
+void ppp_add_options(struct option *options);
+
+/* Parse options from an options file */
+int ppp_options_from_file(char *filename, int must_exist, int check_prot,
+ int privileged);
+
+/* Simplified number_option for decimal ints */
+int ppp_int_option(char *name, int *value);
+
+/* Print an error message about an option */
+void ppp_option_error(char *fmt, ...);
+
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // PPP_OPTIONS_H
+++ /dev/null
-#define VERSION "2.4.9"
-#define DATE "5 January 2021"
/*
- * define path names
+ * pathnames.h - define default paths for pppd
+ *
+ * Copyright (c) 1999-2002 Paul Mackerras. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * 3. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by Paul Mackerras
+ * <paulus@ozlabs.org>".
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+/*
+ * Paths are controlled by configure. Typically, one would pass the following options
+ * to configure:
+ * ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var
+ *
+ * Note that if the prefix variable do control all the other directory variables, e.g
+ * sysconfdir is ${prefix}/etc. Setting prefix to /usr, you'll have to override
+ * sysconfdir with /etc to avoid installing config files into /usr/etc.
+ *
+ * In addition, there are three explicit variables that has overrides via configure:
+ * - PPPD_RUNTIME_DIR, set by --with-runtime-dir=<dir>
+ * - PPPD_LOGFILE_DIR, set by --with-logfile-dir=<dir>
+ * - PPPD_PLUGIN_DIR, set by --with-plugin-dir=<dir>
+ */
+#ifndef PPP_PATHNAMES_H
+#define PPP_PATHNAMES_H
+
+#include "pppdconf.h"
+
#ifdef HAVE_PATHS_H
#include <paths.h>
+#endif /* HAVE_PATHS_H */
-#else /* HAVE_PATHS_H */
-#ifndef _PATH_VARRUN
-#define _PATH_VARRUN "/etc/ppp/"
+#ifndef _PATH_DEVNULL
+#define _PATH_DEVNULL "/dev/null"
#endif
-#define _PATH_DEVNULL "/dev/null"
-#endif /* HAVE_PATHS_H */
-#ifndef _ROOT_PATH
-#define _ROOT_PATH
+#define PPP_DEVNULL _PATH_DEVNULL
+
+/*
+ * PPPD_RUNTIME_DIR is set by passing --with-runtime-dir=<path> via configure
+ * the default value set by configure when option is absent is ${localstatedir}/run/pppd
+ */
+#ifdef PPPD_RUNTIME_DIR
+#define PPP_PATH_VARRUN PPPD_RUNTIME_DIR
+#else
+#define PPP_PATH_VARRUN _PATH_VARRUN
+#endif
+
+/*
+ * PPPD_LOGFILE_DIR is set by passing --with-logfile-dir=<path> via configure
+ * the default value set by configure when option is absent is ${localstatedir}/log/ppp
+ */
+#ifdef PPPD_LOGFILE_DIR
+#define PPP_PATH_VARLOG PPPD_LOGFILE_DIR
+#else
+#define PPP_PATH_VARLOG _PATH_VARRUN "/log/ppp"
#endif
-#define _PATH_UPAPFILE _ROOT_PATH "/etc/ppp/pap-secrets"
-#define _PATH_CHAPFILE _ROOT_PATH "/etc/ppp/chap-secrets"
-#define _PATH_SRPFILE _ROOT_PATH "/etc/ppp/srp-secrets"
-
-#ifdef USE_EAPTLS
-#define _PATH_EAPTLSCLIFILE _ROOT_PATH "/etc/ppp/eaptls-client"
-#define _PATH_EAPTLSSERVFILE _ROOT_PATH "/etc/ppp/eaptls-server"
-#define _PATH_OPENSSLCONFFILE _ROOT_PATH "/etc/ppp/openssl.cnf"
-#endif /* USE_EAPTLS */
-
-#define _PATH_SYSOPTIONS _ROOT_PATH "/etc/ppp/options"
-#define _PATH_IPUP _ROOT_PATH "/etc/ppp/ip-up"
-#define _PATH_IPDOWN _ROOT_PATH "/etc/ppp/ip-down"
-#define _PATH_IPPREUP _ROOT_PATH "/etc/ppp/ip-pre-up"
-#define _PATH_AUTHUP _ROOT_PATH "/etc/ppp/auth-up"
-#define _PATH_AUTHDOWN _ROOT_PATH "/etc/ppp/auth-down"
-#define _PATH_TTYOPT _ROOT_PATH "/etc/ppp/options."
-#define _PATH_CONNERRS _ROOT_PATH "/etc/ppp/connect-errors"
-#define _PATH_PEERFILES _ROOT_PATH "/etc/ppp/peers/"
-#define _PATH_RESOLV _ROOT_PATH "/etc/ppp/resolv.conf"
-
-#define _PATH_USEROPT ".ppprc"
-#define _PATH_PSEUDONYM ".ppp_pseudonym"
-
-#ifdef INET6
-#define _PATH_IPV6UP _ROOT_PATH "/etc/ppp/ipv6-up"
-#define _PATH_IPV6DOWN _ROOT_PATH "/etc/ppp/ipv6-down"
+/*
+ * PPPD_PLUGIN_DIR is set by passing --with-plugin-dir=<path> via configure
+ * the default value set by configure when option is absent is ${libdir}/pppd/${version}
+ */
+#ifdef PPPD_PLUGIN_DIR
+#define PPP_PATH_PLUGIN PPPD_PLUGIN_DIR
+#endif /* PPPD_PLUGIN_DIR */
+
+#define PPP_PATH_CONFDIR SYSCONFDIR "/ppp"
+
+#define PPP_PATH_UPAPFILE PPP_PATH_CONFDIR "/pap-secrets"
+#define PPP_PATH_CHAPFILE PPP_PATH_CONFDIR "/chap-secrets"
+#define PPP_PATH_SRPFILE PPP_PATH_CONFDIR "/srp-secrets"
+
+#ifdef PPP_WITH_EAPTLS
+#define PPP_PATH_EAPTLSCLIFILE PPP_PATH_CONFDIR "/eaptls-client"
+#define PPP_PATH_EAPTLSSERVFILE PPP_PATH_CONFDIR "/eaptls-server"
+#define PPP_PATH_OPENSSLCONFFILE PPP_PATH_CONFDIR "/openssl.cnf"
+#endif /* PPP_WITH_EAPTLS */
+
+#define PPP_PATH_SYSOPTIONS PPP_PATH_CONFDIR "/options"
+#define PPP_PATH_IPUP PPP_PATH_CONFDIR "/ip-up"
+#define PPP_PATH_IPDOWN PPP_PATH_CONFDIR "/ip-down"
+#define PPP_PATH_IPPREUP PPP_PATH_CONFDIR "/ip-pre-up"
+#define PPP_PATH_AUTHUP PPP_PATH_CONFDIR "/auth-up"
+#define PPP_PATH_AUTHDOWN PPP_PATH_CONFDIR "/auth-down"
+#define PPP_PATH_TTYOPT PPP_PATH_CONFDIR "/options."
+#define PPP_PATH_PEERFILES PPP_PATH_CONFDIR "/peers/"
+#define PPP_PATH_RESOLV PPP_PATH_CONFDIR "/resolv.conf"
+
+#define PPP_PATH_NET_INIT PPP_PATH_CONFDIR "/net-init"
+#define PPP_PATH_NET_PREUP PPP_PATH_CONFDIR "/net-pre-up"
+#define PPP_PATH_NET_DOWN PPP_PATH_CONFDIR "/net-down"
+
+#define PPP_PATH_CONNERRS PPP_PATH_VARLOG "/connect-errors"
+
+#define PPP_PATH_USEROPT ".ppprc"
+#define PPP_PATH_PSEUDONYM ".ppp_pseudonym"
+
+#ifdef PPP_WITH_IPV6CP
+#define PPP_PATH_IPV6UP PPP_PATH_CONFDIR "/ipv6-up"
+#define PPP_PATH_IPV6DOWN PPP_PATH_CONFDIR "/ipv6-down"
#endif
-#ifdef IPX_CHANGE
-#define _PATH_IPXUP _ROOT_PATH "/etc/ppp/ipx-up"
-#define _PATH_IPXDOWN _ROOT_PATH "/etc/ppp/ipx-down"
-#endif /* IPX_CHANGE */
+#define PPP_PATH_PPPDB PPP_PATH_VARRUN "/pppd2.tdb"
-#ifdef __STDC__
-#define _PATH_PPPDB _ROOT_PATH _PATH_VARRUN "pppd2.tdb"
-#else /* __STDC__ */
-#ifdef HAVE_PATHS_H
-#define _PATH_PPPDB "/var/run/pppd2.tdb"
+#ifdef __linux__
+#define PPP_PATH_LOCKDIR "/var/lock"
+#else
+#ifdef SVR4
+#define PPP_PATH_LOCKDIR "/var/spool/locks"
#else
-#define _PATH_PPPDB "/etc/ppp/pppd2.tdb"
+#define PPP_PATH_LOCKDIR "/var/spool/lock"
+#endif
#endif
-#endif /* __STDC__ */
-#ifdef PLUGIN
-#ifdef __STDC__
-#define _PATH_PLUGIN DESTDIR "/lib/pppd/" VERSION
-#else /* __STDC__ */
-#define _PATH_PLUGIN "/usr/lib/pppd"
-#endif /* __STDC__ */
-#endif /* PLUGIN */
+#endif /* PPP_PATHNAMES_H */
--- /dev/null
+/*
+ * Copyright (c) 2011 Rustam Kovhaev. All rights reserved.
+ * Copyright (c) 2021 Eivind Næss. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * NOTES:
+ *
+ * PEAP has 2 phases,
+ * 1 - Outer EAP, where TLS session gets established
+ * 2 - Inner EAP, where inside TLS session with EAP MSCHAPV2 auth, or any other auth
+ *
+ * And so protocols encapsulation looks like this:
+ * Outer EAP -> TLS -> Inner EAP -> MSCHAPV2
+ * PEAP can compress an inner EAP packet prior to encapsulating it within
+ * the Data field of a PEAP packet by removing its Code, Identifier,
+ * and Length fields, and Microsoft PEAP server/client always does that
+ *
+ * Current implementation does not support:
+ * a) Fast reconnect
+ * b) Inner EAP fragmentation
+ * c) Any other auth other than MSCHAPV2
+ *
+ * For details on the PEAP protocol, look to Microsoft:
+ * https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-peap
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <errno.h>
+#include <openssl/opensslv.h>
+#include <openssl/ssl.h>
+#include <openssl/hmac.h>
+#include <openssl/rand.h>
+#include <openssl/err.h>
+
+#include "pppd-private.h"
+#include "eap.h"
+#include "tls.h"
+#include "chap.h"
+#include "chap_ms.h"
+#include "mppe.h"
+#include "peap.h"
+
+#ifdef UNIT_TEST
+#define novm(x)
+#endif
+
+struct peap_state {
+ SSL_CTX *ctx;
+ SSL *ssl;
+ BIO *in_bio;
+ BIO *out_bio;
+
+ int phase;
+ int written, read;
+ u_char *in_buf;
+ u_char *out_buf;
+
+ u_char ipmk[PEAP_TLV_IPMK_LEN];
+ u_char tk[PEAP_TLV_TK_LEN];
+ u_char nonce[PEAP_TLV_NONCE_LEN];
+ struct tls_info *info;
+#ifdef PPP_WITH_CHAPMS
+ struct chap_digest_type *chap;
+#endif
+};
+
+/*
+ * K = Key, S = Seed, LEN = output length
+ * PRF+(K, S, LEN) = T1 | T2 | ... |Tn
+ * Where:
+ * T1 = HMAC-SHA1 (K, S | 0x01 | 0x00 | 0x00)
+ * T2 = HMAC-SHA1 (K, T1 | S | 0x02 | 0x00 | 0x00)
+ * ...
+ * Tn = HMAC-SHA1 (K, Tn-1 | S | n | 0x00 | 0x00)
+ * As shown, PRF+ is computed in iterations. The number of iterations (n)
+ * depends on the output length (LEN).
+ */
+static void peap_prfplus(u_char *seed, size_t seed_len, u_char *key, size_t key_len, u_char *out_buf, size_t pfr_len)
+{
+ int pos;
+ u_char *buf, *hash;
+ size_t max_iter, i, j, k;
+ u_int len;
+
+ max_iter = (pfr_len + SHA_DIGEST_LENGTH - 1) / SHA_DIGEST_LENGTH;
+ buf = malloc(seed_len + max_iter * SHA_DIGEST_LENGTH);
+ if (!buf)
+ novm("pfr buffer");
+ hash = malloc(pfr_len + SHA_DIGEST_LENGTH);
+ if (!hash)
+ novm("hash buffer");
+
+ for (i = 0; i < max_iter; i++) {
+ j = 0;
+ k = 0;
+
+ if (i > 0)
+ j = SHA_DIGEST_LENGTH;
+ for (k = 0; k < seed_len; k++)
+ buf[j + k] = seed[k];
+ pos = j + k;
+ buf[pos] = i + 1;
+ pos++;
+ buf[pos] = 0x00;
+ pos++;
+ buf[pos] = 0x00;
+ pos++;
+ if (!HMAC(EVP_sha1(), key, key_len, buf, pos, (hash + i * SHA_DIGEST_LENGTH), &len))
+ fatal("HMAC() failed");
+ for (j = 0; j < SHA_DIGEST_LENGTH; j++)
+ buf[j] = hash[i * SHA_DIGEST_LENGTH + j];
+ }
+ BCOPY(hash, out_buf, pfr_len);
+ free(hash);
+ free(buf);
+}
+
+static void generate_cmk(u_char *ipmk, u_char *tempkey, u_char *nonce, u_char *tlv_response_out, int client)
+{
+ const char *label = PEAP_TLV_IPMK_SEED_LABEL;
+ u_char data_tlv[PEAP_TLV_DATA_LEN] = {0};
+ u_char isk[PEAP_TLV_ISK_LEN] = {0};
+ u_char ipmkseed[PEAP_TLV_IPMKSEED_LEN] = {0};
+ u_char cmk[PEAP_TLV_CMK_LEN] = {0};
+ u_char buf[PEAP_TLV_CMK_LEN + PEAP_TLV_IPMK_LEN] = {0};
+ u_char compound_mac[PEAP_TLV_COMP_MAC_LEN] = {0};
+ u_int len;
+
+ /* format outgoing CB TLV response packet */
+ data_tlv[1] = PEAP_TLV_TYPE;
+ data_tlv[3] = PEAP_TLV_LENGTH_FIELD;
+ if (client)
+ data_tlv[7] = PEAP_TLV_SUBTYPE_RESPONSE;
+ else
+ data_tlv[7] = PEAP_TLV_SUBTYPE_REQUEST;
+ BCOPY(nonce, (data_tlv + PEAP_TLV_HEADERLEN), PEAP_TLV_NONCE_LEN);
+ data_tlv[60] = EAPT_PEAP;
+
+#ifdef PPP_WITH_MPPE
+ mppe_get_send_key(isk, MPPE_MAX_KEY_LEN);
+ mppe_get_recv_key(isk + MPPE_MAX_KEY_LEN, MPPE_MAX_KEY_LEN);
+#endif
+
+ BCOPY(label, ipmkseed, strlen(label));
+ BCOPY(isk, ipmkseed + strlen(label), PEAP_TLV_ISK_LEN);
+ peap_prfplus(ipmkseed, PEAP_TLV_IPMKSEED_LEN,
+ tempkey, PEAP_TLV_TEMPKEY_LEN, buf, PEAP_TLV_CMK_LEN + PEAP_TLV_IPMK_LEN);
+
+ BCOPY(buf, ipmk, PEAP_TLV_IPMK_LEN);
+ BCOPY(buf + PEAP_TLV_IPMK_LEN, cmk, PEAP_TLV_CMK_LEN);
+ if (!HMAC(EVP_sha1(), cmk, PEAP_TLV_CMK_LEN, data_tlv, PEAP_TLV_DATA_LEN, compound_mac, &len))
+ fatal("HMAC() failed");
+ BCOPY(compound_mac, data_tlv + PEAP_TLV_HEADERLEN + PEAP_TLV_NONCE_LEN, PEAP_TLV_COMP_MAC_LEN);
+ /* do not copy last byte to response packet */
+ BCOPY(data_tlv, tlv_response_out, PEAP_TLV_DATA_LEN - 1);
+}
+
+static void verify_compound_mac(struct peap_state *psm, u_char *in_buf)
+{
+ u_char nonce[PEAP_TLV_NONCE_LEN] = {0};
+ u_char out_buf[PEAP_TLV_LEN] = {0};
+
+ BCOPY(in_buf, nonce, PEAP_TLV_NONCE_LEN);
+ generate_cmk(psm->ipmk, psm->tk, nonce, out_buf, 0);
+ if (memcmp((in_buf + PEAP_TLV_NONCE_LEN), (out_buf + PEAP_TLV_HEADERLEN + PEAP_TLV_NONCE_LEN), PEAP_TLV_CMK_LEN))
+ fatal("server's CMK does not match client's CMK, potential MiTM");
+}
+
+#ifdef PPP_WITH_MPPE
+#define PEAP_MPPE_KEY_LEN 32
+
+static void generate_mppe_keys(u_char *ipmk, int client)
+{
+ const char *label = PEAP_TLV_CSK_SEED_LABEL;
+ u_char csk[PEAP_TLV_CSK_LEN] = {0};
+ size_t len;
+
+ dbglog("PEAP CB: generate mppe keys");
+ len = strlen(label);
+ len++; /* CSK requires NULL byte in seed */
+ peap_prfplus((u_char *)label, len, ipmk, PEAP_TLV_IPMK_LEN, csk, PEAP_TLV_CSK_LEN);
+
+ /*
+ * The first 64 bytes of the CSK are split into two MPPE keys, as follows.
+ *
+ * +-----------------------+------------------------+
+ * | First 32 bytes of CSK | Second 32 bytes of CSK |
+ * +-----------------------+------------------------+
+ * | MS-MPPE-Send-Key | MS-MPPE-Recv-Key |
+ * +-----------------------+------------------------+
+ */
+ if (client) {
+ mppe_set_keys(csk, csk + PEAP_MPPE_KEY_LEN, PEAP_MPPE_KEY_LEN);
+ } else {
+ mppe_set_keys(csk + PEAP_MPPE_KEY_LEN, csk, PEAP_MPPE_KEY_LEN);
+ }
+}
+
+#endif
+
+#ifndef UNIT_TEST
+
+static void peap_ack(eap_state *esp, u_char id)
+{
+ u_char *outp;
+
+ outp = outpacket_buf;
+ MAKEHEADER(outp, PPP_EAP);
+ PUTCHAR(EAP_RESPONSE, outp);
+ PUTCHAR(id, outp);
+ esp->es_client.ea_id = id;
+ PUTSHORT(PEAP_HEADERLEN, outp);
+ PUTCHAR(EAPT_PEAP, outp);
+ PUTCHAR(PEAP_FLAGS_ACK, outp);
+ output(esp->es_unit, outpacket_buf, PPP_HDRLEN + PEAP_HEADERLEN);
+}
+
+static void peap_response(eap_state *esp, u_char id, u_char *buf, int len)
+{
+ struct peap_state *psm = esp->ea_peap;
+ u_char *outp;
+ int peap_len;
+
+ outp = outpacket_buf;
+ MAKEHEADER(outp, PPP_EAP);
+ PUTCHAR(EAP_RESPONSE, outp);
+ PUTCHAR(id, outp);
+ esp->es_client.ea_id = id;
+
+ if (psm->phase == PEAP_PHASE_1)
+ peap_len = PEAP_HEADERLEN + PEAP_FRAGMENT_LENGTH_FIELD + len;
+ else
+ peap_len = PEAP_HEADERLEN + len;
+
+ PUTSHORT(peap_len, outp);
+ PUTCHAR(EAPT_PEAP, outp);
+
+ if (psm->phase == PEAP_PHASE_1) {
+ PUTCHAR(PEAP_L_FLAG_SET, outp);
+ PUTLONG(len, outp);
+ } else
+ PUTCHAR(PEAP_NO_FLAGS, outp);
+
+ BCOPY(buf, outp, len);
+ output(esp->es_unit, outpacket_buf, PPP_HDRLEN + peap_len);
+}
+
+void peap_do_inner_eap(u_char *in_buf, int in_len, eap_state *esp, int id,
+ u_char *out_buf, int *out_len)
+{
+ struct peap_state *psm = esp->ea_peap;
+ int used = 0;
+ int typenum;
+ int secret_len;
+ char secret[MAXSECRETLEN + 1];
+ char rhostname[MAXWORDLEN];
+ u_char *outp = out_buf;
+
+ dbglog("PEAP: EAP (in): %.*B", in_len, in_buf);
+
+ if (*(in_buf + EAP_HEADERLEN) == PEAP_CAPABILITIES_TYPE &&
+ in_len == (EAP_HEADERLEN + PEAP_CAPABILITIES_LEN)) {
+ /* use original packet as template for response */
+ BCOPY(in_buf, outp, EAP_HEADERLEN + PEAP_CAPABILITIES_LEN);
+ PUTCHAR(EAP_RESPONSE, outp);
+ PUTCHAR(id, outp);
+ /* change last byte to 0 to disable fragmentation */
+ *(outp + PEAP_CAPABILITIES_LEN + 1) = 0x00;
+ used = EAP_HEADERLEN + PEAP_CAPABILITIES_LEN;
+ goto done;
+ }
+ if (*(in_buf + EAP_HEADERLEN + PEAP_TLV_HEADERLEN) == PEAP_TLV_TYPE &&
+ in_len == PEAP_TLV_LEN) {
+ /* PEAP TLV message, do cryptobinding */
+ SSL_export_keying_material(psm->ssl, psm->tk, PEAP_TLV_TK_LEN,
+ PEAP_TLV_TK_SEED_LABEL, strlen(PEAP_TLV_TK_SEED_LABEL), NULL, 0, 0);
+ /* verify server's CMK */
+ verify_compound_mac(psm, in_buf + EAP_HEADERLEN + PEAP_TLV_RESULT_LEN + PEAP_TLV_HEADERLEN);
+ /* generate client's CMK with new nonce */
+ PUTCHAR(EAP_RESPONSE, outp);
+ PUTCHAR(id, outp);
+ PUTSHORT(PEAP_TLV_LEN, outp);
+ BCOPY(in_buf + EAP_HEADERLEN, outp, PEAP_TLV_RESULT_LEN);
+ outp = outp + PEAP_TLV_RESULT_LEN;
+ RAND_bytes(psm->nonce, PEAP_TLV_NONCE_LEN);
+ generate_cmk(psm->ipmk, psm->tk, psm->nonce, outp, 1);
+#ifdef PPP_WITH_MPPE
+ /* set mppe keys */
+ generate_mppe_keys(psm->ipmk, 1);
+#endif
+ used = PEAP_TLV_LEN;
+ goto done;
+ }
+
+ GETCHAR(typenum, in_buf);
+ in_len--;
+
+ switch (typenum) {
+ case EAPT_IDENTITY:
+ /* Respond with our identity to the peer */
+ PUTCHAR(EAPT_IDENTITY, outp);
+ BCOPY(esp->es_client.ea_name, outp,
+ esp->es_client.ea_namelen);
+ used += (esp->es_client.ea_namelen + 1);
+ break;
+
+ case EAPT_TLS:
+ /* Send NAK to EAP_TLS request */
+ PUTCHAR(EAPT_NAK, outp);
+ PUTCHAR(EAPT_MSCHAPV2, outp);
+ used += 2;
+ break;
+
+#if PPP_WITH_CHAPMS
+ case EAPT_MSCHAPV2: {
+
+ // Must have at least 4 more bytes to process CHAP header
+ if (in_len < 4) {
+ error("PEAP: received invalid MSCHAPv2 packet, too short");
+ break;
+ }
+
+ u_char opcode;
+ GETCHAR(opcode, in_buf);
+
+ u_char chap_id;
+ GETCHAR(chap_id, in_buf);
+
+ short mssize;
+ GETSHORT(mssize, in_buf);
+
+ // Validate the CHAP packet (including header)
+ if (in_len != mssize) {
+ error("PEAP: received invalid MSCHAPv2 packet, invalid length");
+ break;
+ }
+ in_len -= 4;
+
+ switch (opcode) {
+ case CHAP_CHALLENGE: {
+
+ u_char *challenge = in_buf; // VLEN + VALUE
+ u_char vsize;
+
+ GETCHAR(vsize, in_buf);
+ in_len -= 1;
+
+ if (vsize != MS_CHAP2_PEER_CHAL_LEN || in_len < MS_CHAP2_PEER_CHAL_LEN) {
+ error("PEAP: received invalid MSCHAPv2 packet, invalid value-length: %d", vsize);
+ goto done;
+ }
+
+ INCPTR(MS_CHAP2_PEER_CHAL_LEN, in_buf);
+ in_len -= MS_CHAP2_PEER_CHAL_LEN;
+
+ // Copy the provided remote host name
+ rhostname[0] = '\0';
+ if (in_len > 0) {
+ if (in_len >= sizeof(rhostname)) {
+ dbglog("PEAP: trimming really long peer name down");
+ in_len = sizeof(rhostname) - 1;
+ }
+ BCOPY(in_buf, rhostname, in_len);
+ rhostname[in_len] = '\0';
+ }
+
+ // In case the remote doesn't give us his name, or user explictly specified remotename is config
+ if (explicit_remote || (remote_name[0] != '\0' && in_len == 0))
+ strlcpy(rhostname, remote_name, sizeof(rhostname));
+
+ // Get the scrert for authenticating ourselves with the specified host
+ if (get_secret(esp->es_unit, esp->es_client.ea_name,
+ rhostname, secret, &secret_len, 0)) {
+
+ u_char response[MS_CHAP2_RESPONSE_LEN+1];
+ u_char user_len = esp->es_client.ea_namelen;
+ char *user = esp->es_client.ea_name;
+
+ psm->chap->make_response(response, chap_id, user,
+ challenge, secret, secret_len, NULL);
+
+ PUTCHAR(EAPT_MSCHAPV2, outp);
+ PUTCHAR(CHAP_RESPONSE, outp);
+ PUTCHAR(chap_id, outp);
+ PUTCHAR(0, outp);
+ PUTCHAR(5 + user_len + MS_CHAP2_RESPONSE_LEN, outp);
+ BCOPY(response, outp, MS_CHAP2_RESPONSE_LEN+1); // VLEN + VALUE
+ INCPTR(MS_CHAP2_RESPONSE_LEN+1, outp);
+ BCOPY(user, outp, user_len);
+ used = 5 + user_len + MS_CHAP2_RESPONSE_LEN + 1;
+
+ } else {
+ dbglog("PEAP: no CHAP secret for auth to %q", rhostname);
+ PUTCHAR(EAPT_NAK, outp);
+ ++used;
+ }
+ break;
+ }
+ case CHAP_SUCCESS: {
+
+ u_char status = CHAP_FAILURE;
+ if (psm->chap->check_success(chap_id, in_buf, in_len)) {
+ info("Chap authentication succeeded! %.*v", in_len, in_buf);
+ status = CHAP_SUCCESS;
+ }
+
+ PUTCHAR(EAPT_MSCHAPV2, outp);
+ PUTCHAR(status, outp);
+ used += 2;
+ break;
+ }
+ case CHAP_FAILURE: {
+
+ u_char status = CHAP_FAILURE;
+ psm->chap->handle_failure(in_buf, in_len);
+ PUTCHAR(EAPT_MSCHAPV2, outp);
+ PUTCHAR(status, outp);
+ used += 2;
+ break;
+ }
+ default:
+ break;
+ }
+ break;
+ } // EAPT_MSCHAPv2
+#endif
+ default:
+
+ /* send compressed EAP NAK for any unknown packet */
+ PUTCHAR(EAPT_NAK, outp);
+ ++used;
+ }
+
+done:
+
+ dbglog("PEAP: EAP (out): %.*B", used, psm->out_buf);
+ *out_len = used;
+}
+
+int peap_init(struct peap_state **ctx, const char *rhostname)
+{
+ const SSL_METHOD *method;
+
+ if (!ctx)
+ return -1;
+
+ tls_init();
+
+ struct peap_state *psm = malloc(sizeof(*psm));
+ if (!psm)
+ novm("peap psm struct");
+ psm->in_buf = malloc(TLS_RECORD_MAX_SIZE);
+ if (!psm->in_buf)
+ novm("peap tls buffer");
+ psm->out_buf = malloc(TLS_RECORD_MAX_SIZE);
+ if (!psm->out_buf)
+ novm("peap tls buffer");
+ method = tls_method();
+ if (!method)
+ novm("TLS_method() failed");
+ psm->ctx = SSL_CTX_new(method);
+ if (!psm->ctx)
+ novm("SSL_CTX_new() failed");
+
+ /* Configure the default options */
+ tls_set_opts(psm->ctx);
+
+ /* Configure the max TLS version */
+ tls_set_version(psm->ctx, max_tls_version);
+
+ /* Configure the peer certificate callback */
+ tls_set_verify(psm->ctx, 5);
+
+ /* Configure CA locations */
+ if (tls_set_ca(psm->ctx, ca_path, cacert_file)) {
+ fatal("Could not set CA verify locations");
+ }
+
+ /* Configure CRL check (if any) */
+ if (tls_set_crl(psm->ctx, crl_dir, crl_file)) {
+ fatal("Could not set CRL verify locations");
+ }
+
+ psm->out_bio = BIO_new(BIO_s_mem());
+ psm->in_bio = BIO_new(BIO_s_mem());
+ BIO_set_mem_eof_return(psm->out_bio, -1);
+ BIO_set_mem_eof_return(psm->in_bio, -1);
+ psm->ssl = SSL_new(psm->ctx);
+ SSL_set_bio(psm->ssl, psm->in_bio, psm->out_bio);
+ SSL_set_connect_state(psm->ssl);
+ psm->phase = PEAP_PHASE_1;
+ tls_set_verify_info(psm->ssl, explicit_remote ? rhostname : NULL, NULL, 1, &psm->info);
+ psm->chap = chap_find_digest(CHAP_MICROSOFT_V2);
+ *ctx = psm;
+ return 0;
+}
+
+void peap_finish(struct peap_state **psm) {
+
+ if (psm && *psm) {
+ struct peap_state *tmp = *psm;
+
+ if (tmp->ssl)
+ SSL_free(tmp->ssl);
+
+ if (tmp->ctx)
+ SSL_CTX_free(tmp->ctx);
+
+ if (tmp->info)
+ tls_free_verify_info(&tmp->info);
+
+ // NOTE: BIO and memory is freed as a part of SSL_free()
+
+ free(*psm);
+ *psm = NULL;
+ }
+}
+
+int peap_process(eap_state *esp, u_char id, u_char *inp, int len)
+{
+ int ret;
+ int out_len;
+
+ struct peap_state *psm = esp->ea_peap;
+
+ if (esp->es_client.ea_id == id) {
+ info("PEAP: retransmits are not supported..");
+ return -1;
+ }
+
+ switch (*inp) {
+ case PEAP_S_FLAG_SET:
+ dbglog("PEAP: S bit is set, starting PEAP phase 1");
+ ret = SSL_do_handshake(psm->ssl);
+ if (ret != 1) {
+ ret = SSL_get_error(psm->ssl, ret);
+ if (ret != SSL_ERROR_WANT_READ && ret != SSL_ERROR_WANT_WRITE)
+ fatal("SSL_do_handshake(): %s", ERR_error_string(ret, NULL));
+
+ }
+ psm->read = BIO_read(psm->out_bio, psm->out_buf, TLS_RECORD_MAX_SIZE);
+ peap_response(esp, id, psm->out_buf, psm->read);
+ break;
+
+ case PEAP_LM_FLAG_SET:
+ dbglog("PEAP TLS: LM bits are set, need to get more TLS fragments");
+ inp = inp + PEAP_FRAGMENT_LENGTH_FIELD + PEAP_FLAGS_FIELD;
+ psm->written = BIO_write(psm->in_bio, inp, len - PEAP_FRAGMENT_LENGTH_FIELD - PEAP_FLAGS_FIELD);
+ peap_ack(esp, id);
+ break;
+
+ case PEAP_M_FLAG_SET:
+ dbglog("PEAP TLS: M bit is set, need to get more TLS fragments");
+ inp = inp + PEAP_FLAGS_FIELD;
+ psm->written = BIO_write(psm->in_bio, inp, len - PEAP_FLAGS_FIELD);
+ peap_ack(esp, id);
+ break;
+
+ case PEAP_L_FLAG_SET:
+ case PEAP_NO_FLAGS:
+ if (*inp == PEAP_L_FLAG_SET) {
+ dbglog("PEAP TLS: L bit is set");
+ inp = inp + PEAP_FRAGMENT_LENGTH_FIELD + PEAP_FLAGS_FIELD;
+ psm->written = BIO_write(psm->in_bio, inp, len - PEAP_FRAGMENT_LENGTH_FIELD - PEAP_FLAGS_FIELD);
+ } else {
+ dbglog("PEAP TLS: all bits are off");
+ inp = inp + PEAP_FLAGS_FIELD;
+ psm->written = BIO_write(psm->in_bio, inp, len - PEAP_FLAGS_FIELD);
+ }
+
+ if (psm->phase == PEAP_PHASE_1) {
+ dbglog("PEAP TLS: continue handshake");
+ ret = SSL_do_handshake(psm->ssl);
+ if (ret != 1) {
+ ret = SSL_get_error(psm->ssl, ret);
+ if (ret != SSL_ERROR_WANT_READ && ret != SSL_ERROR_WANT_WRITE)
+ fatal("SSL_do_handshake(): %s", ERR_error_string(ret, NULL));
+ }
+ if (SSL_is_init_finished(psm->ssl))
+ psm->phase = PEAP_PHASE_2;
+ if (BIO_ctrl_pending(psm->out_bio) == 0) {
+ peap_ack(esp, id);
+ break;
+ }
+ psm->read = 0;
+ psm->read = BIO_read(psm->out_bio, psm->out_buf,
+ TLS_RECORD_MAX_SIZE);
+ peap_response(esp, id, psm->out_buf, psm->read);
+ break;
+ }
+ psm->read = SSL_read(psm->ssl, psm->in_buf,
+ TLS_RECORD_MAX_SIZE);
+ out_len = TLS_RECORD_MAX_SIZE;
+ peap_do_inner_eap(psm->in_buf, psm->read, esp, id,
+ psm->out_buf, &out_len);
+ if (out_len > 0) {
+ psm->written = SSL_write(psm->ssl, psm->out_buf, out_len);
+ psm->read = BIO_read(psm->out_bio, psm->out_buf,
+ TLS_RECORD_MAX_SIZE);
+ peap_response(esp, id, psm->out_buf, psm->read);
+ }
+ break;
+ }
+ return 0;
+}
+
+#else
+
+u_char outpacket_buf[255];
+int debug = 1;
+int error_count = 0;
+int unsuccess = 0;
+
+/**
+ * Using the example in MS-PEAP, section 4.4.1.
+ * see https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-peap/5308642b-90c9-4cc4-beec-fb367325c0f9
+ */
+int test_cmk(u_char *ipmk) {
+ u_char nonce[PEAP_TLV_NONCE_LEN] = {
+ 0x6C, 0x6B, 0xA3, 0x87, 0x84, 0x23, 0x74, 0x57,
+ 0xCC, 0xC9, 0x0B, 0x1A, 0x90, 0x8C, 0xBD, 0xF4,
+ 0x71, 0x1B, 0x69, 0x99, 0x4D, 0x0C, 0xFE, 0x8D,
+ 0x3D, 0xB4, 0x4E, 0xCB, 0xCD, 0xAD, 0x37, 0xE9
+ };
+
+ u_char tmpkey[PEAP_TLV_TEMPKEY_LEN] = {
+ 0x73, 0x8B, 0xB5, 0xF4, 0x62, 0xD5, 0x8E, 0x7E,
+ 0xD8, 0x44, 0xE1, 0xF0, 0x0D, 0x0E, 0xBE, 0x50,
+ 0xC5, 0x0A, 0x20, 0x50, 0xDE, 0x11, 0x99, 0x77,
+ 0x10, 0xD6, 0x5F, 0x45, 0xFB, 0x5F, 0xBA, 0xB7,
+ 0xE3, 0x18, 0x1E, 0x92, 0x4F, 0x42, 0x97, 0x38,
+ // 0xDE, 0x40, 0xC8, 0x46, 0xCD, 0xF5, 0x0B, 0xCB,
+ // 0xF9, 0xCE, 0xDB, 0x1E, 0x85, 0x1D, 0x22, 0x52,
+ // 0x45, 0x3B, 0xDF, 0x63
+ };
+
+ u_char expected[60] = {
+ 0x00, 0x0C, 0x00, 0x38, 0x00, 0x00, 0x00, 0x01,
+ 0x6C, 0x6B, 0xA3, 0x87, 0x84, 0x23, 0x74, 0x57,
+ 0xCC, 0xC9, 0x0B, 0x1A, 0x90, 0x8C, 0xBD, 0xF4,
+ 0x71, 0x1B, 0x69, 0x99, 0x4D, 0x0C, 0xFE, 0x8D,
+ 0x3D, 0xB4, 0x4E, 0xCB, 0xCD, 0xAD, 0x37, 0xE9,
+ 0x42, 0xE0, 0x86, 0x07, 0x1D, 0x1C, 0x8B, 0x8C,
+ 0x8E, 0x45, 0x8F, 0x70, 0x21, 0xF0, 0x6A, 0x6E,
+ 0xAB, 0x16, 0xB6, 0x46
+ };
+
+ u_char inner_mppe_keys[32] = {
+ 0x67, 0x3E, 0x96, 0x14, 0x01, 0xBE, 0xFB, 0xA5,
+ 0x60, 0x71, 0x7B, 0x3B, 0x5D, 0xDD, 0x40, 0x38,
+ 0x65, 0x67, 0xF9, 0xF4, 0x16, 0xFD, 0x3E, 0x9D,
+ 0xFC, 0x71, 0x16, 0x3B, 0xDF, 0xF2, 0xFA, 0x95
+ };
+
+ u_char response[60] = {};
+
+ // Set the inner MPPE keys (e.g. from CHAPv2)
+ mppe_set_keys(inner_mppe_keys, inner_mppe_keys + 16, 16);
+
+ // Generate and compare the response
+ generate_cmk(ipmk, tmpkey, nonce, response, 1);
+ if (memcmp(expected, response, sizeof(response)) != 0) {
+ dbglog("Failed CMK key generation\n");
+ dbglog("%.*B", sizeof(response), response);
+ dbglog("%.*B", sizeof(expected), expected);
+ return -1;
+ }
+
+ return 0;
+}
+
+int test_mppe(u_char *ipmk) {
+ u_char outer_mppe_send_key[MPPE_MAX_KEY_SIZE] = {
+ 0x6A, 0x02, 0xD7, 0x82, 0x20, 0x1B, 0xC7, 0x13,
+ 0x8B, 0xF8, 0xEF, 0xF7, 0x33, 0xB4, 0x96, 0x97,
+ 0x0D, 0x7C, 0xAB, 0x30, 0x0A, 0xC9, 0x57, 0x72,
+ 0x78, 0xE1, 0xDD, 0xD5, 0xAE, 0xF7, 0x66, 0x97
+ };
+
+ u_char outer_mppe_recv_key[MPPE_MAX_KEY_SIZE] = {
+ 0x17, 0x52, 0xD4, 0xE5, 0x84, 0xA1, 0xC8, 0x95,
+ 0x03, 0x9B, 0x4D, 0x05, 0xE3, 0xBC, 0x9A, 0x84,
+ 0x84, 0xDD, 0xC2, 0xAA, 0x6E, 0x2C, 0xE1, 0x62,
+ 0x76, 0x5C, 0x40, 0x68, 0xBF, 0xF6, 0x5A, 0x45
+ };
+
+ u_char result[MPPE_MAX_KEY_SIZE];
+ int len;
+
+ mppe_clear_keys();
+
+ generate_mppe_keys(ipmk, 1);
+
+ len = mppe_get_recv_key(result, sizeof(result));
+ if (len != sizeof(result)) {
+ dbglog("Invalid length of resulting MPPE recv key");
+ return -1;
+ }
+
+ if (memcmp(result, outer_mppe_recv_key, len) != 0) {
+ dbglog("Invalid result for outer mppe recv key");
+ return -1;
+ }
+
+ len = mppe_get_send_key(result, sizeof(result));
+ if (len != sizeof(result)) {
+ dbglog("Invalid length of resulting MPPE send key");
+ return -1;
+ }
+
+ if (memcmp(result, outer_mppe_send_key, len) != 0) {
+ dbglog("Invalid result for outer mppe send key");
+ return -1;
+ }
+
+ return 0;
+}
+
+int main(int argc, char *argv[])
+{
+ u_char ipmk[PEAP_TLV_IPMK_LEN] = {
+ 0x3A, 0x91, 0x1C, 0x25, 0x54, 0x73, 0xE8, 0x3E,
+ 0x9A, 0x0C, 0xC3, 0x33, 0xAE, 0x1F, 0x8A, 0x35,
+ 0xCD, 0xC7, 0x41, 0x63, 0xE7, 0xF6, 0x0F, 0x6C,
+ 0x65, 0xEF, 0x71, 0xC2, 0x64, 0x42, 0xAA, 0xAC,
+ 0xA2, 0xB6, 0xF1, 0xEB, 0x4F, 0x25, 0xEC, 0xA3,
+ };
+ int ret = -1;
+
+ ret = test_cmk(ipmk);
+ if (ret != 0) {
+ return -1;
+ }
+
+ ret = test_mppe(ipmk);
+ if (ret != 0) {
+ return -1;
+ }
+
+ return 0;
+}
+
+#endif
--- /dev/null
+/*
+ * Copyright (c) 2011 Rustam Kovhaev. All rights reserved.
+ * Copyright (c) 2021 Eivind Næss. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef PPP_PEAP_H
+#define PPP_PEAP_H
+
+#include "pppdconf.h"
+
+#define PEAP_PHASE_1 1
+#define PEAP_PHASE_2 2
+
+#define PEAP_HEADERLEN 6
+#define PEAP_FRAGMENT_LENGTH_FIELD 4
+#define PEAP_FLAGS_FIELD 1
+#define PEAP_FLAGS_ACK 0
+
+#define PEAP_CAPABILITIES_TYPE 254
+#define PEAP_CAPABILITIES_LEN 12
+
+#define PEAP_TLV_TYPE 12
+#define PEAP_TLV_LENGTH_FIELD 56
+#define PEAP_TLV_SUBTYPE_REQUEST 0
+#define PEAP_TLV_SUBTYPE_RESPONSE 1
+#define PEAP_TLV_HEADERLEN 8
+#define PEAP_TLV_RESULT_LEN 7
+#define PEAP_TLV_LEN 71
+
+/*
+ * Microsoft PEAP client/server never exchange
+ * outer TLVs during PEAP authentication
+ */
+#define PEAP_TLV_DATA_LEN 61
+
+#define PEAP_TLV_TK_LEN 60
+#define PEAP_TLV_ISK_LEN 32
+#define PEAP_TLV_IPMKSEED_LEN 59
+#define PEAP_TLV_TEMPKEY_LEN 40
+#define PEAP_TLV_IPMK_LEN 40
+#define PEAP_TLV_CMK_LEN 20
+#define PEAP_TLV_NONCE_LEN 32
+#define PEAP_TLV_COMP_MAC_LEN 20
+#define PEAP_TLV_CSK_LEN 128
+#define PEAP_TLV_TK_SEED_LABEL "client EAP encryption"
+#define PEAP_TLV_IPMK_SEED_LABEL "Inner Methods Compound Keys"
+#define PEAP_TLV_CSK_SEED_LABEL "Session Key Generating Function"
+
+#define PEAP_S_FLAG_SET 0x20
+#define PEAP_L_FLAG_SET 0x80
+#define PEAP_LM_FLAG_SET 0xC0
+#define PEAP_M_FLAG_SET 0x40
+#define PEAP_NO_FLAGS 0x00
+
+#define EAP_TLS_KEY_LEN 0x40
+#define TLS_RECORD_MAX_SIZE 0x4000
+
+struct peap_state;
+
+/**
+ * Initialize the PEAP structure
+ */
+int peap_init(struct peap_state** psm, const char *remote_name);
+
+/**
+ * Process a PEAP packet
+ */
+int peap_process(eap_state *esp, u_char id, u_char *inp, int len);
+
+/**
+ * Clean up the PEAP structure
+ */
+void peap_finish(struct peap_state **psm);
+
+#endif /* PPP_PEAP_H */
--- /dev/null
+pppd_plugin_LTLIBRARIES = minconn.la passprompt.la passwordfd.la winbind.la
+pppd_plugindir = $(PPPD_PLUGIN_DIR)
+
+PLUGIN_CPPFLAGS = -I${top_srcdir}
+PLUGIN_LDFLAGS = -module -avoid-version
+
+minconn_la_CPPFLAGS = $(PLUGIN_CPPFLAGS)
+minconn_la_LDFLAGS = $(PLUGIN_LDFLAGS)
+minconn_la_SOURCES = minconn.c
+
+passprompt_la_CPPFLAGS = $(PLUGIN_CPPFLAGS)
+passprompt_la_LDFLAGS = $(PLUGIN_LDFLAGS)
+passprompt_la_SOURCES = passprompt.c
+
+passwordfd_la_CPPFLAGS = $(PLUGIN_CPPFLAGS)
+passwordfd_la_LDFLAGS = $(PLUGIN_LDFLAGS)
+passwordfd_la_SOURCES = passwordfd.c
+
+winbind_la_CPPFLAGS = $(PLUGIN_CPPFLAGS)
+winbind_la_LDFLAGS = $(PLUGIN_LDFLAGS)
+winbind_la_SOURCES = winbind.c
+
+if !SUNOS
+SUBDIRS = pppoe pppoatm pppol2tp radius
+endif
+++ /dev/null
-CROSS_COMPILE=@CROSS_COMPILE@
-CC=$(CROSS_COMPILE)@CC@
-COPTS=@CFLAGS@
-
-DESTDIR = $(INSTROOT)@DESTDIR@
-BINDIR = $(DESTDIR)/sbin
-MANDIR = $(DESTDIR)/share/man/man8
-LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION)
-
-CFLAGS = $(COPTS) -I.. -I../../include -fPIC
-LDFLAGS_SHARED = -shared
-INSTALL = install
-
-# EAP-TLS
-CFLAGS += -DUSE_EAPTLS=1
-
-SUBDIRS := pppoe pppoatm pppol2tp
-# Uncomment the next line to include the radius authentication plugin
-SUBDIRS += radius
-PLUGINS := minconn.so passprompt.so passwordfd.so winbind.so
-
-# This setting should match the one in ../Makefile.linux
-MPPE=y
-
-ifdef MPPE
-CFLAGS += -DMPPE=1
-endif
-
-# include dependencies if present
-ifeq (.depend,$(wildcard .depend))
-include .depend
-endif
-
-all: $(PLUGINS)
- for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d all || exit $$?; done
-
-%.so: %.c
- $(CC) -o $@ $(LDFLAGS) $(LDFLAGS_SHARED) $(CFLAGS) $^
-
-VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../patchlevel.h)
-
-install: $(PLUGINS)
- $(INSTALL) -d $(LIBDIR)
- $(INSTALL) $? $(LIBDIR)
- for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d install || exit $$?; done
-
-clean:
- rm -f *.o *.so *.a
- for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d clean || exit $$?; done
-
-depend:
- $(CPP) -M $(CFLAGS) *.c >.depend
- for d in $(SUBDIRS); do $(MAKE) $(MFLAGS) -C $$d depend || exit $$?; done
+++ /dev/null
-#
-# Makefile for plugins on Solaris 2
-#
-# $Id: Makefile.sol2,v 1.3 2002/09/07 05:15:25 carlsonj Exp $
-#
-
-include ../../Makedefs.com
-
-CFLAGS = -c -O -I.. -I../../include $(COPTS)
-LDFLAGS = -G
-
-all: minconn.so
-
-minconn.so: minconn.o
- ld -o $@ $(LDFLAGS) -h $@ minconn.o
-
-minconn.o: minconn.c
- $(CC) $(CFLAGS) -c $?
-
-passprompt.so: passprompt.o
- ld -o $@ $(LDFLAGS) -h $@ passprompt.o
-
-passprompt.o: passprompt.c
- $(CC) $(CFLAGS) -c $?
-
-clean:
- rm -f *.o *.so
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+
#include <stddef.h>
#include <time.h>
-#include "pppd.h"
+#include <stdint.h>
+#include <stdbool.h>
+#include <stdarg.h>
+#include <sys/types.h>
+
+#include <pppd/pppd.h>
+#include <pppd/options.h>
+
+#if !defined(SOL2)
+#include <linux/ppp_defs.h>
+#else
+#include <net/ppp_defs.h>
+#endif
-char pppd_version[] = VERSION;
+char pppd_version[] = PPPD_VERSION;
static int minconnect = 0;
-static option_t my_options[] = {
+static struct option my_options[] = {
{ "minconnect", o_int, &minconnect,
"Set minimum connect time before idle timeout applies" },
{ NULL }
time_t t;
if (idle == NULL)
- return minconnect? minconnect: idle_time_limit;
+ return minconnect ? minconnect: ppp_get_max_idle_time();
t = idle->xmit_idle;
if (idle->recv_idle < t)
t = idle->recv_idle;
- return idle_time_limit - t;
+ return ppp_get_max_idle_time() - t;
}
void plugin_init(void)
{
info("plugin_init");
- add_options(my_options);
+ ppp_add_options(my_options);
idle_time_hook = my_get_idle;
}
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*/
+
#include <errno.h>
#include <unistd.h>
#include <sys/wait.h>
+#include <sys/param.h>
+#include <limits.h>
+#include <stdio.h>
#include <syslog.h>
-#include "pppd.h"
+#include <stdarg.h>
+#include <stdint.h>
+#include <stdbool.h>
+#include <string.h>
+
+#include <pppd/pppd.h>
+#include <pppd/upap.h>
+#include <pppd/eap.h>
+#include <pppd/options.h>
-char pppd_version[] = VERSION;
+char pppd_version[] = PPPD_VERSION;
static char promptprog[PATH_MAX+1];
static int promptprog_refused = 0;
-static option_t options[] = {
+static struct option options[] = {
{ "promptprog", o_string, promptprog,
"External PAP password prompting program",
OPT_STATIC, NULL, PATH_MAX },
{
int p[2];
pid_t kid;
- int readgood, wstat;
+ int readgood, wstat, ret;
ssize_t red;
if (promptprog_refused || promptprog[0] == 0 || access(promptprog, X_OK) < 0)
if (!kid) {
/* we are the child, exec the program */
char *argv[5], fdstr[32];
- sys_close();
+ ppp_sys_close();
closelog();
close(p[0]);
- seteuid(getuid());
- setegid(getgid());
- argv[0] = promptprog;
- argv[1] = user;
- argv[2] = remote_name;
+ ret = seteuid(getuid());
+ if (ret != 0) {
+ warn("Couldn't set effective user id");
+ }
+ ret = setegid(getgid());
+ if (ret != 0) {
+ warn("Couldn't set effective user id");
+ }
sprintf(fdstr, "%d", p[1]);
+ argv[0] = promptprog;
+ argv[1] = strdup(user);
+ argv[2] = strdup(ppp_remote_name());
argv[3] = fdstr;
argv[4] = 0;
execv(*argv, argv);
if (red == 0)
break;
if (red < 0) {
- if (errno == EINTR && !got_sigterm)
+ if (errno == EINTR && !ppp_signaled(SIGTERM))
continue;
error("Can't read secret from %s: %m", promptprog);
readgood = -1;
/* now wait for child to exit */
while (waitpid(kid, &wstat, 0) < 0) {
- if (errno != EINTR || got_sigterm) {
+ if (errno != EINTR || ppp_signaled(SIGTERM)) {
warn("error waiting for %s: %m", promptprog);
break;
}
void plugin_init(void)
{
- add_options(options);
+ ppp_add_options(options);
pap_passwd_hook = promptpass;
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
eaptls_passwd_hook = promptpass;
#endif
}
#include <errno.h>
#include <string.h>
#include <unistd.h>
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stdint.h>
+#include <sys/time.h>
-#include "pppd.h"
+#include <pppd/pppd.h>
+#include <pppd/upap.h>
+#include <pppd/chap.h>
+#include <pppd/eap.h>
+#include <pppd/options.h>
-char pppd_version[] = VERSION;
+char pppd_version[] = PPPD_VERSION;
-static int passwdfd = -1;
static char save_passwd[MAXSECRETLEN];
-static option_t options[] = {
- { "passwordfd", o_int, &passwdfd,
- "Receive password on this file descriptor" },
- { NULL }
-};
-
-static int pwfd_check (void)
-{
- return 1;
-}
-
-static int pwfd_passwd (char *user, char *passwd)
+static int pwfd_read_password(char **argv)
{
- int readgood, red;
-
- if (passwdfd == -1)
- return -1;
+ ssize_t readgood, red;
+ int passwdfd;
+ char passwd[MAXSECRETLEN];
- if (passwd == NULL)
- return 1;
-
- if (passwdfd == -2) {
- strcpy (passwd, save_passwd);
- return 1;
- }
+ if (!ppp_int_option(argv[0], &passwdfd))
+ return 0;
readgood = 0;
do {
passwd[readgood] = 0;
strcpy (save_passwd, passwd);
- passwdfd = -2;
return 1;
}
+static struct option options[] = {
+ { "passwordfd", o_special, pwfd_read_password,
+ "Receive password on this file descriptor" },
+ { NULL }
+};
+
+static int pwfd_check (void)
+{
+ return 1;
+}
+
+static int pwfd_passwd (char *user, char *passwd)
+{
+ if (passwd != NULL)
+ strcpy(passwd, save_passwd);
+ return 1;
+}
+
void plugin_init (void)
{
- add_options (options);
+ ppp_add_options (options);
pap_check_hook = pwfd_check;
pap_passwd_hook = pwfd_passwd;
chap_check_hook = pwfd_check;
chap_passwd_hook = pwfd_passwd;
-#ifdef USE_EAPTLS
+#ifdef PPP_WITH_EAPTLS
eaptls_passwd_hook = pwfd_passwd;
#endif
}
--- /dev/null
+pppd_plugin_LTLIBRARIES = pppoatm.la
+pppd_plugindir = $(PPPD_PLUGIN_DIR)
+
+noinst_HEADERS = \
+ atm.h \
+ atmres.h \
+ atmsap.h
+
+pppoatm_la_CPPFLAGS = -I${top_srcdir}
+pppoatm_la_LDFLAGS = -module -avoid-version
+pppoatm_la_SOURCES = pppoatm.c
+
+if WITH_LIBATM
+pppoatm_la_LIBADD = -latm
+else
+pppoatm_la_SOURCES += text2qos.c text2atm.c misc.c ans.c
+pppoatm_la_LIBADD = -lresolv
+endif
+++ /dev/null
-#***********************************************************************
-CROSS_COMPILE=@CROSS_COMPILE@
-CC=$(CROSS_COMPILE)@CC@
-COPTS=@CFLAGS@
-
-DESTDIR = $(INSTROOT)@DESTDIR@
-LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION)
-
-VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
-
-CFLAGS = $(COPTS) -I../.. -I../../../include -fPIC
-LDFLAGS_SHARED = -shared
-INSTALL = install
-
-PLUGIN := pppoatm.so
-PLUGIN_OBJS := pppoatm.o
-
-#*******
-# Do we have the ATM libraries installed? Set HAVE_LIBATM to use them,
-# or leave it unset to build the few routines we actually _use_ into
-# the plugin directly.
-#
-#HAVE_LIBATM=yes
-
-ifdef HAVE_LIBATM
-LIBS := -latm
-else
-CFLAGS += -I.
-PLUGIN_OBJS += text2qos.o text2atm.o misc.o ans.o
-LIBS := -lresolv
-endif
-
-#*********
-all: $(PLUGIN)
-
-$(PLUGIN): $(PLUGIN_OBJS)
- $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(LDFLAGS_SHARED) $^ $(LIBS)
-
-install: all
- $(INSTALL) -d -m 755 $(LIBDIR)
- $(INSTALL) -c -m 755 $(PLUGIN) $(LIBDIR)
-
-clean:
- rm -f *.o *.so
-
-%.o: %.c
- $(CC) $(CFLAGS) -c -o $@ $<
* as published by the Free Software Foundation; either version
* 2 of the License, or (at your option) any later version.
*/
+
#include <unistd.h>
#include <string.h>
#include <stdlib.h>
-#include "pppd.h"
-#include "pathnames.h"
-#include "fsm.h" /* Needed for lcp.h to include cleanly */
-#include "lcp.h"
#include <atm.h>
#include <linux/atmdev.h>
#include <linux/atmppp.h>
#include <sys/stat.h>
#include <net/if.h>
#include <sys/ioctl.h>
+#include <sys/param.h>
+#include <stdbool.h>
+#include <stdarg.h>
+
+#include <pppd/pppd.h>
+#include <pppd/options.h>
+#include <pppd/fsm.h> /* Needed for lcp.h to include cleanly */
+#include <pppd/lcp.h>
+
-const char pppd_version[] = VERSION;
+const char pppd_version[] = PPPD_VERSION;
static struct sockaddr_atmpvc pvcaddr;
static char *qosstr = NULL;
static int setdevname_pppoatm(const char *cp, const char **argv, int doit);
struct channel pppoa_channel;
static int pppoa_fd = -1;
+static char devnam[MAXNAMELEN];
-static option_t pppoa_options[] = {
+static struct option pppoa_options[] = {
{ "device name", o_wild, (void *) &setdevname_pppoatm,
"ATM service provider IDs: VPI.VCI",
OPT_DEVNAM | OPT_PRIVFIX | OPT_NOARG | OPT_A2STRVAL | OPT_STATIC,
return 1;
memcpy(&pvcaddr, &addr, sizeof pvcaddr);
- strlcpy(devnam, cp, sizeof devnam);
+ strlcpy(devnam, cp, sizeof(devnam));
+ ppp_set_devnam(devnam);
devstat.st_mode = S_IFSOCK;
if (the_channel != &pppoa_channel) {
the_channel = &pppoa_channel;
pppoatm_max_mtu = lcp_allowoptions[0].mru;
pppoatm_max_mru = lcp_wantoptions[0].mru;
set_line_discipline_pppoatm(fd);
- strlcpy(ppp_devnam, devnam, sizeof(ppp_devnam));
+ ppp_set_pppdevnam(devnam);
pppoa_fd = fd;
return fd;
}
{
#ifdef linux
extern int new_style_driver; /* From sys-linux.c */
- if (!ppp_available() && !new_style_driver)
+ if (!ppp_check_kernel_support() && !new_style_driver)
fatal("Kernel doesn't support ppp_generic - "
"needed for PPPoATM");
#else
fatal("No PPPoATM support on this OS");
#endif
- add_options(pppoa_options);
+ ppp_add_options(pppoa_options);
}
struct channel pppoa_channel = {
- options: pppoa_options,
- process_extra_options: NULL,
- check_options: NULL,
- connect: &connect_pppoatm,
- disconnect: &disconnect_pppoatm,
- establish_ppp: &generic_establish_ppp,
- disestablish_ppp: &generic_disestablish_ppp,
- send_config: NULL,
- recv_config: NULL,
- close: NULL,
- cleanup: NULL
+ .options = pppoa_options,
+ .process_extra_options = NULL,
+ .check_options = NULL,
+ .connect = &connect_pppoatm,
+ .disconnect = &disconnect_pppoatm,
+ .establish_ppp = &ppp_generic_establish,
+ .disestablish_ppp = &ppp_generic_disestablish,
+ .send_config = NULL,
+ .recv_config = NULL,
+ .close = NULL,
+ .cleanup = NULL
};
--- /dev/null
+pppd_plugin_LTLIBRARIES = pppoe.la
+pppd_plugindir = $(PPPD_PLUGIN_DIR)
+sbin_PROGRAMS = pppoe-discovery
+dist_man8_MANS = pppoe-discovery.8
+
+noinst_HEADERS = \
+ pppoe.h
+
+pppoe_la_CPPFLAGS = -I${top_srcdir} -DSYSCONFDIR=\"${sysconfdir}\" -DPLUGIN
+pppoe_la_LDFLAGS = -module -avoid-version
+pppoe_la_SOURCES = plugin.c discovery.c if.c common.c
+
+pppoe_discovery_CPPFLAGS = -I${top_srcdir}
+pppoe_discovery_SOURCES = pppoe-discovery.c discovery.c if.c common.c
+++ /dev/null
-#***********************************************************************
-#
-# Makefile
-#
-# Makefile for Roaring Penguin's Linux PPPoE plugin.
-# Modified for integration with pppd sources by Paul Mackerras.
-#
-# Copyright (C) 2001 Roaring Penguin Software Inc.
-#
-# This program may be distributed according to the terms of the GNU
-# General Public License, version 2 or (at your option) any later version.
-#
-#***********************************************************************
-
-CROSS_COMPILE=@CROSS_COMPILE@
-CC=$(CROSS_COMPILE)@CC@
-COPTS=@CFLAGS@
-
-DESTDIR = $(INSTROOT)@DESTDIR@
-BINDIR = $(DESTDIR)/sbin
-MANDIR = $(DESTDIR)/share/man/man8
-LIBDIR = $(DESTDIR)/lib/pppd/$(PPPDVERSION)
-
-PPPDVERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
-
-INSTALL = install
-LN_S = ln -sf
-
-CFLAGS=$(COPTS) -I../../../include
-all: pppoe.so pppoe-discovery
-
-pppoe-discovery: pppoe-discovery.o debug.o
- $(CC) $(LDFLAGS) -o pppoe-discovery pppoe-discovery.o debug.o
-
-pppoe-discovery.o: pppoe-discovery.c
- $(CC) $(CFLAGS) -I../../.. -c -o pppoe-discovery.o pppoe-discovery.c
-
-debug.o: debug.c
- $(CC) $(CFLAGS) -I../../.. -c -o debug.o debug.c
-
-pppoe.so: plugin.o discovery.o if.o common.o
- $(CC) $(LDFLAGS) -o pppoe.so -shared plugin.o discovery.o if.o common.o
-
-install: all
- $(INSTALL) -d -m 755 $(LIBDIR)
- $(INSTALL) -c -m 755 pppoe.so $(LIBDIR)
- # Symlink for backward compatibility
- $(LN_S) pppoe.so $(LIBDIR)/rp-pppoe.so
- $(INSTALL) -d -m 755 $(BINDIR)
- $(INSTALL) -c -m 755 pppoe-discovery $(BINDIR)
- $(INSTALL) -c -m 644 pppoe-discovery.8 $(MANDIR)
-
-clean:
- rm -f *.o *.so pppoe-discovery
-
-plugin.o: plugin.c
- $(CC) $(CFLAGS) -I../../.. -c -o plugin.o -fPIC plugin.c
-
-discovery.o: discovery.c
- $(CC) $(CFLAGS) -I../../.. -c -o discovery.o -fPIC discovery.c
-
-if.o: if.c
- $(CC) $(CFLAGS) -I../../.. -c -o if.o -fPIC if.c
-
-common.o: common.c
- $(CC) $(CFLAGS) -I../../.. -c -o common.o -fPIC common.c
-
static char const RCSID[] =
"$Id: common.c,v 1.3 2008/06/09 08:34:23 paulus Exp $";
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#define _GNU_SOURCE 1
#include "pppoe.h"
-#include "pppd/pppd.h"
+#include <pppd/pppd.h>
#include <string.h>
#include <errno.h>
#include <stdlib.h>
#include <syslog.h> /* for LOG_DEBUG */
+#include <ctype.h>
#ifdef HAVE_UNISTD_H
#include <unistd.h>
size_t elen = strlen(msg);
err.type = htons(TAG_GENERIC_ERROR);
err.length = htons(elen);
- strcpy(err.payload, msg);
+ strcpy((char*) err.payload, msg);
memcpy(cursor, &err, elen + TAG_HDR_SIZE);
cursor += elen + TAG_HDR_SIZE;
plen += elen + TAG_HDR_SIZE;
info("Sent PADT");
}
+static void
+pppoe_printpkt_hex(void (*printer)(void *, char *, ...), void *arg, unsigned char const *buf, int len)
+{
+ int i;
+ int base;
+
+ /* do NOT dump PAP packets */
+ if (len >= 2 && buf[0] == 0xC0 && buf[1] == 0x23) {
+ printer(arg, "(PAP Authentication Frame -- Contents not dumped)\n");
+ return;
+ }
+
+ for (base=0; base<len; base += 16) {
+ for (i=base; i<base+16; i++) {
+ if (i < len) {
+ printer(arg, "%02x ", (unsigned) buf[i]);
+ } else {
+ printer(arg, " ");
+ }
+ }
+ printer(arg, " ");
+ for (i=base; i<base+16; i++) {
+ if (i < len) {
+ if (isprint(buf[i])) {
+ printer(arg, "%c", buf[i]);
+ } else {
+ printer(arg, ".");
+ }
+ } else {
+ break;
+ }
+ }
+ printer(arg, "\n");
+ }
+}
+
#define EH(x) (x)[0], (x)[1], (x)[2], (x)[3], (x)[4], (x)[5]
/* Print out a PPPOE packet for debugging */
void (*printer)(void *, char *, ...), void *arg)
{
int len = ntohs(packet->length);
- int i, tag, tlen, text;
+ int i, j, tag, tlen, text;
switch (ntohs(packet->ethHdr.h_proto)) {
case ETH_PPPOE_DISCOVERY:
printer(arg, " dst %02x:%02x:%02x:%02x:%02x:%02x ", EH(packet->ethHdr.h_dest));
printer(arg, " src %02x:%02x:%02x:%02x:%02x:%02x\n", EH(packet->ethHdr.h_source));
+ if (pppoe_verbose >= 2)
+ pppoe_printpkt_hex(printer, arg, packet->payload, ntohs(packet->length));
if (ntohs(packet->ethHdr.h_proto) != ETH_PPPOE_DISCOVERY)
return;
printer(arg, "unknown tag 0x%x", tag);
}
if (tlen) {
+ /* If it is supposed to be text, make sure it's all printing chars */
+ if (text) {
+ for (j = 0; j < tlen; ++j) {
+ if (!isprint(packet->payload[i+j])) {
+ text = 0;
+ break;
+ }
+ }
+ }
if (text)
- printer(arg, " %.*v", tlen, &packet->payload[i]);
- else if (tlen <= 32)
- printer(arg, " %.*B", tlen, &packet->payload[i]);
- else
- printer(arg, " %.32B... (length %d)",
- &packet->payload[i], tlen);
+ printer(arg, " %.*s", tlen, &packet->payload[i]);
+ else {
+ for (j = 0; j < tlen && j < 32; j++)
+ printer(arg, " %02x", (unsigned) *(&packet->payload[i]+j));
+ if (j < tlen)
+ printer(arg, "... (length %d)", tlen);
+ }
}
printer(arg, "]");
}
+++ /dev/null
-/* config.h. Generated automatically by configure. */
-/* config.h.in. Generated automatically from configure.in by autoheader. */
-
-/* Define to empty if the keyword does not work. */
-/* #undef const */
-
-/* Define if you have <sys/wait.h> that is POSIX.1 compatible. */
-#define HAVE_SYS_WAIT_H 1
-
-/* Define to `int' if <sys/types.h> doesn't define. */
-/* #undef pid_t */
-
-/* Define as the return type of signal handlers (int or void). */
-#define RETSIGTYPE void
-
-/* Define if the setvbuf function takes the buffering type as its second
- argument and the buffer pointer as the third, as on System V
- before release 3. */
-/* #undef SETVBUF_REVERSED */
-
-/* Define if you have the ANSI C header files. */
-#define STDC_HEADERS 1
-
-/* Define if you can safely include both <sys/time.h> and <time.h>. */
-#define TIME_WITH_SYS_TIME 1
-
-/* Define if your <sys/time.h> declares struct tm. */
-/* #undef TM_IN_SYS_TIME */
-
-#define HAVE_STRUCT_SOCKADDR_LL 1
-
-/* The number of bytes in a unsigned int. */
-#define SIZEOF_UNSIGNED_INT 4
-
-/* The number of bytes in a unsigned long. */
-#define SIZEOF_UNSIGNED_LONG 4
-
-/* The number of bytes in a unsigned short. */
-#define SIZEOF_UNSIGNED_SHORT 2
-
-/* Define if you have the select function. */
-#define HAVE_SELECT 1
-
-/* Define if you have the socket function. */
-#define HAVE_SOCKET 1
-
-/* Define if you have the strerror function. */
-#define HAVE_STRERROR 1
-
-/* Define if you have the strtol function. */
-#define HAVE_STRTOL 1
-
-/* Define if you have the <asm/types.h> header file. */
-#define HAVE_ASM_TYPES_H 1
-
-/* Define if you have the <fcntl.h> header file. */
-#define HAVE_FCNTL_H 1
-
-/* Define if you have the <getopt.h> header file. */
-#define HAVE_GETOPT_H 1
-
-/* Define if you have the <linux/if_ether.h> header file. */
-#define HAVE_LINUX_IF_ETHER_H 1
-
-/* Define if you have kernel-mode PPPoE in Linux file. */
-#define HAVE_LINUX_KERNEL_PPPOE 1
-
-/* Define if you have the <linux/if_packet.h> header file. */
-#define HAVE_LINUX_IF_PACKET_H 1
-
-/* Define if you have the <linux/if_pppox.h> header file. */
-#define HAVE_LINUX_IF_PPPOX_H 1
-
-/* Define if you have the <net/bpf.h> header file. */
-#define HAVE_NET_BPF_H 1
-
-/* Define if you have the <net/if_arp.h> header file. */
-#define HAVE_NET_IF_ARP_H 1
-
-/* Define if you have the <net/ethernet.h> header file. */
-#define HAVE_NET_ETHERNET_H 1
-
-/* Define if you have the <net/if.h> header file. */
-#define HAVE_NET_IF_H 1
-
-/* Define if you have the <linux/if.h> header file. */
-#define HAVE_LINUX_IF_H 1
-
-/* Define if you have the <net/if_dl.h> header file. */
-/* #undef HAVE_NET_IF_DL_H */
-
-/* Define if you have the <net/if_ether.h> header file. */
-/* #undef HAVE_NET_IF_ETHER_H */
-
-/* Define if you have the <net/if_types.h> header file. */
-/* #undef HAVE_NET_IF_TYPES_H */
-
-/* Define if you have the <netinet/if_ether.h> header file. */
-#define HAVE_NETINET_IF_ETHER_H 1
-
-/* Define if you have the <netpacket/packet.h> header file. */
-#define HAVE_NETPACKET_PACKET_H 1
-
-/* Define if you have the <sys/dlpi.h> header file. */
-/* #undef HAVE_SYS_DLPI_H */
-
-/* Define if you have the <sys/ioctl.h> header file. */
-#define HAVE_SYS_IOCTL_H 1
-
-/* Define if you have the <sys/param.h> header file. */
-#define HAVE_SYS_PARAM_H 1
-
-/* Define if you have the <sys/socket.h> header file. */
-#define HAVE_SYS_SOCKET_H 1
-
-/* Define if you have the <sys/time.h> header file. */
-#define HAVE_SYS_TIME_H 1
-
-/* Define if you have the <sys/uio.h> header file. */
-#define HAVE_SYS_UIO_H 1
-
-/* Define if you have the <syslog.h> header file. */
-#define HAVE_SYSLOG_H 1
-
-/* Define if you have the <unistd.h> header file. */
-#define HAVE_UNISTD_H 1
-
-/* Define if you have the N_HDLC line discipline in linux/termios.h */
-#define HAVE_N_HDLC 1
--- /dev/null
+/* pppd/config.h.in. Generated from configure.ac by autoheader. */
+
+/* Define to 1 if you have the <asm/types.h> header file. */
+#undef HAVE_ASM_TYPES_H
+
+/* Define to 1 if you have the <linux/if_ether.h> header file. */
+#undef HAVE_LINUX_IF_ETHER_H
+
+/* Define to 1 if you have the <linux/if.h> header file. */
+#undef HAVE_LINUX_IF_H
+
+/* Define to 1 if you have the <linux/if_packet.h> header file. */
+#undef HAVE_LINUX_IF_PACKET_H
+
+/* Define to 1 if you have the <net/if_arp.h> header file. */
+#undef HAVE_NET_IF_ARP_H
+
+/* Define to 1 if you have the <net/if_types.h> header file. */
+#undef HAVE_NET_IF_TYPES_H
+
+/* Define to 1 if you have the <netinet/if_ether.h> header file. */
+#undef HAVE_NETINET_IF_ETHER_H
+
+/* Define to 1 if you have the <netpacket/packet.h> header file. */
+#undef HAVE_NETPACKET_PACKET_H
+
+/* Define to 1 if you have the <net/bpf.h> header file. */
+#undef HAVE_NET_BPF_H
+
+/* Define to 1 if you have the <net/if.h> header file. */
+#undef HAVE_NET_IF_H
+
+/* Define to 1 if you have the <sys/dlpi.h> header file. */
+#undef HAVE_SYS_DLPI_H
+
+/* Define to 1 if you have the <sys/ioctl.h> header file. */
+#undef HAVE_SYS_IOCTL_H
+
+/* Define to 1 if you have the <sys/socket.h> header file. */
+#undef HAVE_SYS_SOCKET_H
+
+/* Define to 1 if you have the <sys/uio.h> header file. */
+#undef HAVE_SYS_UIO_H
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#undef HAVE_UNISTD_H
+
+/* Define to 1 if you have the <stdarg.h> header file. */
+#undef HAVE_STDARG_H
+
+/* Define to 1 if you have the <stdbool.h> header file. */
+#undef HAVE_STDBOOL_H
+
+/* Define to 1 if you have the <stddef.h> header file. */
+#undef HAVE_STDDEF_H
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#undef HAVE_STDINT_H
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#undef HAVE_SYS_TYPES_H
+
+/* The size of `unsigned int', as computed by sizeof. */
+#undef SIZEOF_UNSIGNED_INT
+
+/* The size of `unsigned long', as computed by sizeof. */
+#undef SIZEOF_UNSIGNED_LONG
+
+/* The size of `unsigned short', as computed by sizeof. */
+#undef SIZEOF_UNSIGNED_SHORT
+
+/* Define to 1 if the system has the type `struct sockaddr_ll'. */
+#undef HAVE_STRUCT_SOCKADDR_LL
+++ /dev/null
-/***********************************************************************
-*
-* debug.c
-*
-* Implementation of user-space PPPoE redirector for Linux.
-*
-* Functions for printing debugging information
-*
-* Copyright (C) 2000 by Roaring Penguin Software Inc.
-*
-* This program may be distributed according to the terms of the GNU
-* General Public License, version 2 or (at your option) any later version.
-*
-***********************************************************************/
-
-static char const RCSID[] =
-"$Id: debug.c,v 1.2 2008/06/09 08:34:23 paulus Exp $";
-
-#include "pppoe.h"
-#include <sys/time.h>
-#include <time.h>
-#include <unistd.h>
-#include <ctype.h>
-
-/**********************************************************************
-*%FUNCTION: dumpHex
-*%ARGUMENTS:
-* fp -- file to dump to
-* buf -- buffer to dump
-* len -- length of data
-*%RETURNS:
-* Nothing
-*%DESCRIPTION:
-* Dumps buffer to fp in an easy-to-read format
-***********************************************************************/
-void
-dumpHex(FILE *fp, unsigned char const *buf, int len)
-{
- int i;
- int base;
-
- if (!fp) return;
-
- /* do NOT dump PAP packets */
- if (len >= 2 && buf[0] == 0xC0 && buf[1] == 0x23) {
- fprintf(fp, "(PAP Authentication Frame -- Contents not dumped)\n");
- return;
- }
-
- for (base=0; base<len; base += 16) {
- for (i=base; i<base+16; i++) {
- if (i < len) {
- fprintf(fp, "%02x ", (unsigned) buf[i]);
- } else {
- fprintf(fp, " ");
- }
- }
- fprintf(fp, " ");
- for (i=base; i<base+16; i++) {
- if (i < len) {
- if (isprint(buf[i])) {
- fprintf(fp, "%c", buf[i]);
- } else {
- fprintf(fp, ".");
- }
- } else {
- break;
- }
- }
- fprintf(fp, "\n");
- }
-}
-
-/**********************************************************************
-*%FUNCTION: dumpPacket
-*%ARGUMENTS:
-* fp -- file to dump to
-* packet -- a PPPoE packet
-* dir -- either SENT or RCVD
-*%RETURNS:
-* Nothing
-*%DESCRIPTION:
-* Dumps the PPPoE packet to fp in an easy-to-read format
-***********************************************************************/
-void
-dumpPacket(FILE *fp, PPPoEPacket *packet, char const *dir)
-{
- int len = ntohs(packet->length);
-
- /* Sheesh... printing times is a pain... */
- struct timeval tv;
- time_t now;
- int millisec;
- struct tm *lt;
- char timebuf[256];
-
- UINT16_t type = etherType(packet);
- if (!fp) return;
- gettimeofday(&tv, NULL);
- now = (time_t) tv.tv_sec;
- millisec = tv.tv_usec / 1000;
- lt = localtime(&now);
- strftime(timebuf, 256, "%H:%M:%S", lt);
- fprintf(fp, "%s.%03d %s PPPoE ", timebuf, millisec, dir);
- if (type == Eth_PPPOE_Discovery) {
- fprintf(fp, "Discovery (%x) ", (unsigned) type);
- } else if (type == Eth_PPPOE_Session) {
- fprintf(fp, "Session (%x) ", (unsigned) type);
- } else {
- fprintf(fp, "Unknown (%x) ", (unsigned) type);
- }
-
- switch(packet->code) {
- case CODE_PADI: fprintf(fp, "PADI "); break;
- case CODE_PADO: fprintf(fp, "PADO "); break;
- case CODE_PADR: fprintf(fp, "PADR "); break;
- case CODE_PADS: fprintf(fp, "PADS "); break;
- case CODE_PADT: fprintf(fp, "PADT "); break;
- case CODE_PADM: fprintf(fp, "PADM "); break;
- case CODE_PADN: fprintf(fp, "PADN "); break;
- case CODE_SESS: fprintf(fp, "SESS "); break;
- }
-
- fprintf(fp, "sess-id %d length %d\n",
- (int) ntohs(packet->session),
- len);
-
- /* Ugly... I apologize... */
- fprintf(fp,
- "SourceAddr %02x:%02x:%02x:%02x:%02x:%02x "
- "DestAddr %02x:%02x:%02x:%02x:%02x:%02x\n",
- (unsigned) packet->ethHdr.h_source[0],
- (unsigned) packet->ethHdr.h_source[1],
- (unsigned) packet->ethHdr.h_source[2],
- (unsigned) packet->ethHdr.h_source[3],
- (unsigned) packet->ethHdr.h_source[4],
- (unsigned) packet->ethHdr.h_source[5],
- (unsigned) packet->ethHdr.h_dest[0],
- (unsigned) packet->ethHdr.h_dest[1],
- (unsigned) packet->ethHdr.h_dest[2],
- (unsigned) packet->ethHdr.h_dest[3],
- (unsigned) packet->ethHdr.h_dest[4],
- (unsigned) packet->ethHdr.h_dest[5]);
- dumpHex(fp, packet->payload, ntohs(packet->length));
-}
static char const RCSID[] =
"$Id: discovery.c,v 1.6 2008/06/15 04:35:50 paulus Exp $";
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#define _GNU_SOURCE 1
#include "pppoe.h"
-#include "pppd/pppd.h"
-#include "pppd/fsm.h"
-#include "pppd/lcp.h"
+#include <pppd/pppd.h>
+#include <pppd/fsm.h>
+#include <pppd/lcp.h>
#include <string.h>
#include <stdlib.h>
#include <signal.h>
+#ifdef PLUGIN
+#define signaled(x) ppp_signaled(x)
+#define get_time(x) ppp_get_time(x)
+#else
+int signaled(int signal);
+int get_time(struct timeval *tv);
+
+#endif
+
/* Calculate time remaining until *exp, return 0 if now >= *exp */
static int time_left(struct timeval *diff, struct timeval *exp)
{
switch(type) {
case TAG_AC_NAME:
pc->seenACName = 1;
- if (conn->printACNames) {
+ if (pppoe_verbose >= 1) {
info("Access-Concentrator: %.*s", (int) len, data);
}
if (conn->acName && len == strlen(conn->acName) &&
break;
case TAG_SERVICE_NAME:
pc->seenServiceName = 1;
+ if (pppoe_verbose >= 1 && len > 0) {
+ info("Service-Name: %.*s", (int) len, data);
+ }
if (conn->serviceName && len == strlen(conn->serviceName) &&
!strncmp((char *) data, conn->serviceName, len)) {
pc->serviceNameOK = 1;
}
break;
case TAG_AC_COOKIE:
- conn->cookie.type = htons(type);
- conn->cookie.length = htons(len);
- memcpy(conn->cookie.payload, data, len);
+ if (pppoe_verbose >= 1) {
+ char buffer[100];
+ char *ptr = buffer;
+ ptr += sprintf(ptr, "Cookie:");
+ /* Print first 20 bytes of cookie */
+ for (i=0; i<len && i < 20; i++) {
+ ptr += sprintf(ptr, " %02x", (unsigned) data[i]);
+ }
+ if (i < len) ptr += sprintf(ptr, "...");
+ info(buffer);
+ }
+ if (conn->discoveryState != STATE_RECEIVED_PADO) {
+ conn->cookie.type = htons(type);
+ conn->cookie.length = htons(len);
+ memcpy(conn->cookie.payload, data, len);
+ }
break;
case TAG_RELAY_SESSION_ID:
- conn->relayId.type = htons(type);
- conn->relayId.length = htons(len);
- memcpy(conn->relayId.payload, data, len);
+ if (pppoe_verbose >= 1) {
+ char buffer[100];
+ char *ptr = buffer;
+ ptr += sprintf(ptr, "Relay-ID:");
+ /* Print first 20 bytes of relay ID */
+ for (i=0; i<len && i < 20; i++) {
+ ptr += printf(ptr, " %02x", (unsigned) data[i]);
+ }
+ if (i < len) ptr += printf(ptr, "...");
+ info(buffer);
+ }
+ if (conn->discoveryState != STATE_RECEIVED_PADO) {
+ conn->relayId.type = htons(type);
+ conn->relayId.length = htons(len);
+ memcpy(conn->relayId.payload, data, len);
+ }
break;
case TAG_PPP_MAX_PAYLOAD:
if (len == sizeof(mru)) {
memcpy(&mru, data, sizeof(mru));
mru = ntohs(mru);
- if (mru >= ETH_PPPOE_MTU) {
- if (lcp_allowoptions[0].mru > mru)
- lcp_allowoptions[0].mru = mru;
- if (lcp_wantoptions[0].mru > mru)
- lcp_wantoptions[0].mru = mru;
+ info("Max-Payload: %u", (unsigned) mru);
+ if (mru >= ETH_PPPOE_MTU && conn->discoveryState != STATE_RECEIVED_PADO) {
+ if (conn->mtu > mru)
+ conn->mtu = mru;
+ if (conn->mru > mru)
+ conn->mru = mru;
conn->seenMaxPayload = 1;
}
}
UINT16_t mru;
switch(type) {
case TAG_SERVICE_NAME:
- dbglog("PADS: Service-Name: '%.*s'", (int) len, data);
+ if (pppoe_verbose >= 1 && len > 0) {
+ info("PADS: Service-Name: '%.*s'", (int) len, data);
+ }
break;
case TAG_PPP_MAX_PAYLOAD:
if (len == sizeof(mru)) {
memcpy(&mru, data, sizeof(mru));
mru = ntohs(mru);
if (mru >= ETH_PPPOE_MTU) {
- if (lcp_allowoptions[0].mru > mru)
- lcp_allowoptions[0].mru = mru;
- if (lcp_wantoptions[0].mru > mru)
- lcp_wantoptions[0].mru = mru;
+ if (conn->mtu > mru)
+ conn->mtu = mru;
+ if (conn->mru > mru)
+ conn->mru = mru;
conn->seenMaxPayload = 1;
}
}
}
/* Add our maximum MTU/MRU */
- if (MIN(lcp_allowoptions[0].mru, lcp_wantoptions[0].mru) > ETH_PPPOE_MTU) {
+ if (MIN(conn->mtu, conn->mru) > ETH_PPPOE_MTU) {
PPPoETag maxPayload;
- UINT16_t mru = htons(MIN(lcp_allowoptions[0].mru, lcp_wantoptions[0].mru));
+ UINT16_t mru = htons(MIN(conn->mtu, conn->mru));
maxPayload.type = htons(TAG_PPP_MAX_PAYLOAD);
maxPayload.length = htons(sizeof(mru));
memcpy(maxPayload.payload, &mru, sizeof(mru));
pc.seenACName = 0;
pc.seenServiceName = 0;
conn->seenMaxPayload = 0;
- conn->error = 0;
if (get_time(&expire_at) < 0) {
error("get_time (waitForPADO): %m");
while(1) {
r = select(conn->discoverySocket+1, &readable, NULL, NULL, &tv);
- if (r >= 0 || errno != EINTR || got_sigterm) break;
+ if (r >= 0 || errno != EINTR || signaled(SIGTERM)) break;
}
if (r < 0) {
error("select (waitForPADO): %m");
return; /* Timed out */
}
+ conn->error = 0;
/* Get the packet */
receivePacket(conn->discoverySocket, &packet, &len);
continue;
}
if (parsePacket(&packet, parsePADOTags, &pc) < 0)
- return;
+ continue;
if (conn->error)
- return;
+ continue;
if (!pc.seenACName) {
error("Ignoring PADO packet with no AC-Name tag");
continue;
error("Ignoring PADO packet with no Service-Name tag");
continue;
}
+ if (pppoe_verbose >= 1) {
+ info("AC-Ethernet-Address: %02x:%02x:%02x:%02x:%02x:%02x",
+ (unsigned) packet.ethHdr.h_source[0],
+ (unsigned) packet.ethHdr.h_source[1],
+ (unsigned) packet.ethHdr.h_source[2],
+ (unsigned) packet.ethHdr.h_source[3],
+ (unsigned) packet.ethHdr.h_source[4],
+ (unsigned) packet.ethHdr.h_source[5]);
+ info("--------------------------------------------------");
+ }
conn->numPADOs++;
- if (pc.acNameOK && pc.serviceNameOK) {
+ if (pc.acNameOK && pc.serviceNameOK && conn->discoveryState != STATE_RECEIVED_PADO) {
memcpy(conn->peerEth, packet.ethHdr.h_source, ETH_ALEN);
conn->discoveryState = STATE_RECEIVED_PADO;
- break;
}
}
- } while (conn->discoveryState != STATE_RECEIVED_PADO);
+ } while (pppoe_verbose >= 1 || conn->discoveryState != STATE_RECEIVED_PADO);
}
/***********************************************************************
}
/* Add our maximum MTU/MRU */
- if (MIN(lcp_allowoptions[0].mru, lcp_wantoptions[0].mru) > ETH_PPPOE_MTU) {
+ if (MIN(conn->mtu, conn->mru) > ETH_PPPOE_MTU) {
PPPoETag maxPayload;
- UINT16_t mru = htons(MIN(lcp_allowoptions[0].mru, lcp_wantoptions[0].mru));
+ UINT16_t mru = htons(MIN(conn->mtu, conn->mru));
maxPayload.type = htons(TAG_PPP_MAX_PAYLOAD);
maxPayload.length = htons(sizeof(mru));
memcpy(maxPayload.payload, &mru, sizeof(mru));
while(1) {
r = select(conn->discoverySocket+1, &readable, NULL, NULL, &tv);
- if (r >= 0 || errno != EINTR || got_sigterm) break;
+ if (r >= 0 || errno != EINTR || signaled(SIGTERM)) break;
}
if (r < 0) {
error("select (waitForPADS): %m");
}
/**********************************************************************
-*%FUNCTION: discovery
+*%FUNCTION: discovery1
*%ARGUMENTS:
* conn -- PPPoE connection info structure
*%RETURNS:
* Nothing
*%DESCRIPTION:
-* Performs the PPPoE discovery phase
+* Performs the PPPoE discovery phase 1
***********************************************************************/
void
-discovery(PPPoEConnection *conn)
+discovery1(PPPoEConnection *conn)
{
int padiAttempts = 0;
- int padrAttempts = 0;
int timeout = conn->discoveryTimeout;
do {
padiAttempts++;
- if (got_sigterm || padiAttempts > conn->discoveryAttempts) {
+ if (signaled(SIGTERM) || padiAttempts > conn->discoveryAttempts) {
warn("Timeout waiting for PADO packets");
close(conn->discoverySocket);
conn->discoverySocket = -1;
timeout *= 2;
} while (conn->discoveryState == STATE_SENT_PADI);
+}
+
+/**********************************************************************
+*%FUNCTION: discovery2
+*%ARGUMENTS:
+* conn -- PPPoE connection info structure
+*%RETURNS:
+* Nothing
+*%DESCRIPTION:
+* Performs the PPPoE discovery phase 2
+***********************************************************************/
+void
+discovery2(PPPoEConnection *conn)
+{
+ int padrAttempts = 0;
+ int timeout = conn->discoveryTimeout;
- timeout = conn->discoveryTimeout;
do {
padrAttempts++;
- if (got_sigterm || padrAttempts > conn->discoveryAttempts) {
+ if (signaled(SIGTERM) || padrAttempts > conn->discoveryAttempts) {
warn("Timeout waiting for PADS packets");
close(conn->discoverySocket);
conn->discoverySocket = -1;
if (!conn->seenMaxPayload) {
/* RFC 4638: MUST limit MTU/MRU to 1492 */
- if (lcp_allowoptions[0].mru > ETH_PPPOE_MTU)
- lcp_allowoptions[0].mru = ETH_PPPOE_MTU;
- if (lcp_wantoptions[0].mru > ETH_PPPOE_MTU)
- lcp_wantoptions[0].mru = ETH_PPPOE_MTU;
+ if (conn->mtu > ETH_PPPOE_MTU)
+ conn->mtu = ETH_PPPOE_MTU;
+ if (conn->mru > ETH_PPPOE_MTU)
+ conn->mru = ETH_PPPOE_MTU;
}
/* We're done. */
static char const RCSID[] =
"$Id: if.c,v 1.2 2008/06/09 08:34:23 paulus Exp $";
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#define _GNU_SOURCE 1
#include "pppoe.h"
-#include "pppd/pppd.h"
+#include <pppd/pppd.h>
#ifdef HAVE_UNISTD_H
#include <unistd.h>
int fd;
struct ifreq ifr;
int domain, stype;
+ size_t maxlen;
#ifdef HAVE_STRUCT_SOCKADDR_LL
struct sockaddr_ll sa;
#ifdef HAVE_STRUCT_SOCKADDR_LL
domain = PF_PACKET;
stype = SOCK_RAW;
+ maxlen = IFNAMSIZ;
#else
domain = PF_INET;
stype = SOCK_PACKET;
+ maxlen = sizeof(sa.sa_data);
#endif
+ if (strlen(ifname) >= maxlen) {
+ error("Can't use interface %.16s: name is too long", ifname);
+ return -1;
+ }
+
if ((fd = socket(domain, stype, htons(type))) < 0) {
/* Give a more helpful message for the common error case */
if (errno == EPERM) {
sa.sll_ifindex = ifr.ifr_ifindex;
#else
- strcpy(sa.sa_data, ifname);
+ strlcpy(sa.sa_data, ifname, sizeof(sa.sa_data));
#endif
/* We're only interested in packets on specified interface */
{
int err;
- if (debug)
+ if (debug_on())
pppoe_log_packet("Send ", pkt);
#if defined(HAVE_STRUCT_SOCKADDR_LL)
err = send(sock, pkt, size, 0);
#else
struct sockaddr sa;
- strcpy(sa.sa_data, conn->ifName);
+ strlcpy(sa.sa_data, conn->ifName, sizeof(sa.sa_data));
err = sendto(sock, pkt, size, 0, &sa, sizeof(sa));
#endif
if (err < 0) {
error("error receiving pppoe packet: %m");
return -1;
}
- if (debug)
+ if (debug_on())
pppoe_log_packet("Recv ", pkt);
return 0;
}
static char const RCSID[] =
"$Id: plugin.c,v 1.17 2008/06/15 04:35:50 paulus Exp $";
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#define _GNU_SOURCE 1
#include "pppoe.h"
-#include "pppd/pppd.h"
-#include "pppd/fsm.h"
-#include "pppd/lcp.h"
-#include "pppd/ipcp.h"
-#include "pppd/ccp.h"
-/* #include "pppd/pathnames.h" */
-
#include <linux/types.h>
#include <sys/ioctl.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/stat.h>
+#include <sys/param.h>
#include <string.h>
#include <stdlib.h>
#include <errno.h>
#include <linux/ppp_defs.h>
#include <linux/if_pppox.h>
-#ifndef _ROOT_PATH
-#define _ROOT_PATH ""
-#endif
+#include <pppd/pppd.h>
+#include <pppd/options.h>
+#include <pppd/fsm.h>
+#include <pppd/lcp.h>
+#include <pppd/ipcp.h>
+#include <pppd/ccp.h>
-#define _PATH_ETHOPT _ROOT_PATH "/etc/ppp/options."
-
-char pppd_version[] = VERSION;
+char pppd_version[] = PPPD_VERSION;
/* From sys-linux.c in pppd -- MUST FIX THIS! */
extern int new_style_driver;
char *pppd_pppoe_service = NULL;
static char *acName = NULL;
static char *existingSession = NULL;
-static int printACNames = 0;
+int pppoe_verbose = 0;
static char *pppoe_reqd_mac = NULL;
unsigned char pppoe_reqd_mac_addr[6];
static char *pppoe_host_uniq;
static int pppoe_padi_timeout = PADI_TIMEOUT;
static int pppoe_padi_attempts = MAX_PADI_ATTEMPTS;
+static char devnam[MAXNAMELEN];
static int PPPoEDevnameHook(char *cmd, char **argv, int doit);
-static option_t Options[] = {
+static struct option Options[] = {
{ "device name", o_wild, (void *) &PPPoEDevnameHook,
"PPPoE device name",
OPT_DEVNAM | OPT_PRIVFIX | OPT_NOARG | OPT_A2STRVAL | OPT_STATIC,
"Attach to existing session (sessid:macaddr)" },
{ "rp_pppoe_sess", o_string, &existingSession,
"Legacy alias for pppoe-sess", OPT_ALIAS },
- { "pppoe-verbose", o_int, &printACNames,
+ { "pppoe-verbose", o_int, &pppoe_verbose,
"Be verbose about discovered access concentrators" },
- { "rp_pppoe_verbose", o_int, &printACNames,
+ { "rp_pppoe_verbose", o_int, &pppoe_verbose,
"Legacy alias for pppoe-verbose", OPT_ALIAS },
{ "pppoe-mac", o_string, &pppoe_reqd_mac,
"Only connect to specified MAC address" },
conn->ifName = devnam;
conn->discoverySocket = -1;
conn->sessionSocket = -1;
- conn->printACNames = printACNames;
conn->discoveryTimeout = pppoe_padi_timeout;
conn->discoveryAttempts = pppoe_padi_attempts;
return 1;
struct sockaddr_pppox sp;
struct ifreq ifr;
int s;
+ char remote_number[MAXNAMELEN];
/* Open session socket before discovery phase, to avoid losing session */
/* packets sent by peer just after PADS packet (noted on some Cisco */
}
/* Restore configuration */
- lcp_allowoptions[0].mru = conn->mtu;
- lcp_wantoptions[0].mru = conn->mru;
+ lcp_allowoptions[0].mru = conn->mtu = conn->storedmtu;
+ lcp_wantoptions[0].mru = conn->mru = conn->storedmru;
/* Update maximum MRU */
s = socket(AF_INET, SOCK_DGRAM, 0);
close(s);
if (lcp_allowoptions[0].mru > ifr.ifr_mtu - TOTAL_OVERHEAD)
- lcp_allowoptions[0].mru = ifr.ifr_mtu - TOTAL_OVERHEAD;
+ lcp_allowoptions[0].mru = conn->mtu = ifr.ifr_mtu - TOTAL_OVERHEAD;
if (lcp_wantoptions[0].mru > ifr.ifr_mtu - TOTAL_OVERHEAD)
- lcp_wantoptions[0].mru = ifr.ifr_mtu - TOTAL_OVERHEAD;
+ lcp_wantoptions[0].mru = conn->mru = ifr.ifr_mtu - TOTAL_OVERHEAD;
if (pppoe_host_uniq) {
if (!parseHostUniq(pppoe_host_uniq, &conn->hostUniq))
conn->acName = acName;
conn->serviceName = pppd_pppoe_service;
- strlcpy(ppp_devnam, devnam, sizeof(ppp_devnam));
+ ppp_set_pppdevnam(devnam);
if (existingSession) {
unsigned int mac[ETH_ALEN];
int i, ses;
error("Failed to create PPPoE discovery socket: %m");
goto errout;
}
- discovery(conn);
+ discovery1(conn);
+ /* discovery1() may update conn->mtu and conn->mru */
+ lcp_allowoptions[0].mru = conn->mtu;
+ lcp_wantoptions[0].mru = conn->mru;
+ if (conn->discoveryState != STATE_RECEIVED_PADO) {
+ error("Unable to complete PPPoE Discovery phase 1");
+ goto errout;
+ }
+ discovery2(conn);
+ /* discovery2() may update conn->mtu and conn->mru */
+ lcp_allowoptions[0].mru = conn->mtu;
+ lcp_wantoptions[0].mru = conn->mru;
if (conn->discoveryState != STATE_SESSION) {
- error("Unable to complete PPPoE Discovery");
+ error("Unable to complete PPPoE Discovery phase 2");
goto errout;
}
}
/* Set PPPoE session-number for further consumption */
- ppp_session_number = ntohs(conn->session);
+ ppp_set_session_number(ntohs(conn->session));
sp.sa_family = AF_PPPOX;
sp.sa_protocol = PX_PROTO_OE;
(unsigned) conn->peerEth[3],
(unsigned) conn->peerEth[4],
(unsigned) conn->peerEth[5]);
+ warn("Connected to %s via interface %s", remote_number, conn->ifName);
+ ppp_set_remote_number(remote_number);
- warn("Connected to %02X:%02X:%02X:%02X:%02X:%02X via interface %s",
- (unsigned) conn->peerEth[0],
- (unsigned) conn->peerEth[1],
- (unsigned) conn->peerEth[2],
- (unsigned) conn->peerEth[3],
- (unsigned) conn->peerEth[4],
- (unsigned) conn->peerEth[5],
- conn->ifName);
-
- script_setenv("MACREMOTE", remote_number, 0);
+ ppp_script_setenv("MACREMOTE", remote_number, 0);
if (connect(conn->sessionSocket, (struct sockaddr *) &sp,
sizeof(struct sockaddr_pppox)) < 0) {
sizeof(struct sockaddr_pppox)) < 0 && errno != EALREADY)
error("Failed to disconnect PPPoE socket: %d %m", errno);
close(conn->sessionSocket);
+ if (conn->discoverySocket < 0)
+ conn->discoverySocket =
+ openInterface(conn->ifName, Eth_PPPOE_Discovery, NULL);
if (conn->discoverySocket >= 0) {
sendPADT(conn, NULL);
close(conn->discoverySocket);
static void
PPPOEDeviceOptions(void)
{
+ char name[MAXPATHLEN];
char buf[MAXPATHLEN];
- strlcpy(buf, _PATH_ETHOPT, MAXPATHLEN);
- strlcat(buf, devnam, MAXPATHLEN);
- if (!options_from_file(buf, 0, 0, 1))
- exit(EXIT_OPTION_ERROR);
-
+ slprintf(name, sizeof(name), "options.%s", devnam);
+ if (ppp_get_filepath(PPP_DIR_CONF, name, buf, sizeof(buf)) < sizeof(buf)) {
+ if (!ppp_options_from_file(buf, 0, 0, 1)) {
+ exit(EXIT_OPTION_ERROR);
+ }
+ } else {
+ exit(EXIT_OPTION_ERROR);
+ }
}
struct channel pppoe_channel;
if (the_channel != &pppoe_channel) {
the_channel = &pppoe_channel;
- modem = 0;
+ ppp_set_modem(0);
PPPOEInitDevice();
}
+ ppp_set_devnam(devnam);
return 1;
}
void
plugin_init(void)
{
- if (!ppp_available() && !new_style_driver) {
+ if (!ppp_check_kernel_support() && !new_style_driver) {
fatal("Linux kernel does not support PPPoE -- are you running 2.4.x?");
}
- add_options(Options);
+ ppp_add_options(Options);
- info("PPPoE plugin from pppd %s", VERSION);
+ info("PPPoE plugin from pppd %s", PPPD_VERSION);
}
void pppoe_check_options(void)
if (sscanf(pppoe_reqd_mac, "%x:%x:%x:%x:%x:%x",
&mac[0], &mac[1], &mac[2], &mac[3],
&mac[4], &mac[5]) != 6) {
- option_error("cannot parse pppoe-mac option value");
+ ppp_option_error("cannot parse pppoe-mac option value");
exit(EXIT_OPTION_ERROR);
}
for (i = 0; i < 6; ++i)
lcp_wantoptions[0].mru = MAX_PPPOE_MTU;
/* Save configuration */
- conn->mtu = lcp_allowoptions[0].mru;
- conn->mru = lcp_wantoptions[0].mru;
+ conn->storedmtu = lcp_allowoptions[0].mru;
+ conn->storedmru = lcp_wantoptions[0].mru;
ccp_allowoptions[0].deflate = 0;
ccp_wantoptions[0].deflate = 0;
.check_options = pppoe_check_options,
.connect = &PPPOEConnectDevice,
.disconnect = &PPPOEDisconnectDevice,
- .establish_ppp = &generic_establish_ppp,
- .disestablish_ppp = &generic_disestablish_ppp,
+ .establish_ppp = &ppp_generic_establish,
+ .disestablish_ppp = &ppp_generic_disestablish,
.send_config = NULL,
.recv_config = &PPPOERecvConfig,
.close = NULL,
The interface should be \(lqup\(rq before you start
\fBpppoe\-discovery\fR, but should \fInot\fR be configured to have an
IP address.
-The default interface is eth0.
+This option is mandatory.
.RE
.TP
.BI \-D " file_name"
.RE
.SH AUTHORS
\fBpppoe\-discovery\fR was written by Marco d'Itri <md@linux.it>,
-based on \fBpppoe\fR by David F. Skoll <dfs@roaringpenguin.com>.
+based on \fBpppoe\fR by Dianne Skoll <dianne@skoll.ca>.
.SH SEE ALSO
-pppoe(8), pppoe-sniff(8)
+pppoe(8), pppoe\-sniff(8)
*
*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include <stdarg.h>
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <time.h>
+#include <signal.h>
+#include <sys/time.h>
+#include <stdbool.h>
+#include <stdint.h>
#include "pppoe.h"
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
-#endif
-
-#ifdef HAVE_NETPACKET_PACKET_H
-#include <netpacket/packet.h>
-#elif defined(HAVE_LINUX_IF_PACKET_H)
-#include <linux/if_packet.h>
-#endif
-
-#ifdef HAVE_ASM_TYPES_H
-#include <asm/types.h>
-#endif
-
-#ifdef HAVE_SYS_IOCTL_H
-#include <sys/ioctl.h>
-#endif
-
-#include <errno.h>
-#include <stdlib.h>
-#include <string.h>
-
-#ifdef HAVE_NET_IF_ARP_H
-#include <net/if_arp.h>
-#endif
-
-char *xstrdup(const char *s);
-void usage(void);
+int debug;
+int got_sigterm;
+int pppoe_verbose;
+static FILE *debugFile;
-void die(int status)
+void
+fatal(const char *fmt, ...)
{
- exit(status);
+ va_list pvar;
+ va_start(pvar, fmt);
+ vfprintf(stderr, fmt, pvar);
+ va_end(pvar);
+ fputc('\n', stderr);
+ exit(1);
}
-void error(char *fmt, ...)
+void
+error(const char *fmt, ...)
{
va_list pvar;
va_start(pvar, fmt);
vfprintf(stderr, fmt, pvar);
+ fputc('\n', stderr);
va_end(pvar);
}
-/* Initialize frame types to RFC 2516 values. Some broken peers apparently
- use different frame types... sigh... */
-
-UINT16_t Eth_PPPOE_Discovery = ETH_PPPOE_DISCOVERY;
-UINT16_t Eth_PPPOE_Session = ETH_PPPOE_SESSION;
-
-/**********************************************************************
-*%FUNCTION: etherType
-*%ARGUMENTS:
-* packet -- a received PPPoE packet
-*%RETURNS:
-* ethernet packet type (see /usr/include/net/ethertypes.h)
-*%DESCRIPTION:
-* Checks the ethernet packet header to determine its type.
-* We should only be receveing DISCOVERY and SESSION types if the BPF
-* is set up correctly. Logs an error if an unexpected type is received.
-* Note that the ethernet type names come from "pppoe.h" and the packet
-* packet structure names use the LINUX dialect to maintain consistency
-* with the rest of this file. See the BSD section of "pppoe.h" for
-* translations of the data structure names.
-***********************************************************************/
-UINT16_t
-etherType(PPPoEPacket *packet)
+void
+warn(const char *fmt, ...)
{
- UINT16_t type = (UINT16_t) ntohs(packet->ethHdr.h_proto);
- if (type != Eth_PPPOE_Discovery && type != Eth_PPPOE_Session) {
- fprintf(stderr, "Invalid ether type 0x%x\n", type);
- }
- return type;
+ va_list pvar;
+ va_start(pvar, fmt);
+ vfprintf(stderr, fmt, pvar);
+ fputc('\n', stderr);
+ va_end(pvar);
}
-/**********************************************************************
-*%FUNCTION: openInterface
-*%ARGUMENTS:
-* ifname -- name of interface
-* type -- Ethernet frame type
-* hwaddr -- if non-NULL, set to the hardware address
-*%RETURNS:
-* A raw socket for talking to the Ethernet card. Exits on error.
-*%DESCRIPTION:
-* Opens a raw Ethernet socket
-***********************************************************************/
-int
-openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr)
+void
+info(const char *fmt, ...)
{
- int optval=1;
- int fd;
- struct ifreq ifr;
- int domain, stype;
-
-#ifdef HAVE_STRUCT_SOCKADDR_LL
- struct sockaddr_ll sa;
-#else
- struct sockaddr sa;
-#endif
-
- memset(&sa, 0, sizeof(sa));
-
-#ifdef HAVE_STRUCT_SOCKADDR_LL
- domain = PF_PACKET;
- stype = SOCK_RAW;
-#else
- domain = PF_INET;
- stype = SOCK_PACKET;
-#endif
-
- if ((fd = socket(domain, stype, htons(type))) < 0) {
- /* Give a more helpful message for the common error case */
- if (errno == EPERM) {
- fatal("Cannot create raw socket -- pppoe must be run as root.");
- }
- fatalSys("socket");
- }
-
- if (setsockopt(fd, SOL_SOCKET, SO_BROADCAST, &optval, sizeof(optval)) < 0) {
- fatalSys("setsockopt");
- }
-
- /* Fill in hardware address */
- if (hwaddr) {
- strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
- if (ioctl(fd, SIOCGIFHWADDR, &ifr) < 0) {
- fatalSys("ioctl(SIOCGIFHWADDR)");
- }
- memcpy(hwaddr, ifr.ifr_hwaddr.sa_data, ETH_ALEN);
-#ifdef ARPHRD_ETHER
- if (ifr.ifr_hwaddr.sa_family != ARPHRD_ETHER) {
- fatal("Interface %.16s is not Ethernet", ifname);
- }
-#endif
- if (NOT_UNICAST(hwaddr)) {
- fatal("Interface %.16s has broadcast/multicast MAC address??", ifname);
- }
- }
-
- /* Sanity check on MTU */
- strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
- if (ioctl(fd, SIOCGIFMTU, &ifr) < 0) {
- fatalSys("ioctl(SIOCGIFMTU)");
- }
- if (ifr.ifr_mtu < ETH_DATA_LEN) {
- fprintf(stderr, "Interface %.16s has MTU of %d -- should be %d.\n",
- ifname, ifr.ifr_mtu, ETH_DATA_LEN);
- fprintf(stderr, "You may have serious connection problems.\n");
- }
-
-#ifdef HAVE_STRUCT_SOCKADDR_LL
- /* Get interface index */
- sa.sll_family = AF_PACKET;
- sa.sll_protocol = htons(type);
-
- strncpy(ifr.ifr_name, ifname, IFNAMSIZ);
- ifr.ifr_name[IFNAMSIZ - 1] = 0;
- if (ioctl(fd, SIOCGIFINDEX, &ifr) < 0) {
- fatalSys("ioctl(SIOCFIGINDEX): Could not get interface index");
- }
- sa.sll_ifindex = ifr.ifr_ifindex;
-
-#else
- strcpy(sa.sa_data, ifname);
-#endif
-
- /* We're only interested in packets on specified interface */
- if (bind(fd, (struct sockaddr *) &sa, sizeof(sa)) < 0) {
- fatalSys("bind");
- }
-
- return fd;
+ va_list pvar;
+ va_start(pvar, fmt);
+ vprintf(fmt, pvar);
+ putchar('\n');
+ va_end(pvar);
}
-
-/***********************************************************************
-*%FUNCTION: sendPacket
-*%ARGUMENTS:
-* sock -- socket to send to
-* pkt -- the packet to transmit
-* size -- size of packet (in bytes)
-*%RETURNS:
-* 0 on success; -1 on failure
-*%DESCRIPTION:
-* Transmits a packet
-***********************************************************************/
-int
-sendPacket(PPPoEConnection *conn, int sock, PPPoEPacket *pkt, int size)
+void
+init_pr_log(const char *prefix, int level)
{
-#if defined(HAVE_STRUCT_SOCKADDR_LL)
- if (send(sock, pkt, size, 0) < 0) {
- fatalSys("send (sendPacket)");
- return -1;
- }
-#else
- struct sockaddr sa;
-
- if (!conn) {
- fatal("relay and server not supported on Linux 2.0 kernels");
- }
- strcpy(sa.sa_data, conn->ifName);
- if (sendto(sock, pkt, size, 0, &sa, sizeof(sa)) < 0) {
- fatalSys("sendto (sendPacket)");
- return -1;
- }
-#endif
- return 0;
}
-/***********************************************************************
-*%FUNCTION: receivePacket
-*%ARGUMENTS:
-* sock -- socket to read from
-* pkt -- place to store the received packet
-* size -- set to size of packet in bytes
-*%RETURNS:
-* >= 0 if all OK; < 0 if error
-*%DESCRIPTION:
-* Receives a packet
-***********************************************************************/
-int
-receivePacket(int sock, PPPoEPacket *pkt, int *size)
+void
+end_pr_log(void)
{
- if ((*size = recv(sock, pkt, sizeof(PPPoEPacket), 0)) < 0) {
- fatalSys("recv (receivePacket)");
- return -1;
- }
- return 0;
+ fflush(debugFile);
}
-/**********************************************************************
-*%FUNCTION: parsePacket
-*%ARGUMENTS:
-* packet -- the PPPoE discovery packet to parse
-* func -- function called for each tag in the packet
-* extra -- an opaque data pointer supplied to parsing function
-*%RETURNS:
-* 0 if everything went well; -1 if there was an error
-*%DESCRIPTION:
-* Parses a PPPoE discovery packet, calling "func" for each tag in the packet.
-* "func" is passed the additional argument "extra".
-***********************************************************************/
-int
-parsePacket(PPPoEPacket *packet, ParseFunc *func, void *extra)
+void
+pr_log(void *arg, char *fmt, ...)
{
- UINT16_t len = ntohs(packet->length);
- unsigned char *curTag;
- UINT16_t tagType, tagLen;
-
- if (PPPOE_VER(packet->vertype) != 1) {
- fprintf(stderr, "Invalid PPPoE version (%d)\n",
- PPPOE_VER(packet->vertype));
- return -1;
- }
- if (PPPOE_TYPE(packet->vertype) != 1) {
- fprintf(stderr, "Invalid PPPoE type (%d)\n",
- PPPOE_TYPE(packet->vertype));
- return -1;
- }
-
- /* Do some sanity checks on packet */
- if (len > ETH_JUMBO_LEN - PPPOE_OVERHEAD) { /* 6-byte overhead for PPPoE header */
- fprintf(stderr, "Invalid PPPoE packet length (%u)\n", len);
- return -1;
- }
+ va_list ap;
+ va_start(ap, fmt);
+ vfprintf(debugFile, fmt, ap);
+ va_end(ap);
+}
- /* Step through the tags */
- curTag = packet->payload;
- while(curTag - packet->payload < len) {
- /* Alignment is not guaranteed, so do this by hand... */
- tagType = (curTag[0] << 8) + curTag[1];
- tagLen = (curTag[2] << 8) + curTag[3];
- if (tagType == TAG_END_OF_LIST) {
- return 0;
- }
- if ((curTag - packet->payload) + tagLen + TAG_HDR_SIZE > len) {
- fprintf(stderr, "Invalid PPPoE tag length (%u)\n", tagLen);
- return -1;
+size_t
+strlcpy(char *dest, const char *src, size_t len)
+{
+ size_t ret = strlen(src);
+
+ if (len != 0) {
+ if (ret < len)
+ strcpy(dest, src);
+ else {
+ strncpy(dest, src, len - 1);
+ dest[len-1] = 0;
}
- func(tagType, tagLen, curTag+TAG_HDR_SIZE, extra);
- curTag = curTag + TAG_HDR_SIZE + tagLen;
}
- return 0;
+ return ret;
}
-/**********************************************************************
-*%FUNCTION: parseForHostUniq
-*%ARGUMENTS:
-* type -- tag type
-* len -- tag length
-* data -- tag data.
-* extra -- user-supplied pointer. This is assumed to be a pointer to int.
-*%RETURNS:
-* Nothing
-*%DESCRIPTION:
-* If a HostUnique tag is found which matches our PID, sets *extra to 1.
-***********************************************************************/
-void
-parseForHostUniq(UINT16_t type, UINT16_t len, unsigned char *data,
- void *extra)
+static char *
+xstrdup(const char *s)
{
- PPPoETag *tag = extra;
-
- if (type == TAG_HOST_UNIQ && len == ntohs(tag->length))
- tag->length = memcmp(data, tag->payload, len);
+ char *ret = strdup(s);
+ if (!ret) {
+ perror("strdup");
+ exit(1);
+ }
+ return ret;
}
-/**********************************************************************
-*%FUNCTION: packetIsForMe
-*%ARGUMENTS:
-* conn -- PPPoE connection info
-* packet -- a received PPPoE packet
-*%RETURNS:
-* 1 if packet is for this PPPoE daemon; 0 otherwise.
-*%DESCRIPTION:
-* If we are using the Host-Unique tag, verifies that packet contains
-* our unique identifier.
-***********************************************************************/
int
-packetIsForMe(PPPoEConnection *conn, PPPoEPacket *packet)
+get_time(struct timeval *tv)
{
- PPPoETag hostUniq = conn->hostUniq;
-
- /* If packet is not directed to our MAC address, forget it */
- if (memcmp(packet->ethHdr.h_dest, conn->myEth, ETH_ALEN)) return 0;
-
- /* If we're not using the Host-Unique tag, then accept the packet */
- if (!conn->hostUniq.length) return 1;
-
- parsePacket(packet, parseForHostUniq, &hostUniq);
- return !hostUniq.length;
+ return gettimeofday(tv, NULL);
}
-/**********************************************************************
-*%FUNCTION: parsePADOTags
-*%ARGUMENTS:
-* type -- tag type
-* len -- tag length
-* data -- tag data
-* extra -- extra user data. Should point to a PacketCriteria structure
-* which gets filled in according to selected AC name and service
-* name.
-*%RETURNS:
-* Nothing
-*%DESCRIPTION:
-* Picks interesting tags out of a PADO packet
-***********************************************************************/
-void
-parsePADOTags(UINT16_t type, UINT16_t len, unsigned char *data,
- void *extra)
-{
- struct PacketCriteria *pc = (struct PacketCriteria *) extra;
- PPPoEConnection *conn = pc->conn;
- int i;
-
- switch(type) {
- case TAG_AC_NAME:
- pc->seenACName = 1;
- if (conn->printACNames) {
- printf("Access-Concentrator: %.*s\n", (int) len, data);
- }
- if (conn->acName && len == strlen(conn->acName) &&
- !strncmp((char *) data, conn->acName, len)) {
- pc->acNameOK = 1;
- }
- break;
- case TAG_SERVICE_NAME:
- pc->seenServiceName = 1;
- if (conn->printACNames && len > 0) {
- printf(" Service-Name: %.*s\n", (int) len, data);
- }
- if (conn->serviceName && len == strlen(conn->serviceName) &&
- !strncmp((char *) data, conn->serviceName, len)) {
- pc->serviceNameOK = 1;
- }
- break;
- case TAG_AC_COOKIE:
- if (conn->printACNames) {
- printf("Got a cookie:");
- /* Print first 20 bytes of cookie */
- for (i=0; i<len && i < 20; i++) {
- printf(" %02x", (unsigned) data[i]);
- }
- if (i < len) printf("...");
- printf("\n");
- }
- conn->cookie.type = htons(type);
- conn->cookie.length = htons(len);
- memcpy(conn->cookie.payload, data, len);
- break;
- case TAG_RELAY_SESSION_ID:
- if (conn->printACNames) {
- printf("Got a Relay-ID:");
- /* Print first 20 bytes of relay ID */
- for (i=0; i<len && i < 20; i++) {
- printf(" %02x", (unsigned) data[i]);
- }
- if (i < len) printf("...");
- printf("\n");
- }
- conn->relayId.type = htons(type);
- conn->relayId.length = htons(len);
- memcpy(conn->relayId.payload, data, len);
- break;
- case TAG_SERVICE_NAME_ERROR:
- if (conn->printACNames) {
- printf("Got a Service-Name-Error tag: %.*s\n", (int) len, data);
- }
- break;
- case TAG_AC_SYSTEM_ERROR:
- if (conn->printACNames) {
- printf("Got a System-Error tag: %.*s\n", (int) len, data);
- }
- break;
- case TAG_GENERIC_ERROR:
- if (conn->printACNames) {
- printf("Got a Generic-Error tag: %.*s\n", (int) len, data);
- }
- break;
- }
+int signaled(int signal) {
+ if (signal == SIGTERM)
+ return got_sigterm;
+ return 0;
}
-/***********************************************************************
-*%FUNCTION: sendPADI
-*%ARGUMENTS:
-* conn -- PPPoEConnection structure
-*%RETURNS:
-* Nothing
-*%DESCRIPTION:
-* Sends a PADI packet
-***********************************************************************/
-void
-sendPADI(PPPoEConnection *conn)
+bool debug_on()
{
- PPPoEPacket packet;
- unsigned char *cursor = packet.payload;
- PPPoETag *svc = (PPPoETag *) (&packet.payload);
- UINT16_t namelen = 0;
- UINT16_t plen;
-
- if (conn->serviceName) {
- namelen = (UINT16_t) strlen(conn->serviceName);
- }
- plen = TAG_HDR_SIZE + namelen;
- CHECK_ROOM(cursor, packet.payload, plen);
-
- /* Set destination to Ethernet broadcast address */
- memset(packet.ethHdr.h_dest, 0xFF, ETH_ALEN);
- memcpy(packet.ethHdr.h_source, conn->myEth, ETH_ALEN);
-
- packet.ethHdr.h_proto = htons(Eth_PPPOE_Discovery);
- packet.vertype = PPPOE_VER_TYPE(1, 1);
- packet.code = CODE_PADI;
- packet.session = 0;
-
- svc->type = TAG_SERVICE_NAME;
- svc->length = htons(namelen);
- CHECK_ROOM(cursor, packet.payload, namelen+TAG_HDR_SIZE);
-
- if (conn->serviceName) {
- memcpy(svc->payload, conn->serviceName, strlen(conn->serviceName));
- }
- cursor += namelen + TAG_HDR_SIZE;
-
- /* If we're using Host-Uniq, copy it over */
- if (conn->hostUniq.length) {
- int len = ntohs(conn->hostUniq.length);
- CHECK_ROOM(cursor, packet.payload, len + TAG_HDR_SIZE);
- memcpy(cursor, &conn->hostUniq, len + TAG_HDR_SIZE);
- cursor += len + TAG_HDR_SIZE;
- plen += len + TAG_HDR_SIZE;
- }
-
- packet.length = htons(plen);
-
- sendPacket(conn, conn->discoverySocket, &packet, (int) (plen + HDR_SIZE));
- if (conn->debugFile) {
- dumpPacket(conn->debugFile, &packet, "SENT");
- fprintf(conn->debugFile, "\n");
- fflush(conn->debugFile);
- }
+ return !!debug;
}
-/**********************************************************************
-*%FUNCTION: waitForPADO
-*%ARGUMENTS:
-* conn -- PPPoEConnection structure
-* timeout -- how long to wait (in seconds)
-*%RETURNS:
-* Nothing
-*%DESCRIPTION:
-* Waits for a PADO packet and copies useful information
-***********************************************************************/
-void
-waitForPADO(PPPoEConnection *conn, int timeout)
+static void
+term_handler(int signum)
{
- fd_set readable;
- int r;
- struct timeval tv;
- PPPoEPacket packet;
- int len;
-
- struct PacketCriteria pc;
- pc.conn = conn;
- pc.acNameOK = (conn->acName) ? 0 : 1;
- pc.serviceNameOK = (conn->serviceName) ? 0 : 1;
- pc.seenACName = 0;
- pc.seenServiceName = 0;
- conn->error = 0;
-
- do {
- if (BPF_BUFFER_IS_EMPTY) {
- tv.tv_sec = timeout;
- tv.tv_usec = 0;
-
- FD_ZERO(&readable);
- FD_SET(conn->discoverySocket, &readable);
-
- while(1) {
- r = select(conn->discoverySocket+1, &readable, NULL, NULL, &tv);
- if (r >= 0 || errno != EINTR) break;
- }
- if (r < 0) {
- perror("select (waitForPADO)");
- return;
- }
- if (r == 0) return; /* Timed out */
- }
-
- /* Get the packet */
- receivePacket(conn->discoverySocket, &packet, &len);
-
- /* Check length */
- if (ntohs(packet.length) + HDR_SIZE > len) {
- fprintf(stderr, "Bogus PPPoE length field (%u)\n",
- (unsigned int) ntohs(packet.length));
- continue;
- }
-
-#ifdef USE_BPF
- /* If it's not a Discovery packet, loop again */
- if (etherType(&packet) != Eth_PPPOE_Discovery) continue;
-#endif
-
- if (conn->debugFile) {
- dumpPacket(conn->debugFile, &packet, "RCVD");
- fprintf(conn->debugFile, "\n");
- fflush(conn->debugFile);
- }
- /* If it's not for us, loop again */
- if (!packetIsForMe(conn, &packet)) continue;
-
- if (packet.code == CODE_PADO) {
- if (BROADCAST(packet.ethHdr.h_source)) {
- fprintf(stderr, "Ignoring PADO packet from broadcast MAC address\n");
- continue;
- }
- parsePacket(&packet, parsePADOTags, &pc);
- if (conn->error)
- return;
- if (!pc.seenACName) {
- fprintf(stderr, "Ignoring PADO packet with no AC-Name tag\n");
- continue;
- }
- if (!pc.seenServiceName) {
- fprintf(stderr, "Ignoring PADO packet with no Service-Name tag\n");
- continue;
- }
- conn->numPADOs++;
- if (pc.acNameOK && pc.serviceNameOK) {
- memcpy(conn->peerEth, packet.ethHdr.h_source, ETH_ALEN);
- if (conn->printACNames) {
- printf("AC-Ethernet-Address: %02x:%02x:%02x:%02x:%02x:%02x\n",
- (unsigned) conn->peerEth[0],
- (unsigned) conn->peerEth[1],
- (unsigned) conn->peerEth[2],
- (unsigned) conn->peerEth[3],
- (unsigned) conn->peerEth[4],
- (unsigned) conn->peerEth[5]);
- printf("--------------------------------------------------\n");
- continue;
- }
- conn->discoveryState = STATE_RECEIVED_PADO;
- break;
- }
- }
- } while (conn->discoveryState != STATE_RECEIVED_PADO);
+ got_sigterm = 1;
}
-/**********************************************************************
-*%FUNCTION: discovery
-*%ARGUMENTS:
-* conn -- PPPoE connection info structure
-*%RETURNS:
-* Nothing
-*%DESCRIPTION:
-* Performs the PPPoE discovery phase
-***********************************************************************/
-void
-discovery(PPPoEConnection *conn)
-{
- int padiAttempts = 0;
- int timeout = conn->discoveryTimeout;
-
- conn->discoverySocket =
- openInterface(conn->ifName, Eth_PPPOE_Discovery, conn->myEth);
-
- do {
- padiAttempts++;
- if (padiAttempts > conn->discoveryAttempts) {
- fprintf(stderr, "Timeout waiting for PADO packets\n");
- close(conn->discoverySocket);
- conn->discoverySocket = -1;
- return;
- }
- sendPADI(conn);
- conn->discoveryState = STATE_SENT_PADI;
- waitForPADO(conn, timeout);
- } while (!conn->numPADOs);
-}
+static void usage(void);
int main(int argc, char *argv[])
{
int opt;
PPPoEConnection *conn;
+ signal(SIGINT, term_handler);
+ signal(SIGTERM, term_handler);
+
conn = malloc(sizeof(PPPoEConnection));
- if (!conn)
- fatalSys("malloc");
+ if (!conn) {
+ perror("malloc");
+ exit(1);
+ }
memset(conn, 0, sizeof(PPPoEConnection));
- conn->printACNames = 1;
+ pppoe_verbose = 1;
conn->discoveryTimeout = PADI_TIMEOUT;
conn->discoveryAttempts = MAX_PADI_ATTEMPTS;
}
break;
case 'D':
- conn->debugFile = fopen(optarg, "w");
- if (!conn->debugFile) {
+ pppoe_verbose = 2;
+ debug = 1;
+ debugFile = fopen(optarg, "w");
+ if (!debugFile) {
fprintf(stderr, "Could not open %s: %s\n",
optarg, strerror(errno));
exit(1);
}
- fprintf(conn->debugFile, "pppoe-discovery from pppd %s\n", VERSION);
+ fprintf(debugFile, "pppoe-discovery from pppd %s\n", PPPD_VERSION);
break;
case 'I':
conn->ifName = xstrdup(optarg);
break;
case 'Q':
- conn->printACNames = 0;
+ pppoe_verbose = 0;
break;
case 'V':
case 'h':
}
}
- /* default interface name */
- if (!conn->ifName)
- conn->ifName = strdup("eth0");
+ if (optind != argc) {
+ fprintf(stderr, "%s: extra argument '%s'\n", argv[0], argv[optind]);
+ usage();
+ exit(EXIT_FAILURE);
+ }
+
+ if (!conn->ifName) {
+ fprintf(stderr, "Interface was not specified\n");
+ exit(EXIT_FAILURE);
+ }
- conn->discoverySocket = -1;
conn->sessionSocket = -1;
- discovery(conn);
+ conn->discoverySocket = openInterface(conn->ifName, Eth_PPPOE_Discovery, conn->myEth);
+ if (conn->discoverySocket < 0) {
+ perror("Cannot create PPPoE discovery socket");
+ exit(1);
+ }
+
+ discovery1(conn);
if (!conn->numPADOs)
exit(1);
exit(0);
}
-void fatal(char * fmt, ...)
-{
- va_list ap;
- va_start(ap, fmt);
- vfprintf(stderr, fmt, ap);
- va_end(ap);
- fputc('\n', stderr);
- exit(1);
-}
-
-void fatalSys(char const *str)
-{
- perror(str);
- exit(1);
-}
-
-char *xstrdup(const char *s)
-{
- register char *ret = strdup(s);
- if (!ret)
- fatalSys("strdup");
- return ret;
-}
-
-void usage(void)
+static void
+usage(void)
{
fprintf(stderr, "Usage: pppoe-discovery [options]\n");
fprintf(stderr, "Options:\n");
- fprintf(stderr, " -I if_name -- Specify interface (default eth0)\n");
+ fprintf(stderr, " -I if_name -- Specify interface (mandatory option)\n");
fprintf(stderr, " -D filename -- Log debugging information in filename.\n");
fprintf(stderr,
" -t timeout -- Initial timeout for discovery packets in seconds\n"
" -U -- Use Host-Unique to allow multiple PPPoE sessions.\n"
" -W hexvalue -- Set the Host-Unique to the supplied hex string.\n"
" -h -- Print usage information.\n");
- fprintf(stderr, "\npppoe-discovery from pppd " VERSION "\n");
+ fprintf(stderr, "\npppoe-discovery from pppd " PPPD_VERSION "\n");
}
*
***********************************************************************/
-#include "config.h"
-
#include <stdio.h> /* For FILE */
#include <sys/types.h> /* For pid_t */
#include <ctype.h>
#include <string.h>
-#include "pppd/pppd.h" /* For error */
+#include <pppd/pppd.h> /* For error */
/* How do we access raw Ethernet devices? */
#undef USE_LINUX_PACKET
char *acName; /* Desired AC name, if any */
int synchronous; /* Use synchronous PPP */
PPPoETag hostUniq; /* Use Host-Uniq tag */
- int printACNames; /* Just print AC names */
- FILE *debugFile; /* Debug file for dumping packets */
int numPADOs; /* Number of PADO packets received */
PPPoETag cookie; /* We have to send this if we get it */
PPPoETag relayId; /* Ditto */
int error; /* Error packet received */
- int debug; /* Set to log packets sent and received */
int discoveryTimeout; /* Timeout for discovery packets */
int discoveryAttempts; /* Number of discovery attempts */
int seenMaxPayload;
- int mtu; /* Stored MTU */
- int mru; /* Stored MRU */
+ int storedmtu; /* Stored MTU */
+ int storedmru; /* Stored MRU */
+ int mtu;
+ int mru;
} PPPoEConnection;
/* Structure used to determine acceptable PADO or PADS packet */
int openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr);
int sendPacket(PPPoEConnection *conn, int sock, PPPoEPacket *pkt, int size);
int receivePacket(int sock, PPPoEPacket *pkt, int *size);
-void fatalSys(char const *str);
-void dumpPacket(FILE *fp, PPPoEPacket *packet, char const *dir);
-void dumpHex(FILE *fp, unsigned char const *buf, int len);
int parsePacket(PPPoEPacket *packet, ParseFunc *func, void *extra);
void parseLogErrs(UINT16_t typ, UINT16_t len, unsigned char *data, void *xtra);
void syncReadFromPPP(PPPoEConnection *conn, PPPoEPacket *packet);
void clampMSS(PPPoEPacket *packet, char const *dir, int clampMss);
UINT16_t computeTCPChecksum(unsigned char *ipHdr, unsigned char *tcpHdr);
UINT16_t pppFCS16(UINT16_t fcs, unsigned char *cp, int len);
-void discovery(PPPoEConnection *conn);
+void discovery1(PPPoEConnection *conn);
+void discovery2(PPPoEConnection *conn);
unsigned char *findTag(PPPoEPacket *packet, UINT16_t tagType,
PPPoETag *tag);
+extern int pppoe_verbose;
void pppoe_printpkt(PPPoEPacket *packet,
void (*printer)(void *, char *, ...), void *arg);
void pppoe_log_packet(const char *prefix, PPPoEPacket *packet);
#define NOT_UNICAST(e) ((e[0] & 0x01) != 0)
#define BROADCAST(e) ((e[0] & e[1] & e[2] & e[3] & e[4] & e[5]) == 0xFF)
#define NOT_BROADCAST(e) ((e[0] & e[1] & e[2] & e[3] & e[4] & e[5]) != 0xFF)
+
+#ifndef MIN
+#define MIN(a, b) ((a) < (b)? (a): (b))
+#endif
+#ifndef MAX
+#define MAX(a, b) ((a) > (b)? (a): (b))
+#endif
--- /dev/null
+pppd_plugin_LTLIBRARIES = pppol2tp.la openl2tp.la
+pppd_plugindir = $(PPPD_PLUGIN_DIR)
+
+noinst_HEADERS = \
+ l2tp_event.h
+
+pppol2tp_la_CPPFLAGS = -I${top_srcdir}
+pppol2tp_la_LDFLAGS = -module -avoid-version
+pppol2tp_la_SOURCES = pppol2tp.c
+
+openl2tp_la_CPPFLAGS = -I${top_srcdir}
+openl2tp_la_LDFLAGS = -module -avoid-version
+openl2tp_la_SOURCES = openl2tp.c
+++ /dev/null
-#***********************************************************************
-CROSS_COMPILE=@CROSS_COMPILE@
-CC=$(CROSS_COMPILE)@CC@
-COPTS=@CFLAGS@
-
-DESTDIR = $(INSTROOT)/@DESTDIR@
-LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION)
-
-VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
-
-CFLAGS = $(COPTS) -I. -I../.. -I../../../include -fPIC
-LDFLAGS_SHARED = -shared
-INSTALL = install
-
-PLUGINS := pppol2tp.so openl2tp.so
-
-all: $(PLUGINS)
-
-%.so: %.o
- $(CC) $(CFLAGS) $(LDFLAGS) -o $@ $(LDFLAGS_SHARED) $^ $(LIBS)
-
-install: all
- $(INSTALL) -d -m 755 $(LIBDIR)
- $(INSTALL) -c -m 755 $(PLUGINS) $(LIBDIR)
-
-clean:
- rm -f *.o *.so
-
-%.o: %.c
- $(CC) $(CFLAGS) -c -o $@ $<
#include <string.h>
#include <stdlib.h>
#include <errno.h>
-#include "pppd.h"
-#include "pathnames.h"
-#include "fsm.h"
-#include "lcp.h"
-#include "ccp.h"
-#include "ipcp.h"
+
#include <sys/stat.h>
#include <net/if.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
#include <sys/un.h>
+#include <sys/time.h>
#include <netinet/in.h>
#include <signal.h>
#include <linux/version.h>
#include <linux/sockios.h>
+#include <stdarg.h>
+#include <stdbool.h>
+#include <stdio.h>
+
+#include <pppd/pppd.h>
+#include <pppd/options.h>
+#include <pppd/fsm.h>
+#include <pppd/lcp.h>
+#include <pppd/ccp.h>
+#include <pppd/ipcp.h>
+#include <pppd/multilink.h>
+
#ifndef aligned_u64
/* should be defined in sys/types.h */
#include <linux/types.h>
#include <linux/if_ether.h>
#include <linux/ppp_defs.h>
-#include <linux/if_ppp.h>
#include <linux/if_pppox.h>
#include <linux/if_pppol2tp.h>
uint32_t send_accm, uint32_t recv_accm);
extern void (*pppol2tp_ip_updown_hook)(int tunnel_id, int session_id, int up);
-const char pppd_version[] = VERSION;
+const char pppd_version[] = PPPD_VERSION;
static int openl2tp_fd = -1;
uint32_t recv_accm) = NULL;
static void (*old_pppol2tp_ip_updown_hook)(int tunnel_id, int session_id,
int up) = NULL;
-static void (*old_multilink_join_hook)(void) = NULL;
+#ifdef PPP_WITH_MULTILINK
+static multilink_join_hook_fn *old_multilink_join_hook = NULL;
+#endif
/*****************************************************************************
* OpenL2TP interface.
uint16_t tid = tunnel_id;
uint16_t sid = session_id;
uint8_t state = up;
- int unit = ifunit;
- char *user_name = NULL;
+ int unit = 0;
+ char ifname[MAXNAMELEN];
+ char user_name[MAXNAMELEN];
+
+ unit = ppp_ifunit();
+ ppp_get_ifname(ifname, sizeof(ifname));
if (openl2tp_fd < 0) {
result = openl2tp_client_create();
}
}
- if (peer_authname[0] != '\0') {
- user_name = strdup(peer_authname);
- }
+ if (!ppp_peer_authname(user_name, sizeof(user_name)))
+ user_name[0] = '\0';
msg->msg_signature = OPENL2TP_MSG_SIGNATURE;
msg->msg_type = OPENL2TP_MSG_TYPE_PPP_UPDOWN_IND;
memcpy(&tlv->tlv_value[0], ifname, tlv->tlv_len);
msg->msg_len += sizeof(*tlv) + ALIGN32(tlv->tlv_len);
- if (user_name != NULL) {
+ if (user_name[0] != '\0') {
tlv = (void *) &msg->msg_data[msg->msg_len];
tlv->tlv_type = OPENL2TP_TLV_TYPE_PPP_USER_NAME;
tlv->tlv_len = strlen(user_name) + 1;
(*old_pppol2tp_ip_updown_hook)(tunnel_id, session_id, up);
}
- if (user_name != NULL)
- free(user_name);
-
return;
}
* multilink bundle.
*****************************************************************************/
+#ifdef PPP_WITH_MULTILINK
static void openl2tp_multilink_join_ind(void)
{
- if (doing_multilink && !multilink_master) {
+ if (mp_on() && !mp_master()) {
/* send event only if not master */
openl2tp_ppp_updown_ind(pppol2tp_tunnel_id,
pppol2tp_session_id, 1);
}
}
+#endif
/*****************************************************************************
* Application init
old_pppol2tp_ip_updown_hook = pppol2tp_ip_updown_hook;
pppol2tp_ip_updown_hook = openl2tp_ppp_updown_ind;
+#ifdef PPP_WITH_MULTILINK
old_multilink_join_hook = multilink_join_hook;
multilink_join_hook = openl2tp_multilink_join_ind;
+#endif
}
#include <string.h>
#include <stdlib.h>
#include <errno.h>
-#include "pppd.h"
-#include "pathnames.h"
-#include "fsm.h"
-#include "lcp.h"
-#include "ccp.h"
-#include "ipcp.h"
#include <sys/stat.h>
#include <net/if.h>
#include <sys/ioctl.h>
#include <sys/socket.h>
+#include <sys/time.h>
+#include <sys/types.h>
#include <netinet/in.h>
#include <signal.h>
+#include <stdbool.h>
+#include <stdarg.h>
+#include <stdio.h>
+
#include <linux/version.h>
#include <linux/sockios.h>
+#include <linux/ppp-ioctl.h>
+
#ifndef aligned_u64
/* should be defined in sys/types.h */
#define aligned_u64 unsigned long long __attribute__((aligned(8)))
#endif
+
#include <linux/types.h>
#include <linux/if_ether.h>
#include <linux/ppp_defs.h>
-#include <linux/if_ppp.h>
#include <linux/if_pppox.h>
#include <linux/if_pppol2tp.h>
+#include <pppd/pppd.h>
+#include <pppd/options.h>
+#include <pppd/fsm.h>
+#include <pppd/lcp.h>
+#include <pppd/ccp.h>
+#include <pppd/ipcp.h>
+
+
/* should be added to system's socket.h... */
#ifndef SOL_PPPOL2TP
#define SOL_PPPOL2TP 273
#endif
-const char pppd_version[] = VERSION;
+const char pppd_version[] = PPPD_VERSION;
static int setdevname_pppol2tp(char **argv);
/* Hook provided to allow other plugins to handle IP up/down */
void (*pppol2tp_ip_updown_hook)(int tunnel_id, int session_id, int up) = NULL;
-static option_t pppol2tp_options[] = {
+static struct option pppol2tp_options[] = {
{ "pppol2tp", o_special, &setdevname_pppol2tp,
"FD for PPPoL2TP socket", OPT_DEVNAM | OPT_A2STRVAL,
&pppol2tp_fd_str },
char buffer[128];
struct sockaddr pppol2tp;
} s;
- int len = sizeof(s);
+ socklen_t len = sizeof(s);
char **a;
int tmp;
- int tmp_len = sizeof(tmp);
+ socklen_t tmp_len = sizeof(tmp);
if (device_got_set)
return 0;
- if (!int_option(*argv, &pppol2tp_fd))
+ if (!ppp_int_option(*argv, &pppol2tp_fd))
return 0;
if(getsockname(pppol2tp_fd, (struct sockaddr *)&s, &len) < 0) {
/* Setup option defaults. Compression options are disabled! */
- modem = 0;
+ ppp_set_modem(false);
lcp_allowoptions[0].neg_accompression = 1;
lcp_wantoptions[0].neg_accompression = 0;
}
static void send_config_pppol2tp(int mtu,
- u_int32_t asyncmap,
+ uint32_t asyncmap,
int pcomp,
int accomp)
{
int on = 1;
int fd;
char reorderto[16];
- char tid[8];
- char sid[8];
+ char tid[12];
+ char sid[12];
if (pppol2tp_ifname[0]) {
struct ifreq ifr;
fd = socket(AF_INET, SOCK_DGRAM, 0);
if (fd >= 0) {
memset (&ifr, '\0', sizeof (ifr));
- strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
+ ppp_get_ifname(ifr.ifr_name, sizeof(ifr.ifr_name));
strlcpy(ifr.ifr_newname, pppol2tp_ifname,
sizeof(ifr.ifr_name));
ioctl(fd, SIOCSIFNAME, (caddr_t) &ifr);
- strlcpy(ifname, pppol2tp_ifname, 32);
+ ppp_set_ifname(pppol2tp_ifname);
if (pppol2tp_debug_mask & PPPOL2TP_MSG_CONTROL) {
dbglog("ppp%d: interface name %s",
- ifunit, ifname);
+ ppp_ifunit(), ppp_ifname());
}
}
close(fd);
warn("Overriding mtu %d to %d", mtu, lcp_allowoptions[0].mru);
mtu = lcp_allowoptions[0].mru;
}
- netif_set_mtu(ifunit, mtu);
+ ppp_set_mtu(ppp_ifunit(), mtu);
reorderto[0] = '\0';
if (pppol2tp_reorder_timeout > 0)
sprintf(&reorderto[0], "%d ", pppol2tp_reorder_timeout);
tid[0] = '\0';
if (pppol2tp_tunnel_id > 0)
- sprintf(&tid[0], "%hu ", pppol2tp_tunnel_id);
+ sprintf(&tid[0], "%u ", pppol2tp_tunnel_id);
sid[0] = '\0';
if (pppol2tp_session_id > 0)
- sprintf(&sid[0], "%hu ", pppol2tp_session_id);
+ sprintf(&sid[0], "%u ", pppol2tp_session_id);
dbglog("PPPoL2TP options: %s%s%s%s%s%s%s%s%sdebugmask %d",
pppol2tp_recv_seq ? "recvseq " : "",
}
static void recv_config_pppol2tp(int mru,
- u_int32_t asyncmap,
+ uint32_t asyncmap,
int pcomp,
int accomp)
{
lcp_allowoptions[0].mru);
mru = lcp_allowoptions[0].mru;
}
- if ((ifunit >= 0) && ioctl(pppol2tp_fd, PPPIOCSMRU, (caddr_t) &mru) < 0)
+ if ((ppp_ifunit() >= 0) && ioctl(pppol2tp_fd, PPPIOCSMRU, (caddr_t) &mru) < 0)
error("Couldn't set PPP MRU: %m");
}
{
#if defined(__linux__)
extern int new_style_driver; /* From sys-linux.c */
- if (!ppp_available() && !new_style_driver)
+ if (!ppp_check_kernel_support() && !new_style_driver)
fatal("Kernel doesn't support ppp_generic - "
"needed for PPPoL2TP");
#else
fatal("No PPPoL2TP support on this OS");
#endif
- add_options(pppol2tp_options);
+ ppp_add_options(pppol2tp_options);
/* Hook up ip up/down notifiers to send indicator to openl2tpd
* that the link is up
*/
- add_notifier(&ip_up_notifier, pppol2tp_ip_up, NULL);
- add_notifier(&ip_down_notifier, pppol2tp_ip_down, NULL);
- add_notifier(&ipv6_up_notifier, pppol2tp_ip_up, NULL);
- add_notifier(&ipv6_down_notifier, pppol2tp_ip_down, NULL);
+ ppp_add_notify(NF_IP_UP, pppol2tp_ip_up, NULL);
+ ppp_add_notify(NF_IP_DOWN, pppol2tp_ip_down, NULL);
+#ifdef PPP_WITH_IPV6CP
+ ppp_add_notify(NF_IPV6_UP, pppol2tp_ip_up, NULL);
+ ppp_add_notify(NF_IPV6_DOWN, pppol2tp_ip_down, NULL);
+#endif
}
struct channel pppol2tp_channel = {
- options: pppol2tp_options,
- process_extra_options: NULL,
- check_options: &pppol2tp_check_options,
- connect: &connect_pppol2tp,
- disconnect: &disconnect_pppol2tp,
- establish_ppp: &generic_establish_ppp,
- disestablish_ppp: &generic_disestablish_ppp,
- send_config: &send_config_pppol2tp,
- recv_config: &recv_config_pppol2tp,
- close: NULL,
- cleanup: NULL
+ .options = pppol2tp_options,
+ .process_extra_options = NULL,
+ .check_options = &pppol2tp_check_options,
+ .connect = &connect_pppol2tp,
+ .disconnect = &disconnect_pppol2tp,
+ .establish_ppp = &ppp_generic_establish,
+ .disestablish_ppp = &ppp_generic_disestablish,
+ .send_config = &send_config_pppol2tp,
+ .recv_config = &recv_config_pppol2tp,
+ .close = NULL,
+ .cleanup = NULL
};
--- /dev/null
+pppd_plugin_LTLIBRARIES = radius.la radattr.la radrealms.la
+pppd_plugindir = $(PPPD_PLUGIN_DIR)
+
+noinst_LTLIBRARIES = libradiusclient.la
+dist_man8_MANS = pppd-radius.8 pppd-radattr.8
+noinst_HEADERS = \
+ includes.h \
+ options.h \
+ pathnames.h \
+ radiusclient.h
+
+EXTRA_FILES = \
+ COPYRIGHT
+
+EXTRA_ETC = \
+ etc/dictionary \
+ etc/dictionary.ascend \
+ etc/dictionary.compat \
+ etc/dictionary.merit \
+ etc/dictionary.microsoft \
+ etc/issue \
+ etc/port-id-map \
+ etc/radiusclient.conf \
+ etc/radiusclient.conf.in \
+ etc/realms \
+ etc/servers
+
+RADIUS_CPPFLAGS = -I${top_srcdir} -DRC_LOG_FACILITY=LOG_DAEMON
+RADIUS_LDFLAGS = -module -avoid-version $(LDFLAGS)
+
+radius_la_CPPFLAGS = $(RADIUS_CPPFLAGS)
+radius_la_LDFLAGS = $(RADIUS_LDFLAGS)
+radius_la_SOURCES = radius.c
+radius_la_LIBADD = libradiusclient.la
+
+radattr_la_CPPFLAGS = $(RADIUS_CPPFLAGS)
+radattr_la_LDFLAGS = $(RADIUS_LDFLAGS)
+radattr_la_SOURCES = radattr.c
+
+radrealms_la_CPPFLAGS = $(RADIUS_CPPFLAGS)
+radrealms_la_LDFLAGS = $(RADIUS_LDFLAGS)
+radrealms_la_SOURCES = radrealms.c
+
+libradiusclient_la_SOURCES = \
+ avpair.c buildreq.c config.c dict.c ip_util.c \
+ clientid.c sendserver.c lock.c util.c md5.c
+libradiusclient_la_CPPFLAGS = $(RADIUS_CPPFLAGS) -DSYSCONFDIR=\"${sysconfdir}\"
+
+EXTRA_DIST = \
+ $(EXTRA_FILES) \
+ $(EXTRA_ETC)
+++ /dev/null
-# Makefile for RADIUS plugin
-#
-# Copyright 2002 Roaring Penguin Software Inc.
-#
-
-CROSS_COMPILE=@CROSS_COMPILE@
-CC=$(CROSS_COMPILE)@CC@
-COPTS=@CFLAGS@
-
-DESTDIR = $(INSTROOT)@DESTDIR@
-MANDIR = $(DESTDIR)/share/man/man8
-LIBDIR = $(DESTDIR)/lib/pppd/$(VERSION)
-
-VERSION = $(shell awk -F '"' '/VERSION/ { print $$2; }' ../../patchlevel.h)
-
-INSTALL = install
-
-PLUGIN=radius.so radattr.so radrealms.so
-CFLAGS = $(COPTS) -I. -I../.. -I../../../include -fPIC -DRC_LOG_FACILITY=LOG_DAEMON
-
-# Uncomment the next line to include support for Microsoft's
-# MS-CHAP authentication protocol.
-CHAPMS=y
-# Uncomment the next line to include support for MPPE.
-MPPE=y
-# Uncomment the next lint to include support for traffic limiting
-MAXOCTETS=y
-
-ifdef CHAPMS
-CFLAGS += -DCHAPMS=1
-ifdef MPPE
-CFLAGS += -DMPPE=1
-endif
-endif
-ifdef MAXOCTETS
-CFLAGS += -DMAXOCTETS=1
-endif
-
-all: $(PLUGIN)
-
-install: all
- $(INSTALL) -d -m 755 $(LIBDIR)
- $(INSTALL) -c -m 755 radius.so $(LIBDIR)
- $(INSTALL) -c -m 755 radattr.so $(LIBDIR)
- $(INSTALL) -c -m 755 radrealms.so $(LIBDIR)
- $(INSTALL) -c -m 444 pppd-radius.8 $(MANDIR)
- $(INSTALL) -c -m 444 pppd-radattr.8 $(MANDIR)
-
-radius.so: radius.o libradiusclient.a
- $(CC) $(LDFLAGS) -o radius.so -shared radius.o libradiusclient.a
-
-radattr.so: radattr.o
- $(CC) $(LDFLAGS) -o radattr.so -shared radattr.o
-
-radrealms.so: radrealms.o
- $(CC) $(LDFLAGS) -o radrealms.so -shared radrealms.o
-
-CLIENTOBJS = avpair.o buildreq.o config.o dict.o ip_util.o \
- clientid.o sendserver.o lock.o util.o md5.o
-libradiusclient.a: $(CLIENTOBJS)
- $(AR) rv $@ $?
-
-clean:
- rm -f *.o *.so *.a
-
-distclean:
- rm -f *.o *.so *.a
-
-dist-clean: distclean
*
*/
-VALUE_PAIR *rc_avpair_add (VALUE_PAIR **list, int attrid, void *pval, int len,
+VALUE_PAIR *rc_avpair_add (VALUE_PAIR **list, int attrid, const void *pval, int len,
int vendorcode)
{
VALUE_PAIR *vp;
*
*/
-int rc_avpair_assign (VALUE_PAIR *vp, void *pval, int len)
+int rc_avpair_assign (VALUE_PAIR *vp, const void *pval, int len)
{
int result = -1;
{
case PW_TYPE_STRING:
- if (((len == 0) && (strlen ((char *) pval)) > AUTH_STRING_LEN)
+ if (((len == 0) && (strlen ((const char *) pval)) > AUTH_STRING_LEN)
|| (len > AUTH_STRING_LEN)) {
error("rc_avpair_assign: bad attribute length");
return result;
}
if (len > 0) {
- memcpy(vp->strvalue, (char *)pval, len);
+ memcpy(vp->strvalue, (const char *)pval, len);
vp->strvalue[len] = '\0';
vp->lvalue = len;
} else {
- strncpy (vp->strvalue, (char *) pval, AUTH_STRING_LEN);
- vp->lvalue = strlen((char *) pval);
+ strncpy ((char*) vp->strvalue, (const char *) pval, AUTH_STRING_LEN);
+ vp->lvalue = strlen((const char *) pval);
}
result = 0;
*
*/
-VALUE_PAIR *rc_avpair_new (int attrid, void *pval, int len, int vendorcode)
+VALUE_PAIR *rc_avpair_new (int attrid, const void *pval, int len, int vendorcode)
{
VALUE_PAIR *vp = (VALUE_PAIR *) NULL;
DICT_ATTR *pda;
DICT_ATTR *attr;
VALUE_PAIR *vp;
VALUE_PAIR *pair;
- unsigned char hex[3]; /* For hex string conversion. */
+ char hex[3]; /* For hex string conversion. */
char buffer[512];
/*
else /* look for the "p" entry in the "a" list (or run to end) */
{
this_node = *a;
- while (this_node != (VALUE_PAIR *) NULL)
+ while (this_node->next != (VALUE_PAIR *) NULL)
{
if (this_node == p)
{
{
case PW_TYPE_STRING:
- strcpy (pair->strvalue, valstr);
+ strcpy ((char*) pair->strvalue, valstr);
pair->lvalue = strlen(valstr);
break;
}
else
{
- strncat(value, ptr, 1);
+ strncat(value, (char*) ptr, 1);
lv--;
if (lv < 0) break;
}
{
FILE *sf;
int tries = 1;
- int seq_nbr, pos;
+ int seq_nbr, pos, ret;
char *seqfile = rc_conf_str("seqfile");
if ((sf = fopen(seqfile, "a+")) == NULL)
}
rewind(sf);
- ftruncate(fileno(sf),0);
+ ret = ftruncate(fileno(sf),0);
+ if (ret != 0) {
+ error("rc_get_seqnbr: couldn't truncate sequence file, %m");
+ }
fprintf(sf,"%d\n", (seq_nbr+1) & UCHAR_MAX);
fflush(sf); /* fflush because a process may read it between the do_unlock and fclose */
if ((adt_vp = rc_avpair_add(&(data.send_pairs), PW_ACCT_DELAY_TIME, &dtime.tv_sec, 0, VENDOR_NONE)) == NULL)
return (ERROR_RC);
- get_time(&start_time);
+ ppp_get_time(&start_time);
result = ERROR_RC;
for(i=0; (i<acctserver->max) && (result != OK_RC) && (result != BADRESP_RC)
; i++)
rc_buildreq(&data, PW_ACCOUNTING_REQUEST, acctserver->name[i],
acctserver->port[i], timeout, retries);
- get_time(&dtime);
+ ppp_get_time(&dtime);
dtime.tv_sec -= start_time.tv_sec;
rc_avpair_assign(adt_vp, &dtime.tv_sec, 0);
if ((p = (struct map2id_s *)malloc(sizeof(*p))) == NULL) {
novm("rc_read_mapfile");
+ fclose(mapfd);
return (-1);
}
} else {
error("rc_read_mapfile: malformed line in %s, line %d", filename, lnr);
+ fclose(mapfd);
return (-1);
}
* Returns: port id, zero if no entry found
*/
-UINT4 rc_map2id(char *name)
+UINT4 rc_map2id(const char *name)
{
struct map2id_s *p;
char ttyname[PATH_MAX];
if ((pos = strcspn(p, "\t ")) == 0) {
error("%s: line %d: bogus format: %s", filename, line, p);
+ fclose(configfd);
return (-1);
}
if (option->status != ST_UNDEF) {
error("%s: line %d: duplicate option line: %s", filename, line, p);
+ fclose(configfd);
return (-1);
}
switch (option->type) {
case OT_STR:
- if (set_option_str(filename, line, option, p) < 0)
+ if (set_option_str(filename, line, option, p) < 0) {
+ fclose(configfd);
return (-1);
+ }
break;
case OT_INT:
- if (set_option_int(filename, line, option, p) < 0)
+ if (set_option_int(filename, line, option, p) < 0) {
+ fclose(configfd);
return (-1);
+ }
break;
case OT_SRV:
- if (set_option_srv(filename, line, option, p) < 0)
+ if (set_option_srv(filename, line, option, p) < 0) {
+ fclose(configfd);
return (-1);
+ }
break;
case OT_AUO:
- if (set_option_auo(filename, line, option, p) < 0)
+ if (set_option_auo(filename, line, option, p) < 0) {
+ fclose(configfd);
return (-1);
+ }
break;
default:
fatal("rc_read_config: impossible case branch!");
if (result == 0)
{
memset (buffer, '\0', sizeof (buffer));
- memset (secret, '\0', sizeof (secret));
error("rc_find_server: couldn't find RADIUS server %s in %s",
server_name, rc_conf_str("servers"));
return (-1);
{
type = PW_TYPE_INTEGER;
}
- else if (strcmp (typestr, "ipaddr") == 0)
+ else if (strcmp (typestr, "ipaddr") == 0 || strcmp (typestr, "ipv4addr") == 0)
{
type = PW_TYPE_IPADDR;
}
ATTRIBUTE Acct-Input-Packets 47 integer
ATTRIBUTE Acct-Output-Packets 48 integer
ATTRIBUTE Acct-Terminate-Cause 49 integer
+ATTRIBUTE Acct-Input-Gigawords 52 integer
+ATTRIBUTE Acct-Output-Gigawords 53 integer
ATTRIBUTE Chap-Challenge 60 string
ATTRIBUTE NAS-Port-Type 61 integer
ATTRIBUTE Port-Limit 62 integer
#include <time.h>
-#include "magic.h"
+#include <pppd/magic.h>
/* rlib/lock.c */
int do_lock_exclusive(int);
* Returns: 0 on failure
*/
-UINT4 rc_get_ipaddr (char *host)
+UINT4 rc_get_ipaddr (const char *host)
{
struct hostent *hp;
*
*/
-int rc_good_ipaddr (char *addr)
+int rc_good_ipaddr (const char *addr)
{
int dot_count;
int digit_count;
static UINT4 this_host_ipaddr = 0;
if (!this_host_ipaddr) {
- if ((this_host_ipaddr = rc_get_ipaddr (hostname)) == 0) {
+ if ((this_host_ipaddr = rc_get_ipaddr (ppp_hostname())) == 0) {
error("rc_own_ipaddress: couldn't get own IP address");
return 0;
}
/*
* $Id: md5.c,v 1.1 2004/11/14 07:26:26 paulus Exp $
*/
-#include "md5.h"
+#include <stddef.h>
-void rc_md5_calc (unsigned char *output, unsigned char *input, unsigned int inlen)
+#include <pppd/crypto.h>
+
+int rc_md5_calc(unsigned char *out, const unsigned char *in, unsigned int inl)
{
- MD5_CTX context;
+ int retval = 0;
+ int outl = MD5_DIGEST_LENGTH;
+
+ PPP_MD_CTX *ctx = PPP_MD_CTX_new();
+ if (ctx) {
+
+ if (PPP_DigestInit(ctx, PPP_md5())) {
+
+ if (PPP_DigestUpdate(ctx, in, inl)) {
+
+ if (PPP_DigestFinal(ctx, out, &outl)) {
+
+ retval = 1;
+ }
+ }
+ }
- MD5_Init (&context);
- MD5_Update (&context, input, inlen);
- MD5_Final (output, &context);
+ PPP_MD_CTX_free(ctx);
+ }
+ return retval;
}
#ifndef PATHNAMES_H
#define PATHNAMES_H
-#define _PATH_DEV_URANDOM "/dev/urandom" /* Linux only */
-#define _PATH_ETC_ISSUE "/etc/issue"
+#define PPP_PATH_DEV_URANDOM "/dev/urandom" /* Linux only */
+#define PPP_PATH_ETC_ISSUE "/etc/issue"
/* normally defined in the Makefile */
-#ifndef _PATH_ETC_RADIUSCLIENT_CONF
-#define _PATH_ETC_RADIUSCLIENT_CONF "/etc/radiusclient.conf"
+#ifndef PPP_PATH_ETC_RADIUSCLIENT_CONF
+#define PPP_PATH_ETC_RADIUSCLIENT_CONF SYSCONFDIR "/radiusclient.conf"
#endif
#endif /* PATHNAMES_H */
.I pppN
is the name of the PPP interface. The RADIUS attributes are stored
one per line in the format "Attribute-Name Attribute-Value". This
-format is convenient for use in /etc/ppp/ip-up and /etc/ppp/ip-down
+format is convenient for use in /etc/ppp/ip\-up and /etc/ppp/ip\-down
scripts.
.LP
Note that you
options to pppd.
.SH SEE ALSO
-.BR pppd (8) " pppd-radius" (8)
+.BR pppd (8) " pppd\-radius" (8)
.SH AUTHOR
-David F. Skoll <dfs@roaringpenguin.com>
+Dianne Skoll <dianne@skoll.ca>
.LP
The RADIUS plugin for pppd permits pppd to perform PAP, CHAP, MS-CHAP and
MS-CHAPv2 authentication against a RADIUS server instead of the usual
-.I /etc/ppp/pap-secrets
+.I /etc/ppp/pap\-secrets
and
-.I /etc/ppp/chap-secrets
+.I /etc/ppp/chap\-secrets
files.
.LP
The RADIUS plugin is built on a library called
.SH OPTIONS
The RADIUS plugin introduces one additional pppd option:
.TP
-.BI "radius-config-file " filename
+.BI "radius\-config\-file " filename
The file
.I filename
is taken as the radiusclient configuration file. If this option is not
.BI "avpair " attribute=value
Adds an Attribute-Value pair to be passed on to the RADIUS server on each request.
.TP
-.BI map-to-ifname
+.BI map\-to\-ifname
Sets Radius NAS-Port attribute to number equal to interface name (Default)
.TP
-.BI map-to-ttyname
+.BI map\-to\-ttyname
Sets Radius NAS-Port attribute value via libradiusclient library
.SH USAGE
Framed-IP-Address attribute.
.SH SEE ALSO
-.BR pppd (8) " pppd-radattr" (8)
+.BR pppd (8) " pppd\-radattr" (8)
.SH AUTHOR
-David F. Skoll <dfs@roaringpenguin.com>
+Dianne Skoll <dianne@skoll.ca>
static char const RCSID[] =
"$Id: radattr.c,v 1.2 2004/10/28 00:24:40 paulus Exp $";
-#include "pppd.h"
-#include "radiusclient.h"
#include <stdio.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <stdint.h>
+#include <stdarg.h>
+#include <stdbool.h>
+#include <pppd/pppd.h>
+
+#include "radiusclient.h"
extern void (*radius_attributes_hook)(VALUE_PAIR *);
static void print_attributes(VALUE_PAIR *);
static void cleanup(void *opaque, int arg);
-char pppd_version[] = VERSION;
+char pppd_version[] = PPPD_VERSION;
/**********************************************************************
* %FUNCTION: plugin_init
/* calling cleanup() on link down is problematic because print_attributes()
is called only after PAP or CHAP authentication, but not when the link
should go up again for any other reason */
- add_notifier(&link_down_notifier, cleanup, NULL);
+ ppp_add_notify(NF_LINK_DOWN, cleanup, NULL);
#endif
/* Just in case... */
- add_notifier(&exitnotify, cleanup, NULL);
+ ppp_add_notify(NF_EXIT, cleanup, NULL);
info("RADATTR plugin initialized.");
}
char name[2048];
char value[2048];
int cnt = 0;
+ mode_t old_umask;
- slprintf(fname, sizeof(fname), "/var/run/radattr.%s", ifname);
+ slprintf(fname, sizeof(fname), "/var/run/radattr.%s", ppp_ifname());
+ old_umask = umask(077);
fp = fopen(fname, "w");
+ umask(old_umask);
if (!fp) {
warn("radattr plugin: Could not open %s for writing: %m", fname);
return;
{
char fname[512];
- slprintf(fname, sizeof(fname), "/var/run/radattr.%s", ifname);
+ slprintf(fname, sizeof(fname), "/var/run/radattr.%s", ppp_ifname());
(void) remove(fname);
dbglog("RADATTR plugin removed file %s.", fname);
}
static char const RCSID[] =
"$Id: radius.c,v 1.32 2008/05/26 09:18:08 paulus Exp $";
-#include "pppd.h"
-#include "chap-new.h"
-#ifdef CHAPMS
-#include "chap_ms.h"
-#ifdef MPPE
-#include "md5.h"
-#endif
-#endif
-#include "radiusclient.h"
-#include "fsm.h"
-#include "ipcp.h"
#include <syslog.h>
#include <sys/types.h>
#include <sys/time.h>
+#include <sys/param.h>
#include <string.h>
#include <netinet/in.h>
#include <stdlib.h>
+#include <stdarg.h>
+#include <stdbool.h>
+
+#include <pppd/pppd.h>
+#include <pppd/options.h>
+#include <pppd/chap.h>
+#include <pppd/upap.h>
+#ifdef PPP_WITH_CHAPMS
+#include <pppd/chap_ms.h>
+#ifdef PPP_WITH_MPPE
+#include <pppd/mppe.h>
+#endif
+#endif
+#include <pppd/crypto.h>
+#include <pppd/fsm.h>
+#include <pppd/ipcp.h>
-#define BUF_LEN 1024
+#include "radiusclient.h"
-#define MD5_HASH_SIZE 16
+#define BUF_LEN 1024
#define MSDNS 1
{ NULL }
};
-static int radius_secret_check(void);
-static int radius_pap_auth(char *user,
- char *passwd,
- char **msgp,
- struct wordlist **paddrs,
- struct wordlist **popts);
-static int radius_chap_verify(char *user, char *ourname, int id,
- struct chap_digest_type *digest,
- unsigned char *challenge,
- unsigned char *response,
- char *message, int message_space);
+static pap_check_hook_fn radius_secret_check;
+static pap_auth_hook_fn radius_pap_auth;
+static chap_verify_hook_fn radius_chap_verify;
static void radius_ip_up(void *opaque, int arg);
static void radius_ip_down(void *opaque, int arg);
-static void make_username_realm(char *user);
+static void make_username_realm(const char *user);
static int radius_setparams(VALUE_PAIR *vp, char *msg, REQUEST_INFO *req_info,
struct chap_digest_type *digest,
unsigned char *challenge,
char *message, int message_space);
static void radius_choose_ip(u_int32_t *addrp);
static int radius_init(char *msg);
-static int get_client_port(char *ifname);
+static int get_client_port(const char *ifname);
static int radius_allowed_address(u_int32_t addr);
static void radius_acct_interim(void *);
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
static int radius_setmppekeys(VALUE_PAIR *vp, REQUEST_INFO *req_info,
unsigned char *);
static int radius_setmppekeys2(VALUE_PAIR *vp, REQUEST_INFO *req_info);
#endif
struct radius_state {
- int accounting_started;
int initialized;
int client_port;
int choose_ip;
static struct radius_state rstate;
-char pppd_version[] = VERSION;
+char pppd_version[] = PPPD_VERSION;
/**********************************************************************
* %FUNCTION: plugin_init
ip_choose_hook = radius_choose_ip;
allowed_address_hook = radius_allowed_address;
- add_notifier(&ip_up_notifier, radius_ip_up, NULL);
- add_notifier(&ip_down_notifier, radius_ip_down, NULL);
+ ppp_add_notify(NF_IP_UP, radius_ip_up, NULL);
+ ppp_add_notify(NF_IP_DOWN, radius_ip_down, NULL);
memset(&rstate, 0, sizeof(rstate));
strlcpy(rstate.config_file, "/etc/radiusclient/radiusclient.conf",
sizeof(rstate.config_file));
- add_options(Options);
+ ppp_add_options(Options);
info("RADIUS plugin initialized.");
}
* 1 -- we are ALWAYS willing to supply a secret. :-)
* %DESCRIPTION:
* Tells pppd that we will try to authenticate the peer, and not to
-* worry about looking in /etc/ppp/*-secrets
+* worry about looking in *-secrets file(s)
***********************************************************************/
static int
radius_secret_check(void)
UINT4 av_type;
int result;
static char radius_msg[BUF_LEN];
+ const char *remote_number;
+ const char *ipparam;
radius_msg[0] = 0;
*msgp = radius_msg;
/* Hack... the "port" is the ppp interface number. Should really be
the tty */
- rstate.client_port = get_client_port(portnummap ? devnam : ifname);
+ rstate.client_port = get_client_port(portnummap ? ppp_devnam() : ppp_ifname());
av_type = PW_FRAMED;
rc_avpair_add(&send, PW_SERVICE_TYPE, &av_type, 0, VENDOR_NONE);
rc_avpair_add(&send, PW_USER_NAME, rstate.user , 0, VENDOR_NONE);
rc_avpair_add(&send, PW_USER_PASSWORD, passwd, 0, VENDOR_NONE);
- if (*remote_number) {
+ remote_number = ppp_get_remote_number();
+ ipparam = ppp_ipparam();
+ if (remote_number) {
rc_avpair_add(&send, PW_CALLING_STATION_ID, remote_number, 0,
VENDOR_NONE);
} else if (ipparam)
int result;
int challenge_len, response_len;
u_char cpassword[MAX_RESPONSE_LEN + 1];
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
/* Need the RADIUS secret and Request Authenticator to decode MPPE */
REQUEST_INFO request_info, *req_info = &request_info;
#else
REQUEST_INFO *req_info = NULL;
#endif
+ const char *remote_number;
+ const char *ipparam;
challenge_len = *challenge++;
response_len = *response++;
/* return error for types we can't handle */
if ((digest->code != CHAP_MD5)
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
&& (digest->code != CHAP_MICROSOFT)
&& (digest->code != CHAP_MICROSOFT_V2)
#endif
/* Put user with potentially realm added in rstate.user */
if (!rstate.done_chap_once) {
make_username_realm(user);
- rstate.client_port = get_client_port (portnummap ? devnam : ifname);
+ rstate.client_port = get_client_port (portnummap ? ppp_devnam() : ppp_ifname());
if (radius_pre_auth_hook) {
radius_pre_auth_hook(rstate.user,
&rstate.authserver,
switch (digest->code) {
case CHAP_MD5:
/* CHAP-Challenge and CHAP-Password */
- if (response_len != MD5_HASH_SIZE)
+ if (response_len != MD5_DIGEST_LENGTH)
return 0;
cpassword[0] = id;
- memcpy(&cpassword[1], response, MD5_HASH_SIZE);
+ memcpy(&cpassword[1], response, MD5_DIGEST_LENGTH);
rc_avpair_add(&send, PW_CHAP_CHALLENGE,
challenge, challenge_len, VENDOR_NONE);
rc_avpair_add(&send, PW_CHAP_PASSWORD,
- cpassword, MD5_HASH_SIZE + 1, VENDOR_NONE);
+ cpassword, MD5_DIGEST_LENGTH + 1, VENDOR_NONE);
break;
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
case CHAP_MICROSOFT:
{
/* MS-CHAP-Challenge and MS-CHAP-Response */
#endif
}
- if (*remote_number) {
+ remote_number = ppp_get_remote_number();
+ ipparam = ppp_ipparam();
+ if (remote_number) {
rc_avpair_add(&send, PW_CALLING_STATION_ID, remote_number, 0,
VENDOR_NONE);
} else if (ipparam)
* then the default realm from the radiusclient config file is added.
***********************************************************************/
static void
-make_username_realm(char *user)
+make_username_realm(const char *user)
{
char *default_realm;
{
u_int32_t remote;
int ms_chap2_success = 0;
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
int mppe_enc_keys = 0; /* whether or not these were received */
int mppe_enc_policy = 0;
int mppe_enc_types = 0;
case PW_SESSION_TIMEOUT:
/* Session timeout */
- maxconnect = vp->lvalue;
+ ppp_set_max_connect_time(vp->lvalue);
break;
case PW_FILTER_ID:
/* packet filter, will be handled via ip-(up|down) script */
- script_setenv("RADIUS_FILTER_ID", vp->strvalue, 1);
+ ppp_script_setenv("RADIUS_FILTER_ID", (char*) vp->strvalue, 1);
break;
case PW_FRAMED_ROUTE:
/* route, will be handled via ip-(up|down) script */
- script_setenv("RADIUS_FRAMED_ROUTE", vp->strvalue, 1);
+ ppp_script_setenv("RADIUS_FRAMED_ROUTE", (char*) vp->strvalue, 1);
break;
case PW_IDLE_TIMEOUT:
/* idle parameter */
- idle_time_limit = vp->lvalue;
+ ppp_set_max_idle_time(vp->lvalue);
break;
-#ifdef MAXOCTETS
case PW_SESSION_OCTETS_LIMIT:
/* Session traffic limit */
- maxoctets = vp->lvalue;
+ ppp_set_session_limit(vp->lvalue);
break;
case PW_OCTETS_DIRECTION:
/* Session traffic limit direction check */
- maxoctets_dir = ( vp->lvalue > 4 ) ? 0 : vp->lvalue ;
+ ppp_set_session_limit_dir(vp->lvalue);
break;
-#endif
case PW_ACCT_INTERIM_INTERVAL:
/* Send accounting updates every few seconds */
rstate.acct_interim_interval = vp->lvalue;
} else if (remote != 0xfffffffe) {
/* 0xfffffffe means NAS should select an ip address */
remote = htonl(vp->lvalue);
- if (bad_ip_adrs (remote)) {
+ if (ppp_bad_ip_addr (remote)) {
slprintf(msg, BUF_LEN, "RADIUS: bad remote IP address %I for %s",
remote, rstate.user);
return -1;
break;
case PW_CLASS:
/* Save Class attribute to pass it in accounting request */
- if (vp->lvalue <= MAXCLASSLEN) {
+ // if (vp->lvalue <= MAXCLASSLEN) { // <- Attribute could be this big, but vp->strvalue is limited to AUTH_STRING_LEN characters
+ if (vp->lvalue <= AUTH_STRING_LEN) {
rstate.class_len=vp->lvalue;
memcpy(rstate.class, vp->strvalue, rstate.class_len);
} /* else too big for our buffer - ignore it */
break;
case PW_FRAMED_MTU:
- netif_set_mtu(rstate.client_port,MIN(netif_get_mtu(rstate.client_port),vp->lvalue));
+ ppp_set_mtu(rstate.client_port,MIN(ppp_get_mtu(rstate.client_port),vp->lvalue));
break;
}
} else if (vp->vendorcode == VENDOR_MICROSOFT) {
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
switch (vp->attribute) {
case PW_MS_CHAP2_SUCCESS:
- if ((vp->lvalue != 43) || strncmp(vp->strvalue + 1, "S=", 2)) {
+ if ((vp->lvalue != 43) || strncmp((char*) vp->strvalue + 1, "S=", 2)) {
slprintf(msg,BUF_LEN,"RADIUS: bad MS-CHAP2-Success packet");
return -1;
}
if (message != NULL)
- strlcpy(message, vp->strvalue + 1, message_space);
+ strlcpy(message, (char*) vp->strvalue + 1, message_space);
ms_chap2_success = 1;
break;
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
case PW_MS_CHAP_MPPE_KEYS:
if (radius_setmppekeys(vp, req_info, challenge) < 0) {
slprintf(msg, BUF_LEN,
mppe_enc_types = vp->lvalue; /* save for later */
break;
-#endif /* MPPE */
+#endif /* PPP_WITH_MPPE */
#ifdef MSDNS
case PW_MS_PRIMARY_DNS_SERVER:
ao->dnsaddr[0] = htonl(vp->lvalue);
break;
#endif /* MSDNS */
}
-#endif /* CHAPMS */
+#endif /* PPP_WITH_CHAPMS */
}
vp = vp->next;
}
if (digest && (digest->code == CHAP_MICROSOFT_V2) && !ms_chap2_success)
return -1;
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
/*
* Require both policy and key attributes to indicate a valid key.
* Note that if the policy value was '0' we don't set the key!
*/
if (mppe_enc_policy && mppe_enc_keys) {
- mppe_keys_set = 1;
/* Set/modify allowed encryption types. */
if (mppe_enc_types)
- set_mppe_enc_types(mppe_enc_policy, mppe_enc_types);
+ mppe_set_enc_types(mppe_enc_policy, mppe_enc_types);
+ return 0;
}
+ mppe_clear_keys();
#endif
return 0;
}
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
/**********************************************************************
* %FUNCTION: radius_setmppekeys
* %ARGUMENTS:
unsigned char *challenge)
{
int i;
- MD5_CTX Context;
- u_char plain[32];
- u_char buf[16];
+ int status = 0;
+ PPP_MD_CTX *ctx;
+ unsigned char plain[32];
+ unsigned char buf[MD5_DIGEST_LENGTH];
+ unsigned int buflen;
+
if (vp->lvalue != 32) {
error("RADIUS: Incorrect attribute length (%d) for MS-CHAP-MPPE-Keys",
memcpy(plain, vp->strvalue, sizeof(plain));
- MD5_Init(&Context);
- MD5_Update(&Context, req_info->secret, strlen(req_info->secret));
- MD5_Update(&Context, req_info->request_vector, AUTH_VECTOR_LEN);
- MD5_Final(buf, &Context);
+ ctx = PPP_MD_CTX_new();
+ if (ctx) {
- for (i = 0; i < 16; i++)
- plain[i] ^= buf[i];
+ if (PPP_DigestInit(ctx, PPP_md5())) {
- MD5_Init(&Context);
- MD5_Update(&Context, req_info->secret, strlen(req_info->secret));
- MD5_Update(&Context, vp->strvalue, 16);
- MD5_Final(buf, &Context);
+ if (PPP_DigestUpdate(ctx, req_info->secret, strlen(req_info->secret))) {
- for(i = 0; i < 16; i++)
- plain[i + 16] ^= buf[i];
+ if (PPP_DigestUpdate(ctx, req_info->request_vector, AUTH_VECTOR_LEN)) {
- /*
- * Annoying. The "key" returned is just the NTPasswordHashHash, which
- * the NAS (us) doesn't need; we only need the start key. So we have
- * to generate the start key, sigh. NB: We do not support the LM-Key.
- */
- mppe_set_keys(challenge, &plain[8]);
+ buflen = sizeof(buf);
+ if (PPP_DigestFinal(ctx, buf, &buflen)) {
+
+ status = 1;
+ }
+ }
+ }
+ }
+ PPP_MD_CTX_free(ctx);
+ }
+
+ if (status) {
+
+ for (i = 0; i < MD5_DIGEST_LENGTH; i++) {
+ plain[i] ^= buf[i];
+ }
+
+ status = 0;
+ ctx = PPP_MD_CTX_new();
+ if (ctx) {
- return 0;
+ if (PPP_DigestInit(ctx, PPP_md5())) {
+
+ if (PPP_DigestUpdate(ctx, req_info->secret, strlen(req_info->secret))) {
+
+ if (PPP_DigestUpdate(ctx, vp->strvalue, 16)) {
+
+ buflen = MD5_DIGEST_LENGTH;
+ if (PPP_DigestFinal(ctx, buf, &buflen)) {
+
+ status = 1;
+ }
+ }
+ }
+ }
+ PPP_MD_CTX_free(ctx);
+ }
+
+ if (status) {
+
+ for(i = 0; i < MD5_DIGEST_LENGTH; i++) {
+ plain[i + 16] ^= buf[i];
+ }
+
+ /*
+ * Annoying. The "key" returned is just the NTPasswordHashHash, which
+ * the NAS (us) doesn't need; we only need the start key. So we have
+ * to generate the start key, sigh. NB: We do not support the LM-Key.
+ */
+ mppe_set_chapv1(challenge, &plain[8]);
+ return 0;
+ }
+ }
+
+ return -1;
}
/**********************************************************************
radius_setmppekeys2(VALUE_PAIR *vp, REQUEST_INFO *req_info)
{
int i;
- MD5_CTX Context;
- u_char *salt = vp->strvalue;
- u_char *crypt = vp->strvalue + 2;
- u_char plain[32];
- u_char buf[MD5_HASH_SIZE];
+ int status = 0;
+ PPP_MD_CTX *ctx;
+ unsigned char *salt = vp->strvalue;
+ unsigned char *crypt = vp->strvalue + 2;
+ unsigned char plain[32];
+ unsigned char buf[MD5_DIGEST_LENGTH];
+ unsigned int buflen;
char *type = "Send";
if (vp->attribute == PW_MS_MPPE_RECV_KEY)
memcpy(plain, crypt, 32);
- MD5_Init(&Context);
- MD5_Update(&Context, req_info->secret, strlen(req_info->secret));
- MD5_Update(&Context, req_info->request_vector, AUTH_VECTOR_LEN);
- MD5_Update(&Context, salt, 2);
- MD5_Final(buf, &Context);
+ ctx = PPP_MD_CTX_new();
+ if (!ctx) {
+ error("RADIUS: Error creating PPP_MD_CTX for MS-MPPE-%s-Key attribute", type);
+ return -1;
+ }
+
+ buflen = sizeof(buf);
+ if (!PPP_DigestInit(ctx, PPP_md5())) {
+ error("RADIUS: Error setting hash algorithm to MD5 for MS-MPPE-%s-Key attribute", type);
+ } else if (!PPP_DigestUpdate(ctx, req_info->secret, strlen(req_info->secret))) {
+ error("RADIUS: Error mixing in radius secret for MS-MPPE-%s-Key attribute", type);
+ } else if (!PPP_DigestUpdate(ctx, req_info->request_vector, AUTH_VECTOR_LEN)) {
+ error("RADIUS: Error mixing in request vector for MS-MPPE-%s-Key attribute", type);
+ } else if (!PPP_DigestUpdate(ctx, salt, 2)) {
+ error("RADIUS: Error mixing in salt for MS-MPPE-%s-Key attribute", type);
+ } else if (!PPP_DigestFinal(ctx, buf, &buflen)) {
+ error("RADIUS: Error finalizing key buffer for MS-MPPE-%s-Key attribute", type);
+ } else {
+ status = 1;
+ }
- for (i = 0; i < 16; i++)
+ PPP_MD_CTX_free(ctx);
+
+ if (!status)
+ return -1;
+
+ for (i = 0; i < 16; i++) {
plain[i] ^= buf[i];
+ }
- if (plain[0] != sizeof(mppe_send_key) /* 16 */) {
+ if (plain[0] != 16) {
error("RADIUS: Incorrect key length (%d) for MS-MPPE-%s-Key attribute",
- (int) plain[0], type);
+ (int) plain[0], type);
return -1;
}
- MD5_Init(&Context);
- MD5_Update(&Context, req_info->secret, strlen(req_info->secret));
- MD5_Update(&Context, crypt, 16);
- MD5_Final(buf, &Context);
+ status = 0;
+ ctx = PPP_MD_CTX_new();
+ if (!ctx) {
+ error("RADIUS: Error creating PPP_MD_CTX for MS-MPPE-%s-Key(2) attribute", type);
+ return -1;
+ }
- plain[16] ^= buf[0]; /* only need the first byte */
+ buflen = sizeof(buf);
+
+ if (!PPP_DigestInit(ctx, PPP_md5())) {
+ error("RADIUS: Error setting hash algorithm to MD5 for MS-MPPE-%s-Key(2) attribute", type);
+ } else if (!PPP_DigestUpdate(ctx, req_info->secret, strlen(req_info->secret))) {
+ error("RADIUS: Error mixing in radius secret for MS-MPPE-%s-Key(2) attribute", type);
+ } else if (!PPP_DigestUpdate(ctx, crypt, 16)) {
+ error("RADIUS: Error mixing in crypt vector for MS-MPPE-%s-Key(2) attribute", type);
+ } else if (!PPP_DigestFinal(ctx, buf, &buflen)) {
+ error("RADIUS: Error finalizing key buffer for MS-MPPE-%s-Key(2) attribute", type);
+ } else {
+ status = 1;
+ }
+
+ PPP_MD_CTX_free(ctx);
+
+ if (!status)
+ return -1;
- if (vp->attribute == PW_MS_MPPE_SEND_KEY)
- memcpy(mppe_send_key, plain + 1, 16);
- else
- memcpy(mppe_recv_key, plain + 1, 16);
+ plain[16] ^= buf[0]; /* only need the first byte */
+ if (vp->attribute == PW_MS_MPPE_SEND_KEY) {
+ mppe_set_keys(plain + 1, NULL, 16);
+ } else {
+ mppe_set_keys(NULL, plain + 1, 16);
+ }
return 0;
}
-#endif /* MPPE */
+#endif /* PPP_WITH_MPPE */
/**********************************************************************
* %FUNCTION: radius_acct_start
VALUE_PAIR *send = NULL;
ipcp_options *ho = &ipcp_hisoptions[0];
u_int32_t hisaddr;
+ const char *remote_number;
+ const char *ipparam;
if (!rstate.initialized) {
return;
av_type = PW_PPP;
rc_avpair_add(&send, PW_FRAMED_PROTOCOL, &av_type, 0, VENDOR_NONE);
- if (*remote_number) {
+ remote_number = ppp_get_remote_number();
+ ipparam = ppp_ipparam();
+ if (remote_number) {
rc_avpair_add(&send, PW_CALLING_STATION_ID,
remote_number, 0, VENDOR_NONE);
} else if (ipparam)
rc_avpair_add(&send, PW_ACCT_AUTHENTIC, &av_type, 0, VENDOR_NONE);
- av_type = ( using_pty ? PW_VIRTUAL : ( sync_serial ? PW_SYNC : PW_ASYNC ) );
+ av_type = ( ppp_using_pty() ? PW_VIRTUAL : ( ppp_sync_serial() ? PW_SYNC : PW_ASYNC ) );
rc_avpair_add(&send, PW_NAS_PORT_TYPE, &av_type, 0, VENDOR_NONE);
hisaddr = ho->hisaddr;
/* RADIUS server could be down so make this a warning */
syslog(LOG_WARNING,
"Accounting START failed for %s", rstate.user);
- } else {
- rstate.accounting_started = 1;
- /* Kick off periodic accounting reports */
- if (rstate.acct_interim_interval) {
- TIMEOUT(radius_acct_interim, NULL, rstate.acct_interim_interval);
- }
+ }
+
+ /* Kick off periodic accounting reports */
+ if (rstate.acct_interim_interval) {
+ ppp_timeout(radius_acct_interim, NULL, rstate.acct_interim_interval, 0);
}
}
ipcp_options *ho = &ipcp_hisoptions[0];
u_int32_t hisaddr;
int result;
+ const char *remote_number;
+ const char *ipparam;
+ ppp_link_stats_st stats;
if (!rstate.initialized) {
return;
}
- if (!rstate.accounting_started) {
- return;
- }
-
if (rstate.acct_interim_interval)
- UNTIMEOUT(radius_acct_interim, NULL);
+ ppp_untimeout(radius_acct_interim, NULL);
- rstate.accounting_started = 0;
rc_avpair_add(&send, PW_ACCT_SESSION_ID, rstate.session_id,
0, VENDOR_NONE);
av_type = PW_RADIUS;
rc_avpair_add(&send, PW_ACCT_AUTHENTIC, &av_type, 0, VENDOR_NONE);
+ if (ppp_get_link_stats(&stats)) {
- if (link_stats_valid) {
- av_type = link_connect_time;
+ av_type = ppp_get_link_uptime();
rc_avpair_add(&send, PW_ACCT_SESSION_TIME, &av_type, 0, VENDOR_NONE);
- av_type = link_stats.bytes_out;
+ av_type = stats.bytes_out & 0xFFFFFFFF;
rc_avpair_add(&send, PW_ACCT_OUTPUT_OCTETS, &av_type, 0, VENDOR_NONE);
- av_type = link_stats.bytes_in;
+ if (stats.bytes_out > 0xFFFFFFFF) {
+ av_type = stats.bytes_out >> 32;
+ rc_avpair_add(&send, PW_ACCT_OUTPUT_GIGAWORDS, &av_type, 0, VENDOR_NONE);
+ }
+
+ av_type = stats.bytes_in & 0xFFFFFFFF;
rc_avpair_add(&send, PW_ACCT_INPUT_OCTETS, &av_type, 0, VENDOR_NONE);
- av_type = link_stats.pkts_out;
+ if (stats.bytes_in > 0xFFFFFFFF) {
+ av_type = stats.bytes_in >> 32;
+ rc_avpair_add(&send, PW_ACCT_INPUT_GIGAWORDS, &av_type, 0, VENDOR_NONE);
+ }
+
+ av_type = stats.pkts_out;
rc_avpair_add(&send, PW_ACCT_OUTPUT_PACKETS, &av_type, 0, VENDOR_NONE);
- av_type = link_stats.pkts_in;
+ av_type = stats.pkts_in;
rc_avpair_add(&send, PW_ACCT_INPUT_PACKETS, &av_type, 0, VENDOR_NONE);
}
- if (*remote_number) {
+ remote_number = ppp_get_remote_number();
+ ipparam = ppp_ipparam();
+ if (remote_number) {
rc_avpair_add(&send, PW_CALLING_STATION_ID,
remote_number, 0, VENDOR_NONE);
} else if (ipparam)
rc_avpair_add(&send, PW_CALLING_STATION_ID, ipparam, 0, VENDOR_NONE);
- av_type = ( using_pty ? PW_VIRTUAL : ( sync_serial ? PW_SYNC : PW_ASYNC ) );
+ av_type = ( ppp_using_pty() ? PW_VIRTUAL : ( ppp_sync_serial() ? PW_SYNC : PW_ASYNC ) );
rc_avpair_add(&send, PW_NAS_PORT_TYPE, &av_type, 0, VENDOR_NONE);
av_type = PW_NAS_ERROR;
- switch( status ) {
+ switch( ppp_status() ) {
case EXIT_OK:
- case EXIT_USER_REQUEST:
av_type = PW_USER_REQUEST;
break;
+ case EXIT_USER_REQUEST:
+ av_type = PW_ADMIN_RESET;
+ break;
+
case EXIT_HANGUP:
case EXIT_PEER_DEAD:
case EXIT_CONNECT_FAILED:
av_type = PW_ACCT_SESSION_TIMEOUT;
break;
-#ifdef MAXOCTETS
case EXIT_TRAFFIC_LIMIT:
av_type = PW_NAS_REQUEST;
break;
-#endif
default:
av_type = PW_NAS_ERROR;
ipcp_options *ho = &ipcp_hisoptions[0];
u_int32_t hisaddr;
int result;
+ const char *remote_number;
+ const char *ipparam;
+ ppp_link_stats_st stats;
if (!rstate.initialized) {
return;
}
- if (!rstate.accounting_started) {
- return;
- }
-
rc_avpair_add(&send, PW_ACCT_SESSION_ID, rstate.session_id,
0, VENDOR_NONE);
av_type = PW_RADIUS;
rc_avpair_add(&send, PW_ACCT_AUTHENTIC, &av_type, 0, VENDOR_NONE);
- /* Update link stats */
- update_link_stats(0);
-
- if (link_stats_valid) {
- link_stats_valid = 0; /* Force later code to update */
+ if (ppp_get_link_stats(&stats)) {
- av_type = link_connect_time;
+ av_type = ppp_get_link_uptime();
rc_avpair_add(&send, PW_ACCT_SESSION_TIME, &av_type, 0, VENDOR_NONE);
- av_type = link_stats.bytes_out;
+ av_type = stats.bytes_out & 0xFFFFFFFF;
rc_avpair_add(&send, PW_ACCT_OUTPUT_OCTETS, &av_type, 0, VENDOR_NONE);
- av_type = link_stats.bytes_in;
+ if (stats.bytes_out > 0xFFFFFFFF) {
+ av_type = stats.bytes_out >> 32;
+ rc_avpair_add(&send, PW_ACCT_OUTPUT_GIGAWORDS, &av_type, 0, VENDOR_NONE);
+ }
+
+ av_type = stats.bytes_in & 0xFFFFFFFF;
rc_avpair_add(&send, PW_ACCT_INPUT_OCTETS, &av_type, 0, VENDOR_NONE);
- av_type = link_stats.pkts_out;
+ if (stats.bytes_in > 0xFFFFFFFF) {
+ av_type = stats.bytes_in >> 32;
+ rc_avpair_add(&send, PW_ACCT_INPUT_GIGAWORDS, &av_type, 0, VENDOR_NONE);
+ }
+
+ av_type = stats.pkts_out;
rc_avpair_add(&send, PW_ACCT_OUTPUT_PACKETS, &av_type, 0, VENDOR_NONE);
- av_type = link_stats.pkts_in;
+ av_type = stats.pkts_in;
rc_avpair_add(&send, PW_ACCT_INPUT_PACKETS, &av_type, 0, VENDOR_NONE);
}
- if (*remote_number) {
+ remote_number = ppp_get_remote_number();
+ ipparam = ppp_ipparam();
+ if (remote_number) {
rc_avpair_add(&send, PW_CALLING_STATION_ID,
remote_number, 0, VENDOR_NONE);
} else if (ipparam)
rc_avpair_add(&send, PW_CALLING_STATION_ID, ipparam, 0, VENDOR_NONE);
- av_type = ( using_pty ? PW_VIRTUAL : ( sync_serial ? PW_SYNC : PW_ASYNC ) );
+ av_type = ( ppp_using_pty() ? PW_VIRTUAL : ( ppp_sync_serial() ? PW_SYNC : PW_ASYNC ) );
rc_avpair_add(&send, PW_NAS_PORT_TYPE, &av_type, 0, VENDOR_NONE);
hisaddr = ho->hisaddr;
rc_avpair_free(send);
/* Schedule another one */
- TIMEOUT(radius_acct_interim, NULL, rstate.acct_interim_interval);
+ ppp_timeout(radius_acct_interim, NULL, rstate.acct_interim_interval, 0);
}
/**********************************************************************
* Extracts the port number from the interface name
***********************************************************************/
static int
-get_client_port(char *ifname)
+get_client_port(const char *ifname)
{
int port;
if (sscanf(ifname, "ppp%d", &port) == 1) {
#ifndef RADIUSCLIENT_H
#define RADIUSCLIENT_H
-#include <sys/types.h>
-#include <stdio.h>
-#include <time.h>
-#include "pppd.h"
+#include <sys/types.h>
+#include <stdio.h>
+#include <time.h>
+#include <stdbool.h>
+
+#include <pppd/pppd.h>
+#include <pppd/options.h>
#ifndef _UINT4_T
/* This works for all machines that Linux runs on... */
#define PW_ACCT_LINK_COUNT 51 /* integer */
/* From RFC 2869 */
+#define PW_ACCT_INPUT_GIGAWORDS 52 /* integer */
+#define PW_ACCT_OUTPUT_GIGAWORDS 53 /* integer */
#define PW_ACCT_INTERIM_INTERVAL 85 /* integer */
/* Merit Experimental Extensions */
/* avpair.c */
-VALUE_PAIR *rc_avpair_add(VALUE_PAIR **, int, void *, int, int);
-int rc_avpair_assign(VALUE_PAIR *, void *, int);
-VALUE_PAIR *rc_avpair_new(int, void *, int, int);
+VALUE_PAIR *rc_avpair_add(VALUE_PAIR **, int, const void *, int, int);
+int rc_avpair_assign(VALUE_PAIR *, const void *, int);
+VALUE_PAIR *rc_avpair_new(int, const void *, int, int);
VALUE_PAIR *rc_avpair_gen(AUTH_HDR *);
VALUE_PAIR *rc_avpair_get(VALUE_PAIR *, UINT4);
VALUE_PAIR *rc_avpair_copy(VALUE_PAIR *);
/* clientid.c */
int rc_read_mapfile(char *);
-UINT4 rc_map2id(char *);
+UINT4 rc_map2id(const char *);
/* config.c */
/* ip_util.c */
-UINT4 rc_get_ipaddr(char *);
-int rc_good_ipaddr(char *);
+UINT4 rc_get_ipaddr(const char *);
+int rc_good_ipaddr(const char *);
const char *rc_ip_hostname(UINT4);
UINT4 rc_own_ipaddress(void);
UINT4 rc_own_bind_ipaddress(void);
/* md5.c */
-void rc_md5_calc(unsigned char *, unsigned char *, unsigned int);
+int rc_md5_calc(unsigned char *out, const unsigned char *in, unsigned int inl);
#endif /* RADIUSCLIENT_H */
static char const RCSID[] =
"$Id: radrealms.c,v 1.2 2004/11/14 07:26:26 paulus Exp $";
-#include "pppd.h"
-#include "radiusclient.h"
#include <stdio.h>
#include <string.h>
#include <stdlib.h>
+#include <sys/param.h>
+#include <stdbool.h>
+#include <stdint.h>
+#include <stdarg.h>
+#include <sys/types.h>
+
+#include <pppd/pppd.h>
+
+#include "radiusclient.h"
-char pppd_version[] = VERSION;
+char pppd_version[] = PPPD_VERSION;
char radrealms_config[MAXPATHLEN] = "/etc/radiusclient/realms";
}
if ((fd = fopen(radrealms_config, "r")) == NULL) {
- option_error("cannot open %s", radrealms_config);
+ ppp_option_error("cannot open %s", radrealms_config);
free(auths);
free(accts);
return;
if (p == NULL || (strcmp(p, "authserver") !=0
&& strcmp(p, "acctserver"))) {
fclose(fd);
- option_error("%s: invalid line %d: %s", radrealms_config,
+ ppp_option_error("%s: invalid line %d: %s", radrealms_config,
line, buffer);
free(auths);
free(accts);
if ((p = strtok(NULL, "\t ")) == NULL) {
fclose(fd);
- option_error("%s: realm name missing on line %d: %s",
+ ppp_option_error("%s: realm name missing on line %d: %s",
radrealms_config, line, buffer);
free(auths);
free(accts);
info(" - Matched realm %s", p);
if ((p = strtok(NULL, ":")) == NULL) {
fclose(fd);
- option_error("%s: server address missing on line %d: %s",
+ ppp_option_error("%s: server address missing on line %d: %s",
radrealms_config, line, buffer);
free(auths);
free(accts);
info(" - Address is '%s'",p);
if ((p = strtok(NULL, "\t ")) == NULL) {
fclose(fd);
- option_error("%s: server port missing on line %d: %s",
+ ppp_option_error("%s: server port missing on line %d: %s",
radrealms_config, line, buffer);
free(auths);
free(accts);
if (accts->max)
*acctserver = accts;
+ else
+ free(accts);
if (auths->max)
*authserver = auths;
+ else
+ free(auths);
return;
}
{
radius_pre_auth_hook = lookup_realm;
- add_options(Options);
+ ppp_add_options(Options);
info("RADIUS Realms plugin initialized.");
}
#include <includes.h>
#include <radiusclient.h>
#include <pathnames.h>
+#include <signal.h>
static void rc_random_vector (unsigned char *);
static int rc_check_reply (AUTH_HDR *, int, char *, unsigned char *, unsigned char);
memcpy ((char *) passbuf, vp->strvalue, (size_t) length);
secretlen = strlen (secret);
- vector = (char *)auth->vector;
+ vector = auth->vector;
for(i = 0; i < padded_length; i += AUTH_VECTOR_LEN) {
/* Calculate the MD5 digest*/
strcpy ((char *) md5buf, secret);
AUTH_HDR *auth, *recv_auth;
UINT4 auth_ipaddr;
char *server_name; /* Name of server to query */
- int salen;
+ socklen_t salen;
int result;
int total_length;
- int length;
+ socklen_t length;
int retry_max;
int secretlen;
char secret[MAX_SECRET_LENGTH + 1];
{
if (rc_find_server (server_name, &auth_ipaddr, secret) != 0)
{
+ memset (secret, '\0', sizeof (secret));
return (ERROR_RC);
}
}
memset((char *) auth->vector, 0, AUTH_VECTOR_LEN);
secretlen = strlen (secret);
memcpy ((char *) auth + total_length, secret, secretlen);
- rc_md5_calc (vector, (char *) auth, total_length + secretlen);
+ rc_md5_calc (vector, (unsigned char *) auth, total_length + secretlen);
memcpy ((char *) auth->vector, (char *) vector, AUTH_VECTOR_LEN);
}
else
FD_SET (sockfd, &readfds);
if (select (sockfd + 1, &readfds, NULL, NULL, &authtime) < 0)
{
- if (errno == EINTR && !got_sigterm)
+ if (errno == EINTR && !ppp_signaled(SIGTERM))
continue;
error("rc_send_server: select: %m");
memset (secret, '\0', sizeof (secret));
{
if ((vp = rc_avpair_get(vp, PW_REPLY_MESSAGE)))
{
- strcat(msg, vp->strvalue);
+ strcat(msg, (char*) vp->strvalue);
strcat(msg, "\n");
vp = vp->next;
}
memcpy ((char *) reply_digest, (char *) auth->vector, AUTH_VECTOR_LEN);
memcpy ((char *) auth->vector, (char *) vector, AUTH_VECTOR_LEN);
memcpy ((char *) auth + totallen, secret, secretlen);
- rc_md5_calc (calc_digest, (char *) auth, totallen + secretlen);
+ rc_md5_calc (calc_digest, (unsigned char *) auth, totallen + secretlen);
#ifdef DIGEST_DEBUG
{
we use /dev/urandom here, as /dev/random might block and we don't
need that much randomness. BTW, great idea, Ted! -lf, 03/18/95 */
- if ((fd = open(_PATH_DEV_URANDOM, O_RDONLY)) >= 0)
+ if ((fd = open(PPP_PATH_DEV_URANDOM, O_RDONLY)) >= 0)
{
unsigned char *pos;
int readcount;
{
static char buf[32];
static unsigned short int cnt = 0;
- slprintf(buf, sizeof(buf), "%08lX%04X%02hX",
+ snprintf(buf, sizeof(buf), "%08lX%04X%02hX",
(unsigned long int) time (NULL),
(unsigned int) getpid (),
- cnt & 0xFF);
+ (unsigned short) (cnt & 0xFF));
cnt++;
return buf;
}
*
***********************************************************************/
-#include "pppd.h"
-#include "chap-new.h"
-#include "chap_ms.h"
-#ifdef MPPE
-#include "md5.h"
-#endif
-#include "fsm.h"
-#include "ipcp.h"
#include <syslog.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <stdlib.h>
#include <errno.h>
#include <ctype.h>
+#include <stdbool.h>
+#include <stdarg.h>
+#include <stdint.h>
+#include <stdio.h>
+
+#include <pppd/pppd.h>
+#include <pppd/options.h>
+#include <pppd/chap.h>
+#include <pppd/chap_ms.h>
+#include <pppd/upap.h>
+#include <pppd/fsm.h>
+#include <pppd/ipcp.h>
+#include <pppd/mppe.h>
+#include <pppd/crypto.h>
#define BUF_LEN 1024
p = argv[0];
if (p[0] != '/') {
- option_error("ntlm_auth-helper argument must be full path");
+ ppp_option_error("ntlm_auth-helper argument must be full path");
return 0;
}
p = strdup(p);
return 1;
}
-static option_t Options[] = {
+static struct option Options[] = {
{ "ntlm_auth-helper", o_special, (void *) &set_ntlm_auth,
"Path to ntlm_auth executable", OPT_PRIV },
{ NULL }
};
-static int
-winbind_secret_check(void);
-
-static int winbind_pap_auth(char *user,
- char *passwd,
- char **msgp,
- struct wordlist **paddrs,
- struct wordlist **popts);
-static int winbind_chap_verify(char *user, char *ourname, int id,
- struct chap_digest_type *digest,
- unsigned char *challenge,
- unsigned char *response,
- char *message, int message_space);
-static int winbind_allowed_address(u_int32_t addr);
-
-char pppd_version[] = VERSION;
+static pap_check_hook_fn winbind_secret_check;
+static pap_auth_hook_fn winbind_pap_auth;
+static chap_verify_hook_fn winbind_chap_verify;
+static int winbind_allowed_address(uint32_t addr);
+
+char pppd_version[] = PPPD_VERSION;
/**********************************************************************
* %FUNCTION: plugin_init
/* Don't ask the peer for anything other than MS-CHAP or MS-CHAP V2 */
chap_mdtype_all &= (MDTYPE_MICROSOFT_V2 | MDTYPE_MICROSOFT);
- add_options(Options);
+ ppp_add_options(Options);
info("WINBIND plugin initialized.");
}
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
-size_t strhex_to_str(char *p, size_t len, const char *strhex)
+size_t strhex_to_str(unsigned char *p, size_t len, const char *strhex)
{
size_t i;
size_t num_chars = 0;
return NOT_AUTHENTICATED;
}
- forkret = safe_fork(child_in[0], child_out[1], 2);
+ forkret = ppp_safe_fork(child_in[0], child_out[1], 2);
if (forkret == -1) {
if (error_string) {
*error_string = strdup("fork failed!");
if (forkret == 0) {
/* child process */
uid_t uid;
+ gid_t gid;
close(child_out[0]);
close(child_in[1]);
/* run winbind as the user that invoked pppd */
- setgid(getgid());
+ gid = getgid();
+ if (setgid(gid) == -1 || getgid() != gid) {
+ fatal("pppd/winbind: could not setgid to %d: %m", gid);
+ }
uid = getuid();
- if (setuid(uid) == -1 || getuid() != uid)
+ if (setuid(uid) == -1 || getuid() != uid) {
fatal("pppd/winbind: could not setuid to %d: %m", uid);
+ }
execl("/bin/sh", "sh", "-c", ntlm_auth, NULL);
fatal("pppd/winbind: could not exec /bin/sh: %m");
}
return NOT_AUTHENTICATED;
}
- while ((wait(&status) == -1) && errno == EINTR && !got_sigterm)
+ while ((wait(&status) == -1) && errno == EINTR && !ppp_signaled(SIGTERM))
;
if ((authenticated == AUTHENTICATED) && nt_key && !got_user_session_key) {
int challenge_len, response_len;
char domainname[256];
char *domain;
- char *username;
+ const char *username;
char *p;
- char saresponse[MS_AUTH_RESPONSE_LENGTH+1];
+ unsigned char saresponse[MS_AUTH_RESPONSE_LENGTH+1];
/* The first byte of each of these strings contains their length */
challenge_len = *challenge++;
u_char *lm_response = NULL;
int nt_response_size = 0;
int lm_response_size = 0;
- u_char session_key[16];
+ u_char session_key[MD4_DIGEST_LENGTH];
if (response_len != MS_CHAP_RESPONSE_LEN)
break; /* not even the right length */
nt_response = &response[MS_CHAP_NTRESP];
nt_response_size = MS_CHAP_NTRESP_LEN;
} else {
-#ifdef MSLANMAN
+#ifdef PPP_WITH_MSLANMAN
lm_response = &response[MS_CHAP_LANMANRESP];
lm_response_size = MS_CHAP_LANMANRESP_LEN;
#else
/* Should really propagate this into the error packet. */
notice("Peer request for LANMAN auth not supported");
return NOT_AUTHENTICATED;
-#endif /* MSLANMAN */
+#endif /* PPP_WITH_MSLANMAN */
}
/* ship off to winbind, and check */
nt_response, nt_response_size,
session_key,
&error_string) == AUTHENTICATED) {
- mppe_set_keys(challenge, session_key);
+#ifdef PPP_WITH_MPPE
+ mppe_set_chapv1(challenge, session_key);
+#endif
slprintf(message, message_space, "Access granted");
return AUTHENTICATED;
case CHAP_MICROSOFT_V2:
{
u_char Challenge[8];
- u_char session_key[MD4_SIGNATURE_SIZE];
+ u_char session_key[MD4_DIGEST_LENGTH];
char *error_string = NULL;
if (response_len != MS_CHAP2_RESPONSE_LEN)
&response[MS_CHAP2_NTRESP],
&response[MS_CHAP2_PEER_CHALLENGE],
challenge, user, saresponse);
- mppe_set_keys2(session_key, &response[MS_CHAP2_NTRESP],
+#ifdef PPP_WITH_MPPE
+ mppe_set_chapv2(session_key, &response[MS_CHAP2_NTRESP],
MS_CHAP2_AUTHENTICATOR);
+#endif
if (response[MS_CHAP2_FLAGS]) {
slprintf(message, message_space, "S=%s", saresponse);
} else {
}
static int
-winbind_allowed_address(u_int32_t addr)
+winbind_allowed_address(uint32_t addr)
{
ipcp_options *wo = &ipcp_wantoptions[0];
if (wo->hisaddr !=0 && wo->hisaddr == addr) {
--- /dev/null
+/*
+ * ppp-des.c - PPP/DES implementation for MS-CHAP and EAP SRP-SHA1
+ *
+ * Extracted from chap_ms.c by James Carlson.
+ * Added abstraction via PPP_Digest* callbacks by Eivind Næss
+ *
+ * Copyright (c) 1995 Eric Rosenquist. All rights reserved.
+ * Copyright (c) 2022 Eivind Næss. All rights reserved.
+ * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sections of this code holds different copyright information.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <stddef.h>
+#include <stdlib.h>
+#include <string.h>
+
+#include "crypto-priv.h"
+
+#ifdef OPENSSL_HAVE_DES
+
+#include <openssl/evp.h>
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define EVP_CIPHER_CTX_reset EVP_CIPHER_CTX_cleanup
+#endif
+
+static int des_init(PPP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv)
+{
+ if (ctx) {
+ EVP_CIPHER_CTX *cc = EVP_CIPHER_CTX_new();
+ if (cc) {
+
+ if (key) {
+ memcpy(ctx->key, key, 8);
+ }
+ if (iv) {
+ memcpy(ctx->iv, iv, 8);
+ }
+
+ if (EVP_CipherInit(cc, EVP_des_ecb(), ctx->key, ctx->iv, ctx->is_encr)) {
+
+ if (EVP_CIPHER_CTX_set_padding(cc, 0)) {
+ ctx->priv = cc;
+ return 1;
+ }
+ }
+
+ EVP_CIPHER_CTX_free(cc);
+ }
+ }
+ return 0;
+}
+
+static int des_update(PPP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl)
+{
+ if (ctx) {
+ return EVP_CipherUpdate((EVP_CIPHER_CTX*) ctx->priv, out, outl, in, inl);
+ }
+ return 0;
+}
+
+static int des_final(PPP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+ if (ctx) {
+ return EVP_CipherFinal((EVP_CIPHER_CTX*) ctx->priv, out, outl);
+ }
+ return 0;
+}
+
+static void des_clean(PPP_CIPHER_CTX *ctx)
+{
+ if (ctx->priv) {
+ EVP_CIPHER_CTX_free((EVP_CIPHER_CTX*) ctx->priv);
+ ctx->priv = NULL;
+ }
+}
+
+#else
+
+/*
+ * DES related functions are imported from openssl 3.0 project with the
+ * follwoing license:
+ *
+ * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+typedef unsigned int DES_LONG;
+typedef unsigned char DES_cblock[8];
+typedef struct DES_ks {
+ union {
+ DES_cblock cblock;
+ /*
+ * make sure things are correct size on machines with 8 byte longs
+ */
+ DES_LONG deslong[2];
+ } ks[16];
+} DES_key_schedule;
+
+
+#define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \
+ l|=((DES_LONG)(*((c)++)))<< 8L, \
+ l|=((DES_LONG)(*((c)++)))<<16L, \
+ l|=((DES_LONG)(*((c)++)))<<24L)
+
+# define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \
+ *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>16L)&0xff), \
+ *((c)++)=(unsigned char)(((l)>>24L)&0xff))
+
+#define ITERATIONS 16
+
+#define ROTATE(a,n) (((a)>>(n))+((a)<<(32-(n))))
+
+# define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\
+ (b)^=(t),\
+ (a)^=((t)<<(n)))
+
+#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\
+ (a)=(a)^(t)^(t>>(16-(n))))
+
+# define IP(l,r) \
+ { \
+ register DES_LONG tt; \
+ PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \
+ PERM_OP(l,r,tt,16,0x0000ffffL); \
+ PERM_OP(r,l,tt, 2,0x33333333L); \
+ PERM_OP(l,r,tt, 8,0x00ff00ffL); \
+ PERM_OP(r,l,tt, 1,0x55555555L); \
+ }
+
+# define FP(l,r) \
+ { \
+ register DES_LONG tt; \
+ PERM_OP(l,r,tt, 1,0x55555555L); \
+ PERM_OP(r,l,tt, 8,0x00ff00ffL); \
+ PERM_OP(l,r,tt, 2,0x33333333L); \
+ PERM_OP(r,l,tt,16,0x0000ffffL); \
+ PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \
+ }
+
+#define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g)
+#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \
+ u=R^s[S ]; \
+ t=R^s[S+1]
+
+#define D_ENCRYPT(LL,R,S) { \
+ LOAD_DATA_tmp(R,S,u,t,E0,E1); \
+ t=ROTATE(t,4); \
+ LL^= \
+ DES_SPtrans[0][(u>> 2L)&0x3f]^ \
+ DES_SPtrans[2][(u>>10L)&0x3f]^ \
+ DES_SPtrans[4][(u>>18L)&0x3f]^ \
+ DES_SPtrans[6][(u>>26L)&0x3f]^ \
+ DES_SPtrans[1][(t>> 2L)&0x3f]^ \
+ DES_SPtrans[3][(t>>10L)&0x3f]^ \
+ DES_SPtrans[5][(t>>18L)&0x3f]^ \
+ DES_SPtrans[7][(t>>26L)&0x3f]; }
+
+
+static const DES_LONG DES_SPtrans[8][64] = {
+ {
+ /* nibble 0 */
+ 0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L,
+ 0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L,
+ 0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L,
+ 0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L,
+ 0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L,
+ 0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L,
+ 0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L,
+ 0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L,
+ 0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L,
+ 0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L,
+ 0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L,
+ 0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L,
+ 0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L,
+ 0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L,
+ 0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L,
+ 0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L,
+ },
+ {
+ /* nibble 1 */
+ 0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L,
+ 0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L,
+ 0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L,
+ 0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L,
+ 0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L,
+ 0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L,
+ 0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L,
+ 0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L,
+ 0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L,
+ 0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L,
+ 0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L,
+ 0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L,
+ 0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L,
+ 0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L,
+ 0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L,
+ 0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L,
+ },
+ {
+ /* nibble 2 */
+ 0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L,
+ 0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L,
+ 0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L,
+ 0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L,
+ 0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L,
+ 0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L,
+ 0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L,
+ 0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L,
+ 0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L,
+ 0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L,
+ 0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L,
+ 0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L,
+ 0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L,
+ 0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L,
+ 0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L,
+ 0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L,
+ },
+ {
+ /* nibble 3 */
+ 0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L,
+ 0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L,
+ 0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L,
+ 0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L,
+ 0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L,
+ 0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L,
+ 0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L,
+ 0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L,
+ 0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L,
+ 0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L,
+ 0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L,
+ 0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L,
+ 0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L,
+ 0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L,
+ 0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L,
+ 0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L,
+ },
+ {
+ /* nibble 4 */
+ 0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L,
+ 0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L,
+ 0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L,
+ 0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L,
+ 0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L,
+ 0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L,
+ 0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L,
+ 0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L,
+ 0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L,
+ 0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L,
+ 0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L,
+ 0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L,
+ 0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L,
+ 0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L,
+ 0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L,
+ 0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L,
+ },
+ {
+ /* nibble 5 */
+ 0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L,
+ 0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L,
+ 0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L,
+ 0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L,
+ 0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L,
+ 0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L,
+ 0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L,
+ 0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L,
+ 0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L,
+ 0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L,
+ 0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L,
+ 0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L,
+ 0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L,
+ 0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L,
+ 0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L,
+ 0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L,
+ },
+ {
+ /* nibble 6 */
+ 0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L,
+ 0x01004204L, 0x00004004L, 0x00004200L, 0x00000000L,
+ 0x01000000L, 0x01000204L, 0x00000204L, 0x01004000L,
+ 0x00000004L, 0x01004200L, 0x01004000L, 0x00000204L,
+ 0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L,
+ 0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L,
+ 0x01004004L, 0x00004204L, 0x01004200L, 0x00000004L,
+ 0x00004204L, 0x01004004L, 0x00000200L, 0x01000000L,
+ 0x00004204L, 0x01004000L, 0x01004004L, 0x00000204L,
+ 0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L,
+ 0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L,
+ 0x00000200L, 0x01000004L, 0x00000004L, 0x01000200L,
+ 0x00000000L, 0x01000204L, 0x01000200L, 0x00004200L,
+ 0x00000204L, 0x00004000L, 0x01004204L, 0x01000000L,
+ 0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L,
+ 0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L,
+ },
+ {
+ /* nibble 7 */
+ 0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L,
+ 0x20020000L, 0x00800080L, 0x20800000L, 0x20820080L,
+ 0x00000080L, 0x20000000L, 0x00820000L, 0x00020080L,
+ 0x00820080L, 0x20020080L, 0x20000080L, 0x20800000L,
+ 0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L,
+ 0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L,
+ 0x20000000L, 0x00800000L, 0x20020080L, 0x20800080L,
+ 0x00800000L, 0x00020000L, 0x20820000L, 0x00000080L,
+ 0x00800000L, 0x00020000L, 0x20000080L, 0x20820080L,
+ 0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L,
+ 0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L,
+ 0x20820000L, 0x00000080L, 0x00800080L, 0x20020000L,
+ 0x20820080L, 0x00800000L, 0x20800000L, 0x20000080L,
+ 0x00820000L, 0x00020080L, 0x20020080L, 0x20800000L,
+ 0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L,
+ 0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L,
+ }
+};
+
+static const DES_LONG des_skb[8][64] = {
+ {
+ /* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
+ 0x00000000L, 0x00000010L, 0x20000000L, 0x20000010L,
+ 0x00010000L, 0x00010010L, 0x20010000L, 0x20010010L,
+ 0x00000800L, 0x00000810L, 0x20000800L, 0x20000810L,
+ 0x00010800L, 0x00010810L, 0x20010800L, 0x20010810L,
+ 0x00000020L, 0x00000030L, 0x20000020L, 0x20000030L,
+ 0x00010020L, 0x00010030L, 0x20010020L, 0x20010030L,
+ 0x00000820L, 0x00000830L, 0x20000820L, 0x20000830L,
+ 0x00010820L, 0x00010830L, 0x20010820L, 0x20010830L,
+ 0x00080000L, 0x00080010L, 0x20080000L, 0x20080010L,
+ 0x00090000L, 0x00090010L, 0x20090000L, 0x20090010L,
+ 0x00080800L, 0x00080810L, 0x20080800L, 0x20080810L,
+ 0x00090800L, 0x00090810L, 0x20090800L, 0x20090810L,
+ 0x00080020L, 0x00080030L, 0x20080020L, 0x20080030L,
+ 0x00090020L, 0x00090030L, 0x20090020L, 0x20090030L,
+ 0x00080820L, 0x00080830L, 0x20080820L, 0x20080830L,
+ 0x00090820L, 0x00090830L, 0x20090820L, 0x20090830L,
+ },
+ {
+ /* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */
+ 0x00000000L, 0x02000000L, 0x00002000L, 0x02002000L,
+ 0x00200000L, 0x02200000L, 0x00202000L, 0x02202000L,
+ 0x00000004L, 0x02000004L, 0x00002004L, 0x02002004L,
+ 0x00200004L, 0x02200004L, 0x00202004L, 0x02202004L,
+ 0x00000400L, 0x02000400L, 0x00002400L, 0x02002400L,
+ 0x00200400L, 0x02200400L, 0x00202400L, 0x02202400L,
+ 0x00000404L, 0x02000404L, 0x00002404L, 0x02002404L,
+ 0x00200404L, 0x02200404L, 0x00202404L, 0x02202404L,
+ 0x10000000L, 0x12000000L, 0x10002000L, 0x12002000L,
+ 0x10200000L, 0x12200000L, 0x10202000L, 0x12202000L,
+ 0x10000004L, 0x12000004L, 0x10002004L, 0x12002004L,
+ 0x10200004L, 0x12200004L, 0x10202004L, 0x12202004L,
+ 0x10000400L, 0x12000400L, 0x10002400L, 0x12002400L,
+ 0x10200400L, 0x12200400L, 0x10202400L, 0x12202400L,
+ 0x10000404L, 0x12000404L, 0x10002404L, 0x12002404L,
+ 0x10200404L, 0x12200404L, 0x10202404L, 0x12202404L,
+ },
+ {
+ /* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */
+ 0x00000000L, 0x00000001L, 0x00040000L, 0x00040001L,
+ 0x01000000L, 0x01000001L, 0x01040000L, 0x01040001L,
+ 0x00000002L, 0x00000003L, 0x00040002L, 0x00040003L,
+ 0x01000002L, 0x01000003L, 0x01040002L, 0x01040003L,
+ 0x00000200L, 0x00000201L, 0x00040200L, 0x00040201L,
+ 0x01000200L, 0x01000201L, 0x01040200L, 0x01040201L,
+ 0x00000202L, 0x00000203L, 0x00040202L, 0x00040203L,
+ 0x01000202L, 0x01000203L, 0x01040202L, 0x01040203L,
+ 0x08000000L, 0x08000001L, 0x08040000L, 0x08040001L,
+ 0x09000000L, 0x09000001L, 0x09040000L, 0x09040001L,
+ 0x08000002L, 0x08000003L, 0x08040002L, 0x08040003L,
+ 0x09000002L, 0x09000003L, 0x09040002L, 0x09040003L,
+ 0x08000200L, 0x08000201L, 0x08040200L, 0x08040201L,
+ 0x09000200L, 0x09000201L, 0x09040200L, 0x09040201L,
+ 0x08000202L, 0x08000203L, 0x08040202L, 0x08040203L,
+ 0x09000202L, 0x09000203L, 0x09040202L, 0x09040203L,
+ },
+ {
+ /* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */
+ 0x00000000L, 0x00100000L, 0x00000100L, 0x00100100L,
+ 0x00000008L, 0x00100008L, 0x00000108L, 0x00100108L,
+ 0x00001000L, 0x00101000L, 0x00001100L, 0x00101100L,
+ 0x00001008L, 0x00101008L, 0x00001108L, 0x00101108L,
+ 0x04000000L, 0x04100000L, 0x04000100L, 0x04100100L,
+ 0x04000008L, 0x04100008L, 0x04000108L, 0x04100108L,
+ 0x04001000L, 0x04101000L, 0x04001100L, 0x04101100L,
+ 0x04001008L, 0x04101008L, 0x04001108L, 0x04101108L,
+ 0x00020000L, 0x00120000L, 0x00020100L, 0x00120100L,
+ 0x00020008L, 0x00120008L, 0x00020108L, 0x00120108L,
+ 0x00021000L, 0x00121000L, 0x00021100L, 0x00121100L,
+ 0x00021008L, 0x00121008L, 0x00021108L, 0x00121108L,
+ 0x04020000L, 0x04120000L, 0x04020100L, 0x04120100L,
+ 0x04020008L, 0x04120008L, 0x04020108L, 0x04120108L,
+ 0x04021000L, 0x04121000L, 0x04021100L, 0x04121100L,
+ 0x04021008L, 0x04121008L, 0x04021108L, 0x04121108L,
+ },
+ {
+ /* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */
+ 0x00000000L, 0x10000000L, 0x00010000L, 0x10010000L,
+ 0x00000004L, 0x10000004L, 0x00010004L, 0x10010004L,
+ 0x20000000L, 0x30000000L, 0x20010000L, 0x30010000L,
+ 0x20000004L, 0x30000004L, 0x20010004L, 0x30010004L,
+ 0x00100000L, 0x10100000L, 0x00110000L, 0x10110000L,
+ 0x00100004L, 0x10100004L, 0x00110004L, 0x10110004L,
+ 0x20100000L, 0x30100000L, 0x20110000L, 0x30110000L,
+ 0x20100004L, 0x30100004L, 0x20110004L, 0x30110004L,
+ 0x00001000L, 0x10001000L, 0x00011000L, 0x10011000L,
+ 0x00001004L, 0x10001004L, 0x00011004L, 0x10011004L,
+ 0x20001000L, 0x30001000L, 0x20011000L, 0x30011000L,
+ 0x20001004L, 0x30001004L, 0x20011004L, 0x30011004L,
+ 0x00101000L, 0x10101000L, 0x00111000L, 0x10111000L,
+ 0x00101004L, 0x10101004L, 0x00111004L, 0x10111004L,
+ 0x20101000L, 0x30101000L, 0x20111000L, 0x30111000L,
+ 0x20101004L, 0x30101004L, 0x20111004L, 0x30111004L,
+ },
+ {
+ /* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */
+ 0x00000000L, 0x08000000L, 0x00000008L, 0x08000008L,
+ 0x00000400L, 0x08000400L, 0x00000408L, 0x08000408L,
+ 0x00020000L, 0x08020000L, 0x00020008L, 0x08020008L,
+ 0x00020400L, 0x08020400L, 0x00020408L, 0x08020408L,
+ 0x00000001L, 0x08000001L, 0x00000009L, 0x08000009L,
+ 0x00000401L, 0x08000401L, 0x00000409L, 0x08000409L,
+ 0x00020001L, 0x08020001L, 0x00020009L, 0x08020009L,
+ 0x00020401L, 0x08020401L, 0x00020409L, 0x08020409L,
+ 0x02000000L, 0x0A000000L, 0x02000008L, 0x0A000008L,
+ 0x02000400L, 0x0A000400L, 0x02000408L, 0x0A000408L,
+ 0x02020000L, 0x0A020000L, 0x02020008L, 0x0A020008L,
+ 0x02020400L, 0x0A020400L, 0x02020408L, 0x0A020408L,
+ 0x02000001L, 0x0A000001L, 0x02000009L, 0x0A000009L,
+ 0x02000401L, 0x0A000401L, 0x02000409L, 0x0A000409L,
+ 0x02020001L, 0x0A020001L, 0x02020009L, 0x0A020009L,
+ 0x02020401L, 0x0A020401L, 0x02020409L, 0x0A020409L,
+ },
+ {
+ /* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */
+ 0x00000000L, 0x00000100L, 0x00080000L, 0x00080100L,
+ 0x01000000L, 0x01000100L, 0x01080000L, 0x01080100L,
+ 0x00000010L, 0x00000110L, 0x00080010L, 0x00080110L,
+ 0x01000010L, 0x01000110L, 0x01080010L, 0x01080110L,
+ 0x00200000L, 0x00200100L, 0x00280000L, 0x00280100L,
+ 0x01200000L, 0x01200100L, 0x01280000L, 0x01280100L,
+ 0x00200010L, 0x00200110L, 0x00280010L, 0x00280110L,
+ 0x01200010L, 0x01200110L, 0x01280010L, 0x01280110L,
+ 0x00000200L, 0x00000300L, 0x00080200L, 0x00080300L,
+ 0x01000200L, 0x01000300L, 0x01080200L, 0x01080300L,
+ 0x00000210L, 0x00000310L, 0x00080210L, 0x00080310L,
+ 0x01000210L, 0x01000310L, 0x01080210L, 0x01080310L,
+ 0x00200200L, 0x00200300L, 0x00280200L, 0x00280300L,
+ 0x01200200L, 0x01200300L, 0x01280200L, 0x01280300L,
+ 0x00200210L, 0x00200310L, 0x00280210L, 0x00280310L,
+ 0x01200210L, 0x01200310L, 0x01280210L, 0x01280310L,
+ },
+ {
+ /* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */
+ 0x00000000L, 0x04000000L, 0x00040000L, 0x04040000L,
+ 0x00000002L, 0x04000002L, 0x00040002L, 0x04040002L,
+ 0x00002000L, 0x04002000L, 0x00042000L, 0x04042000L,
+ 0x00002002L, 0x04002002L, 0x00042002L, 0x04042002L,
+ 0x00000020L, 0x04000020L, 0x00040020L, 0x04040020L,
+ 0x00000022L, 0x04000022L, 0x00040022L, 0x04040022L,
+ 0x00002020L, 0x04002020L, 0x00042020L, 0x04042020L,
+ 0x00002022L, 0x04002022L, 0x00042022L, 0x04042022L,
+ 0x00000800L, 0x04000800L, 0x00040800L, 0x04040800L,
+ 0x00000802L, 0x04000802L, 0x00040802L, 0x04040802L,
+ 0x00002800L, 0x04002800L, 0x00042800L, 0x04042800L,
+ 0x00002802L, 0x04002802L, 0x00042802L, 0x04042802L,
+ 0x00000820L, 0x04000820L, 0x00040820L, 0x04040820L,
+ 0x00000822L, 0x04000822L, 0x00040822L, 0x04040822L,
+ 0x00002820L, 0x04002820L, 0x00042820L, 0x04042820L,
+ 0x00002822L, 0x04002822L, 0x00042822L, 0x04042822L,
+ }
+};
+
+
+static void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc)
+{
+ register DES_LONG l, r, t, u;
+ register DES_LONG *s;
+
+ r = data[0];
+ l = data[1];
+
+ IP(r, l);
+ /*
+ * Things have been modified so that the initial rotate is done outside
+ * the loop. This required the DES_SPtrans values in sp.h to be rotated
+ * 1 bit to the right. One perl script later and things have a 5% speed
+ * up on a sparc2. Thanks to Richard Outerbridge for pointing this out.
+ */
+ /* clear the top bits on machines with 8byte longs */
+ /* shift left by 2 */
+ r = ROTATE(r, 29) & 0xffffffffL;
+ l = ROTATE(l, 29) & 0xffffffffL;
+
+ s = ks->ks->deslong;
+ /*
+ * I don't know if it is worth the effort of loop unrolling the inner
+ * loop
+ */
+ if (enc) {
+ D_ENCRYPT(l, r, 0); /* 1 */
+ D_ENCRYPT(r, l, 2); /* 2 */
+ D_ENCRYPT(l, r, 4); /* 3 */
+ D_ENCRYPT(r, l, 6); /* 4 */
+ D_ENCRYPT(l, r, 8); /* 5 */
+ D_ENCRYPT(r, l, 10); /* 6 */
+ D_ENCRYPT(l, r, 12); /* 7 */
+ D_ENCRYPT(r, l, 14); /* 8 */
+ D_ENCRYPT(l, r, 16); /* 9 */
+ D_ENCRYPT(r, l, 18); /* 10 */
+ D_ENCRYPT(l, r, 20); /* 11 */
+ D_ENCRYPT(r, l, 22); /* 12 */
+ D_ENCRYPT(l, r, 24); /* 13 */
+ D_ENCRYPT(r, l, 26); /* 14 */
+ D_ENCRYPT(l, r, 28); /* 15 */
+ D_ENCRYPT(r, l, 30); /* 16 */
+ } else {
+ D_ENCRYPT(l, r, 30); /* 16 */
+ D_ENCRYPT(r, l, 28); /* 15 */
+ D_ENCRYPT(l, r, 26); /* 14 */
+ D_ENCRYPT(r, l, 24); /* 13 */
+ D_ENCRYPT(l, r, 22); /* 12 */
+ D_ENCRYPT(r, l, 20); /* 11 */
+ D_ENCRYPT(l, r, 18); /* 10 */
+ D_ENCRYPT(r, l, 16); /* 9 */
+ D_ENCRYPT(l, r, 14); /* 8 */
+ D_ENCRYPT(r, l, 12); /* 7 */
+ D_ENCRYPT(l, r, 10); /* 6 */
+ D_ENCRYPT(r, l, 8); /* 5 */
+ D_ENCRYPT(l, r, 6); /* 4 */
+ D_ENCRYPT(r, l, 4); /* 3 */
+ D_ENCRYPT(l, r, 2); /* 2 */
+ D_ENCRYPT(r, l, 0); /* 1 */
+ }
+
+ /* rotate and clear the top bits on machines with 8byte longs */
+ l = ROTATE(l, 3) & 0xffffffffL;
+ r = ROTATE(r, 3) & 0xffffffffL;
+
+ FP(r, l);
+ data[0] = l;
+ data[1] = r;
+ l = r = t = u = 0;
+}
+
+
+static void DES_ecb_encrypt(const DES_cblock *input, DES_cblock *output,
+ DES_key_schedule *ks, int enc)
+{
+ register DES_LONG l;
+ DES_LONG ll[2];
+ const unsigned char *in = &(*input)[0];
+ unsigned char *out = &(*output)[0];
+
+ c2l(in, l);
+ ll[0] = l;
+ c2l(in, l);
+ ll[1] = l;
+ DES_encrypt1(ll, ks, enc);
+ l = ll[0];
+ l2c(l, out);
+ l = ll[1];
+ l2c(l, out);
+ l = ll[0] = ll[1] = 0;
+}
+
+
+static void DES_set_key(const DES_cblock *key, DES_key_schedule *schedule)
+{
+ static const int shifts2[16] =
+ { 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0 };
+ register DES_LONG c, d, t, s, t2;
+ register const unsigned char *in;
+ register DES_LONG *k;
+ register int i;
+
+#ifdef OPENBSD_DEV_CRYPTO
+ memcpy(schedule->key, key, sizeof(schedule->key));
+ schedule->session = NULL;
+#endif
+ k = &schedule->ks->deslong[0];
+ in = &(*key)[0];
+
+ c2l(in, c);
+ c2l(in, d);
+
+ /*
+ * do PC1 in 47 simple operations. Thanks to John Fletcher
+ * for the inspiration.
+ */
+ PERM_OP(d, c, t, 4, 0x0f0f0f0fL);
+ HPERM_OP(c, t, -2, 0xcccc0000L);
+ HPERM_OP(d, t, -2, 0xcccc0000L);
+ PERM_OP(d, c, t, 1, 0x55555555L);
+ PERM_OP(c, d, t, 8, 0x00ff00ffL);
+ PERM_OP(d, c, t, 1, 0x55555555L);
+ d = (((d & 0x000000ffL) << 16L) | (d & 0x0000ff00L) |
+ ((d & 0x00ff0000L) >> 16L) | ((c & 0xf0000000L) >> 4L));
+ c &= 0x0fffffffL;
+
+ for (i = 0; i < ITERATIONS; i++) {
+ if (shifts2[i]) {
+ c = ((c >> 2L) | (c << 26L));
+ d = ((d >> 2L) | (d << 26L));
+ } else {
+ c = ((c >> 1L) | (c << 27L));
+ d = ((d >> 1L) | (d << 27L));
+ }
+ c &= 0x0fffffffL;
+ d &= 0x0fffffffL;
+ /*
+ * could be a few less shifts but I am to lazy at this point in time
+ * to investigate
+ */
+ s = des_skb[0][(c) & 0x3f] |
+ des_skb[1][((c >> 6L) & 0x03) | ((c >> 7L) & 0x3c)] |
+ des_skb[2][((c >> 13L) & 0x0f) | ((c >> 14L) & 0x30)] |
+ des_skb[3][((c >> 20L) & 0x01) | ((c >> 21L) & 0x06) |
+ ((c >> 22L) & 0x38)];
+ t = des_skb[4][(d) & 0x3f] |
+ des_skb[5][((d >> 7L) & 0x03) | ((d >> 8L) & 0x3c)] |
+ des_skb[6][(d >> 15L) & 0x3f] |
+ des_skb[7][((d >> 21L) & 0x0f) | ((d >> 22L) & 0x30)];
+
+ /* table contained 0213 4657 */
+ t2 = ((t << 16L) | (s & 0x0000ffffL)) & 0xffffffffL;
+ *(k++) = ROTATE(t2, 30) & 0xffffffffL;
+
+ t2 = ((s >> 16L) | (t & 0xffff0000L));
+ *(k++) = ROTATE(t2, 26) & 0xffffffffL;
+ }
+}
+
+/* End of import of OpenSSL DES encryption functions */
+
+static int des_init(PPP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv)
+{
+ DES_key_schedule *ks = calloc(1, sizeof(DES_key_schedule));
+ if (ks) {
+
+ if (key) {
+ memcpy(ctx->key, key, 8);
+ }
+
+ if (iv) {
+ memcpy(ctx->iv, iv, 8);
+ }
+
+ if (key) {
+ DES_set_key((DES_cblock*) &ctx->key, ks);
+ }
+
+ ctx->priv = ks;
+ return 1;
+ }
+
+ return 0;
+}
+
+static int des_update(PPP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl)
+{
+ int offset = 0;
+ inl = inl / 8;
+ while (offset < inl) {
+ DES_ecb_encrypt((DES_cblock *)in + offset, (DES_cblock *)out + offset,
+ (DES_key_schedule*) ctx->priv, ctx->is_encr);
+ offset ++;
+ }
+
+ *outl = offset * 8;
+ return 1;
+}
+
+static int des_final(PPP_CIPHER_CTX *ctx, unsigned char *out, int *outl)
+{
+ return 1;
+}
+
+static void des_clean(PPP_CIPHER_CTX *ctx)
+{
+ if (ctx->priv) {
+ free(ctx->priv);
+ ctx->priv = NULL;
+ }
+}
+
+#endif
+
+static PPP_CIPHER ppp_des = {
+ .init_fn = des_init,
+ .update_fn = des_update,
+ .final_fn = des_final,
+ .clean_fn = des_clean,
+};
+
+const PPP_CIPHER *PPP_des_ecb(void)
+{
+ return &ppp_des;
+}
+
--- /dev/null
+/* ppp-md4.c - MD4 Digest implementation
+ *
+ * Copyright (c) 2022 Eivind Næss. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sections of this code holds different copyright information.
+ */
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <stdio.h>
+#include <stdlib.h>
+
+#include "crypto-priv.h"
+
+
+#ifdef OPENSSL_HAVE_MD4
+#include <openssl/evp.h>
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define EVP_MD_CTX_free EVP_MD_CTX_destroy
+#define EVP_MD_CTX_new EVP_MD_CTX_create
+#endif
+
+
+static int md4_init(PPP_MD_CTX *ctx)
+{
+ if (ctx) {
+ EVP_MD_CTX *mctx = EVP_MD_CTX_new();
+ if (mctx) {
+ if (EVP_DigestInit(mctx, EVP_md4())) {
+ ctx->priv = mctx;
+ return 1;
+ }
+ EVP_MD_CTX_free(mctx);
+ }
+ }
+ return 0;
+}
+
+static int md4_update(PPP_MD_CTX *ctx, const void *data, size_t len)
+{
+ if (EVP_DigestUpdate((EVP_MD_CTX*) ctx->priv, data, len)) {
+ return 1;
+ }
+ return 0;
+}
+
+static int md4_final(PPP_MD_CTX *ctx, unsigned char *out, unsigned int *len)
+{
+ if (EVP_DigestFinal((EVP_MD_CTX*) ctx->priv, out, len)) {
+ return 1;
+ }
+ return 0;
+}
+
+static void md4_clean(PPP_MD_CTX *ctx)
+{
+ if (ctx->priv) {
+ EVP_MD_CTX_free(ctx->priv);
+ ctx->priv = NULL;
+ }
+}
+
+
+#else // !OPENSSL_HAVE_MD4
+
+#define TRUE 1
+#define FALSE 0
+
+/*
+** ********************************************************************
+** md4.c -- Implementation of MD4 Message Digest Algorithm **
+** Updated: 2/16/90 by Ronald L. Rivest **
+** (C) 1990 RSA Data Security, Inc. **
+** ********************************************************************
+*/
+
+/*
+** To use MD4:
+** -- Include md4.h in your program
+** -- Declare an MDstruct MD to hold the state of the digest
+** computation.
+** -- Initialize MD using MDbegin(&MD)
+** -- For each full block (64 bytes) X you wish to process, call
+** MD4Update(&MD,X,512)
+** (512 is the number of bits in a full block.)
+** -- For the last block (less than 64 bytes) you wish to process,
+** MD4Update(&MD,X,n)
+** where n is the number of bits in the partial block. A partial
+** block terminates the computation, so every MD computation
+** should terminate by processing a partial block, even if it
+** has n = 0.
+** -- The message digest is available in MD.buffer[0] ...
+** MD.buffer[3]. (Least-significant byte of each word
+** should be output first.)
+** -- You can print out the digest using MDprint(&MD)
+*/
+
+/* Implementation notes:
+** This implementation assumes that ints are 32-bit quantities.
+*/
+
+/* MDstruct is the data structure for a message digest computation.
+*/
+typedef struct {
+ unsigned int buffer[4]; /* Holds 4-word result of MD computation */
+ unsigned char count[8]; /* Number of bits processed so far */
+ unsigned int done; /* Nonzero means MD computation finished */
+} MD4_CTX;
+
+
+/* Compile-time declarations of MD4 "magic constants".
+*/
+#define I0 0x67452301 /* Initial values for MD buffer */
+#define I1 0xefcdab89
+#define I2 0x98badcfe
+#define I3 0x10325476
+#define C2 013240474631 /* round 2 constant = sqrt(2) in octal */
+#define C3 015666365641 /* round 3 constant = sqrt(3) in octal */
+/* C2 and C3 are from Knuth, The Art of Programming, Volume 2
+** (Seminumerical Algorithms), Second Edition (1981), Addison-Wesley.
+** Table 2, page 660.
+*/
+
+#define fs1 3 /* round 1 shift amounts */
+#define fs2 7
+#define fs3 11
+#define fs4 19
+#define gs1 3 /* round 2 shift amounts */
+#define gs2 5
+#define gs3 9
+#define gs4 13
+#define hs1 3 /* round 3 shift amounts */
+#define hs2 9
+#define hs3 11
+#define hs4 15
+
+/* Compile-time macro declarations for MD4.
+** Note: The "rot" operator uses the variable "tmp".
+** It assumes tmp is declared as unsigned int, so that the >>
+** operator will shift in zeros rather than extending the sign bit.
+*/
+#define f(X,Y,Z) ((X&Y) | ((~X)&Z))
+#define g(X,Y,Z) ((X&Y) | (X&Z) | (Y&Z))
+#define h(X,Y,Z) (X^Y^Z)
+#define rot(X,S) (tmp=X,(tmp<<S) | (tmp>>(32-S)))
+#define ff(A,B,C,D,i,s) A = rot((A + f(B,C,D) + X[i]),s)
+#define gg(A,B,C,D,i,s) A = rot((A + g(B,C,D) + X[i] + C2),s)
+#define hh(A,B,C,D,i,s) A = rot((A + h(B,C,D) + X[i] + C3),s)
+
+/* MD4print(MDp)
+** Print message digest buffer MDp as 32 hexadecimal digits.
+** Order is from low-order byte of buffer[0] to high-order byte of
+** buffer[3].
+** Each byte is printed with high-order hexadecimal digit first.
+** This is a user-callable routine.
+*/
+static void
+MD4Print(MD4_CTX *MDp)
+{
+ int i,j;
+ for (i=0;i<4;i++)
+ for (j=0;j<32;j=j+8)
+ printf("%02x",(MDp->buffer[i]>>j) & 0xFF);
+}
+
+/* MD4Init(MDp)
+** Initialize message digest buffer MDp.
+** This is a user-callable routine.
+*/
+static void
+MD4Init(MD4_CTX *MDp)
+{
+ int i;
+ MDp->buffer[0] = I0;
+ MDp->buffer[1] = I1;
+ MDp->buffer[2] = I2;
+ MDp->buffer[3] = I3;
+ for (i=0;i<8;i++) MDp->count[i] = 0;
+ MDp->done = 0;
+}
+
+/* MDblock(MDp,X)
+** Update message digest buffer MDp->buffer using 16-word data block X.
+** Assumes all 16 words of X are full of data.
+** Does not update MDp->count.
+** This routine is not user-callable.
+*/
+static void
+MDblock(MD4_CTX *MDp, unsigned char *Xb)
+{
+ register unsigned int tmp, A, B, C, D;
+ unsigned int X[16];
+ int i;
+
+ for (i = 0; i < 16; ++i) {
+ X[i] = Xb[0] + (Xb[1] << 8) + (Xb[2] << 16) + (Xb[3] << 24);
+ Xb += 4;
+ }
+
+ A = MDp->buffer[0];
+ B = MDp->buffer[1];
+ C = MDp->buffer[2];
+ D = MDp->buffer[3];
+ /* Update the message digest buffer */
+ ff(A , B , C , D , 0 , fs1); /* Round 1 */
+ ff(D , A , B , C , 1 , fs2);
+ ff(C , D , A , B , 2 , fs3);
+ ff(B , C , D , A , 3 , fs4);
+ ff(A , B , C , D , 4 , fs1);
+ ff(D , A , B , C , 5 , fs2);
+ ff(C , D , A , B , 6 , fs3);
+ ff(B , C , D , A , 7 , fs4);
+ ff(A , B , C , D , 8 , fs1);
+ ff(D , A , B , C , 9 , fs2);
+ ff(C , D , A , B , 10 , fs3);
+ ff(B , C , D , A , 11 , fs4);
+ ff(A , B , C , D , 12 , fs1);
+ ff(D , A , B , C , 13 , fs2);
+ ff(C , D , A , B , 14 , fs3);
+ ff(B , C , D , A , 15 , fs4);
+ gg(A , B , C , D , 0 , gs1); /* Round 2 */
+ gg(D , A , B , C , 4 , gs2);
+ gg(C , D , A , B , 8 , gs3);
+ gg(B , C , D , A , 12 , gs4);
+ gg(A , B , C , D , 1 , gs1);
+ gg(D , A , B , C , 5 , gs2);
+ gg(C , D , A , B , 9 , gs3);
+ gg(B , C , D , A , 13 , gs4);
+ gg(A , B , C , D , 2 , gs1);
+ gg(D , A , B , C , 6 , gs2);
+ gg(C , D , A , B , 10 , gs3);
+ gg(B , C , D , A , 14 , gs4);
+ gg(A , B , C , D , 3 , gs1);
+ gg(D , A , B , C , 7 , gs2);
+ gg(C , D , A , B , 11 , gs3);
+ gg(B , C , D , A , 15 , gs4);
+ hh(A , B , C , D , 0 , hs1); /* Round 3 */
+ hh(D , A , B , C , 8 , hs2);
+ hh(C , D , A , B , 4 , hs3);
+ hh(B , C , D , A , 12 , hs4);
+ hh(A , B , C , D , 2 , hs1);
+ hh(D , A , B , C , 10 , hs2);
+ hh(C , D , A , B , 6 , hs3);
+ hh(B , C , D , A , 14 , hs4);
+ hh(A , B , C , D , 1 , hs1);
+ hh(D , A , B , C , 9 , hs2);
+ hh(C , D , A , B , 5 , hs3);
+ hh(B , C , D , A , 13 , hs4);
+ hh(A , B , C , D , 3 , hs1);
+ hh(D , A , B , C , 11 , hs2);
+ hh(C , D , A , B , 7 , hs3);
+ hh(B , C , D , A , 15 , hs4);
+ MDp->buffer[0] += A;
+ MDp->buffer[1] += B;
+ MDp->buffer[2] += C;
+ MDp->buffer[3] += D;
+}
+
+/* MD4Update(MDp,X,count)
+** Input: X -- a pointer to an array of unsigned characters.
+** count -- the number of bits of X to use.
+** (if not a multiple of 8, uses high bits of last byte.)
+** Update MDp using the number of bits of X given by count.
+** This is the basic input routine for an MD4 user.
+** The routine completes the MD computation when count < 512, so
+** every MD computation should end with one call to MD4Update with a
+** count less than 512. A call with count 0 will be ignored if the
+** MD has already been terminated (done != 0), so an extra call with
+** count 0 can be given as a "courtesy close" to force termination
+** if desired.
+*/
+static void
+MD4Update(MD4_CTX *MDp, unsigned char *X, unsigned int count)
+{
+ unsigned int i, tmp, bit, byte, mask;
+ unsigned char XX[64];
+ unsigned char *p;
+
+ /* return with no error if this is a courtesy close with count
+ ** zero and MDp->done is true.
+ */
+ if (count == 0 && MDp->done) return;
+ /* check to see if MD is already done and report error */
+ if (MDp->done)
+ { printf("\nError: MD4Update MD already done."); return; }
+
+ /* Add count to MDp->count */
+ tmp = count;
+ p = MDp->count;
+ while (tmp)
+ { tmp += *p;
+ *p++ = tmp;
+ tmp = tmp >> 8;
+ }
+
+ /* Process data */
+ if (count == 512)
+ { /* Full block of data to handle */
+ MDblock(MDp,X);
+ }
+ else if (count > 512) /* Check for count too large */
+ {
+ printf("\nError: MD4Update called with illegal count value %u.",
+ count);
+ return;
+ }
+ else /* partial block -- must be last block so finish up */
+ {
+ /* Find out how many bytes and residual bits there are */
+ byte = count >> 3;
+ bit = count & 7;
+ /* Copy X into XX since we need to modify it */
+ if (count)
+ for (i=0;i<=byte;i++) XX[i] = X[i];
+ for (i=byte+1;i<64;i++) XX[i] = 0;
+ /* Add padding '1' bit and low-order zeros in last byte */
+ mask = 1 << (7 - bit);
+ XX[byte] = (XX[byte] | mask) & ~( mask - 1);
+ /* If room for bit count, finish up with this block */
+ if (byte <= 55)
+ {
+ for (i=0;i<8;i++) XX[56+i] = MDp->count[i];
+ MDblock(MDp,XX);
+ }
+ else /* need to do two blocks to finish up */
+ {
+ MDblock(MDp,XX);
+ for (i=0;i<56;i++) XX[i] = 0;
+ for (i=0;i<8;i++) XX[56+i] = MDp->count[i];
+ MDblock(MDp,XX);
+ }
+ /* Set flag saying we're done with MD computation */
+ MDp->done = 1;
+ }
+}
+
+/*
+** Finish up MD4 computation and return message digest.
+*/
+static void
+MD4Final(unsigned char *buf, MD4_CTX *MD)
+{
+ int i, j;
+ unsigned int w;
+
+ MD4Update(MD, NULL, 0);
+ for (i = 0; i < 4; ++i) {
+ w = MD->buffer[i];
+ for (j = 0; j < 4; ++j) {
+ *buf++ = w;
+ w >>= 8;
+ }
+ }
+}
+
+/*
+** End of md4.c
+****************************(cut)***********************************/
+
+static int md4_init(PPP_MD_CTX *ctx)
+{
+ if (ctx) {
+ MD4_CTX *mctx = calloc(1, sizeof(MD4_CTX));
+ if (mctx) {
+ MD4Init(mctx);
+ ctx->priv = mctx;
+ return 1;
+ }
+ }
+ return 0;
+}
+
+static int md4_update(PPP_MD_CTX *ctx, const void *data, size_t len)
+{
+#if defined(__NetBSD__)
+ /* NetBSD uses the libc md4 routines which take bytes instead of bits */
+ int mdlen = len;
+#else
+ int mdlen = len * 8;
+#endif
+
+ /* Internal MD4Update can take at most 64 bytes at a time */
+ while (mdlen > 512) {
+ MD4Update((MD4_CTX*) ctx->priv, (unsigned char*) data, 512);
+ data += 64;
+ mdlen -= 512;
+ }
+ MD4Update((MD4_CTX*) ctx->priv, (unsigned char*) data, mdlen);
+ return 1;
+}
+
+static int md4_final(PPP_MD_CTX *ctx, unsigned char *out, unsigned int *len)
+{
+ MD4Final(out, (MD4_CTX*) ctx->priv);
+ return 1;
+}
+
+static void md4_clean(PPP_MD_CTX *ctx)
+{
+ if (ctx->priv) {
+ free(ctx->priv);
+ ctx->priv = NULL;
+ }
+}
+
+#endif
+
+static PPP_MD ppp_md4 = {
+ .init_fn = md4_init,
+ .update_fn = md4_update,
+ .final_fn = md4_final,
+ .clean_fn = md4_clean,
+};
+
+const PPP_MD *PPP_md4(void)
+{
+ return &ppp_md4;
+}
--- /dev/null
+/* ppp-md5.c - MD5 Digest implementation
+ *
+ * Copyright (c) 2022 Eivind Næss. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sections of this code holds different copyright information.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <stdlib.h>
+#include <string.h>
+
+#include "crypto-priv.h"
+
+#ifdef OPENSSL_HAVE_MD5
+#include <openssl/evp.h>
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define EVP_MD_CTX_free EVP_MD_CTX_destroy
+#define EVP_MD_CTX_new EVP_MD_CTX_create
+#endif
+
+static int md5_init(PPP_MD_CTX *ctx)
+{
+ if (ctx) {
+ EVP_MD_CTX *mctx = EVP_MD_CTX_new();
+ if (mctx) {
+ if (EVP_DigestInit((EVP_MD_CTX*) mctx, EVP_md5())) {
+ ctx->priv = mctx;
+ return 1;
+ }
+ EVP_MD_CTX_free(mctx);
+ }
+ }
+ return 0;
+}
+
+static int md5_update(PPP_MD_CTX *ctx, const void *data, size_t len)
+{
+ if (EVP_DigestUpdate((EVP_MD_CTX*) ctx->priv, data, len)) {
+ return 1;
+ }
+ return 0;
+}
+
+static int md5_final(PPP_MD_CTX *ctx, unsigned char *out, unsigned int *len)
+{
+ if (EVP_DigestFinal((EVP_MD_CTX*) ctx->priv, out, len)) {
+ return 1;
+ }
+ return 0;
+}
+
+static void md5_clean(PPP_MD_CTX *ctx)
+{
+ if (ctx->priv) {
+ EVP_MD_CTX_free((EVP_MD_CTX*) ctx->priv);
+ ctx->priv = NULL;
+ }
+}
+
+#else // !OPENSSL_HAVE_MD5
+
+/*
+ ***********************************************************************
+ ** md5.c -- the source code for MD5 routines **
+ ** RSA Data Security, Inc. MD5 Message-Digest Algorithm **
+ ** Created: 2/17/90 RLR **
+ ** Revised: 1/91 SRD,AJ,BSK,JT Reference C ver., 7/10 constant corr. **
+ ***********************************************************************
+ */
+
+/*
+ ***********************************************************************
+ ** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. **
+ ** **
+ ** License to copy and use this software is granted provided that **
+ ** it is identified as the "RSA Data Security, Inc. MD5 Message- **
+ ** Digest Algorithm" in all material mentioning or referencing this **
+ ** software or this function. **
+ ** **
+ ** License is also granted to make and use derivative works **
+ ** provided that such works are identified as "derived from the RSA **
+ ** Data Security, Inc. MD5 Message-Digest Algorithm" in all **
+ ** material mentioning or referencing the derived work. **
+ ** **
+ ** RSA Data Security, Inc. makes no representations concerning **
+ ** either the merchantability of this software or the suitability **
+ ** of this software for any particular purpose. It is provided "as **
+ ** is" without express or implied warranty of any kind. **
+ ** **
+ ** These notices must be retained in any copies of any part of this **
+ ** documentation and/or software. **
+ ***********************************************************************
+ */
+
+
+/* typedef a 32-bit type */
+#ifdef _LP64
+typedef unsigned int UINT4;
+typedef int INT4;
+#else
+typedef unsigned long UINT4;
+typedef long INT4;
+#endif
+#define _UINT4_T
+
+/* Data structure for MD5 (Message-Digest) computation */
+typedef struct {
+ UINT4 i[2]; /* number of _bits_ handled mod 2^64 */
+ UINT4 buf[4]; /* scratch buffer */
+ unsigned char in[64]; /* input buffer */
+ unsigned char digest[16]; /* actual digest after MD5Final call */
+} MD5_CTX;
+
+
+/*
+ ***********************************************************************
+ ** Message-digest routines: **
+ ** To form the message digest for a message M **
+ ** (1) Initialize a context buffer mdContext using MD5_Init **
+ ** (2) Call MD5_Update on mdContext and M **
+ ** (3) Call MD5_Final on mdContext **
+ ** The message digest is now in mdContext->digest[0...15] **
+ ***********************************************************************
+ */
+
+/* forward declaration */
+static void Transform (UINT4 *buf, UINT4 *in);
+
+static unsigned char PADDING[64] = {
+ 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+
+/* F, G, H and I are basic MD5 functions */
+#define F(x, y, z) (((x) & (y)) | ((~x) & (z)))
+#define G(x, y, z) (((x) & (z)) | ((y) & (~z)))
+#define H(x, y, z) ((x) ^ (y) ^ (z))
+#define I(x, y, z) ((y) ^ ((x) | (~z)))
+
+/* ROTATE_LEFT rotates x left n bits */
+#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n))))
+
+/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4 */
+/* Rotation is separate from addition to prevent recomputation */
+#define FF(a, b, c, d, x, s, ac) \
+ {(a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \
+ (a) = ROTATE_LEFT ((a), (s)); \
+ (a) += (b); \
+ }
+#define GG(a, b, c, d, x, s, ac) \
+ {(a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \
+ (a) = ROTATE_LEFT ((a), (s)); \
+ (a) += (b); \
+ }
+#define HH(a, b, c, d, x, s, ac) \
+ {(a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \
+ (a) = ROTATE_LEFT ((a), (s)); \
+ (a) += (b); \
+ }
+#define II(a, b, c, d, x, s, ac) \
+ {(a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \
+ (a) = ROTATE_LEFT ((a), (s)); \
+ (a) += (b); \
+ }
+
+#ifdef __STDC__
+#define UL(x) x##U
+#else
+#define UL(x) x
+#endif
+
+/* The routine MD5_Init initializes the message-digest context
+ mdContext. All fields are set to zero.
+ */
+static void MD5_Init (MD5_CTX *mdContext)
+{
+ mdContext->i[0] = mdContext->i[1] = (UINT4)0;
+
+ /* Load magic initialization constants.
+ */
+ mdContext->buf[0] = (UINT4)0x67452301;
+ mdContext->buf[1] = (UINT4)0xefcdab89;
+ mdContext->buf[2] = (UINT4)0x98badcfe;
+ mdContext->buf[3] = (UINT4)0x10325476;
+}
+
+/* The routine MD5Update updates the message-digest context to
+ account for the presence of each of the characters inBuf[0..inLen-1]
+ in the message whose digest is being computed.
+ */
+static void MD5_Update (MD5_CTX *mdContext, unsigned char *inBuf, unsigned int inLen)
+{
+ UINT4 in[16];
+ int mdi;
+ unsigned int i, ii;
+
+ /* compute number of bytes mod 64 */
+ mdi = (int)((mdContext->i[0] >> 3) & 0x3F);
+
+ /* update number of bits */
+ if ((mdContext->i[0] + ((UINT4)inLen << 3)) < mdContext->i[0])
+ mdContext->i[1]++;
+ mdContext->i[0] += ((UINT4)inLen << 3);
+ mdContext->i[1] += ((UINT4)inLen >> 29);
+
+ while (inLen--) {
+ /* add new character to buffer, increment mdi */
+ mdContext->in[mdi++] = *inBuf++;
+
+ /* transform if necessary */
+ if (mdi == 0x40) {
+ for (i = 0, ii = 0; i < 16; i++, ii += 4)
+ in[i] = (((UINT4)mdContext->in[ii+3]) << 24) |
+ (((UINT4)mdContext->in[ii+2]) << 16) |
+ (((UINT4)mdContext->in[ii+1]) << 8) |
+ ((UINT4)mdContext->in[ii]);
+ Transform (mdContext->buf, in);
+ mdi = 0;
+ }
+ }
+}
+
+/* The routine MD5Final terminates the message-digest computation and
+ ends with the desired message digest in mdContext->digest[0...15].
+ */
+static void MD5_Final (unsigned char hash[], MD5_CTX *mdContext)
+{
+ UINT4 in[16];
+ int mdi;
+ unsigned int i, ii;
+ unsigned int padLen;
+
+ /* save number of bits */
+ in[14] = mdContext->i[0];
+ in[15] = mdContext->i[1];
+
+ /* compute number of bytes mod 64 */
+ mdi = (int)((mdContext->i[0] >> 3) & 0x3F);
+
+ /* pad out to 56 mod 64 */
+ padLen = (mdi < 56) ? (56 - mdi) : (120 - mdi);
+ MD5_Update (mdContext, PADDING, padLen);
+
+ /* append length in bits and transform */
+ for (i = 0, ii = 0; i < 14; i++, ii += 4)
+ in[i] = (((UINT4)mdContext->in[ii+3]) << 24) |
+ (((UINT4)mdContext->in[ii+2]) << 16) |
+ (((UINT4)mdContext->in[ii+1]) << 8) |
+ ((UINT4)mdContext->in[ii]);
+ Transform (mdContext->buf, in);
+
+ /* store buffer in digest */
+ for (i = 0, ii = 0; i < 4; i++, ii += 4) {
+ mdContext->digest[ii] = (unsigned char)(mdContext->buf[i] & 0xFF);
+ mdContext->digest[ii+1] =
+ (unsigned char)((mdContext->buf[i] >> 8) & 0xFF);
+ mdContext->digest[ii+2] =
+ (unsigned char)((mdContext->buf[i] >> 16) & 0xFF);
+ mdContext->digest[ii+3] =
+ (unsigned char)((mdContext->buf[i] >> 24) & 0xFF);
+ }
+ memcpy(hash, mdContext->digest, 16);
+}
+
+/* Basic MD5 step. Transforms buf based on in.
+ */
+static void Transform (UINT4 *buf, UINT4 *in)
+{
+ UINT4 a = buf[0], b = buf[1], c = buf[2], d = buf[3];
+
+ /* Round 1 */
+#define S11 7
+#define S12 12
+#define S13 17
+#define S14 22
+ FF ( a, b, c, d, in[ 0], S11, UL(3614090360)); /* 1 */
+ FF ( d, a, b, c, in[ 1], S12, UL(3905402710)); /* 2 */
+ FF ( c, d, a, b, in[ 2], S13, UL( 606105819)); /* 3 */
+ FF ( b, c, d, a, in[ 3], S14, UL(3250441966)); /* 4 */
+ FF ( a, b, c, d, in[ 4], S11, UL(4118548399)); /* 5 */
+ FF ( d, a, b, c, in[ 5], S12, UL(1200080426)); /* 6 */
+ FF ( c, d, a, b, in[ 6], S13, UL(2821735955)); /* 7 */
+ FF ( b, c, d, a, in[ 7], S14, UL(4249261313)); /* 8 */
+ FF ( a, b, c, d, in[ 8], S11, UL(1770035416)); /* 9 */
+ FF ( d, a, b, c, in[ 9], S12, UL(2336552879)); /* 10 */
+ FF ( c, d, a, b, in[10], S13, UL(4294925233)); /* 11 */
+ FF ( b, c, d, a, in[11], S14, UL(2304563134)); /* 12 */
+ FF ( a, b, c, d, in[12], S11, UL(1804603682)); /* 13 */
+ FF ( d, a, b, c, in[13], S12, UL(4254626195)); /* 14 */
+ FF ( c, d, a, b, in[14], S13, UL(2792965006)); /* 15 */
+ FF ( b, c, d, a, in[15], S14, UL(1236535329)); /* 16 */
+
+ /* Round 2 */
+#define S21 5
+#define S22 9
+#define S23 14
+#define S24 20
+ GG ( a, b, c, d, in[ 1], S21, UL(4129170786)); /* 17 */
+ GG ( d, a, b, c, in[ 6], S22, UL(3225465664)); /* 18 */
+ GG ( c, d, a, b, in[11], S23, UL( 643717713)); /* 19 */
+ GG ( b, c, d, a, in[ 0], S24, UL(3921069994)); /* 20 */
+ GG ( a, b, c, d, in[ 5], S21, UL(3593408605)); /* 21 */
+ GG ( d, a, b, c, in[10], S22, UL( 38016083)); /* 22 */
+ GG ( c, d, a, b, in[15], S23, UL(3634488961)); /* 23 */
+ GG ( b, c, d, a, in[ 4], S24, UL(3889429448)); /* 24 */
+ GG ( a, b, c, d, in[ 9], S21, UL( 568446438)); /* 25 */
+ GG ( d, a, b, c, in[14], S22, UL(3275163606)); /* 26 */
+ GG ( c, d, a, b, in[ 3], S23, UL(4107603335)); /* 27 */
+ GG ( b, c, d, a, in[ 8], S24, UL(1163531501)); /* 28 */
+ GG ( a, b, c, d, in[13], S21, UL(2850285829)); /* 29 */
+ GG ( d, a, b, c, in[ 2], S22, UL(4243563512)); /* 30 */
+ GG ( c, d, a, b, in[ 7], S23, UL(1735328473)); /* 31 */
+ GG ( b, c, d, a, in[12], S24, UL(2368359562)); /* 32 */
+
+ /* Round 3 */
+#define S31 4
+#define S32 11
+#define S33 16
+#define S34 23
+ HH ( a, b, c, d, in[ 5], S31, UL(4294588738)); /* 33 */
+ HH ( d, a, b, c, in[ 8], S32, UL(2272392833)); /* 34 */
+ HH ( c, d, a, b, in[11], S33, UL(1839030562)); /* 35 */
+ HH ( b, c, d, a, in[14], S34, UL(4259657740)); /* 36 */
+ HH ( a, b, c, d, in[ 1], S31, UL(2763975236)); /* 37 */
+ HH ( d, a, b, c, in[ 4], S32, UL(1272893353)); /* 38 */
+ HH ( c, d, a, b, in[ 7], S33, UL(4139469664)); /* 39 */
+ HH ( b, c, d, a, in[10], S34, UL(3200236656)); /* 40 */
+ HH ( a, b, c, d, in[13], S31, UL( 681279174)); /* 41 */
+ HH ( d, a, b, c, in[ 0], S32, UL(3936430074)); /* 42 */
+ HH ( c, d, a, b, in[ 3], S33, UL(3572445317)); /* 43 */
+ HH ( b, c, d, a, in[ 6], S34, UL( 76029189)); /* 44 */
+ HH ( a, b, c, d, in[ 9], S31, UL(3654602809)); /* 45 */
+ HH ( d, a, b, c, in[12], S32, UL(3873151461)); /* 46 */
+ HH ( c, d, a, b, in[15], S33, UL( 530742520)); /* 47 */
+ HH ( b, c, d, a, in[ 2], S34, UL(3299628645)); /* 48 */
+
+ /* Round 4 */
+#define S41 6
+#define S42 10
+#define S43 15
+#define S44 21
+ II ( a, b, c, d, in[ 0], S41, UL(4096336452)); /* 49 */
+ II ( d, a, b, c, in[ 7], S42, UL(1126891415)); /* 50 */
+ II ( c, d, a, b, in[14], S43, UL(2878612391)); /* 51 */
+ II ( b, c, d, a, in[ 5], S44, UL(4237533241)); /* 52 */
+ II ( a, b, c, d, in[12], S41, UL(1700485571)); /* 53 */
+ II ( d, a, b, c, in[ 3], S42, UL(2399980690)); /* 54 */
+ II ( c, d, a, b, in[10], S43, UL(4293915773)); /* 55 */
+ II ( b, c, d, a, in[ 1], S44, UL(2240044497)); /* 56 */
+ II ( a, b, c, d, in[ 8], S41, UL(1873313359)); /* 57 */
+ II ( d, a, b, c, in[15], S42, UL(4264355552)); /* 58 */
+ II ( c, d, a, b, in[ 6], S43, UL(2734768916)); /* 59 */
+ II ( b, c, d, a, in[13], S44, UL(1309151649)); /* 60 */
+ II ( a, b, c, d, in[ 4], S41, UL(4149444226)); /* 61 */
+ II ( d, a, b, c, in[11], S42, UL(3174756917)); /* 62 */
+ II ( c, d, a, b, in[ 2], S43, UL( 718787259)); /* 63 */
+ II ( b, c, d, a, in[ 9], S44, UL(3951481745)); /* 64 */
+
+ buf[0] += a;
+ buf[1] += b;
+ buf[2] += c;
+ buf[3] += d;
+}
+
+/*
+ ***********************************************************************
+ ** End of md5.c **
+ ******************************** (cut) ********************************
+ */
+
+static int md5_init(PPP_MD_CTX *ctx)
+{
+ if (ctx) {
+ MD5_CTX *md5 = calloc(1, sizeof(MD5_CTX));
+ if (md5 != NULL) {
+ MD5_Init(md5);
+ ctx->priv = md5;
+ return 1;
+ }
+ }
+ return 0;
+}
+
+static int md5_update(PPP_MD_CTX *ctx, const void *data, size_t len)
+{
+ MD5_Update((MD5_CTX*) ctx->priv, (void*) data, len);
+ return 1;
+}
+
+static int md5_final(PPP_MD_CTX *ctx, unsigned char *out, unsigned int *len)
+{
+ MD5_Final(out, (MD5_CTX*) ctx->priv);
+ return 1;
+}
+
+static void md5_clean(PPP_MD_CTX *ctx)
+{
+ if (ctx->priv) {
+ free(ctx->priv);
+ ctx->priv = NULL;
+ }
+}
+
+#endif
+
+static PPP_MD ppp_md5 = {
+ .init_fn = md5_init,
+ .update_fn = md5_update,
+ .final_fn = md5_final,
+ .clean_fn = md5_clean,
+};
+
+const PPP_MD *PPP_md5(void)
+{
+ return &ppp_md5;
+}
+
--- /dev/null
+/* ppp-sha1.c - SHA1 Digest implementation
+ *
+ * Copyright (c) 2022 Eivind Næss. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * Sections of this code holds different copyright information.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <stdlib.h>
+#include <stddef.h>
+
+#include "crypto-priv.h"
+
+
+/* #define SHA1HANDSOFF * Copies data before messing with it. */
+#ifdef OPENSSL_HAVE_SHA
+#include <openssl/evp.h>
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+#define EVP_MD_CTX_free EVP_MD_CTX_destroy
+#define EVP_MD_CTX_new EVP_MD_CTX_create
+#endif
+
+static int sha1_init(PPP_MD_CTX *ctx)
+{
+ if (ctx) {
+ EVP_MD_CTX *mctx = EVP_MD_CTX_new();
+ if (mctx) {
+ if (EVP_DigestInit(mctx, EVP_sha1())) {
+ ctx->priv = mctx;
+ return 1;
+ }
+ EVP_MD_CTX_free(mctx);
+ }
+ }
+ return 0;
+}
+
+static int sha1_update(PPP_MD_CTX *ctx, const void *data, size_t len)
+{
+ if (EVP_DigestUpdate((EVP_MD_CTX*) ctx->priv, data, len)) {
+ return 1;
+ }
+ return 0;
+}
+
+static int sha1_final(PPP_MD_CTX *ctx, unsigned char *out, unsigned int *len)
+{
+ if (EVP_DigestFinal((EVP_MD_CTX*) ctx->priv, out, len)) {
+ return 1;
+ }
+ return 0;
+}
+
+static void sha1_clean(PPP_MD_CTX *ctx)
+{
+ if (ctx->priv) {
+ EVP_MD_CTX_free((EVP_MD_CTX*) ctx->priv);
+ ctx->priv = NULL;
+ }
+}
+
+
+#else // !OPENSSL_HAVE_SHA
+
+/*
+ * ftp://ftp.funet.fi/pub/crypt/hash/sha/sha1.c
+ *
+ * SHA-1 in C
+ * By Steve Reid <steve@edmweb.com>
+ * 100% Public Domain
+ *
+ * Test Vectors (from FIPS PUB 180-1)
+ * "abc"
+ * A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
+ * "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+ * 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
+ * A million repetitions of "a"
+ * 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
+ */
+
+#include <string.h>
+#include <netinet/in.h> /* htonl() */
+
+typedef struct {
+ uint32_t state[5];
+ uint32_t count[2];
+ unsigned char buffer[64];
+} SHA1_CTX;
+
+
+static void
+SHA1_Transform(uint32_t[5], const unsigned char[64]);
+
+#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
+
+/* blk0() and blk() perform the initial expand. */
+/* I got the idea of expanding during the round function from SSLeay */
+#define blk0(i) (block->l[i] = htonl(block->l[i]))
+#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \
+ ^block->l[(i+2)&15]^block->l[i&15],1))
+
+/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
+#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);
+#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);
+#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);
+#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);
+#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
+
+
+/* Hash a single 512-bit block. This is the core of the algorithm. */
+
+static void
+SHA1_Transform(uint32_t state[5], const unsigned char buffer[64])
+{
+ uint32_t a, b, c, d, e;
+ typedef union {
+ unsigned char c[64];
+ uint32_t l[16];
+ } CHAR64LONG16;
+ CHAR64LONG16 *block;
+
+#ifdef SHA1HANDSOFF
+ static unsigned char workspace[64];
+ block = (CHAR64LONG16 *) workspace;
+ memcpy(block, buffer, 64);
+#else
+ block = (CHAR64LONG16 *) buffer;
+#endif
+ /* Copy context->state[] to working vars */
+ a = state[0];
+ b = state[1];
+ c = state[2];
+ d = state[3];
+ e = state[4];
+ /* 4 rounds of 20 operations each. Loop unrolled. */
+ R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
+ R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
+ R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
+ R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
+ R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
+ R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
+ R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
+ R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
+ R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
+ R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
+ R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
+ R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
+ R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
+ R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
+ R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
+ R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
+ R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
+ R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
+ R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
+ R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
+ /* Add the working vars back into context.state[] */
+ state[0] += a;
+ state[1] += b;
+ state[2] += c;
+ state[3] += d;
+ state[4] += e;
+ /* Wipe variables */
+ a = b = c = d = e = 0;
+}
+
+
+/* SHA1Init - Initialize new context */
+
+static void
+SHA1_Init(SHA1_CTX *context)
+{
+ /* SHA1 initialization constants */
+ context->state[0] = 0x67452301;
+ context->state[1] = 0xEFCDAB89;
+ context->state[2] = 0x98BADCFE;
+ context->state[3] = 0x10325476;
+ context->state[4] = 0xC3D2E1F0;
+ context->count[0] = context->count[1] = 0;
+}
+
+
+/* Run your data through this. */
+
+static void
+SHA1_Update(SHA1_CTX *context, const unsigned char *data, unsigned int len)
+{
+ unsigned int i, j;
+
+ j = (context->count[0] >> 3) & 63;
+ if ((context->count[0] += len << 3) < (len << 3)) context->count[1]++;
+ context->count[1] += (len >> 29);
+ i = 64 - j;
+ while (len >= i) {
+ memcpy(&context->buffer[j], data, i);
+ SHA1_Transform(context->state, context->buffer);
+ data += i;
+ len -= i;
+ i = 64;
+ j = 0;
+ }
+
+ memcpy(&context->buffer[j], data, len);
+}
+
+
+/* Add padding and return the message digest. */
+
+static void
+SHA1_Final(unsigned char digest[20], SHA1_CTX *context)
+{
+ uint32_t i, j;
+ unsigned char finalcount[8];
+
+ for (i = 0; i < 8; i++) {
+ finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)]
+ >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */
+ }
+ SHA1_Update(context, (unsigned char *) "\200", 1);
+ while ((context->count[0] & 504) != 448) {
+ SHA1_Update(context, (unsigned char *) "\0", 1);
+ }
+ SHA1_Update(context, finalcount, 8); /* Should cause a SHA1Transform() */
+ for (i = 0; i < 20; i++) {
+ digest[i] = (unsigned char)
+ ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255);
+ }
+ /* Wipe variables */
+ i = j = 0;
+ memset(context->buffer, 0, 64);
+ memset(context->state, 0, 20);
+ memset(context->count, 0, 8);
+ memset(&finalcount, 0, 8);
+#ifdef SHA1HANDSOFF /* make SHA1Transform overwrite it's own static vars */
+ SHA1Transform(context->state, context->buffer);
+#endif
+}
+
+static int sha1_init(PPP_MD_CTX *ctx)
+{
+ if (ctx) {
+ SHA1_CTX *mctx = calloc(1, sizeof(SHA1_CTX));
+ if (mctx) {
+ SHA1_Init(mctx);
+ ctx->priv = mctx;
+ return 1;
+ }
+ }
+ return 0;
+}
+
+static int sha1_update(PPP_MD_CTX* ctx, const void *data, size_t len)
+{
+ SHA1_Update((SHA1_CTX*) ctx->priv, (void*) data, len);
+ return 1;
+}
+
+static int sha1_final(PPP_MD_CTX *ctx, unsigned char *out, unsigned int *len)
+{
+ SHA1_Final(out, (SHA1_CTX*) ctx->priv);
+ return 1;
+}
+
+static void sha1_clean(PPP_MD_CTX *ctx)
+{
+ if (ctx->priv) {
+ free(ctx->priv);
+ ctx->priv = NULL;
+ }
+}
+
+#endif
+
+static PPP_MD ppp_sha1 = {
+ .init_fn = sha1_init,
+ .update_fn = sha1_update,
+ .final_fn = sha1_final,
+ .clean_fn = sha1_clean,
+};
+
+const PPP_MD *PPP_sha1(void)
+{
+ return &ppp_sha1;
+}
+
+++ /dev/null
-/*
- * pppcrypt.c - PPP/DES linkage for MS-CHAP and EAP SRP-SHA1
- *
- * Extracted from chap_ms.c by James Carlson.
- *
- * Copyright (c) 1995 Eric Rosenquist. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. The name(s) of the authors of this software must not be used to
- * endorse or promote products derived from this software without
- * prior written permission.
- *
- * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
- * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
- * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
- * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
- * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#include <errno.h>
-#include "pppd.h"
-#include "pppcrypt.h"
-
-static u_char
-Get7Bits(u_char *input, int startBit)
-{
- unsigned int word;
-
- word = (unsigned)input[startBit / 8] << 8;
- word |= (unsigned)input[startBit / 8 + 1];
-
- word >>= 15 - (startBit % 8 + 7);
-
- return word & 0xFE;
-}
-
-static void
-MakeKey(u_char *key, u_char *des_key)
-{
- /* key IN 56 bit DES key missing parity bits */
- /* des_key OUT 64 bit DES key with parity bits added */
- des_key[0] = Get7Bits(key, 0);
- des_key[1] = Get7Bits(key, 7);
- des_key[2] = Get7Bits(key, 14);
- des_key[3] = Get7Bits(key, 21);
- des_key[4] = Get7Bits(key, 28);
- des_key[5] = Get7Bits(key, 35);
- des_key[6] = Get7Bits(key, 42);
- des_key[7] = Get7Bits(key, 49);
-
-#ifndef USE_CRYPT
- DES_set_odd_parity((DES_cblock *)des_key);
-#endif
-}
-
-#ifdef USE_CRYPT
-/*
- * in == 8-byte string (expanded version of the 56-bit key)
- * out == 64-byte string where each byte is either 1 or 0
- * Note that the low-order "bit" is always ignored by by setkey()
- */
-static void
-Expand(u_char *in, u_char *out)
-{
- int j, c;
- int i;
-
- for (i = 0; i < 64; in++){
- c = *in;
- for (j = 7; j >= 0; j--)
- *out++ = (c >> j) & 01;
- i += 8;
- }
-}
-
-/* The inverse of Expand
- */
-static void
-Collapse(u_char *in, u_char *out)
-{
- int j;
- int i;
- unsigned int c;
-
- for (i = 0; i < 64; i += 8, out++) {
- c = 0;
- for (j = 7; j >= 0; j--, in++)
- c |= *in << j;
- *out = c & 0xff;
- }
-}
-
-bool
-DesSetkey(u_char *key)
-{
- u_char des_key[8];
- u_char crypt_key[66];
-
- MakeKey(key, des_key);
- Expand(des_key, crypt_key);
- errno = 0;
- setkey((const char *)crypt_key);
- if (errno != 0)
- return (0);
- return (1);
-}
-
-bool
-DesEncrypt(u_char *clear, u_char *cipher)
-{
- u_char des_input[66];
-
- Expand(clear, des_input);
- errno = 0;
- encrypt((char *)des_input, 0);
- if (errno != 0)
- return (0);
- Collapse(des_input, cipher);
- return (1);
-}
-
-bool
-DesDecrypt(u_char *cipher, u_char *clear)
-{
- u_char des_input[66];
-
- Expand(cipher, des_input);
- errno = 0;
- encrypt((char *)des_input, 1);
- if (errno != 0)
- return (0);
- Collapse(des_input, clear);
- return (1);
-}
-
-#else /* USE_CRYPT */
-static DES_key_schedule key_schedule;
-
-bool
-DesSetkey(u_char *key)
-{
- DES_cblock des_key;
- MakeKey(key, des_key);
- DES_set_key(&des_key, &key_schedule);
- return (1);
-}
-
-bool
-DesEncrypt(u_char *clear, u_char *cipher)
-{
- DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher,
- &key_schedule, 1);
- return (1);
-}
-
-bool
-DesDecrypt(u_char *cipher, u_char *clear)
-{
- DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear,
- &key_schedule, 0);
- return (1);
-}
-
-#endif /* USE_CRYPT */
+++ /dev/null
-/*
- * pppcrypt.c - PPP/DES linkage for MS-CHAP and EAP SRP-SHA1
- *
- * Extracted from chap_ms.c by James Carlson.
- *
- * Copyright (c) 1995 Eric Rosenquist. All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- *
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- *
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in
- * the documentation and/or other materials provided with the
- * distribution.
- *
- * 3. The name(s) of the authors of this software must not be used to
- * endorse or promote products derived from this software without
- * prior written permission.
- *
- * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
- * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
- * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
- * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
- * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-
-#ifndef PPPCRYPT_H
-#define PPPCRYPT_H
-
-#ifdef HAVE_CRYPT_H
-#include <crypt.h>
-#endif
-
-#ifndef USE_CRYPT
-#include <openssl/des.h>
-#endif
-
-extern bool DesSetkey(u_char *);
-extern bool DesEncrypt(u_char *, u_char *);
-extern bool DesDecrypt(u_char *, u_char *);
-
-#endif /* PPPCRYPT_H */
--- /dev/null
+/*
+ * pppd-private.h - PPP daemon private declarations.
+ *
+ * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The name "Carnegie Mellon University" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For permission or any legal
+ * details, please contact
+ * Office of Technology Transfer
+ * Carnegie Mellon University
+ * 5000 Forbes Avenue
+ * Pittsburgh, PA 15213-3890
+ * (412) 268-4387, fax: (412) 268-7395
+ * tech-transfer@andrew.cmu.edu
+ *
+ * 4. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by Computing Services
+ * at Carnegie Mellon University (http://www.cmu.edu/computing/)."
+ *
+ * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE
+ * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ * $Id: pppd.h,v 1.96 2008/06/23 11:47:18 paulus Exp $
+ */
+
+#ifndef PPP_PPPD_PRIVATE_H
+#define PPP_PPPD_PRIVATE_H
+
+#include <stdio.h> /* for FILE */
+#include <stdlib.h> /* for encrypt */
+#include <unistd.h> /* for setkey */
+#if defined(SOL2)
+#include <net/ppp_defs.h>
+#else
+#include <linux/ppp_defs.h>
+#endif
+
+#include "pppd.h"
+
+#ifdef PPP_WITH_IPV6CP
+#include "eui64.h"
+#endif
+
+/*
+ * If PPP_DRV_NAME is not defined, use the default "ppp" as the device name.
+ * Where should PPP_DRV_NAME come from? Do we include it here?
+ */
+#if !defined(PPP_DRV_NAME)
+#define PPP_DRV_NAME "ppp"
+#endif /* !defined(PPP_DRV_NAME) */
+
+
+#ifndef GIDSET_TYPE
+#define GIDSET_TYPE gid_t
+#endif
+
+/* Structure representing a list of permitted IP addresses. */
+struct permitted_ip {
+ int permit; /* 1 = permit, 0 = forbid */
+ u_int32_t base; /* match if (addr & mask) == base */
+ u_int32_t mask; /* base and mask are in network byte order */
+};
+
+struct notifier {
+ struct notifier *next;
+ ppp_notify_fn *func;
+ void *arg;
+};
+
+/*
+ * Global variables.
+ */
+
+extern int hungup; /* Physical layer has disconnected */
+extern int ifunit; /* Interface unit number */
+extern char ifname[]; /* Interface name (IFNAMSIZ) */
+extern char hostname[]; /* Our hostname */
+extern unsigned char outpacket_buf[]; /* Buffer for outgoing packets */
+extern int devfd; /* fd of underlying device */
+extern int fd_ppp; /* fd for talking PPP */
+extern int baud_rate; /* Current link speed in bits/sec */
+extern char *progname; /* Name of this program */
+extern int redirect_stderr;/* Connector's stderr should go to file */
+extern char peer_authname[];/* Authenticated name of peer */
+extern int auth_done[NUM_PPP]; /* Methods actually used for auth */
+extern int privileged; /* We were run by real-uid root */
+extern int need_holdoff; /* Need holdoff period after link terminates */
+extern char **script_env; /* Environment variables for scripts */
+extern int detached; /* Have detached from controlling tty */
+extern GIDSET_TYPE groups[]; /* groups the user is in */
+extern int ngroups; /* How many groups valid in groups */
+extern int link_stats_valid; /* set if link_stats is valid */
+extern int link_stats_print; /* set if link_stats is to be printed on link termination */
+extern int log_to_fd; /* logging to this fd as well as syslog */
+extern bool log_default; /* log_to_fd is default (stdout) */
+extern char *no_ppp_msg; /* message to print if ppp not in kernel */
+extern bool devnam_fixed; /* can no longer change devnam */
+extern int unsuccess; /* # unsuccessful connection attempts */
+extern int do_callback; /* set if we want to do callback next */
+extern int doing_callback; /* set if this is a callback */
+extern int error_count; /* # of times error() has been called */
+extern char ppp_devname[]; /* name of PPP tty (maybe ttypx) */
+extern int fd_devnull; /* fd open to /dev/null */
+
+extern int listen_time; /* time to listen first (ms) */
+extern bool bundle_eof;
+extern bool bundle_terminating;
+
+extern struct notifier *pidchange; /* for notifications of pid changing */
+extern struct notifier *phasechange; /* for notifications of phase changes */
+extern struct notifier *exitnotify; /* for notification that we're exiting */
+extern struct notifier *sigreceived; /* notification of received signal */
+extern struct notifier *ip_up_notifier; /* IPCP has come up */
+extern struct notifier *ip_down_notifier; /* IPCP has gone down */
+extern struct notifier *ipv6_up_notifier; /* IPV6CP has come up */
+extern struct notifier *ipv6_down_notifier; /* IPV6CP has gone down */
+extern struct notifier *auth_up_notifier; /* peer has authenticated */
+extern struct notifier *link_down_notifier; /* link has gone down */
+extern struct notifier *fork_notifier; /* we are a new child process */
+
+
+/* Values for do_callback and doing_callback */
+#define CALLBACK_DIALIN 1 /* we are expecting the call back */
+#define CALLBACK_DIALOUT 2 /* we are dialling out to call back */
+
+/*
+ * Variables set by command-line options.
+ */
+
+extern int debug; /* Debug flag */
+extern int kdebugflag; /* Tell kernel to print debug messages */
+extern int default_device; /* Using /dev/tty or equivalent */
+extern char devnam[]; /* Device name */
+extern char remote_number[MAXNAMELEN]; /* Remote telephone number, if avail. */
+extern int ppp_session_number; /* Session number (eg PPPoE session) */
+extern int crtscts; /* Use hardware flow control */
+extern int stop_bits; /* Number of serial port stop bits */
+extern bool modem; /* Use modem control lines */
+extern int inspeed; /* Input/Output speed requested */
+extern u_int32_t netmask; /* IP netmask to set on interface */
+extern bool lockflag; /* Create lock file to lock the serial dev */
+extern bool nodetach; /* Don't detach from controlling tty */
+#ifdef SYSTEMD
+extern bool up_sdnotify; /* Notify systemd once link is up (implies nodetach) */
+#endif
+extern bool updetach; /* Detach from controlling tty when link up */
+extern bool master_detach; /* Detach when multilink master without link (options.c) */
+extern char *initializer; /* Script to initialize physical link */
+extern char *connect_script; /* Script to establish physical link */
+extern char *disconnect_script; /* Script to disestablish physical link */
+extern char *welcomer; /* Script to welcome client after connection */
+extern char *ptycommand; /* Command to run on other side of pty */
+extern char user[MAXNAMELEN];/* Our name for authenticating ourselves */
+extern char passwd[MAXSECRETLEN]; /* Password for PAP or CHAP */
+extern bool auth_required; /* Peer is required to authenticate */
+extern bool persist; /* Reopen link after it goes down */
+extern bool uselogin; /* Use /etc/passwd for checking PAP */
+extern bool session_mgmt; /* Do session management (login records) */
+extern char our_name[MAXNAMELEN];/* Our name for authentication purposes */
+extern char remote_name[MAXNAMELEN]; /* Peer's name for authentication */
+extern bool explicit_remote;/* remote_name specified with remotename opt */
+extern bool demand; /* Do dial-on-demand */
+extern char *ipparam; /* Extra parameter for ip up/down scripts */
+extern bool cryptpap; /* Others' PAP passwords are encrypted */
+extern int holdoff; /* Dead time before restarting */
+extern bool holdoff_specified; /* true if user gave a holdoff value */
+extern bool notty; /* Stdin/out is not a tty */
+extern char *pty_socket; /* Socket to connect to pty */
+extern char *record_file; /* File to record chars sent/received */
+extern int maxfail; /* Max # of unsuccessful connection attempts */
+extern char linkname[]; /* logical name for link */
+extern bool tune_kernel; /* May alter kernel settings as necessary */
+extern int connect_delay; /* Time to delay after connect script */
+extern int max_data_rate; /* max bytes/sec through charshunt */
+extern int req_unit; /* interface unit number to use */
+extern char path_ipup[]; /* pathname of ip-up script */
+extern char path_ipdown[]; /* pathname of ip-down script */
+extern char req_ifname[]; /* interface name to use (IFNAMSIZ) */
+extern bool multilink; /* enable multilink operation (options.c) */
+extern bool noendpoint; /* don't send or accept endpt. discrim. */
+extern char *bundle_name; /* bundle name for multilink */
+extern bool dump_options; /* print out option values */
+extern bool show_options; /* show all option names and descriptions */
+extern bool dryrun; /* check everything, print options, exit */
+extern int child_wait; /* # seconds to wait for children at end */
+extern char *current_option; /* the name of the option being parsed */
+extern int privileged_option; /* set iff the current option came from root */
+extern char *option_source; /* string saying where the option came from */
+extern int option_priority; /* priority of current options */
+
+#ifdef PPP_WITH_IPV6CP
+extern char path_ipv6up[]; /* pathname of ipv6-up script */
+extern char path_ipv6down[]; /* pathname of ipv6-down script */
+#endif
+
+#if defined(PPP_WITH_EAPTLS) || defined(PPP_WITH_PEAP)
+#define TLS_VERIFY_NONE "none"
+#define TLS_VERIFY_NAME "name"
+#define TLS_VERIFY_SUBJECT "subject"
+#define TLS_VERIFY_SUFFIX "suffix"
+
+extern char *crl_dir;
+extern char *crl_file;
+extern char *ca_path;
+extern char *cacert_file;
+
+extern char *max_tls_version;
+extern bool tls_verify_key_usage;
+extern char *tls_verify_method;
+#endif /* PPP_WITH_EAPTLS || PPP_WITH_PEAP */
+
+#ifdef PPP_WITH_EAPTLS
+extern char *pkcs12_file;
+#endif /* PPP_WITH_EAPTLS */
+
+typedef enum {
+ PPP_OCTETS_DIRECTION_SUM,
+ PPP_OCTETS_DIRECTION_IN,
+ PPP_OCTETS_DIRECTION_OUT,
+ PPP_OCTETS_DIRECTION_MAXOVERAL,
+ PPP_OCTETS_DIRECTION_MAXSESSION /* Same as MAXOVERALL, but a little different for RADIUS */
+} session_limit_dir_t;
+
+extern unsigned int maxoctets; /* Maximum octetes per session (in bytes) */
+extern session_limit_dir_t maxoctets_dir; /* Direction */
+extern int maxoctets_timeout; /* Timeout for check of octets limit */
+
+#ifdef PPP_WITH_FILTER
+extern struct bpf_program pass_filter; /* Filter for pkts to pass */
+extern struct bpf_program active_filter; /* Filter for link-active pkts */
+#endif
+
+#ifdef PPP_WITH_MSLANMAN
+extern bool ms_lanman; /* Use LanMan password instead of NT */
+ /* Has meaning only with MS-CHAP challenges */
+#endif
+
+/* Values for auth_pending, auth_done */
+#define PAP_WITHPEER 0x1
+#define PAP_PEER 0x2
+#define CHAP_WITHPEER 0x4
+#define CHAP_PEER 0x8
+#define EAP_WITHPEER 0x10
+#define EAP_PEER 0x20
+
+/* Values for auth_done only */
+#define CHAP_MD5_WITHPEER 0x40
+#define CHAP_MD5_PEER 0x80
+#define CHAP_MS_SHIFT 8 /* LSB position for MS auths */
+#define CHAP_MS_WITHPEER 0x100
+#define CHAP_MS_PEER 0x200
+#define CHAP_MS2_WITHPEER 0x400
+#define CHAP_MS2_PEER 0x800
+
+
+/*
+ * This structure contains environment variables that are set or unset
+ * by the user.
+ */
+struct userenv {
+ struct userenv *ue_next;
+ char *ue_value; /* value (set only) */
+ bool ue_isset; /* 1 for set, 0 for unset */
+ bool ue_priv; /* from privileged source */
+ const char *ue_source; /* source name */
+ char ue_name[1]; /* variable name */
+};
+
+extern struct userenv *userenv_list;
+
+/*
+ * Prototypes.
+ */
+
+/* Procedures exported from main.c. */
+void set_ifunit(int); /* set stuff that depends on ifunit */
+void detach(void); /* Detach from controlling tty */
+void die(int); /* Cleanup and exit */
+void quit(void); /* like die(1) */
+
+void record_child(int, char *, void (*) (void *), void *, int);
+int device_script(char *cmd, int in, int out, int dont_wait);
+ /* Run `cmd' with given stdin and stdout */
+pid_t run_program(char *prog, char * const * args, int must_exist,
+ void (*done)(void *), void *arg, int wait);
+ /* Run program prog with args in child */
+void reopen_log(void); /* (re)open the connection to syslog */
+void print_link_stats(void); /* Print stats, if available */
+void reset_link_stats(int); /* Reset (init) stats when link goes up */
+void new_phase(ppp_phase_t); /* signal start of new phase */
+bool in_phase(ppp_phase_t);
+void notify(struct notifier *, int);
+int ppp_send_config(int, int, u_int32_t, int, int);
+int ppp_recv_config(int, int, u_int32_t, int, int);
+const char *protocol_name(int);
+void remove_pidfiles(void);
+void lock_db(void);
+void unlock_db(void);
+
+/* Procedures exported from tty.c. */
+void tty_init(void);
+
+void print_string(char *, int, printer_func, void *);
+ /* Format a string for output */
+ssize_t complete_read(int, void *, size_t);
+ /* read a complete buffer */
+
+/* Procedures exported from auth.c */
+void link_required(int); /* we are starting to use the link */
+void start_link(int); /* bring the link up now */
+void link_terminated(int); /* we are finished with the link */
+void link_down(int); /* the LCP layer has left the Opened state */
+void upper_layers_down(int);/* take all NCPs down */
+void link_established(int); /* the link is up; authenticate now */
+void start_networks(int); /* start all the network control protos */
+void continue_networks(int); /* start network [ip, etc] control protos */
+void np_up(int, int); /* a network protocol has come up */
+void np_down(int, int); /* a network protocol has gone down */
+void np_finished(int, int); /* a network protocol no longer needs link */
+void auth_peer_fail(int, int);
+ /* peer failed to authenticate itself */
+void auth_peer_success(int, int, int, char *, int);
+ /* peer successfully authenticated itself */
+void auth_withpeer_fail(int, int);
+ /* we failed to authenticate ourselves */
+void auth_withpeer_success(int, int, int);
+ /* we successfully authenticated ourselves */
+void auth_check_options(void);
+ /* check authentication options supplied */
+void auth_reset(int); /* check what secrets we have */
+int check_passwd(int, char *, int, char *, int, char **);
+ /* Check peer-supplied username/password */
+int get_secret(int, char *, char *, char *, int *, int);
+ /* get "secret" for chap */
+int get_srp_secret(int unit, char *client, char *server, char *secret,
+ int am_server);
+int auth_ip_addr(int, u_int32_t);
+ /* check if IP address is authorized */
+int auth_number(void); /* check if remote number is authorized */
+
+/* Procedures exported from demand.c */
+void demand_conf(void); /* config interface(s) for demand-dial */
+void demand_block(void); /* set all NPs to queue up packets */
+void demand_unblock(void); /* set all NPs to pass packets */
+void demand_discard(void); /* set all NPs to discard packets */
+void demand_rexmit(int); /* retransmit saved frames for an NP */
+int loop_chars(unsigned char *, int); /* process chars from loopback */
+int loop_frame(unsigned char *, int); /* should we bring link up? */
+
+/* Procedures exported from sys-*.c */
+void sys_init(void); /* Do system-dependent initialization */
+void sys_cleanup(void); /* Restore system state before exiting */
+int sys_check_options(void); /* Check options specified */
+int get_pty(int *, int *, char *, int); /* Get pty master/slave */
+int open_ppp_loopback(void); /* Open loopback for demand-dialling */
+int tty_establish_ppp(int); /* Turn serial port into a ppp interface */
+void tty_disestablish_ppp(int); /* Restore port to normal operation */
+void make_new_bundle(int, int, int, int); /* Create new bundle */
+int bundle_attach(int); /* Attach link to existing bundle */
+void cfg_bundle(int, int, int, int); /* Configure existing bundle */
+void destroy_bundle(void); /* Tell driver to destroy bundle */
+void clean_check(void); /* Check if line was 8-bit clean */
+void set_up_tty(int, int); /* Set up port's speed, parameters, etc. */
+void restore_tty(int); /* Restore port's original parameters */
+void setdtr(int, int); /* Raise or lower port's DTR line */
+void output(int, unsigned char *, int); /* Output a PPP packet */
+void wait_input(struct timeval *);
+ /* Wait for input, with timeout */
+void add_fd(int); /* Add fd to set to wait for */
+void remove_fd(int); /* Remove fd from set to wait for */
+int read_packet(unsigned char *); /* Read PPP packet */
+int get_loop_output(void); /* Read pkts from loopback */
+void tty_send_config(int, u_int32_t, int, int);
+ /* Configure i/f transmit parameters */
+void tty_set_xaccm(ext_accm);
+ /* Set extended transmit ACCM */
+void tty_recv_config(int, u_int32_t, int, int);
+ /* Configure i/f receive parameters */
+int ccp_test(int, unsigned char *, int, int);
+ /* Test support for compression scheme */
+void ccp_flags_set(int, int, int);
+ /* Set kernel CCP state */
+int ccp_fatal_error(int); /* Test for fatal decomp error in kernel */
+int get_idle_time(int, struct ppp_idle *);
+ /* Find out how long link has been idle */
+int get_ppp_stats(int, struct pppd_stats *);
+ /* Return link statistics */
+int sifvjcomp(int, int, int, int);
+ /* Configure VJ TCP header compression */
+int sifup(int); /* Configure i/f up for one protocol */
+int sifnpmode(int u, int proto, enum NPmode mode);
+ /* Set mode for handling packets for proto */
+int sifdown(int); /* Configure i/f down for one protocol */
+int sifaddr(int, u_int32_t, u_int32_t, u_int32_t);
+ /* Configure IPv4 addresses for i/f */
+int cifaddr(int, u_int32_t, u_int32_t);
+ /* Reset i/f IP addresses */
+#ifdef PPP_WITH_IPV6CP
+int sif6up(int); /* Configure i/f up for IPv6 */
+int sif6down(int); /* Configure i/f down for IPv6 */
+int sif6addr(int, eui64_t, eui64_t);
+ /* Configure IPv6 addresses for i/f */
+int cif6addr(int, eui64_t, eui64_t);
+ /* Remove an IPv6 address from i/f */
+#endif
+int sifdefaultroute(int, u_int32_t, u_int32_t, bool replace_default_rt);
+ /* Create default route through i/f */
+int cifdefaultroute(int, u_int32_t, u_int32_t);
+ /* Delete default route through i/f */
+#ifdef PPP_WITH_IPV6CP
+int sif6defaultroute(int, eui64_t, eui64_t);
+ /* Create default IPv6 route through i/f */
+int cif6defaultroute(int, eui64_t, eui64_t);
+ /* Delete default IPv6 route through i/f */
+#endif
+int sifproxyarp(int, u_int32_t);
+ /* Add proxy ARP entry for peer */
+int cifproxyarp(int, u_int32_t);
+ /* Delete proxy ARP entry for peer */
+u_int32_t GetMask(u_int32_t); /* Get appropriate netmask for address */
+int mkdir_recursive(const char *); /* Recursively create directory */
+int lock(char *); /* Create lock file for device */
+int relock(int); /* Rewrite lock file with new pid */
+void unlock(void); /* Delete previously-created lock file */
+void logwtmp(const char *, const char *, const char *);
+ /* Write entry to wtmp file */
+int get_host_seed(void); /* Get host-dependent random number seed */
+int have_route_to(u_int32_t); /* Check if route to addr exists */
+#ifdef PPP_WITH_FILTER
+int set_filters(struct bpf_program *pass, struct bpf_program *active);
+ /* Set filter programs in kernel */
+#endif
+int get_if_hwaddr(unsigned char *addr, char *name);
+int get_first_ether_hwaddr(unsigned char *addr);
+
+/* Procedures exported from options.c */
+int setipaddr(char *, char **, int); /* Set local/remote ip addresses */
+int parse_args(int argc, char **argv);
+ /* Parse options from arguments given */
+int getword(FILE *f, char *word, int *newlinep, char *filename);
+ /* Read a word from a file */
+int options_from_user(void); /* Parse options from user's .ppprc */
+int options_for_tty(void); /* Parse options from /etc/ppp/options.tty */
+struct wordlist;
+int options_from_list(struct wordlist *, int privileged);
+ /* Parse options from a wordlist */
+void check_options(void); /* check values after all options parsed */
+int override_value(char *, int, const char *);
+ /* override value if permitted by priority */
+void print_options(printer_func, void *);
+ /* print out values of all options */
+void showopts(void);
+ /* show all option names and description */
+int parse_dotted_ip(char *, u_int32_t *);
+
+/*
+ * Inline versions of get/put char/short/long.
+ * Pointer is advanced; we assume that both arguments
+ * are lvalues and will already be in registers.
+ * cp MUST be unsigned char *.
+ */
+#define GETCHAR(c, cp) { \
+ (c) = *(cp)++; \
+}
+#define PUTCHAR(c, cp) { \
+ *(cp)++ = (unsigned char) (c); \
+}
+
+
+#define GETSHORT(s, cp) { \
+ (s) = *(cp)++ << 8; \
+ (s) |= *(cp)++; \
+}
+#define PUTSHORT(s, cp) { \
+ *(cp)++ = (unsigned char) ((s) >> 8); \
+ *(cp)++ = (unsigned char) (s); \
+}
+
+#define GETLONG(l, cp) { \
+ (l) = *(cp)++ << 8; \
+ (l) |= *(cp)++; (l) <<= 8; \
+ (l) |= *(cp)++; (l) <<= 8; \
+ (l) |= *(cp)++; \
+}
+#define PUTLONG(l, cp) { \
+ *(cp)++ = (unsigned char) ((l) >> 24); \
+ *(cp)++ = (unsigned char) ((l) >> 16); \
+ *(cp)++ = (unsigned char) ((l) >> 8); \
+ *(cp)++ = (unsigned char) (l); \
+}
+
+#define INCPTR(n, cp) ((cp) += (n))
+#define DECPTR(n, cp) ((cp) -= (n))
+
+/*
+ * System dependent definitions for user-level 4.3BSD UNIX implementation.
+ */
+
+#define TIMEOUT(r, f, t) ppp_timeout((r), (f), (t), 0)
+#define UNTIMEOUT(r, f) ppp_untimeout((r), (f))
+
+#define BCOPY(s, d, l) memcpy(d, s, l)
+#define BZERO(s, n) memset(s, 0, n)
+#define BCMP(s1, s2, l) memcmp(s1, s2, l)
+
+#define PRINTMSG(m, l) { info("Remote message: %0.*v", l, m); }
+
+/*
+ * MAKEHEADER - Add Header fields to a packet.
+ */
+#define MAKEHEADER(p, t) { \
+ PUTCHAR(PPP_ALLSTATIONS, p); \
+ PUTCHAR(PPP_UI, p); \
+ PUTSHORT(t, p); }
+
+/*
+ * Debug macros. Slightly useful for finding bugs in pppd, not particularly
+ * useful for finding out why your connection isn't being established.
+ */
+#ifdef DEBUGALL
+#define DEBUGMAIN 1
+#define DEBUGFSM 1
+#define DEBUGLCP 1
+#define DEBUGIPCP 1
+#define DEBUGIPV6CP 1
+#define DEBUGUPAP 1
+#define DEBUGCHAP 1
+#endif
+
+#ifndef LOG_PPP /* we use LOG_LOCAL2 for syslog by default */
+#if defined(DEBUGMAIN) || defined(DEBUGFSM) || defined(DEBUGSYS) \
+ || defined(DEBUGLCP) || defined(DEBUGIPCP) || defined(DEBUGUPAP) \
+ || defined(DEBUGCHAP) || defined(DEBUG) || defined(DEBUGIPV6CP)
+#define LOG_PPP LOG_LOCAL2
+#else
+#define LOG_PPP LOG_DAEMON
+#endif
+#endif /* LOG_PPP */
+
+#ifdef DEBUGMAIN
+#define MAINDEBUG(x) if (debug) dbglog x
+#else
+#define MAINDEBUG(x)
+#endif
+
+#ifdef DEBUGSYS
+#define SYSDEBUG(x) if (debug) dbglog x
+#else
+#define SYSDEBUG(x)
+#endif
+
+#ifdef DEBUGFSM
+#define FSMDEBUG(x) if (debug) dbglog x
+#else
+#define FSMDEBUG(x)
+#endif
+
+#ifdef DEBUGLCP
+#define LCPDEBUG(x) if (debug) dbglog x
+#else
+#define LCPDEBUG(x)
+#endif
+
+#ifdef DEBUGIPCP
+#define IPCPDEBUG(x) if (debug) dbglog x
+#else
+#define IPCPDEBUG(x)
+#endif
+
+#ifdef DEBUGIPV6CP
+#define IPV6CPDEBUG(x) if (debug) dbglog x
+#else
+#define IPV6CPDEBUG(x)
+#endif
+
+#ifdef DEBUGUPAP
+#define UPAPDEBUG(x) if (debug) dbglog x
+#else
+#define UPAPDEBUG(x)
+#endif
+
+#ifdef DEBUGCHAP
+#define CHAPDEBUG(x) if (debug) dbglog x
+#else
+#define CHAPDEBUG(x)
+#endif
+
+#ifndef SIGTYPE
+#if defined(sun) || defined(SYSV) || defined(POSIX_SOURCE)
+#define SIGTYPE void
+#else
+#define SIGTYPE int
+#endif /* defined(sun) || defined(SYSV) || defined(POSIX_SOURCE) */
+#endif /* SIGTYPE */
+
+#ifndef MIN
+#define MIN(a, b) ((a) < (b)? (a): (b))
+#endif
+#ifndef MAX
+#define MAX(a, b) ((a) > (b)? (a): (b))
+#endif
+
+#ifndef offsetof
+#define offsetof(type, member) ((size_t) &((type *)0)->member)
+#endif
+
+#endif
-.\" manual page [] for pppd 2.4
-.\" $Id: pppd.8,v 1.90 2008/03/26 12:09:40 paulus Exp $
+.\" manual page [] for pppd 2.5.x
.\" SH section heading
.\" SS subsection heading
.\" LP paragraph
.\" IP indented paragraph
.\" TP hanging label
.\"
-.\" Copyright (c) 1993-2003 Paul Mackerras <paulus@samba.org>
+.\" Copyright (c) 1993-2003 Paul Mackerras <paulus@ozlabs.org>
.\"
.\" Permission to use, copy, modify, and distribute this software for any
.\" purpose with or without fee is hereby granted, provided that the above
.I speed
An option that is a decimal number is taken as the desired baud rate
for the serial device. On systems such as
-4.4BSD and NetBSD, any speed can be specified. Other systems
-(e.g. Linux, SunOS) only support the commonly-used baud rates.
+Linux, 4.4BSD and NetBSD, any speed can be specified. Other systems
+(e.g. SunOS) only support the commonly-used baud rates.
.TP
.B asyncmap \fImap
This option sets the Async-Control-Character-Map (ACCM) for this end
omitted. The identifier must be specified in standard ASCII notation of
IPv6 addresses (e.g. ::dead:beef). If the
\fIipv6cp\-use\-ipaddr\fR
-option is given, the local identifier is the local IPv4 address (see above).
+option is given, the local identifier is the local IPv4 address and the
+remote identifier is the remote IPv4 address (see above).
+If the \fIipv6cp-use-remotenumber\fR option is given, the remote identifier
+is set to the value from \fIremotenumber\fR option.
On systems which supports a unique persistent id, such as EUI\-48 derived
from the Ethernet MAC address, \fIipv6cp\-use\-persistent\fR option can be
-used to replace the \fIipv6 <local>,<remote>\fR option. Otherwise the
-identifier is randomized.
+used to set local identifier. Otherwise both local and remote identifiers
+are randomized.
.TP
.B active\-filter \fIfilter\-expression
Specifies a packet filter to be applied to data packets to determine
\fIbsdcomp 0\fR to disable BSD-Compress compression entirely.
.TP
.B ca \fIca-file
-(EAP-TLS) Use the file \fIca-file\fR as the X.509 Certificate Authority
+(EAP-TLS, or PEAP) Use the file \fIca-file\fR as the X.509 Certificate Authority
(CA) file (in PEM format), needed for setting up an EAP-TLS connection.
This option is used on the client-side in conjunction with the \fBcert\fR
-and \fBkey\fR options.
+and \fBkey\fR options. Either \fIca\fR, or \fIcapath\fR options are required
+for PEAP. EAP-TLS may also use the entry in eaptls-client or eaptls-server
+for a CA certificate associated with a particular peer.
+.TP
+.B capath \fIpath
+(EAP-TLS, or PEAP) Specify a location that contains public CA certificates.
+Either \fIca\fR, or \fIcapath\fR options are required for PEAP.
.TP
.B cdtrcts
Use a non-standard hardware flow control (i.e. DTR/CTS) to control
or \fBpty\fR option is used.
.TP
.B crl \fIfilename
-(EAP-TLS) Use the file \fIfilename\fR as the Certificate Revocation List
+(EAP-TLS, or PEAP) Use the file \fIfilename\fR as the Certificate Revocation List
to check for the validity of the peer's certificate. This option is not
-mandatory for setting up an EAP-TLS connection. Also see the \fBcrl-dir\fR
+mandatory for setting up a TLS connection. Also see the \fBcrl-dir\fR
option.
.TP
.B crl-dir \fIdirectory
-(EAP-TLS) Use the directory \fIdirectory\fR to scan for CRL files in
+(EAP-TLS, or PEAP) Use the directory \fIdirectory\fR to scan for CRL files in
has format ($hash.r0) to check for the validity of the peer's certificate.
-This option is not mandatory for setting up an EAP-TLS connection.
+This option is not mandatory for setting up a TLS connection.
Also see the \fBcrl\fR option.
.TP
.B debug
seconds (default 3).
.TP
.B ipparam \fIstring
-Provides an extra parameter to the ip\-up, ip\-pre\-up and ip\-down
+Provides an extra parameter most of the notification scripts, most notably
+ip\-up, ip\-pre\-up, ip\-down, ipv6\-up, ipv6\-down, auth\-up and auth\-down
scripts. If this
option is given, the \fIstring\fR supplied is given as the 6th
parameter to those scripts.
IPv6 interface identifier, even if the remote IPv6 interface
identifier was specified in an option.
.TP
+.B ipv6cp\-noremote
+Allow pppd to operate without having an IPv6 link local address for the peer.
+This option is only available under Linux. Normally, pppd will request the
+peer's IPv6 interface identifier (used for composing IPv6 link local address),
+and if the peer does not supply it, pppd will generate one for the peer.
+With this option, if the peer does not supply its IPv6 interface identifier,
+pppd will not ask the peer for it, and will not set the destination IPv6
+link local address of the ppp interface. In this situation, the ppp interface
+can be used for routing by creating device routes, but the peer itself cannot
+be addressed directly for IPv6 traffic until the peer starts announcing ICMPv6
+Router Advertisement or ICMPv6 Neighbor Advertisement packets. Note that IPv6
+router must announce ICMPv6 Router Advertisement packets.
+.TP
+.B ipv6cp\-nosendip
+Don't send our local IPv6 interface identifier to peer during IPv6 interface
+identifier negotiation.
+.TP
.B ipv6cp\-max\-configure \fIn
Set the maximum number of IPv6CP configure-request transmissions to
\fIn\fR (default 10).
Set the IPv6CP restart interval (retransmission timeout) to \fIn\fR
seconds (default 3).
.TP
-.B ipx
-Enable the IPXCP and IPX protocols. This option is presently only
-supported under Linux, and only if your kernel has been configured to
-include IPX support.
-.TP
-.B ipx\-network \fIn
-Set the IPX network number in the IPXCP configure request frame to
-\fIn\fR, a hexadecimal number (without a leading 0x). There is no
-valid default. If this option is not specified, the network number is
-obtained from the peer. If the peer does not have the network number,
-the IPX protocol will not be started.
-.TP
-.B ipx\-node \fIn\fB:\fIm
-Set the IPX node numbers. The two node numbers are separated from each
-other with a colon character. The first number \fIn\fR is the local
-node number. The second number \fIm\fR is the peer's node number. Each
-node number is a hexadecimal number, at most 10 digits long. The node
-numbers on the ipx\-network must be unique. There is no valid
-default. If this option is not specified then the node numbers are
-obtained from the peer.
-.TP
-.B ipx\-router\-name \fI<string>
-Set the name of the router. This is a string and is sent to the peer
-as information data.
-.TP
-.B ipx\-routing \fIn
-Set the routing protocol to be received by this option. More than one
-instance of \fIipx\-routing\fR may be specified. The '\fInone\fR'
-option (0) may be specified as the only instance of ipx\-routing. The
-values may be \fI0\fR for \fINONE\fR, \fI2\fR for \fIRIP/SAP\fR, and
-\fI4\fR for \fINLSP\fR.
-.TP
-.B ipxcp\-accept\-local
-Accept the peer's NAK for the node number specified in the ipx\-node
-option. If a node number was specified, and non-zero, the default is
-to insist that the value be used. If you include this option then you
-will permit the peer to override the entry of the node number.
-.TP
-.B ipxcp\-accept\-network
-Accept the peer's NAK for the network number specified in the
-ipx\-network option. If a network number was specified, and non-zero, the
-default is to insist that the value be used. If you include this
-option then you will permit the peer to override the entry of the node
-number.
-.TP
-.B ipxcp\-accept\-remote
-Use the peer's network number specified in the configure request
-frame. If a node number was specified for the peer and this option was
-not specified, the peer will be forced to use the value which you have
-specified.
-.TP
-.B ipxcp\-max\-configure \fIn
-Set the maximum number of IPXCP configure request frames which the
-system will send to \fIn\fR. The default is 10.
-.TP
-.B ipxcp\-max\-failure \fIn
-Set the maximum number of IPXCP NAK frames which the local system will
-send before it rejects the options. The default value is 3.
-.TP
-.B ipxcp\-max\-terminate \fIn
-Set the maximum number of IPXCP terminate request frames before the
-local system considers that the peer is not listening to them. The
-default value is 3.
-.TP
.B kdebug \fIn
Enable debugging code in the kernel-level PPP driver. The argument
values depend on the specific kernel driver, but in general a value of
Set the LCP restart interval (retransmission timeout) to \fIn\fR
seconds (default 3).
.TP
+.B lcp\-rtt\-file \fIfilename
+Sets the file where the round-trip time (RTT) of LCP echo-request frames
+will be logged.
+.TP
.B linkname \fIname\fR
Sets the logical name of the link to \fIname\fR. Pppd will create a
file named \fBppp\-\fIname\fB.pid\fR in /var/run (or /etc/ppp on some
Terminate after \fIn\fR consecutive failed connection attempts. A
value of 0 means no limit. The default value is 10.
.TP
+.B max\-tls-\version \fIstring
+(EAP-TLS, or PEAP) Configures the max allowed TLS version used during
+negotiation with a peer. The default value for this is \fI1.2\fR. Values
+allowed for this option is \fI1.0.\fR, \fI1.1\fR, \fI1.2\fR, \fI1.3\fR.
+.TP
.B modem
Use the modem control lines. This option is the default. With this
option, pppd will wait for the CD (Carrier Detect) signal from the
Disable Address/Control compression in both directions (send and
receive).
.TP
-.B need-peer-eap
+.B need\-peer\-eap
(EAP-TLS) Require the peer to verify our authentication credentials.
.TP
.B noauth
address during IPCP negotiation (unless it specified explicitly on the
command line or in an options file).
.TP
-.B noipx
-Disable the IPXCP and IPX protocols. This option should only be
-required if the peer is buggy and gets confused by requests from pppd
-for IPXCP negotiation.
-.TP
.B noktune
Opposite of the \fIktune\fR option; disables pppd from changing system
settings.
Currently supports Microgate SyncLink adapters
under Linux and FreeBSD 2.2.8 and later.
.TP
+.B tls\-verify\-method \fIstring
+(EAP-TLS, or PEAP) Match the value specified for \fIremotename\fR to that that
+of the X509 certificates subject name, common name, or suffix of the common
+name. Respective values allowed for this option is: \fInone\fR, \fIsubject\fR,
+\fIname\fR, or \fIsuffix\fR. The default value for this option is \fIname\fR.
+.TP
+.B tls\-verify\-key\-usage
+(EAP-TLS, or PEAP) Enables examination of peer certificate's purpose, and
+extended key usage attributes.
+.TP
.B unit \fInum
Sets the ppp unit number (for a ppp0 or ppp1 etc interface name) for outbound
connections. If the unit is already in use a dynamically allocated number will
/etc/ppp/resolv.conf file containing one or two nameserver lines with
the address(es) supplied by the peer.
.TP
+.B usepeerwins
+Ask the peer for up to 2 WINS server addresses. The addresses supplied
+by the peer (if any) are passed to the /etc/ppp/ip\-up script in the
+environment variables WINS1 and WINS2, and the environment variable
+USEPEERWINS will be set to 1.
+.LP
+Please note that some modems (like the Huawei E220) requires this option in
+order to avoid a race condition that results in the incorrect DNS servers
+being assigned.
+.TP
.B user \fIname
Sets the name used for authenticating the local system to the peer to
\fIname\fR.
option may be avoided if interface name is unambiguous and does not
look like any other pppd's option.
.TP
-.B pppoe-service \fIname
+.B pppoe\-service \fIname
Connect to specified PPPoE service name. For backward compatibility also
\fBrp_pppoe_service\fP option name is supported.
.TP
-.B pppoe-ac \fIname
+.B pppoe\-ac \fIname
Connect to specified PPPoE access concentrator name. For backward
compatibility also \fBrp_pppoe_ac\fP option name is supported.
.TP
-.B pppoe-sess \fIsessid\fP:\fImacaddr
+.B pppoe\-sess \fIsessid\fP:\fImacaddr
Attach to existing PPPoE session. For backward compatibility also
\fBrp_pppoe_sess\fP option name is supported.
.TP
-.B pppoe-verbose \fIn
-Be verbose about discovered access concentrators. For backward
-compatibility also \fBrp_pppoe_verbose\fP option name is supported.
+.B pppoe\-verbose \fIn
+Be verbose about discovered access concentrators. When set to 2 or bigger
+value then dump also discovery packets. For backward compatibility also
+\fBrp_pppoe_verbose\fP option name is supported.
.TP
-.B pppoe-mac \fImacaddr
+.B pppoe\-mac \fImacaddr
Connect to specified MAC address.
.TP
-.B pppoe-host-uniq \fIstring
+.B pppoe\-host\-uniq \fIstring
Set the PPPoE Host-Uniq tag to the supplied hex string.
By default PPPoE Host-Uniq tag is set to the pppd's process PID.
For backward compatibility this option may be specified without
\fBpppoe-\fP prefix.
.TP
-.B pppoe-padi-timeout \fIn
+.B pppoe\-padi\-timeout \fIn
Initial timeout for discovery packets in seconds (default 5).
.TP
-.B pppoe-padi-attempts \fIn
+.B pppoe\-padi\-attempts \fIn
Number of discovery attempts (default 3).
.SH OPTIONS FILES
Options can be taken from files as well as the command line. Pppd
Pppd invokes scripts at various stages in its processing which can be
used to perform site-specific ancillary processing. These scripts are
usually shell scripts, but could be executable code files instead.
-Pppd does not wait for the scripts to finish (except for the ip-pre-up
-script). The scripts are
+Pppd does not wait for the scripts to finish (except for the net\-init,
+net\-pre\-up and ip\-pre\-up scripts). The scripts are
executed as root (with the real and effective user-id set to 0), so
that they can do things such as update routing tables or run
privileged daemons. Be careful that the contents of these scripts do
If the peer supplies DNS server addresses, this variable is set to the
second DNS server address supplied (whether or not the usepeerdns
option was given).
+.TP
+.B WINS1
+If the peer supplies WINS server addresses, this variable is set to the
+first WINS server address supplied.
+.TP
+.B WINS2
+If the peer supplies WINS server addresses, this variable is set to the
+second WINS server address supplied.
+.P
.P
Pppd invokes the following scripts, if they exist. It is not an error
if they don't exist.
A program or script which is executed after the remote system
successfully authenticates itself. It is executed with the parameters
.IP
-\fIinterface\-name peer\-name user\-name tty\-device speed\fR
+\fIinterface\-name peer\-name user\-name tty\-device speed ipparam\fR
.IP
Note that this script is not executed if the peer doesn't authenticate
itself, for example when the \fInoauth\fR option is used.
add firewall rules before any IP traffic can pass through the
interface. Pppd will wait for this script to finish before bringing
the interface up, so this script should run quickly.
+.PP
+WARNING: Please note that on systems where a single interface carries multiple
+protocols (Linux) ip-pre-up is NOT actually guaranteed to execute prior to the
+interface moving into an up state, although IP information won't be known you
+should consider using net-pre-up instead, alternatively, disable other NCPs
+such that IPv4 is the only negotiated protocol - which will also result in a
+guarantee that ip-pre-up is called prior to the interface going into an UP
+state.
.TP
.B /etc/ppp/ip\-up
A program or script which is executed when the link is available for
longer be transmitted on the link. It is executed with the same parameters
as the ipv6\-up script.
.TP
-.B /etc/ppp/ipx\-up
-A program or script which is executed when the link is available for
-sending and receiving IPX packets (that is, IPXCP has come up). It is
-executed with the parameters
-.IP
-\fIinterface\-name tty\-device speed network\-number local\-IPX\-node\-address
-remote\-IPX\-node\-address local\-IPX\-routing\-protocol remote\-IPX\-routing\-protocol
-local\-IPX\-router\-name remote\-IPX\-router\-name ipparam pppd\-pid\fR
+.B /etc/ppp/net\-init
+This script will be executed the moment the ppp unit number is known. This
+script will be waited for and should not cause significant delays. This can be
+used to update book-keeping type systems external to ppp and provides the only
+guaranteed point where a script can be executed knowing the ppp unit number
+prior to LCP being initiated. It is executed with the parameters
.IP
-The local\-IPX\-routing\-protocol and remote\-IPX\-routing\-protocol field
-may be one of the following:
-.IP
-NONE to indicate that there is no routing protocol
-.br
-RIP to indicate that RIP/SAP should be used
-.br
-NLSP to indicate that Novell NLSP should be used
-.br
-RIP NLSP to indicate that both RIP/SAP and NLSP should be used
+\fIinterface\-name tty\-device speed ipparam
.TP
-.B /etc/ppp/ipx\-down
-A program or script which is executed when the link is no longer
-available for sending and receiving IPX packets. This script can be
-used for undoing the effects of the /etc/ppp/ipx\-up script. It is
-invoked in the same manner and with the same parameters as the ipx\-up
-script.
-.SH FILES
+.B /etc/ppp/net\-pre\-up
+This script will be executed just prior to NCP negotiations initiating, and is
+guaranteed to be executed whilst the interface (Linux) and/or sub-interfaces
+(Solaris) as the case may be is/are still down. ppp will block waiting for
+this script to complete, and the interface may be safely renamed in this script
+(using for example "ip li set dev $1 name ppp-foobar". The parameters are the
+same as for net\-init.
+.TP
+.B /etc/ppp/net\-down
+This script will be executed just prior to ppp terminating and will not be
+waited for. The parameters are the same as for net\-init.
.TP
.B /var/run/ppp\fIn\fB.pid \fR(BSD or Linux), \fB/etc/ppp/ppp\fIn\fB.pid \fR(others)
Process-ID for pppd process on ppp interface unit \fIn\fR.
indicate a bug in one or other implementation.)
.SH AUTHORS
-Paul Mackerras (paulus@samba.org), based on earlier work by
+Paul Mackerras (paulus@ozlabs.org), based on earlier work by
Drew Perkins,
Brad Clements,
Karl Fox,
.br
(412) 268-4387, fax: (412) 268-7395
.br
- tech-transfer@andrew.cmu.edu
+ tech\-transfer@andrew.cmu.edu
.LP
3b. The name(s) of the authors of this software must not be used to
endorse or promote products derived from this software without
at Carnegie Mellon University (http://www.cmu.edu/computing/)."
.br
"This product includes software developed by Paul Mackerras
- <paulus@samba.org>".
+ <paulus@ozlabs.org>".
.br
"This product includes software developed by Pedro Roque Marques
<pedro_m@yahoo.com>".
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- *
- * $Id: pppd.h,v 1.96 2008/06/23 11:47:18 paulus Exp $
- */
-
-/*
- * TODO:
*/
-#ifndef __PPPD_H__
-#define __PPPD_H__
+#ifndef PPP_PPPD_H
+#define PPP_PPPD_H
-#include <stdio.h> /* for FILE */
-#include <stdlib.h> /* for encrypt */
-#include <unistd.h> /* for setkey */
#include <stdarg.h>
-#include <limits.h> /* for NGROUPS_MAX */
-#include <sys/param.h> /* for MAXPATHLEN and BSD4_4, if defined */
-#include <sys/types.h> /* for u_int32_t, if defined */
-#include <sys/time.h> /* for struct timeval */
-#include <net/ppp_defs.h>
-#include "patchlevel.h"
-
-#ifdef INET6
-#include "eui64.h"
+#include <stdbool.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <sys/types.h>
+
+#include "pppdconf.h"
+
+#ifdef __cplusplus
+extern "C" {
#endif
/*
- * Limits.
+ * Limits
*/
-
#define NUM_PPP 1 /* One PPP interface supported (per process) */
#define MAXWORDLEN 1024 /* max length of word in file (incl null) */
#define MAXARGS 1 /* max # args to a command */
#define MAXNAMELEN 256 /* max length of hostname or name for auth */
#define MAXSECRETLEN 256 /* max length of password or secret */
-#define MAXIFNAMELEN 32 /* max length of interface name; or use IFNAMSIZ, can we
- always include net/if.h? */
+
/*
- * If PPP_DRV_NAME is not defined, use the default "ppp" as the device name.
- * Where should PPP_DRV_NAME come from? Do we include it here?
+ * Values for phase.
*/
-#if !defined(PPP_DRV_NAME)
-#define PPP_DRV_NAME "ppp"
-#endif /* !defined(PPP_DRV_NAME) */
+typedef enum ppp_phase
+{
+ PHASE_DEAD,
+ PHASE_INITIALIZE,
+ PHASE_SERIALCONN,
+ PHASE_DORMANT,
+ PHASE_ESTABLISH,
+ PHASE_AUTHENTICATE,
+ PHASE_CALLBACK,
+ PHASE_NETWORK,
+ PHASE_RUNNING,
+ PHASE_TERMINATE,
+ PHASE_DISCONNECT,
+ PHASE_HOLDOFF,
+ PHASE_MASTER,
+} ppp_phase_t;
/*
- * Option descriptor structure.
+ * Values for exit codes
*/
+typedef enum ppp_exit_code
+{
+ EXIT_OK = 0,
+ EXIT_FATAL_ERROR = 1,
+ EXIT_OPTION_ERROR = 2,
+ EXIT_NOT_ROOT = 3,
+ EXIT_NO_KERNEL_SUPPORT = 4,
+ EXIT_USER_REQUEST = 5,
+ EXIT_LOCK_FAILED = 6,
+ EXIT_OPEN_FAILED = 7,
+ EXIT_CONNECT_FAILED = 8,
+ EXIT_PTYCMD_FAILED = 9,
+ EXIT_NEGOTIATION_FAILED = 10,
+ EXIT_PEER_AUTH_FAILED = 11,
+ EXIT_IDLE_TIMEOUT = 12,
+ EXIT_CONNECT_TIME = 13,
+ EXIT_CALLBACK = 14,
+ EXIT_PEER_DEAD = 15,
+ EXIT_HANGUP = 16,
+ EXIT_LOOPBACK = 17,
+ EXIT_INIT_FAILED = 18,
+ EXIT_AUTH_TOPEER_FAILED = 19,
+ EXIT_TRAFFIC_LIMIT = 20,
+ EXIT_CNID_AUTH_FAILED = 21
+} ppp_exit_code_t;
-typedef unsigned char bool;
-
-enum opt_type {
- o_special_noarg = 0,
- o_special = 1,
- o_bool,
- o_int,
- o_uint32,
- o_string,
- o_wild
-};
-
-typedef struct {
- char *name; /* name of the option */
- enum opt_type type;
- void *addr;
- char *description;
- unsigned int flags;
- void *addr2;
- int upper_limit;
- int lower_limit;
- const char *source;
- short int priority;
- short int winner;
-} option_t;
-
-/* Values for flags */
-#define OPT_VALUE 0xff /* mask for presupplied value */
-#define OPT_HEX 0x100 /* int option is in hex */
-#define OPT_NOARG 0x200 /* option doesn't take argument */
-#define OPT_OR 0x400 /* for u32, OR in argument to value */
-#define OPT_INC 0x400 /* for o_int, increment value */
-#define OPT_A2OR 0x800 /* for o_bool, OR arg to *(u_char *)addr2 */
-#define OPT_PRIV 0x1000 /* privileged option */
-#define OPT_STATIC 0x2000 /* string option goes into static array */
-#define OPT_NOINCR 0x2000 /* for o_int, value mustn't be increased */
-#define OPT_LLIMIT 0x4000 /* check value against lower limit */
-#define OPT_ULIMIT 0x8000 /* check value against upper limit */
-#define OPT_LIMITS (OPT_LLIMIT|OPT_ULIMIT)
-#define OPT_ZEROOK 0x10000 /* 0 value is OK even if not within limits */
-#define OPT_HIDE 0x10000 /* for o_string, print value as ?????? */
-#define OPT_A2LIST 0x20000 /* for o_special, keep list of values */
-#define OPT_A2CLRB 0x20000 /* o_bool, clr val bits in *(u_char *)addr2 */
-#define OPT_ZEROINF 0x40000 /* with OPT_NOINCR, 0 == infinity */
-#define OPT_PRIO 0x80000 /* process option priorities for this option */
-#define OPT_PRIOSUB 0x100000 /* subsidiary member of priority group */
-#define OPT_ALIAS 0x200000 /* option is alias for previous option */
-#define OPT_A2COPY 0x400000 /* addr2 -> second location to rcv value */
-#define OPT_ENABLE 0x800000 /* use *addr2 as enable for option */
-#define OPT_A2CLR 0x1000000 /* clear *(bool *)addr2 */
-#define OPT_PRIVFIX 0x2000000 /* user can't override if set by root */
-#define OPT_INITONLY 0x4000000 /* option can only be set in init phase */
-#define OPT_DEVEQUIV 0x8000000 /* equiv to device name */
-#define OPT_DEVNAM (OPT_INITONLY | OPT_DEVEQUIV)
-#define OPT_A2PRINTER 0x10000000 /* *addr2 printer_func to print option */
-#define OPT_A2STRVAL 0x20000000 /* *addr2 points to current string value */
-#define OPT_NOPRINT 0x40000000 /* don't print this option at all */
-
-#define OPT_VAL(x) ((x) & OPT_VALUE)
-
-/* Values for priority */
-#define OPRIO_DEFAULT 0 /* a default value */
-#define OPRIO_CFGFILE 1 /* value from a configuration file */
-#define OPRIO_CMDLINE 2 /* value from the command line */
-#define OPRIO_SECFILE 3 /* value from options in a secrets file */
-#define OPRIO_ROOT 100 /* added to priority if OPT_PRIVFIX && root */
-
-#ifndef GIDSET_TYPE
-#define GIDSET_TYPE gid_t
-#endif
-
-/* Structure representing a list of permitted IP addresses. */
-struct permitted_ip {
- int permit; /* 1 = permit, 0 = forbid */
- u_int32_t base; /* match if (addr & mask) == base */
- u_int32_t mask; /* base and mask are in network byte order */
-};
+/*
+ * Type of notifier callbacks
+ */
+typedef enum
+{
+ NF_PID_CHANGE,
+ NF_PHASE_CHANGE,
+ NF_EXIT,
+ NF_SIGNALED,
+ NF_IP_UP,
+ NF_IP_DOWN,
+ NF_IPV6_UP,
+ NF_IPV6_DOWN,
+ NF_AUTH_UP,
+ NF_LINK_DOWN,
+ NF_FORK,
+ NF_MAX_NOTIFY
+} ppp_notify_t;
+
+typedef enum
+{
+ PPP_DIR_LOG,
+ PPP_DIR_RUNTIME,
+ PPP_DIR_CONF,
+ PPP_DIR_PLUGIN,
+} ppp_path_t;
/*
* Unfortunately, the linux kernel driver uses a different structure
* This structure serves as a common representation for the bits
* pppd needs.
*/
-struct pppd_stats {
- unsigned int bytes_in;
- unsigned int bytes_out;
+struct pppd_stats
+{
+ uint64_t bytes_in;
+ uint64_t bytes_out;
unsigned int pkts_in;
unsigned int pkts_out;
};
+typedef struct pppd_stats ppp_link_stats_st;
-/* Used for storing a sequence of words. Usually malloced. */
+/*
+ * Used for storing a sequence of words. Usually malloced.
+ */
struct wordlist {
struct wordlist *next;
char *word;
};
-/* An endpoint discriminator, used with multilink. */
-#define MAX_ENDP_LEN 20 /* maximum length of discriminator value */
-struct epdisc {
- unsigned char class;
- unsigned char length;
- unsigned char value[MAX_ENDP_LEN];
-};
-
-/* values for epdisc.class */
-#define EPD_NULL 0 /* null discriminator, no data */
-#define EPD_LOCAL 1
-#define EPD_IP 2
-#define EPD_MAC 3
-#define EPD_MAGIC 4
-#define EPD_PHONENUM 5
-
-typedef void (*notify_func)(void *, int);
+struct option;
typedef void (*printer_func)(void *, char *, ...);
-struct notifier {
- struct notifier *next;
- notify_func func;
- void *arg;
-};
-
/*
- * Global variables.
- */
-
-extern int got_sigterm; /* SIGINT or SIGTERM was received */
-extern int hungup; /* Physical layer has disconnected */
-extern int ifunit; /* Interface unit number */
-extern char ifname[]; /* Interface name */
-extern char hostname[]; /* Our hostname */
-extern u_char outpacket_buf[]; /* Buffer for outgoing packets */
-extern int devfd; /* fd of underlying device */
-extern int fd_ppp; /* fd for talking PPP */
-extern int phase; /* Current state of link - see values below */
-extern int baud_rate; /* Current link speed in bits/sec */
-extern char *progname; /* Name of this program */
-extern int redirect_stderr;/* Connector's stderr should go to file */
-extern char peer_authname[];/* Authenticated name of peer */
-extern int auth_done[NUM_PPP]; /* Methods actually used for auth */
-extern int privileged; /* We were run by real-uid root */
-extern int need_holdoff; /* Need holdoff period after link terminates */
-extern char **script_env; /* Environment variables for scripts */
-extern int detached; /* Have detached from controlling tty */
-extern GIDSET_TYPE groups[NGROUPS_MAX]; /* groups the user is in */
-extern int ngroups; /* How many groups valid in groups */
-extern struct pppd_stats link_stats; /* byte/packet counts etc. for link */
-extern int link_stats_valid; /* set if link_stats is valid */
-extern unsigned link_connect_time; /* time the link was up for */
-extern int using_pty; /* using pty as device (notty or pty opt.) */
-extern int log_to_fd; /* logging to this fd as well as syslog */
-extern bool log_default; /* log_to_fd is default (stdout) */
-extern char *no_ppp_msg; /* message to print if ppp not in kernel */
-extern volatile int status; /* exit status for pppd */
-extern bool devnam_fixed; /* can no longer change devnam */
-extern int unsuccess; /* # unsuccessful connection attempts */
-extern int do_callback; /* set if we want to do callback next */
-extern int doing_callback; /* set if this is a callback */
-extern int error_count; /* # of times error() has been called */
-extern char ppp_devnam[MAXPATHLEN];
-extern char remote_number[MAXNAMELEN]; /* Remote telephone number, if avail. */
-extern int ppp_session_number; /* Session number (eg PPPoE session) */
-extern int fd_devnull; /* fd open to /dev/null */
-
-extern int listen_time; /* time to listen first (ms) */
-extern bool doing_multilink;
-extern bool multilink_master;
-extern bool bundle_eof;
-extern bool bundle_terminating;
-
-extern struct notifier *pidchange; /* for notifications of pid changing */
-extern struct notifier *phasechange; /* for notifications of phase changes */
-extern struct notifier *exitnotify; /* for notification that we're exiting */
-extern struct notifier *sigreceived; /* notification of received signal */
-extern struct notifier *ip_up_notifier; /* IPCP has come up */
-extern struct notifier *ip_down_notifier; /* IPCP has gone down */
-extern struct notifier *ipv6_up_notifier; /* IPV6CP has come up */
-extern struct notifier *ipv6_down_notifier; /* IPV6CP has gone down */
-extern struct notifier *auth_up_notifier; /* peer has authenticated */
-extern struct notifier *link_down_notifier; /* link has gone down */
-extern struct notifier *fork_notifier; /* we are a new child process */
-
-/* Values for do_callback and doing_callback */
-#define CALLBACK_DIALIN 1 /* we are expecting the call back */
-#define CALLBACK_DIALOUT 2 /* we are dialling out to call back */
-
-/*
- * Variables set by command-line options.
- */
-
-extern int debug; /* Debug flag */
-extern int kdebugflag; /* Tell kernel to print debug messages */
-extern int default_device; /* Using /dev/tty or equivalent */
-extern char devnam[MAXPATHLEN]; /* Device name */
-extern int crtscts; /* Use hardware flow control */
-extern int stop_bits; /* Number of serial port stop bits */
-extern bool modem; /* Use modem control lines */
-extern int inspeed; /* Input/Output speed requested */
-extern u_int32_t netmask; /* IP netmask to set on interface */
-extern bool lockflag; /* Create lock file to lock the serial dev */
-extern bool nodetach; /* Don't detach from controlling tty */
-#ifdef SYSTEMD
-extern bool up_sdnotify; /* Notify systemd once link is up (implies nodetach) */
-#endif
-extern bool updetach; /* Detach from controlling tty when link up */
-extern bool master_detach; /* Detach when multilink master without link */
-extern char *initializer; /* Script to initialize physical link */
-extern char *connect_script; /* Script to establish physical link */
-extern char *disconnect_script; /* Script to disestablish physical link */
-extern char *welcomer; /* Script to welcome client after connection */
-extern char *ptycommand; /* Command to run on other side of pty */
-extern int maxconnect; /* Maximum connect time (seconds) */
-extern char user[MAXNAMELEN];/* Our name for authenticating ourselves */
-extern char passwd[MAXSECRETLEN]; /* Password for PAP or CHAP */
-extern bool auth_required; /* Peer is required to authenticate */
-extern bool persist; /* Reopen link after it goes down */
-extern bool uselogin; /* Use /etc/passwd for checking PAP */
-extern bool session_mgmt; /* Do session management (login records) */
-extern char our_name[MAXNAMELEN];/* Our name for authentication purposes */
-extern char remote_name[MAXNAMELEN]; /* Peer's name for authentication */
-extern bool explicit_remote;/* remote_name specified with remotename opt */
-extern bool demand; /* Do dial-on-demand */
-extern char *ipparam; /* Extra parameter for ip up/down scripts */
-extern bool cryptpap; /* Others' PAP passwords are encrypted */
-extern int idle_time_limit;/* Shut down link if idle for this long */
-extern int holdoff; /* Dead time before restarting */
-extern bool holdoff_specified; /* true if user gave a holdoff value */
-extern bool notty; /* Stdin/out is not a tty */
-extern char *pty_socket; /* Socket to connect to pty */
-extern char *record_file; /* File to record chars sent/received */
-extern bool sync_serial; /* Device is synchronous serial device */
-extern int maxfail; /* Max # of unsuccessful connection attempts */
-extern char linkname[MAXPATHLEN]; /* logical name for link */
-extern bool tune_kernel; /* May alter kernel settings as necessary */
-extern int connect_delay; /* Time to delay after connect script */
-extern int max_data_rate; /* max bytes/sec through charshunt */
-extern int req_unit; /* interface unit number to use */
-extern char path_ipup[MAXPATHLEN]; /* pathname of ip-up script */
-extern char path_ipdown[MAXPATHLEN]; /* pathname of ip-down script */
-extern char req_ifname[MAXIFNAMELEN]; /* interface name to use */
-extern bool multilink; /* enable multilink operation */
-extern bool noendpoint; /* don't send or accept endpt. discrim. */
-extern char *bundle_name; /* bundle name for multilink */
-extern bool dump_options; /* print out option values */
-extern bool dryrun; /* check everything, print options, exit */
-extern int child_wait; /* # seconds to wait for children at end */
-
-#ifdef USE_EAPTLS
-
-#define TLS_VERIFY_NONE "none"
-#define TLS_VERIFY_NAME "name"
-#define TLS_VERIFY_SUBJECT "subject"
-#define TLS_VERIFY_SUFFIX "suffix"
-
-extern char *crl_dir;
-extern char *crl_file;
-extern char *max_tls_version;
-extern bool tls_verify_key_usage;
-extern char *tls_verify_method;
-#endif /* USE_EAPTLS */
-
-#ifdef MAXOCTETS
-extern unsigned int maxoctets; /* Maximum octetes per session (in bytes) */
-extern int maxoctets_dir; /* Direction :
- 0 - in+out (default)
- 1 - in
- 2 - out
- 3 - max(in,out) */
-extern int maxoctets_timeout; /* Timeout for check of octets limit */
-#define PPP_OCTETS_DIRECTION_SUM 0
-#define PPP_OCTETS_DIRECTION_IN 1
-#define PPP_OCTETS_DIRECTION_OUT 2
-#define PPP_OCTETS_DIRECTION_MAXOVERAL 3
-/* same as previos, but little different on RADIUS side */
-#define PPP_OCTETS_DIRECTION_MAXSESSION 4
-#endif
-
-#ifdef PPP_FILTER
-extern struct bpf_program pass_filter; /* Filter for pkts to pass */
-extern struct bpf_program active_filter; /* Filter for link-active pkts */
-#endif
-
-#ifdef MSLANMAN
-extern bool ms_lanman; /* Use LanMan password instead of NT */
- /* Has meaning only with MS-CHAP challenges */
-#endif
-
-/* Values for auth_pending, auth_done */
-#define PAP_WITHPEER 0x1
-#define PAP_PEER 0x2
-#define CHAP_WITHPEER 0x4
-#define CHAP_PEER 0x8
-#define EAP_WITHPEER 0x10
-#define EAP_PEER 0x20
-
-/* Values for auth_done only */
-#define CHAP_MD5_WITHPEER 0x40
-#define CHAP_MD5_PEER 0x80
-#define CHAP_MS_SHIFT 8 /* LSB position for MS auths */
-#define CHAP_MS_WITHPEER 0x100
-#define CHAP_MS_PEER 0x200
-#define CHAP_MS2_WITHPEER 0x400
-#define CHAP_MS2_PEER 0x800
-
-extern char *current_option; /* the name of the option being parsed */
-extern int privileged_option; /* set iff the current option came from root */
-extern char *option_source; /* string saying where the option came from */
-extern int option_priority; /* priority of current options */
-
-/*
- * Values for phase.
- */
-#define PHASE_DEAD 0
-#define PHASE_INITIALIZE 1
-#define PHASE_SERIALCONN 2
-#define PHASE_DORMANT 3
-#define PHASE_ESTABLISH 4
-#define PHASE_AUTHENTICATE 5
-#define PHASE_CALLBACK 6
-#define PHASE_NETWORK 7
-#define PHASE_RUNNING 8
-#define PHASE_TERMINATE 9
-#define PHASE_DISCONNECT 10
-#define PHASE_HOLDOFF 11
-#define PHASE_MASTER 12
-
-/*
- * The following struct gives the addresses of procedures to call
- * for a particular protocol.
+ * The following struct gives the addresses of procedures to call for a particular protocol.
*/
struct protent {
- u_short protocol; /* PPP protocol number */
+ /* PPP protocol number */
+ unsigned short protocol;
/* Initialization procedure */
void (*init)(int unit);
/* Process a received packet */
- void (*input)(int unit, u_char *pkt, int len);
+ void (*input)(int unit, unsigned char *pkt, int len);
/* Process a received protocol-reject */
void (*protrej)(int unit);
/* Lower layer has come up */
/* Close the protocol */
void (*close)(int unit, char *reason);
/* Print a packet in readable form */
- int (*printpkt)(u_char *pkt, int len, printer_func printer, void *arg);
+ int (*printpkt)(unsigned char *pkt, int len, printer_func printer, void *arg);
/* Process a received data packet */
- void (*datainput)(int unit, u_char *pkt, int len);
- bool enabled_flag; /* 0 iff protocol is disabled */
- char *name; /* Text name of protocol */
- char *data_name; /* Text name of corresponding data protocol */
- option_t *options; /* List of command-line options */
+ void (*datainput)(int unit, unsigned char *pkt, int len);
+ /* 0 iff protocol is disabled */
+ bool enabled_flag;
+ /* Text name of protocol */
+ char *name;
+ /* Text name of corresponding data protocol */
+ char *data_name;
+ /* List of command-line options */
+ struct option *options;
/* Check requested options, assign defaults */
void (*check_options)(void);
/* Configure interface for demand-dial */
int (*demand_conf)(int unit);
/* Say whether to bring up link for this pkt */
- int (*active_pkt)(u_char *pkt, int len);
+ int (*active_pkt)(unsigned char *pkt, int len);
};
/* Table of pointers to supported protocols */
extern struct protent *protocols[];
+
/*
- * This struct contains pointers to a set of procedures for
- * doing operations on a "channel". A channel provides a way
- * to send and receive PPP packets - the canonical example is
- * a serial port device in PPP line discipline (or equivalently
- * with PPP STREAMS modules pushed onto it).
+ * This struct contains pointers to a set of procedures for doing operations on a "channel".
+ * A channel provides a way to send and receive PPP packets - the canonical example is a serial
+ * port device in PPP line discipline (or equivalently with PPP STREAMS modules pushed onto it).
*/
struct channel {
/* set of options for this channel */
- option_t *options;
+ struct option *options;
/* find and process a per-channel options file */
void (*process_extra_options)(void);
/* check all the options that have been given */
/* take the channel out of PPP `mode', restore loopback if demand */
void (*disestablish_ppp)(int);
/* set the transmit-side PPP parameters of the channel */
- void (*send_config)(int, u_int32_t, int, int);
+ void (*send_config)(int, uint32_t, int, int);
/* set the receive-side PPP parameters of the channel */
- void (*recv_config)(int, u_int32_t, int, int);
+ void (*recv_config)(int, uint32_t, int, int);
/* cleanup on error or normal exit */
void (*cleanup)(void);
/* close the device, called in children after fork */
extern struct channel *the_channel;
+
/*
- * This structure contains environment variables that are set or unset
- * by the user.
+ * Functions for string formatting and debugging
*/
-struct userenv {
- struct userenv *ue_next;
- char *ue_value; /* value (set only) */
- bool ue_isset; /* 1 for set, 0 for unset */
- bool ue_priv; /* from privileged source */
- const char *ue_source; /* source name */
- char ue_name[1]; /* variable name */
-};
-extern struct userenv *userenv_list;
-
-/*
- * Prototypes.
- */
-
-/* Procedures exported from main.c. */
-void set_ifunit(int); /* set stuff that depends on ifunit */
-void detach(void); /* Detach from controlling tty */
-void die(int); /* Cleanup and exit */
-void quit(void); /* like die(1) */
-void novm(char *); /* Say we ran out of memory, and die */
-void timeout(void (*func)(void *), void *arg, int s, int us);
- /* Call func(arg) after s.us seconds */
-void untimeout(void (*func)(void *), void *arg);
- /* Cancel call to func(arg) */
-void record_child(int, char *, void (*) (void *), void *, int);
-pid_t safe_fork(int, int, int); /* Fork & close stuff in child */
-int device_script(char *cmd, int in, int out, int dont_wait);
- /* Run `cmd' with given stdin and stdout */
-pid_t run_program(char *prog, char **args, int must_exist,
- void (*done)(void *), void *arg, int wait);
- /* Run program prog with args in child */
-void reopen_log(void); /* (re)open the connection to syslog */
-void print_link_stats(void); /* Print stats, if available */
-void reset_link_stats(int); /* Reset (init) stats when link goes up */
-void update_link_stats(int); /* Get stats at link termination */
-void script_setenv(char *, char *, int); /* set script env var */
-void script_unsetenv(char *); /* unset script env var */
-void new_phase(int); /* signal start of new phase */
-void add_notifier(struct notifier **, notify_func, void *);
-void remove_notifier(struct notifier **, notify_func, void *);
-void notify(struct notifier *, int);
-int ppp_send_config(int, int, u_int32_t, int, int);
-int ppp_recv_config(int, int, u_int32_t, int, int);
-const char *protocol_name(int);
-void remove_pidfiles(void);
-void lock_db(void);
-void unlock_db(void);
-
-/* Procedures exported from tty.c. */
-void tty_init(void);
-
-/* Procedures exported from utils.c. */
-void log_packet(u_char *, int, char *, int);
- /* Format a packet and log it with syslog */
-void print_string(char *, int, printer_func, void *);
- /* Format a string for output */
-int slprintf(char *, int, char *, ...); /* sprintf++ */
-int vslprintf(char *, int, char *, va_list); /* vsprintf++ */
-size_t strlcpy(char *, const char *, size_t); /* safe strcpy */
-size_t strlcat(char *, const char *, size_t); /* safe strncpy */
-void dbglog(char *, ...); /* log a debug message */
-void info(char *, ...); /* log an informational message */
-void notice(char *, ...); /* log a notice-level message */
-void warn(char *, ...); /* log a warning message */
-void error(char *, ...); /* log an error message */
-void fatal(char *, ...); /* log an error message and die(1) */
-void init_pr_log(const char *, int); /* initialize for using pr_log */
-void pr_log(void *, char *, ...); /* printer fn, output to syslog */
-void end_pr_log(void); /* finish up after using pr_log */
-void dump_packet(const char *, u_char *, int);
- /* dump packet to debug log if interesting */
-ssize_t complete_read(int, void *, size_t);
- /* read a complete buffer */
-
-/* Procedures exported from auth.c */
-void link_required(int); /* we are starting to use the link */
-void start_link(int); /* bring the link up now */
-void link_terminated(int); /* we are finished with the link */
-void link_down(int); /* the LCP layer has left the Opened state */
-void upper_layers_down(int);/* take all NCPs down */
-void link_established(int); /* the link is up; authenticate now */
-void start_networks(int); /* start all the network control protos */
-void continue_networks(int); /* start network [ip, etc] control protos */
-void np_up(int, int); /* a network protocol has come up */
-void np_down(int, int); /* a network protocol has gone down */
-void np_finished(int, int); /* a network protocol no longer needs link */
-void auth_peer_fail(int, int);
- /* peer failed to authenticate itself */
-void auth_peer_success(int, int, int, char *, int);
- /* peer successfully authenticated itself */
-void auth_withpeer_fail(int, int);
- /* we failed to authenticate ourselves */
-void auth_withpeer_success(int, int, int);
- /* we successfully authenticated ourselves */
-void auth_check_options(void);
- /* check authentication options supplied */
-void auth_reset(int); /* check what secrets we have */
-int check_passwd(int, char *, int, char *, int, char **);
- /* Check peer-supplied username/password */
-int get_secret(int, char *, char *, char *, int *, int);
- /* get "secret" for chap */
-int get_srp_secret(int unit, char *client, char *server, char *secret,
- int am_server);
-int auth_ip_addr(int, u_int32_t);
- /* check if IP address is authorized */
-int auth_number(void); /* check if remote number is authorized */
-int bad_ip_adrs(u_int32_t);
- /* check if IP address is unreasonable */
-
-/* Procedures exported from demand.c */
-void demand_conf(void); /* config interface(s) for demand-dial */
-void demand_block(void); /* set all NPs to queue up packets */
-void demand_unblock(void); /* set all NPs to pass packets */
-void demand_discard(void); /* set all NPs to discard packets */
-void demand_rexmit(int); /* retransmit saved frames for an NP */
-int loop_chars(unsigned char *, int); /* process chars from loopback */
-int loop_frame(unsigned char *, int); /* should we bring link up? */
-
-/* Procedures exported from multilink.c */
-#ifdef HAVE_MULTILINK
-void mp_check_options(void); /* Check multilink-related options */
-int mp_join_bundle(void); /* join our link to an appropriate bundle */
-void mp_exit_bundle(void); /* have disconnected our link from bundle */
-void mp_bundle_terminated(void);
-char *epdisc_to_str(struct epdisc *); /* string from endpoint discrim. */
-int str_to_epdisc(struct epdisc *, char *); /* endpt disc. from str */
-#else
-#define mp_bundle_terminated() /* nothing */
-#define mp_exit_bundle() /* nothing */
-#define doing_multilink 0
-#define multilink_master 0
-#endif
+/* Is debug enabled */
+bool debug_on();
-/* Procedures exported from sys-*.c */
-void sys_init(void); /* Do system-dependent initialization */
-void sys_cleanup(void); /* Restore system state before exiting */
-int sys_check_options(void); /* Check options specified */
-void sys_close(void); /* Clean up in a child before execing */
-int ppp_available(void); /* Test whether ppp kernel support exists */
-int get_pty(int *, int *, char *, int); /* Get pty master/slave */
-int open_ppp_loopback(void); /* Open loopback for demand-dialling */
-int tty_establish_ppp(int); /* Turn serial port into a ppp interface */
-void tty_disestablish_ppp(int); /* Restore port to normal operation */
-void generic_disestablish_ppp(int dev_fd); /* Restore device setting */
-int generic_establish_ppp(int dev_fd); /* Make a ppp interface */
-void make_new_bundle(int, int, int, int); /* Create new bundle */
-int bundle_attach(int); /* Attach link to existing bundle */
-void cfg_bundle(int, int, int, int); /* Configure existing bundle */
-void destroy_bundle(void); /* Tell driver to destroy bundle */
-void clean_check(void); /* Check if line was 8-bit clean */
-void set_up_tty(int, int); /* Set up port's speed, parameters, etc. */
-void restore_tty(int); /* Restore port's original parameters */
-void setdtr(int, int); /* Raise or lower port's DTR line */
-void output(int, u_char *, int); /* Output a PPP packet */
-void wait_input(struct timeval *);
- /* Wait for input, with timeout */
-void add_fd(int); /* Add fd to set to wait for */
-void remove_fd(int); /* Remove fd from set to wait for */
-int read_packet(u_char *); /* Read PPP packet */
-int get_loop_output(void); /* Read pkts from loopback */
-void tty_send_config(int, u_int32_t, int, int);
- /* Configure i/f transmit parameters */
-void tty_set_xaccm(ext_accm);
- /* Set extended transmit ACCM */
-void tty_recv_config(int, u_int32_t, int, int);
- /* Configure i/f receive parameters */
-int ccp_test(int, u_char *, int, int);
- /* Test support for compression scheme */
-void ccp_flags_set(int, int, int);
- /* Set kernel CCP state */
-int ccp_fatal_error(int); /* Test for fatal decomp error in kernel */
-int get_idle_time(int, struct ppp_idle *);
- /* Find out how long link has been idle */
-int get_ppp_stats(int, struct pppd_stats *);
- /* Return link statistics */
-void netif_set_mtu(int, int); /* Set PPP interface MTU */
-int netif_get_mtu(int); /* Get PPP interface MTU */
-int sifvjcomp(int, int, int, int);
- /* Configure VJ TCP header compression */
-int sifup(int); /* Configure i/f up for one protocol */
-int sifnpmode(int u, int proto, enum NPmode mode);
- /* Set mode for handling packets for proto */
-int sifdown(int); /* Configure i/f down for one protocol */
-int sifaddr(int, u_int32_t, u_int32_t, u_int32_t);
- /* Configure IPv4 addresses for i/f */
-int cifaddr(int, u_int32_t, u_int32_t);
- /* Reset i/f IP addresses */
-#ifdef INET6
-int sif6up(int); /* Configure i/f up for IPv6 */
-int sif6down(int); /* Configure i/f down for IPv6 */
-int sif6addr(int, eui64_t, eui64_t);
- /* Configure IPv6 addresses for i/f */
-int cif6addr(int, eui64_t, eui64_t);
- /* Remove an IPv6 address from i/f */
-#endif
-int sifdefaultroute(int, u_int32_t, u_int32_t, bool replace_default_rt);
- /* Create default route through i/f */
-int cifdefaultroute(int, u_int32_t, u_int32_t);
- /* Delete default route through i/f */
-#ifdef INET6
-int sif6defaultroute(int, eui64_t, eui64_t);
- /* Create default IPv6 route through i/f */
-int cif6defaultroute(int, eui64_t, eui64_t);
- /* Delete default IPv6 route through i/f */
-#endif
-int sifproxyarp(int, u_int32_t);
- /* Add proxy ARP entry for peer */
-int cifproxyarp(int, u_int32_t);
- /* Delete proxy ARP entry for peer */
-u_int32_t GetMask(u_int32_t); /* Get appropriate netmask for address */
-int lock(char *); /* Create lock file for device */
-int relock(int); /* Rewrite lock file with new pid */
-void unlock(void); /* Delete previously-created lock file */
-void logwtmp(const char *, const char *, const char *);
- /* Write entry to wtmp file */
-int get_host_seed(void); /* Get host-dependent random number seed */
-int have_route_to(u_int32_t); /* Check if route to addr exists */
-#ifdef PPP_FILTER
-int set_filters(struct bpf_program *pass, struct bpf_program *active);
- /* Set filter programs in kernel */
-#endif
-#ifdef IPX_CHANGE
-int sipxfaddr(int, unsigned long, unsigned char *);
-int cipxfaddr(int);
-#endif
-int get_if_hwaddr(u_char *addr, char *name);
-int get_first_ether_hwaddr(u_char *addr);
-int get_time(struct timeval *);
- /* Get current time, monotonic if possible. */
-
-/* Procedures exported from options.c */
-int setipaddr(char *, char **, int); /* Set local/remote ip addresses */
-int parse_args(int argc, char **argv);
- /* Parse options from arguments given */
-int options_from_file(char *filename, int must_exist, int check_prot,
- int privileged);
- /* Parse options from an options file */
-int options_from_user(void); /* Parse options from user's .ppprc */
-int options_for_tty(void); /* Parse options from /etc/ppp/options.tty */
-int options_from_list(struct wordlist *, int privileged);
- /* Parse options from a wordlist */
-int getword(FILE *f, char *word, int *newlinep, char *filename);
- /* Read a word from a file */
-void option_error(char *fmt, ...);
- /* Print an error message about an option */
-int int_option(char *, int *);
- /* Simplified number_option for decimal ints */
-void add_options(option_t *); /* Add extra options */
-void check_options(void); /* check values after all options parsed */
-int override_value(char *, int, const char *);
- /* override value if permitted by priority */
-void print_options(printer_func, void *);
- /* print out values of all options */
-
-int parse_dotted_ip(char *, u_int32_t *);
-
-/*
- * Hooks to enable plugins to change various things.
+/* Safe sprintf++ */
+int slprintf(char *, int, const char *, ...);
+
+/* vsprintf++ */
+int vslprintf(char *, int, const char *, va_list);
+
+/* safe strcpy */
+size_t strlcpy(char *, const char *, size_t);
+
+/* safe strncpy */
+size_t strlcat(char *, const char *, size_t);
+
+/* log a debug message */
+void dbglog(const char *, ...);
+
+/* log an informational message */
+void info(const char *, ...);
+
+/* log a notice-level message */
+void notice(const char *, ...);
+
+/* log a warning message */
+void warn(const char *, ...);
+
+/* log an error message */
+void error(const char *, ...);
+
+/* log an error message and die(1) */
+void fatal(const char *, ...);
+
+/* Say we ran out of memory, and die */
+void novm(const char *);
+
+/* Format a packet and log it with syslog */
+void log_packet(unsigned char *, int, char *, int);
+
+/* dump packet to debug log if interesting */
+void dump_packet(const char *, unsigned char *, int);
+
+/* initialize for using pr_log */
+void init_pr_log(const char *, int);
+
+/* printer fn, output to syslog */
+void pr_log(void *, char *, ...);
+
+/* finish up after using pr_log */
+void end_pr_log(void);
+
+/*
+ * Get the current exist status of pppd
*/
-extern int (*new_phase_hook)(int);
-extern int (*idle_time_hook)(struct ppp_idle *);
-extern int (*holdoff_hook)(void);
-extern int (*pap_check_hook)(void);
-extern int (*pap_auth_hook)(char *user, char *passwd, char **msgp,
- struct wordlist **paddrs,
- struct wordlist **popts);
-extern void (*pap_logout_hook)(void);
-extern int (*pap_passwd_hook)(char *user, char *passwd);
-extern int (*allowed_address_hook)(u_int32_t addr);
-extern void (*ip_up_hook)(void);
-extern void (*ip_down_hook)(void);
-extern void (*ip_choose_hook)(u_int32_t *);
-extern void (*ipv6_up_hook)(void);
-extern void (*ipv6_down_hook)(void);
-
-extern int (*chap_check_hook)(void);
-extern int (*chap_passwd_hook)(char *user, char *passwd);
-extern void (*multilink_join_hook)(void);
-
-#ifdef USE_EAPTLS
-extern int (*eaptls_passwd_hook)(char *user, char *passwd);
-#endif
+ppp_exit_code_t ppp_status();
-/* Let a plugin snoop sent and received packets. Useful for L2TP */
-extern void (*snoop_recv_hook)(unsigned char *p, int len);
-extern void (*snoop_send_hook)(unsigned char *p, int len);
+/*
+ * Set the exit status
+ */
+void ppp_set_status(ppp_exit_code_t code);
/*
- * Inline versions of get/put char/short/long.
- * Pointer is advanced; we assume that both arguments
- * are lvalues and will already be in registers.
- * cp MUST be u_char *.
+ * Configure the session's maximum number of octets
*/
-#define GETCHAR(c, cp) { \
- (c) = *(cp)++; \
-}
-#define PUTCHAR(c, cp) { \
- *(cp)++ = (u_char) (c); \
-}
+void ppp_set_session_limit(unsigned int octets);
+/*
+ * Which direction to limit the number of octets
+ */
+void ppp_set_session_limit_dir(unsigned int direction);
-#define GETSHORT(s, cp) { \
- (s) = *(cp)++ << 8; \
- (s) |= *(cp)++; \
-}
-#define PUTSHORT(s, cp) { \
- *(cp)++ = (u_char) ((s) >> 8); \
- *(cp)++ = (u_char) (s); \
-}
+/*
+ * Get the current link stats, returns true when valid and false if otherwise
+ */
+bool ppp_get_link_stats(ppp_link_stats_st *stats);
-#define GETLONG(l, cp) { \
- (l) = *(cp)++ << 8; \
- (l) |= *(cp)++; (l) <<= 8; \
- (l) |= *(cp)++; (l) <<= 8; \
- (l) |= *(cp)++; \
-}
-#define PUTLONG(l, cp) { \
- *(cp)++ = (u_char) ((l) >> 24); \
- *(cp)++ = (u_char) ((l) >> 16); \
- *(cp)++ = (u_char) ((l) >> 8); \
- *(cp)++ = (u_char) (l); \
-}
+/*
+ * Get pppd's notion of time
+ */
+int ppp_get_time(struct timeval *);
-#define INCPTR(n, cp) ((cp) += (n))
-#define DECPTR(n, cp) ((cp) -= (n))
+/*
+ * Schedule a callback in s.us seconds from now
+ */
+typedef void (*ppp_timer_cb)(void *arg);
+void ppp_timeout(ppp_timer_cb func, void *arg, int s, int us);
/*
- * System dependent definitions for user-level 4.3BSD UNIX implementation.
+ * Cancel any pending timer callbacks
*/
+void ppp_untimeout(void (*func)(void *), void *arg);
-#define TIMEOUT(r, f, t) timeout((r), (f), (t), 0)
-#define UNTIMEOUT(r, f) untimeout((r), (f))
+/*
+ * Clean up in a child before execing
+ */
+void ppp_sys_close(void);
-#define BCOPY(s, d, l) memcpy(d, s, l)
-#define BZERO(s, n) memset(s, 0, n)
-#define BCMP(s1, s2, l) memcmp(s1, s2, l)
+/*
+ * Fork & close stuff in child
+ */
+pid_t ppp_safe_fork(int, int, int);
-#define PRINTMSG(m, l) { info("Remote message: %0.*v", l, m); }
+/*
+ * Get the current hostname
+ */
+const char *ppp_hostname();
/*
- * MAKEHEADER - Add Header fields to a packet.
+ * Is pppd using pty as a device (opposed to notty or pty opt).
*/
-#define MAKEHEADER(p, t) { \
- PUTCHAR(PPP_ALLSTATIONS, p); \
- PUTCHAR(PPP_UI, p); \
- PUTSHORT(t, p); }
+bool ppp_using_pty();
/*
- * Exit status values.
+ * Device is synchronous serial device
*/
-#define EXIT_OK 0
-#define EXIT_FATAL_ERROR 1
-#define EXIT_OPTION_ERROR 2
-#define EXIT_NOT_ROOT 3
-#define EXIT_NO_KERNEL_SUPPORT 4
-#define EXIT_USER_REQUEST 5
-#define EXIT_LOCK_FAILED 6
-#define EXIT_OPEN_FAILED 7
-#define EXIT_CONNECT_FAILED 8
-#define EXIT_PTYCMD_FAILED 9
-#define EXIT_NEGOTIATION_FAILED 10
-#define EXIT_PEER_AUTH_FAILED 11
-#define EXIT_IDLE_TIMEOUT 12
-#define EXIT_CONNECT_TIME 13
-#define EXIT_CALLBACK 14
-#define EXIT_PEER_DEAD 15
-#define EXIT_HANGUP 16
-#define EXIT_LOOPBACK 17
-#define EXIT_INIT_FAILED 18
-#define EXIT_AUTH_TOPEER_FAILED 19
-#ifdef MAXOCTETS
-#define EXIT_TRAFFIC_LIMIT 20
-#endif
-#define EXIT_CNID_AUTH_FAILED 21
+bool ppp_sync_serial();
/*
- * Debug macros. Slightly useful for finding bugs in pppd, not particularly
- * useful for finding out why your connection isn't being established.
+ * Modem mode
*/
-#ifdef DEBUGALL
-#define DEBUGMAIN 1
-#define DEBUGFSM 1
-#define DEBUGLCP 1
-#define DEBUGIPCP 1
-#define DEBUGIPV6CP 1
-#define DEBUGUPAP 1
-#define DEBUGCHAP 1
-#endif
+bool ppp_get_modem();
-#ifndef LOG_PPP /* we use LOG_LOCAL2 for syslog by default */
-#if defined(DEBUGMAIN) || defined(DEBUGFSM) || defined(DEBUGSYS) \
- || defined(DEBUGLCP) || defined(DEBUGIPCP) || defined(DEBUGUPAP) \
- || defined(DEBUGCHAP) || defined(DEBUG) || defined(DEBUGIPV6CP)
-#define LOG_PPP LOG_LOCAL2
-#else
-#define LOG_PPP LOG_DAEMON
-#endif
-#endif /* LOG_PPP */
+/*
+ * Control the mode of the tty terminal
+ */
+void ppp_set_modem(bool on);
-#ifdef DEBUGMAIN
-#define MAINDEBUG(x) if (debug) dbglog x
-#else
-#define MAINDEBUG(x)
-#endif
+/*
+ * Set the current session number, e.g. for PPPoE
+ */
+void ppp_set_session_number(int number);
-#ifdef DEBUGSYS
-#define SYSDEBUG(x) if (debug) dbglog x
-#else
-#define SYSDEBUG(x)
-#endif
+/*
+ * Set the current session number, e.g. for PPPoE
+ */
+int ppp_get_session_number(void);
-#ifdef DEBUGFSM
-#define FSMDEBUG(x) if (debug) dbglog x
-#else
-#define FSMDEBUG(x)
-#endif
+/*
+ * Check if pppd got signaled, returns 0 if not signaled, returns -1 on failure, and the signal number when signaled.
+ */
+bool ppp_signaled(int sig);
-#ifdef DEBUGLCP
-#define LCPDEBUG(x) if (debug) dbglog x
-#else
-#define LCPDEBUG(x)
-#endif
+/*
+ * Maximum connect time in seconds
+ */
+int ppp_get_max_connect_time(void);
-#ifdef DEBUGIPCP
-#define IPCPDEBUG(x) if (debug) dbglog x
-#else
-#define IPCPDEBUG(x)
-#endif
+/*
+ * Set the maximum connect time in seconds
+ */
+void ppp_set_max_connect_time(unsigned int max);
-#ifdef DEBUGIPV6CP
-#define IPV6CPDEBUG(x) if (debug) dbglog x
-#else
-#define IPV6CPDEBUG(x)
-#endif
+/*
+ * Get the link idle time before shutting the link down
+ */
+int ppp_get_max_idle_time(void);
-#ifdef DEBUGUPAP
-#define UPAPDEBUG(x) if (debug) dbglog x
-#else
-#define UPAPDEBUG(x)
-#endif
+/*
+ * Set the link idle time before shutting the link down
+ */
+void ppp_set_max_idle_time(unsigned int idle);
-#ifdef DEBUGCHAP
-#define CHAPDEBUG(x) if (debug) dbglog x
-#else
-#define CHAPDEBUG(x)
-#endif
+/*
+ * Get the duration the link was up (uptime)
+ */
+int ppp_get_link_uptime();
-#ifdef DEBUGIPXCP
-#define IPXCPDEBUG(x) if (debug) dbglog x
-#else
-#define IPXCPDEBUG(x)
-#endif
+/*
+ * Get the ipparam configured with pppd
+ */
+const char *ppp_ipparam();
-#ifndef SIGTYPE
-#if defined(sun) || defined(SYSV) || defined(POSIX_SOURCE)
-#define SIGTYPE void
-#else
-#define SIGTYPE int
-#endif /* defined(sun) || defined(SYSV) || defined(POSIX_SOURCE) */
-#endif /* SIGTYPE */
+/*
+ * check if IP address is unreasonable
+ */
+bool ppp_bad_ip_addr(uint32_t);
-#ifndef MIN
-#define MIN(a, b) ((a) < (b)? (a): (b))
-#endif
-#ifndef MAX
-#define MAX(a, b) ((a) > (b)? (a): (b))
-#endif
+/*
+ * Expose an environment variable to scripts
+ */
+void ppp_script_setenv(char *, char *, int);
+
+/*
+ * Unexpose an environment variable to scripts
+ */
+void ppp_script_unsetenv(char *);
+
+/*
+ * Test whether ppp kernel support exists
+ */
+int ppp_check_kernel_support(void);
+
+/*
+ * Restore device setting
+ */
+void ppp_generic_disestablish(int dev_fd);
+
+/*
+ * Set the interface MTU
+ */
+void ppp_set_mtu(int, int);
+
+/*
+ * Get the interface MTU
+ */
+int ppp_get_mtu(int);
+
+/*
+ * Make a ppp interface
+ */
+int ppp_generic_establish(int dev_fd);
+
+/*
+ * Get the peer's authentication name
+ */
+const char *ppp_peer_authname(char *buf, size_t bufsz);
+
+/*
+ * Get the remote name
+ */
+const char *ppp_remote_name();
+
+/*
+ * Get the remote number (if set), otherwise return NULL
+ */
+const char *ppp_get_remote_number(void);
+
+/*
+ * Set the remote number, typically it's a MAC address
+ */
+void ppp_set_remote_number(const char *buf);
-#ifndef offsetof
-#define offsetof(type, member) ((size_t) &((type *)0)->member)
+/*
+ * Get the current interface unit for the pppX device
+ */
+int ppp_ifunit();
+
+/*
+ * Get the current interface name
+ */
+const char *ppp_ifname();
+
+/*
+ * Get the current interface name
+ */
+int ppp_get_ifname(char *buf, size_t bufsz);
+
+/*
+ * Set the current interface name, ifname is a \0 terminated string
+ */
+void ppp_set_ifname(const char *ifname);
+
+/*
+ * Set the original devnam (prior to any renaming, etc).
+ */
+int ppp_set_pppdevnam(const char *name);
+
+/*
+ * Get the original devnam (prior to any renaming, etc).
+ */
+const char *ppp_pppdevnam();
+
+/*
+ * Get the current devnam, e.g. /dev/ttyS0, /dev/ptmx
+ */
+const char *ppp_devnam();
+
+/*
+ * Set the device name
+ */
+int ppp_set_devnam(const char *name);
+
+/*
+ * Definition for the notify callback function
+ * ctx - contextual argument provided with the registration
+ * arg - anything passed by the notification, e.g. phase, pid, etc
+ */
+typedef void (ppp_notify_fn)(void *ctx, int arg);
+
+/*
+ * Add a callback notification for when a given event has occured
+ */
+void ppp_add_notify(ppp_notify_t type, ppp_notify_fn *func, void *ctx);
+
+/*
+ * Remove a callback notification previously registered
+ */
+void ppp_del_notify(ppp_notify_t type, ppp_notify_fn *func, void *ctx);
+
+/*
+ * Get the path prefix in which a file is installed
+ */
+int ppp_get_path(ppp_path_t type, char *buf, size_t bufsz);
+
+/*
+ * Get the file with path prefix
+ */
+int ppp_get_filepath(ppp_path_t type, const char *name, char *buf, size_t bufsz);
+
+/*
+ * Check if pppd is to re-open link after it goes down
+ */
+bool ppp_persist();
+
+/*
+ * Hooks to enable plugins to hook into various parts of the code
+ */
+
+struct ppp_idle; /* Declared in <linux/ppp_defs.h> */
+extern int (*idle_time_hook)(struct ppp_idle *);
+extern int (*new_phase_hook)(int);
+extern int (*holdoff_hook)(void);
+extern int (*allowed_address_hook)(uint32_t addr);
+extern void (*snoop_recv_hook)(unsigned char *p, int len);
+extern void (*snoop_send_hook)(unsigned char *p, int len);
+
+#ifdef __cplusplus
+}
#endif
-#endif /* __PPP_H__ */
+#endif /* PPP_PPPD_H */
--- /dev/null
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+plugindir=@PPPD_PLUGIN_DIR@
+
+Name: pppd
+Description: Point-to-Point Protocol (PPP) daemon
+Version: @PACKAGE_VERSION@
+Cflags: -I${includedir}
--- /dev/null
+/*
+ * Copyright (c) 2022 Eivind Næss. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * This file is generated by configure and sets the features enabled
+ * in pppd when configured.
+ */
+
+#ifndef PPP_PPPDCONF_H
+#define PPP_PPPDCONF_H
+
+/* Have Microsoft CHAP support */
+#undef PPP_WITH_CHAPMS
+
+/* Have Microsoft LAN Manager support */
+#undef PPP_WITH_MSLANMAN
+
+/* Have Microsoft MPPE support */
+#undef PPP_WITH_MPPE
+
+/* Have multilink support */
+#undef PPP_WITH_MULTILINK
+
+/* Have packet activity filter support */
+#undef PPP_WITH_FILTER
+
+/* Have support for loadable plugins */
+#undef PPP_WITH_PLUGINS
+
+/* Have Callback Protocol support */
+#undef PPP_WITH_CBCP
+
+/* Include TDB support */
+#undef PPP_WITH_TDB
+
+/* Have IPv6 Control Protocol */
+#undef PPP_WITH_IPV6CP
+
+/* Support for Pluggable Authentication Modules */
+#undef PPP_WITH_PAM
+
+/* Have EAP-SRP authentication support */
+#undef PPP_WITH_SRP
+
+/* Have EAP-TLS authentication support */
+#undef PPP_WITH_EAPTLS
+
+/* Have PEAP authentication support */
+#undef PPP_WITH_PEAP
+
+/* The pppd version */
+#undef PPPD_VERSION
+
+#endif
* 3. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <pwd.h>
+
+#ifdef HAVE_CRYPT_H
#include <crypt.h>
-#ifdef HAS_SHADOW
+#endif
+
+#ifdef HAVE_SHADOW_H
#include <shadow.h>
#endif
+
#include <time.h>
#include <utmp.h>
#include <fcntl.h>
#include <unistd.h>
-#include "pppd.h"
+#include "pppd-private.h"
#include "session.h"
-#ifdef USE_PAM
+#ifdef PPP_WITH_PAM
#include <security/pam_appl.h>
-#endif /* #ifdef USE_PAM */
+#endif /* #ifdef PPP_WITH_PAM */
#define SET_MSG(var, msg) if (var != NULL) { var[0] = msg; }
#define COPY_STRING(s) ((s) ? strdup(s) : NULL)
/* We have successfully started a session */
static bool logged_in = 0;
-#ifdef USE_PAM
+#ifdef PPP_WITH_PAM
/*
* Static variables used to communicate between the conversation function
* and the server_login function
&conversation,
NULL
};
-#endif /* #ifdef USE_PAM */
+#endif /* #ifdef PPP_WITH_PAM */
int
session_start(const int flags, const char *user, const char *passwd, const char *ttyName, char **msg)
{
-#ifdef USE_PAM
+#ifdef PPP_WITH_PAM
bool ok = 1;
const char *usr;
int pam_error;
bool try_session = 0;
-#else /* #ifdef USE_PAM */
+#else /* #ifdef PPP_WITH_PAM */
struct passwd *pw;
char *cbuf;
-#ifdef HAS_SHADOW
+#ifdef HAVE_SHADOW_H
struct spwd *spwd;
struct spwd *getspnam();
long now = 0;
-#endif /* #ifdef HAS_SHADOW */
-#endif /* #ifdef USE_PAM */
+#endif /* #ifdef HAVE_SHADOW_H */
+#endif /* #ifdef PPP_WITH_PAM */
SET_MSG(msg, SUCCESS_MSG);
return SESSION_FAILED;
}
-#ifdef USE_PAM
+#ifdef PPP_WITH_PAM
/* Find the '\\' in the username */
/* This needs to be fixed to support different username schemes */
if ((usr = strchr(user, '\\')) == NULL)
/* If our PAM checks have already failed, then we must return a failure */
if (!ok) return SESSION_FAILED;
-#else /* #ifdef USE_PAM */
+#else /* #ifdef PPP_WITH_PAM */
/*
* Use the non-PAM methods directly. 'pw' will remain NULL if the user
if (pw == NULL)
return SESSION_FAILED;
-#ifdef HAS_SHADOW
+#ifdef HAVE_SHADOW_H
spwd = getspnam(user);
endspent();
/* We have a valid shadow entry, keep the password */
pw->pw_passwd = spwd->sp_pwdp;
-#endif /* #ifdef HAS_SHADOW */
+#endif /* #ifdef HAVE_SHADOW_H */
/*
* If no passwd, don't let them login if we're authenticating.
*/
if (pw->pw_passwd == NULL || strlen(pw->pw_passwd) < 2)
return SESSION_FAILED;
+#ifdef HAVE_CRYPT_H
cbuf = crypt(passwd, pw->pw_passwd);
if (!cbuf || strcmp(cbuf, pw->pw_passwd) != 0)
+#endif
return SESSION_FAILED;
}
-#endif /* #ifdef USE_PAM */
+#endif /* #ifdef PPP_WITH_PAM */
/*
* Write a wtmp entry for this user.
logwtmp(ttyName, user, ifname); /* Add wtmp login entry */
logged_in = 1;
-#if defined(_PATH_LASTLOG) && !defined(USE_PAM)
+#if defined(_PATH_LASTLOG) && !defined(PPP_WITH_PAM)
/*
* Enter the user in lastlog only if he has been authenticated using
* local system services. If he has not, then we don't know what his
(void)close(fd);
}
}
-#endif /* _PATH_LASTLOG and not USE_PAM */
+#endif /* _PATH_LASTLOG and not PPP_WITH_PAM */
info("user %s logged in on tty %s intf %s", user, ttyName, ifname);
}
void
session_end(const char* ttyName)
{
-#ifdef USE_PAM
+#ifdef PPP_WITH_PAM
int pam_error = PAM_SUCCESS;
if (pamh != NULL) {
* 3. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#ifndef PPP_SESSION_H
+#define PPP_SESSION_H
-#ifndef __SESSION_H
-#define __SESSION_H
+#include "pppdconf.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
#define SESS_AUTH 1 /* Check User Authentication */
#define SESS_ACCT 2 /* Check Account Validity */
void
session_end(const char* tty);
+#ifdef __cplusplus
+}
#endif
+
+#endif // PPP_SESSION_H
+++ /dev/null
-/*
- * ftp://ftp.funet.fi/pub/crypt/hash/sha/sha1.c
- *
- * SHA-1 in C
- * By Steve Reid <steve@edmweb.com>
- * 100% Public Domain
- *
- * Test Vectors (from FIPS PUB 180-1)
- * "abc"
- * A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
- * "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
- * 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
- * A million repetitions of "a"
- * 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
- */
-
-/* #define SHA1HANDSOFF * Copies data before messing with it. */
-
-#include <string.h>
-#include <time.h>
-#include <netinet/in.h> /* htonl() */
-#include <net/ppp_defs.h>
-#include "sha1.h"
-
-static void
-SHA1_Transform(u_int32_t[5], const unsigned char[64]);
-
-#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits))))
-
-/* blk0() and blk() perform the initial expand. */
-/* I got the idea of expanding during the round function from SSLeay */
-#define blk0(i) (block->l[i] = htonl(block->l[i]))
-#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \
- ^block->l[(i+2)&15]^block->l[i&15],1))
-
-/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */
-#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30);
-#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30);
-#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30);
-#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30);
-#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30);
-
-
-/* Hash a single 512-bit block. This is the core of the algorithm. */
-
-static void
-SHA1_Transform(u_int32_t state[5], const unsigned char buffer[64])
-{
- u_int32_t a, b, c, d, e;
- typedef union {
- unsigned char c[64];
- u_int32_t l[16];
- } CHAR64LONG16;
- CHAR64LONG16 *block;
-
-#ifdef SHA1HANDSOFF
- static unsigned char workspace[64];
- block = (CHAR64LONG16 *) workspace;
- memcpy(block, buffer, 64);
-#else
- block = (CHAR64LONG16 *) buffer;
-#endif
- /* Copy context->state[] to working vars */
- a = state[0];
- b = state[1];
- c = state[2];
- d = state[3];
- e = state[4];
- /* 4 rounds of 20 operations each. Loop unrolled. */
- R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3);
- R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7);
- R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11);
- R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15);
- R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19);
- R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23);
- R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27);
- R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31);
- R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35);
- R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39);
- R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43);
- R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47);
- R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51);
- R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55);
- R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59);
- R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63);
- R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67);
- R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71);
- R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75);
- R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79);
- /* Add the working vars back into context.state[] */
- state[0] += a;
- state[1] += b;
- state[2] += c;
- state[3] += d;
- state[4] += e;
- /* Wipe variables */
- a = b = c = d = e = 0;
-}
-
-
-/* SHA1Init - Initialize new context */
-
-void
-SHA1_Init(SHA1_CTX *context)
-{
- /* SHA1 initialization constants */
- context->state[0] = 0x67452301;
- context->state[1] = 0xEFCDAB89;
- context->state[2] = 0x98BADCFE;
- context->state[3] = 0x10325476;
- context->state[4] = 0xC3D2E1F0;
- context->count[0] = context->count[1] = 0;
-}
-
-
-/* Run your data through this. */
-
-void
-SHA1_Update(SHA1_CTX *context, const unsigned char *data, unsigned int len)
-{
- unsigned int i, j;
-
- j = (context->count[0] >> 3) & 63;
- if ((context->count[0] += len << 3) < (len << 3)) context->count[1]++;
- context->count[1] += (len >> 29);
- i = 64 - j;
- while (len >= i) {
- memcpy(&context->buffer[j], data, i);
- SHA1_Transform(context->state, context->buffer);
- data += i;
- len -= i;
- i = 64;
- j = 0;
- }
-
- memcpy(&context->buffer[j], data, len);
-}
-
-
-/* Add padding and return the message digest. */
-
-void
-SHA1_Final(unsigned char digest[20], SHA1_CTX *context)
-{
- u_int32_t i, j;
- unsigned char finalcount[8];
-
- for (i = 0; i < 8; i++) {
- finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)]
- >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */
- }
- SHA1_Update(context, (unsigned char *) "\200", 1);
- while ((context->count[0] & 504) != 448) {
- SHA1_Update(context, (unsigned char *) "\0", 1);
- }
- SHA1_Update(context, finalcount, 8); /* Should cause a SHA1Transform() */
- for (i = 0; i < 20; i++) {
- digest[i] = (unsigned char)
- ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255);
- }
- /* Wipe variables */
- i = j = 0;
- memset(context->buffer, 0, 64);
- memset(context->state, 0, 20);
- memset(context->count, 0, 8);
- memset(&finalcount, 0, 8);
-#ifdef SHA1HANDSOFF /* make SHA1Transform overwrite it's own static vars */
- SHA1Transform(context->state, context->buffer);
-#endif
-}
-
+++ /dev/null
-/* sha1.h */
-
-/* If OpenSSL is in use, then use that version of SHA-1 */
-#ifdef OPENSSL
-#include <t_sha.h>
-#define __SHA1_INCLUDE_
-#endif
-
-#ifndef __SHA1_INCLUDE_
-
-#ifndef SHA1_SIGNATURE_SIZE
-#ifdef SHA_DIGESTSIZE
-#define SHA1_SIGNATURE_SIZE SHA_DIGESTSIZE
-#else
-#define SHA1_SIGNATURE_SIZE 20
-#endif
-#endif
-
-typedef struct {
- u_int32_t state[5];
- u_int32_t count[2];
- unsigned char buffer[64];
-} SHA1_CTX;
-
-extern void SHA1_Init(SHA1_CTX *);
-extern void SHA1_Update(SHA1_CTX *, const unsigned char *, unsigned int);
-extern void SHA1_Final(unsigned char[SHA1_SIGNATURE_SIZE], SHA1_CTX *);
-
-#define __SHA1_INCLUDE_
-#endif /* __SHA1_INCLUDE_ */
-
License along with this library; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include <stdlib.h>
#include <stdio.h>
#include <unistd.h>
-#ifndef __SPINLOCK_H__
-#define __SPINLOCK_H__
+/*
+ Unix SMB/CIFS implementation.
-#ifdef HAVE_CONFIG_H
-#include <config.h>
-#endif
+ trivial database library
+
+ Copyright (C) Anton Blanchard 2001
+
+ ** NOTE! The following LGPL license applies to the tdb
+ ** library. This does NOT imply that all of Samba is released
+ ** under the LGPL
+
+ This library is free software; you can redistribute it and/or
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2 of the License, or (at your option) any later version.
+
+ This library is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ Lesser General Public License for more details.
+
+ You should have received a copy of the GNU Lesser General Public
+ License along with this library; if not, write to the Free Software
+ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+*/
+
+#ifndef PPP_SPINLOCK_H
+#define PPP_SPINLOCK_H
+
+#include "pppdconf.h"
#include "tdb.h"
#endif
-#endif
+#endif // PPP_SPINLOCK_H
* The default modulus/generator can be requested as index 0.
*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
* 3. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include <sys/ioctl.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <sys/utsname.h>
#include <sys/sysmacros.h>
+#include <sys/param.h>
#include <errno.h>
+#include <stddef.h>
#include <stdio.h>
#include <stdlib.h>
#include <syslog.h>
#include <string.h>
#include <time.h>
#include <memory.h>
+#ifdef HAVE_UTMP_H
#include <utmp.h>
+#endif
#include <mntent.h>
#include <signal.h>
#include <fcntl.h>
#include <ctype.h>
-#include <termios.h>
#include <unistd.h>
+#include <limits.h>
/* This is in netdevice.h. However, this compile will fail miserably if
you attempt to include netdevice.h because it has so many references
#include <netinet/in.h>
#include <arpa/inet.h>
-#include <linux/ppp_defs.h>
-#include <linux/if_ppp.h>
+#include <linux/ppp-ioctl.h>
-#ifdef INET6
#include <linux/netlink.h>
#include <linux/rtnetlink.h>
+#include <linux/if_link.h>
#include <linux/if_addr.h>
+
/* glibc versions prior to 2.24 do not define SOL_NETLINK */
#ifndef SOL_NETLINK
#define SOL_NETLINK 270
#endif
+
/* linux kernel versions prior to 4.3 do not define/support NETLINK_CAP_ACK */
#ifndef NETLINK_CAP_ACK
#define NETLINK_CAP_ACK 10
#endif
+
+/* linux kernel versions prior to 4.7 do not define/support IFLA_PPP_DEV_FD */
+#ifndef IFLA_PPP_MAX
+/* IFLA_PPP_DEV_FD is declared as enum when IFLA_PPP_MAX is defined */
+#define IFLA_PPP_DEV_FD 1
#endif
-#include "pppd.h"
+#include "pppd-private.h"
+#include "options.h"
#include "fsm.h"
#include "ipcp.h"
-#ifdef IPX_CHANGE
-#include "ipxcp.h"
-#if __GLIBC__ >= 2 && \
- !(defined(__powerpc__) && __GLIBC__ == 2 && __GLIBC_MINOR__ == 0)
-#include <netipx/ipx.h>
-#else
-#include <linux/ipx.h>
-#endif
-#endif /* IPX_CHANGE */
+#ifdef PPP_WITH_IPV6CP
+#include "eui64.h"
+#endif /* PPP_WITH_IPV6CP */
+
+#include "multilink.h"
-#ifdef PPP_FILTER
+#ifdef PPP_WITH_FILTER
#include <pcap-bpf.h>
#include <linux/filter.h>
-#endif /* PPP_FILTER */
+#endif /* PPP_WITH_FILTER */
#ifdef LOCKLIB
#include <sys/locks.h>
#endif
-#ifdef INET6
+/*
+ * Instead of system header file <termios.h> use local "termios_linux.h" header
+ * file as it provides additional support for arbitrary baud rates via BOTHER.
+ */
+#include "termios_linux.h"
+
+#ifdef PPP_WITH_IPV6CP
#ifndef _LINUX_IN6_H
/*
* This is in linux/include/net/ipv6.h.
} while (0)
static const eui64_t nulleui64;
-#endif /* INET6 */
+#endif /* PPP_WITH_IPV6CP */
/* We can get an EIO error on an ioctl if the modem has hung up */
#define ok_error(num) ((num)==EIO)
static int sock_fd = -1; /* socket for doing interface ioctls */
static int slave_fd = -1; /* pty for old-style demand mode, slave */
static int master_fd = -1; /* pty for old-style demand mode, master */
-#ifdef INET6
+#ifdef PPP_WITH_IPV6CP
static int sock6_fd = -1;
-#endif /* INET6 */
+#endif /* PPP_WITH_IPV6CP */
/*
* For the old-style kernel driver, this is the same as ppp_fd.
memset ((char *) &(addr), '\0', sizeof(addr)); \
addr.sa_family = (family);
+
+/*
+ * rtnetlink_msg - send rtnetlink message, receive response
+ * and return received error code:
+ * 0 - success
+ * positive value - error during sending / receiving message
+ * negative value - rtnetlink responce error code
+ */
+static int rtnetlink_msg(const char *desc, int *shared_fd, void *nlreq, size_t nlreq_len, void *nlresp_data, size_t *nlresp_size, unsigned nlresp_type)
+{
+ struct nlresp_hdr {
+ struct nlmsghdr nlh;
+ struct nlmsgerr nlerr;
+ } nlresp_hdr;
+ struct sockaddr_nl nladdr;
+ struct iovec iov[2];
+ struct msghdr msg;
+ ssize_t nlresp_len;
+ int one;
+ int fd;
+
+ if (shared_fd && *shared_fd >= 0) {
+ fd = *shared_fd;
+ } else {
+ fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
+ if (fd < 0) {
+ error("rtnetlink_msg: socket(NETLINK_ROUTE): %m (line %d)", __LINE__);
+ return 1;
+ }
+
+ /*
+ * Tell kernel to not send to us payload of acknowledgment error message.
+ * NETLINK_CAP_ACK option is supported since Linux kernel version 4.3 and
+ * older kernel versions always send full payload in acknowledgment netlink
+ * message. We ignore payload of this message as we need only error code,
+ * to check if our set remote peer address request succeeded or failed.
+ * So ignore return value from the following setsockopt() call as setting
+ * option NETLINK_CAP_ACK means for us just a kernel hint / optimization.
+ */
+ one = 1;
+ setsockopt(fd, SOL_NETLINK, NETLINK_CAP_ACK, &one, sizeof(one));
+
+ memset(&nladdr, 0, sizeof(nladdr));
+ nladdr.nl_family = AF_NETLINK;
+
+ if (bind(fd, (struct sockaddr *)&nladdr, sizeof(nladdr)) < 0) {
+ error("rtnetlink_msg: bind(AF_NETLINK): %m (line %d)", __LINE__);
+ close(fd);
+ return 1;
+ }
+
+ if (shared_fd)
+ *shared_fd = fd;
+ }
+
+ memset(&nladdr, 0, sizeof(nladdr));
+ nladdr.nl_family = AF_NETLINK;
+
+ memset(&iov[0], 0, sizeof(iov[0]));
+ iov[0].iov_base = nlreq;
+ iov[0].iov_len = nlreq_len;
+
+ memset(&msg, 0, sizeof(msg));
+ msg.msg_name = &nladdr;
+ msg.msg_namelen = sizeof(nladdr);
+ msg.msg_iov = &iov[0];
+ msg.msg_iovlen = 1;
+
+ if (sendmsg(fd, &msg, 0) < 0) {
+ error("rtnetlink_msg: sendmsg(%s): %m (line %d)", desc, __LINE__);
+ if (!shared_fd)
+ close(fd);
+ return 1;
+ }
+
+ memset(iov, 0, sizeof(iov));
+ iov[0].iov_base = &nlresp_hdr;
+ if (nlresp_size && *nlresp_size > sizeof(nlresp_hdr)) {
+ iov[0].iov_len = offsetof(struct nlresp_hdr, nlerr);
+ iov[1].iov_base = nlresp_data;
+ iov[1].iov_len = *nlresp_size;
+ } else {
+ iov[0].iov_len = sizeof(nlresp_hdr);
+ }
+
+ memset(&msg, 0, sizeof(msg));
+ msg.msg_name = &nladdr;
+ msg.msg_namelen = sizeof(nladdr);
+ msg.msg_iov = iov;
+ msg.msg_iovlen = (nlresp_size && *nlresp_size > sizeof(nlresp_hdr)) ? 2 : 1;
+
+ nlresp_len = recvmsg(fd, &msg, 0);
+
+ if (!shared_fd)
+ close(fd);
+
+ if (nlresp_len < 0) {
+ error("rtnetlink_msg: recvmsg(%s): %m (line %d)", desc, __LINE__);
+ return 1;
+ }
+
+ if (nladdr.nl_family != AF_NETLINK) {
+ error("rtnetlink_msg: recvmsg(%s): Not a netlink packet (line %d)", desc, __LINE__);
+ return 1;
+ }
+
+ if (!nlresp_size) {
+ if ((size_t)nlresp_len < sizeof(nlresp_hdr) || nlresp_hdr.nlh.nlmsg_len < sizeof(nlresp_hdr)) {
+ error("rtnetlink_msg: recvmsg(%s): Acknowledgment netlink packet too short (line %d)", desc, __LINE__);
+ return 1;
+ }
+
+ /* acknowledgment packet for NLM_F_ACK is NLMSG_ERROR */
+ if (nlresp_hdr.nlh.nlmsg_type != NLMSG_ERROR) {
+ error("rtnetlink_msg: recvmsg(%s): Not an acknowledgment netlink packet (line %d)", desc, __LINE__);
+ return 1;
+ }
+ }
+
+ if (nlresp_size) {
+ if (*nlresp_size > sizeof(nlresp_hdr))
+ memcpy((unsigned char *)&nlresp_hdr + offsetof(struct nlresp_hdr, nlerr), nlresp_data, sizeof(nlresp_hdr.nlerr));
+ else
+ memcpy(nlresp_data, (unsigned char *)&nlresp_hdr + offsetof(struct nlresp_hdr, nlerr), *nlresp_size);
+ }
+
+ /* error == 0 indicates success, negative value is errno code */
+ if (nlresp_hdr.nlh.nlmsg_type == NLMSG_ERROR && nlresp_hdr.nlerr.error)
+ return nlresp_hdr.nlerr.error;
+
+ if (nlresp_size) {
+ if (nlresp_hdr.nlh.nlmsg_type != nlresp_type) {
+ error("rtnetlink_msg: recvmsg(%s): Not a netlink packet of type 0x%x (line %d)", desc, nlresp_type, __LINE__);
+ return 1;
+ }
+ *nlresp_size = nlresp_len - offsetof(struct nlresp_hdr, nlerr);
+ }
+
+ return 0;
+}
+
/*
* Determine if the PPP connection should still be present.
*/
if (sock_fd < 0)
fatal("Couldn't create IP socket: %m(%d)", errno);
-#ifdef INET6
+#ifdef PPP_WITH_IPV6CP
sock6_fd = socket(AF_INET6, SOCK_DGRAM, 0);
if (sock6_fd < 0)
sock6_fd = -errno; /* save errno for later */
if_is_up = 0;
sifdown(0);
}
+#ifdef PPP_WITH_IPV6CP
if (if6_is_up)
sif6down(0);
+#endif
/*
* Delete any routes through the device.
*/
if (have_default_route)
cifdefaultroute(0, 0, 0);
-#ifdef INET6
+#ifdef PPP_WITH_IPV6CP
if (have_default_route6)
cif6defaultroute(0, nulleui64, nulleui64);
#endif
/********************************************************************
*
- * sys_close - Clean up in a child process before execing.
+ * ppp_sys_close - Clean up in a child process before execing.
*/
void
-sys_close(void)
+ppp_sys_close(void)
{
if (new_style_driver && ppp_dev_fd >= 0)
close(ppp_dev_fd);
if (sock_fd >= 0)
close(sock_fd);
-#ifdef INET6
+#ifdef PPP_WITH_IPV6CP
if (sock6_fd >= 0)
close(sock6_fd);
#endif
#ifndef N_SYNC_PPP
#define N_SYNC_PPP 14
#endif
- ppp_disc = (new_style_driver && sync_serial)? N_SYNC_PPP: N_PPP;
+ ppp_disc = (new_style_driver && ppp_sync_serial())? N_SYNC_PPP: N_PPP;
if (ioctl(tty_fd, TIOCSETD, &ppp_disc) < 0) {
if ( ! ok_error (errno) ) {
error("Couldn't set tty to PPP discipline: %m");
}
}
- ret_fd = generic_establish_ppp(tty_fd);
+ ret_fd = ppp_generic_establish(tty_fd);
#define SC_RCVB (SC_RCV_B7_0 | SC_RCV_B7_1 | SC_RCV_EVNP | SC_RCV_ODDP)
#define SC_LOGB (SC_DEBUG | SC_LOG_INPKT | SC_LOG_OUTPKT | SC_LOG_RAWIN \
*
* generic_establish_ppp - Turn the fd into a ppp interface.
*/
-int generic_establish_ppp (int fd)
+int ppp_generic_establish (int fd)
{
int x;
flushfailed:
initfdflags = -1;
- generic_disestablish_ppp(tty_fd);
+ ppp_generic_disestablish(tty_fd);
}
/********************************************************************
*
- * generic_disestablish_ppp - Restore device components to normal
+ * ppp_generic_disestablish - Restore device components to normal
* operation, and reconnect the ppp unit to the loopback if in demand
* mode. This shouldn't call die() because it's called from die().
*/
-void generic_disestablish_ppp(int dev_fd)
+void ppp_generic_disestablish(int dev_fd)
{
if (new_style_driver) {
close(ppp_fd);
if (demand) {
modify_flags(ppp_dev_fd, 0, SC_LOOP_TRAFFIC);
looped = 1;
- } else if (!doing_multilink && ppp_dev_fd >= 0) {
+ } else if (!mp_on() && ppp_dev_fd >= 0) {
close(ppp_dev_fd);
remove_fd(ppp_dev_fd);
ppp_dev_fd = -1;
}
}
+/*
+ * make_ppp_unit_rtnetlink - register a new ppp network interface for ppp_dev_fd
+ * with specified req_ifname via rtnetlink. Interface name req_ifname must not
+ * be empty. Custom ppp unit id req_unit is ignored and kernel choose some free.
+ */
+static int make_ppp_unit_rtnetlink(void)
+{
+ struct {
+ struct nlmsghdr nlh;
+ struct ifinfomsg ifm;
+ struct {
+ struct rtattr rta;
+ char ifname[IFNAMSIZ];
+ } ifn;
+ struct {
+ struct rtattr rta;
+ struct {
+ struct rtattr rta;
+ char ifkind[sizeof("ppp")];
+ } ifik;
+ struct {
+ struct rtattr rta;
+ struct {
+ struct rtattr rta;
+ union {
+ int ppp_dev_fd;
+ } ppp;
+ } ifdata[1];
+ } ifid;
+ } ifli;
+ } nlreq;
+ int resp;
+
+ memset(&nlreq, 0, sizeof(nlreq));
+ nlreq.nlh.nlmsg_len = sizeof(nlreq);
+ nlreq.nlh.nlmsg_type = RTM_NEWLINK;
+ nlreq.nlh.nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | NLM_F_EXCL | NLM_F_CREATE;
+ nlreq.ifm.ifi_family = AF_UNSPEC;
+ nlreq.ifm.ifi_type = ARPHRD_NETROM;
+ nlreq.ifn.rta.rta_len = sizeof(nlreq.ifn);
+ nlreq.ifn.rta.rta_type = IFLA_IFNAME;
+ strlcpy(nlreq.ifn.ifname, req_ifname, sizeof(nlreq.ifn.ifname));
+ nlreq.ifli.rta.rta_len = sizeof(nlreq.ifli);
+ nlreq.ifli.rta.rta_type = IFLA_LINKINFO;
+ nlreq.ifli.ifik.rta.rta_len = sizeof(nlreq.ifli.ifik);
+ nlreq.ifli.ifik.rta.rta_type = IFLA_INFO_KIND;
+ strcpy(nlreq.ifli.ifik.ifkind, "ppp");
+ nlreq.ifli.ifid.rta.rta_len = sizeof(nlreq.ifli.ifid);
+ nlreq.ifli.ifid.rta.rta_type = IFLA_INFO_DATA;
+ nlreq.ifli.ifid.ifdata[0].rta.rta_len = sizeof(nlreq.ifli.ifid.ifdata[0]);
+ nlreq.ifli.ifid.ifdata[0].rta.rta_type = IFLA_PPP_DEV_FD;
+ nlreq.ifli.ifid.ifdata[0].ppp.ppp_dev_fd = ppp_dev_fd;
+
+ /*
+ * See kernel function ppp_nl_newlink(), which may return -EBUSY to prevent
+ * possible deadlock in kernel and ask userspace to retry request again.
+ */
+ do {
+ resp = rtnetlink_msg("RTM_NEWLINK/NLM_F_CREATE", NULL, &nlreq, sizeof(nlreq), NULL, NULL, 0);
+ } while (resp == -EBUSY);
+
+ if (resp) {
+ /*
+ * Linux kernel versions prior to 4.7 do not support creating ppp
+ * interfaces via rtnetlink API and therefore error response is
+ * expected. On older kernel versions do not show this error message.
+ * When error is different than EEXIST then pppd tries to fallback to
+ * the old ioctl method.
+ */
+ errno = (resp < 0) ? -resp : EINVAL;
+ if (kernel_version >= KVERSION(4,7,0))
+ error("Couldn't create ppp interface %s: %m", req_ifname);
+ return 0;
+ }
+
+ return 1;
+}
+
/*
* make_ppp_unit - make a new ppp unit for ppp_dev_fd.
* Assumes new_style_driver.
|| fcntl(ppp_dev_fd, F_SETFL, flags | O_NONBLOCK) == -1)
warn("Couldn't set /dev/ppp to nonblock: %m");
+ /*
+ * Via rtnetlink it is possible to create ppp network interface with
+ * custom ifname atomically. But it is not possible to specify custom
+ * ppp unit id.
+ *
+ * Tools like systemd, udev or NetworkManager are trying to query
+ * interface attributes based on interface name immediately when new
+ * network interface is created. And therefore immediate interface
+ * renaming is causing issues.
+ *
+ * So use rtnetlink API only when user requested custom ifname. It will
+ * avoid system issues with interface renaming.
+ */
+ if (req_unit == -1 && req_ifname[0] != '\0' && kernel_version >= KVERSION(2,1,16)) {
+ if (make_ppp_unit_rtnetlink()) {
+ if (ioctl(ppp_dev_fd, PPPIOCGUNIT, &ifunit))
+ fatal("Couldn't retrieve PPP unit id: %m");
+ return 0;
+ }
+ /*
+ * If interface with requested name already exist return error
+ * otherwise fallback to old ioctl method.
+ */
+ if (errno == EEXIST)
+ return -1;
+ }
+
ifunit = req_unit;
x = ioctl(ppp_dev_fd, PPPIOCNEWUNIT, &ifunit);
if (x < 0 && req_unit >= 0 && errno == EEXIST) {
ifunit = -1;
x = ioctl(ppp_dev_fd, PPPIOCNEWUNIT, &ifunit);
}
+ if (x < 0 && errno == EEXIST) {
+ srand(time(NULL) * getpid());
+ ifunit = rand() % 10000;
+ x = ioctl(ppp_dev_fd, PPPIOCNEWUNIT, &ifunit);
+ }
if (x < 0)
error("Couldn't create new ppp unit: %m");
if (x == 0 && req_ifname[0] != '\0') {
struct ifreq ifr;
- char t[MAXIFNAMELEN];
+ char t[IFNAMSIZ];
memset(&ifr, 0, sizeof(struct ifreq));
slprintf(t, sizeof(t), "%s%d", PPP_DRV_NAME, ifunit);
- strlcpy(ifr.ifr_name, t, IF_NAMESIZE);
- strlcpy(ifr.ifr_newname, req_ifname, IF_NAMESIZE);
+ strlcpy(ifr.ifr_name, t, IFNAMSIZ);
+ strlcpy(ifr.ifr_newname, req_ifname, IFNAMSIZ);
x = ioctl(sock_fd, SIOCSIFNAME, &ifr);
if (x < 0)
error("Couldn't rename interface %s to %s: %m", t, req_ifname);
#ifdef B115200
{ 115200, B115200 },
#endif
+#ifdef B153600
+ { 153600, B153600 },
+#endif
#ifdef EXTA
{ 19200, EXTA },
#endif
#ifdef B230400
{ 230400, B230400 },
#endif
+#ifdef B307200
+ { 307200, B307200 },
+#endif
#ifdef B460800
{ 460800, B460800 },
#endif
+#ifdef B500000
+ { 500000, B500000 },
+#endif
+#ifdef B576000
+ { 576000, B576000 },
+#endif
+#ifdef B614400
+ { 614400, B614400 },
+#endif
#ifdef B921600
{ 921600, B921600 },
#endif
if (bps == speedp->speed_int)
return speedp->speed_val;
}
- warn("speed %d not supported", bps);
}
return 0;
}
if (stop_bits >= 2)
tios.c_cflag |= CSTOPB;
- speed = translate_speed(inspeed);
- if (speed) {
- cfsetospeed (&tios, speed);
- cfsetispeed (&tios, speed);
+ if (inspeed) {
+ speed = translate_speed(inspeed);
+ if (speed) {
+ cfsetospeed (&tios, speed);
+ cfsetispeed (&tios, speed);
+ speed = cfgetospeed(&tios);
+ baud_rate = baud_rate_of(speed);
+ } else {
+#ifdef BOTHER
+ tios.c_cflag &= ~CBAUD;
+ tios.c_cflag |= BOTHER;
+ tios.c_ospeed = inspeed;
+#ifdef IBSHIFT
+ /* B0 sets input baudrate to the output baudrate */
+ tios.c_cflag &= ~(CBAUD << IBSHIFT);
+ tios.c_cflag |= B0 << IBSHIFT;
+ tios.c_ispeed = inspeed;
+#endif
+ baud_rate = inspeed;
+#else
+ baud_rate = 0;
+#endif
+ }
}
+ else {
+ speed = cfgetospeed(&tios);
+ baud_rate = baud_rate_of(speed);
+#ifdef BOTHER
+ if (!baud_rate)
+ baud_rate = tios.c_ospeed;
+#endif
+ }
+
/*
- * We can't proceed if the serial port speed is B0,
+ * We can't proceed if the serial port baud rate is unknown,
* since that implies that the serial port is disabled.
*/
- else {
- speed = cfgetospeed(&tios);
- if (speed == B0)
+ if (!baud_rate) {
+ if (inspeed)
+ fatal("speed %d not supported", inspeed);
+ else
fatal("Baud rate for %s is 0; need explicit baud rate", devnam);
}
while (tcsetattr(tty_fd, TCSAFLUSH, &tios) < 0 && !ok_error(errno))
if (errno != EINTR)
fatal("tcsetattr: %m (line %d)", __LINE__);
-
- baud_rate = baud_rate_of(speed);
restore_term = 1;
}
error("read /dev/ppp: %m");
if (nr < 0 && errno == ENXIO)
nr = 0;
- if (nr == 0 && doing_multilink) {
+ if (nr == 0 && mp_on()) {
remove_fd(ppp_dev_fd);
bundle_eof = 1;
}
* netif_set_mtu - set the MTU on the PPP network interface.
*/
void
-netif_set_mtu(int unit, int mtu)
+ppp_set_mtu(int unit, int mtu)
{
struct ifreq ifr;
* netif_get_mtu - get the MTU on the PPP network interface.
*/
int
-netif_get_mtu(int unit)
+ppp_get_mtu(int unit)
{
struct ifreq ifr;
}
x = (pcomp? SC_COMP_PROT: 0) | (accomp? SC_COMP_AC: 0)
- | (sync_serial? SC_SYNC: 0);
+ | (ppp_sync_serial()? SC_SYNC: 0);
modify_flags(ppp_fd, SC_COMP_PROT|SC_COMP_AC|SC_SYNC, x);
}
modify_flags(ppp_dev_fd, SC_CCP_OPEN|SC_CCP_UP, x);
}
-#ifdef PPP_FILTER
+#ifdef PPP_WITH_FILTER
/*
* set_filters - set the active and pass filters in the kernel driver.
*/
}
return 1;
}
-#endif /* PPP_FILTER */
+#endif /* PPP_WITH_FILTER */
/********************************************************************
*
/********************************************************************
*
- * get_ppp_stats - return statistics for the link.
+ * get_ppp_stats_iocl - return statistics for the link, using the ioctl() method,
+ * this only supports 32-bit counters, so need to count the wraps.
*/
-int
-get_ppp_stats(int u, struct pppd_stats *stats)
+static int
+get_ppp_stats_ioctl(int u, struct pppd_stats *stats)
{
- struct ifpppstatsreq req;
+ static u_int32_t previbytes = 0;
+ static u_int32_t prevobytes = 0;
+ static u_int32_t iwraps = 0;
+ static u_int32_t owraps = 0;
+
+ struct ifreq req;
+ struct ppp_stats data;
memset (&req, 0, sizeof (req));
- req.stats_ptr = (caddr_t) &req.stats;
- strlcpy(req.ifr__name, ifname, sizeof(req.ifr__name));
+ req.ifr_data = (caddr_t) &data;
+ strlcpy(req.ifr_name, ifname, sizeof(req.ifr_name));
if (ioctl(sock_fd, SIOCGPPPSTATS, &req) < 0) {
error("Couldn't get PPP statistics: %m");
return 0;
}
- stats->bytes_in = req.stats.p.ppp_ibytes;
- stats->bytes_out = req.stats.p.ppp_obytes;
- stats->pkts_in = req.stats.p.ppp_ipackets;
- stats->pkts_out = req.stats.p.ppp_opackets;
+ stats->bytes_in = data.p.ppp_ibytes;
+ stats->bytes_out = data.p.ppp_obytes;
+ stats->pkts_in = data.p.ppp_ipackets;
+ stats->pkts_out = data.p.ppp_opackets;
+
+ if (stats->bytes_in < previbytes)
+ ++iwraps;
+ if (stats->bytes_out < prevobytes)
+ ++owraps;
+
+ previbytes = stats->bytes_in;
+ prevobytes = stats->bytes_out;
+
+ stats->bytes_in += (uint64_t)iwraps << 32;
+ stats->bytes_out += (uint64_t)owraps << 32;
+
return 1;
}
+/********************************************************************
+ * get_ppp_stats_rtnetlink - return statistics for the link, using rtnetlink
+ * This provides native 64-bit counters.
+ */
+static int
+get_ppp_stats_rtnetlink(int u, struct pppd_stats *stats)
+{
+#ifdef RTM_NEWSTATS
+ static int fd = -1;
+
+ struct {
+ struct nlmsghdr nlh;
+ struct if_stats_msg ifsm;
+ } nlreq;
+ struct {
+ struct rtmsg rth;
+ struct {
+ /* We only case about these first fields from rtnl_link_stats64 */
+ uint64_t rx_packets;
+ uint64_t tx_packets;
+ uint64_t rx_bytes;
+ uint64_t tx_bytes;
+ } stats;
+ } nlresp_data;
+ size_t nlresp_size;
+ int resp;
+
+ memset(&nlreq, 0, sizeof(nlreq));
+ nlreq.nlh.nlmsg_len = sizeof(nlreq);
+ nlreq.nlh.nlmsg_type = RTM_GETSTATS;
+ nlreq.nlh.nlmsg_flags = NLM_F_REQUEST;
+ nlreq.ifsm.ifindex = if_nametoindex(ifname);
+ nlreq.ifsm.filter_mask = IFLA_STATS_LINK_64;
+
+ nlresp_size = sizeof(nlresp_data);
+ resp = rtnetlink_msg("RTM_GETSTATS/NLM_F_REQUEST", &fd, &nlreq, sizeof(nlreq), &nlresp_data, &nlresp_size, RTM_NEWSTATS);
+ if (resp) {
+ errno = (resp < 0) ? -resp : EINVAL;
+ if (kernel_version >= KVERSION(4,7,0))
+ error("get_ppp_stats_rtnetlink: %m (line %d)", __LINE__);
+ goto err;
+ }
+
+ if (nlresp_size < sizeof(nlresp_data)) {
+ error("get_ppp_stats_rtnetlink: Obtained an insufficiently sized rtnl_link_stats64 struct from the kernel (line %d).", __LINE__);
+ goto err;
+ }
+
+ stats->bytes_in = nlresp_data.stats.rx_bytes;
+ stats->bytes_out = nlresp_data.stats.tx_bytes;
+ stats->pkts_in = nlresp_data.stats.rx_packets;
+ stats->pkts_out = nlresp_data.stats.tx_packets;
+
+ return 1;
+err:
+ close(fd);
+ fd = -1;
+#endif
+ return 0;
+}
+
+/********************************************************************
+ * get_ppp_stats_sysfs - return statistics for the link, using the files in sysfs,
+ * this provides native 64-bit counters.
+ */
+static int
+get_ppp_stats_sysfs(int u, struct pppd_stats *stats)
+{
+ char fname[PATH_MAX+1];
+ char buf[21], *err; /* 2^64 < 10^20 */
+ int blen, fd, rlen;
+ unsigned long long val;
+
+ struct {
+ const char* fname;
+ void* ptr;
+ unsigned size;
+ } slist[] = {
+#define statfield(fn, field) { .fname = #fn, .ptr = &stats->field, .size = sizeof(stats->field) }
+ statfield(rx_bytes, bytes_in),
+ statfield(tx_bytes, bytes_out),
+ statfield(rx_packets, pkts_in),
+ statfield(tx_packets, pkts_out),
+#undef statfield
+ };
+
+ blen = snprintf(fname, sizeof(fname), "/sys/class/net/%s/statistics/", ifname);
+ if (blen >= sizeof(fname))
+ return 0; /* ifname max 15, so this should be impossible */
+
+ for (int i = 0; i < sizeof(slist) / sizeof(*slist); ++i) {
+ if (snprintf(fname + blen, sizeof(fname) - blen, "%s", slist[i].fname) >= sizeof(fname) - blen) {
+ fname[blen] = 0;
+ error("sysfs stats: filename %s/%s overflowed PATH_MAX", fname, slist[i].fname);
+ return 0;
+ }
+
+ fd = open(fname, O_RDONLY);
+ if (fd < 0) {
+ error("%s: %m", fname);
+ return 0;
+ }
+
+ rlen = read(fd, buf, sizeof(buf) - 1);
+ close(fd);
+ if (rlen < 0) {
+ error("%s: %m", fname);
+ return 0;
+ }
+ /* trim trailing \n if present */
+ while (rlen > 0 && buf[rlen-1] == '\n')
+ rlen--;
+ buf[rlen] = 0;
+
+ errno = 0;
+ val = strtoull(buf, &err, 10);
+ if (*buf < '0' || *buf > '9' || errno != 0 || *err) {
+ error("string to number conversion error converting %s (from %s) for remaining string %s%s%s",
+ buf, fname, err, errno ? ": " : "", errno ? strerror(errno) : "");
+ return 0;
+ }
+ switch (slist[i].size) {
+#define stattype(type) case sizeof(type): *(type*)slist[i].ptr = (type)val; break
+ stattype(uint64_t);
+ stattype(uint32_t);
+ stattype(uint16_t);
+ stattype(uint8_t);
+#undef stattype
+ default:
+ error("Don't know how to store stats for %s of size %u", slist[i].fname, slist[i].size);
+ return 0;
+ }
+ }
+
+ return 1;
+}
+
+/********************************************************************
+ * Periodic timer function to be used to keep stats up to date in case of ioctl
+ * polling.
+ *
+ * Given the 25s interval this should be fine up to data rates of 1.37Gbps.
+ * If you do change the timer, remember to also bring the get_ppp_stats (which
+ * sets up the initial trigger) as well.
+ */
+static void
+ppp_stats_poller(void* u)
+{
+ struct pppd_stats dummy;
+ get_ppp_stats_ioctl((long)u, &dummy);
+ TIMEOUT(ppp_stats_poller, u, 25);
+}
+
+/********************************************************************
+ * get_ppp_stats - return statistics for the link.
+ */
+int get_ppp_stats(int u, struct pppd_stats *stats)
+{
+ static int (*func)(int, struct pppd_stats*) = NULL;
+
+ if (!func) {
+ if (get_ppp_stats_rtnetlink(u, stats)) {
+ func = get_ppp_stats_rtnetlink;
+ return 1;
+ }
+ if (get_ppp_stats_sysfs(u, stats)) {
+ func = get_ppp_stats_sysfs;
+ return 1;
+ }
+ warn("statistics falling back to ioctl which only supports 32-bit counters");
+ func = get_ppp_stats_ioctl;
+ TIMEOUT(ppp_stats_poller, (void*)(long)u, 25);
+ }
+
+ return func(u, stats);
+}
+
/********************************************************************
*
* ccp_fatal_error - returns 1 if decompression was disabled as a
* - this is normally only the case the doing demand: */
if (defaultroute_exists(&tmp_rt, -1))
del_rt = &tmp_rt;
+ } else if (!replace) {
+ /*
+ * We don't want to replace an existing route.
+ * We may however add our route along an existing route with a different
+ * metric.
+ */
+ if (defaultroute_exists(&rt, dfl_route_metric) && strcmp(rt.rt_dev, ifname) != 0) {
+ if (rt.rt_flags & RTF_GATEWAY)
+ error("not replacing existing default route via %I with metric %d",
+ SIN_ADDR(rt.rt_gateway), dfl_route_metric);
+ else
+ error("not replacing existing default route through %s with metric %d",
+ rt.rt_dev, dfl_route_metric);
+ return 0;
+ }
} else if (defaultroute_exists(&old_def_rt, -1 ) &&
strcmp( old_def_rt.rt_dev, ifname) != 0) {
/*
- * We did not yet replace an existing default route, let's
- * check if we should save and replace a default route:
+ * We want to replace an existing route and did not replace an existing
+ * default route yet, let's check if we should save and replace an
+ * existing default route:
*/
u_int32_t old_gateway = SIN_ADDR(old_def_rt.rt_gateway);
return 1;
}
-#ifdef INET6
+#ifdef PPP_WITH_IPV6CP
/*
* /proc/net/ipv6_route parsing stuff.
*/
return 1;
}
-#endif /* INET6 */
+#endif /* PPP_WITH_IPV6CP */
/********************************************************************
*
/********************************************************************
*
- * ppp_available - check whether the system has any ppp interfaces
+ * ppp_check_kernel_support - check whether the system has any ppp interfaces
* (in fact we check whether we can do an ioctl on ppp0).
*/
-int ppp_available(void)
+int ppp_check_kernel_support(void)
{
int s, ok, fd;
struct ifreq ifr;
if (if_is_up && --if_is_up > 0)
return 1;
-#ifdef INET6
+#ifdef PPP_WITH_IPV6CP
if (if6_is_up)
return 1;
-#endif /* INET6 */
+#endif /* PPP_WITH_IPV6CP */
return setifstate(u, 0);
}
-#ifdef INET6
+#ifdef PPP_WITH_IPV6CP
/********************************************************************
*
* sif6up - Config the interface up for IPv6
return setifstate(u, 0);
}
-#endif /* INET6 */
+#endif /* PPP_WITH_IPV6CP */
/********************************************************************
*
}
}
- /* This way it is possible to have an IPX-only or IPv6-only interface */
+ /* This way it is possible to have an IPv6-only interface */
memset(&ifr, 0, sizeof(ifr));
SET_SA_FAMILY(ifr.ifr_addr, AF_INET);
strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
return 1;
}
-#ifdef INET6
+#ifdef PPP_WITH_IPV6CP
/********************************************************************
*
* sif6addr_rtnetlink - Config the interface with both IPv6 link-local addresses via rtnetlink
struct in6_addr addr;
} addrs[2];
} nlreq;
- struct {
- struct nlmsghdr nlh;
- struct nlmsgerr nlerr;
- } nlresp;
- struct sockaddr_nl nladdr;
- struct iovec iov;
- struct msghdr msg;
- ssize_t nlresplen;
- int one;
- int fd;
-
- fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE);
- if (fd < 0) {
- error("sif6addr_rtnetlink: socket(NETLINK_ROUTE): %m (line %d)", __LINE__);
- return 0;
- }
-
- /*
- * Tell kernel to not send to us payload of acknowledgment error message.
- * NETLINK_CAP_ACK option is supported since Linux kernel version 4.3 and
- * older kernel versions always send full payload in acknowledgment netlink
- * message. We ignore payload of this message as we need only error code,
- * to check if our set remote peer address request succeeded or failed.
- * So ignore return value from the following setsockopt() call as setting
- * option NETLINK_CAP_ACK means for us just a kernel hint / optimization.
- */
- one = 1;
- setsockopt(fd, SOL_NETLINK, NETLINK_CAP_ACK, &one, sizeof(one));
-
- memset(&nladdr, 0, sizeof(nladdr));
- nladdr.nl_family = AF_NETLINK;
-
- if (bind(fd, (struct sockaddr *)&nladdr, sizeof(nladdr)) < 0) {
- error("sif6addr_rtnetlink: bind(AF_NETLINK): %m (line %d)", __LINE__);
- close(fd);
- return 0;
- }
+ int resp;
memset(&nlreq, 0, sizeof(nlreq));
nlreq.nlh.nlmsg_len = sizeof(nlreq);
IN6_LLADDR_FROM_EUI64(nlreq.addrs[0].addr, our_eui64);
nlreq.addrs[1].rta.rta_len = sizeof(nlreq.addrs[1]);
nlreq.addrs[1].rta.rta_type = IFA_ADDRESS;
- IN6_LLADDR_FROM_EUI64(nlreq.addrs[1].addr, his_eui64);
-
- memset(&nladdr, 0, sizeof(nladdr));
- nladdr.nl_family = AF_NETLINK;
-
- memset(&iov, 0, sizeof(iov));
- iov.iov_base = &nlreq;
- iov.iov_len = sizeof(nlreq);
-
- memset(&msg, 0, sizeof(msg));
- msg.msg_name = &nladdr;
- msg.msg_namelen = sizeof(nladdr);
- msg.msg_iov = &iov;
- msg.msg_iovlen = 1;
-
- if (sendmsg(fd, &msg, 0) < 0) {
- error("sif6addr_rtnetlink: sendmsg(RTM_NEWADDR/NLM_F_CREATE): %m (line %d)", __LINE__);
- close(fd);
- return 0;
- }
- memset(&iov, 0, sizeof(iov));
- iov.iov_base = &nlresp;
- iov.iov_len = sizeof(nlresp);
-
- memset(&msg, 0, sizeof(msg));
- msg.msg_name = &nladdr;
- msg.msg_namelen = sizeof(nladdr);
- msg.msg_iov = &iov;
- msg.msg_iovlen = 1;
-
- nlresplen = recvmsg(fd, &msg, 0);
-
- if (nlresplen < 0) {
- error("sif6addr_rtnetlink: recvmsg(NLM_F_ACK): %m (line %d)", __LINE__);
- close(fd);
- return 0;
- }
-
- close(fd);
-
- if (nladdr.nl_family != AF_NETLINK) {
- error("sif6addr_rtnetlink: recvmsg(NLM_F_ACK): Not a netlink packet (line %d)", __LINE__);
- return 0;
- }
-
- if ((size_t)nlresplen != sizeof(nlresp) || nlresp.nlh.nlmsg_len < sizeof(nlresp)) {
- error("sif6addr_rtnetlink: recvmsg(NLM_F_ACK): Acknowledgment netlink packet too short (line %d)", __LINE__);
- return 0;
- }
-
- /* acknowledgment packet for NLM_F_ACK is NLMSG_ERROR */
- if (nlresp.nlh.nlmsg_type != NLMSG_ERROR) {
- error("sif6addr_rtnetlink: recvmsg(NLM_F_ACK): Not an acknowledgment netlink packet (line %d)", __LINE__);
- return 0;
- }
+ /*
+ * To set only local address, older kernel expects that local address is
+ * in IFA_ADDRESS field (not IFA_LOCAL). New kernels with support for peer
+ * address, ignore IFA_ADDRESS if is same as IFA_LOCAL. So for backward
+ * compatibility when setting only local address, set it via both IFA_LOCAL
+ * and IFA_ADDRESS fields. Same logic is implemented in 'ip address' command
+ * from iproute2 project.
+ */
+ if (!eui64_iszero(his_eui64))
+ IN6_LLADDR_FROM_EUI64(nlreq.addrs[1].addr, his_eui64);
+ else
+ IN6_LLADDR_FROM_EUI64(nlreq.addrs[1].addr, our_eui64);
- /* error == 0 indicates success, negative value is errno code */
- if (nlresp.nlerr.error != 0) {
- error("sif6addr_rtnetlink: %s (line %d)", strerror(-nlresp.nlerr.error), __LINE__);
+ resp = rtnetlink_msg("RTM_NEWADDR/NLM_F_CREATE", NULL, &nlreq, sizeof(nlreq), NULL, NULL, 0);
+ if (resp) {
+ /*
+ * Linux kernel versions prior 3.11 do not support setting IPv6 peer
+ * addresses and error response is expected. On older kernel versions
+ * do not show this error message. On error pppd tries to fallback to
+ * the old IOCTL method.
+ */
+ errno = (resp < 0) ? -resp : EINVAL;
+ if (kernel_version >= KVERSION(3,11,0))
+ error("sif6addr_rtnetlink: %m (line %d)", __LINE__);
return 0;
}
struct in6_ifreq ifr6;
struct ifreq ifr;
struct in6_rtmsg rt6;
+ int ret;
if (sock6_fd < 0) {
errno = -sock6_fd;
if (kernel_version >= KVERSION(2,1,16)) {
/* Set both local address and remote peer address (with route for it) via rtnetlink */
- return sif6addr_rtnetlink(ifr.ifr_ifindex, our_eui64, his_eui64);
+ ret = sif6addr_rtnetlink(ifr.ifr_ifindex, our_eui64, his_eui64);
} else {
+ ret = 0;
+ }
+
+ /*
+ * Linux kernel versions prior 3.11 do not support setting IPv6 peer address
+ * via rtnetlink. So if sif6addr_rtnetlink() fails then try old IOCTL method.
+ */
+ if (!ret) {
/* Local interface */
memset(&ifr6, 0, sizeof(ifr6));
IN6_LLADDR_FROM_EUI64(ifr6.ifr6_addr, our_eui64);
error("sif6addr: ioctl(SIOCSIFADDR): %m (line %d)", __LINE__);
return 0;
}
+ }
+ if (!ret && !eui64_iszero(his_eui64)) {
/*
* Linux kernel does not provide AF_INET6 ioctl SIOCSIFDSTADDR for
* setting remote peer host address, so set only route to remote host.
}
return 1;
}
-#endif /* INET6 */
+#endif /* PPP_WITH_IPV6CP */
/*
* get_pty - get a pty master/slave pair and chown the slave side
int
get_pty(int *master_fdp, int *slave_fdp, char *slave_name, int uid)
{
- int i, mfd, sfd = -1;
+ int i, mfd, ret, sfd = -1;
char pty_name[16];
struct termios tios;
pty_name[5] = 't';
sfd = open(pty_name, O_RDWR | O_NOCTTY, 0);
if (sfd >= 0) {
- fchown(sfd, uid, -1);
- fchmod(sfd, S_IRUSR | S_IWUSR);
+ ret = fchown(sfd, uid, -1);
+ if (ret != 0) {
+ warn("Couldn't change ownership of %s, %m", pty_name);
+ }
+ ret = fchmod(sfd, S_IRUSR | S_IWUSR);
+ if (ret != 0) {
+ warn("Couldn't change permissions of %s, %m", pty_name);
+ }
break;
}
close(mfd);
return 1;
}
-\f
-/********************************************************************
- *
- * sipxfaddr - Config the interface IPX networknumber
- */
-
-int sipxfaddr (int unit, unsigned long int network, unsigned char * node )
-{
- int result = 1;
-
-#ifdef IPX_CHANGE
- int skfd;
- struct ifreq ifr;
- struct sockaddr_ipx *sipx = (struct sockaddr_ipx *) &ifr.ifr_addr;
-
- skfd = socket (AF_IPX, SOCK_DGRAM, 0);
- if (skfd < 0) {
- if (! ok_error (errno))
- dbglog("socket(AF_IPX): %m (line %d)", __LINE__);
- result = 0;
- }
- else {
- memset (&ifr, '\0', sizeof (ifr));
- strlcpy (ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
-
- memcpy (sipx->sipx_node, node, IPX_NODE_LEN);
- sipx->sipx_family = AF_IPX;
- sipx->sipx_port = 0;
- sipx->sipx_network = htonl (network);
- sipx->sipx_type = IPX_FRAME_ETHERII;
- sipx->sipx_action = IPX_CRTITF;
-/*
- * Set the IPX device
- */
- if (ioctl(skfd, SIOCSIFADDR, (caddr_t) &ifr) < 0) {
- result = 0;
- if (errno != EEXIST) {
- if (! ok_error (errno))
- dbglog("ioctl(SIOCSIFADDR, CRTITF): %m (line %d)", __LINE__);
- }
- else {
- warn("ioctl(SIOCSIFADDR, CRTITF): Address already exists");
- }
- }
- close (skfd);
- }
-#endif
- return result;
-}
-
-/********************************************************************
- *
- * cipxfaddr - Clear the information for the IPX network. The IPX routes
- * are removed and the device is no longer able to pass IPX
- * frames.
- */
-
-int cipxfaddr (int unit)
-{
- int result = 1;
-
-#ifdef IPX_CHANGE
- int skfd;
- struct ifreq ifr;
- struct sockaddr_ipx *sipx = (struct sockaddr_ipx *) &ifr.ifr_addr;
-
- skfd = socket (AF_IPX, SOCK_DGRAM, 0);
- if (skfd < 0) {
- if (! ok_error (errno))
- dbglog("socket(AF_IPX): %m (line %d)", __LINE__);
- result = 0;
- }
- else {
- memset (&ifr, '\0', sizeof (ifr));
- strlcpy (ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
-
- sipx->sipx_type = IPX_FRAME_ETHERII;
- sipx->sipx_action = IPX_DLTITF;
- sipx->sipx_family = AF_IPX;
-/*
- * Set the IPX device
- */
- if (ioctl(skfd, SIOCSIFADDR, (caddr_t) &ifr) < 0) {
- if (! ok_error (errno))
- info("ioctl(SIOCSIFADDR, IPX_DLTITF): %m (line %d)", __LINE__);
- result = 0;
- }
- close (skfd);
- }
-#endif
- return result;
-}
-
/*
* Use the hostname as part of the random number seed.
*/
get_host_seed(void)
{
int h;
- char *p = hostname;
+ const char *p;
h = 407;
for (p = hostname; *p != 0; ++p)
int
sys_check_options(void)
{
-#ifdef IPX_CHANGE
-/*
- * Disable the IPX protocol if the support is not present in the kernel.
- */
- char *path;
-
- if (ipxcp_protent.enabled_flag) {
- struct stat stat_buf;
- if ( ((path = path_to_procfs("/net/ipx/interface")) == NULL
- && (path = path_to_procfs("/net/ipx_interface")) == NULL)
- || lstat(path, &stat_buf) < 0) {
- error("IPX support is not present in the kernel\n");
- ipxcp_protent.enabled_flag = 0;
- }
- }
-#endif
if (demand && driver_is_old) {
- option_error("demand dialling is not supported by kernel driver "
+ ppp_option_error("demand dialling is not supported by kernel driver "
"version %d.%d.%d", driver_version, driver_modification,
driver_patch);
return 0;
* get_time - Get current time, monotonic if possible.
*/
int
-get_time(struct timeval *tv)
+ppp_get_time(struct timeval *tv)
{
/* Old glibc (< 2.3.4) does define CLOCK_MONOTONIC, but kernel may have it.
* Runtime checking makes it safe. */
* 3. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include <limits.h>
#include <stdio.h>
#include <stddef.h>
#include <sys/ethernet.h>
#endif
-#include "pppd.h"
+#ifdef PPP_WITH_FILTER
+#include <pcap.h>
+#endif
+
+#include "pppd-private.h"
#include "fsm.h"
#include "lcp.h"
#include "ipcp.h"
#include "ccp.h"
+#ifdef PPP_WITH_IPV6CP
+#include "eui64.h"
+#endif
+
#if !defined(PPP_DRV_NAME)
#define PPP_DRV_NAME "ppp"
#endif /* !defined(PPP_DRV_NAME) */
static int ipfd;
static int ipmuxid = -1;
-#if defined(INET6) && defined(SOL2)
+#if defined(PPP_WITH_IPV6CP) && defined(SOL2)
static int ip6fd; /* IP file descriptor */
static int ip6muxid = -1; /* Multiplexer file descriptor */
static int if6_is_up = 0; /* IPv6 interface has been marked up */
#define IN6A_LLADDR_FROM_EUI64(s, eui64) \
_IN6A_LLX_FROM_EUI64(s, eui64, 0xfe800000)
-#endif /* defined(INET6) && defined(SOL2) */
+#endif /* defined(PPP_WITH_IPV6CP) && defined(SOL2) */
-#if !defined(INET6) || !defined(SOL2)
+#if !defined(PPP_WITH_IPV6CP) || !defined(SOL2)
#define MAXIFS 256 /* Max # of interfaces */
-#endif /* defined(INET6) && defined(SOL2) */
+#endif /* defined(PPP_WITH_IPV6CP) && defined(SOL2) */
static int restore_term;
static struct termios inittermios;
}
#endif /* SOL2 */
-#if defined(SOL2) && defined(INET6)
+#if defined(SOL2) && defined(PPP_WITH_IPV6CP)
/*
* get_first_ether_hwaddr - get the hardware address for the first
* ethernet-style interface on this system.
else
return -1;
}
-#endif /* defined(SOL2) && defined(INET6) */
+#endif /* defined(SOL2) && defined(PPP_WITH_IPV6CP) */
#if defined(SOL2)
/*
}
#endif /* SOL2 */
-#if defined(SOL2) && defined(INET6)
+#if defined(SOL2) && defined(PPP_WITH_IPV6CP)
/*
* slifname - Sets interface ppa and flags
*
}
-#endif /* defined(SOL2) && defined(INET6) */
+#endif /* defined(SOL2) && defined(PPP_WITH_IPV6CP) */
/*
* sys_init - System-dependent initialization.
{
int ifd, x;
struct ifreq ifr;
-#if defined(INET6) && defined(SOL2)
+#if defined(PPP_WITH_IPV6CP) && defined(SOL2)
int i6fd;
struct lifreq lifr;
-#endif /* defined(INET6) && defined(SOL2) */
+#endif /* defined(PPP_WITH_IPV6CP) && defined(SOL2) */
#if !defined(SOL2)
struct {
union DL_primitives prim;
if (ipfd < 0)
fatal("Couldn't open IP device: %m");
-#if defined(INET6) && defined(SOL2)
+#if defined(PPP_WITH_IPV6CP) && defined(SOL2)
ip6fd = open(UDP6_DEV_NAME, O_RDWR, 0);
if (ip6fd < 0)
fatal("Couldn't open IP device (2): %m");
-#endif /* defined(INET6) && defined(SOL2) */
+#endif /* defined(PPP_WITH_IPV6CP) && defined(SOL2) */
if (default_device && !notty)
tty_sid = getsid((pid_t)0);
strioctl(ifd, PPPIO_DEBUG, &x, sizeof(int), 0);
}
-#if defined(INET6) && defined(SOL2)
+#if defined(PPP_WITH_IPV6CP) && defined(SOL2)
i6fd = open(PPP_DEV_NAME, O_RDWR, 0);
if (i6fd < 0) {
close(ifd);
x = PPPDBG_LOG + PPPDBG_DRIVER;
strioctl(i6fd, PPPIO_DEBUG, &x, sizeof(int), 0);
}
-#endif /* defined(INET6) && defined(SOL2) */
+#endif /* defined(PPP_WITH_IPV6CP) && defined(SOL2) */
#if defined(SOL2)
if (ioctl(ifd, I_PUSH, IP_MOD_NAME) < 0) {
close(ifd);
-#if defined(INET6)
+#if defined(PPP_WITH_IPV6CP)
close(i6fd);
-#endif /* defined(INET6) */
+#endif /* defined(PPP_WITH_IPV6CP) */
fatal("Can't push IP module: %m");
}
*/
if (sifppa(ifd, ifunit) < 0) {
close (ifd);
-#if defined(INET6)
+#if defined(PPP_WITH_IPV6CP)
close(i6fd);
-#endif /* defined(INET6) */
+#endif /* defined(PPP_WITH_IPV6CP) */
fatal("Can't set ppa for unit %d: %m", ifunit);
}
-#if defined(INET6)
+#if defined(PPP_WITH_IPV6CP)
/*
* An IPv6 interface is created anyway, even when the user does not
* explicitly enable it. Note that the interface will be marked
close(i6fd);
fatal("Can't set ifname for unit %d: %m", ifunit);
}
-#endif /* defined(INET6) */
+#endif /* defined(PPP_WITH_IPV6CP) */
ipmuxid = ioctl(ipfd, I_PLINK, ifd);
close(ifd);
if (ipmuxid < 0) {
-#if defined(INET6)
+#if defined(PPP_WITH_IPV6CP)
close(i6fd);
-#endif /* defined(INET6) */
+#endif /* defined(PPP_WITH_IPV6CP) */
fatal("Can't I_PLINK PPP device to IP: %m");
}
*/
if (ioctl(ipfd, SIOCSIFMUXID, &ifr) < 0) {
ioctl(ipfd, I_PUNLINK, ipmuxid);
-#if defined(INET6)
+#if defined(PPP_WITH_IPV6CP)
close(i6fd);
-#endif /* defined(INET6) */
+#endif /* defined(PPP_WITH_IPV6CP) */
fatal("SIOCSIFMUXID: %m");
}
fatal("Can't link PPP device to IP: %m");
#endif /* defined(SOL2) */
-#if defined(INET6) && defined(SOL2)
+#if defined(PPP_WITH_IPV6CP) && defined(SOL2)
ip6muxid = ioctl(ip6fd, I_PLINK, i6fd);
close(i6fd);
if (ip6muxid < 0) {
ioctl(ip6fd, I_PUNLINK, ip6muxid);
fatal("Can't link PPP device to IP (2): %m");
}
-#endif /* defined(INET6) && defined(SOL2) */
+#endif /* defined(PPP_WITH_IPV6CP) && defined(SOL2) */
#if !defined(SOL2)
/* Set the interface name for the link. */
{
#if defined(SOL2)
struct ifreq ifr;
-#if defined(INET6)
+#if defined(PPP_WITH_IPV6CP)
struct lifreq lifr;
-#endif /* defined(INET6) */
+#endif /* defined(PPP_WITH_IPV6CP) */
#endif /* defined(SOL2) */
-#if defined(SOL2) && defined(INET6)
+#if defined(SOL2) && defined(PPP_WITH_IPV6CP)
if (if6_is_up)
sif6down(0);
-#endif /* defined(SOL2) && defined(INET6) */
+#endif /* defined(SOL2) && defined(PPP_WITH_IPV6CP) */
if (if_is_up)
sifdown(0);
if (default_route_gateway)
error("Can't I_PUNLINK PPP from IP: %m");
return;
}
-#if defined(INET6)
+#if defined(PPP_WITH_IPV6CP)
/*
* Make sure we ask ip what the muxid, because 'ifconfig modlist' will
* unlink and re-link the modules, causing the muxid to change.
if (ioctl(ip6fd, I_PUNLINK, ip6muxid) < 0) {
error("Can't I_PUNLINK PPP from IP (2): %m");
}
-#endif /* defined(INET6) */
+#endif /* defined(PPP_WITH_IPV6CP) */
#endif /* defined(SOL2) */
}
* sys_close - Clean up in a child process before execing.
*/
void
-sys_close(void)
+ppp_sys_close(void)
{
close(ipfd);
-#if defined(INET6) && defined(SOL2)
+#if defined(PPP_WITH_IPV6CP) && defined(SOL2)
close(ip6fd);
-#endif /* defined(INET6) && defined(SOL2) */
+#endif /* defined(PPP_WITH_IPV6CP) && defined(SOL2) */
if (pppfd >= 0)
close(pppfd);
}
#endif
/*
- * ppp_available - check whether the system has any ppp interfaces
+ * ppp_check_kernel_support - check whether the system has any ppp interfaces
*/
int
-ppp_available(void)
+ppp_check_kernel_support(void)
{
struct stat buf;
/* Push the async hdlc module and the compressor module. */
tty_npushed = 0;
- if(!sync_serial) {
+ if(!ppp_sync_serial()) {
if (ioctl(fd, I_PUSH, AHDLC_MOD_NAME) < 0) {
error("Couldn't push PPP Async HDLC module: %m");
return -1;
struct termiox tiox;
#endif
- if (!sync_serial && tcgetattr(fd, &tios) < 0)
+ if (!ppp_sync_serial() && tcgetattr(fd, &tios) < 0)
fatal("tcgetattr: %m");
#ifndef CRTSCTS
termiox_ok = 1;
- if (!sync_serial && ioctl (fd, TCGETX, &tiox) < 0) {
+ if (!ppp_sync_serial() && ioctl (fd, TCGETX, &tiox) < 0) {
termiox_ok = 0;
if (errno != ENOTTY)
error("TCGETX: %m");
#ifndef CRTSCTS
inittermiox = tiox;
#endif
- if (!sync_serial)
+ if (!ppp_sync_serial())
ioctl(fd, TIOCGWINSZ, &wsinfo);
}
* We can't proceed if the serial port speed is 0,
* since that implies that the serial port is disabled.
*/
- if ((speed == B0) && !sync_serial)
+ if ((speed == B0) && !ppp_sync_serial())
fatal("Baud rate for %s is 0; need explicit baud rate", devnam);
}
- if (!sync_serial && tcsetattr(fd, TCSAFLUSH, &tios) < 0)
+ if (!ppp_sync_serial() && tcsetattr(fd, TCSAFLUSH, &tios) < 0)
fatal("tcsetattr: %m");
#ifndef CRTSCTS
- if (!sync_serial && termiox_ok && ioctl (fd, TCSETXF, &tiox) < 0){
+ if (!ppp_sync_serial() && termiox_ok && ioctl (fd, TCSETXF, &tiox) < 0){
error("TCSETXF: %m");
}
#endif
baud_rate = inspeed = baud_rate_of(speed);
- if (!sync_serial)
+ if (!ppp_sync_serial())
restore_term = 1;
}
*/
inittermios.c_lflag &= ~(ECHO | ECHONL);
}
- if (!sync_serial && tcsetattr(fd, TCSAFLUSH, &inittermios) < 0)
+ if (!ppp_sync_serial() && tcsetattr(fd, TCSAFLUSH, &inittermios) < 0)
if (!hungup && errno != ENXIO)
warn("tcsetattr: %m");
#ifndef CRTSCTS
- if (!sync_serial && ioctl (fd, TCSETXF, &inittermiox) < 0){
+ if (!ppp_sync_serial() && ioctl (fd, TCSETXF, &inittermiox) < 0){
if (!hungup && errno != ENXIO)
error("TCSETXF: %m");
}
#endif
- if (!sync_serial)
+ if (!ppp_sync_serial())
ioctl(fd, TIOCSWINSZ, &wsinfo);
restore_term = 0;
}
}
/*
- * netif_set_mtu - set the MTU on the PPP network interface.
+ * ppp_set_mtu - set the MTU on the PPP network interface.
*/
void
-netif_set_mtu(int unit, int mtu)
+ppp_set_mtu(int unit, int mtu)
{
struct ifreq ifr;
-#if defined(INET6) && defined(SOL2)
+#if defined(PPP_WITH_IPV6CP) && defined(SOL2)
struct lifreq lifr;
int fd;
-#endif /* defined(INET6) && defined(SOL2) */
+#endif /* defined(PPP_WITH_IPV6CP) && defined(SOL2) */
memset(&ifr, 0, sizeof(ifr));
strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name));
error("Couldn't set IP MTU (%s): %m", ifr.ifr_name);
}
-#if defined(INET6) && defined(SOL2)
+#if defined(PPP_WITH_IPV6CP) && defined(SOL2)
fd = socket(AF_INET6, SOCK_DGRAM, 0);
if (fd < 0)
error("Couldn't open IPv6 socket: %m");
error("Couldn't set IPv6 MTU (%s): %m", ifr.ifr_name);
}
close(fd);
-#endif /* defined(INET6) && defined(SOL2) */
+#endif /* defined(PPP_WITH_IPV6CP) && defined(SOL2) */
}
/*
- * netif_get_mtu - get the MTU on the PPP network interface.
+ * ppp_get_mtu - get the MTU on the PPP network interface.
*/
int
-netif_get_mtu(int unit)
+ppp_get_mtu(int unit)
{
struct ifreq ifr;
error("Couldn't set MTU: %m");
}
if (fdmuxid >= 0) {
- if (!sync_serial) {
+ if (!ppp_sync_serial()) {
if (strioctl(pppfd, PPPIO_XACCM, &asyncmap, sizeof(asyncmap), 0) < 0)
error("Couldn't set transmit ACCM: %m");
}
void
tty_set_xaccm(ext_accm accm)
{
- if (sync_serial)
+ if (ppp_sync_serial())
return;
if (fdmuxid >= 0
error("Couldn't set MRU: %m");
}
if (fdmuxid >= 0) {
- if (!sync_serial) {
+ if (!ppp_sync_serial()) {
if (strioctl(pppfd, PPPIO_RACCM, &asyncmap, sizeof(asyncmap), 0) < 0)
error("Couldn't set receive ACCM: %m");
}
{
struct ppp_stats s;
- if (!sync_serial &&
+ if (!ppp_sync_serial() &&
strioctl(pppfd, PPPIO_GETSTAT, &s, 0, sizeof(s)) < 0) {
error("Couldn't get link statistics: %m");
return 0;
return 1;
}
-#if 0
-/*
- * set_filters - transfer the pass and active filters to the kernel.
- */
-int
-set_filters(struct bpf_program *pass, struct bpf_program *active)
-{
- int ret = 1;
-
- if (pass->bf_len > 0) {
- if (strioctl(pppfd, PPPIO_PASSFILT, pass,
- sizeof(struct bpf_program), 0) < 0) {
- error("Couldn't set pass-filter in kernel: %m");
- ret = 0;
- }
- }
- if (active->bf_len > 0) {
- if (strioctl(pppfd, PPPIO_ACTIVEFILT, active,
- sizeof(struct bpf_program), 0) < 0) {
- error("Couldn't set active-filter in kernel: %m");
- ret = 0;
- }
- }
- return ret;
-}
-#endif
-
/*
* ccp_fatal_error - returns 1 if decompression was disabled as a
* result of an error detected after decompression of a packet,
return 1;
}
-#if defined(SOL2) && defined(INET6)
+#if defined(SOL2) && defined(PPP_WITH_IPV6CP)
/*
* sif6up - Config the IPv6 interface up and enable IPv6 packets to pass.
*/
return 1;
}
-#endif /* defined(SOL2) && defined(INET6) */
+#endif /* defined(SOL2) && defined(PPP_WITH_IPV6CP) */
#define INET_ADDR(x) (((struct sockaddr_in *) &(x))->sin_addr.s_addr)
pfd.events = POLLIN | POLLPRI;
do {
n = poll(&pfd, 1, 1000);
- } while (n == -1 && errno == EINTR && !got_sigterm);
+ } while (n == -1 && errno == EINTR && !ppp_signaled(SIGTERM));
if (n <= 0)
return -1;
* get_time - Get current time, monotonic if possible.
*/
int
-get_time(struct timeval *tv)
+ppp_get_time(struct timeval *tv)
{
return gettimeofday(tv, NULL);
}
* right time. Probably too hard -- the process just doesn't know.
*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include <stdlib.h>
#include <stdio.h>
#include <fcntl.h>
#include <sys/mman.h>
#include <sys/stat.h>
#include <signal.h>
+
+#include "pppd-private.h"
#include "tdb.h"
#include "spinlock.h"
+#include "pathnames.h"
#define TDB_MAGIC_FOOD "TDB file\n"
#define TDB_VERSION (0x26011967 + 6)
/* We make it up in memory, then write it out if not internal */
size = sizeof(struct tdb_header) + (hash_size+1)*sizeof(tdb_off);
- if (!(newdb = calloc(size, 1)))
+ if (!(newdb = calloc(1, size)))
return TDB_ERRCODE(TDB_ERR_OOM, -1);
/* Fill in the header */
goto internal;
}
+again:
if ((tdb->fd = open(name, open_flags, mode)) == -1) {
+ if ((open_flags & O_CREAT) && errno == ENOENT &&
+ mkdir_recursive(PPP_PATH_VARRUN) == 0)
+ goto again;
+
TDB_LOG((tdb, 5, "tdb_open_ex: could not open file %s: %s\n",
name, strerror(errno)));
goto fail; /* errno set by open(2) */
-#ifndef __TDB_H__
-#define __TDB_H__
+#ifndef PPP_TDB_H
+#define PPP_TDB_H
+
+#include "pppdconf.h"
/*
Unix SMB/CIFS implementation.
}
#endif
-#endif /* tdb.h */
+#endif /* PPP_TBD_H */
--- /dev/null
+/* SPDX-License-Identifier: GPL-2.0+ OR BSD-4-Clause OR BSD-3-Clause OR BSD-2-Clause */
+/*
+ * termios fuctions to support arbitrary baudrates (on Linux)
+ *
+ * Copyright (c) 2021 Pali Rohár <pali@kernel.org>
+ * Copyright (c) 2021 Marek Behún <kabel@kernel.org>
+ */
+
+#ifndef PPP_TERMIOS_LINUX_H
+#define PPP_TERMIOS_LINUX_H
+
+#include "pppdconf.h"
+
+/*
+ * We need to use raw TCGETS2/TCSETS2 or TCGETS/TCSETS ioctls with the BOTHER
+ * flag in struct termios2/termios, defined in Linux headers <asm/ioctls.h>
+ * and <asm/termbits.h>. Since these headers conflict with glibc's header file
+ * <termios.h>, it is not possible to use libc's termios functions and we need
+ * to reimplement them via ioctl() calls.
+ *
+ * An arbitrary baudrate is supported when the macro BOTHER is defined. The
+ * baudrate value itself is then stored into the c_ospeed and c_ispeed members.
+ * If ioctls TCGETS2/TCSETS2 are defined and supported then these fields are
+ * present in struct termios2, otherwise these fields are present in struct
+ * termios.
+ *
+ * Note that the Bnnn constants from <termios.h> need not be compatible with
+ * Bnnn constants from <asm/termbits.h>.
+ */
+
+#include <errno.h>
+#include <sys/ioctl.h>
+#include <sys/types.h>
+#include <asm/ioctls.h>
+#include <asm/termbits.h>
+
+#if defined(BOTHER) && defined(TCGETS2)
+#define termios termios2
+#endif
+
+static inline int tcgetattr(int fd, struct termios *t)
+{
+#if defined(BOTHER) && defined(TCGETS2)
+ return ioctl(fd, TCGETS2, t);
+#else
+ return ioctl(fd, TCGETS, t);
+#endif
+}
+
+static inline int tcsetattr(int fd, int a, const struct termios *t)
+{
+ int cmd;
+
+ switch (a) {
+#if defined(BOTHER) && defined(TCGETS2)
+ case TCSANOW:
+ cmd = TCSETS2;
+ break;
+ case TCSADRAIN:
+ cmd = TCSETSW2;
+ break;
+ case TCSAFLUSH:
+ cmd = TCSETSF2;
+ break;
+#else
+ case TCSANOW:
+ cmd = TCSETS;
+ break;
+ case TCSADRAIN:
+ cmd = TCSETSW;
+ break;
+ case TCSAFLUSH:
+ cmd = TCSETSF;
+ break;
+#endif
+ default:
+ errno = EINVAL;
+ return -1;
+ }
+
+ return ioctl(fd, cmd, t);
+}
+
+static inline int tcdrain(int fd)
+{
+ return ioctl(fd, TCSBRK, 1);
+}
+
+static inline int tcflush(int fd, int q)
+{
+ return ioctl(fd, TCFLSH, q);
+}
+
+static inline int tcsendbreak(int fd, int d)
+{
+#ifdef TCSBRKP
+ return ioctl(fd, TCSBRKP, d);
+#else
+ return ioctl(fd, TCSBRK, 0);
+#endif
+}
+
+static inline int tcflow(int fd, int a)
+{
+ return ioctl(fd, TCXONC, a);
+}
+
+static inline pid_t tcgetsid(int fd)
+{
+ pid_t sid;
+
+ if (ioctl(fd, TIOCGSID, &sid) < 0)
+ return (pid_t)-1;
+
+ return sid;
+}
+
+static inline speed_t cfgetospeed(const struct termios *t)
+{
+ return t->c_cflag & CBAUD;
+}
+
+static inline int cfsetospeed(struct termios *t, speed_t s)
+{
+ if (s & ~CBAUD) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ t->c_cflag &= ~CBAUD;
+ t->c_cflag |= s;
+
+ return 0;
+}
+
+#ifdef IBSHIFT
+static inline speed_t cfgetispeed(const struct termios *t)
+{
+ speed_t s = (t->c_cflag >> IBSHIFT) & CBAUD;
+
+ if (s == B0)
+ return cfgetospeed(t);
+ else
+ return s;
+}
+
+static inline int cfsetispeed(struct termios *t, speed_t s)
+{
+ if (s == 0)
+ s = B0;
+
+ if (s & ~CBAUD) {
+ errno = EINVAL;
+ return -1;
+ }
+
+ t->c_cflag &= ~(CBAUD << IBSHIFT);
+ t->c_cflag |= s << IBSHIFT;
+
+ return 0;
+}
+#else /* !IBSHIFT */
+static inline speed_t cfgetispeed(const struct termios *t)
+{
+ return cfgetospeed(t);
+}
+
+static inline int cfsetispeed(struct termios *t, speed_t s)
+{
+ return cfsetospeed(t, s);
+}
+#endif /* !IBSHIFT */
+
+static inline int cfsetspeed(struct termios *t, speed_t s)
+{
+ if (cfsetospeed(t, s))
+ return -1;
+#ifdef IBSHIFT
+ if (cfsetispeed(t, s))
+ return -1;
+#endif
+
+ return 0;
+}
+
+static void cfmakeraw(struct termios *t)
+{
+ t->c_iflag &= ~(IGNBRK | BRKINT | PARMRK | ISTRIP | INLCR | IGNCR |
+ ICRNL | IXON);
+ t->c_oflag &= ~OPOST;
+ t->c_lflag &= ~(ECHO | ECHONL | ICANON | ISIG | IEXTEN);
+ t->c_cflag &= ~(CSIZE | PARENB);
+ t->c_cflag |= CS8;
+}
+
+#endif /* PPP_TERMIOS_LINUX_H */
--- /dev/null
+/*
+ * Copyright (c) 2021 Eivind Næss. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
+#include <string.h>
+#include <openssl/ssl.h>
+#include <openssl/err.h>
+#include <openssl/x509v3.h>
+
+#include "pppd-private.h"
+#include "tls.h"
+
+/**
+ * Structure used in verifying the peer certificate
+ */
+struct tls_info
+{
+ char *peer_name;
+ X509 *peer_cert;
+ bool client;
+};
+
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+
+/*
+ * OpenSSL 1.1+ introduced a generic TLS_method()
+ * For older releases we substitute the appropriate method
+ */
+#define TLS_method SSLv23_method
+
+#ifndef SSL_CTX_set_max_proto_version
+/** Mimics SSL_CTX_set_max_proto_version for OpenSSL < 1.1 */
+static inline int SSL_CTX_set_max_proto_version(SSL_CTX *ctx, long tls_ver_max)
+{
+ long sslopt = 0;
+
+ if (tls_ver_max < TLS1_VERSION)
+ {
+ sslopt |= SSL_OP_NO_TLSv1;
+ }
+#ifdef SSL_OP_NO_TLSv1_1
+ if (tls_ver_max < TLS1_1_VERSION)
+ {
+ sslopt |= SSL_OP_NO_TLSv1_1;
+ }
+#endif
+#ifdef SSL_OP_NO_TLSv1_2
+ if (tls_ver_max < TLS1_2_VERSION)
+ {
+ sslopt |= SSL_OP_NO_TLSv1_2;
+ }
+#endif
+ SSL_CTX_set_options(ctx, sslopt);
+
+ return 1;
+}
+#endif /* SSL_CTX_set_max_proto_version */
+
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000L */
+
+
+/*
+ * Verify a certificate. Most of the work (signatures and issuer attributes checking)
+ * is done by ssl; we check the CN in the peer certificate against the peer name.
+ */
+static int tls_verify_callback(int ok, X509_STORE_CTX *ctx)
+{
+ char subject[256];
+ char cn_str[256];
+ X509 *peer_cert;
+ int err, depth;
+ SSL *ssl;
+ struct tls_info *inf;
+ char *ptr1 = NULL, *ptr2 = NULL;
+
+ peer_cert = X509_STORE_CTX_get_current_cert(ctx);
+ err = X509_STORE_CTX_get_error(ctx);
+ depth = X509_STORE_CTX_get_error_depth(ctx);
+
+ dbglog("certificate verify depth: %d", depth);
+
+ if (auth_required && !ok) {
+ X509_NAME_oneline(X509_get_subject_name(peer_cert),
+ subject, 256);
+
+ X509_NAME_get_text_by_NID(X509_get_subject_name(peer_cert),
+ NID_commonName, cn_str, 256);
+
+ dbglog("Certificate verification error:\n depth: %d CN: %s"
+ "\n err: %d (%s)\n", depth, cn_str, err,
+ X509_verify_cert_error_string(err));
+
+ return 0;
+ }
+
+ ssl = X509_STORE_CTX_get_ex_data(ctx,
+ SSL_get_ex_data_X509_STORE_CTX_idx());
+
+ inf = (struct tls_info*) SSL_get_ex_data(ssl, 0);
+ if (inf == NULL) {
+ error("Error: SSL_get_ex_data returned NULL");
+ return 0;
+ }
+
+ tls_log_sslerr();
+
+ if (!depth)
+ {
+ /* Verify certificate based on certificate type and extended key usage */
+ if (tls_verify_key_usage) {
+ int purpose = inf->client ? X509_PURPOSE_SSL_SERVER : X509_PURPOSE_SSL_CLIENT ;
+ if (X509_check_purpose(peer_cert, purpose, 0) == 0) {
+ error("Certificate verification error: nsCertType mismatch");
+ return 0;
+ }
+
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+ int flags = inf->client ? XKU_SSL_SERVER : XKU_SSL_CLIENT;
+ if (!(X509_get_extended_key_usage(peer_cert) & flags)) {
+ error("Certificate verification error: invalid extended key usage");
+ return 0;
+ }
+#endif
+ info("Certificate key usage: OK");
+ }
+
+ /*
+ * If acting as client and the name of the server wasn't specified
+ * explicitely, we can't verify the server authenticity
+ */
+ if (!tls_verify_method)
+ tls_verify_method = TLS_VERIFY_NONE;
+
+ if (!inf->peer_name || !strcmp(TLS_VERIFY_NONE, tls_verify_method)) {
+ warn("Certificate verication disabled or no peer name was specified");
+ return ok;
+ }
+
+ /* This is the peer certificate */
+ X509_NAME_oneline(X509_get_subject_name(peer_cert),
+ subject, 256);
+
+ X509_NAME_get_text_by_NID(X509_get_subject_name(peer_cert),
+ NID_commonName, cn_str, 256);
+
+ /* Verify based on subject name */
+ ptr1 = inf->peer_name;
+ if (!strcmp(TLS_VERIFY_SUBJECT, tls_verify_method)) {
+ ptr2 = subject;
+ }
+
+ /* Verify based on common name (default) */
+ if (strlen(tls_verify_method) == 0 ||
+ !strcmp(TLS_VERIFY_NAME, tls_verify_method)) {
+ ptr2 = cn_str;
+ }
+
+ /* Match the suffix of common name */
+ if (!strcmp(TLS_VERIFY_SUFFIX, tls_verify_method)) {
+ int len = strlen(ptr1);
+ int off = strlen(cn_str) - len;
+ ptr2 = cn_str;
+ if (off > 0) {
+ ptr2 = cn_str + off;
+ }
+ }
+
+ if (strcmp(ptr1, ptr2)) {
+ error("Certificate verification error: CN (%s) != %s", ptr1, ptr2);
+ return 0;
+ }
+
+ if (inf->peer_cert) {
+ if (X509_cmp(inf->peer_cert, peer_cert) != 0) {
+ error("Peer certificate doesn't match stored certificate");
+ return 0;
+ }
+ }
+
+ info("Certificate CN: %s, peer name %s", cn_str, inf->peer_name);
+ }
+
+ return ok;
+}
+
+int tls_init()
+{
+#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ SSL_library_init();
+ SSL_load_error_strings();
+#endif
+ return 0;
+}
+
+int tls_set_verify(SSL_CTX *ctx, int depth)
+{
+ SSL_CTX_set_verify_depth(ctx, depth);
+ SSL_CTX_set_verify(ctx,
+ SSL_VERIFY_PEER |
+ SSL_VERIFY_FAIL_IF_NO_PEER_CERT,
+ &tls_verify_callback);
+ return 0;
+}
+
+int tls_set_verify_info(SSL *ssl, const char *peer_name, const char *peer_cert,
+ bool client, struct tls_info **out)
+{
+ if (out != NULL) {
+ struct tls_info *tmp = calloc(1, sizeof(struct tls_info));
+ if (!tmp) {
+ fatal("Allocation error");
+ }
+
+ tmp->client = client;
+ if (peer_name) {
+ tmp->peer_name = strdup(peer_name);
+ }
+
+ if (peer_cert && strlen(peer_cert) > 0) {
+ FILE *fp = fopen(peer_cert, "r");
+ if (fp) {
+ tmp->peer_cert = PEM_read_X509(fp, NULL, NULL, NULL);
+ fclose(fp);
+ }
+
+ if (!tmp->peer_cert) {
+ error("EAP-TLS: Error loading client certificate from file %s",
+ peer_cert);
+ tls_free_verify_info(&tmp);
+ return -1;
+ }
+ }
+
+ SSL_set_ex_data(ssl, 0, tmp);
+ *out = tmp;
+ return 0;
+ }
+
+ return -1;
+}
+
+void tls_free_verify_info(struct tls_info **in) {
+ if (in && *in) {
+ struct tls_info *tmp = *in;
+ if (tmp->peer_name) {
+ free(tmp->peer_name);
+ }
+ if (tmp->peer_cert) {
+ X509_free(tmp->peer_cert);
+ }
+ free(tmp);
+ *in = NULL;
+ }
+}
+
+const SSL_METHOD* tls_method() {
+ return TLS_method();
+}
+
+int tls_set_version(SSL_CTX *ctx, const char *max_version)
+{
+#if defined(TLS1_2_VERSION)
+ long tls_version = TLS1_2_VERSION;
+#elif defined(TLS1_1_VERSION)
+ long tls_version = TLS1_1_VERSION;
+#else
+ long tls_version = TLS1_VERSION;
+#endif
+
+ /* As EAP-TLS+TLSv1.3 is highly experimental we offer the user a chance to override */
+ if (max_version) {
+ if (strncmp(max_version, "1.0", 3) == 0) {
+ tls_version = TLS1_VERSION;
+ }
+ else if (strncmp(max_version, "1.1", 3) == 0) {
+ tls_version = TLS1_1_VERSION;
+ }
+ else if (strncmp(max_version, "1.2", 3) == 0) {
+#ifdef TLS1_2_VERSION
+ tls_version = TLS1_2_VERSION;
+#else
+ warn("TLSv1.2 not available. Defaulting to TLSv1.1");
+ tls_version = TLS_1_1_VERSION;
+#endif
+ }
+ else if (strncmp(max_version, "1.3", 3) == 0) {
+#ifdef TLS1_3_VERSION
+ tls_version = TLS1_3_VERSION;
+#else
+ warn("TLSv1.3 not available.");
+#endif
+ }
+ }
+
+ dbglog("Setting max protocol version to 0x%X", tls_version);
+ if (!SSL_CTX_set_max_proto_version(ctx, tls_version)) {
+ error("Could not set max protocol version");
+ return -1;
+ }
+
+ return 0;
+}
+
+int tls_set_opts(SSL_CTX *ctx) {
+
+ /* Explicitly set the NO_TICKETS flag to support Win7/Win8 clients */
+ SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3
+#ifdef SSL_OP_NO_TICKET
+ | SSL_OP_NO_TICKET
+#endif
+ | SSL_OP_NO_COMPRESSION
+ );
+
+ /* OpenSSL 1.1.1+ does not include RC4 ciphers by default.
+ * This causes totally obsolete WinXP clients to fail. If you really
+ * need ppp+EAP-TLS+openssl 1.1.1+WinXP then enable RC4 cipers and
+ * make sure that you use an OpenSSL that supports them
+
+ SSL_CTX_set_cipher_list(ctx, "RC4");
+ */
+ return 0;
+}
+
+int tls_set_crl(SSL_CTX *ctx, const char *crl_dir, const char *crl_file)
+{
+ X509_STORE *certstore = NULL;
+ X509_LOOKUP *lookup = NULL;
+ FILE *fp = NULL;
+ int status = -1;
+
+ if (crl_dir) {
+ if (!(certstore = SSL_CTX_get_cert_store(ctx))) {
+ error("Failed to get certificate store");
+ goto done;
+ }
+
+ if (!(lookup =
+ X509_STORE_add_lookup(certstore, X509_LOOKUP_hash_dir()))) {
+ error("Store lookup for CRL failed");
+ goto done;
+ }
+
+ X509_LOOKUP_add_dir(lookup, crl_dir, X509_FILETYPE_PEM);
+ X509_STORE_set_flags(certstore, X509_V_FLAG_CRL_CHECK);
+ }
+
+ if (crl_file) {
+ X509_CRL *crl = NULL;
+
+ fp = fopen(crl_file, "r");
+ if (!fp) {
+ error("Cannot open CRL file '%s'", crl_file);
+ goto done;
+ }
+
+ crl = PEM_read_X509_CRL(fp, NULL, NULL, NULL);
+ if (!crl) {
+ error("Cannot read CRL file '%s'", crl_file);
+ goto done;
+ }
+
+ if (!(certstore = SSL_CTX_get_cert_store(ctx))) {
+ error("Failed to get certificate store");
+ goto done;
+ }
+ if (!X509_STORE_add_crl(certstore, crl)) {
+ error("Cannot add CRL to certificate store");
+ goto done;
+ }
+ X509_STORE_set_flags(certstore, X509_V_FLAG_CRL_CHECK);
+ }
+
+ status = 0;
+
+done:
+
+ if (fp != NULL) {
+ fclose(fp);
+ }
+
+ return status;
+}
+
+int tls_set_ca(SSL_CTX *ctx, const char *ca_dir, const char *ca_file)
+{
+ if (ca_file && strlen(ca_file) == 0) {
+ ca_file = NULL;
+ }
+
+ if (ca_dir && strlen(ca_dir) == 0) {
+ ca_dir = NULL;
+ }
+
+ if (!SSL_CTX_load_verify_locations(ctx, ca_file, ca_dir)) {
+
+ error("Cannot load verify locations");
+ if (ca_file) {
+ dbglog("CA certificate file = [%s]", ca_file);
+ }
+
+ if (ca_dir) {
+ dbglog("CA certificate path = [%s]", ca_dir);
+ }
+
+ return -1;
+ }
+
+ return 0;
+}
+
+void tls_log_sslerr( void )
+{
+ unsigned long ssl_err = ERR_get_error();
+
+ if (ssl_err != 0)
+ dbglog("EAP-TLS SSL error stack:");
+ while (ssl_err != 0) {
+ dbglog( ERR_error_string( ssl_err, NULL ) );
+ ssl_err = ERR_get_error();
+ }
+}
+
--- /dev/null
+/*
+ * Copyright (c) 2021 Eivind Næss. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. The name(s) of the authors of this software must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission.
+ *
+ * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
+ * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN
+ * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef PPP_TLS_H
+#define PPP_TLS_H
+
+#include "pppdconf.h"
+
+/**
+ * Structure used in verifying the peer certificate
+ */
+struct tls_info;
+
+/**
+ * Initialize the SSL library
+ */
+int tls_init();
+
+/**
+ * Get the SSL_METHOD
+ */
+const SSL_METHOD* tls_method();
+
+/**
+ * Configure the SSL options
+ */
+int tls_set_opts(SSL_CTX *ctx);
+
+/**
+ * Configure the SSL context's max TLS version
+ */
+int tls_set_version(SSL_CTX *ctx, const char *max_version);
+
+/**
+ * Configure the SSL context's verify callback
+ */
+int tls_set_verify(SSL_CTX *ctx, int depth);
+
+/**
+ * Configure the SSL verify information
+ */
+int tls_set_verify_info(SSL *ssl, const char *peer_name, const char *peer_cert_file,
+ bool client, struct tls_info **out);
+
+/**
+ * Free the tls_info structure and it's members
+ */
+void tls_free_verify_info(struct tls_info **in);
+
+/**
+ * Configure the SSL context's CRL details
+ */
+int tls_set_crl(SSL_CTX *ctx, const char *crl_dir, const char *crl_file);
+
+/**
+ * Configure the SSL context's CA verify locations
+ */
+int tls_set_ca(SSL_CTX *ctx, const char *ca_dir, const char *ca_file);
+
+/**
+ * Log all errors from ssl library
+ */
+void tls_log_sslerr( void );
+
+#endif /* PPP_TLS_H */
* 3. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include <stdio.h>
#include <ctype.h>
#include <stdlib.h>
#include <netinet/in.h>
#include <arpa/inet.h>
-#include "pppd.h"
+#include "pppd-private.h"
+#include "options.h"
#include "fsm.h"
#include "lcp.h"
static int setspeed(char *, char **, int);
static int setxonxoff(char **);
static int setescape(char **);
-static void printescape(option_t *, void (*)(void *, char *,...),void *);
+static void printescape(struct option *, void (*)(void *, char *,...),void *);
static void finish_tty(void);
static int start_charshunt(int, int);
static void stop_charshunt(void *, int);
struct stat devstat; /* result of stat() on devnam */
/* option variables */
+char devnam[MAXPATHLEN]; /* Device name */
+char ppp_devname[MAXPATHLEN];/* name of PPP tty (maybe ttypx) */
int crtscts = 0; /* Use hardware flow control */
int stop_bits = 1; /* Number of serial port stop bits */
bool modem = 1; /* Use modem control lines */
u_int32_t xmit_accm[8]; /* extended transmit ACCM */
/* option descriptors */
-option_t tty_options[] = {
+static struct option tty_options[] = {
/* device name must be first, or change connect_tty() below! */
{ "device name", o_wild, (void *) &setdevname,
"Serial port device name",
&tty_close_fds
};
+bool
+ppp_sync_serial()
+{
+ return sync_serial;
+}
+
+bool
+ppp_get_modem()
+{
+ return modem;
+}
+
+void
+ppp_set_modem(bool on)
+{
+ modem = on;
+}
+
+bool
+ppp_using_pty()
+{
+ return using_pty;
+}
+
+int
+ppp_set_pppdevnam(const char *name)
+{
+ if (name) {
+ return strlcpy(ppp_devname, name, sizeof(ppp_devname));
+ }
+ return -1;
+}
+
+const char *
+ppp_pppdevnam()
+{
+ return ppp_devname;
+}
+
+const char *
+ppp_devnam()
+{
+ return devnam;
+}
+
+int
+ppp_set_devnam(const char *name)
+{
+ if (name) {
+ return strlcpy(devnam, name, sizeof(devnam));
+ }
+ return -1;
+}
+
+
/*
* setspeed - Set the serial port baud rate.
* If doit is 0, the call is to check whether this option is
if (stat(cp, &statbuf) < 0) {
if (!doit)
return errno != ENOENT;
- option_error("Couldn't stat %s: %m", cp);
+ ppp_option_error("Couldn't stat %s: %m", cp);
return 0;
}
if (!S_ISCHR(statbuf.st_mode)) {
if (doit)
- option_error("%s is not a character device", cp);
+ ppp_option_error("%s is not a character device", cp);
return 0;
}
if (doit) {
- strlcpy(devnam, cp, sizeof(devnam));
+ strlcpy(devnam, cp, MAXPATHLEN);
devstat = statbuf;
default_device = 0;
}
while (*p) {
n = strtol(p, &endp, 16);
if (p == endp) {
- option_error("escape parameter contains invalid hex number '%s'",
+ ppp_option_error("escape parameter contains invalid hex number '%s'",
p);
return 0;
}
p = endp;
if (n < 0 || n == 0x5E || n > 0xFF) {
- option_error("can't escape character 0x%x", n);
+ ppp_option_error("can't escape character 0x%x", n);
ret = 0;
} else
- xmit_accm[n >> 5] |= 1 << (n & 0x1F);
+ xmit_accm[n >> 5] |= 1U << (n & 0x1F);
while (*p == ',' || *p == ' ')
++p;
}
}
static void
-printescape(option_t *opt, void (*printer)(void *, char *, ...), void *arg)
+printescape(struct option *opt, void (*printer)(void *, char *, ...), void *arg)
{
int n;
int first = 1;
for (n = 0; n < 256; ++n) {
if (n == 0x7d)
n += 2; /* skip 7d, 7e */
- if (xmit_accm[n >> 5] & (1 << (n & 0x1f))) {
+ if (xmit_accm[n >> 5] & (1U << (n & 0x1f))) {
if (!first)
printer(arg, ",");
else
*/
void tty_init(void)
{
- add_notifier(&pidchange, maybe_relock, 0);
+ ppp_add_notify(NF_PID_CHANGE, maybe_relock, 0);
the_channel = &tty_channel;
- xmit_accm[3] = 0x60000000;
+ xmit_accm[3] = 0x60000000U;
}
/*
if (default_device) {
char *p;
if (!isatty(0) || (p = ttyname(0)) == NULL) {
- option_error("no device specified and stdin is not a tty");
+ ppp_option_error("no device specified and stdin is not a tty");
exit(EXIT_OPTION_ERROR);
}
- strlcpy(devnam, p, sizeof(devnam));
+ strlcpy(devnam, p, MAXPATHLEN);
if (stat(devnam, &devstat) < 0)
fatal("Couldn't stat default device %s: %m", devnam);
}
int fdflags;
if (demand && notty) {
- option_error("demand-dialling is incompatible with notty");
+ ppp_option_error("demand-dialling is incompatible with notty");
exit(EXIT_OPTION_ERROR);
}
if (demand && connect_script == 0 && ptycommand == NULL
&& pty_socket == NULL) {
- option_error("connect script is required for demand-dialling\n");
+ ppp_option_error("connect script is required for demand-dialling\n");
exit(EXIT_OPTION_ERROR);
}
/* default holdoff to 0 if no connect script has been given */
if (using_pty) {
if (!default_device) {
- option_error("%s option precludes specifying device name",
+ ppp_option_error("%s option precludes specifying device name",
pty_socket? "socket": notty? "notty": "pty");
exit(EXIT_OPTION_ERROR);
}
if (ptycommand != NULL && notty) {
- option_error("pty option is incompatible with notty option");
+ ppp_option_error("pty option is incompatible with notty option");
exit(EXIT_OPTION_ERROR);
}
if (pty_socket != NULL && (ptycommand != NULL || notty)) {
- option_error("socket option is incompatible with pty and notty");
+ ppp_option_error("socket option is incompatible with pty and notty");
exit(EXIT_OPTION_ERROR);
}
default_device = notty;
* Get a pty master/slave pair if the pty, notty, socket,
* or record options were specified.
*/
- strlcpy(ppp_devnam, devnam, sizeof(ppp_devnam));
+ strlcpy(ppp_devname, devnam, MAXPATHLEN);
pty_master = -1;
pty_slave = -1;
real_ttyfd = -1;
if (using_pty || record_file != NULL) {
- if (!get_pty(&pty_master, &pty_slave, ppp_devnam, uid)) {
+ if (!get_pty(&pty_master, &pty_slave, ppp_devname, uid)) {
error("Couldn't allocate pseudo-tty");
- status = EXIT_FATAL_ERROR;
+ ppp_set_status(EXIT_FATAL_ERROR);
return -1;
}
set_up_tty(pty_slave, 1);
/*
* Lock the device if we've been asked to.
*/
- status = EXIT_LOCK_FAILED;
+ ppp_set_status(EXIT_LOCK_FAILED);
if (lockflag && !privopen) {
if (lock(devnam) < 0)
goto errret;
if (prio < OPRIO_ROOT && seteuid(uid) == -1) {
error("Unable to drop privileges before opening %s: %m\n",
devnam);
- status = EXIT_OPEN_FAILED;
+ ppp_set_status(EXIT_OPEN_FAILED);
goto errret;
}
real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR, 0);
errno = err;
if (err != EINTR) {
error("Failed to open %s: %m", devnam);
- status = EXIT_OPEN_FAILED;
+ ppp_set_status(EXIT_OPEN_FAILED);
}
if (!persist || err != EINTR)
goto errret;
* If the pty, socket, notty and/or record option was specified,
* start up the character shunt now.
*/
- status = EXIT_PTYCMD_FAILED;
+ ppp_set_status(EXIT_PTYCMD_FAILED);
if (ptycommand != NULL) {
if (record_file != NULL) {
int ipipe[2], opipe[2], ok;
if (initializer && initializer[0]) {
if (device_script(initializer, ttyfd, ttyfd, 0) < 0) {
error("Initializer script failed");
- status = EXIT_INIT_FAILED;
+ ppp_set_status(EXIT_INIT_FAILED);
goto errretf;
}
if (got_sigterm) {
if (connector && connector[0]) {
if (device_script(connector, ttyfd, ttyfd, 0) < 0) {
error("Connect script failed");
- status = EXIT_CONNECT_FAILED;
+ ppp_set_status(EXIT_CONNECT_FAILED);
goto errretf;
}
if (got_sigterm) {
break;
if (errno != EINTR) {
error("Failed to reopen %s: %m", devnam);
- status = EXIT_OPEN_FAILED;
+ ppp_set_status(EXIT_OPEN_FAILED);
}
if (!persist || errno != EINTR || hungup || got_sigterm)
goto errret;
}
slprintf(numbuf, sizeof(numbuf), "%d", baud_rate);
- script_setenv("SPEED", numbuf, 0);
+ ppp_script_setenv("SPEED", numbuf, 0);
/* run welcome script, if any */
if (welcomer && welcomer[0]) {
static int
start_charshunt(int ifd, int ofd)
{
- int cpid;
+ int cpid, ret;
- cpid = safe_fork(ifd, ofd, (log_to_fd >= 0? log_to_fd: 2));
+ cpid = ppp_safe_fork(ifd, ofd, (log_to_fd >= 0? log_to_fd: 2));
if (cpid == -1) {
error("Can't fork process for character shunt: %m");
return 0;
log_to_fd = -1;
else if (log_to_fd >= 0)
log_to_fd = 2;
- setgid(getgid());
- setuid(uid);
- if (getuid() != uid)
- fatal("setuid failed");
+ ret = setgid(getgid());
+ if (ret != 0) {
+ fatal("setgid failed, %m");
+ }
+ ret = setuid(uid);
+ if (ret != 0 || getuid() != uid) {
+ fatal("setuid failed, %m");
+ }
charshunt(0, 1, record_file);
exit(0);
}
pty_readable = stdin_readable = 1;
ilevel = olevel = 0;
- get_time(&levelt);
+ ppp_get_time(&levelt);
if (max_data_rate) {
max_level = max_data_rate / 10;
if (max_level < 100)
int nbt;
struct timeval now;
- get_time(&now);
+ ppp_get_time(&now);
dt = (now.tv_sec - levelt.tv_sec
+ (now.tv_usec - levelt.tv_usec) / 1e6);
nbt = (int)(dt * max_data_rate);
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
/*
* TODO:
*/
#include <stdio.h>
#include <string.h>
-#include "pppd.h"
+#include "pppd-private.h"
+#include "options.h"
#include "upap.h"
/*
* Command-line options.
*/
-static option_t pap_option_list[] = {
+static struct option pap_option_list[] = {
{ "hide-password", o_bool, &hide_password,
"Don't output passwords to log", OPT_PRIO | 1 },
{ "show-password", o_bool, &hide_password,
* AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#ifndef PPP_UPAP_H
+#define PPP_UPAP_H
+
+#include "pppdconf.h"
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
/*
* Packet header = Code, id, length.
int us_passwdlen; /* Password length */
int us_clientstate; /* Client state */
int us_serverstate; /* Server state */
- u_char us_id; /* Current id */
+ unsigned char us_id; /* Current id */
int us_timeouttime; /* Timeout (seconds) for auth-req retrans. */
int us_transmits; /* Number of auth-reqs sent */
int us_maxtransmits; /* Maximum number of auth-reqs to send */
void upap_authpeer(int);
extern struct protent pap_protent;
+
+typedef int (pap_check_hook_fn)(void);
+typedef int (pap_auth_hook_fn)(char *user, char *passwd, char **msgp,
+ struct wordlist **paddrs,
+ struct wordlist **popts);
+typedef void (pap_logout_hook_fn)(void);
+typedef int (pap_passwd_hook_fn)(char *user, char *passwd);
+
+/*
+ * This function will return a value of 1 to indicate that a plugin intent to
+ * supply a username or a password through the pap_auth_hook callback.
+ *
+ * A return value of > 0 will avoid parsing pap-secrets file.
+ */
+extern pap_check_hook_fn *pap_check_hook;
+
+/*
+ * This hook is used to check if a username and password matches against the
+ * PAP secrets.
+ */
+extern pap_auth_hook_fn *pap_auth_hook;
+
+/*
+ * Hook for plugin to know about PAP user logout.
+ */
+extern pap_logout_hook_fn *pap_logout_hook;
+
+/*
+ * A plugin can chose to supply its own user and password overriding what
+ * previously has been configured. Hook is only valid when pppd is acting
+ * as a client
+ */
+extern pap_passwd_hook_fn *pap_passwd_hook;
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif // PPP_UPAP_H
* 3. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
#include <stdarg.h>
#include <stdio.h>
#include <ctype.h>
#include <sys/mkdev.h>
#endif
-#include "pppd.h"
+#include "pppd-private.h"
#include "fsm.h"
#include "lcp.h"
+#include "pathnames.h"
#if defined(SUNOS4)
extern char *strerror();
#endif
-static void logit(int, char *, va_list);
+static void logit(int, const char *, va_list);
static void log_write(int, char *);
static void vslp_printer(void *, char *, ...);
static void format_packet(u_char *, int, printer_func, void *);
* Returns the number of chars put into buf.
*/
int
-slprintf(char *buf, int buflen, char *fmt, ...)
+slprintf(char *buf, int buflen, const char *fmt, ...)
{
va_list args;
int n;
#define OUTCHAR(c) (buflen > 0? (--buflen, *buf++ = (c)): 0)
int
-vslprintf(char *buf, int buflen, char *fmt, va_list args)
+vslprintf(char *buf, int buflen, const char *fmt, va_list args)
{
int c, i, n;
int width, prec, fillch;
int base, len, neg, quoted;
+ long lval = 0;
unsigned long val = 0;
- char *str, *f, *buf0;
+ char *str, *buf0;
+ const char *f;
unsigned char *p;
char num[32];
time_t t;
c = *fmt++;
switch (c) {
case 'd':
- val = va_arg(args, long);
- if (val < 0) {
+ lval = va_arg(args, long);
+ if (lval < 0) {
neg = 1;
- val = -val;
- }
+ val = -lval;
+ } else
+ val = lval;
base = 10;
break;
case 'u':
OUTCHAR(c);
}
continue;
+#ifndef UNIT_TEST
case 'P': /* print PPP packet */
bufinfo.ptr = buf;
bufinfo.len = buflen + 1;
buf = bufinfo.ptr;
buflen = bufinfo.len - 1;
continue;
+#endif
case 'B':
p = va_arg(args, unsigned char *);
for (n = prec; n > 0; --n) {
}
#endif /* unused */
+#ifndef UNIT_TEST
/*
* format_packet - make a readable representation of a packet,
* calling `printer(arg, format, ...)' to output it.
else
printer(arg, "%.*B", len, p);
}
+#endif /* UNIT_TEST */
/*
* init_pr_log, end_pr_log - initialize and finish use of pr_log.
* logit - does the hard work for fatal et al.
*/
static void
-logit(int level, char *fmt, va_list args)
+logit(int level, const char *fmt, va_list args)
{
char buf[1024];
log_write(level, buf);
}
+#ifndef UNIT_TEST
static void
log_write(int level, char *buf)
{
log_to_fd = -1;
}
}
+#else
+static void
+log_write(int level, char *buf)
+{
+ printf("<%d>: %s\n", level, buf);
+}
+#endif
/*
* fatal - log an error message and die horribly.
*/
void
-fatal(char *fmt, ...)
+fatal(const char *fmt, ...)
{
va_list pvar;
logit(LOG_ERR, fmt, pvar);
va_end(pvar);
+#ifndef UNIT_TEST
die(1); /* as promised */
+#else
+ exit(-1);
+#endif
}
/*
* error - log an error message.
*/
void
-error(char *fmt, ...)
+error(const char *fmt, ...)
{
va_list pvar;
* warn - log a warning message.
*/
void
-warn(char *fmt, ...)
+warn(const char *fmt, ...)
{
va_list pvar;
* notice - log a notice-level message.
*/
void
-notice(char *fmt, ...)
+notice(const char *fmt, ...)
{
va_list pvar;
* info - log an informational message.
*/
void
-info(char *fmt, ...)
+info(const char *fmt, ...)
{
va_list pvar;
* dbglog - log a debug message.
*/
void
-dbglog(char *fmt, ...)
+dbglog(const char *fmt, ...)
{
va_list pvar;
dbglog("%s %P", tag, p, len);
}
+
+#ifndef UNIT_TEST
/*
* complete_read - read a full `count' bytes from fd,
* unless end-of-file or an error other than EINTR is encountered.
for (done = 0; done < count; ) {
nb = read(fd, ptr, count - done);
if (nb < 0) {
- if (errno == EINTR && !got_sigterm)
+ if (errno == EINTR && !ppp_signaled(SIGTERM))
continue;
return -1;
}
}
return done;
}
-
-/* Procedures for locking the serial device using a lock file. */
-#ifndef LOCK_DIR
-#ifdef __linux__
-#define LOCK_DIR "/var/lock"
-#else
-#ifdef SVR4
-#define LOCK_DIR "/var/spool/locks"
-#else
-#define LOCK_DIR "/var/spool/lock"
-#endif
#endif
-#endif /* LOCK_DIR */
+/*
+ * mkdir_check - helper for mkdir_recursive, creates a directory
+ * but do not error on EEXIST if and only if entry is a directory
+ * The caller must check for errno == ENOENT if appropriate.
+ */
+static int
+mkdir_check(const char *path)
+{
+ struct stat statbuf;
+
+ if (mkdir(path, 0755) >= 0)
+ return 0;
+
+ if (errno == EEXIST) {
+ if (stat(path, &statbuf) < 0)
+ /* got raced? */
+ return -1;
+
+ if ((statbuf.st_mode & S_IFMT) == S_IFDIR)
+ return 0;
+
+ /* already exists but not a dir, treat as failure */
+ errno = EEXIST;
+ return -1;
+ }
+
+ return -1;
+}
+
+/*
+ * mkdir_parent - helper for mkdir_recursive, modifies the string in place
+ * Assumes mkdir(path) already failed, so it first creates the parent then
+ * full path again.
+ */
+static int
+mkdir_parent(char *path)
+{
+ char *slash;
+ int rc;
+
+ slash = strrchr(path, '/');
+ if (!slash)
+ return -1;
+
+ *slash = 0;
+ if (mkdir_check(path) < 0) {
+ if (errno != ENOENT) {
+ *slash = '/';
+ return -1;
+ }
+ if (mkdir_parent(path) < 0) {
+ *slash = '/';
+ return -1;
+ }
+ }
+ *slash = '/';
+
+ return mkdir_check(path);
+}
+
+/*
+ * mkdir_recursive - recursively create directory if it didn't exist
+ */
+int
+mkdir_recursive(const char *path)
+{
+ char *copy;
+ int rc;
+
+ // optimistically try on full path first to avoid allocation
+ if (mkdir_check(path) == 0)
+ return 0;
+
+ copy = strdup(path);
+ if (!copy)
+ return -1;
+
+ rc = mkdir_parent(copy);
+ free(copy);
+ return rc;
+}
+
+/* Procedures for locking the serial device using a lock file. */
static char lock_file[MAXPATHLEN];
/*
#else /* LOCKLIB */
char lock_buffer[12];
- int fd, pid, n;
+ int fd, pid, n, siz;
#ifdef SVR4
struct stat sbuf;
return -1;
}
slprintf(lock_file, sizeof(lock_file), "%s/LK.%03d.%03d.%03d",
- LOCK_DIR, major(sbuf.st_dev),
+ PPP_PATH_LOCKDIR, major(sbuf.st_dev),
major(sbuf.st_rdev), minor(sbuf.st_rdev));
#else
char *p;
if ((p = strrchr(dev, '/')) != NULL)
dev = p + 1;
- slprintf(lock_file, sizeof(lock_file), "%s/LCK..%s", LOCK_DIR, dev);
+ slprintf(lock_file, sizeof(lock_file), "%s/LCK..%s", PPP_PATH_LOCKDIR, dev);
#endif
while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR, 0644)) < 0) {
pid = getpid();
#ifndef LOCK_BINARY
+ siz = 11;
slprintf(lock_buffer, sizeof(lock_buffer), "%10d\n", pid);
- write (fd, lock_buffer, 11);
+ n = write (fd, lock_buffer, siz);
#else
- write(fd, &pid, sizeof (pid));
+ siz = sizeof (pid);
+ n = write(fd, &pid, siz);
#endif
+ if (n != siz) {
+ error("Could not write pid to lock file when locking");
+ }
close(fd);
return 0;
return -1;
#else /* LOCKLIB */
- int fd;
+ int fd, n, siz;
char lock_buffer[12];
if (lock_file[0] == 0)
}
#ifndef LOCK_BINARY
+ siz = 11;
slprintf(lock_buffer, sizeof(lock_buffer), "%10d\n", pid);
- write (fd, lock_buffer, 11);
+ n = write (fd, lock_buffer, siz);
#else
- write(fd, &pid, sizeof(pid));
+ siz = sizeof(pid);
+ n = write(fd, &pid, siz);
#endif /* LOCK_BINARY */
+ if (n != siz) {
+ error("Could not write pid to lock file when locking");
+ }
close(fd);
return 0;
--- /dev/null
+#include <fcntl.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <unistd.h>
+
+#include "pppd-private.h"
+
+/* globals used in test.c... */
+int debug = 1;
+int error_count;
+int unsuccess;
+
+/* check if path exists and returns its type */
+static int
+file_type(char *path)
+{
+ struct stat statbuf;
+
+ if (stat(path, &statbuf) < 0)
+ return -1;
+
+ return statbuf.st_mode & S_IFMT;
+}
+
+int
+test_simple() {
+ if (mkdir_recursive("dir"))
+ return -1;
+
+ if (file_type("dir") != S_IFDIR)
+ return -1;
+
+ rmdir("dir");
+ return 0;
+}
+
+int
+test_recurse() {
+ if (mkdir_recursive("dir/subdir/subsubdir"))
+ return -1;
+
+ if (file_type("dir/subdir/subsubdir") != S_IFDIR)
+ return -1;
+
+ rmdir("dir/subdir/subsubdir");
+
+ /* try again with partial existence */
+ if (mkdir_recursive("dir/subdir/subsubdir"))
+ return -1;
+
+ if (file_type("dir/subdir/subsubdir") != S_IFDIR)
+ return -1;
+
+ rmdir("dir/subdir/subsubdir");
+ rmdir("dir/subdir");
+ rmdir("dir");
+ return 0;
+}
+
+int
+test_recurse_multislash() {
+ if (mkdir_recursive("dir/subdir///subsubdir"))
+ return -1;
+
+ if (file_type("dir/subdir/subsubdir") != S_IFDIR)
+ return -1;
+
+ rmdir("dir/subdir/subsubdir");
+ rmdir("dir/subdir");
+
+ /* try again with partial existence */
+ if (mkdir_recursive("dir/subdir/subsubdir///"))
+ return -1;
+
+ if (file_type("dir/subdir/subsubdir") != S_IFDIR)
+ return -1;
+
+ rmdir("dir/subdir/subsubdir");
+ rmdir("dir/subdir");
+ rmdir("dir");
+ return 0;
+}
+
+int
+test_parent_notdir() {
+ int fd = open("file", O_CREAT, 0600);
+ if (fd < 0)
+ return -1;
+ close(fd);
+
+ if (mkdir_recursive("file") == 0)
+ return -1;
+ if (mkdir_recursive("file/dir") == 0)
+ return -1;
+
+ unlink("file");
+ return 0;
+}
+
+int
+main()
+{
+ char *base_dir = strdup("/tmp/ppp_utils_utest.XXXXXX");
+ int failure = 0;
+
+ if (mkdtemp(base_dir) == NULL) {
+ printf("Could not create test directory, aborting\n");
+ return 1;
+ }
+
+ if (chdir(base_dir) < 0) {
+ printf("Could not enter newly created test dir, aborting\n");
+ return 1;
+ }
+
+ if (test_simple()) {
+ printf("Could not create simple directory\n");
+ failure++;
+ }
+
+ if (test_recurse()) {
+ printf("Could not create recursive directory\n");
+ failure++;
+ }
+
+ if (test_recurse_multislash()) {
+ printf("Could not create recursive directory with multiple slashes\n");
+ failure++;
+ }
+
+ if (test_parent_notdir()) {
+ printf("Creating over a file appeared to work?\n");
+ failure++;
+ }
+
+ rmdir(base_dir);
+ free(base_dir);
+ return failure;
+}
--- /dev/null
+sbin_PROGRAMS = pppdump
+dist_man8_MANS = pppdump.8
+
+pppdump_SOURCES = pppdump.c bsd-comp.c deflate.c zlib.c
+
+noinst_HEADERS = \
+ ppp-comp.h \
+ zlib.h
+++ /dev/null
-CROSS_COMPILE=@CROSS_COMPILE@
-CC=$(CROSS_COMPILE)@CC@
-COPTS=@CFLAGS@
-
-DESTDIR = $(INSTROOT)@DESTDIR@
-BINDIR = $(DESTDIR)/sbin
-MANDIR = $(DESTDIR)/share/man/man8
-
-CFLAGS = $(COPTS) -I../include/net
-OBJS = pppdump.o bsd-comp.o deflate.o zlib.o
-
-INSTALL= install
-
-all: pppdump
-
-pppdump: $(OBJS)
- $(CC) $(LDFLAGS) -o pppdump $(OBJS)
-
-clean:
- rm -f pppdump $(OBJS) *~
-
-install:
- mkdir -p $(BINDIR) $(MANDIR)
- $(INSTALL) -c pppdump $(BINDIR)
- $(INSTALL) -c -m 444 pppdump.8 $(MANDIR)
+++ /dev/null
-#
-# pppdump Makefile for SVR4 systems
-# $Id: Makefile.sol2,v 1.4 2002/09/07 05:15:25 carlsonj Exp $
-#
-
-include ../Makedefs.com
-
-CFLAGS= $(COPTS) -I../include/net
-OBJS = pppdump.o bsd-comp.o deflate.o zlib.o
-
-all: pppdump
-
-pppdump: $(OBJS)
- $(CC) -o pppdump $(OBJS)
-
-clean:
- rm -f $(OBJS) pppdump *~
-
-install:
- $(INSTALL) -f $(BINDIR) pppdump
- $(INSTALL) -m 444 -f $(MANDIR)/man8 pppdump.8
#include <stddef.h>
#include <stdlib.h>
#include <string.h>
-#include "ppp_defs.h"
+
#include "ppp-comp.h"
#if DO_BSD_COMPRESS
stats->comp_packets = db->comp_count;
stats->inc_bytes = db->incomp_bytes;
stats->inc_packets = db->incomp_count;
- stats->ratio = db->in_count;
+
+ u_int ratio = db->in_count;
out = db->bytes_out;
- if (stats->ratio <= 0x7fffff)
- stats->ratio <<= 8;
+ if (ratio <= 0x7fffff)
+ ratio <<= 8;
else
out >>= 8;
if (out != 0)
- stats->ratio /= out;
+ stats->ratio = ratio / out;
}
/*
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
#include <stddef.h>
#include <stdlib.h>
#include <string.h>
-#include "ppp_defs.h"
+
#include "ppp-comp.h"
#include "zlib.h"
*stats = state->stats;
stats->ratio = stats->unc_bytes;
out = stats->comp_bytes + stats->unc_bytes;
- if (stats->ratio <= 0x7ffffff)
- stats->ratio <<= 8;
+ u_int ratio = stats->ratio;
+ if (ratio <= 0x7ffffff)
+ ratio <<= 8;
else
out >>= 8;
if (out != 0)
- stats->ratio /= out;
+ stats->ratio = ratio / out;
}
/*
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
#define DO_PREDICTOR_1 0
#define DO_PREDICTOR_2 0
+#if defined(SOL2)
+#include <net/ppp_defs.h>
+#else
+#include <linux/ppp_defs.h>
+#endif
+
/*
* Structure giving methods for compression/decompression.
*/
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
#include <stdlib.h>
#include <time.h>
#include <sys/types.h>
-#include "ppp_defs.h"
+
#include "ppp-comp.h"
int hexmode;
0xf78f, 0xe606, 0xd49d, 0xc514, 0xb1ab, 0xa022, 0x92b9, 0x8330,
0x7bc7, 0x6a4e, 0x58d5, 0x495c, 0x3de3, 0x2c6a, 0x1ef1, 0x0f78
};
+#define PPP_FCS(fcs, c) (((fcs) >> 8) ^ fcstab[((fcs) ^ (c)) & 0xff])
struct pkt {
int cnt;
printf("%s aborted packet:\n ", dir);
q = " ";
}
+ if (pkt->cnt >= sizeof(pkt->buf)) {
+ printf("%s over-long packet truncated:\n ", dir);
+ q = " ";
+ }
nb = pkt->cnt;
p = pkt->buf;
pkt->cnt = 0;
c ^= 0x20;
pkt->esc = 0;
}
- pkt->buf[pkt->cnt++] = c;
+ if (pkt->cnt < sizeof(pkt->buf))
+ pkt->buf[pkt->cnt++] = c;
break;
}
}
(*((strm)->zfree))((strm)->opaque, (voidpf)(addr), (size))
#define TRY_FREE(s, p, n) {if (p) ZFREE(s, p, n);}
-/* deflate.h -- internal compression state
- * Copyright (C) 1995 Jean-loup Gailly
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-
-/* WARNING: this file should *not* be used by applications. It is
- part of the implementation of the compression library and is
- subject to change. Applications should only use zlib.h.
- */
-
-
-/*+++++*/
-/* From: deflate.h,v 1.5 1995/05/03 17:27:09 jloup Exp */
-
-/* ===========================================================================
- * Internal compression state.
- */
-
-/* Data type */
-#define BINARY 0
-#define ASCII 1
-#define UNKNOWN 2
-
-#define LENGTH_CODES 29
-/* number of length codes, not counting the special END_BLOCK code */
-
-#define LITERALS 256
-/* number of literal bytes 0..255 */
-
-#define L_CODES (LITERALS+1+LENGTH_CODES)
-/* number of Literal or Length codes, including the END_BLOCK code */
-
-#define D_CODES 30
-/* number of distance codes */
-
-#define BL_CODES 19
-/* number of codes used to transfer the bit lengths */
-
-#define HEAP_SIZE (2*L_CODES+1)
-/* maximum heap size */
-
-#define MAX_BITS 15
-/* All codes must not exceed MAX_BITS bits */
-
-#define INIT_STATE 42
-#define BUSY_STATE 113
-#define FLUSH_STATE 124
-#define FINISH_STATE 666
-/* Stream status */
-
-
-/* Data structure describing a single value and its code string. */
-typedef struct ct_data_s {
- union {
- ush freq; /* frequency count */
- ush code; /* bit string */
- } fc;
- union {
- ush dad; /* father node in Huffman tree */
- ush len; /* length of bit string */
- } dl;
-} FAR ct_data;
-
-#define Freq fc.freq
-#define Code fc.code
-#define Dad dl.dad
-#define Len dl.len
-
-typedef struct static_tree_desc_s static_tree_desc;
-
-typedef struct tree_desc_s {
- ct_data *dyn_tree; /* the dynamic tree */
- int max_code; /* largest code with non zero frequency */
- static_tree_desc *stat_desc; /* the corresponding static tree */
-} FAR tree_desc;
-
-typedef ush Pos;
-typedef Pos FAR Posf;
-typedef unsigned IPos;
-
-/* A Pos is an index in the character window. We use short instead of int to
- * save space in the various tables. IPos is used only for parameter passing.
- */
-
-typedef struct deflate_state {
- z_stream *strm; /* pointer back to this zlib stream */
- int status; /* as the name implies */
- Bytef *pending_buf; /* output still pending */
- Bytef *pending_out; /* next pending byte to output to the stream */
- int pending; /* nb of bytes in the pending buffer */
- uLong adler; /* adler32 of uncompressed data */
- int noheader; /* suppress zlib header and adler32 */
- Byte data_type; /* UNKNOWN, BINARY or ASCII */
- Byte method; /* STORED (for zip only) or DEFLATED */
- int minCompr; /* min size decrease for Z_FLUSH_NOSTORE */
-
- /* used by deflate.c: */
-
- uInt w_size; /* LZ77 window size (32K by default) */
- uInt w_bits; /* log2(w_size) (8..16) */
- uInt w_mask; /* w_size - 1 */
-
- Bytef *window;
- /* Sliding window. Input bytes are read into the second half of the window,
- * and move to the first half later to keep a dictionary of at least wSize
- * bytes. With this organization, matches are limited to a distance of
- * wSize-MAX_MATCH bytes, but this ensures that IO is always
- * performed with a length multiple of the block size. Also, it limits
- * the window size to 64K, which is quite useful on MSDOS.
- * To do: use the user input buffer as sliding window.
- */
-
- ulg window_size;
- /* Actual size of window: 2*wSize, except when the user input buffer
- * is directly used as sliding window.
- */
-
- Posf *prev;
- /* Link to older string with same hash index. To limit the size of this
- * array to 64K, this link is maintained only for the last 32K strings.
- * An index in this array is thus a window index modulo 32K.
- */
-
- Posf *head; /* Heads of the hash chains or NIL. */
-
- uInt ins_h; /* hash index of string to be inserted */
- uInt hash_size; /* number of elements in hash table */
- uInt hash_bits; /* log2(hash_size) */
- uInt hash_mask; /* hash_size-1 */
-
- uInt hash_shift;
- /* Number of bits by which ins_h must be shifted at each input
- * step. It must be such that after MIN_MATCH steps, the oldest
- * byte no longer takes part in the hash key, that is:
- * hash_shift * MIN_MATCH >= hash_bits
- */
-
- long block_start;
- /* Window position at the beginning of the current output block. Gets
- * negative when the window is moved backwards.
- */
-
- uInt match_length; /* length of best match */
- IPos prev_match; /* previous match */
- int match_available; /* set if previous match exists */
- uInt strstart; /* start of string to insert */
- uInt match_start; /* start of matching string */
- uInt lookahead; /* number of valid bytes ahead in window */
-
- uInt prev_length;
- /* Length of the best match at previous step. Matches not greater than this
- * are discarded. This is used in the lazy match evaluation.
- */
-
- uInt max_chain_length;
- /* To speed up deflation, hash chains are never searched beyond this
- * length. A higher limit improves compression ratio but degrades the
- * speed.
- */
-
- uInt max_lazy_match;
- /* Attempt to find a better match only when the current match is strictly
- * smaller than this value. This mechanism is used only for compression
- * levels >= 4.
- */
-# define max_insert_length max_lazy_match
- /* Insert new strings in the hash table only if the match length is not
- * greater than this length. This saves time but degrades compression.
- * max_insert_length is used only for compression levels <= 3.
- */
-
- int level; /* compression level (1..9) */
- int strategy; /* favor or force Huffman coding*/
-
- uInt good_match;
- /* Use a faster search when the previous match is longer than this */
-
- int nice_match; /* Stop searching when current match exceeds this */
-
- /* used by trees.c: */
- /* Didn't use ct_data typedef below to supress compiler warning */
- struct ct_data_s dyn_ltree[HEAP_SIZE]; /* literal and length tree */
- struct ct_data_s dyn_dtree[2*D_CODES+1]; /* distance tree */
- struct ct_data_s bl_tree[2*BL_CODES+1]; /* Huffman tree for bit lengths */
-
- struct tree_desc_s l_desc; /* desc. for literal tree */
- struct tree_desc_s d_desc; /* desc. for distance tree */
- struct tree_desc_s bl_desc; /* desc. for bit length tree */
-
- ush bl_count[MAX_BITS+1];
- /* number of codes at each bit length for an optimal tree */
-
- int heap[2*L_CODES+1]; /* heap used to build the Huffman trees */
- int heap_len; /* number of elements in the heap */
- int heap_max; /* element of largest frequency */
- /* The sons of heap[n] are heap[2*n] and heap[2*n+1]. heap[0] is not used.
- * The same heap array is used to build all trees.
- */
-
- uch depth[2*L_CODES+1];
- /* Depth of each subtree used as tie breaker for trees of equal frequency
- */
-
- uchf *l_buf; /* buffer for literals or lengths */
-
- uInt lit_bufsize;
- /* Size of match buffer for literals/lengths. There are 4 reasons for
- * limiting lit_bufsize to 64K:
- * - frequencies can be kept in 16 bit counters
- * - if compression is not successful for the first block, all input
- * data is still in the window so we can still emit a stored block even
- * when input comes from standard input. (This can also be done for
- * all blocks if lit_bufsize is not greater than 32K.)
- * - if compression is not successful for a file smaller than 64K, we can
- * even emit a stored file instead of a stored block (saving 5 bytes).
- * This is applicable only for zip (not gzip or zlib).
- * - creating new Huffman trees less frequently may not provide fast
- * adaptation to changes in the input data statistics. (Take for
- * example a binary file with poorly compressible code followed by
- * a highly compressible string table.) Smaller buffer sizes give
- * fast adaptation but have of course the overhead of transmitting
- * trees more frequently.
- * - I can't count above 4
- */
-
- uInt last_lit; /* running index in l_buf */
-
- ushf *d_buf;
- /* Buffer for distances. To simplify the code, d_buf and l_buf have
- * the same number of elements. To use different lengths, an extra flag
- * array would be necessary.
- */
-
- ulg opt_len; /* bit length of current block with optimal trees */
- ulg static_len; /* bit length of current block with static trees */
- ulg compressed_len; /* total bit length of compressed file */
- uInt matches; /* number of string matches in current block */
- int last_eob_len; /* bit length of EOB code for last block */
-
-#ifdef DEBUG_ZLIB
- ulg bits_sent; /* bit length of the compressed data */
-#endif
-
- ush bi_buf;
- /* Output buffer. bits are inserted starting at the bottom (least
- * significant bits).
- */
- int bi_valid;
- /* Number of valid bits in bi_buf. All bits above the last valid bit
- * are always zero.
- */
-
- uInt blocks_in_packet;
- /* Number of blocks produced since the last time Z_PACKET_FLUSH
- * was used.
- */
-
-} FAR deflate_state;
-
-/* Output a byte on the stream.
- * IN assertion: there is enough room in pending_buf.
- */
-#define put_byte(s, c) {s->pending_buf[s->pending++] = (c);}
-
-
-#define MIN_LOOKAHEAD (MAX_MATCH+MIN_MATCH+1)
-/* Minimum amount of lookahead, except at the end of the input file.
- * See deflate.c for comments about the MIN_MATCH+1.
- */
-
-#define MAX_DIST(s) ((s)->w_size-MIN_LOOKAHEAD)
-/* In order to simplify the code, particularly on 16 bit machines, match
- * distances are limited to MAX_DIST instead of WSIZE.
- */
-
- /* in trees.c */
-local void ct_init OF((deflate_state *s));
-local int ct_tally OF((deflate_state *s, int dist, int lc));
-local ulg ct_flush_block OF((deflate_state *s, charf *buf, ulg stored_len,
- int flush));
-local void ct_align OF((deflate_state *s));
-local void ct_stored_block OF((deflate_state *s, charf *buf, ulg stored_len,
- int eof));
-local void ct_stored_type_only OF((deflate_state *s));
-
-
-/*+++++*/
-/* deflate.c -- compress data using the deflation algorithm
- * Copyright (C) 1995 Jean-loup Gailly.
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-
-/*
- * ALGORITHM
- *
- * The "deflation" process depends on being able to identify portions
- * of the input text which are identical to earlier input (within a
- * sliding window trailing behind the input currently being processed).
- *
- * The most straightforward technique turns out to be the fastest for
- * most input files: try all possible matches and select the longest.
- * The key feature of this algorithm is that insertions into the string
- * dictionary are very simple and thus fast, and deletions are avoided
- * completely. Insertions are performed at each input character, whereas
- * string matches are performed only when the previous match ends. So it
- * is preferable to spend more time in matches to allow very fast string
- * insertions and avoid deletions. The matching algorithm for small
- * strings is inspired from that of Rabin & Karp. A brute force approach
- * is used to find longer strings when a small match has been found.
- * A similar algorithm is used in comic (by Jan-Mark Wams) and freeze
- * (by Leonid Broukhis).
- * A previous version of this file used a more sophisticated algorithm
- * (by Fiala and Greene) which is guaranteed to run in linear amortized
- * time, but has a larger average cost, uses more memory and is patented.
- * However the F&G algorithm may be faster for some highly redundant
- * files if the parameter max_chain_length (described below) is too large.
- *
- * ACKNOWLEDGEMENTS
- *
- * The idea of lazy evaluation of matches is due to Jan-Mark Wams, and
- * I found it in 'freeze' written by Leonid Broukhis.
- * Thanks to many people for bug reports and testing.
- *
- * REFERENCES
- *
- * Deutsch, L.P.,"'Deflate' Compressed Data Format Specification".
- * Available in ftp.uu.net:/pub/archiving/zip/doc/deflate-1.1.doc
- *
- * A description of the Rabin and Karp algorithm is given in the book
- * "Algorithms" by R. Sedgewick, Addison-Wesley, p252.
- *
- * Fiala,E.R., and Greene,D.H.
- * Data Compression with Finite Windows, Comm.ACM, 32,4 (1989) 490-595
- *
- */
-
-/* From: deflate.c,v 1.8 1995/05/03 17:27:08 jloup Exp */
-
-local char zlib_copyright[] = " deflate Copyright 1995 Jean-loup Gailly ";
-/*
- If you use the zlib library in a product, an acknowledgment is welcome
- in the documentation of your product. If for some reason you cannot
- include such an acknowledgment, I would appreciate that you keep this
- copyright string in the executable of your product.
- */
-
-#define NIL 0
-/* Tail of hash chains */
-
-#ifndef TOO_FAR
-# define TOO_FAR 4096
-#endif
-/* Matches of length 3 are discarded if their distance exceeds TOO_FAR */
-
-#define MIN_LOOKAHEAD (MAX_MATCH+MIN_MATCH+1)
-/* Minimum amount of lookahead, except at the end of the input file.
- * See deflate.c for comments about the MIN_MATCH+1.
- */
-
-/* Values for max_lazy_match, good_match and max_chain_length, depending on
- * the desired pack level (0..9). The values given below have been tuned to
- * exclude worst case performance for pathological files. Better values may be
- * found for specific files.
- */
-
-typedef struct config_s {
- ush good_length; /* reduce lazy search above this match length */
- ush max_lazy; /* do not perform lazy search above this match length */
- ush nice_length; /* quit search above this match length */
- ush max_chain;
-} config;
-
-local config configuration_table[10] = {
-/* good lazy nice chain */
-/* 0 */ {0, 0, 0, 0}, /* store only */
-/* 1 */ {4, 4, 8, 4}, /* maximum speed, no lazy matches */
-/* 2 */ {4, 5, 16, 8},
-/* 3 */ {4, 6, 32, 32},
-
-/* 4 */ {4, 4, 16, 16}, /* lazy matches */
-/* 5 */ {8, 16, 32, 32},
-/* 6 */ {8, 16, 128, 128},
-/* 7 */ {8, 32, 128, 256},
-/* 8 */ {32, 128, 258, 1024},
-/* 9 */ {32, 258, 258, 4096}}; /* maximum compression */
-
-/* Note: the deflate() code requires max_lazy >= MIN_MATCH and max_chain >= 4
- * For deflate_fast() (levels <= 3) good is ignored and lazy has a different
- * meaning.
- */
-
-#define EQUAL 0
-/* result of memcmp for equal strings */
-
-/* ===========================================================================
- * Prototypes for local functions.
- */
-
-local void fill_window OF((deflate_state *s));
-local int deflate_fast OF((deflate_state *s, int flush));
-local int deflate_slow OF((deflate_state *s, int flush));
-local void lm_init OF((deflate_state *s));
-local int longest_match OF((deflate_state *s, IPos cur_match));
-local void putShortMSB OF((deflate_state *s, uInt b));
-local void flush_pending OF((z_stream *strm));
-local int read_buf OF((z_stream *strm, charf *buf, unsigned size));
-#ifdef ASMV
- void match_init OF((void)); /* asm code initialization */
-#endif
-
-#ifdef DEBUG_ZLIB
-local void check_match OF((deflate_state *s, IPos start, IPos match,
- int length));
-#endif
-
-
-/* ===========================================================================
- * Update a hash value with the given input byte
- * IN assertion: all calls to to UPDATE_HASH are made with consecutive
- * input characters, so that a running hash key can be computed from the
- * previous key instead of complete recalculation each time.
- */
-#define UPDATE_HASH(s,h,c) (h = (((h)<<s->hash_shift) ^ (c)) & s->hash_mask)
-
-
-/* ===========================================================================
- * Insert string str in the dictionary and set match_head to the previous head
- * of the hash chain (the most recent string with same hash key). Return
- * the previous length of the hash chain.
- * IN assertion: all calls to to INSERT_STRING are made with consecutive
- * input characters and the first MIN_MATCH bytes of str are valid
- * (except for the last MIN_MATCH-1 bytes of the input file).
- */
-#define INSERT_STRING(s, str, match_head) \
- (UPDATE_HASH(s, s->ins_h, s->window[(str) + (MIN_MATCH-1)]), \
- s->prev[(str) & s->w_mask] = match_head = s->head[s->ins_h], \
- s->head[s->ins_h] = (str))
-
-/* ===========================================================================
- * Initialize the hash table (avoiding 64K overflow for 16 bit systems).
- * prev[] will be initialized on the fly.
- */
-#define CLEAR_HASH(s) \
- s->head[s->hash_size-1] = NIL; \
- zmemzero((charf *)s->head, (unsigned)(s->hash_size-1)*sizeof(*s->head));
-
-/* ========================================================================= */
-int deflateInit (strm, level)
- z_stream *strm;
- int level;
-{
- return deflateInit2 (strm, level, DEFLATED, MAX_WBITS, DEF_MEM_LEVEL,
- 0, 0);
- /* To do: ignore strm->next_in if we use it as window */
-}
-
-/* ========================================================================= */
-int deflateInit2 (strm, level, method, windowBits, memLevel,
- strategy, minCompression)
- z_stream *strm;
- int level;
- int method;
- int windowBits;
- int memLevel;
- int strategy;
- int minCompression;
-{
- deflate_state *s;
- int noheader = 0;
-
- if (strm == Z_NULL) return Z_STREAM_ERROR;
-
- strm->msg = Z_NULL;
-/* if (strm->zalloc == Z_NULL) strm->zalloc = zcalloc; */
-/* if (strm->zfree == Z_NULL) strm->zfree = zcfree; */
-
- if (level == Z_DEFAULT_COMPRESSION) level = 6;
-
- if (windowBits < 0) { /* undocumented feature: suppress zlib header */
- noheader = 1;
- windowBits = -windowBits;
- }
- if (memLevel < 1 || memLevel > MAX_MEM_LEVEL || method != DEFLATED ||
- windowBits < 8 || windowBits > 15 || level < 1 || level > 9) {
- return Z_STREAM_ERROR;
- }
- s = (deflate_state *) ZALLOC(strm, 1, sizeof(deflate_state));
- if (s == Z_NULL) return Z_MEM_ERROR;
- strm->state = (struct internal_state FAR *)s;
- s->strm = strm;
-
- s->noheader = noheader;
- s->w_bits = windowBits;
- s->w_size = 1 << s->w_bits;
- s->w_mask = s->w_size - 1;
-
- s->hash_bits = memLevel + 7;
- s->hash_size = 1 << s->hash_bits;
- s->hash_mask = s->hash_size - 1;
- s->hash_shift = ((s->hash_bits+MIN_MATCH-1)/MIN_MATCH);
-
- s->window = (Bytef *) ZALLOC(strm, s->w_size, 2*sizeof(Byte));
- s->prev = (Posf *) ZALLOC(strm, s->w_size, sizeof(Pos));
- s->head = (Posf *) ZALLOC(strm, s->hash_size, sizeof(Pos));
-
- s->lit_bufsize = 1 << (memLevel + 6); /* 16K elements by default */
-
- s->pending_buf = (uchf *) ZALLOC(strm, s->lit_bufsize, 2*sizeof(ush));
-
- if (s->window == Z_NULL || s->prev == Z_NULL || s->head == Z_NULL ||
- s->pending_buf == Z_NULL) {
- strm->msg = z_errmsg[1-Z_MEM_ERROR];
- deflateEnd (strm);
- return Z_MEM_ERROR;
- }
- s->d_buf = (ushf *) &(s->pending_buf[s->lit_bufsize]);
- s->l_buf = (uchf *) &(s->pending_buf[3*s->lit_bufsize]);
- /* We overlay pending_buf and d_buf+l_buf. This works since the average
- * output size for (length,distance) codes is <= 32 bits (worst case
- * is 15+15+13=33).
- */
-
- s->level = level;
- s->strategy = strategy;
- s->method = (Byte)method;
- s->minCompr = minCompression;
- s->blocks_in_packet = 0;
-
- return deflateReset(strm);
-}
-
-/* ========================================================================= */
-int deflateReset (strm)
- z_stream *strm;
-{
- deflate_state *s;
-
- if (strm == Z_NULL || strm->state == Z_NULL ||
- strm->zalloc == Z_NULL || strm->zfree == Z_NULL) return Z_STREAM_ERROR;
-
- strm->total_in = strm->total_out = 0;
- strm->msg = Z_NULL; /* use zfree if we ever allocate msg dynamically */
- strm->data_type = Z_UNKNOWN;
-
- s = (deflate_state *)strm->state;
- s->pending = 0;
- s->pending_out = s->pending_buf;
-
- if (s->noheader < 0) {
- s->noheader = 0; /* was set to -1 by deflate(..., Z_FINISH); */
- }
- s->status = s->noheader ? BUSY_STATE : INIT_STATE;
- s->adler = 1;
-
- ct_init(s);
- lm_init(s);
-
- return Z_OK;
-}
-
-/* =========================================================================
- * Put a short in the pending buffer. The 16-bit value is put in MSB order.
- * IN assertion: the stream state is correct and there is enough room in
- * pending_buf.
- */
-local void putShortMSB (s, b)
- deflate_state *s;
- uInt b;
-{
- put_byte(s, (Byte)(b >> 8));
- put_byte(s, (Byte)(b & 0xff));
-}
-
-/* =========================================================================
- * Flush as much pending output as possible.
- */
-local void flush_pending(strm)
- z_stream *strm;
-{
- deflate_state *state = (deflate_state *) strm->state;
- unsigned len = state->pending;
-
- if (len > strm->avail_out) len = strm->avail_out;
- if (len == 0) return;
-
- if (strm->next_out != NULL) {
- zmemcpy(strm->next_out, state->pending_out, len);
- strm->next_out += len;
- }
- state->pending_out += len;
- strm->total_out += len;
- strm->avail_out -= len;
- state->pending -= len;
- if (state->pending == 0) {
- state->pending_out = state->pending_buf;
- }
-}
-
-/* ========================================================================= */
-int deflate (strm, flush)
- z_stream *strm;
- int flush;
-{
- deflate_state *state = (deflate_state *) strm->state;
-
- if (strm == Z_NULL || state == Z_NULL) return Z_STREAM_ERROR;
-
- if (strm->next_in == Z_NULL && strm->avail_in != 0) {
- ERR_RETURN(strm, Z_STREAM_ERROR);
- }
- if (strm->avail_out == 0) ERR_RETURN(strm, Z_BUF_ERROR);
-
- state->strm = strm; /* just in case */
-
- /* Write the zlib header */
- if (state->status == INIT_STATE) {
-
- uInt header = (DEFLATED + ((state->w_bits-8)<<4)) << 8;
- uInt level_flags = (state->level-1) >> 1;
-
- if (level_flags > 3) level_flags = 3;
- header |= (level_flags << 6);
- header += 31 - (header % 31);
-
- state->status = BUSY_STATE;
- putShortMSB(state, header);
- }
-
- /* Flush as much pending output as possible */
- if (state->pending != 0) {
- flush_pending(strm);
- if (strm->avail_out == 0) return Z_OK;
- }
-
- /* If we came back in here to get the last output from
- * a previous flush, we're done for now.
- */
- if (state->status == FLUSH_STATE) {
- state->status = BUSY_STATE;
- if (flush != Z_NO_FLUSH && flush != Z_FINISH)
- return Z_OK;
- }
-
- /* User must not provide more input after the first FINISH: */
- if (state->status == FINISH_STATE && strm->avail_in != 0) {
- ERR_RETURN(strm, Z_BUF_ERROR);
- }
-
- /* Start a new block or continue the current one.
- */
- if (strm->avail_in != 0 || state->lookahead != 0 ||
- (flush == Z_FINISH && state->status != FINISH_STATE)) {
- int quit;
-
- if (flush == Z_FINISH) {
- state->status = FINISH_STATE;
- }
- if (state->level <= 3) {
- quit = deflate_fast(state, flush);
- } else {
- quit = deflate_slow(state, flush);
- }
- if (quit || strm->avail_out == 0)
- return Z_OK;
- /* If flush != Z_NO_FLUSH && avail_out == 0, the next call
- * of deflate should use the same flush parameter to make sure
- * that the flush is complete. So we don't have to output an
- * empty block here, this will be done at next call. This also
- * ensures that for a very small output buffer, we emit at most
- * one empty block.
- */
- }
-
- /* If a flush was requested, we have a little more to output now. */
- if (flush != Z_NO_FLUSH && flush != Z_FINISH
- && state->status != FINISH_STATE) {
- switch (flush) {
- case Z_PARTIAL_FLUSH:
- ct_align(state);
- break;
- case Z_PACKET_FLUSH:
- /* Output just the 3-bit `stored' block type value,
- but not a zero length. */
- ct_stored_type_only(state);
- break;
- default:
- ct_stored_block(state, (char*)0, 0L, 0);
- /* For a full flush, this empty block will be recognized
- * as a special marker by inflate_sync().
- */
- if (flush == Z_FULL_FLUSH) {
- CLEAR_HASH(state); /* forget history */
- }
- }
- flush_pending(strm);
- if (strm->avail_out == 0) {
- /* We'll have to come back to get the rest of the output;
- * this ensures we don't output a second zero-length stored
- * block (or whatever).
- */
- state->status = FLUSH_STATE;
- return Z_OK;
- }
- }
-
- Assert(strm->avail_out > 0, "bug2");
-
- if (flush != Z_FINISH) return Z_OK;
- if (state->noheader) return Z_STREAM_END;
-
- /* Write the zlib trailer (adler32) */
- putShortMSB(state, (uInt)(state->adler >> 16));
- putShortMSB(state, (uInt)(state->adler & 0xffff));
- flush_pending(strm);
- /* If avail_out is zero, the application will call deflate again
- * to flush the rest.
- */
- state->noheader = -1; /* write the trailer only once! */
- return state->pending != 0 ? Z_OK : Z_STREAM_END;
-}
-
-/* ========================================================================= */
-int deflateEnd (strm)
- z_stream *strm;
-{
- deflate_state *state = (deflate_state *) strm->state;
-
- if (strm == Z_NULL || state == Z_NULL) return Z_STREAM_ERROR;
-
- TRY_FREE(strm, state->window, state->w_size * 2 * sizeof(Byte));
- TRY_FREE(strm, state->prev, state->w_size * sizeof(Pos));
- TRY_FREE(strm, state->head, state->hash_size * sizeof(Pos));
- TRY_FREE(strm, state->pending_buf, state->lit_bufsize * 2 * sizeof(ush));
-
- ZFREE(strm, state, sizeof(deflate_state));
- strm->state = Z_NULL;
-
- return Z_OK;
-}
-
-/* ===========================================================================
- * Read a new buffer from the current input stream, update the adler32
- * and total number of bytes read.
- */
-local int read_buf(strm, buf, size)
- z_stream *strm;
- charf *buf;
- unsigned size;
-{
- unsigned len = strm->avail_in;
- deflate_state *state = (deflate_state *) strm->state;
-
- if (len > size) len = size;
- if (len == 0) return 0;
-
- strm->avail_in -= len;
-
- if (!state->noheader) {
- state->adler = adler32(state->adler, strm->next_in, len);
- }
- zmemcpy(buf, strm->next_in, len);
- strm->next_in += len;
- strm->total_in += len;
-
- return (int)len;
-}
-
-/* ===========================================================================
- * Initialize the "longest match" routines for a new zlib stream
- */
-local void lm_init (s)
- deflate_state *s;
-{
- s->window_size = (ulg)2L*s->w_size;
-
- CLEAR_HASH(s);
-
- /* Set the default configuration parameters:
- */
- s->max_lazy_match = configuration_table[s->level].max_lazy;
- s->good_match = configuration_table[s->level].good_length;
- s->nice_match = configuration_table[s->level].nice_length;
- s->max_chain_length = configuration_table[s->level].max_chain;
-
- s->strstart = 0;
- s->block_start = 0L;
- s->lookahead = 0;
- s->match_length = MIN_MATCH-1;
- s->match_available = 0;
- s->ins_h = 0;
-#ifdef ASMV
- match_init(); /* initialize the asm code */
-#endif
-}
-
-/* ===========================================================================
- * Set match_start to the longest match starting at the given string and
- * return its length. Matches shorter or equal to prev_length are discarded,
- * in which case the result is equal to prev_length and match_start is
- * garbage.
- * IN assertions: cur_match is the head of the hash chain for the current
- * string (strstart) and its distance is <= MAX_DIST, and prev_length >= 1
- */
-#ifndef ASMV
-/* For 80x86 and 680x0, an optimized version will be provided in match.asm or
- * match.S. The code will be functionally equivalent.
- */
-local int longest_match(s, cur_match)
- deflate_state *s;
- IPos cur_match; /* current match */
-{
- unsigned chain_length = s->max_chain_length;/* max hash chain length */
- register Bytef *scan = s->window + s->strstart; /* current string */
- register Bytef *match; /* matched string */
- register int len; /* length of current match */
- int best_len = s->prev_length; /* best match length so far */
- IPos limit = s->strstart > (IPos)MAX_DIST(s) ?
- s->strstart - (IPos)MAX_DIST(s) : NIL;
- /* Stop when cur_match becomes <= limit. To simplify the code,
- * we prevent matches with the string of window index 0.
- */
- Posf *prev = s->prev;
- uInt wmask = s->w_mask;
-
-#ifdef UNALIGNED_OK
- /* Compare two bytes at a time. Note: this is not always beneficial.
- * Try with and without -DUNALIGNED_OK to check.
- */
- register Bytef *strend = s->window + s->strstart + MAX_MATCH - 1;
- register ush scan_start = *(ushf*)scan;
- register ush scan_end = *(ushf*)(scan+best_len-1);
-#else
- register Bytef *strend = s->window + s->strstart + MAX_MATCH;
- register Byte scan_end1 = scan[best_len-1];
- register Byte scan_end = scan[best_len];
-#endif
-
- /* The code is optimized for HASH_BITS >= 8 and MAX_MATCH-2 multiple of 16.
- * It is easy to get rid of this optimization if necessary.
- */
- Assert(s->hash_bits >= 8 && MAX_MATCH == 258, "Code too clever");
-
- /* Do not waste too much time if we already have a good match: */
- if (s->prev_length >= s->good_match) {
- chain_length >>= 2;
- }
- Assert((ulg)s->strstart <= s->window_size-MIN_LOOKAHEAD, "need lookahead");
-
- do {
- Assert(cur_match < s->strstart, "no future");
- match = s->window + cur_match;
-
- /* Skip to next match if the match length cannot increase
- * or if the match length is less than 2:
- */
-#if (defined(UNALIGNED_OK) && MAX_MATCH == 258)
- /* This code assumes sizeof(unsigned short) == 2. Do not use
- * UNALIGNED_OK if your compiler uses a different size.
- */
- if (*(ushf*)(match+best_len-1) != scan_end ||
- *(ushf*)match != scan_start) continue;
-
- /* It is not necessary to compare scan[2] and match[2] since they are
- * always equal when the other bytes match, given that the hash keys
- * are equal and that HASH_BITS >= 8. Compare 2 bytes at a time at
- * strstart+3, +5, ... up to strstart+257. We check for insufficient
- * lookahead only every 4th comparison; the 128th check will be made
- * at strstart+257. If MAX_MATCH-2 is not a multiple of 8, it is
- * necessary to put more guard bytes at the end of the window, or
- * to check more often for insufficient lookahead.
- */
- Assert(scan[2] == match[2], "scan[2]?");
- scan++, match++;
- do {
- } while (*(ushf*)(scan+=2) == *(ushf*)(match+=2) &&
- *(ushf*)(scan+=2) == *(ushf*)(match+=2) &&
- *(ushf*)(scan+=2) == *(ushf*)(match+=2) &&
- *(ushf*)(scan+=2) == *(ushf*)(match+=2) &&
- scan < strend);
- /* The funny "do {}" generates better code on most compilers */
-
- /* Here, scan <= window+strstart+257 */
- Assert(scan <= s->window+(unsigned)(s->window_size-1), "wild scan");
- if (*scan == *match) scan++;
-
- len = (MAX_MATCH - 1) - (int)(strend-scan);
- scan = strend - (MAX_MATCH-1);
-
-#else /* UNALIGNED_OK */
-
- if (match[best_len] != scan_end ||
- match[best_len-1] != scan_end1 ||
- *match != *scan ||
- *++match != scan[1]) continue;
-
- /* The check at best_len-1 can be removed because it will be made
- * again later. (This heuristic is not always a win.)
- * It is not necessary to compare scan[2] and match[2] since they
- * are always equal when the other bytes match, given that
- * the hash keys are equal and that HASH_BITS >= 8.
- */
- scan += 2, match++;
- Assert(*scan == *match, "match[2]?");
-
- /* We check for insufficient lookahead only every 8th comparison;
- * the 256th check will be made at strstart+258.
- */
- do {
- } while (*++scan == *++match && *++scan == *++match &&
- *++scan == *++match && *++scan == *++match &&
- *++scan == *++match && *++scan == *++match &&
- *++scan == *++match && *++scan == *++match &&
- scan < strend);
-
- Assert(scan <= s->window+(unsigned)(s->window_size-1), "wild scan");
-
- len = MAX_MATCH - (int)(strend - scan);
- scan = strend - MAX_MATCH;
-
-#endif /* UNALIGNED_OK */
-
- if (len > best_len) {
- s->match_start = cur_match;
- best_len = len;
- if (len >= s->nice_match) break;
-#ifdef UNALIGNED_OK
- scan_end = *(ushf*)(scan+best_len-1);
-#else
- scan_end1 = scan[best_len-1];
- scan_end = scan[best_len];
-#endif
- }
- } while ((cur_match = prev[cur_match & wmask]) > limit
- && --chain_length != 0);
-
- return best_len;
-}
-#endif /* ASMV */
-
-#ifdef DEBUG_ZLIB
-/* ===========================================================================
- * Check that the match at match_start is indeed a match.
- */
-local void check_match(s, start, match, length)
- deflate_state *s;
- IPos start, match;
- int length;
-{
- /* check that the match is indeed a match */
- if (memcmp((charf *)s->window + match,
- (charf *)s->window + start, length) != EQUAL) {
- fprintf(stderr,
- " start %u, match %u, length %d\n",
- start, match, length);
- do { fprintf(stderr, "%c%c", s->window[match++],
- s->window[start++]); } while (--length != 0);
- z_error("invalid match");
- }
- if (verbose > 1) {
- fprintf(stderr,"\\[%d,%d]", start-match, length);
- do { putc(s->window[start++], stderr); } while (--length != 0);
- }
-}
-#else
-# define check_match(s, start, match, length)
-#endif
-
-/* ===========================================================================
- * Fill the window when the lookahead becomes insufficient.
- * Updates strstart and lookahead.
- *
- * IN assertion: lookahead < MIN_LOOKAHEAD
- * OUT assertions: strstart <= window_size-MIN_LOOKAHEAD
- * At least one byte has been read, or avail_in == 0; reads are
- * performed for at least two bytes (required for the zip translate_eol
- * option -- not supported here).
- */
-local void fill_window(s)
- deflate_state *s;
-{
- register unsigned n, m;
- register Posf *p;
- unsigned more; /* Amount of free space at the end of the window. */
- uInt wsize = s->w_size;
-
- do {
- more = (unsigned)(s->window_size -(ulg)s->lookahead -(ulg)s->strstart);
-
- /* Deal with !@#$% 64K limit: */
- if (more == 0 && s->strstart == 0 && s->lookahead == 0) {
- more = wsize;
- } else if (more == (unsigned)(-1)) {
- /* Very unlikely, but possible on 16 bit machine if strstart == 0
- * and lookahead == 1 (input done one byte at time)
- */
- more--;
-
- /* If the window is almost full and there is insufficient lookahead,
- * move the upper half to the lower one to make room in the upper half.
- */
- } else if (s->strstart >= wsize+MAX_DIST(s)) {
-
- /* By the IN assertion, the window is not empty so we can't confuse
- * more == 0 with more == 64K on a 16 bit machine.
- */
- zmemcpy((charf *)s->window, (charf *)s->window+wsize,
- (unsigned)wsize);
- s->match_start -= wsize;
- s->strstart -= wsize; /* we now have strstart >= MAX_DIST */
-
- s->block_start -= (long) wsize;
-
- /* Slide the hash table (could be avoided with 32 bit values
- at the expense of memory usage):
- */
- n = s->hash_size;
- p = &s->head[n];
- do {
- m = *--p;
- *p = (Pos)(m >= wsize ? m-wsize : NIL);
- } while (--n);
-
- n = wsize;
- p = &s->prev[n];
- do {
- m = *--p;
- *p = (Pos)(m >= wsize ? m-wsize : NIL);
- /* If n is not on any hash chain, prev[n] is garbage but
- * its value will never be used.
- */
- } while (--n);
-
- more += wsize;
- }
- if (s->strm->avail_in == 0) return;
-
- /* If there was no sliding:
- * strstart <= WSIZE+MAX_DIST-1 && lookahead <= MIN_LOOKAHEAD - 1 &&
- * more == window_size - lookahead - strstart
- * => more >= window_size - (MIN_LOOKAHEAD-1 + WSIZE + MAX_DIST-1)
- * => more >= window_size - 2*WSIZE + 2
- * In the BIG_MEM or MMAP case (not yet supported),
- * window_size == input_size + MIN_LOOKAHEAD &&
- * strstart + s->lookahead <= input_size => more >= MIN_LOOKAHEAD.
- * Otherwise, window_size == 2*WSIZE so more >= 2.
- * If there was sliding, more >= WSIZE. So in all cases, more >= 2.
- */
- Assert(more >= 2, "more < 2");
-
- n = read_buf(s->strm, (charf *)s->window + s->strstart + s->lookahead,
- more);
- s->lookahead += n;
-
- /* Initialize the hash value now that we have some input: */
- if (s->lookahead >= MIN_MATCH) {
- s->ins_h = s->window[s->strstart];
- UPDATE_HASH(s, s->ins_h, s->window[s->strstart+1]);
-#if MIN_MATCH != 3
- Call UPDATE_HASH() MIN_MATCH-3 more times
-#endif
- }
- /* If the whole input has less than MIN_MATCH bytes, ins_h is garbage,
- * but this is not important since only literal bytes will be emitted.
- */
-
- } while (s->lookahead < MIN_LOOKAHEAD && s->strm->avail_in != 0);
-}
-
-/* ===========================================================================
- * Flush the current block, with given end-of-file flag.
- * IN assertion: strstart is set to the end of the current match.
- */
-#define FLUSH_BLOCK_ONLY(s, flush) { \
- ct_flush_block(s, (s->block_start >= 0L ? \
- (charf *)&s->window[(unsigned)s->block_start] : \
- (charf *)Z_NULL), (long)s->strstart - s->block_start, (flush)); \
- s->block_start = s->strstart; \
- flush_pending(s->strm); \
- Tracev((stderr,"[FLUSH]")); \
-}
-
-/* Same but force premature exit if necessary. */
-#define FLUSH_BLOCK(s, flush) { \
- FLUSH_BLOCK_ONLY(s, flush); \
- if (s->strm->avail_out == 0) return 1; \
-}
-
-/* ===========================================================================
- * Compress as much as possible from the input stream, return true if
- * processing was terminated prematurely (no more input or output space).
- * This function does not perform lazy evaluationof matches and inserts
- * new strings in the dictionary only for unmatched strings or for short
- * matches. It is used only for the fast compression options.
- */
-local int deflate_fast(s, flush)
- deflate_state *s;
- int flush;
-{
- IPos hash_head = NIL; /* head of the hash chain */
- int bflush; /* set if current block must be flushed */
-
- s->prev_length = MIN_MATCH-1;
-
- for (;;) {
- /* Make sure that we always have enough lookahead, except
- * at the end of the input file. We need MAX_MATCH bytes
- * for the next match, plus MIN_MATCH bytes to insert the
- * string following the next match.
- */
- if (s->lookahead < MIN_LOOKAHEAD) {
- fill_window(s);
- if (s->lookahead < MIN_LOOKAHEAD && flush == Z_NO_FLUSH) return 1;
-
- if (s->lookahead == 0) break; /* flush the current block */
- }
-
- /* Insert the string window[strstart .. strstart+2] in the
- * dictionary, and set hash_head to the head of the hash chain:
- */
- if (s->lookahead >= MIN_MATCH) {
- INSERT_STRING(s, s->strstart, hash_head);
- }
-
- /* Find the longest match, discarding those <= prev_length.
- * At this point we have always match_length < MIN_MATCH
- */
- if (hash_head != NIL && s->strstart - hash_head <= MAX_DIST(s)) {
- /* To simplify the code, we prevent matches with the string
- * of window index 0 (in particular we have to avoid a match
- * of the string with itself at the start of the input file).
- */
- if (s->strategy != Z_HUFFMAN_ONLY) {
- s->match_length = longest_match (s, hash_head);
- }
- /* longest_match() sets match_start */
-
- if (s->match_length > s->lookahead) s->match_length = s->lookahead;
- }
- if (s->match_length >= MIN_MATCH) {
- check_match(s, s->strstart, s->match_start, s->match_length);
-
- bflush = ct_tally(s, s->strstart - s->match_start,
- s->match_length - MIN_MATCH);
-
- s->lookahead -= s->match_length;
-
- /* Insert new strings in the hash table only if the match length
- * is not too large. This saves time but degrades compression.
- */
- if (s->match_length <= s->max_insert_length &&
- s->lookahead >= MIN_MATCH) {
- s->match_length--; /* string at strstart already in hash table */
- do {
- s->strstart++;
- INSERT_STRING(s, s->strstart, hash_head);
- /* strstart never exceeds WSIZE-MAX_MATCH, so there are
- * always MIN_MATCH bytes ahead.
- */
- } while (--s->match_length != 0);
- s->strstart++;
- } else {
- s->strstart += s->match_length;
- s->match_length = 0;
- s->ins_h = s->window[s->strstart];
- UPDATE_HASH(s, s->ins_h, s->window[s->strstart+1]);
-#if MIN_MATCH != 3
- Call UPDATE_HASH() MIN_MATCH-3 more times
-#endif
- /* If lookahead < MIN_MATCH, ins_h is garbage, but it does not
- * matter since it will be recomputed at next deflate call.
- */
- }
- } else {
- /* No match, output a literal byte */
- Tracevv((stderr,"%c", s->window[s->strstart]));
- bflush = ct_tally (s, 0, s->window[s->strstart]);
- s->lookahead--;
- s->strstart++;
- }
- if (bflush) FLUSH_BLOCK(s, Z_NO_FLUSH);
- }
- FLUSH_BLOCK(s, flush);
- return 0; /* normal exit */
-}
-
-/* ===========================================================================
- * Same as above, but achieves better compression. We use a lazy
- * evaluation for matches: a match is finally adopted only if there is
- * no better match at the next window position.
- */
-local int deflate_slow(s, flush)
- deflate_state *s;
- int flush;
-{
- IPos hash_head = NIL; /* head of hash chain */
- int bflush; /* set if current block must be flushed */
-
- /* Process the input block. */
- for (;;) {
- /* Make sure that we always have enough lookahead, except
- * at the end of the input file. We need MAX_MATCH bytes
- * for the next match, plus MIN_MATCH bytes to insert the
- * string following the next match.
- */
- if (s->lookahead < MIN_LOOKAHEAD) {
- fill_window(s);
- if (s->lookahead < MIN_LOOKAHEAD && flush == Z_NO_FLUSH) return 1;
-
- if (s->lookahead == 0) break; /* flush the current block */
- }
-
- /* Insert the string window[strstart .. strstart+2] in the
- * dictionary, and set hash_head to the head of the hash chain:
- */
- if (s->lookahead >= MIN_MATCH) {
- INSERT_STRING(s, s->strstart, hash_head);
- }
-
- /* Find the longest match, discarding those <= prev_length.
- */
- s->prev_length = s->match_length, s->prev_match = s->match_start;
- s->match_length = MIN_MATCH-1;
-
- if (hash_head != NIL && s->prev_length < s->max_lazy_match &&
- s->strstart - hash_head <= MAX_DIST(s)) {
- /* To simplify the code, we prevent matches with the string
- * of window index 0 (in particular we have to avoid a match
- * of the string with itself at the start of the input file).
- */
- if (s->strategy != Z_HUFFMAN_ONLY) {
- s->match_length = longest_match (s, hash_head);
- }
- /* longest_match() sets match_start */
- if (s->match_length > s->lookahead) s->match_length = s->lookahead;
-
- if (s->match_length <= 5 && (s->strategy == Z_FILTERED ||
- (s->match_length == MIN_MATCH &&
- s->strstart - s->match_start > TOO_FAR))) {
-
- /* If prev_match is also MIN_MATCH, match_start is garbage
- * but we will ignore the current match anyway.
- */
- s->match_length = MIN_MATCH-1;
- }
- }
- /* If there was a match at the previous step and the current
- * match is not better, output the previous match:
- */
- if (s->prev_length >= MIN_MATCH && s->match_length <= s->prev_length) {
- uInt max_insert = s->strstart + s->lookahead - MIN_MATCH;
- /* Do not insert strings in hash table beyond this. */
-
- check_match(s, s->strstart-1, s->prev_match, s->prev_length);
-
- bflush = ct_tally(s, s->strstart -1 - s->prev_match,
- s->prev_length - MIN_MATCH);
-
- /* Insert in hash table all strings up to the end of the match.
- * strstart-1 and strstart are already inserted. If there is not
- * enough lookahead, the last two strings are not inserted in
- * the hash table.
- */
- s->lookahead -= s->prev_length-1;
- s->prev_length -= 2;
- do {
- if (++s->strstart <= max_insert) {
- INSERT_STRING(s, s->strstart, hash_head);
- }
- } while (--s->prev_length != 0);
- s->match_available = 0;
- s->match_length = MIN_MATCH-1;
- s->strstart++;
-
- if (bflush) FLUSH_BLOCK(s, Z_NO_FLUSH);
-
- } else if (s->match_available) {
- /* If there was no match at the previous position, output a
- * single literal. If there was a match but the current match
- * is longer, truncate the previous match to a single literal.
- */
- Tracevv((stderr,"%c", s->window[s->strstart-1]));
- if (ct_tally (s, 0, s->window[s->strstart-1])) {
- FLUSH_BLOCK_ONLY(s, Z_NO_FLUSH);
- }
- s->strstart++;
- s->lookahead--;
- if (s->strm->avail_out == 0) return 1;
- } else {
- /* There is no previous match to compare with, wait for
- * the next step to decide.
- */
- s->match_available = 1;
- s->strstart++;
- s->lookahead--;
- }
- }
- Assert (flush != Z_NO_FLUSH, "no flush?");
- if (s->match_available) {
- Tracevv((stderr,"%c", s->window[s->strstart-1]));
- ct_tally (s, 0, s->window[s->strstart-1]);
- s->match_available = 0;
- }
- FLUSH_BLOCK(s, flush);
- return 0;
-}
-
-
-/*+++++*/
-/* trees.c -- output deflated data using Huffman coding
- * Copyright (C) 1995 Jean-loup Gailly
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
-
-/*
- * ALGORITHM
- *
- * The "deflation" process uses several Huffman trees. The more
- * common source values are represented by shorter bit sequences.
- *
- * Each code tree is stored in a compressed form which is itself
- * a Huffman encoding of the lengths of all the code strings (in
- * ascending order by source values). The actual code strings are
- * reconstructed from the lengths in the inflate process, as described
- * in the deflate specification.
- *
- * REFERENCES
- *
- * Deutsch, L.P.,"'Deflate' Compressed Data Format Specification".
- * Available in ftp.uu.net:/pub/archiving/zip/doc/deflate-1.1.doc
- *
- * Storer, James A.
- * Data Compression: Methods and Theory, pp. 49-50.
- * Computer Science Press, 1988. ISBN 0-7167-8156-5.
- *
- * Sedgewick, R.
- * Algorithms, p290.
- * Addison-Wesley, 1983. ISBN 0-201-06672-6.
- */
-
-/* From: trees.c,v 1.5 1995/05/03 17:27:12 jloup Exp */
-
-#ifdef DEBUG_ZLIB
-# include <ctype.h>
-#endif
-
-/* ===========================================================================
- * Constants
- */
-
-#define MAX_BL_BITS 7
-/* Bit length codes must not exceed MAX_BL_BITS bits */
-
-#define END_BLOCK 256
-/* end of block literal code */
-
-#define REP_3_6 16
-/* repeat previous bit length 3-6 times (2 bits of repeat count) */
-
-#define REPZ_3_10 17
-/* repeat a zero length 3-10 times (3 bits of repeat count) */
-
-#define REPZ_11_138 18
-/* repeat a zero length 11-138 times (7 bits of repeat count) */
-
-local int extra_lbits[LENGTH_CODES] /* extra bits for each length code */
- = {0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0};
-
-local int extra_dbits[D_CODES] /* extra bits for each distance code */
- = {0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13};
-
-local int extra_blbits[BL_CODES]/* extra bits for each bit length code */
- = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,3,7};
-
-local uch bl_order[BL_CODES]
- = {16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15};
-/* The lengths of the bit length codes are sent in order of decreasing
- * probability, to avoid transmitting the lengths for unused bit length codes.
- */
-
-#define Buf_size (8 * 2*sizeof(char))
-/* Number of bits used within bi_buf. (bi_buf might be implemented on
- * more than 16 bits on some systems.)
- */
-
-/* ===========================================================================
- * Local data. These are initialized only once.
- * To do: initialize at compile time to be completely reentrant. ???
- */
-
-local ct_data static_ltree[L_CODES+2];
-/* The static literal tree. Since the bit lengths are imposed, there is no
- * need for the L_CODES extra codes used during heap construction. However
- * The codes 286 and 287 are needed to build a canonical tree (see ct_init
- * below).
- */
-
-local ct_data static_dtree[D_CODES];
-/* The static distance tree. (Actually a trivial tree since all codes use
- * 5 bits.)
- */
-
-local uch dist_code[512];
-/* distance codes. The first 256 values correspond to the distances
- * 3 .. 258, the last 256 values correspond to the top 8 bits of
- * the 15 bit distances.
- */
-
-local uch length_code[MAX_MATCH-MIN_MATCH+1];
-/* length code for each normalized match length (0 == MIN_MATCH) */
-
-local int base_length[LENGTH_CODES];
-/* First normalized length for each code (0 = MIN_MATCH) */
-
-local int base_dist[D_CODES];
-/* First normalized distance for each code (0 = distance of 1) */
-
-struct static_tree_desc_s {
- ct_data *static_tree; /* static tree or NULL */
- intf *extra_bits; /* extra bits for each code or NULL */
- int extra_base; /* base index for extra_bits */
- int elems; /* max number of elements in the tree */
- int max_length; /* max bit length for the codes */
-};
-
-local static_tree_desc static_l_desc =
-{static_ltree, extra_lbits, LITERALS+1, L_CODES, MAX_BITS};
-
-local static_tree_desc static_d_desc =
-{static_dtree, extra_dbits, 0, D_CODES, MAX_BITS};
-
-local static_tree_desc static_bl_desc =
-{(ct_data *)0, extra_blbits, 0, BL_CODES, MAX_BL_BITS};
-
-/* ===========================================================================
- * Local (static) routines in this file.
- */
-
-local void ct_static_init OF((void));
-local void init_block OF((deflate_state *s));
-local void pqdownheap OF((deflate_state *s, ct_data *tree, int k));
-local void gen_bitlen OF((deflate_state *s, tree_desc *desc));
-local void gen_codes OF((ct_data *tree, int max_code, ushf *bl_count));
-local void build_tree OF((deflate_state *s, tree_desc *desc));
-local void scan_tree OF((deflate_state *s, ct_data *tree, int max_code));
-local void send_tree OF((deflate_state *s, ct_data *tree, int max_code));
-local int build_bl_tree OF((deflate_state *s));
-local void send_all_trees OF((deflate_state *s, int lcodes, int dcodes,
- int blcodes));
-local void compress_block OF((deflate_state *s, ct_data *ltree,
- ct_data *dtree));
-local void set_data_type OF((deflate_state *s));
-local unsigned bi_reverse OF((unsigned value, int length));
-local void bi_windup OF((deflate_state *s));
-local void bi_flush OF((deflate_state *s));
-local void copy_block OF((deflate_state *s, charf *buf, unsigned len,
- int header));
-
-#ifndef DEBUG_ZLIB
-# define send_code(s, c, tree) send_bits(s, tree[c].Code, tree[c].Len)
- /* Send a code of the given tree. c and tree must not have side effects */
-
-#else /* DEBUG_ZLIB */
-# define send_code(s, c, tree) \
- { if (verbose>1) fprintf(stderr,"\ncd %3d ",(c)); \
- send_bits(s, tree[c].Code, tree[c].Len); }
-#endif
-
-#define d_code(dist) \
- ((dist) < 256 ? dist_code[dist] : dist_code[256+((dist)>>7)])
-/* Mapping from a distance to a distance code. dist is the distance - 1 and
- * must not have side effects. dist_code[256] and dist_code[257] are never
- * used.
- */
-
-/* ===========================================================================
- * Output a short LSB first on the stream.
- * IN assertion: there is enough room in pendingBuf.
- */
-#define put_short(s, w) { \
- put_byte(s, (uch)((w) & 0xff)); \
- put_byte(s, (uch)((ush)(w) >> 8)); \
-}
-
-/* ===========================================================================
- * Send a value on a given number of bits.
- * IN assertion: length <= 16 and value fits in length bits.
- */
-#ifdef DEBUG_ZLIB
-local void send_bits OF((deflate_state *s, int value, int length));
-
-local void send_bits(s, value, length)
- deflate_state *s;
- int value; /* value to send */
- int length; /* number of bits */
-{
- Tracev((stderr," l %2d v %4x ", length, value));
- Assert(length > 0 && length <= 15, "invalid length");
- s->bits_sent += (ulg)length;
-
- /* If not enough room in bi_buf, use (valid) bits from bi_buf and
- * (16 - bi_valid) bits from value, leaving (width - (16-bi_valid))
- * unused bits in value.
- */
- if (s->bi_valid > (int)Buf_size - length) {
- s->bi_buf |= (value << s->bi_valid);
- put_short(s, s->bi_buf);
- s->bi_buf = (ush)value >> (Buf_size - s->bi_valid);
- s->bi_valid += length - Buf_size;
- } else {
- s->bi_buf |= value << s->bi_valid;
- s->bi_valid += length;
- }
-}
-#else /* !DEBUG_ZLIB */
-
-#define send_bits(s, value, length) \
-{ int len = length;\
- if (s->bi_valid > (int)Buf_size - len) {\
- int val = value;\
- s->bi_buf |= (val << s->bi_valid);\
- put_short(s, s->bi_buf);\
- s->bi_buf = (ush)val >> (Buf_size - s->bi_valid);\
- s->bi_valid += len - Buf_size;\
- } else {\
- s->bi_buf |= (value) << s->bi_valid;\
- s->bi_valid += len;\
- }\
-}
-#endif /* DEBUG_ZLIB */
-
-
-#define MAX(a,b) (a >= b ? a : b)
-/* the arguments must not have side effects */
-
-/* ===========================================================================
- * Initialize the various 'constant' tables.
- * To do: do this at compile time.
- */
-local void ct_static_init()
-{
- int n; /* iterates over tree elements */
- int bits; /* bit counter */
- int length; /* length value */
- int code; /* code value */
- int dist; /* distance index */
- ush bl_count[MAX_BITS+1];
- /* number of codes at each bit length for an optimal tree */
-
- /* Initialize the mapping length (0..255) -> length code (0..28) */
- length = 0;
- for (code = 0; code < LENGTH_CODES-1; code++) {
- base_length[code] = length;
- for (n = 0; n < (1<<extra_lbits[code]); n++) {
- length_code[length++] = (uch)code;
- }
- }
- Assert (length == 256, "ct_static_init: length != 256");
- /* Note that the length 255 (match length 258) can be represented
- * in two different ways: code 284 + 5 bits or code 285, so we
- * overwrite length_code[255] to use the best encoding:
- */
- length_code[length-1] = (uch)code;
-
- /* Initialize the mapping dist (0..32K) -> dist code (0..29) */
- dist = 0;
- for (code = 0 ; code < 16; code++) {
- base_dist[code] = dist;
- for (n = 0; n < (1<<extra_dbits[code]); n++) {
- dist_code[dist++] = (uch)code;
- }
- }
- Assert (dist == 256, "ct_static_init: dist != 256");
- dist >>= 7; /* from now on, all distances are divided by 128 */
- for ( ; code < D_CODES; code++) {
- base_dist[code] = dist << 7;
- for (n = 0; n < (1<<(extra_dbits[code]-7)); n++) {
- dist_code[256 + dist++] = (uch)code;
- }
- }
- Assert (dist == 256, "ct_static_init: 256+dist != 512");
-
- /* Construct the codes of the static literal tree */
- for (bits = 0; bits <= MAX_BITS; bits++) bl_count[bits] = 0;
- n = 0;
- while (n <= 143) static_ltree[n++].Len = 8, bl_count[8]++;
- while (n <= 255) static_ltree[n++].Len = 9, bl_count[9]++;
- while (n <= 279) static_ltree[n++].Len = 7, bl_count[7]++;
- while (n <= 287) static_ltree[n++].Len = 8, bl_count[8]++;
- /* Codes 286 and 287 do not exist, but we must include them in the
- * tree construction to get a canonical Huffman tree (longest code
- * all ones)
- */
- gen_codes((ct_data *)static_ltree, L_CODES+1, bl_count);
-
- /* The static distance tree is trivial: */
- for (n = 0; n < D_CODES; n++) {
- static_dtree[n].Len = 5;
- static_dtree[n].Code = bi_reverse(n, 5);
- }
-}
-
-/* ===========================================================================
- * Initialize the tree data structures for a new zlib stream.
- */
-local void ct_init(s)
- deflate_state *s;
-{
- if (static_dtree[0].Len == 0) {
- ct_static_init(); /* To do: at compile time */
- }
-
- s->compressed_len = 0L;
-
- s->l_desc.dyn_tree = s->dyn_ltree;
- s->l_desc.stat_desc = &static_l_desc;
-
- s->d_desc.dyn_tree = s->dyn_dtree;
- s->d_desc.stat_desc = &static_d_desc;
-
- s->bl_desc.dyn_tree = s->bl_tree;
- s->bl_desc.stat_desc = &static_bl_desc;
-
- s->bi_buf = 0;
- s->bi_valid = 0;
- s->last_eob_len = 8; /* enough lookahead for inflate */
-#ifdef DEBUG_ZLIB
- s->bits_sent = 0L;
-#endif
- s->blocks_in_packet = 0;
-
- /* Initialize the first block of the first file: */
- init_block(s);
-}
-
-/* ===========================================================================
- * Initialize a new block.
- */
-local void init_block(s)
- deflate_state *s;
-{
- int n; /* iterates over tree elements */
-
- /* Initialize the trees. */
- for (n = 0; n < L_CODES; n++) s->dyn_ltree[n].Freq = 0;
- for (n = 0; n < D_CODES; n++) s->dyn_dtree[n].Freq = 0;
- for (n = 0; n < BL_CODES; n++) s->bl_tree[n].Freq = 0;
-
- s->dyn_ltree[END_BLOCK].Freq = 1;
- s->opt_len = s->static_len = 0L;
- s->last_lit = s->matches = 0;
-}
-
-#define SMALLEST 1
-/* Index within the heap array of least frequent node in the Huffman tree */
-
-
-/* ===========================================================================
- * Remove the smallest element from the heap and recreate the heap with
- * one less element. Updates heap and heap_len.
- */
-#define pqremove(s, tree, top) \
-{\
- top = s->heap[SMALLEST]; \
- s->heap[SMALLEST] = s->heap[s->heap_len--]; \
- pqdownheap(s, tree, SMALLEST); \
-}
-
-/* ===========================================================================
- * Compares to subtrees, using the tree depth as tie breaker when
- * the subtrees have equal frequency. This minimizes the worst case length.
- */
-#define smaller(tree, n, m, depth) \
- (tree[n].Freq < tree[m].Freq || \
- (tree[n].Freq == tree[m].Freq && depth[n] <= depth[m]))
-
-/* ===========================================================================
- * Restore the heap property by moving down the tree starting at node k,
- * exchanging a node with the smallest of its two sons if necessary, stopping
- * when the heap property is re-established (each father smaller than its
- * two sons).
- */
-local void pqdownheap(s, tree, k)
- deflate_state *s;
- ct_data *tree; /* the tree to restore */
- int k; /* node to move down */
-{
- int v = s->heap[k];
- int j = k << 1; /* left son of k */
- while (j <= s->heap_len) {
- /* Set j to the smallest of the two sons: */
- if (j < s->heap_len &&
- smaller(tree, s->heap[j+1], s->heap[j], s->depth)) {
- j++;
- }
- /* Exit if v is smaller than both sons */
- if (smaller(tree, v, s->heap[j], s->depth)) break;
-
- /* Exchange v with the smallest son */
- s->heap[k] = s->heap[j]; k = j;
-
- /* And continue down the tree, setting j to the left son of k */
- j <<= 1;
- }
- s->heap[k] = v;
-}
-
-/* ===========================================================================
- * Compute the optimal bit lengths for a tree and update the total bit length
- * for the current block.
- * IN assertion: the fields freq and dad are set, heap[heap_max] and
- * above are the tree nodes sorted by increasing frequency.
- * OUT assertions: the field len is set to the optimal bit length, the
- * array bl_count contains the frequencies for each bit length.
- * The length opt_len is updated; static_len is also updated if stree is
- * not null.
- */
-local void gen_bitlen(s, desc)
- deflate_state *s;
- tree_desc *desc; /* the tree descriptor */
-{
- ct_data *tree = desc->dyn_tree;
- int max_code = desc->max_code;
- ct_data *stree = desc->stat_desc->static_tree;
- intf *extra = desc->stat_desc->extra_bits;
- int base = desc->stat_desc->extra_base;
- int max_length = desc->stat_desc->max_length;
- int h; /* heap index */
- int n, m; /* iterate over the tree elements */
- int bits; /* bit length */
- int xbits; /* extra bits */
- ush f; /* frequency */
- int overflow = 0; /* number of elements with bit length too large */
-
- for (bits = 0; bits <= MAX_BITS; bits++) s->bl_count[bits] = 0;
-
- /* In a first pass, compute the optimal bit lengths (which may
- * overflow in the case of the bit length tree).
- */
- tree[s->heap[s->heap_max]].Len = 0; /* root of the heap */
-
- for (h = s->heap_max+1; h < HEAP_SIZE; h++) {
- n = s->heap[h];
- bits = tree[tree[n].Dad].Len + 1;
- if (bits > max_length) bits = max_length, overflow++;
- tree[n].Len = (ush)bits;
- /* We overwrite tree[n].Dad which is no longer needed */
-
- if (n > max_code) continue; /* not a leaf node */
-
- s->bl_count[bits]++;
- xbits = 0;
- if (n >= base) xbits = extra[n-base];
- f = tree[n].Freq;
- s->opt_len += (ulg)f * (bits + xbits);
- if (stree) s->static_len += (ulg)f * (stree[n].Len + xbits);
- }
- if (overflow == 0) return;
-
- Trace((stderr,"\nbit length overflow\n"));
- /* This happens for example on obj2 and pic of the Calgary corpus */
-
- /* Find the first bit length which could increase: */
- do {
- bits = max_length-1;
- while (s->bl_count[bits] == 0) bits--;
- s->bl_count[bits]--; /* move one leaf down the tree */
- s->bl_count[bits+1] += 2; /* move one overflow item as its brother */
- s->bl_count[max_length]--;
- /* The brother of the overflow item also moves one step up,
- * but this does not affect bl_count[max_length]
- */
- overflow -= 2;
- } while (overflow > 0);
-
- /* Now recompute all bit lengths, scanning in increasing frequency.
- * h is still equal to HEAP_SIZE. (It is simpler to reconstruct all
- * lengths instead of fixing only the wrong ones. This idea is taken
- * from 'ar' written by Haruhiko Okumura.)
- */
- for (bits = max_length; bits != 0; bits--) {
- n = s->bl_count[bits];
- while (n != 0) {
- m = s->heap[--h];
- if (m > max_code) continue;
- if (tree[m].Len != (unsigned) bits) {
- Trace((stderr,"code %d bits %d->%d\n", m, tree[m].Len, bits));
- s->opt_len += ((long)bits - (long)tree[m].Len)
- *(long)tree[m].Freq;
- tree[m].Len = (ush)bits;
- }
- n--;
- }
- }
-}
-
-/* ===========================================================================
- * Generate the codes for a given tree and bit counts (which need not be
- * optimal).
- * IN assertion: the array bl_count contains the bit length statistics for
- * the given tree and the field len is set for all tree elements.
- * OUT assertion: the field code is set for all tree elements of non
- * zero code length.
- */
-local void gen_codes (tree, max_code, bl_count)
- ct_data *tree; /* the tree to decorate */
- int max_code; /* largest code with non zero frequency */
- ushf *bl_count; /* number of codes at each bit length */
-{
- ush next_code[MAX_BITS+1]; /* next code value for each bit length */
- ush code = 0; /* running code value */
- int bits; /* bit index */
- int n; /* code index */
-
- /* The distribution counts are first used to generate the code values
- * without bit reversal.
- */
- for (bits = 1; bits <= MAX_BITS; bits++) {
- next_code[bits] = code = (code + bl_count[bits-1]) << 1;
- }
- /* Check that the bit counts in bl_count are consistent. The last code
- * must be all ones.
- */
- Assert (code + bl_count[MAX_BITS]-1 == (1<<MAX_BITS)-1,
- "inconsistent bit counts");
- Tracev((stderr,"\ngen_codes: max_code %d ", max_code));
-
- for (n = 0; n <= max_code; n++) {
- int len = tree[n].Len;
- if (len == 0) continue;
- /* Now reverse the bits */
- tree[n].Code = bi_reverse(next_code[len]++, len);
-
- Tracec(tree != static_ltree, (stderr,"\nn %3d %c l %2d c %4x (%x) ",
- n, (isgraph(n) ? n : ' '), len, tree[n].Code, next_code[len]-1));
- }
-}
-
-/* ===========================================================================
- * Construct one Huffman tree and assigns the code bit strings and lengths.
- * Update the total bit length for the current block.
- * IN assertion: the field freq is set for all tree elements.
- * OUT assertions: the fields len and code are set to the optimal bit length
- * and corresponding code. The length opt_len is updated; static_len is
- * also updated if stree is not null. The field max_code is set.
- */
-local void build_tree(s, desc)
- deflate_state *s;
- tree_desc *desc; /* the tree descriptor */
-{
- ct_data *tree = desc->dyn_tree;
- ct_data *stree = desc->stat_desc->static_tree;
- int elems = desc->stat_desc->elems;
- int n, m; /* iterate over heap elements */
- int max_code = -1; /* largest code with non zero frequency */
- int node; /* new node being created */
-
- /* Construct the initial heap, with least frequent element in
- * heap[SMALLEST]. The sons of heap[n] are heap[2*n] and heap[2*n+1].
- * heap[0] is not used.
- */
- s->heap_len = 0, s->heap_max = HEAP_SIZE;
-
- for (n = 0; n < elems; n++) {
- if (tree[n].Freq != 0) {
- s->heap[++(s->heap_len)] = max_code = n;
- s->depth[n] = 0;
- } else {
- tree[n].Len = 0;
- }
- }
-
- /* The pkzip format requires that at least one distance code exists,
- * and that at least one bit should be sent even if there is only one
- * possible code. So to avoid special checks later on we force at least
- * two codes of non zero frequency.
- */
- while (s->heap_len < 2) {
- node = s->heap[++(s->heap_len)] = (max_code < 2 ? ++max_code : 0);
- tree[node].Freq = 1;
- s->depth[node] = 0;
- s->opt_len--; if (stree) s->static_len -= stree[node].Len;
- /* node is 0 or 1 so it does not have extra bits */
- }
- desc->max_code = max_code;
-
- /* The elements heap[heap_len/2+1 .. heap_len] are leaves of the tree,
- * establish sub-heaps of increasing lengths:
- */
- for (n = s->heap_len/2; n >= 1; n--) pqdownheap(s, tree, n);
-
- /* Construct the Huffman tree by repeatedly combining the least two
- * frequent nodes.
- */
- node = elems; /* next internal node of the tree */
- do {
- pqremove(s, tree, n); /* n = node of least frequency */
- m = s->heap[SMALLEST]; /* m = node of next least frequency */
-
- s->heap[--(s->heap_max)] = n; /* keep the nodes sorted by frequency */
- s->heap[--(s->heap_max)] = m;
-
- /* Create a new node father of n and m */
- tree[node].Freq = tree[n].Freq + tree[m].Freq;
- s->depth[node] = (uch) (MAX(s->depth[n], s->depth[m]) + 1);
- tree[n].Dad = tree[m].Dad = (ush)node;
-#ifdef DUMP_BL_TREE
- if (tree == s->bl_tree) {
- fprintf(stderr,"\nnode %d(%d), sons %d(%d) %d(%d)",
- node, tree[node].Freq, n, tree[n].Freq, m, tree[m].Freq);
- }
-#endif
- /* and insert the new node in the heap */
- s->heap[SMALLEST] = node++;
- pqdownheap(s, tree, SMALLEST);
-
- } while (s->heap_len >= 2);
-
- s->heap[--(s->heap_max)] = s->heap[SMALLEST];
-
- /* At this point, the fields freq and dad are set. We can now
- * generate the bit lengths.
- */
- gen_bitlen(s, (tree_desc *)desc);
-
- /* The field len is now set, we can generate the bit codes */
- gen_codes ((ct_data *)tree, max_code, s->bl_count);
-}
-
-/* ===========================================================================
- * Scan a literal or distance tree to determine the frequencies of the codes
- * in the bit length tree.
- */
-local void scan_tree (s, tree, max_code)
- deflate_state *s;
- ct_data *tree; /* the tree to be scanned */
- int max_code; /* and its largest code of non zero frequency */
-{
- int n; /* iterates over all tree elements */
- int prevlen = -1; /* last emitted length */
- int curlen; /* length of current code */
- int nextlen = tree[0].Len; /* length of next code */
- int count = 0; /* repeat count of the current code */
- int max_count = 7; /* max repeat count */
- int min_count = 4; /* min repeat count */
-
- if (nextlen == 0) max_count = 138, min_count = 3;
- tree[max_code+1].Len = (ush)0xffff; /* guard */
-
- for (n = 0; n <= max_code; n++) {
- curlen = nextlen; nextlen = tree[n+1].Len;
- if (++count < max_count && curlen == nextlen) {
- continue;
- } else if (count < min_count) {
- s->bl_tree[curlen].Freq += count;
- } else if (curlen != 0) {
- if (curlen != prevlen) s->bl_tree[curlen].Freq++;
- s->bl_tree[REP_3_6].Freq++;
- } else if (count <= 10) {
- s->bl_tree[REPZ_3_10].Freq++;
- } else {
- s->bl_tree[REPZ_11_138].Freq++;
- }
- count = 0; prevlen = curlen;
- if (nextlen == 0) {
- max_count = 138, min_count = 3;
- } else if (curlen == nextlen) {
- max_count = 6, min_count = 3;
- } else {
- max_count = 7, min_count = 4;
- }
- }
-}
-
-/* ===========================================================================
- * Send a literal or distance tree in compressed form, using the codes in
- * bl_tree.
- */
-local void send_tree (s, tree, max_code)
- deflate_state *s;
- ct_data *tree; /* the tree to be scanned */
- int max_code; /* and its largest code of non zero frequency */
-{
- int n; /* iterates over all tree elements */
- int prevlen = -1; /* last emitted length */
- int curlen; /* length of current code */
- int nextlen = tree[0].Len; /* length of next code */
- int count = 0; /* repeat count of the current code */
- int max_count = 7; /* max repeat count */
- int min_count = 4; /* min repeat count */
-
- /* tree[max_code+1].Len = -1; */ /* guard already set */
- if (nextlen == 0) max_count = 138, min_count = 3;
-
- for (n = 0; n <= max_code; n++) {
- curlen = nextlen; nextlen = tree[n+1].Len;
- if (++count < max_count && curlen == nextlen) {
- continue;
- } else if (count < min_count) {
- do { send_code(s, curlen, s->bl_tree); } while (--count != 0);
-
- } else if (curlen != 0) {
- if (curlen != prevlen) {
- send_code(s, curlen, s->bl_tree); count--;
- }
- Assert(count >= 3 && count <= 6, " 3_6?");
- send_code(s, REP_3_6, s->bl_tree); send_bits(s, count-3, 2);
-
- } else if (count <= 10) {
- send_code(s, REPZ_3_10, s->bl_tree); send_bits(s, count-3, 3);
-
- } else {
- send_code(s, REPZ_11_138, s->bl_tree); send_bits(s, count-11, 7);
- }
- count = 0; prevlen = curlen;
- if (nextlen == 0) {
- max_count = 138, min_count = 3;
- } else if (curlen == nextlen) {
- max_count = 6, min_count = 3;
- } else {
- max_count = 7, min_count = 4;
- }
- }
-}
-
-/* ===========================================================================
- * Construct the Huffman tree for the bit lengths and return the index in
- * bl_order of the last bit length code to send.
- */
-local int build_bl_tree(s)
- deflate_state *s;
-{
- int max_blindex; /* index of last bit length code of non zero freq */
-
- /* Determine the bit length frequencies for literal and distance trees */
- scan_tree(s, (ct_data *)s->dyn_ltree, s->l_desc.max_code);
- scan_tree(s, (ct_data *)s->dyn_dtree, s->d_desc.max_code);
-
- /* Build the bit length tree: */
- build_tree(s, (tree_desc *)(&(s->bl_desc)));
- /* opt_len now includes the length of the tree representations, except
- * the lengths of the bit lengths codes and the 5+5+4 bits for the counts.
- */
-
- /* Determine the number of bit length codes to send. The pkzip format
- * requires that at least 4 bit length codes be sent. (appnote.txt says
- * 3 but the actual value used is 4.)
- */
- for (max_blindex = BL_CODES-1; max_blindex >= 3; max_blindex--) {
- if (s->bl_tree[bl_order[max_blindex]].Len != 0) break;
- }
- /* Update opt_len to include the bit length tree and counts */
- s->opt_len += 3*(max_blindex+1) + 5+5+4;
- Tracev((stderr, "\ndyn trees: dyn %ld, stat %ld",
- s->opt_len, s->static_len));
-
- return max_blindex;
-}
-
-/* ===========================================================================
- * Send the header for a block using dynamic Huffman trees: the counts, the
- * lengths of the bit length codes, the literal tree and the distance tree.
- * IN assertion: lcodes >= 257, dcodes >= 1, blcodes >= 4.
- */
-local void send_all_trees(s, lcodes, dcodes, blcodes)
- deflate_state *s;
- int lcodes, dcodes, blcodes; /* number of codes for each tree */
-{
- int rank; /* index in bl_order */
-
- Assert (lcodes >= 257 && dcodes >= 1 && blcodes >= 4, "not enough codes");
- Assert (lcodes <= L_CODES && dcodes <= D_CODES && blcodes <= BL_CODES,
- "too many codes");
- Tracev((stderr, "\nbl counts: "));
- send_bits(s, lcodes-257, 5); /* not +255 as stated in appnote.txt */
- send_bits(s, dcodes-1, 5);
- send_bits(s, blcodes-4, 4); /* not -3 as stated in appnote.txt */
- for (rank = 0; rank < blcodes; rank++) {
- Tracev((stderr, "\nbl code %2d ", bl_order[rank]));
- send_bits(s, s->bl_tree[bl_order[rank]].Len, 3);
- }
- Tracev((stderr, "\nbl tree: sent %ld", s->bits_sent));
-
- send_tree(s, (ct_data *)s->dyn_ltree, lcodes-1); /* literal tree */
- Tracev((stderr, "\nlit tree: sent %ld", s->bits_sent));
-
- send_tree(s, (ct_data *)s->dyn_dtree, dcodes-1); /* distance tree */
- Tracev((stderr, "\ndist tree: sent %ld", s->bits_sent));
-}
-
-/* ===========================================================================
- * Send a stored block
- */
-local void ct_stored_block(s, buf, stored_len, eof)
- deflate_state *s;
- charf *buf; /* input block */
- ulg stored_len; /* length of input block */
- int eof; /* true if this is the last block for a file */
-{
- send_bits(s, (STORED_BLOCK<<1)+eof, 3); /* send block type */
- s->compressed_len = (s->compressed_len + 3 + 7) & ~7L;
- s->compressed_len += (stored_len + 4) << 3;
-
- copy_block(s, buf, (unsigned)stored_len, 1); /* with header */
-}
-
-/* Send just the `stored block' type code without any length bytes or data.
- */
-local void ct_stored_type_only(s)
- deflate_state *s;
-{
- send_bits(s, (STORED_BLOCK << 1), 3);
- bi_windup(s);
- s->compressed_len = (s->compressed_len + 3) & ~7L;
-}
-
-
-/* ===========================================================================
- * Send one empty static block to give enough lookahead for inflate.
- * This takes 10 bits, of which 7 may remain in the bit buffer.
- * The current inflate code requires 9 bits of lookahead. If the EOB
- * code for the previous block was coded on 5 bits or less, inflate
- * may have only 5+3 bits of lookahead to decode this EOB.
- * (There are no problems if the previous block is stored or fixed.)
- */
-local void ct_align(s)
- deflate_state *s;
-{
- send_bits(s, STATIC_TREES<<1, 3);
- send_code(s, END_BLOCK, static_ltree);
- s->compressed_len += 10L; /* 3 for block type, 7 for EOB */
- bi_flush(s);
- /* Of the 10 bits for the empty block, we have already sent
- * (10 - bi_valid) bits. The lookahead for the EOB of the previous
- * block was thus its length plus what we have just sent.
- */
- if (s->last_eob_len + 10 - s->bi_valid < 9) {
- send_bits(s, STATIC_TREES<<1, 3);
- send_code(s, END_BLOCK, static_ltree);
- s->compressed_len += 10L;
- bi_flush(s);
- }
- s->last_eob_len = 7;
-}
-
-/* ===========================================================================
- * Determine the best encoding for the current block: dynamic trees, static
- * trees or store, and output the encoded block to the zip file. This function
- * returns the total compressed length for the file so far.
- */
-local ulg ct_flush_block(s, buf, stored_len, flush)
- deflate_state *s;
- charf *buf; /* input block, or NULL if too old */
- ulg stored_len; /* length of input block */
- int flush; /* Z_FINISH if this is the last block for a file */
-{
- ulg opt_lenb, static_lenb; /* opt_len and static_len in bytes */
- int max_blindex; /* index of last bit length code of non zero freq */
- int eof = flush == Z_FINISH;
-
- ++s->blocks_in_packet;
-
- /* Check if the file is ascii or binary */
- if (s->data_type == UNKNOWN) set_data_type(s);
-
- /* Construct the literal and distance trees */
- build_tree(s, (tree_desc *)(&(s->l_desc)));
- Tracev((stderr, "\nlit data: dyn %ld, stat %ld", s->opt_len,
- s->static_len));
-
- build_tree(s, (tree_desc *)(&(s->d_desc)));
- Tracev((stderr, "\ndist data: dyn %ld, stat %ld", s->opt_len,
- s->static_len));
- /* At this point, opt_len and static_len are the total bit lengths of
- * the compressed block data, excluding the tree representations.
- */
-
- /* Build the bit length tree for the above two trees, and get the index
- * in bl_order of the last bit length code to send.
- */
- max_blindex = build_bl_tree(s);
-
- /* Determine the best encoding. Compute first the block length in bytes */
- opt_lenb = (s->opt_len+3+7)>>3;
- static_lenb = (s->static_len+3+7)>>3;
-
- Tracev((stderr, "\nopt %lu(%lu) stat %lu(%lu) stored %lu lit %u ",
- opt_lenb, s->opt_len, static_lenb, s->static_len, stored_len,
- s->last_lit));
-
- if (static_lenb <= opt_lenb) opt_lenb = static_lenb;
-
- /* If compression failed and this is the first and last block,
- * and if the .zip file can be seeked (to rewrite the local header),
- * the whole file is transformed into a stored file:
- */
-#ifdef STORED_FILE_OK
-# ifdef FORCE_STORED_FILE
- if (eof && compressed_len == 0L) /* force stored file */
-# else
- if (stored_len <= opt_lenb && eof && s->compressed_len==0L && seekable())
-# endif
- {
- /* Since LIT_BUFSIZE <= 2*WSIZE, the input data must be there: */
- if (buf == (charf*)0) error ("block vanished");
-
- copy_block(buf, (unsigned)stored_len, 0); /* without header */
- s->compressed_len = stored_len << 3;
- s->method = STORED;
- } else
-#endif /* STORED_FILE_OK */
-
- /* For Z_PACKET_FLUSH, if we don't achieve the required minimum
- * compression, and this block contains all the data since the last
- * time we used Z_PACKET_FLUSH, then just omit this block completely
- * from the output.
- */
- if (flush == Z_PACKET_FLUSH && s->blocks_in_packet == 1
- && opt_lenb > stored_len - s->minCompr) {
- s->blocks_in_packet = 0;
- /* output nothing */
- } else
-
-#ifdef FORCE_STORED
- if (buf != (char*)0) /* force stored block */
-#else
- if (stored_len+4 <= opt_lenb && buf != (char*)0)
- /* 4: two words for the lengths */
-#endif
- {
- /* The test buf != NULL is only necessary if LIT_BUFSIZE > WSIZE.
- * Otherwise we can't have processed more than WSIZE input bytes since
- * the last block flush, because compression would have been
- * successful. If LIT_BUFSIZE <= WSIZE, it is never too late to
- * transform a block into a stored block.
- */
- ct_stored_block(s, buf, stored_len, eof);
- } else
-
-#ifdef FORCE_STATIC
- if (static_lenb >= 0) /* force static trees */
-#else
- if (static_lenb == opt_lenb)
-#endif
- {
- send_bits(s, (STATIC_TREES<<1)+eof, 3);
- compress_block(s, (ct_data *)static_ltree, (ct_data *)static_dtree);
- s->compressed_len += 3 + s->static_len;
- } else {
- send_bits(s, (DYN_TREES<<1)+eof, 3);
- send_all_trees(s, s->l_desc.max_code+1, s->d_desc.max_code+1,
- max_blindex+1);
- compress_block(s, (ct_data *)s->dyn_ltree, (ct_data *)s->dyn_dtree);
- s->compressed_len += 3 + s->opt_len;
- }
- Assert (s->compressed_len == s->bits_sent, "bad compressed size");
- init_block(s);
-
- if (eof) {
- bi_windup(s);
- s->compressed_len += 7; /* align on byte boundary */
- }
- Tracev((stderr,"\ncomprlen %lu(%lu) ", s->compressed_len>>3,
- s->compressed_len-7*eof));
-
- return s->compressed_len >> 3;
-}
-
-/* ===========================================================================
- * Save the match info and tally the frequency counts. Return true if
- * the current block must be flushed.
- */
-local int ct_tally (s, dist, lc)
- deflate_state *s;
- int dist; /* distance of matched string */
- int lc; /* match length-MIN_MATCH or unmatched char (if dist==0) */
-{
- s->d_buf[s->last_lit] = (ush)dist;
- s->l_buf[s->last_lit++] = (uch)lc;
- if (dist == 0) {
- /* lc is the unmatched char */
- s->dyn_ltree[lc].Freq++;
- } else {
- s->matches++;
- /* Here, lc is the match length - MIN_MATCH */
- dist--; /* dist = match distance - 1 */
- Assert((ush)dist < (ush)MAX_DIST(s) &&
- (ush)lc <= (ush)(MAX_MATCH-MIN_MATCH) &&
- (ush)d_code(dist) < (ush)D_CODES, "ct_tally: bad match");
-
- s->dyn_ltree[length_code[lc]+LITERALS+1].Freq++;
- s->dyn_dtree[d_code(dist)].Freq++;
- }
-
- /* Try to guess if it is profitable to stop the current block here */
- if (s->level > 2 && (s->last_lit & 0xfff) == 0) {
- /* Compute an upper bound for the compressed length */
- ulg out_length = (ulg)s->last_lit*8L;
- ulg in_length = (ulg)s->strstart - s->block_start;
- int dcode;
- for (dcode = 0; dcode < D_CODES; dcode++) {
- out_length += (ulg)s->dyn_dtree[dcode].Freq *
- (5L+extra_dbits[dcode]);
- }
- out_length >>= 3;
- Tracev((stderr,"\nlast_lit %u, in %ld, out ~%ld(%ld%%) ",
- s->last_lit, in_length, out_length,
- 100L - out_length*100L/in_length));
- if (s->matches < s->last_lit/2 && out_length < in_length/2) return 1;
- }
- return (s->last_lit == s->lit_bufsize-1);
- /* We avoid equality with lit_bufsize because of wraparound at 64K
- * on 16 bit machines and because stored blocks are restricted to
- * 64K-1 bytes.
- */
-}
-
-/* ===========================================================================
- * Send the block data compressed using the given Huffman trees
- */
-local void compress_block(s, ltree, dtree)
- deflate_state *s;
- ct_data *ltree; /* literal tree */
- ct_data *dtree; /* distance tree */
-{
- unsigned dist; /* distance of matched string */
- int lc; /* match length or unmatched char (if dist == 0) */
- unsigned lx = 0; /* running index in l_buf */
- unsigned code; /* the code to send */
- int extra; /* number of extra bits to send */
-
- if (s->last_lit != 0) do {
- dist = s->d_buf[lx];
- lc = s->l_buf[lx++];
- if (dist == 0) {
- send_code(s, lc, ltree); /* send a literal byte */
- Tracecv(isgraph(lc), (stderr," '%c' ", lc));
- } else {
- /* Here, lc is the match length - MIN_MATCH */
- code = length_code[lc];
- send_code(s, code+LITERALS+1, ltree); /* send the length code */
- extra = extra_lbits[code];
- if (extra != 0) {
- lc -= base_length[code];
- send_bits(s, lc, extra); /* send the extra length bits */
- }
- dist--; /* dist is now the match distance - 1 */
- code = d_code(dist);
- Assert (code < D_CODES, "bad d_code");
-
- send_code(s, code, dtree); /* send the distance code */
- extra = extra_dbits[code];
- if (extra != 0) {
- dist -= base_dist[code];
- send_bits(s, dist, extra); /* send the extra distance bits */
- }
- } /* literal or match pair ? */
-
- /* Check that the overlay between pending_buf and d_buf+l_buf is ok: */
- Assert(s->pending < s->lit_bufsize + 2*lx, "pendingBuf overflow");
-
- } while (lx < s->last_lit);
-
- send_code(s, END_BLOCK, ltree);
- s->last_eob_len = ltree[END_BLOCK].Len;
-}
-
-/* ===========================================================================
- * Set the data type to ASCII or BINARY, using a crude approximation:
- * binary if more than 20% of the bytes are <= 6 or >= 128, ascii otherwise.
- * IN assertion: the fields freq of dyn_ltree are set and the total of all
- * frequencies does not exceed 64K (to fit in an int on 16 bit machines).
- */
-local void set_data_type(s)
- deflate_state *s;
-{
- int n = 0;
- unsigned ascii_freq = 0;
- unsigned bin_freq = 0;
- while (n < 7) bin_freq += s->dyn_ltree[n++].Freq;
- while (n < 128) ascii_freq += s->dyn_ltree[n++].Freq;
- while (n < LITERALS) bin_freq += s->dyn_ltree[n++].Freq;
- s->data_type = (Byte)(bin_freq > (ascii_freq >> 2) ? BINARY : ASCII);
-}
-
-/* ===========================================================================
- * Reverse the first len bits of a code, using straightforward code (a faster
- * method would use a table)
- * IN assertion: 1 <= len <= 15
- */
-local unsigned bi_reverse(code, len)
- unsigned code; /* the value to invert */
- int len; /* its bit length */
-{
- register unsigned res = 0;
- do {
- res |= code & 1;
- code >>= 1, res <<= 1;
- } while (--len > 0);
- return res >> 1;
-}
-
-/* ===========================================================================
- * Flush the bit buffer, keeping at most 7 bits in it.
- */
-local void bi_flush(s)
- deflate_state *s;
-{
- if (s->bi_valid == 16) {
- put_short(s, s->bi_buf);
- s->bi_buf = 0;
- s->bi_valid = 0;
- } else if (s->bi_valid >= 8) {
- put_byte(s, (Byte)s->bi_buf);
- s->bi_buf >>= 8;
- s->bi_valid -= 8;
- }
-}
-
-/* ===========================================================================
- * Flush the bit buffer and align the output on a byte boundary
- */
-local void bi_windup(s)
- deflate_state *s;
-{
- if (s->bi_valid > 8) {
- put_short(s, s->bi_buf);
- } else if (s->bi_valid > 0) {
- put_byte(s, (Byte)s->bi_buf);
- }
- s->bi_buf = 0;
- s->bi_valid = 0;
-#ifdef DEBUG_ZLIB
- s->bits_sent = (s->bits_sent+7) & ~7;
-#endif
-}
-
-/* ===========================================================================
- * Copy a stored block, storing first the length and its
- * one's complement if requested.
- */
-local void copy_block(s, buf, len, header)
- deflate_state *s;
- charf *buf; /* the input data */
- unsigned len; /* its length */
- int header; /* true if block header must be written */
-{
- bi_windup(s); /* align on byte boundary */
- s->last_eob_len = 8; /* enough lookahead for inflate */
-
- if (header) {
- put_short(s, (ush)len);
- put_short(s, (ush)~len);
-#ifdef DEBUG_ZLIB
- s->bits_sent += 2*16;
-#endif
- }
-#ifdef DEBUG_ZLIB
- s->bits_sent += (ulg)len<<3;
-#endif
- while (len--) {
- put_byte(s, *buf++);
- }
-}
-
-
/*+++++*/
/* infblock.h -- header to use infblock.c
* Copyright (C) 1995 Mark Adler
# include <unix.h>
#endif
-/* Maximum value for memLevel in deflateInit2 */
-#ifndef MAX_MEM_LEVEL
-# ifdef MAXSEG_64K
-# define MAX_MEM_LEVEL 8
-# else
-# define MAX_MEM_LEVEL 9
-# endif
-#endif
-
#ifndef FAR
# define FAR
#endif
# define MAX_WBITS 15 /* 32K LZ77 window */
#endif
-/* The memory requirements for deflate are (in bytes):
- 1 << (windowBits+2) + 1 << (memLevel+9)
- that is: 128K for windowBits=15 + 128K for memLevel = 8 (default values)
- plus a few kilobytes for small objects. For example, if you want to reduce
- the default memory requirements from 256K to 128K, compile with
- make CFLAGS="-O -DMAX_WBITS=14 -DMAX_MEM_LEVEL=7"
- Of course this will generally degrade compression (there's no free lunch).
-
+/*
The memory requirements for inflate are (in bytes) 1 << windowBits
that is, 32K for windowBits=15 (default value) plus a few kilobytes
for small objects.
/* basic functions */
-extern int deflateInit OF((z_stream *strm, int level));
-/*
- Initializes the internal stream state for compression. The fields
- zalloc, zfree and opaque must be initialized before by the caller.
- If zalloc and zfree are set to Z_NULL, deflateInit updates them to
- use default allocation functions.
-
- The compression level must be Z_DEFAULT_COMPRESSION, or between 1 and 9:
- 1 gives best speed, 9 gives best compression. Z_DEFAULT_COMPRESSION requests
- a default compromise between speed and compression (currently equivalent
- to level 6).
-
- deflateInit returns Z_OK if success, Z_MEM_ERROR if there was not
- enough memory, Z_STREAM_ERROR if level is not a valid compression level.
- msg is set to null if there is no error message. deflateInit does not
- perform any compression: this will be done by deflate().
-*/
-
-
-extern int deflate OF((z_stream *strm, int flush));
-/*
- Performs one or both of the following actions:
-
- - Compress more input starting at next_in and update next_in and avail_in
- accordingly. If not all input can be processed (because there is not
- enough room in the output buffer), next_in and avail_in are updated and
- processing will resume at this point for the next call of deflate().
-
- - Provide more output starting at next_out and update next_out and avail_out
- accordingly. This action is forced if the parameter flush is non zero.
- Forcing flush frequently degrades the compression ratio, so this parameter
- should be set only when necessary (in interactive applications).
- Some output may be provided even if flush is not set.
-
- Before the call of deflate(), the application should ensure that at least
- one of the actions is possible, by providing more input and/or consuming
- more output, and updating avail_in or avail_out accordingly; avail_out
- should never be zero before the call. The application can consume the
- compressed output when it wants, for example when the output buffer is full
- (avail_out == 0), or after each call of deflate().
-
- If the parameter flush is set to Z_PARTIAL_FLUSH, the current compression
- block is terminated and flushed to the output buffer so that the
- decompressor can get all input data available so far. For method 9, a future
- variant on method 8, the current block will be flushed but not terminated.
- If flush is set to Z_FULL_FLUSH, the compression block is terminated, a
- special marker is output and the compression dictionary is discarded; this
- is useful to allow the decompressor to synchronize if one compressed block
- has been damaged (see inflateSync below). Flushing degrades compression and
- so should be used only when necessary. Using Z_FULL_FLUSH too often can
- seriously degrade the compression. If deflate returns with avail_out == 0,
- this function must be called again with the same value of the flush
- parameter and more output space (updated avail_out), until the flush is
- complete (deflate returns with non-zero avail_out).
-
- If the parameter flush is set to Z_PACKET_FLUSH, the compression
- block is terminated, and a zero-length stored block is output,
- omitting the length bytes (the effect of this is that the 3-bit type
- code 000 for a stored block is output, and the output is then
- byte-aligned). This is designed for use at the end of a PPP packet.
- In addition, if the current compression block contains all the data
- since the last Z_PACKET_FLUSH, it is never output as a stored block.
- If the current compression block output as a static or dynamic block
- would not be at least `minCompression' bytes smaller than the
- original data, then nothing is output for that block. (The type
- code for the zero-length stored block is still output, resulting in
- a single zero byte being output for the whole packet.)
- `MinCompression' is a parameter to deflateInit2, or 0 if deflateInit
- is used.
-
- If the parameter flush is set to Z_FINISH, all pending input is processed,
- all pending output is flushed and deflate returns with Z_STREAM_END if there
- was enough output space; if deflate returns with Z_OK, this function must be
- called again with Z_FINISH and more output space (updated avail_out) but no
- more input data, until it returns with Z_STREAM_END or an error. After
- deflate has returned Z_STREAM_END, the only possible operations on the
- stream are deflateReset or deflateEnd.
-
- Z_FINISH can be used immediately after deflateInit if all the compression
- is to be done in a single step. In this case, avail_out must be at least
- 0.1% larger than avail_in plus 12 bytes. If deflate does not return
- Z_STREAM_END, then it must be called again as described above.
-
- deflate() may update data_type if it can make a good guess about
- the input data type (Z_ASCII or Z_BINARY). In doubt, the data is considered
- binary. This field is only for information purposes and does not affect
- the compression algorithm in any manner.
-
- deflate() returns Z_OK if some progress has been made (more input
- processed or more output produced), Z_STREAM_END if all input has been
- consumed and all output has been produced (only when flush is set to
- Z_FINISH), Z_STREAM_ERROR if the stream state was inconsistent (for example
- if next_in or next_out was NULL), Z_BUF_ERROR if no progress is possible.
-*/
-
-
-extern int deflateEnd OF((z_stream *strm));
-/*
- All dynamically allocated data structures for this stream are freed.
- This function discards any unprocessed input and does not flush any
- pending output.
-
- deflateEnd returns Z_OK if success, Z_STREAM_ERROR if the
- stream state was inconsistent. In the error case, msg may be set
- but then points to a static string (which must not be deallocated).
-*/
-
-
extern int inflateInit OF((z_stream *strm));
/*
Initializes the internal stream state for decompression. The fields
The following functions are needed only in some special applications.
*/
-extern int deflateInit2 OF((z_stream *strm,
- int level,
- int method,
- int windowBits,
- int memLevel,
- int strategy,
- int minCompression));
-/*
- This is another version of deflateInit with more compression options. The
- fields next_in, zalloc and zfree must be initialized before by the caller.
-
- The method parameter is the compression method. It must be 8 in this
- version of the library. (Method 9 will allow a 64K history buffer and
- partial block flushes.)
-
- The windowBits parameter is the base two logarithm of the window size
- (the size of the history buffer). It should be in the range 8..15 for this
- version of the library (the value 16 will be allowed for method 9). Larger
- values of this parameter result in better compression at the expense of
- memory usage. The default value is 15 if deflateInit is used instead.
-
- The memLevel parameter specifies how much memory should be allocated
- for the internal compression state. memLevel=1 uses minimum memory but
- is slow and reduces compression ratio; memLevel=9 uses maximum memory
- for optimal speed. The default value is 8. See zconf.h for total memory
- usage as a function of windowBits and memLevel.
-
- The strategy parameter is used to tune the compression algorithm. Use
- the value Z_DEFAULT_STRATEGY for normal data, Z_FILTERED for data
- produced by a filter (or predictor), or Z_HUFFMAN_ONLY to force Huffman
- encoding only (no string match). Filtered data consists mostly of small
- values with a somewhat random distribution. In this case, the
- compression algorithm is tuned to compress them better. The strategy
- parameter only affects the compression ratio but not the correctness of
- the compressed output even if it is not set appropriately.
-
- The minCompression parameter specifies the minimum reduction in size
- required for a compressed block to be output when Z_PACKET_FLUSH is
- used (see the description of deflate above).
-
- If next_in is not null, the library will use this buffer to hold also
- some history information; the buffer must either hold the entire input
- data, or have at least 1<<(windowBits+1) bytes and be writable. If next_in
- is null, the library will allocate its own history buffer (and leave next_in
- null). next_out need not be provided here but must be provided by the
- application for the next call of deflate().
-
- If the history buffer is provided by the application, next_in must
- must never be changed by the application since the compressor maintains
- information inside this buffer from call to call; the application
- must provide more input only by increasing avail_in. next_in is always
- reset by the library in this case.
-
- deflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was
- not enough memory, Z_STREAM_ERROR if a parameter is invalid (such as
- an invalid method). msg is set to null if there is no error message.
- deflateInit2 does not perform any compression: this will be done by
- deflate().
-*/
-
-extern int deflateCopy OF((z_stream *dest,
- z_stream *source));
-/*
- Sets the destination stream as a complete copy of the source stream. If
- the source stream is using an application-supplied history buffer, a new
- buffer is allocated for the destination stream. The compressed output
- buffer is always application-supplied. It's the responsibility of the
- application to provide the correct values of next_out and avail_out for the
- next call of deflate.
-
- This function is useful when several compression strategies will be
- tried, for example when there are several ways of pre-processing the input
- data with a filter. The streams that will be discarded should then be freed
- by calling deflateEnd. Note that deflateCopy duplicates the internal
- compression state which can be quite large, so this strategy is slow and
- can consume lots of memory.
-
- deflateCopy returns Z_OK if success, Z_MEM_ERROR if there was not
- enough memory, Z_STREAM_ERROR if the source stream state was inconsistent
- (such as zalloc being NULL). msg is left unchanged in both source and
- destination.
-*/
-
-extern int deflateReset OF((z_stream *strm));
-/*
- This function is equivalent to deflateEnd followed by deflateInit,
- but does not free and reallocate all the internal compression state.
- The stream will keep the same compression level and any other attributes
- that may have been set by deflateInit2.
-
- deflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source
- stream state was inconsistent (such as zalloc or state being NULL).
-*/
-
extern int inflateInit2 OF((z_stream *strm,
int windowBits));
/*
--- /dev/null
+sbin_PROGRAMS = pppstats
+dist_man8_MANS = pppstats.8
+
+pppstats_SOURCES = pppstats.c
+pppstats_CFLAGS =
+pppstats_CPPFLAGS =
+
+if SUNOS
+pppstats_CPPFLAGS += -DSTREAMS
+endif
+++ /dev/null
-#
-# pppstats makefile
-#
-CROSS_COMPILE=@CROSS_COMPILE@
-CC=$(CROSS_COMPILE)@CC@
-COPTS=@CFLAGS@
-
-DESTDIR = $(INSTROOT)@DESTDIR@
-BINDIR = $(DESTDIR)/sbin
-MANDIR = $(DESTDIR)/share/man/man8
-
-PPPSTATSRCS = pppstats.c
-PPPSTATOBJS = pppstats.o
-
-COMPILE_FLAGS = -I../include
-LIBS =
-
-INSTALL= install
-
-CFLAGS = $(COPTS) $(COMPILE_FLAGS)
-
-all: pppstats
-
-install: pppstats
- -mkdir -p $(MANDIR)
- $(INSTALL) -c pppstats $(BINDIR)
- $(INSTALL) -c -m 444 pppstats.8 $(MANDIR)
-
-pppstats: $(PPPSTATSRCS)
- $(CC) $(CFLAGS) $(LDFLAGS) -o pppstats pppstats.c $(LIBS)
-
-clean:
- rm -f pppstats *~ #* core
-
-depend:
- cpp -M $(CFLAGS) $(PPPSTATSRCS) >.depend
-# makedepend $(CFLAGS) $(PPPSTATSRCS)
+++ /dev/null
-#
-# pppstats Makefile for SVR4 systems
-# $Id: Makefile.sol2,v 1.10 2002/09/07 05:15:25 carlsonj Exp $
-#
-
-include ../Makedefs.com
-
-CFLAGS = -DSTREAMS -I../include $(COPTS)
-
-all: pppstats
-
-pppstats: pppstats.c
- $(CC) $(CFLAGS) -o pppstats pppstats.c
-
-install: pppstats
- $(INSTALL) -f $(BINDIR) pppstats
- $(INSTALL) -m 444 -f $(MANDIR)/man8 pppstats.8
-
-clean:
- rm -f pppstats *~ core
#ifndef __linux__
#include <net/if.h>
#include <net/ppp_defs.h>
-#include <net/if_ppp.h>
#else
/* Linux */
#if __GLIBC__ >= 2
#include <linux/if.h>
#endif
#include <linux/ppp_defs.h>
-#include <linux/if_ppp.h>
+#include <linux/ppp-ioctl.h>
+
#endif /* __linux__ */
#else /* STREAMS */
static void
get_ppp_stats(struct ppp_stats *curp)
{
- struct ifpppstatsreq req;
+ struct ifreq req;
memset (&req, 0, sizeof (req));
-#ifdef __linux__
- req.stats_ptr = (caddr_t) &req.stats;
-#undef ifr_name
-#define ifr_name ifr__name
-#endif
+ req.ifr_data = (caddr_t) curp;
strncpy(req.ifr_name, interface, IFNAMSIZ);
req.ifr_name[IFNAMSIZ - 1] = 0;
perror("couldn't get PPP statistics");
exit(1);
}
- *curp = req.stats;
}
static void
get_ppp_cstats(struct ppp_comp_stats *csp)
{
- struct ifpppcstatsreq creq;
+ struct ifreq req;
+ struct ppp_comp_stats stats;
- memset (&creq, 0, sizeof (creq));
+ memset (&req, 0, sizeof (req));
-#ifdef __linux__
- creq.stats_ptr = (caddr_t) &creq.stats;
-#undef ifr_name
-#define ifr_name ifr__name
-#endif
+ req.ifr_data = (caddr_t) &stats;
- strncpy(creq.ifr_name, interface, IFNAMSIZ);
- creq.ifr_name[IFNAMSIZ - 1] = 0;
- if (ioctl(s, SIOCGPPPCSTATS, &creq) < 0) {
+ strncpy(req.ifr_name, interface, IFNAMSIZ);
+ req.ifr_name[IFNAMSIZ - 1] = 0;
+ if (ioctl(s, SIOCGPPPCSTATS, &req) < 0) {
fprintf(stderr, "%s: ", progname);
if (errno == ENOTTY) {
fprintf(stderr, "no kernel compression support\n");
}
#ifdef __linux__
- if (creq.stats.c.bytes_out == 0) {
- creq.stats.c.bytes_out = creq.stats.c.comp_bytes + creq.stats.c.inc_bytes;
- creq.stats.c.in_count = creq.stats.c.unc_bytes;
+ if (stats.c.bytes_out == 0) {
+ stats.c.bytes_out = stats.c.comp_bytes + stats.c.inc_bytes;
+ stats.c.in_count = stats.c.unc_bytes;
}
- if (creq.stats.c.bytes_out == 0)
- creq.stats.c.ratio = 0.0;
+ if (stats.c.bytes_out == 0)
+ stats.c.ratio = 0.0;
else
- creq.stats.c.ratio = 256.0 * creq.stats.c.in_count /
- creq.stats.c.bytes_out;
+ stats.c.ratio = 256.0 * stats.c.in_count / stats.c.bytes_out;
- if (creq.stats.d.bytes_out == 0) {
- creq.stats.d.bytes_out = creq.stats.d.comp_bytes + creq.stats.d.inc_bytes;
- creq.stats.d.in_count = creq.stats.d.unc_bytes;
+ if (stats.d.bytes_out == 0) {
+ stats.d.bytes_out = stats.d.comp_bytes + stats.d.inc_bytes;
+ stats.d.in_count = stats.d.unc_bytes;
}
- if (creq.stats.d.bytes_out == 0)
- creq.stats.d.ratio = 0.0;
+ if (stats.d.bytes_out == 0)
+ stats.d.ratio = 0.0;
else
- creq.stats.d.ratio = 256.0 * creq.stats.d.in_count /
- creq.stats.d.bytes_out;
+ stats.d.ratio = 256.0 * stats.d.in_count / stats.d.bytes_out;
#endif
- *csp = creq.stats;
+ *csp = stats;
}
#else /* STREAMS */
static void
get_ppp_stats(struct ppp_stats *curp)
{
- if (strioctl(s, PPPIO_GETSTAT, curp, 0, sizeof(*curp)) < 0) {
+ if (strioctl(s, PPPIO_GETSTAT, (char*) curp, 0, sizeof(*curp)) < 0) {
fprintf(stderr, "%s: ", progname);
if (errno == EINVAL)
fprintf(stderr, "kernel support missing\n");
static void
get_ppp_cstats(struct ppp_comp_stats *csp)
{
- if (strioctl(s, PPPIO_GETCSTAT, csp, 0, sizeof(*csp)) < 0) {
+ if (strioctl(s, PPPIO_GETCSTAT, (char*) csp, 0, sizeof(*csp)) < 0) {
fprintf(stderr, "%s: ", progname);
if (errno == ENOTTY) {
fprintf(stderr, "no kernel compression support\n");
perror(dev);
exit(1);
}
- if (strioctl(s, PPPIO_ATTACH, &unit, sizeof(int), 0) < 0) {
+ if (strioctl(s, PPPIO_ATTACH, (char*) &unit, sizeof(int), 0) < 0) {
fprintf(stderr, "%s: ppp%d is not available\n", progname, unit);
exit(1);
}
# Specifies that pppd should disconnect if the link is idle for n seconds.
idle 600
-# Disable the IPXCP and IPX protocols.
-noipx
-
# ---<End of File>---
--- /dev/null
+EXTRA_CHATCHAT = \
+ chatchat/chatchat.c \
+ chatchat/README
+
+EXTRA_SCRIPTS = \
+ autopppd \
+ callback \
+ chatchat \
+ ip-down.local.add \
+ ip-up.local.add \
+ ipv6-down.sample \
+ ipv6-up.sample \
+ options-rsh-loc \
+ options-rsh-rem \
+ options-ssh-loc \
+ options-ssh-rem \
+ plog \
+ poff \
+ pon \
+ pon.1 \
+ ppp-off \
+ ppp-on \
+ ppp-on-dialer \
+ ppp-on-rsh \
+ ppp-on-ssh \
+ README \
+ redialer \
+ secure-card
+
+EXTRA_DIST= \
+ $(EXTRA_CHATCHAT) \
+ $(EXTRA_SCRIPTS)
syslog('err', "pppd returned: unknown error ($pppd_code), delayed retry");
$pppd_fail = 1;
}
- # if it hasn't ran for at least an hour, then somthing went wrong
+ # if it hasn't ran for at least an hour, then something went wrong
elsif ($pppd_run_time < toseconds("01:00:00")) {
syslog('err',"pppd session didn't last 1 hour, delayed retry");
$pppd_fail = 1;
--- /dev/null
+#!/usr/bin/perl
+# vim: shiftwidth=4 tabstop=4
+#
+# This program dumps to standard output the content of the file written
+# by pppd's lcp-rtt-file configuration option.
+#
+# Copyright (C) Marco d'Itri <md@linux.it>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+
+use v5.14;
+use warnings;
+use autodie;
+
+use POSIX qw(strftime);
+
+{
+ my $data = read_data($ARGV[0] || '/run/ppp-rtt.data');
+ die "The data file is invalid!\n" if not $data;
+ dump_data($data);
+}
+
+sub dump_data {
+ my ($s) = @_;
+
+ say "status: $s->{status}";
+ say "interval: $s->{echo_interval}";
+ say "position: $s->{position}";
+ say 'elements: ' . scalar(@{ $s->{data} });
+ say '';
+
+ foreach (my $i= 0; $i < @{ $s->{data} }; $i++) {
+ my $date = strftime('%F %T', localtime($s->{data}->[$i]->[0]));
+ print "$i\t$date\t$s->{data}->[$i]->[1]\t$s->{data}->[$i]->[2]\n";
+ }
+}
+
+sub read_data {
+ my ($file) = @_;
+
+ my $data;
+ open(my $fh, '<', $file);
+ binmode($fh);
+ my $bytes_read;
+ do {
+ $bytes_read = sysread($fh, $data, 8192, length($data));
+ } while ($bytes_read == 8192);
+ close($fh);
+
+ my ($magic, $status, $position, $echo_interval, $rest)
+ = unpack('NNNN a*', $data);
+ return undef if $magic != 0x19450425;
+
+ # the position is relative to the C array, not to the logical entries
+ $position /= 2;
+
+ my @rawdata = unpack('(N C a3)*', $rest);
+ my @data;
+ while (my ($time, $loss, $rtt) = splice(@rawdata, 0, 3)) {
+ push(@data, [ $time, unpack('N', "\000$rtt"), $loss ]);
+ }
+
+ if (0) {
+ @data =
+ # skip any "empty" (null) entries
+ grep { $_->[0] }
+ # rearrange the list in chronological order
+ (@data[$position+1 .. $#data], @data[0 .. $position]);
+ }
+
+ return {
+ status => $status,
+ echo_interval => $echo_interval,
+ position => $position,
+ data => \@data,
+ };
+}
+
--- /dev/null
+#!/usr/bin/perl
+# vim: shiftwidth=4 tabstop=4
+#
+# This CGI program is a Prometheus exporter for pppd's lcp-rtt-file feature.
+#
+# Copyright (C) Marco d'Itri <md@linux.it>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+
+use v5.14;
+use warnings;
+use autodie;
+
+use List::Util qw(sum max min);
+
+{
+ my $data = read_data('/run/ppp-rtt.data');
+ my $stats = compute_statistics($data, 60);
+
+ my $s = metrics($stats);
+ my $length = length($s);
+
+ print "Content-type: text/plain\n";
+ print "Content-length: $length\n\n$s";
+ exit;
+}
+
+sub metrics {
+ my ($stats) = @_;
+
+ my $s = <<END;
+# TYPE lcp_rtt_status gauge
+# HELP LCP RTT status
+lcp_rtt_status $stats->{status}
+END
+ foreach (qw(average min max loss)) {
+ next if not exists $stats->{$_};
+ $s .= <<END;
+# TYPE lcp_rtt_$_ gauge
+# HELP LCP RTT $_
+lcp_rtt_$_ $stats->{$_}
+END
+ }
+
+ return $s;
+}
+
+sub compute_statistics {
+ my ($data, $length) = @_;
+
+ my $cutoff = time() - $length;
+ my @e = grep { $_->[0] >= $cutoff } @{ $data->{data} };
+ return { status => -1 } if not @e; # no data
+
+ my $average = (sum map { $_->[1] } @e) / scalar(@e);
+ my $min = min map { $_->[1] } @e;
+ my $max = max map { $_->[1] } @e;
+ my $loss = sum map { $_->[2] } @e;
+
+ return {
+ status => $data->{status},
+ average => $average,
+ min => $min,
+ max => $max,
+ loss => $loss,
+ };
+}
+
+sub read_data {
+ my ($file) = @_;
+
+ my $data;
+ open(my $fh, '<', $file);
+ binmode($fh);
+ my $bytes_read;
+ do {
+ $bytes_read = sysread($fh, $data, 8192, length($data));
+ } while ($bytes_read == 8192);
+ close($fh);
+
+ my ($magic, $status, $position, $echo_interval, $rest)
+ = unpack('NNNN a*', $data);
+ return undef if $magic != 0x19450425;
+
+ # the position is relative to the C array, not to the logical entries
+ $position /= 2;
+
+ my @rawdata = unpack('(N C a3)*', $rest);
+ my @data;
+ while (my ($time, $loss, $rtt) = splice(@rawdata, 0, 3)) {
+ push(@data, [ $time, unpack('N', "\000$rtt"), $loss ]);
+ }
+
+ @data =
+ # skip any "empty" (null) entries
+ grep { $_->[0] }
+ # rearrange the list in chronological order
+ (@data[$position+1 .. $#data], @data[0 .. $position]);
+
+ return {
+ status => $status,
+ echo_interval => $echo_interval,
+ position => $position,
+ data => \@data,
+ };
+}
+
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* 4. Redistributions of any form whatsoever must retain the following
* acknowledgment:
* "This product includes software developed by Paul Mackerras
- * <paulus@samba.org>".
+ * <paulus@ozlabs.org>".
*
* THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO
* THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY