From: Paul Mackerras Date: Thu, 26 Mar 1998 03:02:38 +0000 (+0000) Subject: *** empty log message *** X-Git-Tag: RELEASE_2_3_6~86 X-Git-Url: http://git.ozlabs.org/?p=ppp.git;a=commitdiff_plain;h=0986fac0d4b42ade44f889ccc107b3ba5af58c5a *** empty log message *** --- diff --git a/scripts/README b/scripts/README new file mode 100644 index 0000000..088cb09 --- /dev/null +++ b/scripts/README @@ -0,0 +1,91 @@ +This directory contains a set of scripts which have been used on Linux +systems to initiate or maintain a connection with PPP. The files in +this directory were contributed by Al Longyear (longyear@netcom.com). + +------------------------------------------------------------------------ + +1. README + +This file. You are reading it. It is just documentation. + +------------------------------------------------------------------------ + +2. ppp-on + +This script will initiate a connection to the PPP system. It will run +the chat program with the connection script as a parameter. This is a +possible security hole. However, it is simple. It is meant to replace +the previous version of ppp-on which was not very functional. + +The ppp-on script has entries for the account name, password, IP +addresses, and telephone numbers. The parameters are passed to the +pppd process and, then in turn, to the second part of the connect +script, as a set of environment variables. + +Please make sure that you put the full path name to the ppp-on-dialer +script in the reference to it in ppp-on. + +------------------------------------------------------------------------ + +3. ppp-on-dialer + +This is the second part to the simple calling script, ppp-on. It +executes the chat program to connect the user with a standard UNIX +style getty/login connection sequence. + +------------------------------------------------------------------------ + +4. callback + +This script may be used in lieu of the ppp-on-dialer to permit the +common modem callback sequence. You may need to make changes to the +expected prompt string for the modem. + +The script works by disabling the system's detection of the DCD +condition and working on the modem status message "NO CARRIER" which +is generated when the modem disconnects. + +It is crude. It does work for my modem connection. Use as you see fit. + +------------------------------------------------------------------------ + +5. redialer + +The redialer script is a replacement for the ppp-on-dialer script. It +will do 'attack dialing' or 'demon dialing' of one or more telephone +numbers. The first number which responds will be used for a +connection. + +There is a limit of ten attempts and a 15 second delay between dialing +attempts. Both values are set in the script. + +------------------------------------------------------------------------ + +6. ppp-off + +This is a script which will terminate the active ppp connection. Use +as either "ppp-off" to terminate ppp0, or "ppp-off " to +terminate the connection on . For example, "ppp-off ppp2" will +terminate the ppp2 connection. + +------------------------------------------------------------------------ + +7. secure-card + +This script was written by Jim Isaacson . It is a script +for the 'expect' programming language used with Tcl. You need to have +expect and Tcl installed before this script may be used. + +This script will operate with a device marketed under the name "SecureCARD". +This little device is mated with its controller. On the credit card size +device, there is a sequence number which changes on a random basis. In order +for you to connect you need to enter a fixed portion of your account name +and the number which is displayed on this card device. The number must match +the value at the controller in order for the account name to be used. + +The problem is that chat uses fixed response strings. In addition, the +timing for running the script may prevent the use of a script that reads the +value before it starts the dial sequence. What was needed was a script which +asked the user at the user's console at the time that it is needed. + +This led to the use of expect. diff --git a/scripts/callback b/scripts/callback new file mode 100755 index 0000000..3e74e10 --- /dev/null +++ b/scripts/callback @@ -0,0 +1,77 @@ +#!/bin/sh +################################################################### +# +# Script to dial the remote system, negotiate the connection, and send +# it the id. Then wait for the modem to disconnect. Reset the modem +# to answer mode and wait for the system to call back. +# +# The telephone number and modempass are used when establishing the +# connection to the modem. +# +PHONE=555-1212 +MODEMPASS=modem_identifier +# +# Once the modem calls back, the account name and password are used for +# a UNIX style login operation. +# +ACCOUNT=my_account_name +PASSWORD=my_password + +################################################################### +# +# Step 1. Dial the modem and negotiate the initial dialog. +# note: the modem is configured to ignore loss of DCD at this point. +# it is important that this be performed because the loss of DCD +# will normally prevent system from working since 'modem' is used +# for pppd. +# +# The script is terminated normally when the carrier is lost. +# +chat -v \ + TIMEOUT 3 \ + ABORT '\nBUSY\r' \ + ABORT '\nNO ANSWER\r' \ + ABORT '\nRINGING\r\n\r\nRINGING\r' \ + '' AT \ + 'OK-+++\c-OK' 'AT&C0&D2S0=0H0 \ + TIMEOUT 30 \ + OK ATDT$TELEPHONE \ + CONNECT '' \ + assword: $MODEMPASS \ + "\nNO CARRIER\r" + +if [ "$?" = "0" ]; then + +################################################################### +# +# Step 2. Wait for the call back from the remote. This will wait for at most +# 30 seconds for the call back should the first attempt fail or +# something happen with the callback logic at the remote. +# +# note: when the callback occurs, the DCD setting is re-enabled. +# +# If some voice call should happen during this period, the system will +# answer the telephone and then hang up on them. I realize that this is +# rude, but there is little that this script can do. +# + chat -v \ + TIMEOUT 30 \ + ABORT '\nVOICE\r' \ + '\nRING\r' 'AT&C1A' \ + CONNECT '' \ + TIMEOUT 10 \ + ogin:--ogin: $ACCOUNT \ + TIMEOUT 45 \ + assword: $PASSWORD + + if [ "$?" = "0" ]; then + exit 0 + fi +fi + +################################################################### +# +# The script has failed. Terminate the connection mode. +# +chat -v TIMEOUT 3 "" AT 'OK-+++\c-OK' 'AT&C1&D2S0=0H0' OK +exit 1 diff --git a/scripts/chat-callback b/scripts/chat-callback new file mode 100644 index 0000000..d014d6a --- /dev/null +++ b/scripts/chat-callback @@ -0,0 +1,98 @@ +# ===================================================================================== +# Chat script to dial our Company PPP account. +# They uses a call-back system to identify us and to reverse +# charge the call cost. +# ===================================================================================== +# +ECHO OFF +# All the usual abort strings +ABORT "NO CARRIER" +ABORT "VOICE" +ABORT "BUSY" +ABORT "NO DIALTONE" +ABORT "NO ANSWER" +# +# If calling outside allowed time we get this: +# +ABORT "Access denied" +# +# Modem initialisation stuff +# +TIMEOUT 5 +SAY "Initialising modem ...\n" +'' ATE1 +'OK\r\n' ATS0=1S11=60X4&K4S42.1=1 +# +# Now dial our ISP and wait for connection +# +SAY "Dialling our ISP ...\n" +'OK\r\n' ATDT09834657 +TIMEOUT 60 +CONNECT \c +SAY "Connected ...\n" +# +# This is the first stage login, we identify ourself so that the remote +# system will agree to call us back. +# +TIMEOUT 30 +SAY "Sending Callback login ID ...\n" +name:-BREAK-name: callme +# +# From now on, we must assume no carrier is normal as well +# as receiving a HANGUP signal because it will be the +# case if our ISP clears the call to call us back. +# +CLR_ABORT "NO CARRIER" +HANGUP OFF +# +ABORT "Invalid" +# +# Now send password and wait to see what happens +# +SAY "Sending Callback password ...\n" +word:--word: xvsgsgs +"You will be" \c +# +# What can happen now is: +# either: we get "You will be called back..." which is the successful case +# or: we get "Invalid login" and we abort (bad login ID or password) +# or: we get "NO CARRIER" because of an error, this will not abort +# and we will time out after 30 seconds +# or: we get nothing and we will time out after 30 seconds +# +# +# We reach here if we got "You will be called back..." +# +CLR_ABORT "Invalid" +SAY "Now waiting for Call back ...\n" +# +# The remote system will now hangup and we will get both "NO CARRIER" +# and a hangup signal which are ignored. We now wait for a connection +# for up to 120 seconds. What happens here if somebody else calls before +# the remote system is a bit dangerous: +# +# If a malicious user connects and says 'name:', he will see 'PPPuser' +# If he then says 'word:' he will see the passowrd 'blipblop'. I may not +# know to which systems these belong to, though. It is up to you to consider +# that case and decide wether the risk is too big or not .... +# +TIMEOUT 120 +"CONNECT" \c +# +# We have been called, re-arm ABORT on NO CARRIER and normal hangup signal +# behaviour +# +HANGUP ON +ABORT "NO CARRIER" +# +# Second stage login in order to start PPP +# +SAY "Remote system called back, logging in ...\n" +SAY "Sending login ID ...\n" +name:-BREAK-name: PPPuser +SAY "Sending password ...\n" +word:--word: blipblop +SAY "Asking to start PPP ...\n" +'CnetSrv' "ppp default" +"Entering PPP mode" \c +SAY "ISP PPP started ...\n" diff --git a/scripts/ppp-off b/scripts/ppp-off new file mode 100755 index 0000000..a22b5ea --- /dev/null +++ b/scripts/ppp-off @@ -0,0 +1,34 @@ +#!/bin/sh +###################################################################### +# +# Determine the device to be terminated. +# +if [ "$1" = "" ]; then + DEVICE=ppp0 +else + DEVICE=$1 +fi + +###################################################################### +# +# If the ppp0 pid file is present then the program is running. Stop it. +if [ -r /var/run/$DEVICE.pid ]; then + kill -INT `cat /var/run/$DEVICE.pid` +# +# If the kill did not work then there is no process running for this +# pid. It may also mean that the lock file will be left. You may wish +# to delete the lock file at the same time. + if [ ! "$?" = "0" ]; then + rm -f /var/run/$DEVICE.pid + echo "ERROR: Removed stale pid file" + exit 1 + fi +# +# Success. Let pppd clean up its own junk. + echo "PPP link to $DEVICE terminated." + exit 0 +fi +# +# The ppp process is not running for ppp0 +echo "ERROR: PPP link is not active on $DEVICE" +exit 1 diff --git a/scripts/ppp-on b/scripts/ppp-on new file mode 100755 index 0000000..ab79db4 --- /dev/null +++ b/scripts/ppp-on @@ -0,0 +1,36 @@ +#!/bin/sh +# +# Script to initiate a ppp connection. This is the first part of the +# pair of scripts. This is not a secure pair of scripts as the codes +# are visible with the 'ps' command. However, it is simple. +# +# These are the parameters. Change as needed. +TELEPHONE=555-1212 # The telephone number for the connection +ACCOUNT=george # The account name for logon (as in 'George Burns') +PASSWORD=gracie # The password for this account (and 'Gracie Allen') +LOCAL_IP=0.0.0.0 # Local IP address if known. Dynamic = 0.0.0.0 +REMOTE_IP=0.0.0.0 # Remote IP address if desired. Normally 0.0.0.0 +NETMASK=255.255.255.0 # The proper netmask if needed +# +# Export them so that they will be available at 'ppp-on-dialer' time. +export TELEPHONE ACCOUNT PASSWORD +# +# This is the location of the script which dials the phone and logs +# in. Please use the absolute file name as the $PATH variable is not +# used on the connect option. (To do so on a 'root' account would be +# a security hole so don't ask.) +# +DIALER_SCRIPT=/etc/ppp/ppp-on-dialer +# +# Initiate the connection +# +# I put most of the common options on this command. Please, don't +# forget the 'lock' option or some programs such as mgetty will not +# work. The asyncmap and escape will permit the PPP link to work with +# a telnet or rlogin connection. You are welcome to make any changes +# as desired. Don't use the 'defaultroute' option if you currently +# have a default route to an ethernet gateway. +# +exec /usr/sbin/pppd debug lock modem crtscts /dev/ttyS0 38400 \ + asyncmap 20A0000 escape FF kdebug 0 $LOCAL_IP:$REMOTE_IP \ + noipdefault netmask $NETMASK defaultroute connect $DIALER_SCRIPT diff --git a/scripts/ppp-on-dialer b/scripts/ppp-on-dialer new file mode 100755 index 0000000..7d66765 --- /dev/null +++ b/scripts/ppp-on-dialer @@ -0,0 +1,17 @@ +#!/bin/sh +# +# This is part 2 of the ppp-on script. It will perform the connection +# protocol for the desired connection. +# +exec chat -v \ + TIMEOUT 3 \ + ABORT '\nBUSY\r' \ + ABORT '\nNO ANSWER\r' \ + ABORT '\nRINGING\r\n\r\nRINGING\r' \ + '' \rAT \ + 'OK-+++\c-OK' ATH0 \ + TIMEOUT 30 \ + OK ATDT$TELEPHONE \ + CONNECT '' \ + ogin:--ogin: $ACCOUNT \ + assword: $PASSWORD diff --git a/scripts/redialer b/scripts/redialer new file mode 100755 index 0000000..5bbde4e --- /dev/null +++ b/scripts/redialer @@ -0,0 +1,96 @@ +#!/bin/sh +################################################################### +# +# These parameters control the attack dialing sequence. +# +# Maximum number of attempts to reach the telephone number(s) +MAX_ATTEMPTS=10 + +# Delay between each of the attempts. This is a parameter to sleep +# so use "15s" for 15 seconds, "1m" for 1 minute, etc. +SLEEP_DELAY=15s + +################################################################### +# +# This is a list of telephone numbers. Add new numbers if you wish +# and see the function 'callall' below for the dial process. +PHONE1=555-1212 +PHONE2=411 + +################################################################### +# +# If you use the ppp-on script, then these are passed to this routine +# automatically. There is no need to define them here. If not, then +# you will need to set the values. +# +ACCOUNT=my_account_name +PASSWORD=my_password + +################################################################### +# +# Function to initialize the modem and ensure that it is in command +# state. This may not be needed, but it doesn't hurt. +# +function initialize +{ + chat -v TIMEOUT 3 '' AT 'OK-+++\c-OK' + return +} + +################################################################### +# +# Script to dial a telephone +# +function callnumber +{ +chat -v \ + ABORT '\nBUSY\r' \ + ABORT '\nNO ANSWER\r' \ + ABORT '\nRINGING\r\n\r\nRINGING\r' \ + '' ATDT$1 \ + CONNECT '' \ + ogin:--ogin: $ACCOUNT \ + assword: $PASSWORD +# +# If the connection was successful then end the whole script with a +# success. +# + if [ "$?" = "0" ]; then + exit 0 + fi + + return +} + +################################################################### +# +# Script to dial any telephone number +# +function callall +{ +# echo "dialing attempt number: $1" >/dev/console + callnumber $PHONE1 +# callnumber $PHONE2 +} + +################################################################### +# +# Initialize the modem to ensure that it is in the command state +# +initialize +if [ ! "$?" = "0" ]; then + exit 1 +fi + +# +# Dial telephone numbers until one answers +# +attempt=0 +while : ; do + attempt=`expr $attempt + 1` + callall $attempt + if [ "$attempt" = "$MAX_ATTEMPTS" ]; then + exit 1 + fi + sleep "$SLEEP_DELAY" +done diff --git a/scripts/secure-card b/scripts/secure-card new file mode 100755 index 0000000..a32138b --- /dev/null +++ b/scripts/secure-card @@ -0,0 +1,111 @@ +#!/usr/local/bin/expect -f +# +# This script was written by Jim Isaacson . It is +# designed to work as a script to use the SecureCARD(tm) device. This +# little device is mated with a central controller. The number displayed +# on this card changes every so often and you need to enter the number +# along with your user account name in order to gain access. Since chat +# is based upon fixed strings this procedure will not work with chat. +# +# It is included by permission. An excellent reference for the expect +# program used by this script is in the book: +# +# "Exploring Expect" +# by Don Libes +# Published by O'Rielly and Associates +# + +send_user "hello, starting ppp\n" + +system "stty 19200 -echoe -echo raw < /dev/cua3 > /dev/cua3" + +# +# These are the parameters for the program. +# +set user Pxxxxxx +set password xxxxxxx +set modem /dev/cua3 +set dialup +set timeout 60 + +spawn -noecho -open [open $modem "r+"] + +send "AT&F\r" +expect "OK" + +send "ATe0v1x4&c1q0&d2&c1s2=128s0=0DT $dialup\r" +set timeout 15 +set counter 0 + +set still_connecting 1 + +expect { + -re ".*CONNECT.*\n" { + set timeout 5 + set still_connecting 0 + continue -expect + } + -re ".*CONNECT.*\r" { + set timeout 5 + set still_connecting 0 + continue -expect + } + -re ".*NO.*CARRIER" { + send_user "Failed to Connect, exiting...\n" + exit + } + -re ".*NO.*DIAL.*TONE" { + send_user "Failed to Connect, exiting...\n" + exit + } + -re ".*VOICE" { + send_user "Failed to Connect, exiting...\n" + exit + } + -re ".*sscode:.*\n" { + continue -expect + } + -re ".*sscode:" { + set timeout -1 + expect_user -re "(.*)\n" + send "$expect_out(1,string)\r" + set timeout 30 + continue -expect + } + -re ".*Next.*:" { + set timeout -1 + expect_user -re "(.*)\n" + send "$expect_out(1,string)\r" + set timeout 30 + continue -expect + } + -re "Your.*" { + send "\r" + continue -expect + } + -re ".*in:" { + send "$user\r" + continue -expect + } + -re ".*word:" { + send "$password\r" + } + + timeout { + if { $still_connecting > 0 } { + continue -expect + } + set timeout 15 + send "\r" + incr counter + if { $counter > 8 } { + send_user "Cannot Connect\n" + exit + } else { + continue -expect + } + } +} + +overlay -0 $spawn_id -1 $spawn_id pppd /dev/cua3 19200 192.111.187.215: \ + crtscts modem defaultroute debug