pppd: Use openssl for the DES instead of the libcrypt / glibc
It seems the latest glibc (in Fedora glibc-2.27.9000-12.fc29) dropped
libcrypt. The libxcrypt standalone package can be used instead, but
it dropped the old setkey/encrypt API which ppp uses for DES. There
is support for using openssl in pppcrypt.c, but it contains typos
preventing it from compiling and seems to be written for an ancient
openssl version.
This updates the code to use current openssl.
[paulus@ozlabs.org - wrote the commit description, fixed comment in
Makefile.linux.]
Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com> Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
Paul Mackerras [Sat, 23 Jun 2018 07:26:42 +0000 (17:26 +1000)]
pppd: Don't try to free(NULL - 1)
A logic bug in update_script_environment() means that it can call
remove_script_env() even when the variable being removed is not
present in the script_env array. The result of that is that
remove_script_env() will call free() with argument NULL - 1.
To fix this, we avoid calling remove_script_env() in this case.
Paul Mackerras [Sat, 23 Jun 2018 06:40:27 +0000 (16:40 +1000)]
pppd: Fix compile warning due to comparing pointer to NUL character
Evidently this means to check for arg pointing to an empty string,
not arg being NULL, since the ensuing error talks about the variable
name being missing.
Vegard Nossum [Wed, 13 Jun 2018 10:38:53 +0000 (12:38 +0200)]
pppd: Fix printing call in print_option()
print_option() was in this case passing p/opt->addr2 as the format string
instead of the string to be printed (as a quoted string). That could lead
to a nasty crash.
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com> Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
This makes the makefiles include $(LDFLAGS) as a parameter when
linking executables. Distros use this as a way of applying linker
flags across all the executables they build.
[paulus@ozlabs.org - supplied the patch description]
Signed-off-by: Jaroslav Škarvada <jskarvad@redhat.com>
Jacob Floyd [Sat, 11 Mar 2017 05:25:23 +0000 (23:25 -0600)]
Use systemd's sd_notify with option up_sdnotify
This adds an up_sdnotify option so that systemd services of
Type=notify can have pppd send the READY=1 signal to systemd
once a network protocol (typically IP) is up.
To use up_sdnotify, pppd must be compiled with SYSTEMD=y.
up_sdnotify is safe as a non-priveleged option because systemd will
ignore any notifications that it is not expecting. If systemd starts
pppd in a unit-file that is Type=notify, then (and only then) will it
handle the READY=1 signal. If systemd didn't start the process, it
ignroes any notifications unless the signaling process was started by a
service that systemd is monitoring (directly or indirectly, such as a
grandchild process in the same cgroup as a process that systemd started)
AND that service is Type=notify, AND that service is explicitly
configured to allow other processes to send a notification on behalf of
that service by setting NotifyAccess=all.
Also, the socket used is defined in an environment variable provided and
deleted by systemd, allowing system and user services to use a different
socket. I really don't think there's any way to use that socket (even via
the sd_notify api of their library) to gain elevated privileges.
Another reason that up_sdnotify is a non-priveleged option is for cases
where ppp should be started as a system service under a non-priveleged
account. There may be other issues with running ppp under other
accounts, but systemd does not require root--or other privileged--access
in order to use the notification feature. Instead the security for this
feature is provided at the process level in that systemd knows which
processes it did and did not start, and which processes those processes
started (ie other processes in the systemd unit's cgroup), as explained
above.
Lubomir Rintel [Mon, 9 Jan 2017 13:34:23 +0000 (13:34 +0000)]
pppoe: include netinet/in.h before linux/in.h
This fixes builds with newer kernels. Basically, <netinet/in.h> needs to be
included before <linux/in.h> otherwise the earlier, unaware of the latter,
tries to redefine symbols and structures. Also, <linux/if_pppox.h> doesn't work
alone anymore, since it pulls the headers in the wrong order, so we better
include <netinet/in.h> early.
Stefan Nickl [Wed, 10 Aug 2016 14:52:12 +0000 (16:52 +0200)]
pppd: Provide error() implementation in pppoe-discovery
The pppoe-discovery program calls error() from the CHECK_ROOM macro
defined in pppoe.h. Since pppoe-discovery is a standalone program not
linked with the rest of pppd, the only way this could build is by
linking to glibc's proprietary error(3) function instead of the function
of the same name (but with different arguments) defined in pppd/utils.c.
So with glibc this builds, but will probably crash when the assertion is
triggered. As the assertion is unlikely to fail, nobody has noticed.
The build however fails with musl libc or uClibc since they don't
provide the doppelganger.
Signed-off-by: Stefan Nickl <Stefan.Nickl@gmail.com>
Paul Mackerras [Tue, 23 Aug 2016 06:10:21 +0000 (16:10 +1000)]
pppd: allow use of arbitrary interface names
This is a modified version of a patch from openSUSE that enables PPP interfaces
to be called arbitrary names, rather than simply pppX where X is the unit
number.
The modifications from the stock openSUSE patch are:
- refresh patch on top of 018_ip-up_option.diff
- fix a printf format-string vulnerability in pppd/main.c:set_ifunit()
- clarify the pppd.8 manpage additions
- patch pppstats/pppstats.c to query renamed interfaces without complaint
Origin: SUSE
Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=458646
Forwarded: no Reviewed-by: Chris Boot <bootc@debian.org> Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
Once we've terminated the PPP session, there is no chance of a PPP layer
disconnect. Some PPPoE relays don't detect the PPP session going down, and
depend on a long timeout or a PPPoE PADT to terminate the session.
Send a PADT on disconnect to work around these buggy relays.
Signed-off-by: Simon Farnsworth <simon@farnz.org.uk>
pppd: Fix sign-extension when displaying bytes in octal
print_string() displays characters as \\%.03o but without first
casting it from "char" to "unsigned char" so it gets sign-extended
to an int. This causes output like \37777777630 instead of \230.
Signed-off-by: Philip A. Prindeville <philipp@redfish-solutions.com>
Natanael Copa [Tue, 3 Jun 2014 08:53:47 +0000 (08:53 +0000)]
pppd: add support for defaultroute-metric option
This allows user to specify the 'metric' (or 'prio') for the default
route set by pppd. This is useful in multi-ISP setups where there
might be more than one default gateway.
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
The current recursive loops do not check the exit status of make
in subdirs which leads to `make` passing even when a subdir failed
to compile or install.
URL: https://bugs.gentoo.org/334727 Signed-off-by: Martin von Gagern <Martin.vGagern@gmx.net> Signed-off-by: Mike Frysinger <vapier@gentoo.org>
Paul Mackerras [Fri, 1 Aug 2014 11:40:18 +0000 (21:40 +1000)]
winbind plugin: Add -DMPPE=1 to eliminate compiler warnings
When compiling the winbind plugin, we need an equivalent definition
of the MPPE symbol to that which applied when the main pppd was
compiled. This adds that to Makefile.linux.
Reported-by: Mike Gilbert <floppym@gentoo.org> Signed-off-by: Paul Mackerras <paulus@samba.org>
Paul Mackerras [Fri, 1 Aug 2014 07:32:15 +0000 (17:32 +1000)]
pppd: Eliminate memory leak with multiple instances of a string option
This eliminates the memory leak which occurs when a user gives the
same string option multiple times. Although the leak is trivial under
normal conditions, the fact that it can be triggered by the user
means that it may be of interest to attackers, so let's plug the leak.
This also means that any o_string option without OPT_STATIC set needs
to have opt->addr pointing to a pointer which starts out NULL. That
is the case for all current uses of o_string.
Paul Mackerras [Fri, 1 Aug 2014 06:05:42 +0000 (16:05 +1000)]
pppd: Eliminate potential integer overflow in option parsing
When we are reading in a word from an options file, we maintain a count
of the length we have seen so far in 'len', which is an int. When len
exceeds MAXWORDLEN - 1 (i.e. 1023) we cease storing characters in the
buffer but we continue to increment len. Since len is an int, it will
wrap around to -2147483648 after it reaches 2147483647. At that point
our test of (len < MAXWORDLEN-1) will succeed and we will start writing
characters to memory again.
This may enable an attacker to overwrite the heap and thereby corrupt
security-relevant variables. For this reason it has been assigned a
CVE identifier, CVE-2014-3158.
This fixes the bug by ceasing to increment len once it reaches MAXWORDLEN.
Reported-by: Lee Campbell <leecam@google.com> Signed-off-by: Paul Mackerras <paulus@samba.org>
Paul Mackerras [Sun, 9 Mar 2014 06:48:07 +0000 (17:48 +1100)]
pppd: Eliminate some unnecessary ifdefs
Since we only support Linux and Solaris these days, statements like:
#if defined(SOL2) || defined(__linux__)
are always true and can be removed, along with anything in the #else
branch of such a #if, and anything within a #if with the inverse
condition. Furthermore, inside a #if !defined(__linux__) we know
that SOL2 must be defined.
Benjamin Cama [Wed, 26 Feb 2014 18:13:40 +0000 (19:13 +0100)]
pppol2tp: Connect up/down events to notifiers and add IPv6 ones
Connect ip up/down events instead of using hooks, and add IPv6 up/down
events notifications too, so that we signal IPv6-only sessions
correctly; otherwise, they may get taken down because the L2TP daemon
has not received any notification.
Signed-off-by: Benjamin Cama <benjamin.cama@telecom-bretagne.eu> Signed-off-by: Paul Mackerras <paulus@samba.org>
Benjamin Cama [Wed, 26 Feb 2014 18:13:39 +0000 (19:13 +0100)]
pppd: Separate IPv6 handling for sifup/sifdown
The current code is buggy regarding handling of link state when using
both IPCP and IPv6CP: if IPv6CP has been set up and if during IPCP
negociation, ipcp_up() fails, it will incorrectly take the interface
down. The simple solution here is to change the platform code to do the
same as on Solaris: separate IPv6CP up/down state handling with sif6up()
and sif6down(), so that we really know when the interface is allowed to
go down.
Signed-off-by: Benjamin Cama <benjamin.cama@telecom-bretagne.eu> Signed-off-by: Paul Mackerras <paulus@samba.org>
with the last two lines repeating until the IPCP error limit is
reached. As you can see, the peer added two extra fields in the
ConfNak reply. This is allowed, and indeed the following sent
ConfReq packet reflects this. However, when the ConfAck packet
is received, pppd discards it as invalid, because of the ms-wins
fields.
Paul Mackerras [Sun, 9 Jun 2013 12:10:47 +0000 (22:10 +1000)]
chat: Fix some text that was intended to be literal
This escapes a \c and adds a .br so that the "$ \c" comes out in the
nroff output, instead of the \c being interpreted as a line continuation.
This seems to be what was intended and makes sense as part of the chat
script fragment.
The function update_db_entry() may only be called if pppdb is not NULL;
unfortunately in one situation it is. Other calls to update_db_entry()
are protected against this, see, e.g., the end of script_setenv().
This is from the Debian pppd patches, and fixes Debian bug 308136
(SEGV in pppd).
Adrian Ban [Wed, 3 Apr 2013 20:19:52 +0000 (23:19 +0300)]
plugins/radius: Handle bindaddr keyword in radiusclient.conf
This adds code to the radius plugin to handle the bindaddr keyword in
/etc/radiusclient/radiusclient.conf, thus allowing the administrator
to specify which local IP address to use when sending packets to the
radius server.
This is very common for setups where the router has multiple
interfaces for upstream and you don't know which connection is active.
In this case sometimes the packet uses the IP of interface 1 and
sometimes uses the IP of interface 2. With this patch (adapted from
radiusclient-ng) you can specify the IP of the loopback address, and
the plugin will bind to that IP and send the packet with a fixed IP
every time.
Slimmed a little bit at James Carlson's suggestion.
Paul Mackerras [Mon, 11 Mar 2013 08:30:21 +0000 (19:30 +1100)]
pppd: Default exit status to EXIT_CONNECT_FAILED during connection phase
The rp-pppoe plugin doesn't set the exit status in its connect
function, resulting in pppd exiting with a status of EXIT_OK (0)
if rp-pppoe fails to connect. This fixes the problem for rp-pppoe
and any other plugins that don't set the exit status explicitly
by making the status default to EXIT_CONNECT_FAILED if the channel's
connect function fails.
Reported-by: Peter Warasin <peter@endian.com> Signed-off-by: Paul Mackerras <paulus@samba.org>
Paul Mackerras [Sat, 2 Mar 2013 09:25:28 +0000 (20:25 +1100)]
pppd: Add master_detach option
This adds a new option, master_detach, to allow pppd to detach from
the controlling terminal when it is the multilink bundle master but
its own link has terminated, even if the nodetach option has been
given.
Requested-by: Stephen Marron <sfm@boxfusion.net> Signed-off-by: Paul Mackerras <paulus@samba.org>
Paul Mackerras [Sun, 3 Feb 2013 10:53:28 +0000 (21:53 +1100)]
chat: Fix *roff errors in the man page
Fixes these errors:
$ nroff -man -ww chat/chat.8
chat/chat.8:227: warning: number register `"' not defined
chat/chat.8:291: warning: macro `'' not defined
chat/chat.8:368: warning: macro `PR' not defined
Patch partly from Debian BTS by Bjarni Ingi Gislason.
Paul Mackerras [Sun, 3 Feb 2013 06:51:12 +0000 (17:51 +1100)]
pppdump: Eliminate some compiler warnings
gcc lacks the -fyes-actually-I-do-know-the-C-operator-precedence-rules
option, so add some parentheses to shut it up. Also remove some unused
variables.
Paul Mackerras [Wed, 23 Jan 2013 11:59:45 +0000 (22:59 +1100)]
pppd: Clarify circumstances where DNS1/DNS2 environment variables are set
Make it clear that the DNS1 and DNS2 environment variables being set
for scripts doesn't depend on whether the usepeerdns option was given,
only on whether the peer provided DNS server addresses.
Reported-by: William McCall Signed-off-by: Paul Mackerras <paulus@samba.org>
Paul Mackerras [Sun, 20 May 2012 07:09:16 +0000 (17:09 +1000)]
pppd: Eliminate some warnings
auth.c: In function ‘start_link’:
auth.c:556:11: warning: variable ‘msg’ set but not used [-Wunused-but-set-variable]
utils.c: In function ‘logit’:
utils.c:655:9: warning: variable ‘n’ set but not used [-Wunused-but-set-variable]
sys-linux.c: In function ‘ether_to_eui64’:
sys-linux.c:2881:9: warning: pointer targets in assignment differ in signedness [-Wpointer-sign]
Paul Mackerras [Sun, 20 May 2012 04:14:55 +0000 (14:14 +1000)]
pppd: Don't crash if crypt() returns NULL
It is possible for crypt() to return NULL under some circumstances,
so we need to check the return value before passing it to strcmp().
If we do get NULL from crypt(), treat it as an authentication failure.
Reported-by: Paul Wouters <pwouters@redhat.com> Signed-off-by: Paul Mackerras <paulus@samba.org>
Paul Mackerras [Sun, 20 May 2012 02:01:48 +0000 (12:01 +1000)]
pppd: Enable IPV6 by default and fix some warnings
Fixes these warnings:
ipv6cp.c: In function ‘ipv6_check_options’:
ipv6cp.c:1106:2: warning: implicit declaration of function ‘ether_to_eui64’ [-Wimplicit-function-declaration]
ipv6cp.c:1133:2: warning: implicit declaration of function ‘exit’ [-Wimplicit-function-declaration]
ipv6cp.c:1133:2: warning: incompatible implicit declaration of built-in function ‘exit’ [enabled by default]
Jason St. John [Fri, 14 Oct 2011 04:08:14 +0000 (00:08 -0400)]
scripts: Make poff ignore extra arguments to pppd
This allows /usr/bin/poff to properly end a /usr/sbin/pppd process
that was started with additional arguments.
The problem with the current poff script is on line 93 where the
output of `ps axw` is piped into grep. The current regular expression
that grep searches for prevents the PID of the specified pppd process
from being found, which results in the script failing to terminate the
pppd process. The output of poff in that case would be the following:
/usr/bin/poff: I could not find a pppd process for provider 'cit-vpn'.
None stopped.
The reason for this is that the " *\$" at the end of the regular
expression does not match the output of the following example from `ps
axw`:
11846 ? Ss 0:00 /usr/sbin/pppd call cit-vpn updetach persist
To resolve this issue, I removed the troublesome part of the regular
expression (" *\$") and now grep can properly match the example output
provided above.
I have tested this using ppp 2.4.5-2 in conjunction with
pptpclient-1.7.2-3 on Arch Linux x86_64.
Deomid Ryabkov [Sat, 31 Mar 2012 04:14:23 +0000 (05:14 +0100)]
pppd: Make MSCHAP-v2 cope better with packet loss
This implements response caching for MSCHAP-v2. It caches our
responses and the responses we expect from the peer. MSCHAP-v2 is
unusual in that the authenticatee's CHAP-Response contains what is
effectively a challenge to the authenticator, and the authenticator's
CHAP-Success packet contains a response to that challenge. Having
the response cache lets us (a) answer challenges consistently and
(b) cope with a CHAP-Success packet that corresponds to one of our
CHAP-Responses that wasn't the last one we sent.
This solves a problem where MSCHAP-v2 does not handle replay/retry
properly. Here's what a typical normal session looks like:
Mar 31 02:47:40 nbm pppd[12895]: rcvd [CHAP Challenge id=0x37 <7ac9de47e66fc440e4b142e28c1a2064>, name = "jeeves"]
Mar 31 02:47:40 nbm pppd[12895]: sent [CHAP Response id=0x37 <12986c68266e0d60e7e0de9c8326073200000000000000005da37272ed71b6743f65bc00f7ae2ca148db9210627b646500>, name = "murka"]
Mar 31 02:47:40 nbm pppd[12895]: rcvd [CHAP Success id=0x37 "S=ED8FB5829C8049C331AAE0C570F63F8B558DEA2C M=Access granted"]
Mar 31 02:47:40 nbm pppd[12895]: CHAP authentication succeeded
however, this breaks down if, for whatever reason - packet loss,
reordering or whatnot - server sends a second challenge that arrives
before the response - it changes client's expectation and the
authentication fails. Here's how it looks in the logs:
Mar 31 02:47:47 nbm pppd[13014]: rcvd [CHAP Challenge id=0x8a <5070251e94455e2155d2cf4d698d23c9>, name = "jeeves"]
Mar 31 02:47:47 nbm pppd[13014]: sent [CHAP Response id=0x8a <14d788f835add58b60d2aff362c183160000000000000000d780f3849076e9e013272f67bcb8c8cfa0e9b51c0fe3ee2100>, name = "murka"]
Mar 31 02:47:48 nbm pppd[13014]: rcvd [CHAP Challenge id=0x8a <5070251e94455e2155d2cf4d698d23c9>, name = "jeeves"]
Mar 31 02:47:48 nbm pppd[13014]: sent [CHAP Response id=0x8a <df950da43b90e235048810469d3283dd0000000000000000ace042b145f5eb9f118349b5672d4829eb5038192050a90b00>, name = "murka"]
Mar 31 02:47:48 nbm pppd[13014]: rcvd [CHAP Success id=0x8a "S=ABAEA4DF5601FADF25F8729455D39BF6D971D501 M=Access granted"]
Mar 31 02:47:48 nbm pppd[13014]: MS-CHAPv2 mutual authentication failed.
Paul Mackerras [Sun, 20 May 2012 06:48:17 +0000 (16:48 +1000)]
Remove old version of Linux if_pppol2tp.h
This has been in the Linux kernel source now for long enough that we
can rely on getting a usable version from /usr/include on all
distributions that we care about. The version we have here had started
to lag behind what is in the Linux kernel, causing compilation errors
due to struct pppol2tpv3_addr being undefined. Removing our local
version means we will use what is in /usr/include instead.
Paul Mackerras [Sun, 6 May 2012 07:32:26 +0000 (17:32 +1000)]
pppd: Don't unconditionally disable VJ compression under Linux
We were always clearing vjcomp if it was set, so VJ header compression
was never getting enabled. This adds a pair of braces so it only gets
disabled if there was an error.
Simon Arlott [Tue, 4 May 2010 19:06:06 +0000 (20:06 +0100)]
rp-pppoe: allow MTU to be increased up to 1500
The ethernet data limit on rp-pppoe has been increased to 1508 to
allow an MTU of 1500 to be used. To prevent problems the interface
MTU is checked and used to lower the configured MTU/MRU.
If MIN(MTU/MRU) is > 1492, PPP-Max-Payload is added to PADI and
PADR. If PPP-Max-Payload is received in PADO or PADS, it will be
used to lower the configured MTU/MRU as required.
The MTU/MRU settings are stored and reloaded whenever a connection
is made, to allow for the peer or interface MTU/MRU to increase if
used with persist option.
Conforming to RFC4638, if no PPP-Max-Payload is received, the
negotiated MRU will be limited to 1492.
James Carlson [Mon, 23 Aug 2010 14:03:07 +0000 (10:03 -0400)]
Fix quote handling in configuration files to be more like shell quoting.
The specific case that confused a user was:
ROUTES="216.220.192.0/20 10.0.100.0/24"
which was interpreted as two separate words, merely because the first quote
mark was in the middle of a word.
Paul Mackerras [Sun, 7 Mar 2010 05:54:00 +0000 (16:54 +1100)]
rp_pppoe: Copy acName and pppd_pppoe_service after option parsing
At present, the access concentrator name (acName) and service name
(pppd_pppoe_service) are set by option parsing, but are used at the
point of PPPOEInitDevice(), which gets called when the ethernet
device name is seen. So if the rp_pppoe_service or rp_pppoe_ac
options appear after the device name, they are ignored.
This fixes it by using acName and pppd_pppoe_service in
PPPOEConnectDevice, which gets called after all options have been
parsed.
Paul Mackerras [Sun, 7 Mar 2010 04:21:38 +0000 (15:21 +1100)]
pppd: Terminate correctly if lcp_lowerup delayed calling fsm_lowerup
Cameron Hutchison noticed that if pppd gets asked to terminate the
link in the period between when lcp_lowerup() is called and when
fsm_lowerup() is called from lcp_delayed_up() (i.e. when listen_time
is non-zero), pppd never exits.
The reason is that lcp_close() doesn't handle the delayed-up case
properly. Since the FSM is still in STOPPED state, we don't call
lcp_finished() and therefore never exit the main event loop.
This fixes it by handling the delayed-up case in lcp_close() as if
we had done the lowerup but the OPT_SILENT bit was set. We use the
silent case because we don't want to actually send a configure-request
at this point.
Paul Mackerras [Sun, 15 Nov 2009 06:08:20 +0000 (17:08 +1100)]
Specify the device name on the default route deletion
Some users have reported that pppd will delete a default route
through another device, for example if they bring up a ppp connection
with default route, then bring up an ethernet interface and set a
default route through that, then take down the ppp connection.
This fixes it, for Linux at least, by specifying the device name on
the default route deletion ioctl, which means that the kernel will
only delete default routes through that device.
Paul Mackerras [Fri, 23 Oct 2009 01:17:11 +0000 (12:17 +1100)]
Increase default IPCP Conf-Nak limit
Some 3G modems use IPCP Conf-Naks with the same values as we requested
as a way to delay the negotiation until they have contacted a server
over their radio network. This increases the default value for the
ipcp-max-failure option from 5 to 100 so that we don't give up too
easily when this is happening.
projects / ppp.git / log