Paul Mackerras [Mon, 3 Mar 2003 05:11:46 +0000 (05:11 +0000)]
A bunch of fixes mostly aimed at fixing the problems we have been
having with leaking fds and with fatal errors occurring when the link
goes down.
Updated patchlevel.h to 2.4.2b2.
Moved open of /dev/ppp to generic_establish_ppp; we now close the
ppp_dev_fd in generic_disestablish_ppp rather than trying to use
PPPIOCDETACH.
*_send_config and *_recv_config now return 0 for success or -1 for
error, rather than calling fatal() when an error occurs.
Added a notifier for when we fork so plugins can close their fds in
the child.
Added a safe_fork() which does a fork and then closes stuff in the
child; the parent waits until the child has done that.
On detach, the parent rewrites the pid files rather than the child,
and the child waits for the parent to die.
Fixed some potential FILE * leaks.
Also moved auth_number() check into auth_check_options.
Frank Cusack [Mon, 24 Feb 2003 12:46:37 +0000 (12:46 +0000)]
device_script(): fix our close() action for the case where in or out <= 2;
also don't leak [the original fd of] a dup()'d log_to_fd, when log_to_fd
is > 2.
Frank Cusack [Tue, 24 Dec 2002 00:34:13 +0000 (00:34 +0000)]
Improve MPPE rejection logic.
When doing MPPE, if the peer doesn't agree to it, we need to terminate
LCP. Older win* clients request Stac/LZS along with MPPE (because
MPPE overloads MPPC ... sigh). So if sending CONFREJ, we would keep
LCP up if we saw a CI_MPPE *at all*, because the CONFREJ may may have
been due to the Stac/LZS option. Now, we only keep LCP up if the MPPE
offer is acceptable.
Thanks to James Cameron for showing this problem in action.
Paul Mackerras [Fri, 6 Dec 2002 12:06:45 +0000 (12:06 +0000)]
Make sure we don't do FD_SET(fd, set) with fd >= FD_SETSIZE since
that could corrupt memory, and maybe could form the basis of an
attack on pppd. The problem was pointed out by Jun-ichiro itojun
Hagino.
Paul Mackerras [Fri, 6 Dec 2002 12:03:44 +0000 (12:03 +0000)]
More copyright updates. The new CMU copyright notice is from CMU and
now explicitly allows modifications. I have an acknowledgement from
ANU that the work I have done on pppd belongs to me and not to ANU,
so I have changed the ANU copyright notices to reflect this.
Paul Mackerras [Fri, 6 Dec 2002 09:49:16 +0000 (09:49 +0000)]
More copyright updates. The new CMU copyright notice is from CMU and
now explicitly allows modifications. I have an acknowledgement from
ANU that the work I have done on pppd belongs to me and not to ANU,
so I have changed the ANU copyright notices to reflect this.
Paul Mackerras [Wed, 4 Dec 2002 23:03:33 +0000 (23:03 +0000)]
Update copyrights. The new CMU copyright notice is from CMU and now
explicitly allows modifications. I have an acknowledgement from ANU
that the work I have done on pppd belongs to me and not to ANU, so I
have changed the ANU copyright notices to reflect this. I have emails
from Pedro Roque Marques, Tommi Komulainen and Eric Rosenquist giving
me permission to change their copyright notices to be similar to the
CMU notice.
Frank Cusack [Wed, 13 Nov 2002 18:19:26 +0000 (18:19 +0000)]
add rc_avpair_copy() and use it when sending user-specified av's. This
fixes a bug with a dangling pointer. Thanks to Peter Kjellerstedt for
the report and suggested fix.
James Carlson [Sat, 2 Nov 2002 19:48:13 +0000 (19:48 +0000)]
Added EAP support with MD5-Challenge and SRP-SHA1 methods. Tested
on Linux (with both methods) and on Solaris (just MD5-Challenge).
Fixed several Makefiles that were missing references to required
modules such as tty.o.
Frank Cusack [Sun, 27 Oct 2002 11:46:24 +0000 (11:46 +0000)]
ccp_addci(): Restore behavior of only testing kernel support for the first
compression method being offered. That way the kernel will actually use
the method being offered ...
Frank Cusack [Sat, 12 Oct 2002 02:30:21 +0000 (02:30 +0000)]
Log calling number failed authorization at warn instead of error, to be
consistent with chap/pap failed authentication log level. (And it doesn't
merit "error".)
Frank Cusack [Sat, 12 Oct 2002 01:28:05 +0000 (01:28 +0000)]
- more authentication logging uniformity
. remove duplicate logging from auth.c, now in upap.c
. auth success logs at info, auth fail at warn, auth with_peer fail at error
- add remote number checks after authentication in case a plugin modifies
authorization info
- log remote number on successful/no auth
- streamline null termination of remote name for logging
Frank Cusack [Thu, 10 Oct 2002 05:47:34 +0000 (05:47 +0000)]
Add 'remotenumber' and 'allow-number' options, for CNID purposes.
In practice, the admin can configure allow-number settings, and getty
or other programs can call ppp with the remotenumber option. remotenumber
is also available to plugins; for example the radius plugin will pass this
on as the Calling-Station-Id attribute and the radius server can make an
authentication decision based on that.
Frank Cusack [Tue, 1 Oct 2002 09:51:01 +0000 (09:51 +0000)]
Send NAS-Identifier attribute instead of NAS-IP-Address, if configured.
Set some reasonable defaults for various options, if not supplied.
Patch from Ben McKeegan.
Frank Cusack [Tue, 24 Sep 2002 11:35:22 +0000 (11:35 +0000)]
Lose the poorly thought out OPT_A3OR option flag. Fix a CHAP negotiation bug
along the way -- if the peer nak'd with an chap digest we didn't support, we
would continue to offer our first choice digest.
Frank Cusack [Thu, 12 Sep 2002 05:41:49 +0000 (05:41 +0000)]
Add support for radius Class attribute. Possibly broken if chap is set to
re-authenticate and the radius server decides to change or add the Class
attribute on a subsequent (non-initial) authentication, but no more broken
than not handling it at all.
James Carlson [Mon, 9 Sep 2002 04:19:57 +0000 (04:19 +0000)]
484: make IPCP put all options in increasing numeric order in all cases.
Also fixed unrelated problem found during testing: the reqci handling
for the deprecated IP-Addresses option was setting go->ouraddr rather
than wo->ouraddr. This caused us to get confused about the meaning of
any subsequent Configure-{Ack,Reject} from the peer, since it made it
look as though the option was illegally modified by the peer.
James Carlson [Sat, 7 Sep 2002 05:15:25 +0000 (05:15 +0000)]
Added ability to detect and use either gcc or Sun WorkShop C compiler
on Solaris. Added support for Solaris 10. Quieted down warning in
ppp_comp.c due to bad preprocessor usage. Quieted WorkShop warnings
in options.c (casting of void * to function) and pppd.h (constant too
large). Tested in 32 and 64 bit modes with gcc and WorkShop.
make Octets-Direction flag accept value=4.
For NAS - it same as Octets-Direction = Maximum (3)
but on radius side maximum can be computed as
maximum in/out overal or per session/day/month/year...
David F. Skoll [Mon, 24 Jun 2002 12:57:15 +0000 (12:57 +0000)]
Patches from Frank Cusack:
- Avoid infinite loop (eventually running out of stack space) when doing
callback into ccp with MPPE enabled, by updating lcp_fsm state *before*
doing callbacks. Problem noted by Rustem Yumaev <rust@vostok-inc.com>.
- Add missing accounting attributes
- Update for newer automake; required to compile on RH 7.3
David F. Skoll [Mon, 10 Jun 2002 13:46:28 +0000 (13:46 +0000)]
Added "install-devel" Makefile target to install pppd headers required to
build pppd plugins. NOTE: Only works on Linux Makefiles; must be added for
other supported OS's.