Paul Mackerras [Wed, 18 Sep 2024 01:57:45 +0000 (11:57 +1000)]
chat: Add copyright notice
This adds a copyright notice in my name with MIT licence permissions
to this file. The reason is primarily to provide a concrete statement
of permission to use, copy, modify and distribute the program, for the
sake of those who are uncertain about meaning of the public domain.
See for example https://github.com/ppp-project/ppp/issues/474 .
Given that I have maintained this program for 25 years, it seems
reasonable for it to be my copyright on it.
Paul Mackerras [Sat, 14 Sep 2024 03:31:56 +0000 (13:31 +1000)]
Don't overwrite configuration files in <sysconfdir>/ppp (#518)
This renames the configuration files in etc.ppp/ to have ".example"
on the end of their names. This is so that when they are copied to
<sysconfdir>/ppp (often /etc/ppp), they don't overwrite existing
pppd configuration files, and it is clear that they are just examples.
Paul Mackerras [Thu, 12 Sep 2024 03:57:50 +0000 (13:57 +1000)]
Remove Solaris module code (#515)
This code has not been updated for a long time, and nominally targets
an OS whose owner (Oracle) has all but abandoned. It includes
zlib code which has CVEs against it, and it is unknown whether any
of them would be exploitable in this context.
Illumos, which is an OpenSolaris fork, has forked Solaris-native
drivers, which should probably work with the user-space pppd code
here.
Tomas Paukrt [Tue, 10 Sep 2024 10:15:29 +0000 (12:15 +0200)]
pppd: Add pap-secrets and chap-secrets options (#513)
These options allow a user to specify paths to pap-secrets and chap-secrets files,
which is useful when running multiple instances of pppd that may use the same
username but with different passwords (e.g. running multiple PPTP tunnels).
Signed-off-by: Tomas Paukrt <tomaspaukrt@email.cz>
Tomas Paukrt [Tue, 10 Sep 2024 10:14:57 +0000 (12:14 +0200)]
pppd: Add noresolvconf option (#512)
This option allows a user to specify that they do not want to
create the /etc/ppp/resolv.conf file with the DNS server addresses.
This can be useful when running on a read-only root filesystem.
Signed-off-by: Tomas Paukrt <tomaspaukrt@email.cz>
Tomas Paukrt [Tue, 10 Sep 2024 10:13:59 +0000 (12:13 +0200)]
pppd: Add ip-pre-up-script option (#510)
This option allows a user to specify the path to the script
usually located at /etc/ppp/ip-pre-up, similarly to the
existing ip-up-script and ip-down-script options.
Signed-off-by: Tomas Paukrt <tomaspaukrt@email.cz>
pppd: Fix reliability of print_link_stats (with option persist) (#505)
* pppd/ipcp.c: (ipcp_down): fix comment
* pppd/main.c: (reset_link_stats): reset print_link_stats to 1, set
start_time even if get_ppp_stats fails.
This is an attempt to fix the problem noted in the linux-ppp mailing list on
mar-26-2024 and may-03-2024 under the subject "ppp-2.5.0 sometimes doesn't
print stats on terminating on signal 2"
The sent/recv log messages were being lost, especially with the persist option.
This seems to be an oversight during reorg in commit ba7f7e0 "Header file
reorganization and cleaning up the public API for pppd version 2.5.0 (#379)"
around the repurposing of the link_stats_valid variable as link_stats_print.
It also fixes a stray reference to the old variable in a comment.
Tomas Paukrt [Mon, 9 Sep 2024 16:46:48 +0000 (18:46 +0200)]
pppd: Add net-init-script, net-pre-up-script and net-down-script options
These options allow a user to specify paths to scripts usually located
at /etc/ppp/net-init, /etc/ppp/net-pre-up and /etc/ppp/net-down,
similarly to the existing ip-up-script and ip-down-script options.
Signed-off-by: Tomas Paukrt <tomaspaukrt@email.cz>
Paul Mackerras [Tue, 20 Aug 2024 10:27:31 +0000 (20:27 +1000)]
plugins/pppoatm: Restructure code to avoid possibility of integer overflow
This avoids the theoretical possibility of integer overflow in
adding a constant before dividing in order to get the effect of
rounding up. Instead we divide and add 1 if the original value modulo
the divisor is non-zero.
Paul Mackerras [Tue, 20 Aug 2024 08:21:47 +0000 (18:21 +1000)]
pppd: Widen types in ipcp_reqci
The reason is to avoid a theoretically possible overflow of cilen.
Using u_int32_t rather than u_short probably generates better code
on many machines anyway. Also change l from int to unsigned so as
to avoid any possibility of integer overflow.
Paul Mackerras [Tue, 20 Aug 2024 07:29:16 +0000 (17:29 +1000)]
pppd: Make sure we don't return an initialized CHAP Response length
If anything goes wrong in preparing a CHAP Response, return a 0-length
response instead of leaving the length field uninitialized. Also
print a warning message to say that something went wrong.
Paul Mackerras [Tue, 20 Aug 2024 07:24:34 +0000 (17:24 +1000)]
pppdump: Remove support for decompressing compressed packets
This simplifies the code and reduces its attack surface, in response
to some deficiencies being found in the zlib code. This should be OK
since probably no-one uses compression on PPP links any more, and in
any case, the code still exists in git if anyone wants it.
Paul Mackerras [Sat, 17 Aug 2024 10:43:25 +0000 (20:43 +1000)]
pppd: Fix auth_number() to handle wildcards correctly
Previously auth_number treated all entries in the permitted_numbers
list as if they were wildcards, i.e., as ending in '*', even if there
was no '*'. This fixes it to only treat entries ending in '*' as
wildcards; without the '*', remote_number has to match the whole entry
exactly.
Paul Mackerras [Wed, 1 May 2024 10:43:58 +0000 (20:43 +1000)]
plugins/pppoe: Export AC name to scripts via an environment variable
This saves the access concentrator (AC) name supplied by the AC in the
PADO packet and creates an environment variable called "ACNAME" with
the name as its value for scripts to use if desired.
This was inspired by a pull request from "bearmi" on github, but
reimplemented somewhat differently by me.
Paul Mackerras [Sun, 28 Apr 2024 23:55:05 +0000 (09:55 +1000)]
plugins/pppoe: Use value from pppoe-padi-* options
Reading the values of pppoe_padi_timeout and pppoe_padi_attempts in
PPPOEInitDevice() means that they get sampled when the parsing the
ethernet device name. If the user provides the pppoe-padi-attempts or
pppoe-padi-timeout option after the ethernet device name, the value
given is effectively ignored.
Instead, read those variables in pppoe_check_options, which is called
after all options have been parsed, so that any user-specified values
don't get missed.
plugins/pppoe: Remove 5 second delay before PADR in verbose mode
This partially reverts commit 1c082acf77e6 ("pppoe: Show verbose
information about all concentrator when pppoe-verbose option is set",
2021-01-01). That commit added a 5-second wait between receiving a
valid PADO and sending the PADR response so as to give time to see
whether any other PADOs arrive. However, it appears that this delay
causes problems with some concentrators.
This reverts to the previous behaviour of sending the PADR
immediately.
Mike Gilbert [Fri, 26 Apr 2024 09:10:16 +0000 (05:10 -0400)]
Use pkg-config to detect PAM when possible (#479)
This fixes a link error on Gentoo Linux by not putting -L/usr/lib in the
link command on 64-bit systems. The correct path is -L/usr/lib64, and
this is the default path used by GCC and clang.
Users may override pkg-config by setting PAM_CFLAGS and PAM_LDFLAGS in
the environment before calling configure. This is standard behavior for
the PKG_CHECK_MODULES macro.
The legacy detection logic is maintained when a path is given as an
argument to --with-pam. Note that this logic is broken when libdir is
not "lib".
Paul Mackerras [Mon, 22 Apr 2024 22:35:03 +0000 (08:35 +1000)]
Makefile.am: Add explicit openssl directory to pppd include path
When configured with an explicit (non-default) path to the openssl
libraries, we need to add an appropriate -I option when compiling pppd
code so that it can find the openssl header files.
Samuel Thibault [Tue, 13 Feb 2024 09:36:08 +0000 (10:36 +0100)]
pppd: Restore adding a default route with different metric (#472)
For instance, when using a ppp link as backup link, one would want to
add a default route on the ppp link, in *addition* to the existing
default route.
d0ccb87156c2 ("pppd: Add replacedefaultroute option (#200)") however broke
this case: sifdefaultroute was not passing the metric to
defaultroute_exists any more. This commit restores this case.
Fixes #357
Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Paul Mackerras [Thu, 11 Jan 2024 09:38:08 +0000 (20:38 +1100)]
pppoe: Fix sending of PADT on connection termination (#470)
Commit 2b4166d02ed0 ("Close discovery socket after session completed",
2020-11-26) arranged for the discovery socket to be closed when the
PPPOE session negotiation was complete. However, the discovery socket
is used for sending a PADT message when the connection terminates, and
now that doesn't work because the socket has been closed.
To fix this, we reopen the discovery socket in order to send the PADT
message.
Paul Mackerras [Mon, 1 Jan 2024 08:24:34 +0000 (19:24 +1100)]
pppd: Rework use of volatile in lcp-rtt code to eliminate warnings (#469)
To eliminate the warnings, the lcp_rtt_buffer variable no longer
points to volatile, and instead accesses are made using 'ring_header'
local variables, which do point to volatile, and contain the same
address.
Switched to the latest version of the Solaris GitHub Action that now uses Qemu
and libvirt on an Ubuntu runner instead of VirtualBox on a macOS runner.
Paul Mackerras [Thu, 9 Nov 2023 06:20:36 +0000 (17:20 +1100)]
Remove <linux/if_ppp.h> and <net/if_ppp.h> headers
The if_ppp.h headers are redundant; all the relevant definitions are
now in ppp_defs.h, ppp-ioctl.h for Linux (which comes from the kernel
headers via the C library) and pppio.h for Solaris.
Paul Mackerras [Wed, 8 Nov 2023 05:54:40 +0000 (16:54 +1100)]
pppoe: Fail if ethernet interface name is too long
If the name of the ethernet interface is longer than can fit in the
relevant structure used for system calls, generate an error rather
than using a truncated interface name.
Brahmajit Das [Thu, 2 Nov 2023 05:56:18 +0000 (11:26 +0530)]
Fix linking error with lld linkers (#438)
When using lld linker, build fails with
ld.lld: error: /usr/lib/gcc/x86_64-pc-linux-gnu/12/../../../../lib64/Scrt1.o is incompatible with elf32-i386
ld.lld: error: /usr/lib/gcc/x86_64-pc-linux-gnu/12/../../../../lib64/crti.o is incompatible with elf32-i386
ld.lld: error: /usr/lib/llvm/16/bin/../../../../lib/clang/16/lib/linux
The fix is to check pkg-config first, and not force manual -L /usr/lib.
If pkg-config succeeded, then we don't bother with -L /usr/lib
Our guess is this what the actual intention was based upon the coments
if pkg-config is installed and openssl has installed a .pc file,
then use that information and don't search ssldirs
First found on gentoo linux with llvm profile, please check out Bug:
section of the commit for more info and a complete build log.
Bug: https://bugs.gentoo.org/905442
Signed-off-by: Brahmajit Das <brahmajit.xyz@gmail.com> Co-authored-by: Sam James <sam@gentoo.org>
Jaco Kroon [Tue, 31 Oct 2023 09:47:21 +0000 (11:47 +0200)]
pppd/sys-linux: Fix compile with older Linux kernel headers (#452)
When compiling pppd against kernel headers which don't provide
the definitions for the NETLINK mechanisms, leave out the code
which uses NETLINK, so as to avoid getting compile errors.
Upstream commit in Linux refers.
commit 10c9ead9f3c6bb24bddc9a96681f7d58e6623966
Author: Roopa Prabhu <roopa@cumulusnetworks.com>
Date: Wed Apr 20 08:43:43 2016 -0700
rtnetlink: add new RTM_GETSTATS message to dump link stats
This commit adds the #defines and structs used, so simply not compiling
this code if the required #defines isn't there should solve the problem.
Jaco Kroon [Thu, 26 Oct 2023 09:52:27 +0000 (11:52 +0200)]
plugins/radius: fix segfault during shutdown. (#455)
ppp_get_ifname() is the wrong thing to use in this slprintf call as
it returns an int which is the length of the interface name, not
a pointer to the interface name, which is what ppp_ifname()
returns.
Runtime dir changed from /run to /run/pppd in commit 66a8c74c3f73 ("Let
./configure control the paths for pppd") and is likely to not exist on
some distros, in which case the pppdb will not be created.
See: #419 (lock directory moved in ppp-2.5.0) Signed-off-by: Dominique Martinet <dominique.martinet@atmark-techno.com>
lock dir changed on linux from /var/lock to /run/pppd/lock with
pppd-2.5.0, which makes pppd fail to start if the distribution does not
pre-create the directory.
This reverts it back to /var/lock.
The paths for other OS should be identical as LOCALSTATEDIR should be
/var, but also revert them back as well just in case.
Since the variable is no longer used remove it from makefiles.
Fixes: 66a8c74c3f73 ("Let ./configure control the paths for pppd") Fixes: #419 Signed-off-by: Dominique Martinet <dominique.martinet@atmark-techno.com> Co-authored-by: Dominique Martinet <dominique.martinet@atmark-techno.com>
pppd: implement net-init, net-pre-up and net-down.
net-init executes as a blocking script directly after the unit number
becomes available. This can be used to initialise aspects related to
the ppp connection that lives outside of the ppp connection. It can
also be used to clean up (in the author's extremely unlikely case) where
a previous pppd crashed, and net-down didn't execute in order to clean
up.
net-pre-up executes as a blocking script after auth, prior to NCPs being
negotiated. Unlike ip-pre-up this is guaranteed to execute prior to the
interface being brought up, and can be used in an NCP agnostic manner to
pre-initialise aspects of the interface for which it still needs to be
down (amongst others it's recommended that firewall changes happen
here).
net-down executes in a non-blocking manner just prior to pppd
terminating and can be used to clean up actions from previous scripts.
You will notice that I mention ip-pre-up doesn't gaurantee that the
interface will still be down, this is because in a Linux world all
protocols runs on the same interface, compared to solaris where I'm
informed each protocol runs on it's own sub-interface, each of which has
it's own operational state. The man page for pppd has also been
adjusted to indicate as much.
Marco d'Itri [Thu, 28 Sep 2023 01:12:36 +0000 (03:12 +0200)]
Escape all minus characters in the man pages (#449)
From man-pages(7):
Where a real minus character is required (e.g., for numbers such as -1,
for man page cross references such as utf-8(7), or when writing options
that have a leading dash, such as in ls -l), use the following form in
the man page source:
Marco d'Itri [Sun, 7 May 2023 15:56:43 +0000 (17:56 +0200)]
implement logging the LCP RTT
This change adds the lcp-rtt-file configuration option, which instructs
pppd to add a timestamp to the data section of each LCP echo request
frame and then log their round-trip time and any detected packet loss
to a circular buffer in that file.
Other programs then can asynchronously read the file and report
statistics about the line.
Eivind Næss [Fri, 4 Aug 2023 06:18:09 +0000 (23:18 -0700)]
pppd: Fix compilation with openssl disabled (#431)
If openssl is disabled at configure time but microsoft extensions are enabled,
we get a compilation error due to an unnecessary include in crypto_ms.c.
This removes the unnecessary include. With this, pppd compiles without
openssl as long as you add the following arguments to the configure script
invocation:
Mike Gilbert [Thu, 3 Aug 2023 08:57:23 +0000 (04:57 -0400)]
passwordfd: read password during option processing (#420)
When configured to detach from the controlling terminal, pppd closes
file descriptors 0, 1, and 2 before the passwd hook is called. If the
user passes 0, 1, or 2 to the passwordfd option, pppd will fail to read
the password.
To work around this, treat passwordfd as a special option and read the
password during option processing, before pppd closes it.
Paul Mackerras [Sat, 18 Mar 2023 07:14:04 +0000 (18:14 +1100)]
radius: Fix list traversal in rc_avpair_insert
In rc_avpair_insert, if the list element "p" is non-NULL but not
actually in the list "a", we can end up with this_node being NULL and
being dereferenced.
By changing the while test to this_node->next we avoid having
this_node being NULL; the loop will terminate when this_node == p or
this_node->next == NULL, which is what we want.
Paul Mackerras [Sat, 18 Mar 2023 06:32:20 +0000 (17:32 +1100)]
pppdump: Remove compression functions from local copy of zlib
They aren't used (pppdump only needs decompression), and removing the
unused code avoids getting reports from automated tools about possible
errors in the unused code.
Eivind Næss [Thu, 9 Mar 2023 23:59:19 +0000 (23:59 +0000)]
Additional fixes for broken build
This change fixes the build when
- ./configure is run with --disable-plugins
- ./configure is run with --disable-peap --disable-eaptls
--disable-microsoft-extensions
The latter disables the MPPE encryption too, but <pppd/crypto.h> is
still needed.
projects / ppp.git / log