From: Paul Mackerras Date: Mon, 22 Apr 2024 22:35:03 +0000 (+1000) Subject: Makefile.am: Add explicit openssl directory to pppd include path X-Git-Url: https://git.ozlabs.org/?p=ppp.git;a=commitdiff_plain;h=HEAD;hp=33e8c95bf873cdce5ff2e2b4d8a76bdae792c699 Makefile.am: Add explicit openssl directory to pppd include path When configured with an explicit (non-default) path to the openssl libraries, we need to add an appropriate -I option when compiling pppd code so that it can find the openssl header files. Signed-off-by: Paul Mackerras --- diff --git a/.github/workflows/buildroot.yaml b/.github/workflows/buildroot.yaml index a131f94..4353069 100644 --- a/.github/workflows/buildroot.yaml +++ b/.github/workflows/buildroot.yaml @@ -4,21 +4,33 @@ on: [push, pull_request] jobs: buildroot: name: Buildroot - runs-on: ubuntu-20.04 + runs-on: ubuntu-latest strategy: matrix: - defconfig_name: [qemu_x86_defconfig, qemu_x86_64_defconfig, raspberrypi4_defconfig, raspberrypi4_64_defconfig, qemu_ppc64le_pseries_defconfig, qemu_mips32r2_malta_defconfig, qemu_mips64_malta_defconfig] - libc_name: [glibc, uclibc, musl] + defconfig_name: + - qemu_x86_defconfig + - qemu_x86_64_defconfig + - raspberrypi4_defconfig + - raspberrypi4_64_defconfig + - qemu_ppc64le_pseries_defconfig + - qemu_mips32r2_malta_defconfig + - qemu_mips64_malta_defconfig + - qemu_riscv32_virt_defconfig + - qemu_riscv64_virt_defconfig + libc_name: + - glibc + - uclibc + - musl env: - PPP_CI_VERSION: v1.0 + CI_VERSION: v1.1 BUILDROOT_DIRECTORY_NAME: buildroot-${{ matrix.defconfig_name }}-${{ matrix.libc_name }} steps: - - name: Retrieve prebuilt Buildroot image... + - name: Retrieve the prebuilt Buildroot image working-directory: /home/runner run: | - wget https://github.com/ppp-project/ppp-ci/releases/download/${{ env.PPP_CI_VERSION }}/${{ env.BUILDROOT_DIRECTORY_NAME }}.tar.zst - tar -xf ${{ env.BUILDROOT_DIRECTORY_NAME }}.tar.zst - - name: Select latest PPP upstream version + wget https://github.com/ppp-project/ppp-ci/releases/download/${{ env.CI_VERSION }}/${{ env.BUILDROOT_DIRECTORY_NAME }}.tar.zst + tar --zstd --strip-components=2 -xf ${{ env.BUILDROOT_DIRECTORY_NAME }}.tar.zst + - name: Select the latest PPP upstream version working-directory: /home/runner/${{ env.BUILDROOT_DIRECTORY_NAME }}/package/pppd run: | # Get package sources from head of current branch diff --git a/.github/workflows/solaris.yaml b/.github/workflows/solaris.yaml index 9ede782..8d1f448 100644 --- a/.github/workflows/solaris.yaml +++ b/.github/workflows/solaris.yaml @@ -3,16 +3,15 @@ on: [push, pull_request] jobs: solaris: - runs-on: macos-10.15 + runs-on: ubuntu-22.04 steps: - name: Checkout PPP sources - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Build - uses: vmactions/solaris-vm@v0.0.4 + uses: vmactions/solaris-vm@v1.0.2 with: + release: "11.4-gcc" run: | - pkg update - pkg install gcc automake autoconf libtool ./autogen.sh CFLAGS="-Wno-deprecated-declarations" make make install diff --git a/.github/workflows/ubuntu.yaml b/.github/workflows/ubuntu.yaml index 028193b..a678ebc 100644 --- a/.github/workflows/ubuntu.yaml +++ b/.github/workflows/ubuntu.yaml @@ -5,13 +5,17 @@ jobs: build_and_test: runs-on: ubuntu-latest env: - configure_flags: --enable-ipxcp --enable-multilink + configure_flags: --enable-multilink --enable-systemd --enable-cbcp steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: install required packages - run: sudo DEBIAN_FRONTEND=noninteractive apt-get -y -qq install build-essential autoconf automake pkg-config libtool m4 autoconf-archive libssl-dev libatm1-dev libpcap-dev + run: | + sudo DEBIAN_FRONTEND=noninteractive apt-get -y -qq update + sudo DEBIAN_FRONTEND=noninteractive apt-get -y -qq install \ + build-essential autoconf automake pkg-config libtool m4 autoconf-archive \ + libssl-dev libatm1-dev libpcap-dev libsystemd-dev libpam0g-dev - name: configure run: ./autogen.sh ${{ env.configure_flags }} @@ -19,5 +23,38 @@ jobs: - name: build run: make V=1 CFLAGS="-O2 -g -Wno-unused-result" + - name: run auto tests + run: VERBOSE=true make check + - name: distcheck run: make distcheck DISTCHECK_CONFIGURE_FLAGS="${{ env.configure_flags }}" + + build_and_test_asan: + runs-on: ubuntu-latest + env: + configure_flags: --enable-multilink --enable-systemd --enable-cbcp + CFLAGS: '-fsanitize=address -ggdb' + LDFLAGS: '-fsanitize=address' + + steps: + - uses: actions/checkout@v3 + + - name: install required packages + run: | + sudo DEBIAN_FRONTEND=noninteractive apt-get -y -qq update + sudo DEBIAN_FRONTEND=noninteractive apt-get -y -qq install \ + build-essential autoconf automake pkg-config libtool m4 autoconf-archive \ + libssl-dev libatm1-dev libpcap-dev libsystemd-dev libpam0g-dev + + - name: configure + run: ./autogen.sh ${{ env.configure_flags }} + + - name: build + run: make V=1 CFLAGS="-O2 -g -Wno-unused-result" + + - name: run auto tests + run: VERBOSE=true make check + + - name: distcheck + run: make distcheck DISTCHECK_CONFIGURE_FLAGS="${{ env.configure_flags }}" + diff --git a/AUTHORS b/AUTHORS index ff1a48f..8efb380 100644 --- a/AUTHORS +++ b/AUTHORS @@ -2,6 +2,6 @@ The pppd Project https://github.com/ppp-project/ppp Primary Author of this package: -Linux Paul Mackerras +Linux Paul Mackerras Solaris James Carlson diff --git a/Changes-2.4 b/Changes-2.4 new file mode 100644 index 0000000..c2d0939 --- /dev/null +++ b/Changes-2.4 @@ -0,0 +1,275 @@ +What's new in ppp-2.4.9. +************************ + +* Support for new EAP (Extensible Authentication Protocol) methods: + - Support for EAP-TLS, from Jan Just Keijser and others + - Support for EAP-MSCHAPv2, from Eivind Næss, Thomas Omerzu, Tijs + Van Buggenhout and others + +* New pppd options: + - chap-timeout + - chapms-strip-domain + - replacedefaultroute + - noreplacedefaultroute + - ipv6cp-accept-remote + - lcp-echo-adaptive + - ip-up-script + - ip-down-script + - ca + - capath + - cert + - key + - crl-dir + - crl + - max-tls-version + - need-peer-eap + +* Fixes for CVE-2020-8597 and CVE-2015-3310. + +* libpcap is now required when compiling on Linux (previously, if + libpcap was not present, pppd would be compiled without packet + filtering support). + +* The rp-pppoe plugin has been renamed to pppoe, to distinguish it + from the upstream rp-pppoe code. Its options have changed names, + but the old names are kept as aliases. + +* The configure script now supports cross-compilation. + +* Many bug fixes and cleanups. + + +What was new in ppp-2.4.8. +************************** + +* New pppd options have been added: + - ifname, to set the name for the PPP interface device + - defaultroute-metric, to set the metric for the default route + - defaultroute6, to add an IPv6 default route (with nodefaultroute6 + to prevent adding an IPv6 default route) + - up_sdnotify, to have pppd notify systemd when the link is up. + +* The rp-pppoe plugin has new options: + - host-uniq, to set the Host-Uniq value to send + - pppoe-padi-timeout, to set the timeout for discovery packets + - pppoe-padi-attempts, to set the number of discovery attempts. + +* Added the CLASS attribute in radius packets. + +* Sundry bug fixes. + +* Fixed warnings and issues found by static analysis. + +* Added Submitting-patches.md. + + +What was new in ppp-2.4.7. +************************** + +* Fixed a potential security issue in parsing option files (CVE-2014-3158). + +* There is a new "stop-bits" option, which takes an argument of 1 or 2, + indicating the number of stop bits to use for async serial ports. + +* Various bug fixes. + + +What was new in ppp-2.4.6. +************************** + +* Man page updates. + +* Several bug fixes. + +* Options files can now set and unset environment variables for + scripts. + +* The timeout for chat scripts can now be taken from an environment + variable. + +* There is a new option, master_detach, which allows pppd to detach + from the controlling terminal when it is the multilink bundle master + but its own link has terminated, even if the nodetach option has + been given. + + +What was new in ppp-2.4.5. +************************** + +* Under Linux, pppd can now operate in a mode where it doesn't request + the peer's IP address, as some peers refuse to supply an IP address. + Since Linux supports device routes as well as gateway routes, it's + possible to have no remote IP address assigned to the ppp interface + and still route traffic over it. + +* Pppd now works better with 3G modems that do strange things such as + sending IPCP Configure-Naks with the same values over and over again. + +* The PPP over L2TP plugin is included, which works with the pppol2tp + PPP channel code in the Linux kernel. This allows pppd to be used + to set up tunnels using the Layer 2 Tunneling Protocol. + +* A new 'enable-session' option has been added, which enables session + accounting via PAM or wtwp/wtmpx, as appropriate. See the pppd man + page for details. + +* Several bugs have been fixed. + + +What was new in ppp-2.4.4. +************************** + +* Pppd will now run /etc/ppp/ip-pre-up, if it exists, after creating + the ppp interface and configuring its IP addresses but before + bringing it up. This can be used, for example, for adding firewall + rules for the interface. + +* Lots of bugs fixed, particularly in the area of demand-dialled and + persistent connections. + +* The rp-pppoe plugin now accepts any interface name (that isn't an + existing pppd option name) without putting "nic-" on the front of + it, not just eth*, nas*, tap* and br*. + + +What was new in ppp-2.4.3. +************************** + +* The configure script now accepts --prefix and --sysconfdir options. + These default to /usr/local and /etc. If you want pppd put in + /usr/sbin as before, use ./configure --prefix=/usr. + +* Doing `make install' no longer puts example configuration files in + /etc/ppp. Use `make install-etcppp' if you want that. + +* The code has been updated to work with version 0.8.3 of libpcap. + Unfortunately the libpcap maintainers removed support for the + "inbound" and "outbound" keywords on PPP links, meaning that if you + link pppd with libpcap-0.8.3, you can't use those keywords in the + active-filter and pass-filter expressions. The support has been + reinstated in the CVS version and should be in future libpcap + releases. If you need the in/outbound keywords, use a later release + than 0.8.3, or get the CVS version from http://www.tcpdump.org. + +* There is a new option, child-timeout, which sets the length of time + that pppd will wait for child processes (such as the command + specified with the pty option) to exit before exiting itself. It + defaults to 5 seconds. After the timeout, pppd will send a SIGTERM + to any remaining child processes and exit. A value of 0 means no + timeout. + +* Various bugs have been fixed, including some CBCP packet parsing + bugs that could lead to the peer being able to crash pppd if CBCP + support is enabled. + +* Various fixes and enhancements to the radius and rp-pppoe plugins + have been added. + +* There is a new winbind plugin, from Andrew Bartlet of the Samba + team, which provides the ability to authenticate the peer against an + NT domain controller using MS-CHAP or MS-CHAPV2. + +* There is a new pppoatm plugin, by various authors, sent in by David + Woodhouse. + +* The multilink code has been substantially reworked. The first pppd + for a bundle still controls the ppp interface, but it doesn't exit + until all the links in the bundle have terminated. If the first + pppd is signalled to exit, it signals all the other pppds + controlling links in the bundle. + +* The TDB code has been updated to the latest version. This should + eliminate the problem that some people have seen where the database + file (/var/run/pppd.tdb) keeps on growing. Unfortunately, however, + the new code uses an incompatible database format. For this reason, + pppd now uses /var/run/pppd2.tdb as the database filename. + + +What was new in ppp-2.4.2. +************************** + +* The CHAP code has been rewritten. Pppd now has support for MS-CHAP + V1 and V2 authentication, both as server and client. The new CHAP + code is cleaner than the old code and avoids some copyright problems + that existed in the old code. + +* MPPE (Microsoft Point-to-Point Encryption) support has been added, + although the current implementation shouldn't be considered + completely secure. (There is no assurance that the current code + won't ever transmit an unencrypted packet.) + +* James Carlson's implementation of the Extensible Authentication + Protocol (EAP) has been added. + +* Support for the Encryption Control Protocol (ECP) has been added. + +* Some new plug-ins have been included: + - A plug-in for kernel-mode PPPoE (PPP over Ethernet) + - A plug-in for supplying the PAP password over a pipe from another + process + - A plug-in for authenticating using a Radius server. + +* Updates and bug-fixes for the Solaris port. + +* The CBCP (Call Back Control Protocol) code has been updated. There + are new options `remotenumber' and `allow-number'. + +* Extra hooks for plugins to use have been added. + +* There is now a `maxoctets' option, which causes pppd to terminate + the link once the number of bytes passed on the link exceeds a given + value. + +* There are now options to control whether pppd can use the IPCP + IP-Address and IP-Addresses options: `ipcp-no-address' and + `ipcp-no-addresses'. + +* Fixed several bugs, including potential buffer overflows in chat. + + +What was new in ppp-2.4.1. +************************** + +* Pppd can now print out the set of options that are in effect. The + new `dump' option causes pppd to print out the option values after + option parsing is complete. The `dryrun' option causes pppd to + print the options and then exit. + +* The option parsing code has been fixed so that options in the + per-tty options file are parsed correctly, and don't override values + from the command line in most cases. + +* The plugin option now looks in /usr/lib/pppd/ (for + example, /usr/lib/pppd/2.4.1b1) for shared objects for plugins if + there is no slash in the plugin name. + +* When loading a plugin, pppd will now check the version of pppd for + which the plugin was compiled, and refuse to load it if it is + different to pppd's version string. To enable this, the plugin + source needs to #include "pppd.h" and have a line saying: + char pppd_version[] = VERSION; + +* There is a bug in zlib, discovered by James Carlson, which can cause + kernel memory corruption if Deflate is used with the lowest setting, + 8. As a workaround pppd will now insist on using at least 9. + +* Pppd should compile on Solaris and SunOS again. + +* Pppd should now set the MTU correctly on demand-dialled interfaces. + + +What was new in ppp-2.4.0. +************************** + +* Multilink: this package now allows you to combine multiple serial + links into one logical link or `bundle', for increased bandwidth and + reduced latency. This is currently only supported under the + 2.4.x and later Linux kernels. + +* All the pppd processes running on a system now write information + into a common database. I used the `tdb' code from samba for this. + +* New hooks have been added. + +For a list of the changes made during the 2.3 series releases of this +package, see the Changes-2.3 file. diff --git a/LICENSE.BSD b/LICENSE.BSD new file mode 100644 index 0000000..c7a0aa4 --- /dev/null +++ b/LICENSE.BSD @@ -0,0 +1,26 @@ +Copyright (c) The Regents of the University of California. +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. +3. Neither the name of the University nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. diff --git a/LICENSE.GPL-2 b/LICENSE.GPL-2 new file mode 100644 index 0000000..d159169 --- /dev/null +++ b/LICENSE.GPL-2 @@ -0,0 +1,339 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Lesser General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. diff --git a/PLUGINS b/PLUGINS index a655a9c..bcaa5f0 100644 --- a/PLUGINS +++ b/PLUGINS @@ -35,14 +35,16 @@ implements a `minconnect' option, which specifies a minimum connect time before the idle timeout applies. Plugins can access global variables within pppd, so it is useful for -them to #include "pppd.h" from the pppd source directory. +them to #include "pppd.h" from the pppd source directory. Other +header files can be included such as chap.h, mppe.h, and upap.h as +needed per project. Every plugin must contain a global procedure called `plugin_init'. This procedure will get called (with no arguments) immediately after the plugin is loaded. Every plugin should also contain a variable called pppd_version declared as follows: -char pppd_version[] = VERSION; +char pppd_version[] = PPPD_VERSION; If this declaration is included, pppd will not load the module if its version number differs from that compiled into the plugin binary. @@ -50,7 +52,7 @@ version number differs from that compiled into the plugin binary. Plugins can affect the behaviour of pppd in at least four ways: 1. They can add extra options which pppd will then recognize. This is - done by calling the add_options() procedure with a pointer to an + done by calling the ppp_add_options() procedure with a pointer to an array of option_t structures. The last entry in the array must have its name field set to NULL. @@ -241,12 +243,15 @@ the bundle, if we are doing multilink. A plugin registers itself with a notifier by declaring a procedure of the form: -void my_notify_proc(void *opaque, int arg); +void (ppp_notify_fn)(void *opaque, int arg); and then registering the procedure with the appropriate notifier with a call of the form - add_notifier(&interesting_notifier, my_notify_proc, opaque); + ppp_add_notify(ppp_notify_t, ppp_notify_fn, opaque); + +The ppp_notify_t is an enumerated type that describes which notifier +to attach the function to. Example: NF_EXIT, NF_SIGNALED, NF_IP_UP The `opaque' parameter in the add_notifier call will be passed to my_notify_proc every time it is called. The `arg' parameter to @@ -255,33 +260,72 @@ my_notify_proc depends on the notifier. A notify procedure can be removed from the list for a notifier with a call of the form - remove_notifier(&interesting_notifier, my_notify_proc, opaque); + ppp_del_notify(ppp_notify_t, ppp_notify_fn, opaque); Here is a list of the currently-implemented notifiers in pppd. -* pidchange. This notifier is called in the parent when pppd has +* NF_PID_CHANGE. This notifier is called in the parent when pppd has forked and the child is continuing pppd's processing, i.e. when pppd detaches from its controlling terminal. The argument is the pid of the child. -* phasechange. This is called when pppd moves from one phase of +* NF_PHASE_CHANGE. This is called when pppd moves from one phase of operation to another. The argument is the new phase number. -* exitnotify. This is called just before pppd exits. The argument is +* NF_EXIT. This is called just before pppd exits. The argument is the status with which pppd will exit (i.e. the argument to exit()). -* sigreceived. This is called when a signal is received, from within +* NF_SIGNALED. This is called when a signal is received, from within the signal handler. The argument is the signal number. -* ip_up_notifier. This is called when IPCP has come up. +* NF_IP_UP. This is called when IPCP has come up. + +* NF_IP_DOWN. This is called when IPCP goes down. + +* NF_IPV6_UP. This is called when IP6CP has come up. -* ip_down_notifier. This is called when IPCP goes down. +* NF_IPV6_DOWN. This is called when IP6CP goes down. -* auth_up_notifier. This is called when the peer has successfully +* NF_AUTH_UP. This is called when the peer has successfully authenticated itself. -* link_down_notifier. This is called when the link goes down. +* NF_LINK_DOWN. This is called when the link goes down. + +* NF_FORK. Called for each time pppd exists as a new process (child). + + +Regarding MPPE keys and key-material for 2.5.0 release + +Sometimes it is necessary for a plugin to access details related to +the authentication process. The NF_AUTH_UP callback notifier (client only) +allows a plugin to inspect e.g. key details after authentication has been +completed, but before the key material is cleared from memory for security +reasons. + +There are in particularly 3 functions that allow one to inspect these +keys: + +* bool mppe_keys_isset() +* int mppe_get_recv_key(unsigned char *key, int length) +* int mppe_get_send_key(unsigned char *key, int length) + +The first function indicates whether or not the key material is set and +is valid. The two latter functions will allow one to obtain a copy +of the respective receive and send keys. The return value of these +functions is the length of the valid key material. For security reasons, +one should take care to clear these copies when work is complete. The +max length of MPPE receive ands send keys are up to 32 bytes long, or +of MPPE_MAX_KEY_SIZE length. + +The previous definitions of MPPE_MAX_KEY_LEN is the maximum length in +which the Linux kernel will accept for MPPE key lengths. Plugins would +access the MPPE keys directly via the: + extern u_char mppe_send_key[MPPE_MAX_KEY_LEN] + extern u_char mppe_recv_key[MPPE_MAX_KEY_LEN] +variables. The 2.5.0 release prohibits the direct access of these +variables by making them static and private in favor of using the new +API. -## $Id: PLUGINS,v 1.8 2008/06/15 07:02:18 paulus Exp $ ## +## $Id: PLUGINS,v 1.8 2008/06/15 07:02:18 paulus Exp $ ## \ No newline at end of file diff --git a/README b/README index fc997f4..588b7b8 100644 --- a/README +++ b/README @@ -1,6 +1,7 @@ -This is the README file for ppp-2.4, a package which implements the +This is the README file for ppp-2.5, a package which implements the Point-to-Point Protocol (PPP) to provide Internet connections over -serial lines. +serial lines and other types of links which can be considered to be +point-to-point links. Introduction. @@ -9,7 +10,7 @@ Introduction. The Point-to-Point Protocol (PPP) provides a standard way to establish a network connection over a serial link. At present, this package supports IP and IPV6 and the protocols layered above them, such as TCP -and UDP. The Linux port of this package also has support for IPX. +and UDP. This PPP implementation consists of two parts: @@ -61,281 +62,70 @@ use any IP address. (This only applies where the peer is authenticating itself to you, of course.) -What's new in ppp-2.4.9. -************************ +What's new in ppp-2.5.1 +*********************** -* Support for new EAP (Extensible Authentication Protocol) methods: - - Support for EAP-TLS, from Jan Just Keijser and others - - Support for EAP-MSCHAPv2, from Eivind Næss, Thomas Omerzu, Tijs - Van Buggenhout and others - -* New pppd options: - - chap-timeout - - chapms-strip-domain - - replacedefaultroute - - noreplacedefaultroute - - ipv6cp-accept-remote - - lcp-echo-adaptive - - ip-up-script - - ip-down-script - - ca - - capath - - cert - - key - - crl-dir - - crl - - max-tls-version - - need-peer-eap - -* Fixes for CVE-2020-8597 and CVE-2015-3310. - -* libpcap is now required when compiling on Linux (previously, if - libpcap was not present, pppd would be compiled without packet - filtering support). - -* The rp-pppoe plugin has been renamed to pppoe, to distinguish it - from the upstream rp-pppoe code. Its options have changed names, - but the old names are kept as aliases. - -* The configure script now supports cross-compilation. - -* Many bug fixes and cleanups. - - -What was new in ppp-2.4.8. -************************** - -* New pppd options have been added: - - ifname, to set the name for the PPP interface device - - defaultroute-metric, to set the metric for the default route - - defaultroute6, to add an IPv6 default route (with nodefaultroute6 - to prevent adding an IPv6 default route) - - up_sdnotify, to have pppd notify systemd when the link is up. - -* The rp-pppoe plugin has new options: - - host-uniq, to set the Host-Uniq value to send - - pppoe-padi-timeout, to set the timeout for discovery packets - - pppoe-padi-attempts, to set the number of discovery attempts. - -* Added the CLASS attribute in radius packets. - -* Sundry bug fixes. - -* Fixed warnings and issues found by static analysis. - -* Added Submitting-patches.md. - - -What was new in ppp-2.4.7. -************************** - -* Fixed a potential security issue in parsing option files (CVE-2014-3158). - -* There is a new "stop-bits" option, which takes an argument of 1 or 2, - indicating the number of stop bits to use for async serial ports. - -* Various bug fixes. - - -What was new in ppp-2.4.6. -************************** - -* Man page updates. - -* Several bug fixes. - -* Options files can now set and unset environment variables for - scripts. - -* The timeout for chat scripts can now be taken from an environment - variable. - -* There is a new option, master_detach, which allows pppd to detach - from the controlling terminal when it is the multilink bundle master - but its own link has terminated, even if the nodetach option has - been given. - - -What was new in ppp-2.4.5. -************************** - -* Under Linux, pppd can now operate in a mode where it doesn't request - the peer's IP address, as some peers refuse to supply an IP address. - Since Linux supports device routes as well as gateway routes, it's - possible to have no remote IP address assigned to the ppp interface - and still route traffic over it. - -* Pppd now works better with 3G modems that do strange things such as - sending IPCP Configure-Naks with the same values over and over again. - -* The PPP over L2TP plugin is included, which works with the pppol2tp - PPP channel code in the Linux kernel. This allows pppd to be used - to set up tunnels using the Layer 2 Tunneling Protocol. - -* A new 'enable-session' option has been added, which enables session - accounting via PAM or wtwp/wtmpx, as appropriate. See the pppd man - page for details. - -* Several bugs have been fixed. +* Pppd can now measure and log the round-trip time (RTT) of LCP + echo-requests and record them in a binary file structured as a + circular buffer. Other programs or scripts can examine the file and + provide real-time statistics on link latency. This is enabled by a + new "lcp-rtt-file" option. +* New scripts net-init, net-pre-up and net-down are executed in the + process of bringing the network interface up and down. They provide + additional, more deterministic ways for pppd to interact with the + rest of the networking configuration. -What was new in ppp-2.4.4. -************************** - -* Pppd will now run /etc/ppp/ip-pre-up, if it exists, after creating - the ppp interface and configuring its IP addresses but before - bringing it up. This can be used, for example, for adding firewall - rules for the interface. - -* Lots of bugs fixed, particularly in the area of demand-dialled and - persistent connections. - -* The rp-pppoe plugin now accepts any interface name (that isn't an - existing pppd option name) without putting "nic-" on the front of - it, not just eth*, nas*, tap* and br*. +* Pppd will now create the directory for the TDB connection database + if it doesn't already exist. +* Various other bug fixes and minor enhancements. -What was new in ppp-2.4.3. -************************** -* The configure script now accepts --prefix and --sysconfdir options. - These default to /usr/local and /etc. If you want pppd put in - /usr/sbin as before, use ./configure --prefix=/usr. - -* Doing `make install' no longer puts example configuration files in - /etc/ppp. Use `make install-etcppp' if you want that. - -* The code has been updated to work with version 0.8.3 of libpcap. - Unfortunately the libpcap maintainers removed support for the - "inbound" and "outbound" keywords on PPP links, meaning that if you - link pppd with libpcap-0.8.3, you can't use those keywords in the - active-filter and pass-filter expressions. The support has been - reinstated in the CVS version and should be in future libpcap - releases. If you need the in/outbound keywords, use a later release - than 0.8.3, or get the CVS version from http://www.tcpdump.org. - -* There is a new option, child-timeout, which sets the length of time - that pppd will wait for child processes (such as the command - specified with the pty option) to exit before exiting itself. It - defaults to 5 seconds. After the timeout, pppd will send a SIGTERM - to any remaining child processes and exit. A value of 0 means no - timeout. - -* Various bugs have been fixed, including some CBCP packet parsing - bugs that could lead to the peer being able to crash pppd if CBCP - support is enabled. - -* Various fixes and enhancements to the radius and rp-pppoe plugins - have been added. - -* There is a new winbind plugin, from Andrew Bartlet of the Samba - team, which provides the ability to authenticate the peer against an - NT domain controller using MS-CHAP or MS-CHAPV2. - -* There is a new pppoatm plugin, by various authors, sent in by David - Woodhouse. - -* The multilink code has been substantially reworked. The first pppd - for a bundle still controls the ppp interface, but it doesn't exit - until all the links in the bundle have terminated. If the first - pppd is signalled to exit, it signals all the other pppds - controlling links in the bundle. - -* The TDB code has been updated to the latest version. This should - eliminate the problem that some people have seen where the database - file (/var/run/pppd.tdb) keeps on growing. Unfortunately, however, - the new code uses an incompatible database format. For this reason, - pppd now uses /var/run/pppd2.tdb as the database filename. - - -What was new in ppp-2.4.2. +What was new in ppp-2.5.0. ************************** -* The CHAP code has been rewritten. Pppd now has support for MS-CHAP - V1 and V2 authentication, both as server and client. The new CHAP - code is cleaner than the old code and avoids some copyright problems - that existed in the old code. - -* MPPE (Microsoft Point-to-Point Encryption) support has been added, - although the current implementation shouldn't be considered - completely secure. (There is no assurance that the current code - won't ever transmit an unencrypted packet.) - -* James Carlson's implementation of the Extensible Authentication - Protocol (EAP) has been added. - -* Support for the Encryption Control Protocol (ECP) has been added. - -* Some new plug-ins have been included: - - A plug-in for kernel-mode PPPoE (PPP over Ethernet) - - A plug-in for supplying the PAP password over a pipe from another - process - - A plug-in for authenticating using a Radius server. - -* Updates and bug-fixes for the Solaris port. - -* The CBCP (Call Back Control Protocol) code has been updated. There - are new options `remotenumber' and `allow-number'. - -* Extra hooks for plugins to use have been added. - -* There is now a `maxoctets' option, which causes pppd to terminate - the link once the number of bytes passed on the link exceeds a given - value. - -* There are now options to control whether pppd can use the IPCP - IP-Address and IP-Addresses options: `ipcp-no-address' and - `ipcp-no-addresses'. - -* Fixed several bugs, including potential buffer overflows in chat. - - -What was new in ppp-2.4.1. -************************** - -* Pppd can now print out the set of options that are in effect. The - new `dump' option causes pppd to print out the option values after - option parsing is complete. The `dryrun' option causes pppd to - print the options and then exit. - -* The option parsing code has been fixed so that options in the - per-tty options file are parsed correctly, and don't override values - from the command line in most cases. - -* The plugin option now looks in /usr/lib/pppd/ (for - example, /usr/lib/pppd/2.4.1b1) for shared objects for plugins if - there is no slash in the plugin name. - -* When loading a plugin, pppd will now check the version of pppd for - which the plugin was compiled, and refuse to load it if it is - different to pppd's version string. To enable this, the plugin - source needs to #include "pppd.h" and have a line saying: - char pppd_version[] = VERSION; - -* There is a bug in zlib, discovered by James Carlson, which can cause - kernel memory corruption if Deflate is used with the lowest setting, - 8. As a workaround pppd will now insist on using at least 9. - -* Pppd should compile on Solaris and SunOS again. - -* Pppd should now set the MTU correctly on demand-dialled interfaces. - - -What was new in ppp-2.4.0. -************************** - -* Multilink: this package now allows you to combine multiple serial - links into one logical link or `bundle', for increased bandwidth and - reduced latency. This is currently only supported under the - 2.4.x and later Linux kernels. - -* All the pppd processes running on a system now write information - into a common database. I used the `tdb' code from samba for this. +The 2.5.0 release is a major release of pppd which contains breaking +changes for third-party plugins, a complete revamp of the build-system +and that allows for flexibility of configuring features as needed. + +In Summary: +* Support for PEAP authentication by Eivind Næss and Rustam Kovhaev +* Support for loading PKCS12 certificate envelopes +* Adoption of GNU Autoconf / Automake build environment, by Eivind Næss + and others. +* Support for pkgconfig tool has been added by Eivind Næss. +* Bunch of fixes and cleanup to PPPoE and IPv6 support by Pali Rohár. +* Major revision to PPPD's Plugin API by Eivind Næss. + - Defines in which describes what features was included in pppd + - Functions now prefixed with explicit ppp_* to indicate that + pppd functions being called. + - Header files were renamed to better align with their features, + and now use proper include guards + - A pppdconf.h file is supplied to allow third-party modules to use + the same feature defines pppd was compiled with. + - No extern declarations of internal variable names of pppd, + continued use of these extern variables are considered + unstable. +* Lots of internal fixes and cleanups for Radius and PPPoE by Jaco Kroon +* Dropped IPX support, as Linux has dropped support in version 5.15 + for this protocol. +* Many more fixes and cleanups. +* Pppd is no longer installed setuid-root. +* New pppd options: + - ipv6cp-noremote, ipv6cp-nosend, ipv6cp-use-remotenumber, + ipv6-up-script, ipv6-down-script + - -v, show-options + - usepeerwins, ipcp-no-address, ipcp-no-addresses, nosendip +* On Linux, any baud rate can be set on a serial port provided the + kernel serial driver supports that. -* New hooks have been added. +Note that if you have built and installed previous versions of this +package and you want to continue having configuration and TDB files in +/etc/ppp, you will need to use the --sysconfdir option to ./configure. -For a list of the changes made during the 2.3 series releases of this -package, see the Changes-2.3 file. +For a list of the changes made during the 2.4 series releases of this +package, see the Changes-2.4 file. Compression methods. @@ -353,16 +143,16 @@ ever expand packets. Contacts. ********* -The comp.protocols.ppp newsgroup is a useful place to get help if you -have trouble getting your ppp connections to work. Please do not send -me questions of the form "please help me get connected to my ISP" - -I'm sorry, but I simply do not have the time to answer all the -questions like this that I get. +Most communication relating to this package happens on github at +https://github.com/ppp-project/ppp/. The linux-ppp@vger.kernel.org +mailing list also exists and can be used. -If you find bugs in this package, please report them to the maintainer -for the port for the operating system you are using: +If you find bugs in this package, the best thing to do is to create an +issue on github. If you can't or don't want to do that, you can post +to linux-ppp@vger.kernel.org, or report them to the maintainer for the +port for the operating system you are using: -Linux Paul Mackerras +Linux Paul Mackerras Solaris James Carlson diff --git a/README.linux b/README.linux index d441427..eb15fbb 100644 --- a/README.linux +++ b/README.linux @@ -151,7 +151,7 @@ unsubscribe linux-ppp To send a message to the list, email it to linux-ppp@vger.kernel.org. You don't have to be subscribed to send messages to the list. -You can also email me (paulus@samba.org) but I am overloaded with +You can also email me (paulus@ozlabs.org) but I am overloaded with email and I can't respond to most messages I get in a timely fashion. There are also several relevant news groups, such as comp.protocols.ppp, diff --git a/chat/chat.c b/chat/chat.c index 64d96c2..336c0f4 100644 --- a/chat/chat.c +++ b/chat/chat.c @@ -182,7 +182,7 @@ int n_aborts = 0, abort_next = 0, timeout_next = 0, echo_next = 0; int clear_abort_next = 0; char *report_string[MAX_REPORTS] ; -char report_buffer[256] ; +char report_buffer[4096] ; int n_reports = 0, report_next = 0, report_gathering = 0 ; int clear_report_next = 0; @@ -198,7 +198,7 @@ SIGTYPE sigalrm (int signo); SIGTYPE sigint (int signo); SIGTYPE sigterm (int signo); SIGTYPE sighup (int signo); -void unalarm (void); +void checksigs(void); void init (void); void set_tty_parameters (void); int echo_stderr (int); @@ -215,7 +215,6 @@ char *character (int c); void chat_expect (register char *s); char *clean (register char *s, int sending); void break_sequence (void); -void terminate (int status); void pack_array (char **array, int end); char *expect_strtok (char *, char *); int vfmtmsg (char *, int, const char *, va_list); /* vsprintf++ */ @@ -347,16 +346,12 @@ main(int argc, char **argv) report_fp = stderr; if (to_log) { -#ifdef ultrix - openlog("chat", LOG_PID); -#else openlog("chat", LOG_PID | LOG_NDELAY, LOG_LOCAL2); if (verbose) setlogmask(LOG_UPTO(LOG_INFO)); else setlogmask(LOG_UPTO(LOG_WARNING)); -#endif } init(); @@ -373,6 +368,7 @@ main(int argc, char **argv) if ((arg = ARG(argc, argv)) != NULL) chat_send(arg); + checksigs(); } } @@ -444,8 +440,10 @@ void do_file (char *chat_file) else chat_expect (arg); sendflg = !sendflg; + checksigs(); } } + checksigs(); fclose (cfp); } @@ -499,59 +497,68 @@ void fatal(int code, const char *fmt, ...) } int alarmed = 0; +int alarmsig = 0; SIGTYPE sigalrm(int signo) { int flags; alarm(1); - alarmed = 1; /* Reset alarm to avoid race window */ - signal(SIGALRM, sigalrm); /* that can cause hanging in read() */ - - if ((flags = fcntl(0, F_GETFL, 0)) == -1) - fatal(2, "Can't get file mode flags on stdin: %m"); - - if (fcntl(0, F_SETFL, flags | O_NONBLOCK) == -1) - fatal(2, "Can't set file mode flags on stdin: %m"); - - if (verbose) - msgf("alarm"); + alarmed = 1; + alarmsig = 1; } -void unalarm(void) -{ - int flags; - - if ((flags = fcntl(0, F_GETFL, 0)) == -1) - fatal(2, "Can't get file mode flags on stdin: %m"); - - if (fcntl(0, F_SETFL, flags & ~O_NONBLOCK) == -1) - fatal(2, "Can't set file mode flags on stdin: %m"); -} +const char *fatalsig = NULL; SIGTYPE sigint(int signo) { - fatal(2, "SIGINT"); + fatalsig = "SIGINT"; } SIGTYPE sigterm(int signo) { - fatal(2, "SIGTERM"); + fatalsig = "SIGTERM"; } SIGTYPE sighup(int signo) { - fatal(2, "SIGHUP"); + fatalsig = "SIGHUP"; +} + +void checksigs(void) +{ + int err; + const char *signame; + + if (fatalsig) { + signame = fatalsig; + fatalsig = NULL; + alarmsig = 0; + fatal(2, signame); + } + if (alarmsig && verbose) { + err = errno; + msgf("alarm"); + errno = err; + alarmsig = 0; + } } void init(void) { - signal(SIGINT, sigint); - signal(SIGTERM, sigterm); - signal(SIGHUP, sighup); + struct sigaction sa; + + memset(&sa, 0, sizeof(sa)); + sa.sa_handler = sigint; + sigaction(SIGINT, &sa, NULL); + sa.sa_handler = sigterm; + sigaction(SIGTERM, &sa, NULL); + sa.sa_handler = sighup; + sigaction(SIGHUP, &sa, NULL); set_tty_parameters(); - signal(SIGALRM, sigalrm); + sa.sa_handler = sigalrm; + sigaction(SIGALRM, &sa, NULL); alarm(0); alarmed = 0; } @@ -602,7 +609,7 @@ void terminate(int status) int c, rep_len; rep_len = strlen(report_buffer); - while (rep_len + 1 <= sizeof(report_buffer)) { + while (rep_len + 1 < sizeof(report_buffer)) { alarm(1); c = get_char(); alarm(0); @@ -945,6 +952,7 @@ void chat_expect (char *s) break; chat_send (reply); + checksigs(); } /* @@ -987,6 +995,7 @@ int chat_send (register char *s) { char file_data[STR_LEN]; int len, ret = 0; + struct sigaction sa; if (say_next) { say_next = 0; @@ -999,10 +1008,13 @@ int chat_send (register char *s) if (hup_next) { hup_next = 0; + memset(&sa, 0, sizeof(sa)); + if (strcmp(s, "OFF") == 0) - signal(SIGHUP, SIG_IGN); + sa.sa_handler = SIG_IGN; else - signal(SIGHUP, sighup); + sa.sa_handler = sighup; + sigaction(SIGHUP, &sa, NULL); return 0; } @@ -1121,7 +1133,7 @@ int chat_send (register char *s) if (verbose) msgf("timeout set to %d seconds", timeout); - + free(s); return 0; } @@ -1179,6 +1191,7 @@ int get_char(void) char c; status = read(0, &c, 1); + checksigs(); switch (status) { case 1: @@ -1188,12 +1201,6 @@ int get_char(void) msgf("warning: read() on stdin returned %d", status); case -1: - if ((status = fcntl(0, F_GETFL, 0)) == -1) - fatal(2, "Can't get file mode flags on stdin: %m"); - - if (fcntl(0, F_SETFL, status & ~O_NONBLOCK) == -1) - fatal(2, "Can't set file mode flags on stdin: %m"); - return (-1); } } @@ -1204,8 +1211,10 @@ int put_char(int c) char ch = c; usleep(10000); /* inter-character typing delay (?) */ + checksigs(); status = write(1, &ch, 1); + checksigs(); switch (status) { case 1: @@ -1215,12 +1224,6 @@ int put_char(int c) msgf("warning: write() on stdout returned %d", status); case -1: - if ((status = fcntl(0, F_GETFL, 0)) == -1) - fatal(2, "Can't get file mode flags on stdin, %m"); - - if (fcntl(0, F_SETFL, status & ~O_NONBLOCK) == -1) - fatal(2, "Can't set file mode flags on stdin: %m"); - return (-1); } } @@ -1244,8 +1247,11 @@ int write_char(int c) int put_string(register char *s) { + char *s1; quiet = 0; + s = clean(s, 1); + s1 = s; if (verbose) { if (quiet) @@ -1260,8 +1266,10 @@ int put_string(register char *s) register char c = *s++; if (c != '\\') { - if (!write_char (c)) + if (!write_char (c)) { + free(s1); return 0; + } continue; } @@ -1280,14 +1288,18 @@ int put_string(register char *s) break; default: - if (!write_char (c)) + if (!write_char (c)) { + free(s1); return 0; + } break; } + checksigs(); } alarm(0); alarmed = 0; + free(s1); return (1); } @@ -1320,6 +1332,7 @@ int echo_stderr(int n) need_lf = 1; break; } + checksigs(); return ret; } @@ -1331,10 +1344,10 @@ int get_string(register char *string) char temp[STR_LEN]; int c, printed = 0, len, minlen; register char *s = temp, *end = s + STR_LEN; - char *logged = temp; + char *s1, *logged = temp; fail_reason = (char *)0; - string = clean(string, 0); + string = s1 = clean(string, 0); len = strlen(string); minlen = (len > sizeof(fail_buffer)? len: sizeof(fail_buffer)) - 1; @@ -1344,12 +1357,14 @@ int get_string(register char *string) if (len > STR_LEN) { msgf("expect string is too long"); exit_code = 1; + free(s1); return 0; } if (len == 0) { if (verbose) msgf("got it"); + free(s1); return (1); } @@ -1397,6 +1412,7 @@ int get_string(register char *string) strftime (report_buffer, 20, "%b %d %H:%M:%S ", tm_now); strcat (report_buffer, report_string[n]); + free(report_string[n]); report_string[n] = (char *) NULL; report_gathering = 1; break; @@ -1406,8 +1422,10 @@ int get_string(register char *string) else { if (!iscntrl (c)) { int rep_len = strlen (report_buffer); - report_buffer[rep_len] = c; - report_buffer[rep_len + 1] = '\0'; + if ((rep_len + 1) < sizeof(report_buffer)) { + report_buffer[rep_len] = c; + report_buffer[rep_len + 1] = '\0'; + } } else { report_gathering = 0; @@ -1426,6 +1444,7 @@ int get_string(register char *string) alarm(0); alarmed = 0; + free(s1); return (1); } @@ -1442,6 +1461,7 @@ int get_string(register char *string) alarmed = 0; exit_code = n + 4; strcpy(fail_reason = fail_buffer, abort_string[n]); + free(s1); return (0); } } @@ -1473,6 +1493,7 @@ int get_string(register char *string) exit_code = 3; alarmed = 0; + free(s1); return (0); } diff --git a/configure.ac b/configure.ac index 5a134fa..11b62f5 100644 --- a/configure.ac +++ b/configure.ac @@ -1,6 +1,6 @@ AC_PREREQ([2.69]) AC_INIT([ppp], - [2.4.10-dev], + [2.5.1-dev], [https://github.com/ppp-project/ppp]) m4_ifdef([AM_SILENT_RULES],[AM_SILENT_RULES([yes])]) @@ -12,13 +12,14 @@ AM_MAINTAINER_MODE([enable]) AC_LANG(C) AC_CONFIG_SRCDIR([pppd/main.c]) AC_CONFIG_HEADERS([pppd/config.h pppd/pppdconf.h pppd/plugins/pppoe/config.h]) +AC_ENABLE_STATIC(no) # Checks for programs. AC_PROG_CC AM_PROG_CC_C_O AC_PROG_INSTALL -AC_PROG_LIBTOOL AC_PROG_LN_S +LT_INIT PKG_PROG_PKG_CONFIG @@ -51,6 +52,8 @@ AC_CHECK_HEADERS([ \ crypt.h \ paths.h \ shadow.h \ + stddef.h \ + stdarg.h \ sys/dlpi.h \ sys/ioctl.h \ sys/socket.h \ @@ -72,7 +75,17 @@ AM_COND_IF([LINUX], [ linux/if_ether.h \ linux/if_packet.h \ netinet/if_ether.h \ - netpacket/packet.h])]) + netpacket/packet.h]) + + AC_MSG_CHECKING([for struct sockaddr_ll in ]) + AC_COMPILE_IFELSE( + [AC_LANG_PROGRAM([@%:@include ], [sizeof(struct sockaddr_ll)])], + [AC_MSG_RESULT([yes]) + AC_DEFINE(HAVE_STRUCT_SOCKADDR_LL, 1, [Struct sockaddr_ll is present on system]) + ], + AC_MSG_RESULT([no])) +]) + AC_CHECK_SIZEOF(unsigned int) AC_CHECK_SIZEOF(unsigned long) @@ -106,7 +119,7 @@ AM_CONDITIONAL(WITH_SYSTEMD, test "x${enable_systemd}" = "xyes") AM_COND_IF([WITH_SYSTEMD], AC_DEFINE([SYSTEMD], 1, [Enable support for systemd notifications])) AS_IF([test "x${enable_systemd}" = "xyes"], [ - PKG_CHECK_MODULES([systemd], [systemd])]) + PKG_CHECK_MODULES([SYSTEMD], [libsystemd])]) # # Enable Callback Protocol Support, disabled by default @@ -194,7 +207,7 @@ AS_IF([test "x$enable_openssl_engine" != "xno"], [], # # Specify runtime directory AC_ARG_WITH([plugin-dir], - AC_HELP_STRING([--with-plugin-dir=DIR], [Specify the plugin directory for pppd])) + AS_HELP_STRING([--with-plugin-dir=DIR],[Specify the plugin directory for pppd])) AS_IF([test -n "$with_plugin_dir"], [PPPD_PLUGIN_DIR="$with_plugin_dir"], [PPPD_PLUGIN_DIR="${libdir}/pppd/$VERSION"]) @@ -203,25 +216,49 @@ AC_SUBST(PPPD_PLUGIN_DIR, "$PPPD_PLUGIN_DIR", [The pppd plugin directory]) # # Specify runtime directory AC_ARG_WITH([runtime-dir], - AC_HELP_STRING([--with-runtime-dir=DIR], [Specify the runtime directory for pppd])) + AS_HELP_STRING([--with-runtime-dir=DIR],[Specify the runtime directory for pppd])) AS_IF([test -n "$with_runtime_dir"], [PPPD_RUNTIME_DIR="$with_runtime_dir"], - [PPPD_RUNTIME_DIR="${localstatedir}/run/pppd"]) + [PPPD_RUNTIME_DIR="${runstatedir}/pppd"]) AC_SUBST(PPPD_RUNTIME_DIR) # # Specify runtime directory AC_ARG_WITH([logfile-dir], - AC_HELP_STRING([--with-logfile-dir=DIR], [Specify the log directory for pppd])) + AS_HELP_STRING([--with-logfile-dir=DIR],[Specify the log directory for pppd])) AS_IF([test -n "$with_logfile_dir"], [PPPD_LOGFILE_DIR="$with_logfile_dir"], - [PPPD_LOGFILE_DIR="${localstatedir}/log/pppd"]) + [PPPD_LOGFILE_DIR="${localstatedir}/log/ppp"]) AC_SUBST(PPPD_LOGFILE_DIR) +# +# System CA certificates path +AC_ARG_WITH(system-ca-path, + AS_HELP_STRING([--with-system-ca-path=/path/to/ssl/certs], [path to system CA certificates]), + [ + case "$withval" in + "" | y | ye | yes) + with_system_ca_path="${sysconfdir}/ssl/certs" + ;; + n | no) + ;; + *) + with_system_ca_path="$withval" + ;; + esac + ],[with_system_ca_path="${sysconfdir}/ssl/certs"]) +AM_CONDITIONAL(PPP_WITH_SYSTEM_CA_PATH, [test "$with_system_ca_path" != "no"]) +AM_COND_IF(PPP_WITH_SYSTEM_CA_PATH, [ + SYSTEM_CA_PATH="$with_system_ca_path" +]) +AC_SUBST(SYSTEM_CA_PATH) + # # Check for OpenSSL AX_CHECK_OPENSSL -AM_CONDITIONAL(WITH_OPENSSL, test "x${with_openssl}" != "xno") +AM_CONDITIONAL(PPP_WITH_OPENSSL, test "x${with_openssl}" != "xno") +AM_COND_IF([PPP_WITH_OPENSSL], + AC_DEFINE([PPP_WITH_OPENSSL], 1, [PPP is compiled with openssl support])) # # Check if OpenSSL has compiled in support for various ciphers @@ -236,29 +273,20 @@ AS_IF([test "x${with_openssl}" != "xno" ], [ ]) AM_CONDITIONAL([OPENSSL_HAVE_MD4], test "x${ac_cv_openssl_md4}" = "xyes") -AM_COND_IF([OPENSSL_HAVE_MD4],, - AC_DEFINE([USE_MD4], 1, [Use MD4 included with pppd])) +AM_COND_IF([OPENSSL_HAVE_MD4], + AC_DEFINE([OPENSSL_HAVE_MD4], 1, [Use MD4 included with openssl])) AM_CONDITIONAL([OPENSSL_HAVE_MD5], test "x${ac_cv_openssl_md5}" = "xyes") -AM_COND_IF([OPENSSL_HAVE_MD5],, - AC_DEFINE([USE_MD5], 1, [Use MD5 included with pppd])) +AM_COND_IF([OPENSSL_HAVE_MD5], + AC_DEFINE([OPENSSL_HAVE_MD5], 1, [Use MD5 included with openssl])) AM_CONDITIONAL([OPENSSL_HAVE_SHA], test "x${ac_cv_openssl_sha}" = "xyes") -AM_COND_IF([OPENSSL_HAVE_SHA],, - AC_DEFINE([USE_SHA], 1, [Use SHA included with pppd])) +AM_COND_IF([OPENSSL_HAVE_SHA], + AC_DEFINE([OPENSSL_HAVE_SHA], 1, [Use SHA included with openssl])) AM_CONDITIONAL([OPENSSL_HAVE_DES], test "x${ac_cv_openssl_des}" = "xyes") -AM_COND_IF([OPENSSL_HAVE_DES],, - AC_DEFINE([USE_CRYPT], 1, [Use DES included with pppd])) - -# -# If OpenSSL doesn't support DES, then use the one from libcrypt (glibc dropped support for this in 2.27). -AS_IF([test "x${ac_cv_openssl_des}" = "xno" ], [ - AC_CHECK_LIB([crypt], [encrypt], - [LIBS="$LIBS -lcrypt"], - [AC_MSG_ERROR([OpenSSL not found or does not support DES, and libcrypt also doesn't support encrypt])] - ) -]) +AM_COND_IF([OPENSSL_HAVE_DES], + AC_DEFINE([OPENSSL_HAVE_DES], 1, [Use DES included with openssl])) # # With libsrp support @@ -394,6 +422,7 @@ $PACKAGE_NAME version $PACKAGE_VERSION Runtime Dir..........: $PPPD_RUNTIME_DIR Logfile Dir..........: $PPPD_LOGFILE_DIR Plugin Dir...........: $PPPD_PLUGIN_DIR + System CA Path ......: ${SYSTEM_CA_PATH:-not set} With OpenSSL.........: ${with_openssl:-yes} With libatm..........: ${with_atm:-no} With libpam..........: ${with_pam:-no} diff --git a/contrib/pppgetpass/Makefile.am b/contrib/pppgetpass/Makefile.am index 530e82f..be74d48 100644 --- a/contrib/pppgetpass/Makefile.am +++ b/contrib/pppgetpass/Makefile.am @@ -1,5 +1,4 @@ noinst_PROGRAMS = pppgetpass.vt -noinst_man8_MANS = pppgetpass.8 pppgetpass_vt_SOURCES = pppgetpass.vt.c pppgetpass_vt_CPPFLAGS = -Wno-unused-result @@ -14,4 +13,5 @@ pppgetpass_gtk_LDADD = $(GLIB_LIBS) $(GTK_LIBS) endif EXTRA_DIST = \ - pppgetpass.sh + pppgetpass.sh \ + pppgetpass.8 diff --git a/include/Makefile.am b/include/Makefile.am index 2a576c1..3777f8c 100644 --- a/include/Makefile.am +++ b/include/Makefile.am @@ -1,12 +1,9 @@ EXTRA_HEADERS = \ - linux/if_ppp.h \ linux/ppp-comp.h \ linux/ppp_defs.h \ - net/if_ppp.h \ net/ppp-comp.h \ net/ppp_defs.h \ net/pppio.h \ - net/slcompress.h \ net/vjcompress.h EXTRA_DIST = \ diff --git a/include/linux/if_ppp.h b/include/linux/if_ppp.h deleted file mode 100644 index 1101fc7..0000000 --- a/include/linux/if_ppp.h +++ /dev/null @@ -1,178 +0,0 @@ -/* $Id: if_ppp.h,v 1.23 2002/12/06 09:49:15 paulus Exp $ */ - -/* - * if_ppp.h - Point-to-Point Protocol definitions. - * - * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The name "Carnegie Mellon University" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For permission or any legal - * details, please contact - * Office of Technology Transfer - * Carnegie Mellon University - * 5000 Forbes Avenue - * Pittsburgh, PA 15213-3890 - * (412) 268-4387, fax: (412) 268-7395 - * tech-transfer@andrew.cmu.edu - * - * 4. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Computing Services - * at Carnegie Mellon University (http://www.cmu.edu/computing/)." - * - * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE - * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - */ - -/* - * ==FILEVERSION 20000724== - * - * NOTE TO MAINTAINERS: - * If you modify this file at all, please set the above date. - * if_ppp.h is shipped with a PPP distribution as well as with the kernel; - * if everyone increases the FILEVERSION number above, then scripts - * can do the right thing when deciding whether to install a new if_ppp.h - * file. Don't change the format of that line otherwise, so the - * installation script can recognize it. - */ - -#ifndef _IF_PPP_H_ -#define _IF_PPP_H_ - -/* - * Packet sizes - */ - -#define PPP_MTU 1500 /* Default MTU (size of Info field) */ -#define PPP_MAXMRU 65000 /* Largest MRU we allow */ -#define PROTO_IPX 0x002b /* protocol numbers */ -#define PROTO_DNA_RT 0x0027 /* DNA Routing */ - - -/* - * Bit definitions for flags. - */ - -#define SC_COMP_PROT 0x00000001 /* protocol compression (output) */ -#define SC_COMP_AC 0x00000002 /* header compression (output) */ -#define SC_COMP_TCP 0x00000004 /* TCP (VJ) compression (output) */ -#define SC_NO_TCP_CCID 0x00000008 /* disable VJ connection-id comp. */ -#define SC_REJ_COMP_AC 0x00000010 /* reject adrs/ctrl comp. on input */ -#define SC_REJ_COMP_TCP 0x00000020 /* reject TCP (VJ) comp. on input */ -#define SC_CCP_OPEN 0x00000040 /* Look at CCP packets */ -#define SC_CCP_UP 0x00000080 /* May send/recv compressed packets */ -#define SC_ENABLE_IP 0x00000100 /* IP packets may be exchanged */ -#define SC_LOOP_TRAFFIC 0x00000200 /* send traffic to pppd */ -#define SC_MULTILINK 0x00000400 /* do multilink encapsulation */ -#define SC_MP_SHORTSEQ 0x00000800 /* use short MP sequence numbers */ -#define SC_COMP_RUN 0x00001000 /* compressor has been inited */ -#define SC_DECOMP_RUN 0x00002000 /* decompressor has been inited */ -#define SC_MP_XSHORTSEQ 0x00004000 /* transmit short MP seq numbers */ -#define SC_DEBUG 0x00010000 /* enable debug messages */ -#define SC_LOG_INPKT 0x00020000 /* log contents of good pkts recvd */ -#define SC_LOG_OUTPKT 0x00040000 /* log contents of pkts sent */ -#define SC_LOG_RAWIN 0x00080000 /* log all chars received */ -#define SC_LOG_FLUSH 0x00100000 /* log all chars flushed */ -#define SC_SYNC 0x00200000 /* synchronous serial mode */ -#define SC_MASK 0x0f200fff /* bits that user can change */ - -/* state bits */ -#define SC_XMIT_BUSY 0x10000000 /* (used by isdn_ppp?) */ -#define SC_RCV_ODDP 0x08000000 /* have rcvd char with odd parity */ -#define SC_RCV_EVNP 0x04000000 /* have rcvd char with even parity */ -#define SC_RCV_B7_1 0x02000000 /* have rcvd char with bit 7 = 1 */ -#define SC_RCV_B7_0 0x01000000 /* have rcvd char with bit 7 = 0 */ -#define SC_DC_FERROR 0x00800000 /* fatal decomp error detected */ -#define SC_DC_ERROR 0x00400000 /* non-fatal decomp error detected */ - -/* - * Ioctl definitions. - */ - -struct npioctl { - int protocol; /* PPP protocol, e.g. PPP_IP */ - enum NPmode mode; -}; - -/* Structure describing a CCP configuration option, for PPPIOCSCOMPRESS */ -struct ppp_option_data { - __u8 *ptr; - __u32 length; - int transmit; -}; - -struct ifpppstatsreq { - struct ifreq b; - struct ppp_stats stats; /* statistic information */ -}; - -struct ifpppcstatsreq { - struct ifreq b; - struct ppp_comp_stats stats; -}; - -#define ifr__name b.ifr_ifrn.ifrn_name -#define stats_ptr b.ifr_ifru.ifru_data - -/* - * Ioctl definitions. - */ - -#define PPPIOCGFLAGS _IOR('t', 90, int) /* get configuration flags */ -#define PPPIOCSFLAGS _IOW('t', 89, int) /* set configuration flags */ -#define PPPIOCGASYNCMAP _IOR('t', 88, int) /* get async map */ -#define PPPIOCSASYNCMAP _IOW('t', 87, int) /* set async map */ -#define PPPIOCGUNIT _IOR('t', 86, int) /* get ppp unit number */ -#define PPPIOCGRASYNCMAP _IOR('t', 85, int) /* get receive async map */ -#define PPPIOCSRASYNCMAP _IOW('t', 84, int) /* set receive async map */ -#define PPPIOCGMRU _IOR('t', 83, int) /* get max receive unit */ -#define PPPIOCSMRU _IOW('t', 82, int) /* set max receive unit */ -#define PPPIOCSMAXCID _IOW('t', 81, int) /* set VJ max slot ID */ -#define PPPIOCGXASYNCMAP _IOR('t', 80, ext_accm) /* get extended ACCM */ -#define PPPIOCSXASYNCMAP _IOW('t', 79, ext_accm) /* set extended ACCM */ -#define PPPIOCXFERUNIT _IO('t', 78) /* transfer PPP unit */ -#define PPPIOCSCOMPRESS _IOW('t', 77, struct ppp_option_data) -#define PPPIOCGNPMODE _IOWR('t', 76, struct npioctl) /* get NP mode */ -#define PPPIOCSNPMODE _IOW('t', 75, struct npioctl) /* set NP mode */ -#define PPPIOCSPASS _IOW('t', 71, struct sock_fprog) /* set pass filter */ -#define PPPIOCSACTIVE _IOW('t', 70, struct sock_fprog) /* set active filt */ -#define PPPIOCGDEBUG _IOR('t', 65, int) /* Read debug level */ -#define PPPIOCSDEBUG _IOW('t', 64, int) /* Set debug level */ -#define PPPIOCGIDLE _IOR('t', 63, struct ppp_idle) /* get idle time */ -#define PPPIOCNEWUNIT _IOWR('t', 62, int) /* create new ppp unit */ -#define PPPIOCATTACH _IOW('t', 61, int) /* attach to ppp unit */ -#define PPPIOCDETACH _IOW('t', 60, int) /* detach from ppp unit/chan */ -#define PPPIOCSMRRU _IOW('t', 59, int) /* set multilink MRU */ -#define PPPIOCCONNECT _IOW('t', 58, int) /* connect channel to unit */ -#define PPPIOCDISCONN _IO('t', 57) /* disconnect channel */ -#define PPPIOCATTCHAN _IOW('t', 56, int) /* attach to ppp channel */ -#define PPPIOCGCHAN _IOR('t', 55, int) /* get ppp channel number */ - -#define SIOCGPPPSTATS (SIOCDEVPRIVATE + 0) -#define SIOCGPPPVER (SIOCDEVPRIVATE + 1) /* NEVER change this!! */ -#define SIOCGPPPCSTATS (SIOCDEVPRIVATE + 2) - -#if !defined(ifr_mtu) -#define ifr_mtu ifr_ifru.ifru_metric -#endif - -#endif /* _IF_PPP_H_ */ diff --git a/include/linux/ppp-comp.h b/include/linux/ppp-comp.h index d30cacb..8758e34 100644 --- a/include/linux/ppp-comp.h +++ b/include/linux/ppp-comp.h @@ -1,7 +1,7 @@ /* * ppp-comp.h - Definitions for doing PPP packet compression. * - * Copyright (c) 1984 Paul Mackerras. All rights reserved. + * Copyright (c) 1994 Paul Mackerras. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -22,7 +22,7 @@ * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Paul Mackerras - * ". + * ". * * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY diff --git a/include/linux/ppp_defs.h b/include/linux/ppp_defs.h index ef4232b..807d681 100644 --- a/include/linux/ppp_defs.h +++ b/include/linux/ppp_defs.h @@ -3,7 +3,7 @@ /* * ppp_defs.h - PPP definitions. * - * Copyright (c) 1989-2002 Paul Mackerras. All rights reserved. + * Copyright (c) 1994-2002 Paul Mackerras. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -24,7 +24,7 @@ * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Paul Mackerras - * ". + * ". * * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY diff --git a/include/net/if_ppp.h b/include/net/if_ppp.h deleted file mode 100644 index 1beb470..0000000 --- a/include/net/if_ppp.h +++ /dev/null @@ -1,156 +0,0 @@ -/* $Id: if_ppp.h,v 1.19 2002/12/06 09:49:15 paulus Exp $ */ - -/* - * if_ppp.h - Point-to-Point Protocol definitions. - * - * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The name "Carnegie Mellon University" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For permission or any legal - * details, please contact - * Office of Technology Transfer - * Carnegie Mellon University - * 5000 Forbes Avenue - * Pittsburgh, PA 15213-3890 - * (412) 268-4387, fax: (412) 268-7395 - * tech-transfer@andrew.cmu.edu - * - * 4. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Computing Services - * at Carnegie Mellon University (http://www.cmu.edu/computing/)." - * - * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE - * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef _IF_PPP_H_ -#define _IF_PPP_H_ - -/* - * Bit definitions for flags. - */ -#define SC_COMP_PROT 0x00000001 /* protocol compression (output) */ -#define SC_COMP_AC 0x00000002 /* header compression (output) */ -#define SC_COMP_TCP 0x00000004 /* TCP (VJ) compression (output) */ -#define SC_NO_TCP_CCID 0x00000008 /* disable VJ connection-id comp. */ -#define SC_REJ_COMP_AC 0x00000010 /* reject adrs/ctrl comp. on input */ -#define SC_REJ_COMP_TCP 0x00000020 /* reject TCP (VJ) comp. on input */ -#define SC_CCP_OPEN 0x00000040 /* Look at CCP packets */ -#define SC_CCP_UP 0x00000080 /* May send/recv compressed packets */ -#define SC_DEBUG 0x00010000 /* enable debug messages */ -#define SC_LOG_INPKT 0x00020000 /* log contents of good pkts recvd */ -#define SC_LOG_OUTPKT 0x00040000 /* log contents of pkts sent */ -#define SC_LOG_RAWIN 0x00080000 /* log all chars received */ -#define SC_LOG_FLUSH 0x00100000 /* log all chars flushed */ -#define SC_RCV_B7_0 0x01000000 /* have rcvd char with bit 7 = 0 */ -#define SC_RCV_B7_1 0x02000000 /* have rcvd char with bit 7 = 1 */ -#define SC_RCV_EVNP 0x04000000 /* have rcvd char with even parity */ -#define SC_RCV_ODDP 0x08000000 /* have rcvd char with odd parity */ -#define SC_SYNC 0x00200000 /* use synchronous HDLC framing */ -#define SC_MASK 0x0fff00ff /* bits that user can change */ - -/* - * State bits in sc_flags, not changeable by user. - */ -#define SC_TIMEOUT 0x00000400 /* timeout is currently pending */ -#define SC_VJ_RESET 0x00000800 /* need to reset VJ decomp */ -#define SC_COMP_RUN 0x00001000 /* compressor has been inited */ -#define SC_DECOMP_RUN 0x00002000 /* decompressor has been inited */ -#define SC_DC_ERROR 0x00004000 /* non-fatal decomp error detected */ -#define SC_DC_FERROR 0x00008000 /* fatal decomp error detected */ -#define SC_TBUSY 0x10000000 /* xmitter doesn't need a packet yet */ -#define SC_PKTLOST 0x20000000 /* have lost or dropped a packet */ -#define SC_FLUSH 0x40000000 /* flush input until next PPP_FLAG */ -#define SC_ESCAPED 0x80000000 /* saw a PPP_ESCAPE */ - -/* - * Ioctl definitions. - */ - -struct npioctl { - int protocol; /* PPP procotol, e.g. PPP_IP */ - enum NPmode mode; -}; - -/* Structure describing a CCP configuration option, for PPPIOCSCOMPRESS */ -struct ppp_option_data { - u_char *ptr; - u_int length; - int transmit; -}; - -struct ifpppstatsreq { - char ifr_name[IFNAMSIZ]; - struct ppp_stats stats; -}; - -struct ifpppcstatsreq { - char ifr_name[IFNAMSIZ]; - struct ppp_comp_stats stats; -}; - -/* - * Ioctl definitions. - */ - -#define PPPIOCGFLAGS _IOR('t', 90, int) /* get configuration flags */ -#define PPPIOCSFLAGS _IOW('t', 89, int) /* set configuration flags */ -#define PPPIOCGASYNCMAP _IOR('t', 88, int) /* get async map */ -#define PPPIOCSASYNCMAP _IOW('t', 87, int) /* set async map */ -#define PPPIOCGUNIT _IOR('t', 86, int) /* get ppp unit number */ -#define PPPIOCGRASYNCMAP _IOR('t', 85, int) /* get receive async map */ -#define PPPIOCSRASYNCMAP _IOW('t', 84, int) /* set receive async map */ -#define PPPIOCGMRU _IOR('t', 83, int) /* get max receive unit */ -#define PPPIOCSMRU _IOW('t', 82, int) /* set max receive unit */ -#define PPPIOCSMAXCID _IOW('t', 81, int) /* set VJ max slot ID */ -#define PPPIOCGXASYNCMAP _IOR('t', 80, ext_accm) /* get extended ACCM */ -#define PPPIOCSXASYNCMAP _IOW('t', 79, ext_accm) /* set extended ACCM */ -#define PPPIOCXFERUNIT _IO('t', 78) /* transfer PPP unit */ -#define PPPIOCSCOMPRESS _IOW('t', 77, struct ppp_option_data) -#define PPPIOCGNPMODE _IOWR('t', 76, struct npioctl) /* get NP mode */ -#define PPPIOCSNPMODE _IOW('t', 75, struct npioctl) /* set NP mode */ -#define PPPIOCGIDLE _IOR('t', 74, struct ppp_idle) /* get idle time */ -#ifdef PPP_WITH_FILTER -#define PPPIOCSPASS _IOW('t', 71, struct bpf_program) /* set pass filter */ -#define PPPIOCSACTIVE _IOW('t', 70, struct bpf_program) /* set active filt */ -#endif /* PPP_WITH_FILTER */ - -/* PPPIOC[GS]MTU are alternatives to SIOC[GS]IFMTU, used under Ultrix */ -#define PPPIOCGMTU _IOR('t', 73, int) /* get interface MTU */ -#define PPPIOCSMTU _IOW('t', 72, int) /* set interface MTU */ - -/* - * These two are interface ioctls so that pppstats can do them on - * a socket without having to open the serial device. - */ -#define SIOCGPPPSTATS _IOWR('i', 123, struct ifpppstatsreq) -#define SIOCGPPPCSTATS _IOWR('i', 122, struct ifpppcstatsreq) - -#if !defined(ifr_mtu) -#define ifr_mtu ifr_ifru.ifru_metric -#endif - -#if (defined(_KERNEL) || defined(KERNEL)) && !defined(NeXT) -void pppattach(void); -void pppintr(void); -#endif -#endif /* _IF_PPP_H_ */ diff --git a/include/net/ppp-comp.h b/include/net/ppp-comp.h index b09ef71..c9a0304 100644 --- a/include/net/ppp-comp.h +++ b/include/net/ppp-comp.h @@ -1,7 +1,7 @@ /* * ppp-comp.h - Definitions for doing PPP packet compression. * - * Copyright (c) 1984 Paul Mackerras. All rights reserved. + * Copyright (c) 1994 Paul Mackerras. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -22,7 +22,7 @@ * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Paul Mackerras - * ". + * ". * * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY diff --git a/include/net/ppp_defs.h b/include/net/ppp_defs.h index a5112b3..07a0b5c 100644 --- a/include/net/ppp_defs.h +++ b/include/net/ppp_defs.h @@ -3,7 +3,7 @@ /* * ppp_defs.h - PPP definitions. * - * Copyright (c) 1984 Paul Mackerras. All rights reserved. + * Copyright (c) 1994 Paul Mackerras. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -24,7 +24,7 @@ * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Paul Mackerras - * ". + * ". * * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY diff --git a/include/net/pppio.h b/include/net/pppio.h index 54cfe44..9bfc17a 100644 --- a/include/net/pppio.h +++ b/include/net/pppio.h @@ -22,7 +22,7 @@ * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Paul Mackerras - * ". + * ". * * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY diff --git a/include/net/slcompress.h b/include/net/slcompress.h deleted file mode 100644 index 3712a1a..0000000 --- a/include/net/slcompress.h +++ /dev/null @@ -1,148 +0,0 @@ -/* - * Definitions for tcp compression routines. - * - * $Id: slcompress.h,v 1.4 1994/09/21 06:50:08 paulus Exp $ - * - * Copyright (c) 1989 Regents of the University of California. - * All rights reserved. - * - * Redistribution and use in source and binary forms are permitted - * provided that the above copyright notice and this paragraph are - * duplicated in all such forms and that any documentation, - * advertising materials, and other materials related to such - * distribution and use acknowledge that the software was developed - * by the University of California, Berkeley. The name of the - * University may not be used to endorse or promote products derived - * from this software without specific prior written permission. - * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR - * IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED - * WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. - * - * Van Jacobson (van@helios.ee.lbl.gov), Dec 31, 1989: - * - Initial distribution. - */ - -#ifndef _SLCOMPRESS_H_ -#define _SLCOMPRESS_H_ - -#define MAX_STATES 16 /* must be > 2 and < 256 */ -#define MAX_HDR MLEN /* XXX 4bsd-ism: should really be 128 */ - -/* - * Compressed packet format: - * - * The first octet contains the packet type (top 3 bits), TCP - * 'push' bit, and flags that indicate which of the 4 TCP sequence - * numbers have changed (bottom 5 bits). The next octet is a - * conversation number that associates a saved IP/TCP header with - * the compressed packet. The next two octets are the TCP checksum - * from the original datagram. The next 0 to 15 octets are - * sequence number changes, one change per bit set in the header - * (there may be no changes and there are two special cases where - * the receiver implicitly knows what changed -- see below). - * - * There are 5 numbers which can change (they are always inserted - * in the following order): TCP urgent pointer, window, - * acknowlegement, sequence number and IP ID. (The urgent pointer - * is different from the others in that its value is sent, not the - * change in value.) Since typical use of SLIP links is biased - * toward small packets (see comments on MTU/MSS below), changes - * use a variable length coding with one octet for numbers in the - * range 1 - 255 and 3 octets (0, MSB, LSB) for numbers in the - * range 256 - 65535 or 0. (If the change in sequence number or - * ack is more than 65535, an uncompressed packet is sent.) - */ - -/* - * Packet types (must not conflict with IP protocol version) - * - * The top nibble of the first octet is the packet type. There are - * three possible types: IP (not proto TCP or tcp with one of the - * control flags set); uncompressed TCP (a normal IP/TCP packet but - * with the 8-bit protocol field replaced by an 8-bit connection id -- - * this type of packet syncs the sender & receiver); and compressed - * TCP (described above). - * - * LSB of 4-bit field is TCP "PUSH" bit (a worthless anachronism) and - * is logically part of the 4-bit "changes" field that follows. Top - * three bits are actual packet type. For backward compatibility - * and in the interest of conserving bits, numbers are chosen so the - * IP protocol version number (4) which normally appears in this nibble - * means "IP packet". - */ - -/* packet types */ -#define TYPE_IP 0x40 -#define TYPE_UNCOMPRESSED_TCP 0x70 -#define TYPE_COMPRESSED_TCP 0x80 -#define TYPE_ERROR 0x00 - -/* Bits in first octet of compressed packet */ -#define NEW_C 0x40 /* flag bits for what changed in a packet */ -#define NEW_I 0x20 -#define NEW_S 0x08 -#define NEW_A 0x04 -#define NEW_W 0x02 -#define NEW_U 0x01 - -/* reserved, special-case values of above */ -#define SPECIAL_I (NEW_S|NEW_W|NEW_U) /* echoed interactive traffic */ -#define SPECIAL_D (NEW_S|NEW_A|NEW_W|NEW_U) /* unidirectional data */ -#define SPECIALS_MASK (NEW_S|NEW_A|NEW_W|NEW_U) - -#define TCP_PUSH_BIT 0x10 - - -/* - * "state" data for each active tcp conversation on the wire. This is - * basically a copy of the entire IP/TCP header from the last packet - * we saw from the conversation together with a small identifier - * the transmit & receive ends of the line use to locate saved header. - */ -struct cstate { - struct cstate *cs_next; /* next most recently used cstate (xmit only) */ - u_short cs_hlen; /* size of hdr (receive only) */ - u_char cs_id; /* connection # associated with this state */ - u_char cs_filler; - union { - char csu_hdr[MAX_HDR]; - struct ip csu_ip; /* ip/tcp hdr from most recent packet */ - } slcs_u; -}; -#define cs_ip slcs_u.csu_ip -#define cs_hdr slcs_u.csu_hdr - -/* - * all the state data for one serial line (we need one of these - * per line). - */ -struct slcompress { - struct cstate *last_cs; /* most recently used tstate */ - u_char last_recv; /* last rcvd conn. id */ - u_char last_xmit; /* last sent conn. id */ - u_short flags; -#ifndef SL_NO_STATS - int sls_packets; /* outbound packets */ - int sls_compressed; /* outbound compressed packets */ - int sls_searches; /* searches for connection state */ - int sls_misses; /* times couldn't find conn. state */ - int sls_uncompressedin; /* inbound uncompressed packets */ - int sls_compressedin; /* inbound compressed packets */ - int sls_errorin; /* inbound unknown type packets */ - int sls_tossed; /* inbound packets tossed because of error */ -#endif - struct cstate tstate[MAX_STATES]; /* xmit connection states */ - struct cstate rstate[MAX_STATES]; /* receive connection states */ -}; -/* flag values */ -#define SLF_TOSS 1 /* tossing rcvd frames because of input err */ - -void sl_compress_init(struct slcompress *); -void sl_compress_setup(struct slcompress *, int); -u_int sl_compress_tcp(struct mbuf *, - struct ip *, struct slcompress *, int); -int sl_uncompress_tcp(u_char **, int, u_int, struct slcompress *); -int sl_uncompress_tcp_core(u_char *, int, int, u_int, - struct slcompress *, u_char **, u_int *); - -#endif /* _SLCOMPRESS_H_ */ diff --git a/m4/ax_check_openssl.m4 b/m4/ax_check_openssl.m4 index 8ae39ca..de8c524 100644 --- a/m4/ax_check_openssl.m4 +++ b/m4/ax_check_openssl.m4 @@ -55,6 +55,20 @@ AC_DEFUN([AX_CHECK_OPENSSL], [ ]) AS_IF([test "${with_openssl}" != "no"], [ + # if pkg-config is installed and openssl has installed a .pc file, + # then use that information and don't search ssldirs + AC_PATH_PROG([PKG_CONFIG], [pkg-config]) + if test x"$PKG_CONFIG" != x""; then + OPENSSL_LDFLAGS=`$PKG_CONFIG openssl --libs-only-L 2>/dev/null` + if test $? = 0; then + OPENSSL_LIBS=`$PKG_CONFIG openssl --libs-only-l 2>/dev/null` + OPENSSL_INCLUDES=`$PKG_CONFIG openssl --cflags-only-I 2>/dev/null` + found=true + fi + fi + ]) + + AS_IF([test "${with_openssl}" != "no" && test "${found}" != "true"], [ OPENSSL_INCLUDES= for ssldir in $ssldirs; do AC_MSG_CHECKING([for openssl/ssl.h in $ssldir]) @@ -69,22 +83,8 @@ AC_DEFUN([AX_CHECK_OPENSSL], [ AC_MSG_RESULT([no]) ]) done]) - - AS_IF([test "${with_openssl}" != "no" && test ! ${found}], [ - # if pkg-config is installed and openssl has installed a .pc file, - # then use that information and don't search ssldirs - AC_PATH_PROG([PKG_CONFIG], [pkg-config]) - if test x"$PKG_CONFIG" != x""; then - OPENSSL_LDFLAGS=`$PKG_CONFIG openssl --libs-only-L 2>/dev/null` - if test $? = 0; then - OPENSSL_LIBS=`$PKG_CONFIG openssl --libs-only-l 2>/dev/null` - OPENSSL_INCLUDES=`$PKG_CONFIG openssl --cflags-only-I 2>/dev/null` - found=true - fi - fi - ]) - AS_IF([test "${with_openssl}" != "no" && test ${found}], [ + AS_IF([test "${with_openssl}" != "no" && test "${found}" = "true" ], [ # try the preprocessor and linker with our new flags, # being careful not to pollute the global LIBS, LDFLAGS, and CPPFLAGS diff --git a/modules/deflate.c b/modules/deflate.c index 2702326..0a7f9d8 100644 --- a/modules/deflate.c +++ b/modules/deflate.c @@ -25,7 +25,7 @@ * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Paul Mackerras - * ". + * ". * * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY diff --git a/modules/if_ppp.c b/modules/if_ppp.c index e150923..e1facbd 100644 --- a/modules/if_ppp.c +++ b/modules/if_ppp.c @@ -22,7 +22,7 @@ * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Paul Mackerras - * ". + * ". * * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY diff --git a/modules/ppp.c b/modules/ppp.c index f5fb71f..2e8e020 100644 --- a/modules/ppp.c +++ b/modules/ppp.c @@ -22,7 +22,7 @@ * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Paul Mackerras - * ". + * ". * * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY diff --git a/modules/ppp_ahdlc.c b/modules/ppp_ahdlc.c index 68e0907..83ade6f 100644 --- a/modules/ppp_ahdlc.c +++ b/modules/ppp_ahdlc.c @@ -39,7 +39,7 @@ * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Paul Mackerras - * ". + * ". * * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY diff --git a/modules/ppp_comp.c b/modules/ppp_comp.c index 9e204d9..75b74bc 100644 --- a/modules/ppp_comp.c +++ b/modules/ppp_comp.c @@ -22,7 +22,7 @@ * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Paul Mackerras - * ". + * ". * * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY diff --git a/pppd/.gitignore b/pppd/.gitignore index 5666003..895bf37 100644 --- a/pppd/.gitignore +++ b/pppd/.gitignore @@ -1 +1,2 @@ pppd +srp-entry diff --git a/pppd/Makefile.am b/pppd/Makefile.am index 7dc6cdd..65880ab 100644 --- a/pppd/Makefile.am +++ b/pppd/Makefile.am @@ -2,7 +2,7 @@ sbin_PROGRAMS = pppd dist_man8_MANS = pppd.8 check_PROGRAMS = -utest_chap_SOURCES = chap_ms.c pppcrypt.c utils.c +utest_chap_SOURCES = chap_ms.c utils.c crypto_ms.c utest_chap_CPPFLAGS = -DUNIT_TEST utest_chap_LDFLAGS = @@ -10,6 +10,22 @@ utest_peap_SOURCES = peap.c utils.c mppe.c utest_peap_CPPFLAGS = -DUNIT_TEST utest_peap_LDFLAGS = +utest_crypto_SOURCES = crypto.c +utest_crypto_CPPFLAGS = -DUNIT_TEST +utest_crypto_LDFLAGS = + +utest_pppcrypt_SOURCES = crypto_ms.c +utest_pppcrypt_CPPFLAGS = -DUNIT_TEST_MSCRYPTO +utest_pppcrypt_LDFLAGS = + +check_PROGRAMS += utest_crypto + +utest_utils_SOURCES = utils.c utils_utest.c +utest_utils_CPPFLAGS = -DUNIT_TEST +utest_utils_LDFLAGS = + +check_PROGRAMS += utest_utils + if WITH_SRP sbin_PROGRAMS += srp-entry dist_man8_MANS += srp-entry.8 @@ -22,11 +38,11 @@ pppd_includedir = $(includedir)/pppd pppd_include_HEADERS = \ cbcp.h \ ccp.h \ - chap-md5.h \ + chap.h \ chap_ms.h \ - chap-new.h \ + crypto.h \ + crypto_ms.h \ eap.h \ - eap-tls.h \ ecp.h \ eui64.h \ fsm.h \ @@ -34,26 +50,31 @@ pppd_include_HEADERS = \ ipv6cp.h \ lcp.h \ magic.h \ - md4.h \ - md5.h \ mppe.h \ - pathnames.h \ - peap.h \ - pppcrypt.h \ + multilink.h \ pppd.h \ + options.h \ pppdconf.h \ session.h \ - sha1.h \ + upap.h + +# Headers to be distributed, but not installed in /usr/include/pppd +noinst_HEADERS = \ + chap-md5.h \ + crypto-priv.h \ + eap-tls.h \ + pathnames.h \ + peap.h \ + pppd-private.h \ spinlock.h \ tls.h \ - tdb.h \ - upap.h + tdb.h pppd_SOURCES = \ auth.c \ ccp.c \ chap-md5.c \ - chap-new.c \ + chap.c \ demand.c \ eap.c \ ecp.c \ @@ -68,12 +89,17 @@ pppd_SOURCES = \ upap.c \ utils.c -pppd_CPPFLAGS = -DPPPD_RUNTIME_DIR='"@PPPD_RUNTIME_DIR@"' -DPPPD_LOGFILE_DIR='"@PPPD_LOGFILE_DIR@"' +pppd_CPPFLAGS = -DSYSCONFDIR=\"${sysconfdir}\" -DPPPD_RUNTIME_DIR='"@PPPD_RUNTIME_DIR@"' -DPPPD_LOGFILE_DIR='"@PPPD_LOGFILE_DIR@"' pppd_LDFLAGS = pppd_LIBS = +if PPP_WITH_SYSTEM_CA_PATH +pppd_CPPFLAGS += -DSYSTEM_CA_PATH='"@SYSTEM_CA_PATH@"' +endif + if LINUX -pppd_SOURCES += sys-linux.c termios_linux.h +pppd_SOURCES += sys-linux.c +noinst_HEADERS += termios_linux.h pppd_LIBS += $(CRYPT_LIBS) $(UTIL_LIBS) endif @@ -84,12 +110,13 @@ pppd_LIBS += -lsocket -lnsl endif if PPP_WITH_CHAPMS -pppd_SOURCES += chap_ms.c -pppd_SOURCES += pppcrypt.c +pppd_SOURCES += chap_ms.c crypto_ms.c check_PROGRAMS += utest_chap +check_PROGRAMS += utest_pppcrypt else if WITH_SRP -pppd_SOURCES += pppcrypt.c +pppd_SOURCES += crypto_ms.c +check_PROGRAMS += utest_pppcrypt endif endif @@ -146,29 +173,23 @@ pppd_SOURCES += peap.c check_PROGRAMS += utest_peap endif -noinst_LTLIBRARIES = libppp_crypt.la -libppp_crypt_la_SOURCES= +noinst_LTLIBRARIES = libppp_crypto.la +libppp_crypto_la_SOURCES=crypto.c ppp-md5.c ppp-md4.c ppp-sha1.c ppp-des.c -if !WITH_OPENSSL -libppp_crypt_la_SOURCES += md4.c md5.c sha1.c -else -libppp_crypt_la_CPPFLAGS=$(OPENSSL_INCLUDES) -libppp_crypt_la_LDFLAGS=$(OPENSSL_LDFLAGS) -libppp_crypt_la_LIBADD=$(OPENSSL_LIBS) -if !OPENSSL_HAVE_SHA -libppp_crypt_la_SOURCES += sha1.c -endif -if !OPENSSL_HAVE_MD5 -libppp_crypt_la_SOURCES += md5.c -endif -if !OPENSSL_HAVE_MD4 -libppp_crypt_la_SOURCES += md4.c -endif +if PPP_WITH_OPENSSL +pppd_CPPFLAGS += $(OPENSSL_INCLUDES) + +libppp_crypto_la_CPPFLAGS=$(OPENSSL_INCLUDES) +libppp_crypto_la_LDFLAGS=$(OPENSSL_LDFLAGS) +libppp_crypto_la_LIBADD=$(OPENSSL_LIBS) endif -utest_peap_LDADD = libppp_crypt.la -utest_chap_LDADD = libppp_crypt.la -pppd_LIBS += libppp_crypt.la +utest_peap_LDADD = libppp_crypto.la +utest_chap_LDADD = libppp_crypto.la +utest_crypto_LDADD = libppp_crypto.la +utest_pppcrypt_LDADD = libppp_crypto.la + +pppd_LIBS += libppp_crypto.la if WITH_SYSTEMD pppd_CPPFLAGS += $(SYSTEMD_CFLAGS) diff --git a/pppd/auth.c b/pppd/auth.c index fc28390..ecd30ba 100644 --- a/pppd/auth.c +++ b/pppd/auth.c @@ -17,7 +17,7 @@ * 3. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Paul Mackerras - * ". + * ". * * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY @@ -113,14 +113,15 @@ #include #endif -#include "pppd.h" +#include "pppd-private.h" +#include "options.h" #include "fsm.h" #include "lcp.h" #include "ccp.h" #include "ecp.h" #include "ipcp.h" #include "upap.h" -#include "chap-new.h" +#include "chap.h" #include "eap.h" #ifdef PPP_WITH_EAPTLS #include "eap-tls.h" @@ -128,6 +129,7 @@ #ifdef PPP_WITH_CBCP #include "cbcp.h" #endif +#include "multilink.h" #include "pathnames.h" #include "session.h" @@ -179,28 +181,26 @@ static bool default_auth; int (*idle_time_hook)(struct ppp_idle *) = NULL; /* Hook for a plugin to say whether we can possibly authenticate any peer */ -int (*pap_check_hook)(void) = NULL; +pap_check_hook_fn *pap_check_hook = NULL; /* Hook for a plugin to check the PAP user and password */ -int (*pap_auth_hook)(char *user, char *passwd, char **msgp, - struct wordlist **paddrs, - struct wordlist **popts) = NULL; +pap_auth_hook_fn *pap_auth_hook = NULL; /* Hook for a plugin to know about the PAP user logout */ -void (*pap_logout_hook)(void) = NULL; +pap_logout_hook_fn *pap_logout_hook = NULL; /* Hook for a plugin to get the PAP password for authenticating us */ -int (*pap_passwd_hook)(char *user, char *passwd) = NULL; +pap_passwd_hook_fn *pap_passwd_hook = NULL; /* Hook for a plugin to say if we can possibly authenticate a peer using CHAP */ -int (*chap_check_hook)(void) = NULL; +chap_check_hook_fn *chap_check_hook = NULL; /* Hook for a plugin to get the CHAP password for authenticating us */ -int (*chap_passwd_hook)(char *user, char *passwd) = NULL; +chap_passwd_hook_fn *chap_passwd_hook = NULL; #ifdef PPP_WITH_EAPTLS /* Hook for a plugin to get the EAP-TLS password for authenticating us */ -int (*eaptls_passwd_hook)(char *user, char *passwd) = NULL; +eaptls_passwd_hook_fn *eaptls_passwd_hook = NULL; #endif /* Hook for a plugin to say whether it is OK if the peer @@ -210,11 +210,6 @@ int (*null_auth_hook)(struct wordlist **paddrs, int (*allowed_address_hook)(u_int32_t addr) = NULL; -#ifdef PPP_WITH_MULTILINK -/* Hook for plugin to hear when an interface joins a multilink bundle */ -void (*multilink_join_hook)(void) = NULL; -#endif - /* A notifier for when the peer has authenticated itself, and we are proceeding to the network phase. */ struct notifier *auth_up_notifier = NULL; @@ -322,7 +317,7 @@ static void check_maxoctets (void *); /* * Authentication-related options. */ -option_t auth_options[] = { +struct option auth_options[] = { { "auth", o_bool, &auth_required, "Require authentication from peer", OPT_PRIO | 1 }, { "noauth", o_bool, &auth_required, @@ -469,6 +464,36 @@ option_t auth_options[] = { { NULL } }; +const char * +ppp_remote_name() +{ + return remote_name; +} + +const char * +ppp_get_remote_number(void) +{ + return remote_number; +} + +void +ppp_set_remote_number(const char *buf) +{ + if (buf) { + strlcpy(remote_number, buf, sizeof(remote_number)); + } +} + +const char * +ppp_peer_authname(char *buf, size_t bufsz) +{ + if (buf && bufsz > 0) { + strlcpy(buf, peer_authname, bufsz); + return buf; + } + return peer_authname; +} + /* * setupapfile - specifies UPAP info for authenticating with peer. */ @@ -489,7 +514,7 @@ setupapfile(char **argv) novm("+ua file name"); euid = geteuid(); if (seteuid(getuid()) == -1) { - option_error("unable to reset uid before opening %s: %m", fname); + ppp_option_error("unable to reset uid before opening %s: %m", fname); free(fname); return 0; } @@ -497,7 +522,7 @@ setupapfile(char **argv) if (seteuid(euid) == -1) fatal("unable to regain privileges: %m"); if (ufile == NULL) { - option_error("unable to open user login data file %s", fname); + ppp_option_error("unable to open user login data file %s", fname); free(fname); return 0; } @@ -508,7 +533,7 @@ setupapfile(char **argv) if (fgets(u, MAXNAMELEN - 1, ufile) == NULL || fgets(p, MAXSECRETLEN - 1, ufile) == NULL) { fclose(ufile); - option_error("unable to read user login data file %s", fname); + ppp_option_error("unable to read user login data file %s", fname); free(fname); return 0; } @@ -547,7 +572,7 @@ privgroup(char **argv) g = getgrnam(*argv); if (g == 0) { - option_error("group %s is unknown", *argv); + ppp_option_error("group %s is unknown", *argv); return 0; } for (i = 0; i < ngroups; ++i) { @@ -616,7 +641,7 @@ link_required(int unit) */ void start_link(int unit) { - status = EXIT_CONNECT_FAILED; + ppp_set_status(EXIT_CONNECT_FAILED); new_phase(PHASE_SERIALCONN); hungup = 0; @@ -634,7 +659,7 @@ void start_link(int unit) */ fd_ppp = the_channel->establish_ppp(devfd); if (fd_ppp < 0) { - status = EXIT_FATAL_ERROR; + ppp_set_status(EXIT_FATAL_ERROR); goto disconnect; } @@ -646,12 +671,12 @@ void start_link(int unit) * incoming events (reply, timeout, etc.). */ if (ifunit >= 0) - notice("Connect: %s <--> %s", ifname, ppp_devnam); + notice("Connect: %s <--> %s", ifname, ppp_devname); else - notice("Starting negotiation on %s", ppp_devnam); + notice("Starting negotiation on %s", ppp_devname); add_fd(fd_ppp); - status = EXIT_NEGOTIATION_FAILED; + ppp_set_status(EXIT_NEGOTIATION_FAILED); new_phase(PHASE_ESTABLISH); lcp_lowerup(0); @@ -675,7 +700,7 @@ void start_link(int unit) void link_terminated(int unit) { - if (phase == PHASE_DEAD || phase == PHASE_MASTER) + if (in_phase(PHASE_DEAD) || in_phase(PHASE_MASTER)) return; new_phase(PHASE_DISCONNECT); @@ -684,7 +709,7 @@ link_terminated(int unit) } session_end(devnam); - if (!doing_multilink) { + if (!mp_on()) { notice("Connection terminated."); print_link_stats(); } else @@ -695,9 +720,8 @@ link_terminated(int unit) * can happen that another pppd gets the same unit and then * we delete its pid file. */ - if (!doing_multilink && !demand) + if (!demand && !mp_on()) remove_pidfiles(); - /* * If we may want to bring the link up again, transfer * the ppp unit back to the loopback. Set the @@ -707,14 +731,14 @@ link_terminated(int unit) remove_fd(fd_ppp); clean_check(); the_channel->disestablish_ppp(devfd); - if (doing_multilink) + if (mp_on()) mp_exit_bundle(); fd_ppp = -1; } if (!hungup) lcp_lowerdown(0); - if (!doing_multilink && !demand) - script_unsetenv("IFNAME"); + if (!mp_on() && !demand) + ppp_script_unsetenv("IFNAME"); /* * Run disconnector script, if requested. @@ -727,7 +751,7 @@ link_terminated(int unit) if (the_channel->cleanup) (*the_channel->cleanup)(); - if (doing_multilink && multilink_master) { + if (mp_on() && mp_master()) { if (!bundle_terminating) { new_phase(PHASE_MASTER); if (master_detach && !detached) @@ -748,14 +772,15 @@ link_down(int unit) notify(link_down_notifier, 0); auth_state = s_down; if (auth_script_state == s_up && auth_script_pid == 0) { - update_link_stats(unit); + ppp_get_link_stats(NULL); auth_script_state = s_down; - auth_script(_PATH_AUTHDOWN); + auth_script(PPP_PATH_AUTHDOWN); } } - if (!doing_multilink) { + if (!mp_on()) + { upper_layers_down(unit); - if (phase != PHASE_DEAD && phase != PHASE_MASTER) + if (!in_phase(PHASE_DEAD) && !in_phase(PHASE_MASTER)) new_phase(PHASE_ESTABLISH); } /* XXX if doing_multilink, should do something to stop @@ -799,13 +824,11 @@ link_established(int unit) /* * Tell higher-level protocols that LCP is up. */ - if (!doing_multilink) { + if (!mp_on()) for (i = 0; (protp = protocols[i]) != NULL; ++i) if (protp->protocol != PPP_LCP && protp->enabled_flag && protp->lowerup != NULL) (*protp->lowerup)(unit); - } - if (!auth_required && noauth_addrs != NULL) set_allowed_addrs(unit, NULL, NULL); @@ -821,7 +844,7 @@ link_established(int unit) set_allowed_addrs(unit, NULL, NULL); } else if (!wo->neg_upap || uselogin || !null_login(unit)) { warn("peer refused to authenticate: terminating link"); - status = EXIT_PEER_AUTH_FAILED; + ppp_set_status(EXIT_PEER_AUTH_FAILED); lcp_close(unit, "peer refused to authenticate"); return; } @@ -831,14 +854,14 @@ link_established(int unit) if (need_peer_eap && !ao->neg_eap) { warn("eap required to authenticate us but no suitable secrets"); lcp_close(unit, "couldn't negotiate eap"); - status = EXIT_AUTH_TOPEER_FAILED; + ppp_set_status(EXIT_AUTH_TOPEER_FAILED); return; } if (need_peer_eap && !ho->neg_eap) { warn("peer doesn't want to authenticate us with eap"); lcp_close(unit, "couldn't negotiate eap"); - status = EXIT_PEER_AUTH_FAILED; + ppp_set_status(EXIT_PEER_AUTH_FAILED); return; } #endif @@ -899,7 +922,7 @@ network_phase(int unit) auth_state = s_up; if (auth_script_state == s_down && auth_script_pid == 0) { auth_script_state = s_up; - auth_script(_PATH_AUTHUP); + auth_script(PPP_PATH_AUTHUP); } } @@ -996,7 +1019,7 @@ auth_peer_fail(int unit, int protocol) /* * Authentication failure: take the link down */ - status = EXIT_PEER_AUTH_FAILED; + ppp_set_status(EXIT_PEER_AUTH_FAILED); lcp_close(unit, "Authentication failed"); } @@ -1044,7 +1067,7 @@ auth_peer_success(int unit, int protocol, int prot_flavor, namelen = sizeof(peer_authname) - 1; BCOPY(name, peer_authname, namelen); peer_authname[namelen] = 0; - script_setenv("PEERNAME", peer_authname, 0); + ppp_script_setenv("PEERNAME", peer_authname, 0); /* Save the authentication method for later. */ auth_done[unit] |= bit; @@ -1071,7 +1094,7 @@ auth_withpeer_fail(int unit, int protocol) * is no point in persisting without any way to get updated * authentication secrets. */ - status = EXIT_AUTH_TOPEER_FAILED; + ppp_set_status(EXIT_AUTH_TOPEER_FAILED); lcp_close(unit, "Failed to authenticate ourselves to peer"); } @@ -1143,14 +1166,14 @@ np_up(int unit, int proto) /* * At this point we consider that the link has come up successfully. */ - status = EXIT_OK; + ppp_set_status(EXIT_OK); unsuccess = 0; new_phase(PHASE_RUNNING); if (idle_time_hook != 0) tlim = (*idle_time_hook)(NULL); else - tlim = idle_time_limit; + tlim = ppp_get_max_idle_time(); if (tlim > 0) TIMEOUT(check_idle, NULL, tlim); @@ -1158,9 +1181,13 @@ np_up(int unit, int proto) * Set a timeout to close the connection once the maximum * connect time has expired. */ - if (maxconnect > 0) - TIMEOUT(connect_time_expired, 0, maxconnect); + if (ppp_get_max_connect_time() > 0) + TIMEOUT(connect_time_expired, 0, ppp_get_max_connect_time()); + /* + * Configure a check to see if session has outlived it's limit + * in terms of octets + */ if (maxoctets > 0) TIMEOUT(check_maxoctets, NULL, maxoctets_timeout); @@ -1206,33 +1233,41 @@ np_finished(int unit, int proto) } } +/* + * Periodic callback to check if session has reached its limit. The period defaults + * to 1 second and is configurable by setting "mo-timeout" in configuration + */ static void check_maxoctets(void *arg) { - unsigned int used; - - update_link_stats(ifunit); - link_stats_valid=0; - - switch(maxoctets_dir) { - case PPP_OCTETS_DIRECTION_IN: - used = link_stats.bytes_in; - break; - case PPP_OCTETS_DIRECTION_OUT: - used = link_stats.bytes_out; - break; - case PPP_OCTETS_DIRECTION_MAXOVERAL: - case PPP_OCTETS_DIRECTION_MAXSESSION: - used = (link_stats.bytes_in > link_stats.bytes_out) ? link_stats.bytes_in : link_stats.bytes_out; - break; - default: - used = link_stats.bytes_in+link_stats.bytes_out; - break; + unsigned int used = 0; + ppp_link_stats_st stats; + + if (ppp_get_link_stats(&stats)) { + switch(maxoctets_dir) { + case PPP_OCTETS_DIRECTION_IN: + used = stats.bytes_in; + break; + case PPP_OCTETS_DIRECTION_OUT: + used = stats.bytes_out; + break; + case PPP_OCTETS_DIRECTION_MAXOVERAL: + case PPP_OCTETS_DIRECTION_MAXSESSION: + used = (stats.bytes_in > stats.bytes_out) + ? stats.bytes_in + : stats.bytes_out; + break; + default: + used = stats.bytes_in+stats.bytes_out; + break; + } } + if (used > maxoctets) { notice("Traffic limit reached. Limit: %u Used: %u", maxoctets, used); - status = EXIT_TRAFFIC_LIMIT; + ppp_set_status(EXIT_TRAFFIC_LIMIT); lcp_close(0, "Traffic limit"); + link_stats_print = 0; need_holdoff = 0; } else { TIMEOUT(check_maxoctets, NULL, maxoctets_timeout); @@ -1256,12 +1291,12 @@ check_idle(void *arg) tlim = idle_time_hook(&idle); } else { itime = MIN(idle.xmit_idle, idle.recv_idle); - tlim = idle_time_limit - itime; + tlim = ppp_get_max_idle_time() - itime; } if (tlim <= 0) { /* link is idle: shut it down. */ notice("Terminating connection due to lack of activity."); - status = EXIT_IDLE_TIMEOUT; + ppp_set_status(EXIT_IDLE_TIMEOUT); lcp_close(0, "Link inactive"); need_holdoff = 0; } else { @@ -1276,7 +1311,7 @@ static void connect_time_expired(void *arg) { info("Connect time expired"); - status = EXIT_CONNECT_TIME; + ppp_set_status(EXIT_CONNECT_TIME); lcp_close(0, "Connect time expired"); /* Close connection */ } @@ -1292,12 +1327,20 @@ auth_check_options(void) /* Default our_name to hostname, and user to our_name */ if (our_name[0] == 0 || usehostname) - strlcpy(our_name, hostname, sizeof(our_name)); + strlcpy(our_name, hostname, sizeof(our_name)); + /* If a blank username was explicitly given as an option, trust the user and don't use our_name */ if (user[0] == 0 && !explicit_user) strlcpy(user, our_name, sizeof(user)); +#if defined(SYSTEM_CA_PATH) && (defined(PPP_WITH_EAPTLS) || defined(PPP_WITH_PEAP)) + /* Use system default for CA Path if not specified */ + if (!ca_path) { + ca_path = SYSTEM_CA_PATH; + } +#endif + /* * If we have a default route, require the peer to authenticate * unless the noauth option was given or the real user is root. @@ -1354,21 +1397,21 @@ auth_check_options(void) if (auth_required && !can_auth && noauth_addrs == NULL) { if (default_auth) { - option_error( + ppp_option_error( "By default the remote system is required to authenticate itself"); - option_error( + ppp_option_error( "(because this system has a default route to the internet)"); } else if (explicit_remote) - option_error( + ppp_option_error( "The remote system (%s) is required to authenticate itself", remote_name); else - option_error( + ppp_option_error( "The remote system is required to authenticate itself"); - option_error( + ppp_option_error( "but I couldn't find any suitable secret (password) for it to use to do so."); if (lacks_ip) - option_error( + ppp_option_error( "(None of the available passwords would let it use an IP address.)"); exit(1); @@ -1489,7 +1532,7 @@ check_passwd(int unit, * Open the file of pap secrets and scan for a suitable secret * for authenticating this user. */ - filename = _PATH_UPAPFILE; + filename = PPP_PATH_UPAPFILE; addrs = opts = NULL; ret = UPAP_AUTHNAK; f = fopen(filename, "r"); @@ -1590,7 +1633,7 @@ null_login(int unit) * Open the file of pap secrets and scan for a suitable secret. */ if (ret <= 0) { - filename = _PATH_UPAPFILE; + filename = PPP_PATH_UPAPFILE; addrs = NULL; f = fopen(filename, "r"); if (f == NULL) @@ -1637,7 +1680,7 @@ get_pap_passwd(char *passwd) return ret; } - filename = _PATH_UPAPFILE; + filename = PPP_PATH_UPAPFILE; f = fopen(filename, "r"); if (f == NULL) return 0; @@ -1674,7 +1717,7 @@ have_pap_secret(int *lacks_ipp) return ret; } - filename = _PATH_UPAPFILE; + filename = PPP_PATH_UPAPFILE; f = fopen(filename, "r"); if (f == NULL) return 0; @@ -1716,7 +1759,7 @@ have_chap_secret(char *client, char *server, } } - filename = _PATH_CHAPFILE; + filename = PPP_PATH_CHAPFILE; f = fopen(filename, "r"); if (f == NULL) return 0; @@ -1754,7 +1797,7 @@ have_srp_secret(char *client, char *server, int need_ip, int *lacks_ipp) char *filename; struct wordlist *addrs; - filename = _PATH_SRPFILE; + filename = PPP_PATH_SRPFILE; f = fopen(filename, "r"); if (f == NULL) return 0; @@ -1802,7 +1845,7 @@ get_secret(int unit, char *client, char *server, return 0; } } else { - filename = _PATH_CHAPFILE; + filename = PPP_PATH_CHAPFILE; addrs = NULL; secbuf[0] = 0; @@ -1856,7 +1899,7 @@ get_srp_secret(int unit, char *client, char *server, if (!am_server && passwd[0] != '\0') { strlcpy(secret, passwd, MAXWORDLEN); } else { - filename = _PATH_SRPFILE; + filename = PPP_PATH_SRPFILE; addrs = NULL; fp = fopen(filename, "r"); @@ -2049,7 +2092,7 @@ auth_ip_addr(int unit, u_int32_t addr) int ok; /* don't allow loopback or multicast address */ - if (bad_ip_adrs(addr)) + if (ppp_bad_ip_addr(addr)) return 0; if (allowed_address_hook) { @@ -2077,12 +2120,10 @@ ip_addr_check(u_int32_t addr, struct permitted_ip *addrs) } /* - * bad_ip_adrs - return 1 if the IP address is one we don't want - * to use, such as an address in the loopback net or a multicast address. - * addr is in network byte order. + * Check if given addr in network byte order is in the looback network, or a multicast address. */ -int -bad_ip_adrs(u_int32_t addr) +bool +ppp_bad_ip_addr(u_int32_t addr) { addr = ntohl(addr); return (addr >> IN_CLASSA_NSHIFT) == IN_LOOPBACKNET @@ -2359,13 +2400,13 @@ auth_script_done(void *arg) case s_up: if (auth_state == s_down) { auth_script_state = s_down; - auth_script(_PATH_AUTHDOWN); + auth_script(PPP_PATH_AUTHDOWN); } break; case s_down: if (auth_state == s_up) { auth_script_state = s_up; - auth_script(_PATH_AUTHUP); + auth_script(PPP_PATH_AUTHUP); } break; } @@ -2419,7 +2460,7 @@ have_eaptls_secret_server(char *client, char *server, char cacertfile[MAXWORDLEN]; char pkfile[MAXWORDLEN]; - filename = _PATH_EAPTLSSERVFILE; + filename = PPP_PATH_EAPTLSSERVFILE; f = fopen(filename, "r"); if (f == NULL) return 0; @@ -2476,7 +2517,7 @@ have_eaptls_secret_client(char *client, char *server) if (pkcs12_file) return 1; - filename = _PATH_EAPTLSCLIFILE; + filename = PPP_PATH_EAPTLSCLIFILE; f = fopen(filename, "r"); if (f == NULL) return 0; @@ -2694,7 +2735,7 @@ get_eaptls_secret(int unit, char *client, char *server, } else { - filename = (am_server ? _PATH_EAPTLSSERVFILE : _PATH_EAPTLSCLIFILE); + filename = (am_server ? PPP_PATH_EAPTLSSERVFILE : PPP_PATH_EAPTLSCLIFILE); addrs = NULL; fp = fopen(filename, "r"); diff --git a/pppd/cbcp.c b/pppd/cbcp.c index 87bf9c0..8c33cf6 100644 --- a/pppd/cbcp.c +++ b/pppd/cbcp.c @@ -41,10 +41,11 @@ #include #include -#include "pppd.h" +#include "pppd-private.h" #include "cbcp.h" #include "fsm.h" #include "lcp.h" +#include "options.h" /* @@ -52,7 +53,7 @@ */ static int setcbcp (char **); -static option_t cbcp_option_list[] = { +static struct option cbcp_option_list[] = { { "callback", o_special, (void *)setcbcp, "Ask for callback", OPT_PRIO | OPT_A2STRVAL, &cbcp[0].us_number }, { NULL } @@ -461,6 +462,6 @@ static void cbcp_up(cbcp_state *us) { persist = 0; - status = EXIT_CALLBACK; + ppp_set_status(EXIT_CALLBACK); lcp_close(0, "Call me back, please"); } diff --git a/pppd/cbcp.h b/pppd/cbcp.h index c74b5f8..4bd106b 100644 --- a/pppd/cbcp.h +++ b/pppd/cbcp.h @@ -1,8 +1,44 @@ -#ifndef CBCP_H -#define CBCP_H +/* + * Copyright (c) 1995 Pedro Roque Marques. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. The names of the authors of this software must not be used to + * endorse or promote products derived from this software without + * prior written permission. + * + * 4. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by Pedro Roque Marques + * " + * + * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO + * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY + * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN + * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ +#ifndef PPP_CBCP_H +#define PPP_CBCP_H #include "pppdconf.h" +#ifdef __cplusplus +extern "C" { +#endif + typedef struct cbcp_state { int us_unit; /* Interface unit number */ u_char us_id; /* Current id */ @@ -25,4 +61,9 @@ extern struct protent cbcp_protent; #define CB_CONF_USER 2 #define CB_CONF_ADMIN 3 #define CB_CONF_LIST 4 + +#ifdef __cplusplus +} #endif + +#endif // PPP_CBCP_H diff --git a/pppd/ccp.c b/pppd/ccp.c index 088a163..3c28682 100644 --- a/pppd/ccp.c +++ b/pppd/ccp.c @@ -17,7 +17,7 @@ * 3. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Paul Mackerras - * ". + * ". * * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY @@ -42,7 +42,8 @@ #include #endif -#include "pppd.h" +#include "pppd-private.h" +#include "options.h" #include "fsm.h" #include "ccp.h" @@ -75,7 +76,7 @@ static char deflate_value[8]; bool refuse_mppe_stateful = 1; /* Allow stateful mode? */ #endif -static option_t ccp_option_list[] = { +static struct option ccp_option_list[] = { { "noccp", o_bool, &ccp_protent.enabled_flag, "Disable CCP negotiation" }, { "-ccp", o_bool, &ccp_protent.enabled_flag, @@ -276,12 +277,12 @@ setbsdcomp(char **argv) abits = strtol(str, &endp, 0); } if (*endp != 0 || endp == str) { - option_error("invalid parameter '%s' for bsdcomp option", *argv); + ppp_option_error("invalid parameter '%s' for bsdcomp option", *argv); return 0; } if ((rbits != 0 && (rbits < BSD_MIN_BITS || rbits > BSD_MAX_BITS)) || (abits != 0 && (abits < BSD_MIN_BITS || abits > BSD_MAX_BITS))) { - option_error("bsdcomp option values must be 0 or %d .. %d", + ppp_option_error("bsdcomp option values must be 0 or %d .. %d", BSD_MIN_BITS, BSD_MAX_BITS); return 0; } @@ -314,13 +315,13 @@ setdeflate(char **argv) abits = strtol(str, &endp, 0); } if (*endp != 0 || endp == str) { - option_error("invalid parameter '%s' for deflate option", *argv); + ppp_option_error("invalid parameter '%s' for deflate option", *argv); return 0; } if ((rbits != 0 && (rbits < DEFLATE_MIN_SIZE || rbits > DEFLATE_MAX_SIZE)) || (abits != 0 && (abits < DEFLATE_MIN_SIZE || abits > DEFLATE_MAX_SIZE))) { - option_error("deflate option values must be 0 or %d .. %d", + ppp_option_error("deflate option values must be 0 or %d .. %d", DEFLATE_MIN_SIZE, DEFLATE_MAX_SIZE); return 0; } @@ -1175,9 +1176,9 @@ ccp_reqci(fsm *f, u_char *p, int *lenp, int dont_nak) * because MPPE frames **grow**. The kernel [must] * allocate MPPE_PAD extra bytes in xmit buffers. */ - mtu = netif_get_mtu(f->unit); + mtu = ppp_get_mtu(f->unit); if (mtu) - netif_set_mtu(f->unit, mtu - MPPE_PAD); + ppp_set_mtu(f->unit, mtu - MPPE_PAD); else newret = CONFREJ; } diff --git a/pppd/ccp.h b/pppd/ccp.h index a37695c..0a56686 100644 --- a/pppd/ccp.h +++ b/pppd/ccp.h @@ -17,7 +17,7 @@ * 3. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Paul Mackerras - * ". + * ". * * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY @@ -34,6 +34,10 @@ #include "pppdconf.h" +#ifdef __cplusplus +extern "C" { +#endif + typedef struct ccp_options { bool bsd_compress; /* do BSD Compress? */ bool deflate; /* do Deflate? */ @@ -41,9 +45,9 @@ typedef struct ccp_options { bool predictor_2; /* do Predictor-2? */ bool deflate_correct; /* use correct code for deflate? */ bool deflate_draft; /* use draft RFC code for deflate? */ - u_char mppe; /* MPPE bitfield */ - u_short bsd_bits; /* # bits/code for BSD Compress */ - u_short deflate_size; /* lg(window size) for Deflate */ + unsigned char mppe; /* MPPE bitfield */ + unsigned short bsd_bits; /* # bits/code for BSD Compress */ + unsigned short deflate_size; /* lg(window size) for Deflate */ short method; /* code for chosen compression method */ } ccp_options; @@ -55,4 +59,8 @@ extern ccp_options ccp_hisoptions[]; extern struct protent ccp_protent; +#ifdef __cplusplus +} #endif + +#endif // PPP_CCP_H diff --git a/pppd/chap-md5.c b/pppd/chap-md5.c index 000f880..d9259d2 100644 --- a/pppd/chap-md5.c +++ b/pppd/chap-md5.c @@ -17,7 +17,7 @@ * 3. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Paul Mackerras - * ". + * ". * * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY @@ -36,13 +36,12 @@ #include #include -#include "pppd.h" -#include "chap-new.h" +#include "pppd-private.h" +#include "chap.h" #include "chap-md5.h" #include "magic.h" -#include "md5.h" +#include "crypto.h" -#define MD5_HASH_SIZE 16 #define MD5_MIN_CHALLENGE 16 #define MD5_MAX_CHALLENGE 24 @@ -63,27 +62,43 @@ chap_md5_verify_response(int id, char *name, unsigned char *challenge, unsigned char *response, char *message, int message_space) { - MD5_CTX ctx; unsigned char idbyte = id; - unsigned char hash[MD5_HASH_SIZE]; + unsigned char hash[MD5_DIGEST_LENGTH]; + unsigned int hash_len = MD5_DIGEST_LENGTH; int challenge_len, response_len; + bool success = 0; challenge_len = *challenge++; response_len = *response++; - if (response_len == MD5_HASH_SIZE) { + if (response_len == MD5_DIGEST_LENGTH) { + /* Generate hash of ID, secret, challenge */ - MD5_Init(&ctx); - MD5_Update(&ctx, &idbyte, 1); - MD5_Update(&ctx, secret, secret_len); - MD5_Update(&ctx, challenge, challenge_len); - MD5_Final(hash, &ctx); - - /* Test if our hash matches the peer's response */ - if (memcmp(hash, response, MD5_HASH_SIZE) == 0) { - slprintf(message, message_space, "Access granted"); - return 1; + PPP_MD_CTX* ctx = PPP_MD_CTX_new(); + if (ctx) { + + if (PPP_DigestInit(ctx, PPP_md5())) { + + if (PPP_DigestUpdate(ctx, &idbyte, 1)) { + + if (PPP_DigestUpdate(ctx, secret, secret_len)) { + + if (PPP_DigestUpdate(ctx, challenge, challenge_len)) { + + if (PPP_DigestFinal(ctx, hash, &hash_len)) { + + success = 1; + } + } + } + } + } + PPP_MD_CTX_free(ctx); } } + if (success && memcmp(hash, response, hash_len) == 0) { + slprintf(message, message_space, "Access granted"); + return 1; + } slprintf(message, message_space, "Access denied"); return 0; } @@ -93,16 +108,31 @@ chap_md5_make_response(unsigned char *response, int id, char *our_name, unsigned char *challenge, char *secret, int secret_len, unsigned char *private) { - MD5_CTX ctx; unsigned char idbyte = id; int challenge_len = *challenge++; + int hash_len = MD5_DIGEST_LENGTH; - MD5_Init(&ctx); - MD5_Update(&ctx, &idbyte, 1); - MD5_Update(&ctx, (u_char *)secret, secret_len); - MD5_Update(&ctx, challenge, challenge_len); - MD5_Final(&response[1], &ctx); - response[0] = MD5_HASH_SIZE; + PPP_MD_CTX* ctx = PPP_MD_CTX_new(); + if (ctx) { + + if (PPP_DigestInit(ctx, PPP_md5())) { + + if (PPP_DigestUpdate(ctx, &idbyte, 1)) { + + if (PPP_DigestUpdate(ctx, secret, secret_len)) { + + if (PPP_DigestUpdate(ctx, challenge, challenge_len)) { + + if (PPP_DigestFinal(ctx, &response[1], &hash_len)) { + + response[0] = hash_len; + } + } + } + } + } + PPP_MD_CTX_free(ctx); + } } static struct chap_digest_type md5_digest = { diff --git a/pppd/chap-md5.h b/pppd/chap-md5.h index 55f9ba2..e5ced4e 100644 --- a/pppd/chap-md5.h +++ b/pppd/chap-md5.h @@ -17,7 +17,7 @@ * 3. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Paul Mackerras - * ". + * ". * * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY diff --git a/pppd/chap-new.c b/pppd/chap-new.c deleted file mode 100644 index 565713f..0000000 --- a/pppd/chap-new.c +++ /dev/null @@ -1,704 +0,0 @@ -/* - * chap-new.c - New CHAP implementation. - * - * Copyright (c) 2003 Paul Mackerras. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. The name(s) of the authors of this software must not be used to - * endorse or promote products derived from this software without - * prior written permission. - * - * 3. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Paul Mackerras - * ". - * - * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY - * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#define RCSID "$Id: chap-new.c,v 1.9 2007/06/19 02:08:35 carlsonj Exp $" - -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif - -#include -#include -#include "pppd.h" -#include "session.h" -#include "chap-new.h" -#include "chap-md5.h" - -#ifdef PPP_WITH_CHAPMS -#include "chap_ms.h" -#define MDTYPE_ALL (MDTYPE_MICROSOFT_V2 | MDTYPE_MICROSOFT | MDTYPE_MD5) -#else -#define MDTYPE_ALL (MDTYPE_MD5) -#endif - -int chap_mdtype_all = MDTYPE_ALL; - -/* Hook for a plugin to validate CHAP challenge */ -int (*chap_verify_hook)(char *name, char *ourname, int id, - struct chap_digest_type *digest, - unsigned char *challenge, unsigned char *response, - char *message, int message_space) = NULL; - -/* - * Option variables. - */ -int chap_server_timeout_time = 3; -int chap_max_transmits = 10; -int chap_rechallenge_time = 0; -int chap_client_timeout_time = 60; -int chapms_strip_domain = 0; - -/* - * Command-line options. - */ -static option_t chap_option_list[] = { - { "chap-restart", o_int, &chap_server_timeout_time, - "Set timeout for CHAP (as server)", OPT_PRIO }, - { "chap-max-challenge", o_int, &chap_max_transmits, - "Set max #xmits for challenge", OPT_PRIO }, - { "chap-interval", o_int, &chap_rechallenge_time, - "Set interval for rechallenge", OPT_PRIO }, - { "chap-timeout", o_int, &chap_client_timeout_time, - "Set timeout for CHAP (as client)", OPT_PRIO }, - { "chapms-strip-domain", o_bool, &chapms_strip_domain, - "Strip the domain prefix before the Username", 1 }, - { NULL } -}; - -/* - * Internal state. - */ -static struct chap_client_state { - int flags; - char *name; - struct chap_digest_type *digest; - unsigned char priv[64]; /* private area for digest's use */ -} client; - -/* - * These limits apply to challenge and response packets we send. - * The +4 is the +1 that we actually need rounded up. - */ -#define CHAL_MAX_PKTLEN (PPP_HDRLEN + CHAP_HDRLEN + 4 + MAX_CHALLENGE_LEN + MAXNAMELEN) -#define RESP_MAX_PKTLEN (PPP_HDRLEN + CHAP_HDRLEN + 4 + MAX_RESPONSE_LEN + MAXNAMELEN) - -static struct chap_server_state { - int flags; - int id; - char *name; - struct chap_digest_type *digest; - int challenge_xmits; - int challenge_pktlen; - unsigned char challenge[CHAL_MAX_PKTLEN]; - char message[256]; -} server; - -/* Values for flags in chap_client_state and chap_server_state */ -#define LOWERUP 1 -#define AUTH_STARTED 2 -#define AUTH_DONE 4 -#define AUTH_FAILED 8 -#define TIMEOUT_PENDING 0x10 -#define CHALLENGE_VALID 0x20 - -/* - * Prototypes. - */ -static void chap_init(int unit); -static void chap_lowerup(int unit); -static void chap_lowerdown(int unit); -static void chap_server_timeout(void *arg); -static void chap_client_timeout(void *arg); -static void chap_generate_challenge(struct chap_server_state *ss); -static void chap_handle_response(struct chap_server_state *ss, int code, - unsigned char *pkt, int len); -static int chap_verify_response(char *name, char *ourname, int id, - struct chap_digest_type *digest, - unsigned char *challenge, unsigned char *response, - char *message, int message_space); -static void chap_respond(struct chap_client_state *cs, int id, - unsigned char *pkt, int len); -static void chap_handle_status(struct chap_client_state *cs, int code, int id, - unsigned char *pkt, int len); -static void chap_protrej(int unit); -static void chap_input(int unit, unsigned char *pkt, int pktlen); -static int chap_print_pkt(unsigned char *p, int plen, - void (*printer)(void *, char *, ...), void *arg); - -/* List of digest types that we know about */ -static struct chap_digest_type *chap_digests; - -/* - * chap_init - reset to initial state. - */ -static void -chap_init(int unit) -{ - memset(&client, 0, sizeof(client)); - memset(&server, 0, sizeof(server)); - - chap_md5_init(); -#ifdef PPP_WITH_CHAPMS - chapms_init(); -#endif -} - -/* - * Add a new digest type to the list. - */ -void -chap_register_digest(struct chap_digest_type *dp) -{ - dp->next = chap_digests; - chap_digests = dp; -} - -/* - * Lookup a digest type by code - */ -struct chap_digest_type * -chap_find_digest(int digest_code) { - struct chap_digest_type *dp = NULL; - for (dp = chap_digests; dp != NULL; dp = dp->next) - if (dp->code == digest_code) - break; - return dp; -} - -/* - * chap_lowerup - we can start doing stuff now. - */ -static void -chap_lowerup(int unit) -{ - struct chap_client_state *cs = &client; - struct chap_server_state *ss = &server; - - cs->flags |= LOWERUP; - ss->flags |= LOWERUP; - if (ss->flags & AUTH_STARTED) - chap_server_timeout(ss); -} - -static void -chap_lowerdown(int unit) -{ - struct chap_client_state *cs = &client; - struct chap_server_state *ss = &server; - - if (cs->flags & TIMEOUT_PENDING) - UNTIMEOUT(chap_client_timeout, cs); - cs->flags = 0; - if (ss->flags & TIMEOUT_PENDING) - UNTIMEOUT(chap_server_timeout, ss); - ss->flags = 0; -} - -/* - * chap_auth_peer - Start authenticating the peer. - * If the lower layer is already up, we start sending challenges, - * otherwise we wait for the lower layer to come up. - */ -void -chap_auth_peer(int unit, char *our_name, int digest_code) -{ - struct chap_server_state *ss = &server; - struct chap_digest_type *dp; - - if (ss->flags & AUTH_STARTED) { - error("CHAP: peer authentication already started!"); - return; - } - - dp = chap_find_digest(digest_code); - if (dp == NULL) - fatal("CHAP digest 0x%x requested but not available", - digest_code); - - ss->digest = dp; - ss->name = our_name; - /* Start with a random ID value */ - ss->id = (unsigned char)(drand48() * 256); - ss->flags |= AUTH_STARTED; - if (ss->flags & LOWERUP) - chap_server_timeout(ss); -} - -/* - * chap_auth_with_peer - Prepare to authenticate ourselves to the peer. - * There isn't much to do until we receive a challenge. - */ -void -chap_auth_with_peer(int unit, char *our_name, int digest_code) -{ - struct chap_client_state *cs = &client; - struct chap_digest_type *dp; - - if (cs->flags & AUTH_STARTED) { - error("CHAP: authentication with peer already started!"); - return; - } - for (dp = chap_digests; dp != NULL; dp = dp->next) - if (dp->code == digest_code) - break; - if (dp == NULL) - fatal("CHAP digest 0x%x requested but not available", - digest_code); - - cs->digest = dp; - cs->name = our_name; - cs->flags |= AUTH_STARTED | TIMEOUT_PENDING; - TIMEOUT(chap_client_timeout, cs, chap_client_timeout_time); -} - -/* - * chap_server_timeout - It's time to send another challenge to the peer. - * This could be either a retransmission of a previous challenge, - * or a new challenge to start re-authentication. - */ -static void -chap_server_timeout(void *arg) -{ - struct chap_server_state *ss = arg; - - ss->flags &= ~TIMEOUT_PENDING; - if ((ss->flags & CHALLENGE_VALID) == 0) { - ss->challenge_xmits = 0; - chap_generate_challenge(ss); - ss->flags |= CHALLENGE_VALID; - } else if (ss->challenge_xmits >= chap_max_transmits) { - ss->flags &= ~CHALLENGE_VALID; - ss->flags |= AUTH_DONE | AUTH_FAILED; - auth_peer_fail(0, PPP_CHAP); - return; - } - - output(0, ss->challenge, ss->challenge_pktlen); - ++ss->challenge_xmits; - ss->flags |= TIMEOUT_PENDING; - TIMEOUT(chap_server_timeout, arg, chap_server_timeout_time); -} - -/* chap_client_timeout - Authentication with peer timed out. */ -static void -chap_client_timeout(void *arg) -{ - struct chap_client_state *cs = arg; - - cs->flags &= ~TIMEOUT_PENDING; - cs->flags |= AUTH_DONE | AUTH_FAILED; - error("CHAP authentication timed out"); - auth_withpeer_fail(0, PPP_CHAP); -} - -/* - * chap_generate_challenge - generate a challenge string and format - * the challenge packet in ss->challenge_pkt. - */ -static void -chap_generate_challenge(struct chap_server_state *ss) -{ - int clen = 1, nlen, len; - unsigned char *p; - - p = ss->challenge; - MAKEHEADER(p, PPP_CHAP); - p += CHAP_HDRLEN; - ss->digest->generate_challenge(p); - clen = *p; - nlen = strlen(ss->name); - memcpy(p + 1 + clen, ss->name, nlen); - - len = CHAP_HDRLEN + 1 + clen + nlen; - ss->challenge_pktlen = PPP_HDRLEN + len; - - p = ss->challenge + PPP_HDRLEN; - p[0] = CHAP_CHALLENGE; - p[1] = ++ss->id; - p[2] = len >> 8; - p[3] = len; -} - -/* - * chap_handle_response - check the response to our challenge. - */ -static void -chap_handle_response(struct chap_server_state *ss, int id, - unsigned char *pkt, int len) -{ - int response_len, ok, mlen; - unsigned char *response, *p; - char *name = NULL; /* initialized to shut gcc up */ - int (*verifier)(char *, char *, int, struct chap_digest_type *, - unsigned char *, unsigned char *, char *, int); - char rname[MAXNAMELEN+1]; - - if ((ss->flags & LOWERUP) == 0) - return; - if (id != ss->challenge[PPP_HDRLEN+1] || len < 2) - return; - if (ss->flags & CHALLENGE_VALID) { - response = pkt; - GETCHAR(response_len, pkt); - len -= response_len + 1; /* length of name */ - name = (char *)pkt + response_len; - if (len < 0) - return; - - if (ss->flags & TIMEOUT_PENDING) { - ss->flags &= ~TIMEOUT_PENDING; - UNTIMEOUT(chap_server_timeout, ss); - } - - if (explicit_remote) { - name = remote_name; - } else { - /* Null terminate and clean remote name. */ - slprintf(rname, sizeof(rname), "%.*v", len, name); - name = rname; - - /* strip the MS domain name */ - if (chapms_strip_domain && strrchr(rname, '\\')) { - char tmp[MAXNAMELEN+1]; - - strcpy(tmp, strrchr(rname, '\\') + 1); - strcpy(rname, tmp); - } - } - - if (chap_verify_hook) - verifier = chap_verify_hook; - else - verifier = chap_verify_response; - ok = (*verifier)(name, ss->name, id, ss->digest, - ss->challenge + PPP_HDRLEN + CHAP_HDRLEN, - response, ss->message, sizeof(ss->message)); - if (!ok || !auth_number()) { - ss->flags |= AUTH_FAILED; - warn("Peer %q failed CHAP authentication", name); - } - } else if ((ss->flags & AUTH_DONE) == 0) - return; - - /* send the response */ - p = outpacket_buf; - MAKEHEADER(p, PPP_CHAP); - mlen = strlen(ss->message); - len = CHAP_HDRLEN + mlen; - p[0] = (ss->flags & AUTH_FAILED)? CHAP_FAILURE: CHAP_SUCCESS; - p[1] = id; - p[2] = len >> 8; - p[3] = len; - if (mlen > 0) - memcpy(p + CHAP_HDRLEN, ss->message, mlen); - output(0, outpacket_buf, PPP_HDRLEN + len); - - if (ss->flags & CHALLENGE_VALID) { - ss->flags &= ~CHALLENGE_VALID; - if (!(ss->flags & AUTH_DONE) && !(ss->flags & AUTH_FAILED)) { - /* - * Auth is OK, so now we need to check session restrictions - * to ensure everything is OK, but only if we used a - * plugin, and only if we're configured to check. This - * allows us to do PAM checks on PPP servers that - * authenticate against ActiveDirectory, and use AD for - * account info (like when using Winbind integrated with - * PAM). - */ - if (session_mgmt && - session_check(name, NULL, devnam, NULL) == 0) { - ss->flags |= AUTH_FAILED; - warn("Peer %q failed CHAP Session verification", name); - } - } - if (ss->flags & AUTH_FAILED) { - auth_peer_fail(0, PPP_CHAP); - } else { - if ((ss->flags & AUTH_DONE) == 0) - auth_peer_success(0, PPP_CHAP, - ss->digest->code, - name, strlen(name)); - if (chap_rechallenge_time) { - ss->flags |= TIMEOUT_PENDING; - TIMEOUT(chap_server_timeout, ss, - chap_rechallenge_time); - } - } - ss->flags |= AUTH_DONE; - } -} - -/* - * chap_verify_response - check whether the peer's response matches - * what we think it should be. Returns 1 if it does (authentication - * succeeded), or 0 if it doesn't. - */ -static int -chap_verify_response(char *name, char *ourname, int id, - struct chap_digest_type *digest, - unsigned char *challenge, unsigned char *response, - char *message, int message_space) -{ - int ok; - unsigned char secret[MAXSECRETLEN]; - int secret_len; - - /* Get the secret that the peer is supposed to know */ - if (!get_secret(0, name, ourname, (char *)secret, &secret_len, 1)) { - error("No CHAP secret found for authenticating %q", name); - return 0; - } - - ok = digest->verify_response(id, name, secret, secret_len, challenge, - response, message, message_space); - memset(secret, 0, sizeof(secret)); - - return ok; -} - -/* - * chap_respond - Generate and send a response to a challenge. - */ -static void -chap_respond(struct chap_client_state *cs, int id, - unsigned char *pkt, int len) -{ - int clen, nlen; - int secret_len; - unsigned char *p; - unsigned char response[RESP_MAX_PKTLEN]; - char rname[MAXNAMELEN+1]; - char secret[MAXSECRETLEN+1]; - - if ((cs->flags & (LOWERUP | AUTH_STARTED)) != (LOWERUP | AUTH_STARTED)) - return; /* not ready */ - if (len < 2 || len < pkt[0] + 1) - return; /* too short */ - clen = pkt[0]; - nlen = len - (clen + 1); - - /* Null terminate and clean remote name. */ - slprintf(rname, sizeof(rname), "%.*v", nlen, pkt + clen + 1); - - /* Microsoft doesn't send their name back in the PPP packet */ - if (explicit_remote || (remote_name[0] != 0 && rname[0] == 0)) - strlcpy(rname, remote_name, sizeof(rname)); - - /* get secret for authenticating ourselves with the specified host */ - if (!get_secret(0, cs->name, rname, secret, &secret_len, 0)) { - secret_len = 0; /* assume null secret if can't find one */ - warn("No CHAP secret found for authenticating us to %q", rname); - } - - p = response; - MAKEHEADER(p, PPP_CHAP); - p += CHAP_HDRLEN; - - cs->digest->make_response(p, id, cs->name, pkt, - secret, secret_len, cs->priv); - memset(secret, 0, secret_len); - - clen = *p; - nlen = strlen(cs->name); - memcpy(p + clen + 1, cs->name, nlen); - - p = response + PPP_HDRLEN; - len = CHAP_HDRLEN + clen + 1 + nlen; - p[0] = CHAP_RESPONSE; - p[1] = id; - p[2] = len >> 8; - p[3] = len; - - output(0, response, PPP_HDRLEN + len); -} - -static void -chap_handle_status(struct chap_client_state *cs, int code, int id, - unsigned char *pkt, int len) -{ - const char *msg = NULL; - - if ((cs->flags & (AUTH_DONE|AUTH_STARTED|LOWERUP)) - != (AUTH_STARTED|LOWERUP)) - return; - cs->flags |= AUTH_DONE; - - UNTIMEOUT(chap_client_timeout, cs); - cs->flags &= ~TIMEOUT_PENDING; - - if (code == CHAP_SUCCESS) { - /* used for MS-CHAP v2 mutual auth, yuck */ - if (cs->digest->check_success != NULL) { - if (!(*cs->digest->check_success)(id, pkt, len)) - code = CHAP_FAILURE; - } else - msg = "CHAP authentication succeeded"; - } else { - if (cs->digest->handle_failure != NULL) - (*cs->digest->handle_failure)(pkt, len); - else - msg = "CHAP authentication failed"; - } - if (msg) { - if (len > 0) - info("%s: %.*v", msg, len, pkt); - else - info("%s", msg); - } - if (code == CHAP_SUCCESS) - auth_withpeer_success(0, PPP_CHAP, cs->digest->code); - else { - cs->flags |= AUTH_FAILED; - error("CHAP authentication failed"); - auth_withpeer_fail(0, PPP_CHAP); - } -} - -static void -chap_input(int unit, unsigned char *pkt, int pktlen) -{ - struct chap_client_state *cs = &client; - struct chap_server_state *ss = &server; - unsigned char code, id; - int len; - - if (pktlen < CHAP_HDRLEN) - return; - GETCHAR(code, pkt); - GETCHAR(id, pkt); - GETSHORT(len, pkt); - if (len < CHAP_HDRLEN || len > pktlen) - return; - len -= CHAP_HDRLEN; - - switch (code) { - case CHAP_CHALLENGE: - chap_respond(cs, id, pkt, len); - break; - case CHAP_RESPONSE: - chap_handle_response(ss, id, pkt, len); - break; - case CHAP_FAILURE: - case CHAP_SUCCESS: - chap_handle_status(cs, code, id, pkt, len); - break; - } -} - -static void -chap_protrej(int unit) -{ - struct chap_client_state *cs = &client; - struct chap_server_state *ss = &server; - - if (ss->flags & TIMEOUT_PENDING) { - ss->flags &= ~TIMEOUT_PENDING; - UNTIMEOUT(chap_server_timeout, ss); - } - if (ss->flags & AUTH_STARTED) { - ss->flags = 0; - auth_peer_fail(0, PPP_CHAP); - } - if ((cs->flags & (AUTH_STARTED|AUTH_DONE)) == AUTH_STARTED) { - cs->flags &= ~AUTH_STARTED; - error("CHAP authentication failed due to protocol-reject"); - auth_withpeer_fail(0, PPP_CHAP); - } -} - -/* - * chap_print_pkt - print the contents of a CHAP packet. - */ -static char *chap_code_names[] = { - "Challenge", "Response", "Success", "Failure" -}; - -static int -chap_print_pkt(unsigned char *p, int plen, - void (*printer)(void *, char *, ...), void *arg) -{ - int code, id, len; - int clen, nlen; - unsigned char x; - - if (plen < CHAP_HDRLEN) - return 0; - GETCHAR(code, p); - GETCHAR(id, p); - GETSHORT(len, p); - if (len < CHAP_HDRLEN || len > plen) - return 0; - - if (code >= 1 && code <= sizeof(chap_code_names) / sizeof(char *)) - printer(arg, " %s", chap_code_names[code-1]); - else - printer(arg, " code=0x%x", code); - printer(arg, " id=0x%x", id); - len -= CHAP_HDRLEN; - switch (code) { - case CHAP_CHALLENGE: - case CHAP_RESPONSE: - if (len < 1) - break; - clen = p[0]; - if (len < clen + 1) - break; - ++p; - nlen = len - clen - 1; - printer(arg, " <"); - for (; clen > 0; --clen) { - GETCHAR(x, p); - printer(arg, "%.2x", x); - } - printer(arg, ">, name = "); - print_string((char *)p, nlen, printer, arg); - break; - case CHAP_FAILURE: - case CHAP_SUCCESS: - printer(arg, " "); - print_string((char *)p, len, printer, arg); - break; - default: - for (clen = len; clen > 0; --clen) { - GETCHAR(x, p); - printer(arg, " %.2x", x); - } - } - - return len + CHAP_HDRLEN; -} - -struct protent chap_protent = { - PPP_CHAP, - chap_init, - chap_input, - chap_protrej, - chap_lowerup, - chap_lowerdown, - NULL, /* open */ - NULL, /* close */ - chap_print_pkt, - NULL, /* datainput */ - 1, /* enabled_flag */ - "CHAP", /* name */ - NULL, /* data_name */ - chap_option_list, - NULL, /* check_options */ -}; diff --git a/pppd/chap-new.h b/pppd/chap-new.h deleted file mode 100644 index 9ebec54..0000000 --- a/pppd/chap-new.h +++ /dev/null @@ -1,140 +0,0 @@ -/* - * chap-new.c - New CHAP implementation. - * - * Copyright (c) 2003 Paul Mackerras. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. The name(s) of the authors of this software must not be used to - * endorse or promote products derived from this software without - * prior written permission. - * - * 3. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by Paul Mackerras - * ". - * - * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY - * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef PPP_CHAP_NEW_H -#define PPP_CHAP_NEW_H - -#include "pppdconf.h" - -/* - * CHAP packets begin with a standard header with code, id, len (2 bytes). - */ -#define CHAP_HDRLEN 4 - -/* - * Values for the code field. - */ -#define CHAP_CHALLENGE 1 -#define CHAP_RESPONSE 2 -#define CHAP_SUCCESS 3 -#define CHAP_FAILURE 4 - -/* - * CHAP digest codes. - */ -#define CHAP_MD5 5 -#define CHAP_MICROSOFT 0x80 -#define CHAP_MICROSOFT_V2 0x81 - -/* - * Semi-arbitrary limits on challenge and response fields. - */ -#define MAX_CHALLENGE_LEN 64 -#define MAX_RESPONSE_LEN 64 - -/* bitmask of supported algorithms */ -#define MDTYPE_MICROSOFT_V2 0x1 -#define MDTYPE_MICROSOFT 0x2 -#define MDTYPE_MD5 0x4 -#define MDTYPE_NONE 0 - -/* hashes supported by this instance of pppd */ -extern int chap_mdtype_all; - -/* Return the digest alg. ID for the most preferred digest type. */ -#define CHAP_DIGEST(mdtype) \ - ((mdtype) & MDTYPE_MD5)? CHAP_MD5: \ - ((mdtype) & MDTYPE_MICROSOFT_V2)? CHAP_MICROSOFT_V2: \ - ((mdtype) & MDTYPE_MICROSOFT)? CHAP_MICROSOFT: \ - 0 - -/* Return the bit flag (lsb set) for our most preferred digest type. */ -#define CHAP_MDTYPE(mdtype) ((mdtype) ^ ((mdtype) - 1)) & (mdtype) - -/* Return the bit flag for a given digest algorithm ID. */ -#define CHAP_MDTYPE_D(digest) \ - ((digest) == CHAP_MICROSOFT_V2)? MDTYPE_MICROSOFT_V2: \ - ((digest) == CHAP_MICROSOFT)? MDTYPE_MICROSOFT: \ - ((digest) == CHAP_MD5)? MDTYPE_MD5: \ - 0 - -/* Can we do the requested digest? */ -#define CHAP_CANDIGEST(mdtype, digest) \ - ((digest) == CHAP_MICROSOFT_V2)? (mdtype) & MDTYPE_MICROSOFT_V2: \ - ((digest) == CHAP_MICROSOFT)? (mdtype) & MDTYPE_MICROSOFT: \ - ((digest) == CHAP_MD5)? (mdtype) & MDTYPE_MD5: \ - 0 - -/* - * The code for each digest type has to supply one of these. - */ -struct chap_digest_type { - int code; - - /* - * Note: challenge and response arguments below are formatted as - * a length byte followed by the actual challenge/response data. - */ - void (*generate_challenge)(unsigned char *challenge); - int (*verify_response)(int id, char *name, - unsigned char *secret, int secret_len, - unsigned char *challenge, unsigned char *response, - char *message, int message_space); - void (*make_response)(unsigned char *response, int id, char *our_name, - unsigned char *challenge, char *secret, int secret_len, - unsigned char *priv); - int (*check_success)(int id, unsigned char *pkt, int len); - void (*handle_failure)(unsigned char *pkt, int len); - - struct chap_digest_type *next; -}; - -/* Hook for a plugin to validate CHAP challenge */ -extern int (*chap_verify_hook)(char *name, char *ourname, int id, - struct chap_digest_type *digest, - unsigned char *challenge, unsigned char *response, - char *message, int message_space); - -/* Called by digest code to register a digest type */ -extern void chap_register_digest(struct chap_digest_type *); - -/* Lookup a digest handler by type */ -extern struct chap_digest_type *chap_find_digest(int digest_code); - -/* Called by authentication code to start authenticating the peer. */ -extern void chap_auth_peer(int unit, char *our_name, int digest_code); - -/* Called by auth. code to start authenticating us to the peer. */ -extern void chap_auth_with_peer(int unit, char *our_name, int digest_code); - -/* Represents the CHAP protocol to the main pppd code */ -extern struct protent chap_protent; - -#endif diff --git a/pppd/chap.c b/pppd/chap.c new file mode 100644 index 0000000..d0009e8 --- /dev/null +++ b/pppd/chap.c @@ -0,0 +1,698 @@ +/* + * chap-new.c - New CHAP implementation. + * + * Copyright (c) 2003 Paul Mackerras. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. The name(s) of the authors of this software must not be used to + * endorse or promote products derived from this software without + * prior written permission. + * + * 3. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by Paul Mackerras + * ". + * + * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO + * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY + * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN + * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#define RCSID "$Id: chap-new.c,v 1.9 2007/06/19 02:08:35 carlsonj Exp $" + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include +#include +#include "pppd-private.h" +#include "options.h" +#include "session.h" +#include "chap.h" +#include "chap-md5.h" + +#ifdef PPP_WITH_CHAPMS +#include "chap_ms.h" +#define MDTYPE_ALL (MDTYPE_MICROSOFT_V2 | MDTYPE_MICROSOFT | MDTYPE_MD5) +#else +#define MDTYPE_ALL (MDTYPE_MD5) +#endif + +int chap_mdtype_all = MDTYPE_ALL; + +/* Hook for a plugin to validate CHAP challenge */ +chap_verify_hook_fn *chap_verify_hook = NULL; + +/* + * Option variables. + */ +int chap_server_timeout_time = 3; +int chap_max_transmits = 10; +int chap_rechallenge_time = 0; +int chap_client_timeout_time = 60; +int chapms_strip_domain = 0; + +/* + * Command-line options. + */ +static struct option chap_option_list[] = { + { "chap-restart", o_int, &chap_server_timeout_time, + "Set timeout for CHAP (as server)", OPT_PRIO }, + { "chap-max-challenge", o_int, &chap_max_transmits, + "Set max #xmits for challenge", OPT_PRIO }, + { "chap-interval", o_int, &chap_rechallenge_time, + "Set interval for rechallenge", OPT_PRIO }, + { "chap-timeout", o_int, &chap_client_timeout_time, + "Set timeout for CHAP (as client)", OPT_PRIO }, + { "chapms-strip-domain", o_bool, &chapms_strip_domain, + "Strip the domain prefix before the Username", 1 }, + { NULL } +}; + +/* + * Internal state. + */ +static struct chap_client_state { + int flags; + char *name; + struct chap_digest_type *digest; + unsigned char priv[64]; /* private area for digest's use */ +} client; + +/* + * These limits apply to challenge and response packets we send. + * The +4 is the +1 that we actually need rounded up. + */ +#define CHAL_MAX_PKTLEN (PPP_HDRLEN + CHAP_HDRLEN + 4 + MAX_CHALLENGE_LEN + MAXNAMELEN) +#define RESP_MAX_PKTLEN (PPP_HDRLEN + CHAP_HDRLEN + 4 + MAX_RESPONSE_LEN + MAXNAMELEN) + +static struct chap_server_state { + int flags; + int id; + char *name; + struct chap_digest_type *digest; + int challenge_xmits; + int challenge_pktlen; + unsigned char challenge[CHAL_MAX_PKTLEN]; + char message[256]; +} server; + +/* Values for flags in chap_client_state and chap_server_state */ +#define LOWERUP 1 +#define AUTH_STARTED 2 +#define AUTH_DONE 4 +#define AUTH_FAILED 8 +#define TIMEOUT_PENDING 0x10 +#define CHALLENGE_VALID 0x20 + +/* + * Prototypes. + */ +static void chap_init(int unit); +static void chap_lowerup(int unit); +static void chap_lowerdown(int unit); +static void chap_server_timeout(void *arg); +static void chap_client_timeout(void *arg); +static void chap_generate_challenge(struct chap_server_state *ss); +static void chap_handle_response(struct chap_server_state *ss, int code, + unsigned char *pkt, int len); +static chap_verify_hook_fn chap_verify_response; +static void chap_respond(struct chap_client_state *cs, int id, + unsigned char *pkt, int len); +static void chap_handle_status(struct chap_client_state *cs, int code, int id, + unsigned char *pkt, int len); +static void chap_protrej(int unit); +static void chap_input(int unit, unsigned char *pkt, int pktlen); +static int chap_print_pkt(unsigned char *p, int plen, + void (*printer)(void *, char *, ...), void *arg); + +/* List of digest types that we know about */ +static struct chap_digest_type *chap_digests; + +/* + * chap_init - reset to initial state. + */ +static void +chap_init(int unit) +{ + memset(&client, 0, sizeof(client)); + memset(&server, 0, sizeof(server)); + + chap_md5_init(); +#ifdef PPP_WITH_CHAPMS + chapms_init(); +#endif +} + +/* + * Add a new digest type to the list. + */ +void +chap_register_digest(struct chap_digest_type *dp) +{ + dp->next = chap_digests; + chap_digests = dp; +} + +/* + * Lookup a digest type by code + */ +struct chap_digest_type * +chap_find_digest(int digest_code) { + struct chap_digest_type *dp = NULL; + for (dp = chap_digests; dp != NULL; dp = dp->next) + if (dp->code == digest_code) + break; + return dp; +} + +/* + * chap_lowerup - we can start doing stuff now. + */ +static void +chap_lowerup(int unit) +{ + struct chap_client_state *cs = &client; + struct chap_server_state *ss = &server; + + cs->flags |= LOWERUP; + ss->flags |= LOWERUP; + if (ss->flags & AUTH_STARTED) + chap_server_timeout(ss); +} + +static void +chap_lowerdown(int unit) +{ + struct chap_client_state *cs = &client; + struct chap_server_state *ss = &server; + + if (cs->flags & TIMEOUT_PENDING) + UNTIMEOUT(chap_client_timeout, cs); + cs->flags = 0; + if (ss->flags & TIMEOUT_PENDING) + UNTIMEOUT(chap_server_timeout, ss); + ss->flags = 0; +} + +/* + * chap_auth_peer - Start authenticating the peer. + * If the lower layer is already up, we start sending challenges, + * otherwise we wait for the lower layer to come up. + */ +void +chap_auth_peer(int unit, char *our_name, int digest_code) +{ + struct chap_server_state *ss = &server; + struct chap_digest_type *dp; + + if (ss->flags & AUTH_STARTED) { + error("CHAP: peer authentication already started!"); + return; + } + + dp = chap_find_digest(digest_code); + if (dp == NULL) + fatal("CHAP digest 0x%x requested but not available", + digest_code); + + ss->digest = dp; + ss->name = our_name; + /* Start with a random ID value */ + ss->id = (unsigned char)(drand48() * 256); + ss->flags |= AUTH_STARTED; + if (ss->flags & LOWERUP) + chap_server_timeout(ss); +} + +/* + * chap_auth_with_peer - Prepare to authenticate ourselves to the peer. + * There isn't much to do until we receive a challenge. + */ +void +chap_auth_with_peer(int unit, char *our_name, int digest_code) +{ + struct chap_client_state *cs = &client; + struct chap_digest_type *dp; + + if (cs->flags & AUTH_STARTED) { + error("CHAP: authentication with peer already started!"); + return; + } + for (dp = chap_digests; dp != NULL; dp = dp->next) + if (dp->code == digest_code) + break; + if (dp == NULL) + fatal("CHAP digest 0x%x requested but not available", + digest_code); + + cs->digest = dp; + cs->name = our_name; + cs->flags |= AUTH_STARTED | TIMEOUT_PENDING; + TIMEOUT(chap_client_timeout, cs, chap_client_timeout_time); +} + +/* + * chap_server_timeout - It's time to send another challenge to the peer. + * This could be either a retransmission of a previous challenge, + * or a new challenge to start re-authentication. + */ +static void +chap_server_timeout(void *arg) +{ + struct chap_server_state *ss = arg; + + ss->flags &= ~TIMEOUT_PENDING; + if ((ss->flags & CHALLENGE_VALID) == 0) { + ss->challenge_xmits = 0; + chap_generate_challenge(ss); + ss->flags |= CHALLENGE_VALID; + } else if (ss->challenge_xmits >= chap_max_transmits) { + ss->flags &= ~CHALLENGE_VALID; + ss->flags |= AUTH_DONE | AUTH_FAILED; + auth_peer_fail(0, PPP_CHAP); + return; + } + + output(0, ss->challenge, ss->challenge_pktlen); + ++ss->challenge_xmits; + ss->flags |= TIMEOUT_PENDING; + TIMEOUT(chap_server_timeout, arg, chap_server_timeout_time); +} + +/* chap_client_timeout - Authentication with peer timed out. */ +static void +chap_client_timeout(void *arg) +{ + struct chap_client_state *cs = arg; + + cs->flags &= ~TIMEOUT_PENDING; + cs->flags |= AUTH_DONE | AUTH_FAILED; + error("CHAP authentication timed out"); + auth_withpeer_fail(0, PPP_CHAP); +} + +/* + * chap_generate_challenge - generate a challenge string and format + * the challenge packet in ss->challenge_pkt. + */ +static void +chap_generate_challenge(struct chap_server_state *ss) +{ + int clen = 1, nlen, len; + unsigned char *p; + + p = ss->challenge; + MAKEHEADER(p, PPP_CHAP); + p += CHAP_HDRLEN; + ss->digest->generate_challenge(p); + clen = *p; + nlen = strlen(ss->name); + memcpy(p + 1 + clen, ss->name, nlen); + + len = CHAP_HDRLEN + 1 + clen + nlen; + ss->challenge_pktlen = PPP_HDRLEN + len; + + p = ss->challenge + PPP_HDRLEN; + p[0] = CHAP_CHALLENGE; + p[1] = ++ss->id; + p[2] = len >> 8; + p[3] = len; +} + +/* + * chap_handle_response - check the response to our challenge. + */ +static void +chap_handle_response(struct chap_server_state *ss, int id, + unsigned char *pkt, int len) +{ + int response_len, ok, mlen; + unsigned char *response, *p; + char *name = NULL; + chap_verify_hook_fn *verifier; + char rname[MAXNAMELEN+1]; + + if ((ss->flags & LOWERUP) == 0) + return; + if (id != ss->challenge[PPP_HDRLEN+1] || len < 2) + return; + if (ss->flags & CHALLENGE_VALID) { + response = pkt; + GETCHAR(response_len, pkt); + len -= response_len + 1; /* length of name */ + name = (char *)pkt + response_len; + if (len < 0) + return; + + if (ss->flags & TIMEOUT_PENDING) { + ss->flags &= ~TIMEOUT_PENDING; + UNTIMEOUT(chap_server_timeout, ss); + } + + if (explicit_remote) { + name = remote_name; + } else { + /* Null terminate and clean remote name. */ + slprintf(rname, sizeof(rname), "%.*v", len, name); + name = rname; + + /* strip the MS domain name */ + if (chapms_strip_domain && strrchr(rname, '\\')) { + char tmp[MAXNAMELEN+1]; + + strcpy(tmp, strrchr(rname, '\\') + 1); + strcpy(rname, tmp); + } + } + + if (chap_verify_hook) + verifier = chap_verify_hook; + else + verifier = chap_verify_response; + ok = (*verifier)(name, ss->name, id, ss->digest, + ss->challenge + PPP_HDRLEN + CHAP_HDRLEN, + response, ss->message, sizeof(ss->message)); + if (!ok || !auth_number()) { + ss->flags |= AUTH_FAILED; + warn("Peer %q failed CHAP authentication", name); + } + } else if ((ss->flags & AUTH_DONE) == 0) + return; + + /* send the response */ + p = outpacket_buf; + MAKEHEADER(p, PPP_CHAP); + mlen = strlen(ss->message); + len = CHAP_HDRLEN + mlen; + p[0] = (ss->flags & AUTH_FAILED)? CHAP_FAILURE: CHAP_SUCCESS; + p[1] = id; + p[2] = len >> 8; + p[3] = len; + if (mlen > 0) + memcpy(p + CHAP_HDRLEN, ss->message, mlen); + output(0, outpacket_buf, PPP_HDRLEN + len); + + if (ss->flags & CHALLENGE_VALID) { + ss->flags &= ~CHALLENGE_VALID; + if (!(ss->flags & AUTH_DONE) && !(ss->flags & AUTH_FAILED)) { + /* + * Auth is OK, so now we need to check session restrictions + * to ensure everything is OK, but only if we used a + * plugin, and only if we're configured to check. This + * allows us to do PAM checks on PPP servers that + * authenticate against ActiveDirectory, and use AD for + * account info (like when using Winbind integrated with + * PAM). + */ + if (session_mgmt && + session_check(name, NULL, devnam, NULL) == 0) { + ss->flags |= AUTH_FAILED; + warn("Peer %q failed CHAP Session verification", name); + } + } + if (ss->flags & AUTH_FAILED) { + auth_peer_fail(0, PPP_CHAP); + } else { + if ((ss->flags & AUTH_DONE) == 0) + auth_peer_success(0, PPP_CHAP, + ss->digest->code, + name, strlen(name)); + if (chap_rechallenge_time) { + ss->flags |= TIMEOUT_PENDING; + TIMEOUT(chap_server_timeout, ss, + chap_rechallenge_time); + } + } + ss->flags |= AUTH_DONE; + } +} + +/* + * chap_verify_response - check whether the peer's response matches + * what we think it should be. Returns 1 if it does (authentication + * succeeded), or 0 if it doesn't. + */ +static int +chap_verify_response(char *name, char *ourname, int id, + struct chap_digest_type *digest, + unsigned char *challenge, unsigned char *response, + char *message, int message_space) +{ + int ok; + unsigned char secret[MAXSECRETLEN]; + int secret_len; + + /* Get the secret that the peer is supposed to know */ + if (!get_secret(0, name, ourname, (char *)secret, &secret_len, 1)) { + error("No CHAP secret found for authenticating %q", name); + return 0; + } + + ok = digest->verify_response(id, name, secret, secret_len, challenge, + response, message, message_space); + memset(secret, 0, sizeof(secret)); + + return ok; +} + +/* + * chap_respond - Generate and send a response to a challenge. + */ +static void +chap_respond(struct chap_client_state *cs, int id, + unsigned char *pkt, int len) +{ + int clen, nlen; + int secret_len; + unsigned char *p; + unsigned char response[RESP_MAX_PKTLEN]; + char rname[MAXNAMELEN+1]; + char secret[MAXSECRETLEN+1]; + + if ((cs->flags & (LOWERUP | AUTH_STARTED)) != (LOWERUP | AUTH_STARTED)) + return; /* not ready */ + if (len < 2 || len < pkt[0] + 1) + return; /* too short */ + clen = pkt[0]; + nlen = len - (clen + 1); + + /* Null terminate and clean remote name. */ + slprintf(rname, sizeof(rname), "%.*v", nlen, pkt + clen + 1); + + /* Microsoft doesn't send their name back in the PPP packet */ + if (explicit_remote || (remote_name[0] != 0 && rname[0] == 0)) + strlcpy(rname, remote_name, sizeof(rname)); + + /* get secret for authenticating ourselves with the specified host */ + if (!get_secret(0, cs->name, rname, secret, &secret_len, 0)) { + secret_len = 0; /* assume null secret if can't find one */ + warn("No CHAP secret found for authenticating us to %q", rname); + } + + p = response; + MAKEHEADER(p, PPP_CHAP); + p += CHAP_HDRLEN; + + cs->digest->make_response(p, id, cs->name, pkt, + secret, secret_len, cs->priv); + memset(secret, 0, secret_len); + + clen = *p; + nlen = strlen(cs->name); + memcpy(p + clen + 1, cs->name, nlen); + + p = response + PPP_HDRLEN; + len = CHAP_HDRLEN + clen + 1 + nlen; + p[0] = CHAP_RESPONSE; + p[1] = id; + p[2] = len >> 8; + p[3] = len; + + output(0, response, PPP_HDRLEN + len); +} + +static void +chap_handle_status(struct chap_client_state *cs, int code, int id, + unsigned char *pkt, int len) +{ + const char *msg = NULL; + + if ((cs->flags & (AUTH_DONE|AUTH_STARTED|LOWERUP)) + != (AUTH_STARTED|LOWERUP)) + return; + cs->flags |= AUTH_DONE; + + UNTIMEOUT(chap_client_timeout, cs); + cs->flags &= ~TIMEOUT_PENDING; + + if (code == CHAP_SUCCESS) { + /* used for MS-CHAP v2 mutual auth, yuck */ + if (cs->digest->check_success != NULL) { + if (!(*cs->digest->check_success)(id, pkt, len)) + code = CHAP_FAILURE; + } else + msg = "CHAP authentication succeeded"; + } else { + if (cs->digest->handle_failure != NULL) + (*cs->digest->handle_failure)(pkt, len); + else + msg = "CHAP authentication failed"; + } + if (msg) { + if (len > 0) + info("%s: %.*v", msg, len, pkt); + else + info("%s", msg); + } + if (code == CHAP_SUCCESS) + auth_withpeer_success(0, PPP_CHAP, cs->digest->code); + else { + cs->flags |= AUTH_FAILED; + error("CHAP authentication failed"); + auth_withpeer_fail(0, PPP_CHAP); + } +} + +static void +chap_input(int unit, unsigned char *pkt, int pktlen) +{ + struct chap_client_state *cs = &client; + struct chap_server_state *ss = &server; + unsigned char code, id; + int len; + + if (pktlen < CHAP_HDRLEN) + return; + GETCHAR(code, pkt); + GETCHAR(id, pkt); + GETSHORT(len, pkt); + if (len < CHAP_HDRLEN || len > pktlen) + return; + len -= CHAP_HDRLEN; + + switch (code) { + case CHAP_CHALLENGE: + chap_respond(cs, id, pkt, len); + break; + case CHAP_RESPONSE: + chap_handle_response(ss, id, pkt, len); + break; + case CHAP_FAILURE: + case CHAP_SUCCESS: + chap_handle_status(cs, code, id, pkt, len); + break; + } +} + +static void +chap_protrej(int unit) +{ + struct chap_client_state *cs = &client; + struct chap_server_state *ss = &server; + + if (ss->flags & TIMEOUT_PENDING) { + ss->flags &= ~TIMEOUT_PENDING; + UNTIMEOUT(chap_server_timeout, ss); + } + if (ss->flags & AUTH_STARTED) { + ss->flags = 0; + auth_peer_fail(0, PPP_CHAP); + } + if ((cs->flags & (AUTH_STARTED|AUTH_DONE)) == AUTH_STARTED) { + cs->flags &= ~AUTH_STARTED; + error("CHAP authentication failed due to protocol-reject"); + auth_withpeer_fail(0, PPP_CHAP); + } +} + +/* + * chap_print_pkt - print the contents of a CHAP packet. + */ +static char *chap_code_names[] = { + "Challenge", "Response", "Success", "Failure" +}; + +static int +chap_print_pkt(unsigned char *p, int plen, + void (*printer)(void *, char *, ...), void *arg) +{ + int code, id, len; + int clen, nlen; + unsigned char x; + + if (plen < CHAP_HDRLEN) + return 0; + GETCHAR(code, p); + GETCHAR(id, p); + GETSHORT(len, p); + if (len < CHAP_HDRLEN || len > plen) + return 0; + + if (code >= 1 && code <= sizeof(chap_code_names) / sizeof(char *)) + printer(arg, " %s", chap_code_names[code-1]); + else + printer(arg, " code=0x%x", code); + printer(arg, " id=0x%x", id); + len -= CHAP_HDRLEN; + switch (code) { + case CHAP_CHALLENGE: + case CHAP_RESPONSE: + if (len < 1) + break; + clen = p[0]; + if (len < clen + 1) + break; + ++p; + nlen = len - clen - 1; + printer(arg, " <"); + for (; clen > 0; --clen) { + GETCHAR(x, p); + printer(arg, "%.2x", x); + } + printer(arg, ">, name = "); + print_string((char *)p, nlen, printer, arg); + break; + case CHAP_FAILURE: + case CHAP_SUCCESS: + printer(arg, " "); + print_string((char *)p, len, printer, arg); + break; + default: + for (clen = len; clen > 0; --clen) { + GETCHAR(x, p); + printer(arg, " %.2x", x); + } + } + + return len + CHAP_HDRLEN; +} + +struct protent chap_protent = { + PPP_CHAP, + chap_init, + chap_input, + chap_protrej, + chap_lowerup, + chap_lowerdown, + NULL, /* open */ + NULL, /* close */ + chap_print_pkt, + NULL, /* datainput */ + 1, /* enabled_flag */ + "CHAP", /* name */ + NULL, /* data_name */ + chap_option_list, + NULL, /* check_options */ +}; diff --git a/pppd/chap.h b/pppd/chap.h new file mode 100644 index 0000000..2c69e77 --- /dev/null +++ b/pppd/chap.h @@ -0,0 +1,176 @@ +/* + * chap-new.c - New CHAP implementation. + * + * Copyright (c) 2003 Paul Mackerras. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. The name(s) of the authors of this software must not be used to + * endorse or promote products derived from this software without + * prior written permission. + * + * 3. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by Paul Mackerras + * ". + * + * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO + * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY + * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN + * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef PPP_CHAP_NEW_H +#define PPP_CHAP_NEW_H + +#include "pppdconf.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * CHAP packets begin with a standard header with code, id, len (2 bytes). + */ +#define CHAP_HDRLEN 4 + +/* + * Values for the code field. + */ +#define CHAP_CHALLENGE 1 +#define CHAP_RESPONSE 2 +#define CHAP_SUCCESS 3 +#define CHAP_FAILURE 4 + +/* + * CHAP digest codes. + */ +#define CHAP_MD5 5 +#define CHAP_MICROSOFT 0x80 +#define CHAP_MICROSOFT_V2 0x81 + +/* + * Semi-arbitrary limits on challenge and response fields. + */ +#define MAX_CHALLENGE_LEN 64 +#define MAX_RESPONSE_LEN 64 + +/* bitmask of supported algorithms */ +#define MDTYPE_MICROSOFT_V2 0x1 +#define MDTYPE_MICROSOFT 0x2 +#define MDTYPE_MD5 0x4 +#define MDTYPE_NONE 0 + +/* hashes supported by this instance of pppd */ +extern int chap_mdtype_all; + +/* Return the digest alg. ID for the most preferred digest type. */ +#define CHAP_DIGEST(mdtype) \ + ((mdtype) & MDTYPE_MD5)? CHAP_MD5: \ + ((mdtype) & MDTYPE_MICROSOFT_V2)? CHAP_MICROSOFT_V2: \ + ((mdtype) & MDTYPE_MICROSOFT)? CHAP_MICROSOFT: \ + 0 + +/* Return the bit flag (lsb set) for our most preferred digest type. */ +#define CHAP_MDTYPE(mdtype) ((mdtype) ^ ((mdtype) - 1)) & (mdtype) + +/* Return the bit flag for a given digest algorithm ID. */ +#define CHAP_MDTYPE_D(digest) \ + ((digest) == CHAP_MICROSOFT_V2)? MDTYPE_MICROSOFT_V2: \ + ((digest) == CHAP_MICROSOFT)? MDTYPE_MICROSOFT: \ + ((digest) == CHAP_MD5)? MDTYPE_MD5: \ + 0 + +/* Can we do the requested digest? */ +#define CHAP_CANDIGEST(mdtype, digest) \ + ((digest) == CHAP_MICROSOFT_V2)? (mdtype) & MDTYPE_MICROSOFT_V2: \ + ((digest) == CHAP_MICROSOFT)? (mdtype) & MDTYPE_MICROSOFT: \ + ((digest) == CHAP_MD5)? (mdtype) & MDTYPE_MD5: \ + 0 + + +/* + * The code for each digest type has to supply one of these. + */ +struct chap_digest_type { + int code; + + /* + * Note: challenge and response arguments below are formatted as + * a length byte followed by the actual challenge/response data. + */ + void (*generate_challenge)(unsigned char *challenge); + int (*verify_response)(int id, char *name, + unsigned char *secret, int secret_len, + unsigned char *challenge, unsigned char *response, + char *message, int message_space); + void (*make_response)(unsigned char *response, int id, char *our_name, + unsigned char *challenge, char *secret, int secret_len, + unsigned char *priv); + int (*check_success)(int id, unsigned char *pkt, int len); + void (*handle_failure)(unsigned char *pkt, int len); + + struct chap_digest_type *next; +}; + +/* + * This function will return a value of 1 to indicate that a plugin intend to supply + * a username or a password to pppd through the chap_passwd_hook callback. + * + * Return a value > 0 to avoid parsing the chap-secrets file. + */ +typedef int (chap_check_hook_fn)(void); +extern chap_check_hook_fn *chap_check_hook; + +/* + * A plugin can chose to supply its own user and password overriding whatever + * has been provided by the configuration. Hook is only valid when pppd is + * acting as a client. + * + * The maximum size of the user argument is always MAXNAMELEN + * The length of the password is always MAXWORDLEN, however; secrets can't be + * longer than MAXSECRETLEN + * + * Return a value < 0 to fail the connection. + */ +typedef int (chap_passwd_hook_fn)(char *user, char *password); +extern chap_passwd_hook_fn *chap_passwd_hook; + +/* + * A plugin can chose to replace the default chap_verify_response function with + * one of their own. + */ +typedef int (chap_verify_hook_fn)(char *name, char *ourname, int id, + struct chap_digest_type *digest, + unsigned char *challenge, unsigned char *response, + char *message, int message_space); +extern chap_verify_hook_fn *chap_verify_hook; + +/* Called by digest code to register a digest type */ +extern void chap_register_digest(struct chap_digest_type *); + +/* Lookup a digest handler by type */ +extern struct chap_digest_type *chap_find_digest(int digest_code); + +/* Called by authentication code to start authenticating the peer. */ +extern void chap_auth_peer(int unit, char *our_name, int digest_code); + +/* Called by auth. code to start authenticating us to the peer. */ +extern void chap_auth_with_peer(int unit, char *our_name, int digest_code); + +/* Represents the CHAP protocol to the main pppd code */ +extern struct protent chap_protent; + +#ifdef __cplusplus +} +#endif + +#endif // PPP_CHAP_NEW_H diff --git a/pppd/chap_ms.c b/pppd/chap_ms.c index 8e59280..e3d808f 100644 --- a/pppd/chap_ms.c +++ b/pppd/chap_ms.c @@ -93,22 +93,22 @@ #include #endif -#include "pppd.h" -#include "chap-new.h" +#include "pppd-private.h" +#include "options.h" +#include "chap.h" #include "chap_ms.h" -#include "md4.h" -#include "sha1.h" -#include "pppcrypt.h" #include "magic.h" #include "mppe.h" +#include "crypto.h" +#include "crypto_ms.h" #ifdef UNIT_TEST #undef PPP_WITH_MPPE #endif static void ascii2unicode (char[], int, u_char[]); -static void NTPasswordHash (u_char *, int, u_char[MD4_SIGNATURE_SIZE]); -static void ChallengeResponse (u_char *, u_char *, u_char[24]); +static void NTPasswordHash (u_char *, int, unsigned char *); +static int ChallengeResponse (u_char *, u_char *, u_char*); static void ChapMS_NT (u_char *, char *, int, u_char[24]); static void ChapMS2_NT (u_char *, u_char[16], char *, char *, int, u_char[24]); @@ -140,7 +140,7 @@ static char *mschap2_peer_challenge = NULL; /* * Command-line options. */ -static option_t chapms_option_list[] = { +static struct option chapms_option_list[] = { #ifdef PPP_WITH_MSLANMAN { "ms-lanman", o_bool, &ms_lanman, "Use LanMan passwd when using MS-CHAP", 1 }, @@ -504,31 +504,31 @@ print_msg: free(msg); } -static void +static int ChallengeResponse(u_char *challenge, - u_char PasswordHash[MD4_SIGNATURE_SIZE], - u_char response[24]) + u_char *PasswordHash, + u_char *response) { - u_char ZPasswordHash[21]; + u_char ZPasswordHash[24]; + PPP_CIPHER_CTX *ctx; BZERO(ZPasswordHash, sizeof(ZPasswordHash)); - BCOPY(PasswordHash, ZPasswordHash, MD4_SIGNATURE_SIZE); + BCOPY(PasswordHash, ZPasswordHash, MD4_DIGEST_LENGTH); #if 0 dbglog("ChallengeResponse - ZPasswordHash %.*B", sizeof(ZPasswordHash), ZPasswordHash); #endif - (void) DesSetkey(ZPasswordHash + 0); - DesEncrypt(challenge, response + 0); - (void) DesSetkey(ZPasswordHash + 7); - DesEncrypt(challenge, response + 8); - (void) DesSetkey(ZPasswordHash + 14); - DesEncrypt(challenge, response + 16); + if (DesEncrypt(challenge, ZPasswordHash + 0, response + 0) && + DesEncrypt(challenge, ZPasswordHash + 7, response + 8) && + DesEncrypt(challenge, ZPasswordHash + 14, response + 16)) + return 1; #if 0 dbglog("ChallengeResponse - response %.24B", response); #endif + return 0; } void @@ -536,23 +536,40 @@ ChallengeHash(u_char PeerChallenge[16], u_char *rchallenge, char *username, u_char Challenge[8]) { - SHA1_CTX sha1Context; - u_char sha1Hash[SHA1_SIGNATURE_SIZE]; - char *user; + PPP_MD_CTX* ctx; + u_char hash[SHA_DIGEST_LENGTH]; + int hash_len; + const char *user; /* remove domain from "domain\username" */ if ((user = strrchr(username, '\\')) != NULL) ++user; else user = username; + + ctx = PPP_MD_CTX_new(); + if (ctx != NULL) { + + if (PPP_DigestInit(ctx, PPP_sha1())) { - SHA1_Init(&sha1Context); - SHA1_Update(&sha1Context, PeerChallenge, 16); - SHA1_Update(&sha1Context, rchallenge, 16); - SHA1_Update(&sha1Context, (unsigned char *)user, strlen(user)); - SHA1_Final(sha1Hash, &sha1Context); + if (PPP_DigestUpdate(ctx, PeerChallenge, 16)) { - BCOPY(sha1Hash, Challenge, 8); + if (PPP_DigestUpdate(ctx, rchallenge, 16)) { + + if (PPP_DigestUpdate(ctx, user, strlen(user))) { + + hash_len = SHA_DIGEST_LENGTH; + if (PPP_DigestFinal(ctx, hash, &hash_len)) { + + BCOPY(hash, Challenge, 8); + } + } + } + } + } + + PPP_MD_CTX_free(ctx); + } } /* @@ -573,28 +590,22 @@ ascii2unicode(char ascii[], int ascii_len, u_char unicode[]) } static void -NTPasswordHash(u_char *secret, int secret_len, u_char hash[MD4_SIGNATURE_SIZE]) +NTPasswordHash(u_char *secret, int secret_len, unsigned char* hash) { -#if defined(__NetBSD__) || !defined(USE_MD4) - /* NetBSD uses the libc md4 routines which take bytes instead of bits */ - int mdlen = secret_len; -#else - int mdlen = secret_len * 8; -#endif - MD4_CTX md4Context; - - MD4Init(&md4Context); -#if !defined(USE_MD4) - /* Internal MD4Update can take at most 64 bytes at a time */ - while (mdlen > 512) { - MD4Update(&md4Context, secret, 512); - secret += 64; - mdlen -= 512; - } -#endif - MD4Update(&md4Context, secret, mdlen); - MD4Final(hash, &md4Context); + PPP_MD_CTX* ctx = PPP_MD_CTX_new(); + if (ctx != NULL) { + if (PPP_DigestInit(ctx, PPP_md4())) { + + if (PPP_DigestUpdate(ctx, secret, secret_len)) { + + int hash_len = MD4_DIGEST_LENGTH; + PPP_DigestFinal(ctx, hash, &hash_len); + } + } + + PPP_MD_CTX_free(ctx); + } } static void @@ -602,7 +613,7 @@ ChapMS_NT(u_char *rchallenge, char *secret, int secret_len, u_char NTResponse[24]) { u_char unicodePassword[MAX_NT_PASSWORD * 2]; - u_char PasswordHash[MD4_SIGNATURE_SIZE]; + u_char PasswordHash[MD4_DIGEST_LENGTH]; /* Hash the Unicode version of the secret (== password). */ ascii2unicode(secret, secret_len, unicodePassword); @@ -616,7 +627,7 @@ ChapMS2_NT(u_char *rchallenge, u_char PeerChallenge[16], char *username, char *secret, int secret_len, u_char NTResponse[24]) { u_char unicodePassword[MAX_NT_PASSWORD * 2]; - u_char PasswordHash[MD4_SIGNATURE_SIZE]; + u_char PasswordHash[MD4_DIGEST_LENGTH]; u_char Challenge[8]; ChallengeHash(PeerChallenge, rchallenge, username, Challenge); @@ -637,26 +648,27 @@ ChapMS_LANMan(u_char *rchallenge, char *secret, int secret_len, { int i; u_char UcasePassword[MAX_NT_PASSWORD]; /* max is actually 14 */ - u_char PasswordHash[MD4_SIGNATURE_SIZE]; + u_char PasswordHash[MD4_DIGEST_LENGTH]; /* LANMan password is case insensitive */ BZERO(UcasePassword, sizeof(UcasePassword)); for (i = 0; i < secret_len; i++) UcasePassword[i] = (u_char)toupper(secret[i]); - (void) DesSetkey(UcasePassword + 0); - DesEncrypt( StdText, PasswordHash + 0 ); - (void) DesSetkey(UcasePassword + 7); - DesEncrypt( StdText, PasswordHash + 8 ); - ChallengeResponse(rchallenge, PasswordHash, &response[MS_CHAP_LANMANRESP]); + + if (DesEncrypt(StdText, UcasePassword + 0, PasswordHash + 0) && + DesEncrypt(StdText, UcasePassword + 7, PasswordHash + 8)) { + + ChallengeResponse(rchallenge, PasswordHash, &response[MS_CHAP_LANMANRESP]); + } } #endif void -GenerateAuthenticatorResponse(u_char PasswordHashHash[MD4_SIGNATURE_SIZE], - u_char NTResponse[24], u_char PeerChallenge[16], - u_char *rchallenge, char *username, - u_char authResponse[MS_AUTH_RESPONSE_LENGTH+1]) +GenerateAuthenticatorResponse(unsigned char* PasswordHashHash, + unsigned char *NTResponse, unsigned char *PeerChallenge, + unsigned char *rchallenge, char *username, + unsigned char *authResponse) { /* * "Magic" constants used in response generation, from RFC 2759. @@ -674,27 +686,58 @@ GenerateAuthenticatorResponse(u_char PasswordHashHash[MD4_SIGNATURE_SIZE], 0x6E }; int i; - SHA1_CTX sha1Context; - u_char Digest[SHA1_SIGNATURE_SIZE]; + PPP_MD_CTX *ctx; + u_char Digest[SHA_DIGEST_LENGTH] = {}; + int hash_len; u_char Challenge[8]; - SHA1_Init(&sha1Context); - SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE); - SHA1_Update(&sha1Context, NTResponse, 24); - SHA1_Update(&sha1Context, Magic1, sizeof(Magic1)); - SHA1_Final(Digest, &sha1Context); + ctx = PPP_MD_CTX_new(); + if (ctx != NULL) { + + if (PPP_DigestInit(ctx, PPP_sha1())) { + + if (PPP_DigestUpdate(ctx, PasswordHashHash, MD4_DIGEST_LENGTH)) { + + if (PPP_DigestUpdate(ctx, NTResponse, 24)) { + if (PPP_DigestUpdate(ctx, Magic1, sizeof(Magic1))) { + + hash_len = sizeof(Digest); + PPP_DigestFinal(ctx, Digest, &hash_len); + } + } + } + } + PPP_MD_CTX_free(ctx); + } + ChallengeHash(PeerChallenge, rchallenge, username, Challenge); - SHA1_Init(&sha1Context); - SHA1_Update(&sha1Context, Digest, sizeof(Digest)); - SHA1_Update(&sha1Context, Challenge, sizeof(Challenge)); - SHA1_Update(&sha1Context, Magic2, sizeof(Magic2)); - SHA1_Final(Digest, &sha1Context); + ctx = PPP_MD_CTX_new(); + if (ctx != NULL) { + + if (PPP_DigestInit(ctx, PPP_sha1())) { + + if (PPP_DigestUpdate(ctx, Digest, sizeof(Digest))) { + + if (PPP_DigestUpdate(ctx, Challenge, sizeof(Challenge))) { + + if (PPP_DigestUpdate(ctx, Magic2, sizeof(Magic2))) { + + hash_len = sizeof(Digest); + PPP_DigestFinal(ctx, Digest, &hash_len); + } + } + } + } + + PPP_MD_CTX_free(ctx); + } /* Convert to ASCII hex string. */ - for (i = 0; i < MAX((MS_AUTH_RESPONSE_LENGTH / 2), sizeof(Digest)); i++) - sprintf((char *)&authResponse[i * 2], "%02X", Digest[i]); + for (i = 0; i < MAX((MS_AUTH_RESPONSE_LENGTH / 2), sizeof(Digest)); i++) { + sprintf((char *)&authResponse[i * 2], "%02X", Digest[i]); + } } @@ -706,8 +749,8 @@ GenerateAuthenticatorResponsePlain u_char authResponse[MS_AUTH_RESPONSE_LENGTH+1]) { u_char unicodePassword[MAX_NT_PASSWORD * 2]; - u_char PasswordHash[MD4_SIGNATURE_SIZE]; - u_char PasswordHashHash[MD4_SIGNATURE_SIZE]; + u_char PasswordHash[MD4_DIGEST_LENGTH]; + u_char PasswordHashHash[MD4_DIGEST_LENGTH]; /* Hash (x2) the Unicode version of the secret (== password). */ ascii2unicode(secret, secret_len, unicodePassword); @@ -729,8 +772,8 @@ static void Set_Start_Key(u_char *rchallenge, char *secret, int secret_len) { u_char unicodePassword[MAX_NT_PASSWORD * 2]; - u_char PasswordHash[MD4_SIGNATURE_SIZE]; - u_char PasswordHashHash[MD4_SIGNATURE_SIZE]; + u_char PasswordHash[MD4_DIGEST_LENGTH]; + u_char PasswordHashHash[MD4_DIGEST_LENGTH]; /* Hash (x2) the Unicode version of the secret (== password). */ ascii2unicode(secret, secret_len, unicodePassword); @@ -747,8 +790,8 @@ static void SetMasterKeys(char *secret, int secret_len, u_char NTResponse[24], int IsServer) { u_char unicodePassword[MAX_NT_PASSWORD * 2]; - u_char PasswordHash[MD4_SIGNATURE_SIZE]; - u_char PasswordHashHash[MD4_SIGNATURE_SIZE]; + u_char PasswordHash[MD4_DIGEST_LENGTH]; + u_char PasswordHashHash[MD4_DIGEST_LENGTH]; /* Hash (x2) the Unicode version of the secret (== password). */ ascii2unicode(secret, secret_len, unicodePassword); NTPasswordHash(unicodePassword, secret_len * 2, PasswordHash); @@ -794,7 +837,7 @@ ChapMS(u_char *rchallenge, char *secret, int secret_len, * Authenticator Response. */ void -ChapMS2(u_char *rchallenge, u_char *PeerChallenge, +ChapMS2(unsigned char *rchallenge, unsigned char *PeerChallenge, char *user, char *secret, int secret_len, unsigned char *response, u_char authResponse[], int authenticator) { @@ -853,7 +896,7 @@ chapms_init(void) { chap_register_digest(&chapms_digest); chap_register_digest(&chapms2_digest); - add_options(chapms_option_list); + ppp_add_options(chapms_option_list); } #else @@ -874,10 +917,10 @@ void random_bytes(unsigned char *bytes, int len) int test_chap_v1(void) { - char *secret = "TestPassword"; + char *secret = "MyPw"; unsigned char challenge[8] = { - 0x6c, 0x8d, 0x4b, 0xa1, 0x2b, 0x5c, 0x13, 0xc3 + 0x10, 0x2D, 0xB5, 0xDF, 0x08, 0x5D, 0x30, 0x41 }; unsigned char response[MS_CHAP_RESPONSE_LEN] = { }; @@ -886,9 +929,10 @@ int test_chap_v1(void) { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x91, 0x09, 0x61, 0x5a, 0x0c, 0xac, 0xac, 0x55, - 0x1f, 0x60, 0xe2, 0x9c, 0x00, 0xac, 0x24, 0xda, - 0x6e, 0xa5, 0x7b, 0xdb, 0x1d, 0x6a, 0x17, 0xc5, + 0x4E, 0x9D, 0x3C, 0x8F, 0x9C, 0xFD, 0x38, 0x5D, + 0x5B, 0xF4, 0xD3, 0x24, 0x67, 0x91, 0x95, 0x6C, + 0xA4, 0xC3, 0x51, 0xAB, 0x40, 0x9A, 0x3D, 0x61, + 0x01 }; @@ -929,6 +973,8 @@ int test_chap_v2(void) { } int main(int argc, char *argv[]) { + + PPP_crypto_init(); if (test_chap_v1()) { printf("CHAPv1 failed\n"); @@ -940,6 +986,8 @@ int main(int argc, char *argv[]) { return -1; } + PPP_crypto_deinit(); + printf("Success\n"); return 0; } diff --git a/pppd/chap_ms.h b/pppd/chap_ms.h index 7b08cff..b3fdae6 100644 --- a/pppd/chap_ms.h +++ b/pppd/chap_ms.h @@ -35,7 +35,10 @@ #include "pppdconf.h" -#define MD4_SIGNATURE_SIZE 16 /* 16 bytes in a MD4 message digest */ +#ifdef __cplusplus +extern "C" { +#endif + #define MAX_NT_PASSWORD 256 /* Max (Unicode) chars in an NT pass */ #define MS_CHAP_RESPONSE_LEN 49 /* Response length for MS-CHAP */ @@ -79,13 +82,25 @@ void ChapMS (u_char *, char *, int, u_char *); void ChapMS2 (u_char *, u_char *, char *, char *, int, u_char *, u_char[MS_AUTH_RESPONSE_LENGTH+1], int); -void ChallengeHash (u_char[16], u_char *, char *, u_char[8]); +void ChallengeHash (u_char[16], u_char *, char *, u_char[8]); + -void GenerateAuthenticatorResponse(u_char PasswordHashHash[MD4_SIGNATURE_SIZE], - u_char NTResponse[24], u_char PeerChallenge[16], - u_char *rchallenge, char *username, - u_char authResponse[MS_AUTH_RESPONSE_LENGTH+1]); +/** + * PasswordHashHash - 16 bytes representing the NT Password Hash Hash + * NTResponse - 24 bytes represending the NTResponse parameter + * PeerChallenge - 16 bytes challange for peer + * rchallenge - 16 bytes challenge provided by peer + * authResponse - 24 + 1 byte to store the authenticator response + */ +void GenerateAuthenticatorResponse(unsigned char *PasswordHashHash, + unsigned char *NTResponse, unsigned char *PeerChallenge, + unsigned char *rchallenge, char *username, + unsigned char *authResponse); void chapms_init(void); +#ifdef __cplusplus +} +#endif + #endif /* PPP_CHAPMS_H */ diff --git a/pppd/crypto-priv.h b/pppd/crypto-priv.h new file mode 100644 index 0000000..6c9d152 --- /dev/null +++ b/pppd/crypto-priv.h @@ -0,0 +1,69 @@ +/* ppp-crypo-priv.h - Crypto private data structures + * + * Copyright (c) 2022 Eivind Næss. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. The name(s) of the authors of this software must not be used to + * endorse or promote products derived from this software without + * prior written permission. + * + * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO + * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY + * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN + * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ +#ifndef PPP_CRYPTO_PRIV_H +#define PPP_CRYPTO_PRIV_H + +#include "crypto.h" + +#define MAX_KEY_SIZE 32 +#define MAX_IV_SIZE 32 + +struct _PPP_MD +{ + int (*init_fn)(PPP_MD_CTX *ctx); + int (*update_fn)(PPP_MD_CTX *ctx, const void *data, size_t cnt); + int (*final_fn)(PPP_MD_CTX *ctx, unsigned char *out, unsigned int *outlen); + void (*clean_fn)(PPP_MD_CTX *ctx); +}; + +struct _PPP_MD_CTX +{ + PPP_MD md; + void *priv; +}; + +struct _PPP_CIPHER +{ + int (*init_fn)(PPP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv); + int (*update_fn)(PPP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl); + int (*final_fn)(PPP_CIPHER_CTX *ctx, unsigned char *out, int *outl); + void (*clean_fn)(PPP_CIPHER_CTX *ctx); +}; + +struct _PPP_CIPHER_CTX +{ + PPP_CIPHER cipher; + unsigned char key[MAX_KEY_SIZE]; + unsigned char iv[MAX_IV_SIZE]; + int is_encr; + void *priv; +}; + + +#endif diff --git a/pppd/crypto.c b/pppd/crypto.c new file mode 100644 index 0000000..905f11d --- /dev/null +++ b/pppd/crypto.c @@ -0,0 +1,499 @@ +/* ppp-crypto.c - Generic API for access to crypto/digest functions. + * + * Copyright (c) 2022 Eivind Næss. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. The name(s) of the authors of this software must not be used to + * endorse or promote products derived from this software without + * prior written permission. + * + * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO + * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY + * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN + * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include +#include + +#include "crypto.h" +#include "crypto-priv.h" + +#ifdef PPP_WITH_OPENSSL +#include +#endif + +#if OPENSSL_VERSION_NUMBER >= 0x30000000L +#include +struct crypto_ctx { + + OSSL_PROVIDER *legacy; + OSSL_PROVIDER *provider; +} g_crypto_ctx; +#endif + +PPP_MD_CTX *PPP_MD_CTX_new() +{ + return (PPP_MD_CTX*) calloc(1, sizeof(PPP_MD_CTX)); +} + +void PPP_MD_CTX_free(PPP_MD_CTX* ctx) +{ + if (ctx) { + if (ctx->md.clean_fn) { + ctx->md.clean_fn(ctx); + } + free(ctx); + } +} + +int PPP_DigestInit(PPP_MD_CTX *ctx, const PPP_MD *type) +{ + if (ctx) { + ctx->md = *type; + if (ctx->md.init_fn) { + return ctx->md.init_fn(ctx); + } + } + return 0; +} + +int PPP_DigestUpdate(PPP_MD_CTX *ctx, const void *data, size_t length) +{ + if (ctx && ctx->md.update_fn) { + return ctx->md.update_fn(ctx, data, length); + } + return 0; +} + +int PPP_DigestFinal(PPP_MD_CTX *ctx, unsigned char *out, unsigned int *outlen) +{ + if (ctx && ctx->md.final_fn) { + return ctx->md.final_fn(ctx, out, outlen); + } + return 0; +} + +PPP_CIPHER_CTX *PPP_CIPHER_CTX_new(void) +{ + return calloc(1, sizeof(PPP_CIPHER_CTX)); +} + +void PPP_CIPHER_CTX_free(PPP_CIPHER_CTX *ctx) +{ + if (ctx) { + if (ctx->cipher.clean_fn) { + ctx->cipher.clean_fn(ctx); + } + memset(ctx->iv, 0, sizeof(ctx->iv)); + memset(ctx->key, 0, sizeof(ctx->key)); + free(ctx); + } +} + +int PPP_CipherInit(PPP_CIPHER_CTX *ctx, const PPP_CIPHER *cipher, const unsigned char *key, const unsigned char *iv, int encr) +{ + if (ctx && cipher) { + ctx->is_encr = encr; + ctx->cipher = *cipher; + if (ctx->cipher.init_fn) { + ctx->cipher.init_fn(ctx, key, iv); + } + return 1; + } + return 0; +} + +int PPP_CipherUpdate(PPP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) +{ + if (ctx && ctx->cipher.update_fn) { + return ctx->cipher.update_fn(ctx, out, outl, in, inl); + } + return 0; +} + +int PPP_CipherFinal(PPP_CIPHER_CTX *ctx, unsigned char *out, int *outl) +{ + if (ctx && ctx->cipher.final_fn) { + return ctx->cipher.final_fn(ctx, out, outl); + } + return 0; +} + +int PPP_crypto_init() +{ + int retval = 0; + +#if OPENSSL_VERSION_NUMBER >= 0x30000000L + g_crypto_ctx.legacy = OSSL_PROVIDER_load(NULL, "legacy"); + if (g_crypto_ctx.legacy == NULL) + { + goto done; + } + + g_crypto_ctx.provider = OSSL_PROVIDER_load(NULL, "default"); + if (g_crypto_ctx.provider == NULL) + { + goto done; + } +#endif + retval = 1; + +done: + + return retval; +} + +int PPP_crypto_deinit() +{ +#if OPENSSL_VERSION_NUMBER >= 0x30000000L + if (g_crypto_ctx.legacy) { + OSSL_PROVIDER_unload(g_crypto_ctx.legacy); + g_crypto_ctx.legacy = NULL; + } + + if (g_crypto_ctx.provider) { + OSSL_PROVIDER_unload(g_crypto_ctx.provider); + g_crypto_ctx.provider = NULL; + } +#endif + return 1; +} + +#ifdef UNIT_TEST +#include + +int test_md4() +{ + PPP_MD_CTX* ctx = NULL; + int success = 0; + + unsigned char data[84] = { + 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, + 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, + 0x64, 0x65, 0x2c, 0x20, 0x74, 0x68, 0x69, 0x73, + 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20, + 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79, + 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, + 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, + 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, + 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20, + 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20, + 0x6b, 0x65, 0x79, 0x2e + }; + + unsigned int hash_len; + unsigned char hash[MD4_DIGEST_LENGTH]; + unsigned char result[MD4_DIGEST_LENGTH] = { + 0x58, 0xcb, 0x37, 0x91, 0x1d, 0x06, 0x7b, 0xdf, + 0xfd, 0x48, 0x6d, 0x87, 0x4a, 0x35, 0x5b, 0xd4 + }; + + ctx = PPP_MD_CTX_new(); + if (ctx) { + + if (PPP_DigestInit(ctx, PPP_md4())) { + + if (PPP_DigestUpdate(ctx, &data, sizeof(data))) { + + hash_len = sizeof(hash); + if (PPP_DigestFinal(ctx, hash, &hash_len)) { + + if (memcmp(hash, result, MD4_DIGEST_LENGTH) == 0) { + success = 1; + } + } + } + } + PPP_MD_CTX_free(ctx); + } + + return success; +} + +int test_md5() +{ + PPP_MD_CTX* ctx = NULL; + int success = 0; + + unsigned char data[84] = { + 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, + 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, + 0x64, 0x65, 0x2c, 0x20, 0x74, 0x68, 0x69, 0x73, + 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20, + 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79, + 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, + 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, + 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, + 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20, + 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20, + 0x6b, 0x65, 0x79, 0x2e + }; + + unsigned int hash_len; + unsigned char hash[MD5_DIGEST_LENGTH]; + unsigned char result[MD5_DIGEST_LENGTH] = { + 0x8b, 0xe3, 0x5e, 0x2c, 0x9f, 0x95, 0xbf, 0x4e, + 0x16, 0xe4, 0x53, 0xbe, 0x52, 0xf4, 0xbc, 0x4e + }; + + ctx = PPP_MD_CTX_new(); + if (ctx) { + + if (PPP_DigestInit(ctx, PPP_md5())) { + + if (PPP_DigestUpdate(ctx, &data, sizeof(data))) { + + hash_len = sizeof(hash); + if (PPP_DigestFinal(ctx, hash, &hash_len)) { + + if (memcmp(hash, result, MD5_DIGEST_LENGTH) == 0) { + success = 1; + } + } + } + } + PPP_MD_CTX_free(ctx); + } + + return success; +} + +int test_sha() +{ + PPP_MD_CTX* ctx = NULL; + int success = 0; + + unsigned char data[84] = { + 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, + 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, + 0x64, 0x65, 0x2c, 0x20, 0x74, 0x68, 0x69, 0x73, + 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20, + 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79, + 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, + 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, + 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, + 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20, + 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20, + 0x6b, 0x65, 0x79, 0x2e + }; + + unsigned int hash_len; + unsigned char hash[SHA_DIGEST_LENGTH]; + unsigned char result[SHA_DIGEST_LENGTH] = { + 0xa8, 0x03, 0xae, 0x21, 0x30, 0xd8, 0x40, 0xbe, + 0x27, 0xa3, 0x47, 0xc7, 0x7a, 0x90, 0xe6, 0xa3, + 0x5b, 0xd5, 0x0e, 0x45 + }; + + ctx = PPP_MD_CTX_new(); + if (ctx) { + + if (PPP_DigestInit(ctx, PPP_sha1())) { + + if (PPP_DigestUpdate(ctx, &data, sizeof(data))) { + + hash_len = sizeof(hash); + if (PPP_DigestFinal(ctx, hash, &hash_len)) { + + if (memcmp(hash, result, SHA_DIGEST_LENGTH) == 0) { + success = 1; + } + } + } + } + PPP_MD_CTX_free(ctx); + } + + return success; +} + +int test_des_encrypt() +{ + PPP_CIPHER_CTX* ctx = NULL; + int success = 0; + + unsigned char key[8] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 + }; + + unsigned char plain[80] = { + 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, + 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, + 0x64, 0x65, 0x2c, 0x20, 0x74, 0x68, 0x69, 0x73, + 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20, + 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79, + 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, + 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, + 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, + 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20, + 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20 + }; + unsigned char expect[80] = { + 0x45, 0xdb, 0x80, 0x45, 0x16, 0xd0, 0x6d, 0x60, + 0x92, 0x23, 0x4b, 0xd3, 0x9d, 0x36, 0xb8, 0x1a, + 0xa4, 0x1a, 0xf7, 0xb1, 0x60, 0xfb, 0x74, 0x16, + 0xa6, 0xdc, 0xe1, 0x14, 0xb7, 0xed, 0x48, 0x5a, + 0x2b, 0xed, 0x68, 0x9d, 0x19, 0xd6, 0xb1, 0xb8, + 0x91, 0xff, 0xea, 0x62, 0xac, 0xe7, 0x49, 0xdd, + 0xfa, 0x4d, 0xa4, 0x01, 0x3f, 0xea, 0xca, 0xb4, + 0xb6, 0xdc, 0xd3, 0x04, 0x45, 0x07, 0x74, 0xed, + 0xa6, 0xdc, 0xe1, 0x14, 0xb7, 0xed, 0x48, 0x5a, + 0xbb, 0x9b, 0x13, 0x31, 0xf4, 0xa9, 0x32, 0x49 + }; + + unsigned char cipher[80] = {}; + int cipher_len = 0; + int offset = 0; + + + ctx = PPP_CIPHER_CTX_new(); + if (ctx) { + + if (PPP_CipherInit(ctx, PPP_des_ecb(), key, NULL, 1)) { + + if (PPP_CipherUpdate(ctx, cipher, &cipher_len, plain, sizeof(plain))) { + + offset += cipher_len; + + if (PPP_CipherFinal(ctx, cipher+offset, &cipher_len)) { + + if (memcmp(cipher, expect, 80) == 0) { + + success = 1; + } + } + } + } + PPP_CIPHER_CTX_free(ctx); + } + + return success; +} + + +int test_des_decrypt() +{ + PPP_CIPHER_CTX* ctx = NULL; + int success = 0; + + unsigned char key[8] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 + }; + + unsigned char cipher[80] = { + 0x45, 0xdb, 0x80, 0x45, 0x16, 0xd0, 0x6d, 0x60, + 0x92, 0x23, 0x4b, 0xd3, 0x9d, 0x36, 0xb8, 0x1a, + 0xa4, 0x1a, 0xf7, 0xb1, 0x60, 0xfb, 0x74, 0x16, + 0xa6, 0xdc, 0xe1, 0x14, 0xb7, 0xed, 0x48, 0x5a, + 0x2b, 0xed, 0x68, 0x9d, 0x19, 0xd6, 0xb1, 0xb8, + 0x91, 0xff, 0xea, 0x62, 0xac, 0xe7, 0x49, 0xdd, + 0xfa, 0x4d, 0xa4, 0x01, 0x3f, 0xea, 0xca, 0xb4, + 0xb6, 0xdc, 0xd3, 0x04, 0x45, 0x07, 0x74, 0xed, + 0xa6, 0xdc, 0xe1, 0x14, 0xb7, 0xed, 0x48, 0x5a, + 0xbb, 0x9b, 0x13, 0x31, 0xf4, 0xa9, 0x32, 0x49 + }; + + unsigned char expect[80] = { + 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, + 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, + 0x64, 0x65, 0x2c, 0x20, 0x74, 0x68, 0x69, 0x73, + 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20, + 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79, + 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, + 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, + 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, + 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, 0x65, 0x20, + 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20 + }; + + unsigned char plain[80] = {}; + int outlen = 0; + int offset = 0; + + ctx = PPP_CIPHER_CTX_new(); + if (ctx) { + + if (PPP_CipherInit(ctx, PPP_des_ecb(), key, NULL, 0)) { + + if (PPP_CipherUpdate(ctx, plain, &outlen, cipher, sizeof(cipher))) { + + offset += outlen; + + if (PPP_CipherFinal(ctx, plain+offset, &outlen)) { + + if (memcmp(plain, expect, 80) == 0) { + + success = 1; + } + } + } + } + PPP_CIPHER_CTX_free(ctx); + } + + return success; +} + +int main(int argc, char *argv[]) +{ + int failure = 0; + + if (!PPP_crypto_init()) { + printf("Couldn't initialize crypto test\n"); + return -1; + } + + if (!test_md4()) { + printf("MD4 test failed\n"); + failure++; + } + + if (!test_md5()) { + printf("MD5 test failed\n"); + failure++; + } + + if (!test_sha()) { + printf("SHA test failed\n"); + failure++; + } + + if (!test_des_encrypt()) { + printf("DES encryption test failed\n"); + failure++; + } + + if (!test_des_decrypt()) { + printf("DES decryption test failed\n"); + failure++; + } + + if (!PPP_crypto_deinit()) { + printf("Couldn't deinitialize crypto test\n"); + return -1; + } + + return failure; +} + +#endif diff --git a/pppd/crypto.h b/pppd/crypto.h new file mode 100644 index 0000000..c559d0c --- /dev/null +++ b/pppd/crypto.h @@ -0,0 +1,163 @@ +/* ppp-crypto.h - Generic API for access to crypto/digest functions. + * + * Copyright (c) 2022 Eivind Næss. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. The name(s) of the authors of this software must not be used to + * endorse or promote products derived from this software without + * prior written permission. + * + * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO + * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY + * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN + * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef PPP_CRYPTO_H +#define PPP_CRYPTO_H + +#ifdef __cplusplus +extern "C" { +#endif + +#ifndef MD5_DIGEST_LENGTH +#define MD5_DIGEST_LENGTH 16 +#endif + +#ifndef MD4_DIGEST_LENGTH +#define MD4_DIGEST_LENGTH 16 +#endif + +#ifndef SHA_DIGEST_LENGTH +#define SHA_DIGEST_LENGTH 20 +#endif + +struct _PPP_MD_CTX; +struct _PPP_MD; + +typedef struct _PPP_MD_CTX PPP_MD_CTX; +typedef struct _PPP_MD PPP_MD; + +/* + * Create a new Message Digest context object + */ +PPP_MD_CTX *PPP_MD_CTX_new(); + +/* + * Free the Message Digest context + */ +void PPP_MD_CTX_free(PPP_MD_CTX*); + +/* + * Fetch the MD4 algorithm + */ +const PPP_MD *PPP_md4(void); + +/* + * Fetch the MD5 algorithm + */ +const PPP_MD *PPP_md5(void); + +/* + * Fetch the SHA1 algorithm + */ +const PPP_MD *PPP_sha1(void); + +/* + * Initializes a context object + */ +int PPP_DigestInit(PPP_MD_CTX *ctx, + const PPP_MD *type); + +/* + * For each iteration update the context with more input + */ +int PPP_DigestUpdate(PPP_MD_CTX *ctx, + const void *data, size_t cnt); + +/* + * Perform the final operation, and output the digest + */ +int PPP_DigestFinal(PPP_MD_CTX *ctx, + unsigned char *out, unsigned int *outlen); + + +struct _PPP_CIPHER_CTX; +struct _PPP_CIPHER; + +typedef struct _PPP_CIPHER_CTX PPP_CIPHER_CTX; +typedef struct _PPP_CIPHER PPP_CIPHER; + + +/* + * Create a new Cipher Context + */ +PPP_CIPHER_CTX *PPP_CIPHER_CTX_new(void); + +/* + * Release the Cipher Context + */ +void PPP_CIPHER_CTX_free(PPP_CIPHER_CTX *ctx); + +/* + * Fetch the DES in ECB mode cipher algorithm + */ +const PPP_CIPHER *PPP_des_ecb(void); + +/* + * Set the particular data directly + */ +void PPP_CIPHER_CTX_set_cipher_data(PPP_CIPHER_CTX *ctx, + const unsigned char *key); + +/* + * Initialize the crypto operation + */ +int PPP_CipherInit(PPP_CIPHER_CTX *ctx, + const PPP_CIPHER *cipher, + const unsigned char *key, + const unsigned char *iv, + int encr); + +/* + * Encrypt input data, and store it in the output buffer + */ +int PPP_CipherUpdate(PPP_CIPHER_CTX *ctx, + unsigned char *out, int *outl, + const unsigned char *in, int inl); + +/* + * Finish the crypto operation, and fetch any outstanding bytes + */ +int PPP_CipherFinal(PPP_CIPHER_CTX *ctx, + unsigned char *out, int *outl); + +/* + * Global initialization, must be called once per process + */ +int PPP_crypto_init(); + +/* + * Global deinitialization + */ +int PPP_crypto_deinit(); + +#ifdef __cplusplus +} +#endif + +#endif // PPP_CRYPTO_H diff --git a/pppd/crypto_ms.c b/pppd/crypto_ms.c new file mode 100644 index 0000000..ccf8129 --- /dev/null +++ b/pppd/crypto_ms.c @@ -0,0 +1,278 @@ +/* + * pppcrypt.c - PPP/DES linkage for MS-CHAP and EAP SRP-SHA1 + * + * Extracted from chap_ms.c by James Carlson. + * + * Copyright (c) 1995 Eric Rosenquist. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. The name(s) of the authors of this software must not be used to + * endorse or promote products derived from this software without + * prior written permission. + * + * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO + * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY + * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN + * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Sections of this code holds different copyright information. + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include + +#include "crypto.h" +#include "crypto_ms.h" + + +/* + * DES_set_odd_parity function are imported from openssl 3.0 project with the + * follwoing license: + * + * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ +typedef unsigned char DES_cblock[8]; +#define DES_KEY_SZ (sizeof(DES_cblock)) + +static const unsigned char odd_parity[256] = { + 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14, + 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31, + 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47, + 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62, + 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79, + 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94, + 97, 97, 98, 98, 100, 100, 103, 103, 104, 104, 107, 107, 109, 109, 110, + 110, + 112, 112, 115, 115, 117, 117, 118, 118, 121, 121, 122, 122, 124, 124, 127, + 127, + 128, 128, 131, 131, 133, 133, 134, 134, 137, 137, 138, 138, 140, 140, 143, + 143, + 145, 145, 146, 146, 148, 148, 151, 151, 152, 152, 155, 155, 157, 157, 158, + 158, + 161, 161, 162, 162, 164, 164, 167, 167, 168, 168, 171, 171, 173, 173, 174, + 174, + 176, 176, 179, 179, 181, 181, 182, 182, 185, 185, 186, 186, 188, 188, 191, + 191, + 193, 193, 194, 194, 196, 196, 199, 199, 200, 200, 203, 203, 205, 205, 206, + 206, + 208, 208, 211, 211, 213, 213, 214, 214, 217, 217, 218, 218, 220, 220, 223, + 223, + 224, 224, 227, 227, 229, 229, 230, 230, 233, 233, 234, 234, 236, 236, 239, + 239, + 241, 241, 242, 242, 244, 244, 247, 247, 248, 248, 251, 251, 253, 253, 254, + 254 +}; + +static void DES_set_odd_parity(DES_cblock *key) +{ + unsigned int i; + for (i = 0; i < DES_KEY_SZ; i++) + (*key)[i] = odd_parity[(*key)[i]]; +} + +static unsigned char +Get7Bits(const unsigned char *input, int startBit) +{ + unsigned int word; + + word = (unsigned)input[startBit / 8] << 8; + word |= (unsigned)input[startBit / 8 + 1]; + + word >>= 15 - (startBit % 8 + 7); + + return word & 0xFE; +} + +static void +MakeKey(const unsigned char *key, unsigned char *des_key) +{ + /* key IN 56 bit DES key missing parity bits */ + /* des_key OUT 64 bit DES key with parity bits added */ + des_key[0] = Get7Bits(key, 0); + des_key[1] = Get7Bits(key, 7); + des_key[2] = Get7Bits(key, 14); + des_key[3] = Get7Bits(key, 21); + des_key[4] = Get7Bits(key, 28); + des_key[5] = Get7Bits(key, 35); + des_key[6] = Get7Bits(key, 42); + des_key[7] = Get7Bits(key, 49); + + DES_set_odd_parity((DES_cblock *)des_key); +} + +int +DesEncrypt(const unsigned char *clear, const unsigned char *key, unsigned char *cipher) +{ + int retval = 0; + unsigned int clen = 0; + unsigned char des_key[8]; + + PPP_CIPHER_CTX *ctx = PPP_CIPHER_CTX_new(); + if (ctx) { + + MakeKey(key, des_key); + + if (PPP_CipherInit(ctx, PPP_des_ecb(), des_key, NULL, 1)) { + + if (PPP_CipherUpdate(ctx, cipher, &clen, clear, 8)) { + + if (PPP_CipherFinal(ctx, cipher + clen, &clen)) { + + retval = 1; + } + } + } + + PPP_CIPHER_CTX_free(ctx); + } + + return (retval); +} + +int +DesDecrypt(const unsigned char *cipher, const unsigned char *key, unsigned char *clear) +{ + int retval = 0; + unsigned int clen = 0; + unsigned char des_key[8]; + + PPP_CIPHER_CTX *ctx = PPP_CIPHER_CTX_new(); + if (ctx) { + + MakeKey(key, des_key); + + if (PPP_CipherInit(ctx, PPP_des_ecb(), des_key, NULL, 0)) { + + if (PPP_CipherUpdate(ctx, clear, &clen, cipher, 8)) { + + if (PPP_CipherFinal(ctx, clear + clen, &clen)) { + + retval = 1; + } + } + } + + PPP_CIPHER_CTX_free(ctx); + } + + return (retval); +} + +#ifdef UNIT_TEST_MSCRYPTO + +#include +#include + +/** + * The test-vectors are taken from RFC2759. + */ +int test_encrypt() +{ + unsigned char Challenge[8] = { + 0xD0, 0x2E, 0x43, 0x86, 0xBC, 0xE9, 0x12, 0x26 + }; + + unsigned char ZPasswordHash[24] = { + 0x44, 0xEB, 0xBA, 0x8D, 0x53, 0x12, 0xB8, 0xD6, + 0x11, 0x47, 0x44, 0x11, 0xF5, 0x69, 0x89, 0xAE + }; + + unsigned char expected[24] = { + 0x82, 0x30, 0x9E, 0xCD, 0x8D, 0x70, 0x8B, 0x5E, + 0xA0, 0x8F, 0xAA, 0x39, 0x81, 0xCD, 0x83, 0x54, + 0x42, 0x33, 0x11, 0x4A, 0x3D, 0x85, 0xD6, 0xDF + }; + unsigned char response[24] = {}; + unsigned int retval = 0; + + DesEncrypt(Challenge, ZPasswordHash + 0, response + 0); + DesEncrypt(Challenge, ZPasswordHash + 7, response + 8); + DesEncrypt(Challenge, ZPasswordHash + 14, response + 16); + + return memcmp(response, expected, sizeof(response)) == 0; +} + +int test_decrypt() +{ + unsigned char Challenge[8] = { + 0xD0, 0x2E, 0x43, 0x86, 0xBC, 0xE9, 0x12, 0x26 + }; + + unsigned char ZPasswordHash[24] = { + 0x44, 0xEB, 0xBA, 0x8D, 0x53, 0x12, 0xB8, 0xD6, + 0x11, 0x47, 0x44, 0x11, 0xF5, 0x69, 0x89, 0xAE + }; + + unsigned char Response[24] = { + 0x82, 0x30, 0x9E, 0xCD, 0x8D, 0x70, 0x8B, 0x5E, + 0xA0, 0x8F, 0xAA, 0x39, 0x81, 0xCD, 0x83, 0x54, + 0x42, 0x33, 0x11, 0x4A, 0x3D, 0x85, 0xD6, 0xDF + }; + unsigned char Output[8]; + unsigned int failure = 0; + + if (DesDecrypt(Response + 0, ZPasswordHash + 0, Output)) { + failure += memcmp(Challenge, Output, sizeof(Challenge)); + } + + if (DesDecrypt(Response + 8, ZPasswordHash + 7, Output)) { + failure += memcmp(Challenge, Output, sizeof(Challenge)); + } + + if (DesDecrypt(Response +16, ZPasswordHash +14, Output)) { + failure += memcmp(Challenge, Output, sizeof(Challenge)); + } + + return failure == 0; +} + +int main(int argc, char *argv[]) +{ + int failure = 0; + + if (!PPP_crypto_init()) { + printf("Couldn't initialize crypto test\n"); + return -1; + } + + if (!test_encrypt()) { + printf("CHAP DES encryption test failed\n"); + failure++; + } + + if (!test_decrypt()) { + printf("CHAP DES decryption test failed\n"); + failure++; + } + + if (!PPP_crypto_deinit()) { + printf("Couldn't deinitialize crypto test\n"); + return -1; + } + + return failure; +} + +#endif diff --git a/pppd/crypto_ms.h b/pppd/crypto_ms.h new file mode 100644 index 0000000..38111fd --- /dev/null +++ b/pppd/crypto_ms.h @@ -0,0 +1,83 @@ +/* + * pppcrypt.c - PPP/DES linkage for MS-CHAP and EAP SRP-SHA1 + * + * Extracted from chap_ms.c by James Carlson. + * Updated to better reflect RFC2759 by Eivind Naess + * + * Copyright (c) 2022 Eivind Naess. All rights reserved. + * Copyright (c) 1995 Eric Rosenquist. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. The name(s) of the authors of this software must not be used to + * endorse or promote products derived from this software without + * prior written permission. + * + * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO + * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY + * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN + * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ +#ifndef PPP_PPPCRYPT_H +#define PPP_PPPCRYPT_H + +#include "pppdconf.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/** + * This is the DES encrypt functions as described by RFC2759. + * + * Parameters: + * const unsigned char *clear: + * A 8 byte input array to be encrypted + * + * const unsigned char *key: + * A raw 7-byte array to be expanded to 8 with odd-parity + * + * unsigned char *cipher: + * A 8 byte outut array providing space for the output data + * + * DesEncrypt returns 1 on success + */ +int DesEncrypt(const unsigned char *clear, const unsigned char *key, + unsigned char *cipher); + +/** + * This is the DES decrypt functions as described by RFC2759. + * + * Parameters: + * const unsigned char *cipher: + * A 8 byte input array to be decrypted + * + * const unsigned char *key: + * A raw 7-byte array to be expanded to a 8-byte key with odd-parity + * + * unsigned char *clear: + * A 8 byte output array providing space for the output data + * + * DesDecrypt returns 1 on success + */ +int DesDecrypt(const unsigned char *cipher, const unsigned char *key, + unsigned char *clear); + +#ifdef __cplusplus +} +#endif + +#endif /* PPP_PPPCRYPT_H */ diff --git a/pppd/demand.c b/pppd/demand.c index d610d69..b7f9508 100644 --- a/pppd/demand.c +++ b/pppd/demand.c @@ -17,7 +17,7 @@ * 3. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Paul Mackerras - * ". + * ". * * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY @@ -51,7 +51,7 @@ #include #endif -#include "pppd.h" +#include "pppd-private.h" #include "fsm.h" #include "ipcp.h" #include "lcp.h" @@ -97,7 +97,7 @@ demand_conf(void) flush_flag = 0; fcs = PPP_INITFCS; - netif_set_mtu(0, MIN(lcp_allowoptions[0].mru, PPP_MRU)); + ppp_set_mtu(0, MIN(lcp_allowoptions[0].mru, PPP_MRU)); if (ppp_send_config(0, PPP_MRU, (u_int32_t) 0, 0, 0) < 0 || ppp_recv_config(0, PPP_MRU, (u_int32_t) 0, 0, 0) < 0) fatal("Couldn't set up demand-dialled PPP interface: %m"); diff --git a/pppd/eap-tls.c b/pppd/eap-tls.c index 69e34a1..d70557e 100644 --- a/pppd/eap-tls.c +++ b/pppd/eap-tls.c @@ -51,7 +51,7 @@ #include #include -#include "pppd.h" +#include "pppd-private.h" #include "tls.h" #include "eap.h" #include "eap-tls.h" @@ -158,10 +158,10 @@ CONF *eaptls_ssl_load_config( void ) config = NCONF_new( NULL ); dbglog( "Loading OpenSSL config file" ); - ret_code = NCONF_load( config, _PATH_OPENSSLCONFFILE, &error_line ); + ret_code = NCONF_load( config, PPP_PATH_OPENSSLCONFFILE, &error_line ); if (ret_code == 0) { - warn( "EAP-TLS: Error in OpenSSL config file %s at line %d", _PATH_OPENSSLCONFFILE, error_line ); + warn( "EAP-TLS: Error in OpenSSL config file %s at line %d", PPP_PATH_OPENSSLCONFFILE, error_line ); NCONF_free( config ); config = NULL; ERR_clear_error(); diff --git a/pppd/eap.c b/pppd/eap.c index 4ad67a5..7015466 100644 --- a/pppd/eap.c +++ b/pppd/eap.c @@ -63,9 +63,11 @@ #include #include -#include "pppd.h" +#include "pppd-private.h" +#include "options.h" #include "pathnames.h" -#include "md5.h" +#include "crypto.h" +#include "crypto_ms.h" #include "eap.h" #ifdef PPP_WITH_PEAP #include "peap.h" @@ -78,20 +80,15 @@ #include #include #include -#include "pppcrypt.h" #endif /* PPP_WITH_SRP */ -#ifndef SHA_DIGESTSIZE -#define SHA_DIGESTSIZE 20 -#endif - #ifdef PPP_WITH_EAPTLS #include "eap-tls.h" #endif /* PPP_WITH_EAPTLS */ #ifdef PPP_WITH_CHAPMS +#include "chap.h" #include "chap_ms.h" -#include "chap-new.h" extern int chapms_strip_domain; #endif /* PPP_WITH_CHAPMS */ @@ -104,7 +101,7 @@ static char *pn_secret = NULL; /* Pseudonym generating secret */ /* * Command-line options. */ -static option_t eap_option_list[] = { +static struct option eap_option_list[] = { { "eap-restart", o_int, &eap_states[0].es_server.ea_timeout, "Set retransmit timeout for EAP Requests (server)" }, { "eap-max-sreq", o_int, &eap_states[0].es_server.ea_maxrequests, @@ -333,24 +330,33 @@ eap_send_success(eap_state *esp) * date. */ static bool -pncrypt_setkey(int timeoffs) +pncrypt_getkey(int timeoffs, unsigned char *key, int keylen) { struct tm *tp; char tbuf[9]; - SHA1_CTX ctxt; - u_char dig[SHA_DIGESTSIZE]; + PPP_MD_CTX *ctxt; time_t reftime; if (pn_secret == NULL) return (0); reftime = time(NULL) + timeoffs; tp = localtime(&reftime); - SHA1Init(&ctxt); - SHA1Update(&ctxt, pn_secret, strlen(pn_secret)); - strftime(tbuf, sizeof (tbuf), "%Y%m%d", tp); - SHA1Update(&ctxt, tbuf, strlen(tbuf)); - SHA1Final(dig, &ctxt); - return (DesSetkey(dig)); + + ctxt = PPP_MD_CTX_new(); + if (ctxt) { + + strftime(tbuf, sizeof (tbuf), "%Y%m%d", tp); + + PPP_DigestInit(ctxt, PPP_sha1()); + PPP_DigestUpdate(ctxt, pn_secret, strlen(pn_secret)); + PPP_DigestUpdate(ctxt, tbuf, strlen(tbuf)); + PPP_DigestFinal(ctxt, key, &keylen); + + PPP_MD_CTX_free(ctxt); + return 1; + } + + return (0); } static char base64[] = @@ -435,12 +441,12 @@ static void eap_figure_next_state(eap_state *esp, int status) { #ifdef PPP_WITH_SRP - unsigned char secbuf[MAXWORDLEN], clear[8], *sp, *dp; + unsigned char secbuf[MAXWORDLEN], clear[8], *sp, *dp, key[SHA_DIGEST_LENGTH]; struct t_pw tpw; struct t_confent *tce, mytce; char *cp, *cp2; struct t_server *ts; - int id, i, plen, toffs; + int id, i, plen, clen, toffs, keylen; u_char vals[2]; struct b64state bs; #endif /* PPP_WITH_SRP */ @@ -486,11 +492,12 @@ eap_figure_next_state(eap_state *esp, int status) secbuf); toffs = 0; for (i = 0; i < 5; i++) { - pncrypt_setkey(toffs); + pncrypt_getkey(toffs, key, keylen); toffs -= 86400; - if (!DesDecrypt(secbuf, clear)) { + + if (!DesDecrypt(secbuf, key, clear)) { dbglog("no DES here; cannot decode " - "pseudonym"); + "pseudonym"); return; } id = *(unsigned char *)clear; @@ -512,7 +519,7 @@ eap_figure_next_state(eap_state *esp, int status) dp += i; sp = secbuf + 8; while (plen > 0) { - (void) DesDecrypt(sp, dp); + DesDecrypt(sp, key, dp); sp += 8; dp += 8; plen -= 8; @@ -812,10 +819,10 @@ eap_send_request(eap_state *esp) char *str; #ifdef PPP_WITH_SRP struct t_server *ts; - u_char clear[8], cipher[8], dig[SHA_DIGESTSIZE], *optr, *cp; - int i, j; + u_char clear[8], cipher[8], dig[SHA_DIGEST_LENGTH], *optr, *cp, key[SHA_DIGEST_LENGTH]; + int i, j, diglen, clen, keylen = sizeof(key); struct b64state b64; - SHA1_CTX ctxt; + PPP_MD_CTX *ctxt; #endif /* PPP_WITH_SRP */ /* Handle both initial auth and restart */ @@ -975,10 +982,10 @@ eap_send_request(eap_state *esp) PUTLONG(SRPVAL_EBIT, outp); ts = (struct t_server *)esp->es_server.ea_session; assert(ts != NULL); - BCOPY(t_serverresponse(ts), outp, SHA_DIGESTSIZE); - INCPTR(SHA_DIGESTSIZE, outp); + BCOPY(t_serverresponse(ts), outp, SHA_DIGEST_LENGTH); + INCPTR(SHA_DIGEST_LENGTH, outp); - if (pncrypt_setkey(0)) { + if (pncrypt_getkey(0, key, keylen)) { /* Generate pseudonym */ optr = outp; cp = (unsigned char *)esp->es_server.ea_peer; @@ -988,15 +995,17 @@ eap_send_request(eap_state *esp) BCOPY(cp, clear + 1, j); i -= j; cp += j; - if (!DesEncrypt(clear, cipher)) { + + if (!DesEncrypt(clear, key, cipher)) { dbglog("no DES here; not generating pseudonym"); break; - } + } + BZERO(&b64, sizeof (b64)); outp++; /* space for pseudonym length */ outp += b64enc(&b64, cipher, 8, outp); while (i >= 8) { - (void) DesEncrypt(cp, cipher); + DesEncrypt(cp, key, cipher); outp += b64enc(&b64, cipher, 8, outp); cp += 8; i -= 8; @@ -1008,7 +1017,8 @@ eap_send_request(eap_state *esp) *cp++ = drand48() * 0x100; i++; } - (void) DesEncrypt(clear, cipher); + + DesEncrypt(clear, key, cipher); outp += b64enc(&b64, cipher, 8, outp); } outp += b64flush(&b64, outp); @@ -1016,32 +1026,40 @@ eap_send_request(eap_state *esp) /* Set length and pad out to next 20 octet boundary */ i = outp - optr - 1; *optr = i; - i %= SHA_DIGESTSIZE; + i %= SHA_DIGEST_LENGTH; if (i != 0) { - while (i < SHA_DIGESTSIZE) { + while (i < SHA_DIGEST_LENGTH) { *outp++ = drand48() * 0x100; i++; } } /* Obscure the pseudonym with SHA1 hash */ - SHA1Init(&ctxt); - SHA1Update(&ctxt, &esp->es_server.ea_id, 1); - SHA1Update(&ctxt, esp->es_server.ea_skey, - SESSION_KEY_LEN); - SHA1Update(&ctxt, esp->es_server.ea_peer, - esp->es_server.ea_peerlen); - while (optr < outp) { - SHA1Final(dig, &ctxt); - cp = dig; - while (cp < dig + SHA_DIGESTSIZE) - *optr++ ^= *cp++; - SHA1Init(&ctxt); - SHA1Update(&ctxt, &esp->es_server.ea_id, 1); - SHA1Update(&ctxt, esp->es_server.ea_skey, - SESSION_KEY_LEN); - SHA1Update(&ctxt, optr - SHA_DIGESTSIZE, - SHA_DIGESTSIZE); + ctxt = PPP_MD_CTX_new(); + if (ctxt) { + + PPP_DigestInit(ctxt, PPP_sha1()); + PPP_DigestUpdate(ctxt, &esp->es_server.ea_id, 1); + PPP_DigestUpdate(ctxt, &esp->es_server.ea_skey, + SESSION_KEY_LEN); + PPP_DigestUpdate(ctxt, esp->es_server.ea_peer, + esp->es_server.ea_peerlen); + while (optr < outp) { + diglen = SHA_DIGEST_LENGTH; + PPP_DigestFinal(ctxt, dig, &diglen); + cp = dig; + while (cp < dig + SHA_DIGEST_LENGTH) + *optr++ ^= *cp++; + + PPP_DigestInit(ctxt, PPP_sha1()); + PPP_DigestUpdate(ctxt, &esp->es_server.ea_id, 1); + PPP_DigestUpdate(ctxt, esp->es_server.ea_skey, + SESSION_KEY_LEN); + PPP_DigestUpdate(ctxt, optr - SHA_DIGEST_LENGTH, + SHA_DIGEST_LENGTH); + } + + PPP_MD_CTX_free(ctxt); } } break; @@ -1322,19 +1340,19 @@ eap_chap_response(eap_state *esp, u_char id, u_char *hash, int msglen; outp = outpacket_buf; - + MAKEHEADER(outp, PPP_EAP); PUTCHAR(EAP_RESPONSE, outp); PUTCHAR(id, outp); esp->es_client.ea_id = id; - msglen = EAP_HEADERLEN + 2 * sizeof (u_char) + MD5_SIGNATURE_SIZE + + msglen = EAP_HEADERLEN + 2 * sizeof (u_char) + MD5_DIGEST_LENGTH + namelen; PUTSHORT(msglen, outp); PUTCHAR(EAPT_MD5CHAP, outp); - PUTCHAR(MD5_SIGNATURE_SIZE, outp); - BCOPY(hash, outp, MD5_SIGNATURE_SIZE); - INCPTR(MD5_SIGNATURE_SIZE, outp); + PUTCHAR(MD5_DIGEST_LENGTH, outp); + BCOPY(hash, outp, MD5_DIGEST_LENGTH); + INCPTR(MD5_DIGEST_LENGTH, outp); if (namelen > 0) { BCOPY(name, outp, namelen); } @@ -1388,12 +1406,12 @@ eap_srpval_response(eap_state *esp, u_char id, u_int32_t flags, u_char *str) PUTCHAR(id, outp); esp->es_client.ea_id = id; msglen = EAP_HEADERLEN + 2 * sizeof (u_char) + sizeof (u_int32_t) + - SHA_DIGESTSIZE; + SHA_DIGEST_LENGTH; PUTSHORT(msglen, outp); PUTCHAR(EAPT_SRP, outp); PUTCHAR(EAPSRP_CVALIDATOR, outp); PUTLONG(flags, outp); - BCOPY(str, outp, SHA_DIGESTSIZE); + BCOPY(str, outp, SHA_DIGEST_LENGTH); output(esp->es_unit, outpacket_buf, PPP_HDRLEN + msglen); } @@ -1503,7 +1521,7 @@ name_of_pn_file(void) errno = EINVAL; return (NULL); } - file = _PATH_PSEUDONYM; + file = PPP_PATH_PSEUDONYM; pl = strlen(user) + strlen(file) + 2; path = malloc(pl); if (path == NULL) @@ -1547,9 +1565,9 @@ write_pseudonym(eap_state *esp, u_char *inp, int len, int id) { u_char val; u_char *datp, *digp; - SHA1_CTX ctxt; - u_char dig[SHA_DIGESTSIZE]; - int dsize, fd, olen = len; + PPP_MD_CTX *ctxt; + u_char dig[SHA_DIGEST_LENGTH]; + int dsize, fd, olen = len, diglen = sizeof(dig); /* * Do the decoding by working backwards. This eliminates the need @@ -1557,22 +1575,30 @@ write_pseudonym(eap_state *esp, u_char *inp, int len, int id) */ val = id; while (len > 0) { - if ((dsize = len % SHA_DIGESTSIZE) == 0) - dsize = SHA_DIGESTSIZE; + if ((dsize = len % SHA_DIGEST_LENGTH) == 0) + dsize = SHA_DIGEST_LENGTH; len -= dsize; datp = inp + len; - SHA1Init(&ctxt); - SHA1Update(&ctxt, &val, 1); - SHA1Update(&ctxt, esp->es_client.ea_skey, SESSION_KEY_LEN); - if (len > 0) { - SHA1Update(&ctxt, datp, SHA_DIGESTSIZE); - } else { - SHA1Update(&ctxt, esp->es_client.ea_name, - esp->es_client.ea_namelen); + ctxt = PPP_MD_CTX_new(); + if (ctxt) { + + PPP_DigestInit(ctxt, PPP_sha1()); + PPP_DigestUpdate(ctxt, &val, 1); + PPP_DigestUpdate(ctxt, esp->es_client.ea_skey, + SESSION_KEY_LEN); + if (len > 0) { + PPP_DigestUpdate(ctxt, datp, SHA_DIGEST_LENGTH); + } else { + PPP_DigestUpdate(ctxt, esp->es_client.ea_name, + esp->es_client.ea_namelen); + } + PPP_DigestFinal(ctxt, dig, &diglen); + + for (digp = dig; digp < dig + SHA_DIGEST_LENGTH; digp++) + *datp++ ^= *digp; + + PPP_MD_CTX_free(ctxt); } - SHA1Final(dig, &ctxt); - for (digp = dig; digp < dig + SHA_DIGESTSIZE; digp++) - *datp++ ^= *digp; } /* Now check that the result is sane */ @@ -1642,8 +1668,9 @@ eap_request(eap_state *esp, u_char *inp, int id, int len) int secret_len; char secret[MAXWORDLEN]; char rhostname[256]; - MD5_CTX mdContext; - u_char hash[MD5_SIGNATURE_SIZE]; + PPP_MD_CTX *mdctx; + u_char hash[MD5_DIGEST_LENGTH]; + int hashlen = MD5_DIGEST_LENGTH; #ifdef PPP_WITH_EAPTLS u_char flags; struct eaptls_session *ets = esp->es_client.ea_session; @@ -1653,8 +1680,9 @@ eap_request(eap_state *esp, u_char *inp, int id, int len) struct t_client *tc; struct t_num sval, gval, Nval, *Ap, Bval; u_char vals[2]; - SHA1_CTX ctxt; - u_char dig[SHA_DIGESTSIZE]; + PPP_MD_CTX *ctxt; + u_char dig[SHA_DIGEST_LENGTH]; + int diglen = sizeof(dig); int fd; #endif /* PPP_WITH_SRP */ @@ -1780,15 +1808,29 @@ eap_request(eap_state *esp, u_char *inp, int id, int len) eap_send_nak(esp, id, EAPT_SRP); break; } - MD5_Init(&mdContext); - typenum = id; - MD5_Update(&mdContext, &typenum, 1); - MD5_Update(&mdContext, (u_char *)secret, secret_len); - BZERO(secret, sizeof (secret)); - MD5_Update(&mdContext, inp, vallen); - MD5_Final(hash, &mdContext); - eap_chap_response(esp, id, hash, esp->es_client.ea_name, - esp->es_client.ea_namelen); + + mdctx = PPP_MD_CTX_new(); + if (mdctx != NULL) { + if (PPP_DigestInit(mdctx, PPP_md5())) { + typenum = id; + if (PPP_DigestUpdate(mdctx, &typenum, 1)) { + if (PPP_DigestUpdate(mdctx, secret, secret_len)) { + BZERO(secret, sizeof(secret)); + if (PPP_DigestUpdate(mdctx, inp, vallen)) { + if (PPP_DigestFinal(mdctx, hash, &hashlen)) { + eap_chap_response(esp, id, hash, esp->es_client.ea_name, + esp->es_client.ea_namelen); + PPP_MD_CTX_free(mdctx); + break; + } + } + } + } + } + PPP_MD_CTX_free(mdctx); + } + dbglog("EAP: Invalid MD5 checksum"); + eap_send_nak(esp, id, EAPT_SRP); break; #ifdef PPP_WITH_EAPTLS @@ -2065,7 +2107,7 @@ eap_request(eap_state *esp, u_char *inp, int id, int len) esp->es_client.ea_id, id); } } else { - len -= sizeof (u_int32_t) + SHA_DIGESTSIZE; + len -= sizeof (u_int32_t) + SHA_DIGEST_LENGTH; if (len < 0 || t_clientverify(tc, inp + sizeof (u_int32_t)) != 0) { error("EAP: SRP server verification " @@ -2075,7 +2117,7 @@ eap_request(eap_state *esp, u_char *inp, int id, int len) GETLONG(esp->es_client.ea_keyflags, inp); /* Save pseudonym if user wants it. */ if (len > 0 && esp->es_usepseudo) { - INCPTR(SHA_DIGESTSIZE, inp); + INCPTR(SHA_DIGEST_LENGTH, inp); write_pseudonym(esp, inp, len, id); } } @@ -2092,17 +2134,24 @@ eap_request(eap_state *esp, u_char *inp, int id, int len) warn("EAP: malformed Lightweight rechallenge"); return; } - SHA1Init(&ctxt); - vals[0] = id; - SHA1Update(&ctxt, vals, 1); - SHA1Update(&ctxt, esp->es_client.ea_skey, - SESSION_KEY_LEN); - SHA1Update(&ctxt, inp, len); - SHA1Update(&ctxt, esp->es_client.ea_name, - esp->es_client.ea_namelen); - SHA1Final(dig, &ctxt); - eap_srp_response(esp, id, EAPSRP_LWRECHALLENGE, dig, - SHA_DIGESTSIZE); + ctxt = PPP_MD_CTX_new(); + if (ctxt) { + + vals[0] = id; + PPP_DigestInit(ctxt, PPP_sha1()); + PPP_DigestUpdate(ctxt, vals, 1); + PPP_DigestUpdate(ctxt, esp->es_client.ea_skey, + SESSION_KEY_LEN); + PPP_DigestUpdate(ctxt, inp, len); + PPP_DigestUpdate(ctxt, esp->es_client.ea_name, + esp->es_client.ea_namelen); + PPP_DigestFinal(ctxt, dig, &diglen); + + PPP_MD_CTX_free(ctxt); + + eap_srp_response(esp, id, EAPSRP_LWRECHALLENGE, dig, + SHA_DIGEST_LENGTH); + } break; default: @@ -2112,7 +2161,7 @@ eap_request(eap_state *esp, u_char *inp, int id, int len) } break; #endif /* PPP_WITH_SRP */ - + #ifdef PPP_WITH_CHAPMS case EAPT_MSCHAPV2: if (len < 4) { @@ -2279,13 +2328,15 @@ eap_response(eap_state *esp, u_char *inp, int id, int len) int secret_len; char secret[MAXSECRETLEN]; char rhostname[256]; - MD5_CTX mdContext; - u_char hash[MD5_SIGNATURE_SIZE]; + PPP_MD_CTX *mdctx; + u_char hash[MD5_DIGEST_LENGTH]; + int hashlen = MD5_DIGEST_LENGTH; #ifdef PPP_WITH_SRP struct t_server *ts; struct t_num A; - SHA1_CTX ctxt; - u_char dig[SHA_DIGESTSIZE]; + PPP_MD_CTX *ctxt; + u_char dig[SHA_DIGEST_LENGTH]; + int diglen = sizeof(dig); #endif /* PPP_WITH_SRP */ #ifdef PPP_WITH_EAPTLS @@ -2294,8 +2345,7 @@ eap_response(eap_state *esp, u_char *inp, int id, int len) #endif /* PPP_WITH_EAPTLS */ #ifdef PPP_WITH_CHAPMS u_char opcode; - int (*chap_verifier)(char *, char *, int, struct chap_digest_type *, - unsigned char *, unsigned char *, char *, int); + chap_verify_hook_fn *chap_verifier; char response_message[256]; #endif /* PPP_WITH_CHAPMS */ @@ -2517,21 +2567,42 @@ eap_response(eap_state *esp, u_char *inp, int id, int len) eap_send_failure(esp); break; } - MD5_Init(&mdContext); - MD5_Update(&mdContext, &esp->es_server.ea_id, 1); - MD5_Update(&mdContext, (u_char *)secret, secret_len); - BZERO(secret, sizeof (secret)); - MD5_Update(&mdContext, esp->es_challenge, esp->es_challen); - MD5_Final(hash, &mdContext); - if (BCMP(hash, inp, MD5_SIGNATURE_SIZE) != 0) { - eap_send_failure(esp); - break; + + mdctx = PPP_MD_CTX_new(); + if (mdctx != NULL) { + + if (PPP_DigestInit(mdctx, PPP_md5())) { + + if (PPP_DigestUpdate(mdctx, &esp->es_server.ea_id, 1)) { + + if (PPP_DigestUpdate(mdctx, &secret, secret_len)) { + + BZERO(secret, sizeof(secret)); + if (PPP_DigestUpdate(mdctx, esp->es_challenge, esp->es_challen)) { + + if (PPP_DigestFinal(mdctx, hash, &hashlen)) { + + if (BCMP(hash, inp, MD5_DIGEST_LENGTH) == 0) { + esp->es_server.ea_type = EAPT_MD5CHAP; + eap_send_success(esp); + eap_figure_next_state(esp, 0); + + if (esp->es_rechallenge != 0) { + TIMEOUT(eap_rechallenge, esp, esp->es_rechallenge); + } + PPP_MD_CTX_free(mdctx); + break; + } + } + } + } + } + } + + PPP_MD_CTX_free(mdctx); } - esp->es_server.ea_type = EAPT_MD5CHAP; - eap_send_success(esp); - eap_figure_next_state(esp, 0); - if (esp->es_rechallenge != 0) - TIMEOUT(eap_rechallenge, esp, esp->es_rechallenge); + + eap_send_failure(esp); break; #ifdef PPP_WITH_CHAPMS @@ -2583,7 +2654,7 @@ eap_response(eap_state *esp, u_char *inp, int id, int len) char tmp[MAXNAMELEN+1]; strcpy(tmp, strrchr(rhostname, '\\') + 1); - strcpy(rhostname, tmp); + strlcpy(rhostname, tmp, sizeof(rhostname)); } if (chap_verify_hook) @@ -2675,9 +2746,9 @@ eap_response(eap_state *esp, u_char *inp, int id, int len) eap_figure_next_state(esp, 1); break; } - if (len < sizeof (u_int32_t) + SHA_DIGESTSIZE) { + if (len < sizeof (u_int32_t) + SHA_DIGEST_LENGTH) { error("EAP: M1 length %d < %d", len, - sizeof (u_int32_t) + SHA_DIGESTSIZE); + sizeof (u_int32_t) + SHA_DIGEST_LENGTH); eap_figure_next_state(esp, 1); break; } @@ -2714,29 +2785,37 @@ eap_response(eap_state *esp, u_char *inp, int id, int len) info("EAP: unexpected SRP Subtype 4 Response"); return; } - if (len != SHA_DIGESTSIZE) { + if (len != SHA_DIGEST_LENGTH) { error("EAP: bad Lightweight rechallenge " "response"); return; } - SHA1Init(&ctxt); - vallen = id; - SHA1Update(&ctxt, &vallen, 1); - SHA1Update(&ctxt, esp->es_server.ea_skey, - SESSION_KEY_LEN); - SHA1Update(&ctxt, esp->es_challenge, esp->es_challen); - SHA1Update(&ctxt, esp->es_server.ea_peer, - esp->es_server.ea_peerlen); - SHA1Final(dig, &ctxt); - if (BCMP(dig, inp, SHA_DIGESTSIZE) != 0) { - error("EAP: failed Lightweight rechallenge"); - eap_send_failure(esp); - break; + ctxt = PPP_MD_CTX_new(); + if (ctxt) { + vallen = id; + + PPP_DigestInit(ctxt, PPP_sha1()); + PPP_DigestUpdate(ctxt, &vallen, 1); + PPP_DigestUpdate(ctxt, esp->es_server.ea_skey, + SESSION_KEY_LEN); + PPP_DigestUpdate(ctxt, esp->es_challenge, esp->es_challen); + PPP_DigestUpdate(ctxt, esp->es_server.ea_peer, + esp->es_server.ea_peerlen); + PPP_DigestFinal(ctxt, dig, &diglen); + + PPP_MD_CTX_free(ctxt); + + if (BCMP(dig, inp, SHA_DIGEST_LENGTH) != 0) { + error("EAP: failed Lightweight rechallenge"); + eap_send_failure(esp); + break; + } + + esp->es_server.ea_state = eapOpen; + if (esp->es_lwrechallenge != 0) + TIMEOUT(srp_lwrechallenge, esp, + esp->es_lwrechallenge); } - esp->es_server.ea_state = eapOpen; - if (esp->es_lwrechallenge != 0) - TIMEOUT(srp_lwrechallenge, esp, - esp->es_lwrechallenge); break; } break; @@ -3129,10 +3208,10 @@ eap_printpkt(u_char *inp, int inlen, if (uval != 0) { printer(arg, " f<%X>", uval); } - if ((vallen = len) > SHA_DIGESTSIZE) - vallen = SHA_DIGESTSIZE; + if ((vallen = len) > SHA_DIGEST_LENGTH) + vallen = SHA_DIGEST_LENGTH; printer(arg, " ", len, inp, - len < SHA_DIGESTSIZE ? "?" : ""); + len < SHA_DIGEST_LENGTH ? "?" : ""); INCPTR(vallen, inp); len -= vallen; if (len > 0) { @@ -3302,7 +3381,7 @@ eap_printpkt(u_char *inp, int inlen, printer(arg, " f<%X>", uval); } printer(arg, " ", len, inp, - len == SHA_DIGESTSIZE ? "" : "?"); + len == SHA_DIGEST_LENGTH ? "" : "?"); INCPTR(len, inp); len = 0; break; @@ -3312,9 +3391,9 @@ eap_printpkt(u_char *inp, int inlen, case EAPSRP_LWRECHALLENGE: printer(arg, " ", len, inp, - len == SHA_DIGESTSIZE ? "" : "?"); - if ((vallen = len) > SHA_DIGESTSIZE) - vallen = SHA_DIGESTSIZE; + len == SHA_DIGEST_LENGTH ? "" : "?"); + if ((vallen = len) > SHA_DIGEST_LENGTH) + vallen = SHA_DIGEST_LENGTH; INCPTR(vallen, inp); len -= vallen; break; diff --git a/pppd/eap.h b/pppd/eap.h index 01697a8..50c652a 100644 --- a/pppd/eap.h +++ b/pppd/eap.h @@ -94,7 +94,6 @@ extern "C" { #define SRP_PSEUDO_ID "pseudo_" #define SRP_PSEUDO_LEN 7 -#define MD5_SIGNATURE_SIZE 16 #define MIN_CHALLENGE_LENGTH 16 #define MAX_CHALLENGE_LENGTH 24 @@ -146,11 +145,11 @@ struct eap_auth { char *ea_name; /* Our name */ char *ea_peer; /* Peer's name */ void *ea_session; /* Authentication library linkage */ - u_char *ea_skey; /* Shared encryption key */ + unsigned char *ea_skey; /* Shared encryption key */ int ea_timeout; /* Time to wait (for retransmit/fail) */ int ea_maxrequests; /* Max Requests allowed */ - u_short ea_namelen; /* Length of our name */ - u_short ea_peerlen; /* Length of peer's name */ + unsigned short ea_namelen; /* Length of our name */ + unsigned short ea_peerlen; /* Length of peer's name */ enum eap_state_code ea_state; #ifdef PPP_WITH_EAPTLS enum eap_state_code ea_prev_state; @@ -158,11 +157,11 @@ struct eap_auth { #ifdef PPP_WITH_CHAPMS struct chap_digest_type *digest; #endif - u_char ea_id; /* Current id */ - u_char ea_requests; /* Number of Requests sent/received */ - u_char ea_responses; /* Number of Responses */ - u_char ea_type; /* One of EAPT_* */ - u_int32_t ea_keyflags; /* SRP shared key usage flags */ + unsigned char ea_id; /* Current id */ + unsigned char ea_requests; /* Number of Requests sent/received */ + unsigned char ea_responses; /* Number of Responses */ + unsigned char ea_type; /* One of EAPT_* */ + uint32_t ea_keyflags; /* SRP shared key usage flags */ #ifdef PPP_WITH_EAPTLS bool ea_using_eaptls; #endif @@ -184,7 +183,7 @@ typedef struct eap_state { bool es_usepseudo; /* Use SRP Pseudonym if offered one */ int es_usedpseudo; /* Set if we already sent PN */ int es_challen; /* Length of challenge string */ - u_char es_challenge[MAX_CHALLENGE_LENGTH]; + unsigned char es_challenge[MAX_CHALLENGE_LENGTH]; } eap_state; /* @@ -207,6 +206,11 @@ void eap_authpeer (int unit, char *localname); extern struct protent eap_protent; +#ifdef PPP_WITH_EAPTLS +typedef int (eaptls_passwd_hook_fn)(char *user, char *passwd); +extern eaptls_passwd_hook_fn *eaptls_passwd_hook; +#endif + #ifdef __cplusplus } #endif diff --git a/pppd/ecp.c b/pppd/ecp.c index 9570f38..ffd2801 100644 --- a/pppd/ecp.c +++ b/pppd/ecp.c @@ -46,7 +46,7 @@ * 3. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Paul Mackerras - * ". + * ". * * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY @@ -63,11 +63,12 @@ #include -#include "pppd.h" +#include "pppd-private.h" +#include "options.h" #include "fsm.h" #include "ecp.h" -static option_t ecp_option_list[] = { +static struct option ecp_option_list[] = { { "noecp", o_bool, &ecp_protent.enabled_flag, "Disable ECP negotiation" }, { "-ecp", o_bool, &ecp_protent.enabled_flag, diff --git a/pppd/ecp.h b/pppd/ecp.h index 5a0df4d..975d79b 100644 --- a/pppd/ecp.h +++ b/pppd/ecp.h @@ -35,6 +35,10 @@ #include "pppdconf.h" +#ifdef __cplusplus +extern "C" { +#endif + #ifndef PPP_ECP #define PPP_ECP 0x8053 #endif @@ -53,4 +57,8 @@ extern ecp_options ecp_hisoptions[]; extern struct protent ecp_protent; +#ifdef __cplusplus +} #endif + +#endif // PPP_ECP_H diff --git a/pppd/eui64.c b/pppd/eui64.c index 7978c06..bc84e8d 100644 --- a/pppd/eui64.c +++ b/pppd/eui64.c @@ -38,7 +38,7 @@ #include "config.h" #endif -#include "pppd.h" +#include "pppd-private.h" /* diff --git a/pppd/eui64.h b/pppd/eui64.h index f29200b..c24733d 100644 --- a/pppd/eui64.h +++ b/pppd/eui64.h @@ -38,9 +38,40 @@ #include "pppdconf.h" -#if !defined(PPP_WITH_IPV6CP) -#error "this file should only be included when PPP_WITH_IPV6CP is defined" -#endif /* not defined(PPP_WITH_IPV6CP) */ +#ifdef __cplusplus +extern "C" { +#endif + +#if defined(SOL2) +#include + +typedef union { + uint8_t e8[8]; /* lower 64-bit IPv6 address */ + uint32_t e32[2]; /* lower 64-bit IPv6 address */ +} eui64_t; + +/* + * Declare the two below, since in.h only defines them when _KERNEL + * is declared - which shouldn't be true when dealing with user-land programs + */ +#define s6_addr8 _S6_un._S6_u8 +#define s6_addr32 _S6_un._S6_u32 + +#else /* else if not defined(SOL2) */ + +/* + * TODO: + * + * Maybe this should be done by processing struct in6_addr directly... + */ +typedef union +{ + u_int8_t e8[8]; + u_int16_t e16[4]; + u_int32_t e32[2]; +} eui64_t; + +#endif /* defined(SOL2) */ #define eui64_iszero(e) (((e).e32[0] | (e).e32[1]) == 0) #define eui64_equals(e, o) (((e).e32[0] == (o).e32[0]) && \ @@ -79,4 +110,8 @@ char *eui64_ntoa(eui64_t); /* Returns ascii representation of id */ +#ifdef __cplusplus +} +#endif + #endif /* PPP_EUI64_H */ diff --git a/pppd/fsm.c b/pppd/fsm.c index 17cb76f..09ff5e0 100644 --- a/pppd/fsm.c +++ b/pppd/fsm.c @@ -54,7 +54,7 @@ #include #include -#include "pppd.h" +#include "pppd-private.h" #include "fsm.h" diff --git a/pppd/fsm.h b/pppd/fsm.h index 1cda6cf..50f75e6 100644 --- a/pppd/fsm.h +++ b/pppd/fsm.h @@ -46,12 +46,15 @@ #include "pppdconf.h" +#ifdef __cplusplus +extern "C" { +#endif + /* * Packet header = Code, id, length. */ #define HEADERLEN 4 - /* * CP (LCP, IPCP, etc.) codes. */ @@ -72,9 +75,9 @@ typedef struct fsm { int protocol; /* Data Link Layer Protocol field value */ int state; /* State */ int flags; /* Contains option bits */ - u_char id; /* Current id */ - u_char reqid; /* Current request id */ - u_char seen_ack; /* Have received valid Ack/Nak/Rej to Req */ + unsigned char id; /* Current id */ + unsigned char reqid; /* Current request id */ + unsigned char seen_ack; /* Have received valid Ack/Nak/Rej to Req */ int timeouttime; /* Timeout time in milliseconds */ int maxconfreqtransmits; /* Maximum Configure-Request transmissions */ int retransmits; /* Number of retransmissions left */ @@ -92,15 +95,15 @@ typedef struct fsm_callbacks { void (*resetci)(fsm *); /* Reset our Configuration Information */ int (*cilen)(fsm *); /* Length of our Configuration Information */ void (*addci) /* Add our Configuration Information */ - (fsm *, u_char *, int *); + (fsm *, unsigned char *, int *); int (*ackci) /* ACK our Configuration Information */ - (fsm *, u_char *, int); + (fsm *, unsigned char *, int); int (*nakci) /* NAK our Configuration Information */ - (fsm *, u_char *, int, int); + (fsm *, unsigned char *, int, int); int (*rejci) /* Reject our Configuration Information */ - (fsm *, u_char *, int); + (fsm *, unsigned char *, int); int (*reqci) /* Request peer's Configuration Information */ - (fsm *, u_char *, int *, int); + (fsm *, unsigned char *, int *, int); void (*up)(fsm *); /* Called when fsm reaches OPENED state */ void (*down)(fsm *); /* Called when fsm leaves OPENED state */ void (*starting)(fsm *); /* Called when we want the lower layer */ @@ -108,7 +111,7 @@ typedef struct fsm_callbacks { void (*protreject)(int); /* Called when Protocol-Reject received */ void (*retransmit)(fsm *); /* Retransmission is necessary */ int (*extcode) /* Called when unknown code received */ - (fsm *, int, int, u_char *, int); + (fsm *, int, int, unsigned char *, int); char *proto_name; /* String name for protocol (for messages) */ } fsm_callbacks; @@ -153,9 +156,9 @@ void fsm_lowerup (fsm *); void fsm_lowerdown (fsm *); void fsm_open (fsm *); void fsm_close (fsm *, char *); -void fsm_input (fsm *, u_char *, int); +void fsm_input (fsm *, unsigned char *, int); void fsm_protreject (fsm *); -void fsm_sdata (fsm *, int, int, u_char *, int); +void fsm_sdata (fsm *, int, int, unsigned char *, int); /* @@ -163,4 +166,8 @@ void fsm_sdata (fsm *, int, int, u_char *, int); */ extern int peer_mru[]; /* currently negotiated peer MRU (per unit) */ +#ifdef __cplusplus +} #endif + +#endif // PPP_FSM_H diff --git a/pppd/ipcp.c b/pppd/ipcp.c index 0dc251e..5d9ff11 100644 --- a/pppd/ipcp.c +++ b/pppd/ipcp.c @@ -44,10 +44,6 @@ #include "config.h" #endif -/* - * TODO: - */ - #include #include #include @@ -59,7 +55,8 @@ #include #include -#include "pppd.h" +#include "pppd-private.h" +#include "options.h" #include "fsm.h" #include "ipcp.h" #include "pathnames.h" @@ -71,19 +68,16 @@ ipcp_options ipcp_gotoptions[NUM_PPP]; /* Options that peer ack'd */ ipcp_options ipcp_allowoptions[NUM_PPP]; /* Options we allow peer to request */ ipcp_options ipcp_hisoptions[NUM_PPP]; /* Options that we ack'd */ +char *ipparam = NULL; /* Extra parameter for ip up/down scripts */ u_int32_t netmask = 0; /* IP netmask to set on interface */ bool disable_defaultip = 0; /* Don't use hostname for default IP adrs */ bool noremoteip = 0; /* Let him have no IP address */ -/* Hook for a plugin to know when IP protocol has come up */ -void (*ip_up_hook)(void) = NULL; - -/* Hook for a plugin to know when IP protocol has come down */ -void (*ip_down_hook)(void) = NULL; +ip_up_hook_fn *ip_up_hook = NULL; +ip_down_hook_fn *ip_down_hook = NULL; +ip_choose_hook_fn *ip_choose_hook = NULL; -/* Hook for a plugin to choose the remote IP address */ -void (*ip_choose_hook)(u_int32_t *) = NULL; /* Notifiers for when IPCP goes up and down */ struct notifier *ip_up_notifier = NULL; @@ -142,9 +136,9 @@ static int setdnsaddr (char **); static int setwinsaddr (char **); static int setnetmask (char **); int setipaddr (char *, char **, int); -static void printipaddr (option_t *, void (*)(void *, char *,...),void *); +static void printipaddr (struct option *, void (*)(void *, char *,...),void *); -static option_t ipcp_option_list[] = { +static struct option ipcp_option_list[] = { { "noip", o_bool, &ipcp_protent.enabled_flag, "Disable IP and IPCP" }, { "-ip", o_bool, &ipcp_protent.enabled_flag, @@ -337,10 +331,10 @@ setvjslots(char **argv) { int value; - if (!int_option(*argv, &value)) + if (!ppp_int_option(*argv, &value)) return 0; if (value < 2 || value > 16) { - option_error("vj-max-slots value must be between 2 and 16"); + ppp_option_error("vj-max-slots value must be between 2 and 16"); return 0; } ipcp_wantoptions [0].maxslotindex = @@ -361,7 +355,7 @@ setdnsaddr(char **argv) dns = inet_addr(*argv); if (dns == (u_int32_t) -1) { if ((hp = gethostbyname(*argv)) == NULL) { - option_error("invalid address parameter '%s' for ms-dns option", + ppp_option_error("invalid address parameter '%s' for ms-dns option", *argv); return 0; } @@ -396,7 +390,7 @@ setwinsaddr(char **argv) wins = inet_addr(*argv); if (wins == (u_int32_t) -1) { if ((hp = gethostbyname(*argv)) == NULL) { - option_error("invalid address parameter '%s' for ms-wins option", + ppp_option_error("invalid address parameter '%s' for ms-wins option", *argv); return 0; } @@ -447,13 +441,13 @@ setipaddr(char *arg, char **argv, int doit) *colon = '\0'; if ((local = inet_addr(arg)) == (u_int32_t) -1) { if ((hp = gethostbyname(arg)) == NULL) { - option_error("unknown host: %s", arg); + ppp_option_error("unknown host: %s", arg); return 0; } local = *(u_int32_t *)hp->h_addr; } - if (bad_ip_adrs(local)) { - option_error("bad local IP address %s", ip_ntoa(local)); + if (ppp_bad_ip_addr(local)) { + ppp_option_error("bad local IP address %s", ip_ntoa(local)); return 0; } if (local != 0) @@ -468,15 +462,15 @@ setipaddr(char *arg, char **argv, int doit) if (*++colon != '\0' && option_priority >= prio_remote) { if ((remote = inet_addr(colon)) == (u_int32_t) -1) { if ((hp = gethostbyname(colon)) == NULL) { - option_error("unknown host: %s", colon); + ppp_option_error("unknown host: %s", colon); return 0; } remote = *(u_int32_t *)hp->h_addr; if (remote_name[0] == 0) strlcpy(remote_name, colon, sizeof(remote_name)); } - if (bad_ip_adrs(remote)) { - option_error("bad remote IP address %s", ip_ntoa(remote)); + if (ppp_bad_ip_addr(remote)) { + ppp_option_error("bad remote IP address %s", ip_ntoa(remote)); return 0; } if (remote != 0) @@ -488,7 +482,7 @@ setipaddr(char *arg, char **argv, int doit) } static void -printipaddr(option_t *opt, void (*printer) (void *, char *, ...), void *arg) +printipaddr(struct option *opt, void (*printer) (void *, char *, ...), void *arg) { ipcp_options *wo = &ipcp_wantoptions[0]; @@ -519,7 +513,7 @@ setnetmask(char **argv) mask = htonl(mask); if (n == 0 || p[n] != 0 || (netmask & ~mask) != 0) { - option_error("invalid netmask value '%s'", *argv); + ppp_option_error("invalid netmask value '%s'", *argv); return 0; } @@ -560,6 +554,11 @@ parse_dotted_ip(char *p, u_int32_t *vp) return p - p0; } +const char *ppp_ipparam() +{ + return ipparam; +} + /* * ipcp_init - Initialize IPCP. @@ -1737,7 +1736,7 @@ ip_check_options(void) wo->accept_local = 1; /* don't insist on this default value */ if ((hp = gethostbyname(hostname)) != NULL) { local = *(u_int32_t *)hp->h_addr; - if (local != 0 && !bad_ip_adrs(local)) + if (local != 0 && !ppp_bad_ip_addr(local)) wo->ouraddr = local; } } @@ -1767,7 +1766,7 @@ ip_demand_conf(int u) } if (!sifaddr(u, wo->ouraddr, wo->hisaddr, GetMask(wo->ouraddr))) return 0; - ipcp_script(_PATH_IPPREUP, 1); + ipcp_script(PPP_PATH_IPPREUP, 1); if (!sifup(u)) return 0; if (!sifnpmode(u, PPP_IP, NPMODE_QUEUE)) @@ -1832,29 +1831,29 @@ ipcp_up(fsm *f) warn("Could not determine remote IP address: defaulting to %I", ho->hisaddr); } - script_setenv("IPLOCAL", ip_ntoa(go->ouraddr), 0); + ppp_script_setenv("IPLOCAL", ip_ntoa(go->ouraddr), 0); if (ho->hisaddr != 0) - script_setenv("IPREMOTE", ip_ntoa(ho->hisaddr), 1); + ppp_script_setenv("IPREMOTE", ip_ntoa(ho->hisaddr), 1); if (!go->req_dns1) go->dnsaddr[0] = 0; if (!go->req_dns2) go->dnsaddr[1] = 0; if (go->dnsaddr[0]) - script_setenv("DNS1", ip_ntoa(go->dnsaddr[0]), 0); + ppp_script_setenv("DNS1", ip_ntoa(go->dnsaddr[0]), 0); if (go->dnsaddr[1]) - script_setenv("DNS2", ip_ntoa(go->dnsaddr[1]), 0); + ppp_script_setenv("DNS2", ip_ntoa(go->dnsaddr[1]), 0); if (usepeerdns && (go->dnsaddr[0] || go->dnsaddr[1])) { - script_setenv("USEPEERDNS", "1", 0); + ppp_script_setenv("USEPEERDNS", "1", 0); create_resolv(go->dnsaddr[0], go->dnsaddr[1]); } if (go->winsaddr[0]) - script_setenv("WINS1", ip_ntoa(go->winsaddr[0]), 0); + ppp_script_setenv("WINS1", ip_ntoa(go->winsaddr[0]), 0); if (go->winsaddr[1]) - script_setenv("WINS2", ip_ntoa(go->winsaddr[1]), 0); + ppp_script_setenv("WINS2", ip_ntoa(go->winsaddr[1]), 0); if (usepeerwins && (go->winsaddr[0] || go->winsaddr[1])) - script_setenv("USEPEERWINS", "1", 0); + ppp_script_setenv("USEPEERWINS", "1", 0); /* * Check that the peer is allowed to use the IP address it wants. @@ -1879,17 +1878,17 @@ ipcp_up(fsm *f) wo->replace_default_route); if (go->ouraddr != wo->ouraddr) { warn("Local IP address changed to %I", go->ouraddr); - script_setenv("OLDIPLOCAL", ip_ntoa(wo->ouraddr), 0); + ppp_script_setenv("OLDIPLOCAL", ip_ntoa(wo->ouraddr), 0); wo->ouraddr = go->ouraddr; } else - script_unsetenv("OLDIPLOCAL"); + ppp_script_unsetenv("OLDIPLOCAL"); if (ho->hisaddr != wo->hisaddr) { warn("Remote IP address changed to %I", ho->hisaddr); if (wo->hisaddr != 0) - script_setenv("OLDIPREMOTE", ip_ntoa(wo->hisaddr), 0); + ppp_script_setenv("OLDIPREMOTE", ip_ntoa(wo->hisaddr), 0); wo->hisaddr = ho->hisaddr; } else - script_unsetenv("OLDIPREMOTE"); + ppp_script_unsetenv("OLDIPREMOTE"); /* Set the interface to the new addresses */ mask = GetMask(go->ouraddr); @@ -1933,7 +1932,7 @@ ipcp_up(fsm *f) ifindex = if_nametoindex(ifname); /* run the pre-up script, if any, and wait for it to finish */ - ipcp_script(_PATH_IPPREUP, 1); + ipcp_script(PPP_PATH_IPPREUP, 1); /* check if preup script renamed the interface */ if (!if_indextoname(ifindex, ifname)) { @@ -2016,7 +2015,7 @@ ipcp_down(fsm *f) * before the interface is marked down. */ /* XXX more correct: we must get the stats before running the notifiers, * at least for the radius plugin */ - update_link_stats(f->unit); + ppp_get_link_stats(NULL); notify(ip_down_notifier, 0); if (ip_down_hook) ip_down_hook(); @@ -2153,20 +2152,20 @@ create_resolv(u_int32_t peerdns1, u_int32_t peerdns2) { FILE *f; - f = fopen(_PATH_RESOLV, "w"); + f = fopen(PPP_PATH_RESOLV, "w"); if (f == NULL) { - error("Failed to create %s: %m", _PATH_RESOLV); + error("Failed to create %s: %m", PPP_PATH_RESOLV); return; } if (peerdns1) fprintf(f, "nameserver %s\n", ip_ntoa(peerdns1)); - if (peerdns2) + if (peerdns2 && peerdns2 != peerdns1) fprintf(f, "nameserver %s\n", ip_ntoa(peerdns2)); if (ferror(f)) - error("Write failed to %s: %m", _PATH_RESOLV); + error("Write failed to %s: %m", PPP_PATH_RESOLV); fclose(f); } diff --git a/pppd/ipcp.h b/pppd/ipcp.h index 0e44931..b3f6e28 100644 --- a/pppd/ipcp.h +++ b/pppd/ipcp.h @@ -44,6 +44,10 @@ #include "pppdconf.h" +#ifdef __cplusplus +extern "C" { +#endif + /* * Options. */ @@ -85,9 +89,9 @@ typedef struct ipcp_options { int vj_protocol; /* protocol value to use in VJ option */ int maxslotindex; /* values for RFC1332 VJ compression neg. */ bool cflag; - u_int32_t ouraddr, hisaddr; /* Addresses in NETWORK BYTE ORDER */ - u_int32_t dnsaddr[2]; /* Primary and secondary MS DNS entries */ - u_int32_t winsaddr[2]; /* Primary and secondary MS WINS entries */ + uint32_t ouraddr, hisaddr; /* Addresses in NETWORK BYTE ORDER */ + uint32_t dnsaddr[2]; /* Primary and secondary MS DNS entries */ + uint32_t winsaddr[2]; /* Primary and secondary MS WINS entries */ } ipcp_options; extern fsm ipcp_fsm[]; @@ -96,8 +100,30 @@ extern ipcp_options ipcp_gotoptions[]; extern ipcp_options ipcp_allowoptions[]; extern ipcp_options ipcp_hisoptions[]; -char *ip_ntoa(u_int32_t); +char *ip_ntoa(uint32_t); extern struct protent ipcp_protent; +/* + * Hook for a plugin to know when IP protocol has come up + */ +typedef void (ip_up_hook_fn)(void); +extern ip_up_hook_fn *ip_up_hook; + +/* + * Hook for a plugin to know when IP protocol has come down + */ +typedef void (ip_down_hook_fn)(void); +extern ip_down_hook_fn *ip_down_hook; + +/* + * Hook for a plugin to choose the remote IP address + */ +typedef void (ip_choose_hook_fn)(uint32_t *); +extern ip_choose_hook_fn *ip_choose_hook; + +#ifdef __cplusplus +} +#endif + #endif /* PPP_IPCP_H */ diff --git a/pppd/ipv6cp.c b/pppd/ipv6cp.c index 5a99841..a36b1d9 100644 --- a/pppd/ipv6cp.c +++ b/pppd/ipv6cp.c @@ -162,7 +162,8 @@ #include #include -#include "pppd.h" +#include "pppd-private.h" +#include "options.h" #include "fsm.h" #include "eui64.h" #include "ipcp.h" @@ -183,11 +184,8 @@ static int default_route_set[NUM_PPP]; /* Have set up a default route */ static int ipv6cp_is_up; static bool ipv6cp_noremote; -/* Hook for a plugin to know when IPv6 protocol has come up */ -void (*ipv6_up_hook)(void) = NULL; - -/* Hook for a plugin to know when IPv6 protocol has come down */ -void (*ipv6_down_hook)(void) = NULL; +ipv6_up_hook_fn *ipv6_up_hook = NULL; +ipv6_down_hook_fn *ipv6_down_hook = NULL; /* Notifiers for when IPCPv6 goes up and down */ struct notifier *ipv6_up_notifier = NULL; @@ -231,10 +229,10 @@ static fsm_callbacks ipv6cp_callbacks = { /* IPV6CP callback routines */ * Command-line options. */ static int setifaceid (char **arg); -static void printifaceid (option_t *, +static void printifaceid (struct option *, void (*)(void *, char *, ...), void *); -static option_t ipv6cp_option_list[] = { +static struct option ipv6cp_option_list[] = { { "ipv6", o_special, (void *)setifaceid, "Set interface identifiers for IPV6", OPT_A2PRINTER, (void *)printifaceid }, @@ -373,7 +371,7 @@ setifaceid(char **argv) *comma = '\0'; if (inet_pton(AF_INET6, arg, &addr) == 0 || !VALIDID(addr)) { - option_error("Illegal interface identifier (local): %s", arg); + ppp_option_error("Illegal interface identifier (local): %s", arg); return 0; } @@ -390,7 +388,7 @@ setifaceid(char **argv) */ if (*comma != 0 && *++comma != '\0') { if (inet_pton(AF_INET6, comma, &addr) == 0 || !VALIDID(addr)) { - option_error("Illegal interface identifier (remote): %s", comma); + ppp_option_error("Illegal interface identifier (remote): %s", comma); return 0; } if (option_priority >= prio_remote) { @@ -408,7 +406,7 @@ setifaceid(char **argv) char *llv6_ntoa(eui64_t ifaceid); static void -printifaceid(option_t *opt, void (*printer) (void *, char *, ...), void *arg) +printifaceid(struct option *opt, void (*printer) (void *, char *, ...), void *arg) { ipv6cp_options *wo = &ipv6cp_wantoptions[0]; @@ -1302,9 +1300,9 @@ ipv6cp_up(fsm *f) return; } } - script_setenv("LLLOCAL", llv6_ntoa(go->ourid), 0); + ppp_script_setenv("LLLOCAL", llv6_ntoa(go->ourid), 0); if (!eui64_iszero(ho->hisid)) - script_setenv("LLREMOTE", llv6_ntoa(ho->hisid), 0); + ppp_script_setenv("LLREMOTE", llv6_ntoa(ho->hisid), 0); #ifdef IPV6CP_COMP /* set tcp compression */ @@ -1398,7 +1396,7 @@ static void ipv6cp_down(fsm *f) { IPV6CPDEBUG(("ipv6cp: down")); - update_link_stats(f->unit); + ppp_get_link_stats(NULL); notify(ipv6_down_notifier, 0); if (ipv6_down_hook) ipv6_down_hook(); @@ -1492,7 +1490,7 @@ ipv6cp_script_done(void *arg) static void ipv6cp_script(char *script) { - char strspeed[32], strlocal[32], strremote[32]; + char strspeed[32], strlocal[64], strremote[64]; char *argv[8]; sprintf(strspeed, "%d", baud_rate); diff --git a/pppd/ipv6cp.h b/pppd/ipv6cp.h index 172b6eb..3be5885 100644 --- a/pppd/ipv6cp.h +++ b/pppd/ipv6cp.h @@ -39,6 +39,10 @@ #include "pppdconf.h" +#ifdef __cplusplus +extern "C" { +#endif + /* Original version, based on RFC2023 : Copyright (c) 1995, 1996, 1997 Francis.Dupont@inria.fr, INRIA Rocquencourt, @@ -174,4 +178,20 @@ extern ipv6cp_options ipv6cp_hisoptions[]; extern struct protent ipv6cp_protent; +/* + * Hook for a plugin to know when IPv6 protocol has come up + */ +typedef void (ipv6_up_hook_fn)(void); +extern ipv6_up_hook_fn *ipv6_up_hook; + +/* + * Hook for a plugin to know when IPv6 protocol has come down + */ +typedef void (ipv6_down_hook_fn)(void); +extern ipv6_down_hook_fn *ipv6_down_hook; + +#ifdef __cplusplus +} +#endif + #endif diff --git a/pppd/lcp.c b/pppd/lcp.c index 9dc883e..0876b8a 100644 --- a/pppd/lcp.c +++ b/pppd/lcp.c @@ -47,14 +47,20 @@ #include #include #include +#include +#include +#include +#include +#include -#include "pppd.h" +#include "pppd-private.h" +#include "options.h" #include "fsm.h" #include "lcp.h" #include "eap.h" -#include "chap-new.h" +#include "chap.h" #include "magic.h" - +#include "multilink.h" /* * When the link comes up we want to be able to wait for a short while, @@ -66,12 +72,22 @@ static void lcp_delayed_up(void *); +/* + * These definitions relate to the measurement and logging of round-trip + * time (RTT) of LCP echo-requests implemented in lcp_rtt_update_buffer(). + */ +#define LCP_RTT_MAGIC 0x19450425 +#define LCP_RTT_HEADER_LENGTH 4 +#define LCP_RTT_FILE_SIZE 8192 +#define LCP_RTT_ELEMENTS (LCP_RTT_FILE_SIZE / sizeof(u_int32_t) - LCP_RTT_HEADER_LENGTH) / 2 + /* * LCP-related command-line options. */ int lcp_echo_interval = 0; /* Interval between LCP echo-requests */ int lcp_echo_fails = 0; /* Tolerance to unanswered echo-requests */ bool lcp_echo_adaptive = 0; /* request echo only if the link was idle */ +char *lcp_rtt_file = NULL; /* measure the RTT of LCP echo-requests */ bool lax_recv = 0; /* accept control chars in asyncmap */ bool noendpoint = 0; /* don't send/accept endpoint discriminator */ @@ -82,7 +98,7 @@ static int setendpoint(char **); static void printendpoint(option_t *, void (*)(void *, char *, ...), void *); #endif /* PPP_WITH_MULTILINK */ -static option_t lcp_option_list[] = { +static struct option lcp_option_list[] = { /* LCP options */ { "-all", o_special_noarg, (void *)noopt, "Don't request/allow any LCP options" }, @@ -151,6 +167,9 @@ static option_t lcp_option_list[] = { "Set time in seconds between LCP echo requests", OPT_PRIO }, { "lcp-echo-adaptive", o_bool, &lcp_echo_adaptive, "Suppress LCP echo requests if traffic was received", 1 }, + { "lcp-rtt-file", o_string, &lcp_rtt_file, + "Filename for logging the round-trip time of LCP echo requests", + OPT_PRIO | OPT_PRIV }, { "lcp-restart", o_int, &lcp_fsm[0].timeouttime, "Set time in seconds between LCP retransmissions", OPT_PRIO }, { "lcp-max-terminate", o_int, &lcp_fsm[0].maxtermtransmits, @@ -196,6 +215,8 @@ lcp_options lcp_hisoptions[NUM_PPP]; /* Options that we ack'd */ static int lcp_echos_pending = 0; /* Number of outstanding echo msgs */ static int lcp_echo_number = 0; /* ID number of next echo frame */ static int lcp_echo_timer_running = 0; /* set if a timer is running */ +static int lcp_rtt_file_fd = 0; /* fd for the opened LCP RTT file */ +static u_int32_t *lcp_rtt_buffer = NULL; /* the mmap'ed LCP RTT file */ static u_char nak_buffer[PPP_MRU]; /* where we construct a nak packet */ @@ -312,7 +333,7 @@ setendpoint(char **argv) lcp_wantoptions[0].neg_endpoint = 1; return 1; } - option_error("Can't parse '%s' as an endpoint discriminator", *argv); + ppp_option_error("Can't parse '%s' as an endpoint discriminator", *argv); return 0; } @@ -389,11 +410,11 @@ lcp_close(int unit, char *reason) fsm *f = &lcp_fsm[unit]; int oldstate; - if (phase != PHASE_DEAD && phase != PHASE_MASTER) + if (!in_phase(PHASE_DEAD) && !in_phase(PHASE_MASTER)) new_phase(PHASE_TERMINATE); if (f->flags & DELAYED_UP) { - untimeout(lcp_delayed_up, f); + UNTIMEOUT(lcp_delayed_up, f); f->state = STOPPED; } oldstate = f->state; @@ -435,7 +456,7 @@ lcp_lowerup(int unit) if (listen_time != 0) { f->flags |= DELAYED_UP; - timeout(lcp_delayed_up, f, 0, listen_time * 1000); + ppp_timeout(lcp_delayed_up, f, 0, listen_time * 1000); } else fsm_lowerup(f); } @@ -451,7 +472,7 @@ lcp_lowerdown(int unit) if (f->flags & DELAYED_UP) { f->flags &= ~DELAYED_UP; - untimeout(lcp_delayed_up, f); + UNTIMEOUT(lcp_delayed_up, f); } else fsm_lowerdown(&lcp_fsm[unit]); } @@ -482,7 +503,7 @@ lcp_input(int unit, u_char *p, int len) if (f->flags & DELAYED_UP) { f->flags &= ~DELAYED_UP; - untimeout(lcp_delayed_up, f); + UNTIMEOUT(lcp_delayed_up, f); fsm_lowerup(f); } fsm_input(f, p, len); @@ -1276,7 +1297,7 @@ lcp_nakci(fsm *f, u_char *p, int len, int treat_as_reject) if (looped_back) { if (++try.numloops >= lcp_loopbackfail) { notice("Serial line is looped back."); - status = EXIT_LOOPBACK; + ppp_set_status(EXIT_LOOPBACK); lcp_close(f->unit, "Loopback detected"); } } else @@ -1872,7 +1893,7 @@ lcp_up(fsm *f) #ifdef PPP_WITH_MULTILINK if (!(multilink && go->neg_mrru && ho->neg_mrru)) #endif /* PPP_WITH_MULTILINK */ - netif_set_mtu(f->unit, MIN(MIN(mtu, mru), ao->mru)); + ppp_set_mtu(f->unit, MIN(MIN(mtu, mru), ao->mru)); ppp_send_config(f->unit, mtu, (ho->neg_asyncmap? ho->asyncmap: 0xffffffff), ho->neg_pcompression, ho->neg_accompression); @@ -2186,7 +2207,7 @@ void LcpLinkFailure (fsm *f) if (f->state == OPENED) { info("No response to %d echo-requests", lcp_echos_pending); notice("Serial link appears to be disconnected."); - status = EXIT_PEER_DEAD; + ppp_set_status(EXIT_PEER_DEAD); lcp_close(f->unit, "Peer not responding"); } } @@ -2224,6 +2245,73 @@ LcpEchoTimeout (void *arg) } } +/* + * Log the round-trip time (RTT) of the received LCP echo-request. + * + * The header section at the beginning of lcp_rtt_file contains + * LCP_RTT_HEADER_LENGTH fields, each a u_int32_t in network byte order: + * [0] LCP_RTT_MAGIC + * [1] status (1: the file is open and is being written) + * [2] index of the most recently updated element + * [3] the value of the lcp-echo-interval parameter + * + * The header is followed by a ring buffer of LCP_RTT_ELEMENTS elements, each + * containing a pair of u_int32_t in network byte order with this content: + * [0] UNIX timestamp + * [1] bits 24-31: the number of lost LCP echo replies + * bits 0-23: the measured RTT in microseconds + * + * The timestamp is unsigned to support storing dates beyond 2038. + * + * Consumers of lcp_rtt_file are expected to: + * - read the complete file of arbitrary length + * - check the magic number + * - process the data elements starting at the index + * - ignore any elements with a timestamp of 0 + */ +static void +lcp_rtt_update_buffer (unsigned long rtt) +{ + volatile u_int32_t *const ring_header = lcp_rtt_buffer; + volatile u_int32_t *const ring_buffer = lcp_rtt_buffer + + LCP_RTT_HEADER_LENGTH; + unsigned int next_entry, lost; + + /* choose the next entry where the data will be stored */ + if (ntohl(ring_header[2]) >= (LCP_RTT_ELEMENTS - 1) * 2) + next_entry = 0; /* go back to the beginning */ + else + next_entry = ntohl(ring_header[2]) + 2; /* use the next one */ + + /* update the data element */ + /* storing the timestamp in an *unsigned* long allows dates up to 2106 */ + ring_buffer[next_entry] = htonl((u_int32_t) time(NULL)); + lost = lcp_echos_pending - 1; + if (lost > 0xFF) + lost = 0xFF; /* truncate the lost packets count to 256 */ + if (rtt > 0xFFFFFF) + rtt = 0xFFFFFF; /* truncate the RTT to 16777216 */ + /* use bits 24-31 for the lost packets count and bits 0-23 for the RTT */ + ring_buffer[next_entry + 1] = htonl((u_int32_t) ((lost << 24) + rtt)); + + /* update the pointer to the (just updated) most current data element */ + ring_header[2] = htonl(next_entry); + + /* In theory, CPUs implementing a weakly-consistent memory model do not + * guarantee that these three memory store operations to the buffer will + * be seen in the same order by the reader process. + * This means that a process reading the file could see the index + * having been updated before the element that the index points to had + * been written. + * But in practice we expect that the read(2) system call used by + * consumers processes is atomic with respect to the following msync(2) + * call, so we ignore the issue. + */ + + if (msync(lcp_rtt_buffer, LCP_RTT_FILE_SIZE, MS_ASYNC) < 0) + error("msync() for %s failed: %m", lcp_rtt_file); +} + /* * LcpEchoReply - LCP has received a reply to the echo */ @@ -2245,6 +2333,30 @@ lcp_received_echo_reply (fsm *f, int id, u_char *inp, int len) return; } + if (lcp_rtt_file_fd && len >= 16) { + long lcp_rtt_magic; + + /* + * If the magic word is found at the beginning of the data section + * of the frame then read the timestamp which follows and subtract + * it from the current time to compute the round trip time. + */ + GETLONG(lcp_rtt_magic, inp); + if (lcp_rtt_magic == LCP_RTT_MAGIC) { + struct timespec ts; + unsigned long req_sec, req_nsec, rtt; + + clock_gettime(CLOCK_MONOTONIC, &ts); + GETLONG(req_sec, inp); + GETLONG(req_nsec, inp); + /* compute the RTT in microseconds */ + rtt = (ts.tv_sec - req_sec) * 1000000 + + (ts.tv_nsec / 1000 - req_nsec / 1000); + /* log the RTT */ + lcp_rtt_update_buffer(rtt); + } + } + /* Reset the number of outstanding echo frames */ lcp_echos_pending = 0; } @@ -2257,7 +2369,7 @@ static void LcpSendEchoRequest (fsm *f) { u_int32_t lcp_magic; - u_char pkt[4], *pktp; + u_char pkt[16], *pktp; /* * Detect the failure of the peer at this point. @@ -2279,6 +2391,8 @@ LcpSendEchoRequest (fsm *f) if (get_ppp_stats(f->unit, &cur_stats) && cur_stats.pkts_in != last_pkts_in) { last_pkts_in = cur_stats.pkts_in; + /* receipt of traffic indicates the link is working... */ + lcp_echos_pending = 0; return; } } @@ -2290,11 +2404,73 @@ LcpSendEchoRequest (fsm *f) lcp_magic = lcp_gotoptions[f->unit].magicnumber; pktp = pkt; PUTLONG(lcp_magic, pktp); + + /* Put a timestamp in the data section of the frame */ + if (lcp_rtt_file_fd) { + struct timespec ts; + + PUTLONG(LCP_RTT_MAGIC, pktp); + clock_gettime(CLOCK_MONOTONIC, &ts); + PUTLONG((u_int32_t)ts.tv_sec, pktp); + PUTLONG((u_int32_t)ts.tv_nsec, pktp); + } + fsm_sdata(f, ECHOREQ, lcp_echo_number++ & 0xFF, pkt, pktp - pkt); ++lcp_echos_pending; } } +static void +lcp_rtt_open_file (void) +{ + volatile u_int32_t *ring_header; + + if (!lcp_rtt_file) + return; + + lcp_rtt_file_fd = open(lcp_rtt_file, O_RDWR | O_CREAT, 0644); + if (lcp_rtt_file_fd < 0) { + error("Can't open the RTT log file %s: %m", lcp_rtt_file); + lcp_rtt_file_fd = 0; + return; + } + + if (ftruncate(lcp_rtt_file_fd, LCP_RTT_FILE_SIZE) < 0) + fatal("ftruncate() of %s failed: %m", lcp_rtt_file); + lcp_rtt_buffer = mmap(0, LCP_RTT_FILE_SIZE, PROT_READ | PROT_WRITE, + MAP_SHARED, lcp_rtt_file_fd, 0); + if (lcp_rtt_buffer == MAP_FAILED) + fatal("mmap() of %s failed: %m", lcp_rtt_file); + ring_header = lcp_rtt_buffer; + + /* initialize the ring buffer */ + if (ring_header[0] != htonl(LCP_RTT_MAGIC)) { + memset(lcp_rtt_buffer, 0, LCP_RTT_FILE_SIZE); + ring_header[0] = htonl(LCP_RTT_MAGIC); + } + + ring_header[3] = htonl(lcp_echo_interval); + ring_header[1] = htonl(1); /* status: LCP up, file opened */ +} + +static void +lcp_rtt_close_file (void) +{ + volatile u_int32_t *const ring_header = lcp_rtt_buffer; + + if (!lcp_rtt_file_fd) + return; + + ring_header[1] = htonl(0); /* status: LCP down, file closed */ + + if (munmap(lcp_rtt_buffer, LCP_RTT_FILE_SIZE) < 0) + error("munmap() of %s failed: %m", lcp_rtt_file); + if (close(lcp_rtt_file_fd) < 0) + error("close() of %s failed: %m", lcp_rtt_file); + lcp_rtt_buffer = NULL; + lcp_rtt_file_fd = 0; +} + /* * lcp_echo_lowerup - Start the timer for the LCP frame */ @@ -2308,6 +2484,9 @@ lcp_echo_lowerup (int unit) lcp_echos_pending = 0; lcp_echo_number = 0; lcp_echo_timer_running = 0; + + /* Open the file where the LCP RTT data will be logged */ + lcp_rtt_open_file(); /* If a timeout interval is specified then start the timer */ if (lcp_echo_interval != 0) @@ -2327,4 +2506,7 @@ lcp_echo_lowerdown (int unit) UNTIMEOUT (LcpEchoTimeout, f); lcp_echo_timer_running = 0; } + + /* Close the file containing the LCP RTT data */ + lcp_rtt_close_file(); } diff --git a/pppd/lcp.h b/pppd/lcp.h index c01313d..bdf18d0 100644 --- a/pppd/lcp.h +++ b/pppd/lcp.h @@ -44,6 +44,11 @@ #include "pppdconf.h" +#ifdef __cplusplus +extern "C" { +#endif + + /* * Options. */ @@ -84,6 +89,14 @@ /* Value used as data for CI_CALLBACK option */ #define CBCP_OPT 6 /* Use callback control protocol */ +/* An endpoint discriminator, used with multilink. */ +#define MAX_ENDP_LEN 20 /* maximum length of discriminator value */ +struct epdisc { + unsigned char class; + unsigned char length; + unsigned char value[MAX_ENDP_LEN]; +}; + /* * The state of options is described by an lcp_options structure. */ @@ -106,11 +119,11 @@ typedef struct lcp_options { bool neg_endpoint; /* negotiate endpoint discriminator */ int mru; /* Value of MRU */ int mrru; /* Value of MRRU, and multilink enable */ - u_char chap_mdtype; /* which MD types (hashing algorithm) */ - u_int32_t asyncmap; /* Value of async map */ - u_int32_t magicnumber; + unsigned char chap_mdtype; /* which MD types (hashing algorithm) */ + uint32_t asyncmap; /* Value of async map */ + uint32_t magicnumber; int numloops; /* Number of loops during magic number neg. */ - u_int32_t lqr_period; /* Reporting period for LQR 1/100ths second */ + uint32_t lqr_period; /* Reporting period for LQR 1/100ths second */ struct epdisc endpoint; /* endpoint discriminator */ } lcp_options; @@ -128,7 +141,7 @@ void lcp_open(int); void lcp_close(int, char *); void lcp_lowerup(int); void lcp_lowerdown(int); -void lcp_sprotrej(int, u_char *, int); /* send protocol reject */ +void lcp_sprotrej(int, unsigned char *, int); /* send protocol reject */ extern struct protent lcp_protent; @@ -136,4 +149,9 @@ extern struct protent lcp_protent; before deciding the link is looped-back. */ #define DEFLOOPBACKFAIL 10 + +#ifdef __cplusplus +} #endif + +#endif // PPP_LCP_H diff --git a/pppd/magic.c b/pppd/magic.c index 6a5a7eb..5e50f1d 100644 --- a/pppd/magic.c +++ b/pppd/magic.c @@ -50,7 +50,7 @@ #include #include -#include "pppd.h" +#include "pppd-private.h" #include "magic.h" diff --git a/pppd/magic.h b/pppd/magic.h index 70e4ce5..68cbf9b 100644 --- a/pppd/magic.h +++ b/pppd/magic.h @@ -44,10 +44,18 @@ #include "pppdconf.h" +#ifdef __cplusplus +extern "C" { +#endif + void magic_init (void); /* Initialize the magic number generator */ u_int32_t magic (void); /* Returns the next magic number */ /* Fill buffer with random bytes */ void random_bytes (unsigned char *buf, int len); +#ifdef __cplusplus +} #endif + +#endif // PPP_MAGIC_H diff --git a/pppd/main.c b/pppd/main.c index 49319e2..8310c98 100644 --- a/pppd/main.c +++ b/pppd/main.c @@ -55,7 +55,7 @@ * 3. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Paul Mackerras - * ". + * ". * * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY @@ -95,7 +95,8 @@ #include #include -#include "pppd.h" +#include "pppd-private.h" +#include "options.h" #include "magic.h" #include "fsm.h" #include "lcp.h" @@ -104,11 +105,13 @@ #include "ipv6cp.h" #endif #include "upap.h" -#include "chap-new.h" +#include "chap.h" #include "eap.h" #include "ccp.h" #include "ecp.h" #include "pathnames.h" +#include "crypto.h" +#include "multilink.h" #ifdef PPP_WITH_TDB #include "tdb.h" @@ -122,7 +125,6 @@ #include "atcp.h" #endif - /* interface vars */ char ifname[IFNAMSIZ]; /* Interface name */ int ifunit; /* Interface unit number */ @@ -133,7 +135,6 @@ char *progname; /* Name of this program */ char hostname[MAXNAMELEN]; /* Our hostname */ static char pidfilename[MAXPATHLEN]; /* name of pid file */ static char linkpidfile[MAXPATHLEN]; /* name of linkname pid file */ -char ppp_devnam[MAXPATHLEN]; /* name of PPP tty (maybe ttypx) */ uid_t uid; /* Our real user-id */ struct notifier *pidchange = NULL; struct notifier *phasechange = NULL; @@ -145,7 +146,7 @@ int hungup; /* terminal has been hung up */ int privileged; /* we're running as real uid root */ int need_holdoff; /* need holdoff period before restarting */ int detached; /* have detached from terminal */ -volatile int status; /* exit status for pppd */ +volatile int code; /* exit status for pppd */ int unsuccess; /* # unsuccessful connection attempts */ int do_callback; /* != 0 if we should do callback next */ int doing_callback; /* != 0 if we are doing callback */ @@ -170,7 +171,7 @@ static int fd_loop; /* fd for getting demand-dial packets */ int fd_devnull; /* fd for /dev/null */ int devfd = -1; /* fd of underlying device */ int fd_ppp = -1; /* fd for talking PPP */ -int phase; /* where the link is at */ +ppp_phase_t phase; /* where the link is at */ int kill_link; int asked_to_quit; int open_ccp_flag; @@ -205,6 +206,7 @@ static struct pppd_stats old_link_stats; struct pppd_stats link_stats; unsigned link_connect_time; int link_stats_valid; +int link_stats_print; int error_count; @@ -246,6 +248,7 @@ static void holdoff_end(void *); static void forget_child(int pid, int status); static int reap_kids(void); static void childwait_end(void *); +static void run_net_script(char* script, int wait); #ifdef PPP_WITH_TDB static void update_db_entry(void); @@ -260,6 +263,72 @@ void print_link_stats(void); extern char *getlogin(void); int main(int, char *[]); +const char *ppp_hostname() +{ + return hostname; +} + +bool ppp_signaled(int sig) +{ + if (sig == SIGTERM) + return !!got_sigterm; + if (sig == SIGUSR2) + return !!got_sigusr2; + if (sig == SIGHUP) + return !!got_sighup; + return false; +} + +ppp_exit_code_t ppp_status() +{ + return code; +} + +void ppp_set_status(ppp_exit_code_t value) +{ + code = value; +} + +void ppp_set_session_number(int number) +{ + ppp_session_number = number; +} + +int ppp_get_session_number() +{ + return ppp_session_number; +} + +const char *ppp_ifname() +{ + return ifname; +} + +int ppp_get_ifname(char *buf, size_t bufsz) +{ + if (buf) { + return strlcpy(buf, ifname, bufsz); + } + return false; +} + +void ppp_set_ifname(const char *name) +{ + if (name) { + strlcpy(ifname, name, sizeof(ifname)); + } +} + +int ppp_ifunit() +{ + return ifunit; +} + +int ppp_get_link_uptime() +{ + return link_connect_time; +} + /* * PPP Data Link Layer "protocol" table. * One entry per supported protocol. @@ -294,14 +363,17 @@ main(int argc, char *argv[]) struct protent *protp; char numbuf[16]; - strlcpy(path_ipup, _PATH_IPUP, MAXPATHLEN); - strlcpy(path_ipdown, _PATH_IPDOWN, MAXPATHLEN); + PPP_crypto_init(); + + strlcpy(path_ipup, PPP_PATH_IPUP, MAXPATHLEN); + strlcpy(path_ipdown, PPP_PATH_IPDOWN, MAXPATHLEN); #ifdef PPP_WITH_IPV6CP - strlcpy(path_ipv6up, _PATH_IPV6UP, MAXPATHLEN); - strlcpy(path_ipv6down, _PATH_IPV6DOWN, MAXPATHLEN); + strlcpy(path_ipv6up, PPP_PATH_IPV6UP, MAXPATHLEN); + strlcpy(path_ipv6down, PPP_PATH_IPV6DOWN, MAXPATHLEN); #endif link_stats_valid = 0; + link_stats_print = 1; new_phase(PHASE_INITIALIZE); script_env = NULL; @@ -309,8 +381,8 @@ main(int argc, char *argv[]) /* Initialize syslog facilities */ reopen_log(); - if (gethostname(hostname, MAXNAMELEN) < 0 ) { - option_error("Couldn't get hostname: %m"); + if (gethostname(hostname, sizeof(hostname)) < 0 ) { + ppp_option_error("Couldn't get hostname: %m"); exit(1); } hostname[MAXNAMELEN-1] = 0; @@ -321,7 +393,7 @@ main(int argc, char *argv[]) uid = getuid(); privileged = uid == 0; slprintf(numbuf, sizeof(numbuf), "%d", uid); - script_setenv("ORIG_UID", numbuf, 0); + ppp_script_setenv("ORIG_UID", numbuf, 0); ngroups = getgroups(NGROUPS_MAX, groups); @@ -348,7 +420,7 @@ main(int argc, char *argv[]) * Parse, in order, the system options file, the user's options file, * and the command line arguments. */ - if (!options_from_file(_PATH_SYSOPTIONS, !privileged, 0, 1) + if (!ppp_options_from_file(PPP_PATH_SYSOPTIONS, !privileged, 0, 1) || !options_from_user() || !parse_args(argc-1, argv+1)) exit(EXIT_OPTION_ERROR); @@ -364,17 +436,22 @@ main(int argc, char *argv[]) if (debug) setlogmask(LOG_UPTO(LOG_DEBUG)); + if (show_options) { + showopts(); + die(0); + } + /* * Check that we are running as root. */ if (geteuid() != 0) { - option_error("must be root to run %s, since it is not setuid-root", + ppp_option_error("must be root to run %s, since it is not setuid-root", argv[0]); exit(EXIT_NOT_ROOT); } - if (!ppp_available()) { - option_error("%s", no_ppp_msg); + if (!ppp_check_kernel_support()) { + ppp_option_error("%s", no_ppp_msg); exit(EXIT_NO_KERNEL_SUPPORT); } @@ -385,9 +462,7 @@ main(int argc, char *argv[]) if (!sys_check_options()) exit(EXIT_OPTION_ERROR); auth_check_options(); -#ifdef PPP_WITH_MULTILINK mp_check_options(); -#endif for (i = 0; (protp = protocols[i]) != NULL; ++i) if (protp->check_options != NULL) (*protp->check_options)(); @@ -405,9 +480,9 @@ main(int argc, char *argv[]) die(0); /* Make sure fds 0, 1, 2 are open to somewhere. */ - fd_devnull = open(_PATH_DEVNULL, O_RDWR); + fd_devnull = open(PPP_DEVNULL, O_RDWR); if (fd_devnull < 0) - fatal("Couldn't open %s: %m", _PATH_DEVNULL); + fatal("Couldn't open %s: %m", PPP_DEVNULL); while (fd_devnull <= 2) { i = dup(fd_devnull); if (i < 0) @@ -421,12 +496,12 @@ main(int argc, char *argv[]) sys_init(); #ifdef PPP_WITH_TDB - pppdb = tdb_open(_PATH_PPPDB, 0, 0, O_RDWR|O_CREAT, 0644); + pppdb = tdb_open(PPP_PATH_PPPDB, 0, 0, O_RDWR|O_CREAT, 0644); if (pppdb != NULL) { slprintf(db_key, sizeof(db_key), "pppd%d", getpid()); update_db_entry(); } else { - warn("Warning: couldn't open ppp database %s", _PATH_PPPDB); + warn("Warning: couldn't open ppp database %s", PPP_PATH_PPPDB); if (multilink) { warn("Warning: disabling multilink"); multilink = 0; @@ -449,12 +524,12 @@ main(int argc, char *argv[]) p = "(unknown)"; } syslog(LOG_NOTICE, "pppd %s started by %s, uid %d", VERSION, p, uid); - script_setenv("PPPLOGNAME", p, 0); + ppp_script_setenv("PPPLOGNAME", p, 0); if (devnam[0]) - script_setenv("DEVICE", devnam, 1); + ppp_script_setenv("DEVICE", devnam, 1); slprintf(numbuf, sizeof(numbuf), "%d", getpid()); - script_setenv("PPPD_PID", numbuf, 1); + ppp_script_setenv("PPPD_PID", numbuf, 1); setup_signals(); @@ -485,7 +560,7 @@ main(int argc, char *argv[]) listen_time = 0; need_holdoff = 1; devfd = -1; - status = EXIT_OK; + code = EXIT_OK; ++unsuccess; doing_callback = do_callback; do_callback = 0; @@ -515,10 +590,10 @@ main(int argc, char *argv[]) info("Starting link"); } - get_time(&start_time); - script_unsetenv("CONNECT_TIME"); - script_unsetenv("BYTES_SENT"); - script_unsetenv("BYTES_RCVD"); + ppp_get_time(&start_time); + ppp_script_unsetenv("CONNECT_TIME"); + ppp_script_unsetenv("BYTES_SENT"); + ppp_script_unsetenv("BYTES_RCVD"); lcp_open(0); /* Start protocol */ start_link(0); @@ -581,7 +656,8 @@ main(int argc, char *argv[]) } } - die(status); + PPP_crypto_deinit(); + die(code); return 0; } @@ -612,15 +688,15 @@ handle_events(void) info("Hangup (SIGHUP)"); kill_link = 1; got_sighup = 0; - if (status != EXIT_HANGUP) - status = EXIT_USER_REQUEST; + if (code != EXIT_HANGUP) + code = EXIT_USER_REQUEST; } if (got_sigterm) { info("Terminating on signal %d", got_sigterm); kill_link = 1; asked_to_quit = 1; persist = 0; - status = EXIT_USER_REQUEST; + code = EXIT_USER_REQUEST; got_sigterm = 0; } if (got_sigchld) { @@ -724,6 +800,26 @@ setup_signals(void) signal(SIGPIPE, SIG_IGN); } +/* + * net-* scripts to be run come through here. + */ +void run_net_script(char* script, int wait) +{ + char strspeed[32]; + char *argv[6]; + + slprintf(strspeed, sizeof(strspeed), "%d", baud_rate); + + argv[0] = script; + argv[1] = ifname; + argv[2] = devnam; + argv[3] = strspeed; + argv[4] = ipparam; + argv[5] = NULL; + + run_program(script, argv, 0, NULL, NULL, wait); +} + /* * set_ifunit - do things we need to do once we know which ppp * unit we are using. @@ -738,13 +834,14 @@ set_ifunit(int iskey) else slprintf(ifname, sizeof(ifname), "%s%d", PPP_DRV_NAME, ifunit); info("Using interface %s", ifname); - script_setenv("IFNAME", ifname, iskey); + ppp_script_setenv("IFNAME", ifname, iskey); slprintf(ifkey, sizeof(ifkey), "%d", ifunit); - script_setenv("UNIT", ifkey, iskey); + ppp_script_setenv("UNIT", ifkey, iskey); if (iskey) { create_pidfile(getpid()); /* write pid to file */ create_linkpidfile(getpid()); } + run_net_script(PPP_PATH_NET_INIT, 1); } /* @@ -787,7 +884,7 @@ detach(void) if (log_default) log_to_fd = -1; slprintf(numbuf, sizeof(numbuf), "%d", getpid()); - script_setenv("PPPD_PID", numbuf, 1); + ppp_script_setenv("PPPD_PID", numbuf, 1); /* wait for parent to finish updating pid & lock files and die */ close(pipefd[1]); @@ -813,8 +910,8 @@ create_pidfile(int pid) { FILE *pidfile; - slprintf(pidfilename, sizeof(pidfilename), "%s%s.pid", - _PATH_VARRUN, ifname); + slprintf(pidfilename, sizeof(pidfilename), "%s/%s.pid", + PPP_PATH_VARRUN, ifname); if ((pidfile = fopen(pidfilename, "w")) != NULL) { fprintf(pidfile, "%d\n", pid); (void) fclose(pidfile); @@ -831,9 +928,9 @@ create_linkpidfile(int pid) if (linkname[0] == 0) return; - script_setenv("LINKNAME", linkname, 1); - slprintf(linkpidfile, sizeof(linkpidfile), "%sppp-%s.pid", - _PATH_VARRUN, linkname); + ppp_script_setenv("LINKNAME", linkname, 1); + slprintf(linkpidfile, sizeof(linkpidfile), "%s/ppp-%s.pid", + PPP_PATH_VARRUN, linkname); if ((pidfile = fopen(linkpidfile, "w")) != NULL) { fprintf(pidfile, "%d\n", pid); if (ifname[0]) @@ -1034,14 +1131,14 @@ get_input(void) return; if (len == 0) { - if (bundle_eof && multilink_master) { + if (bundle_eof && mp_master()) { notice("Last channel has disconnected"); mp_bundle_terminated(); return; } notice("Modem hangup"); hungup = 1; - status = EXIT_HANGUP; + code = EXIT_HANGUP; lcp_lowerdown(0); /* serial link is no longer available */ link_terminated(0); return; @@ -1145,21 +1242,45 @@ ppp_recv_config(int unit, int mru, u_int32_t accm, int pcomp, int accomp) * new_phase - signal the start of a new phase of pppd's operation. */ void -new_phase(int p) +new_phase(ppp_phase_t p) { + switch (p) { + case PHASE_NETWORK: + if (phase <= PHASE_NETWORK) { + char iftmpname[IFNAMSIZ]; + int ifindex = if_nametoindex(ifname); + run_net_script(PPP_PATH_NET_PREUP, 1); + if (if_indextoname(ifindex, iftmpname) && strcmp(iftmpname, ifname)) { + info("Detected interface name change from %s to %s.", ifname, iftmpname); + strcpy(ifname, iftmpname); + } + } + break; + case PHASE_DISCONNECT: + run_net_script(PPP_PATH_NET_DOWN, 0); + break; + } + phase = p; if (new_phase_hook) (*new_phase_hook)(p); notify(phasechange, p); } +bool +in_phase(ppp_phase_t p) +{ + return (phase == p); +} + /* * die - clean up state and exit with the specified status. */ void die(int status) { - if (!doing_multilink || multilink_master) + + if (!mp_on() || mp_master()) print_link_stats(); cleanup(); notify(exitnotify, status); @@ -1195,12 +1316,12 @@ print_link_stats(void) /* * Print connect time and statistics. */ - if (link_stats_valid) { + if (link_stats_print && link_stats_valid) { int t = (link_connect_time + 5) / 6; /* 1/10ths of minutes */ info("Connect time %d.%d minutes.", t/10, t%10); info("Sent %u bytes, received %u bytes.", link_stats.bytes_out, link_stats.bytes_in); - link_stats_valid = 0; + link_stats_print = 0; } } @@ -1212,7 +1333,7 @@ reset_link_stats(int u) { if (!get_ppp_stats(u, &old_link_stats)) return; - get_time(&start_time); + ppp_get_time(&start_time); } /* @@ -1225,7 +1346,7 @@ update_link_stats(int u) char numbuf[32]; if (!get_ppp_stats(u, &link_stats) - || get_time(&now) < 0) + || ppp_get_time(&now) < 0) return; link_connect_time = now.tv_sec - start_time.tv_sec; link_stats_valid = 1; @@ -1236,11 +1357,24 @@ update_link_stats(int u) link_stats.pkts_out -= old_link_stats.pkts_out; slprintf(numbuf, sizeof(numbuf), "%u", link_connect_time); - script_setenv("CONNECT_TIME", numbuf, 0); + ppp_script_setenv("CONNECT_TIME", numbuf, 0); snprintf(numbuf, sizeof(numbuf), "%" PRIu64, link_stats.bytes_out); - script_setenv("BYTES_SENT", numbuf, 0); + ppp_script_setenv("BYTES_SENT", numbuf, 0); snprintf(numbuf, sizeof(numbuf), "%" PRIu64, link_stats.bytes_in); - script_setenv("BYTES_RCVD", numbuf, 0); + ppp_script_setenv("BYTES_RCVD", numbuf, 0); +} + +bool +ppp_get_link_stats(ppp_link_stats_st *stats) +{ + update_link_stats(0); + if (stats != NULL && + link_stats_valid) { + + memcpy(stats, &link_stats, sizeof(*stats)); + return true; + } + return false; } @@ -1258,7 +1392,7 @@ static struct timeval timenow; /* Current time */ * timeout - Schedule a timeout. */ void -timeout(void (*func)(void *), void *arg, int secs, int usecs) +ppp_timeout(void (*func)(void *), void *arg, int secs, int usecs) { struct callout *newp, *p, **pp; @@ -1269,7 +1403,7 @@ timeout(void (*func)(void *), void *arg, int secs, int usecs) fatal("Out of memory in timeout()!"); newp->c_arg = arg; newp->c_func = func; - get_time(&timenow); + ppp_get_time(&timenow); newp->c_time.tv_sec = timenow.tv_sec + secs; newp->c_time.tv_usec = timenow.tv_usec + usecs; if (newp->c_time.tv_usec >= 1000000) { @@ -1294,7 +1428,7 @@ timeout(void (*func)(void *), void *arg, int secs, int usecs) * untimeout - Unschedule a timeout. */ void -untimeout(void (*func)(void *), void *arg) +ppp_untimeout(void (*func)(void *), void *arg) { struct callout **copp, *freep; @@ -1321,7 +1455,7 @@ calltimeout(void) while (callout != NULL) { p = callout; - if (get_time(&timenow) < 0) + if (ppp_get_time(&timenow) < 0) fatal("Failed to get time of day: %m"); if (!(p->c_time.tv_sec < timenow.tv_sec || (p->c_time.tv_sec == timenow.tv_sec @@ -1345,7 +1479,7 @@ timeleft(struct timeval *tvp) if (callout == NULL) return NULL; - get_time(&timenow); + ppp_get_time(&timenow); tvp->tv_sec = callout->c_time.tv_sec - timenow.tv_sec; tvp->tv_usec = callout->c_time.tv_usec - timenow.tv_usec; if (tvp->tv_usec < 0) { @@ -1524,14 +1658,14 @@ bad_signal(int sig) } /* - * safe_fork - Create a child process. The child closes all the + * ppp_safe_fork - Create a child process. The child closes all the * file descriptors that we don't want to leak to a script. * The parent waits for the child to do this before returning. * This also arranges for the specified fds to be dup'd to * fds 0, 1, 2 in the child. */ pid_t -safe_fork(int infd, int outfd, int errfd) +ppp_safe_fork(int infd, int outfd, int errfd) { pid_t pid; int fd, pipefd[2]; @@ -1562,7 +1696,7 @@ safe_fork(int infd, int outfd, int errfd) } /* Executing in the child */ - sys_close(); + ppp_sys_close(); #ifdef PPP_WITH_TDB if (pppdb != NULL) tdb_close(pppdb); @@ -1655,7 +1789,7 @@ update_system_environment(void) /* * device_script - run a program to talk to the specified fds * (e.g. to run the connector or disconnector script). - * stderr gets connected to the log fd or to the _PATH_CONNERRS file. + * stderr gets connected to the log fd or to the PPP_PATH_CONNERRS file. */ int device_script(char *program, int in, int out, int dont_wait) @@ -1668,10 +1802,10 @@ device_script(char *program, int in, int out, int dont_wait) if (log_to_fd >= 0) errfd = log_to_fd; else - errfd = open(_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0644); + errfd = open(PPP_PATH_CONNERRS, O_WRONLY | O_APPEND | O_CREAT, 0644); ++conn_running; - pid = safe_fork(in, out, errfd); + pid = ppp_safe_fork(in, out, errfd); if (pid != 0 && log_to_fd < 0) close(errfd); @@ -1721,7 +1855,7 @@ device_script(char *program, int in, int out, int dont_wait) * and update the script environment. Note that we intentionally do * not update the TDB. These changes are layered on top right before * exec. It is not possible to use script_setenv() or - * script_unsetenv() safely after this routine is run. + * ppp_script_unsetenv() safely after this routine is run. */ static void update_script_environment(void) @@ -1765,7 +1899,7 @@ update_script_environment(void) * reap_kids) iff the return value is > 0. */ pid_t -run_program(char *prog, char **args, int must_exist, void (*done)(void *), void *arg, int wait) +run_program(char *prog, char * const *args, int must_exist, void (*done)(void *), void *arg, int wait) { int pid, status, ret; struct stat sbuf; @@ -1784,7 +1918,7 @@ run_program(char *prog, char **args, int must_exist, void (*done)(void *), void return 0; } - pid = safe_fork(fd_devnull, fd_devnull, fd_devnull); + pid = ppp_safe_fork(fd_devnull, fd_devnull, fd_devnull); if (pid == -1) { error("Failed to create child process for %s: %m", prog); return -1; @@ -1933,21 +2067,46 @@ reap_kids(void) return 0; } + +struct notifier **get_notifier_by_type(ppp_notify_t type) +{ + struct notifier **list[NF_MAX_NOTIFY] = { + [NF_PID_CHANGE ] = &pidchange, + [NF_PHASE_CHANGE] = &phasechange, + [NF_EXIT ] = &exitnotify, + [NF_SIGNALED ] = &sigreceived, + [NF_IP_UP ] = &ip_up_notifier, + [NF_IP_DOWN ] = &ip_down_notifier, +#ifdef PPP_WITH_IPV6CP + [NF_IPV6_UP ] = &ipv6_up_notifier, + [NF_IPV6_DOWN ] = &ipv6_down_notifier, +#endif + [NF_AUTH_UP ] = &auth_up_notifier, + [NF_LINK_DOWN ] = &link_down_notifier, + [NF_FORK ] = &fork_notifier, + }; + return list[type]; +} + /* * add_notifier - add a new function to be called when something happens. */ void -add_notifier(struct notifier **notif, notify_func func, void *arg) +ppp_add_notify(ppp_notify_t type, ppp_notify_fn *func, void *arg) { - struct notifier *np; - - np = malloc(sizeof(struct notifier)); - if (np == 0) - novm("notifier struct"); - np->next = *notif; - np->func = func; - np->arg = arg; - *notif = np; + struct notifier **notif = get_notifier_by_type(type); + if (notif) { + + struct notifier *np = malloc(sizeof(struct notifier)); + if (np == 0) + novm("notifier struct"); + np->next = *notif; + np->func = func; + np->arg = arg; + *notif = np; + } else { + error("Could not find notifier function for: %d", type); + } } /* @@ -1955,16 +2114,21 @@ add_notifier(struct notifier **notif, notify_func func, void *arg) * be called when something happens. */ void -remove_notifier(struct notifier **notif, notify_func func, void *arg) +ppp_del_notify(ppp_notify_t type, ppp_notify_fn *func, void *arg) { - struct notifier *np; - - for (; (np = *notif) != 0; notif = &np->next) { - if (np->func == func && np->arg == arg) { - *notif = np->next; - free(np); - break; + struct notifier **notif = get_notifier_by_type(type); + if (notif) { + struct notifier *np; + + for (; (np = *notif) != 0; notif = &np->next) { + if (np->func == func && np->arg == arg) { + *notif = np->next; + free(np); + break; + } } + } else { + error("Could not find notifier function for: %d", type); } } @@ -1986,17 +2150,17 @@ notify(struct notifier *notif, int val) * novm - log an error message saying we ran out of memory, and die. */ void -novm(char *msg) +novm(const char *msg) { fatal("Virtual memory exhausted allocating %s\n", msg); } /* - * script_setenv - set an environment variable value to be used + * ppp_script_setenv - set an environment variable value to be used * for scripts that we run (e.g. ip-up, auth-up, etc.) */ void -script_setenv(char *var, char *value, int iskey) +ppp_script_setenv(char *var, char *value, int iskey) { size_t varl = strlen(var); size_t vl = varl + strlen(value) + 2; @@ -2053,11 +2217,11 @@ script_setenv(char *var, char *value, int iskey) } /* - * script_unsetenv - remove a variable from the environment + * ppp_script_unsetenv - remove a variable from the environment * for scripts. */ void -script_unsetenv(char *var) +ppp_script_unsetenv(char *var) { int vl = strlen(var); int i; diff --git a/pppd/md4.c b/pppd/md4.c deleted file mode 100644 index 88f3413..0000000 --- a/pppd/md4.c +++ /dev/null @@ -1,293 +0,0 @@ -/* -** ******************************************************************** -** md4.c -- Implementation of MD4 Message Digest Algorithm ** -** Updated: 2/16/90 by Ronald L. Rivest ** -** (C) 1990 RSA Data Security, Inc. ** -** ******************************************************************** -*/ - -/* -** To use MD4: -** -- Include md4.h in your program -** -- Declare an MDstruct MD to hold the state of the digest -** computation. -** -- Initialize MD using MDbegin(&MD) -** -- For each full block (64 bytes) X you wish to process, call -** MD4Update(&MD,X,512) -** (512 is the number of bits in a full block.) -** -- For the last block (less than 64 bytes) you wish to process, -** MD4Update(&MD,X,n) -** where n is the number of bits in the partial block. A partial -** block terminates the computation, so every MD computation -** should terminate by processing a partial block, even if it -** has n = 0. -** -- The message digest is available in MD.buffer[0] ... -** MD.buffer[3]. (Least-significant byte of each word -** should be output first.) -** -- You can print out the digest using MDprint(&MD) -*/ - -/* Implementation notes: -** This implementation assumes that ints are 32-bit quantities. -*/ -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif - -#define TRUE 1 -#define FALSE 0 - -/* Compile-time includes -*/ -#include -#include "md4.h" -#include "pppd.h" - -/* Compile-time declarations of MD4 "magic constants". -*/ -#define I0 0x67452301 /* Initial values for MD buffer */ -#define I1 0xefcdab89 -#define I2 0x98badcfe -#define I3 0x10325476 -#define C2 013240474631 /* round 2 constant = sqrt(2) in octal */ -#define C3 015666365641 /* round 3 constant = sqrt(3) in octal */ -/* C2 and C3 are from Knuth, The Art of Programming, Volume 2 -** (Seminumerical Algorithms), Second Edition (1981), Addison-Wesley. -** Table 2, page 660. -*/ - -#define fs1 3 /* round 1 shift amounts */ -#define fs2 7 -#define fs3 11 -#define fs4 19 -#define gs1 3 /* round 2 shift amounts */ -#define gs2 5 -#define gs3 9 -#define gs4 13 -#define hs1 3 /* round 3 shift amounts */ -#define hs2 9 -#define hs3 11 -#define hs4 15 - -/* Compile-time macro declarations for MD4. -** Note: The "rot" operator uses the variable "tmp". -** It assumes tmp is declared as unsigned int, so that the >> -** operator will shift in zeros rather than extending the sign bit. -*/ -#define f(X,Y,Z) ((X&Y) | ((~X)&Z)) -#define g(X,Y,Z) ((X&Y) | (X&Z) | (Y&Z)) -#define h(X,Y,Z) (X^Y^Z) -#define rot(X,S) (tmp=X,(tmp<>(32-S))) -#define ff(A,B,C,D,i,s) A = rot((A + f(B,C,D) + X[i]),s) -#define gg(A,B,C,D,i,s) A = rot((A + g(B,C,D) + X[i] + C2),s) -#define hh(A,B,C,D,i,s) A = rot((A + h(B,C,D) + X[i] + C3),s) - -/* MD4print(MDp) -** Print message digest buffer MDp as 32 hexadecimal digits. -** Order is from low-order byte of buffer[0] to high-order byte of -** buffer[3]. -** Each byte is printed with high-order hexadecimal digit first. -** This is a user-callable routine. -*/ -void -MD4Print(MD4_CTX *MDp) -{ - int i,j; - for (i=0;i<4;i++) - for (j=0;j<32;j=j+8) - printf("%02x",(MDp->buffer[i]>>j) & 0xFF); -} - -/* MD4Init(MDp) -** Initialize message digest buffer MDp. -** This is a user-callable routine. -*/ -void -MD4Init(MD4_CTX *MDp) -{ - int i; - MDp->buffer[0] = I0; - MDp->buffer[1] = I1; - MDp->buffer[2] = I2; - MDp->buffer[3] = I3; - for (i=0;i<8;i++) MDp->count[i] = 0; - MDp->done = 0; -} - -/* MDblock(MDp,X) -** Update message digest buffer MDp->buffer using 16-word data block X. -** Assumes all 16 words of X are full of data. -** Does not update MDp->count. -** This routine is not user-callable. -*/ -static void -MDblock(MD4_CTX *MDp, unsigned char *Xb) -{ - register unsigned int tmp, A, B, C, D; - unsigned int X[16]; - int i; - - for (i = 0; i < 16; ++i) { - X[i] = Xb[0] + (Xb[1] << 8) + (Xb[2] << 16) + (Xb[3] << 24); - Xb += 4; - } - - A = MDp->buffer[0]; - B = MDp->buffer[1]; - C = MDp->buffer[2]; - D = MDp->buffer[3]; - /* Update the message digest buffer */ - ff(A , B , C , D , 0 , fs1); /* Round 1 */ - ff(D , A , B , C , 1 , fs2); - ff(C , D , A , B , 2 , fs3); - ff(B , C , D , A , 3 , fs4); - ff(A , B , C , D , 4 , fs1); - ff(D , A , B , C , 5 , fs2); - ff(C , D , A , B , 6 , fs3); - ff(B , C , D , A , 7 , fs4); - ff(A , B , C , D , 8 , fs1); - ff(D , A , B , C , 9 , fs2); - ff(C , D , A , B , 10 , fs3); - ff(B , C , D , A , 11 , fs4); - ff(A , B , C , D , 12 , fs1); - ff(D , A , B , C , 13 , fs2); - ff(C , D , A , B , 14 , fs3); - ff(B , C , D , A , 15 , fs4); - gg(A , B , C , D , 0 , gs1); /* Round 2 */ - gg(D , A , B , C , 4 , gs2); - gg(C , D , A , B , 8 , gs3); - gg(B , C , D , A , 12 , gs4); - gg(A , B , C , D , 1 , gs1); - gg(D , A , B , C , 5 , gs2); - gg(C , D , A , B , 9 , gs3); - gg(B , C , D , A , 13 , gs4); - gg(A , B , C , D , 2 , gs1); - gg(D , A , B , C , 6 , gs2); - gg(C , D , A , B , 10 , gs3); - gg(B , C , D , A , 14 , gs4); - gg(A , B , C , D , 3 , gs1); - gg(D , A , B , C , 7 , gs2); - gg(C , D , A , B , 11 , gs3); - gg(B , C , D , A , 15 , gs4); - hh(A , B , C , D , 0 , hs1); /* Round 3 */ - hh(D , A , B , C , 8 , hs2); - hh(C , D , A , B , 4 , hs3); - hh(B , C , D , A , 12 , hs4); - hh(A , B , C , D , 2 , hs1); - hh(D , A , B , C , 10 , hs2); - hh(C , D , A , B , 6 , hs3); - hh(B , C , D , A , 14 , hs4); - hh(A , B , C , D , 1 , hs1); - hh(D , A , B , C , 9 , hs2); - hh(C , D , A , B , 5 , hs3); - hh(B , C , D , A , 13 , hs4); - hh(A , B , C , D , 3 , hs1); - hh(D , A , B , C , 11 , hs2); - hh(C , D , A , B , 7 , hs3); - hh(B , C , D , A , 15 , hs4); - MDp->buffer[0] += A; - MDp->buffer[1] += B; - MDp->buffer[2] += C; - MDp->buffer[3] += D; -} - -/* MD4Update(MDp,X,count) -** Input: X -- a pointer to an array of unsigned characters. -** count -- the number of bits of X to use. -** (if not a multiple of 8, uses high bits of last byte.) -** Update MDp using the number of bits of X given by count. -** This is the basic input routine for an MD4 user. -** The routine completes the MD computation when count < 512, so -** every MD computation should end with one call to MD4Update with a -** count less than 512. A call with count 0 will be ignored if the -** MD has already been terminated (done != 0), so an extra call with -** count 0 can be given as a "courtesy close" to force termination -** if desired. -*/ -void -MD4Update(MD4_CTX *MDp, unsigned char *X, unsigned int count) -{ - unsigned int i, tmp, bit, byte, mask; - unsigned char XX[64]; - unsigned char *p; - - /* return with no error if this is a courtesy close with count - ** zero and MDp->done is true. - */ - if (count == 0 && MDp->done) return; - /* check to see if MD is already done and report error */ - if (MDp->done) - { printf("\nError: MD4Update MD already done."); return; } - - /* Add count to MDp->count */ - tmp = count; - p = MDp->count; - while (tmp) - { tmp += *p; - *p++ = tmp; - tmp = tmp >> 8; - } - - /* Process data */ - if (count == 512) - { /* Full block of data to handle */ - MDblock(MDp,X); - } - else if (count > 512) /* Check for count too large */ - { - printf("\nError: MD4Update called with illegal count value %d.", - count); - return; - } - else /* partial block -- must be last block so finish up */ - { - /* Find out how many bytes and residual bits there are */ - byte = count >> 3; - bit = count & 7; - /* Copy X into XX since we need to modify it */ - if (count) - for (i=0;i<=byte;i++) XX[i] = X[i]; - for (i=byte+1;i<64;i++) XX[i] = 0; - /* Add padding '1' bit and low-order zeros in last byte */ - mask = 1 << (7 - bit); - XX[byte] = (XX[byte] | mask) & ~( mask - 1); - /* If room for bit count, finish up with this block */ - if (byte <= 55) - { - for (i=0;i<8;i++) XX[56+i] = MDp->count[i]; - MDblock(MDp,XX); - } - else /* need to do two blocks to finish up */ - { - MDblock(MDp,XX); - for (i=0;i<56;i++) XX[i] = 0; - for (i=0;i<8;i++) XX[56+i] = MDp->count[i]; - MDblock(MDp,XX); - } - /* Set flag saying we're done with MD computation */ - MDp->done = 1; - } -} - -/* -** Finish up MD4 computation and return message digest. -*/ -void -MD4Final(unsigned char *buf, MD4_CTX *MD) -{ - int i, j; - unsigned int w; - - MD4Update(MD, NULL, 0); - for (i = 0; i < 4; ++i) { - w = MD->buffer[i]; - for (j = 0; j < 4; ++j) { - *buf++ = w; - w >>= 8; - } - } -} - -/* -** End of md4.c -****************************(cut)***********************************/ diff --git a/pppd/md4.h b/pppd/md4.h deleted file mode 100644 index 546ea02..0000000 --- a/pppd/md4.h +++ /dev/null @@ -1,68 +0,0 @@ - -/* -** ******************************************************************** -** md4.h -- Header file for implementation of ** -** MD4 Message Digest Algorithm ** -** Updated: 2/13/90 by Ronald L. Rivest ** -** (C) 1990 RSA Data Security, Inc. ** -** ******************************************************************** -*/ -#ifndef PPP_MD4_H -#define PPP_MD4_H - -#include "pppdconf.h" - -#ifndef USE_MD4 -#include -#define MD4Init MD4_Init -#define MD4Update MD4_Update -#define MD4Final MD4_Final -#else - -/* MDstruct is the data structure for a message digest computation. -*/ -typedef struct { - unsigned int buffer[4]; /* Holds 4-word result of MD computation */ - unsigned char count[8]; /* Number of bits processed so far */ - unsigned int done; /* Nonzero means MD computation finished */ -} MD4_CTX; - -/* MD4Init(MD4_CTX *) -** Initialize the MD4_CTX prepatory to doing a message digest -** computation. -*/ -extern void MD4Init(MD4_CTX *MD); - -/* MD4Update(MD,X,count) -** Input: X -- a pointer to an array of unsigned characters. -** count -- the number of bits of X to use (an unsigned int). -** Updates MD using the first "count" bits of X. -** The array pointed to by X is not modified. -** If count is not a multiple of 8, MD4Update uses high bits of -** last byte. -** This is the basic input routine for a user. -** The routine terminates the MD computation when count < 512, so -** every MD computation should end with one call to MD4Update with a -** count less than 512. Zero is OK for a count. -*/ -extern void MD4Update(MD4_CTX *MD, unsigned char *X, unsigned int count); - -/* MD4Print(MD) -** Prints message digest buffer MD as 32 hexadecimal digits. -** Order is from low-order byte of buffer[0] to high-order byte -** of buffer[3]. -** Each byte is printed with high-order hexadecimal digit first. -*/ -extern void MD4Print(MD4_CTX *); - -/* MD4Final(buf, MD) -** Returns message digest from MD and terminates the message -** digest computation. -*/ -extern void MD4Final(unsigned char *, MD4_CTX *); - -/* -** End of md4.h -****************************(cut)***********************************/ -#endif /* USE_MD4 */ -#endif /* PPP_MD4_H */ diff --git a/pppd/md5.c b/pppd/md5.c deleted file mode 100644 index 9fb3397..0000000 --- a/pppd/md5.c +++ /dev/null @@ -1,303 +0,0 @@ - - -/* - *********************************************************************** - ** md5.c -- the source code for MD5 routines ** - ** RSA Data Security, Inc. MD5 Message-Digest Algorithm ** - ** Created: 2/17/90 RLR ** - ** Revised: 1/91 SRD,AJ,BSK,JT Reference C ver., 7/10 constant corr. ** - *********************************************************************** - */ - -/* - *********************************************************************** - ** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. ** - ** ** - ** License to copy and use this software is granted provided that ** - ** it is identified as the "RSA Data Security, Inc. MD5 Message- ** - ** Digest Algorithm" in all material mentioning or referencing this ** - ** software or this function. ** - ** ** - ** License is also granted to make and use derivative works ** - ** provided that such works are identified as "derived from the RSA ** - ** Data Security, Inc. MD5 Message-Digest Algorithm" in all ** - ** material mentioning or referencing the derived work. ** - ** ** - ** RSA Data Security, Inc. makes no representations concerning ** - ** either the merchantability of this software or the suitability ** - ** of this software for any particular purpose. It is provided "as ** - ** is" without express or implied warranty of any kind. ** - ** ** - ** These notices must be retained in any copies of any part of this ** - ** documentation and/or software. ** - *********************************************************************** - */ - -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif - -#include -#include "md5.h" - -/* - *********************************************************************** - ** Message-digest routines: ** - ** To form the message digest for a message M ** - ** (1) Initialize a context buffer mdContext using MD5_Init ** - ** (2) Call MD5_Update on mdContext and M ** - ** (3) Call MD5_Final on mdContext ** - ** The message digest is now in mdContext->digest[0...15] ** - *********************************************************************** - */ - -/* forward declaration */ -static void Transform (UINT4 *buf, UINT4 *in); - -static unsigned char PADDING[64] = { - 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 -}; - -/* F, G, H and I are basic MD5 functions */ -#define F(x, y, z) (((x) & (y)) | ((~x) & (z))) -#define G(x, y, z) (((x) & (z)) | ((y) & (~z))) -#define H(x, y, z) ((x) ^ (y) ^ (z)) -#define I(x, y, z) ((y) ^ ((x) | (~z))) - -/* ROTATE_LEFT rotates x left n bits */ -#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n)))) - -/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4 */ -/* Rotation is separate from addition to prevent recomputation */ -#define FF(a, b, c, d, x, s, ac) \ - {(a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \ - (a) = ROTATE_LEFT ((a), (s)); \ - (a) += (b); \ - } -#define GG(a, b, c, d, x, s, ac) \ - {(a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \ - (a) = ROTATE_LEFT ((a), (s)); \ - (a) += (b); \ - } -#define HH(a, b, c, d, x, s, ac) \ - {(a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \ - (a) = ROTATE_LEFT ((a), (s)); \ - (a) += (b); \ - } -#define II(a, b, c, d, x, s, ac) \ - {(a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \ - (a) = ROTATE_LEFT ((a), (s)); \ - (a) += (b); \ - } - -#ifdef __STDC__ -#define UL(x) x##U -#else -#define UL(x) x -#endif - -/* The routine MD5_Init initializes the message-digest context - mdContext. All fields are set to zero. - */ -void MD5_Init (MD5_CTX *mdContext) -{ - mdContext->i[0] = mdContext->i[1] = (UINT4)0; - - /* Load magic initialization constants. - */ - mdContext->buf[0] = (UINT4)0x67452301; - mdContext->buf[1] = (UINT4)0xefcdab89; - mdContext->buf[2] = (UINT4)0x98badcfe; - mdContext->buf[3] = (UINT4)0x10325476; -} - -/* The routine MD5Update updates the message-digest context to - account for the presence of each of the characters inBuf[0..inLen-1] - in the message whose digest is being computed. - */ -void MD5_Update (MD5_CTX *mdContext, unsigned char *inBuf, unsigned int inLen) -{ - UINT4 in[16]; - int mdi; - unsigned int i, ii; - - /* compute number of bytes mod 64 */ - mdi = (int)((mdContext->i[0] >> 3) & 0x3F); - - /* update number of bits */ - if ((mdContext->i[0] + ((UINT4)inLen << 3)) < mdContext->i[0]) - mdContext->i[1]++; - mdContext->i[0] += ((UINT4)inLen << 3); - mdContext->i[1] += ((UINT4)inLen >> 29); - - while (inLen--) { - /* add new character to buffer, increment mdi */ - mdContext->in[mdi++] = *inBuf++; - - /* transform if necessary */ - if (mdi == 0x40) { - for (i = 0, ii = 0; i < 16; i++, ii += 4) - in[i] = (((UINT4)mdContext->in[ii+3]) << 24) | - (((UINT4)mdContext->in[ii+2]) << 16) | - (((UINT4)mdContext->in[ii+1]) << 8) | - ((UINT4)mdContext->in[ii]); - Transform (mdContext->buf, in); - mdi = 0; - } - } -} - -/* The routine MD5Final terminates the message-digest computation and - ends with the desired message digest in mdContext->digest[0...15]. - */ -void MD5_Final (unsigned char hash[], MD5_CTX *mdContext) -{ - UINT4 in[16]; - int mdi; - unsigned int i, ii; - unsigned int padLen; - - /* save number of bits */ - in[14] = mdContext->i[0]; - in[15] = mdContext->i[1]; - - /* compute number of bytes mod 64 */ - mdi = (int)((mdContext->i[0] >> 3) & 0x3F); - - /* pad out to 56 mod 64 */ - padLen = (mdi < 56) ? (56 - mdi) : (120 - mdi); - MD5_Update (mdContext, PADDING, padLen); - - /* append length in bits and transform */ - for (i = 0, ii = 0; i < 14; i++, ii += 4) - in[i] = (((UINT4)mdContext->in[ii+3]) << 24) | - (((UINT4)mdContext->in[ii+2]) << 16) | - (((UINT4)mdContext->in[ii+1]) << 8) | - ((UINT4)mdContext->in[ii]); - Transform (mdContext->buf, in); - - /* store buffer in digest */ - for (i = 0, ii = 0; i < 4; i++, ii += 4) { - mdContext->digest[ii] = (unsigned char)(mdContext->buf[i] & 0xFF); - mdContext->digest[ii+1] = - (unsigned char)((mdContext->buf[i] >> 8) & 0xFF); - mdContext->digest[ii+2] = - (unsigned char)((mdContext->buf[i] >> 16) & 0xFF); - mdContext->digest[ii+3] = - (unsigned char)((mdContext->buf[i] >> 24) & 0xFF); - } - memcpy(hash, mdContext->digest, 16); -} - -/* Basic MD5 step. Transforms buf based on in. - */ -static void Transform (UINT4 *buf, UINT4 *in) -{ - UINT4 a = buf[0], b = buf[1], c = buf[2], d = buf[3]; - - /* Round 1 */ -#define S11 7 -#define S12 12 -#define S13 17 -#define S14 22 - FF ( a, b, c, d, in[ 0], S11, UL(3614090360)); /* 1 */ - FF ( d, a, b, c, in[ 1], S12, UL(3905402710)); /* 2 */ - FF ( c, d, a, b, in[ 2], S13, UL( 606105819)); /* 3 */ - FF ( b, c, d, a, in[ 3], S14, UL(3250441966)); /* 4 */ - FF ( a, b, c, d, in[ 4], S11, UL(4118548399)); /* 5 */ - FF ( d, a, b, c, in[ 5], S12, UL(1200080426)); /* 6 */ - FF ( c, d, a, b, in[ 6], S13, UL(2821735955)); /* 7 */ - FF ( b, c, d, a, in[ 7], S14, UL(4249261313)); /* 8 */ - FF ( a, b, c, d, in[ 8], S11, UL(1770035416)); /* 9 */ - FF ( d, a, b, c, in[ 9], S12, UL(2336552879)); /* 10 */ - FF ( c, d, a, b, in[10], S13, UL(4294925233)); /* 11 */ - FF ( b, c, d, a, in[11], S14, UL(2304563134)); /* 12 */ - FF ( a, b, c, d, in[12], S11, UL(1804603682)); /* 13 */ - FF ( d, a, b, c, in[13], S12, UL(4254626195)); /* 14 */ - FF ( c, d, a, b, in[14], S13, UL(2792965006)); /* 15 */ - FF ( b, c, d, a, in[15], S14, UL(1236535329)); /* 16 */ - - /* Round 2 */ -#define S21 5 -#define S22 9 -#define S23 14 -#define S24 20 - GG ( a, b, c, d, in[ 1], S21, UL(4129170786)); /* 17 */ - GG ( d, a, b, c, in[ 6], S22, UL(3225465664)); /* 18 */ - GG ( c, d, a, b, in[11], S23, UL( 643717713)); /* 19 */ - GG ( b, c, d, a, in[ 0], S24, UL(3921069994)); /* 20 */ - GG ( a, b, c, d, in[ 5], S21, UL(3593408605)); /* 21 */ - GG ( d, a, b, c, in[10], S22, UL( 38016083)); /* 22 */ - GG ( c, d, a, b, in[15], S23, UL(3634488961)); /* 23 */ - GG ( b, c, d, a, in[ 4], S24, UL(3889429448)); /* 24 */ - GG ( a, b, c, d, in[ 9], S21, UL( 568446438)); /* 25 */ - GG ( d, a, b, c, in[14], S22, UL(3275163606)); /* 26 */ - GG ( c, d, a, b, in[ 3], S23, UL(4107603335)); /* 27 */ - GG ( b, c, d, a, in[ 8], S24, UL(1163531501)); /* 28 */ - GG ( a, b, c, d, in[13], S21, UL(2850285829)); /* 29 */ - GG ( d, a, b, c, in[ 2], S22, UL(4243563512)); /* 30 */ - GG ( c, d, a, b, in[ 7], S23, UL(1735328473)); /* 31 */ - GG ( b, c, d, a, in[12], S24, UL(2368359562)); /* 32 */ - - /* Round 3 */ -#define S31 4 -#define S32 11 -#define S33 16 -#define S34 23 - HH ( a, b, c, d, in[ 5], S31, UL(4294588738)); /* 33 */ - HH ( d, a, b, c, in[ 8], S32, UL(2272392833)); /* 34 */ - HH ( c, d, a, b, in[11], S33, UL(1839030562)); /* 35 */ - HH ( b, c, d, a, in[14], S34, UL(4259657740)); /* 36 */ - HH ( a, b, c, d, in[ 1], S31, UL(2763975236)); /* 37 */ - HH ( d, a, b, c, in[ 4], S32, UL(1272893353)); /* 38 */ - HH ( c, d, a, b, in[ 7], S33, UL(4139469664)); /* 39 */ - HH ( b, c, d, a, in[10], S34, UL(3200236656)); /* 40 */ - HH ( a, b, c, d, in[13], S31, UL( 681279174)); /* 41 */ - HH ( d, a, b, c, in[ 0], S32, UL(3936430074)); /* 42 */ - HH ( c, d, a, b, in[ 3], S33, UL(3572445317)); /* 43 */ - HH ( b, c, d, a, in[ 6], S34, UL( 76029189)); /* 44 */ - HH ( a, b, c, d, in[ 9], S31, UL(3654602809)); /* 45 */ - HH ( d, a, b, c, in[12], S32, UL(3873151461)); /* 46 */ - HH ( c, d, a, b, in[15], S33, UL( 530742520)); /* 47 */ - HH ( b, c, d, a, in[ 2], S34, UL(3299628645)); /* 48 */ - - /* Round 4 */ -#define S41 6 -#define S42 10 -#define S43 15 -#define S44 21 - II ( a, b, c, d, in[ 0], S41, UL(4096336452)); /* 49 */ - II ( d, a, b, c, in[ 7], S42, UL(1126891415)); /* 50 */ - II ( c, d, a, b, in[14], S43, UL(2878612391)); /* 51 */ - II ( b, c, d, a, in[ 5], S44, UL(4237533241)); /* 52 */ - II ( a, b, c, d, in[12], S41, UL(1700485571)); /* 53 */ - II ( d, a, b, c, in[ 3], S42, UL(2399980690)); /* 54 */ - II ( c, d, a, b, in[10], S43, UL(4293915773)); /* 55 */ - II ( b, c, d, a, in[ 1], S44, UL(2240044497)); /* 56 */ - II ( a, b, c, d, in[ 8], S41, UL(1873313359)); /* 57 */ - II ( d, a, b, c, in[15], S42, UL(4264355552)); /* 58 */ - II ( c, d, a, b, in[ 6], S43, UL(2734768916)); /* 59 */ - II ( b, c, d, a, in[13], S44, UL(1309151649)); /* 60 */ - II ( a, b, c, d, in[ 4], S41, UL(4149444226)); /* 61 */ - II ( d, a, b, c, in[11], S42, UL(3174756917)); /* 62 */ - II ( c, d, a, b, in[ 2], S43, UL( 718787259)); /* 63 */ - II ( b, c, d, a, in[ 9], S44, UL(3951481745)); /* 64 */ - - buf[0] += a; - buf[1] += b; - buf[2] += c; - buf[3] += d; -} - -/* - *********************************************************************** - ** End of md5.c ** - ******************************** (cut) ******************************** - */ diff --git a/pppd/md5.h b/pppd/md5.h deleted file mode 100644 index 31f410d..0000000 --- a/pppd/md5.h +++ /dev/null @@ -1,71 +0,0 @@ -/* - *********************************************************************** - ** md5.h -- header file for implementation of MD5 ** - ** RSA Data Security, Inc. MD5 Message-Digest Algorithm ** - ** Created: 2/17/90 RLR ** - ** Revised: 12/27/90 SRD,AJ,BSK,JT Reference C version ** - ** Revised (for MD5): RLR 4/27/91 ** - ** -- G modified to have y&~z instead of y&z ** - ** -- FF, GG, HH modified to add in last register done ** - ** -- Access pattern: round 2 works mod 5, round 3 works mod 3 ** - ** -- distinct additive constant for each step ** - ** -- round 4 added, working mod 7 ** - *********************************************************************** - */ - -/* - *********************************************************************** - ** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. ** - ** ** - ** License to copy and use this software is granted provided that ** - ** it is identified as the "RSA Data Security, Inc. MD5 Message- ** - ** Digest Algorithm" in all material mentioning or referencing this ** - ** software or this function. ** - ** ** - ** License is also granted to make and use derivative works ** - ** provided that such works are identified as "derived from the RSA ** - ** Data Security, Inc. MD5 Message-Digest Algorithm" in all ** - ** material mentioning or referencing the derived work. ** - ** ** - ** RSA Data Security, Inc. makes no representations concerning ** - ** either the merchantability of this software or the suitability ** - ** of this software for any particular purpose. It is provided "as ** - ** is" without express or implied warranty of any kind. ** - ** ** - ** These notices must be retained in any copies of any part of this ** - ** documentation and/or software. ** - *********************************************************************** - */ -#ifndef PPP_MD5_H -#define PPP_MD5_H - -#include "pppdconf.h" - -#ifndef USE_MD5 -#include -#else - -/* typedef a 32-bit type */ -#ifdef _LP64 -typedef unsigned int UINT4; -typedef int INT4; -#else -typedef unsigned long UINT4; -typedef long INT4; -#endif -#define _UINT4_T - -/* Data structure for MD5 (Message-Digest) computation */ -typedef struct { - UINT4 i[2]; /* number of _bits_ handled mod 2^64 */ - UINT4 buf[4]; /* scratch buffer */ - unsigned char in[64]; /* input buffer */ - unsigned char digest[16]; /* actual digest after MD5Final call */ -} MD5_CTX; - -void MD5_Init (MD5_CTX *mdContext); -void MD5_Update (MD5_CTX *mdContext, unsigned char *inBuf, unsigned int inLen); -void MD5_Final (unsigned char hash[], MD5_CTX *mdContext); - -#endif /* USE_MD5 */ -#endif /* PPP_MD5_H */ diff --git a/pppd/mppe.c b/pppd/mppe.c index f1b7abf..da10338 100644 --- a/pppd/mppe.c +++ b/pppd/mppe.c @@ -1,4 +1,4 @@ -/* * mppe.c - MPPE key implementation +/* mppe.c - MPPE key implementation * * Copyright (c) 2020 Eivind Naess. All rights reserved. * Copyright (c) 2008 Paul Mackerras. All rights reserved. @@ -26,7 +26,6 @@ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * */ #ifdef HAVE_CONFIG_H @@ -36,13 +35,12 @@ #include -#include "pppd.h" +#include "pppd-private.h" #include "fsm.h" -#include "md4.h" -#include "sha1.h" #include "ccp.h" #include "chap_ms.h" #include "mppe.h" +#include "crypto.h" u_char mppe_send_key[MPPE_MAX_KEY_SIZE]; u_char mppe_recv_key[MPPE_MAX_KEY_SIZE]; @@ -111,16 +109,33 @@ mppe_clear_keys(void) * RFC 2548 (RADIUS support) requires us to export this function (ugh). */ void -mppe_set_chapv1(u_char *rchallenge, u_char PasswordHashHash[MD4_SIGNATURE_SIZE]) +mppe_set_chapv1(unsigned char *rchallenge, unsigned char *PasswordHashHash) { - SHA1_CTX sha1Context; - u_char Digest[SHA1_SIGNATURE_SIZE]; + PPP_MD_CTX *ctx; + u_char Digest[SHA_DIGEST_LENGTH]; + int DigestLen; + + ctx = PPP_MD_CTX_new(); + if (ctx != NULL) { + + if (PPP_DigestInit(ctx, PPP_sha1())) { + + if (PPP_DigestUpdate(ctx, PasswordHashHash, MD4_DIGEST_LENGTH)) { + + if (PPP_DigestUpdate(ctx, PasswordHashHash, MD4_DIGEST_LENGTH)) { + + if (PPP_DigestUpdate(ctx, rchallenge, 8)) { + + DigestLen = SHA_DIGEST_LENGTH; + PPP_DigestFinal(ctx, Digest, &DigestLen); + } + } + } + } + + PPP_MD_CTX_free(ctx); + } - SHA1_Init(&sha1Context); - SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE); - SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE); - SHA1_Update(&sha1Context, rchallenge, 8); - SHA1_Final(Digest, &sha1Context); /* Same key in both directions. */ mppe_set_keys(Digest, Digest, sizeof(Digest)); @@ -133,13 +148,15 @@ mppe_set_chapv1(u_char *rchallenge, u_char PasswordHashHash[MD4_SIGNATURE_SIZE]) * NTHashHash from the server. */ void -mppe_set_chapv2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE], - u_char NTResponse[MS_AUTH_NTRESP_LEN], int IsServer) +mppe_set_chapv2(unsigned char *PasswordHashHash, unsigned char *NTResponse, + int IsServer) { - SHA1_CTX sha1Context; - u_char MasterKey[SHA1_SIGNATURE_SIZE]; - u_char SendKey[SHA1_SIGNATURE_SIZE]; - u_char RecvKey[SHA1_SIGNATURE_SIZE]; + PPP_MD_CTX *ctx; + + u_char MasterKey[SHA_DIGEST_LENGTH]; + u_char SendKey[SHA_DIGEST_LENGTH]; + u_char RecvKey[SHA_DIGEST_LENGTH]; + int KeyLen; u_char SHApad1[40] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, @@ -183,11 +200,26 @@ mppe_set_chapv2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE], 0x6b, 0x65, 0x79, 0x2e }; u_char *s; - SHA1_Init(&sha1Context); - SHA1_Update(&sha1Context, PasswordHashHash, MD4_SIGNATURE_SIZE); - SHA1_Update(&sha1Context, NTResponse, 24); - SHA1_Update(&sha1Context, Magic1, sizeof(Magic1)); - SHA1_Final(MasterKey, &sha1Context); + ctx = PPP_MD_CTX_new(); + if (ctx != NULL) { + + if (PPP_DigestInit(ctx, PPP_sha1())) { + + if (PPP_DigestUpdate(ctx, PasswordHashHash, MD4_DIGEST_LENGTH)) { + + if (PPP_DigestUpdate(ctx, NTResponse, 24)) { + + if (PPP_DigestUpdate(ctx, Magic1, sizeof(Magic1))) { + + KeyLen = SHA_DIGEST_LENGTH; + PPP_DigestFinal(ctx, MasterKey, &KeyLen); + } + } + } + } + + PPP_MD_CTX_free(ctx); + } /* * generate send key @@ -196,12 +228,31 @@ mppe_set_chapv2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE], s = Magic3; else s = Magic2; - SHA1_Init(&sha1Context); - SHA1_Update(&sha1Context, MasterKey, 16); - SHA1_Update(&sha1Context, SHApad1, sizeof(SHApad1)); - SHA1_Update(&sha1Context, s, 84); - SHA1_Update(&sha1Context, SHApad2, sizeof(SHApad2)); - SHA1_Final(SendKey, &sha1Context); + + ctx = PPP_MD_CTX_new(); + if (ctx != NULL) { + + if (PPP_DigestInit(ctx, PPP_sha1())) { + + if (PPP_DigestUpdate(ctx, MasterKey, 16)) { + + if (PPP_DigestUpdate(ctx, SHApad1, sizeof(SHApad1))) { + + if (PPP_DigestUpdate(ctx, s, 84)) { + + if (PPP_DigestUpdate(ctx, SHApad2, sizeof(SHApad2))) { + + KeyLen = SHA_DIGEST_LENGTH; + PPP_DigestFinal(ctx, SendKey, &KeyLen); + } + } + } + } + } + + PPP_MD_CTX_free(ctx); + } + /* * generate recv key @@ -210,14 +261,32 @@ mppe_set_chapv2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE], s = Magic2; else s = Magic3; - SHA1_Init(&sha1Context); - SHA1_Update(&sha1Context, MasterKey, 16); - SHA1_Update(&sha1Context, SHApad1, sizeof(SHApad1)); - SHA1_Update(&sha1Context, s, 84); - SHA1_Update(&sha1Context, SHApad2, sizeof(SHApad2)); - SHA1_Final(RecvKey, &sha1Context); - - mppe_set_keys(SendKey, RecvKey, SHA1_SIGNATURE_SIZE); + + ctx = PPP_MD_CTX_new(); + if (ctx != NULL) { + + if (PPP_DigestInit(ctx, PPP_sha1())) { + + if (PPP_DigestUpdate(ctx, MasterKey, 16)) { + + if (PPP_DigestUpdate(ctx, SHApad1, sizeof(SHApad1))) { + + if (PPP_DigestUpdate(ctx, s, 84)) { + + if (PPP_DigestUpdate(ctx, SHApad2, sizeof(SHApad2))) { + + KeyLen = SHA_DIGEST_LENGTH; + PPP_DigestFinal(ctx, RecvKey, &KeyLen); + } + } + } + } + } + + PPP_MD_CTX_free(ctx); + } + + mppe_set_keys(SendKey, RecvKey, SHA_DIGEST_LENGTH); } #ifndef UNIT_TEST diff --git a/pppd/mppe.h b/pppd/mppe.h index ade208f..376eb62 100644 --- a/pppd/mppe.h +++ b/pppd/mppe.h @@ -22,7 +22,7 @@ * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Paul Mackerras - * ". + * ". * * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY @@ -37,6 +37,11 @@ #include "pppdconf.h" +#ifdef __cplusplus +extern "C" { +#endif + + #define MPPE_PAD 4 /* MPPE growth per frame */ #define MPPE_MAX_KEY_SIZE 32 /* Largest key length */ #define MPPE_MAX_KEY_LEN 16 /* Largest key size accepted by the kernel */ @@ -72,7 +77,7 @@ /* Build a CI from mppe opts (see RFC 3078) */ #define MPPE_OPTS_TO_CI(opts, ci) \ do { \ - u_char *ptr = ci; /* u_char[4] */ \ + unsigned char *ptr = ci; /* unsigned char[4] */ \ \ /* H bit */ \ if (opts & MPPE_OPT_STATEFUL) \ @@ -94,7 +99,7 @@ /* The reverse of the above */ #define MPPE_CI_TO_OPTS(ci, opts) \ do { \ - u_char *ptr = ci; /* u_char[4] */ \ + unsigned char *ptr = ci; /* unsigned char[4] */ \ \ opts = 0; \ \ @@ -128,19 +133,6 @@ #if PPP_WITH_MPPE -/* - * NOTE: - * Access to these variables directly is discuraged. Please - * change your code to use below accessor functions. - */ - -/* The key material generated which is used for MPPE send key */ -extern u_char mppe_send_key[MPPE_MAX_KEY_SIZE]; -/* The key material generated which is used for MPPE recv key */ -extern u_char mppe_recv_key[MPPE_MAX_KEY_SIZE]; -/* Keys are set if value is non-zero */ -extern int mppe_keys_set; - /* These values are the RADIUS attribute values--see RFC 2548. */ #define MPPE_ENC_POL_ENC_ALLOWED 1 #define MPPE_ENC_POL_ENC_REQUIRED 2 @@ -154,17 +146,17 @@ void mppe_set_enc_types (int policy, int types); * Set the MPPE send and recv keys. NULL values for keys are ignored * and input values are cleared to avoid leaving them on the stack */ -void mppe_set_keys(u_char *send_key, u_char *recv_key, int keylen); +void mppe_set_keys(unsigned char *send_key, unsigned char *recv_key, int keylen); /* * Get the MPPE recv key */ -int mppe_get_recv_key(u_char *recv_key, int length); +int mppe_get_recv_key(unsigned char *recv_key, int length); /* * Get the MPPE send key */ -int mppe_get_send_key(u_char *send_key, int length); +int mppe_get_send_key(unsigned char *send_key, int length); /* * Clear the MPPE keys @@ -179,13 +171,18 @@ bool mppe_keys_isset(void); /* * Set mppe_xxxx_key from NT Password Hash Hash (MSCHAPv1), see RFC3079 */ -void mppe_set_chapv1(u_char *rchallenge, u_char PasswordHashHash[MD4_SIGNATURE_SIZE]); +void mppe_set_chapv1(unsigned char *rchallenge, unsigned char *PasswordHashHash); /* * Set the mppe_xxxx_key from MS-CHAP-v2 credentials, see RFC3079 */ -void mppe_set_chapv2(u_char PasswordHashHash[MD4_SIGNATURE_SIZE], - u_char NTResponse[MS_AUTH_NTRESP_LEN], int IsServer); +void mppe_set_chapv2(unsigned char *PasswordHashHash, + unsigned char *NTResponse, int IsServer); #endif // #ifdef PPP_WITH_MPPE + +#ifdef __cplusplus +} +#endif + #endif // #ifdef PPP_MPPE_H diff --git a/pppd/multilink.c b/pppd/multilink.c index 6f17cf8..b44d2bb 100644 --- a/pppd/multilink.c +++ b/pppd/multilink.c @@ -17,7 +17,7 @@ * 3. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Paul Mackerras - * ". + * ". * * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY @@ -41,10 +41,11 @@ #include #include -#include "pppd.h" +#include "pppd-private.h" #include "fsm.h" #include "lcp.h" #include "tdb.h" +#include "multilink.h" bool endpoint_specified; /* user gave explicit endpoint discriminator */ char *bundle_id; /* identifier for our bundle */ @@ -78,6 +79,18 @@ static int owns_unit(TDB_DATA pid, int unit); #define process_exists(n) (kill((n), 0) == 0 || errno != ESRCH) +multilink_join_hook_fn *multilink_join_hook = NULL; + +bool mp_master() +{ + return multilink_master; +} + +bool mp_on() +{ + return doing_multilink; +} + void mp_check_options(void) { @@ -139,12 +152,12 @@ mp_join_bundle(void) if (demand) { /* already have a bundle */ cfg_bundle(0, 0, 0, 0); - netif_set_mtu(0, mtu); + ppp_set_mtu(0, mtu); return 0; } make_new_bundle(0, 0, 0, 0); set_ifunit(1); - netif_set_mtu(0, mtu); + ppp_set_mtu(0, mtu); return 0; } @@ -189,8 +202,8 @@ mp_join_bundle(void) mtu = MIN(ho->mrru, ao->mru); if (demand) { cfg_bundle(go->mrru, ho->mrru, go->neg_ssnhf, ho->neg_ssnhf); - netif_set_mtu(0, mtu); - script_setenv("BUNDLE", bundle_id + 7, 1); + ppp_set_mtu(0, mtu); + ppp_script_setenv("BUNDLE", bundle_id + 7, 1); return 0; } @@ -224,7 +237,7 @@ mp_join_bundle(void) /* attach to existing unit */ if (bundle_attach(unit)) { set_ifunit(0); - script_setenv("BUNDLE", bundle_id + 7, 0); + ppp_script_setenv("BUNDLE", bundle_id + 7, 0); make_bundle_links(1); unlock_db(); info("Link attached to %s", ifname); @@ -236,8 +249,8 @@ mp_join_bundle(void) /* we have to make a new bundle */ make_new_bundle(go->mrru, ho->mrru, go->neg_ssnhf, ho->neg_ssnhf); set_ifunit(1); - netif_set_mtu(0, mtu); - script_setenv("BUNDLE", bundle_id + 7, 1); + ppp_set_mtu(0, mtu); + ppp_script_setenv("BUNDLE", bundle_id + 7, 1); make_bundle_links(0); unlock_db(); info("New bundle %s created", ifname); @@ -273,7 +286,7 @@ void mp_bundle_terminated(void) print_link_stats(); if (!demand) { remove_pidfiles(); - script_unsetenv("IFNAME"); + ppp_script_unsetenv("IFNAME"); } lock_db(); @@ -449,7 +462,7 @@ get_default_epdisc(struct epdisc *ep) hp = gethostbyname(hostname); if (hp != NULL) { addr = *(u_int32_t *)hp->h_addr; - if (!bad_ip_adrs(addr)) { + if (!ppp_bad_ip_addr(addr)) { addr = ntohl(addr); if (!LOCAL_IP_ADDR(addr)) { ep->class = EPD_IP; diff --git a/pppd/multilink.h b/pppd/multilink.h new file mode 100644 index 0000000..8afdadd --- /dev/null +++ b/pppd/multilink.h @@ -0,0 +1,121 @@ +/* + * multilink.h - support routines for multilink. + * + * Copyright (c) 2000-2002 Paul Mackerras. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. The name(s) of the authors of this software must not be used to + * endorse or promote products derived from this software without + * prior written permission. + * + * 3. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by Paul Mackerras + * ". + * + * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO + * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY + * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN + * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef PPP_MULTILINK_H +#define PPP_MULTILINK_H + +#include "pppdconf.h" + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * values for epdisc.class + */ +#define EPD_NULL 0 /* null discriminator, no data */ +#define EPD_LOCAL 1 +#define EPD_IP 2 +#define EPD_MAC 3 +#define EPD_MAGIC 4 +#define EPD_PHONENUM 5 + +struct epdisc; + +#ifdef PPP_WITH_MULTILINK + +/* + * Check multilink-related options + */ +void mp_check_options(void); + +/* + * Join our link to an appropriate bundle + */ +int mp_join_bundle(void); + +/* + * Disconnected our link from the bundle + */ +void mp_exit_bundle(void); + +/* + * Multipoint bundle terminated + */ +void mp_bundle_terminated(void); + +/* + * Acting as a multilink master + */ +bool mp_master(); + +/* + * Was multilink negotiated + */ +bool mp_on(); + +/* + * Convert an endpoint discriminator to a string + */ +char *epdisc_to_str(struct epdisc *); + +/* + * Convert a string to an endpoint discriminator + */ +int str_to_epdisc(struct epdisc *, char *); + +/* + * Hook for plugin to hear when an interface joins a multilink bundle + */ +typedef void (multilink_join_hook_fn)(void); +extern multilink_join_hook_fn *multilink_join_hook; + +#else + +#define mp_check_options(x) ((void)0) +#define mp_join_bundle(x) ((void)0) +#define mp_exit_bundle(x) ((void)0) +#define mp_bundle_terminated(x) ((void)0) + +static inline bool mp_on() { + return false; +} + +static inline bool mp_master() { + return false; +} + +#endif // PPP_WITH_MULTILINK + +#ifdef __cplusplus +} +#endif + +#endif // PPP_MULTILINK_H diff --git a/pppd/options.c b/pppd/options.c index 1fbe46e..227e615 100644 --- a/pppd/options.c +++ b/pppd/options.c @@ -77,7 +77,9 @@ #endif #endif /* PPP_WITH_FILTER */ -#include "pppd.h" +#include "pppd-private.h" +#include "options.h" +#include "upap.h" #include "pathnames.h" #if defined(ultrix) || defined(NeXT) @@ -97,7 +99,6 @@ struct option_value { int debug = 0; /* Debug flag */ int kdebugflag = 0; /* Tell kernel to print debug messages */ int default_device = 1; /* Using /dev/tty or equivalent */ -char devnam[MAXPATHLEN]; /* Device name */ bool nodetach = 0; /* Don't detach from controlling tty */ bool updetach = 0; /* Detach once link is up */ bool master_detach; /* Detach when we're (only) multilink master */ @@ -110,7 +111,6 @@ char passwd[MAXSECRETLEN]; /* Password for PAP */ bool persist = 0; /* Reopen link after it goes down */ char our_name[MAXNAMELEN]; /* Our name for authentication purposes */ bool demand = 0; /* do dial-on-demand */ -char *ipparam = NULL; /* Extra parameter for ip up/down scripts */ int idle_time_limit = 0; /* Disconnect if idle for this many seconds */ int holdoff = 30; /* # seconds to pause before reconnecting */ bool holdoff_specified; /* true if a holdoff value has been given */ @@ -127,6 +127,7 @@ char req_ifname[IFNAMSIZ]; /* requested interface name */ bool multilink = 0; /* Enable multilink operation */ char *bundle_name = NULL; /* bundle name for multilink */ bool dump_options; /* print out option values */ +bool show_options; /* print all supported options and exit */ bool dryrun; /* print out option values and exit */ char *domain; /* domain name set by domain option */ int child_wait = 5; /* # seconds to wait for children at exit */ @@ -139,11 +140,11 @@ char path_ipv6down[MAXPATHLEN]; /* pathname of ipv6-down script */ #endif unsigned int maxoctets = 0; /* default - no limit */ -int maxoctets_dir = 0; /* default - sum of traffic */ +session_limit_dir_t maxoctets_dir = PPP_OCTETS_DIRECTION_SUM; /* default - sum of traffic */ int maxoctets_timeout = 1; /* default 1 second */ -extern option_t auth_options[]; +extern struct option auth_options[]; extern struct stat devstat; #ifdef PPP_WITH_FILTER @@ -151,7 +152,7 @@ struct bpf_program pass_filter;/* Filter program for packets to pass */ struct bpf_program active_filter; /* Filter program for link-active pkts */ #endif -static option_t *curopt; /* pointer to option being processed */ +static struct option *curopt; /* pointer to option being processed */ char *current_option; /* the name of the option being parsed */ int privileged_option; /* set iff the current option came from root */ char *option_source; /* string saying where the option came from */ @@ -185,20 +186,20 @@ static int setactivefilter(char **); static int setmodir(char **); static int user_setenv(char **); -static void user_setprint(option_t *, printer_func, void *); +static void user_setprint(struct option *, printer_func, void *); static int user_unsetenv(char **); -static void user_unsetprint(option_t *, printer_func, void *); +static void user_unsetprint(struct option *, printer_func, void *); -static option_t *find_option(char *name); -static int process_option(option_t *, char *, char **); -static int n_arguments(option_t *); +static struct option *find_option(char *name); +static int process_option(struct option *, char *, char **); +static int n_arguments(struct option *); static int number_option(char *, u_int32_t *, int); /* * Structure to store extra lists of options. */ struct option_list { - option_t *options; + struct option *options; struct option_list *next; }; @@ -207,7 +208,7 @@ static struct option_list *extra_options = NULL; /* * Valid arguments. */ -option_t general_options[] = { +struct option general_options[] = { { "debug", o_int, &debug, "Increase debugging level", OPT_INC | OPT_NOARG | 1 }, { "-d", o_int, &debug, @@ -263,6 +264,10 @@ option_t general_options[] = { { "--version", o_special_noarg, (void *)showversion, "Show version number" }, + { "-v", o_special_noarg, (void *)showversion, + "Show version number" }, + { "show-options", o_bool, &show_options, + "Show all options and exit", 1 }, { "--help", o_special_noarg, (void *)showhelp, "Show brief listing of options" }, { "-h", o_special_noarg, (void *)showhelp, @@ -390,23 +395,108 @@ option_t general_options[] = { #define IMPLEMENTATION "" #endif -static char *usage_string = "\ -pppd version %s\n\ -Usage: %s [ options ], where options are:\n\ - Communicate over the named device\n\ - Set the baud rate to \n\ - : Set the local and/or remote interface IP\n\ - addresses. Either one may be omitted.\n\ - asyncmap Set the desired async map to hex \n\ - auth Require authentication from peer\n\ - connect

Invoke shell command

to set up the serial line\n\ - crtscts Use hardware RTS/CTS flow control\n\ - defaultroute Add default route through interface\n\ - file Take options from file \n\ - modem Use modem control lines\n\ - mru Set MRU value to for negotiation\n\ -See pppd(8) for more options.\n\ -"; +int +ppp_get_max_idle_time() +{ + return idle_time_limit; +} + +void +ppp_set_max_idle_time(unsigned int max) +{ + idle_time_limit = max; +} + +int +ppp_get_max_connect_time() +{ + return maxconnect; +} + +void +ppp_set_max_connect_time(unsigned int max) +{ + maxconnect = max; +} + +void +ppp_set_session_limit(unsigned int octets) +{ + maxoctets = octets; +} + +void +ppp_set_session_limit_dir(unsigned int dir) +{ + if (dir > 4) + dir = PPP_OCTETS_DIRECTION_SUM; + maxoctets_dir = (session_limit_dir_t) dir; +} + +bool +debug_on() +{ + return !!debug; +} + +int +ppp_get_path(ppp_path_t type, char *buf, size_t bufsz) +{ + const char *path; + + if (buf && bufsz > 0) { + switch (type) { + case PPP_DIR_LOG: + path = PPP_PATH_VARLOG; + break; + case PPP_DIR_RUNTIME: + path = PPP_PATH_VARRUN; + break; +#ifdef PPP_WITH_PLUGINS + case PPP_DIR_PLUGIN: + path = PPP_PATH_PLUGIN; + break; +#endif + case PPP_DIR_CONF: + path = PPP_PATH_CONFDIR; + break; + } + return strlcpy(buf, path, bufsz); + } + return -1; +} + +int +ppp_get_filepath(ppp_path_t type, const char *name, char *buf, size_t bufsz) +{ + const char *path; + + if (buf && bufsz > 0) { + switch (type) { + case PPP_DIR_LOG: + path = PPP_PATH_VARLOG; + break; + case PPP_DIR_RUNTIME: + path = PPP_PATH_VARRUN; + break; +#ifdef PPP_WITH_PLUGINS + case PPP_DIR_PLUGIN: + path = PPP_PATH_PLUGIN; + break; +#endif + case PPP_DIR_CONF: + path = PPP_PATH_CONFDIR; + break; + } + return slprintf(buf, bufsz, "%s/%s", path, name); + } + return -1; +} + +bool ppp_persist() +{ + return !!persist; +} /* * parse_args - parse a string of arguments from the command line. @@ -415,7 +505,7 @@ int parse_args(int argc, char **argv) { char *arg; - option_t *opt; + struct option *opt; int n; privileged_option = privileged; @@ -426,13 +516,13 @@ parse_args(int argc, char **argv) --argc; opt = find_option(arg); if (opt == NULL) { - option_error("unrecognized option '%s'", arg); + ppp_option_error("unrecognized option '%s'", arg); usage(); return 0; } n = n_arguments(opt); if (argc < n) { - option_error("too few parameters for option %s", arg); + ppp_option_error("too few parameters for option %s", arg); return 0; } if (!process_option(opt, arg, argv)) @@ -448,11 +538,11 @@ parse_args(int argc, char **argv) * and interpret them. */ int -options_from_file(char *filename, int must_exist, int check_prot, int priv) +ppp_options_from_file(char *filename, int must_exist, int check_prot, int priv) { FILE *f; int i, newline, ret, err; - option_t *opt; + struct option *opt; int oldpriv, n; char *oldsource; uid_t euid; @@ -462,7 +552,7 @@ options_from_file(char *filename, int must_exist, int check_prot, int priv) euid = geteuid(); if (check_prot && seteuid(getuid()) == -1) { - option_error("unable to drop privileges to open %s: %m", filename); + ppp_option_error("unable to drop privileges to open %s: %m", filename); return 0; } f = fopen(filename, "r"); @@ -476,7 +566,7 @@ options_from_file(char *filename, int must_exist, int check_prot, int priv) warn("Warning: can't open options file %s: %m", filename); return 1; } - option_error("Can't open options file %s: %m", filename); + ppp_option_error("Can't open options file %s: %m", filename); return 0; } @@ -490,14 +580,14 @@ options_from_file(char *filename, int must_exist, int check_prot, int priv) while (getword(f, cmd, &newline, filename)) { opt = find_option(cmd); if (opt == NULL) { - option_error("In file %s: unrecognized option '%s'", + ppp_option_error("In file %s: unrecognized option '%s'", filename, cmd); goto err; } n = n_arguments(opt); for (i = 0; i < n; ++i) { if (!getword(f, args[i], &newline, filename)) { - option_error( + ppp_option_error( "In file %s: too few parameters for option '%s'", filename, cmd); goto err; @@ -511,6 +601,7 @@ options_from_file(char *filename, int must_exist, int check_prot, int priv) err: fclose(f); + free(option_source); privileged_option = oldpriv; option_source = oldsource; return ret; @@ -531,14 +622,14 @@ options_from_user(void) pw = getpwuid(getuid()); if (pw == NULL || (user = pw->pw_dir) == NULL || user[0] == 0) return 1; - file = _PATH_USEROPT; + file = PPP_PATH_USEROPT; pl = strlen(user) + strlen(file) + 2; path = malloc(pl); if (path == NULL) novm("init file name"); slprintf(path, pl, "%s/%s", user, file); option_priority = OPRIO_CFGFILE; - ret = options_from_file(path, 0, 1, privileged); + ret = ppp_options_from_file(path, 0, 1, privileged); free(path); return ret; } @@ -563,17 +654,17 @@ options_for_tty(void) dev = p + 5; if (dev[0] == 0 || strcmp(dev, "tty") == 0) return 1; /* don't look for /etc/ppp/options.tty */ - pl = strlen(_PATH_TTYOPT) + strlen(dev) + 1; + pl = strlen(PPP_PATH_TTYOPT) + strlen(dev) + 1; path = malloc(pl); if (path == NULL) novm("tty init file name"); - slprintf(path, pl, "%s%s", _PATH_TTYOPT, dev); + slprintf(path, pl, "%s%s", PPP_PATH_TTYOPT, dev); /* Turn slashes into dots, for Solaris case (e.g. /dev/term/a) */ - for (p = path + strlen(_PATH_TTYOPT); *p != 0; ++p) + for (p = path + strlen(PPP_PATH_TTYOPT); *p != 0; ++p) if (*p == '/') *p = '.'; option_priority = OPRIO_CFGFILE; - ret = options_from_file(path, 0, 0, 1); + ret = ppp_options_from_file(path, 0, 0, 1); free(path); return ret; } @@ -585,7 +676,7 @@ int options_from_list(struct wordlist *w, int priv) { char *argv[MAXARGS]; - option_t *opt; + struct option *opt; int i, n, ret = 0; struct wordlist *w0; @@ -596,7 +687,7 @@ options_from_list(struct wordlist *w, int priv) while (w != NULL) { opt = find_option(w->word); if (opt == NULL) { - option_error("In secrets file: unrecognized option '%s'", + ppp_option_error("In secrets file: unrecognized option '%s'", w->word); goto err; } @@ -605,7 +696,7 @@ options_from_list(struct wordlist *w, int priv) for (i = 0; i < n; ++i) { w = w->next; if (w == NULL) { - option_error( + ppp_option_error( "In secrets file: too few parameters for option '%s'", w0->word); goto err; @@ -623,10 +714,10 @@ err: } /* - * match_option - see if this option matches an option_t structure. + * match_option - see if this option matches an option structure. */ static int -match_option(char *name, option_t *opt, int dowild) +match_option(char *name, struct option *opt, int dowild) { int (*match)(char *, char **, int); @@ -643,10 +734,10 @@ match_option(char *name, option_t *opt, int dowild) * looking for an entry with the given name. * This could be optimized by using a hash table. */ -static option_t * +static struct option * find_option(char *name) { - option_t *opt; + struct option *opt; struct option_list *list; int i, dowild; @@ -677,7 +768,7 @@ find_option(char *name) * process_option - process one new-style option. */ static int -process_option(option_t *opt, char *cmd, char **argv) +process_option(struct option *opt, char *cmd, char **argv) { u_int32_t v; int iv, a; @@ -686,7 +777,7 @@ process_option(option_t *opt, char *cmd, char **argv) int (*wildp)(char *, char **, int); char *optopt = (opt->type == o_wild)? "": " option"; int prio = option_priority; - option_t *mainopt = opt; + struct option *mainopt = opt; current_option = opt->name; if ((opt->flags & OPT_PRIVFIX) && privileged_option) @@ -697,7 +788,7 @@ process_option(option_t *opt, char *cmd, char **argv) if (prio < mainopt->priority) { /* new value doesn't override old */ if (prio == OPRIO_CMDLINE && mainopt->priority > OPRIO_ROOT) { - option_error("%s%s set in %s cannot be overridden\n", + ppp_option_error("%s%s set in %s cannot be overridden\n", opt->name, optopt, mainopt->source); return 0; } @@ -708,22 +799,22 @@ process_option(option_t *opt, char *cmd, char **argv) opt->name, optopt, option_source); } - if ((opt->flags & OPT_INITONLY) && phase != PHASE_INITIALIZE) { - option_error("%s%s cannot be changed after initialization", + if ((opt->flags & OPT_INITONLY) && !in_phase(PHASE_INITIALIZE)) { + ppp_option_error("%s%s cannot be changed after initialization", opt->name, optopt); return 0; } if ((opt->flags & OPT_PRIV) && !privileged_option) { - option_error("using the %s%s requires root privilege", + ppp_option_error("using the %s%s requires root privilege", opt->name, optopt); return 0; } if ((opt->flags & OPT_ENABLE) && *(bool *)(opt->addr2) == 0) { - option_error("%s%s is disabled", opt->name, optopt); + ppp_option_error("%s%s is disabled", opt->name, optopt); return 0; } if ((opt->flags & OPT_DEVEQUIV) && devnam_fixed) { - option_error("the %s%s may not be changed in %s", + ppp_option_error("the %s%s may not be changed in %s", opt->name, optopt, option_source); return 0; } @@ -745,7 +836,7 @@ process_option(option_t *opt, char *cmd, char **argv) case o_int: iv = 0; if ((opt->flags & OPT_NOARG) == 0) { - if (!int_option(*argv, &iv)) + if (!ppp_int_option(*argv, &iv)) return 0; if ((((opt->flags & OPT_LLIMIT) && iv < opt->lower_limit) || ((opt->flags & OPT_ULIMIT) && iv > opt->upper_limit)) @@ -753,15 +844,15 @@ process_option(option_t *opt, char *cmd, char **argv) char *zok = (opt->flags & OPT_ZEROOK)? " zero or": ""; switch (opt->flags & OPT_LIMITS) { case OPT_LLIMIT: - option_error("%s value must be%s >= %d", + ppp_option_error("%s value must be%s >= %d", opt->name, zok, opt->lower_limit); break; case OPT_ULIMIT: - option_error("%s value must be%s <= %d", + ppp_option_error("%s value must be%s <= %d", opt->name, zok, opt->upper_limit); break; case OPT_LIMITS: - option_error("%s value must be%s between %d and %d", + ppp_option_error("%s value must be%s between %d and %d", opt->name, zok, opt->lower_limit, opt->upper_limit); break; } @@ -778,7 +869,7 @@ process_option(option_t *opt, char *cmd, char **argv) int oldv = *(int *)(opt->addr); if ((opt->flags & OPT_ZEROINF) ? (oldv != 0 && (iv == 0 || iv > oldv)) : (iv > oldv)) { - option_error("%s value cannot be increased", opt->name); + ppp_option_error("%s value cannot be increased", opt->name); return 0; } } @@ -875,7 +966,7 @@ process_option(option_t *opt, char *cmd, char **argv) int override_value(char *option, int priority, const char *source) { - option_t *opt; + struct option *opt; opt = find_option(option); if (opt == NULL) @@ -894,7 +985,7 @@ override_value(char *option, int priority, const char *source) * n_arguments - tell how many arguments an option takes */ static int -n_arguments(option_t *opt) +n_arguments(struct option *opt) { return (opt->type == o_bool || opt->type == o_special_noarg || (opt->flags & OPT_NOARG))? 0: 1; @@ -904,7 +995,7 @@ n_arguments(option_t *opt) * add_options - add a list of options to the set we grok. */ void -add_options(option_t *opt) +ppp_add_options(struct option *opt) { struct option_list *list; @@ -930,7 +1021,7 @@ check_options(void) * print_option - print out an option and its value */ static void -print_option(option_t *opt, option_t *mainopt, printer_func printer, void *arg) +print_option(struct option *opt, struct option *mainopt, printer_func printer, void *arg) { int i, v; char *p; @@ -992,8 +1083,8 @@ print_option(option_t *opt, option_t *mainopt, printer_func printer, void *arg) printer(arg, " "); } if (opt->flags & OPT_A2PRINTER) { - void (*oprt)(option_t *, printer_func, void *); - oprt = (void (*)(option_t *, printer_func, void *)) + void (*oprt)(struct option *, printer_func, void *); + oprt = (void (*)(struct option *, printer_func, void *)) opt->addr2; (*oprt)(opt, printer, arg); } else if (opt->flags & OPT_A2STRVAL) { @@ -1029,7 +1120,7 @@ print_option(option_t *opt, option_t *mainopt, printer_func printer, void *arg) * array of options. */ static void -print_option_list(option_t *opt, printer_func printer, void *arg) +print_option_list(struct option *opt, printer_func printer, void *arg) { while (opt->name != NULL) { if (opt->priority != OPRIO_DEFAULT @@ -1066,8 +1157,33 @@ print_options(printer_func printer, void *arg) static void usage(void) { - if (phase == PHASE_INITIALIZE) - fprintf(stderr, usage_string, VERSION, progname); + FILE *fp = stderr; + if (in_phase(PHASE_INITIALIZE)) { + fprintf(fp, "%s v%s\n", PACKAGE_NAME, PACKAGE_VERSION); + fprintf(fp, "Copyright (C) 1999-2022 Paul Mackerras, and others. All rights reserved.\n\n"); + + + fprintf(fp, "License BSD: The 3 clause BSD license \n"); + fprintf(fp, "This is free software: you are free to change and redistribute it.\n"); + fprintf(fp, "There is NO WARRANTY, to the extent permitted by law.\n\n"); + + fprintf(fp, "Report Bugs:\n %s\n\n", PACKAGE_BUGREPORT); + fprintf(fp, "Usage: %s [ options ], where options are:\n", progname); + fprintf(fp, " Communicate over the named device\n"); + fprintf(fp, " Set the baud rate to \n"); + fprintf(fp, " : Set the local and/or remote interface IP\n"); + fprintf(fp, " addresses. Either one may be omitted.\n"); + fprintf(fp, " asyncmap Set the desired async map to hex \n"); + fprintf(fp, " auth Require authentication from peer\n"); + fprintf(fp, " connect

Invoke shell command

to set up the serial line\n"); + fprintf(fp, " crtscts Use hardware RTS/CTS flow control\n"); + fprintf(fp, " defaultroute Add default route through interface\n"); + fprintf(fp, " file Take options from file \n"); + fprintf(fp, " modem Use modem control lines\n"); + fprintf(fp, " mru Set MRU value to for negotiation\n"); + fprintf(fp, " show-options Display an extended list of options\n"); + fprintf(fp, "See pppd(8) for more options.\n"); + } } /* @@ -1076,7 +1192,7 @@ usage(void) static int showhelp(char **argv) { - if (phase == PHASE_INITIALIZE) { + if (in_phase(PHASE_INITIALIZE)) { usage(); exit(0); } @@ -1089,7 +1205,7 @@ showhelp(char **argv) static int showversion(char **argv) { - if (phase == PHASE_INITIALIZE) { + if (in_phase(PHASE_INITIALIZE)) { fprintf(stdout, "pppd version %s\n", VERSION); exit(0); } @@ -1097,12 +1213,67 @@ showversion(char **argv) } /* - * option_error - print a message about an error in an option. + * Print a set of options including the name of the group of options + */ +static void +showopts_list(FILE *fp, const char *title, struct option *list, ...) +{ + struct option *opt = list; + va_list varg; + + if (opt && opt->name) { + va_start(varg, list); + vfprintf(fp, title, varg); + fprintf(fp, ":\n"); + va_end(varg); + + do { + fprintf(fp, " %-22s %s\n", opt->name, opt->description?:""); + opt++; + } while (opt && opt->name); + + fprintf(fp, "\n"); + } +} + +/* + * Dumps the list of available options + */ +void +showopts(void) +{ + struct option_list *list; + FILE *fp = stderr; + int i = 0; + + showopts_list(fp, "General Options", + general_options); + + showopts_list(fp, "Authentication Options", + auth_options); + + for (list = extra_options; list != NULL; list = list->next) + showopts_list(fp, "Extra Options", list->options); + + showopts_list(fp, "Channel Options", + the_channel->options); + + for (i = 0; protocols[i] != NULL; ++i) { + if (protocols[i]->options != NULL) { + showopts_list(fp, "%s Options", + protocols[i]->options, + protocols[i]->name); + } + } +} + +/* + * ppp_option_error - print a message about an error in an option. * The message is logged, and also sent to - * stderr if phase == PHASE_INITIALIZE. + * stderr if in_phase(PHASE_INITIALIZE). */ void -option_error(char *fmt, ...) +ppp_option_error(char *fmt, ...) { va_list args; char buf[1024]; @@ -1110,7 +1281,7 @@ option_error(char *fmt, ...) va_start(args, fmt); vslprintf(buf, sizeof(buf), fmt, args); va_end(args); - if (phase == PHASE_INITIALIZE) + if (in_phase(PHASE_INITIALIZE)) fprintf(stderr, "%s: %s\n", progname, buf); syslog(LOG_ERR, "%s", buf); } @@ -1357,7 +1528,7 @@ getword(FILE *f, char *word, int *newlinep, char *filename) if (ferror(f)) { if (errno == 0) errno = EIO; - option_error("Error reading %s: %m", filename); + ppp_option_error("Error reading %s: %m", filename); die(1); } /* @@ -1367,7 +1538,7 @@ getword(FILE *f, char *word, int *newlinep, char *filename) if (len == 0) return 0; if (quoted) - option_error("warning: quoted word runs to end of file (%.20s...)", + ppp_option_error("warning: quoted word runs to end of file (%.20s...)", filename, word); } @@ -1375,7 +1546,7 @@ getword(FILE *f, char *word, int *newlinep, char *filename) * Warn if the word was too long, and append a terminating null. */ if (len >= MAXWORDLEN) { - option_error("warning: word in file %s too long (%.20s...)", + ppp_option_error("warning: word in file %s too long (%.20s...)", filename, word); len = MAXWORDLEN - 1; } @@ -1397,7 +1568,7 @@ number_option(char *str, u_int32_t *valp, int base) *valp = strtoul(str, &ptr, base); if (ptr == str) { - option_error("invalid numeric parameter '%s' for %s option", + ppp_option_error("invalid numeric parameter '%s' for %s option", str, current_option); return 0; } @@ -1411,7 +1582,7 @@ number_option(char *str, u_int32_t *valp, int base) * if there is an error. */ int -int_option(char *str, int *valp) +ppp_int_option(char *str, int *valp) { u_int32_t v; @@ -1432,7 +1603,7 @@ int_option(char *str, int *valp) static int readfile(char **argv) { - return options_from_file(*argv, 1, 1, privileged_option); + return ppp_options_from_file(*argv, 1, 1, privileged_option); } /* @@ -1462,17 +1633,17 @@ callfile(char **argv) } } if (!ok) { - option_error("call option value may not contain .. or start with /"); + ppp_option_error("call option value may not contain .. or start with /"); return 0; } - l = strlen(arg) + strlen(_PATH_PEERFILES) + 1; + l = strlen(arg) + strlen(PPP_PATH_PEERFILES) + 1; if ((fname = (char *) malloc(l)) == NULL) novm("call file name"); - slprintf(fname, l, "%s%s", _PATH_PEERFILES, arg); - script_setenv("CALL_FILE", arg, 0); + slprintf(fname, l, "%s%s", PPP_PATH_PEERFILES, arg); + ppp_script_setenv("CALL_FILE", arg, 0); - ok = options_from_file(fname, 1, 1, 1); + ok = ppp_options_from_file(fname, 1, 1, 1); free(fname); return ok; @@ -1490,7 +1661,7 @@ setpassfilter(char **argv) pc = pcap_open_dead(DLT_PPP_PPPD, 65535); if (pcap_compile(pc, &pass_filter, *argv, 1, netmask) == -1) { - option_error("error in pass-filter expression: %s\n", + ppp_option_error("error in pass-filter expression: %s\n", pcap_geterr(pc)); ret = 0; } @@ -1510,7 +1681,7 @@ setactivefilter(char **argv) pc = pcap_open_dead(DLT_PPP_PPPD, 65535); if (pcap_compile(pc, &active_filter, *argv, 1, netmask) == -1) { - option_error("error in active-filter expression: %s\n", + ppp_option_error("error in active-filter expression: %s\n", pcap_geterr(pc)); ret = 0; } @@ -1545,7 +1716,7 @@ setlogfile(char **argv) euid = geteuid(); if (!privileged_option && seteuid(getuid()) == -1) { - option_error("unable to drop permissions to open %s: %m", *argv); + ppp_option_error("unable to drop permissions to open %s: %m", *argv); return 0; } fd = open(*argv, O_WRONLY | O_APPEND | O_CREAT | O_EXCL, 0644); @@ -1556,7 +1727,7 @@ setlogfile(char **argv) fatal("unable to regain privileges: %m"); if (fd < 0) { errno = err; - option_error("Can't open log file %s: %m", *argv); + ppp_option_error("Can't open log file %s: %m", *argv); return 0; } strlcpy(logfile_name, *argv, sizeof(logfile_name)); @@ -1597,7 +1768,7 @@ loadplugin(char **argv) const char *vers; if (strchr(arg, '/') == 0) { - const char *base = _PATH_PLUGIN; + const char *base = PPP_PATH_PLUGIN; int l = strlen(base) + strlen(arg) + 2; path = malloc(l); if (path == 0) @@ -1610,25 +1781,27 @@ loadplugin(char **argv) if (handle == 0) { err = dlerror(); if (err != 0) - option_error("%s", err); - option_error("Couldn't load plugin %s", arg); + ppp_option_error("%s", err); + ppp_option_error("Couldn't load plugin %s", arg); goto err; } init = (void (*)(void))dlsym(handle, "plugin_init"); if (init == 0) { - option_error("%s has no initialization entry point", arg); + ppp_option_error("%s has no initialization entry point", arg); goto errclose; } vers = (const char *) dlsym(handle, "pppd_version"); if (vers == 0) { warn("Warning: plugin %s has no version information", arg); } else if (strcmp(vers, VERSION) != 0) { - option_error("Plugin %s is for pppd version %s, this is %s", + ppp_option_error("Plugin %s is for pppd version %s, this is %s", arg, vers, VERSION); goto errclose; } info("Plugin %s loaded.", arg); (*init)(); + if (path != arg) + free(path); return 1; errclose: @@ -1651,11 +1824,11 @@ user_setenv(char **argv) struct userenv *uep, **insp; if ((eqp = strchr(arg, '=')) == NULL) { - option_error("missing = in name=value: %s", arg); + ppp_option_error("missing = in name=value: %s", arg); return 0; } if (eqp == arg) { - option_error("missing variable name: %s", arg); + ppp_option_error("missing variable name: %s", arg); return 0; } for (uep = userenv_list; uep != NULL; uep = uep->ue_next) { @@ -1670,6 +1843,10 @@ user_setenv(char **argv) /* The name never changes, so allocate it with the structure */ if (uep == NULL) { uep = malloc(sizeof (*uep) + (eqp-arg)); + if (uep == NULL) { + novm("environment variable"); + return 1; + } strncpy(uep->ue_name, arg, eqp-arg); uep->ue_name[eqp-arg] = '\0'; uep->ue_next = NULL; @@ -1696,7 +1873,7 @@ user_setenv(char **argv) } static void -user_setprint(option_t *opt, printer_func printer, void *arg) +user_setprint(struct option *opt, printer_func printer, void *arg) { struct userenv *uep, *uepnext; @@ -1722,11 +1899,11 @@ user_unsetenv(char **argv) char *arg = argv[0]; if (strchr(arg, '=') != NULL) { - option_error("unexpected = in name: %s", arg); + ppp_option_error("unexpected = in name: %s", arg); return 0; } if (*arg == '\0') { - option_error("missing variable name for unset"); + ppp_option_error("missing variable name for unset"); return 0; } for (uep = userenv_list; uep != NULL; uep = uep->ue_next) { @@ -1739,6 +1916,10 @@ user_unsetenv(char **argv) /* The name never changes, so allocate it with the structure */ if (uep == NULL) { uep = malloc(sizeof (*uep) + strlen(arg)); + if (uep == NULL) { + novm("environment variable"); + return 1; + } strcpy(uep->ue_name, arg); uep->ue_next = NULL; insp = &userenv_list; @@ -1764,7 +1945,7 @@ user_unsetenv(char **argv) } static void -user_unsetprint(option_t *opt, printer_func printer, void *arg) +user_unsetprint(struct option *opt, printer_func printer, void *arg) { struct userenv *uep, *uepnext; diff --git a/pppd/options.h b/pppd/options.h new file mode 100644 index 0000000..8634e87 --- /dev/null +++ b/pppd/options.h @@ -0,0 +1,123 @@ +/* + * options.h - header declarations for option processing for PPP. + * + * Copyright (c) 2000-2002 Paul Mackerras. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. The name(s) of the authors of this software must not be used to + * endorse or promote products derived from this software without + * prior written permission. + * + * 3. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by Paul Mackerras + * ". + * + * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO + * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY + * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN + * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +#ifndef PPP_OPTIONS_H +#define PPP_OPTIONS_H + +#ifdef __cplusplus +extern "C" { +#endif + +enum opt_type { + o_special_noarg, + o_special, + o_bool, + o_int, + o_uint32, + o_string, + o_wild +}; + +struct option { + char *name; /* name of the option */ + enum opt_type type; + void *addr; + char *description; + unsigned int flags; + void *addr2; + int upper_limit; + int lower_limit; + const char *source; + short int priority; + short int winner; +}; + +typedef struct option option_t; + +/* Values for flags */ +#define OPT_VALUE 0xff /* mask for presupplied value */ +#define OPT_HEX 0x100 /* int option is in hex */ +#define OPT_NOARG 0x200 /* option doesn't take argument */ +#define OPT_OR 0x400 /* for u32, OR in argument to value */ +#define OPT_INC 0x400 /* for o_int, increment value */ +#define OPT_A2OR 0x800 /* for o_bool, OR arg to *(u_char *)addr2 */ +#define OPT_PRIV 0x1000 /* privileged option */ +#define OPT_STATIC 0x2000 /* string option goes into static array */ +#define OPT_NOINCR 0x2000 /* for o_int, value mustn't be increased */ +#define OPT_LLIMIT 0x4000 /* check value against lower limit */ +#define OPT_ULIMIT 0x8000 /* check value against upper limit */ +#define OPT_LIMITS (OPT_LLIMIT|OPT_ULIMIT) +#define OPT_ZEROOK 0x10000 /* 0 value is OK even if not within limits */ +#define OPT_HIDE 0x10000 /* for o_string, print value as ?????? */ +#define OPT_A2LIST 0x20000 /* for o_special, keep list of values */ +#define OPT_A2CLRB 0x20000 /* o_bool, clr val bits in *(u_char *)addr2 */ +#define OPT_ZEROINF 0x40000 /* with OPT_NOINCR, 0 == infinity */ +#define OPT_PRIO 0x80000 /* process option priorities for this option */ +#define OPT_PRIOSUB 0x100000 /* subsidiary member of priority group */ +#define OPT_ALIAS 0x200000 /* option is alias for previous option */ +#define OPT_A2COPY 0x400000 /* addr2 -> second location to rcv value */ +#define OPT_ENABLE 0x800000 /* use *addr2 as enable for option */ +#define OPT_A2CLR 0x1000000 /* clear *(bool *)addr2 */ +#define OPT_PRIVFIX 0x2000000 /* user can't override if set by root */ +#define OPT_INITONLY 0x4000000 /* option can only be set in init phase */ +#define OPT_DEVEQUIV 0x8000000 /* equiv to device name */ +#define OPT_DEVNAM (OPT_INITONLY | OPT_DEVEQUIV) +#define OPT_A2PRINTER 0x10000000 /* *addr2 printer_func to print option */ +#define OPT_A2STRVAL 0x20000000 /* *addr2 points to current string value */ +#define OPT_NOPRINT 0x40000000 /* don't print this option at all */ + +#define OPT_VAL(x) ((x) & OPT_VALUE) + +/* Values for priority */ +#define OPRIO_DEFAULT 0 /* a default value */ +#define OPRIO_CFGFILE 1 /* value from a configuration file */ +#define OPRIO_CMDLINE 2 /* value from the command line */ +#define OPRIO_SECFILE 3 /* value from options in a secrets file */ +#define OPRIO_ROOT 100 /* added to priority if OPT_PRIVFIX && root */ + +/* Add additional supported options by e.g. plug-in */ +void ppp_add_options(struct option *options); + +/* Parse options from an options file */ +int ppp_options_from_file(char *filename, int must_exist, int check_prot, + int privileged); + +/* Simplified number_option for decimal ints */ +int ppp_int_option(char *name, int *value); + +/* Print an error message about an option */ +void ppp_option_error(char *fmt, ...); + + +#ifdef __cplusplus +} +#endif + +#endif // PPP_OPTIONS_H diff --git a/pppd/pathnames.h b/pppd/pathnames.h index 57a130e..d08e8ef 100644 --- a/pppd/pathnames.h +++ b/pppd/pathnames.h @@ -1,5 +1,46 @@ /* - * define path names + * pathnames.h - define default paths for pppd + * + * Copyright (c) 1999-2002 Paul Mackerras. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. The name(s) of the authors of this software must not be used to + * endorse or promote products derived from this software without + * prior written permission. + * + * 3. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by Paul Mackerras + * ". + * + * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO + * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY + * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN + * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* + * Paths are controlled by configure. Typically, one would pass the following options + * to configure: + * ./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var + * + * Note that if the prefix variable do control all the other directory variables, e.g + * sysconfdir is ${prefix}/etc. Setting prefix to /usr, you'll have to override + * sysconfdir with /etc to avoid installing config files into /usr/etc. + * + * In addition, there are three explicit variables that has overrides via configure: + * - PPPD_RUNTIME_DIR, set by --with-runtime-dir=

+ * - PPPD_LOGFILE_DIR, set by --with-logfile-dir= + * - PPPD_PLUGIN_DIR, set by --with-plugin-dir= */ #ifndef PPP_PATHNAMES_H #define PPP_PATHNAMES_H @@ -11,66 +52,86 @@ #endif /* HAVE_PATHS_H */ #ifndef _PATH_DEVNULL -#define _PATH_DEVNULL "/dev/null" +#define _PATH_DEVNULL "/dev/null" #endif +#define PPP_DEVNULL _PATH_DEVNULL + +/* + * PPPD_RUNTIME_DIR is set by passing --with-runtime-dir= via configure + * the default value set by configure when option is absent is ${localstatedir}/run/pppd + */ #ifdef PPPD_RUNTIME_DIR -#undef _PATH_VARRUN -#define _PATH_VARRUN PPPD_RUNTIME_DIR "/" +#define PPP_PATH_VARRUN PPPD_RUNTIME_DIR +#else +#define PPP_PATH_VARRUN _PATH_VARRUN #endif +/* + * PPPD_LOGFILE_DIR is set by passing --with-logfile-dir= via configure + * the default value set by configure when option is absent is ${localstatedir}/log/ppp + */ #ifdef PPPD_LOGFILE_DIR -#undef _PATH_VARLOG -#define _PATH_VARLOG PPPD_LOGFILE_DIR +#define PPP_PATH_VARLOG PPPD_LOGFILE_DIR +#else +#define PPP_PATH_VARLOG _PATH_VARRUN "/log/ppp" #endif +/* + * PPPD_PLUGIN_DIR is set by passing --with-plugin-dir= via configure + * the default value set by configure when option is absent is ${libdir}/pppd/${version} + */ #ifdef PPPD_PLUGIN_DIR -#define _PATH_PLUGIN PPPD_PLUGIN_DIR -#else -#ifdef __STDC__ -#define _PATH_PLUGIN DESTDIR "/lib/pppd/" VERSION -#else /* __STDC__ */ -#define _PATH_PLUGIN "/usr/lib/pppd" -#endif /* __STDC__ */ +#define PPP_PATH_PLUGIN PPPD_PLUGIN_DIR #endif /* PPPD_PLUGIN_DIR */ -#ifndef _ROOT_PATH -#define _ROOT_PATH -#endif +#define PPP_PATH_CONFDIR SYSCONFDIR "/ppp" -#define _PATH_UPAPFILE _ROOT_PATH "/etc/ppp/pap-secrets" -#define _PATH_CHAPFILE _ROOT_PATH "/etc/ppp/chap-secrets" -#define _PATH_SRPFILE _ROOT_PATH "/etc/ppp/srp-secrets" +#define PPP_PATH_UPAPFILE PPP_PATH_CONFDIR "/pap-secrets" +#define PPP_PATH_CHAPFILE PPP_PATH_CONFDIR "/chap-secrets" +#define PPP_PATH_SRPFILE PPP_PATH_CONFDIR "/srp-secrets" #ifdef PPP_WITH_EAPTLS -#define _PATH_EAPTLSCLIFILE _ROOT_PATH "/etc/ppp/eaptls-client" -#define _PATH_EAPTLSSERVFILE _ROOT_PATH "/etc/ppp/eaptls-server" -#define _PATH_OPENSSLCONFFILE _ROOT_PATH "/etc/ppp/openssl.cnf" +#define PPP_PATH_EAPTLSCLIFILE PPP_PATH_CONFDIR "/eaptls-client" +#define PPP_PATH_EAPTLSSERVFILE PPP_PATH_CONFDIR "/eaptls-server" +#define PPP_PATH_OPENSSLCONFFILE PPP_PATH_CONFDIR "/openssl.cnf" #endif /* PPP_WITH_EAPTLS */ -#define _PATH_SYSOPTIONS _ROOT_PATH "/etc/ppp/options" -#define _PATH_IPUP _ROOT_PATH "/etc/ppp/ip-up" -#define _PATH_IPDOWN _ROOT_PATH "/etc/ppp/ip-down" -#define _PATH_IPPREUP _ROOT_PATH "/etc/ppp/ip-pre-up" -#define _PATH_AUTHUP _ROOT_PATH "/etc/ppp/auth-up" -#define _PATH_AUTHDOWN _ROOT_PATH "/etc/ppp/auth-down" -#define _PATH_TTYOPT _ROOT_PATH "/etc/ppp/options." -#define _PATH_CONNERRS _ROOT_PATH _PATH_VARLOG "/connect-errors" -#define _PATH_PEERFILES _ROOT_PATH "/etc/ppp/peers/" -#define _PATH_RESOLV _ROOT_PATH "/etc/ppp/resolv.conf" +#define PPP_PATH_SYSOPTIONS PPP_PATH_CONFDIR "/options" +#define PPP_PATH_IPUP PPP_PATH_CONFDIR "/ip-up" +#define PPP_PATH_IPDOWN PPP_PATH_CONFDIR "/ip-down" +#define PPP_PATH_IPPREUP PPP_PATH_CONFDIR "/ip-pre-up" +#define PPP_PATH_AUTHUP PPP_PATH_CONFDIR "/auth-up" +#define PPP_PATH_AUTHDOWN PPP_PATH_CONFDIR "/auth-down" +#define PPP_PATH_TTYOPT PPP_PATH_CONFDIR "/options." +#define PPP_PATH_PEERFILES PPP_PATH_CONFDIR "/peers/" +#define PPP_PATH_RESOLV PPP_PATH_CONFDIR "/resolv.conf" -#define _PATH_USEROPT ".ppprc" -#define _PATH_PSEUDONYM ".ppp_pseudonym" +#define PPP_PATH_NET_INIT PPP_PATH_CONFDIR "/net-init" +#define PPP_PATH_NET_PREUP PPP_PATH_CONFDIR "/net-pre-up" +#define PPP_PATH_NET_DOWN PPP_PATH_CONFDIR "/net-down" + +#define PPP_PATH_CONNERRS PPP_PATH_VARLOG "/connect-errors" + +#define PPP_PATH_USEROPT ".ppprc" +#define PPP_PATH_PSEUDONYM ".ppp_pseudonym" #ifdef PPP_WITH_IPV6CP -#define _PATH_IPV6UP _ROOT_PATH "/etc/ppp/ipv6-up" -#define _PATH_IPV6DOWN _ROOT_PATH "/etc/ppp/ipv6-down" +#define PPP_PATH_IPV6UP PPP_PATH_CONFDIR "/ipv6-up" +#define PPP_PATH_IPV6DOWN PPP_PATH_CONFDIR "/ipv6-down" +#endif + +#define PPP_PATH_PPPDB PPP_PATH_VARRUN "/pppd2.tdb" + +#ifdef __linux__ +#define PPP_PATH_LOCKDIR "/var/lock" +#else +#ifdef SVR4 +#define PPP_PATH_LOCKDIR "/var/spool/locks" +#else +#define PPP_PATH_LOCKDIR "/var/spool/lock" +#endif #endif -#ifdef __STDC__ -#define _PATH_PPPDB _ROOT_PATH _PATH_VARRUN "pppd2.tdb" -#else /* __STDC__ */ -#define _PATH_PPPDB _PPP_VARRUN "pppd2.tdb" -#endif /* __STDC__ */ #endif /* PPP_PATHNAMES_H */ diff --git a/pppd/peap.c b/pppd/peap.c index d6e5fcf..243a8bd 100644 --- a/pppd/peap.c +++ b/pppd/peap.c @@ -47,6 +47,10 @@ * https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-peap */ +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + #include #include #include @@ -57,10 +61,10 @@ #include #include -#include "pppd.h" +#include "pppd-private.h" #include "eap.h" #include "tls.h" -#include "chap-new.h" +#include "chap.h" #include "chap_ms.h" #include "mppe.h" #include "peap.h" @@ -436,6 +440,7 @@ void peap_do_inner_eap(u_char *in_buf, int in_len, eap_state *esp, int id, } case CHAP_FAILURE: { + u_char status = CHAP_FAILURE; psm->chap->handle_failure(in_buf, in_len); PUTCHAR(EAPT_MSCHAPV2, outp); PUTCHAR(status, outp); diff --git a/pppd/plugins/minconn.c b/pppd/plugins/minconn.c index 82bef48..cd61ccd 100644 --- a/pppd/plugins/minconn.c +++ b/pppd/plugins/minconn.c @@ -22,7 +22,7 @@ * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Paul Mackerras - * ". + * ". * * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY @@ -35,13 +35,25 @@ #include #include +#include +#include +#include +#include + #include +#include + +#if !defined(SOL2) +#include +#else +#include +#endif char pppd_version[] = PPPD_VERSION; static int minconnect = 0; -static option_t my_options[] = { +static struct option my_options[] = { { "minconnect", o_int, &minconnect, "Set minimum connect time before idle timeout applies" }, { NULL } @@ -52,16 +64,16 @@ static int my_get_idle(struct ppp_idle *idle) time_t t; if (idle == NULL) - return minconnect? minconnect: idle_time_limit; + return minconnect ? minconnect: ppp_get_max_idle_time(); t = idle->xmit_idle; if (idle->recv_idle < t) t = idle->recv_idle; - return idle_time_limit - t; + return ppp_get_max_idle_time() - t; } void plugin_init(void) { info("plugin_init"); - add_options(my_options); + ppp_add_options(my_options); idle_time_hook = my_get_idle; } diff --git a/pppd/plugins/passprompt.c b/pppd/plugins/passprompt.c index 14a199f..7779d51 100644 --- a/pppd/plugins/passprompt.c +++ b/pppd/plugins/passprompt.c @@ -14,15 +14,24 @@ #include #include #include +#include #include +#include +#include +#include +#include + #include +#include +#include +#include char pppd_version[] = PPPD_VERSION; static char promptprog[PATH_MAX+1]; static int promptprog_refused = 0; -static option_t options[] = { +static struct option options[] = { { "promptprog", o_string, promptprog, "External PAP password prompting program", OPT_STATIC, NULL, PATH_MAX }, @@ -55,7 +64,7 @@ static int promptpass(char *user, char *passwd) if (!kid) { /* we are the child, exec the program */ char *argv[5], fdstr[32]; - sys_close(); + ppp_sys_close(); closelog(); close(p[0]); ret = seteuid(getuid()); @@ -66,10 +75,10 @@ static int promptpass(char *user, char *passwd) if (ret != 0) { warn("Couldn't set effective user id"); } - argv[0] = promptprog; - argv[1] = user; - argv[2] = remote_name; sprintf(fdstr, "%d", p[1]); + argv[0] = promptprog; + argv[1] = strdup(user); + argv[2] = strdup(ppp_remote_name()); argv[3] = fdstr; argv[4] = 0; execv(*argv, argv); @@ -84,7 +93,7 @@ static int promptpass(char *user, char *passwd) if (red == 0) break; if (red < 0) { - if (errno == EINTR && !got_sigterm) + if (errno == EINTR && !ppp_signaled(SIGTERM)) continue; error("Can't read secret from %s: %m", promptprog); readgood = -1; @@ -96,7 +105,7 @@ static int promptpass(char *user, char *passwd) /* now wait for child to exit */ while (waitpid(kid, &wstat, 0) < 0) { - if (errno != EINTR || got_sigterm) { + if (errno != EINTR || ppp_signaled(SIGTERM)) { warn("error waiting for %s: %m", promptprog); break; } @@ -120,7 +129,7 @@ static int promptpass(char *user, char *passwd) void plugin_init(void) { - add_options(options); + ppp_add_options(options); pap_passwd_hook = promptpass; #ifdef PPP_WITH_EAPTLS eaptls_passwd_hook = promptpass; diff --git a/pppd/plugins/passwordfd.c b/pppd/plugins/passwordfd.c index 6f8bc6f..be3088c 100644 --- a/pppd/plugins/passwordfd.c +++ b/pppd/plugins/passwordfd.c @@ -11,39 +11,29 @@ #include #include #include +#include +#include +#include +#include #include +#include +#include +#include +#include char pppd_version[] = PPPD_VERSION; -static int passwdfd = -1; static char save_passwd[MAXSECRETLEN]; -static option_t options[] = { - { "passwordfd", o_int, &passwdfd, - "Receive password on this file descriptor" }, - { NULL } -}; - -static int pwfd_check (void) -{ - return 1; -} - -static int pwfd_passwd (char *user, char *passwd) +static int pwfd_read_password(char **argv) { - int readgood, red; - - if (passwdfd == -1) - return -1; + ssize_t readgood, red; + int passwdfd; + char passwd[MAXSECRETLEN]; - if (passwd == NULL) - return 1; - - if (passwdfd == -2) { - strcpy (passwd, save_passwd); - return 1; - } + if (!ppp_int_option(argv[0], &passwdfd)) + return 0; readgood = 0; do { @@ -65,14 +55,31 @@ static int pwfd_passwd (char *user, char *passwd) passwd[readgood] = 0; strcpy (save_passwd, passwd); - passwdfd = -2; return 1; } +static struct option options[] = { + { "passwordfd", o_special, pwfd_read_password, + "Receive password on this file descriptor" }, + { NULL } +}; + +static int pwfd_check (void) +{ + return 1; +} + +static int pwfd_passwd (char *user, char *passwd) +{ + if (passwd != NULL) + strcpy(passwd, save_passwd); + return 1; +} + void plugin_init (void) { - add_options (options); + ppp_add_options (options); pap_check_hook = pwfd_check; pap_passwd_hook = pwfd_passwd; diff --git a/pppd/plugins/pppoatm/pppoatm.c b/pppd/plugins/pppoatm/pppoatm.c index 5ac03c8..39d3dbd 100644 --- a/pppd/plugins/pppoatm/pppoatm.c +++ b/pppd/plugins/pppoatm/pppoatm.c @@ -24,9 +24,11 @@ #include #include #include +#include +#include #include -#include +#include #include /* Needed for lcp.h to include cleanly */ #include @@ -42,8 +44,9 @@ static int pppoatm_max_mtu, pppoatm_max_mru; static int setdevname_pppoatm(const char *cp, const char **argv, int doit); struct channel pppoa_channel; static int pppoa_fd = -1; +static char devnam[MAXNAMELEN]; -static option_t pppoa_options[] = { +static struct option pppoa_options[] = { { "device name", o_wild, (void *) &setdevname_pppoatm, "ATM service provider IDs: VPI.VCI", OPT_DEVNAM | OPT_PRIVFIX | OPT_NOARG | OPT_A2STRVAL | OPT_STATIC, @@ -89,7 +92,8 @@ static int setdevname_pppoatm(const char *cp, const char **argv, int doit) return 1; memcpy(&pvcaddr, &addr, sizeof pvcaddr); - strlcpy(devnam, cp, MAXPATHLEN); + strlcpy(devnam, cp, sizeof(devnam)); + ppp_set_devnam(devnam); devstat.st_mode = S_IFSOCK; if (the_channel != &pppoa_channel) { the_channel = &pppoa_channel; @@ -163,7 +167,7 @@ static int connect_pppoatm(void) pppoatm_max_mtu = lcp_allowoptions[0].mru; pppoatm_max_mru = lcp_wantoptions[0].mru; set_line_discipline_pppoatm(fd); - strlcpy(ppp_devnam, devnam, MAXPATHLEN); + ppp_set_pppdevnam(devnam); pppoa_fd = fd; return fd; } @@ -177,13 +181,13 @@ void plugin_init(void) { #ifdef linux extern int new_style_driver; /* From sys-linux.c */ - if (!ppp_available() && !new_style_driver) + if (!ppp_check_kernel_support() && !new_style_driver) fatal("Kernel doesn't support ppp_generic - " "needed for PPPoATM"); #else fatal("No PPPoATM support on this OS"); #endif - add_options(pppoa_options); + ppp_add_options(pppoa_options); } struct channel pppoa_channel = { @@ -192,8 +196,8 @@ struct channel pppoa_channel = { .check_options = NULL, .connect = &connect_pppoatm, .disconnect = &disconnect_pppoatm, - .establish_ppp = &generic_establish_ppp, - .disestablish_ppp = &generic_disestablish_ppp, + .establish_ppp = &ppp_generic_establish, + .disestablish_ppp = &ppp_generic_disestablish, .send_config = NULL, .recv_config = NULL, .close = NULL, diff --git a/pppd/plugins/pppoe/Makefile.am b/pppd/plugins/pppoe/Makefile.am index 6cea70a..4ce0a48 100644 --- a/pppd/plugins/pppoe/Makefile.am +++ b/pppd/plugins/pppoe/Makefile.am @@ -6,7 +6,7 @@ dist_man8_MANS = pppoe-discovery.8 noinst_HEADERS = \ pppoe.h -pppoe_la_CPPFLAGS = -I${top_srcdir} +pppoe_la_CPPFLAGS = -I${top_srcdir} -DSYSCONFDIR=\"${sysconfdir}\" -DPLUGIN pppoe_la_LDFLAGS = -module -avoid-version pppoe_la_SOURCES = plugin.c discovery.c if.c common.c diff --git a/pppd/plugins/pppoe/config.h.in b/pppd/plugins/pppoe/config.h.in index 0c4d9da..d7d61c0 100644 --- a/pppd/plugins/pppoe/config.h.in +++ b/pppd/plugins/pppoe/config.h.in @@ -45,6 +45,21 @@ /* Define to 1 if you have the header file. */ #undef HAVE_UNISTD_H +/* Define to 1 if you have the header file. */ +#undef HAVE_STDARG_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STDBOOL_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STDDEF_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STDINT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_TYPES_H + /* The size of `unsigned int', as computed by sizeof. */ #undef SIZEOF_UNSIGNED_INT @@ -54,3 +69,5 @@ /* The size of `unsigned short', as computed by sizeof. */ #undef SIZEOF_UNSIGNED_SHORT +/* Define to 1 if the system has the type `struct sockaddr_ll'. */ +#undef HAVE_STRUCT_SOCKADDR_LL diff --git a/pppd/plugins/pppoe/discovery.c b/pppd/plugins/pppoe/discovery.c index a5c2c62..ccb88b2 100644 --- a/pppd/plugins/pppoe/discovery.c +++ b/pppd/plugins/pppoe/discovery.c @@ -44,6 +44,15 @@ static char const RCSID[] = #include +#ifdef PLUGIN +#define signaled(x) ppp_signaled(x) +#define get_time(x) ppp_get_time(x) +#else +int signaled(int signal); +int get_time(struct timeval *tv); + +#endif + /* Calculate time remaining until *exp, return 0 if now >= *exp */ static int time_left(struct timeval *diff, struct timeval *exp) { @@ -404,7 +413,7 @@ waitForPADO(PPPoEConnection *conn, int timeout) while(1) { r = select(conn->discoverySocket+1, &readable, NULL, NULL, &tv); - if (r >= 0 || errno != EINTR || got_sigterm) break; + if (r >= 0 || errno != EINTR || signaled(SIGTERM)) break; } if (r < 0) { error("select (waitForPADO): %m"); @@ -595,7 +604,7 @@ waitForPADS(PPPoEConnection *conn, int timeout) while(1) { r = select(conn->discoverySocket+1, &readable, NULL, NULL, &tv); - if (r >= 0 || errno != EINTR || got_sigterm) break; + if (r >= 0 || errno != EINTR || signaled(SIGTERM)) break; } if (r < 0) { error("select (waitForPADS): %m"); @@ -666,7 +675,7 @@ discovery1(PPPoEConnection *conn) do { padiAttempts++; - if (got_sigterm || padiAttempts > conn->discoveryAttempts) { + if (signaled(SIGTERM) || padiAttempts > conn->discoveryAttempts) { warn("Timeout waiting for PADO packets"); close(conn->discoverySocket); conn->discoverySocket = -1; @@ -697,7 +706,7 @@ discovery2(PPPoEConnection *conn) do { padrAttempts++; - if (got_sigterm || padrAttempts > conn->discoveryAttempts) { + if (signaled(SIGTERM) || padrAttempts > conn->discoveryAttempts) { warn("Timeout waiting for PADS packets"); close(conn->discoverySocket); conn->discoverySocket = -1; diff --git a/pppd/plugins/pppoe/if.c b/pppd/plugins/pppoe/if.c index a3c3848..d5a4624 100644 --- a/pppd/plugins/pppoe/if.c +++ b/pppd/plugins/pppoe/if.c @@ -99,6 +99,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr) int fd; struct ifreq ifr; int domain, stype; + size_t maxlen; #ifdef HAVE_STRUCT_SOCKADDR_LL struct sockaddr_ll sa; @@ -111,11 +112,18 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr) #ifdef HAVE_STRUCT_SOCKADDR_LL domain = PF_PACKET; stype = SOCK_RAW; + maxlen = IFNAMSIZ; #else domain = PF_INET; stype = SOCK_PACKET; + maxlen = sizeof(sa.sa_data); #endif + if (strlen(ifname) >= maxlen) { + error("Can't use interface %.16s: name is too long", ifname); + return -1; + } + if ((fd = socket(domain, stype, htons(type))) < 0) { /* Give a more helpful message for the common error case */ if (errno == EPERM) { @@ -175,7 +183,7 @@ openInterface(char const *ifname, UINT16_t type, unsigned char *hwaddr) sa.sll_ifindex = ifr.ifr_ifindex; #else - strcpy(sa.sa_data, ifname); + strlcpy(sa.sa_data, ifname, sizeof(sa.sa_data)); #endif /* We're only interested in packets on specified interface */ @@ -205,14 +213,14 @@ sendPacket(PPPoEConnection *conn, int sock, PPPoEPacket *pkt, int size) { int err; - if (debug) + if (debug_on()) pppoe_log_packet("Send ", pkt); #if defined(HAVE_STRUCT_SOCKADDR_LL) err = send(sock, pkt, size, 0); #else struct sockaddr sa; - strcpy(sa.sa_data, conn->ifName); + strlcpy(sa.sa_data, conn->ifName, sizeof(sa.sa_data)); err = sendto(sock, pkt, size, 0, &sa, sizeof(sa)); #endif if (err < 0) { @@ -240,7 +248,7 @@ receivePacket(int sock, PPPoEPacket *pkt, int *size) error("error receiving pppoe packet: %m"); return -1; } - if (debug) + if (debug_on()) pppoe_log_packet("Recv ", pkt); return 0; } diff --git a/pppd/plugins/pppoe/plugin.c b/pppd/plugins/pppoe/plugin.c index 92d0493..7d4709e 100644 --- a/pppd/plugins/pppoe/plugin.c +++ b/pppd/plugins/pppoe/plugin.c @@ -49,17 +49,11 @@ static char const RCSID[] = #include #include +#include #include #include #include #include -/* #include ?, see below ... */ - -#ifndef _ROOT_PATH -#define _ROOT_PATH "" -#endif - -#define _PATH_ETHOPT _ROOT_PATH "/etc/ppp/options." char pppd_version[] = PPPD_VERSION; @@ -75,9 +69,10 @@ unsigned char pppoe_reqd_mac_addr[6]; static char *pppoe_host_uniq; static int pppoe_padi_timeout = PADI_TIMEOUT; static int pppoe_padi_attempts = MAX_PADI_ATTEMPTS; +static char devnam[MAXNAMELEN]; static int PPPoEDevnameHook(char *cmd, char **argv, int doit); -static option_t Options[] = { +static struct option Options[] = { { "device name", o_wild, (void *) &PPPoEDevnameHook, "PPPoE device name", OPT_DEVNAM | OPT_PRIVFIX | OPT_NOARG | OPT_A2STRVAL | OPT_STATIC, @@ -153,6 +148,7 @@ PPPOEConnectDevice(void) struct sockaddr_pppox sp; struct ifreq ifr; int s; + char remote_number[MAXNAMELEN]; /* Open session socket before discovery phase, to avoid losing session */ /* packets sent by peer just after PADS packet (noted on some Cisco */ @@ -201,7 +197,7 @@ PPPOEConnectDevice(void) conn->acName = acName; conn->serviceName = pppd_pppoe_service; - strlcpy(ppp_devnam, devnam, MAXPATHLEN); + ppp_set_pppdevnam(devnam); if (existingSession) { unsigned int mac[ETH_ALEN]; int i, ses; @@ -240,7 +236,7 @@ PPPOEConnectDevice(void) } /* Set PPPoE session-number for further consumption */ - ppp_session_number = ntohs(conn->session); + ppp_set_session_number(ntohs(conn->session)); sp.sa_family = AF_PPPOX; sp.sa_protocol = PX_PROTO_OE; @@ -256,17 +252,10 @@ PPPOEConnectDevice(void) (unsigned) conn->peerEth[3], (unsigned) conn->peerEth[4], (unsigned) conn->peerEth[5]); + warn("Connected to %s via interface %s", remote_number, conn->ifName); + ppp_set_remote_number(remote_number); - warn("Connected to %02X:%02X:%02X:%02X:%02X:%02X via interface %s", - (unsigned) conn->peerEth[0], - (unsigned) conn->peerEth[1], - (unsigned) conn->peerEth[2], - (unsigned) conn->peerEth[3], - (unsigned) conn->peerEth[4], - (unsigned) conn->peerEth[5], - conn->ifName); - - script_setenv("MACREMOTE", remote_number, 0); + ppp_script_setenv("MACREMOTE", remote_number, 0); if (connect(conn->sessionSocket, (struct sockaddr *) &sp, sizeof(struct sockaddr_pppox)) < 0) { @@ -321,6 +310,9 @@ PPPOEDisconnectDevice(void) sizeof(struct sockaddr_pppox)) < 0 && errno != EALREADY) error("Failed to disconnect PPPoE socket: %d %m", errno); close(conn->sessionSocket); + if (conn->discoverySocket < 0) + conn->discoverySocket = + openInterface(conn->ifName, Eth_PPPOE_Discovery, NULL); if (conn->discoverySocket >= 0) { sendPADT(conn, NULL); close(conn->discoverySocket); @@ -330,13 +322,17 @@ PPPOEDisconnectDevice(void) static void PPPOEDeviceOptions(void) { + char name[MAXPATHLEN]; char buf[MAXPATHLEN]; - strlcpy(buf, _PATH_ETHOPT, MAXPATHLEN); - strlcat(buf, devnam, MAXPATHLEN); - if (!options_from_file(buf, 0, 0, 1)) - exit(EXIT_OPTION_ERROR); - + slprintf(name, sizeof(name), "options.%s", devnam); + if (ppp_get_filepath(PPP_DIR_CONF, name, buf, sizeof(buf)) < sizeof(buf)) { + if (!ppp_options_from_file(buf, 0, 0, 1)) { + exit(EXIT_OPTION_ERROR); + } + } else { + exit(EXIT_OPTION_ERROR); + } } struct channel pppoe_channel; @@ -396,14 +392,15 @@ PPPoEDevnameHook(char *cmd, char **argv, int doit) /* Close socket */ close(fd); if (r && doit) { - strlcpy(devnam, cmd, MAXPATHLEN); + strlcpy(devnam, cmd, sizeof(devnam)); if (the_channel != &pppoe_channel) { the_channel = &pppoe_channel; - modem = 0; + ppp_set_modem(0); PPPOEInitDevice(); } + ppp_set_devnam(devnam); return 1; } @@ -422,11 +419,11 @@ PPPoEDevnameHook(char *cmd, char **argv, int doit) void plugin_init(void) { - if (!ppp_available() && !new_style_driver) { + if (!ppp_check_kernel_support() && !new_style_driver) { fatal("Linux kernel does not support PPPoE -- are you running 2.4.x?"); } - add_options(Options); + ppp_add_options(Options); info("PPPoE plugin from pppd %s", PPPD_VERSION); } @@ -440,7 +437,7 @@ void pppoe_check_options(void) if (sscanf(pppoe_reqd_mac, "%x:%x:%x:%x:%x:%x", &mac[0], &mac[1], &mac[2], &mac[3], &mac[4], &mac[5]) != 6) { - option_error("cannot parse pppoe-mac option value"); + ppp_option_error("cannot parse pppoe-mac option value"); exit(EXIT_OPTION_ERROR); } for (i = 0; i < 6; ++i) @@ -482,8 +479,8 @@ struct channel pppoe_channel = { .check_options = pppoe_check_options, .connect = &PPPOEConnectDevice, .disconnect = &PPPOEDisconnectDevice, - .establish_ppp = &generic_establish_ppp, - .disestablish_ppp = &generic_disestablish_ppp, + .establish_ppp = &ppp_generic_establish, + .disestablish_ppp = &ppp_generic_disestablish, .send_config = NULL, .recv_config = &PPPOERecvConfig, .close = NULL, diff --git a/pppd/plugins/pppoe/pppoe-discovery.8 b/pppd/plugins/pppoe/pppoe-discovery.8 index e048f66..3ea62d1 100644 --- a/pppd/plugins/pppoe/pppoe-discovery.8 +++ b/pppd/plugins/pppoe/pppoe-discovery.8 @@ -81,6 +81,6 @@ version number and usage information, then exit. .RE .SH AUTHORS \fBpppoe\-discovery\fR was written by Marco d'Itri , -based on \fBpppoe\fR by David F. Skoll . +based on \fBpppoe\fR by Dianne Skoll . .SH SEE ALSO -pppoe(8), pppoe-sniff(8) +pppoe(8), pppoe\-sniff(8) diff --git a/pppd/plugins/pppoe/pppoe-discovery.c b/pppd/plugins/pppoe/pppoe-discovery.c index b698bca..5b1b2dc 100644 --- a/pppd/plugins/pppoe/pppoe-discovery.c +++ b/pppd/plugins/pppoe/pppoe-discovery.c @@ -22,6 +22,8 @@ #include #include #include +#include +#include #include "pppoe.h" @@ -31,7 +33,7 @@ int pppoe_verbose; static FILE *debugFile; void -fatal(char *fmt, ...) +fatal(const char *fmt, ...) { va_list pvar; va_start(pvar, fmt); @@ -42,7 +44,7 @@ fatal(char *fmt, ...) } void -error(char *fmt, ...) +error(const char *fmt, ...) { va_list pvar; va_start(pvar, fmt); @@ -52,7 +54,7 @@ error(char *fmt, ...) } void -warn(char *fmt, ...) +warn(const char *fmt, ...) { va_list pvar; va_start(pvar, fmt); @@ -62,7 +64,7 @@ warn(char *fmt, ...) } void -info(char *fmt, ...) +info(const char *fmt, ...) { va_list pvar; va_start(pvar, fmt); @@ -124,6 +126,17 @@ get_time(struct timeval *tv) return gettimeofday(tv, NULL); } +int signaled(int signal) { + if (signal == SIGTERM) + return got_sigterm; + return 0; +} + +bool debug_on() +{ + return !!debug; +} + static void term_handler(int signum) { diff --git a/pppd/plugins/pppoe/pppoe.h b/pppd/plugins/pppoe/pppoe.h index 1517e34..9360edd 100644 --- a/pppd/plugins/pppoe/pppoe.h +++ b/pppd/plugins/pppoe/pppoe.h @@ -322,3 +322,10 @@ do {\ #define NOT_UNICAST(e) ((e[0] & 0x01) != 0) #define BROADCAST(e) ((e[0] & e[1] & e[2] & e[3] & e[4] & e[5]) == 0xFF) #define NOT_BROADCAST(e) ((e[0] & e[1] & e[2] & e[3] & e[4] & e[5]) != 0xFF) + +#ifndef MIN +#define MIN(a, b) ((a) < (b)? (a): (b)) +#endif +#ifndef MAX +#define MAX(a, b) ((a) > (b)? (a): (b)) +#endif diff --git a/pppd/plugins/pppol2tp/openl2tp.c b/pppd/plugins/pppol2tp/openl2tp.c index 2ba8707..1160041 100644 --- a/pppd/plugins/pppol2tp/openl2tp.c +++ b/pppd/plugins/pppol2tp/openl2tp.c @@ -29,17 +29,22 @@ #include #include #include +#include #include #include #include #include +#include +#include +#include #include -#include +#include #include #include #include #include +#include #ifndef aligned_u64 @@ -49,7 +54,6 @@ #include #include #include -#include #include #include @@ -71,7 +75,9 @@ static void (*old_pppol2tp_send_accm_hook)(int tunnel_id, int session_id, uint32_t recv_accm) = NULL; static void (*old_pppol2tp_ip_updown_hook)(int tunnel_id, int session_id, int up) = NULL; -static void (*old_multilink_join_hook)(void) = NULL; +#ifdef PPP_WITH_MULTILINK +static multilink_join_hook_fn *old_multilink_join_hook = NULL; +#endif /***************************************************************************** * OpenL2TP interface. @@ -177,8 +183,12 @@ static void openl2tp_ppp_updown_ind(int tunnel_id, int session_id, int up) uint16_t tid = tunnel_id; uint16_t sid = session_id; uint8_t state = up; - int unit = ifunit; - char *user_name = NULL; + int unit = 0; + char ifname[MAXNAMELEN]; + char user_name[MAXNAMELEN]; + + unit = ppp_ifunit(); + ppp_get_ifname(ifname, sizeof(ifname)); if (openl2tp_fd < 0) { result = openl2tp_client_create(); @@ -187,9 +197,8 @@ static void openl2tp_ppp_updown_ind(int tunnel_id, int session_id, int up) } } - if (peer_authname[0] != '\0') { - user_name = strdup(peer_authname); - } + if (!ppp_peer_authname(user_name, sizeof(user_name))) + user_name[0] = '\0'; msg->msg_signature = OPENL2TP_MSG_SIGNATURE; msg->msg_type = OPENL2TP_MSG_TYPE_PPP_UPDOWN_IND; @@ -225,7 +234,7 @@ static void openl2tp_ppp_updown_ind(int tunnel_id, int session_id, int up) memcpy(&tlv->tlv_value[0], ifname, tlv->tlv_len); msg->msg_len += sizeof(*tlv) + ALIGN32(tlv->tlv_len); - if (user_name != NULL) { + if (user_name[0] != '\0') { tlv = (void *) &msg->msg_data[msg->msg_len]; tlv->tlv_type = OPENL2TP_TLV_TYPE_PPP_USER_NAME; tlv->tlv_len = strlen(user_name) + 1; @@ -249,9 +258,6 @@ out: (*old_pppol2tp_ip_updown_hook)(tunnel_id, session_id, up); } - if (user_name != NULL) - free(user_name); - return; } @@ -273,14 +279,16 @@ out: * multilink bundle. *****************************************************************************/ +#ifdef PPP_WITH_MULTILINK static void openl2tp_multilink_join_ind(void) { - if (doing_multilink && !multilink_master) { + if (mp_on() && !mp_master()) { /* send event only if not master */ openl2tp_ppp_updown_ind(pppol2tp_tunnel_id, pppol2tp_session_id, 1); } } +#endif /***************************************************************************** * Application init @@ -294,7 +302,9 @@ void plugin_init(void) old_pppol2tp_ip_updown_hook = pppol2tp_ip_updown_hook; pppol2tp_ip_updown_hook = openl2tp_ppp_updown_ind; +#ifdef PPP_WITH_MULTILINK old_multilink_join_hook = multilink_join_hook; multilink_join_hook = openl2tp_multilink_join_ind; +#endif } diff --git a/pppd/plugins/pppol2tp/pppol2tp.c b/pppd/plugins/pppol2tp/pppol2tp.c index c1eaa9a..3b9737e 100644 --- a/pppd/plugins/pppol2tp/pppol2tp.c +++ b/pppd/plugins/pppol2tp/pppol2tp.c @@ -28,10 +28,17 @@ #include #include #include +#include +#include #include #include +#include +#include +#include + #include #include +#include #ifndef aligned_u64 /* should be defined in sys/types.h */ @@ -41,12 +48,11 @@ #include #include #include -#include #include #include #include -#include +#include #include #include #include @@ -86,7 +92,7 @@ void (*pppol2tp_send_accm_hook)(int tunnel_id, int session_id, /* Hook provided to allow other plugins to handle IP up/down */ void (*pppol2tp_ip_updown_hook)(int tunnel_id, int session_id, int up) = NULL; -static option_t pppol2tp_options[] = { +static struct option pppol2tp_options[] = { { "pppol2tp", o_special, &setdevname_pppol2tp, "FD for PPPoL2TP socket", OPT_DEVNAM | OPT_A2STRVAL, &pppol2tp_fd_str }, @@ -133,7 +139,7 @@ static int setdevname_pppol2tp(char **argv) if (device_got_set) return 0; - if (!int_option(*argv, &pppol2tp_fd)) + if (!ppp_int_option(*argv, &pppol2tp_fd)) return 0; if(getsockname(pppol2tp_fd, (struct sockaddr *)&s, &len) < 0) { @@ -158,7 +164,7 @@ static int setdevname_pppol2tp(char **argv) /* Setup option defaults. Compression options are disabled! */ - modem = 0; + ppp_set_modem(false); lcp_allowoptions[0].neg_accompression = 1; lcp_wantoptions[0].neg_accompression = 0; @@ -199,7 +205,7 @@ static void disconnect_pppol2tp(void) } static void send_config_pppol2tp(int mtu, - u_int32_t asyncmap, + uint32_t asyncmap, int pcomp, int accomp) { @@ -217,14 +223,14 @@ static void send_config_pppol2tp(int mtu, fd = socket(AF_INET, SOCK_DGRAM, 0); if (fd >= 0) { memset (&ifr, '\0', sizeof (ifr)); - strlcpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); + ppp_get_ifname(ifr.ifr_name, sizeof(ifr.ifr_name)); strlcpy(ifr.ifr_newname, pppol2tp_ifname, sizeof(ifr.ifr_name)); ioctl(fd, SIOCSIFNAME, (caddr_t) &ifr); - strlcpy(ifname, pppol2tp_ifname, 32); + ppp_set_ifname(pppol2tp_ifname); if (pppol2tp_debug_mask & PPPOL2TP_MSG_CONTROL) { dbglog("ppp%d: interface name %s", - ifunit, ifname); + ppp_ifunit(), ppp_ifname()); } } close(fd); @@ -234,7 +240,7 @@ static void send_config_pppol2tp(int mtu, warn("Overriding mtu %d to %d", mtu, lcp_allowoptions[0].mru); mtu = lcp_allowoptions[0].mru; } - netif_set_mtu(ifunit, mtu); + ppp_set_mtu(ppp_ifunit(), mtu); reorderto[0] = '\0'; if (pppol2tp_reorder_timeout > 0) @@ -279,7 +285,7 @@ static void send_config_pppol2tp(int mtu, } static void recv_config_pppol2tp(int mru, - u_int32_t asyncmap, + uint32_t asyncmap, int pcomp, int accomp) { @@ -288,7 +294,7 @@ static void recv_config_pppol2tp(int mru, lcp_allowoptions[0].mru); mru = lcp_allowoptions[0].mru; } - if ((ifunit >= 0) && ioctl(pppol2tp_fd, PPPIOCSMRU, (caddr_t) &mru) < 0) + if ((ppp_ifunit() >= 0) && ioctl(pppol2tp_fd, PPPIOCSMRU, (caddr_t) &mru) < 0) error("Couldn't set PPP MRU: %m"); } @@ -496,22 +502,22 @@ void plugin_init(void) { #if defined(__linux__) extern int new_style_driver; /* From sys-linux.c */ - if (!ppp_available() && !new_style_driver) + if (!ppp_check_kernel_support() && !new_style_driver) fatal("Kernel doesn't support ppp_generic - " "needed for PPPoL2TP"); #else fatal("No PPPoL2TP support on this OS"); #endif - add_options(pppol2tp_options); + ppp_add_options(pppol2tp_options); /* Hook up ip up/down notifiers to send indicator to openl2tpd * that the link is up */ - add_notifier(&ip_up_notifier, pppol2tp_ip_up, NULL); - add_notifier(&ip_down_notifier, pppol2tp_ip_down, NULL); -#ifdef INET6 - add_notifier(&ipv6_up_notifier, pppol2tp_ip_up, NULL); - add_notifier(&ipv6_down_notifier, pppol2tp_ip_down, NULL); + ppp_add_notify(NF_IP_UP, pppol2tp_ip_up, NULL); + ppp_add_notify(NF_IP_DOWN, pppol2tp_ip_down, NULL); +#ifdef PPP_WITH_IPV6CP + ppp_add_notify(NF_IPV6_UP, pppol2tp_ip_up, NULL); + ppp_add_notify(NF_IPV6_DOWN, pppol2tp_ip_down, NULL); #endif } @@ -521,8 +527,8 @@ struct channel pppol2tp_channel = { .check_options = &pppol2tp_check_options, .connect = &connect_pppol2tp, .disconnect = &disconnect_pppol2tp, - .establish_ppp = &generic_establish_ppp, - .disestablish_ppp = &generic_disestablish_ppp, + .establish_ppp = &ppp_generic_establish, + .disestablish_ppp = &ppp_generic_disestablish, .send_config = &send_config_pppol2tp, .recv_config = &recv_config_pppol2tp, .close = NULL, diff --git a/pppd/plugins/radius/Makefile.am b/pppd/plugins/radius/Makefile.am index ec637ae..3897e98 100644 --- a/pppd/plugins/radius/Makefile.am +++ b/pppd/plugins/radius/Makefile.am @@ -32,9 +32,6 @@ radius_la_CPPFLAGS = $(RADIUS_CPPFLAGS) radius_la_LDFLAGS = $(RADIUS_LDFLAGS) radius_la_SOURCES = radius.c radius_la_LIBADD = libradiusclient.la -if WITH_OPENSSL -radius_la_LIBADD += $(OPENSSL_LIBS) -endif radattr_la_CPPFLAGS = $(RADIUS_CPPFLAGS) radattr_la_LDFLAGS = $(RADIUS_LDFLAGS) @@ -46,18 +43,8 @@ radrealms_la_SOURCES = radrealms.c libradiusclient_la_SOURCES = \ avpair.c buildreq.c config.c dict.c ip_util.c \ - clientid.c sendserver.c lock.c util.c -libradiusclient_la_CPPFLAGS = $(RADIUS_CPPFLAGS) - -if !WITH_OPENSSL -libradiusclient_la_SOURCES += md5.c -else -if OPENSSL_HAVE_MD5 -libradiusclient_la_SOURCES += md5.c -else -libradiusclient_la_CPPFLAGS += $(OPENSSL_INCLUDES) -endif -endif + clientid.c sendserver.c lock.c util.c md5.c +libradiusclient_la_CPPFLAGS = $(RADIUS_CPPFLAGS) -DSYSCONFDIR=\"${sysconfdir}\" EXTRA_DIST = \ $(EXTRA_FILES) \ diff --git a/pppd/plugins/radius/avpair.c b/pppd/plugins/radius/avpair.c index 0dc9a85..bbe141d 100644 --- a/pppd/plugins/radius/avpair.c +++ b/pppd/plugins/radius/avpair.c @@ -31,7 +31,7 @@ static void rc_extract_vendor_specific_attributes(int attrlen, * */ -VALUE_PAIR *rc_avpair_add (VALUE_PAIR **list, int attrid, void *pval, int len, +VALUE_PAIR *rc_avpair_add (VALUE_PAIR **list, int attrid, const void *pval, int len, int vendorcode) { VALUE_PAIR *vp; @@ -57,7 +57,7 @@ VALUE_PAIR *rc_avpair_add (VALUE_PAIR **list, int attrid, void *pval, int len, * */ -int rc_avpair_assign (VALUE_PAIR *vp, void *pval, int len) +int rc_avpair_assign (VALUE_PAIR *vp, const void *pval, int len) { int result = -1; @@ -65,19 +65,19 @@ int rc_avpair_assign (VALUE_PAIR *vp, void *pval, int len) { case PW_TYPE_STRING: - if (((len == 0) && (strlen ((char *) pval)) > AUTH_STRING_LEN) + if (((len == 0) && (strlen ((const char *) pval)) > AUTH_STRING_LEN) || (len > AUTH_STRING_LEN)) { error("rc_avpair_assign: bad attribute length"); return result; } if (len > 0) { - memcpy(vp->strvalue, (char *)pval, len); + memcpy(vp->strvalue, (const char *)pval, len); vp->strvalue[len] = '\0'; vp->lvalue = len; } else { - strncpy ((char*) vp->strvalue, (char *) pval, AUTH_STRING_LEN); - vp->lvalue = strlen((char *) pval); + strncpy ((char*) vp->strvalue, (const char *) pval, AUTH_STRING_LEN); + vp->lvalue = strlen((const char *) pval); } result = 0; @@ -107,7 +107,7 @@ int rc_avpair_assign (VALUE_PAIR *vp, void *pval, int len) * */ -VALUE_PAIR *rc_avpair_new (int attrid, void *pval, int len, int vendorcode) +VALUE_PAIR *rc_avpair_new (int attrid, const void *pval, int len, int vendorcode) { VALUE_PAIR *vp = (VALUE_PAIR *) NULL; DICT_ATTR *pda; @@ -426,7 +426,7 @@ void rc_avpair_insert (VALUE_PAIR **a, VALUE_PAIR *p, VALUE_PAIR *b) else /* look for the "p" entry in the "a" list (or run to end) */ { this_node = *a; - while (this_node != (VALUE_PAIR *) NULL) + while (this_node->next != (VALUE_PAIR *) NULL) { if (this_node == p) { diff --git a/pppd/plugins/radius/buildreq.c b/pppd/plugins/radius/buildreq.c index 562790a..c1fda5a 100644 --- a/pppd/plugins/radius/buildreq.c +++ b/pppd/plugins/radius/buildreq.c @@ -327,7 +327,7 @@ int rc_acct_using_server(SERVER *acctserver, if ((adt_vp = rc_avpair_add(&(data.send_pairs), PW_ACCT_DELAY_TIME, &dtime.tv_sec, 0, VENDOR_NONE)) == NULL) return (ERROR_RC); - get_time(&start_time); + ppp_get_time(&start_time); result = ERROR_RC; for(i=0; (imax) && (result != OK_RC) && (result != BADRESP_RC) ; i++) @@ -339,7 +339,7 @@ int rc_acct_using_server(SERVER *acctserver, rc_buildreq(&data, PW_ACCOUNTING_REQUEST, acctserver->name[i], acctserver->port[i], timeout, retries); - get_time(&dtime); + ppp_get_time(&dtime); dtime.tv_sec -= start_time.tv_sec; rc_avpair_assign(adt_vp, &dtime.tv_sec, 0); diff --git a/pppd/plugins/radius/clientid.c b/pppd/plugins/radius/clientid.c index 09ec3d0..eea5165 100644 --- a/pppd/plugins/radius/clientid.c +++ b/pppd/plugins/radius/clientid.c @@ -68,6 +68,7 @@ int rc_read_mapfile(char *filename) if ((p = (struct map2id_s *)malloc(sizeof(*p))) == NULL) { novm("rc_read_mapfile"); + fclose(mapfd); return (-1); } @@ -79,6 +80,7 @@ int rc_read_mapfile(char *filename) } else { error("rc_read_mapfile: malformed line in %s, line %d", filename, lnr); + fclose(mapfd); return (-1); } @@ -101,7 +103,7 @@ int rc_read_mapfile(char *filename) * Returns: port id, zero if no entry found */ -UINT4 rc_map2id(char *name) +UINT4 rc_map2id(const char *name) { struct map2id_s *p; char ttyname[PATH_MAX]; diff --git a/pppd/plugins/radius/config.c b/pppd/plugins/radius/config.c index 47c172c..e1a4814 100644 --- a/pppd/plugins/radius/config.c +++ b/pppd/plugins/radius/config.c @@ -212,6 +212,7 @@ int rc_read_config(char *filename) if ((pos = strcspn(p, "\t ")) == 0) { error("%s: line %d: bogus format: %s", filename, line, p); + fclose(configfd); return (-1); } @@ -224,6 +225,7 @@ int rc_read_config(char *filename) if (option->status != ST_UNDEF) { error("%s: line %d: duplicate option line: %s", filename, line, p); + fclose(configfd); return (-1); } @@ -233,20 +235,28 @@ int rc_read_config(char *filename) switch (option->type) { case OT_STR: - if (set_option_str(filename, line, option, p) < 0) + if (set_option_str(filename, line, option, p) < 0) { + fclose(configfd); return (-1); + } break; case OT_INT: - if (set_option_int(filename, line, option, p) < 0) + if (set_option_int(filename, line, option, p) < 0) { + fclose(configfd); return (-1); + } break; case OT_SRV: - if (set_option_srv(filename, line, option, p) < 0) + if (set_option_srv(filename, line, option, p) < 0) { + fclose(configfd); return (-1); + } break; case OT_AUO: - if (set_option_auo(filename, line, option, p) < 0) + if (set_option_auo(filename, line, option, p) < 0) { + fclose(configfd); return (-1); + } break; default: fatal("rc_read_config: impossible case branch!"); diff --git a/pppd/plugins/radius/ip_util.c b/pppd/plugins/radius/ip_util.c index 1f6a76e..f443185 100644 --- a/pppd/plugins/radius/ip_util.c +++ b/pppd/plugins/radius/ip_util.c @@ -26,7 +26,7 @@ * Returns: 0 on failure */ -UINT4 rc_get_ipaddr (char *host) +UINT4 rc_get_ipaddr (const char *host) { struct hostent *hp; @@ -51,7 +51,7 @@ UINT4 rc_get_ipaddr (char *host) * */ -int rc_good_ipaddr (char *addr) +int rc_good_ipaddr (const char *addr) { int dot_count; int digit_count; @@ -127,7 +127,7 @@ UINT4 rc_own_ipaddress(void) static UINT4 this_host_ipaddr = 0; if (!this_host_ipaddr) { - if ((this_host_ipaddr = rc_get_ipaddr (hostname)) == 0) { + if ((this_host_ipaddr = rc_get_ipaddr (ppp_hostname())) == 0) { error("rc_own_ipaddress: couldn't get own IP address"); return 0; } diff --git a/pppd/plugins/radius/md5.c b/pppd/plugins/radius/md5.c index 8acfb38..ec3a7dd 100644 --- a/pppd/plugins/radius/md5.c +++ b/pppd/plugins/radius/md5.c @@ -1,13 +1,30 @@ /* * $Id: md5.c,v 1.1 2004/11/14 07:26:26 paulus Exp $ */ -#include +#include -void rc_md5_calc (unsigned char *output, unsigned char *input, unsigned int inlen) +#include + +int rc_md5_calc(unsigned char *out, const unsigned char *in, unsigned int inl) { - MD5_CTX context; + int retval = 0; + int outl = MD5_DIGEST_LENGTH; + + PPP_MD_CTX *ctx = PPP_MD_CTX_new(); + if (ctx) { + + if (PPP_DigestInit(ctx, PPP_md5())) { + + if (PPP_DigestUpdate(ctx, in, inl)) { + + if (PPP_DigestFinal(ctx, out, &outl)) { + + retval = 1; + } + } + } - MD5_Init (&context); - MD5_Update (&context, input, inlen); - MD5_Final (output, &context); + PPP_MD_CTX_free(ctx); + } + return retval; } diff --git a/pppd/plugins/radius/pathnames.h b/pppd/plugins/radius/pathnames.h index 5aa4c60..3a00d2c 100644 --- a/pppd/plugins/radius/pathnames.h +++ b/pppd/plugins/radius/pathnames.h @@ -17,12 +17,12 @@ #ifndef PATHNAMES_H #define PATHNAMES_H -#define _PATH_DEV_URANDOM "/dev/urandom" /* Linux only */ -#define _PATH_ETC_ISSUE "/etc/issue" +#define PPP_PATH_DEV_URANDOM "/dev/urandom" /* Linux only */ +#define PPP_PATH_ETC_ISSUE "/etc/issue" /* normally defined in the Makefile */ -#ifndef _PATH_ETC_RADIUSCLIENT_CONF -#define _PATH_ETC_RADIUSCLIENT_CONF "/etc/radiusclient.conf" +#ifndef PPP_PATH_ETC_RADIUSCLIENT_CONF +#define PPP_PATH_ETC_RADIUSCLIENT_CONF SYSCONFDIR "/radiusclient.conf" #endif #endif /* PATHNAMES_H */ diff --git a/pppd/plugins/radius/pppd-radattr.8 b/pppd/plugins/radius/pppd-radattr.8 index 22d190b..1346fdd 100644 --- a/pppd/plugins/radius/pppd-radattr.8 +++ b/pppd/plugins/radius/pppd-radattr.8 @@ -24,7 +24,7 @@ where .I pppN is the name of the PPP interface. The RADIUS attributes are stored one per line in the format "Attribute-Name Attribute-Value". This -format is convenient for use in /etc/ppp/ip-up and /etc/ppp/ip-down +format is convenient for use in /etc/ppp/ip\-up and /etc/ppp/ip\-down scripts. .LP Note that you @@ -38,7 +38,7 @@ To use the plugin, simply supply the options to pppd. .SH SEE ALSO -.BR pppd (8) " pppd-radius" (8) +.BR pppd (8) " pppd\-radius" (8) .SH AUTHOR -David F. Skoll +Dianne Skoll diff --git a/pppd/plugins/radius/pppd-radius.8 b/pppd/plugins/radius/pppd-radius.8 index a8c103c..8628d08 100644 --- a/pppd/plugins/radius/pppd-radius.8 +++ b/pppd/plugins/radius/pppd-radius.8 @@ -19,9 +19,9 @@ plugin radius.so .LP The RADIUS plugin for pppd permits pppd to perform PAP, CHAP, MS-CHAP and MS-CHAPv2 authentication against a RADIUS server instead of the usual -.I /etc/ppp/pap-secrets +.I /etc/ppp/pap\-secrets and -.I /etc/ppp/chap-secrets +.I /etc/ppp/chap\-secrets files. .LP The RADIUS plugin is built on a library called @@ -33,7 +33,7 @@ plugin .SH OPTIONS The RADIUS plugin introduces one additional pppd option: .TP -.BI "radius-config-file " filename +.BI "radius\-config\-file " filename The file .I filename is taken as the radiusclient configuration file. If this option is not @@ -44,10 +44,10 @@ as the configuration file. .BI "avpair " attribute=value Adds an Attribute-Value pair to be passed on to the RADIUS server on each request. .TP -.BI map-to-ifname +.BI map\-to\-ifname Sets Radius NAS-Port attribute to number equal to interface name (Default) .TP -.BI map-to-ttyname +.BI map\-to\-ttyname Sets Radius NAS-Port attribute value via libradiusclient library .SH USAGE @@ -61,7 +61,7 @@ RADIUS server should assign an IP address to the peer using the RADIUS Framed-IP-Address attribute. .SH SEE ALSO -.BR pppd (8) " pppd-radattr" (8) +.BR pppd (8) " pppd\-radattr" (8) .SH AUTHOR -David F. Skoll +Dianne Skoll diff --git a/pppd/plugins/radius/radattr.c b/pppd/plugins/radius/radattr.c index 16f7fba..802cb66 100644 --- a/pppd/plugins/radius/radattr.c +++ b/pppd/plugins/radius/radattr.c @@ -19,6 +19,10 @@ static char const RCSID[] = #include #include +#include +#include +#include +#include #include #include "radiusclient.h" @@ -47,11 +51,11 @@ plugin_init(void) /* calling cleanup() on link down is problematic because print_attributes() is called only after PAP or CHAP authentication, but not when the link should go up again for any other reason */ - add_notifier(&link_down_notifier, cleanup, NULL); + ppp_add_notify(NF_LINK_DOWN, cleanup, NULL); #endif /* Just in case... */ - add_notifier(&exitnotify, cleanup, NULL); + ppp_add_notify(NF_EXIT, cleanup, NULL); info("RADATTR plugin initialized."); } @@ -75,7 +79,7 @@ print_attributes(VALUE_PAIR *vp) int cnt = 0; mode_t old_umask; - slprintf(fname, sizeof(fname), "/var/run/radattr.%s", ifname); + slprintf(fname, sizeof(fname), "/var/run/radattr.%s", ppp_ifname()); old_umask = umask(077); fp = fopen(fname, "w"); umask(old_umask); @@ -110,7 +114,7 @@ cleanup(void *opaque, int arg) { char fname[512]; - slprintf(fname, sizeof(fname), "/var/run/radattr.%s", ifname); + slprintf(fname, sizeof(fname), "/var/run/radattr.%s", ppp_ifname()); (void) remove(fname); dbglog("RADATTR plugin removed file %s.", fname); } diff --git a/pppd/plugins/radius/radius.c b/pppd/plugins/radius/radius.c index 02875b4..e99bc75 100644 --- a/pppd/plugins/radius/radius.c +++ b/pppd/plugins/radius/radius.c @@ -33,16 +33,20 @@ static char const RCSID[] = #include #include #include +#include +#include #include -#include +#include +#include +#include #ifdef PPP_WITH_CHAPMS #include #ifdef PPP_WITH_MPPE #include -#include #endif #endif +#include #include #include @@ -50,8 +54,6 @@ static char const RCSID[] = #define BUF_LEN 1024 -#define MD5_HASH_SIZE 16 - #define MSDNS 1 static char *config_file = NULL; @@ -72,28 +74,20 @@ static option_t Options[] = { { NULL } }; -static int radius_secret_check(void); -static int radius_pap_auth(char *user, - char *passwd, - char **msgp, - struct wordlist **paddrs, - struct wordlist **popts); -static int radius_chap_verify(char *user, char *ourname, int id, - struct chap_digest_type *digest, - unsigned char *challenge, - unsigned char *response, - char *message, int message_space); +static pap_check_hook_fn radius_secret_check; +static pap_auth_hook_fn radius_pap_auth; +static chap_verify_hook_fn radius_chap_verify; static void radius_ip_up(void *opaque, int arg); static void radius_ip_down(void *opaque, int arg); -static void make_username_realm(char *user); +static void make_username_realm(const char *user); static int radius_setparams(VALUE_PAIR *vp, char *msg, REQUEST_INFO *req_info, struct chap_digest_type *digest, unsigned char *challenge, char *message, int message_space); static void radius_choose_ip(u_int32_t *addrp); static int radius_init(char *msg); -static int get_client_port(char *ifname); +static int get_client_port(const char *ifname); static int radius_allowed_address(u_int32_t addr); static void radius_acct_interim(void *); #ifdef PPP_WITH_MPPE @@ -162,15 +156,15 @@ plugin_init(void) ip_choose_hook = radius_choose_ip; allowed_address_hook = radius_allowed_address; - add_notifier(&ip_up_notifier, radius_ip_up, NULL); - add_notifier(&ip_down_notifier, radius_ip_down, NULL); + ppp_add_notify(NF_IP_UP, radius_ip_up, NULL); + ppp_add_notify(NF_IP_DOWN, radius_ip_down, NULL); memset(&rstate, 0, sizeof(rstate)); strlcpy(rstate.config_file, "/etc/radiusclient/radiusclient.conf", sizeof(rstate.config_file)); - add_options(Options); + ppp_add_options(Options); info("RADIUS plugin initialized."); } @@ -254,6 +248,8 @@ radius_pap_auth(char *user, UINT4 av_type; int result; static char radius_msg[BUF_LEN]; + const char *remote_number; + const char *ipparam; radius_msg[0] = 0; *msgp = radius_msg; @@ -276,7 +272,7 @@ radius_pap_auth(char *user, /* Hack... the "port" is the ppp interface number. Should really be the tty */ - rstate.client_port = get_client_port(portnummap ? devnam : ifname); + rstate.client_port = get_client_port(portnummap ? ppp_devnam() : ppp_ifname()); av_type = PW_FRAMED; rc_avpair_add(&send, PW_SERVICE_TYPE, &av_type, 0, VENDOR_NONE); @@ -286,7 +282,9 @@ radius_pap_auth(char *user, rc_avpair_add(&send, PW_USER_NAME, rstate.user , 0, VENDOR_NONE); rc_avpair_add(&send, PW_USER_PASSWORD, passwd, 0, VENDOR_NONE); - if (*remote_number) { + remote_number = ppp_get_remote_number(); + ipparam = ppp_ipparam(); + if (remote_number) { rc_avpair_add(&send, PW_CALLING_STATION_ID, remote_number, 0, VENDOR_NONE); } else if (ipparam) @@ -351,6 +349,8 @@ radius_chap_verify(char *user, char *ourname, int id, #else REQUEST_INFO *req_info = NULL; #endif + const char *remote_number; + const char *ipparam; challenge_len = *challenge++; response_len = *response++; @@ -376,7 +376,7 @@ radius_chap_verify(char *user, char *ourname, int id, /* Put user with potentially realm added in rstate.user */ if (!rstate.done_chap_once) { make_username_realm(user); - rstate.client_port = get_client_port (portnummap ? devnam : ifname); + rstate.client_port = get_client_port (portnummap ? ppp_devnam() : ppp_ifname()); if (radius_pre_auth_hook) { radius_pre_auth_hook(rstate.user, &rstate.authserver, @@ -400,15 +400,15 @@ radius_chap_verify(char *user, char *ourname, int id, switch (digest->code) { case CHAP_MD5: /* CHAP-Challenge and CHAP-Password */ - if (response_len != MD5_HASH_SIZE) + if (response_len != MD5_DIGEST_LENGTH) return 0; cpassword[0] = id; - memcpy(&cpassword[1], response, MD5_HASH_SIZE); + memcpy(&cpassword[1], response, MD5_DIGEST_LENGTH); rc_avpair_add(&send, PW_CHAP_CHALLENGE, challenge, challenge_len, VENDOR_NONE); rc_avpair_add(&send, PW_CHAP_PASSWORD, - cpassword, MD5_HASH_SIZE + 1, VENDOR_NONE); + cpassword, MD5_DIGEST_LENGTH + 1, VENDOR_NONE); break; #ifdef PPP_WITH_CHAPMS @@ -453,7 +453,9 @@ radius_chap_verify(char *user, char *ourname, int id, #endif } - if (*remote_number) { + remote_number = ppp_get_remote_number(); + ipparam = ppp_ipparam(); + if (remote_number) { rc_avpair_add(&send, PW_CALLING_STATION_ID, remote_number, 0, VENDOR_NONE); } else if (ipparam) @@ -506,7 +508,7 @@ radius_chap_verify(char *user, char *ourname, int id, * then the default realm from the radiusclient config file is added. ***********************************************************************/ static void -make_username_realm(char *user) +make_username_realm(const char *user) { char *default_realm; @@ -592,27 +594,27 @@ radius_setparams(VALUE_PAIR *vp, char *msg, REQUEST_INFO *req_info, case PW_SESSION_TIMEOUT: /* Session timeout */ - maxconnect = vp->lvalue; + ppp_set_max_connect_time(vp->lvalue); break; case PW_FILTER_ID: /* packet filter, will be handled via ip-(up|down) script */ - script_setenv("RADIUS_FILTER_ID", (char*) vp->strvalue, 1); + ppp_script_setenv("RADIUS_FILTER_ID", (char*) vp->strvalue, 1); break; case PW_FRAMED_ROUTE: /* route, will be handled via ip-(up|down) script */ - script_setenv("RADIUS_FRAMED_ROUTE", (char*) vp->strvalue, 1); + ppp_script_setenv("RADIUS_FRAMED_ROUTE", (char*) vp->strvalue, 1); break; case PW_IDLE_TIMEOUT: /* idle parameter */ - idle_time_limit = vp->lvalue; + ppp_set_max_idle_time(vp->lvalue); break; case PW_SESSION_OCTETS_LIMIT: /* Session traffic limit */ - maxoctets = vp->lvalue; + ppp_set_session_limit(vp->lvalue); break; case PW_OCTETS_DIRECTION: /* Session traffic limit direction check */ - maxoctets_dir = ( vp->lvalue > 4 ) ? 0 : vp->lvalue ; + ppp_set_session_limit_dir(vp->lvalue); break; case PW_ACCT_INTERIM_INTERVAL: /* Send accounting updates every few seconds */ @@ -633,7 +635,7 @@ radius_setparams(VALUE_PAIR *vp, char *msg, REQUEST_INFO *req_info, } else if (remote != 0xfffffffe) { /* 0xfffffffe means NAS should select an ip address */ remote = htonl(vp->lvalue); - if (bad_ip_adrs (remote)) { + if (ppp_bad_ip_addr (remote)) { slprintf(msg, BUF_LEN, "RADIUS: bad remote IP address %I for %s", remote, rstate.user); return -1; @@ -647,13 +649,14 @@ radius_setparams(VALUE_PAIR *vp, char *msg, REQUEST_INFO *req_info, break; case PW_CLASS: /* Save Class attribute to pass it in accounting request */ - if (vp->lvalue <= MAXCLASSLEN) { + // if (vp->lvalue <= MAXCLASSLEN) { // <- Attribute could be this big, but vp->strvalue is limited to AUTH_STRING_LEN characters + if (vp->lvalue <= AUTH_STRING_LEN) { rstate.class_len=vp->lvalue; memcpy(rstate.class, vp->strvalue, rstate.class_len); } /* else too big for our buffer - ignore it */ break; case PW_FRAMED_MTU: - netif_set_mtu(rstate.client_port,MIN(netif_get_mtu(rstate.client_port),vp->lvalue)); + ppp_set_mtu(rstate.client_port,MIN(ppp_get_mtu(rstate.client_port),vp->lvalue)); break; } @@ -772,9 +775,12 @@ radius_setmppekeys(VALUE_PAIR *vp, REQUEST_INFO *req_info, unsigned char *challenge) { int i; - MD5_CTX Context; - u_char plain[32]; - u_char buf[16]; + int status = 0; + PPP_MD_CTX *ctx; + unsigned char plain[32]; + unsigned char buf[MD5_DIGEST_LENGTH]; + unsigned int buflen; + if (vp->lvalue != 32) { error("RADIUS: Incorrect attribute length (%d) for MS-CHAP-MPPE-Keys", @@ -784,30 +790,70 @@ radius_setmppekeys(VALUE_PAIR *vp, REQUEST_INFO *req_info, memcpy(plain, vp->strvalue, sizeof(plain)); - MD5_Init(&Context); - MD5_Update(&Context, req_info->secret, strlen(req_info->secret)); - MD5_Update(&Context, req_info->request_vector, AUTH_VECTOR_LEN); - MD5_Final(buf, &Context); + ctx = PPP_MD_CTX_new(); + if (ctx) { - for (i = 0; i < 16; i++) - plain[i] ^= buf[i]; + if (PPP_DigestInit(ctx, PPP_md5())) { - MD5_Init(&Context); - MD5_Update(&Context, req_info->secret, strlen(req_info->secret)); - MD5_Update(&Context, vp->strvalue, 16); - MD5_Final(buf, &Context); + if (PPP_DigestUpdate(ctx, req_info->secret, strlen(req_info->secret))) { - for(i = 0; i < 16; i++) - plain[i + 16] ^= buf[i]; + if (PPP_DigestUpdate(ctx, req_info->request_vector, AUTH_VECTOR_LEN)) { - /* - * Annoying. The "key" returned is just the NTPasswordHashHash, which - * the NAS (us) doesn't need; we only need the start key. So we have - * to generate the start key, sigh. NB: We do not support the LM-Key. - */ - mppe_set_chapv1(challenge, &plain[8]); + buflen = sizeof(buf); + if (PPP_DigestFinal(ctx, buf, &buflen)) { + + status = 1; + } + } + } + } + PPP_MD_CTX_free(ctx); + } + + if (status) { + + for (i = 0; i < MD5_DIGEST_LENGTH; i++) { + plain[i] ^= buf[i]; + } + + status = 0; + ctx = PPP_MD_CTX_new(); + if (ctx) { + + if (PPP_DigestInit(ctx, PPP_md5())) { + + if (PPP_DigestUpdate(ctx, req_info->secret, strlen(req_info->secret))) { - return 0; + if (PPP_DigestUpdate(ctx, vp->strvalue, 16)) { + + buflen = MD5_DIGEST_LENGTH; + if (PPP_DigestFinal(ctx, buf, &buflen)) { + + status = 1; + } + } + } + } + PPP_MD_CTX_free(ctx); + } + + if (status) { + + for(i = 0; i < MD5_DIGEST_LENGTH; i++) { + plain[i + 16] ^= buf[i]; + } + + /* + * Annoying. The "key" returned is just the NTPasswordHashHash, which + * the NAS (us) doesn't need; we only need the start key. So we have + * to generate the start key, sigh. NB: We do not support the LM-Key. + */ + mppe_set_chapv1(challenge, &plain[8]); + return 0; + } + } + + return -1; } /********************************************************************** @@ -825,11 +871,13 @@ static int radius_setmppekeys2(VALUE_PAIR *vp, REQUEST_INFO *req_info) { int i; - MD5_CTX Context; - u_char *salt = vp->strvalue; - u_char *crypt = vp->strvalue + 2; - u_char plain[32]; - u_char buf[MD5_HASH_SIZE]; + int status = 0; + PPP_MD_CTX *ctx; + unsigned char *salt = vp->strvalue; + unsigned char *crypt = vp->strvalue + 2; + unsigned char plain[32]; + unsigned char buf[MD5_DIGEST_LENGTH]; + unsigned int buflen; char *type = "Send"; if (vp->attribute == PW_MS_MPPE_RECV_KEY) @@ -848,33 +896,75 @@ radius_setmppekeys2(VALUE_PAIR *vp, REQUEST_INFO *req_info) memcpy(plain, crypt, 32); - MD5_Init(&Context); - MD5_Update(&Context, req_info->secret, strlen(req_info->secret)); - MD5_Update(&Context, req_info->request_vector, AUTH_VECTOR_LEN); - MD5_Update(&Context, salt, 2); - MD5_Final(buf, &Context); + ctx = PPP_MD_CTX_new(); + if (!ctx) { + error("RADIUS: Error creating PPP_MD_CTX for MS-MPPE-%s-Key attribute", type); + return -1; + } - for (i = 0; i < 16; i++) + buflen = sizeof(buf); + if (!PPP_DigestInit(ctx, PPP_md5())) { + error("RADIUS: Error setting hash algorithm to MD5 for MS-MPPE-%s-Key attribute", type); + } else if (!PPP_DigestUpdate(ctx, req_info->secret, strlen(req_info->secret))) { + error("RADIUS: Error mixing in radius secret for MS-MPPE-%s-Key attribute", type); + } else if (!PPP_DigestUpdate(ctx, req_info->request_vector, AUTH_VECTOR_LEN)) { + error("RADIUS: Error mixing in request vector for MS-MPPE-%s-Key attribute", type); + } else if (!PPP_DigestUpdate(ctx, salt, 2)) { + error("RADIUS: Error mixing in salt for MS-MPPE-%s-Key attribute", type); + } else if (!PPP_DigestFinal(ctx, buf, &buflen)) { + error("RADIUS: Error finalizing key buffer for MS-MPPE-%s-Key attribute", type); + } else { + status = 1; + } + + PPP_MD_CTX_free(ctx); + + if (!status) + return -1; + + for (i = 0; i < 16; i++) { plain[i] ^= buf[i]; + } if (plain[0] != 16) { error("RADIUS: Incorrect key length (%d) for MS-MPPE-%s-Key attribute", - (int) plain[0], type); + (int) plain[0], type); return -1; } - MD5_Init(&Context); - MD5_Update(&Context, req_info->secret, strlen(req_info->secret)); - MD5_Update(&Context, crypt, 16); - MD5_Final(buf, &Context); + status = 0; + ctx = PPP_MD_CTX_new(); + if (!ctx) { + error("RADIUS: Error creating PPP_MD_CTX for MS-MPPE-%s-Key(2) attribute", type); + return -1; + } + + buflen = sizeof(buf); + + if (!PPP_DigestInit(ctx, PPP_md5())) { + error("RADIUS: Error setting hash algorithm to MD5 for MS-MPPE-%s-Key(2) attribute", type); + } else if (!PPP_DigestUpdate(ctx, req_info->secret, strlen(req_info->secret))) { + error("RADIUS: Error mixing in radius secret for MS-MPPE-%s-Key(2) attribute", type); + } else if (!PPP_DigestUpdate(ctx, crypt, 16)) { + error("RADIUS: Error mixing in crypt vector for MS-MPPE-%s-Key(2) attribute", type); + } else if (!PPP_DigestFinal(ctx, buf, &buflen)) { + error("RADIUS: Error finalizing key buffer for MS-MPPE-%s-Key(2) attribute", type); + } else { + status = 1; + } + + PPP_MD_CTX_free(ctx); + + if (!status) + return -1; plain[16] ^= buf[0]; /* only need the first byte */ - if (vp->attribute == PW_MS_MPPE_SEND_KEY) + if (vp->attribute == PW_MS_MPPE_SEND_KEY) { mppe_set_keys(plain + 1, NULL, 16); - else + } else { mppe_set_keys(NULL, plain + 1, 16); - + } return 0; } #endif /* PPP_WITH_MPPE */ @@ -896,6 +986,8 @@ radius_acct_start(void) VALUE_PAIR *send = NULL; ipcp_options *ho = &ipcp_hisoptions[0]; u_int32_t hisaddr; + const char *remote_number; + const char *ipparam; if (!rstate.initialized) { return; @@ -923,7 +1015,9 @@ radius_acct_start(void) av_type = PW_PPP; rc_avpair_add(&send, PW_FRAMED_PROTOCOL, &av_type, 0, VENDOR_NONE); - if (*remote_number) { + remote_number = ppp_get_remote_number(); + ipparam = ppp_ipparam(); + if (remote_number) { rc_avpair_add(&send, PW_CALLING_STATION_ID, remote_number, 0, VENDOR_NONE); } else if (ipparam) @@ -933,7 +1027,7 @@ radius_acct_start(void) rc_avpair_add(&send, PW_ACCT_AUTHENTIC, &av_type, 0, VENDOR_NONE); - av_type = ( using_pty ? PW_VIRTUAL : ( sync_serial ? PW_SYNC : PW_ASYNC ) ); + av_type = ( ppp_using_pty() ? PW_VIRTUAL : ( ppp_sync_serial() ? PW_SYNC : PW_ASYNC ) ); rc_avpair_add(&send, PW_NAS_PORT_TYPE, &av_type, 0, VENDOR_NONE); hisaddr = ho->hisaddr; @@ -961,7 +1055,7 @@ radius_acct_start(void) /* Kick off periodic accounting reports */ if (rstate.acct_interim_interval) { - TIMEOUT(radius_acct_interim, NULL, rstate.acct_interim_interval); + ppp_timeout(radius_acct_interim, NULL, rstate.acct_interim_interval, 0); } } @@ -982,13 +1076,16 @@ radius_acct_stop(void) ipcp_options *ho = &ipcp_hisoptions[0]; u_int32_t hisaddr; int result; + const char *remote_number; + const char *ipparam; + ppp_link_stats_st stats; if (!rstate.initialized) { return; } if (rstate.acct_interim_interval) - UNTIMEOUT(radius_acct_interim, NULL); + ppp_untimeout(radius_acct_interim, NULL); rc_avpair_add(&send, PW_ACCT_SESSION_ID, rstate.session_id, 0, VENDOR_NONE); @@ -1011,50 +1108,55 @@ radius_acct_stop(void) av_type = PW_RADIUS; rc_avpair_add(&send, PW_ACCT_AUTHENTIC, &av_type, 0, VENDOR_NONE); + if (ppp_get_link_stats(&stats)) { - if (link_stats_valid) { - av_type = link_connect_time; + av_type = ppp_get_link_uptime(); rc_avpair_add(&send, PW_ACCT_SESSION_TIME, &av_type, 0, VENDOR_NONE); - av_type = link_stats.bytes_out & 0xFFFFFFFF; + av_type = stats.bytes_out & 0xFFFFFFFF; rc_avpair_add(&send, PW_ACCT_OUTPUT_OCTETS, &av_type, 0, VENDOR_NONE); - if (link_stats.bytes_out > 0xFFFFFFFF) { - av_type = link_stats.bytes_out >> 32; + if (stats.bytes_out > 0xFFFFFFFF) { + av_type = stats.bytes_out >> 32; rc_avpair_add(&send, PW_ACCT_OUTPUT_GIGAWORDS, &av_type, 0, VENDOR_NONE); } - av_type = link_stats.bytes_in & 0xFFFFFFFF; + av_type = stats.bytes_in & 0xFFFFFFFF; rc_avpair_add(&send, PW_ACCT_INPUT_OCTETS, &av_type, 0, VENDOR_NONE); - if (link_stats.bytes_in > 0xFFFFFFFF) { - av_type = link_stats.bytes_in >> 32; + if (stats.bytes_in > 0xFFFFFFFF) { + av_type = stats.bytes_in >> 32; rc_avpair_add(&send, PW_ACCT_INPUT_GIGAWORDS, &av_type, 0, VENDOR_NONE); } - av_type = link_stats.pkts_out; + av_type = stats.pkts_out; rc_avpair_add(&send, PW_ACCT_OUTPUT_PACKETS, &av_type, 0, VENDOR_NONE); - av_type = link_stats.pkts_in; + av_type = stats.pkts_in; rc_avpair_add(&send, PW_ACCT_INPUT_PACKETS, &av_type, 0, VENDOR_NONE); } - if (*remote_number) { + remote_number = ppp_get_remote_number(); + ipparam = ppp_ipparam(); + if (remote_number) { rc_avpair_add(&send, PW_CALLING_STATION_ID, remote_number, 0, VENDOR_NONE); } else if (ipparam) rc_avpair_add(&send, PW_CALLING_STATION_ID, ipparam, 0, VENDOR_NONE); - av_type = ( using_pty ? PW_VIRTUAL : ( sync_serial ? PW_SYNC : PW_ASYNC ) ); + av_type = ( ppp_using_pty() ? PW_VIRTUAL : ( ppp_sync_serial() ? PW_SYNC : PW_ASYNC ) ); rc_avpair_add(&send, PW_NAS_PORT_TYPE, &av_type, 0, VENDOR_NONE); av_type = PW_NAS_ERROR; - switch( status ) { + switch( ppp_status() ) { case EXIT_OK: - case EXIT_USER_REQUEST: av_type = PW_USER_REQUEST; break; + case EXIT_USER_REQUEST: + av_type = PW_ADMIN_RESET; + break; + case EXIT_HANGUP: case EXIT_PEER_DEAD: case EXIT_CONNECT_FAILED: @@ -1137,6 +1239,9 @@ radius_acct_interim(void *ignored) ipcp_options *ho = &ipcp_hisoptions[0]; u_int32_t hisaddr; int result; + const char *remote_number; + const char *ipparam; + ppp_link_stats_st stats; if (!rstate.initialized) { return; @@ -1163,45 +1268,43 @@ radius_acct_interim(void *ignored) av_type = PW_RADIUS; rc_avpair_add(&send, PW_ACCT_AUTHENTIC, &av_type, 0, VENDOR_NONE); - /* Update link stats */ - update_link_stats(0); - - if (link_stats_valid) { - link_stats_valid = 0; /* Force later code to update */ + if (ppp_get_link_stats(&stats)) { - av_type = link_connect_time; + av_type = ppp_get_link_uptime(); rc_avpair_add(&send, PW_ACCT_SESSION_TIME, &av_type, 0, VENDOR_NONE); - av_type = link_stats.bytes_out & 0xFFFFFFFF; + av_type = stats.bytes_out & 0xFFFFFFFF; rc_avpair_add(&send, PW_ACCT_OUTPUT_OCTETS, &av_type, 0, VENDOR_NONE); - if (link_stats.bytes_out > 0xFFFFFFFF) { - av_type = link_stats.bytes_out >> 32; + if (stats.bytes_out > 0xFFFFFFFF) { + av_type = stats.bytes_out >> 32; rc_avpair_add(&send, PW_ACCT_OUTPUT_GIGAWORDS, &av_type, 0, VENDOR_NONE); } - av_type = link_stats.bytes_in & 0xFFFFFFFF; + av_type = stats.bytes_in & 0xFFFFFFFF; rc_avpair_add(&send, PW_ACCT_INPUT_OCTETS, &av_type, 0, VENDOR_NONE); - if (link_stats.bytes_in > 0xFFFFFFFF) { - av_type = link_stats.bytes_in >> 32; + if (stats.bytes_in > 0xFFFFFFFF) { + av_type = stats.bytes_in >> 32; rc_avpair_add(&send, PW_ACCT_INPUT_GIGAWORDS, &av_type, 0, VENDOR_NONE); } - av_type = link_stats.pkts_out; + av_type = stats.pkts_out; rc_avpair_add(&send, PW_ACCT_OUTPUT_PACKETS, &av_type, 0, VENDOR_NONE); - av_type = link_stats.pkts_in; + av_type = stats.pkts_in; rc_avpair_add(&send, PW_ACCT_INPUT_PACKETS, &av_type, 0, VENDOR_NONE); } - if (*remote_number) { + remote_number = ppp_get_remote_number(); + ipparam = ppp_ipparam(); + if (remote_number) { rc_avpair_add(&send, PW_CALLING_STATION_ID, remote_number, 0, VENDOR_NONE); } else if (ipparam) rc_avpair_add(&send, PW_CALLING_STATION_ID, ipparam, 0, VENDOR_NONE); - av_type = ( using_pty ? PW_VIRTUAL : ( sync_serial ? PW_SYNC : PW_ASYNC ) ); + av_type = ( ppp_using_pty() ? PW_VIRTUAL : ( ppp_sync_serial() ? PW_SYNC : PW_ASYNC ) ); rc_avpair_add(&send, PW_NAS_PORT_TYPE, &av_type, 0, VENDOR_NONE); hisaddr = ho->hisaddr; @@ -1227,7 +1330,7 @@ radius_acct_interim(void *ignored) rc_avpair_free(send); /* Schedule another one */ - TIMEOUT(radius_acct_interim, NULL, rstate.acct_interim_interval); + ppp_timeout(radius_acct_interim, NULL, rstate.acct_interim_interval, 0); } /********************************************************************** @@ -1324,7 +1427,7 @@ radius_init(char *msg) * Extracts the port number from the interface name ***********************************************************************/ static int -get_client_port(char *ifname) +get_client_port(const char *ifname) { int port; if (sscanf(ifname, "ppp%d", &port) == 1) { diff --git a/pppd/plugins/radius/radiusclient.h b/pppd/plugins/radius/radiusclient.h index 96449be..5292ce1 100644 --- a/pppd/plugins/radius/radiusclient.h +++ b/pppd/plugins/radius/radiusclient.h @@ -20,7 +20,10 @@ #include #include #include +#include + #include +#include #ifndef _UINT4_T /* This works for all machines that Linux runs on... */ @@ -399,9 +402,9 @@ typedef struct env /* avpair.c */ -VALUE_PAIR *rc_avpair_add(VALUE_PAIR **, int, void *, int, int); -int rc_avpair_assign(VALUE_PAIR *, void *, int); -VALUE_PAIR *rc_avpair_new(int, void *, int, int); +VALUE_PAIR *rc_avpair_add(VALUE_PAIR **, int, const void *, int, int); +int rc_avpair_assign(VALUE_PAIR *, const void *, int); +VALUE_PAIR *rc_avpair_new(int, const void *, int, int); VALUE_PAIR *rc_avpair_gen(AUTH_HDR *); VALUE_PAIR *rc_avpair_get(VALUE_PAIR *, UINT4); VALUE_PAIR *rc_avpair_copy(VALUE_PAIR *); @@ -427,7 +430,7 @@ int rc_check(char *, unsigned short, char *); /* clientid.c */ int rc_read_mapfile(char *); -UINT4 rc_map2id(char *); +UINT4 rc_map2id(const char *); /* config.c */ @@ -449,8 +452,8 @@ VENDOR_DICT * rc_dict_getvendor(int); /* ip_util.c */ -UINT4 rc_get_ipaddr(char *); -int rc_good_ipaddr(char *); +UINT4 rc_get_ipaddr(const char *); +int rc_good_ipaddr(const char *); const char *rc_ip_hostname(UINT4); UINT4 rc_own_ipaddress(void); UINT4 rc_own_bind_ipaddress(void); @@ -468,6 +471,6 @@ void rc_mdelay(int); /* md5.c */ -void rc_md5_calc(unsigned char *, unsigned char *, unsigned int); +int rc_md5_calc(unsigned char *out, const unsigned char *in, unsigned int inl); #endif /* RADIUSCLIENT_H */ diff --git a/pppd/plugins/radius/radrealms.c b/pppd/plugins/radius/radrealms.c index 27955e0..ab923cc 100644 --- a/pppd/plugins/radius/radrealms.c +++ b/pppd/plugins/radius/radrealms.c @@ -21,6 +21,11 @@ static char const RCSID[] = #include #include #include +#include +#include +#include +#include + #include #include "radiusclient.h" @@ -69,7 +74,7 @@ lookup_realm(char const *user, } if ((fd = fopen(radrealms_config, "r")) == NULL) { - option_error("cannot open %s", radrealms_config); + ppp_option_error("cannot open %s", radrealms_config); free(auths); free(accts); return; @@ -89,7 +94,7 @@ lookup_realm(char const *user, if (p == NULL || (strcmp(p, "authserver") !=0 && strcmp(p, "acctserver"))) { fclose(fd); - option_error("%s: invalid line %d: %s", radrealms_config, + ppp_option_error("%s: invalid line %d: %s", radrealms_config, line, buffer); free(auths); free(accts); @@ -105,7 +110,7 @@ lookup_realm(char const *user, if ((p = strtok(NULL, "\t ")) == NULL) { fclose(fd); - option_error("%s: realm name missing on line %d: %s", + ppp_option_error("%s: realm name missing on line %d: %s", radrealms_config, line, buffer); free(auths); free(accts); @@ -117,7 +122,7 @@ lookup_realm(char const *user, info(" - Matched realm %s", p); if ((p = strtok(NULL, ":")) == NULL) { fclose(fd); - option_error("%s: server address missing on line %d: %s", + ppp_option_error("%s: server address missing on line %d: %s", radrealms_config, line, buffer); free(auths); free(accts); @@ -127,7 +132,7 @@ lookup_realm(char const *user, info(" - Address is '%s'",p); if ((p = strtok(NULL, "\t ")) == NULL) { fclose(fd); - option_error("%s: server port missing on line %d: %s", + ppp_option_error("%s: server port missing on line %d: %s", radrealms_config, line, buffer); free(auths); free(accts); @@ -143,9 +148,13 @@ lookup_realm(char const *user, if (accts->max) *acctserver = accts; + else + free(accts); if (auths->max) *authserver = auths; + else + free(auths); return; } @@ -155,6 +164,6 @@ plugin_init(void) { radius_pre_auth_hook = lookup_realm; - add_options(Options); + ppp_add_options(Options); info("RADIUS Realms plugin initialized."); } diff --git a/pppd/plugins/radius/sendserver.c b/pppd/plugins/radius/sendserver.c index f601286..6553b0e 100644 --- a/pppd/plugins/radius/sendserver.c +++ b/pppd/plugins/radius/sendserver.c @@ -17,6 +17,7 @@ #include #include #include +#include static void rc_random_vector (unsigned char *); static int rc_check_reply (AUTH_HDR *, int, char *, unsigned char *, unsigned char); @@ -303,7 +304,7 @@ int rc_send_server (SEND_DATA *data, char *msg, REQUEST_INFO *info) FD_SET (sockfd, &readfds); if (select (sockfd + 1, &readfds, NULL, NULL, &authtime) < 0) { - if (errno == EINTR && !got_sigterm) + if (errno == EINTR && !ppp_signaled(SIGTERM)) continue; error("rc_send_server: select: %m"); memset (secret, '\0', sizeof (secret)); @@ -491,7 +492,7 @@ static void rc_random_vector (unsigned char *vector) we use /dev/urandom here, as /dev/random might block and we don't need that much randomness. BTW, great idea, Ted! -lf, 03/18/95 */ - if ((fd = open(_PATH_DEV_URANDOM, O_RDONLY)) >= 0) + if ((fd = open(PPP_PATH_DEV_URANDOM, O_RDONLY)) >= 0) { unsigned char *pos; int readcount; diff --git a/pppd/plugins/winbind.c b/pppd/plugins/winbind.c index 71c0d03..7f930df 100644 --- a/pppd/plugins/winbind.c +++ b/pppd/plugins/winbind.c @@ -45,13 +45,20 @@ #include #include #include +#include +#include +#include +#include #include -#include +#include +#include #include +#include #include #include #include +#include #define BUF_LEN 1024 @@ -66,7 +73,7 @@ static int set_ntlm_auth(char **argv) p = argv[0]; if (p[0] != '/') { - option_error("ntlm_auth-helper argument must be full path"); + ppp_option_error("ntlm_auth-helper argument must be full path"); return 0; } p = strdup(p); @@ -80,26 +87,16 @@ static int set_ntlm_auth(char **argv) return 1; } -static option_t Options[] = { +static struct option Options[] = { { "ntlm_auth-helper", o_special, (void *) &set_ntlm_auth, "Path to ntlm_auth executable", OPT_PRIV }, { NULL } }; -static int -winbind_secret_check(void); - -static int winbind_pap_auth(char *user, - char *passwd, - char **msgp, - struct wordlist **paddrs, - struct wordlist **popts); -static int winbind_chap_verify(char *user, char *ourname, int id, - struct chap_digest_type *digest, - unsigned char *challenge, - unsigned char *response, - char *message, int message_space); -static int winbind_allowed_address(u_int32_t addr); +static pap_check_hook_fn winbind_secret_check; +static pap_auth_hook_fn winbind_pap_auth; +static chap_verify_hook_fn winbind_chap_verify; +static int winbind_allowed_address(uint32_t addr); char pppd_version[] = PPPD_VERSION; @@ -126,7 +123,7 @@ plugin_init(void) /* Don't ask the peer for anything other than MS-CHAP or MS-CHAP V2 */ chap_mdtype_all &= (MDTYPE_MICROSOFT_V2 | MDTYPE_MICROSOFT); - add_options(Options); + ppp_add_options(Options); info("WINBIND plugin initialized."); } @@ -284,7 +281,7 @@ unsigned int run_ntlm_auth(const char *username, return NOT_AUTHENTICATED; } - forkret = safe_fork(child_in[0], child_out[1], 2); + forkret = ppp_safe_fork(child_in[0], child_out[1], 2); if (forkret == -1) { if (error_string) { *error_string = strdup("fork failed!"); @@ -447,7 +444,7 @@ unsigned int run_ntlm_auth(const char *username, return NOT_AUTHENTICATED; } - while ((wait(&status) == -1) && errno == EINTR && !got_sigterm) + while ((wait(&status) == -1) && errno == EINTR && !ppp_signaled(SIGTERM)) ; if ((authenticated == AUTHENTICATED) && nt_key && !got_user_session_key) { @@ -522,7 +519,7 @@ winbind_chap_verify(char *user, char *ourname, int id, int challenge_len, response_len; char domainname[256]; char *domain; - char *username; + const char *username; char *p; unsigned char saresponse[MS_AUTH_RESPONSE_LENGTH+1]; @@ -556,7 +553,7 @@ winbind_chap_verify(char *user, char *ourname, int id, u_char *lm_response = NULL; int nt_response_size = 0; int lm_response_size = 0; - u_char session_key[16]; + u_char session_key[MD4_DIGEST_LENGTH]; if (response_len != MS_CHAP_RESPONSE_LEN) break; /* not even the right length */ @@ -608,7 +605,7 @@ winbind_chap_verify(char *user, char *ourname, int id, case CHAP_MICROSOFT_V2: { u_char Challenge[8]; - u_char session_key[MD4_SIGNATURE_SIZE]; + u_char session_key[MD4_DIGEST_LENGTH]; char *error_string = NULL; if (response_len != MS_CHAP2_RESPONSE_LEN) @@ -668,7 +665,7 @@ winbind_chap_verify(char *user, char *ourname, int id, } static int -winbind_allowed_address(u_int32_t addr) +winbind_allowed_address(uint32_t addr) { ipcp_options *wo = &ipcp_wantoptions[0]; if (wo->hisaddr !=0 && wo->hisaddr == addr) { diff --git a/pppd/ppp-des.c b/pppd/ppp-des.c new file mode 100644 index 0000000..3ef8f95 --- /dev/null +++ b/pppd/ppp-des.c @@ -0,0 +1,730 @@ +/* + * ppp-des.c - PPP/DES implementation for MS-CHAP and EAP SRP-SHA1 + * + * Extracted from chap_ms.c by James Carlson. + * Added abstraction via PPP_Digest* callbacks by Eivind Næss + * + * Copyright (c) 1995 Eric Rosenquist. All rights reserved. + * Copyright (c) 2022 Eivind Næss. All rights reserved. + * Copyright 1995-2022 The OpenSSL Project Authors. All Rights Reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. The name(s) of the authors of this software must not be used to + * endorse or promote products derived from this software without + * prior written permission. + * + * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO + * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY + * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN + * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Sections of this code holds different copyright information. + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include +#include +#include + +#include "crypto-priv.h" + +#ifdef OPENSSL_HAVE_DES + +#include + +#if OPENSSL_VERSION_NUMBER < 0x10100000L +#define EVP_CIPHER_CTX_reset EVP_CIPHER_CTX_cleanup +#endif + +static int des_init(PPP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv) +{ + if (ctx) { + EVP_CIPHER_CTX *cc = EVP_CIPHER_CTX_new(); + if (cc) { + + if (key) { + memcpy(ctx->key, key, 8); + } + if (iv) { + memcpy(ctx->iv, iv, 8); + } + + if (EVP_CipherInit(cc, EVP_des_ecb(), ctx->key, ctx->iv, ctx->is_encr)) { + + if (EVP_CIPHER_CTX_set_padding(cc, 0)) { + ctx->priv = cc; + return 1; + } + } + + EVP_CIPHER_CTX_free(cc); + } + } + return 0; +} + +static int des_update(PPP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) +{ + if (ctx) { + return EVP_CipherUpdate((EVP_CIPHER_CTX*) ctx->priv, out, outl, in, inl); + } + return 0; +} + +static int des_final(PPP_CIPHER_CTX *ctx, unsigned char *out, int *outl) +{ + if (ctx) { + return EVP_CipherFinal((EVP_CIPHER_CTX*) ctx->priv, out, outl); + } + return 0; +} + +static void des_clean(PPP_CIPHER_CTX *ctx) +{ + if (ctx->priv) { + EVP_CIPHER_CTX_free((EVP_CIPHER_CTX*) ctx->priv); + ctx->priv = NULL; + } +} + +#else + +/* + * DES related functions are imported from openssl 3.0 project with the + * follwoing license: + * + * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +typedef unsigned int DES_LONG; +typedef unsigned char DES_cblock[8]; +typedef struct DES_ks { + union { + DES_cblock cblock; + /* + * make sure things are correct size on machines with 8 byte longs + */ + DES_LONG deslong[2]; + } ks[16]; +} DES_key_schedule; + + +#define c2l(c,l) (l =((DES_LONG)(*((c)++))) , \ + l|=((DES_LONG)(*((c)++)))<< 8L, \ + l|=((DES_LONG)(*((c)++)))<<16L, \ + l|=((DES_LONG)(*((c)++)))<<24L) + +# define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ + *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ + *((c)++)=(unsigned char)(((l)>>16L)&0xff), \ + *((c)++)=(unsigned char)(((l)>>24L)&0xff)) + +#define ITERATIONS 16 + +#define ROTATE(a,n) (((a)>>(n))+((a)<<(32-(n)))) + +# define PERM_OP(a,b,t,n,m) ((t)=((((a)>>(n))^(b))&(m)),\ + (b)^=(t),\ + (a)^=((t)<<(n))) + +#define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\ + (a)=(a)^(t)^(t>>(16-(n)))) + +# define IP(l,r) \ + { \ + register DES_LONG tt; \ + PERM_OP(r,l,tt, 4,0x0f0f0f0fL); \ + PERM_OP(l,r,tt,16,0x0000ffffL); \ + PERM_OP(r,l,tt, 2,0x33333333L); \ + PERM_OP(l,r,tt, 8,0x00ff00ffL); \ + PERM_OP(r,l,tt, 1,0x55555555L); \ + } + +# define FP(l,r) \ + { \ + register DES_LONG tt; \ + PERM_OP(l,r,tt, 1,0x55555555L); \ + PERM_OP(r,l,tt, 8,0x00ff00ffL); \ + PERM_OP(l,r,tt, 2,0x33333333L); \ + PERM_OP(r,l,tt,16,0x0000ffffL); \ + PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \ + } + +#define LOAD_DATA_tmp(a,b,c,d,e,f) LOAD_DATA(a,b,c,d,e,f,g) +#define LOAD_DATA(R,S,u,t,E0,E1,tmp) \ + u=R^s[S ]; \ + t=R^s[S+1] + +#define D_ENCRYPT(LL,R,S) { \ + LOAD_DATA_tmp(R,S,u,t,E0,E1); \ + t=ROTATE(t,4); \ + LL^= \ + DES_SPtrans[0][(u>> 2L)&0x3f]^ \ + DES_SPtrans[2][(u>>10L)&0x3f]^ \ + DES_SPtrans[4][(u>>18L)&0x3f]^ \ + DES_SPtrans[6][(u>>26L)&0x3f]^ \ + DES_SPtrans[1][(t>> 2L)&0x3f]^ \ + DES_SPtrans[3][(t>>10L)&0x3f]^ \ + DES_SPtrans[5][(t>>18L)&0x3f]^ \ + DES_SPtrans[7][(t>>26L)&0x3f]; } + + +static const DES_LONG DES_SPtrans[8][64] = { + { + /* nibble 0 */ + 0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L, + 0x02000000L, 0x00080802L, 0x00080002L, 0x02000002L, + 0x00080802L, 0x02080800L, 0x02080000L, 0x00000802L, + 0x02000802L, 0x02000000L, 0x00000000L, 0x00080002L, + 0x00080000L, 0x00000002L, 0x02000800L, 0x00080800L, + 0x02080802L, 0x02080000L, 0x00000802L, 0x02000800L, + 0x00000002L, 0x00000800L, 0x00080800L, 0x02080002L, + 0x00000800L, 0x02000802L, 0x02080002L, 0x00000000L, + 0x00000000L, 0x02080802L, 0x02000800L, 0x00080002L, + 0x02080800L, 0x00080000L, 0x00000802L, 0x02000800L, + 0x02080002L, 0x00000800L, 0x00080800L, 0x02000002L, + 0x00080802L, 0x00000002L, 0x02000002L, 0x02080000L, + 0x02080802L, 0x00080800L, 0x02080000L, 0x02000802L, + 0x02000000L, 0x00000802L, 0x00080002L, 0x00000000L, + 0x00080000L, 0x02000000L, 0x02000802L, 0x02080800L, + 0x00000002L, 0x02080002L, 0x00000800L, 0x00080802L, + }, + { + /* nibble 1 */ + 0x40108010L, 0x00000000L, 0x00108000L, 0x40100000L, + 0x40000010L, 0x00008010L, 0x40008000L, 0x00108000L, + 0x00008000L, 0x40100010L, 0x00000010L, 0x40008000L, + 0x00100010L, 0x40108000L, 0x40100000L, 0x00000010L, + 0x00100000L, 0x40008010L, 0x40100010L, 0x00008000L, + 0x00108010L, 0x40000000L, 0x00000000L, 0x00100010L, + 0x40008010L, 0x00108010L, 0x40108000L, 0x40000010L, + 0x40000000L, 0x00100000L, 0x00008010L, 0x40108010L, + 0x00100010L, 0x40108000L, 0x40008000L, 0x00108010L, + 0x40108010L, 0x00100010L, 0x40000010L, 0x00000000L, + 0x40000000L, 0x00008010L, 0x00100000L, 0x40100010L, + 0x00008000L, 0x40000000L, 0x00108010L, 0x40008010L, + 0x40108000L, 0x00008000L, 0x00000000L, 0x40000010L, + 0x00000010L, 0x40108010L, 0x00108000L, 0x40100000L, + 0x40100010L, 0x00100000L, 0x00008010L, 0x40008000L, + 0x40008010L, 0x00000010L, 0x40100000L, 0x00108000L, + }, + { + /* nibble 2 */ + 0x04000001L, 0x04040100L, 0x00000100L, 0x04000101L, + 0x00040001L, 0x04000000L, 0x04000101L, 0x00040100L, + 0x04000100L, 0x00040000L, 0x04040000L, 0x00000001L, + 0x04040101L, 0x00000101L, 0x00000001L, 0x04040001L, + 0x00000000L, 0x00040001L, 0x04040100L, 0x00000100L, + 0x00000101L, 0x04040101L, 0x00040000L, 0x04000001L, + 0x04040001L, 0x04000100L, 0x00040101L, 0x04040000L, + 0x00040100L, 0x00000000L, 0x04000000L, 0x00040101L, + 0x04040100L, 0x00000100L, 0x00000001L, 0x00040000L, + 0x00000101L, 0x00040001L, 0x04040000L, 0x04000101L, + 0x00000000L, 0x04040100L, 0x00040100L, 0x04040001L, + 0x00040001L, 0x04000000L, 0x04040101L, 0x00000001L, + 0x00040101L, 0x04000001L, 0x04000000L, 0x04040101L, + 0x00040000L, 0x04000100L, 0x04000101L, 0x00040100L, + 0x04000100L, 0x00000000L, 0x04040001L, 0x00000101L, + 0x04000001L, 0x00040101L, 0x00000100L, 0x04040000L, + }, + { + /* nibble 3 */ + 0x00401008L, 0x10001000L, 0x00000008L, 0x10401008L, + 0x00000000L, 0x10400000L, 0x10001008L, 0x00400008L, + 0x10401000L, 0x10000008L, 0x10000000L, 0x00001008L, + 0x10000008L, 0x00401008L, 0x00400000L, 0x10000000L, + 0x10400008L, 0x00401000L, 0x00001000L, 0x00000008L, + 0x00401000L, 0x10001008L, 0x10400000L, 0x00001000L, + 0x00001008L, 0x00000000L, 0x00400008L, 0x10401000L, + 0x10001000L, 0x10400008L, 0x10401008L, 0x00400000L, + 0x10400008L, 0x00001008L, 0x00400000L, 0x10000008L, + 0x00401000L, 0x10001000L, 0x00000008L, 0x10400000L, + 0x10001008L, 0x00000000L, 0x00001000L, 0x00400008L, + 0x00000000L, 0x10400008L, 0x10401000L, 0x00001000L, + 0x10000000L, 0x10401008L, 0x00401008L, 0x00400000L, + 0x10401008L, 0x00000008L, 0x10001000L, 0x00401008L, + 0x00400008L, 0x00401000L, 0x10400000L, 0x10001008L, + 0x00001008L, 0x10000000L, 0x10000008L, 0x10401000L, + }, + { + /* nibble 4 */ + 0x08000000L, 0x00010000L, 0x00000400L, 0x08010420L, + 0x08010020L, 0x08000400L, 0x00010420L, 0x08010000L, + 0x00010000L, 0x00000020L, 0x08000020L, 0x00010400L, + 0x08000420L, 0x08010020L, 0x08010400L, 0x00000000L, + 0x00010400L, 0x08000000L, 0x00010020L, 0x00000420L, + 0x08000400L, 0x00010420L, 0x00000000L, 0x08000020L, + 0x00000020L, 0x08000420L, 0x08010420L, 0x00010020L, + 0x08010000L, 0x00000400L, 0x00000420L, 0x08010400L, + 0x08010400L, 0x08000420L, 0x00010020L, 0x08010000L, + 0x00010000L, 0x00000020L, 0x08000020L, 0x08000400L, + 0x08000000L, 0x00010400L, 0x08010420L, 0x00000000L, + 0x00010420L, 0x08000000L, 0x00000400L, 0x00010020L, + 0x08000420L, 0x00000400L, 0x00000000L, 0x08010420L, + 0x08010020L, 0x08010400L, 0x00000420L, 0x00010000L, + 0x00010400L, 0x08010020L, 0x08000400L, 0x00000420L, + 0x00000020L, 0x00010420L, 0x08010000L, 0x08000020L, + }, + { + /* nibble 5 */ + 0x80000040L, 0x00200040L, 0x00000000L, 0x80202000L, + 0x00200040L, 0x00002000L, 0x80002040L, 0x00200000L, + 0x00002040L, 0x80202040L, 0x00202000L, 0x80000000L, + 0x80002000L, 0x80000040L, 0x80200000L, 0x00202040L, + 0x00200000L, 0x80002040L, 0x80200040L, 0x00000000L, + 0x00002000L, 0x00000040L, 0x80202000L, 0x80200040L, + 0x80202040L, 0x80200000L, 0x80000000L, 0x00002040L, + 0x00000040L, 0x00202000L, 0x00202040L, 0x80002000L, + 0x00002040L, 0x80000000L, 0x80002000L, 0x00202040L, + 0x80202000L, 0x00200040L, 0x00000000L, 0x80002000L, + 0x80000000L, 0x00002000L, 0x80200040L, 0x00200000L, + 0x00200040L, 0x80202040L, 0x00202000L, 0x00000040L, + 0x80202040L, 0x00202000L, 0x00200000L, 0x80002040L, + 0x80000040L, 0x80200000L, 0x00202040L, 0x00000000L, + 0x00002000L, 0x80000040L, 0x80002040L, 0x80202000L, + 0x80200000L, 0x00002040L, 0x00000040L, 0x80200040L, + }, + { + /* nibble 6 */ + 0x00004000L, 0x00000200L, 0x01000200L, 0x01000004L, + 0x01004204L, 0x00004004L, 0x00004200L, 0x00000000L, + 0x01000000L, 0x01000204L, 0x00000204L, 0x01004000L, + 0x00000004L, 0x01004200L, 0x01004000L, 0x00000204L, + 0x01000204L, 0x00004000L, 0x00004004L, 0x01004204L, + 0x00000000L, 0x01000200L, 0x01000004L, 0x00004200L, + 0x01004004L, 0x00004204L, 0x01004200L, 0x00000004L, + 0x00004204L, 0x01004004L, 0x00000200L, 0x01000000L, + 0x00004204L, 0x01004000L, 0x01004004L, 0x00000204L, + 0x00004000L, 0x00000200L, 0x01000000L, 0x01004004L, + 0x01000204L, 0x00004204L, 0x00004200L, 0x00000000L, + 0x00000200L, 0x01000004L, 0x00000004L, 0x01000200L, + 0x00000000L, 0x01000204L, 0x01000200L, 0x00004200L, + 0x00000204L, 0x00004000L, 0x01004204L, 0x01000000L, + 0x01004200L, 0x00000004L, 0x00004004L, 0x01004204L, + 0x01000004L, 0x01004200L, 0x01004000L, 0x00004004L, + }, + { + /* nibble 7 */ + 0x20800080L, 0x20820000L, 0x00020080L, 0x00000000L, + 0x20020000L, 0x00800080L, 0x20800000L, 0x20820080L, + 0x00000080L, 0x20000000L, 0x00820000L, 0x00020080L, + 0x00820080L, 0x20020080L, 0x20000080L, 0x20800000L, + 0x00020000L, 0x00820080L, 0x00800080L, 0x20020000L, + 0x20820080L, 0x20000080L, 0x00000000L, 0x00820000L, + 0x20000000L, 0x00800000L, 0x20020080L, 0x20800080L, + 0x00800000L, 0x00020000L, 0x20820000L, 0x00000080L, + 0x00800000L, 0x00020000L, 0x20000080L, 0x20820080L, + 0x00020080L, 0x20000000L, 0x00000000L, 0x00820000L, + 0x20800080L, 0x20020080L, 0x20020000L, 0x00800080L, + 0x20820000L, 0x00000080L, 0x00800080L, 0x20020000L, + 0x20820080L, 0x00800000L, 0x20800000L, 0x20000080L, + 0x00820000L, 0x00020080L, 0x20020080L, 0x20800000L, + 0x00000080L, 0x20820000L, 0x00820080L, 0x00000000L, + 0x20000000L, 0x20800080L, 0x00020000L, 0x00820080L, + } +}; + +static const DES_LONG des_skb[8][64] = { + { + /* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */ + 0x00000000L, 0x00000010L, 0x20000000L, 0x20000010L, + 0x00010000L, 0x00010010L, 0x20010000L, 0x20010010L, + 0x00000800L, 0x00000810L, 0x20000800L, 0x20000810L, + 0x00010800L, 0x00010810L, 0x20010800L, 0x20010810L, + 0x00000020L, 0x00000030L, 0x20000020L, 0x20000030L, + 0x00010020L, 0x00010030L, 0x20010020L, 0x20010030L, + 0x00000820L, 0x00000830L, 0x20000820L, 0x20000830L, + 0x00010820L, 0x00010830L, 0x20010820L, 0x20010830L, + 0x00080000L, 0x00080010L, 0x20080000L, 0x20080010L, + 0x00090000L, 0x00090010L, 0x20090000L, 0x20090010L, + 0x00080800L, 0x00080810L, 0x20080800L, 0x20080810L, + 0x00090800L, 0x00090810L, 0x20090800L, 0x20090810L, + 0x00080020L, 0x00080030L, 0x20080020L, 0x20080030L, + 0x00090020L, 0x00090030L, 0x20090020L, 0x20090030L, + 0x00080820L, 0x00080830L, 0x20080820L, 0x20080830L, + 0x00090820L, 0x00090830L, 0x20090820L, 0x20090830L, + }, + { + /* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */ + 0x00000000L, 0x02000000L, 0x00002000L, 0x02002000L, + 0x00200000L, 0x02200000L, 0x00202000L, 0x02202000L, + 0x00000004L, 0x02000004L, 0x00002004L, 0x02002004L, + 0x00200004L, 0x02200004L, 0x00202004L, 0x02202004L, + 0x00000400L, 0x02000400L, 0x00002400L, 0x02002400L, + 0x00200400L, 0x02200400L, 0x00202400L, 0x02202400L, + 0x00000404L, 0x02000404L, 0x00002404L, 0x02002404L, + 0x00200404L, 0x02200404L, 0x00202404L, 0x02202404L, + 0x10000000L, 0x12000000L, 0x10002000L, 0x12002000L, + 0x10200000L, 0x12200000L, 0x10202000L, 0x12202000L, + 0x10000004L, 0x12000004L, 0x10002004L, 0x12002004L, + 0x10200004L, 0x12200004L, 0x10202004L, 0x12202004L, + 0x10000400L, 0x12000400L, 0x10002400L, 0x12002400L, + 0x10200400L, 0x12200400L, 0x10202400L, 0x12202400L, + 0x10000404L, 0x12000404L, 0x10002404L, 0x12002404L, + 0x10200404L, 0x12200404L, 0x10202404L, 0x12202404L, + }, + { + /* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */ + 0x00000000L, 0x00000001L, 0x00040000L, 0x00040001L, + 0x01000000L, 0x01000001L, 0x01040000L, 0x01040001L, + 0x00000002L, 0x00000003L, 0x00040002L, 0x00040003L, + 0x01000002L, 0x01000003L, 0x01040002L, 0x01040003L, + 0x00000200L, 0x00000201L, 0x00040200L, 0x00040201L, + 0x01000200L, 0x01000201L, 0x01040200L, 0x01040201L, + 0x00000202L, 0x00000203L, 0x00040202L, 0x00040203L, + 0x01000202L, 0x01000203L, 0x01040202L, 0x01040203L, + 0x08000000L, 0x08000001L, 0x08040000L, 0x08040001L, + 0x09000000L, 0x09000001L, 0x09040000L, 0x09040001L, + 0x08000002L, 0x08000003L, 0x08040002L, 0x08040003L, + 0x09000002L, 0x09000003L, 0x09040002L, 0x09040003L, + 0x08000200L, 0x08000201L, 0x08040200L, 0x08040201L, + 0x09000200L, 0x09000201L, 0x09040200L, 0x09040201L, + 0x08000202L, 0x08000203L, 0x08040202L, 0x08040203L, + 0x09000202L, 0x09000203L, 0x09040202L, 0x09040203L, + }, + { + /* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */ + 0x00000000L, 0x00100000L, 0x00000100L, 0x00100100L, + 0x00000008L, 0x00100008L, 0x00000108L, 0x00100108L, + 0x00001000L, 0x00101000L, 0x00001100L, 0x00101100L, + 0x00001008L, 0x00101008L, 0x00001108L, 0x00101108L, + 0x04000000L, 0x04100000L, 0x04000100L, 0x04100100L, + 0x04000008L, 0x04100008L, 0x04000108L, 0x04100108L, + 0x04001000L, 0x04101000L, 0x04001100L, 0x04101100L, + 0x04001008L, 0x04101008L, 0x04001108L, 0x04101108L, + 0x00020000L, 0x00120000L, 0x00020100L, 0x00120100L, + 0x00020008L, 0x00120008L, 0x00020108L, 0x00120108L, + 0x00021000L, 0x00121000L, 0x00021100L, 0x00121100L, + 0x00021008L, 0x00121008L, 0x00021108L, 0x00121108L, + 0x04020000L, 0x04120000L, 0x04020100L, 0x04120100L, + 0x04020008L, 0x04120008L, 0x04020108L, 0x04120108L, + 0x04021000L, 0x04121000L, 0x04021100L, 0x04121100L, + 0x04021008L, 0x04121008L, 0x04021108L, 0x04121108L, + }, + { + /* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */ + 0x00000000L, 0x10000000L, 0x00010000L, 0x10010000L, + 0x00000004L, 0x10000004L, 0x00010004L, 0x10010004L, + 0x20000000L, 0x30000000L, 0x20010000L, 0x30010000L, + 0x20000004L, 0x30000004L, 0x20010004L, 0x30010004L, + 0x00100000L, 0x10100000L, 0x00110000L, 0x10110000L, + 0x00100004L, 0x10100004L, 0x00110004L, 0x10110004L, + 0x20100000L, 0x30100000L, 0x20110000L, 0x30110000L, + 0x20100004L, 0x30100004L, 0x20110004L, 0x30110004L, + 0x00001000L, 0x10001000L, 0x00011000L, 0x10011000L, + 0x00001004L, 0x10001004L, 0x00011004L, 0x10011004L, + 0x20001000L, 0x30001000L, 0x20011000L, 0x30011000L, + 0x20001004L, 0x30001004L, 0x20011004L, 0x30011004L, + 0x00101000L, 0x10101000L, 0x00111000L, 0x10111000L, + 0x00101004L, 0x10101004L, 0x00111004L, 0x10111004L, + 0x20101000L, 0x30101000L, 0x20111000L, 0x30111000L, + 0x20101004L, 0x30101004L, 0x20111004L, 0x30111004L, + }, + { + /* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */ + 0x00000000L, 0x08000000L, 0x00000008L, 0x08000008L, + 0x00000400L, 0x08000400L, 0x00000408L, 0x08000408L, + 0x00020000L, 0x08020000L, 0x00020008L, 0x08020008L, + 0x00020400L, 0x08020400L, 0x00020408L, 0x08020408L, + 0x00000001L, 0x08000001L, 0x00000009L, 0x08000009L, + 0x00000401L, 0x08000401L, 0x00000409L, 0x08000409L, + 0x00020001L, 0x08020001L, 0x00020009L, 0x08020009L, + 0x00020401L, 0x08020401L, 0x00020409L, 0x08020409L, + 0x02000000L, 0x0A000000L, 0x02000008L, 0x0A000008L, + 0x02000400L, 0x0A000400L, 0x02000408L, 0x0A000408L, + 0x02020000L, 0x0A020000L, 0x02020008L, 0x0A020008L, + 0x02020400L, 0x0A020400L, 0x02020408L, 0x0A020408L, + 0x02000001L, 0x0A000001L, 0x02000009L, 0x0A000009L, + 0x02000401L, 0x0A000401L, 0x02000409L, 0x0A000409L, + 0x02020001L, 0x0A020001L, 0x02020009L, 0x0A020009L, + 0x02020401L, 0x0A020401L, 0x02020409L, 0x0A020409L, + }, + { + /* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */ + 0x00000000L, 0x00000100L, 0x00080000L, 0x00080100L, + 0x01000000L, 0x01000100L, 0x01080000L, 0x01080100L, + 0x00000010L, 0x00000110L, 0x00080010L, 0x00080110L, + 0x01000010L, 0x01000110L, 0x01080010L, 0x01080110L, + 0x00200000L, 0x00200100L, 0x00280000L, 0x00280100L, + 0x01200000L, 0x01200100L, 0x01280000L, 0x01280100L, + 0x00200010L, 0x00200110L, 0x00280010L, 0x00280110L, + 0x01200010L, 0x01200110L, 0x01280010L, 0x01280110L, + 0x00000200L, 0x00000300L, 0x00080200L, 0x00080300L, + 0x01000200L, 0x01000300L, 0x01080200L, 0x01080300L, + 0x00000210L, 0x00000310L, 0x00080210L, 0x00080310L, + 0x01000210L, 0x01000310L, 0x01080210L, 0x01080310L, + 0x00200200L, 0x00200300L, 0x00280200L, 0x00280300L, + 0x01200200L, 0x01200300L, 0x01280200L, 0x01280300L, + 0x00200210L, 0x00200310L, 0x00280210L, 0x00280310L, + 0x01200210L, 0x01200310L, 0x01280210L, 0x01280310L, + }, + { + /* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */ + 0x00000000L, 0x04000000L, 0x00040000L, 0x04040000L, + 0x00000002L, 0x04000002L, 0x00040002L, 0x04040002L, + 0x00002000L, 0x04002000L, 0x00042000L, 0x04042000L, + 0x00002002L, 0x04002002L, 0x00042002L, 0x04042002L, + 0x00000020L, 0x04000020L, 0x00040020L, 0x04040020L, + 0x00000022L, 0x04000022L, 0x00040022L, 0x04040022L, + 0x00002020L, 0x04002020L, 0x00042020L, 0x04042020L, + 0x00002022L, 0x04002022L, 0x00042022L, 0x04042022L, + 0x00000800L, 0x04000800L, 0x00040800L, 0x04040800L, + 0x00000802L, 0x04000802L, 0x00040802L, 0x04040802L, + 0x00002800L, 0x04002800L, 0x00042800L, 0x04042800L, + 0x00002802L, 0x04002802L, 0x00042802L, 0x04042802L, + 0x00000820L, 0x04000820L, 0x00040820L, 0x04040820L, + 0x00000822L, 0x04000822L, 0x00040822L, 0x04040822L, + 0x00002820L, 0x04002820L, 0x00042820L, 0x04042820L, + 0x00002822L, 0x04002822L, 0x00042822L, 0x04042822L, + } +}; + + +static void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc) +{ + register DES_LONG l, r, t, u; + register DES_LONG *s; + + r = data[0]; + l = data[1]; + + IP(r, l); + /* + * Things have been modified so that the initial rotate is done outside + * the loop. This required the DES_SPtrans values in sp.h to be rotated + * 1 bit to the right. One perl script later and things have a 5% speed + * up on a sparc2. Thanks to Richard Outerbridge for pointing this out. + */ + /* clear the top bits on machines with 8byte longs */ + /* shift left by 2 */ + r = ROTATE(r, 29) & 0xffffffffL; + l = ROTATE(l, 29) & 0xffffffffL; + + s = ks->ks->deslong; + /* + * I don't know if it is worth the effort of loop unrolling the inner + * loop + */ + if (enc) { + D_ENCRYPT(l, r, 0); /* 1 */ + D_ENCRYPT(r, l, 2); /* 2 */ + D_ENCRYPT(l, r, 4); /* 3 */ + D_ENCRYPT(r, l, 6); /* 4 */ + D_ENCRYPT(l, r, 8); /* 5 */ + D_ENCRYPT(r, l, 10); /* 6 */ + D_ENCRYPT(l, r, 12); /* 7 */ + D_ENCRYPT(r, l, 14); /* 8 */ + D_ENCRYPT(l, r, 16); /* 9 */ + D_ENCRYPT(r, l, 18); /* 10 */ + D_ENCRYPT(l, r, 20); /* 11 */ + D_ENCRYPT(r, l, 22); /* 12 */ + D_ENCRYPT(l, r, 24); /* 13 */ + D_ENCRYPT(r, l, 26); /* 14 */ + D_ENCRYPT(l, r, 28); /* 15 */ + D_ENCRYPT(r, l, 30); /* 16 */ + } else { + D_ENCRYPT(l, r, 30); /* 16 */ + D_ENCRYPT(r, l, 28); /* 15 */ + D_ENCRYPT(l, r, 26); /* 14 */ + D_ENCRYPT(r, l, 24); /* 13 */ + D_ENCRYPT(l, r, 22); /* 12 */ + D_ENCRYPT(r, l, 20); /* 11 */ + D_ENCRYPT(l, r, 18); /* 10 */ + D_ENCRYPT(r, l, 16); /* 9 */ + D_ENCRYPT(l, r, 14); /* 8 */ + D_ENCRYPT(r, l, 12); /* 7 */ + D_ENCRYPT(l, r, 10); /* 6 */ + D_ENCRYPT(r, l, 8); /* 5 */ + D_ENCRYPT(l, r, 6); /* 4 */ + D_ENCRYPT(r, l, 4); /* 3 */ + D_ENCRYPT(l, r, 2); /* 2 */ + D_ENCRYPT(r, l, 0); /* 1 */ + } + + /* rotate and clear the top bits on machines with 8byte longs */ + l = ROTATE(l, 3) & 0xffffffffL; + r = ROTATE(r, 3) & 0xffffffffL; + + FP(r, l); + data[0] = l; + data[1] = r; + l = r = t = u = 0; +} + + +static void DES_ecb_encrypt(const DES_cblock *input, DES_cblock *output, + DES_key_schedule *ks, int enc) +{ + register DES_LONG l; + DES_LONG ll[2]; + const unsigned char *in = &(*input)[0]; + unsigned char *out = &(*output)[0]; + + c2l(in, l); + ll[0] = l; + c2l(in, l); + ll[1] = l; + DES_encrypt1(ll, ks, enc); + l = ll[0]; + l2c(l, out); + l = ll[1]; + l2c(l, out); + l = ll[0] = ll[1] = 0; +} + + +static void DES_set_key(const DES_cblock *key, DES_key_schedule *schedule) +{ + static const int shifts2[16] = + { 0, 0, 1, 1, 1, 1, 1, 1, 0, 1, 1, 1, 1, 1, 1, 0 }; + register DES_LONG c, d, t, s, t2; + register const unsigned char *in; + register DES_LONG *k; + register int i; + +#ifdef OPENBSD_DEV_CRYPTO + memcpy(schedule->key, key, sizeof(schedule->key)); + schedule->session = NULL; +#endif + k = &schedule->ks->deslong[0]; + in = &(*key)[0]; + + c2l(in, c); + c2l(in, d); + + /* + * do PC1 in 47 simple operations. Thanks to John Fletcher + * for the inspiration. + */ + PERM_OP(d, c, t, 4, 0x0f0f0f0fL); + HPERM_OP(c, t, -2, 0xcccc0000L); + HPERM_OP(d, t, -2, 0xcccc0000L); + PERM_OP(d, c, t, 1, 0x55555555L); + PERM_OP(c, d, t, 8, 0x00ff00ffL); + PERM_OP(d, c, t, 1, 0x55555555L); + d = (((d & 0x000000ffL) << 16L) | (d & 0x0000ff00L) | + ((d & 0x00ff0000L) >> 16L) | ((c & 0xf0000000L) >> 4L)); + c &= 0x0fffffffL; + + for (i = 0; i < ITERATIONS; i++) { + if (shifts2[i]) { + c = ((c >> 2L) | (c << 26L)); + d = ((d >> 2L) | (d << 26L)); + } else { + c = ((c >> 1L) | (c << 27L)); + d = ((d >> 1L) | (d << 27L)); + } + c &= 0x0fffffffL; + d &= 0x0fffffffL; + /* + * could be a few less shifts but I am to lazy at this point in time + * to investigate + */ + s = des_skb[0][(c) & 0x3f] | + des_skb[1][((c >> 6L) & 0x03) | ((c >> 7L) & 0x3c)] | + des_skb[2][((c >> 13L) & 0x0f) | ((c >> 14L) & 0x30)] | + des_skb[3][((c >> 20L) & 0x01) | ((c >> 21L) & 0x06) | + ((c >> 22L) & 0x38)]; + t = des_skb[4][(d) & 0x3f] | + des_skb[5][((d >> 7L) & 0x03) | ((d >> 8L) & 0x3c)] | + des_skb[6][(d >> 15L) & 0x3f] | + des_skb[7][((d >> 21L) & 0x0f) | ((d >> 22L) & 0x30)]; + + /* table contained 0213 4657 */ + t2 = ((t << 16L) | (s & 0x0000ffffL)) & 0xffffffffL; + *(k++) = ROTATE(t2, 30) & 0xffffffffL; + + t2 = ((s >> 16L) | (t & 0xffff0000L)); + *(k++) = ROTATE(t2, 26) & 0xffffffffL; + } +} + +/* End of import of OpenSSL DES encryption functions */ + +static int des_init(PPP_CIPHER_CTX *ctx, const unsigned char *key, const unsigned char *iv) +{ + DES_key_schedule *ks = calloc(1, sizeof(DES_key_schedule)); + if (ks) { + + if (key) { + memcpy(ctx->key, key, 8); + } + + if (iv) { + memcpy(ctx->iv, iv, 8); + } + + if (key) { + DES_set_key((DES_cblock*) &ctx->key, ks); + } + + ctx->priv = ks; + return 1; + } + + return 0; +} + +static int des_update(PPP_CIPHER_CTX *ctx, unsigned char *out, int *outl, const unsigned char *in, int inl) +{ + int offset = 0; + inl = inl / 8; + while (offset < inl) { + DES_ecb_encrypt((DES_cblock *)in + offset, (DES_cblock *)out + offset, + (DES_key_schedule*) ctx->priv, ctx->is_encr); + offset ++; + } + + *outl = offset * 8; + return 1; +} + +static int des_final(PPP_CIPHER_CTX *ctx, unsigned char *out, int *outl) +{ + return 1; +} + +static void des_clean(PPP_CIPHER_CTX *ctx) +{ + if (ctx->priv) { + free(ctx->priv); + ctx->priv = NULL; + } +} + +#endif + +static PPP_CIPHER ppp_des = { + .init_fn = des_init, + .update_fn = des_update, + .final_fn = des_final, + .clean_fn = des_clean, +}; + +const PPP_CIPHER *PPP_des_ecb(void) +{ + return &ppp_des; +} + diff --git a/pppd/ppp-md4.c b/pppd/ppp-md4.c new file mode 100644 index 0000000..c581110 --- /dev/null +++ b/pppd/ppp-md4.c @@ -0,0 +1,444 @@ +/* ppp-md4.c - MD4 Digest implementation + * + * Copyright (c) 2022 Eivind Næss. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. The name(s) of the authors of this software must not be used to + * endorse or promote products derived from this software without + * prior written permission. + * + * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO + * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY + * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN + * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Sections of this code holds different copyright information. + */ +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include +#include + +#include "crypto-priv.h" + + +#ifdef OPENSSL_HAVE_MD4 +#include + +#if OPENSSL_VERSION_NUMBER < 0x10100000L +#define EVP_MD_CTX_free EVP_MD_CTX_destroy +#define EVP_MD_CTX_new EVP_MD_CTX_create +#endif + + +static int md4_init(PPP_MD_CTX *ctx) +{ + if (ctx) { + EVP_MD_CTX *mctx = EVP_MD_CTX_new(); + if (mctx) { + if (EVP_DigestInit(mctx, EVP_md4())) { + ctx->priv = mctx; + return 1; + } + EVP_MD_CTX_free(mctx); + } + } + return 0; +} + +static int md4_update(PPP_MD_CTX *ctx, const void *data, size_t len) +{ + if (EVP_DigestUpdate((EVP_MD_CTX*) ctx->priv, data, len)) { + return 1; + } + return 0; +} + +static int md4_final(PPP_MD_CTX *ctx, unsigned char *out, unsigned int *len) +{ + if (EVP_DigestFinal((EVP_MD_CTX*) ctx->priv, out, len)) { + return 1; + } + return 0; +} + +static void md4_clean(PPP_MD_CTX *ctx) +{ + if (ctx->priv) { + EVP_MD_CTX_free(ctx->priv); + ctx->priv = NULL; + } +} + + +#else // !OPENSSL_HAVE_MD4 + +#define TRUE 1 +#define FALSE 0 + +/* +** ******************************************************************** +** md4.c -- Implementation of MD4 Message Digest Algorithm ** +** Updated: 2/16/90 by Ronald L. Rivest ** +** (C) 1990 RSA Data Security, Inc. ** +** ******************************************************************** +*/ + +/* +** To use MD4: +** -- Include md4.h in your program +** -- Declare an MDstruct MD to hold the state of the digest +** computation. +** -- Initialize MD using MDbegin(&MD) +** -- For each full block (64 bytes) X you wish to process, call +** MD4Update(&MD,X,512) +** (512 is the number of bits in a full block.) +** -- For the last block (less than 64 bytes) you wish to process, +** MD4Update(&MD,X,n) +** where n is the number of bits in the partial block. A partial +** block terminates the computation, so every MD computation +** should terminate by processing a partial block, even if it +** has n = 0. +** -- The message digest is available in MD.buffer[0] ... +** MD.buffer[3]. (Least-significant byte of each word +** should be output first.) +** -- You can print out the digest using MDprint(&MD) +*/ + +/* Implementation notes: +** This implementation assumes that ints are 32-bit quantities. +*/ + +/* MDstruct is the data structure for a message digest computation. +*/ +typedef struct { + unsigned int buffer[4]; /* Holds 4-word result of MD computation */ + unsigned char count[8]; /* Number of bits processed so far */ + unsigned int done; /* Nonzero means MD computation finished */ +} MD4_CTX; + + +/* Compile-time declarations of MD4 "magic constants". +*/ +#define I0 0x67452301 /* Initial values for MD buffer */ +#define I1 0xefcdab89 +#define I2 0x98badcfe +#define I3 0x10325476 +#define C2 013240474631 /* round 2 constant = sqrt(2) in octal */ +#define C3 015666365641 /* round 3 constant = sqrt(3) in octal */ +/* C2 and C3 are from Knuth, The Art of Programming, Volume 2 +** (Seminumerical Algorithms), Second Edition (1981), Addison-Wesley. +** Table 2, page 660. +*/ + +#define fs1 3 /* round 1 shift amounts */ +#define fs2 7 +#define fs3 11 +#define fs4 19 +#define gs1 3 /* round 2 shift amounts */ +#define gs2 5 +#define gs3 9 +#define gs4 13 +#define hs1 3 /* round 3 shift amounts */ +#define hs2 9 +#define hs3 11 +#define hs4 15 + +/* Compile-time macro declarations for MD4. +** Note: The "rot" operator uses the variable "tmp". +** It assumes tmp is declared as unsigned int, so that the >> +** operator will shift in zeros rather than extending the sign bit. +*/ +#define f(X,Y,Z) ((X&Y) | ((~X)&Z)) +#define g(X,Y,Z) ((X&Y) | (X&Z) | (Y&Z)) +#define h(X,Y,Z) (X^Y^Z) +#define rot(X,S) (tmp=X,(tmp<>(32-S))) +#define ff(A,B,C,D,i,s) A = rot((A + f(B,C,D) + X[i]),s) +#define gg(A,B,C,D,i,s) A = rot((A + g(B,C,D) + X[i] + C2),s) +#define hh(A,B,C,D,i,s) A = rot((A + h(B,C,D) + X[i] + C3),s) + +/* MD4print(MDp) +** Print message digest buffer MDp as 32 hexadecimal digits. +** Order is from low-order byte of buffer[0] to high-order byte of +** buffer[3]. +** Each byte is printed with high-order hexadecimal digit first. +** This is a user-callable routine. +*/ +static void +MD4Print(MD4_CTX *MDp) +{ + int i,j; + for (i=0;i<4;i++) + for (j=0;j<32;j=j+8) + printf("%02x",(MDp->buffer[i]>>j) & 0xFF); +} + +/* MD4Init(MDp) +** Initialize message digest buffer MDp. +** This is a user-callable routine. +*/ +static void +MD4Init(MD4_CTX *MDp) +{ + int i; + MDp->buffer[0] = I0; + MDp->buffer[1] = I1; + MDp->buffer[2] = I2; + MDp->buffer[3] = I3; + for (i=0;i<8;i++) MDp->count[i] = 0; + MDp->done = 0; +} + +/* MDblock(MDp,X) +** Update message digest buffer MDp->buffer using 16-word data block X. +** Assumes all 16 words of X are full of data. +** Does not update MDp->count. +** This routine is not user-callable. +*/ +static void +MDblock(MD4_CTX *MDp, unsigned char *Xb) +{ + register unsigned int tmp, A, B, C, D; + unsigned int X[16]; + int i; + + for (i = 0; i < 16; ++i) { + X[i] = Xb[0] + (Xb[1] << 8) + (Xb[2] << 16) + (Xb[3] << 24); + Xb += 4; + } + + A = MDp->buffer[0]; + B = MDp->buffer[1]; + C = MDp->buffer[2]; + D = MDp->buffer[3]; + /* Update the message digest buffer */ + ff(A , B , C , D , 0 , fs1); /* Round 1 */ + ff(D , A , B , C , 1 , fs2); + ff(C , D , A , B , 2 , fs3); + ff(B , C , D , A , 3 , fs4); + ff(A , B , C , D , 4 , fs1); + ff(D , A , B , C , 5 , fs2); + ff(C , D , A , B , 6 , fs3); + ff(B , C , D , A , 7 , fs4); + ff(A , B , C , D , 8 , fs1); + ff(D , A , B , C , 9 , fs2); + ff(C , D , A , B , 10 , fs3); + ff(B , C , D , A , 11 , fs4); + ff(A , B , C , D , 12 , fs1); + ff(D , A , B , C , 13 , fs2); + ff(C , D , A , B , 14 , fs3); + ff(B , C , D , A , 15 , fs4); + gg(A , B , C , D , 0 , gs1); /* Round 2 */ + gg(D , A , B , C , 4 , gs2); + gg(C , D , A , B , 8 , gs3); + gg(B , C , D , A , 12 , gs4); + gg(A , B , C , D , 1 , gs1); + gg(D , A , B , C , 5 , gs2); + gg(C , D , A , B , 9 , gs3); + gg(B , C , D , A , 13 , gs4); + gg(A , B , C , D , 2 , gs1); + gg(D , A , B , C , 6 , gs2); + gg(C , D , A , B , 10 , gs3); + gg(B , C , D , A , 14 , gs4); + gg(A , B , C , D , 3 , gs1); + gg(D , A , B , C , 7 , gs2); + gg(C , D , A , B , 11 , gs3); + gg(B , C , D , A , 15 , gs4); + hh(A , B , C , D , 0 , hs1); /* Round 3 */ + hh(D , A , B , C , 8 , hs2); + hh(C , D , A , B , 4 , hs3); + hh(B , C , D , A , 12 , hs4); + hh(A , B , C , D , 2 , hs1); + hh(D , A , B , C , 10 , hs2); + hh(C , D , A , B , 6 , hs3); + hh(B , C , D , A , 14 , hs4); + hh(A , B , C , D , 1 , hs1); + hh(D , A , B , C , 9 , hs2); + hh(C , D , A , B , 5 , hs3); + hh(B , C , D , A , 13 , hs4); + hh(A , B , C , D , 3 , hs1); + hh(D , A , B , C , 11 , hs2); + hh(C , D , A , B , 7 , hs3); + hh(B , C , D , A , 15 , hs4); + MDp->buffer[0] += A; + MDp->buffer[1] += B; + MDp->buffer[2] += C; + MDp->buffer[3] += D; +} + +/* MD4Update(MDp,X,count) +** Input: X -- a pointer to an array of unsigned characters. +** count -- the number of bits of X to use. +** (if not a multiple of 8, uses high bits of last byte.) +** Update MDp using the number of bits of X given by count. +** This is the basic input routine for an MD4 user. +** The routine completes the MD computation when count < 512, so +** every MD computation should end with one call to MD4Update with a +** count less than 512. A call with count 0 will be ignored if the +** MD has already been terminated (done != 0), so an extra call with +** count 0 can be given as a "courtesy close" to force termination +** if desired. +*/ +static void +MD4Update(MD4_CTX *MDp, unsigned char *X, unsigned int count) +{ + unsigned int i, tmp, bit, byte, mask; + unsigned char XX[64]; + unsigned char *p; + + /* return with no error if this is a courtesy close with count + ** zero and MDp->done is true. + */ + if (count == 0 && MDp->done) return; + /* check to see if MD is already done and report error */ + if (MDp->done) + { printf("\nError: MD4Update MD already done."); return; } + + /* Add count to MDp->count */ + tmp = count; + p = MDp->count; + while (tmp) + { tmp += *p; + *p++ = tmp; + tmp = tmp >> 8; + } + + /* Process data */ + if (count == 512) + { /* Full block of data to handle */ + MDblock(MDp,X); + } + else if (count > 512) /* Check for count too large */ + { + printf("\nError: MD4Update called with illegal count value %u.", + count); + return; + } + else /* partial block -- must be last block so finish up */ + { + /* Find out how many bytes and residual bits there are */ + byte = count >> 3; + bit = count & 7; + /* Copy X into XX since we need to modify it */ + if (count) + for (i=0;i<=byte;i++) XX[i] = X[i]; + for (i=byte+1;i<64;i++) XX[i] = 0; + /* Add padding '1' bit and low-order zeros in last byte */ + mask = 1 << (7 - bit); + XX[byte] = (XX[byte] | mask) & ~( mask - 1); + /* If room for bit count, finish up with this block */ + if (byte <= 55) + { + for (i=0;i<8;i++) XX[56+i] = MDp->count[i]; + MDblock(MDp,XX); + } + else /* need to do two blocks to finish up */ + { + MDblock(MDp,XX); + for (i=0;i<56;i++) XX[i] = 0; + for (i=0;i<8;i++) XX[56+i] = MDp->count[i]; + MDblock(MDp,XX); + } + /* Set flag saying we're done with MD computation */ + MDp->done = 1; + } +} + +/* +** Finish up MD4 computation and return message digest. +*/ +static void +MD4Final(unsigned char *buf, MD4_CTX *MD) +{ + int i, j; + unsigned int w; + + MD4Update(MD, NULL, 0); + for (i = 0; i < 4; ++i) { + w = MD->buffer[i]; + for (j = 0; j < 4; ++j) { + *buf++ = w; + w >>= 8; + } + } +} + +/* +** End of md4.c +****************************(cut)***********************************/ + +static int md4_init(PPP_MD_CTX *ctx) +{ + if (ctx) { + MD4_CTX *mctx = calloc(1, sizeof(MD4_CTX)); + if (mctx) { + MD4Init(mctx); + ctx->priv = mctx; + return 1; + } + } + return 0; +} + +static int md4_update(PPP_MD_CTX *ctx, const void *data, size_t len) +{ +#if defined(__NetBSD__) + /* NetBSD uses the libc md4 routines which take bytes instead of bits */ + int mdlen = len; +#else + int mdlen = len * 8; +#endif + + /* Internal MD4Update can take at most 64 bytes at a time */ + while (mdlen > 512) { + MD4Update((MD4_CTX*) ctx->priv, (unsigned char*) data, 512); + data += 64; + mdlen -= 512; + } + MD4Update((MD4_CTX*) ctx->priv, (unsigned char*) data, mdlen); + return 1; +} + +static int md4_final(PPP_MD_CTX *ctx, unsigned char *out, unsigned int *len) +{ + MD4Final(out, (MD4_CTX*) ctx->priv); + return 1; +} + +static void md4_clean(PPP_MD_CTX *ctx) +{ + if (ctx->priv) { + free(ctx->priv); + ctx->priv = NULL; + } +} + +#endif + +static PPP_MD ppp_md4 = { + .init_fn = md4_init, + .update_fn = md4_update, + .final_fn = md4_final, + .clean_fn = md4_clean, +}; + +const PPP_MD *PPP_md4(void) +{ + return &ppp_md4; +} diff --git a/pppd/ppp-md5.c b/pppd/ppp-md5.c new file mode 100644 index 0000000..ac39c01 --- /dev/null +++ b/pppd/ppp-md5.c @@ -0,0 +1,451 @@ +/* ppp-md5.c - MD5 Digest implementation + * + * Copyright (c) 2022 Eivind Næss. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. The name(s) of the authors of this software must not be used to + * endorse or promote products derived from this software without + * prior written permission. + * + * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO + * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY + * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN + * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Sections of this code holds different copyright information. + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include +#include + +#include "crypto-priv.h" + +#ifdef OPENSSL_HAVE_MD5 +#include + +#if OPENSSL_VERSION_NUMBER < 0x10100000L +#define EVP_MD_CTX_free EVP_MD_CTX_destroy +#define EVP_MD_CTX_new EVP_MD_CTX_create +#endif + +static int md5_init(PPP_MD_CTX *ctx) +{ + if (ctx) { + EVP_MD_CTX *mctx = EVP_MD_CTX_new(); + if (mctx) { + if (EVP_DigestInit((EVP_MD_CTX*) mctx, EVP_md5())) { + ctx->priv = mctx; + return 1; + } + EVP_MD_CTX_free(mctx); + } + } + return 0; +} + +static int md5_update(PPP_MD_CTX *ctx, const void *data, size_t len) +{ + if (EVP_DigestUpdate((EVP_MD_CTX*) ctx->priv, data, len)) { + return 1; + } + return 0; +} + +static int md5_final(PPP_MD_CTX *ctx, unsigned char *out, unsigned int *len) +{ + if (EVP_DigestFinal((EVP_MD_CTX*) ctx->priv, out, len)) { + return 1; + } + return 0; +} + +static void md5_clean(PPP_MD_CTX *ctx) +{ + if (ctx->priv) { + EVP_MD_CTX_free((EVP_MD_CTX*) ctx->priv); + ctx->priv = NULL; + } +} + +#else // !OPENSSL_HAVE_MD5 + +/* + *********************************************************************** + ** md5.c -- the source code for MD5 routines ** + ** RSA Data Security, Inc. MD5 Message-Digest Algorithm ** + ** Created: 2/17/90 RLR ** + ** Revised: 1/91 SRD,AJ,BSK,JT Reference C ver., 7/10 constant corr. ** + *********************************************************************** + */ + +/* + *********************************************************************** + ** Copyright (C) 1990, RSA Data Security, Inc. All rights reserved. ** + ** ** + ** License to copy and use this software is granted provided that ** + ** it is identified as the "RSA Data Security, Inc. MD5 Message- ** + ** Digest Algorithm" in all material mentioning or referencing this ** + ** software or this function. ** + ** ** + ** License is also granted to make and use derivative works ** + ** provided that such works are identified as "derived from the RSA ** + ** Data Security, Inc. MD5 Message-Digest Algorithm" in all ** + ** material mentioning or referencing the derived work. ** + ** ** + ** RSA Data Security, Inc. makes no representations concerning ** + ** either the merchantability of this software or the suitability ** + ** of this software for any particular purpose. It is provided "as ** + ** is" without express or implied warranty of any kind. ** + ** ** + ** These notices must be retained in any copies of any part of this ** + ** documentation and/or software. ** + *********************************************************************** + */ + + +/* typedef a 32-bit type */ +#ifdef _LP64 +typedef unsigned int UINT4; +typedef int INT4; +#else +typedef unsigned long UINT4; +typedef long INT4; +#endif +#define _UINT4_T + +/* Data structure for MD5 (Message-Digest) computation */ +typedef struct { + UINT4 i[2]; /* number of _bits_ handled mod 2^64 */ + UINT4 buf[4]; /* scratch buffer */ + unsigned char in[64]; /* input buffer */ + unsigned char digest[16]; /* actual digest after MD5Final call */ +} MD5_CTX; + + +/* + *********************************************************************** + ** Message-digest routines: ** + ** To form the message digest for a message M ** + ** (1) Initialize a context buffer mdContext using MD5_Init ** + ** (2) Call MD5_Update on mdContext and M ** + ** (3) Call MD5_Final on mdContext ** + ** The message digest is now in mdContext->digest[0...15] ** + *********************************************************************** + */ + +/* forward declaration */ +static void Transform (UINT4 *buf, UINT4 *in); + +static unsigned char PADDING[64] = { + 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 +}; + +/* F, G, H and I are basic MD5 functions */ +#define F(x, y, z) (((x) & (y)) | ((~x) & (z))) +#define G(x, y, z) (((x) & (z)) | ((y) & (~z))) +#define H(x, y, z) ((x) ^ (y) ^ (z)) +#define I(x, y, z) ((y) ^ ((x) | (~z))) + +/* ROTATE_LEFT rotates x left n bits */ +#define ROTATE_LEFT(x, n) (((x) << (n)) | ((x) >> (32-(n)))) + +/* FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4 */ +/* Rotation is separate from addition to prevent recomputation */ +#define FF(a, b, c, d, x, s, ac) \ + {(a) += F ((b), (c), (d)) + (x) + (UINT4)(ac); \ + (a) = ROTATE_LEFT ((a), (s)); \ + (a) += (b); \ + } +#define GG(a, b, c, d, x, s, ac) \ + {(a) += G ((b), (c), (d)) + (x) + (UINT4)(ac); \ + (a) = ROTATE_LEFT ((a), (s)); \ + (a) += (b); \ + } +#define HH(a, b, c, d, x, s, ac) \ + {(a) += H ((b), (c), (d)) + (x) + (UINT4)(ac); \ + (a) = ROTATE_LEFT ((a), (s)); \ + (a) += (b); \ + } +#define II(a, b, c, d, x, s, ac) \ + {(a) += I ((b), (c), (d)) + (x) + (UINT4)(ac); \ + (a) = ROTATE_LEFT ((a), (s)); \ + (a) += (b); \ + } + +#ifdef __STDC__ +#define UL(x) x##U +#else +#define UL(x) x +#endif + +/* The routine MD5_Init initializes the message-digest context + mdContext. All fields are set to zero. + */ +static void MD5_Init (MD5_CTX *mdContext) +{ + mdContext->i[0] = mdContext->i[1] = (UINT4)0; + + /* Load magic initialization constants. + */ + mdContext->buf[0] = (UINT4)0x67452301; + mdContext->buf[1] = (UINT4)0xefcdab89; + mdContext->buf[2] = (UINT4)0x98badcfe; + mdContext->buf[3] = (UINT4)0x10325476; +} + +/* The routine MD5Update updates the message-digest context to + account for the presence of each of the characters inBuf[0..inLen-1] + in the message whose digest is being computed. + */ +static void MD5_Update (MD5_CTX *mdContext, unsigned char *inBuf, unsigned int inLen) +{ + UINT4 in[16]; + int mdi; + unsigned int i, ii; + + /* compute number of bytes mod 64 */ + mdi = (int)((mdContext->i[0] >> 3) & 0x3F); + + /* update number of bits */ + if ((mdContext->i[0] + ((UINT4)inLen << 3)) < mdContext->i[0]) + mdContext->i[1]++; + mdContext->i[0] += ((UINT4)inLen << 3); + mdContext->i[1] += ((UINT4)inLen >> 29); + + while (inLen--) { + /* add new character to buffer, increment mdi */ + mdContext->in[mdi++] = *inBuf++; + + /* transform if necessary */ + if (mdi == 0x40) { + for (i = 0, ii = 0; i < 16; i++, ii += 4) + in[i] = (((UINT4)mdContext->in[ii+3]) << 24) | + (((UINT4)mdContext->in[ii+2]) << 16) | + (((UINT4)mdContext->in[ii+1]) << 8) | + ((UINT4)mdContext->in[ii]); + Transform (mdContext->buf, in); + mdi = 0; + } + } +} + +/* The routine MD5Final terminates the message-digest computation and + ends with the desired message digest in mdContext->digest[0...15]. + */ +static void MD5_Final (unsigned char hash[], MD5_CTX *mdContext) +{ + UINT4 in[16]; + int mdi; + unsigned int i, ii; + unsigned int padLen; + + /* save number of bits */ + in[14] = mdContext->i[0]; + in[15] = mdContext->i[1]; + + /* compute number of bytes mod 64 */ + mdi = (int)((mdContext->i[0] >> 3) & 0x3F); + + /* pad out to 56 mod 64 */ + padLen = (mdi < 56) ? (56 - mdi) : (120 - mdi); + MD5_Update (mdContext, PADDING, padLen); + + /* append length in bits and transform */ + for (i = 0, ii = 0; i < 14; i++, ii += 4) + in[i] = (((UINT4)mdContext->in[ii+3]) << 24) | + (((UINT4)mdContext->in[ii+2]) << 16) | + (((UINT4)mdContext->in[ii+1]) << 8) | + ((UINT4)mdContext->in[ii]); + Transform (mdContext->buf, in); + + /* store buffer in digest */ + for (i = 0, ii = 0; i < 4; i++, ii += 4) { + mdContext->digest[ii] = (unsigned char)(mdContext->buf[i] & 0xFF); + mdContext->digest[ii+1] = + (unsigned char)((mdContext->buf[i] >> 8) & 0xFF); + mdContext->digest[ii+2] = + (unsigned char)((mdContext->buf[i] >> 16) & 0xFF); + mdContext->digest[ii+3] = + (unsigned char)((mdContext->buf[i] >> 24) & 0xFF); + } + memcpy(hash, mdContext->digest, 16); +} + +/* Basic MD5 step. Transforms buf based on in. + */ +static void Transform (UINT4 *buf, UINT4 *in) +{ + UINT4 a = buf[0], b = buf[1], c = buf[2], d = buf[3]; + + /* Round 1 */ +#define S11 7 +#define S12 12 +#define S13 17 +#define S14 22 + FF ( a, b, c, d, in[ 0], S11, UL(3614090360)); /* 1 */ + FF ( d, a, b, c, in[ 1], S12, UL(3905402710)); /* 2 */ + FF ( c, d, a, b, in[ 2], S13, UL( 606105819)); /* 3 */ + FF ( b, c, d, a, in[ 3], S14, UL(3250441966)); /* 4 */ + FF ( a, b, c, d, in[ 4], S11, UL(4118548399)); /* 5 */ + FF ( d, a, b, c, in[ 5], S12, UL(1200080426)); /* 6 */ + FF ( c, d, a, b, in[ 6], S13, UL(2821735955)); /* 7 */ + FF ( b, c, d, a, in[ 7], S14, UL(4249261313)); /* 8 */ + FF ( a, b, c, d, in[ 8], S11, UL(1770035416)); /* 9 */ + FF ( d, a, b, c, in[ 9], S12, UL(2336552879)); /* 10 */ + FF ( c, d, a, b, in[10], S13, UL(4294925233)); /* 11 */ + FF ( b, c, d, a, in[11], S14, UL(2304563134)); /* 12 */ + FF ( a, b, c, d, in[12], S11, UL(1804603682)); /* 13 */ + FF ( d, a, b, c, in[13], S12, UL(4254626195)); /* 14 */ + FF ( c, d, a, b, in[14], S13, UL(2792965006)); /* 15 */ + FF ( b, c, d, a, in[15], S14, UL(1236535329)); /* 16 */ + + /* Round 2 */ +#define S21 5 +#define S22 9 +#define S23 14 +#define S24 20 + GG ( a, b, c, d, in[ 1], S21, UL(4129170786)); /* 17 */ + GG ( d, a, b, c, in[ 6], S22, UL(3225465664)); /* 18 */ + GG ( c, d, a, b, in[11], S23, UL( 643717713)); /* 19 */ + GG ( b, c, d, a, in[ 0], S24, UL(3921069994)); /* 20 */ + GG ( a, b, c, d, in[ 5], S21, UL(3593408605)); /* 21 */ + GG ( d, a, b, c, in[10], S22, UL( 38016083)); /* 22 */ + GG ( c, d, a, b, in[15], S23, UL(3634488961)); /* 23 */ + GG ( b, c, d, a, in[ 4], S24, UL(3889429448)); /* 24 */ + GG ( a, b, c, d, in[ 9], S21, UL( 568446438)); /* 25 */ + GG ( d, a, b, c, in[14], S22, UL(3275163606)); /* 26 */ + GG ( c, d, a, b, in[ 3], S23, UL(4107603335)); /* 27 */ + GG ( b, c, d, a, in[ 8], S24, UL(1163531501)); /* 28 */ + GG ( a, b, c, d, in[13], S21, UL(2850285829)); /* 29 */ + GG ( d, a, b, c, in[ 2], S22, UL(4243563512)); /* 30 */ + GG ( c, d, a, b, in[ 7], S23, UL(1735328473)); /* 31 */ + GG ( b, c, d, a, in[12], S24, UL(2368359562)); /* 32 */ + + /* Round 3 */ +#define S31 4 +#define S32 11 +#define S33 16 +#define S34 23 + HH ( a, b, c, d, in[ 5], S31, UL(4294588738)); /* 33 */ + HH ( d, a, b, c, in[ 8], S32, UL(2272392833)); /* 34 */ + HH ( c, d, a, b, in[11], S33, UL(1839030562)); /* 35 */ + HH ( b, c, d, a, in[14], S34, UL(4259657740)); /* 36 */ + HH ( a, b, c, d, in[ 1], S31, UL(2763975236)); /* 37 */ + HH ( d, a, b, c, in[ 4], S32, UL(1272893353)); /* 38 */ + HH ( c, d, a, b, in[ 7], S33, UL(4139469664)); /* 39 */ + HH ( b, c, d, a, in[10], S34, UL(3200236656)); /* 40 */ + HH ( a, b, c, d, in[13], S31, UL( 681279174)); /* 41 */ + HH ( d, a, b, c, in[ 0], S32, UL(3936430074)); /* 42 */ + HH ( c, d, a, b, in[ 3], S33, UL(3572445317)); /* 43 */ + HH ( b, c, d, a, in[ 6], S34, UL( 76029189)); /* 44 */ + HH ( a, b, c, d, in[ 9], S31, UL(3654602809)); /* 45 */ + HH ( d, a, b, c, in[12], S32, UL(3873151461)); /* 46 */ + HH ( c, d, a, b, in[15], S33, UL( 530742520)); /* 47 */ + HH ( b, c, d, a, in[ 2], S34, UL(3299628645)); /* 48 */ + + /* Round 4 */ +#define S41 6 +#define S42 10 +#define S43 15 +#define S44 21 + II ( a, b, c, d, in[ 0], S41, UL(4096336452)); /* 49 */ + II ( d, a, b, c, in[ 7], S42, UL(1126891415)); /* 50 */ + II ( c, d, a, b, in[14], S43, UL(2878612391)); /* 51 */ + II ( b, c, d, a, in[ 5], S44, UL(4237533241)); /* 52 */ + II ( a, b, c, d, in[12], S41, UL(1700485571)); /* 53 */ + II ( d, a, b, c, in[ 3], S42, UL(2399980690)); /* 54 */ + II ( c, d, a, b, in[10], S43, UL(4293915773)); /* 55 */ + II ( b, c, d, a, in[ 1], S44, UL(2240044497)); /* 56 */ + II ( a, b, c, d, in[ 8], S41, UL(1873313359)); /* 57 */ + II ( d, a, b, c, in[15], S42, UL(4264355552)); /* 58 */ + II ( c, d, a, b, in[ 6], S43, UL(2734768916)); /* 59 */ + II ( b, c, d, a, in[13], S44, UL(1309151649)); /* 60 */ + II ( a, b, c, d, in[ 4], S41, UL(4149444226)); /* 61 */ + II ( d, a, b, c, in[11], S42, UL(3174756917)); /* 62 */ + II ( c, d, a, b, in[ 2], S43, UL( 718787259)); /* 63 */ + II ( b, c, d, a, in[ 9], S44, UL(3951481745)); /* 64 */ + + buf[0] += a; + buf[1] += b; + buf[2] += c; + buf[3] += d; +} + +/* + *********************************************************************** + ** End of md5.c ** + ******************************** (cut) ******************************** + */ + +static int md5_init(PPP_MD_CTX *ctx) +{ + if (ctx) { + MD5_CTX *md5 = calloc(1, sizeof(MD5_CTX)); + if (md5 != NULL) { + MD5_Init(md5); + ctx->priv = md5; + return 1; + } + } + return 0; +} + +static int md5_update(PPP_MD_CTX *ctx, const void *data, size_t len) +{ + MD5_Update((MD5_CTX*) ctx->priv, (void*) data, len); + return 1; +} + +static int md5_final(PPP_MD_CTX *ctx, unsigned char *out, unsigned int *len) +{ + MD5_Final(out, (MD5_CTX*) ctx->priv); + return 1; +} + +static void md5_clean(PPP_MD_CTX *ctx) +{ + if (ctx->priv) { + free(ctx->priv); + ctx->priv = NULL; + } +} + +#endif + +static PPP_MD ppp_md5 = { + .init_fn = md5_init, + .update_fn = md5_update, + .final_fn = md5_final, + .clean_fn = md5_clean, +}; + +const PPP_MD *PPP_md5(void) +{ + return &ppp_md5; +} + diff --git a/pppd/ppp-sha1.c b/pppd/ppp-sha1.c new file mode 100644 index 0000000..9ff3a24 --- /dev/null +++ b/pppd/ppp-sha1.c @@ -0,0 +1,312 @@ +/* ppp-sha1.c - SHA1 Digest implementation + * + * Copyright (c) 2022 Eivind Næss. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. The name(s) of the authors of this software must not be used to + * endorse or promote products derived from this software without + * prior written permission. + * + * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO + * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY + * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN + * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * Sections of this code holds different copyright information. + */ + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include +#include + +#include "crypto-priv.h" + + +/* #define SHA1HANDSOFF * Copies data before messing with it. */ +#ifdef OPENSSL_HAVE_SHA +#include + +#if OPENSSL_VERSION_NUMBER < 0x10100000L +#define EVP_MD_CTX_free EVP_MD_CTX_destroy +#define EVP_MD_CTX_new EVP_MD_CTX_create +#endif + +static int sha1_init(PPP_MD_CTX *ctx) +{ + if (ctx) { + EVP_MD_CTX *mctx = EVP_MD_CTX_new(); + if (mctx) { + if (EVP_DigestInit(mctx, EVP_sha1())) { + ctx->priv = mctx; + return 1; + } + EVP_MD_CTX_free(mctx); + } + } + return 0; +} + +static int sha1_update(PPP_MD_CTX *ctx, const void *data, size_t len) +{ + if (EVP_DigestUpdate((EVP_MD_CTX*) ctx->priv, data, len)) { + return 1; + } + return 0; +} + +static int sha1_final(PPP_MD_CTX *ctx, unsigned char *out, unsigned int *len) +{ + if (EVP_DigestFinal((EVP_MD_CTX*) ctx->priv, out, len)) { + return 1; + } + return 0; +} + +static void sha1_clean(PPP_MD_CTX *ctx) +{ + if (ctx->priv) { + EVP_MD_CTX_free((EVP_MD_CTX*) ctx->priv); + ctx->priv = NULL; + } +} + + +#else // !OPENSSL_HAVE_SHA + +/* + * ftp://ftp.funet.fi/pub/crypt/hash/sha/sha1.c + * + * SHA-1 in C + * By Steve Reid + * 100% Public Domain + * + * Test Vectors (from FIPS PUB 180-1) + * "abc" + * A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D + * "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" + * 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1 + * A million repetitions of "a" + * 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F + */ + +#include +#include /* htonl() */ + +typedef struct { + uint32_t state[5]; + uint32_t count[2]; + unsigned char buffer[64]; +} SHA1_CTX; + + +static void +SHA1_Transform(uint32_t[5], const unsigned char[64]); + +#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits)))) + +/* blk0() and blk() perform the initial expand. */ +/* I got the idea of expanding during the round function from SSLeay */ +#define blk0(i) (block->l[i] = htonl(block->l[i])) +#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \ + ^block->l[(i+2)&15]^block->l[i&15],1)) + +/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */ +#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30); +#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30); +#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30); +#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30); +#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30); + + +/* Hash a single 512-bit block. This is the core of the algorithm. */ + +static void +SHA1_Transform(uint32_t state[5], const unsigned char buffer[64]) +{ + uint32_t a, b, c, d, e; + typedef union { + unsigned char c[64]; + uint32_t l[16]; + } CHAR64LONG16; + CHAR64LONG16 *block; + +#ifdef SHA1HANDSOFF + static unsigned char workspace[64]; + block = (CHAR64LONG16 *) workspace; + memcpy(block, buffer, 64); +#else + block = (CHAR64LONG16 *) buffer; +#endif + /* Copy context->state[] to working vars */ + a = state[0]; + b = state[1]; + c = state[2]; + d = state[3]; + e = state[4]; + /* 4 rounds of 20 operations each. Loop unrolled. */ + R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); + R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); + R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); + R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); + R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); + R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); + R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); + R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); + R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); + R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); + R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); + R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); + R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); + R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); + R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); + R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); + R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); + R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); + R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); + R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); + /* Add the working vars back into context.state[] */ + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; + state[4] += e; + /* Wipe variables */ + a = b = c = d = e = 0; +} + + +/* SHA1Init - Initialize new context */ + +static void +SHA1_Init(SHA1_CTX *context) +{ + /* SHA1 initialization constants */ + context->state[0] = 0x67452301; + context->state[1] = 0xEFCDAB89; + context->state[2] = 0x98BADCFE; + context->state[3] = 0x10325476; + context->state[4] = 0xC3D2E1F0; + context->count[0] = context->count[1] = 0; +} + + +/* Run your data through this. */ + +static void +SHA1_Update(SHA1_CTX *context, const unsigned char *data, unsigned int len) +{ + unsigned int i, j; + + j = (context->count[0] >> 3) & 63; + if ((context->count[0] += len << 3) < (len << 3)) context->count[1]++; + context->count[1] += (len >> 29); + i = 64 - j; + while (len >= i) { + memcpy(&context->buffer[j], data, i); + SHA1_Transform(context->state, context->buffer); + data += i; + len -= i; + i = 64; + j = 0; + } + + memcpy(&context->buffer[j], data, len); +} + + +/* Add padding and return the message digest. */ + +static void +SHA1_Final(unsigned char digest[20], SHA1_CTX *context) +{ + uint32_t i, j; + unsigned char finalcount[8]; + + for (i = 0; i < 8; i++) { + finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)] + >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */ + } + SHA1_Update(context, (unsigned char *) "\200", 1); + while ((context->count[0] & 504) != 448) { + SHA1_Update(context, (unsigned char *) "\0", 1); + } + SHA1_Update(context, finalcount, 8); /* Should cause a SHA1Transform() */ + for (i = 0; i < 20; i++) { + digest[i] = (unsigned char) + ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255); + } + /* Wipe variables */ + i = j = 0; + memset(context->buffer, 0, 64); + memset(context->state, 0, 20); + memset(context->count, 0, 8); + memset(&finalcount, 0, 8); +#ifdef SHA1HANDSOFF /* make SHA1Transform overwrite it's own static vars */ + SHA1Transform(context->state, context->buffer); +#endif +} + +static int sha1_init(PPP_MD_CTX *ctx) +{ + if (ctx) { + SHA1_CTX *mctx = calloc(1, sizeof(SHA1_CTX)); + if (mctx) { + SHA1_Init(mctx); + ctx->priv = mctx; + return 1; + } + } + return 0; +} + +static int sha1_update(PPP_MD_CTX* ctx, const void *data, size_t len) +{ + SHA1_Update((SHA1_CTX*) ctx->priv, (void*) data, len); + return 1; +} + +static int sha1_final(PPP_MD_CTX *ctx, unsigned char *out, unsigned int *len) +{ + SHA1_Final(out, (SHA1_CTX*) ctx->priv); + return 1; +} + +static void sha1_clean(PPP_MD_CTX *ctx) +{ + if (ctx->priv) { + free(ctx->priv); + ctx->priv = NULL; + } +} + +#endif + +static PPP_MD ppp_sha1 = { + .init_fn = sha1_init, + .update_fn = sha1_update, + .final_fn = sha1_final, + .clean_fn = sha1_clean, +}; + +const PPP_MD *PPP_sha1(void) +{ + return &ppp_sha1; +} + diff --git a/pppd/pppcrypt.c b/pppd/pppcrypt.c deleted file mode 100644 index a954d62..0000000 --- a/pppd/pppcrypt.c +++ /dev/null @@ -1,182 +0,0 @@ -/* - * pppcrypt.c - PPP/DES linkage for MS-CHAP and EAP SRP-SHA1 - * - * Extracted from chap_ms.c by James Carlson. - * - * Copyright (c) 1995 Eric Rosenquist. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The name(s) of the authors of this software must not be used to - * endorse or promote products derived from this software without - * prior written permission. - * - * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY - * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif - -#include - -#include "pppd.h" -#include "pppcrypt.h" - -static u_char -Get7Bits(u_char *input, int startBit) -{ - unsigned int word; - - word = (unsigned)input[startBit / 8] << 8; - word |= (unsigned)input[startBit / 8 + 1]; - - word >>= 15 - (startBit % 8 + 7); - - return word & 0xFE; -} - -static void -MakeKey(u_char *key, u_char *des_key) -{ - /* key IN 56 bit DES key missing parity bits */ - /* des_key OUT 64 bit DES key with parity bits added */ - des_key[0] = Get7Bits(key, 0); - des_key[1] = Get7Bits(key, 7); - des_key[2] = Get7Bits(key, 14); - des_key[3] = Get7Bits(key, 21); - des_key[4] = Get7Bits(key, 28); - des_key[5] = Get7Bits(key, 35); - des_key[6] = Get7Bits(key, 42); - des_key[7] = Get7Bits(key, 49); - -#ifndef USE_CRYPT - DES_set_odd_parity((DES_cblock *)des_key); -#endif -} - -#ifdef USE_CRYPT -/* - * in == 8-byte string (expanded version of the 56-bit key) - * out == 64-byte string where each byte is either 1 or 0 - * Note that the low-order "bit" is always ignored by by setkey() - */ -static void -Expand(u_char *in, u_char *out) -{ - int j, c; - int i; - - for (i = 0; i < 64; in++){ - c = *in; - for (j = 7; j >= 0; j--) - *out++ = (c >> j) & 01; - i += 8; - } -} - -/* The inverse of Expand - */ -static void -Collapse(u_char *in, u_char *out) -{ - int j; - int i; - unsigned int c; - - for (i = 0; i < 64; i += 8, out++) { - c = 0; - for (j = 7; j >= 0; j--, in++) - c |= *in << j; - *out = c & 0xff; - } -} - -bool -DesSetkey(u_char *key) -{ - u_char des_key[8]; - u_char crypt_key[66]; - - MakeKey(key, des_key); - Expand(des_key, crypt_key); - errno = 0; - setkey((const char *)crypt_key); - if (errno != 0) - return (0); - return (1); -} - -bool -DesEncrypt(u_char *clear, u_char *cipher) -{ - u_char des_input[66]; - - Expand(clear, des_input); - errno = 0; - encrypt((char *)des_input, 0); - if (errno != 0) - return (0); - Collapse(des_input, cipher); - return (1); -} - -bool -DesDecrypt(u_char *cipher, u_char *clear) -{ - u_char des_input[66]; - - Expand(cipher, des_input); - errno = 0; - encrypt((char *)des_input, 1); - if (errno != 0) - return (0); - Collapse(des_input, clear); - return (1); -} - -#else /* USE_CRYPT */ -static DES_key_schedule key_schedule; - -bool -DesSetkey(u_char *key) -{ - DES_cblock des_key; - MakeKey(key, des_key); - DES_set_key(&des_key, &key_schedule); - return (1); -} - -bool -DesEncrypt(u_char *clear, u_char *cipher) -{ - DES_ecb_encrypt((DES_cblock *)clear, (DES_cblock *)cipher, - &key_schedule, 1); - return (1); -} - -bool -DesDecrypt(u_char *cipher, u_char *clear) -{ - DES_ecb_encrypt((DES_cblock *)cipher, (DES_cblock *)clear, - &key_schedule, 0); - return (1); -} - -#endif /* USE_CRYPT */ diff --git a/pppd/pppcrypt.h b/pppd/pppcrypt.h deleted file mode 100644 index fff396c..0000000 --- a/pppd/pppcrypt.h +++ /dev/null @@ -1,49 +0,0 @@ -/* - * pppcrypt.c - PPP/DES linkage for MS-CHAP and EAP SRP-SHA1 - * - * Extracted from chap_ms.c by James Carlson. - * - * Copyright (c) 1995 Eric Rosenquist. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. The name(s) of the authors of this software must not be used to - * endorse or promote products derived from this software without - * prior written permission. - * - * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO - * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY - * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN - * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ -#ifndef PPP_PPPCRYPT_H -#define PPP_PPPCRYPT_H - -#include "pppdconf.h" - -#ifdef HAVE_CRYPT_H -#include -#endif - -#ifndef USE_CRYPT -#include -#endif - -extern bool DesSetkey(u_char *); -extern bool DesEncrypt(u_char *, u_char *); -extern bool DesDecrypt(u_char *, u_char *); - -#endif /* PPP_PPPCRYPT_H */ diff --git a/pppd/pppd-private.h b/pppd/pppd-private.h new file mode 100644 index 0000000..46ce0c8 --- /dev/null +++ b/pppd/pppd-private.h @@ -0,0 +1,626 @@ +/* + * pppd-private.h - PPP daemon private declarations. + * + * Copyright (c) 1984-2000 Carnegie Mellon University. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. The name "Carnegie Mellon University" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For permission or any legal + * details, please contact + * Office of Technology Transfer + * Carnegie Mellon University + * 5000 Forbes Avenue + * Pittsburgh, PA 15213-3890 + * (412) 268-4387, fax: (412) 268-7395 + * tech-transfer@andrew.cmu.edu + * + * 4. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by Computing Services + * at Carnegie Mellon University (http://www.cmu.edu/computing/)." + * + * CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO + * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS, IN NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE + * FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN + * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + * + * $Id: pppd.h,v 1.96 2008/06/23 11:47:18 paulus Exp $ + */ + +#ifndef PPP_PPPD_PRIVATE_H +#define PPP_PPPD_PRIVATE_H + +#include /* for FILE */ +#include /* for encrypt */ +#include /* for setkey */ +#if defined(SOL2) +#include +#else +#include +#endif + +#include "pppd.h" + +#ifdef PPP_WITH_IPV6CP +#include "eui64.h" +#endif + +/* + * If PPP_DRV_NAME is not defined, use the default "ppp" as the device name. + * Where should PPP_DRV_NAME come from? Do we include it here? + */ +#if !defined(PPP_DRV_NAME) +#define PPP_DRV_NAME "ppp" +#endif /* !defined(PPP_DRV_NAME) */ + + +#ifndef GIDSET_TYPE +#define GIDSET_TYPE gid_t +#endif + +/* Structure representing a list of permitted IP addresses. */ +struct permitted_ip { + int permit; /* 1 = permit, 0 = forbid */ + u_int32_t base; /* match if (addr & mask) == base */ + u_int32_t mask; /* base and mask are in network byte order */ +}; + +struct notifier { + struct notifier *next; + ppp_notify_fn *func; + void *arg; +}; + +/* + * Global variables. + */ + +extern int hungup; /* Physical layer has disconnected */ +extern int ifunit; /* Interface unit number */ +extern char ifname[]; /* Interface name (IFNAMSIZ) */ +extern char hostname[]; /* Our hostname */ +extern unsigned char outpacket_buf[]; /* Buffer for outgoing packets */ +extern int devfd; /* fd of underlying device */ +extern int fd_ppp; /* fd for talking PPP */ +extern int baud_rate; /* Current link speed in bits/sec */ +extern char *progname; /* Name of this program */ +extern int redirect_stderr;/* Connector's stderr should go to file */ +extern char peer_authname[];/* Authenticated name of peer */ +extern int auth_done[NUM_PPP]; /* Methods actually used for auth */ +extern int privileged; /* We were run by real-uid root */ +extern int need_holdoff; /* Need holdoff period after link terminates */ +extern char **script_env; /* Environment variables for scripts */ +extern int detached; /* Have detached from controlling tty */ +extern GIDSET_TYPE groups[]; /* groups the user is in */ +extern int ngroups; /* How many groups valid in groups */ +extern int link_stats_valid; /* set if link_stats is valid */ +extern int link_stats_print; /* set if link_stats is to be printed on link termination */ +extern int log_to_fd; /* logging to this fd as well as syslog */ +extern bool log_default; /* log_to_fd is default (stdout) */ +extern char *no_ppp_msg; /* message to print if ppp not in kernel */ +extern bool devnam_fixed; /* can no longer change devnam */ +extern int unsuccess; /* # unsuccessful connection attempts */ +extern int do_callback; /* set if we want to do callback next */ +extern int doing_callback; /* set if this is a callback */ +extern int error_count; /* # of times error() has been called */ +extern char ppp_devname[]; /* name of PPP tty (maybe ttypx) */ +extern int fd_devnull; /* fd open to /dev/null */ + +extern int listen_time; /* time to listen first (ms) */ +extern bool bundle_eof; +extern bool bundle_terminating; + +extern struct notifier *pidchange; /* for notifications of pid changing */ +extern struct notifier *phasechange; /* for notifications of phase changes */ +extern struct notifier *exitnotify; /* for notification that we're exiting */ +extern struct notifier *sigreceived; /* notification of received signal */ +extern struct notifier *ip_up_notifier; /* IPCP has come up */ +extern struct notifier *ip_down_notifier; /* IPCP has gone down */ +extern struct notifier *ipv6_up_notifier; /* IPV6CP has come up */ +extern struct notifier *ipv6_down_notifier; /* IPV6CP has gone down */ +extern struct notifier *auth_up_notifier; /* peer has authenticated */ +extern struct notifier *link_down_notifier; /* link has gone down */ +extern struct notifier *fork_notifier; /* we are a new child process */ + + +/* Values for do_callback and doing_callback */ +#define CALLBACK_DIALIN 1 /* we are expecting the call back */ +#define CALLBACK_DIALOUT 2 /* we are dialling out to call back */ + +/* + * Variables set by command-line options. + */ + +extern int debug; /* Debug flag */ +extern int kdebugflag; /* Tell kernel to print debug messages */ +extern int default_device; /* Using /dev/tty or equivalent */ +extern char devnam[]; /* Device name */ +extern char remote_number[MAXNAMELEN]; /* Remote telephone number, if avail. */ +extern int ppp_session_number; /* Session number (eg PPPoE session) */ +extern int crtscts; /* Use hardware flow control */ +extern int stop_bits; /* Number of serial port stop bits */ +extern bool modem; /* Use modem control lines */ +extern int inspeed; /* Input/Output speed requested */ +extern u_int32_t netmask; /* IP netmask to set on interface */ +extern bool lockflag; /* Create lock file to lock the serial dev */ +extern bool nodetach; /* Don't detach from controlling tty */ +#ifdef SYSTEMD +extern bool up_sdnotify; /* Notify systemd once link is up (implies nodetach) */ +#endif +extern bool updetach; /* Detach from controlling tty when link up */ +extern bool master_detach; /* Detach when multilink master without link (options.c) */ +extern char *initializer; /* Script to initialize physical link */ +extern char *connect_script; /* Script to establish physical link */ +extern char *disconnect_script; /* Script to disestablish physical link */ +extern char *welcomer; /* Script to welcome client after connection */ +extern char *ptycommand; /* Command to run on other side of pty */ +extern char user[MAXNAMELEN];/* Our name for authenticating ourselves */ +extern char passwd[MAXSECRETLEN]; /* Password for PAP or CHAP */ +extern bool auth_required; /* Peer is required to authenticate */ +extern bool persist; /* Reopen link after it goes down */ +extern bool uselogin; /* Use /etc/passwd for checking PAP */ +extern bool session_mgmt; /* Do session management (login records) */ +extern char our_name[MAXNAMELEN];/* Our name for authentication purposes */ +extern char remote_name[MAXNAMELEN]; /* Peer's name for authentication */ +extern bool explicit_remote;/* remote_name specified with remotename opt */ +extern bool demand; /* Do dial-on-demand */ +extern char *ipparam; /* Extra parameter for ip up/down scripts */ +extern bool cryptpap; /* Others' PAP passwords are encrypted */ +extern int holdoff; /* Dead time before restarting */ +extern bool holdoff_specified; /* true if user gave a holdoff value */ +extern bool notty; /* Stdin/out is not a tty */ +extern char *pty_socket; /* Socket to connect to pty */ +extern char *record_file; /* File to record chars sent/received */ +extern int maxfail; /* Max # of unsuccessful connection attempts */ +extern char linkname[]; /* logical name for link */ +extern bool tune_kernel; /* May alter kernel settings as necessary */ +extern int connect_delay; /* Time to delay after connect script */ +extern int max_data_rate; /* max bytes/sec through charshunt */ +extern int req_unit; /* interface unit number to use */ +extern char path_ipup[]; /* pathname of ip-up script */ +extern char path_ipdown[]; /* pathname of ip-down script */ +extern char req_ifname[]; /* interface name to use (IFNAMSIZ) */ +extern bool multilink; /* enable multilink operation (options.c) */ +extern bool noendpoint; /* don't send or accept endpt. discrim. */ +extern char *bundle_name; /* bundle name for multilink */ +extern bool dump_options; /* print out option values */ +extern bool show_options; /* show all option names and descriptions */ +extern bool dryrun; /* check everything, print options, exit */ +extern int child_wait; /* # seconds to wait for children at end */ +extern char *current_option; /* the name of the option being parsed */ +extern int privileged_option; /* set iff the current option came from root */ +extern char *option_source; /* string saying where the option came from */ +extern int option_priority; /* priority of current options */ + +#ifdef PPP_WITH_IPV6CP +extern char path_ipv6up[]; /* pathname of ipv6-up script */ +extern char path_ipv6down[]; /* pathname of ipv6-down script */ +#endif + +#if defined(PPP_WITH_EAPTLS) || defined(PPP_WITH_PEAP) +#define TLS_VERIFY_NONE "none" +#define TLS_VERIFY_NAME "name" +#define TLS_VERIFY_SUBJECT "subject" +#define TLS_VERIFY_SUFFIX "suffix" + +extern char *crl_dir; +extern char *crl_file; +extern char *ca_path; +extern char *cacert_file; + +extern char *max_tls_version; +extern bool tls_verify_key_usage; +extern char *tls_verify_method; +#endif /* PPP_WITH_EAPTLS || PPP_WITH_PEAP */ + +#ifdef PPP_WITH_EAPTLS +extern char *pkcs12_file; +#endif /* PPP_WITH_EAPTLS */ + +typedef enum { + PPP_OCTETS_DIRECTION_SUM, + PPP_OCTETS_DIRECTION_IN, + PPP_OCTETS_DIRECTION_OUT, + PPP_OCTETS_DIRECTION_MAXOVERAL, + PPP_OCTETS_DIRECTION_MAXSESSION /* Same as MAXOVERALL, but a little different for RADIUS */ +} session_limit_dir_t; + +extern unsigned int maxoctets; /* Maximum octetes per session (in bytes) */ +extern session_limit_dir_t maxoctets_dir; /* Direction */ +extern int maxoctets_timeout; /* Timeout for check of octets limit */ + +#ifdef PPP_WITH_FILTER +extern struct bpf_program pass_filter; /* Filter for pkts to pass */ +extern struct bpf_program active_filter; /* Filter for link-active pkts */ +#endif + +#ifdef PPP_WITH_MSLANMAN +extern bool ms_lanman; /* Use LanMan password instead of NT */ + /* Has meaning only with MS-CHAP challenges */ +#endif + +/* Values for auth_pending, auth_done */ +#define PAP_WITHPEER 0x1 +#define PAP_PEER 0x2 +#define CHAP_WITHPEER 0x4 +#define CHAP_PEER 0x8 +#define EAP_WITHPEER 0x10 +#define EAP_PEER 0x20 + +/* Values for auth_done only */ +#define CHAP_MD5_WITHPEER 0x40 +#define CHAP_MD5_PEER 0x80 +#define CHAP_MS_SHIFT 8 /* LSB position for MS auths */ +#define CHAP_MS_WITHPEER 0x100 +#define CHAP_MS_PEER 0x200 +#define CHAP_MS2_WITHPEER 0x400 +#define CHAP_MS2_PEER 0x800 + + +/* + * This structure contains environment variables that are set or unset + * by the user. + */ +struct userenv { + struct userenv *ue_next; + char *ue_value; /* value (set only) */ + bool ue_isset; /* 1 for set, 0 for unset */ + bool ue_priv; /* from privileged source */ + const char *ue_source; /* source name */ + char ue_name[1]; /* variable name */ +}; + +extern struct userenv *userenv_list; + +/* + * Prototypes. + */ + +/* Procedures exported from main.c. */ +void set_ifunit(int); /* set stuff that depends on ifunit */ +void detach(void); /* Detach from controlling tty */ +void die(int); /* Cleanup and exit */ +void quit(void); /* like die(1) */ + +void record_child(int, char *, void (*) (void *), void *, int); +int device_script(char *cmd, int in, int out, int dont_wait); + /* Run `cmd' with given stdin and stdout */ +pid_t run_program(char *prog, char * const * args, int must_exist, + void (*done)(void *), void *arg, int wait); + /* Run program prog with args in child */ +void reopen_log(void); /* (re)open the connection to syslog */ +void print_link_stats(void); /* Print stats, if available */ +void reset_link_stats(int); /* Reset (init) stats when link goes up */ +void new_phase(ppp_phase_t); /* signal start of new phase */ +bool in_phase(ppp_phase_t); +void notify(struct notifier *, int); +int ppp_send_config(int, int, u_int32_t, int, int); +int ppp_recv_config(int, int, u_int32_t, int, int); +const char *protocol_name(int); +void remove_pidfiles(void); +void lock_db(void); +void unlock_db(void); + +/* Procedures exported from tty.c. */ +void tty_init(void); + +void print_string(char *, int, printer_func, void *); + /* Format a string for output */ +ssize_t complete_read(int, void *, size_t); + /* read a complete buffer */ + +/* Procedures exported from auth.c */ +void link_required(int); /* we are starting to use the link */ +void start_link(int); /* bring the link up now */ +void link_terminated(int); /* we are finished with the link */ +void link_down(int); /* the LCP layer has left the Opened state */ +void upper_layers_down(int);/* take all NCPs down */ +void link_established(int); /* the link is up; authenticate now */ +void start_networks(int); /* start all the network control protos */ +void continue_networks(int); /* start network [ip, etc] control protos */ +void np_up(int, int); /* a network protocol has come up */ +void np_down(int, int); /* a network protocol has gone down */ +void np_finished(int, int); /* a network protocol no longer needs link */ +void auth_peer_fail(int, int); + /* peer failed to authenticate itself */ +void auth_peer_success(int, int, int, char *, int); + /* peer successfully authenticated itself */ +void auth_withpeer_fail(int, int); + /* we failed to authenticate ourselves */ +void auth_withpeer_success(int, int, int); + /* we successfully authenticated ourselves */ +void auth_check_options(void); + /* check authentication options supplied */ +void auth_reset(int); /* check what secrets we have */ +int check_passwd(int, char *, int, char *, int, char **); + /* Check peer-supplied username/password */ +int get_secret(int, char *, char *, char *, int *, int); + /* get "secret" for chap */ +int get_srp_secret(int unit, char *client, char *server, char *secret, + int am_server); +int auth_ip_addr(int, u_int32_t); + /* check if IP address is authorized */ +int auth_number(void); /* check if remote number is authorized */ + +/* Procedures exported from demand.c */ +void demand_conf(void); /* config interface(s) for demand-dial */ +void demand_block(void); /* set all NPs to queue up packets */ +void demand_unblock(void); /* set all NPs to pass packets */ +void demand_discard(void); /* set all NPs to discard packets */ +void demand_rexmit(int); /* retransmit saved frames for an NP */ +int loop_chars(unsigned char *, int); /* process chars from loopback */ +int loop_frame(unsigned char *, int); /* should we bring link up? */ + +/* Procedures exported from sys-*.c */ +void sys_init(void); /* Do system-dependent initialization */ +void sys_cleanup(void); /* Restore system state before exiting */ +int sys_check_options(void); /* Check options specified */ +int get_pty(int *, int *, char *, int); /* Get pty master/slave */ +int open_ppp_loopback(void); /* Open loopback for demand-dialling */ +int tty_establish_ppp(int); /* Turn serial port into a ppp interface */ +void tty_disestablish_ppp(int); /* Restore port to normal operation */ +void make_new_bundle(int, int, int, int); /* Create new bundle */ +int bundle_attach(int); /* Attach link to existing bundle */ +void cfg_bundle(int, int, int, int); /* Configure existing bundle */ +void destroy_bundle(void); /* Tell driver to destroy bundle */ +void clean_check(void); /* Check if line was 8-bit clean */ +void set_up_tty(int, int); /* Set up port's speed, parameters, etc. */ +void restore_tty(int); /* Restore port's original parameters */ +void setdtr(int, int); /* Raise or lower port's DTR line */ +void output(int, unsigned char *, int); /* Output a PPP packet */ +void wait_input(struct timeval *); + /* Wait for input, with timeout */ +void add_fd(int); /* Add fd to set to wait for */ +void remove_fd(int); /* Remove fd from set to wait for */ +int read_packet(unsigned char *); /* Read PPP packet */ +int get_loop_output(void); /* Read pkts from loopback */ +void tty_send_config(int, u_int32_t, int, int); + /* Configure i/f transmit parameters */ +void tty_set_xaccm(ext_accm); + /* Set extended transmit ACCM */ +void tty_recv_config(int, u_int32_t, int, int); + /* Configure i/f receive parameters */ +int ccp_test(int, unsigned char *, int, int); + /* Test support for compression scheme */ +void ccp_flags_set(int, int, int); + /* Set kernel CCP state */ +int ccp_fatal_error(int); /* Test for fatal decomp error in kernel */ +int get_idle_time(int, struct ppp_idle *); + /* Find out how long link has been idle */ +int get_ppp_stats(int, struct pppd_stats *); + /* Return link statistics */ +int sifvjcomp(int, int, int, int); + /* Configure VJ TCP header compression */ +int sifup(int); /* Configure i/f up for one protocol */ +int sifnpmode(int u, int proto, enum NPmode mode); + /* Set mode for handling packets for proto */ +int sifdown(int); /* Configure i/f down for one protocol */ +int sifaddr(int, u_int32_t, u_int32_t, u_int32_t); + /* Configure IPv4 addresses for i/f */ +int cifaddr(int, u_int32_t, u_int32_t); + /* Reset i/f IP addresses */ +#ifdef PPP_WITH_IPV6CP +int sif6up(int); /* Configure i/f up for IPv6 */ +int sif6down(int); /* Configure i/f down for IPv6 */ +int sif6addr(int, eui64_t, eui64_t); + /* Configure IPv6 addresses for i/f */ +int cif6addr(int, eui64_t, eui64_t); + /* Remove an IPv6 address from i/f */ +#endif +int sifdefaultroute(int, u_int32_t, u_int32_t, bool replace_default_rt); + /* Create default route through i/f */ +int cifdefaultroute(int, u_int32_t, u_int32_t); + /* Delete default route through i/f */ +#ifdef PPP_WITH_IPV6CP +int sif6defaultroute(int, eui64_t, eui64_t); + /* Create default IPv6 route through i/f */ +int cif6defaultroute(int, eui64_t, eui64_t); + /* Delete default IPv6 route through i/f */ +#endif +int sifproxyarp(int, u_int32_t); + /* Add proxy ARP entry for peer */ +int cifproxyarp(int, u_int32_t); + /* Delete proxy ARP entry for peer */ +u_int32_t GetMask(u_int32_t); /* Get appropriate netmask for address */ +int mkdir_recursive(const char *); /* Recursively create directory */ +int lock(char *); /* Create lock file for device */ +int relock(int); /* Rewrite lock file with new pid */ +void unlock(void); /* Delete previously-created lock file */ +void logwtmp(const char *, const char *, const char *); + /* Write entry to wtmp file */ +int get_host_seed(void); /* Get host-dependent random number seed */ +int have_route_to(u_int32_t); /* Check if route to addr exists */ +#ifdef PPP_WITH_FILTER +int set_filters(struct bpf_program *pass, struct bpf_program *active); + /* Set filter programs in kernel */ +#endif +int get_if_hwaddr(unsigned char *addr, char *name); +int get_first_ether_hwaddr(unsigned char *addr); + +/* Procedures exported from options.c */ +int setipaddr(char *, char **, int); /* Set local/remote ip addresses */ +int parse_args(int argc, char **argv); + /* Parse options from arguments given */ +int getword(FILE *f, char *word, int *newlinep, char *filename); + /* Read a word from a file */ +int options_from_user(void); /* Parse options from user's .ppprc */ +int options_for_tty(void); /* Parse options from /etc/ppp/options.tty */ +struct wordlist; +int options_from_list(struct wordlist *, int privileged); + /* Parse options from a wordlist */ +void check_options(void); /* check values after all options parsed */ +int override_value(char *, int, const char *); + /* override value if permitted by priority */ +void print_options(printer_func, void *); + /* print out values of all options */ +void showopts(void); + /* show all option names and description */ +int parse_dotted_ip(char *, u_int32_t *); + +/* + * Inline versions of get/put char/short/long. + * Pointer is advanced; we assume that both arguments + * are lvalues and will already be in registers. + * cp MUST be unsigned char *. + */ +#define GETCHAR(c, cp) { \ + (c) = *(cp)++; \ +} +#define PUTCHAR(c, cp) { \ + *(cp)++ = (unsigned char) (c); \ +} + + +#define GETSHORT(s, cp) { \ + (s) = *(cp)++ << 8; \ + (s) |= *(cp)++; \ +} +#define PUTSHORT(s, cp) { \ + *(cp)++ = (unsigned char) ((s) >> 8); \ + *(cp)++ = (unsigned char) (s); \ +} + +#define GETLONG(l, cp) { \ + (l) = *(cp)++ << 8; \ + (l) |= *(cp)++; (l) <<= 8; \ + (l) |= *(cp)++; (l) <<= 8; \ + (l) |= *(cp)++; \ +} +#define PUTLONG(l, cp) { \ + *(cp)++ = (unsigned char) ((l) >> 24); \ + *(cp)++ = (unsigned char) ((l) >> 16); \ + *(cp)++ = (unsigned char) ((l) >> 8); \ + *(cp)++ = (unsigned char) (l); \ +} + +#define INCPTR(n, cp) ((cp) += (n)) +#define DECPTR(n, cp) ((cp) -= (n)) + +/* + * System dependent definitions for user-level 4.3BSD UNIX implementation. + */ + +#define TIMEOUT(r, f, t) ppp_timeout((r), (f), (t), 0) +#define UNTIMEOUT(r, f) ppp_untimeout((r), (f)) + +#define BCOPY(s, d, l) memcpy(d, s, l) +#define BZERO(s, n) memset(s, 0, n) +#define BCMP(s1, s2, l) memcmp(s1, s2, l) + +#define PRINTMSG(m, l) { info("Remote message: %0.*v", l, m); } + +/* + * MAKEHEADER - Add Header fields to a packet. + */ +#define MAKEHEADER(p, t) { \ + PUTCHAR(PPP_ALLSTATIONS, p); \ + PUTCHAR(PPP_UI, p); \ + PUTSHORT(t, p); } + +/* + * Debug macros. Slightly useful for finding bugs in pppd, not particularly + * useful for finding out why your connection isn't being established. + */ +#ifdef DEBUGALL +#define DEBUGMAIN 1 +#define DEBUGFSM 1 +#define DEBUGLCP 1 +#define DEBUGIPCP 1 +#define DEBUGIPV6CP 1 +#define DEBUGUPAP 1 +#define DEBUGCHAP 1 +#endif + +#ifndef LOG_PPP /* we use LOG_LOCAL2 for syslog by default */ +#if defined(DEBUGMAIN) || defined(DEBUGFSM) || defined(DEBUGSYS) \ + || defined(DEBUGLCP) || defined(DEBUGIPCP) || defined(DEBUGUPAP) \ + || defined(DEBUGCHAP) || defined(DEBUG) || defined(DEBUGIPV6CP) +#define LOG_PPP LOG_LOCAL2 +#else +#define LOG_PPP LOG_DAEMON +#endif +#endif /* LOG_PPP */ + +#ifdef DEBUGMAIN +#define MAINDEBUG(x) if (debug) dbglog x +#else +#define MAINDEBUG(x) +#endif + +#ifdef DEBUGSYS +#define SYSDEBUG(x) if (debug) dbglog x +#else +#define SYSDEBUG(x) +#endif + +#ifdef DEBUGFSM +#define FSMDEBUG(x) if (debug) dbglog x +#else +#define FSMDEBUG(x) +#endif + +#ifdef DEBUGLCP +#define LCPDEBUG(x) if (debug) dbglog x +#else +#define LCPDEBUG(x) +#endif + +#ifdef DEBUGIPCP +#define IPCPDEBUG(x) if (debug) dbglog x +#else +#define IPCPDEBUG(x) +#endif + +#ifdef DEBUGIPV6CP +#define IPV6CPDEBUG(x) if (debug) dbglog x +#else +#define IPV6CPDEBUG(x) +#endif + +#ifdef DEBUGUPAP +#define UPAPDEBUG(x) if (debug) dbglog x +#else +#define UPAPDEBUG(x) +#endif + +#ifdef DEBUGCHAP +#define CHAPDEBUG(x) if (debug) dbglog x +#else +#define CHAPDEBUG(x) +#endif + +#ifndef SIGTYPE +#if defined(sun) || defined(SYSV) || defined(POSIX_SOURCE) +#define SIGTYPE void +#else +#define SIGTYPE int +#endif /* defined(sun) || defined(SYSV) || defined(POSIX_SOURCE) */ +#endif /* SIGTYPE */ + +#ifndef MIN +#define MIN(a, b) ((a) < (b)? (a): (b)) +#endif +#ifndef MAX +#define MAX(a, b) ((a) > (b)? (a): (b)) +#endif + +#ifndef offsetof +#define offsetof(type, member) ((size_t) &((type *)0)->member) +#endif + +#endif diff --git a/pppd/pppd.8 b/pppd/pppd.8 index 79b5bea..903d694 100644 --- a/pppd/pppd.8 +++ b/pppd/pppd.8 @@ -1,12 +1,11 @@ -.\" manual page [] for pppd 2.4 -.\" $Id: pppd.8,v 1.90 2008/03/26 12:09:40 paulus Exp $ +.\" manual page [] for pppd 2.5.x .\" SH section heading .\" SS subsection heading .\" LP paragraph .\" IP indented paragraph .\" TP hanging label .\" -.\" Copyright (c) 1993-2003 Paul Mackerras +.\" Copyright (c) 1993-2003 Paul Mackerras .\" .\" Permission to use, copy, modify, and distribute this software for any .\" purpose with or without fee is hereby granted, provided that the above @@ -637,6 +636,10 @@ Set the maximum number of LCP terminate-request transmissions to Set the LCP restart interval (retransmission timeout) to \fIn\fR seconds (default 3). .TP +.B lcp\-rtt\-file \fIfilename +Sets the file where the round-trip time (RTT) of LCP echo-request frames +will be logged. +.TP .B linkname \fIname\fR Sets the logical name of the link to \fIname\fR. Pppd will create a file named \fBppp\-\fIname\fB.pid\fR in /var/run (or /etc/ppp on some @@ -687,7 +690,7 @@ network control protocol comes up). Terminate after \fIn\fR consecutive failed connection attempts. A value of 0 means no limit. The default value is 10. .TP -.B max-tls-version \fIstring +.B max\-tls-\version \fIstring (EAP-TLS, or PEAP) Configures the max allowed TLS version used during negotiation with a peer. The default value for this is \fI1.2\fR. Values allowed for this option is \fI1.0.\fR, \fI1.1\fR, \fI1.2\fR, \fI1.3\fR. @@ -760,7 +763,7 @@ name to \fIname\fR.) Disable Address/Control compression in both directions (send and receive). .TP -.B need-peer-eap +.B need\-peer\-eap (EAP-TLS) Require the peer to verify our authentication credentials. .TP .B noauth @@ -1136,13 +1139,13 @@ The device used by pppd with this option must have sync support. Currently supports Microgate SyncLink adapters under Linux and FreeBSD 2.2.8 and later. .TP -.B tls-verify-method \fIstring +.B tls\-verify\-method \fIstring (EAP-TLS, or PEAP) Match the value specified for \fIremotename\fR to that that of the X509 certificates subject name, common name, or suffix of the common name. Respective values allowed for this option is: \fInone\fR, \fIsubject\fR, \fIname\fR, or \fIsuffix\fR. The default value for this option is \fIname\fR. .TP -.B tls-verify-key-usage +.B tls\-verify\-key\-usage (EAP-TLS, or PEAP) Enables examination of peer certificate's purpose, and extended key usage attributes. .TP @@ -1233,36 +1236,36 @@ by specifying ppp'd option \fBnic-eth0\fR. Prefix \fBnic-\fR for this option may be avoided if interface name is unambiguous and does not look like any other pppd's option. .TP -.B pppoe-service \fIname +.B pppoe\-service \fIname Connect to specified PPPoE service name. For backward compatibility also \fBrp_pppoe_service\fP option name is supported. .TP -.B pppoe-ac \fIname +.B pppoe\-ac \fIname Connect to specified PPPoE access concentrator name. For backward compatibility also \fBrp_pppoe_ac\fP option name is supported. .TP -.B pppoe-sess \fIsessid\fP:\fImacaddr +.B pppoe\-sess \fIsessid\fP:\fImacaddr Attach to existing PPPoE session. For backward compatibility also \fBrp_pppoe_sess\fP option name is supported. .TP -.B pppoe-verbose \fIn +.B pppoe\-verbose \fIn Be verbose about discovered access concentrators. When set to 2 or bigger value then dump also discovery packets. For backward compatibility also \fBrp_pppoe_verbose\fP option name is supported. .TP -.B pppoe-mac \fImacaddr +.B pppoe\-mac \fImacaddr Connect to specified MAC address. .TP -.B pppoe-host-uniq \fIstring +.B pppoe\-host\-uniq \fIstring Set the PPPoE Host-Uniq tag to the supplied hex string. By default PPPoE Host-Uniq tag is set to the pppd's process PID. For backward compatibility this option may be specified without \fBpppoe-\fP prefix. .TP -.B pppoe-padi-timeout \fIn +.B pppoe\-padi\-timeout \fIn Initial timeout for discovery packets in seconds (default 5). .TP -.B pppoe-padi-attempts \fIn +.B pppoe\-padi\-attempts \fIn Number of discovery attempts (default 3). .SH OPTIONS FILES Options can be taken from files as well as the command line. Pppd @@ -1729,8 +1732,8 @@ We failed to authenticate ourselves to the peer. Pppd invokes scripts at various stages in its processing which can be used to perform site-specific ancillary processing. These scripts are usually shell scripts, but could be executable code files instead. -Pppd does not wait for the scripts to finish (except for the ip-pre-up -script). The scripts are +Pppd does not wait for the scripts to finish (except for the net\-init, +net\-pre\-up and ip\-pre\-up scripts). The scripts are executed as root (with the real and effective user-id set to 0), so that they can do things such as update routing tables or run privileged daemons. Be careful that the contents of these scripts do @@ -1840,6 +1843,14 @@ IP addresses assigned but is still down. This can be used to add firewall rules before any IP traffic can pass through the interface. Pppd will wait for this script to finish before bringing the interface up, so this script should run quickly. +.PP +WARNING: Please note that on systems where a single interface carries multiple +protocols (Linux) ip-pre-up is NOT actually guaranteed to execute prior to the +interface moving into an up state, although IP information won't be known you +should consider using net-pre-up instead, alternatively, disable other NCPs +such that IPv4 is the only negotiated protocol - which will also result in a +guarantee that ip-pre-up is called prior to the interface going into an UP +state. .TP .B /etc/ppp/ip\-up A program or script which is executed when the link is available for @@ -1869,6 +1880,27 @@ Similar to /etc/ppp/ip\-down, but it is executed when IPv6 packets can no longer be transmitted on the link. It is executed with the same parameters as the ipv6\-up script. .TP +.B /etc/ppp/net\-init +This script will be executed the moment the ppp unit number is known. This +script will be waited for and should not cause significant delays. This can be +used to update book-keeping type systems external to ppp and provides the only +guaranteed point where a script can be executed knowing the ppp unit number +prior to LCP being initiated. It is executed with the parameters +.IP +\fIinterface\-name tty\-device speed ipparam +.TP +.B /etc/ppp/net\-pre\-up +This script will be executed just prior to NCP negotiations initiating, and is +guaranteed to be executed whilst the interface (Linux) and/or sub-interfaces +(Solaris) as the case may be is/are still down. ppp will block waiting for +this script to complete, and the interface may be safely renamed in this script +(using for example "ip li set dev $1 name ppp-foobar". The parameters are the +same as for net\-init. +.TP +.B /etc/ppp/net\-down +This script will be executed just prior to ppp terminating and will not be +waited for. The parameters are the same as for net\-init. +.TP .B /var/run/ppp\fIn\fB.pid \fR(BSD or Linux), \fB/etc/ppp/ppp\fIn\fB.pid \fR(others) Process-ID for pppd process on ppp interface unit \fIn\fR. .TP @@ -2013,7 +2045,7 @@ of a fatal decompression error. (Fatal decompression errors generally indicate a bug in one or other implementation.) .SH AUTHORS -Paul Mackerras (paulus@samba.org), based on earlier work by +Paul Mackerras (paulus@ozlabs.org), based on earlier work by Drew Perkins, Brad Clements, Karl Fox, @@ -2075,7 +2107,7 @@ are met: .br (412) 268-4387, fax: (412) 268-7395 .br - tech-transfer@andrew.cmu.edu + tech\-transfer@andrew.cmu.edu .LP 3b. The name(s) of the authors of this software must not be used to endorse or promote products derived from this software without @@ -2088,7 +2120,7 @@ are met: at Carnegie Mellon University (http://www.cmu.edu/computing/)." .br "This product includes software developed by Paul Mackerras - ". + ". .br "This product includes software developed by Pedro Roque Marques ". diff --git a/pppd/pppd.h b/pppd/pppd.h index bd9faf0..4f02021 100644 --- a/pppd/pppd.h +++ b/pppd/pppd.h @@ -38,159 +38,108 @@ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - * - * $Id: pppd.h,v 1.96 2008/06/23 11:47:18 paulus Exp $ */ #ifndef PPP_PPPD_H #define PPP_PPPD_H -#include "pppdconf.h" - -#include /* for FILE */ -#include /* for encrypt */ -#include /* for setkey */ #include +#include +#include #include -#include /* for u_int32_t, if defined */ -#if defined(SOL2) -#include -#else -#include -#endif - -#ifdef PPP_WITH_IPV6CP -#if defined(SOL2) -#include - -typedef union { - uint8_t e8[8]; /* lower 64-bit IPv6 address */ - uint32_t e32[2]; /* lower 64-bit IPv6 address */ -} eui64_t; - -/* - * Declare the two below, since in.h only defines them when _KERNEL - * is declared - which shouldn't be true when dealing with user-land programs - */ -#define s6_addr8 _S6_un._S6_u8 -#define s6_addr32 _S6_un._S6_u32 +#include -#else /* else if not defined(SOL2) */ - -/* - * TODO: - * - * Maybe this should be done by processing struct in6_addr directly... - */ -typedef union -{ - u_int8_t e8[8]; - u_int16_t e16[4]; - u_int32_t e32[2]; -} eui64_t; +#include "pppdconf.h" -#endif /* defined(SOL2) */ +#ifdef __cplusplus +extern "C" { #endif /* - * Limits. + * Limits */ - #define NUM_PPP 1 /* One PPP interface supported (per process) */ #define MAXWORDLEN 1024 /* max length of word in file (incl null) */ #define MAXARGS 1 /* max # args to a command */ #define MAXNAMELEN 256 /* max length of hostname or name for auth */ #define MAXSECRETLEN 256 /* max length of password or secret */ + /* - * If PPP_DRV_NAME is not defined, use the default "ppp" as the device name. - * Where should PPP_DRV_NAME come from? Do we include it here? + * Values for phase. */ -#if !defined(PPP_DRV_NAME) -#define PPP_DRV_NAME "ppp" -#endif /* !defined(PPP_DRV_NAME) */ +typedef enum ppp_phase +{ + PHASE_DEAD, + PHASE_INITIALIZE, + PHASE_SERIALCONN, + PHASE_DORMANT, + PHASE_ESTABLISH, + PHASE_AUTHENTICATE, + PHASE_CALLBACK, + PHASE_NETWORK, + PHASE_RUNNING, + PHASE_TERMINATE, + PHASE_DISCONNECT, + PHASE_HOLDOFF, + PHASE_MASTER, +} ppp_phase_t; /* - * Option descriptor structure. + * Values for exit codes */ +typedef enum ppp_exit_code +{ + EXIT_OK = 0, + EXIT_FATAL_ERROR = 1, + EXIT_OPTION_ERROR = 2, + EXIT_NOT_ROOT = 3, + EXIT_NO_KERNEL_SUPPORT = 4, + EXIT_USER_REQUEST = 5, + EXIT_LOCK_FAILED = 6, + EXIT_OPEN_FAILED = 7, + EXIT_CONNECT_FAILED = 8, + EXIT_PTYCMD_FAILED = 9, + EXIT_NEGOTIATION_FAILED = 10, + EXIT_PEER_AUTH_FAILED = 11, + EXIT_IDLE_TIMEOUT = 12, + EXIT_CONNECT_TIME = 13, + EXIT_CALLBACK = 14, + EXIT_PEER_DEAD = 15, + EXIT_HANGUP = 16, + EXIT_LOOPBACK = 17, + EXIT_INIT_FAILED = 18, + EXIT_AUTH_TOPEER_FAILED = 19, + EXIT_TRAFFIC_LIMIT = 20, + EXIT_CNID_AUTH_FAILED = 21 +} ppp_exit_code_t; -typedef unsigned char bool; - -enum opt_type { - o_special_noarg = 0, - o_special = 1, - o_bool, - o_int, - o_uint32, - o_string, - o_wild -}; - -typedef struct { - char *name; /* name of the option */ - enum opt_type type; - void *addr; - char *description; - unsigned int flags; - void *addr2; - int upper_limit; - int lower_limit; - const char *source; - short int priority; - short int winner; -} option_t; - -/* Values for flags */ -#define OPT_VALUE 0xff /* mask for presupplied value */ -#define OPT_HEX 0x100 /* int option is in hex */ -#define OPT_NOARG 0x200 /* option doesn't take argument */ -#define OPT_OR 0x400 /* for u32, OR in argument to value */ -#define OPT_INC 0x400 /* for o_int, increment value */ -#define OPT_A2OR 0x800 /* for o_bool, OR arg to *(u_char *)addr2 */ -#define OPT_PRIV 0x1000 /* privileged option */ -#define OPT_STATIC 0x2000 /* string option goes into static array */ -#define OPT_NOINCR 0x2000 /* for o_int, value mustn't be increased */ -#define OPT_LLIMIT 0x4000 /* check value against lower limit */ -#define OPT_ULIMIT 0x8000 /* check value against upper limit */ -#define OPT_LIMITS (OPT_LLIMIT|OPT_ULIMIT) -#define OPT_ZEROOK 0x10000 /* 0 value is OK even if not within limits */ -#define OPT_HIDE 0x10000 /* for o_string, print value as ?????? */ -#define OPT_A2LIST 0x20000 /* for o_special, keep list of values */ -#define OPT_A2CLRB 0x20000 /* o_bool, clr val bits in *(u_char *)addr2 */ -#define OPT_ZEROINF 0x40000 /* with OPT_NOINCR, 0 == infinity */ -#define OPT_PRIO 0x80000 /* process option priorities for this option */ -#define OPT_PRIOSUB 0x100000 /* subsidiary member of priority group */ -#define OPT_ALIAS 0x200000 /* option is alias for previous option */ -#define OPT_A2COPY 0x400000 /* addr2 -> second location to rcv value */ -#define OPT_ENABLE 0x800000 /* use *addr2 as enable for option */ -#define OPT_A2CLR 0x1000000 /* clear *(bool *)addr2 */ -#define OPT_PRIVFIX 0x2000000 /* user can't override if set by root */ -#define OPT_INITONLY 0x4000000 /* option can only be set in init phase */ -#define OPT_DEVEQUIV 0x8000000 /* equiv to device name */ -#define OPT_DEVNAM (OPT_INITONLY | OPT_DEVEQUIV) -#define OPT_A2PRINTER 0x10000000 /* *addr2 printer_func to print option */ -#define OPT_A2STRVAL 0x20000000 /* *addr2 points to current string value */ -#define OPT_NOPRINT 0x40000000 /* don't print this option at all */ - -#define OPT_VAL(x) ((x) & OPT_VALUE) - -/* Values for priority */ -#define OPRIO_DEFAULT 0 /* a default value */ -#define OPRIO_CFGFILE 1 /* value from a configuration file */ -#define OPRIO_CMDLINE 2 /* value from the command line */ -#define OPRIO_SECFILE 3 /* value from options in a secrets file */ -#define OPRIO_ROOT 100 /* added to priority if OPT_PRIVFIX && root */ - -#ifndef GIDSET_TYPE -#define GIDSET_TYPE gid_t -#endif - -/* Structure representing a list of permitted IP addresses. */ -struct permitted_ip { - int permit; /* 1 = permit, 0 = forbid */ - u_int32_t base; /* match if (addr & mask) == base */ - u_int32_t mask; /* base and mask are in network byte order */ -}; +/* + * Type of notifier callbacks + */ +typedef enum +{ + NF_PID_CHANGE, + NF_PHASE_CHANGE, + NF_EXIT, + NF_SIGNALED, + NF_IP_UP, + NF_IP_DOWN, + NF_IPV6_UP, + NF_IPV6_DOWN, + NF_AUTH_UP, + NF_LINK_DOWN, + NF_FORK, + NF_MAX_NOTIFY +} ppp_notify_t; + +typedef enum +{ + PPP_DIR_LOG, + PPP_DIR_RUNTIME, + PPP_DIR_CONF, + PPP_DIR_PLUGIN, +} ppp_path_t; /* * Unfortunately, the linux kernel driver uses a different structure @@ -198,267 +147,36 @@ struct permitted_ip { * This structure serves as a common representation for the bits * pppd needs. */ -struct pppd_stats { +struct pppd_stats +{ uint64_t bytes_in; uint64_t bytes_out; unsigned int pkts_in; unsigned int pkts_out; }; +typedef struct pppd_stats ppp_link_stats_st; -/* Used for storing a sequence of words. Usually malloced. */ +/* + * Used for storing a sequence of words. Usually malloced. + */ struct wordlist { struct wordlist *next; char *word; }; -/* An endpoint discriminator, used with multilink. */ -#define MAX_ENDP_LEN 20 /* maximum length of discriminator value */ -struct epdisc { - unsigned char class; - unsigned char length; - unsigned char value[MAX_ENDP_LEN]; -}; - -/* values for epdisc.class */ -#define EPD_NULL 0 /* null discriminator, no data */ -#define EPD_LOCAL 1 -#define EPD_IP 2 -#define EPD_MAC 3 -#define EPD_MAGIC 4 -#define EPD_PHONENUM 5 - -typedef void (*notify_func)(void *, int); +struct option; typedef void (*printer_func)(void *, char *, ...); -struct notifier { - struct notifier *next; - notify_func func; - void *arg; -}; - -/* - * Global variables. - */ - -extern int got_sigterm; /* SIGINT or SIGTERM was received */ -extern int hungup; /* Physical layer has disconnected */ -extern int ifunit; /* Interface unit number */ -extern char ifname[]; /* Interface name (IFNAMSIZ) */ -extern char hostname[]; /* Our hostname */ -extern u_char outpacket_buf[]; /* Buffer for outgoing packets */ -extern int devfd; /* fd of underlying device */ -extern int fd_ppp; /* fd for talking PPP */ -extern int phase; /* Current state of link - see values below */ -extern int baud_rate; /* Current link speed in bits/sec */ -extern char *progname; /* Name of this program */ -extern int redirect_stderr;/* Connector's stderr should go to file */ -extern char peer_authname[];/* Authenticated name of peer */ -extern int auth_done[NUM_PPP]; /* Methods actually used for auth */ -extern int privileged; /* We were run by real-uid root */ -extern int need_holdoff; /* Need holdoff period after link terminates */ -extern char **script_env; /* Environment variables for scripts */ -extern int detached; /* Have detached from controlling tty */ -extern GIDSET_TYPE groups[]; /* groups the user is in */ -extern int ngroups; /* How many groups valid in groups */ -extern struct pppd_stats link_stats; /* byte/packet counts etc. for link */ -extern int link_stats_valid; /* set if link_stats is valid */ -extern unsigned link_connect_time; /* time the link was up for */ -extern int using_pty; /* using pty as device (notty or pty opt.) */ -extern int log_to_fd; /* logging to this fd as well as syslog */ -extern bool log_default; /* log_to_fd is default (stdout) */ -extern char *no_ppp_msg; /* message to print if ppp not in kernel */ -extern volatile int status; /* exit status for pppd */ -extern bool devnam_fixed; /* can no longer change devnam */ -extern int unsuccess; /* # unsuccessful connection attempts */ -extern int do_callback; /* set if we want to do callback next */ -extern int doing_callback; /* set if this is a callback */ -extern int error_count; /* # of times error() has been called */ -extern char ppp_devnam[]; /* name of PPP tty (maybe ttypx) */ -extern char remote_number[MAXNAMELEN]; /* Remote telephone number, if avail. */ -extern int ppp_session_number; /* Session number (eg PPPoE session) */ -extern int fd_devnull; /* fd open to /dev/null */ - -extern int listen_time; /* time to listen first (ms) */ -extern bool doing_multilink; -extern bool multilink_master; -extern bool bundle_eof; -extern bool bundle_terminating; - -extern struct notifier *pidchange; /* for notifications of pid changing */ -extern struct notifier *phasechange; /* for notifications of phase changes */ -extern struct notifier *exitnotify; /* for notification that we're exiting */ -extern struct notifier *sigreceived; /* notification of received signal */ -extern struct notifier *ip_up_notifier; /* IPCP has come up */ -extern struct notifier *ip_down_notifier; /* IPCP has gone down */ -extern struct notifier *ipv6_up_notifier; /* IPV6CP has come up */ -extern struct notifier *ipv6_down_notifier; /* IPV6CP has gone down */ -extern struct notifier *auth_up_notifier; /* peer has authenticated */ -extern struct notifier *link_down_notifier; /* link has gone down */ -extern struct notifier *fork_notifier; /* we are a new child process */ - -/* Values for do_callback and doing_callback */ -#define CALLBACK_DIALIN 1 /* we are expecting the call back */ -#define CALLBACK_DIALOUT 2 /* we are dialling out to call back */ - -/* - * Variables set by command-line options. - */ - -extern int debug; /* Debug flag */ -extern int kdebugflag; /* Tell kernel to print debug messages */ -extern int default_device; /* Using /dev/tty or equivalent */ -extern char devnam[]; /* Device name */ -extern int crtscts; /* Use hardware flow control */ -extern int stop_bits; /* Number of serial port stop bits */ -extern bool modem; /* Use modem control lines */ -extern int inspeed; /* Input/Output speed requested */ -extern u_int32_t netmask; /* IP netmask to set on interface */ -extern bool lockflag; /* Create lock file to lock the serial dev */ -extern bool nodetach; /* Don't detach from controlling tty */ -#ifdef SYSTEMD -extern bool up_sdnotify; /* Notify systemd once link is up (implies nodetach) */ -#endif -extern bool updetach; /* Detach from controlling tty when link up */ -extern bool master_detach; /* Detach when multilink master without link */ -extern char *initializer; /* Script to initialize physical link */ -extern char *connect_script; /* Script to establish physical link */ -extern char *disconnect_script; /* Script to disestablish physical link */ -extern char *welcomer; /* Script to welcome client after connection */ -extern char *ptycommand; /* Command to run on other side of pty */ -extern int maxconnect; /* Maximum connect time (seconds) */ -extern char user[MAXNAMELEN];/* Our name for authenticating ourselves */ -extern char passwd[MAXSECRETLEN]; /* Password for PAP or CHAP */ -extern bool auth_required; /* Peer is required to authenticate */ -extern bool persist; /* Reopen link after it goes down */ -extern bool uselogin; /* Use /etc/passwd for checking PAP */ -extern bool session_mgmt; /* Do session management (login records) */ -extern char our_name[MAXNAMELEN];/* Our name for authentication purposes */ -extern char remote_name[MAXNAMELEN]; /* Peer's name for authentication */ -extern bool explicit_remote;/* remote_name specified with remotename opt */ -extern bool demand; /* Do dial-on-demand */ -extern char *ipparam; /* Extra parameter for ip up/down scripts */ -extern bool cryptpap; /* Others' PAP passwords are encrypted */ -extern int idle_time_limit;/* Shut down link if idle for this long */ -extern int holdoff; /* Dead time before restarting */ -extern bool holdoff_specified; /* true if user gave a holdoff value */ -extern bool notty; /* Stdin/out is not a tty */ -extern char *pty_socket; /* Socket to connect to pty */ -extern char *record_file; /* File to record chars sent/received */ -extern bool sync_serial; /* Device is synchronous serial device */ -extern int maxfail; /* Max # of unsuccessful connection attempts */ -extern char linkname[]; /* logical name for link */ -extern bool tune_kernel; /* May alter kernel settings as necessary */ -extern int connect_delay; /* Time to delay after connect script */ -extern int max_data_rate; /* max bytes/sec through charshunt */ -extern int req_unit; /* interface unit number to use */ -extern char path_ipup[]; /* pathname of ip-up script */ -extern char path_ipdown[]; /* pathname of ip-down script */ -extern char req_ifname[]; /* interface name to use (IFNAMSIZ) */ -extern bool multilink; /* enable multilink operation */ -extern bool noendpoint; /* don't send or accept endpt. discrim. */ -extern char *bundle_name; /* bundle name for multilink */ -extern bool dump_options; /* print out option values */ -extern bool dryrun; /* check everything, print options, exit */ -extern int child_wait; /* # seconds to wait for children at end */ - -#ifdef PPP_WITH_IPV6CP -extern char path_ipv6up[]; /* pathname of ipv6-up script */ -extern char path_ipv6down[]; /* pathname of ipv6-down script */ -#endif - -#if defined(PPP_WITH_EAPTLS) || defined(PPP_WITH_PEAP) -#define TLS_VERIFY_NONE "none" -#define TLS_VERIFY_NAME "name" -#define TLS_VERIFY_SUBJECT "subject" -#define TLS_VERIFY_SUFFIX "suffix" - -extern char *crl_dir; -extern char *crl_file; -extern char *ca_path; -extern char *cacert_file; - -extern char *max_tls_version; -extern bool tls_verify_key_usage; -extern char *tls_verify_method; -#endif /* PPP_WITH_EAPTLS || PPP_WITH_PEAP */ - -#ifdef PPP_WITH_EAPTLS -extern char *pkcs12_file; -#endif /* PPP_WITH_EAPTLS */ - -extern unsigned int maxoctets; /* Maximum octetes per session (in bytes) */ -extern int maxoctets_dir; /* Direction : - 0 - in+out (default) - 1 - in - 2 - out - 3 - max(in,out) */ -extern int maxoctets_timeout; /* Timeout for check of octets limit */ -#define PPP_OCTETS_DIRECTION_SUM 0 -#define PPP_OCTETS_DIRECTION_IN 1 -#define PPP_OCTETS_DIRECTION_OUT 2 -#define PPP_OCTETS_DIRECTION_MAXOVERAL 3 -/* same as previos, but little different on RADIUS side */ -#define PPP_OCTETS_DIRECTION_MAXSESSION 4 - -#ifdef PPP_WITH_FILTER -extern struct bpf_program pass_filter; /* Filter for pkts to pass */ -extern struct bpf_program active_filter; /* Filter for link-active pkts */ -#endif - -#ifdef PPP_WITH_MSLANMAN -extern bool ms_lanman; /* Use LanMan password instead of NT */ - /* Has meaning only with MS-CHAP challenges */ -#endif - -/* Values for auth_pending, auth_done */ -#define PAP_WITHPEER 0x1 -#define PAP_PEER 0x2 -#define CHAP_WITHPEER 0x4 -#define CHAP_PEER 0x8 -#define EAP_WITHPEER 0x10 -#define EAP_PEER 0x20 - -/* Values for auth_done only */ -#define CHAP_MD5_WITHPEER 0x40 -#define CHAP_MD5_PEER 0x80 -#define CHAP_MS_SHIFT 8 /* LSB position for MS auths */ -#define CHAP_MS_WITHPEER 0x100 -#define CHAP_MS_PEER 0x200 -#define CHAP_MS2_WITHPEER 0x400 -#define CHAP_MS2_PEER 0x800 - -extern char *current_option; /* the name of the option being parsed */ -extern int privileged_option; /* set iff the current option came from root */ -extern char *option_source; /* string saying where the option came from */ -extern int option_priority; /* priority of current options */ - -/* - * Values for phase. - */ -#define PHASE_DEAD 0 -#define PHASE_INITIALIZE 1 -#define PHASE_SERIALCONN 2 -#define PHASE_DORMANT 3 -#define PHASE_ESTABLISH 4 -#define PHASE_AUTHENTICATE 5 -#define PHASE_CALLBACK 6 -#define PHASE_NETWORK 7 -#define PHASE_RUNNING 8 -#define PHASE_TERMINATE 9 -#define PHASE_DISCONNECT 10 -#define PHASE_HOLDOFF 11 -#define PHASE_MASTER 12 - /* - * The following struct gives the addresses of procedures to call - * for a particular protocol. + * The following struct gives the addresses of procedures to call for a particular protocol. */ struct protent { - u_short protocol; /* PPP protocol number */ + /* PPP protocol number */ + unsigned short protocol; /* Initialization procedure */ void (*init)(int unit); /* Process a received packet */ - void (*input)(int unit, u_char *pkt, int len); + void (*input)(int unit, unsigned char *pkt, int len); /* Process a received protocol-reject */ void (*protrej)(int unit); /* Lower layer has come up */ @@ -470,34 +188,37 @@ struct protent { /* Close the protocol */ void (*close)(int unit, char *reason); /* Print a packet in readable form */ - int (*printpkt)(u_char *pkt, int len, printer_func printer, void *arg); + int (*printpkt)(unsigned char *pkt, int len, printer_func printer, void *arg); /* Process a received data packet */ - void (*datainput)(int unit, u_char *pkt, int len); - bool enabled_flag; /* 0 iff protocol is disabled */ - char *name; /* Text name of protocol */ - char *data_name; /* Text name of corresponding data protocol */ - option_t *options; /* List of command-line options */ + void (*datainput)(int unit, unsigned char *pkt, int len); + /* 0 iff protocol is disabled */ + bool enabled_flag; + /* Text name of protocol */ + char *name; + /* Text name of corresponding data protocol */ + char *data_name; + /* List of command-line options */ + struct option *options; /* Check requested options, assign defaults */ void (*check_options)(void); /* Configure interface for demand-dial */ int (*demand_conf)(int unit); /* Say whether to bring up link for this pkt */ - int (*active_pkt)(u_char *pkt, int len); + int (*active_pkt)(unsigned char *pkt, int len); }; /* Table of pointers to supported protocols */ extern struct protent *protocols[]; + /* - * This struct contains pointers to a set of procedures for - * doing operations on a "channel". A channel provides a way - * to send and receive PPP packets - the canonical example is - * a serial port device in PPP line discipline (or equivalently - * with PPP STREAMS modules pushed onto it). + * This struct contains pointers to a set of procedures for doing operations on a "channel". + * A channel provides a way to send and receive PPP packets - the canonical example is a serial + * port device in PPP line discipline (or equivalently with PPP STREAMS modules pushed onto it). */ struct channel { /* set of options for this channel */ - option_t *options; + struct option *options; /* find and process a per-channel options file */ void (*process_extra_options)(void); /* check all the options that have been given */ @@ -511,9 +232,9 @@ struct channel { /* take the channel out of PPP `mode', restore loopback if demand */ void (*disestablish_ppp)(int); /* set the transmit-side PPP parameters of the channel */ - void (*send_config)(int, u_int32_t, int, int); + void (*send_config)(int, uint32_t, int, int); /* set the receive-side PPP parameters of the channel */ - void (*recv_config)(int, u_int32_t, int, int); + void (*recv_config)(int, uint32_t, int, int); /* cleanup on error or normal exit */ void (*cleanup)(void); /* close the device, called in children after fork */ @@ -522,469 +243,329 @@ struct channel { extern struct channel *the_channel; + /* - * This structure contains environment variables that are set or unset - * by the user. + * Functions for string formatting and debugging */ -struct userenv { - struct userenv *ue_next; - char *ue_value; /* value (set only) */ - bool ue_isset; /* 1 for set, 0 for unset */ - bool ue_priv; /* from privileged source */ - const char *ue_source; /* source name */ - char ue_name[1]; /* variable name */ -}; -extern struct userenv *userenv_list; - -/* - * Prototypes. - */ - -/* Procedures exported from main.c. */ -void set_ifunit(int); /* set stuff that depends on ifunit */ -void detach(void); /* Detach from controlling tty */ -void die(int); /* Cleanup and exit */ -void quit(void); /* like die(1) */ -void novm(char *); /* Say we ran out of memory, and die */ -void timeout(void (*func)(void *), void *arg, int s, int us); - /* Call func(arg) after s.us seconds */ -void untimeout(void (*func)(void *), void *arg); - /* Cancel call to func(arg) */ -void record_child(int, char *, void (*) (void *), void *, int); -pid_t safe_fork(int, int, int); /* Fork & close stuff in child */ -int device_script(char *cmd, int in, int out, int dont_wait); - /* Run `cmd' with given stdin and stdout */ -pid_t run_program(char *prog, char **args, int must_exist, - void (*done)(void *), void *arg, int wait); - /* Run program prog with args in child */ -void reopen_log(void); /* (re)open the connection to syslog */ -void print_link_stats(void); /* Print stats, if available */ -void reset_link_stats(int); /* Reset (init) stats when link goes up */ -void update_link_stats(int); /* Get stats at link termination */ -void script_setenv(char *, char *, int); /* set script env var */ -void script_unsetenv(char *); /* unset script env var */ -void new_phase(int); /* signal start of new phase */ -void add_notifier(struct notifier **, notify_func, void *); -void remove_notifier(struct notifier **, notify_func, void *); -void notify(struct notifier *, int); -int ppp_send_config(int, int, u_int32_t, int, int); -int ppp_recv_config(int, int, u_int32_t, int, int); -const char *protocol_name(int); -void remove_pidfiles(void); -void lock_db(void); -void unlock_db(void); - -/* Procedures exported from tty.c. */ -void tty_init(void); - -/* Procedures exported from utils.c. */ -void log_packet(u_char *, int, char *, int); - /* Format a packet and log it with syslog */ -void print_string(char *, int, printer_func, void *); - /* Format a string for output */ -int slprintf(char *, int, char *, ...); /* sprintf++ */ -int vslprintf(char *, int, char *, va_list); /* vsprintf++ */ -size_t strlcpy(char *, const char *, size_t); /* safe strcpy */ -size_t strlcat(char *, const char *, size_t); /* safe strncpy */ -void dbglog(char *, ...); /* log a debug message */ -void info(char *, ...); /* log an informational message */ -void notice(char *, ...); /* log a notice-level message */ -void warn(char *, ...); /* log a warning message */ -void error(char *, ...); /* log an error message */ -void fatal(char *, ...); /* log an error message and die(1) */ -void init_pr_log(const char *, int); /* initialize for using pr_log */ -void pr_log(void *, char *, ...); /* printer fn, output to syslog */ -void end_pr_log(void); /* finish up after using pr_log */ -void dump_packet(const char *, u_char *, int); - /* dump packet to debug log if interesting */ -ssize_t complete_read(int, void *, size_t); - /* read a complete buffer */ - -/* Procedures exported from auth.c */ -void link_required(int); /* we are starting to use the link */ -void start_link(int); /* bring the link up now */ -void link_terminated(int); /* we are finished with the link */ -void link_down(int); /* the LCP layer has left the Opened state */ -void upper_layers_down(int);/* take all NCPs down */ -void link_established(int); /* the link is up; authenticate now */ -void start_networks(int); /* start all the network control protos */ -void continue_networks(int); /* start network [ip, etc] control protos */ -void np_up(int, int); /* a network protocol has come up */ -void np_down(int, int); /* a network protocol has gone down */ -void np_finished(int, int); /* a network protocol no longer needs link */ -void auth_peer_fail(int, int); - /* peer failed to authenticate itself */ -void auth_peer_success(int, int, int, char *, int); - /* peer successfully authenticated itself */ -void auth_withpeer_fail(int, int); - /* we failed to authenticate ourselves */ -void auth_withpeer_success(int, int, int); - /* we successfully authenticated ourselves */ -void auth_check_options(void); - /* check authentication options supplied */ -void auth_reset(int); /* check what secrets we have */ -int check_passwd(int, char *, int, char *, int, char **); - /* Check peer-supplied username/password */ -int get_secret(int, char *, char *, char *, int *, int); - /* get "secret" for chap */ -int get_srp_secret(int unit, char *client, char *server, char *secret, - int am_server); -int auth_ip_addr(int, u_int32_t); - /* check if IP address is authorized */ -int auth_number(void); /* check if remote number is authorized */ -int bad_ip_adrs(u_int32_t); - /* check if IP address is unreasonable */ - -/* Procedures exported from demand.c */ -void demand_conf(void); /* config interface(s) for demand-dial */ -void demand_block(void); /* set all NPs to queue up packets */ -void demand_unblock(void); /* set all NPs to pass packets */ -void demand_discard(void); /* set all NPs to discard packets */ -void demand_rexmit(int); /* retransmit saved frames for an NP */ -int loop_chars(unsigned char *, int); /* process chars from loopback */ -int loop_frame(unsigned char *, int); /* should we bring link up? */ - -/* Procedures exported from multilink.c */ -#ifdef PPP_WITH_MULTILINK -void mp_check_options(void); /* Check multilink-related options */ -int mp_join_bundle(void); /* join our link to an appropriate bundle */ -void mp_exit_bundle(void); /* have disconnected our link from bundle */ -void mp_bundle_terminated(void); -char *epdisc_to_str(struct epdisc *); /* string from endpoint discrim. */ -int str_to_epdisc(struct epdisc *, char *); /* endpt disc. from str */ -#else -#define mp_bundle_terminated() /* nothing */ -#define mp_exit_bundle() /* nothing */ -#define doing_multilink 0 -#define multilink_master 0 -#endif +/* Is debug enabled */ +bool debug_on(); -/* Procedures exported from sys-*.c */ -void sys_init(void); /* Do system-dependent initialization */ -void sys_cleanup(void); /* Restore system state before exiting */ -int sys_check_options(void); /* Check options specified */ -void sys_close(void); /* Clean up in a child before execing */ -int ppp_available(void); /* Test whether ppp kernel support exists */ -int get_pty(int *, int *, char *, int); /* Get pty master/slave */ -int open_ppp_loopback(void); /* Open loopback for demand-dialling */ -int tty_establish_ppp(int); /* Turn serial port into a ppp interface */ -void tty_disestablish_ppp(int); /* Restore port to normal operation */ -void generic_disestablish_ppp(int dev_fd); /* Restore device setting */ -int generic_establish_ppp(int dev_fd); /* Make a ppp interface */ -void make_new_bundle(int, int, int, int); /* Create new bundle */ -int bundle_attach(int); /* Attach link to existing bundle */ -void cfg_bundle(int, int, int, int); /* Configure existing bundle */ -void destroy_bundle(void); /* Tell driver to destroy bundle */ -void clean_check(void); /* Check if line was 8-bit clean */ -void set_up_tty(int, int); /* Set up port's speed, parameters, etc. */ -void restore_tty(int); /* Restore port's original parameters */ -void setdtr(int, int); /* Raise or lower port's DTR line */ -void output(int, u_char *, int); /* Output a PPP packet */ -void wait_input(struct timeval *); - /* Wait for input, with timeout */ -void add_fd(int); /* Add fd to set to wait for */ -void remove_fd(int); /* Remove fd from set to wait for */ -int read_packet(u_char *); /* Read PPP packet */ -int get_loop_output(void); /* Read pkts from loopback */ -void tty_send_config(int, u_int32_t, int, int); - /* Configure i/f transmit parameters */ -void tty_set_xaccm(ext_accm); - /* Set extended transmit ACCM */ -void tty_recv_config(int, u_int32_t, int, int); - /* Configure i/f receive parameters */ -int ccp_test(int, u_char *, int, int); - /* Test support for compression scheme */ -void ccp_flags_set(int, int, int); - /* Set kernel CCP state */ -int ccp_fatal_error(int); /* Test for fatal decomp error in kernel */ -int get_idle_time(int, struct ppp_idle *); - /* Find out how long link has been idle */ -int get_ppp_stats(int, struct pppd_stats *); - /* Return link statistics */ -void netif_set_mtu(int, int); /* Set PPP interface MTU */ -int netif_get_mtu(int); /* Get PPP interface MTU */ -int sifvjcomp(int, int, int, int); - /* Configure VJ TCP header compression */ -int sifup(int); /* Configure i/f up for one protocol */ -int sifnpmode(int u, int proto, enum NPmode mode); - /* Set mode for handling packets for proto */ -int sifdown(int); /* Configure i/f down for one protocol */ -int sifaddr(int, u_int32_t, u_int32_t, u_int32_t); - /* Configure IPv4 addresses for i/f */ -int cifaddr(int, u_int32_t, u_int32_t); - /* Reset i/f IP addresses */ -#ifdef PPP_WITH_IPV6CP -int sif6up(int); /* Configure i/f up for IPv6 */ -int sif6down(int); /* Configure i/f down for IPv6 */ -int sif6addr(int, eui64_t, eui64_t); - /* Configure IPv6 addresses for i/f */ -int cif6addr(int, eui64_t, eui64_t); - /* Remove an IPv6 address from i/f */ -#endif -int sifdefaultroute(int, u_int32_t, u_int32_t, bool replace_default_rt); - /* Create default route through i/f */ -int cifdefaultroute(int, u_int32_t, u_int32_t); - /* Delete default route through i/f */ -#ifdef PPP_WITH_IPV6CP -int sif6defaultroute(int, eui64_t, eui64_t); - /* Create default IPv6 route through i/f */ -int cif6defaultroute(int, eui64_t, eui64_t); - /* Delete default IPv6 route through i/f */ -#endif -int sifproxyarp(int, u_int32_t); - /* Add proxy ARP entry for peer */ -int cifproxyarp(int, u_int32_t); - /* Delete proxy ARP entry for peer */ -u_int32_t GetMask(u_int32_t); /* Get appropriate netmask for address */ -int lock(char *); /* Create lock file for device */ -int relock(int); /* Rewrite lock file with new pid */ -void unlock(void); /* Delete previously-created lock file */ -void logwtmp(const char *, const char *, const char *); - /* Write entry to wtmp file */ -int get_host_seed(void); /* Get host-dependent random number seed */ -int have_route_to(u_int32_t); /* Check if route to addr exists */ -#ifdef PPP_WITH_FILTER -int set_filters(struct bpf_program *pass, struct bpf_program *active); - /* Set filter programs in kernel */ -#endif -int get_if_hwaddr(u_char *addr, char *name); -int get_first_ether_hwaddr(u_char *addr); -int get_time(struct timeval *); - /* Get current time, monotonic if possible. */ - -/* Procedures exported from options.c */ -int setipaddr(char *, char **, int); /* Set local/remote ip addresses */ -int parse_args(int argc, char **argv); - /* Parse options from arguments given */ -int options_from_file(char *filename, int must_exist, int check_prot, - int privileged); - /* Parse options from an options file */ -int options_from_user(void); /* Parse options from user's .ppprc */ -int options_for_tty(void); /* Parse options from /etc/ppp/options.tty */ -int options_from_list(struct wordlist *, int privileged); - /* Parse options from a wordlist */ -int getword(FILE *f, char *word, int *newlinep, char *filename); - /* Read a word from a file */ -void option_error(char *fmt, ...); - /* Print an error message about an option */ -int int_option(char *, int *); - /* Simplified number_option for decimal ints */ -void add_options(option_t *); /* Add extra options */ -void check_options(void); /* check values after all options parsed */ -int override_value(char *, int, const char *); - /* override value if permitted by priority */ -void print_options(printer_func, void *); - /* print out values of all options */ - -int parse_dotted_ip(char *, u_int32_t *); - -/* - * Hooks to enable plugins to change various things. +/* Safe sprintf++ */ +int slprintf(char *, int, const char *, ...); + +/* vsprintf++ */ +int vslprintf(char *, int, const char *, va_list); + +/* safe strcpy */ +size_t strlcpy(char *, const char *, size_t); + +/* safe strncpy */ +size_t strlcat(char *, const char *, size_t); + +/* log a debug message */ +void dbglog(const char *, ...); + +/* log an informational message */ +void info(const char *, ...); + +/* log a notice-level message */ +void notice(const char *, ...); + +/* log a warning message */ +void warn(const char *, ...); + +/* log an error message */ +void error(const char *, ...); + +/* log an error message and die(1) */ +void fatal(const char *, ...); + +/* Say we ran out of memory, and die */ +void novm(const char *); + +/* Format a packet and log it with syslog */ +void log_packet(unsigned char *, int, char *, int); + +/* dump packet to debug log if interesting */ +void dump_packet(const char *, unsigned char *, int); + +/* initialize for using pr_log */ +void init_pr_log(const char *, int); + +/* printer fn, output to syslog */ +void pr_log(void *, char *, ...); + +/* finish up after using pr_log */ +void end_pr_log(void); + +/* + * Get the current exist status of pppd */ -extern int (*new_phase_hook)(int); -extern int (*idle_time_hook)(struct ppp_idle *); -extern int (*holdoff_hook)(void); -extern int (*pap_check_hook)(void); -extern int (*pap_auth_hook)(char *user, char *passwd, char **msgp, - struct wordlist **paddrs, - struct wordlist **popts); -extern void (*pap_logout_hook)(void); -extern int (*pap_passwd_hook)(char *user, char *passwd); -extern int (*allowed_address_hook)(u_int32_t addr); -extern void (*ip_up_hook)(void); -extern void (*ip_down_hook)(void); -extern void (*ip_choose_hook)(u_int32_t *); -extern void (*ipv6_up_hook)(void); -extern void (*ipv6_down_hook)(void); - -extern int (*chap_check_hook)(void); -extern int (*chap_passwd_hook)(char *user, char *passwd); -extern void (*multilink_join_hook)(void); - -#ifdef PPP_WITH_EAPTLS -extern int (*eaptls_passwd_hook)(char *user, char *passwd); -#endif +ppp_exit_code_t ppp_status(); -/* Let a plugin snoop sent and received packets. Useful for L2TP */ -extern void (*snoop_recv_hook)(unsigned char *p, int len); -extern void (*snoop_send_hook)(unsigned char *p, int len); +/* + * Set the exit status + */ +void ppp_set_status(ppp_exit_code_t code); /* - * Inline versions of get/put char/short/long. - * Pointer is advanced; we assume that both arguments - * are lvalues and will already be in registers. - * cp MUST be u_char *. + * Configure the session's maximum number of octets */ -#define GETCHAR(c, cp) { \ - (c) = *(cp)++; \ -} -#define PUTCHAR(c, cp) { \ - *(cp)++ = (u_char) (c); \ -} +void ppp_set_session_limit(unsigned int octets); +/* + * Which direction to limit the number of octets + */ +void ppp_set_session_limit_dir(unsigned int direction); -#define GETSHORT(s, cp) { \ - (s) = *(cp)++ << 8; \ - (s) |= *(cp)++; \ -} -#define PUTSHORT(s, cp) { \ - *(cp)++ = (u_char) ((s) >> 8); \ - *(cp)++ = (u_char) (s); \ -} +/* + * Get the current link stats, returns true when valid and false if otherwise + */ +bool ppp_get_link_stats(ppp_link_stats_st *stats); -#define GETLONG(l, cp) { \ - (l) = *(cp)++ << 8; \ - (l) |= *(cp)++; (l) <<= 8; \ - (l) |= *(cp)++; (l) <<= 8; \ - (l) |= *(cp)++; \ -} -#define PUTLONG(l, cp) { \ - *(cp)++ = (u_char) ((l) >> 24); \ - *(cp)++ = (u_char) ((l) >> 16); \ - *(cp)++ = (u_char) ((l) >> 8); \ - *(cp)++ = (u_char) (l); \ -} +/* + * Get pppd's notion of time + */ +int ppp_get_time(struct timeval *); -#define INCPTR(n, cp) ((cp) += (n)) -#define DECPTR(n, cp) ((cp) -= (n)) +/* + * Schedule a callback in s.us seconds from now + */ +typedef void (*ppp_timer_cb)(void *arg); +void ppp_timeout(ppp_timer_cb func, void *arg, int s, int us); /* - * System dependent definitions for user-level 4.3BSD UNIX implementation. + * Cancel any pending timer callbacks */ +void ppp_untimeout(void (*func)(void *), void *arg); -#define TIMEOUT(r, f, t) timeout((r), (f), (t), 0) -#define UNTIMEOUT(r, f) untimeout((r), (f)) +/* + * Clean up in a child before execing + */ +void ppp_sys_close(void); -#define BCOPY(s, d, l) memcpy(d, s, l) -#define BZERO(s, n) memset(s, 0, n) -#define BCMP(s1, s2, l) memcmp(s1, s2, l) +/* + * Fork & close stuff in child + */ +pid_t ppp_safe_fork(int, int, int); -#define PRINTMSG(m, l) { info("Remote message: %0.*v", l, m); } +/* + * Get the current hostname + */ +const char *ppp_hostname(); /* - * MAKEHEADER - Add Header fields to a packet. + * Is pppd using pty as a device (opposed to notty or pty opt). */ -#define MAKEHEADER(p, t) { \ - PUTCHAR(PPP_ALLSTATIONS, p); \ - PUTCHAR(PPP_UI, p); \ - PUTSHORT(t, p); } +bool ppp_using_pty(); /* - * Exit status values. + * Device is synchronous serial device */ -#define EXIT_OK 0 -#define EXIT_FATAL_ERROR 1 -#define EXIT_OPTION_ERROR 2 -#define EXIT_NOT_ROOT 3 -#define EXIT_NO_KERNEL_SUPPORT 4 -#define EXIT_USER_REQUEST 5 -#define EXIT_LOCK_FAILED 6 -#define EXIT_OPEN_FAILED 7 -#define EXIT_CONNECT_FAILED 8 -#define EXIT_PTYCMD_FAILED 9 -#define EXIT_NEGOTIATION_FAILED 10 -#define EXIT_PEER_AUTH_FAILED 11 -#define EXIT_IDLE_TIMEOUT 12 -#define EXIT_CONNECT_TIME 13 -#define EXIT_CALLBACK 14 -#define EXIT_PEER_DEAD 15 -#define EXIT_HANGUP 16 -#define EXIT_LOOPBACK 17 -#define EXIT_INIT_FAILED 18 -#define EXIT_AUTH_TOPEER_FAILED 19 -#define EXIT_TRAFFIC_LIMIT 20 -#define EXIT_CNID_AUTH_FAILED 21 +bool ppp_sync_serial(); /* - * Debug macros. Slightly useful for finding bugs in pppd, not particularly - * useful for finding out why your connection isn't being established. + * Modem mode */ -#ifdef DEBUGALL -#define DEBUGMAIN 1 -#define DEBUGFSM 1 -#define DEBUGLCP 1 -#define DEBUGIPCP 1 -#define DEBUGIPV6CP 1 -#define DEBUGUPAP 1 -#define DEBUGCHAP 1 -#endif +bool ppp_get_modem(); -#ifndef LOG_PPP /* we use LOG_LOCAL2 for syslog by default */ -#if defined(DEBUGMAIN) || defined(DEBUGFSM) || defined(DEBUGSYS) \ - || defined(DEBUGLCP) || defined(DEBUGIPCP) || defined(DEBUGUPAP) \ - || defined(DEBUGCHAP) || defined(DEBUG) || defined(DEBUGIPV6CP) -#define LOG_PPP LOG_LOCAL2 -#else -#define LOG_PPP LOG_DAEMON -#endif -#endif /* LOG_PPP */ +/* + * Control the mode of the tty terminal + */ +void ppp_set_modem(bool on); -#ifdef DEBUGMAIN -#define MAINDEBUG(x) if (debug) dbglog x -#else -#define MAINDEBUG(x) -#endif +/* + * Set the current session number, e.g. for PPPoE + */ +void ppp_set_session_number(int number); -#ifdef DEBUGSYS -#define SYSDEBUG(x) if (debug) dbglog x -#else -#define SYSDEBUG(x) -#endif +/* + * Set the current session number, e.g. for PPPoE + */ +int ppp_get_session_number(void); -#ifdef DEBUGFSM -#define FSMDEBUG(x) if (debug) dbglog x -#else -#define FSMDEBUG(x) -#endif +/* + * Check if pppd got signaled, returns 0 if not signaled, returns -1 on failure, and the signal number when signaled. + */ +bool ppp_signaled(int sig); -#ifdef DEBUGLCP -#define LCPDEBUG(x) if (debug) dbglog x -#else -#define LCPDEBUG(x) -#endif +/* + * Maximum connect time in seconds + */ +int ppp_get_max_connect_time(void); -#ifdef DEBUGIPCP -#define IPCPDEBUG(x) if (debug) dbglog x -#else -#define IPCPDEBUG(x) -#endif +/* + * Set the maximum connect time in seconds + */ +void ppp_set_max_connect_time(unsigned int max); -#ifdef DEBUGIPV6CP -#define IPV6CPDEBUG(x) if (debug) dbglog x -#else -#define IPV6CPDEBUG(x) -#endif +/* + * Get the link idle time before shutting the link down + */ +int ppp_get_max_idle_time(void); -#ifdef DEBUGUPAP -#define UPAPDEBUG(x) if (debug) dbglog x -#else -#define UPAPDEBUG(x) -#endif +/* + * Set the link idle time before shutting the link down + */ +void ppp_set_max_idle_time(unsigned int idle); -#ifdef DEBUGCHAP -#define CHAPDEBUG(x) if (debug) dbglog x -#else -#define CHAPDEBUG(x) -#endif +/* + * Get the duration the link was up (uptime) + */ +int ppp_get_link_uptime(); + +/* + * Get the ipparam configured with pppd + */ +const char *ppp_ipparam(); -#ifndef SIGTYPE -#if defined(sun) || defined(SYSV) || defined(POSIX_SOURCE) -#define SIGTYPE void -#else -#define SIGTYPE int -#endif /* defined(sun) || defined(SYSV) || defined(POSIX_SOURCE) */ -#endif /* SIGTYPE */ +/* + * check if IP address is unreasonable + */ +bool ppp_bad_ip_addr(uint32_t); -#ifndef MIN -#define MIN(a, b) ((a) < (b)? (a): (b)) -#endif -#ifndef MAX -#define MAX(a, b) ((a) > (b)? (a): (b)) -#endif +/* + * Expose an environment variable to scripts + */ +void ppp_script_setenv(char *, char *, int); + +/* + * Unexpose an environment variable to scripts + */ +void ppp_script_unsetenv(char *); + +/* + * Test whether ppp kernel support exists + */ +int ppp_check_kernel_support(void); + +/* + * Restore device setting + */ +void ppp_generic_disestablish(int dev_fd); + +/* + * Set the interface MTU + */ +void ppp_set_mtu(int, int); + +/* + * Get the interface MTU + */ +int ppp_get_mtu(int); + +/* + * Make a ppp interface + */ +int ppp_generic_establish(int dev_fd); + +/* + * Get the peer's authentication name + */ +const char *ppp_peer_authname(char *buf, size_t bufsz); + +/* + * Get the remote name + */ +const char *ppp_remote_name(); + +/* + * Get the remote number (if set), otherwise return NULL + */ +const char *ppp_get_remote_number(void); -#ifndef offsetof -#define offsetof(type, member) ((size_t) &((type *)0)->member) +/* + * Set the remote number, typically it's a MAC address + */ +void ppp_set_remote_number(const char *buf); + +/* + * Get the current interface unit for the pppX device + */ +int ppp_ifunit(); + +/* + * Get the current interface name + */ +const char *ppp_ifname(); + +/* + * Get the current interface name + */ +int ppp_get_ifname(char *buf, size_t bufsz); + +/* + * Set the current interface name, ifname is a \0 terminated string + */ +void ppp_set_ifname(const char *ifname); + +/* + * Set the original devnam (prior to any renaming, etc). + */ +int ppp_set_pppdevnam(const char *name); + +/* + * Get the original devnam (prior to any renaming, etc). + */ +const char *ppp_pppdevnam(); + +/* + * Get the current devnam, e.g. /dev/ttyS0, /dev/ptmx + */ +const char *ppp_devnam(); + +/* + * Set the device name + */ +int ppp_set_devnam(const char *name); + +/* + * Definition for the notify callback function + * ctx - contextual argument provided with the registration + * arg - anything passed by the notification, e.g. phase, pid, etc + */ +typedef void (ppp_notify_fn)(void *ctx, int arg); + +/* + * Add a callback notification for when a given event has occured + */ +void ppp_add_notify(ppp_notify_t type, ppp_notify_fn *func, void *ctx); + +/* + * Remove a callback notification previously registered + */ +void ppp_del_notify(ppp_notify_t type, ppp_notify_fn *func, void *ctx); + +/* + * Get the path prefix in which a file is installed + */ +int ppp_get_path(ppp_path_t type, char *buf, size_t bufsz); + +/* + * Get the file with path prefix + */ +int ppp_get_filepath(ppp_path_t type, const char *name, char *buf, size_t bufsz); + +/* + * Check if pppd is to re-open link after it goes down + */ +bool ppp_persist(); + +/* + * Hooks to enable plugins to hook into various parts of the code + */ + +struct ppp_idle; /* Declared in */ +extern int (*idle_time_hook)(struct ppp_idle *); +extern int (*new_phase_hook)(int); +extern int (*holdoff_hook)(void); +extern int (*allowed_address_hook)(uint32_t addr); +extern void (*snoop_recv_hook)(unsigned char *p, int len); +extern void (*snoop_send_hook)(unsigned char *p, int len); + +#ifdef __cplusplus +} #endif #endif /* PPP_PPPD_H */ diff --git a/pppd/pppdconf.h.in b/pppd/pppdconf.h.in index 64c37f7..9fb6f4b 100644 --- a/pppd/pppdconf.h.in +++ b/pppd/pppdconf.h.in @@ -1,3 +1,31 @@ +/* + * Copyright (c) 2022 Eivind Næss. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. The name(s) of the authors of this software must not be used to + * endorse or promote products derived from this software without + * prior written permission. + * + * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO + * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS, IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY + * SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN + * AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + /* * This file is generated by configure and sets the features enabled * in pppd when configured. @@ -45,18 +73,6 @@ /* Have PEAP authentication support */ #undef PPP_WITH_PEAP -/* Use included des included with pppd */ -#undef USE_CRYPT - -/* Use included md4 included with pppd */ -#undef USE_MD4 - -/* Use included md5 included with pppd */ -#undef USE_MD5 - -/* Use included sha included with pppd */ -#undef USE_SHA - /* The pppd version */ #undef PPPD_VERSION diff --git a/pppd/session.c b/pppd/session.c index 8ab5b8b..f08d8e1 100644 --- a/pppd/session.c +++ b/pppd/session.c @@ -17,7 +17,7 @@ * 3. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Paul Mackerras - * ". + * ". * * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY @@ -89,7 +89,7 @@ #include #include #include -#include "pppd.h" +#include "pppd-private.h" #include "session.h" #ifdef PPP_WITH_PAM diff --git a/pppd/session.h b/pppd/session.h index 0b91a03..b3c46b4 100644 --- a/pppd/session.h +++ b/pppd/session.h @@ -17,7 +17,7 @@ * 3. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Paul Mackerras - * ". + * ". * * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY @@ -32,6 +32,10 @@ #include "pppdconf.h" +#ifdef __cplusplus +extern "C" { +#endif + #define SESS_AUTH 1 /* Check User Authentication */ #define SESS_ACCT 2 /* Check Account Validity */ @@ -89,4 +93,8 @@ session_start(const int flags, const char* user, const char* passwd, const char* void session_end(const char* tty); +#ifdef __cplusplus +} +#endif + #endif // PPP_SESSION_H diff --git a/pppd/sha1.c b/pppd/sha1.c deleted file mode 100644 index 4fc5345..0000000 --- a/pppd/sha1.c +++ /dev/null @@ -1,174 +0,0 @@ -/* - * ftp://ftp.funet.fi/pub/crypt/hash/sha/sha1.c - * - * SHA-1 in C - * By Steve Reid - * 100% Public Domain - * - * Test Vectors (from FIPS PUB 180-1) - * "abc" - * A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D - * "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" - * 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1 - * A million repetitions of "a" - * 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F - */ - -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif - -/* #define SHA1HANDSOFF * Copies data before messing with it. */ - -#include -#include -#include /* htonl() */ -#include "sha1.h" - -static void -SHA1_Transform(u_int32_t[5], const unsigned char[64]); - -#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits)))) - -/* blk0() and blk() perform the initial expand. */ -/* I got the idea of expanding during the round function from SSLeay */ -#define blk0(i) (block->l[i] = htonl(block->l[i])) -#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \ - ^block->l[(i+2)&15]^block->l[i&15],1)) - -/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */ -#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30); -#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30); -#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30); -#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30); -#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30); - - -/* Hash a single 512-bit block. This is the core of the algorithm. */ - -static void -SHA1_Transform(u_int32_t state[5], const unsigned char buffer[64]) -{ - u_int32_t a, b, c, d, e; - typedef union { - unsigned char c[64]; - u_int32_t l[16]; - } CHAR64LONG16; - CHAR64LONG16 *block; - -#ifdef SHA1HANDSOFF - static unsigned char workspace[64]; - block = (CHAR64LONG16 *) workspace; - memcpy(block, buffer, 64); -#else - block = (CHAR64LONG16 *) buffer; -#endif - /* Copy context->state[] to working vars */ - a = state[0]; - b = state[1]; - c = state[2]; - d = state[3]; - e = state[4]; - /* 4 rounds of 20 operations each. Loop unrolled. */ - R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); - R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); - R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); - R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); - R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); - R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); - R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); - R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); - R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); - R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); - R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); - R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); - R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); - R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); - R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); - R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); - R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); - R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); - R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); - R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); - /* Add the working vars back into context.state[] */ - state[0] += a; - state[1] += b; - state[2] += c; - state[3] += d; - state[4] += e; - /* Wipe variables */ - a = b = c = d = e = 0; -} - - -/* SHA1Init - Initialize new context */ - -void -SHA1_Init(SHA1_CTX *context) -{ - /* SHA1 initialization constants */ - context->state[0] = 0x67452301; - context->state[1] = 0xEFCDAB89; - context->state[2] = 0x98BADCFE; - context->state[3] = 0x10325476; - context->state[4] = 0xC3D2E1F0; - context->count[0] = context->count[1] = 0; -} - - -/* Run your data through this. */ - -void -SHA1_Update(SHA1_CTX *context, const unsigned char *data, unsigned int len) -{ - unsigned int i, j; - - j = (context->count[0] >> 3) & 63; - if ((context->count[0] += len << 3) < (len << 3)) context->count[1]++; - context->count[1] += (len >> 29); - i = 64 - j; - while (len >= i) { - memcpy(&context->buffer[j], data, i); - SHA1_Transform(context->state, context->buffer); - data += i; - len -= i; - i = 64; - j = 0; - } - - memcpy(&context->buffer[j], data, len); -} - - -/* Add padding and return the message digest. */ - -void -SHA1_Final(unsigned char digest[20], SHA1_CTX *context) -{ - u_int32_t i, j; - unsigned char finalcount[8]; - - for (i = 0; i < 8; i++) { - finalcount[i] = (unsigned char)((context->count[(i >= 4 ? 0 : 1)] - >> ((3-(i & 3)) * 8) ) & 255); /* Endian independent */ - } - SHA1_Update(context, (unsigned char *) "\200", 1); - while ((context->count[0] & 504) != 448) { - SHA1_Update(context, (unsigned char *) "\0", 1); - } - SHA1_Update(context, finalcount, 8); /* Should cause a SHA1Transform() */ - for (i = 0; i < 20; i++) { - digest[i] = (unsigned char) - ((context->state[i>>2] >> ((3-(i & 3)) * 8) ) & 255); - } - /* Wipe variables */ - i = j = 0; - memset(context->buffer, 0, 64); - memset(context->state, 0, 20); - memset(context->count, 0, 8); - memset(&finalcount, 0, 8); -#ifdef SHA1HANDSOFF /* make SHA1Transform overwrite it's own static vars */ - SHA1Transform(context->state, context->buffer); -#endif -} - diff --git a/pppd/sha1.h b/pppd/sha1.h deleted file mode 100644 index 2325133..0000000 --- a/pppd/sha1.h +++ /dev/null @@ -1,35 +0,0 @@ -/* sha1.h */ - -#ifndef PPP_SHA1_H -#define PPP_SHA1_H - -#include "pppdconf.h" - -#ifndef USE_SHA -#include - -#define SHA1_CTX SHA_CTX -#define SHA1_SIGNATURE_SIZE SHA_DIGEST_LENGTH - -#else - -#ifndef SHA1_SIGNATURE_SIZE -#ifdef SHA_DIGESTSIZE -#define SHA1_SIGNATURE_SIZE SHA_DIGESTSIZE -#else -#define SHA1_SIGNATURE_SIZE 20 -#endif -#endif - -typedef struct { - u_int32_t state[5]; - u_int32_t count[2]; - unsigned char buffer[64]; -} SHA1_CTX; - -extern void SHA1_Init(SHA1_CTX *); -extern void SHA1_Update(SHA1_CTX *, const unsigned char *, unsigned int); -extern void SHA1_Final(unsigned char[SHA1_SIGNATURE_SIZE], SHA1_CTX *); - -#endif /* USE_SHA */ -#endif /* PPP_SHA1_H */ diff --git a/pppd/spinlock.h b/pppd/spinlock.h index b36d2a8..5835a4a 100644 --- a/pppd/spinlock.h +++ b/pppd/spinlock.h @@ -1,3 +1,29 @@ +/* + Unix SMB/CIFS implementation. + + trivial database library + + Copyright (C) Anton Blanchard 2001 + + ** NOTE! The following LGPL license applies to the tdb + ** library. This does NOT imply that all of Samba is released + ** under the LGPL + + This library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2 of the License, or (at your option) any later version. + + This library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA +*/ + #ifndef PPP_SPINLOCK_H #define PPP_SPINLOCK_H diff --git a/pppd/sys-linux.c b/pppd/sys-linux.c index ff3a249..c0955a0 100644 --- a/pppd/sys-linux.c +++ b/pppd/sys-linux.c @@ -18,7 +18,7 @@ * 3. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Paul Mackerras - * ". + * ". * * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY @@ -131,15 +131,8 @@ #include #include #include -/* Attempt at retaining compile-support with older than 4.7 kernels, or kernels - * where RTM_NEWSTATS isn't defined for whatever reason. - */ -#ifndef RTM_NEWSTATS -#define RTM_NEWSTATS 92 -#define RTM_GETSTATS 94 -#define IFLA_STATS_LINK_64 1 - #include + /* glibc versions prior to 2.24 do not define SOL_NETLINK */ #ifndef SOL_NETLINK #define SOL_NETLINK 270 @@ -149,9 +142,15 @@ #ifndef NETLINK_CAP_ACK #define NETLINK_CAP_ACK 10 #endif + +/* linux kernel versions prior to 4.7 do not define/support IFLA_PPP_DEV_FD */ +#ifndef IFLA_PPP_MAX +/* IFLA_PPP_DEV_FD is declared as enum when IFLA_PPP_MAX is defined */ +#define IFLA_PPP_DEV_FD 1 #endif -#include "pppd.h" +#include "pppd-private.h" +#include "options.h" #include "fsm.h" #include "ipcp.h" @@ -159,6 +158,8 @@ #include "eui64.h" #endif /* PPP_WITH_IPV6CP */ +#include "multilink.h" + #ifdef PPP_WITH_FILTER #include #include @@ -290,6 +291,147 @@ extern int dfl_route_metric; memset ((char *) &(addr), '\0', sizeof(addr)); \ addr.sa_family = (family); + +/* + * rtnetlink_msg - send rtnetlink message, receive response + * and return received error code: + * 0 - success + * positive value - error during sending / receiving message + * negative value - rtnetlink responce error code + */ +static int rtnetlink_msg(const char *desc, int *shared_fd, void *nlreq, size_t nlreq_len, void *nlresp_data, size_t *nlresp_size, unsigned nlresp_type) +{ + struct nlresp_hdr { + struct nlmsghdr nlh; + struct nlmsgerr nlerr; + } nlresp_hdr; + struct sockaddr_nl nladdr; + struct iovec iov[2]; + struct msghdr msg; + ssize_t nlresp_len; + int one; + int fd; + + if (shared_fd && *shared_fd >= 0) { + fd = *shared_fd; + } else { + fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE); + if (fd < 0) { + error("rtnetlink_msg: socket(NETLINK_ROUTE): %m (line %d)", __LINE__); + return 1; + } + + /* + * Tell kernel to not send to us payload of acknowledgment error message. + * NETLINK_CAP_ACK option is supported since Linux kernel version 4.3 and + * older kernel versions always send full payload in acknowledgment netlink + * message. We ignore payload of this message as we need only error code, + * to check if our set remote peer address request succeeded or failed. + * So ignore return value from the following setsockopt() call as setting + * option NETLINK_CAP_ACK means for us just a kernel hint / optimization. + */ + one = 1; + setsockopt(fd, SOL_NETLINK, NETLINK_CAP_ACK, &one, sizeof(one)); + + memset(&nladdr, 0, sizeof(nladdr)); + nladdr.nl_family = AF_NETLINK; + + if (bind(fd, (struct sockaddr *)&nladdr, sizeof(nladdr)) < 0) { + error("rtnetlink_msg: bind(AF_NETLINK): %m (line %d)", __LINE__); + close(fd); + return 1; + } + + if (shared_fd) + *shared_fd = fd; + } + + memset(&nladdr, 0, sizeof(nladdr)); + nladdr.nl_family = AF_NETLINK; + + memset(&iov[0], 0, sizeof(iov[0])); + iov[0].iov_base = nlreq; + iov[0].iov_len = nlreq_len; + + memset(&msg, 0, sizeof(msg)); + msg.msg_name = &nladdr; + msg.msg_namelen = sizeof(nladdr); + msg.msg_iov = &iov[0]; + msg.msg_iovlen = 1; + + if (sendmsg(fd, &msg, 0) < 0) { + error("rtnetlink_msg: sendmsg(%s): %m (line %d)", desc, __LINE__); + if (!shared_fd) + close(fd); + return 1; + } + + memset(iov, 0, sizeof(iov)); + iov[0].iov_base = &nlresp_hdr; + if (nlresp_size && *nlresp_size > sizeof(nlresp_hdr)) { + iov[0].iov_len = offsetof(struct nlresp_hdr, nlerr); + iov[1].iov_base = nlresp_data; + iov[1].iov_len = *nlresp_size; + } else { + iov[0].iov_len = sizeof(nlresp_hdr); + } + + memset(&msg, 0, sizeof(msg)); + msg.msg_name = &nladdr; + msg.msg_namelen = sizeof(nladdr); + msg.msg_iov = iov; + msg.msg_iovlen = (nlresp_size && *nlresp_size > sizeof(nlresp_hdr)) ? 2 : 1; + + nlresp_len = recvmsg(fd, &msg, 0); + + if (!shared_fd) + close(fd); + + if (nlresp_len < 0) { + error("rtnetlink_msg: recvmsg(%s): %m (line %d)", desc, __LINE__); + return 1; + } + + if (nladdr.nl_family != AF_NETLINK) { + error("rtnetlink_msg: recvmsg(%s): Not a netlink packet (line %d)", desc, __LINE__); + return 1; + } + + if (!nlresp_size) { + if ((size_t)nlresp_len < sizeof(nlresp_hdr) || nlresp_hdr.nlh.nlmsg_len < sizeof(nlresp_hdr)) { + error("rtnetlink_msg: recvmsg(%s): Acknowledgment netlink packet too short (line %d)", desc, __LINE__); + return 1; + } + + /* acknowledgment packet for NLM_F_ACK is NLMSG_ERROR */ + if (nlresp_hdr.nlh.nlmsg_type != NLMSG_ERROR) { + error("rtnetlink_msg: recvmsg(%s): Not an acknowledgment netlink packet (line %d)", desc, __LINE__); + return 1; + } + } + + if (nlresp_size) { + if (*nlresp_size > sizeof(nlresp_hdr)) + memcpy((unsigned char *)&nlresp_hdr + offsetof(struct nlresp_hdr, nlerr), nlresp_data, sizeof(nlresp_hdr.nlerr)); + else + memcpy(nlresp_data, (unsigned char *)&nlresp_hdr + offsetof(struct nlresp_hdr, nlerr), *nlresp_size); + } + + /* error == 0 indicates success, negative value is errno code */ + if (nlresp_hdr.nlh.nlmsg_type == NLMSG_ERROR && nlresp_hdr.nlerr.error) + return nlresp_hdr.nlerr.error; + + if (nlresp_size) { + if (nlresp_hdr.nlh.nlmsg_type != nlresp_type) { + error("rtnetlink_msg: recvmsg(%s): Not a netlink packet of type 0x%x (line %d)", desc, nlresp_type, __LINE__); + return 1; + } + *nlresp_size = nlresp_len - offsetof(struct nlresp_hdr, nlerr); + } + + return 0; +} + /* * Determine if the PPP connection should still be present. */ @@ -398,10 +540,10 @@ void sys_cleanup(void) /******************************************************************** * - * sys_close - Clean up in a child process before execing. + * ppp_sys_close - Clean up in a child process before execing. */ void -sys_close(void) +ppp_sys_close(void) { if (new_style_driver && ppp_dev_fd >= 0) close(ppp_dev_fd); @@ -465,7 +607,7 @@ int tty_establish_ppp (int tty_fd) #ifndef N_SYNC_PPP #define N_SYNC_PPP 14 #endif - ppp_disc = (new_style_driver && sync_serial)? N_SYNC_PPP: N_PPP; + ppp_disc = (new_style_driver && ppp_sync_serial())? N_SYNC_PPP: N_PPP; if (ioctl(tty_fd, TIOCSETD, &ppp_disc) < 0) { if ( ! ok_error (errno) ) { error("Couldn't set tty to PPP discipline: %m"); @@ -473,7 +615,7 @@ int tty_establish_ppp (int tty_fd) } } - ret_fd = generic_establish_ppp(tty_fd); + ret_fd = ppp_generic_establish(tty_fd); #define SC_RCVB (SC_RCV_B7_0 | SC_RCV_B7_1 | SC_RCV_EVNP | SC_RCV_ODDP) #define SC_LOGB (SC_DEBUG | SC_LOG_INPKT | SC_LOG_OUTPKT | SC_LOG_RAWIN \ @@ -494,7 +636,7 @@ int tty_establish_ppp (int tty_fd) * * generic_establish_ppp - Turn the fd into a ppp interface. */ -int generic_establish_ppp (int fd) +int ppp_generic_establish (int fd) { int x; @@ -631,16 +773,16 @@ void tty_disestablish_ppp(int tty_fd) flushfailed: initfdflags = -1; - generic_disestablish_ppp(tty_fd); + ppp_generic_disestablish(tty_fd); } /******************************************************************** * - * generic_disestablish_ppp - Restore device components to normal + * ppp_generic_disestablish - Restore device components to normal * operation, and reconnect the ppp unit to the loopback if in demand * mode. This shouldn't call die() because it's called from die(). */ -void generic_disestablish_ppp(int dev_fd) +void ppp_generic_disestablish(int dev_fd) { if (new_style_driver) { close(ppp_fd); @@ -648,7 +790,7 @@ void generic_disestablish_ppp(int dev_fd) if (demand) { modify_flags(ppp_dev_fd, 0, SC_LOOP_TRAFFIC); looped = 1; - } else if (!doing_multilink && ppp_dev_fd >= 0) { + } else if (!mp_on() && ppp_dev_fd >= 0) { close(ppp_dev_fd); remove_fd(ppp_dev_fd); ppp_dev_fd = -1; @@ -662,6 +804,84 @@ void generic_disestablish_ppp(int dev_fd) } } +/* + * make_ppp_unit_rtnetlink - register a new ppp network interface for ppp_dev_fd + * with specified req_ifname via rtnetlink. Interface name req_ifname must not + * be empty. Custom ppp unit id req_unit is ignored and kernel choose some free. + */ +static int make_ppp_unit_rtnetlink(void) +{ + struct { + struct nlmsghdr nlh; + struct ifinfomsg ifm; + struct { + struct rtattr rta; + char ifname[IFNAMSIZ]; + } ifn; + struct { + struct rtattr rta; + struct { + struct rtattr rta; + char ifkind[sizeof("ppp")]; + } ifik; + struct { + struct rtattr rta; + struct { + struct rtattr rta; + union { + int ppp_dev_fd; + } ppp; + } ifdata[1]; + } ifid; + } ifli; + } nlreq; + int resp; + + memset(&nlreq, 0, sizeof(nlreq)); + nlreq.nlh.nlmsg_len = sizeof(nlreq); + nlreq.nlh.nlmsg_type = RTM_NEWLINK; + nlreq.nlh.nlmsg_flags = NLM_F_REQUEST | NLM_F_ACK | NLM_F_EXCL | NLM_F_CREATE; + nlreq.ifm.ifi_family = AF_UNSPEC; + nlreq.ifm.ifi_type = ARPHRD_NETROM; + nlreq.ifn.rta.rta_len = sizeof(nlreq.ifn); + nlreq.ifn.rta.rta_type = IFLA_IFNAME; + strlcpy(nlreq.ifn.ifname, req_ifname, sizeof(nlreq.ifn.ifname)); + nlreq.ifli.rta.rta_len = sizeof(nlreq.ifli); + nlreq.ifli.rta.rta_type = IFLA_LINKINFO; + nlreq.ifli.ifik.rta.rta_len = sizeof(nlreq.ifli.ifik); + nlreq.ifli.ifik.rta.rta_type = IFLA_INFO_KIND; + strcpy(nlreq.ifli.ifik.ifkind, "ppp"); + nlreq.ifli.ifid.rta.rta_len = sizeof(nlreq.ifli.ifid); + nlreq.ifli.ifid.rta.rta_type = IFLA_INFO_DATA; + nlreq.ifli.ifid.ifdata[0].rta.rta_len = sizeof(nlreq.ifli.ifid.ifdata[0]); + nlreq.ifli.ifid.ifdata[0].rta.rta_type = IFLA_PPP_DEV_FD; + nlreq.ifli.ifid.ifdata[0].ppp.ppp_dev_fd = ppp_dev_fd; + + /* + * See kernel function ppp_nl_newlink(), which may return -EBUSY to prevent + * possible deadlock in kernel and ask userspace to retry request again. + */ + do { + resp = rtnetlink_msg("RTM_NEWLINK/NLM_F_CREATE", NULL, &nlreq, sizeof(nlreq), NULL, NULL, 0); + } while (resp == -EBUSY); + + if (resp) { + /* + * Linux kernel versions prior to 4.7 do not support creating ppp + * interfaces via rtnetlink API and therefore error response is + * expected. On older kernel versions do not show this error message. + * When error is different than EEXIST then pppd tries to fallback to + * the old ioctl method. + */ + errno = (resp < 0) ? -resp : EINVAL; + if (kernel_version >= KVERSION(4,7,0)) + error("Couldn't create ppp interface %s: %m", req_ifname); + return 0; + } + + return 1; +} + /* * make_ppp_unit - make a new ppp unit for ppp_dev_fd. * Assumes new_style_driver. @@ -682,6 +902,33 @@ static int make_ppp_unit(void) || fcntl(ppp_dev_fd, F_SETFL, flags | O_NONBLOCK) == -1) warn("Couldn't set /dev/ppp to nonblock: %m"); + /* + * Via rtnetlink it is possible to create ppp network interface with + * custom ifname atomically. But it is not possible to specify custom + * ppp unit id. + * + * Tools like systemd, udev or NetworkManager are trying to query + * interface attributes based on interface name immediately when new + * network interface is created. And therefore immediate interface + * renaming is causing issues. + * + * So use rtnetlink API only when user requested custom ifname. It will + * avoid system issues with interface renaming. + */ + if (req_unit == -1 && req_ifname[0] != '\0' && kernel_version >= KVERSION(2,1,16)) { + if (make_ppp_unit_rtnetlink()) { + if (ioctl(ppp_dev_fd, PPPIOCGUNIT, &ifunit)) + fatal("Couldn't retrieve PPP unit id: %m"); + return 0; + } + /* + * If interface with requested name already exist return error + * otherwise fallback to old ioctl method. + */ + if (errno == EEXIST) + return -1; + } + ifunit = req_unit; x = ioctl(ppp_dev_fd, PPPIOCNEWUNIT, &ifunit); if (x < 0 && req_unit >= 0 && errno == EEXIST) { @@ -689,6 +936,11 @@ static int make_ppp_unit(void) ifunit = -1; x = ioctl(ppp_dev_fd, PPPIOCNEWUNIT, &ifunit); } + if (x < 0 && errno == EEXIST) { + srand(time(NULL) * getpid()); + ifunit = rand() % 10000; + x = ioctl(ppp_dev_fd, PPPIOCNEWUNIT, &ifunit); + } if (x < 0) error("Couldn't create new ppp unit: %m"); @@ -1244,7 +1496,7 @@ int read_packet (unsigned char *buf) error("read /dev/ppp: %m"); if (nr < 0 && errno == ENXIO) nr = 0; - if (nr == 0 && doing_multilink) { + if (nr == 0 && mp_on()) { remove_fd(ppp_dev_fd); bundle_eof = 1; } @@ -1290,7 +1542,7 @@ get_loop_output(void) * netif_set_mtu - set the MTU on the PPP network interface. */ void -netif_set_mtu(int unit, int mtu) +ppp_set_mtu(int unit, int mtu) { struct ifreq ifr; @@ -1306,7 +1558,7 @@ netif_set_mtu(int unit, int mtu) * netif_get_mtu - get the MTU on the PPP network interface. */ int -netif_get_mtu(int unit) +ppp_get_mtu(int unit) { struct ifreq ifr; @@ -1341,7 +1593,7 @@ void tty_send_config(int mtu, u_int32_t asyncmap, int pcomp, int accomp) } x = (pcomp? SC_COMP_PROT: 0) | (accomp? SC_COMP_AC: 0) - | (sync_serial? SC_SYNC: 0); + | (ppp_sync_serial()? SC_SYNC: 0); modify_flags(ppp_fd, SC_COMP_PROT|SC_COMP_AC|SC_SYNC, x); } @@ -1514,123 +1766,57 @@ get_ppp_stats_ioctl(int u, struct pppd_stats *stats) static int get_ppp_stats_rtnetlink(int u, struct pppd_stats *stats) { - static int rtnl_fd = -1; +#ifdef RTM_NEWSTATS + static int fd = -1; - struct sockaddr_nl nladdr; struct { struct nlmsghdr nlh; struct if_stats_msg ifsm; } nlreq; - struct nlresp { - struct nlmsghdr nlh; - union { - struct { - struct nlmsgerr nlerr; - char __end_err[0]; - }; - struct { - struct rtmsg rth; - struct { - /* We only case about these first fields from rtnl_link_stats64 */ - uint64_t rx_packets; - uint64_t tx_packets; - uint64_t rx_bytes; - uint64_t tx_bytes; - } stats; - char __end_stats[0]; - }; - }; - } nlresp; - ssize_t nlresplen; - struct iovec iov; - struct msghdr msg; - - memset(&nladdr, 0, sizeof(nladdr)); - nladdr.nl_family = AF_NETLINK; - - if (rtnl_fd < 0) { - rtnl_fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE); - if (rtnl_fd < 0) { - error("get_ppp_stats_rtnetlink: error creating NETLINK socket: %m (line %d)", __LINE__); - return 0; - } - - if (bind(rtnl_fd, (struct sockaddr *)&nladdr, sizeof(nladdr)) < 0) { - error("get_ppp_stats_rtnetlink: bind(AF_NETLINK): %m (line %d)", __LINE__); - goto err; - } - } + struct { + struct rtmsg rth; + struct { + /* We only case about these first fields from rtnl_link_stats64 */ + uint64_t rx_packets; + uint64_t tx_packets; + uint64_t rx_bytes; + uint64_t tx_bytes; + } stats; + } nlresp_data; + size_t nlresp_size; + int resp; memset(&nlreq, 0, sizeof(nlreq)); nlreq.nlh.nlmsg_len = sizeof(nlreq); nlreq.nlh.nlmsg_type = RTM_GETSTATS; nlreq.nlh.nlmsg_flags = NLM_F_REQUEST; - nlreq.ifsm.ifindex = if_nametoindex(ifname); nlreq.ifsm.filter_mask = IFLA_STATS_LINK_64; - memset(&iov, 0, sizeof(iov)); - iov.iov_base = &nlreq; - iov.iov_len = sizeof(nlreq); - - memset(&msg, 0, sizeof(msg)); - msg.msg_name = &nladdr; - msg.msg_namelen = sizeof(nladdr); - msg.msg_iov = &iov; - msg.msg_iovlen = 1; - - if (sendmsg(rtnl_fd, &msg, 0) < 0) { - error("get_ppp_stats_rtnetlink: sendmsg(RTM_GETSTATS): %m (line %d)", __LINE__); - goto err; - } - - /* We just need to repoint to IOV ... everything else stays the same */ - iov.iov_base = &nlresp; - iov.iov_len = sizeof(nlresp); - - nlresplen = recvmsg(rtnl_fd, &msg, 0); - - if (nlresplen < 0) { - error("get_ppp_stats_rtnetlink: recvmsg(RTM_GETSTATS): %m (line %d)", __LINE__); - goto err; - } - - if (nlresplen < sizeof(nlresp.nlh)) { - error("get_ppp_stats_rtnetlink: Netlink response message was incomplete (line %d)", __LINE__); - goto err; - } - - if (nlresp.nlh.nlmsg_type == NLMSG_ERROR) { - if (nlresplen < offsetof(struct nlresp, __end_err)) { - if (kernel_version >= KVERSION(4,7,0)) - error("get_ppp_stats_rtnetlink: Netlink responded with error: %s (line %d)", strerror(-nlresp.nlerr.error), __LINE__); - } else { - error("get_ppp_stats_rtnetlink: Netlink responded with an error message, but the nlmsgerr structure is incomplete (line %d).", - __LINE__); - } - goto err; - } - - if (nlresp.nlh.nlmsg_type != RTM_NEWSTATS) { - error("get_ppp_stats_rtnetlink: Expected RTM_NEWSTATS response, found something else (mlmsg_type %d, line %d)", - nlresp.nlh.nlmsg_type, __LINE__); - goto err; + nlresp_size = sizeof(nlresp_data); + resp = rtnetlink_msg("RTM_GETSTATS/NLM_F_REQUEST", &fd, &nlreq, sizeof(nlreq), &nlresp_data, &nlresp_size, RTM_NEWSTATS); + if (resp) { + errno = (resp < 0) ? -resp : EINVAL; + if (kernel_version >= KVERSION(4,7,0)) + error("get_ppp_stats_rtnetlink: %m (line %d)", __LINE__); + goto err; } - if (nlresplen < offsetof(struct nlresp, __end_stats)) { + if (nlresp_size < sizeof(nlresp_data)) { error("get_ppp_stats_rtnetlink: Obtained an insufficiently sized rtnl_link_stats64 struct from the kernel (line %d).", __LINE__); goto err; } - stats->bytes_in = nlresp.stats.rx_bytes; - stats->bytes_out = nlresp.stats.tx_bytes; - stats->pkts_in = nlresp.stats.rx_packets; - stats->pkts_out = nlresp.stats.tx_packets; + stats->bytes_in = nlresp_data.stats.rx_bytes; + stats->bytes_out = nlresp_data.stats.tx_bytes; + stats->pkts_in = nlresp_data.stats.rx_packets; + stats->pkts_out = nlresp_data.stats.tx_packets; return 1; err: - close(rtnl_fd); - rtnl_fd = -1; + close(fd); + fd = -1; +#endif return 0; } @@ -2007,11 +2193,27 @@ int sifdefaultroute (int unit, u_int32_t ouraddr, u_int32_t gateway, bool replac * - this is normally only the case the doing demand: */ if (defaultroute_exists(&tmp_rt, -1)) del_rt = &tmp_rt; + } else if (!replace) { + /* + * We don't want to replace an existing route. + * We may however add our route along an existing route with a different + * metric. + */ + if (defaultroute_exists(&rt, dfl_route_metric) && strcmp(rt.rt_dev, ifname) != 0) { + if (rt.rt_flags & RTF_GATEWAY) + error("not replacing existing default route via %I with metric %d", + SIN_ADDR(rt.rt_gateway), dfl_route_metric); + else + error("not replacing existing default route through %s with metric %d", + rt.rt_dev, dfl_route_metric); + return 0; + } } else if (defaultroute_exists(&old_def_rt, -1 ) && strcmp( old_def_rt.rt_dev, ifname) != 0) { /* - * We did not yet replace an existing default route, let's - * check if we should save and replace a default route: + * We want to replace an existing route and did not replace an existing + * default route yet, let's check if we should save and replace an + * existing default route: */ u_int32_t old_gateway = SIN_ADDR(old_def_rt.rt_gateway); @@ -2666,11 +2868,11 @@ ppp_registered(void) /******************************************************************** * - * ppp_available - check whether the system has any ppp interfaces + * ppp_check_kernel_support - check whether the system has any ppp interfaces * (in fact we check whether we can do an ioctl on ppp0). */ -int ppp_available(void) +int ppp_check_kernel_support(void) { int s, ok, fd; struct ifreq ifr; @@ -3167,43 +3369,7 @@ static int sif6addr_rtnetlink(unsigned int iface, eui64_t our_eui64, eui64_t his struct in6_addr addr; } addrs[2]; } nlreq; - struct { - struct nlmsghdr nlh; - struct nlmsgerr nlerr; - } nlresp; - struct sockaddr_nl nladdr; - struct iovec iov; - struct msghdr msg; - ssize_t nlresplen; - int one; - int fd; - - fd = socket(AF_NETLINK, SOCK_RAW, NETLINK_ROUTE); - if (fd < 0) { - error("sif6addr_rtnetlink: socket(NETLINK_ROUTE): %m (line %d)", __LINE__); - return 0; - } - - /* - * Tell kernel to not send to us payload of acknowledgment error message. - * NETLINK_CAP_ACK option is supported since Linux kernel version 4.3 and - * older kernel versions always send full payload in acknowledgment netlink - * message. We ignore payload of this message as we need only error code, - * to check if our set remote peer address request succeeded or failed. - * So ignore return value from the following setsockopt() call as setting - * option NETLINK_CAP_ACK means for us just a kernel hint / optimization. - */ - one = 1; - setsockopt(fd, SOL_NETLINK, NETLINK_CAP_ACK, &one, sizeof(one)); - - memset(&nladdr, 0, sizeof(nladdr)); - nladdr.nl_family = AF_NETLINK; - - if (bind(fd, (struct sockaddr *)&nladdr, sizeof(nladdr)) < 0) { - error("sif6addr_rtnetlink: bind(AF_NETLINK): %m (line %d)", __LINE__); - close(fd); - return 0; - } + int resp; memset(&nlreq, 0, sizeof(nlreq)); nlreq.nlh.nlmsg_len = sizeof(nlreq); @@ -3233,71 +3399,17 @@ static int sif6addr_rtnetlink(unsigned int iface, eui64_t our_eui64, eui64_t his else IN6_LLADDR_FROM_EUI64(nlreq.addrs[1].addr, our_eui64); - memset(&nladdr, 0, sizeof(nladdr)); - nladdr.nl_family = AF_NETLINK; - - memset(&iov, 0, sizeof(iov)); - iov.iov_base = &nlreq; - iov.iov_len = sizeof(nlreq); - - memset(&msg, 0, sizeof(msg)); - msg.msg_name = &nladdr; - msg.msg_namelen = sizeof(nladdr); - msg.msg_iov = &iov; - msg.msg_iovlen = 1; - - if (sendmsg(fd, &msg, 0) < 0) { - error("sif6addr_rtnetlink: sendmsg(RTM_NEWADDR/NLM_F_CREATE): %m (line %d)", __LINE__); - close(fd); - return 0; - } - - memset(&iov, 0, sizeof(iov)); - iov.iov_base = &nlresp; - iov.iov_len = sizeof(nlresp); - - memset(&msg, 0, sizeof(msg)); - msg.msg_name = &nladdr; - msg.msg_namelen = sizeof(nladdr); - msg.msg_iov = &iov; - msg.msg_iovlen = 1; - - nlresplen = recvmsg(fd, &msg, 0); - - if (nlresplen < 0) { - error("sif6addr_rtnetlink: recvmsg(NLM_F_ACK): %m (line %d)", __LINE__); - close(fd); - return 0; - } - - close(fd); - - if (nladdr.nl_family != AF_NETLINK) { - error("sif6addr_rtnetlink: recvmsg(NLM_F_ACK): Not a netlink packet (line %d)", __LINE__); - return 0; - } - - if ((size_t)nlresplen != sizeof(nlresp) || nlresp.nlh.nlmsg_len < sizeof(nlresp)) { - error("sif6addr_rtnetlink: recvmsg(NLM_F_ACK): Acknowledgment netlink packet too short (line %d)", __LINE__); - return 0; - } - - /* acknowledgment packet for NLM_F_ACK is NLMSG_ERROR */ - if (nlresp.nlh.nlmsg_type != NLMSG_ERROR) { - error("sif6addr_rtnetlink: recvmsg(NLM_F_ACK): Not an acknowledgment netlink packet (line %d)", __LINE__); - return 0; - } - - /* error == 0 indicates success, negative value is errno code */ - if (nlresp.nlerr.error != 0) { + resp = rtnetlink_msg("RTM_NEWADDR/NLM_F_CREATE", NULL, &nlreq, sizeof(nlreq), NULL, NULL, 0); + if (resp) { /* * Linux kernel versions prior 3.11 do not support setting IPv6 peer * addresses and error response is expected. On older kernel versions * do not show this error message. On error pppd tries to fallback to * the old IOCTL method. */ + errno = (resp < 0) ? -resp : EINVAL; if (kernel_version >= KVERSION(3,11,0)) - error("sif6addr_rtnetlink: %s (line %d)", strerror(-nlresp.nlerr.error), __LINE__); + error("sif6addr_rtnetlink: %m (line %d)", __LINE__); return 0; } @@ -3573,7 +3685,7 @@ int get_host_seed(void) { int h; - char *p = hostname; + const char *p; h = 407; for (p = hostname; *p != 0; ++p) @@ -3590,7 +3702,7 @@ int sys_check_options(void) { if (demand && driver_is_old) { - option_error("demand dialling is not supported by kernel driver " + ppp_option_error("demand dialling is not supported by kernel driver " "version %d.%d.%d", driver_version, driver_modification, driver_patch); return 0; @@ -3607,7 +3719,7 @@ sys_check_options(void) * get_time - Get current time, monotonic if possible. */ int -get_time(struct timeval *tv) +ppp_get_time(struct timeval *tv) { /* Old glibc (< 2.3.4) does define CLOCK_MONOTONIC, but kernel may have it. * Runtime checking makes it safe. */ diff --git a/pppd/sys-solaris.c b/pppd/sys-solaris.c index d903721..be36b1b 100644 --- a/pppd/sys-solaris.c +++ b/pppd/sys-solaris.c @@ -34,7 +34,7 @@ * 3. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Paul Mackerras - * ". + * ". * * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY @@ -135,7 +135,7 @@ #include #endif -#include "pppd.h" +#include "pppd-private.h" #include "fsm.h" #include "lcp.h" #include "ipcp.h" @@ -820,7 +820,7 @@ sys_cleanup(void) * sys_close - Clean up in a child process before execing. */ void -sys_close(void) +ppp_sys_close(void) { close(ipfd); #if defined(PPP_WITH_IPV6CP) && defined(SOL2) @@ -865,10 +865,10 @@ daemon(int nochdir, int noclose) #endif /* - * ppp_available - check whether the system has any ppp interfaces + * ppp_check_kernel_support - check whether the system has any ppp interfaces */ int -ppp_available(void) +ppp_check_kernel_support(void) { struct stat buf; @@ -915,7 +915,7 @@ tty_establish_ppp(int fd) /* Push the async hdlc module and the compressor module. */ tty_npushed = 0; - if(!sync_serial) { + if(!ppp_sync_serial()) { if (ioctl(fd, I_PUSH, AHDLC_MOD_NAME) < 0) { error("Couldn't push PPP Async HDLC module: %m"); return -1; @@ -1160,12 +1160,12 @@ set_up_tty(int fd, int local) struct termiox tiox; #endif - if (!sync_serial && tcgetattr(fd, &tios) < 0) + if (!ppp_sync_serial() && tcgetattr(fd, &tios) < 0) fatal("tcgetattr: %m"); #ifndef CRTSCTS termiox_ok = 1; - if (!sync_serial && ioctl (fd, TCGETX, &tiox) < 0) { + if (!ppp_sync_serial() && ioctl (fd, TCGETX, &tiox) < 0) { termiox_ok = 0; if (errno != ENOTTY) error("TCGETX: %m"); @@ -1177,7 +1177,7 @@ set_up_tty(int fd, int local) #ifndef CRTSCTS inittermiox = tiox; #endif - if (!sync_serial) + if (!ppp_sync_serial()) ioctl(fd, TIOCGWINSZ, &wsinfo); } @@ -1225,21 +1225,21 @@ set_up_tty(int fd, int local) * We can't proceed if the serial port speed is 0, * since that implies that the serial port is disabled. */ - if ((speed == B0) && !sync_serial) + if ((speed == B0) && !ppp_sync_serial()) fatal("Baud rate for %s is 0; need explicit baud rate", devnam); } - if (!sync_serial && tcsetattr(fd, TCSAFLUSH, &tios) < 0) + if (!ppp_sync_serial() && tcsetattr(fd, TCSAFLUSH, &tios) < 0) fatal("tcsetattr: %m"); #ifndef CRTSCTS - if (!sync_serial && termiox_ok && ioctl (fd, TCSETXF, &tiox) < 0){ + if (!ppp_sync_serial() && termiox_ok && ioctl (fd, TCSETXF, &tiox) < 0){ error("TCSETXF: %m"); } #endif baud_rate = inspeed = baud_rate_of(speed); - if (!sync_serial) + if (!ppp_sync_serial()) restore_term = 1; } @@ -1259,16 +1259,16 @@ restore_tty(int fd) */ inittermios.c_lflag &= ~(ECHO | ECHONL); } - if (!sync_serial && tcsetattr(fd, TCSAFLUSH, &inittermios) < 0) + if (!ppp_sync_serial() && tcsetattr(fd, TCSAFLUSH, &inittermios) < 0) if (!hungup && errno != ENXIO) warn("tcsetattr: %m"); #ifndef CRTSCTS - if (!sync_serial && ioctl (fd, TCSETXF, &inittermiox) < 0){ + if (!ppp_sync_serial() && ioctl (fd, TCSETXF, &inittermiox) < 0){ if (!hungup && errno != ENXIO) error("TCSETXF: %m"); } #endif - if (!sync_serial) + if (!ppp_sync_serial()) ioctl(fd, TIOCSWINSZ, &wsinfo); restore_term = 0; } @@ -1460,10 +1460,10 @@ get_loop_output(void) } /* - * netif_set_mtu - set the MTU on the PPP network interface. + * ppp_set_mtu - set the MTU on the PPP network interface. */ void -netif_set_mtu(int unit, int mtu) +ppp_set_mtu(int unit, int mtu) { struct ifreq ifr; #if defined(PPP_WITH_IPV6CP) && defined(SOL2) @@ -1497,10 +1497,10 @@ netif_set_mtu(int unit, int mtu) /* - * netif_get_mtu - get the MTU on the PPP network interface. + * ppp_get_mtu - get the MTU on the PPP network interface. */ int -netif_get_mtu(int unit) +ppp_get_mtu(int unit) { struct ifreq ifr; @@ -1532,7 +1532,7 @@ tty_send_config(int mtu, u_int32_t asyncmap, int pcomp, int accomp) error("Couldn't set MTU: %m"); } if (fdmuxid >= 0) { - if (!sync_serial) { + if (!ppp_sync_serial()) { if (strioctl(pppfd, PPPIO_XACCM, &asyncmap, sizeof(asyncmap), 0) < 0) error("Couldn't set transmit ACCM: %m"); } @@ -1550,7 +1550,7 @@ tty_send_config(int mtu, u_int32_t asyncmap, int pcomp, int accomp) void tty_set_xaccm(ext_accm accm) { - if (sync_serial) + if (ppp_sync_serial()) return; if (fdmuxid >= 0 @@ -1578,7 +1578,7 @@ tty_recv_config(int mru, u_int32_t asyncmap, int pcomp, int accomp) error("Couldn't set MRU: %m"); } if (fdmuxid >= 0) { - if (!sync_serial) { + if (!ppp_sync_serial()) { if (strioctl(pppfd, PPPIO_RACCM, &asyncmap, sizeof(asyncmap), 0) < 0) error("Couldn't set receive ACCM: %m"); } @@ -1636,7 +1636,7 @@ get_ppp_stats(int u, struct pppd_stats *stats) { struct ppp_stats s; - if (!sync_serial && + if (!ppp_sync_serial() && strioctl(pppfd, PPPIO_GETSTAT, &s, 0, sizeof(s)) < 0) { error("Couldn't get link statistics: %m"); return 0; @@ -2313,7 +2313,7 @@ dlpi_get_reply(int fd, union DL_primitives *reply, int expected_prim, size_t max pfd.events = POLLIN | POLLPRI; do { n = poll(&pfd, 1, 1000); - } while (n == -1 && errno == EINTR && !got_sigterm); + } while (n == -1 && errno == EINTR && !ppp_signaled(SIGTERM)); if (n <= 0) return -1; @@ -2744,7 +2744,7 @@ get_pty(int *master_fdp, int *slave_fdp, char *slave_name, int uid) * get_time - Get current time, monotonic if possible. */ int -get_time(struct timeval *tv) +ppp_get_time(struct timeval *tv) { return gettimeofday(tv, NULL); } diff --git a/pppd/tdb.c b/pppd/tdb.c index 8a563f8..ecbee1f 100644 --- a/pppd/tdb.c +++ b/pppd/tdb.c @@ -60,8 +60,11 @@ #include #include #include + +#include "pppd-private.h" #include "tdb.h" #include "spinlock.h" +#include "pathnames.h" #define TDB_MAGIC_FOOD "TDB file\n" #define TDB_VERSION (0x26011967 + 6) @@ -930,7 +933,7 @@ static int tdb_new_database(TDB_CONTEXT *tdb, int hash_size) /* We make it up in memory, then write it out if not internal */ size = sizeof(struct tdb_header) + (hash_size+1)*sizeof(tdb_off); - if (!(newdb = calloc(size, 1))) + if (!(newdb = calloc(1, size))) return TDB_ERRCODE(TDB_ERR_OOM, -1); /* Fill in the header */ @@ -1728,7 +1731,12 @@ TDB_CONTEXT *tdb_open_ex(const char *name, int hash_size, int tdb_flags, goto internal; } +again: if ((tdb->fd = open(name, open_flags, mode)) == -1) { + if ((open_flags & O_CREAT) && errno == ENOENT && + mkdir_recursive(PPP_PATH_VARRUN) == 0) + goto again; + TDB_LOG((tdb, 5, "tdb_open_ex: could not open file %s: %s\n", name, strerror(errno))); goto fail; /* errno set by open(2) */ diff --git a/pppd/tls.c b/pppd/tls.c index 28c2e57..d57e434 100644 --- a/pppd/tls.c +++ b/pppd/tls.c @@ -26,12 +26,16 @@ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + #include #include #include #include -#include "pppd.h" +#include "pppd-private.h" #include "tls.h" /** @@ -231,7 +235,7 @@ int tls_set_verify_info(SSL *ssl, const char *peer_name, const char *peer_cert, bool client, struct tls_info **out) { if (out != NULL) { - struct tls_info *tmp = calloc(sizeof(struct tls_info), 1); + struct tls_info *tmp = calloc(1, sizeof(struct tls_info)); if (!tmp) { fatal("Allocation error"); } diff --git a/pppd/tty.c b/pppd/tty.c index ad74353..d22ded7 100644 --- a/pppd/tty.c +++ b/pppd/tty.c @@ -17,7 +17,7 @@ * 3. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Paul Mackerras - * ". + * ". * * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY @@ -95,7 +95,8 @@ #include #include -#include "pppd.h" +#include "pppd-private.h" +#include "options.h" #include "fsm.h" #include "lcp.h" @@ -111,7 +112,7 @@ static int setdevname(char *, char **, int); static int setspeed(char *, char **, int); static int setxonxoff(char **); static int setescape(char **); -static void printescape(option_t *, void (*)(void *, char *,...),void *); +static void printescape(struct option *, void (*)(void *, char *,...),void *); static void finish_tty(void); static int start_charshunt(int, int); static void stop_charshunt(void *, int); @@ -136,6 +137,8 @@ int locked; /* lock() has succeeded */ struct stat devstat; /* result of stat() on devnam */ /* option variables */ +char devnam[MAXPATHLEN]; /* Device name */ +char ppp_devname[MAXPATHLEN];/* name of PPP tty (maybe ttypx) */ int crtscts = 0; /* Use hardware flow control */ int stop_bits = 1; /* Number of serial port stop bits */ bool modem = 1; /* Use modem control lines */ @@ -164,7 +167,7 @@ extern int privopen; /* don't lock, open device as root */ u_int32_t xmit_accm[8]; /* extended transmit ACCM */ /* option descriptors */ -option_t tty_options[] = { +static struct option tty_options[] = { /* device name must be first, or change connect_tty() below! */ { "device name", o_wild, (void *) &setdevname, "Serial port device name", @@ -261,6 +264,61 @@ struct channel tty_channel = { &tty_close_fds }; +bool +ppp_sync_serial() +{ + return sync_serial; +} + +bool +ppp_get_modem() +{ + return modem; +} + +void +ppp_set_modem(bool on) +{ + modem = on; +} + +bool +ppp_using_pty() +{ + return using_pty; +} + +int +ppp_set_pppdevnam(const char *name) +{ + if (name) { + return strlcpy(ppp_devname, name, sizeof(ppp_devname)); + } + return -1; +} + +const char * +ppp_pppdevnam() +{ + return ppp_devname; +} + +const char * +ppp_devnam() +{ + return devnam; +} + +int +ppp_set_devnam(const char *name) +{ + if (name) { + return strlcpy(devnam, name, sizeof(devnam)); + } + return -1; +} + + /* * setspeed - Set the serial port baud rate. * If doit is 0, the call is to check whether this option is @@ -309,12 +367,12 @@ setdevname(char *cp, char **argv, int doit) if (stat(cp, &statbuf) < 0) { if (!doit) return errno != ENOENT; - option_error("Couldn't stat %s: %m", cp); + ppp_option_error("Couldn't stat %s: %m", cp); return 0; } if (!S_ISCHR(statbuf.st_mode)) { if (doit) - option_error("%s is not a character device", cp); + ppp_option_error("%s is not a character device", cp); return 0; } @@ -351,16 +409,16 @@ setescape(char **argv) while (*p) { n = strtol(p, &endp, 16); if (p == endp) { - option_error("escape parameter contains invalid hex number '%s'", + ppp_option_error("escape parameter contains invalid hex number '%s'", p); return 0; } p = endp; if (n < 0 || n == 0x5E || n > 0xFF) { - option_error("can't escape character 0x%x", n); + ppp_option_error("can't escape character 0x%x", n); ret = 0; } else - xmit_accm[n >> 5] |= 1 << (n & 0x1F); + xmit_accm[n >> 5] |= 1U << (n & 0x1F); while (*p == ',' || *p == ' ') ++p; } @@ -369,7 +427,7 @@ setescape(char **argv) } static void -printescape(option_t *opt, void (*printer)(void *, char *, ...), void *arg) +printescape(struct option *opt, void (*printer)(void *, char *, ...), void *arg) { int n; int first = 1; @@ -377,7 +435,7 @@ printescape(option_t *opt, void (*printer)(void *, char *, ...), void *arg) for (n = 0; n < 256; ++n) { if (n == 0x7d) n += 2; /* skip 7d, 7e */ - if (xmit_accm[n >> 5] & (1 << (n & 0x1f))) { + if (xmit_accm[n >> 5] & (1U << (n & 0x1f))) { if (!first) printer(arg, ","); else @@ -394,9 +452,9 @@ printescape(option_t *opt, void (*printer)(void *, char *, ...), void *arg) */ void tty_init(void) { - add_notifier(&pidchange, maybe_relock, 0); + ppp_add_notify(NF_PID_CHANGE, maybe_relock, 0); the_channel = &tty_channel; - xmit_accm[3] = 0x60000000; + xmit_accm[3] = 0x60000000U; } /* @@ -411,7 +469,7 @@ void tty_process_extra_options(void) if (default_device) { char *p; if (!isatty(0) || (p = ttyname(0)) == NULL) { - option_error("no device specified and stdin is not a tty"); + ppp_option_error("no device specified and stdin is not a tty"); exit(EXIT_OPTION_ERROR); } strlcpy(devnam, p, MAXPATHLEN); @@ -441,12 +499,12 @@ tty_check_options(void) int fdflags; if (demand && notty) { - option_error("demand-dialling is incompatible with notty"); + ppp_option_error("demand-dialling is incompatible with notty"); exit(EXIT_OPTION_ERROR); } if (demand && connect_script == 0 && ptycommand == NULL && pty_socket == NULL) { - option_error("connect script is required for demand-dialling\n"); + ppp_option_error("connect script is required for demand-dialling\n"); exit(EXIT_OPTION_ERROR); } /* default holdoff to 0 if no connect script has been given */ @@ -455,16 +513,16 @@ tty_check_options(void) if (using_pty) { if (!default_device) { - option_error("%s option precludes specifying device name", + ppp_option_error("%s option precludes specifying device name", pty_socket? "socket": notty? "notty": "pty"); exit(EXIT_OPTION_ERROR); } if (ptycommand != NULL && notty) { - option_error("pty option is incompatible with notty option"); + ppp_option_error("pty option is incompatible with notty option"); exit(EXIT_OPTION_ERROR); } if (pty_socket != NULL && (ptycommand != NULL || notty)) { - option_error("socket option is incompatible with pty and notty"); + ppp_option_error("socket option is incompatible with pty and notty"); exit(EXIT_OPTION_ERROR); } default_device = notty; @@ -518,14 +576,14 @@ int connect_tty(void) * Get a pty master/slave pair if the pty, notty, socket, * or record options were specified. */ - strlcpy(ppp_devnam, devnam, MAXPATHLEN); + strlcpy(ppp_devname, devnam, MAXPATHLEN); pty_master = -1; pty_slave = -1; real_ttyfd = -1; if (using_pty || record_file != NULL) { - if (!get_pty(&pty_master, &pty_slave, ppp_devnam, uid)) { + if (!get_pty(&pty_master, &pty_slave, ppp_devname, uid)) { error("Couldn't allocate pseudo-tty"); - status = EXIT_FATAL_ERROR; + ppp_set_status(EXIT_FATAL_ERROR); return -1; } set_up_tty(pty_slave, 1); @@ -534,7 +592,7 @@ int connect_tty(void) /* * Lock the device if we've been asked to. */ - status = EXIT_LOCK_FAILED; + ppp_set_status(EXIT_LOCK_FAILED); if (lockflag && !privopen) { if (lock(devnam) < 0) goto errret; @@ -560,7 +618,7 @@ int connect_tty(void) if (prio < OPRIO_ROOT && seteuid(uid) == -1) { error("Unable to drop privileges before opening %s: %m\n", devnam); - status = EXIT_OPEN_FAILED; + ppp_set_status(EXIT_OPEN_FAILED); goto errret; } real_ttyfd = open(devnam, O_NONBLOCK | O_RDWR, 0); @@ -572,7 +630,7 @@ int connect_tty(void) errno = err; if (err != EINTR) { error("Failed to open %s: %m", devnam); - status = EXIT_OPEN_FAILED; + ppp_set_status(EXIT_OPEN_FAILED); } if (!persist || err != EINTR) goto errret; @@ -615,7 +673,7 @@ int connect_tty(void) * If the pty, socket, notty and/or record option was specified, * start up the character shunt now. */ - status = EXIT_PTYCMD_FAILED; + ppp_set_status(EXIT_PTYCMD_FAILED); if (ptycommand != NULL) { if (record_file != NULL) { int ipipe[2], opipe[2], ok; @@ -681,7 +739,7 @@ int connect_tty(void) if (initializer && initializer[0]) { if (device_script(initializer, ttyfd, ttyfd, 0) < 0) { error("Initializer script failed"); - status = EXIT_INIT_FAILED; + ppp_set_status(EXIT_INIT_FAILED); goto errretf; } if (got_sigterm) { @@ -694,7 +752,7 @@ int connect_tty(void) if (connector && connector[0]) { if (device_script(connector, ttyfd, ttyfd, 0) < 0) { error("Connect script failed"); - status = EXIT_CONNECT_FAILED; + ppp_set_status(EXIT_CONNECT_FAILED); goto errretf; } if (got_sigterm) { @@ -721,7 +779,7 @@ int connect_tty(void) break; if (errno != EINTR) { error("Failed to reopen %s: %m", devnam); - status = EXIT_OPEN_FAILED; + ppp_set_status(EXIT_OPEN_FAILED); } if (!persist || errno != EINTR || hungup || got_sigterm) goto errret; @@ -730,7 +788,7 @@ int connect_tty(void) } slprintf(numbuf, sizeof(numbuf), "%d", baud_rate); - script_setenv("SPEED", numbuf, 0); + ppp_script_setenv("SPEED", numbuf, 0); /* run welcome script, if any */ if (welcomer && welcomer[0]) { @@ -911,7 +969,7 @@ start_charshunt(int ifd, int ofd) { int cpid, ret; - cpid = safe_fork(ifd, ofd, (log_to_fd >= 0? log_to_fd: 2)); + cpid = ppp_safe_fork(ifd, ofd, (log_to_fd >= 0? log_to_fd: 2)); if (cpid == -1) { error("Can't fork process for character shunt: %m"); return 0; @@ -1054,7 +1112,7 @@ charshunt(int ifd, int ofd, char *record_file) pty_readable = stdin_readable = 1; ilevel = olevel = 0; - get_time(&levelt); + ppp_get_time(&levelt); if (max_data_rate) { max_level = max_data_rate / 10; if (max_level < 100) @@ -1103,7 +1161,7 @@ charshunt(int ifd, int ofd, char *record_file) int nbt; struct timeval now; - get_time(&now); + ppp_get_time(&now); dt = (now.tv_sec - levelt.tv_sec + (now.tv_usec - levelt.tv_usec) / 1e6); nbt = (int)(dt * max_data_rate); diff --git a/pppd/upap.c b/pppd/upap.c index 1fcff09..822fb0a 100644 --- a/pppd/upap.c +++ b/pppd/upap.c @@ -51,7 +51,8 @@ #include #include -#include "pppd.h" +#include "pppd-private.h" +#include "options.h" #include "upap.h" @@ -60,7 +61,7 @@ static bool hide_password = 1; /* * Command-line options. */ -static option_t pap_option_list[] = { +static struct option pap_option_list[] = { { "hide-password", o_bool, &hide_password, "Don't output passwords to log", OPT_PRIO | 1 }, { "show-password", o_bool, &hide_password, diff --git a/pppd/upap.h b/pppd/upap.h index af09cd9..c86e520 100644 --- a/pppd/upap.h +++ b/pppd/upap.h @@ -1,5 +1,3 @@ -#include "pppdconf.h" - /* * upap.h - User/Password Authentication Protocol definitions. * @@ -46,6 +44,11 @@ #include "pppdconf.h" +#ifdef __cplusplus +extern "C" { +#endif + + /* * Packet header = Code, id, length. */ @@ -71,7 +74,7 @@ typedef struct upap_state { int us_passwdlen; /* Password length */ int us_clientstate; /* Client state */ int us_serverstate; /* Server state */ - u_char us_id; /* Current id */ + unsigned char us_id; /* Current id */ int us_timeouttime; /* Timeout (seconds) for auth-req retrans. */ int us_transmits; /* Number of auth-reqs sent */ int us_maxtransmits; /* Maximum number of auth-reqs to send */ @@ -113,4 +116,41 @@ void upap_authpeer(int); extern struct protent pap_protent; +typedef int (pap_check_hook_fn)(void); +typedef int (pap_auth_hook_fn)(char *user, char *passwd, char **msgp, + struct wordlist **paddrs, + struct wordlist **popts); +typedef void (pap_logout_hook_fn)(void); +typedef int (pap_passwd_hook_fn)(char *user, char *passwd); + +/* + * This function will return a value of 1 to indicate that a plugin intent to + * supply a username or a password through the pap_auth_hook callback. + * + * A return value of > 0 will avoid parsing pap-secrets file. + */ +extern pap_check_hook_fn *pap_check_hook; + +/* + * This hook is used to check if a username and password matches against the + * PAP secrets. + */ +extern pap_auth_hook_fn *pap_auth_hook; + +/* + * Hook for plugin to know about PAP user logout. + */ +extern pap_logout_hook_fn *pap_logout_hook; + +/* + * A plugin can chose to supply its own user and password overriding what + * previously has been configured. Hook is only valid when pppd is acting + * as a client + */ +extern pap_passwd_hook_fn *pap_passwd_hook; + +#ifdef __cplusplus +} +#endif + #endif // PPP_UPAP_H diff --git a/pppd/utils.c b/pppd/utils.c index e75bb9c..bf9923c 100644 --- a/pppd/utils.c +++ b/pppd/utils.c @@ -17,7 +17,7 @@ * 3. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Paul Mackerras - * ". + * ". * * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY @@ -58,16 +58,17 @@ #include #endif -#include "pppd.h" +#include "pppd-private.h" #include "fsm.h" #include "lcp.h" +#include "pathnames.h" #if defined(SUNOS4) extern char *strerror(); #endif -static void logit(int, char *, va_list); +static void logit(int, const char *, va_list); static void log_write(int, char *); static void vslp_printer(void *, char *, ...); static void format_packet(u_char *, int, printer_func, void *); @@ -119,7 +120,7 @@ strlcat(char *dest, const char *src, size_t len) * Returns the number of chars put into buf. */ int -slprintf(char *buf, int buflen, char *fmt, ...) +slprintf(char *buf, int buflen, const char *fmt, ...) { va_list args; int n; @@ -136,14 +137,15 @@ slprintf(char *buf, int buflen, char *fmt, ...) #define OUTCHAR(c) (buflen > 0? (--buflen, *buf++ = (c)): 0) int -vslprintf(char *buf, int buflen, char *fmt, va_list args) +vslprintf(char *buf, int buflen, const char *fmt, va_list args) { int c, i, n; int width, prec, fillch; int base, len, neg, quoted; long lval = 0; unsigned long val = 0; - char *str, *f, *buf0; + char *str, *buf0; + const char *f; unsigned char *p; char num[32]; time_t t; @@ -599,7 +601,7 @@ print_string(char *p, int len, printer_func printer, void *arg) * logit - does the hard work for fatal et al. */ static void -logit(int level, char *fmt, va_list args) +logit(int level, const char *fmt, va_list args) { char buf[1024]; @@ -634,7 +636,7 @@ log_write(int level, char *buf) * fatal - log an error message and die horribly. */ void -fatal(char *fmt, ...) +fatal(const char *fmt, ...) { va_list pvar; @@ -654,7 +656,7 @@ fatal(char *fmt, ...) * error - log an error message. */ void -error(char *fmt, ...) +error(const char *fmt, ...) { va_list pvar; @@ -669,7 +671,7 @@ error(char *fmt, ...) * warn - log a warning message. */ void -warn(char *fmt, ...) +warn(const char *fmt, ...) { va_list pvar; @@ -683,7 +685,7 @@ warn(char *fmt, ...) * notice - log a notice-level message. */ void -notice(char *fmt, ...) +notice(const char *fmt, ...) { va_list pvar; @@ -697,7 +699,7 @@ notice(char *fmt, ...) * info - log an informational message. */ void -info(char *fmt, ...) +info(const char *fmt, ...) { va_list pvar; @@ -711,7 +713,7 @@ info(char *fmt, ...) * dbglog - log a debug message. */ void -dbglog(char *fmt, ...) +dbglog(const char *fmt, ...) { va_list pvar; @@ -767,7 +769,7 @@ complete_read(int fd, void *buf, size_t count) for (done = 0; done < count; ) { nb = read(fd, ptr, count - done); if (nb < 0) { - if (errno == EINTR && !got_sigterm) + if (errno == EINTR && !ppp_signaled(SIGTERM)) continue; return -1; } @@ -780,19 +782,89 @@ complete_read(int fd, void *buf, size_t count) } #endif -/* Procedures for locking the serial device using a lock file. */ -#ifndef LOCK_DIR -#ifdef __linux__ -#define LOCK_DIR "/var/lock" -#else -#ifdef SVR4 -#define LOCK_DIR "/var/spool/locks" -#else -#define LOCK_DIR "/var/spool/lock" -#endif -#endif -#endif /* LOCK_DIR */ +/* + * mkdir_check - helper for mkdir_recursive, creates a directory + * but do not error on EEXIST if and only if entry is a directory + * The caller must check for errno == ENOENT if appropriate. + */ +static int +mkdir_check(const char *path) +{ + struct stat statbuf; + + if (mkdir(path, 0755) >= 0) + return 0; + if (errno == EEXIST) { + if (stat(path, &statbuf) < 0) + /* got raced? */ + return -1; + + if ((statbuf.st_mode & S_IFMT) == S_IFDIR) + return 0; + + /* already exists but not a dir, treat as failure */ + errno = EEXIST; + return -1; + } + + return -1; +} + +/* + * mkdir_parent - helper for mkdir_recursive, modifies the string in place + * Assumes mkdir(path) already failed, so it first creates the parent then + * full path again. + */ +static int +mkdir_parent(char *path) +{ + char *slash; + int rc; + + slash = strrchr(path, '/'); + if (!slash) + return -1; + + *slash = 0; + if (mkdir_check(path) < 0) { + if (errno != ENOENT) { + *slash = '/'; + return -1; + } + if (mkdir_parent(path) < 0) { + *slash = '/'; + return -1; + } + } + *slash = '/'; + + return mkdir_check(path); +} + +/* + * mkdir_recursive - recursively create directory if it didn't exist + */ +int +mkdir_recursive(const char *path) +{ + char *copy; + int rc; + + // optimistically try on full path first to avoid allocation + if (mkdir_check(path) == 0) + return 0; + + copy = strdup(path); + if (!copy) + return -1; + + rc = mkdir_parent(copy); + free(copy); + return rc; +} + +/* Procedures for locking the serial device using a lock file. */ static char lock_file[MAXPATHLEN]; /* @@ -833,7 +905,7 @@ lock(char *dev) return -1; } slprintf(lock_file, sizeof(lock_file), "%s/LK.%03d.%03d.%03d", - LOCK_DIR, major(sbuf.st_dev), + PPP_PATH_LOCKDIR, major(sbuf.st_dev), major(sbuf.st_rdev), minor(sbuf.st_rdev)); #else char *p; @@ -851,7 +923,7 @@ lock(char *dev) if ((p = strrchr(dev, '/')) != NULL) dev = p + 1; - slprintf(lock_file, sizeof(lock_file), "%s/LCK..%s", LOCK_DIR, dev); + slprintf(lock_file, sizeof(lock_file), "%s/LCK..%s", PPP_PATH_LOCKDIR, dev); #endif while ((fd = open(lock_file, O_EXCL | O_CREAT | O_RDWR, 0644)) < 0) { diff --git a/pppd/utils_utest.c b/pppd/utils_utest.c new file mode 100644 index 0000000..cdca97e --- /dev/null +++ b/pppd/utils_utest.c @@ -0,0 +1,139 @@ +#include +#include +#include +#include + +#include "pppd-private.h" + +/* globals used in test.c... */ +int debug = 1; +int error_count; +int unsuccess; + +/* check if path exists and returns its type */ +static int +file_type(char *path) +{ + struct stat statbuf; + + if (stat(path, &statbuf) < 0) + return -1; + + return statbuf.st_mode & S_IFMT; +} + +int +test_simple() { + if (mkdir_recursive("dir")) + return -1; + + if (file_type("dir") != S_IFDIR) + return -1; + + rmdir("dir"); + return 0; +} + +int +test_recurse() { + if (mkdir_recursive("dir/subdir/subsubdir")) + return -1; + + if (file_type("dir/subdir/subsubdir") != S_IFDIR) + return -1; + + rmdir("dir/subdir/subsubdir"); + + /* try again with partial existence */ + if (mkdir_recursive("dir/subdir/subsubdir")) + return -1; + + if (file_type("dir/subdir/subsubdir") != S_IFDIR) + return -1; + + rmdir("dir/subdir/subsubdir"); + rmdir("dir/subdir"); + rmdir("dir"); + return 0; +} + +int +test_recurse_multislash() { + if (mkdir_recursive("dir/subdir///subsubdir")) + return -1; + + if (file_type("dir/subdir/subsubdir") != S_IFDIR) + return -1; + + rmdir("dir/subdir/subsubdir"); + rmdir("dir/subdir"); + + /* try again with partial existence */ + if (mkdir_recursive("dir/subdir/subsubdir///")) + return -1; + + if (file_type("dir/subdir/subsubdir") != S_IFDIR) + return -1; + + rmdir("dir/subdir/subsubdir"); + rmdir("dir/subdir"); + rmdir("dir"); + return 0; +} + +int +test_parent_notdir() { + int fd = open("file", O_CREAT, 0600); + if (fd < 0) + return -1; + close(fd); + + if (mkdir_recursive("file") == 0) + return -1; + if (mkdir_recursive("file/dir") == 0) + return -1; + + unlink("file"); + return 0; +} + +int +main() +{ + char *base_dir = strdup("/tmp/ppp_utils_utest.XXXXXX"); + int failure = 0; + + if (mkdtemp(base_dir) == NULL) { + printf("Could not create test directory, aborting\n"); + return 1; + } + + if (chdir(base_dir) < 0) { + printf("Could not enter newly created test dir, aborting\n"); + return 1; + } + + if (test_simple()) { + printf("Could not create simple directory\n"); + failure++; + } + + if (test_recurse()) { + printf("Could not create recursive directory\n"); + failure++; + } + + if (test_recurse_multislash()) { + printf("Could not create recursive directory with multiple slashes\n"); + failure++; + } + + if (test_parent_notdir()) { + printf("Creating over a file appeared to work?\n"); + failure++; + } + + rmdir(base_dir); + free(base_dir); + return failure; +} diff --git a/pppdump/deflate.c b/pppdump/deflate.c index ebc1692..da7b6c5 100644 --- a/pppdump/deflate.c +++ b/pppdump/deflate.c @@ -23,7 +23,7 @@ * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Paul Mackerras - * ". + * ". * * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY diff --git a/pppdump/ppp-comp.h b/pppdump/ppp-comp.h index 0199b5f..1a799f2 100644 --- a/pppdump/ppp-comp.h +++ b/pppdump/ppp-comp.h @@ -22,7 +22,7 @@ * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Paul Mackerras - * ". + * ". * * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY diff --git a/pppdump/pppdump.c b/pppdump/pppdump.c index b85a862..8a3a7e9 100644 --- a/pppdump/pppdump.c +++ b/pppdump/pppdump.c @@ -23,7 +23,7 @@ * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Paul Mackerras - * ". + * ". * * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY diff --git a/pppdump/zlib.c b/pppdump/zlib.c index c3c68f6..7b7dd63 100644 --- a/pppdump/zlib.c +++ b/pppdump/zlib.c @@ -129,2471 +129,6 @@ typedef uLong (*check_func) OF((uLong check, Bytef *buf, uInt len)); (*((strm)->zfree))((strm)->opaque, (voidpf)(addr), (size)) #define TRY_FREE(s, p, n) {if (p) ZFREE(s, p, n);} -/* deflate.h -- internal compression state - * Copyright (C) 1995 Jean-loup Gailly - * For conditions of distribution and use, see copyright notice in zlib.h - */ - -/* WARNING: this file should *not* be used by applications. It is - part of the implementation of the compression library and is - subject to change. Applications should only use zlib.h. - */ - - -/*+++++*/ -/* From: deflate.h,v 1.5 1995/05/03 17:27:09 jloup Exp */ - -/* =========================================================================== - * Internal compression state. - */ - -/* Data type */ -#define BINARY 0 -#define ASCII 1 -#define UNKNOWN 2 - -#define LENGTH_CODES 29 -/* number of length codes, not counting the special END_BLOCK code */ - -#define LITERALS 256 -/* number of literal bytes 0..255 */ - -#define L_CODES (LITERALS+1+LENGTH_CODES) -/* number of Literal or Length codes, including the END_BLOCK code */ - -#define D_CODES 30 -/* number of distance codes */ - -#define BL_CODES 19 -/* number of codes used to transfer the bit lengths */ - -#define HEAP_SIZE (2*L_CODES+1) -/* maximum heap size */ - -#define MAX_BITS 15 -/* All codes must not exceed MAX_BITS bits */ - -#define INIT_STATE 42 -#define BUSY_STATE 113 -#define FLUSH_STATE 124 -#define FINISH_STATE 666 -/* Stream status */ - - -/* Data structure describing a single value and its code string. */ -typedef struct ct_data_s { - union { - ush freq; /* frequency count */ - ush code; /* bit string */ - } fc; - union { - ush dad; /* father node in Huffman tree */ - ush len; /* length of bit string */ - } dl; -} FAR ct_data; - -#define Freq fc.freq -#define Code fc.code -#define Dad dl.dad -#define Len dl.len - -typedef struct static_tree_desc_s static_tree_desc; - -typedef struct tree_desc_s { - ct_data *dyn_tree; /* the dynamic tree */ - int max_code; /* largest code with non zero frequency */ - static_tree_desc *stat_desc; /* the corresponding static tree */ -} FAR tree_desc; - -typedef ush Pos; -typedef Pos FAR Posf; -typedef unsigned IPos; - -/* A Pos is an index in the character window. We use short instead of int to - * save space in the various tables. IPos is used only for parameter passing. - */ - -typedef struct deflate_state { - z_stream *strm; /* pointer back to this zlib stream */ - int status; /* as the name implies */ - Bytef *pending_buf; /* output still pending */ - Bytef *pending_out; /* next pending byte to output to the stream */ - int pending; /* nb of bytes in the pending buffer */ - uLong adler; /* adler32 of uncompressed data */ - int noheader; /* suppress zlib header and adler32 */ - Byte data_type; /* UNKNOWN, BINARY or ASCII */ - Byte method; /* STORED (for zip only) or DEFLATED */ - int minCompr; /* min size decrease for Z_FLUSH_NOSTORE */ - - /* used by deflate.c: */ - - uInt w_size; /* LZ77 window size (32K by default) */ - uInt w_bits; /* log2(w_size) (8..16) */ - uInt w_mask; /* w_size - 1 */ - - Bytef *window; - /* Sliding window. Input bytes are read into the second half of the window, - * and move to the first half later to keep a dictionary of at least wSize - * bytes. With this organization, matches are limited to a distance of - * wSize-MAX_MATCH bytes, but this ensures that IO is always - * performed with a length multiple of the block size. Also, it limits - * the window size to 64K, which is quite useful on MSDOS. - * To do: use the user input buffer as sliding window. - */ - - ulg window_size; - /* Actual size of window: 2*wSize, except when the user input buffer - * is directly used as sliding window. - */ - - Posf *prev; - /* Link to older string with same hash index. To limit the size of this - * array to 64K, this link is maintained only for the last 32K strings. - * An index in this array is thus a window index modulo 32K. - */ - - Posf *head; /* Heads of the hash chains or NIL. */ - - uInt ins_h; /* hash index of string to be inserted */ - uInt hash_size; /* number of elements in hash table */ - uInt hash_bits; /* log2(hash_size) */ - uInt hash_mask; /* hash_size-1 */ - - uInt hash_shift; - /* Number of bits by which ins_h must be shifted at each input - * step. It must be such that after MIN_MATCH steps, the oldest - * byte no longer takes part in the hash key, that is: - * hash_shift * MIN_MATCH >= hash_bits - */ - - long block_start; - /* Window position at the beginning of the current output block. Gets - * negative when the window is moved backwards. - */ - - uInt match_length; /* length of best match */ - IPos prev_match; /* previous match */ - int match_available; /* set if previous match exists */ - uInt strstart; /* start of string to insert */ - uInt match_start; /* start of matching string */ - uInt lookahead; /* number of valid bytes ahead in window */ - - uInt prev_length; - /* Length of the best match at previous step. Matches not greater than this - * are discarded. This is used in the lazy match evaluation. - */ - - uInt max_chain_length; - /* To speed up deflation, hash chains are never searched beyond this - * length. A higher limit improves compression ratio but degrades the - * speed. - */ - - uInt max_lazy_match; - /* Attempt to find a better match only when the current match is strictly - * smaller than this value. This mechanism is used only for compression - * levels >= 4. - */ -# define max_insert_length max_lazy_match - /* Insert new strings in the hash table only if the match length is not - * greater than this length. This saves time but degrades compression. - * max_insert_length is used only for compression levels <= 3. - */ - - int level; /* compression level (1..9) */ - int strategy; /* favor or force Huffman coding*/ - - uInt good_match; - /* Use a faster search when the previous match is longer than this */ - - int nice_match; /* Stop searching when current match exceeds this */ - - /* used by trees.c: */ - /* Didn't use ct_data typedef below to supress compiler warning */ - struct ct_data_s dyn_ltree[HEAP_SIZE]; /* literal and length tree */ - struct ct_data_s dyn_dtree[2*D_CODES+1]; /* distance tree */ - struct ct_data_s bl_tree[2*BL_CODES+1]; /* Huffman tree for bit lengths */ - - struct tree_desc_s l_desc; /* desc. for literal tree */ - struct tree_desc_s d_desc; /* desc. for distance tree */ - struct tree_desc_s bl_desc; /* desc. for bit length tree */ - - ush bl_count[MAX_BITS+1]; - /* number of codes at each bit length for an optimal tree */ - - int heap[2*L_CODES+1]; /* heap used to build the Huffman trees */ - int heap_len; /* number of elements in the heap */ - int heap_max; /* element of largest frequency */ - /* The sons of heap[n] are heap[2*n] and heap[2*n+1]. heap[0] is not used. - * The same heap array is used to build all trees. - */ - - uch depth[2*L_CODES+1]; - /* Depth of each subtree used as tie breaker for trees of equal frequency - */ - - uchf *l_buf; /* buffer for literals or lengths */ - - uInt lit_bufsize; - /* Size of match buffer for literals/lengths. There are 4 reasons for - * limiting lit_bufsize to 64K: - * - frequencies can be kept in 16 bit counters - * - if compression is not successful for the first block, all input - * data is still in the window so we can still emit a stored block even - * when input comes from standard input. (This can also be done for - * all blocks if lit_bufsize is not greater than 32K.) - * - if compression is not successful for a file smaller than 64K, we can - * even emit a stored file instead of a stored block (saving 5 bytes). - * This is applicable only for zip (not gzip or zlib). - * - creating new Huffman trees less frequently may not provide fast - * adaptation to changes in the input data statistics. (Take for - * example a binary file with poorly compressible code followed by - * a highly compressible string table.) Smaller buffer sizes give - * fast adaptation but have of course the overhead of transmitting - * trees more frequently. - * - I can't count above 4 - */ - - uInt last_lit; /* running index in l_buf */ - - ushf *d_buf; - /* Buffer for distances. To simplify the code, d_buf and l_buf have - * the same number of elements. To use different lengths, an extra flag - * array would be necessary. - */ - - ulg opt_len; /* bit length of current block with optimal trees */ - ulg static_len; /* bit length of current block with static trees */ - ulg compressed_len; /* total bit length of compressed file */ - uInt matches; /* number of string matches in current block */ - int last_eob_len; /* bit length of EOB code for last block */ - -#ifdef DEBUG_ZLIB - ulg bits_sent; /* bit length of the compressed data */ -#endif - - ush bi_buf; - /* Output buffer. bits are inserted starting at the bottom (least - * significant bits). - */ - int bi_valid; - /* Number of valid bits in bi_buf. All bits above the last valid bit - * are always zero. - */ - - uInt blocks_in_packet; - /* Number of blocks produced since the last time Z_PACKET_FLUSH - * was used. - */ - -} FAR deflate_state; - -/* Output a byte on the stream. - * IN assertion: there is enough room in pending_buf. - */ -#define put_byte(s, c) {s->pending_buf[s->pending++] = (c);} - - -#define MIN_LOOKAHEAD (MAX_MATCH+MIN_MATCH+1) -/* Minimum amount of lookahead, except at the end of the input file. - * See deflate.c for comments about the MIN_MATCH+1. - */ - -#define MAX_DIST(s) ((s)->w_size-MIN_LOOKAHEAD) -/* In order to simplify the code, particularly on 16 bit machines, match - * distances are limited to MAX_DIST instead of WSIZE. - */ - - /* in trees.c */ -local void ct_init OF((deflate_state *s)); -local int ct_tally OF((deflate_state *s, int dist, int lc)); -local ulg ct_flush_block OF((deflate_state *s, charf *buf, ulg stored_len, - int flush)); -local void ct_align OF((deflate_state *s)); -local void ct_stored_block OF((deflate_state *s, charf *buf, ulg stored_len, - int eof)); -local void ct_stored_type_only OF((deflate_state *s)); - - -/*+++++*/ -/* deflate.c -- compress data using the deflation algorithm - * Copyright (C) 1995 Jean-loup Gailly. - * For conditions of distribution and use, see copyright notice in zlib.h - */ - -/* - * ALGORITHM - * - * The "deflation" process depends on being able to identify portions - * of the input text which are identical to earlier input (within a - * sliding window trailing behind the input currently being processed). - * - * The most straightforward technique turns out to be the fastest for - * most input files: try all possible matches and select the longest. - * The key feature of this algorithm is that insertions into the string - * dictionary are very simple and thus fast, and deletions are avoided - * completely. Insertions are performed at each input character, whereas - * string matches are performed only when the previous match ends. So it - * is preferable to spend more time in matches to allow very fast string - * insertions and avoid deletions. The matching algorithm for small - * strings is inspired from that of Rabin & Karp. A brute force approach - * is used to find longer strings when a small match has been found. - * A similar algorithm is used in comic (by Jan-Mark Wams) and freeze - * (by Leonid Broukhis). - * A previous version of this file used a more sophisticated algorithm - * (by Fiala and Greene) which is guaranteed to run in linear amortized - * time, but has a larger average cost, uses more memory and is patented. - * However the F&G algorithm may be faster for some highly redundant - * files if the parameter max_chain_length (described below) is too large. - * - * ACKNOWLEDGEMENTS - * - * The idea of lazy evaluation of matches is due to Jan-Mark Wams, and - * I found it in 'freeze' written by Leonid Broukhis. - * Thanks to many people for bug reports and testing. - * - * REFERENCES - * - * Deutsch, L.P.,"'Deflate' Compressed Data Format Specification". - * Available in ftp.uu.net:/pub/archiving/zip/doc/deflate-1.1.doc - * - * A description of the Rabin and Karp algorithm is given in the book - * "Algorithms" by R. Sedgewick, Addison-Wesley, p252. - * - * Fiala,E.R., and Greene,D.H. - * Data Compression with Finite Windows, Comm.ACM, 32,4 (1989) 490-595 - * - */ - -/* From: deflate.c,v 1.8 1995/05/03 17:27:08 jloup Exp */ - -local char zlib_copyright[] = " deflate Copyright 1995 Jean-loup Gailly "; -/* - If you use the zlib library in a product, an acknowledgment is welcome - in the documentation of your product. If for some reason you cannot - include such an acknowledgment, I would appreciate that you keep this - copyright string in the executable of your product. - */ - -#define NIL 0 -/* Tail of hash chains */ - -#ifndef TOO_FAR -# define TOO_FAR 4096 -#endif -/* Matches of length 3 are discarded if their distance exceeds TOO_FAR */ - -#define MIN_LOOKAHEAD (MAX_MATCH+MIN_MATCH+1) -/* Minimum amount of lookahead, except at the end of the input file. - * See deflate.c for comments about the MIN_MATCH+1. - */ - -/* Values for max_lazy_match, good_match and max_chain_length, depending on - * the desired pack level (0..9). The values given below have been tuned to - * exclude worst case performance for pathological files. Better values may be - * found for specific files. - */ - -typedef struct config_s { - ush good_length; /* reduce lazy search above this match length */ - ush max_lazy; /* do not perform lazy search above this match length */ - ush nice_length; /* quit search above this match length */ - ush max_chain; -} config; - -local config configuration_table[10] = { -/* good lazy nice chain */ -/* 0 */ {0, 0, 0, 0}, /* store only */ -/* 1 */ {4, 4, 8, 4}, /* maximum speed, no lazy matches */ -/* 2 */ {4, 5, 16, 8}, -/* 3 */ {4, 6, 32, 32}, - -/* 4 */ {4, 4, 16, 16}, /* lazy matches */ -/* 5 */ {8, 16, 32, 32}, -/* 6 */ {8, 16, 128, 128}, -/* 7 */ {8, 32, 128, 256}, -/* 8 */ {32, 128, 258, 1024}, -/* 9 */ {32, 258, 258, 4096}}; /* maximum compression */ - -/* Note: the deflate() code requires max_lazy >= MIN_MATCH and max_chain >= 4 - * For deflate_fast() (levels <= 3) good is ignored and lazy has a different - * meaning. - */ - -#define EQUAL 0 -/* result of memcmp for equal strings */ - -/* =========================================================================== - * Prototypes for local functions. - */ - -local void fill_window OF((deflate_state *s)); -local int deflate_fast OF((deflate_state *s, int flush)); -local int deflate_slow OF((deflate_state *s, int flush)); -local void lm_init OF((deflate_state *s)); -local int longest_match OF((deflate_state *s, IPos cur_match)); -local void putShortMSB OF((deflate_state *s, uInt b)); -local void flush_pending OF((z_stream *strm)); -local int read_buf OF((z_stream *strm, charf *buf, unsigned size)); -#ifdef ASMV - void match_init OF((void)); /* asm code initialization */ -#endif - -#ifdef DEBUG_ZLIB -local void check_match OF((deflate_state *s, IPos start, IPos match, - int length)); -#endif - - -/* =========================================================================== - * Update a hash value with the given input byte - * IN assertion: all calls to to UPDATE_HASH are made with consecutive - * input characters, so that a running hash key can be computed from the - * previous key instead of complete recalculation each time. - */ -#define UPDATE_HASH(s,h,c) (h = (((h)<hash_shift) ^ (c)) & s->hash_mask) - - -/* =========================================================================== - * Insert string str in the dictionary and set match_head to the previous head - * of the hash chain (the most recent string with same hash key). Return - * the previous length of the hash chain. - * IN assertion: all calls to to INSERT_STRING are made with consecutive - * input characters and the first MIN_MATCH bytes of str are valid - * (except for the last MIN_MATCH-1 bytes of the input file). - */ -#define INSERT_STRING(s, str, match_head) \ - (UPDATE_HASH(s, s->ins_h, s->window[(str) + (MIN_MATCH-1)]), \ - s->prev[(str) & s->w_mask] = match_head = s->head[s->ins_h], \ - s->head[s->ins_h] = (str)) - -/* =========================================================================== - * Initialize the hash table (avoiding 64K overflow for 16 bit systems). - * prev[] will be initialized on the fly. - */ -#define CLEAR_HASH(s) \ - s->head[s->hash_size-1] = NIL; \ - zmemzero((charf *)s->head, (unsigned)(s->hash_size-1)*sizeof(*s->head)); - -/* ========================================================================= */ -int deflateInit (strm, level) - z_stream *strm; - int level; -{ - return deflateInit2 (strm, level, DEFLATED, MAX_WBITS, DEF_MEM_LEVEL, - 0, 0); - /* To do: ignore strm->next_in if we use it as window */ -} - -/* ========================================================================= */ -int deflateInit2 (strm, level, method, windowBits, memLevel, - strategy, minCompression) - z_stream *strm; - int level; - int method; - int windowBits; - int memLevel; - int strategy; - int minCompression; -{ - deflate_state *s; - int noheader = 0; - - if (strm == Z_NULL) return Z_STREAM_ERROR; - - strm->msg = Z_NULL; -/* if (strm->zalloc == Z_NULL) strm->zalloc = zcalloc; */ -/* if (strm->zfree == Z_NULL) strm->zfree = zcfree; */ - - if (level == Z_DEFAULT_COMPRESSION) level = 6; - - if (windowBits < 0) { /* undocumented feature: suppress zlib header */ - noheader = 1; - windowBits = -windowBits; - } - if (memLevel < 1 || memLevel > MAX_MEM_LEVEL || method != DEFLATED || - windowBits < 8 || windowBits > 15 || level < 1 || level > 9) { - return Z_STREAM_ERROR; - } - s = (deflate_state *) ZALLOC(strm, 1, sizeof(deflate_state)); - if (s == Z_NULL) return Z_MEM_ERROR; - strm->state = (struct internal_state FAR *)s; - s->strm = strm; - - s->noheader = noheader; - s->w_bits = windowBits; - s->w_size = 1 << s->w_bits; - s->w_mask = s->w_size - 1; - - s->hash_bits = memLevel + 7; - s->hash_size = 1 << s->hash_bits; - s->hash_mask = s->hash_size - 1; - s->hash_shift = ((s->hash_bits+MIN_MATCH-1)/MIN_MATCH); - - s->window = (Bytef *) ZALLOC(strm, s->w_size, 2*sizeof(Byte)); - s->prev = (Posf *) ZALLOC(strm, s->w_size, sizeof(Pos)); - s->head = (Posf *) ZALLOC(strm, s->hash_size, sizeof(Pos)); - - s->lit_bufsize = 1 << (memLevel + 6); /* 16K elements by default */ - - s->pending_buf = (uchf *) ZALLOC(strm, s->lit_bufsize, 2*sizeof(ush)); - - if (s->window == Z_NULL || s->prev == Z_NULL || s->head == Z_NULL || - s->pending_buf == Z_NULL) { - strm->msg = z_errmsg[1-Z_MEM_ERROR]; - deflateEnd (strm); - return Z_MEM_ERROR; - } - s->d_buf = (ushf *) &(s->pending_buf[s->lit_bufsize]); - s->l_buf = (uchf *) &(s->pending_buf[3*s->lit_bufsize]); - /* We overlay pending_buf and d_buf+l_buf. This works since the average - * output size for (length,distance) codes is <= 32 bits (worst case - * is 15+15+13=33). - */ - - s->level = level; - s->strategy = strategy; - s->method = (Byte)method; - s->minCompr = minCompression; - s->blocks_in_packet = 0; - - return deflateReset(strm); -} - -/* ========================================================================= */ -int deflateReset (strm) - z_stream *strm; -{ - deflate_state *s; - - if (strm == Z_NULL || strm->state == Z_NULL || - strm->zalloc == Z_NULL || strm->zfree == Z_NULL) return Z_STREAM_ERROR; - - strm->total_in = strm->total_out = 0; - strm->msg = Z_NULL; /* use zfree if we ever allocate msg dynamically */ - strm->data_type = Z_UNKNOWN; - - s = (deflate_state *)strm->state; - s->pending = 0; - s->pending_out = s->pending_buf; - - if (s->noheader < 0) { - s->noheader = 0; /* was set to -1 by deflate(..., Z_FINISH); */ - } - s->status = s->noheader ? BUSY_STATE : INIT_STATE; - s->adler = 1; - - ct_init(s); - lm_init(s); - - return Z_OK; -} - -/* ========================================================================= - * Put a short in the pending buffer. The 16-bit value is put in MSB order. - * IN assertion: the stream state is correct and there is enough room in - * pending_buf. - */ -local void putShortMSB (s, b) - deflate_state *s; - uInt b; -{ - put_byte(s, (Byte)(b >> 8)); - put_byte(s, (Byte)(b & 0xff)); -} - -/* ========================================================================= - * Flush as much pending output as possible. - */ -local void flush_pending(strm) - z_stream *strm; -{ - deflate_state *state = (deflate_state *) strm->state; - unsigned len = state->pending; - - if (len > strm->avail_out) len = strm->avail_out; - if (len == 0) return; - - if (strm->next_out != NULL) { - zmemcpy(strm->next_out, state->pending_out, len); - strm->next_out += len; - } - state->pending_out += len; - strm->total_out += len; - strm->avail_out -= len; - state->pending -= len; - if (state->pending == 0) { - state->pending_out = state->pending_buf; - } -} - -/* ========================================================================= */ -int deflate (strm, flush) - z_stream *strm; - int flush; -{ - deflate_state *state = (deflate_state *) strm->state; - - if (strm == Z_NULL || state == Z_NULL) return Z_STREAM_ERROR; - - if (strm->next_in == Z_NULL && strm->avail_in != 0) { - ERR_RETURN(strm, Z_STREAM_ERROR); - } - if (strm->avail_out == 0) ERR_RETURN(strm, Z_BUF_ERROR); - - state->strm = strm; /* just in case */ - - /* Write the zlib header */ - if (state->status == INIT_STATE) { - - uInt header = (DEFLATED + ((state->w_bits-8)<<4)) << 8; - uInt level_flags = (state->level-1) >> 1; - - if (level_flags > 3) level_flags = 3; - header |= (level_flags << 6); - header += 31 - (header % 31); - - state->status = BUSY_STATE; - putShortMSB(state, header); - } - - /* Flush as much pending output as possible */ - if (state->pending != 0) { - flush_pending(strm); - if (strm->avail_out == 0) return Z_OK; - } - - /* If we came back in here to get the last output from - * a previous flush, we're done for now. - */ - if (state->status == FLUSH_STATE) { - state->status = BUSY_STATE; - if (flush != Z_NO_FLUSH && flush != Z_FINISH) - return Z_OK; - } - - /* User must not provide more input after the first FINISH: */ - if (state->status == FINISH_STATE && strm->avail_in != 0) { - ERR_RETURN(strm, Z_BUF_ERROR); - } - - /* Start a new block or continue the current one. - */ - if (strm->avail_in != 0 || state->lookahead != 0 || - (flush == Z_FINISH && state->status != FINISH_STATE)) { - int quit; - - if (flush == Z_FINISH) { - state->status = FINISH_STATE; - } - if (state->level <= 3) { - quit = deflate_fast(state, flush); - } else { - quit = deflate_slow(state, flush); - } - if (quit || strm->avail_out == 0) - return Z_OK; - /* If flush != Z_NO_FLUSH && avail_out == 0, the next call - * of deflate should use the same flush parameter to make sure - * that the flush is complete. So we don't have to output an - * empty block here, this will be done at next call. This also - * ensures that for a very small output buffer, we emit at most - * one empty block. - */ - } - - /* If a flush was requested, we have a little more to output now. */ - if (flush != Z_NO_FLUSH && flush != Z_FINISH - && state->status != FINISH_STATE) { - switch (flush) { - case Z_PARTIAL_FLUSH: - ct_align(state); - break; - case Z_PACKET_FLUSH: - /* Output just the 3-bit `stored' block type value, - but not a zero length. */ - ct_stored_type_only(state); - break; - default: - ct_stored_block(state, (char*)0, 0L, 0); - /* For a full flush, this empty block will be recognized - * as a special marker by inflate_sync(). - */ - if (flush == Z_FULL_FLUSH) { - CLEAR_HASH(state); /* forget history */ - } - } - flush_pending(strm); - if (strm->avail_out == 0) { - /* We'll have to come back to get the rest of the output; - * this ensures we don't output a second zero-length stored - * block (or whatever). - */ - state->status = FLUSH_STATE; - return Z_OK; - } - } - - Assert(strm->avail_out > 0, "bug2"); - - if (flush != Z_FINISH) return Z_OK; - if (state->noheader) return Z_STREAM_END; - - /* Write the zlib trailer (adler32) */ - putShortMSB(state, (uInt)(state->adler >> 16)); - putShortMSB(state, (uInt)(state->adler & 0xffff)); - flush_pending(strm); - /* If avail_out is zero, the application will call deflate again - * to flush the rest. - */ - state->noheader = -1; /* write the trailer only once! */ - return state->pending != 0 ? Z_OK : Z_STREAM_END; -} - -/* ========================================================================= */ -int deflateEnd (strm) - z_stream *strm; -{ - deflate_state *state = (deflate_state *) strm->state; - - if (strm == Z_NULL || state == Z_NULL) return Z_STREAM_ERROR; - - TRY_FREE(strm, state->window, state->w_size * 2 * sizeof(Byte)); - TRY_FREE(strm, state->prev, state->w_size * sizeof(Pos)); - TRY_FREE(strm, state->head, state->hash_size * sizeof(Pos)); - TRY_FREE(strm, state->pending_buf, state->lit_bufsize * 2 * sizeof(ush)); - - ZFREE(strm, state, sizeof(deflate_state)); - strm->state = Z_NULL; - - return Z_OK; -} - -/* =========================================================================== - * Read a new buffer from the current input stream, update the adler32 - * and total number of bytes read. - */ -local int read_buf(strm, buf, size) - z_stream *strm; - charf *buf; - unsigned size; -{ - unsigned len = strm->avail_in; - deflate_state *state = (deflate_state *) strm->state; - - if (len > size) len = size; - if (len == 0) return 0; - - strm->avail_in -= len; - - if (!state->noheader) { - state->adler = adler32(state->adler, strm->next_in, len); - } - zmemcpy(buf, strm->next_in, len); - strm->next_in += len; - strm->total_in += len; - - return (int)len; -} - -/* =========================================================================== - * Initialize the "longest match" routines for a new zlib stream - */ -local void lm_init (s) - deflate_state *s; -{ - s->window_size = (ulg)2L*s->w_size; - - CLEAR_HASH(s); - - /* Set the default configuration parameters: - */ - s->max_lazy_match = configuration_table[s->level].max_lazy; - s->good_match = configuration_table[s->level].good_length; - s->nice_match = configuration_table[s->level].nice_length; - s->max_chain_length = configuration_table[s->level].max_chain; - - s->strstart = 0; - s->block_start = 0L; - s->lookahead = 0; - s->match_length = MIN_MATCH-1; - s->match_available = 0; - s->ins_h = 0; -#ifdef ASMV - match_init(); /* initialize the asm code */ -#endif -} - -/* =========================================================================== - * Set match_start to the longest match starting at the given string and - * return its length. Matches shorter or equal to prev_length are discarded, - * in which case the result is equal to prev_length and match_start is - * garbage. - * IN assertions: cur_match is the head of the hash chain for the current - * string (strstart) and its distance is <= MAX_DIST, and prev_length >= 1 - */ -#ifndef ASMV -/* For 80x86 and 680x0, an optimized version will be provided in match.asm or - * match.S. The code will be functionally equivalent. - */ -local int longest_match(s, cur_match) - deflate_state *s; - IPos cur_match; /* current match */ -{ - unsigned chain_length = s->max_chain_length;/* max hash chain length */ - register Bytef *scan = s->window + s->strstart; /* current string */ - register Bytef *match; /* matched string */ - register int len; /* length of current match */ - int best_len = s->prev_length; /* best match length so far */ - IPos limit = s->strstart > (IPos)MAX_DIST(s) ? - s->strstart - (IPos)MAX_DIST(s) : NIL; - /* Stop when cur_match becomes <= limit. To simplify the code, - * we prevent matches with the string of window index 0. - */ - Posf *prev = s->prev; - uInt wmask = s->w_mask; - -#ifdef UNALIGNED_OK - /* Compare two bytes at a time. Note: this is not always beneficial. - * Try with and without -DUNALIGNED_OK to check. - */ - register Bytef *strend = s->window + s->strstart + MAX_MATCH - 1; - register ush scan_start = *(ushf*)scan; - register ush scan_end = *(ushf*)(scan+best_len-1); -#else - register Bytef *strend = s->window + s->strstart + MAX_MATCH; - register Byte scan_end1 = scan[best_len-1]; - register Byte scan_end = scan[best_len]; -#endif - - /* The code is optimized for HASH_BITS >= 8 and MAX_MATCH-2 multiple of 16. - * It is easy to get rid of this optimization if necessary. - */ - Assert(s->hash_bits >= 8 && MAX_MATCH == 258, "Code too clever"); - - /* Do not waste too much time if we already have a good match: */ - if (s->prev_length >= s->good_match) { - chain_length >>= 2; - } - Assert((ulg)s->strstart <= s->window_size-MIN_LOOKAHEAD, "need lookahead"); - - do { - Assert(cur_match < s->strstart, "no future"); - match = s->window + cur_match; - - /* Skip to next match if the match length cannot increase - * or if the match length is less than 2: - */ -#if (defined(UNALIGNED_OK) && MAX_MATCH == 258) - /* This code assumes sizeof(unsigned short) == 2. Do not use - * UNALIGNED_OK if your compiler uses a different size. - */ - if (*(ushf*)(match+best_len-1) != scan_end || - *(ushf*)match != scan_start) continue; - - /* It is not necessary to compare scan[2] and match[2] since they are - * always equal when the other bytes match, given that the hash keys - * are equal and that HASH_BITS >= 8. Compare 2 bytes at a time at - * strstart+3, +5, ... up to strstart+257. We check for insufficient - * lookahead only every 4th comparison; the 128th check will be made - * at strstart+257. If MAX_MATCH-2 is not a multiple of 8, it is - * necessary to put more guard bytes at the end of the window, or - * to check more often for insufficient lookahead. - */ - Assert(scan[2] == match[2], "scan[2]?"); - scan++, match++; - do { - } while (*(ushf*)(scan+=2) == *(ushf*)(match+=2) && - *(ushf*)(scan+=2) == *(ushf*)(match+=2) && - *(ushf*)(scan+=2) == *(ushf*)(match+=2) && - *(ushf*)(scan+=2) == *(ushf*)(match+=2) && - scan < strend); - /* The funny "do {}" generates better code on most compilers */ - - /* Here, scan <= window+strstart+257 */ - Assert(scan <= s->window+(unsigned)(s->window_size-1), "wild scan"); - if (*scan == *match) scan++; - - len = (MAX_MATCH - 1) - (int)(strend-scan); - scan = strend - (MAX_MATCH-1); - -#else /* UNALIGNED_OK */ - - if (match[best_len] != scan_end || - match[best_len-1] != scan_end1 || - *match != *scan || - *++match != scan[1]) continue; - - /* The check at best_len-1 can be removed because it will be made - * again later. (This heuristic is not always a win.) - * It is not necessary to compare scan[2] and match[2] since they - * are always equal when the other bytes match, given that - * the hash keys are equal and that HASH_BITS >= 8. - */ - scan += 2, match++; - Assert(*scan == *match, "match[2]?"); - - /* We check for insufficient lookahead only every 8th comparison; - * the 256th check will be made at strstart+258. - */ - do { - } while (*++scan == *++match && *++scan == *++match && - *++scan == *++match && *++scan == *++match && - *++scan == *++match && *++scan == *++match && - *++scan == *++match && *++scan == *++match && - scan < strend); - - Assert(scan <= s->window+(unsigned)(s->window_size-1), "wild scan"); - - len = MAX_MATCH - (int)(strend - scan); - scan = strend - MAX_MATCH; - -#endif /* UNALIGNED_OK */ - - if (len > best_len) { - s->match_start = cur_match; - best_len = len; - if (len >= s->nice_match) break; -#ifdef UNALIGNED_OK - scan_end = *(ushf*)(scan+best_len-1); -#else - scan_end1 = scan[best_len-1]; - scan_end = scan[best_len]; -#endif - } - } while ((cur_match = prev[cur_match & wmask]) > limit - && --chain_length != 0); - - return best_len; -} -#endif /* ASMV */ - -#ifdef DEBUG_ZLIB -/* =========================================================================== - * Check that the match at match_start is indeed a match. - */ -local void check_match(s, start, match, length) - deflate_state *s; - IPos start, match; - int length; -{ - /* check that the match is indeed a match */ - if (memcmp((charf *)s->window + match, - (charf *)s->window + start, length) != EQUAL) { - fprintf(stderr, - " start %u, match %u, length %d\n", - start, match, length); - do { fprintf(stderr, "%c%c", s->window[match++], - s->window[start++]); } while (--length != 0); - z_error("invalid match"); - } - if (verbose > 1) { - fprintf(stderr,"\\[%d,%d]", start-match, length); - do { putc(s->window[start++], stderr); } while (--length != 0); - } -} -#else -# define check_match(s, start, match, length) -#endif - -/* =========================================================================== - * Fill the window when the lookahead becomes insufficient. - * Updates strstart and lookahead. - * - * IN assertion: lookahead < MIN_LOOKAHEAD - * OUT assertions: strstart <= window_size-MIN_LOOKAHEAD - * At least one byte has been read, or avail_in == 0; reads are - * performed for at least two bytes (required for the zip translate_eol - * option -- not supported here). - */ -local void fill_window(s) - deflate_state *s; -{ - register unsigned n, m; - register Posf *p; - unsigned more; /* Amount of free space at the end of the window. */ - uInt wsize = s->w_size; - - do { - more = (unsigned)(s->window_size -(ulg)s->lookahead -(ulg)s->strstart); - - /* Deal with !@#$% 64K limit: */ - if (more == 0 && s->strstart == 0 && s->lookahead == 0) { - more = wsize; - } else if (more == (unsigned)(-1)) { - /* Very unlikely, but possible on 16 bit machine if strstart == 0 - * and lookahead == 1 (input done one byte at time) - */ - more--; - - /* If the window is almost full and there is insufficient lookahead, - * move the upper half to the lower one to make room in the upper half. - */ - } else if (s->strstart >= wsize+MAX_DIST(s)) { - - /* By the IN assertion, the window is not empty so we can't confuse - * more == 0 with more == 64K on a 16 bit machine. - */ - zmemcpy((charf *)s->window, (charf *)s->window+wsize, - (unsigned)wsize); - s->match_start -= wsize; - s->strstart -= wsize; /* we now have strstart >= MAX_DIST */ - - s->block_start -= (long) wsize; - - /* Slide the hash table (could be avoided with 32 bit values - at the expense of memory usage): - */ - n = s->hash_size; - p = &s->head[n]; - do { - m = *--p; - *p = (Pos)(m >= wsize ? m-wsize : NIL); - } while (--n); - - n = wsize; - p = &s->prev[n]; - do { - m = *--p; - *p = (Pos)(m >= wsize ? m-wsize : NIL); - /* If n is not on any hash chain, prev[n] is garbage but - * its value will never be used. - */ - } while (--n); - - more += wsize; - } - if (s->strm->avail_in == 0) return; - - /* If there was no sliding: - * strstart <= WSIZE+MAX_DIST-1 && lookahead <= MIN_LOOKAHEAD - 1 && - * more == window_size - lookahead - strstart - * => more >= window_size - (MIN_LOOKAHEAD-1 + WSIZE + MAX_DIST-1) - * => more >= window_size - 2*WSIZE + 2 - * In the BIG_MEM or MMAP case (not yet supported), - * window_size == input_size + MIN_LOOKAHEAD && - * strstart + s->lookahead <= input_size => more >= MIN_LOOKAHEAD. - * Otherwise, window_size == 2*WSIZE so more >= 2. - * If there was sliding, more >= WSIZE. So in all cases, more >= 2. - */ - Assert(more >= 2, "more < 2"); - - n = read_buf(s->strm, (charf *)s->window + s->strstart + s->lookahead, - more); - s->lookahead += n; - - /* Initialize the hash value now that we have some input: */ - if (s->lookahead >= MIN_MATCH) { - s->ins_h = s->window[s->strstart]; - UPDATE_HASH(s, s->ins_h, s->window[s->strstart+1]); -#if MIN_MATCH != 3 - Call UPDATE_HASH() MIN_MATCH-3 more times -#endif - } - /* If the whole input has less than MIN_MATCH bytes, ins_h is garbage, - * but this is not important since only literal bytes will be emitted. - */ - - } while (s->lookahead < MIN_LOOKAHEAD && s->strm->avail_in != 0); -} - -/* =========================================================================== - * Flush the current block, with given end-of-file flag. - * IN assertion: strstart is set to the end of the current match. - */ -#define FLUSH_BLOCK_ONLY(s, flush) { \ - ct_flush_block(s, (s->block_start >= 0L ? \ - (charf *)&s->window[(unsigned)s->block_start] : \ - (charf *)Z_NULL), (long)s->strstart - s->block_start, (flush)); \ - s->block_start = s->strstart; \ - flush_pending(s->strm); \ - Tracev((stderr,"[FLUSH]")); \ -} - -/* Same but force premature exit if necessary. */ -#define FLUSH_BLOCK(s, flush) { \ - FLUSH_BLOCK_ONLY(s, flush); \ - if (s->strm->avail_out == 0) return 1; \ -} - -/* =========================================================================== - * Compress as much as possible from the input stream, return true if - * processing was terminated prematurely (no more input or output space). - * This function does not perform lazy evaluationof matches and inserts - * new strings in the dictionary only for unmatched strings or for short - * matches. It is used only for the fast compression options. - */ -local int deflate_fast(s, flush) - deflate_state *s; - int flush; -{ - IPos hash_head = NIL; /* head of the hash chain */ - int bflush; /* set if current block must be flushed */ - - s->prev_length = MIN_MATCH-1; - - for (;;) { - /* Make sure that we always have enough lookahead, except - * at the end of the input file. We need MAX_MATCH bytes - * for the next match, plus MIN_MATCH bytes to insert the - * string following the next match. - */ - if (s->lookahead < MIN_LOOKAHEAD) { - fill_window(s); - if (s->lookahead < MIN_LOOKAHEAD && flush == Z_NO_FLUSH) return 1; - - if (s->lookahead == 0) break; /* flush the current block */ - } - - /* Insert the string window[strstart .. strstart+2] in the - * dictionary, and set hash_head to the head of the hash chain: - */ - if (s->lookahead >= MIN_MATCH) { - INSERT_STRING(s, s->strstart, hash_head); - } - - /* Find the longest match, discarding those <= prev_length. - * At this point we have always match_length < MIN_MATCH - */ - if (hash_head != NIL && s->strstart - hash_head <= MAX_DIST(s)) { - /* To simplify the code, we prevent matches with the string - * of window index 0 (in particular we have to avoid a match - * of the string with itself at the start of the input file). - */ - if (s->strategy != Z_HUFFMAN_ONLY) { - s->match_length = longest_match (s, hash_head); - } - /* longest_match() sets match_start */ - - if (s->match_length > s->lookahead) s->match_length = s->lookahead; - } - if (s->match_length >= MIN_MATCH) { - check_match(s, s->strstart, s->match_start, s->match_length); - - bflush = ct_tally(s, s->strstart - s->match_start, - s->match_length - MIN_MATCH); - - s->lookahead -= s->match_length; - - /* Insert new strings in the hash table only if the match length - * is not too large. This saves time but degrades compression. - */ - if (s->match_length <= s->max_insert_length && - s->lookahead >= MIN_MATCH) { - s->match_length--; /* string at strstart already in hash table */ - do { - s->strstart++; - INSERT_STRING(s, s->strstart, hash_head); - /* strstart never exceeds WSIZE-MAX_MATCH, so there are - * always MIN_MATCH bytes ahead. - */ - } while (--s->match_length != 0); - s->strstart++; - } else { - s->strstart += s->match_length; - s->match_length = 0; - s->ins_h = s->window[s->strstart]; - UPDATE_HASH(s, s->ins_h, s->window[s->strstart+1]); -#if MIN_MATCH != 3 - Call UPDATE_HASH() MIN_MATCH-3 more times -#endif - /* If lookahead < MIN_MATCH, ins_h is garbage, but it does not - * matter since it will be recomputed at next deflate call. - */ - } - } else { - /* No match, output a literal byte */ - Tracevv((stderr,"%c", s->window[s->strstart])); - bflush = ct_tally (s, 0, s->window[s->strstart]); - s->lookahead--; - s->strstart++; - } - if (bflush) FLUSH_BLOCK(s, Z_NO_FLUSH); - } - FLUSH_BLOCK(s, flush); - return 0; /* normal exit */ -} - -/* =========================================================================== - * Same as above, but achieves better compression. We use a lazy - * evaluation for matches: a match is finally adopted only if there is - * no better match at the next window position. - */ -local int deflate_slow(s, flush) - deflate_state *s; - int flush; -{ - IPos hash_head = NIL; /* head of hash chain */ - int bflush; /* set if current block must be flushed */ - - /* Process the input block. */ - for (;;) { - /* Make sure that we always have enough lookahead, except - * at the end of the input file. We need MAX_MATCH bytes - * for the next match, plus MIN_MATCH bytes to insert the - * string following the next match. - */ - if (s->lookahead < MIN_LOOKAHEAD) { - fill_window(s); - if (s->lookahead < MIN_LOOKAHEAD && flush == Z_NO_FLUSH) return 1; - - if (s->lookahead == 0) break; /* flush the current block */ - } - - /* Insert the string window[strstart .. strstart+2] in the - * dictionary, and set hash_head to the head of the hash chain: - */ - if (s->lookahead >= MIN_MATCH) { - INSERT_STRING(s, s->strstart, hash_head); - } - - /* Find the longest match, discarding those <= prev_length. - */ - s->prev_length = s->match_length, s->prev_match = s->match_start; - s->match_length = MIN_MATCH-1; - - if (hash_head != NIL && s->prev_length < s->max_lazy_match && - s->strstart - hash_head <= MAX_DIST(s)) { - /* To simplify the code, we prevent matches with the string - * of window index 0 (in particular we have to avoid a match - * of the string with itself at the start of the input file). - */ - if (s->strategy != Z_HUFFMAN_ONLY) { - s->match_length = longest_match (s, hash_head); - } - /* longest_match() sets match_start */ - if (s->match_length > s->lookahead) s->match_length = s->lookahead; - - if (s->match_length <= 5 && (s->strategy == Z_FILTERED || - (s->match_length == MIN_MATCH && - s->strstart - s->match_start > TOO_FAR))) { - - /* If prev_match is also MIN_MATCH, match_start is garbage - * but we will ignore the current match anyway. - */ - s->match_length = MIN_MATCH-1; - } - } - /* If there was a match at the previous step and the current - * match is not better, output the previous match: - */ - if (s->prev_length >= MIN_MATCH && s->match_length <= s->prev_length) { - uInt max_insert = s->strstart + s->lookahead - MIN_MATCH; - /* Do not insert strings in hash table beyond this. */ - - check_match(s, s->strstart-1, s->prev_match, s->prev_length); - - bflush = ct_tally(s, s->strstart -1 - s->prev_match, - s->prev_length - MIN_MATCH); - - /* Insert in hash table all strings up to the end of the match. - * strstart-1 and strstart are already inserted. If there is not - * enough lookahead, the last two strings are not inserted in - * the hash table. - */ - s->lookahead -= s->prev_length-1; - s->prev_length -= 2; - do { - if (++s->strstart <= max_insert) { - INSERT_STRING(s, s->strstart, hash_head); - } - } while (--s->prev_length != 0); - s->match_available = 0; - s->match_length = MIN_MATCH-1; - s->strstart++; - - if (bflush) FLUSH_BLOCK(s, Z_NO_FLUSH); - - } else if (s->match_available) { - /* If there was no match at the previous position, output a - * single literal. If there was a match but the current match - * is longer, truncate the previous match to a single literal. - */ - Tracevv((stderr,"%c", s->window[s->strstart-1])); - if (ct_tally (s, 0, s->window[s->strstart-1])) { - FLUSH_BLOCK_ONLY(s, Z_NO_FLUSH); - } - s->strstart++; - s->lookahead--; - if (s->strm->avail_out == 0) return 1; - } else { - /* There is no previous match to compare with, wait for - * the next step to decide. - */ - s->match_available = 1; - s->strstart++; - s->lookahead--; - } - } - Assert (flush != Z_NO_FLUSH, "no flush?"); - if (s->match_available) { - Tracevv((stderr,"%c", s->window[s->strstart-1])); - ct_tally (s, 0, s->window[s->strstart-1]); - s->match_available = 0; - } - FLUSH_BLOCK(s, flush); - return 0; -} - - -/*+++++*/ -/* trees.c -- output deflated data using Huffman coding - * Copyright (C) 1995 Jean-loup Gailly - * For conditions of distribution and use, see copyright notice in zlib.h - */ - -/* - * ALGORITHM - * - * The "deflation" process uses several Huffman trees. The more - * common source values are represented by shorter bit sequences. - * - * Each code tree is stored in a compressed form which is itself - * a Huffman encoding of the lengths of all the code strings (in - * ascending order by source values). The actual code strings are - * reconstructed from the lengths in the inflate process, as described - * in the deflate specification. - * - * REFERENCES - * - * Deutsch, L.P.,"'Deflate' Compressed Data Format Specification". - * Available in ftp.uu.net:/pub/archiving/zip/doc/deflate-1.1.doc - * - * Storer, James A. - * Data Compression: Methods and Theory, pp. 49-50. - * Computer Science Press, 1988. ISBN 0-7167-8156-5. - * - * Sedgewick, R. - * Algorithms, p290. - * Addison-Wesley, 1983. ISBN 0-201-06672-6. - */ - -/* From: trees.c,v 1.5 1995/05/03 17:27:12 jloup Exp */ - -#ifdef DEBUG_ZLIB -# include -#endif - -/* =========================================================================== - * Constants - */ - -#define MAX_BL_BITS 7 -/* Bit length codes must not exceed MAX_BL_BITS bits */ - -#define END_BLOCK 256 -/* end of block literal code */ - -#define REP_3_6 16 -/* repeat previous bit length 3-6 times (2 bits of repeat count) */ - -#define REPZ_3_10 17 -/* repeat a zero length 3-10 times (3 bits of repeat count) */ - -#define REPZ_11_138 18 -/* repeat a zero length 11-138 times (7 bits of repeat count) */ - -local int extra_lbits[LENGTH_CODES] /* extra bits for each length code */ - = {0,0,0,0,0,0,0,0,1,1,1,1,2,2,2,2,3,3,3,3,4,4,4,4,5,5,5,5,0}; - -local int extra_dbits[D_CODES] /* extra bits for each distance code */ - = {0,0,0,0,1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,9,9,10,10,11,11,12,12,13,13}; - -local int extra_blbits[BL_CODES]/* extra bits for each bit length code */ - = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,2,3,7}; - -local uch bl_order[BL_CODES] - = {16,17,18,0,8,7,9,6,10,5,11,4,12,3,13,2,14,1,15}; -/* The lengths of the bit length codes are sent in order of decreasing - * probability, to avoid transmitting the lengths for unused bit length codes. - */ - -#define Buf_size (8 * 2*sizeof(char)) -/* Number of bits used within bi_buf. (bi_buf might be implemented on - * more than 16 bits on some systems.) - */ - -/* =========================================================================== - * Local data. These are initialized only once. - * To do: initialize at compile time to be completely reentrant. ??? - */ - -local ct_data static_ltree[L_CODES+2]; -/* The static literal tree. Since the bit lengths are imposed, there is no - * need for the L_CODES extra codes used during heap construction. However - * The codes 286 and 287 are needed to build a canonical tree (see ct_init - * below). - */ - -local ct_data static_dtree[D_CODES]; -/* The static distance tree. (Actually a trivial tree since all codes use - * 5 bits.) - */ - -local uch dist_code[512]; -/* distance codes. The first 256 values correspond to the distances - * 3 .. 258, the last 256 values correspond to the top 8 bits of - * the 15 bit distances. - */ - -local uch length_code[MAX_MATCH-MIN_MATCH+1]; -/* length code for each normalized match length (0 == MIN_MATCH) */ - -local int base_length[LENGTH_CODES]; -/* First normalized length for each code (0 = MIN_MATCH) */ - -local int base_dist[D_CODES]; -/* First normalized distance for each code (0 = distance of 1) */ - -struct static_tree_desc_s { - ct_data *static_tree; /* static tree or NULL */ - intf *extra_bits; /* extra bits for each code or NULL */ - int extra_base; /* base index for extra_bits */ - int elems; /* max number of elements in the tree */ - int max_length; /* max bit length for the codes */ -}; - -local static_tree_desc static_l_desc = -{static_ltree, extra_lbits, LITERALS+1, L_CODES, MAX_BITS}; - -local static_tree_desc static_d_desc = -{static_dtree, extra_dbits, 0, D_CODES, MAX_BITS}; - -local static_tree_desc static_bl_desc = -{(ct_data *)0, extra_blbits, 0, BL_CODES, MAX_BL_BITS}; - -/* =========================================================================== - * Local (static) routines in this file. - */ - -local void ct_static_init OF((void)); -local void init_block OF((deflate_state *s)); -local void pqdownheap OF((deflate_state *s, ct_data *tree, int k)); -local void gen_bitlen OF((deflate_state *s, tree_desc *desc)); -local void gen_codes OF((ct_data *tree, int max_code, ushf *bl_count)); -local void build_tree OF((deflate_state *s, tree_desc *desc)); -local void scan_tree OF((deflate_state *s, ct_data *tree, int max_code)); -local void send_tree OF((deflate_state *s, ct_data *tree, int max_code)); -local int build_bl_tree OF((deflate_state *s)); -local void send_all_trees OF((deflate_state *s, int lcodes, int dcodes, - int blcodes)); -local void compress_block OF((deflate_state *s, ct_data *ltree, - ct_data *dtree)); -local void set_data_type OF((deflate_state *s)); -local unsigned bi_reverse OF((unsigned value, int length)); -local void bi_windup OF((deflate_state *s)); -local void bi_flush OF((deflate_state *s)); -local void copy_block OF((deflate_state *s, charf *buf, unsigned len, - int header)); - -#ifndef DEBUG_ZLIB -# define send_code(s, c, tree) send_bits(s, tree[c].Code, tree[c].Len) - /* Send a code of the given tree. c and tree must not have side effects */ - -#else /* DEBUG_ZLIB */ -# define send_code(s, c, tree) \ - { if (verbose>1) fprintf(stderr,"\ncd %3d ",(c)); \ - send_bits(s, tree[c].Code, tree[c].Len); } -#endif - -#define d_code(dist) \ - ((dist) < 256 ? dist_code[dist] : dist_code[256+((dist)>>7)]) -/* Mapping from a distance to a distance code. dist is the distance - 1 and - * must not have side effects. dist_code[256] and dist_code[257] are never - * used. - */ - -/* =========================================================================== - * Output a short LSB first on the stream. - * IN assertion: there is enough room in pendingBuf. - */ -#define put_short(s, w) { \ - put_byte(s, (uch)((w) & 0xff)); \ - put_byte(s, (uch)((ush)(w) >> 8)); \ -} - -/* =========================================================================== - * Send a value on a given number of bits. - * IN assertion: length <= 16 and value fits in length bits. - */ -#ifdef DEBUG_ZLIB -local void send_bits OF((deflate_state *s, int value, int length)); - -local void send_bits(s, value, length) - deflate_state *s; - int value; /* value to send */ - int length; /* number of bits */ -{ - Tracev((stderr," l %2d v %4x ", length, value)); - Assert(length > 0 && length <= 15, "invalid length"); - s->bits_sent += (ulg)length; - - /* If not enough room in bi_buf, use (valid) bits from bi_buf and - * (16 - bi_valid) bits from value, leaving (width - (16-bi_valid)) - * unused bits in value. - */ - if (s->bi_valid > (int)Buf_size - length) { - s->bi_buf |= (value << s->bi_valid); - put_short(s, s->bi_buf); - s->bi_buf = (ush)value >> (Buf_size - s->bi_valid); - s->bi_valid += length - Buf_size; - } else { - s->bi_buf |= value << s->bi_valid; - s->bi_valid += length; - } -} -#else /* !DEBUG_ZLIB */ - -#define send_bits(s, value, length) \ -{ int len = length;\ - if (s->bi_valid > (int)Buf_size - len) {\ - int val = value;\ - s->bi_buf |= (val << s->bi_valid);\ - put_short(s, s->bi_buf);\ - s->bi_buf = (ush)val >> (Buf_size - s->bi_valid);\ - s->bi_valid += len - Buf_size;\ - } else {\ - s->bi_buf |= (value) << s->bi_valid;\ - s->bi_valid += len;\ - }\ -} -#endif /* DEBUG_ZLIB */ - - -#define MAX(a,b) (a >= b ? a : b) -/* the arguments must not have side effects */ - -/* =========================================================================== - * Initialize the various 'constant' tables. - * To do: do this at compile time. - */ -local void ct_static_init() -{ - int n; /* iterates over tree elements */ - int bits; /* bit counter */ - int length; /* length value */ - int code; /* code value */ - int dist; /* distance index */ - ush bl_count[MAX_BITS+1]; - /* number of codes at each bit length for an optimal tree */ - - /* Initialize the mapping length (0..255) -> length code (0..28) */ - length = 0; - for (code = 0; code < LENGTH_CODES-1; code++) { - base_length[code] = length; - for (n = 0; n < (1< dist code (0..29) */ - dist = 0; - for (code = 0 ; code < 16; code++) { - base_dist[code] = dist; - for (n = 0; n < (1<>= 7; /* from now on, all distances are divided by 128 */ - for ( ; code < D_CODES; code++) { - base_dist[code] = dist << 7; - for (n = 0; n < (1<<(extra_dbits[code]-7)); n++) { - dist_code[256 + dist++] = (uch)code; - } - } - Assert (dist == 256, "ct_static_init: 256+dist != 512"); - - /* Construct the codes of the static literal tree */ - for (bits = 0; bits <= MAX_BITS; bits++) bl_count[bits] = 0; - n = 0; - while (n <= 143) static_ltree[n++].Len = 8, bl_count[8]++; - while (n <= 255) static_ltree[n++].Len = 9, bl_count[9]++; - while (n <= 279) static_ltree[n++].Len = 7, bl_count[7]++; - while (n <= 287) static_ltree[n++].Len = 8, bl_count[8]++; - /* Codes 286 and 287 do not exist, but we must include them in the - * tree construction to get a canonical Huffman tree (longest code - * all ones) - */ - gen_codes((ct_data *)static_ltree, L_CODES+1, bl_count); - - /* The static distance tree is trivial: */ - for (n = 0; n < D_CODES; n++) { - static_dtree[n].Len = 5; - static_dtree[n].Code = bi_reverse(n, 5); - } -} - -/* =========================================================================== - * Initialize the tree data structures for a new zlib stream. - */ -local void ct_init(s) - deflate_state *s; -{ - if (static_dtree[0].Len == 0) { - ct_static_init(); /* To do: at compile time */ - } - - s->compressed_len = 0L; - - s->l_desc.dyn_tree = s->dyn_ltree; - s->l_desc.stat_desc = &static_l_desc; - - s->d_desc.dyn_tree = s->dyn_dtree; - s->d_desc.stat_desc = &static_d_desc; - - s->bl_desc.dyn_tree = s->bl_tree; - s->bl_desc.stat_desc = &static_bl_desc; - - s->bi_buf = 0; - s->bi_valid = 0; - s->last_eob_len = 8; /* enough lookahead for inflate */ -#ifdef DEBUG_ZLIB - s->bits_sent = 0L; -#endif - s->blocks_in_packet = 0; - - /* Initialize the first block of the first file: */ - init_block(s); -} - -/* =========================================================================== - * Initialize a new block. - */ -local void init_block(s) - deflate_state *s; -{ - int n; /* iterates over tree elements */ - - /* Initialize the trees. */ - for (n = 0; n < L_CODES; n++) s->dyn_ltree[n].Freq = 0; - for (n = 0; n < D_CODES; n++) s->dyn_dtree[n].Freq = 0; - for (n = 0; n < BL_CODES; n++) s->bl_tree[n].Freq = 0; - - s->dyn_ltree[END_BLOCK].Freq = 1; - s->opt_len = s->static_len = 0L; - s->last_lit = s->matches = 0; -} - -#define SMALLEST 1 -/* Index within the heap array of least frequent node in the Huffman tree */ - - -/* =========================================================================== - * Remove the smallest element from the heap and recreate the heap with - * one less element. Updates heap and heap_len. - */ -#define pqremove(s, tree, top) \ -{\ - top = s->heap[SMALLEST]; \ - s->heap[SMALLEST] = s->heap[s->heap_len--]; \ - pqdownheap(s, tree, SMALLEST); \ -} - -/* =========================================================================== - * Compares to subtrees, using the tree depth as tie breaker when - * the subtrees have equal frequency. This minimizes the worst case length. - */ -#define smaller(tree, n, m, depth) \ - (tree[n].Freq < tree[m].Freq || \ - (tree[n].Freq == tree[m].Freq && depth[n] <= depth[m])) - -/* =========================================================================== - * Restore the heap property by moving down the tree starting at node k, - * exchanging a node with the smallest of its two sons if necessary, stopping - * when the heap property is re-established (each father smaller than its - * two sons). - */ -local void pqdownheap(s, tree, k) - deflate_state *s; - ct_data *tree; /* the tree to restore */ - int k; /* node to move down */ -{ - int v = s->heap[k]; - int j = k << 1; /* left son of k */ - while (j <= s->heap_len) { - /* Set j to the smallest of the two sons: */ - if (j < s->heap_len && - smaller(tree, s->heap[j+1], s->heap[j], s->depth)) { - j++; - } - /* Exit if v is smaller than both sons */ - if (smaller(tree, v, s->heap[j], s->depth)) break; - - /* Exchange v with the smallest son */ - s->heap[k] = s->heap[j]; k = j; - - /* And continue down the tree, setting j to the left son of k */ - j <<= 1; - } - s->heap[k] = v; -} - -/* =========================================================================== - * Compute the optimal bit lengths for a tree and update the total bit length - * for the current block. - * IN assertion: the fields freq and dad are set, heap[heap_max] and - * above are the tree nodes sorted by increasing frequency. - * OUT assertions: the field len is set to the optimal bit length, the - * array bl_count contains the frequencies for each bit length. - * The length opt_len is updated; static_len is also updated if stree is - * not null. - */ -local void gen_bitlen(s, desc) - deflate_state *s; - tree_desc *desc; /* the tree descriptor */ -{ - ct_data *tree = desc->dyn_tree; - int max_code = desc->max_code; - ct_data *stree = desc->stat_desc->static_tree; - intf *extra = desc->stat_desc->extra_bits; - int base = desc->stat_desc->extra_base; - int max_length = desc->stat_desc->max_length; - int h; /* heap index */ - int n, m; /* iterate over the tree elements */ - int bits; /* bit length */ - int xbits; /* extra bits */ - ush f; /* frequency */ - int overflow = 0; /* number of elements with bit length too large */ - - for (bits = 0; bits <= MAX_BITS; bits++) s->bl_count[bits] = 0; - - /* In a first pass, compute the optimal bit lengths (which may - * overflow in the case of the bit length tree). - */ - tree[s->heap[s->heap_max]].Len = 0; /* root of the heap */ - - for (h = s->heap_max+1; h < HEAP_SIZE; h++) { - n = s->heap[h]; - bits = tree[tree[n].Dad].Len + 1; - if (bits > max_length) bits = max_length, overflow++; - tree[n].Len = (ush)bits; - /* We overwrite tree[n].Dad which is no longer needed */ - - if (n > max_code) continue; /* not a leaf node */ - - s->bl_count[bits]++; - xbits = 0; - if (n >= base) xbits = extra[n-base]; - f = tree[n].Freq; - s->opt_len += (ulg)f * (bits + xbits); - if (stree) s->static_len += (ulg)f * (stree[n].Len + xbits); - } - if (overflow == 0) return; - - Trace((stderr,"\nbit length overflow\n")); - /* This happens for example on obj2 and pic of the Calgary corpus */ - - /* Find the first bit length which could increase: */ - do { - bits = max_length-1; - while (s->bl_count[bits] == 0) bits--; - s->bl_count[bits]--; /* move one leaf down the tree */ - s->bl_count[bits+1] += 2; /* move one overflow item as its brother */ - s->bl_count[max_length]--; - /* The brother of the overflow item also moves one step up, - * but this does not affect bl_count[max_length] - */ - overflow -= 2; - } while (overflow > 0); - - /* Now recompute all bit lengths, scanning in increasing frequency. - * h is still equal to HEAP_SIZE. (It is simpler to reconstruct all - * lengths instead of fixing only the wrong ones. This idea is taken - * from 'ar' written by Haruhiko Okumura.) - */ - for (bits = max_length; bits != 0; bits--) { - n = s->bl_count[bits]; - while (n != 0) { - m = s->heap[--h]; - if (m > max_code) continue; - if (tree[m].Len != (unsigned) bits) { - Trace((stderr,"code %d bits %d->%d\n", m, tree[m].Len, bits)); - s->opt_len += ((long)bits - (long)tree[m].Len) - *(long)tree[m].Freq; - tree[m].Len = (ush)bits; - } - n--; - } - } -} - -/* =========================================================================== - * Generate the codes for a given tree and bit counts (which need not be - * optimal). - * IN assertion: the array bl_count contains the bit length statistics for - * the given tree and the field len is set for all tree elements. - * OUT assertion: the field code is set for all tree elements of non - * zero code length. - */ -local void gen_codes (tree, max_code, bl_count) - ct_data *tree; /* the tree to decorate */ - int max_code; /* largest code with non zero frequency */ - ushf *bl_count; /* number of codes at each bit length */ -{ - ush next_code[MAX_BITS+1]; /* next code value for each bit length */ - ush code = 0; /* running code value */ - int bits; /* bit index */ - int n; /* code index */ - - /* The distribution counts are first used to generate the code values - * without bit reversal. - */ - for (bits = 1; bits <= MAX_BITS; bits++) { - next_code[bits] = code = (code + bl_count[bits-1]) << 1; - } - /* Check that the bit counts in bl_count are consistent. The last code - * must be all ones. - */ - Assert (code + bl_count[MAX_BITS]-1 == (1<dyn_tree; - ct_data *stree = desc->stat_desc->static_tree; - int elems = desc->stat_desc->elems; - int n, m; /* iterate over heap elements */ - int max_code = -1; /* largest code with non zero frequency */ - int node; /* new node being created */ - - /* Construct the initial heap, with least frequent element in - * heap[SMALLEST]. The sons of heap[n] are heap[2*n] and heap[2*n+1]. - * heap[0] is not used. - */ - s->heap_len = 0, s->heap_max = HEAP_SIZE; - - for (n = 0; n < elems; n++) { - if (tree[n].Freq != 0) { - s->heap[++(s->heap_len)] = max_code = n; - s->depth[n] = 0; - } else { - tree[n].Len = 0; - } - } - - /* The pkzip format requires that at least one distance code exists, - * and that at least one bit should be sent even if there is only one - * possible code. So to avoid special checks later on we force at least - * two codes of non zero frequency. - */ - while (s->heap_len < 2) { - node = s->heap[++(s->heap_len)] = (max_code < 2 ? ++max_code : 0); - tree[node].Freq = 1; - s->depth[node] = 0; - s->opt_len--; if (stree) s->static_len -= stree[node].Len; - /* node is 0 or 1 so it does not have extra bits */ - } - desc->max_code = max_code; - - /* The elements heap[heap_len/2+1 .. heap_len] are leaves of the tree, - * establish sub-heaps of increasing lengths: - */ - for (n = s->heap_len/2; n >= 1; n--) pqdownheap(s, tree, n); - - /* Construct the Huffman tree by repeatedly combining the least two - * frequent nodes. - */ - node = elems; /* next internal node of the tree */ - do { - pqremove(s, tree, n); /* n = node of least frequency */ - m = s->heap[SMALLEST]; /* m = node of next least frequency */ - - s->heap[--(s->heap_max)] = n; /* keep the nodes sorted by frequency */ - s->heap[--(s->heap_max)] = m; - - /* Create a new node father of n and m */ - tree[node].Freq = tree[n].Freq + tree[m].Freq; - s->depth[node] = (uch) (MAX(s->depth[n], s->depth[m]) + 1); - tree[n].Dad = tree[m].Dad = (ush)node; -#ifdef DUMP_BL_TREE - if (tree == s->bl_tree) { - fprintf(stderr,"\nnode %d(%d), sons %d(%d) %d(%d)", - node, tree[node].Freq, n, tree[n].Freq, m, tree[m].Freq); - } -#endif - /* and insert the new node in the heap */ - s->heap[SMALLEST] = node++; - pqdownheap(s, tree, SMALLEST); - - } while (s->heap_len >= 2); - - s->heap[--(s->heap_max)] = s->heap[SMALLEST]; - - /* At this point, the fields freq and dad are set. We can now - * generate the bit lengths. - */ - gen_bitlen(s, (tree_desc *)desc); - - /* The field len is now set, we can generate the bit codes */ - gen_codes ((ct_data *)tree, max_code, s->bl_count); -} - -/* =========================================================================== - * Scan a literal or distance tree to determine the frequencies of the codes - * in the bit length tree. - */ -local void scan_tree (s, tree, max_code) - deflate_state *s; - ct_data *tree; /* the tree to be scanned */ - int max_code; /* and its largest code of non zero frequency */ -{ - int n; /* iterates over all tree elements */ - int prevlen = -1; /* last emitted length */ - int curlen; /* length of current code */ - int nextlen = tree[0].Len; /* length of next code */ - int count = 0; /* repeat count of the current code */ - int max_count = 7; /* max repeat count */ - int min_count = 4; /* min repeat count */ - - if (nextlen == 0) max_count = 138, min_count = 3; - tree[max_code+1].Len = (ush)0xffff; /* guard */ - - for (n = 0; n <= max_code; n++) { - curlen = nextlen; nextlen = tree[n+1].Len; - if (++count < max_count && curlen == nextlen) { - continue; - } else if (count < min_count) { - s->bl_tree[curlen].Freq += count; - } else if (curlen != 0) { - if (curlen != prevlen) s->bl_tree[curlen].Freq++; - s->bl_tree[REP_3_6].Freq++; - } else if (count <= 10) { - s->bl_tree[REPZ_3_10].Freq++; - } else { - s->bl_tree[REPZ_11_138].Freq++; - } - count = 0; prevlen = curlen; - if (nextlen == 0) { - max_count = 138, min_count = 3; - } else if (curlen == nextlen) { - max_count = 6, min_count = 3; - } else { - max_count = 7, min_count = 4; - } - } -} - -/* =========================================================================== - * Send a literal or distance tree in compressed form, using the codes in - * bl_tree. - */ -local void send_tree (s, tree, max_code) - deflate_state *s; - ct_data *tree; /* the tree to be scanned */ - int max_code; /* and its largest code of non zero frequency */ -{ - int n; /* iterates over all tree elements */ - int prevlen = -1; /* last emitted length */ - int curlen; /* length of current code */ - int nextlen = tree[0].Len; /* length of next code */ - int count = 0; /* repeat count of the current code */ - int max_count = 7; /* max repeat count */ - int min_count = 4; /* min repeat count */ - - /* tree[max_code+1].Len = -1; */ /* guard already set */ - if (nextlen == 0) max_count = 138, min_count = 3; - - for (n = 0; n <= max_code; n++) { - curlen = nextlen; nextlen = tree[n+1].Len; - if (++count < max_count && curlen == nextlen) { - continue; - } else if (count < min_count) { - do { send_code(s, curlen, s->bl_tree); } while (--count != 0); - - } else if (curlen != 0) { - if (curlen != prevlen) { - send_code(s, curlen, s->bl_tree); count--; - } - Assert(count >= 3 && count <= 6, " 3_6?"); - send_code(s, REP_3_6, s->bl_tree); send_bits(s, count-3, 2); - - } else if (count <= 10) { - send_code(s, REPZ_3_10, s->bl_tree); send_bits(s, count-3, 3); - - } else { - send_code(s, REPZ_11_138, s->bl_tree); send_bits(s, count-11, 7); - } - count = 0; prevlen = curlen; - if (nextlen == 0) { - max_count = 138, min_count = 3; - } else if (curlen == nextlen) { - max_count = 6, min_count = 3; - } else { - max_count = 7, min_count = 4; - } - } -} - -/* =========================================================================== - * Construct the Huffman tree for the bit lengths and return the index in - * bl_order of the last bit length code to send. - */ -local int build_bl_tree(s) - deflate_state *s; -{ - int max_blindex; /* index of last bit length code of non zero freq */ - - /* Determine the bit length frequencies for literal and distance trees */ - scan_tree(s, (ct_data *)s->dyn_ltree, s->l_desc.max_code); - scan_tree(s, (ct_data *)s->dyn_dtree, s->d_desc.max_code); - - /* Build the bit length tree: */ - build_tree(s, (tree_desc *)(&(s->bl_desc))); - /* opt_len now includes the length of the tree representations, except - * the lengths of the bit lengths codes and the 5+5+4 bits for the counts. - */ - - /* Determine the number of bit length codes to send. The pkzip format - * requires that at least 4 bit length codes be sent. (appnote.txt says - * 3 but the actual value used is 4.) - */ - for (max_blindex = BL_CODES-1; max_blindex >= 3; max_blindex--) { - if (s->bl_tree[bl_order[max_blindex]].Len != 0) break; - } - /* Update opt_len to include the bit length tree and counts */ - s->opt_len += 3*(max_blindex+1) + 5+5+4; - Tracev((stderr, "\ndyn trees: dyn %ld, stat %ld", - s->opt_len, s->static_len)); - - return max_blindex; -} - -/* =========================================================================== - * Send the header for a block using dynamic Huffman trees: the counts, the - * lengths of the bit length codes, the literal tree and the distance tree. - * IN assertion: lcodes >= 257, dcodes >= 1, blcodes >= 4. - */ -local void send_all_trees(s, lcodes, dcodes, blcodes) - deflate_state *s; - int lcodes, dcodes, blcodes; /* number of codes for each tree */ -{ - int rank; /* index in bl_order */ - - Assert (lcodes >= 257 && dcodes >= 1 && blcodes >= 4, "not enough codes"); - Assert (lcodes <= L_CODES && dcodes <= D_CODES && blcodes <= BL_CODES, - "too many codes"); - Tracev((stderr, "\nbl counts: ")); - send_bits(s, lcodes-257, 5); /* not +255 as stated in appnote.txt */ - send_bits(s, dcodes-1, 5); - send_bits(s, blcodes-4, 4); /* not -3 as stated in appnote.txt */ - for (rank = 0; rank < blcodes; rank++) { - Tracev((stderr, "\nbl code %2d ", bl_order[rank])); - send_bits(s, s->bl_tree[bl_order[rank]].Len, 3); - } - Tracev((stderr, "\nbl tree: sent %ld", s->bits_sent)); - - send_tree(s, (ct_data *)s->dyn_ltree, lcodes-1); /* literal tree */ - Tracev((stderr, "\nlit tree: sent %ld", s->bits_sent)); - - send_tree(s, (ct_data *)s->dyn_dtree, dcodes-1); /* distance tree */ - Tracev((stderr, "\ndist tree: sent %ld", s->bits_sent)); -} - -/* =========================================================================== - * Send a stored block - */ -local void ct_stored_block(s, buf, stored_len, eof) - deflate_state *s; - charf *buf; /* input block */ - ulg stored_len; /* length of input block */ - int eof; /* true if this is the last block for a file */ -{ - send_bits(s, (STORED_BLOCK<<1)+eof, 3); /* send block type */ - s->compressed_len = (s->compressed_len + 3 + 7) & ~7L; - s->compressed_len += (stored_len + 4) << 3; - - copy_block(s, buf, (unsigned)stored_len, 1); /* with header */ -} - -/* Send just the `stored block' type code without any length bytes or data. - */ -local void ct_stored_type_only(s) - deflate_state *s; -{ - send_bits(s, (STORED_BLOCK << 1), 3); - bi_windup(s); - s->compressed_len = (s->compressed_len + 3) & ~7L; -} - - -/* =========================================================================== - * Send one empty static block to give enough lookahead for inflate. - * This takes 10 bits, of which 7 may remain in the bit buffer. - * The current inflate code requires 9 bits of lookahead. If the EOB - * code for the previous block was coded on 5 bits or less, inflate - * may have only 5+3 bits of lookahead to decode this EOB. - * (There are no problems if the previous block is stored or fixed.) - */ -local void ct_align(s) - deflate_state *s; -{ - send_bits(s, STATIC_TREES<<1, 3); - send_code(s, END_BLOCK, static_ltree); - s->compressed_len += 10L; /* 3 for block type, 7 for EOB */ - bi_flush(s); - /* Of the 10 bits for the empty block, we have already sent - * (10 - bi_valid) bits. The lookahead for the EOB of the previous - * block was thus its length plus what we have just sent. - */ - if (s->last_eob_len + 10 - s->bi_valid < 9) { - send_bits(s, STATIC_TREES<<1, 3); - send_code(s, END_BLOCK, static_ltree); - s->compressed_len += 10L; - bi_flush(s); - } - s->last_eob_len = 7; -} - -/* =========================================================================== - * Determine the best encoding for the current block: dynamic trees, static - * trees or store, and output the encoded block to the zip file. This function - * returns the total compressed length for the file so far. - */ -local ulg ct_flush_block(s, buf, stored_len, flush) - deflate_state *s; - charf *buf; /* input block, or NULL if too old */ - ulg stored_len; /* length of input block */ - int flush; /* Z_FINISH if this is the last block for a file */ -{ - ulg opt_lenb, static_lenb; /* opt_len and static_len in bytes */ - int max_blindex; /* index of last bit length code of non zero freq */ - int eof = flush == Z_FINISH; - - ++s->blocks_in_packet; - - /* Check if the file is ascii or binary */ - if (s->data_type == UNKNOWN) set_data_type(s); - - /* Construct the literal and distance trees */ - build_tree(s, (tree_desc *)(&(s->l_desc))); - Tracev((stderr, "\nlit data: dyn %ld, stat %ld", s->opt_len, - s->static_len)); - - build_tree(s, (tree_desc *)(&(s->d_desc))); - Tracev((stderr, "\ndist data: dyn %ld, stat %ld", s->opt_len, - s->static_len)); - /* At this point, opt_len and static_len are the total bit lengths of - * the compressed block data, excluding the tree representations. - */ - - /* Build the bit length tree for the above two trees, and get the index - * in bl_order of the last bit length code to send. - */ - max_blindex = build_bl_tree(s); - - /* Determine the best encoding. Compute first the block length in bytes */ - opt_lenb = (s->opt_len+3+7)>>3; - static_lenb = (s->static_len+3+7)>>3; - - Tracev((stderr, "\nopt %lu(%lu) stat %lu(%lu) stored %lu lit %u ", - opt_lenb, s->opt_len, static_lenb, s->static_len, stored_len, - s->last_lit)); - - if (static_lenb <= opt_lenb) opt_lenb = static_lenb; - - /* If compression failed and this is the first and last block, - * and if the .zip file can be seeked (to rewrite the local header), - * the whole file is transformed into a stored file: - */ -#ifdef STORED_FILE_OK -# ifdef FORCE_STORED_FILE - if (eof && compressed_len == 0L) /* force stored file */ -# else - if (stored_len <= opt_lenb && eof && s->compressed_len==0L && seekable()) -# endif - { - /* Since LIT_BUFSIZE <= 2*WSIZE, the input data must be there: */ - if (buf == (charf*)0) error ("block vanished"); - - copy_block(buf, (unsigned)stored_len, 0); /* without header */ - s->compressed_len = stored_len << 3; - s->method = STORED; - } else -#endif /* STORED_FILE_OK */ - - /* For Z_PACKET_FLUSH, if we don't achieve the required minimum - * compression, and this block contains all the data since the last - * time we used Z_PACKET_FLUSH, then just omit this block completely - * from the output. - */ - if (flush == Z_PACKET_FLUSH && s->blocks_in_packet == 1 - && opt_lenb > stored_len - s->minCompr) { - s->blocks_in_packet = 0; - /* output nothing */ - } else - -#ifdef FORCE_STORED - if (buf != (char*)0) /* force stored block */ -#else - if (stored_len+4 <= opt_lenb && buf != (char*)0) - /* 4: two words for the lengths */ -#endif - { - /* The test buf != NULL is only necessary if LIT_BUFSIZE > WSIZE. - * Otherwise we can't have processed more than WSIZE input bytes since - * the last block flush, because compression would have been - * successful. If LIT_BUFSIZE <= WSIZE, it is never too late to - * transform a block into a stored block. - */ - ct_stored_block(s, buf, stored_len, eof); - } else - -#ifdef FORCE_STATIC - if (static_lenb >= 0) /* force static trees */ -#else - if (static_lenb == opt_lenb) -#endif - { - send_bits(s, (STATIC_TREES<<1)+eof, 3); - compress_block(s, (ct_data *)static_ltree, (ct_data *)static_dtree); - s->compressed_len += 3 + s->static_len; - } else { - send_bits(s, (DYN_TREES<<1)+eof, 3); - send_all_trees(s, s->l_desc.max_code+1, s->d_desc.max_code+1, - max_blindex+1); - compress_block(s, (ct_data *)s->dyn_ltree, (ct_data *)s->dyn_dtree); - s->compressed_len += 3 + s->opt_len; - } - Assert (s->compressed_len == s->bits_sent, "bad compressed size"); - init_block(s); - - if (eof) { - bi_windup(s); - s->compressed_len += 7; /* align on byte boundary */ - } - Tracev((stderr,"\ncomprlen %lu(%lu) ", s->compressed_len>>3, - s->compressed_len-7*eof)); - - return s->compressed_len >> 3; -} - -/* =========================================================================== - * Save the match info and tally the frequency counts. Return true if - * the current block must be flushed. - */ -local int ct_tally (s, dist, lc) - deflate_state *s; - int dist; /* distance of matched string */ - int lc; /* match length-MIN_MATCH or unmatched char (if dist==0) */ -{ - s->d_buf[s->last_lit] = (ush)dist; - s->l_buf[s->last_lit++] = (uch)lc; - if (dist == 0) { - /* lc is the unmatched char */ - s->dyn_ltree[lc].Freq++; - } else { - s->matches++; - /* Here, lc is the match length - MIN_MATCH */ - dist--; /* dist = match distance - 1 */ - Assert((ush)dist < (ush)MAX_DIST(s) && - (ush)lc <= (ush)(MAX_MATCH-MIN_MATCH) && - (ush)d_code(dist) < (ush)D_CODES, "ct_tally: bad match"); - - s->dyn_ltree[length_code[lc]+LITERALS+1].Freq++; - s->dyn_dtree[d_code(dist)].Freq++; - } - - /* Try to guess if it is profitable to stop the current block here */ - if (s->level > 2 && (s->last_lit & 0xfff) == 0) { - /* Compute an upper bound for the compressed length */ - ulg out_length = (ulg)s->last_lit*8L; - ulg in_length = (ulg)s->strstart - s->block_start; - int dcode; - for (dcode = 0; dcode < D_CODES; dcode++) { - out_length += (ulg)s->dyn_dtree[dcode].Freq * - (5L+extra_dbits[dcode]); - } - out_length >>= 3; - Tracev((stderr,"\nlast_lit %u, in %ld, out ~%ld(%ld%%) ", - s->last_lit, in_length, out_length, - 100L - out_length*100L/in_length)); - if (s->matches < s->last_lit/2 && out_length < in_length/2) return 1; - } - return (s->last_lit == s->lit_bufsize-1); - /* We avoid equality with lit_bufsize because of wraparound at 64K - * on 16 bit machines and because stored blocks are restricted to - * 64K-1 bytes. - */ -} - -/* =========================================================================== - * Send the block data compressed using the given Huffman trees - */ -local void compress_block(s, ltree, dtree) - deflate_state *s; - ct_data *ltree; /* literal tree */ - ct_data *dtree; /* distance tree */ -{ - unsigned dist; /* distance of matched string */ - int lc; /* match length or unmatched char (if dist == 0) */ - unsigned lx = 0; /* running index in l_buf */ - unsigned code; /* the code to send */ - int extra; /* number of extra bits to send */ - - if (s->last_lit != 0) do { - dist = s->d_buf[lx]; - lc = s->l_buf[lx++]; - if (dist == 0) { - send_code(s, lc, ltree); /* send a literal byte */ - Tracecv(isgraph(lc), (stderr," '%c' ", lc)); - } else { - /* Here, lc is the match length - MIN_MATCH */ - code = length_code[lc]; - send_code(s, code+LITERALS+1, ltree); /* send the length code */ - extra = extra_lbits[code]; - if (extra != 0) { - lc -= base_length[code]; - send_bits(s, lc, extra); /* send the extra length bits */ - } - dist--; /* dist is now the match distance - 1 */ - code = d_code(dist); - Assert (code < D_CODES, "bad d_code"); - - send_code(s, code, dtree); /* send the distance code */ - extra = extra_dbits[code]; - if (extra != 0) { - dist -= base_dist[code]; - send_bits(s, dist, extra); /* send the extra distance bits */ - } - } /* literal or match pair ? */ - - /* Check that the overlay between pending_buf and d_buf+l_buf is ok: */ - Assert(s->pending < s->lit_bufsize + 2*lx, "pendingBuf overflow"); - - } while (lx < s->last_lit); - - send_code(s, END_BLOCK, ltree); - s->last_eob_len = ltree[END_BLOCK].Len; -} - -/* =========================================================================== - * Set the data type to ASCII or BINARY, using a crude approximation: - * binary if more than 20% of the bytes are <= 6 or >= 128, ascii otherwise. - * IN assertion: the fields freq of dyn_ltree are set and the total of all - * frequencies does not exceed 64K (to fit in an int on 16 bit machines). - */ -local void set_data_type(s) - deflate_state *s; -{ - int n = 0; - unsigned ascii_freq = 0; - unsigned bin_freq = 0; - while (n < 7) bin_freq += s->dyn_ltree[n++].Freq; - while (n < 128) ascii_freq += s->dyn_ltree[n++].Freq; - while (n < LITERALS) bin_freq += s->dyn_ltree[n++].Freq; - s->data_type = (Byte)(bin_freq > (ascii_freq >> 2) ? BINARY : ASCII); -} - -/* =========================================================================== - * Reverse the first len bits of a code, using straightforward code (a faster - * method would use a table) - * IN assertion: 1 <= len <= 15 - */ -local unsigned bi_reverse(code, len) - unsigned code; /* the value to invert */ - int len; /* its bit length */ -{ - register unsigned res = 0; - do { - res |= code & 1; - code >>= 1, res <<= 1; - } while (--len > 0); - return res >> 1; -} - -/* =========================================================================== - * Flush the bit buffer, keeping at most 7 bits in it. - */ -local void bi_flush(s) - deflate_state *s; -{ - if (s->bi_valid == 16) { - put_short(s, s->bi_buf); - s->bi_buf = 0; - s->bi_valid = 0; - } else if (s->bi_valid >= 8) { - put_byte(s, (Byte)s->bi_buf); - s->bi_buf >>= 8; - s->bi_valid -= 8; - } -} - -/* =========================================================================== - * Flush the bit buffer and align the output on a byte boundary - */ -local void bi_windup(s) - deflate_state *s; -{ - if (s->bi_valid > 8) { - put_short(s, s->bi_buf); - } else if (s->bi_valid > 0) { - put_byte(s, (Byte)s->bi_buf); - } - s->bi_buf = 0; - s->bi_valid = 0; -#ifdef DEBUG_ZLIB - s->bits_sent = (s->bits_sent+7) & ~7; -#endif -} - -/* =========================================================================== - * Copy a stored block, storing first the length and its - * one's complement if requested. - */ -local void copy_block(s, buf, len, header) - deflate_state *s; - charf *buf; /* the input data */ - unsigned len; /* its length */ - int header; /* true if block header must be written */ -{ - bi_windup(s); /* align on byte boundary */ - s->last_eob_len = 8; /* enough lookahead for inflate */ - - if (header) { - put_short(s, (ush)len); - put_short(s, (ush)~len); -#ifdef DEBUG_ZLIB - s->bits_sent += 2*16; -#endif - } -#ifdef DEBUG_ZLIB - s->bits_sent += (ulg)len<<3; -#endif - while (len--) { - put_byte(s, *buf++); - } -} - - /*+++++*/ /* infblock.h -- header to use infblock.c * Copyright (C) 1995 Mark Adler diff --git a/pppdump/zlib.h b/pppdump/zlib.h index 082f649..4bdb164 100644 --- a/pppdump/zlib.h +++ b/pppdump/zlib.h @@ -69,15 +69,6 @@ # include #endif -/* Maximum value for memLevel in deflateInit2 */ -#ifndef MAX_MEM_LEVEL -# ifdef MAXSEG_64K -# define MAX_MEM_LEVEL 8 -# else -# define MAX_MEM_LEVEL 9 -# endif -#endif - #ifndef FAR # define FAR #endif @@ -87,14 +78,7 @@ # define MAX_WBITS 15 /* 32K LZ77 window */ #endif -/* The memory requirements for deflate are (in bytes): - 1 << (windowBits+2) + 1 << (memLevel+9) - that is: 128K for windowBits=15 + 128K for memLevel = 8 (default values) - plus a few kilobytes for small objects. For example, if you want to reduce - the default memory requirements from 256K to 128K, compile with - make CFLAGS="-O -DMAX_WBITS=14 -DMAX_MEM_LEVEL=7" - Of course this will generally degrade compression (there's no free lunch). - +/* The memory requirements for inflate are (in bytes) 1 << windowBits that is, 32K for windowBits=15 (default value) plus a few kilobytes for small objects. @@ -248,114 +232,6 @@ extern char *zlib_version; /* basic functions */ -extern int deflateInit OF((z_stream *strm, int level)); -/* - Initializes the internal stream state for compression. The fields - zalloc, zfree and opaque must be initialized before by the caller. - If zalloc and zfree are set to Z_NULL, deflateInit updates them to - use default allocation functions. - - The compression level must be Z_DEFAULT_COMPRESSION, or between 1 and 9: - 1 gives best speed, 9 gives best compression. Z_DEFAULT_COMPRESSION requests - a default compromise between speed and compression (currently equivalent - to level 6). - - deflateInit returns Z_OK if success, Z_MEM_ERROR if there was not - enough memory, Z_STREAM_ERROR if level is not a valid compression level. - msg is set to null if there is no error message. deflateInit does not - perform any compression: this will be done by deflate(). -*/ - - -extern int deflate OF((z_stream *strm, int flush)); -/* - Performs one or both of the following actions: - - - Compress more input starting at next_in and update next_in and avail_in - accordingly. If not all input can be processed (because there is not - enough room in the output buffer), next_in and avail_in are updated and - processing will resume at this point for the next call of deflate(). - - - Provide more output starting at next_out and update next_out and avail_out - accordingly. This action is forced if the parameter flush is non zero. - Forcing flush frequently degrades the compression ratio, so this parameter - should be set only when necessary (in interactive applications). - Some output may be provided even if flush is not set. - - Before the call of deflate(), the application should ensure that at least - one of the actions is possible, by providing more input and/or consuming - more output, and updating avail_in or avail_out accordingly; avail_out - should never be zero before the call. The application can consume the - compressed output when it wants, for example when the output buffer is full - (avail_out == 0), or after each call of deflate(). - - If the parameter flush is set to Z_PARTIAL_FLUSH, the current compression - block is terminated and flushed to the output buffer so that the - decompressor can get all input data available so far. For method 9, a future - variant on method 8, the current block will be flushed but not terminated. - If flush is set to Z_FULL_FLUSH, the compression block is terminated, a - special marker is output and the compression dictionary is discarded; this - is useful to allow the decompressor to synchronize if one compressed block - has been damaged (see inflateSync below). Flushing degrades compression and - so should be used only when necessary. Using Z_FULL_FLUSH too often can - seriously degrade the compression. If deflate returns with avail_out == 0, - this function must be called again with the same value of the flush - parameter and more output space (updated avail_out), until the flush is - complete (deflate returns with non-zero avail_out). - - If the parameter flush is set to Z_PACKET_FLUSH, the compression - block is terminated, and a zero-length stored block is output, - omitting the length bytes (the effect of this is that the 3-bit type - code 000 for a stored block is output, and the output is then - byte-aligned). This is designed for use at the end of a PPP packet. - In addition, if the current compression block contains all the data - since the last Z_PACKET_FLUSH, it is never output as a stored block. - If the current compression block output as a static or dynamic block - would not be at least `minCompression' bytes smaller than the - original data, then nothing is output for that block. (The type - code for the zero-length stored block is still output, resulting in - a single zero byte being output for the whole packet.) - `MinCompression' is a parameter to deflateInit2, or 0 if deflateInit - is used. - - If the parameter flush is set to Z_FINISH, all pending input is processed, - all pending output is flushed and deflate returns with Z_STREAM_END if there - was enough output space; if deflate returns with Z_OK, this function must be - called again with Z_FINISH and more output space (updated avail_out) but no - more input data, until it returns with Z_STREAM_END or an error. After - deflate has returned Z_STREAM_END, the only possible operations on the - stream are deflateReset or deflateEnd. - - Z_FINISH can be used immediately after deflateInit if all the compression - is to be done in a single step. In this case, avail_out must be at least - 0.1% larger than avail_in plus 12 bytes. If deflate does not return - Z_STREAM_END, then it must be called again as described above. - - deflate() may update data_type if it can make a good guess about - the input data type (Z_ASCII or Z_BINARY). In doubt, the data is considered - binary. This field is only for information purposes and does not affect - the compression algorithm in any manner. - - deflate() returns Z_OK if some progress has been made (more input - processed or more output produced), Z_STREAM_END if all input has been - consumed and all output has been produced (only when flush is set to - Z_FINISH), Z_STREAM_ERROR if the stream state was inconsistent (for example - if next_in or next_out was NULL), Z_BUF_ERROR if no progress is possible. -*/ - - -extern int deflateEnd OF((z_stream *strm)); -/* - All dynamically allocated data structures for this stream are freed. - This function discards any unprocessed input and does not flush any - pending output. - - deflateEnd returns Z_OK if success, Z_STREAM_ERROR if the - stream state was inconsistent. In the error case, msg may be set - but then points to a static string (which must not be deallocated). -*/ - - extern int inflateInit OF((z_stream *strm)); /* Initializes the internal stream state for decompression. The fields @@ -438,100 +314,6 @@ extern int inflateEnd OF((z_stream *strm)); The following functions are needed only in some special applications. */ -extern int deflateInit2 OF((z_stream *strm, - int level, - int method, - int windowBits, - int memLevel, - int strategy, - int minCompression)); -/* - This is another version of deflateInit with more compression options. The - fields next_in, zalloc and zfree must be initialized before by the caller. - - The method parameter is the compression method. It must be 8 in this - version of the library. (Method 9 will allow a 64K history buffer and - partial block flushes.) - - The windowBits parameter is the base two logarithm of the window size - (the size of the history buffer). It should be in the range 8..15 for this - version of the library (the value 16 will be allowed for method 9). Larger - values of this parameter result in better compression at the expense of - memory usage. The default value is 15 if deflateInit is used instead. - - The memLevel parameter specifies how much memory should be allocated - for the internal compression state. memLevel=1 uses minimum memory but - is slow and reduces compression ratio; memLevel=9 uses maximum memory - for optimal speed. The default value is 8. See zconf.h for total memory - usage as a function of windowBits and memLevel. - - The strategy parameter is used to tune the compression algorithm. Use - the value Z_DEFAULT_STRATEGY for normal data, Z_FILTERED for data - produced by a filter (or predictor), or Z_HUFFMAN_ONLY to force Huffman - encoding only (no string match). Filtered data consists mostly of small - values with a somewhat random distribution. In this case, the - compression algorithm is tuned to compress them better. The strategy - parameter only affects the compression ratio but not the correctness of - the compressed output even if it is not set appropriately. - - The minCompression parameter specifies the minimum reduction in size - required for a compressed block to be output when Z_PACKET_FLUSH is - used (see the description of deflate above). - - If next_in is not null, the library will use this buffer to hold also - some history information; the buffer must either hold the entire input - data, or have at least 1<<(windowBits+1) bytes and be writable. If next_in - is null, the library will allocate its own history buffer (and leave next_in - null). next_out need not be provided here but must be provided by the - application for the next call of deflate(). - - If the history buffer is provided by the application, next_in must - must never be changed by the application since the compressor maintains - information inside this buffer from call to call; the application - must provide more input only by increasing avail_in. next_in is always - reset by the library in this case. - - deflateInit2 returns Z_OK if success, Z_MEM_ERROR if there was - not enough memory, Z_STREAM_ERROR if a parameter is invalid (such as - an invalid method). msg is set to null if there is no error message. - deflateInit2 does not perform any compression: this will be done by - deflate(). -*/ - -extern int deflateCopy OF((z_stream *dest, - z_stream *source)); -/* - Sets the destination stream as a complete copy of the source stream. If - the source stream is using an application-supplied history buffer, a new - buffer is allocated for the destination stream. The compressed output - buffer is always application-supplied. It's the responsibility of the - application to provide the correct values of next_out and avail_out for the - next call of deflate. - - This function is useful when several compression strategies will be - tried, for example when there are several ways of pre-processing the input - data with a filter. The streams that will be discarded should then be freed - by calling deflateEnd. Note that deflateCopy duplicates the internal - compression state which can be quite large, so this strategy is slow and - can consume lots of memory. - - deflateCopy returns Z_OK if success, Z_MEM_ERROR if there was not - enough memory, Z_STREAM_ERROR if the source stream state was inconsistent - (such as zalloc being NULL). msg is left unchanged in both source and - destination. -*/ - -extern int deflateReset OF((z_stream *strm)); -/* - This function is equivalent to deflateEnd followed by deflateInit, - but does not free and reallocate all the internal compression state. - The stream will keep the same compression level and any other attributes - that may have been set by deflateInit2. - - deflateReset returns Z_OK if success, or Z_STREAM_ERROR if the source - stream state was inconsistent (such as zalloc or state being NULL). -*/ - extern int inflateInit2 OF((z_stream *strm, int windowBits)); /* diff --git a/pppstats/pppstats.c b/pppstats/pppstats.c index 44a254d..22d1154 100644 --- a/pppstats/pppstats.c +++ b/pppstats/pppstats.c @@ -72,7 +72,7 @@ static const char rcsid[] = "$Id: pppstats.c,v 1.29 2002/10/27 12:56:26 fcusack #include #endif #include -#include +#include #endif /* __linux__ */ diff --git a/scripts/autopppd b/scripts/autopppd index 0730ef6..5d8e574 100755 --- a/scripts/autopppd +++ b/scripts/autopppd @@ -134,7 +134,7 @@ while (1) syslog('err', "pppd returned: unknown error ($pppd_code), delayed retry"); $pppd_fail = 1; } - # if it hasn't ran for at least an hour, then somthing went wrong + # if it hasn't ran for at least an hour, then something went wrong elsif ($pppd_run_time < toseconds("01:00:00")) { syslog('err',"pppd session didn't last 1 hour, delayed retry"); $pppd_fail = 1; diff --git a/scripts/lcp_rtt_dump b/scripts/lcp_rtt_dump new file mode 100755 index 0000000..7898f08 --- /dev/null +++ b/scripts/lcp_rtt_dump @@ -0,0 +1,81 @@ +#!/usr/bin/perl +# vim: shiftwidth=4 tabstop=4 +# +# This program dumps to standard output the content of the file written +# by pppd's lcp-rtt-file configuration option. +# +# Copyright (C) Marco d'Itri +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. + +use v5.14; +use warnings; +use autodie; + +use POSIX qw(strftime); + +{ + my $data = read_data($ARGV[0] || '/run/ppp-rtt.data'); + die "The data file is invalid!\n" if not $data; + dump_data($data); +} + +sub dump_data { + my ($s) = @_; + + say "status: $s->{status}"; + say "interval: $s->{echo_interval}"; + say "position: $s->{position}"; + say 'elements: ' . scalar(@{ $s->{data} }); + say ''; + + foreach (my $i= 0; $i < @{ $s->{data} }; $i++) { + my $date = strftime('%F %T', localtime($s->{data}->[$i]->[0])); + print "$i\t$date\t$s->{data}->[$i]->[1]\t$s->{data}->[$i]->[2]\n"; + } +} + +sub read_data { + my ($file) = @_; + + my $data; + open(my $fh, '<', $file); + binmode($fh); + my $bytes_read; + do { + $bytes_read = sysread($fh, $data, 8192, length($data)); + } while ($bytes_read == 8192); + close($fh); + + my ($magic, $status, $position, $echo_interval, $rest) + = unpack('NNNN a*', $data); + return undef if $magic != 0x19450425; + + # the position is relative to the C array, not to the logical entries + $position /= 2; + + my @rawdata = unpack('(N C a3)*', $rest); + my @data; + while (my ($time, $loss, $rtt) = splice(@rawdata, 0, 3)) { + push(@data, [ $time, unpack('N', "\000$rtt"), $loss ]); + } + + if (0) { + @data = + # skip any "empty" (null) entries + grep { $_->[0] } + # rearrange the list in chronological order + (@data[$position+1 .. $#data], @data[0 .. $position]); + } + + return { + status => $status, + echo_interval => $echo_interval, + position => $position, + data => \@data, + }; +} + diff --git a/scripts/lcp_rtt_exporter b/scripts/lcp_rtt_exporter new file mode 100644 index 0000000..4b57d2a --- /dev/null +++ b/scripts/lcp_rtt_exporter @@ -0,0 +1,110 @@ +#!/usr/bin/perl +# vim: shiftwidth=4 tabstop=4 +# +# This CGI program is a Prometheus exporter for pppd's lcp-rtt-file feature. +# +# Copyright (C) Marco d'Itri +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. + +use v5.14; +use warnings; +use autodie; + +use List::Util qw(sum max min); + +{ + my $data = read_data('/run/ppp-rtt.data'); + my $stats = compute_statistics($data, 60); + + my $s = metrics($stats); + my $length = length($s); + + print "Content-type: text/plain\n"; + print "Content-length: $length\n\n$s"; + exit; +} + +sub metrics { + my ($stats) = @_; + + my $s = <{status} +END + foreach (qw(average min max loss)) { + next if not exists $stats->{$_}; + $s .= <{$_} +END + } + + return $s; +} + +sub compute_statistics { + my ($data, $length) = @_; + + my $cutoff = time() - $length; + my @e = grep { $_->[0] >= $cutoff } @{ $data->{data} }; + return { status => -1 } if not @e; # no data + + my $average = (sum map { $_->[1] } @e) / scalar(@e); + my $min = min map { $_->[1] } @e; + my $max = max map { $_->[1] } @e; + my $loss = sum map { $_->[2] } @e; + + return { + status => $data->{status}, + average => $average, + min => $min, + max => $max, + loss => $loss, + }; +} + +sub read_data { + my ($file) = @_; + + my $data; + open(my $fh, '<', $file); + binmode($fh); + my $bytes_read; + do { + $bytes_read = sysread($fh, $data, 8192, length($data)); + } while ($bytes_read == 8192); + close($fh); + + my ($magic, $status, $position, $echo_interval, $rest) + = unpack('NNNN a*', $data); + return undef if $magic != 0x19450425; + + # the position is relative to the C array, not to the logical entries + $position /= 2; + + my @rawdata = unpack('(N C a3)*', $rest); + my @data; + while (my ($time, $loss, $rtt) = splice(@rawdata, 0, 3)) { + push(@data, [ $time, unpack('N', "\000$rtt"), $loss ]); + } + + @data = + # skip any "empty" (null) entries + grep { $_->[0] } + # rearrange the list in chronological order + (@data[$position+1 .. $#data], @data[0 .. $position]); + + return { + status => $status, + echo_interval => $echo_interval, + position => $position, + data => \@data, + }; +} + diff --git a/solaris/ppp.c b/solaris/ppp.c index 98f4f91..2c36496 100644 --- a/solaris/ppp.c +++ b/solaris/ppp.c @@ -22,7 +22,7 @@ * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Paul Mackerras - * ". + * ". * * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY diff --git a/solaris/ppp_ahdlc.c b/solaris/ppp_ahdlc.c index 21b8c54..bdf5e29 100644 --- a/solaris/ppp_ahdlc.c +++ b/solaris/ppp_ahdlc.c @@ -39,7 +39,7 @@ * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Paul Mackerras - * ". + * ". * * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY diff --git a/solaris/ppp_comp.c b/solaris/ppp_comp.c index cda8ddf..c357eae 100644 --- a/solaris/ppp_comp.c +++ b/solaris/ppp_comp.c @@ -22,7 +22,7 @@ * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Paul Mackerras - * ". + * ". * * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY diff --git a/solaris/ppp_comp_mod.c b/solaris/ppp_comp_mod.c index 21ad9ae..eb76d98 100644 --- a/solaris/ppp_comp_mod.c +++ b/solaris/ppp_comp_mod.c @@ -22,7 +22,7 @@ * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Paul Mackerras - * ". + * ". * * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY diff --git a/solaris/ppp_mod.c b/solaris/ppp_mod.c index d1bf025..1c6cd99 100644 --- a/solaris/ppp_mod.c +++ b/solaris/ppp_mod.c @@ -22,7 +22,7 @@ * 4. Redistributions of any form whatsoever must retain the following * acknowledgment: * "This product includes software developed by Paul Mackerras - * ". + * ". * * THE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO * THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY