3 months agopppd: Fix compilation on Linux when IPV6 is disabled (#360)
Paul Mackerras [Fri, 5 Aug 2022 04:06:33 +0000 (14:06 +1000)]
pppd: Fix compilation on Linux when IPV6 is disabled (#360)

This rearranges the PPP_WITH_IPV6CP guards added in commit
80b8744eb42c ("Changing INET6 to PPP_WITH_IPV6CP and adding configure
option", 2021-08-06) so that we (a) always include the rtnetlink
headers, since we need them for get_ppp_stats_rtnetlink(), and (b)
don't include eui64.h unless we have IPV6 support.

Fixes: 80b8744eb42c ("Changing INET6 to PPP_WITH_IPV6CP and adding configure option")
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
3 months agopppdump: Avoid out-of-range access to packet buffer
Paul Mackerras [Thu, 4 Aug 2022 02:23:08 +0000 (12:23 +1000)]
pppdump: Avoid out-of-range access to packet buffer

This fixes a potential vulnerability where data is written to spkt.buf
and rpkt.buf without a check on the array index.  To fix this, we
check the array index (pkt->cnt) before storing the byte or
incrementing the count.  This also means we no longer have a potential
signed integer overflow on the increment of pkt->cnt.

Fortunately, pppdump is not used in the normal process of setting up a
PPP connection, is not installed setuid-root, and is not invoked
automatically in any scenario that I am aware of.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
4 months agoMerge pull request #349 from enaess/ppp-autotools
Paul Mackerras [Mon, 25 Jul 2022 01:20:11 +0000 (11:20 +1000)]
Merge pull request #349 from enaess/ppp-autotools

Cleaning up header files and updating defines

4 months agoRemoving option to configure PPP_WITH_MAXOCTETS, helps clean up the code and it can...
Eivind Næss [Fri, 15 Jul 2022 22:21:27 +0000 (15:21 -0700)]
Removing option to configure PPP_WITH_MAXOCTETS, helps clean up the code and it can be controlled via config options. It does nothing by default

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
4 months agoFix build for when --without-[srp|atm|pcap|pam]=no, the value would be "no" and not...
Eivind Næss [Fri, 15 Jul 2022 14:46:43 +0000 (07:46 -0700)]
Fix build for when --without-[srp|atm|pcap|pam]=no, the value would be "no" and not empty in that case

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
4 months agoThe use of <net/ppp_defs.h> isn't guranteed to exist on Linux (e.g. uclibc, buildroot...
Eivind Næss [Tue, 31 May 2022 03:50:55 +0000 (20:50 -0700)]
The use of <net/ppp_defs.h> isn't guranteed to exist on Linux (e.g. uclibc, buildroot, others)

The one provided by glibc simply includes <linux/ppp_defs.h>. This include is still needed on SunOS

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
4 months agoNeed to use the /include directory for SunOS
Eivind Næss [Tue, 31 May 2022 03:20:24 +0000 (20:20 -0700)]
Need to use the /include directory for SunOS

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
4 months agoAdding propper include guard to header files, renaming to PPP_<FILE>_H for consistency
Eivind Næss [Mon, 30 May 2022 20:53:24 +0000 (13:53 -0700)]
Adding propper include guard to header files, renaming to PPP_<FILE>_H for consistency

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
4 months agoFor Linux, use the Linux / Glibc based defines instead of included headers
Eivind Næss [Mon, 30 May 2022 05:14:08 +0000 (22:14 -0700)]
For Linux, use the Linux / Glibc based defines instead of included headers

This is to ensure compatibility with the OS you are compiling against and that
headers are maintained in upstream projects.

- Moved PPP_EAP and PPP_ECP into respective header files in lieu of not currently
  existing in the linux/ppp_defs.h

- Unchained the top-level ${topsrc_dir}/include, this folder is included for
  prosterity and may continue to exist on github, but in the future eliminated from

- Bogus upstream file in glibc for <net/if_ppp.h>, its content should be replaced
  with a simple include to <linux/ppp-ioctl.h>. The lack of an appropriate ifreq
  structure with ppp_stats or ppp_comp_stats, implementet that inline (and tested).

- Updated instances where PPP_FCS() macro would expand the fcstab, while PPP_GOODFCS
  and PPP_INITFCS is provided in <linux/ppp_defs.h>, the latter is tied to a lookup
  table. It's used in two places, so add the PPP_FCS macro where applicable.

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
4 months agoFixup in merge/rebase, had to remove duplicate use of pppdconf.h
Eivind Næss [Sat, 16 Oct 2021 19:49:53 +0000 (12:49 -0700)]
Fixup in merge/rebase, had to remove duplicate use of pppdconf.h

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
4 months agoCleanup in pppd/pppd.h, eliminate unecessary headers
Eivind Næss [Mon, 13 Sep 2021 15:17:17 +0000 (08:17 -0700)]
Cleanup in pppd/pppd.h, eliminate unecessary headers

This removes the need to include the following heades in pppd.h

<limits.h>, this is included where needed (main.c). The number of groups already retrieved is stored in the "int ngroups" variable.
<sys/params.h>, use MAXPATHLEN where needed
<net/if.h>, such that the value of IFNAMSIZ doesn't have to be declared to include <pppd/pppd.h>

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
4 months agoFix include paths for plugins to use the public API of pppd
Eivind Næss [Tue, 10 Aug 2021 23:38:45 +0000 (16:38 -0700)]
Fix include paths for plugins to use the public API of pppd

This change does a few different things.
 * Projects that needs #include "config.h" should use a config.h.in for the project generated by configure in the project's local directory.
 * All projects will use #include <pppd/pppd.h>, and Makefile will add -I${top_srcdir} to the appropriate *_CPPFLAGS variable.
 * The inclusion of <pppd/pppdconf.h> will set the presidence for all features enabled/disabled in pppd
 * Plugins will now need to use PPPD_VERSION as it conflicts with VERSION from config.h generated by autotools for third party packages

Currently, only pppoe require the use of config.h to correctly set the defines for which header files and so on was detected by configure

Other projects only needed to include <pppd/pppd.h> (and maybe a few other header files), a future change will fixup <pppd/pppd.h> to include features as needed such that it's the only needed include for a plugin. This will avoid littering the code with #ifdef/#endif constructs.


pppd/pppd.h no longer provide VERSION, third party packages are required to switch to use PPPD_VERSION. This is to avoid conflict with a source package's own VERSION as set by autotools / config.h. Also, the use of PPP_VERSION conflicts with public header files from Glibc/Linux kernel.


   char pppd_version[] = PPPD_VERSION;

pppd will load plugins, and also look for the symbol "pppd_version" to validate that the plugin was built for the current version of pppd.

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
4 months agoRemoving patchlevel.h
Eivind Næss [Sat, 7 Aug 2021 21:15:01 +0000 (14:15 -0700)]
Removing patchlevel.h

The significance of this headerfile has now been reduced as pppd now provides
pppd.pc (pkgconfig) and autotools to configure the project. Other projects can
now also configure the correct path variable:

   e.g. /usr/lib/x86_64-linux-gnu/pppd/2.4.10/...

To both consider the architecture and version via pkg-tool. The only consideration
would be the missing DATE directive. But I am less worried about that as the entire
release process has now been changed with the introduction of autotools.

Also fixing up pppd/pppdconf.h.in to remove quotes around the defines

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
4 months agoUpdate configure.ac to use AS_IF() and correct use of paranthesis
Eivind Næss [Tue, 10 Aug 2021 13:50:18 +0000 (06:50 -0700)]
Update configure.ac to use AS_IF() and correct use of paranthesis

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
4 months agoconfigure.ac: include systemd support in summary
Sam James [Sun, 8 Aug 2021 06:07:25 +0000 (07:07 +0100)]
configure.ac: include systemd support in summary

Signed-off-by: Sam James <sam@gentoo.org>
4 months agoconfigure.ac, pppd/Makefile.am: use pkg-config to link against systemd
Sam James [Sun, 8 Aug 2021 06:07:18 +0000 (07:07 +0100)]
configure.ac, pppd/Makefile.am: use pkg-config to link against systemd

Signed-off-by: Sam James <sam@gentoo.org>
4 months agoconfigure.ac: minor phrasing tidy ups in output
Sam James [Sun, 8 Aug 2021 05:36:58 +0000 (06:36 +0100)]
configure.ac: minor phrasing tidy ups in output

Signed-off-by: Sam James <sam@gentoo.org>
4 months agoconfigure.ac: use consistent x${VAR} = x${VALUE} test
Sam James [Sun, 8 Aug 2021 05:36:58 +0000 (06:36 +0100)]
configure.ac: use consistent x${VAR} = x${VALUE} test

May as well do it the same way throughout.

Signed-off-by: Sam James <sam@gentoo.org>
4 months agoFixing up quotation of AC_DEFINE macro
Eivind Næss [Sat, 7 Aug 2021 21:11:43 +0000 (14:11 -0700)]
Fixing up quotation of AC_DEFINE macro

The resulting pppd/config.h will now display a unquoted comment before the define which is consistent with other defines created by autotools.

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
4 months agoChanging USE_SRP to PPP_WITH_SRP for consistency
Eivind Næss [Mon, 30 May 2022 20:04:59 +0000 (13:04 -0700)]
Changing USE_SRP to PPP_WITH_SRP for consistency

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
4 months agoChanging USE_PAM to PPP_WITH_PAM for consistency.
Eivind Næss [Sat, 7 Aug 2021 21:52:39 +0000 (14:52 -0700)]
Changing USE_PAM to PPP_WITH_PAM for consistency.

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
4 months agoChanging defines for USE_PEAP to PPP_WITH_PEAP for consistency
Eivind Næss [Sat, 16 Oct 2021 19:28:01 +0000 (12:28 -0700)]
Changing defines for USE_PEAP to PPP_WITH_PEAP for consistency

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
4 months agoChanging MAXOCTETS to PPP_WITH_MAXOCTETS
Eivind Næss [Sat, 7 Aug 2021 21:48:20 +0000 (14:48 -0700)]

Though, this could be renamed to PPP_WITH_SESSION_LIMITS; I don't know

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
4 months agoChanging the define USE_EAPTLS to PPP_WITH_EAPTLS for consistency
Eivind Næss [Sat, 7 Aug 2021 21:41:32 +0000 (14:41 -0700)]
Changing the define USE_EAPTLS to PPP_WITH_EAPTLS for consistency

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
4 months agoChanging PPP_FILTER to PPP_WITH_FILTER for consistency.
Eivind Næss [Fri, 6 Aug 2021 23:52:33 +0000 (16:52 -0700)]
Changing PPP_FILTER to PPP_WITH_FILTER for consistency.

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
4 months agoChanging PLUGIN to PPP_WITH_PLUGINS for consistency
Eivind Næss [Fri, 6 Aug 2021 23:46:43 +0000 (16:46 -0700)]
Changing PLUGIN to PPP_WITH_PLUGINS for consistency

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
4 months agoChanging CBCP_SUPPORT define to PPP_WITH_CBCP to be consistent.
Eivind Næss [Fri, 6 Aug 2021 23:37:10 +0000 (16:37 -0700)]
Changing CBCP_SUPPORT define to PPP_WITH_CBCP to be consistent.

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
4 months agoChanging USE_TDB to PPP_WITH_TDB to be consistent.
Eivind Næss [Fri, 6 Aug 2021 23:33:00 +0000 (16:33 -0700)]
Changing USE_TDB to PPP_WITH_TDB to be consistent.

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
Eivind Næss [Fri, 6 Aug 2021 23:28:19 +0000 (16:28 -0700)]

To be consistent with other options / defines.

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
4 months agoChanging defines for CHAPMS, MSLANMAN, MPPE to prefix with PPP_WITH_*
Eivind Næss [Fri, 6 Aug 2021 17:06:17 +0000 (10:06 -0700)]
Changing defines for CHAPMS, MSLANMAN, MPPE to prefix with PPP_WITH_*

To avoid bleeding over to third party projects. They are all
defined and exported by pppdconf.h either way. These projects
will stil have a consistent view of how pppd was compiled.

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
4 months agoChanging INET6 to PPP_WITH_IPV6CP and adding configure option
Eivind Næss [Fri, 6 Aug 2021 16:14:02 +0000 (09:14 -0700)]
Changing INET6 to PPP_WITH_IPV6CP and adding configure option

Based on feedback on PR #296, the option ipv6-support seems inconsistent
with the existing ipxcp option. Futhermore, the #define has been renamed
to avoid bleeding into third party projects.

pppdconf.h is already distributed and will define or undefine the

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
4 months agoAdd SECURITY.md
Paul Mackerras [Sat, 9 Jul 2022 10:22:45 +0000 (20:22 +1000)]

Bare-bones for now, will elaborate.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
4 months agopppd/eap-tls.c: fix build with libressl (#338)
Fabrice Fontaine [Mon, 4 Jul 2022 08:07:03 +0000 (10:07 +0200)]
pppd/eap-tls.c: fix build with libressl (#338)

Fix the following build failure with libressl:

eap-tls.c: In function 'ssl_msg_callback':
eap-tls.c:1284:10: error: 'SSL3_RT_HEADER' undeclared (first use in this function); did you mean 'SSL3_RT_ALERT'?
 1284 |     case SSL3_RT_HEADER:
      |          ^~~~~~~~~~~~~~
      |          SSL3_RT_ALERT

 - http://autobuild.buildroot.org/results/7d721833bddf73531fa03b0a626511af6826d0df

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
4 months agopppd: Add dummy noipx option
Paul Mackerras [Mon, 4 Jul 2022 07:37:31 +0000 (17:37 +1000)]
pppd: Add dummy noipx option

Add "noipx" as an option that does nothing to avoid breaking
installations that have "noipx" in /etc/ppp/defaults or wherever.
(The IPX-related options were removed by commit c2881a6b71a3 ("pppd:
Drop linux IPX support (#326)", 2022-01-13)).

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
4 months agopppd/auth: Pass ipparam to auth-up and auth-down scripts
Jaco Kroon [Tue, 17 May 2022 08:05:27 +0000 (10:05 +0200)]
pppd/auth: Pass ipparam to auth-up and auth-down scripts

ipparam is the only way a system administrator has of passing arbitrary
information from options files to scripts, and this may be useful during
auth-up in particular.  (If upstream pppd had support for an auth-fail
script, it could be useful there too.)

Signed-off-by: Jaco Kroon <jaco@uls.co.za>
Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
9 months agopppd/eap: Fix bug causing incorrect response length (#334)
Eivind Næss [Thu, 3 Feb 2022 22:28:22 +0000 (14:28 -0800)]
pppd/eap: Fix bug causing incorrect response length (#334)

Need to update the esp->ea_client.ea_namelen variable. A plugin can override the
name of the user, and the variable is passed onto the eap_chap2_response generating
the wrong response length.

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
10 months agopppd: Drop linux IPX support (#326)
Richard Purdie [Thu, 13 Jan 2022 06:48:14 +0000 (06:48 +0000)]
pppd: Drop linux IPX support (#326)

The 5.15 Linux kernel has removed ipx support, along with the userspace
visible header. This support wasn't very well maintained in the kernel
for several years so drop the support from ppp as well since this won't
be usable in future.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
10 months agopppd: Allow use of additional Bnnn constants (#325)
pali [Thu, 13 Jan 2022 06:42:53 +0000 (07:42 +0100)]
pppd: Allow use of additional Bnnn constants (#325)

These constants are supported by Linux kernel on SPARC architecture.

Signed-off-by: Pali Rohár <pali@kernel.org>
10 months agoExpand byte count statistics to 64 bits (#298)
Jaco Kroon [Thu, 13 Jan 2022 06:38:04 +0000 (08:38 +0200)]
Expand byte count statistics to 64 bits (#298)

* Add Gigawords to radius packets where applicable.

IMPORTANT NOTE:  The ioctl() only supports 32-bit counters.  In order t
obtain 64-bit counters, these are now pulled in from sysfs (it's assumed
to be mounted on /sys which I'm assuming is standard).

It is unknown whether sysfs will be available everywhere, as such, keep
the ioctl() method in place, but attempt to detect wrap-overs.

If the sysfs mechanism fails, fail back to the ioctl().

Given maximum data rates, the intervals between calling this needs to be
such that no more than 4GB (2^32) bytes are sent or received in any
given interval.  Mostly important for radius plugin where data
accounting may be in effect.

Towards this, a timer interval on 25 seconds is set to force a ioctl()
poll irrespective of the rate of stats update calls.  This may be
important for especially radius that needs to provide interim-update
intervals, if the interim updates is too long and the counters could
wrap-over twice in a single interval.  At 25 seconds we should detect
all wraps up to an effective data rate of 1.37Gbps, which for my
purposes is adequate.

Possible downsides, 4 files are opened, read and closed every time
statistics is requested.  This results in 12 system calls every single
time statistics is required, compared to 1 for the ioctl.  Efficiency is
unknown, but as a rule of thumb fewer system calls are better, this is
however not a critical path in my opinion, so should not be a problem.
If required I can run a few benchmarks using gettimeofday() to measure
actual impact.

Signed-off-by: Jaco Kroon <jaco@uls.co.za>
* Use netlink if possible to obtain 64-bit stats.

This uses two system calls per round.

This should be preferred where available.  It seems the RTM_GETSTATS was
only added from 2016 some point (4.7.0 as per pali), which is in my
opinion old, but given experience with certain embedded systems does
need to be supported.

Signed-off-by: Jaco Kroon <jaco@uls.co.za>
Co-authored-by: Jaco Kroon <jaco@iewc.co.za>
10 months agoMerge pull request #328 from pali/ipv6
Paul Mackerras [Wed, 12 Jan 2022 09:41:33 +0000 (20:41 +1100)]
Merge pull request #328 from pali/ipv6

ipv6cp: Add support for new ipv6cp-noremote, ipv6cp-nosend and ipv6cp-use-remotenumber options

10 months agoMerge pull request #330 from pali/pppoe-discovery
Paul Mackerras [Mon, 10 Jan 2022 04:06:21 +0000 (15:06 +1100)]
Merge pull request #330 from pali/pppoe-discovery

pppoe-discovery: Do not set eth0 as default interface and valide all cmdline options

10 months agoImproved Buildroot CI build speed by providing precompiled Buildroot images. (#332)
Adrien RICCIARDI [Sat, 8 Jan 2022 01:27:43 +0000 (02:27 +0100)]
Improved Buildroot CI build speed by providing precompiled Buildroot images. (#332)

Signed-off-by: RICCIARDI-Adrien <adrien.ricciardi@hotmail.fr>
11 months agopppoe-discovery: Remove duplicate and unused includes
Pali Rohár [Tue, 21 Dec 2021 17:10:27 +0000 (18:10 +0100)]
pppoe-discovery: Remove duplicate and unused includes

Some of specified include header files in pppoe-discovery.c are duplicate
and some of them are unused. Remove all these include lines which are not

Signed-off-by: Pali Rohár <pali@kernel.org>
11 months agopppoe-discovery: Add check that there is no additional extra argument
Pali Rohár [Tue, 21 Dec 2021 15:00:58 +0000 (16:00 +0100)]
pppoe-discovery: Add check that there is no additional extra argument

Signed-off-by: Pali Rohár <pali@kernel.org>
11 months agopppoe-discovery: Do not set eth0 as default interface
Pali Rohár [Tue, 21 Dec 2021 15:00:18 +0000 (16:00 +0100)]
pppoe-discovery: Do not set eth0 as default interface

On most Linux systems there is no network interface with name eth0.

So rather make -I interface option as mandatory and do not rely on some
default hardcoded interface name.

Signed-off-by: Pali Rohár <pali@kernel.org>
11 months agoipv6cp: Add support for ipv6cp-use-remotenumber option
Pali Rohár [Sat, 31 Jul 2021 15:09:08 +0000 (17:09 +0200)]
ipv6cp: Add support for ipv6cp-use-remotenumber option

This new option cause that pppd would use "remotenumber" option value for
negotiating IPv6 remote interface identifier.

It is expected that "remotenumber" option in this case is set either to MAC
address, IPv4 address, IPv6 address or telephone number (with or without
plus sign) of remote peer system.

This option is useful for PPPoE connections to generate stable and
predicable IPv6 remote interface identifier as "remotenumber" is set by
pppoe.so plugin to MAC address of remote ethernet peer.

Similarly dial-up connections set "remotenumber" to telephone number of the
remote system and VPN-based ppp plugins set "remotenumber" to address of
remote peer (in case VPN connection is based on IPv4 transport protocol
then address is set to IPv4, if based on IPv6 then remotenumber is IPv6

Having stable IPv6 interface identifiers in ipv6cp is really important.

Signed-off-by: Pali Rohár <pali@kernel.org>
11 months agoipv6cp: Add support for ipv6cp-nosend option
Pali Rohár [Sat, 5 Jun 2021 16:51:52 +0000 (18:51 +0200)]
ipv6cp: Add support for ipv6cp-nosend option

This new option cause that pppd would not send our local IPv6 interface
identifier to peer during IPv6 interface identifier negotiation. Like
nosendip option for IPv4.

Signed-off-by: Pali Rohár <pali@kernel.org>
11 months agoipv6cp: Add support for ipv6cp-noremote option
Pali Rohár [Fri, 26 Feb 2021 13:47:59 +0000 (14:47 +0100)]
ipv6cp: Add support for ipv6cp-noremote option

With this option pppd is allowed to operate without having an IPv6 link
local address for the peer, like noremoteip option for IPv4.

This option is only available under Linux, like noremoteip option.

Signed-off-by: Pali Rohár <pali@kernel.org>
11 months agoUpdated Solaris CI action to fix build error on macOS greater than 10.15. (#327)
Adrien RICCIARDI [Mon, 13 Dec 2021 05:37:16 +0000 (06:37 +0100)]
Updated Solaris CI action to fix build error on macOS greater than 10.15. (#327)

Signed-off-by: RICCIARDI-Adrien <adrien.ricciardi@hotmail.fr>
11 months agopppoe: Print packet fields in hex if they contain non-printable characters
Paul Mackerras [Fri, 10 Dec 2021 21:40:57 +0000 (08:40 +1100)]
pppoe: Print packet fields in hex if they contain non-printable characters

This adds logic to pppoe_printpkt to print text fields as hex if the
field contains any non-printable characters.  This is so that a
malicious, buggy or hacked access concentrator can't cause us to send
non-printing characters to syslog.

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
12 months agoMerge branch 'pppoe-discovery' of https://github.com/pali/ppp
Paul Mackerras [Fri, 26 Nov 2021 00:05:06 +0000 (11:05 +1100)]
Merge branch 'pppoe-discovery' of https://github.com/pali/ppp

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
12 months agopppd: Add ipv6-{up,down}-script options (#321)
Daniel Barlow [Sat, 20 Nov 2021 04:58:17 +0000 (04:58 +0000)]
pppd: Add ipv6-{up,down}-script options (#321)

These allow a user to specify the paths to the scripts
usually located at /etc/ppp/ipv6-up and /etc/ppp/ipv6-down,
similarly to the existing ip-up-script and ip-down-script

Signed-off-by: Daniel Barlow <dan@telent.net>
12 months agoplugins/pppol2tp: Add '#ifdef INET6' for optional ipv6 (#319)
Paul Mackerras [Sat, 20 Nov 2021 04:57:23 +0000 (15:57 +1100)]
plugins/pppol2tp: Add '#ifdef INET6' for optional ipv6 (#319)

pppol2tp.c add '#ifdef INET6' for optional ipv6

13 months agopppol2tp.c add '#ifdef INET6' for optional ipv6
str8fast [Thu, 28 Oct 2021 14:55:56 +0000 (14:55 +0000)]
pppol2tp.c add '#ifdef INET6' for optional ipv6

Without it, l2tp daemon can't launch ppp, cuz undefined symbol ipv6_up_notifier.

13 months agoMerge pull request #297 from mjeveritt/patch-11-test-pr
Paul Mackerras [Sat, 16 Oct 2021 03:01:46 +0000 (14:01 +1100)]
Merge pull request #297 from mjeveritt/patch-11-test-pr

pppd: Add option to ask peer for WINS address

This adds a 'usepeerwins' option, analogous to the usepeerdns option,
to ask the peer for WINS server addresses.  Nothing is done with
the addresses provided other than to pass them to the ip-up
script in environment variables.

With this, if the peer sends an IPCP Configure-NAK containing
WINS addresses, we will request them in the following IPCP

Co-authored-by: Mike Frysinger <vapier@gentoo.org>
Signed-off-by: Michael Everitt <gentoo@veremit.xyz>
Signed-off-by: Lars Wendler <polynomial-c@gentoo.org>
Signed-off-by: Michael Everitt <michael@2e0cer.net>
13 months agoMerge pull request #307 from enaess/ppp-peap
Paul Mackerras [Sat, 16 Oct 2021 02:55:21 +0000 (13:55 +1100)]
Merge pull request #307 from enaess/ppp-peap

pppd: Add PEAP/MSCHAPv2 support

13 months agoMerge pull request #313 from Chocobo1/install
Paul Mackerras [Sat, 16 Oct 2021 02:53:02 +0000 (13:53 +1100)]
Merge pull request #313 from Chocobo1/install

Perform installation step in the CI testing

14 months agoImprove the PEAP contribution by Rustam Kovhaev
Eivind Næss [Thu, 24 Jun 2021 23:06:11 +0000 (16:06 -0700)]
Improve the PEAP contribution by Rustam Kovhaev

These changes adds to his contribution by

  * Adding options to perform CA/CRL checking and certificate validation
    consistent with what is already been done for EAP-TLS
  * Certificate validation is now in line with what is already been done
    for EAP-TLS. Users can now set "remotename" and "tls-verify-method" to
    control these.
  * Validation of certificate purpose and extended key usage is controlled
    by the option "tls-verify-key-usage".
  * Fixing up MPPE key generation to use the new API for handling MPPE keys
  * Man page is updated where appropriate for the new options.
  * Added unit-tests for the PEAP code in case of crypto or parameters would
    change in the future.
  * Added the peap feature to configure scripts. Users can now control the
    feature by specifying --enable-peap/--disable-peap.

To acheive feature parity with the EAP-TLS change, the EAP-TLS common code was
refactored into tls.c/.h such that it could be re-used in both instances.

Using PEAP/MSCHAPv2 is now supported in PPPD with this change.

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
14 months agoMerge branch 'fix-compiler-warnings-2' of https://github.com/enaess/ppp
Paul Mackerras [Mon, 27 Sep 2021 07:12:00 +0000 (17:12 +1000)]
Merge branch 'fix-compiler-warnings-2' of https://github.com/enaess/ppp

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
14 months agopppd: Fix usage of BOTHER ioctl API on Linux (#314)
pali [Mon, 27 Sep 2021 07:10:31 +0000 (09:10 +0200)]
pppd: Fix usage of BOTHER ioctl API on Linux (#314)

Linux architectures have different content of struct termios2 and also
different value of BOTHER macro. So do not declare any struct termios2 nor
BOTHER macro. Current definitions in ppp were applicable only for x86.

Correct definitions for current architecture are only in <asm/termbits.h>
and <asm/ioctls.h> header files. But Linux header file <asm/termbits.h> is
in conflict with glibc header file <termios.h> and only one can be included
in one source unit. Moreover both header files contains struct termios but
with different content. So it is not possible to use glibc tc* functions
with <asm/termbits.h> definitions.

For this reason provide a new include header file "termios_linux.h" which
provides custom implementation of all glibc's termios.h functions via Linux
ioctl() interface with definitions from Linux <asm/termbits.h> header file.

Thus this "termios_linux.h" is replacement for <termios.h> with additional
support for BOTHER Linux termios API.

Same "termios_linux.h" is going to be used by U-Boot's kwboot utility for
the same reason to use arbitrary baudrate value via BOTHER ioctl API.

Hopefully one day glibc will provide some API functions for functionality
provided currently by BOTHER Linux API.

Signed-off-by: Pali Rohár <pali@kernel.org>
14 months agoFix for CLang -Wformat-overflow warning, expand the destination array to fit a number.
Eivind Næss [Thu, 23 Sep 2021 21:52:47 +0000 (14:52 -0700)]
Fix for CLang -Wformat-overflow warning, expand the destination array to fit a number.

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
14 months agoFixing GCC -Wunused-result warning in chat.c resolving comments from Paul Mackerras
Eivind Næss [Thu, 23 Sep 2021 15:19:35 +0000 (08:19 -0700)]
Fixing GCC -Wunused-result warning in chat.c resolving comments from Paul Mackerras

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
14 months agoFixing CLang [-Wpointer-sign] warning in winbind.c
Eivind Næss [Thu, 23 Sep 2021 14:59:51 +0000 (07:59 -0700)]
Fixing CLang [-Wpointer-sign] warning in winbind.c

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
14 months agoFixing CLang [-Wcomment] warning for using /* inside of a /* comment.
Eivind Næss [Thu, 23 Sep 2021 14:57:12 +0000 (07:57 -0700)]
Fixing CLang [-Wcomment] warning for using /* inside of a /* comment.

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
14 months agoFixing CLang [-Wpointer-sign] warning in radius.c
Eivind Næss [Thu, 23 Sep 2021 14:56:05 +0000 (07:56 -0700)]
Fixing CLang [-Wpointer-sign] warning in radius.c

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
14 months agoClang complained about -Wformat in passing a int for %h in snprintf. Result would...
Eivind Næss [Thu, 23 Sep 2021 14:52:34 +0000 (07:52 -0700)]
Clang complained about -Wformat in passing a int for %h in snprintf. Result would have been the same.

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
14 months agoFixing CLang -Wpointer-sign warnings in sendserver.c
Eivind Næss [Thu, 23 Sep 2021 14:49:40 +0000 (07:49 -0700)]
Fixing CLang -Wpointer-sign warnings in sendserver.c

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
14 months agoCLang detected possible invalid memory access (-Wsizeof-pointer-memaccess)
Eivind Næss [Thu, 23 Sep 2021 14:44:06 +0000 (07:44 -0700)]
CLang detected possible invalid memory access (-Wsizeof-pointer-memaccess)

rc_find_server() resets the secret by setting *secret = 0 instead of what
was likely intended: memset the entire array. In case of error, moved the
memset operation outside of the rc_find_server() function. It's only used
in one place anyway.

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
14 months agoFixing signed vs. unsigned char* warnings in avpair.c
Eivind Næss [Thu, 23 Sep 2021 14:40:01 +0000 (07:40 -0700)]
Fixing signed vs. unsigned char* warnings in avpair.c

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
14 months agoFixing signed vs. unsigned char * in strcpy operation.
Eivind Næss [Thu, 23 Sep 2021 14:36:43 +0000 (07:36 -0700)]
Fixing signed vs. unsigned char * in strcpy operation.

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
14 months agoCI: Deduplicate configure flags by using a variable
Chocobo1 [Tue, 21 Sep 2021 07:21:47 +0000 (15:21 +0800)]
CI: Deduplicate configure flags by using a variable

14 months agoCI: Remove redundant check
Chocobo1 [Tue, 21 Sep 2021 07:20:47 +0000 (15:20 +0800)]
CI: Remove redundant check

The step is already covered by `make distcheck`.

14 months agoCI: Perform installation step
Chocobo1 [Sun, 29 Aug 2021 11:59:21 +0000 (19:59 +0800)]
CI: Perform installation step

This ensures installation code to be tested.

14 months agoFixing CLang warning: format specifies type 'unsigned short' but the argument has...
Eivind Næss [Mon, 20 Sep 2021 17:20:50 +0000 (10:20 -0700)]
Fixing CLang warning: format specifies type 'unsigned short' but the argument has type 'int'

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
14 months agoFixing CLang warnings related to using pointers of different signedness (int* vs...
Eivind Næss [Mon, 20 Sep 2021 17:18:50 +0000 (10:18 -0700)]
Fixing CLang warnings related to using pointers of different signedness (int* vs unsigned int* in definition of socklen_t).

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
14 months agoFixing CLang warning with regards to GNU old-style designator in structure initializa...
Eivind Næss [Mon, 20 Sep 2021 17:15:02 +0000 (10:15 -0700)]
Fixing CLang warning with regards to GNU old-style designator in structure initialization.

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
14 months agoFixing CLang warnings w.r.t. GNU-style designator in structure declaration
Eivind Næss [Mon, 20 Sep 2021 17:13:00 +0000 (10:13 -0700)]
Fixing CLang warnings w.r.t. GNU-style designator in structure declaration

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
14 months agoFixing GCC unused result warning w.r.t. fchown() and fchmod() functions.
Eivind Næss [Mon, 20 Sep 2021 17:09:31 +0000 (10:09 -0700)]
Fixing GCC unused result warning w.r.t. fchown() and fchmod() functions.

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
14 months agoFixing GCC warning with unused return value from ftruncate().
Eivind Næss [Mon, 20 Sep 2021 17:05:17 +0000 (10:05 -0700)]
Fixing GCC warning with unused return value from ftruncate().

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
14 months agoFixing GCC compile warning with unused result from setgid/setuid.
Eivind Næss [Mon, 20 Sep 2021 17:01:55 +0000 (10:01 -0700)]
Fixing GCC compile warning with unused result from setgid/setuid.

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
14 months agoFixing GCC warning -Wunused-result with setgid in winbind.c
Eivind Næss [Mon, 20 Sep 2021 16:52:22 +0000 (09:52 -0700)]
Fixing GCC warning -Wunused-result with setgid in winbind.c

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
14 months agoFixing compiler warning with GCC, -Wunused-result and write()
Eivind Næss [Mon, 20 Sep 2021 16:44:50 +0000 (09:44 -0700)]
Fixing compiler warning with GCC, -Wunused-result and write()

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
14 months agoFixing compiler warnings with regards to GCC, w.r.t. unused results of setuid/setgid
Eivind Næss [Mon, 20 Sep 2021 16:34:15 +0000 (09:34 -0700)]
Fixing compiler warnings with regards to GCC, w.r.t. unused results of setuid/setgid

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
14 months agoFixing main.c with regards to default GCC/CLANG compiler warnings
Eivind Næss [Mon, 20 Sep 2021 16:29:21 +0000 (09:29 -0700)]
Fixing main.c with regards to default GCC/CLANG compiler warnings

This also incorporates the comments from @paulusmack.

Generally, fixes:
- Suppresed warnings w.r.t. unused results in signal handling and result from write()
- Unused results w.r.t. setuid/getuid/chdir

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
14 months agoradattr: tighten permissions on radattr file to avoid information leakage. (#290)
Jaco Kroon [Sat, 18 Sep 2021 02:02:54 +0000 (04:02 +0200)]
radattr: tighten permissions on radattr file to avoid information leakage. (#290)

Depending on the invoking process's umask it's possible that the radattr
file (which in certain cases can contain crytographic keys) be stored
with permissions such that world-read access is possible, resulting in
sensitive information being leaked to local users.

Signed-off-by: Jaco Kroon <jaco@uls.co.za>
Co-authored-by: Jaco Kroon <jaco@iewc.co.za>
14 months agoREADME.pppoe: Fix spelling (#316)
Gustavo Romero [Fri, 17 Sep 2021 23:43:35 +0000 (20:43 -0300)]
README.pppoe: Fix spelling (#316)

Minor spelling fix.

Signed-off-by: Gustavo Romero <gustavo.romero@linaro.org>
14 months agopppd: add experimental support for PEAP protocol, an extension of EAP
Rustam Kovhaev [Thu, 10 Oct 2019 19:53:36 +0000 (12:53 -0700)]
pppd: add experimental support for PEAP protocol, an extension of EAP

current patch implements client functionality for PEAPv0/EAP-MSCHAPv2,
which is usually the most common setup deployed by companies utilizing
Microsoft RRAS as their VPN solution

Signed-off-by: Rustam Kovhaev <rkovhaev@gmail.com>
15 months agoFix situation where peer may NAK with request for MS_WINS
Michael Everitt [Sun, 15 Aug 2021 22:16:46 +0000 (23:16 +0100)]
Fix situation where peer may NAK with request for MS_WINS

Previously, if configure-request is sent without MS_WINS[12], a
peer may return a NAK with a request for it. However, code in the
ipcp_nakci didn't handle this case properly. This patch fixes it
to set try.req_wins[12].

Signed-off-by: Michael Everitt <michael@2e0cer.net>
15 months agoMerge pull request #305 from pali/ifnamsiz
Paul Mackerras [Sat, 7 Aug 2021 06:59:18 +0000 (16:59 +1000)]
Merge pull request #305 from pali/ifnamsiz

pppd: Remove usage of incorrect constant MAXIFNAMELEN

15 months agoFixing up a few inconsistencies in configure.ac (#306)
Eivind Næss [Sat, 7 Aug 2021 06:56:43 +0000 (23:56 -0700)]
Fixing up a few inconsistencies in configure.ac (#306)

Options that specify --with-logfile-dir, or --with-plugin-dir, or --with-runtime-dir needs to be specified using AC_ARG_WITH, not AC_ARG_ENABLE.

If you try to specify --without-openssl, then the conditions should be tested against = "xyes". There is a case where the option is either blank or is set to "xno" and the former case wasn't properly handled.

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
16 months agopppd: Replace IF_NAMESIZE by IFNAMSIZ for struct ifreq
Pali Rohár [Sat, 31 Jul 2021 20:12:55 +0000 (22:12 +0200)]
pppd: Replace IF_NAMESIZE by IFNAMSIZ for struct ifreq

Macros IF_NAMESIZE and IFNAMSIZ should be defined to the same value, but
struct ifreq uses IFNAMSIZ. So use "correct" macro.

Signed-off-by: Pali Rohár <pali@kernel.org>
16 months agopppd: Remove usage of incorrect constant MAXIFNAMELEN
Pali Rohár [Sat, 31 Jul 2021 18:47:21 +0000 (20:47 +0200)]
pppd: Remove usage of incorrect constant MAXIFNAMELEN

MAXIFNAMELEN is currently hardcoded to 32, but maximal size of interface
name on Linux is just 15 + nul-term byte. This limit is already provided by
IFNAMSIZ macro defined in net/if.h header file.

So replace MAXIFNAMELEN usage by IFNAMSIZ to not silently truncate
interface name.

Signed-off-by: Pali Rohár <pali@kernel.org>
16 months agopppoe: Remove rp-pppoe.so symlink to not conflict with real rp-pppoe.so plugin (...
pali [Fri, 30 Jul 2021 03:29:01 +0000 (05:29 +0200)]
pppoe: Remove rp-pppoe.so symlink to not conflict with real rp-pppoe.so plugin (#304)

Backward compatibility symlink is there already for one ppp release. Remove
it for next ppp release to not conflict with real rp-pppoe.so plugin. So
both ppp's pppoe.so and rp's rp-pppoe.so plugins can be installed together.

Now when conversion to automake was done, it is a good time to drop this
problematic symlink from default installation.

Signed-off-by: Pali Rohár <pali@kernel.org>
16 months agoMerge pull request #303 from enaess/fix-md4
Paul Mackerras [Fri, 30 Jul 2021 03:26:55 +0000 (13:26 +1000)]
Merge pull request #303 from enaess/fix-md4

Using OpenSSL for MD4 isn't compatibile how NTPasswordHash is using it.

16 months agoradius: interim and stop frames should not depend on successful start. (#299)
Jaco Kroon [Fri, 30 Jul 2021 03:24:08 +0000 (05:24 +0200)]
radius: interim and stop frames should not depend on successful start. (#299)

It could simply be that the accounting server is temporarily down, and
any good accounting server should be able to recover from missed
start/stop frames.  In particular Acct-Session-Time on the first seen
interim update or even stop frame allows for determining start time.

Signed-off-by: Jaco Kroon <jaco@uls.co.za>
Co-authored-by: Jaco Kroon <jaco@iewc.co.za>
16 months agoAdding in unit-tests for chap_ms.c in pppd
Eivind Næss [Thu, 29 Jul 2021 14:52:17 +0000 (07:52 -0700)]
Adding in unit-tests for chap_ms.c in pppd

This would have uncovered the change that broke MD4

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
16 months agoUsing OpenSSL for MD4 isn't compatibile how NTPasswordHash is using it.
Eivind Næss [Wed, 28 Jul 2021 23:39:43 +0000 (16:39 -0700)]
Using OpenSSL for MD4 isn't compatibile how NTPasswordHash is using it.

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>
16 months agopppd: Fix IPv6 compatibility with older kernel versions (#301)
pali [Mon, 26 Jul 2021 06:47:57 +0000 (08:47 +0200)]
pppd: Fix IPv6 compatibility with older kernel versions (#301)

Linux kernel versions prior 3.11 do not support setting IPv6 peer
addresses. On error try fallback to old IOCTL method.

Signed-off-by: Pali Rohár <pali@kernel.org>
16 months agoMerge pull request #296 from enaess/ppp-autotools
Paul Mackerras [Sat, 24 Jul 2021 03:07:30 +0000 (13:07 +1000)]
Merge pull request #296 from enaess/ppp-autotools

Use autoconf/automake to configure and make ppp

Signed-off-by: Paul Mackerras <paulus@ozlabs.org>
16 months agoFixing up install targets for man pages and file permissions of secrets files
Eivind Næss [Thu, 22 Jul 2021 23:55:08 +0000 (16:55 -0700)]
Fixing up install targets for man pages and file permissions of secrets files

Signed-off-by: Eivind Næss <eivnaes@yahoo.com>