d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Don't create a diagnostic socket by default.

Browse Source 
Allow a password spec on the "set server" command line.
Use SIGUSR2 to close the diagnostic socket.
Some man page corrections.
This commit is contained in:
Brian Somers 1997-11-09 22:07:29 +00:00
parent d025849c64
commit 8ea8442c9a
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=31081
8 changed files with 285 additions and 138 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
usr.sbin/ppp/auth.c
View File

@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: auth.c,v 1.19 1997/11/09 14:18:32 brian Exp $
* $Id: auth.c,v 1.20 1997/11/09 18:51:21 brian Exp $
*
* TODO:
* o Implement check against with registered IP addresses.
@ -47,20 +47,24 @@
void
LocalAuthInit()
{
char *p;
if (*VarShortHost == '\0') {
char *p;
if (gethostname(VarShortHost, sizeof(VarShortHost))) {
VarLocalAuth = LOCAL_DENY;
return;
if (gethostname(VarShortHost, sizeof(VarShortHost))) {
VarLocalAuth = LOCAL_DENY;
return;
}
p = strchr(VarShortHost, '.');
if (p)
*p = '\0';
}
p = strchr(VarShortHost, '.');
if (p)
*p = '\0';
if (!(mode&(MODE_AUTO|MODE_DEDICATED|MODE_DIRECT)))
/* We're allowed in interactive and direct */
VarLocalAuth = LOCAL_AUTH;
else if (VarHaveLocalAuthKey)
VarLocalAuth = *VarLocalAuthKey == '\0' ? LOCAL_AUTH : LOCAL_NO_AUTH;
else
switch (LocalAuthValidate(SECRETFILE, VarShortHost, "")) {
case NOT_FOUND:

100
usr.sbin/ppp/command.c
View File

@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: command.c,v 1.93 1997/11/09 17:51:24 brian Exp $
* $Id: command.c,v 1.94 1997/11/09 18:51:22 brian Exp $
*
*/
#include <sys/param.h>
@ -761,7 +761,6 @@ QuitCommand(struct cmdtab const * list, int argc, char **argv)
Cleanup(EX_NORMAL);
} else if (VarTerm) {
LogPrintf(LogPHASE, "Client connection closed.\n");
LocalAuthInit();
mode &= ~MODE_INTER;
oVarTerm = VarTerm;
VarTerm = 0;
@ -899,43 +898,86 @@ SetStoppedTimeout(struct cmdtab const * list, int argc, char **argv)
return -1;
}
#define ismask(x) \
(*x == '0' && strlen(x) == 4 && strspn(x+1, "0123456789.") == 3)
static int
SetServer(struct cmdtab const * list, int argc, char **argv)
{
int res = -1;
if (argc > 0 && argc < 3)
if (strcasecmp(argv[0], "none") == 0) {
ServerClose();
LogPrintf(LogPHASE, "Disabling server port.\n");
res = 0;
} else if (*argv[0] == '/') {
mode_t mask;
if (argc > 0 && argc < 4) {
const char *port, *passwd, *mask;
umask(mask = umask(0));
if (argc == 2) {
/* What's what ? */
port = argv[0];
if (argc == 2)
if (ismask(argv[1])) {
passwd = NULL;
mask = argv[1];
} else {
passwd = argv[1];
mask = NULL;
}
else if (argc == 3) {
passwd = argv[1];
mask = argv[2];
if (!ismask(mask))
return -1;
} else
passwd = mask = NULL;
if (passwd == NULL)
VarHaveLocalAuthKey = 0;
else {
strncpy(VarLocalAuthKey, passwd, sizeof VarLocalAuthKey);
VarLocalAuthKey[sizeof VarLocalAuthKey - 1] = '\0';
VarHaveLocalAuthKey = 1;
}
LocalAuthInit();
if (strcasecmp(port, "none") == 0) {
int oserver;
if (mask != NULL || passwd != NULL)
return -1;
oserver = server;
ServerClose();
if (oserver != -1)
LogPrintf(LogPHASE, "Disabling server port.\n");
res = 0;
} else if (*port == '/') {
mode_t imask;
if (mask != NULL) {
unsigned m;
if (sscanf(argv[1], "%o", &m) == 1)
mask = m;
}
res = ServerLocalOpen(argv[0], mask);
} else {
int port;
if (strspn(argv[0], "0123456789") != strlen(argv[0])) {
struct servent *s;
if ((s = getservbyname(argv[0], "tcp")) == NULL) {
port = 0;
LogPrintf(LogWARN, "%s: Invalid port or service\n", argv[0]);
} else
port = ntohs(s->s_port);
if (sscanf(mask, "%o", &m) == 1)
imask = m;
else
return -1;
} else
port = atoi(argv[0]);
if (port)
res = ServerTcpOpen(port);
imask = (mode_t)-1;
res = ServerLocalOpen(port, imask);
} else {
int iport;
if (mask != NULL)
return -1;
if (strspn(port, "0123456789") != strlen(port)) {
struct servent *s;
if ((s = getservbyname(port, "tcp")) == NULL) {
iport = 0;
LogPrintf(LogWARN, "%s: Invalid port or service\n", port);
} else
iport = ntohs(s->s_port);
} else
iport = atoi(port);
res = iport ? ServerTcpOpen(iport) : -1;
}
}
return res;
}

23
usr.sbin/ppp/main.c
View File

@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: main.c,v 1.90 1997/11/09 14:18:45 brian Exp $
* $Id: main.c,v 1.91 1997/11/09 18:51:23 brian Exp $
*
* TODO:
* o Add commands for traffic summary, version display, etc.
@ -173,6 +173,7 @@ TtyOldMode()
void
Cleanup(int excode)
{
ServerClose();
OsInterfaceDown(1);
HangupModem(1);
nointr_sleep(1);
@ -189,7 +190,6 @@ Cleanup(int excode)
close(BGFiledes[1]);
}
LogPrintf(LogPHASE, "PPP Terminated (%s).\n", ex_desc(excode));
ServerClose();
TtyOldMode();
LogClose();
@ -242,11 +242,21 @@ SetUpServer(int signo)
{
int res;
VarHaveLocalAuthKey = 0;
LocalAuthInit();
if ((res = ServerTcpOpen(SERVER_PORT + tunno)) != 0)
LogPrintf(LogERROR, "SIGUSR1: Failed %d to open port %d\n",
res, SERVER_PORT + tunno);
}
static void
BringDownServer(int signo)
{
VarHaveLocalAuthKey = 0;
LocalAuthInit();
ServerClose();
}
static char *
ex_desc(int ex)
{
@ -396,6 +406,10 @@ main(int argc, char **argv)
if (mode != MODE_INTER)
pending_signal(SIGUSR1, SetUpServer);
#endif
#ifdef SIGUSR2
if (mode != MODE_INTER)
pending_signal(SIGUSR2, BringDownServer);
#endif
if (dstsystem) {
if (SelectSystem(dstsystem, CONFFILE) < 0) {
@ -416,9 +430,6 @@ main(int argc, char **argv)
Cleanup(EX_SOCK);
}
}
/* Create server socket and listen (initial value is -2) */
if (server == -2)
ServerTcpOpen(SERVER_PORT + tunno);
if (!(mode & MODE_DIRECT)) {
pid_t bgpid;
@ -560,7 +571,6 @@ ReadTty()
Prompt();
} else {
LogPrintf(LogPHASE, "client connection closed.\n");
LocalAuthInit();
mode &= ~MODE_INTER;
oVarTerm = VarTerm;
VarTerm = 0;
@ -922,6 +932,7 @@ DoLoop()
} else
netfd = wfd;
VarTerm = fdopen(netfd, "a+");
LocalAuthInit();
mode |= MODE_INTER;
Greetings();
IsInteractive(1);

110
usr.sbin/ppp/ppp.8
View File

@ -1,4 +1,4 @@
.\" $Id: ppp.8,v 1.75 1997/11/09 13:18:51 brian Exp $
.\" $Id: ppp.8,v 1.76 1997/11/09 17:51:26 brian Exp $
.Dd 20 September 1995
.Os FreeBSD
.Dt PPP 8
@ -525,10 +525,15 @@ Currently,
may also be used to talk interactively.
.Pp
Each
In order to achieve this, you must use the
.Dq set server
command as described below. It is possible to retrospectively make a running
.Nm
daemon has an associated port number which is computed as "3000 +
tunnel_device_number".
program listen on a diagnostic port by configuring
.Pa /etc/ppp/ppp.secret ,
and sending it a
.Dv USR1
signal.
In
.Fl auto
@ -637,10 +642,18 @@ To terminate the program, type
.Pp
A simple
.Dq quit
command will terminate the telnet connection but not the program itself.
command will terminate the
.Xr pppctl 8
or
.Xr telnet 1
connection but not the
.Nm
program itself.
You must use
.Dq quit all
to terminate the program as well.
to terminate
.Nm
as well.
.Sh RECEIVING INCOMING PPP CONNECTIONS (Method 1)
@ -698,17 +711,17 @@ exec /usr/sbin/ppp -direct
(You can specify a label name for further control.)
.Pp
Direct mode (
.Fl direct
) lets
Direct mode
.Pq Fl direct
lets
.Nm
work with stdin and stdout. You can also use
.Xr pppctl 8
or
.Xr telnet 1
to connect to port 3000 plus the current tunnel device number to get
command mode control in the same manner as client-side
.Nm.
to connect to a configured diagnostic port, in the same manner as with
client-side
.Nm ppp .
.It
Optional support for Microsoft's IPCP Name Server and NetBIOS
@ -1467,8 +1480,14 @@ to exit.
This signal, when not in interactive mode, tells
.Nm
to close any existing server socket and open an Internet socket using
the default rules for choosing a port number - that is, using port
3000 plus the current tunnel device number.
port 3000 plus the current tunnel device number. This can only be
achieved if a suitable local password is specified in
.Pa /etc/ppp/ppp.secret .
.It USR2
This signal, tells
.Nm
to close any existing server socket.
.El
@ -1477,7 +1496,11 @@ the default rules for choosing a port number - that is, using port
This section lists the available commands and their effect. They are
usable either from an interactive
.Nm
session, from a configuration file or from a telnet session.
session, from a configuration file or from a
.Xr pppctl 8
or
.Xr telnet 1
session.
.Bl -tag -width 20
.It accept|deny|enable|disable option....
@ -1949,27 +1972,40 @@ The default value is zero, where
.Nm
doesn't time out in the stopped state.
.It set server|socket TcpPort|LocalName|none [mask]
Normally, when not in interactive mode,
.It set server|socket TcpPort|LocalName|none [password] [mask]
This command tells
.Nm
listens to a TCP socket for incoming command connections. The
default socket number is calculated as 3000 plus the number of the
tunnel device that
to listen on the given socket or
.Sq diagnostic port
for incoming command connections. This is not possible if
.Nm
opened. So, for example, if
is in interactive mode. The word
.Ar none
instructs
.Nm
opened tun2, socket 3002 would be used.
to close any existing socket. If you wish to specify a unix domain
socket,
.Ar LocalName
must be specified as an absolute file name, otherwise it is assumed
to be the name or number of a TCP port. You may specify the octal umask that
should be used with unix domain sockets as a four character octal number
beginning with
.Sq 0 .
Refer to
.Xr umask 2
for umask details. Refer to
.Xr services 5
for details of how to translate TCP port names.
.Pp
Using this command, you can specify your own port number, a
local domain socket (specified as an absolute file name), or
you can tell
.Nm
not to accept any command connections. If a local domain socket
is specified, you may also specify an octal mask that should be
set before creating the socket. See also the use of
the
.Dv USR1
signal.
You may also specify the password that must be used by the client when
connecting to this socket. If the password is not specified here,
.Pa /etc/ppp/ppp.secret
is searched for a machine name that's the same as your local host name
without any domain suffix. Refer to
.Xr hostname 1
for further details. If a password is specified as the empty string,
no password is required.
.Pp
When using
@ -1979,7 +2015,7 @@ with a server socket, the
command is the preferred mechanism of communications. Currently,
.Xr telnet 1
can also be used, but link encryption may be implemented in the future, so
.Xr telnet 8
.Xr telnet 1
should not be relied upon.
.It set speed value
@ -2184,7 +2220,11 @@ argument is given,
.Nm
will exit, closing the connection. A simple
.Dq quit
issued from a telnet session will not close the current connection.
issued from a
.Xr pppctl 8
or
.Xr telnet 1
session will not close the current connection.
.It help|? [command]
Show a list of available commands. If
@ -2287,6 +2327,7 @@ Get port number if port number is using service name.
.Xr crontab 5 ,
.Xr ftp 1 ,
.Xr getty 8 ,
.Xr hostname 1 ,
.Xr inetd 8 ,
.Xr init 8 ,
.Xr login 1 ,
@ -2299,7 +2340,6 @@ Get port number if port number is using service name.
.Xr syslogd 8 ,
.Xr tcpdump 1 ,
.Xr telnet 1 ,
.Xr telnet 8 ,
.Xr traceroute 8 ,
.Xr uucplock 3 ,
.Xr uucplock 8

110
usr.sbin/ppp/ppp.8.m4
View File

@ -1,4 +1,4 @@
.\" $Id: ppp.8,v 1.75 1997/11/09 13:18:51 brian Exp $
.\" $Id: ppp.8,v 1.76 1997/11/09 17:51:26 brian Exp $
.Dd 20 September 1995
.Os FreeBSD
.Dt PPP 8
@ -525,10 +525,15 @@ Currently,
may also be used to talk interactively.
.Pp
Each
In order to achieve this, you must use the
.Dq set server
command as described below. It is possible to retrospectively make a running
.Nm
daemon has an associated port number which is computed as "3000 +
tunnel_device_number".
program listen on a diagnostic port by configuring
.Pa /etc/ppp/ppp.secret ,
and sending it a
.Dv USR1
signal.
In
.Fl auto
@ -637,10 +642,18 @@ To terminate the program, type
.Pp
A simple
.Dq quit
command will terminate the telnet connection but not the program itself.
command will terminate the
.Xr pppctl 8
or
.Xr telnet 1
connection but not the
.Nm
program itself.
You must use
.Dq quit all
to terminate the program as well.
to terminate
.Nm
as well.
.Sh RECEIVING INCOMING PPP CONNECTIONS (Method 1)
@ -698,17 +711,17 @@ exec /usr/sbin/ppp -direct
(You can specify a label name for further control.)
.Pp
Direct mode (
.Fl direct
) lets
Direct mode
.Pq Fl direct
lets
.Nm
work with stdin and stdout. You can also use
.Xr pppctl 8
or
.Xr telnet 1
to connect to port 3000 plus the current tunnel device number to get
command mode control in the same manner as client-side
.Nm.
to connect to a configured diagnostic port, in the same manner as with
client-side
.Nm ppp .
.It
Optional support for Microsoft's IPCP Name Server and NetBIOS
@ -1467,8 +1480,14 @@ to exit.
This signal, when not in interactive mode, tells
.Nm
to close any existing server socket and open an Internet socket using
the default rules for choosing a port number - that is, using port
3000 plus the current tunnel device number.
port 3000 plus the current tunnel device number. This can only be
achieved if a suitable local password is specified in
.Pa /etc/ppp/ppp.secret .
.It USR2
This signal, tells
.Nm
to close any existing server socket.
.El
@ -1477,7 +1496,11 @@ the default rules for choosing a port number - that is, using port
This section lists the available commands and their effect. They are
usable either from an interactive
.Nm
session, from a configuration file or from a telnet session.
session, from a configuration file or from a
.Xr pppctl 8
or
.Xr telnet 1
session.
.Bl -tag -width 20
.It accept|deny|enable|disable option....
@ -1949,27 +1972,40 @@ The default value is zero, where
.Nm
doesn't time out in the stopped state.
.It set server|socket TcpPort|LocalName|none [mask]
Normally, when not in interactive mode,
.It set server|socket TcpPort|LocalName|none [password] [mask]
This command tells
.Nm
listens to a TCP socket for incoming command connections. The
default socket number is calculated as 3000 plus the number of the
tunnel device that
to listen on the given socket or
.Sq diagnostic port
for incoming command connections. This is not possible if
.Nm
opened. So, for example, if
is in interactive mode. The word
.Ar none
instructs
.Nm
opened tun2, socket 3002 would be used.
to close any existing socket. If you wish to specify a unix domain
socket,
.Ar LocalName
must be specified as an absolute file name, otherwise it is assumed
to be the name or number of a TCP port. You may specify the octal umask that
should be used with unix domain sockets as a four character octal number
beginning with
.Sq 0 .
Refer to
.Xr umask 2
for umask details. Refer to
.Xr services 5
for details of how to translate TCP port names.
.Pp
Using this command, you can specify your own port number, a
local domain socket (specified as an absolute file name), or
you can tell
.Nm
not to accept any command connections. If a local domain socket
is specified, you may also specify an octal mask that should be
set before creating the socket. See also the use of
the
.Dv USR1
signal.
You may also specify the password that must be used by the client when
connecting to this socket. If the password is not specified here,
.Pa /etc/ppp/ppp.secret
is searched for a machine name that's the same as your local host name
without any domain suffix. Refer to
.Xr hostname 1
for further details. If a password is specified as the empty string,
no password is required.
.Pp
When using
@ -1979,7 +2015,7 @@ with a server socket, the
command is the preferred mechanism of communications. Currently,
.Xr telnet 1
can also be used, but link encryption may be implemented in the future, so
.Xr telnet 8
.Xr telnet 1
should not be relied upon.
.It set speed value
@ -2184,7 +2220,11 @@ argument is given,
.Nm
will exit, closing the connection. A simple
.Dq quit
issued from a telnet session will not close the current connection.
issued from a
.Xr pppctl 8
or
.Xr telnet 1
session will not close the current connection.
.It help|? [command]
Show a list of available commands. If
@ -2287,6 +2327,7 @@ Get port number if port number is using service name.
.Xr crontab 5 ,
.Xr ftp 1 ,
.Xr getty 8 ,
.Xr hostname 1 ,
.Xr inetd 8 ,
.Xr init 8 ,
.Xr login 1 ,
@ -2299,7 +2340,6 @@ Get port number if port number is using service name.
.Xr syslogd 8 ,
.Xr tcpdump 1 ,
.Xr telnet 1 ,
.Xr telnet 8 ,
.Xr traceroute 8 ,
.Xr uucplock 3 ,
.Xr uucplock 8

13
usr.sbin/ppp/server.c
View File

@ -1,5 +1,5 @@
/*
* $Id: server.c,v 1.7 1997/11/09 06:22:47 brian Exp $
* $Id: server.c,v 1.8 1997/11/09 14:18:51 brian Exp $
*/
#include <sys/param.h>
@ -26,7 +26,7 @@
#include "log.h"
#include "id.h"
int server = -2;
int server = -1;
static struct sockaddr_un ifsun;
static char *rm;
@ -61,9 +61,11 @@ ServerLocalOpen(const char *name, mode_t mask)
return 3;
}
setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &s, sizeof s);
mask = umask(mask);
if (mask != (mode_t)-1)
mask = umask(mask);
if (bind(s, (struct sockaddr *) & ifsun, sizeof(ifsun)) < 0) {
umask(mask);
if (mask != (mode_t)-1)
umask(mask);
LogPrintf(LogERROR, "Local: bind: %s\n", strerror(errno));
if (errno == EADDRINUSE && VarTerm)
fprintf(VarTerm, "Wait for a while, then try again.\n");
@ -71,7 +73,8 @@ ServerLocalOpen(const char *name, mode_t mask)
ID0unlink(name);
return 4;
}
umask(mask);
if (mask != (mode_t)-1)
umask(mask);
if (listen(s, 5) != 0) {
LogPrintf(LogERROR, "Local: Unable to listen to socket - OS overload?\n");
close(s);

39
usr.sbin/ppp/vars.c
View File

@ -17,7 +17,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: vars.c,v 1.31 1997/10/26 01:03:58 brian Exp $
* $Id: vars.c,v 1.32 1997/10/29 01:19:51 brian Exp $
*
*/
#include <sys/param.h>
@ -40,7 +40,7 @@
#include "defs.h"
char VarVersion[] = "PPP Version 1.3";
char VarLocalVersion[] = "$Date: 1997/10/26 01:03:58 $";
char VarLocalVersion[] = "$Date: 1997/10/29 01:19:51 $";
int Utmp = 0;
int ipInOctets = 0;
int ipOutOctets = 0;
@ -172,21 +172,24 @@ LocalAuthCommand(struct cmdtab * list, int argc, char **argv)
else
pass = *argv;
switch (LocalAuthValidate(SECRETFILE, VarShortHost, pass)) {
case INVALID:
pppVars.lauth = LOCAL_NO_AUTH;
break;
case VALID:
pppVars.lauth = LOCAL_AUTH;
break;
case NOT_FOUND:
pppVars.lauth = LOCAL_AUTH;
LogPrintf(LogWARN, "WARNING: No Entry for this system\n");
break;
default:
pppVars.lauth = LOCAL_NO_AUTH;
LogPrintf(LogERROR, "LocalAuthCommand: Ooops?\n");
return 1;
}
if (VarHaveLocalAuthKey)
VarLocalAuth = strcmp(VarLocalAuthKey, pass) ? LOCAL_NO_AUTH : LOCAL_AUTH;
else
switch (LocalAuthValidate(SECRETFILE, VarShortHost, pass)) {
case INVALID:
VarLocalAuth = LOCAL_NO_AUTH;
break;
case VALID:
VarLocalAuth = LOCAL_AUTH;
break;
case NOT_FOUND:
VarLocalAuth = LOCAL_AUTH;
LogPrintf(LogWARN, "WARNING: No Entry for this system\n");
break;
default:
VarLocalAuth = LOCAL_NO_AUTH;
LogPrintf(LogERROR, "LocalAuthCommand: Ooops?\n");
return 1;
}
return 0;
}

6
usr.sbin/ppp/vars.h
View File

@ -15,7 +15,7 @@
* IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
* WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.
*
* $Id: vars.h,v 1.31 1997/10/26 01:03:59 brian Exp $
* $Id: vars.h,v 1.32 1997/11/09 14:18:55 brian Exp $
*
* TODO:
*/
@ -80,6 +80,8 @@ struct pppvars {
char login_script[SCRIPT_LEN]; /* Login script */
char auth_key[50]; /* PAP/CHAP key */
char auth_name[50]; /* PAP/CHAP system name */
char local_auth_key[50]; /* Local auth passwd */
int have_local_auth_key; /* Local auth passwd specified ? */
#ifdef HAVE_DES
int use_MSChap; /* Use MSCHAP encryption */
#endif
@ -110,6 +112,8 @@ struct pppvars {
#define VarRetryTimeout pppVars.retry_timeout
#define VarAuthKey pppVars.auth_key
#define VarAuthName pppVars.auth_name
#define VarLocalAuthKey pppVars.local_auth_key
#define VarHaveLocalAuthKey pppVars.have_local_auth_key
#ifdef HAVE_DES
#define VarMSChap pppVars.use_MSChap
#endif