Commit Graph

30 Commits

Author SHA1 Message Date
Brian Somers
ff8e577bc6 Add support for MS-CHAP authentication via a RADIUS server.
Add support for Reply-Message and MS-CHAP-Error.

Sponsored by:	Monzoon
2002-05-10 03:11:35 +00:00
Brian Somers
65309e5cda Convert IIJ copyrights to BSD copyrights.
Approved by: Toshiharu OHNO <tohno@sirius.ocn.ne.jp>
2001-06-13 21:52:19 +00:00
Peter Wemm
97d92980a9 $Id$ -> $FreeBSD$ 1999-08-28 01:35:59 +00:00
Brian Somers
479508cf28 Allow control over the number of ConfigREQ & TermREQ attempts
that are made in each of the FSMs (LCP, CCP & IPCP) and the
number of REQs/Challenges for PAP/CHAP by accepting more arguments
in the ``set {c,ip,l}cpretry'' and ``set {ch,p}apretry'' commands.

Change the non-convergence thresholds to 3 times the number of configured
REQ tries (rather than the previous fixed ``10'').  We now notice
repeated NAKs and REJs rather than just REQs.

Don't suggest that CHAP 0x05 isn't supported when it's not configured.

Fix some bugs that expose themselves with smaller numbers of retries:
o Handle instantaneous disconnects (set device /dev/null) correctly
  by stopping all fsm timers in fsm2initial.
o Don't forget to uu_unlock() devices that are files but are not
  ttys (set device /dev/zero).

Fix a *HORRENDOUS* bug in RFC1661 (already fixed for an Open event in state
``Closed''):
  According to the state transition table, a RCR+ or RCR- received in
  the ``Stopped'' state are supposed to InitRestartCounter, SendConfigReq
  and SendConfig{Ack,Nak}.  However, in ``Stopped'', we haven't yet
  done a TLS (or the last thing we did is a TLF).  We must therefore
  do the TLS at this point !

  This was never noticed before because LCP and CCP used not use
  LayerStart() for anything interesting, and IPCP tends to go into
  Stopped then get a Down because of an LCP RTR rather than getting a
  RCR again.
1999-02-26 21:28:14 +00:00
Brian Somers
5e31549897 Fully support both NT and LANMan CHAP type 0x80 as both
authenticator and authenticatee.
1999-02-18 00:52:15 +00:00
Brian Somers
f0cdd9c021 Decouple pap & chap output routines from the corresponding
input routines and take advantage of the new init/continue
interface in libradius.  This allows a timely response on
other links in an MP setup while RADIUS requests are in
progress as well as the ability to handle other data from
the peer in parallel.  It should also make the future addition
of PAM support trivial.

While I'm in there, validate pap & chap header IDs if
``idcheck'' is enabled (the default) for other FSM packet
types.

NOTE: This involved integrating the generation of chap
      challenges and the validation of chap responses
      (and commenting what's going on in those routines).
      I currently have no way of testing ppps ability
      to respond to M$Chap CHALLENGEs correctly, so if
      someone could do the honours, it'd be much
      appreciated (it *looks* ok!).

Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-02-06 02:54:47 +00:00
Brian Somers
aceaed9283 Reimplement the previous fix (no response to PAP requests)
at the authentication layer rather than at the PAP layer
so that it also applies to CHAP (no response to CHAP
challenges).
1999-02-02 09:35:17 +00:00
Brian Somers
8db502bbfd If we receive no answer from the server when sending PAP
requests, give up (don't sit there indefinitely).
1999-02-01 13:42:25 +00:00
Brian Somers
92b0955883 o Support callback types NONE, E.164, AUTH and CBCP.
(see the new ``set callback'' and ``set cbcp'' commands)
o Add a ``cbcp'' log level and mbuf type.
o Don't dump core when \T is given in ``set login'' or
  ``set hangup''.
o Allow ``*'' and blanks as placeholders in ppp.secret and
  allow a fifth field for specifying auth/cbcp dialback
  parameters.
o Remove a few extraneous #includes
o Define the default number of REQs (restart counter) in defs.h
  rather than hardcoding ``5'' all over the place.
o Fix a few man page inconsistencies.
1998-08-07 18:42:51 +00:00
Brian Somers
d91d286164 MFMP: Make ppp multilink capable.
See the file README.changes, and re-read the man page.
1998-05-21 21:49:08 +00:00
Brian Somers
dd7e261079 Cosmetic: Make our external function names consistent. 1998-05-01 19:26:12 +00:00
Brian Somers
643f49047e o Defer setting up pap/chap based IP numbers & labels until after
we've determined if we're going to join another ppp invocation.
o Make ``show link'' show all link details, and ``show links''
  just give a list of links and their current status.
o Show our current label in ``show bundle''.
o Allow link cloning and removal as soon as our MRRU is set.
o Make ``show lcp'' require context as nothing will ever change
  in our MP LCP (it's auto-configured as per rfc1990).
o Initialise our LQM owner in hdlc_Init().
o Store our endpoint discriminator and authentication name at both
  the datalink and multilink level and compare them when we've
  finished AUTHENTICATE phase and before entering NETWORK phase.
  If they don't match, close the link again.
  Display the information in the appropriate ``show'' command.
o Initialise datalink::phone and datalink::fsmp.object properly
  when we're cloning the link.
o Show which link we're passing LQRs on in our diagnostics.
o Reject endpoint discriminator REQs at the logical multilink
  level.
o Remove the rest of our CARRIER and LINK logging setup.
1998-04-24 19:16:15 +00:00
Brian Somers
2764b86afd o Move alias function pointers into loadalias.c
o Move Var*Version into command.c
o Remove struct pppVars (and there was much rejoicing) !
o Forward-decl some structs in .h files to avoid include
  ordering requirements and remove a few more redundant
  #includes.
1998-04-07 00:54:26 +00:00
Brian Somers
b6217683dc Deglobalise `struct prompt':
o Our diagnostic socket has its password set in the `set socket'
    line only (not in ppp.secret).
  o Passwords are per server socket (*VarAuthKey are gone)
  o Authority is per prompt (VarLocalAuth is gone).
  o Local logging is per prompt.
  o Add a `show who' command to see who's connected.  No identd
    routine - just a `where the connection came from' display.
  o SIGUSR1 is disabled for now - we have no way of choosing a
    password for the socket created :-(

Prompts are attached as a list of `struct descriptor's in
struct bundle, and serviced under the bundles descriptor
service routines.  Ultimately, everything should be done
like this.

Cosmetic:
  o alphabeticalise SRCS in Makefile.
  o Add a few comments in command.h

TODO: Start checking that we don't overflow the descriptor sets
      in select() now that we can have any number of descriptors.
1998-04-03 19:26:02 +00:00
Brian Somers
cd9647a100 o Move default MRU, MTU, ACCMAP and OPENMODE config values into
struct lcp and display them in `show lcp'.
o Remove `show mru' and `show mtu' and make the data part of
  `show lcp'.  Also merge `set m[tr]u' and `set openmode'
  implementations into the SetVariable function.
o `set timeout' only accepts the idle timer value as an argument.
o Move our lqr period into struct lcp, and create a `set lqrperiod'
  command.  Display it in `show lcp'.
o Remove VarRetryTimeout, and implement it at the LCP, PAP, CHAP,
  CCP and IPCP levels, creating individual `set XXXretry' commands
  for each.  They must be separate because they have different
  context requirements in multilink mode.
o Display default config values in `show ccp'.
o Tart the man page up a bit (wrt PPP/TCP, compression and LQR) and
  explain the new commands.
1998-04-03 19:24:07 +00:00
Brian Somers
e2ebb036fd Do authentication at the datalink level, not the bundle level.
The bundle doesn't get a LayerUp 'till we're authenticated.

Introduce DATALINK_LCP and DATALINK_AUTH phases.
1998-03-01 01:07:49 +00:00
Brian Somers
455aabc3f8 o Hook the FSMs into our bundle.
o The FSM layering is now more sane.
o Move a lot of the NCP stuff into our ipcpstate rather than having it
  in the bundle, including control of the configured IP addresses.  We
  don't need hacks like the global `linkup' variable any more as the
  FSM decides when our ppp.link* files get run.  This is going to eventually
  be configurable based on FSM events anyway.
o Fix a few inconsistencies when both sides require authentication.
o We now have "Ppp..." and "PPp" prompts, reflecting authentication
  and network phase.  We don't print loads of spurious prompts as we
  change phases any more.
o Our phase is part of the bundle now.
o Fix a bug where the FSM wasn't calling LayerFinish.
o Close the FSM down correctly with a signal rather than slamming it
  down as if the line was dropped (the undocumented ``down'' command
  is still available though).
o Remove the forgotten `tunno' variable and fix references to it.
1998-02-07 20:50:08 +00:00
Brian Somers
7a6f872047 Create `struct bundle' - the top level control structure.
This structure will eventually contain a list of NCPs (currently
only IPCP is supported) and a list of physical `struct link's.
It will also derive from a struct link itself.
Make ModemTimeout() static - it's way to dangerous to be called
from outside !
Bump version to 1.9.  Our first MP release should be 2.0.
1998-02-02 19:32:16 +00:00
Brian Somers
63b7346316 Create a new MP branch for `multilink protocol'.
Do lots of initial shuffling and grouping.
Submitted by: Eivind Eklund <perhaps@yes.no>
1998-01-29 00:49:32 +00:00
cvs2svn
1ae349f52c This commit was manufactured by cvs2svn to create branch 'MP'. 1998-01-29 00:44:16 +00:00
Brian Somers
b6e82f33ef Fix prototypes.
Remove extraneous decls.
Add ``const'' to several places.
Allow ``make NOALIAS=1'' to remove IP aliasing.
Merge with OpenBSD - only the Makefiles vary.

We can now survive a compile with
  -Wall -Wbad-function-cast -Wcast-align -Wcast-qual
  -Winline -Wmissing-declarations -Wmissing-prototypes
  -Wnested-externs -Wpointer-arith -Wredundant-decls
  -Wshadow -Wstrict-prototypes -Wwrite-strings -Wchar-subscripts
(although the Makefile just contains -Wall).
1997-11-22 03:37:54 +00:00
Brian Somers
75240ed178 Cosmetic (no functional changes):
o   Add missing $Id$s
o   Move extern decls from .c -> .h files
o   Staticize
o   Remove #includes from .h files
o   style(9)ify includes
o   bcopy -> memcpy
    bzero -> memset
    bcmp -> memcmp
    index -> strchr
    rindex -> strrchr
o   Move timeout.h -> timer.h (making it consistent w/ timer.c)
o   Add -Wmissing-prototypes
1997-10-26 01:04:02 +00:00
Brian Somers
683cef3c33 Install as group ``network''
Insist that uid == 0 for client ppp
Disallow client sockets if no password is specified
Don't exit on failure to open client socket for listening
Allow specification of null local password
Use reasonable size (smaller) ``vector''s in auth.c
Fix "passwd ..." usage message
Insist on "all" as arg to "quit" (if any)
Drop client socket connection before Cleanup() when "quit all"
1997-09-04 00:38:22 +00:00
Brian Somers
944f709824 Make the code format more in line with style(9).
Update loadalias to use the new libalias api.
Update to version 1.1.
1997-08-25 00:29:32 +00:00
Brian Somers
927145be97 Overhaul ppp:
o Use syslog
  o Remove references to stdout/stderr (incl perror())
  o Introduce VarTerm - the interactive terminal or zero
  o Allow "set timeout" to affect current session
  o Change "set debug" to "set log"
  o Allow "set log [+|-]flag"
  o Make MSEXT and PASSWDAUTH stuff the default
  o Move all #ifdef DEBUG stuff into the code - this
    shouldn't be too much overhead.  It's now controlled
    with "set log +debug"
  o Add "set log command, debug, tun, warn, error, alert"
  o Remove cdefs.h, and assume an ansi compiler.
  o Improve all diagnostic output
  o Don't trap SIGSEGV
  o SIGHUP now terminates again (log files are controlled
    by syslog)
  o Call CloseModem() when changing devices
  o Fix parsing of third arg of "delete"

I think this fixes the "magic is same" problems that some
people have been experiencing.
The man page is being rewritten.  It'll follow soon.
1997-06-09 03:27:43 +00:00
Peter Wemm
476602a9d0 Revert $FreeBSD$ to $Id$ 1997-02-22 16:15:28 +00:00
Jordan K. Hubbard
1130b656e5 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
Poul-Henning Kamp
ed6a16c181 Final cleanup for now. -Wall is now silent. A couple of bogons found. 1996-01-11 17:48:59 +00:00
Rodney W. Grimes
709e8f9ae1 Remove trailing whitespace. 1995-05-30 03:57:47 +00:00
Atsushi Murai
b808c7565b Compile error occured by missing auth.h/cdefs.h
Reviewed by:	amurai@spec.co.jp
1995-02-27 03:18:28 +00:00