each time rather than making up a new one.
Increase the authname/authkey max sizes to 100 characters.
Allow ``authkey'' specifications beginning with ``!''.
When a challenge is received, the text following the
``!'' is executed as a program (expanding stuff in the same
way that ``sh'' and ``!bg'' do). The program is passed the
peer name, peer challenge and local ``authname'' on standard
input and is expected to output the name/key combination that
should be used to build the CHAP response.
This provides support for Secure ID cards (guess what I was
given at work recently!) using CHAP.
Examples will follow.
log debug'' without filling our filesystem/screen with
junk that we don't really want to see.
o change PHYS_STDIN to PHYS_DIRECT - we can handle incoming
connections that aren't on STDIN_FILENO now.
o Allow return values from our FSM LayerUp functions. If
LayerUp() fails, the FSM does an immediate FsmDown() without
calling the fsm_parent's Layer{Up,Down} functions.
o Clear the close-on-exec flag of file descriptor 3 when executing
chat programs so that our documented ability to communicate with
/dev/tty via that descriptor works. Also document it as
descriptor 3, not 4 :-O
o Allow a ``rm'' command as an alias for ``remove''.
o Fix the bind()/connect()/accept() calls made by the MP server.
o Create bundle_SendDatalink() and bundle_ReceiveDatalink().
This allows `struct datalink's to flatten themselves, pass
through a pipe (read: the eye of a needle !) and come alive
at the other end. The donator then fork()s & exec()s pppmpipe,
``passing'' the connection to another ppp instance.
*** PPP NOW TALKS MULTILINK :-))) ***
Our link utilization is hideous, and lots of code needs
tidying still. It's also probably riddled with bugs !
It's been tested against itself only, and has hung once,
so confidence isn't high....
bundle (non-negotiated vars) or to their respective IPCP,
LCP or CCP.
o Enable rolling throughput statistics by default.
o Remove the `display' command. These values now appear in
`show bundle', `show ipcp', `show ccp' and `show lcp'.
o Initialise auth name & key at bundle create time (oops).
o Rename pppd-deflate (the id-24 hack) to deflate24.
o Don't send both a REJ and a NAK to an IPCP or LCP REQ.
Favour the REJ (already done at the CCP level).
o Recurse in datalink_UpdateSet() when we change state, otherwise
we end up setting no descriptors and getting jammed in the
imminent select() instead of doing the dial/login/hangup.
o Display our CHAP encryption method despite being built with DES.
o Display VJ as not negotiated in ``show ipcp'' when necessary.
o Move Var*Version into command.c
o Remove struct pppVars (and there was much rejoicing) !
o Forward-decl some structs in .h files to avoid include
ordering requirements and remove a few more redundant
#includes.
o Our diagnostic socket has its password set in the `set socket'
line only (not in ppp.secret).
o Passwords are per server socket (*VarAuthKey are gone)
o Authority is per prompt (VarLocalAuth is gone).
o Local logging is per prompt.
o Add a `show who' command to see who's connected. No identd
routine - just a `where the connection came from' display.
o SIGUSR1 is disabled for now - we have no way of choosing a
password for the socket created :-(
Prompts are attached as a list of `struct descriptor's in
struct bundle, and serviced under the bundles descriptor
service routines. Ultimately, everything should be done
like this.
Cosmetic:
o alphabeticalise SRCS in Makefile.
o Add a few comments in command.h
TODO: Start checking that we don't overflow the descriptor sets
in select() now that we can have any number of descriptors.
struct lcp and display them in `show lcp'.
o Remove `show mru' and `show mtu' and make the data part of
`show lcp'. Also merge `set m[tr]u' and `set openmode'
implementations into the SetVariable function.
o `set timeout' only accepts the idle timer value as an argument.
o Move our lqr period into struct lcp, and create a `set lqrperiod'
command. Display it in `show lcp'.
o Remove VarRetryTimeout, and implement it at the LCP, PAP, CHAP,
CCP and IPCP levels, creating individual `set XXXretry' commands
for each. They must be separate because they have different
context requirements in multilink mode.
o Display default config values in `show ccp'.
o Tart the man page up a bit (wrt PPP/TCP, compression and LQR) and
explain the new commands.
o Remove bundle2lcp(), bundle2ccp() and bundle2link().
They're too resource-hungry and we have `owner pointers'
to do their job.
o Make our FSM understand LCPs that are always ST_OPENED
(with a minimum code that != 1).
o Send FSM code rejects for invalid codes.
o Make our bundle fsm_parent deal with multiple links.
o Make timer diagnostics pretty and allow access via ~t
in `term' mode (not just when logging debug) and
`show timers'. Only show timers every second in debug
mode, otherwise we get too many diagnostics to be useful
(we probably still do). Also, don't restrict ~m in term
mode to depend on debug logging.
o Rationalise our bundles' phases.
o Create struct mp (multilink protocol). This is both an
NCP and a type of struct link. It feeds off other NCPs
for output, passing fragmented packets into the queues
of available datalinks. It also gets PROTO_MP input,
reassembles the fragments into ppp frames, and passes
them back to the HDLC layer that the fragments were passed
from.
** It's not yet possible to enter multilink mode :-( **
o Add `set weight' (requires context) for deciding on a links
weighting in multilink mode. Weighting is simplistic (and
probably badly implemented) for now.
o Remove the function pointers in struct link. They ended up
only applying to physical links.
o Configure our tun device with an MTU equal to the MRU from
struct mp's LCP and a speed equal to the sum of our link
speeds.
o `show {lcp,ccp,proto}' and `set deflate' now have optional
context and use ChooseLink() to decide on which `struct link'
to use. This allows behaviour as before when in non-multilink
mode, and allows access to the MP logical link in multilink
mode.
o Ignore reconnect and redial values when in -direct mode and
when cleaning up. Always redial when in -ddial or -dedicated
mode (unless cleaning up).
o Tell our links to `staydown' when we close them due to a signal.
o Remove remaining `#ifdef SIGALRM's (ppp doesn't function without
alarms).
o Don't bother strdup()ing our physical link name.
o Various other cosmetic changes.
o The FSM layering is now more sane.
o Move a lot of the NCP stuff into our ipcpstate rather than having it
in the bundle, including control of the configured IP addresses. We
don't need hacks like the global `linkup' variable any more as the
FSM decides when our ppp.link* files get run. This is going to eventually
be configurable based on FSM events anyway.
o Fix a few inconsistencies when both sides require authentication.
o We now have "Ppp..." and "PPp" prompts, reflecting authentication
and network phase. We don't print loads of spurious prompts as we
change phases any more.
o Our phase is part of the bundle now.
o Fix a bug where the FSM wasn't calling LayerFinish.
o Close the FSM down correctly with a signal rather than slamming it
down as if the line was dropped (the undocumented ``down'' command
is still available though).
o Remove the forgotten `tunno' variable and fix references to it.
This structure will eventually contain a list of NCPs (currently
only IPCP is supported) and a list of physical `struct link's.
It will also derive from a struct link itself.
Make ModemTimeout() static - it's way to dangerous to be called
from outside !
Bump version to 1.9. Our first MP release should be 2.0.
Remove extraneous decls.
Add ``const'' to several places.
Allow ``make NOALIAS=1'' to remove IP aliasing.
Merge with OpenBSD - only the Makefiles vary.
We can now survive a compile with
-Wall -Wbad-function-cast -Wcast-align -Wcast-qual
-Winline -Wmissing-declarations -Wmissing-prototypes
-Wnested-externs -Wpointer-arith -Wredundant-decls
-Wshadow -Wstrict-prototypes -Wwrite-strings -Wchar-subscripts
(although the Makefile just contains -Wall).
o Add "allow" command:
"allow users a b c" gives access to users a, b and c.
"allow modes auto" gives those users access to auto mode only.
"allow users *" and "allow modes *" are accepted.
No users and all modes are allowed by default.
UID 0 can do anything.
o Set the current label with the "load" and "dial" commands
so that the call to ppp.linkdown makes sense.
o Up the verison number.
o Don't OR MODE_AUTO for -background and -ddial.
o Don't OR MODE_INTER when we get a diagnostic connection.
o Allow up to 40 args per line (was 20).
o "set ifaddr" only changes the interface in AUTO mode (with other
modes, it happens after IPCP negotiation).
o Sort command descriptions in the man page.
o Support -dedicated mode where we just talk ppp forever (no login etc).
o Add missing $Id$s
o Move extern decls from .c -> .h files
o Staticize
o Remove #includes from .h files
o style(9)ify includes
o bcopy -> memcpy
bzero -> memset
bcmp -> memcmp
index -> strchr
rindex -> strrchr
o Move timeout.h -> timer.h (making it consistent w/ timer.c)
o Add -Wmissing-prototypes
file get created. We don't create lock files over non-tty
connections, but we *do* create lock files in -direct mode.
This leaves us capable of adding utmp/wtmp support for
successful pap & chap logins (coming soon).
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been
insane otherwise.
o Supporting SYNC SIO device (But need a device driver)
- add "set speed sync"
o Fixing bug for Predictor-1 function.
o Add new parameter that re-sent interval for set timeout commands.
o Improving RTT (Round Trip Time) and reducing processor time.
- Previous Timer service was using polling, and now using
SIGALRM ;-)
- A 0.94beta2 will not work correctly....
-- Follows are additinal feature not including 0.94beta2
o Support Proxy ARP
- add "enable/disable proxy" commands
o Marging common routine in CHAP/PAP.
o Enhancing LCP/IPCP log information.
o Support local Authfication connection on port 300x and tty.
- You can set up pair of your "hostname -s" and
password in ppp.secret. if either ppp.secret file nor
your hostname line don't exist, It will notify a message
and working as same as previous version.(Backword compatibility)
- If you did set up them, It's allow connection but nothing to do
except help and passwd command.
- add "passwd yourpasswd" commands
o Support afilter - keep Alive filter that a packet can send/receiving
according to ifilter/ofilter but doesn't count it as preventing idle
timer expires.
- Same syntax of other filters.
o Fixing bugs reported by current user for previous one. Thanks !!
Reviewed by: Atsushi Murai (amurai@spec.co.jp)
