Mschapv2 response generation may produce embedded NULs... causing
us to send a bogus response to the radius server and end up
failing the client's valid response.
Problem pointed out by: Eugene Vigovskiy <vigov@com2com.ru>
length field rather than the one byte message length field embedded
in the packet. This steps slightly outside of the protocol boundaries,
but should not cause any problems.
Limitation noted by: Simon Winwood <simon@winwood.org>
(LCP/CCP/IPCP), one for urgent IP traffic and one for
everything else.
o Add the ``set urgent'' command for adjusting the list of
urgent port numbers. The default urgent ports are 21, 22,
23, 513, 514, 543 and 544 (Ports 80 and 81 have been
removed from the default priority list).
o Increase the buffered packet threshold from 20 to 30.
o Report the number of packets in the IP output queue and the
list of urgent ports under ``show ipcp''.
0.81.1 of the i4b code - namely support of the I4B_VR_REQ
ioctl via the i4brbchX device.
Ppp controls the phone number, but idle timers and
SYNC/RAW decisions are still made by isdnd (in isdnd.rc).
This involves a new datalink state machine phase. The
``wait for carrier'' phase happens after dialing but
before logging in. The whole dial state should really
be abstracted so that each device type can deal with it
in its own way (thinking about PPPoE) - but that'll have
to wait.
The ``set cd'' symantics remain the same for tty devices,
but we now delay until we either get CD or timeout waiting
(at which time we drop the link if we require CD).
For i4b devices we always insist on carrier.
Thanks to hm@ for his help, and especially for pointing out
that I *don't* need to re-implement isdnd (that was a huge
waste of time !) :-]
o Show more information about missing MP fragments in ``show mp''.
o Do away with mbuf_Log(). It was showing mbuf stats twice on
receipt of LCP/CCP/IPCP packets.... ???!!?
o Pre-allocate a bit extra when creating LQR packets to avoid having
to allocate another mbuf in mbuf_Prepend().
the layering.
We now ``stack'' layers as soon as we open the device (when we figure
out what we're dealing with). A static set of `dispatch' routines are
also declared for dealing with incoming packets after they've been
`pulled' up through the stacked layers.
Physical devices are now assigned handlers based on the device type
when they're opened. For the moment there are three device types;
ttys, execs and tcps.
o Increment version number to 2.2
o Make an entry in [uw]tmp for non-tty -direct invocations (after
pap/chap authentication).
o Make throughput counters quad_t's
o Account for the absolute number of mbuf malloc()s and free()s in
``show mem''.
o ``show modem'' becomes ``show physical''.
Some CHAP implementations send no welcome message with their
SUCCESS/FAILURE packets. This was being mis-identified as
a truncated packet by the new authentication code :-(
input routines and take advantage of the new init/continue
interface in libradius. This allows a timely response on
other links in an MP setup while RADIUS requests are in
progress as well as the ability to handle other data from
the peer in parallel. It should also make the future addition
of PAM support trivial.
While I'm in there, validate pap & chap header IDs if
``idcheck'' is enabled (the default) for other FSM packet
types.
NOTE: This involved integrating the generation of chap
challenges and the validation of chap responses
(and commenting what's going on in those routines).
I currently have no way of testing ppps ability
to respond to M$Chap CHALLENGEs correctly, so if
someone could do the honours, it'd be much
appreciated (it *looks* ok!).
Sponsored by: Internet Business Solutions Ltd., Switzerland
details. Compiling with -DNORADIUS (the default for `release')
removes support.
TODO: The functionality in libradius::rad_send_request() needs
to be supplied as a set of routines so that ppp doesn't
have to wait indefinitely for the radius server(s). Instead,
we need to get a descriptor back, select() on the descriptor,
and ask libradius to service it when necessary.
For now, ppp blocks SIGALRM while in rad_send_request(), so
it misses PAP/CHAP retries & timeouts if they occur.
Only PAP is functional. When CHAP is attempted, libradius
complains that no User-Password has been specified... rfc2138
says that it *mustn't* be used for CHAP :-(
Sponsored by: Internet Business Solutions Ltd., Switzerland
(see the new ``set callback'' and ``set cbcp'' commands)
o Add a ``cbcp'' log level and mbuf type.
o Don't dump core when \T is given in ``set login'' or
``set hangup''.
o Allow ``*'' and blanks as placeholders in ppp.secret and
allow a fifth field for specifying auth/cbcp dialback
parameters.
o Remove a few extraneous #includes
o Define the default number of REQs (restart counter) in defs.h
rather than hardcoding ``5'' all over the place.
o Fix a few man page inconsistencies.
diagnostics (which are on by default).
o Deal correctly with both sides wanting CHAP.
o Output a warning if we're using an empty ``authname''. This is
*not* what we want to do.
o Allow ``set ....'' when we have multiple links but aren't in
multilink mode.
o Do a TLS when we receive a ``Open'' event in ``Closed'' state,
despite the rfc state transition table. This is clearly an
error in the RFC as TLS cannot have yet been called (without
TLF) in the ``Closed'' state.
I've posted a message to comp.protocols.ppp for confirmation.
o Create struct mpserver as part of struct mp.
mpserver creates a unix-domain socket based on the
peers auth name and endpoint discriminator. If it
already exists, ppp will ``pass the link'' over to
the owner of the socket, joining it into the bundle
of another ppp invocation, otherwise ppp waits for
other invocations to pass it links through this
socket.
The final piece of code will be the code that flattens
our datalink info and passes it down this channel
(not yet implemented).
we've determined if we're going to join another ppp invocation.
o Make ``show link'' show all link details, and ``show links''
just give a list of links and their current status.
o Show our current label in ``show bundle''.
o Allow link cloning and removal as soon as our MRRU is set.
o Make ``show lcp'' require context as nothing will ever change
in our MP LCP (it's auto-configured as per rfc1990).
o Initialise our LQM owner in hdlc_Init().
o Store our endpoint discriminator and authentication name at both
the datalink and multilink level and compare them when we've
finished AUTHENTICATE phase and before entering NETWORK phase.
If they don't match, close the link again.
Display the information in the appropriate ``show'' command.
o Initialise datalink::phone and datalink::fsmp.object properly
when we're cloning the link.
o Show which link we're passing LQRs on in our diagnostics.
o Reject endpoint discriminator REQs at the logical multilink
level.
o Remove the rest of our CARRIER and LINK logging setup.
bundle (non-negotiated vars) or to their respective IPCP,
LCP or CCP.
o Enable rolling throughput statistics by default.
o Remove the `display' command. These values now appear in
`show bundle', `show ipcp', `show ccp' and `show lcp'.
o Initialise auth name & key at bundle create time (oops).
o Rename pppd-deflate (the id-24 hack) to deflate24.
o Don't send both a REJ and a NAK to an IPCP or LCP REQ.
Favour the REJ (already done at the CCP level).
o Recurse in datalink_UpdateSet() when we change state, otherwise
we end up setting no descriptors and getting jammed in the
imminent select() instead of doing the dial/login/hangup.
o Display our CHAP encryption method despite being built with DES.
o Display VJ as not negotiated in ``show ipcp'' when necessary.
o Move Var*Version into command.c
o Remove struct pppVars (and there was much rejoicing) !
o Forward-decl some structs in .h files to avoid include
ordering requirements and remove a few more redundant
#includes.
option. We never ask a client for MSChap when we've got
chap `enabled', and we dynamically answer using MSChap
if the peer demands it.
o Remove all of the bundle2*() series of functions except
bundle2datalink() as they're too expensive. The only
calls to bundle2datalink() are made from command.c when
determining context.
o Write to the correct modem in term mode, and check the
return value, dropping back to command mode if the write
fails.
Cosmetic:
Make the PPP COMMAND LIST section of the man page
prettier, better and more consistent. Alphabeticalise
all command lists and document missing commands.
o Remove bundle2lcp(), bundle2ccp() and bundle2link().
They're too resource-hungry and we have `owner pointers'
to do their job.
o Make our FSM understand LCPs that are always ST_OPENED
(with a minimum code that != 1).
o Send FSM code rejects for invalid codes.
o Make our bundle fsm_parent deal with multiple links.
o Make timer diagnostics pretty and allow access via ~t
in `term' mode (not just when logging debug) and
`show timers'. Only show timers every second in debug
mode, otherwise we get too many diagnostics to be useful
(we probably still do). Also, don't restrict ~m in term
mode to depend on debug logging.
o Rationalise our bundles' phases.
o Create struct mp (multilink protocol). This is both an
NCP and a type of struct link. It feeds off other NCPs
for output, passing fragmented packets into the queues
of available datalinks. It also gets PROTO_MP input,
reassembles the fragments into ppp frames, and passes
them back to the HDLC layer that the fragments were passed
from.
** It's not yet possible to enter multilink mode :-( **
o Add `set weight' (requires context) for deciding on a links
weighting in multilink mode. Weighting is simplistic (and
probably badly implemented) for now.
o Remove the function pointers in struct link. They ended up
only applying to physical links.
o Configure our tun device with an MTU equal to the MRU from
struct mp's LCP and a speed equal to the sum of our link
speeds.
o `show {lcp,ccp,proto}' and `set deflate' now have optional
context and use ChooseLink() to decide on which `struct link'
to use. This allows behaviour as before when in non-multilink
mode, and allows access to the MP logical link in multilink
mode.
o Ignore reconnect and redial values when in -direct mode and
when cleaning up. Always redial when in -ddial or -dedicated
mode (unless cleaning up).
o Tell our links to `staydown' when we close them due to a signal.
o Remove remaining `#ifdef SIGALRM's (ppp doesn't function without
alarms).
o Don't bother strdup()ing our physical link name.
o Various other cosmetic changes.
Increment OutPackets for any packet - not just LQRs
MFC:
o Fix a few comment typos.
o Fix ``set timeout'' usage message and documentation.
o Change ifOutPackets, ifOutOctets and ifOutLQRs to `u_int32_t's
so that they wrap correctly.
o Put the LQR in network byte order using the correct struct size
(sizeof u_int32_t, not sizeof u_long).
o Wrap LQR ECHO counters correctly.
o Don't increment OutLQR count if the last LQR hasn't been replied
to.
o Initialise last received LQR in StartLqm.
o Don't start the LQR timer if we're `disabled' and `accepted'.
o Generate LQR responses when both sides are using a timer and
we're not going to send our next LQR before the peers max timeout.
getpwnam() lookup).
o Don't use chat_ExpandString on the password field in ppp.secret.
It's still possible to quote the string for embedded spaces.
o Don't allow multiple entries with the same name in ppp.secret.
This is a type of physical link that can chat and talk
LCP & CCP. A bundle contains a list of these (only one
in the list for the moment).
The datalink is a type of descriptor, and dials, enters
LCP (& does CCP), kicks the bundle when its FSMs do
something interesting and does the hangup chat script
on the way down. It also handles redials and reconnects.
There are lots of loose ends, and probably lots of bugs,
but the data structures are getting there !
This will ultimately be a member of a list of descriptors and
their handler functions on which we need to select() in the
main loop.
o Make struct physical into a `sort' of struct descriptor.
o The FSM layering is now more sane.
o Move a lot of the NCP stuff into our ipcpstate rather than having it
in the bundle, including control of the configured IP addresses. We
don't need hacks like the global `linkup' variable any more as the
FSM decides when our ppp.link* files get run. This is going to eventually
be configurable based on FSM events anyway.
o Fix a few inconsistencies when both sides require authentication.
o We now have "Ppp..." and "PPp" prompts, reflecting authentication
and network phase. We don't print loads of spurious prompts as we
change phases any more.
o Our phase is part of the bundle now.
o Fix a bug where the FSM wasn't calling LayerFinish.
o Close the FSM down correctly with a signal rather than slamming it
down as if the line was dropped (the undocumented ``down'' command
is still available though).
o Remove the forgotten `tunno' variable and fix references to it.
This structure contains the asynchronous state of the physical
link.
Unfortunately, just about every .h file is included in every .c
file now. Fixing this can be one of the last jobs.
This structure will eventually contain a list of NCPs (currently
only IPCP is supported) and a list of physical `struct link's.
It will also derive from a struct link itself.
Make ModemTimeout() static - it's way to dangerous to be called
from outside !
Bump version to 1.9. Our first MP release should be 2.0.
IPCP, CCP and LCP are now just derived FSMs.
Comment each of the FSM implementations so that we can
tell what's going on.
Revise the state transitions so that CCP and IPCP actually
send terminate REQs when appropriate.
The OS & IPCP layers are still like spagetti (next job).
