Commit Graph

833 Commits

Author SHA1 Message Date
Brian Somers
c11e57a340 Extend the ``set redial'' command to allow incremental
redial timeouts.
1999-03-04 17:42:15 +00:00
Brian Somers
bc76350ef9 Correct some ntohl/htonl bogons in the netmask handling.
This was pretty harmless as netmasks on a POINTOPOINT
interface are pretty much ignored, but it looked funny.

Mention the configured netmask in ``show ipcp''.

Describe in more detail what a proxy arp entry is.
1999-03-03 23:00:41 +00:00
Brian Somers
536d5b3331 When negotiating ACCMAPs, sync our ACCMAP with the
peers by ORing the two together and NAKing or REQing
the result rather than allowing seperate local/peer
values.
If the peer REJs our ACCMAP and our ACCMAP isn't 0,
warn about it and ignore the rejection.
1999-03-01 13:46:45 +00:00
Brian Somers
8a8d99276f Comment why we do a TLF when we get a ``Down'' event in state
``closing''.

Pointed out by: archie

Don't do a TLF when we get a ``Catastrphic Protocol Reject'' event
in state ``closed'' or ``stopped''.

Pointed out but not suggested by: archie

This makes no difference in the current implementation as
LcpLayerFinish() does nothing but log the event, but I disagree
in principle because it unbalances the TLF/TLS calls which
(IMHO) doesn't fit with the intentions of the RFC.

Maybe the RFC author had a reason for this.  It can only happen
in two circumstances:

- if LCP has already been negotiated then stopped or closed and we
  receive a protocol reject, then we must already have done a TLF.
  Why do one again and stay in the same state ?

- if LCP hasn't yet been started and we receive an unsolicted
  protocol reject, why should we TLF when we haven't done a TLS ?
1999-03-01 02:52:39 +00:00
Brian Somers
ec5e7f36dc Bring up auto links despite there being no data queued if
we're already in network phase and our autoload values
are set with no minimum threshold (the default).

Tell the autoload timer that it's ``coming up'' *before*
calling AutoLoadTimeout() directly... not after.  This
prevents the very first demand-dial connection from
immediately disconnecting when there are other auto links.

Problem diagnosis:  Ted Mittelstaedt <tedm@toybox.placo.com>
1999-03-01 00:43:48 +00:00
Brian Somers
479508cf28 Allow control over the number of ConfigREQ & TermREQ attempts
that are made in each of the FSMs (LCP, CCP & IPCP) and the
number of REQs/Challenges for PAP/CHAP by accepting more arguments
in the ``set {c,ip,l}cpretry'' and ``set {ch,p}apretry'' commands.

Change the non-convergence thresholds to 3 times the number of configured
REQ tries (rather than the previous fixed ``10'').  We now notice
repeated NAKs and REJs rather than just REQs.

Don't suggest that CHAP 0x05 isn't supported when it's not configured.

Fix some bugs that expose themselves with smaller numbers of retries:
o Handle instantaneous disconnects (set device /dev/null) correctly
  by stopping all fsm timers in fsm2initial.
o Don't forget to uu_unlock() devices that are files but are not
  ttys (set device /dev/zero).

Fix a *HORRENDOUS* bug in RFC1661 (already fixed for an Open event in state
``Closed''):
  According to the state transition table, a RCR+ or RCR- received in
  the ``Stopped'' state are supposed to InitRestartCounter, SendConfigReq
  and SendConfig{Ack,Nak}.  However, in ``Stopped'', we haven't yet
  done a TLS (or the last thing we did is a TLF).  We must therefore
  do the TLS at this point !

  This was never noticed before because LCP and CCP used not use
  LayerStart() for anything interesting, and IPCP tends to go into
  Stopped then get a Down because of an LCP RTR rather than getting a
  RCR again.
1999-02-26 21:28:14 +00:00
Brian Somers
26baedc5e4 Parse IP addresses more securely - specifically, don't allow
a bum name to return as 0.0.0.0... we don't want ``delete xxx''
to delete the default route when xxx doesn't resolve.

Support IP number specifications as the host when specifying
a tcp-style device (rather than *just* hostnames).
1999-02-25 20:05:55 +00:00
Brian Somers
b5c347a37a When our dial timeout is ``random'', display its value
correctly by invoking the timer to get the value before
displaying the message.
Don't assume that a value of 0 is ``random'' in
``show datalink''.
Make the random value between 1 and DIAL_TIMEOUT rather
than between 0 and DIAL_TIMEOUT-1
1999-02-25 12:00:04 +00:00
Brian Somers
f4007327ae Don't immediately bring auto links back up in multilink
mode (when there is more than one auto link) if there is
no data queued to go out.
Reviewed by: Tom Torrance <tom@tomqnx.com>
1999-02-25 11:59:36 +00:00
Brian Somers
b7ff18add2 Handle empty PAP & CHAP packets (containing only an FSM header).
Some CHAP implementations send no welcome message with their
SUCCESS/FAILURE packets.  This was being mis-identified as
a truncated packet by the new authentication code :-(
1999-02-20 01:12:45 +00:00
Brian Somers
b31a24cad8 Be a little more verbose about dodgy looking authentication
packets before dropping them in the bit-bucket.
1999-02-19 10:48:42 +00:00
Brian Somers
f522bee006 Build correctly when -DNOCRYPT is used. 1999-02-18 19:45:06 +00:00
Brian Somers
4043c04fa5 Don't expect a chap response if we haven't negotiated
chap 0x80.
1999-02-18 19:11:46 +00:00
Brian Somers
5e31549897 Fully support both NT and LANMan CHAP type 0x80 as both
authenticator and authenticatee.
1999-02-18 00:52:15 +00:00
Brian Somers
64cfdfc6fb Nuke any remaining auth timers when datalinks come back down
to DATALINK_LCP.
1999-02-17 02:11:28 +00:00
Brian Somers
6b4286e0f5 Wait by default for one second after the login script
is complete before checking carrier.  If it's there,
the device supports carrier.  If it's not it doesn't.

Add the ``set cd'' command for deciding how soon to check
for carrier, and for deciding if carrier is REQUIRED.

The default has changed:  Pre 2.0 versions of ppp waited
for 1 second.  Version 2 didn't wait, but this causes
problems with some (few?) modems that don't assert carrier
immediately on reporting CONNECT.  The one second delay
is back now and can be removed with ``set cd 0''.

Bump the ppp version number in case this needs to be changed
again....
1999-02-16 00:16:56 +00:00
Brian Somers
9576e3690f Describe manual dialing in greater detail.
Mention more rfc numbers.
Don't ``.Nm Ppp'' (just use ``.Nm'').
1999-02-14 12:16:41 +00:00
Brian Somers
a8103305cb When executing a command as part of a dial/login/hangup
script, expand words in the same way as !bg does.
1999-02-12 00:52:30 +00:00
Brian Somers
00b001185c /etc/ppp/ppp.*.sample -> /usr/share/examples/ppp/ppp.*.sample 1999-02-11 16:34:15 +00:00
Brian Somers
58330d7bfa When resending chap challenges, resend the same challenge
each time rather than making up a new one.

Increase the authname/authkey max sizes to 100 characters.

Allow ``authkey'' specifications beginning with ``!''.
When a challenge is received, the text following the
``!'' is executed as a program (expanding stuff in the same
way that ``sh'' and ``!bg'' do).  The program is passed the
peer name, peer challenge and local ``authname'' on standard
input and is expected to output the name/key combination that
should be used to build the CHAP response.

This provides support for Secure ID cards (guess what I was
given at work recently!) using CHAP.

Examples will follow.
1999-02-11 10:14:08 +00:00
Brian Somers
10c76ef5a2 Correct server-side chap authentication comparison
(broken with last commit).
1999-02-07 13:56:29 +00:00
Brian Somers
35f456775d Remove forgotten diagnostics 1999-02-07 13:48:38 +00:00
Brian Somers
f0cdd9c021 Decouple pap & chap output routines from the corresponding
input routines and take advantage of the new init/continue
interface in libradius.  This allows a timely response on
other links in an MP setup while RADIUS requests are in
progress as well as the ability to handle other data from
the peer in parallel.  It should also make the future addition
of PAM support trivial.

While I'm in there, validate pap & chap header IDs if
``idcheck'' is enabled (the default) for other FSM packet
types.

NOTE: This involved integrating the generation of chap
      challenges and the validation of chap responses
      (and commenting what's going on in those routines).
      I currently have no way of testing ppps ability
      to respond to M$Chap CHALLENGEs correctly, so if
      someone could do the honours, it'd be much
      appreciated (it *looks* ok!).

Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-02-06 02:54:47 +00:00
Brian Somers
7686a20048 Encode & Decode the PROTOCOMP fields correctly.
When NAKing the peer, get as close as we can to what
he REQd.
When the peer NAKs us, get as close as we can to what
they NAKd with on our next REQ.
1999-02-02 20:27:12 +00:00
Brian Somers
ed0e926999 Don't allow root to specify non-existent labels on
the command line.
Revise the error diagnostics so that invalid labels
are reported immediately.
1999-02-02 09:35:30 +00:00
Brian Somers
aceaed9283 Reimplement the previous fix (no response to PAP requests)
at the authentication layer rather than at the PAP layer
so that it also applies to CHAP (no response to CHAP
challenges).
1999-02-02 09:35:17 +00:00
Brian Somers
8db502bbfd If we receive no answer from the server when sending PAP
requests, give up (don't sit there indefinitely).
1999-02-01 13:42:25 +00:00
Brian Somers
82d6780c9e o Send a CHAP challenge of 16 random digits when RADIUS is
configured.  This isn't strictly necessary according to the
  rfc, but it's suggested there....
o Don't forget to include our authname when sending a
  CHAP challenge when RADIUS is configured.
o Don't supply the ``16'' representing the chap answer
  length to radius_Authenticate() - libradius does this
  for us.
o When we successfully authenticate via radius_Authenticate(),
  continue with datalink_AuthOk() as expected.

Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-01-29 22:46:31 +00:00
Bill Fumerola
65aaeb15d5 Reflect syslog(8)'s acceptance of either tabs or spaces.
PR:		docs/9660
Submitted by:	Kris Kennaway <kkennawa@physics.adelaide.edu.au>
1999-01-28 22:55:08 +00:00
Brian Somers
0b67236810 MAINTAINER=brian@FreeBSD.org 1999-01-28 15:16:38 +00:00
Brian Somers
4026c3661c Version 2.0 > 2.1 to reflection RADIUS additions. 1999-01-28 09:40:15 +00:00
Brian Somers
972a1bcf5d Initial RADIUS support (using libradius). See the man page for
details.  Compiling with -DNORADIUS (the default for `release')
removes support.

TODO: The functionality in libradius::rad_send_request() needs
      to be supplied as a set of routines so that ppp doesn't
      have to wait indefinitely for the radius server(s).  Instead,
      we need to get a descriptor back, select() on the descriptor,
      and ask libradius to service it when necessary.
      For now, ppp blocks SIGALRM while in rad_send_request(), so
      it misses PAP/CHAP retries & timeouts if they occur.

      Only PAP is functional.  When CHAP is attempted, libradius
      complains that no User-Password has been specified... rfc2138
      says that it *mustn't* be used for CHAP :-(

Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-01-28 01:56:34 +00:00
Brian Somers
756783fc20 Don't SEGV when ``set proctitle'' is used in the default
section.
Submitted by:	Dan Lukes <dan@obluda.cz>
PR:		9669
1999-01-25 10:19:03 +00:00
Brian Somers
b51a60cc47 Recurse when we've switched state via LoginDone(). If we've
got an open link, we want it to be select()d on - otherwise
we get a freeze when ``openmode'' is passive.
1999-01-20 18:06:52 +00:00
Brian Somers
d9949a3acf Change the maximum number of filters from 20 to 40.
Increase requested by: "Clement T. Cole" <clemc@echo.ccc.com>
1999-01-19 22:16:02 +00:00
Brian Somers
3d091023a7 Suggest that ``set proctitle'' is used in ppp.linkup when
USER is expected to be expanded.
1999-01-19 22:15:41 +00:00
Brian Somers
8e1fea3105 Send the peer-decided PSTN address with the CBCP Ack,
otherwise windows clients will keep resending the
response :-/
It'd be nice if M$ would document this sort of thing !
Problem reported by: Andrzej Tobola <san@tmp.iem.pw.edu.pl>
1999-01-19 22:15:25 +00:00
Brian Somers
5165af6fa8 If we've configured CBCP *and* another not-so-important
CALLBACK protocol and end up agreeing CBCP, DTRT and go
into CBCP phase rather than mistakenly terminating as
if CBCP wasn't agreed.
Problem reported by: Alexander Dubinin <alex@nstl.nnov.ru>
1999-01-12 21:50:20 +00:00
Brian Somers
29ee67822b Correct some formatting errors (one is a groff bug)
Noted & partially submitted by: Peter Jeremy <peter.jeremy@auss2.alcatel.com.au>
PR:				9432
1999-01-11 15:05:39 +00:00
SADA Kenji
d78afcd462 Typo: /etc/ppp/ppp.conf.example -> ppp.conf.sample
Submitted by:	Sugiura Shiro <ssugiura@duo.co.jp>
1999-01-10 17:23:10 +00:00
Brian Somers
c0cdeb7c06 Only call isatty() when we open our descriptor, and remember
the answer.

If we later get a descriptor exception from select(), we know
that it's a tty (isatty() returns 0 after the exception on a
tty) and remember to call modem_LogicalClose().

The upshot of it all is that descriptor exceptions dont leave
the tty locked any more.
1999-01-10 01:26:30 +00:00
Brian Somers
47dd77c14d Don't use the next phone number after the ``|'' if the
dial & login are successful.
Submitted by:   Toshiomi Moriki <Toshiomi.Moriki@ma1.seikyou.ne.jp>
PR:             9382
1999-01-08 09:04:58 +00:00
Brian Somers
c935f085d0 Typo: The idle timer is ignored in -ddial and -dedicated
mode, not in -ddial and -direct.
Pointed out by: Chris Timmons <skynyrd@opus.cts.cwu.edu>
1999-01-06 00:08:15 +00:00
Brian Somers
0aa8aa17dd Don't warn when ``add xxxx HISADDR'' fails because HISADDR
is 0.0.0.0.  This isn't a problem as the sticky route is still
added.
Suggested by: Chris Timmons <skynyrd@opus.cts.cwu.edu>
1999-01-06 00:08:03 +00:00
Brian Somers
2ff64793ad Don't return stack-based data. This may have caused
server-side CHAP authentication problems in the past :-/
1998-12-17 00:28:12 +00:00
Brian Somers
8b09cf1cc7 Fix a rather bad latency problem (uncovered by the recent timer commit).
Problem reported by: Christopher Hall <hsw@acm.org>
1998-12-15 19:12:24 +00:00
Brian Somers
7e778f13d9 Rather than interrupting 10 times per second then checking
to see if there's anything to do, schedule the next alarm
based on the next required timeout.
This decreases the load when there are lots of relatively
idle ppp processes.

While I'm in there, handle the possibility that a timeout
makes the timer element go out of scope by grabbing the
enext pointer before executing the timer function.
1998-12-14 19:24:30 +00:00
Brian Somers
87766c5694 Allow a variable as the first arg to ``set proctitle''. 1998-12-14 01:15:34 +00:00
Brian Somers
80b2397ccf Mention the cosmetic necessity to ``iface clear'' in ppp.linkdown. 1998-12-14 01:15:14 +00:00
Brian Somers
f1e8dfb20c Boy, this was tricky to find:
Remove any dial timer that might be hanging around at
  datalink_Destroy() time.  This timer may be left running
  after the link is closed (making sure it's not automatically
  opened again too soon).
1998-12-10 18:36:53 +00:00