84 Commits

Author SHA1 Message Date
Brian Somers
442f849547 o Split the two IPCP queues into three - one for FSM data
(LCP/CCP/IPCP), one for urgent IP traffic and one for
  everything else.
o Add the ``set urgent'' command for adjusting the list of
  urgent port numbers.  The default urgent ports are 21, 22,
  23, 513, 514, 543 and 544 (Ports 80 and 81 have been
  removed from the default priority list).
o Increase the buffered packet threshold from 20 to 30.
o Report the number of packets in the IP output queue and the
  list of urgent ports under ``show ipcp''.
1999-09-04 00:00:21 +00:00
Peter Wemm
97d92980a9 $Id$ -> $FreeBSD$ 1999-08-28 01:35:59 +00:00
Brian Somers
44e73c1254 Set the close-on-exec flag for all unused descriptors when
exec()ing other programs.
1999-08-17 14:59:05 +00:00
Brian Somers
55b04d88d5 Don't declare `end' if we aren't compiling radius support. 1999-07-15 02:02:51 +00:00
Brian Somers
8fb106c674 Use the correct pid when substituting PROCESSID.
Problem reported by: Amedeo Beck Peccoz <gea@gressoney.it>
1999-06-09 08:47:36 +00:00
Brian Somers
411675bae3 o Alter the mbuf type as it's processed by different layers.
o Show more information about missing MP fragments in ``show mp''.
o Do away with mbuf_Log().  It was showing mbuf stats twice on
  receipt of LCP/CCP/IPCP packets.... ???!!?
o Pre-allocate a bit extra when creating LQR packets to avoid having
  to allocate another mbuf in mbuf_Prepend().
1999-06-02 15:59:09 +00:00
Brian Somers
5d9e610366 o Redesign the layering mechanism and make the aliasing code part of
the layering.

  We now ``stack'' layers as soon as we open the device (when we figure
  out what we're dealing with).  A static set of `dispatch' routines are
  also declared for dealing with incoming packets after they've been
  `pulled' up through the stacked layers.

  Physical devices are now assigned handlers based on the device type
  when they're opened.  For the moment there are three device types;
  ttys, execs and tcps.

o Increment version number to 2.2
o Make an entry in [uw]tmp for non-tty -direct invocations (after
  pap/chap authentication).
o Make throughput counters quad_t's
o Account for the absolute number of mbuf malloc()s and free()s in
  ``show mem''.
o ``show modem'' becomes ``show physical''.
1999-05-08 11:07:56 +00:00
Brian Somers
a38cc90182 Split the recorded chap challenge into two - one for the
receiver and one for the sender.  This allows two simultaneous
chap conversations - something that I *thought* I was already
doing on a daily basis myself until the existence of the
problem was
Beaten into me by: sos
1999-04-21 08:03:51 +00:00
Brian Somers
29b873f38d Drop PAP & CHAP packets if we're not in NETWORK or AUTHENTICATE
phase.
1999-04-01 11:05:23 +00:00
Brian Somers
b7ff18add2 Handle empty PAP & CHAP packets (containing only an FSM header).
Some CHAP implementations send no welcome message with their
SUCCESS/FAILURE packets.  This was being mis-identified as
a truncated packet by the new authentication code :-(
1999-02-20 01:12:45 +00:00
Brian Somers
f522bee006 Build correctly when -DNOCRYPT is used. 1999-02-18 19:45:06 +00:00
Brian Somers
4043c04fa5 Don't expect a chap response if we haven't negotiated
chap 0x80.
1999-02-18 19:11:46 +00:00
Brian Somers
5e31549897 Fully support both NT and LANMan CHAP type 0x80 as both
authenticator and authenticatee.
1999-02-18 00:52:15 +00:00
Brian Somers
58330d7bfa When resending chap challenges, resend the same challenge
each time rather than making up a new one.

Increase the authname/authkey max sizes to 100 characters.

Allow ``authkey'' specifications beginning with ``!''.
When a challenge is received, the text following the
``!'' is executed as a program (expanding stuff in the same
way that ``sh'' and ``!bg'' do).  The program is passed the
peer name, peer challenge and local ``authname'' on standard
input and is expected to output the name/key combination that
should be used to build the CHAP response.

This provides support for Secure ID cards (guess what I was
given at work recently!) using CHAP.

Examples will follow.
1999-02-11 10:14:08 +00:00
Brian Somers
10c76ef5a2 Correct server-side chap authentication comparison
(broken with last commit).
1999-02-07 13:56:29 +00:00
Brian Somers
35f456775d Remove forgotten diagnostics 1999-02-07 13:48:38 +00:00
Brian Somers
f0cdd9c021 Decouple pap & chap output routines from the corresponding
input routines and take advantage of the new init/continue
interface in libradius.  This allows a timely response on
other links in an MP setup while RADIUS requests are in
progress as well as the ability to handle other data from
the peer in parallel.  It should also make the future addition
of PAM support trivial.

While I'm in there, validate pap & chap header IDs if
``idcheck'' is enabled (the default) for other FSM packet
types.

NOTE: This involved integrating the generation of chap
      challenges and the validation of chap responses
      (and commenting what's going on in those routines).
      I currently have no way of testing ppps ability
      to respond to M$Chap CHALLENGEs correctly, so if
      someone could do the honours, it'd be much
      appreciated (it *looks* ok!).

Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-02-06 02:54:47 +00:00
Brian Somers
82d6780c9e o Send a CHAP challenge of 16 random digits when RADIUS is
configured.  This isn't strictly necessary according to the
  rfc, but it's suggested there....
o Don't forget to include our authname when sending a
  CHAP challenge when RADIUS is configured.
o Don't supply the ``16'' representing the chap answer
  length to radius_Authenticate() - libradius does this
  for us.
o When we successfully authenticate via radius_Authenticate(),
  continue with datalink_AuthOk() as expected.

Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-01-29 22:46:31 +00:00
Brian Somers
972a1bcf5d Initial RADIUS support (using libradius). See the man page for
details.  Compiling with -DNORADIUS (the default for `release')
removes support.

TODO: The functionality in libradius::rad_send_request() needs
      to be supplied as a set of routines so that ppp doesn't
      have to wait indefinitely for the radius server(s).  Instead,
      we need to get a descriptor back, select() on the descriptor,
      and ask libradius to service it when necessary.
      For now, ppp blocks SIGALRM while in rad_send_request(), so
      it misses PAP/CHAP retries & timeouts if they occur.

      Only PAP is functional.  When CHAP is attempted, libradius
      complains that no User-Password has been specified... rfc2138
      says that it *mustn't* be used for CHAP :-(

Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-01-28 01:56:34 +00:00
Brian Somers
37d818fb21 Fix some OpenBSD/alpha warnings 1998-08-26 18:07:57 +00:00
Brian Somers
92b0955883 o Support callback types NONE, E.164, AUTH and CBCP.
(see the new ``set callback'' and ``set cbcp'' commands)
o Add a ``cbcp'' log level and mbuf type.
o Don't dump core when \T is given in ``set login'' or
  ``set hangup''.
o Allow ``*'' and blanks as placeholders in ppp.secret and
  allow a fifth field for specifying auth/cbcp dialback
  parameters.
o Remove a few extraneous #includes
o Define the default number of REQs (restart counter) in defs.h
  rather than hardcoding ``5'' all over the place.
o Fix a few man page inconsistencies.
1998-08-07 18:42:51 +00:00
Brian Somers
93280d730e o Tidy up PAP and CHAP diagnostics. They're now all logged as PHASE
diagnostics (which are on by default).
o Deal correctly with both sides wanting CHAP.
o Output a warning if we're using an empty ``authname''.  This is
  *not* what we want to do.
1998-07-28 21:54:30 +00:00
Brian Somers
3a2e4f621c o Fix remaining sizeof problems for 64 bit machines.
o Allow ``set ....'' when we have multiple links but aren't in
  multilink mode.
o Do a TLS when we receive a ``Open'' event in ``Closed'' state,
  despite the rfc state transition table.  This is clearly an
  error in the RFC as TLS cannot have yet been called (without
  TLF) in the ``Closed'' state.
  I've posted a message to comp.protocols.ppp for confirmation.
1998-06-27 23:48:54 +00:00
Brian Somers
10a9be1e88 Remove redundant includes 1998-06-27 14:18:15 +00:00
Brian Somers
dadabc45a7 o Add some missing #includes
o Calculate base device name correctly.
1998-05-21 22:55:08 +00:00
Brian Somers
d91d286164 MFMP: Make ppp multilink capable.
See the file README.changes, and re-read the man page.
1998-05-21 21:49:08 +00:00
Brian Somers
dd7e261079 Cosmetic: Make our external function names consistent. 1998-05-01 19:26:12 +00:00
Brian Somers
1fa665f5b3 o Add the link name to modem diagnostics.
o Create struct mpserver as part of struct mp.
  mpserver creates a unix-domain socket based on the
  peers auth name and endpoint discriminator.  If it
  already exists, ppp will ``pass the link'' over to
  the owner of the socket, joining it into the bundle
  of another ppp invocation, otherwise ppp waits for
  other invocations to pass it links through this
  socket.
  The final piece of code will be the code that flattens
  our datalink info and passes it down this channel
  (not yet implemented).
1998-04-28 01:25:46 +00:00
Brian Somers
643f49047e o Defer setting up pap/chap based IP numbers & labels until after
we've determined if we're going to join another ppp invocation.
o Make ``show link'' show all link details, and ``show links''
  just give a list of links and their current status.
o Show our current label in ``show bundle''.
o Allow link cloning and removal as soon as our MRRU is set.
o Make ``show lcp'' require context as nothing will ever change
  in our MP LCP (it's auto-configured as per rfc1990).
o Initialise our LQM owner in hdlc_Init().
o Store our endpoint discriminator and authentication name at both
  the datalink and multilink level and compare them when we've
  finished AUTHENTICATE phase and before entering NETWORK phase.
  If they don't match, close the link again.
  Display the information in the appropriate ``show'' command.
o Initialise datalink::phone and datalink::fsmp.object properly
  when we're cloning the link.
o Show which link we're passing LQRs on in our diagnostics.
o Reject endpoint discriminator REQs at the logical multilink
  level.
o Remove the rest of our CARRIER and LINK logging setup.
1998-04-24 19:16:15 +00:00
Brian Somers
1342caed9c o Move the accept/deny/disable/enable globals either to the
bundle (non-negotiated vars) or to their respective IPCP,
  LCP or CCP.
o Enable rolling throughput statistics by default.
o Remove the `display' command.  These values now appear in
  `show bundle', `show ipcp', `show ccp' and `show lcp'.
o Initialise auth name & key at bundle create time (oops).
o Rename pppd-deflate (the id-24 hack) to deflate24.
o Don't send both a REJ and a NAK to an IPCP or LCP REQ.
  Favour the REJ (already done at the CCP level).
o Recurse in datalink_UpdateSet() when we change state, otherwise
  we end up setting no descriptors and getting jammed in the
  imminent select() instead of doing the dial/login/hangup.
o Display our CHAP encryption method despite being built with DES.
o Display VJ as not negotiated in ``show ipcp'' when necessary.
1998-04-16 00:26:21 +00:00
Brian Somers
2764b86afd o Move alias function pointers into loadalias.c
o Move Var*Version into command.c
o Remove struct pppVars (and there was much rejoicing) !
o Forward-decl some structs in .h files to avoid include
  ordering requirements and remove a few more redundant
  #includes.
1998-04-07 00:54:26 +00:00
Brian Somers
d24f017be8 Remove unused includes. 1998-04-06 09:12:38 +00:00
Brian Somers
833882f740 o Move VarMSChap into struct chap, and remove `set encrypt'
option.  We never ask a client for MSChap when we've got
  chap `enabled', and we dynamically answer using MSChap
  if the peer demands it.
o Remove all of the bundle2*() series of functions except
  bundle2datalink() as they're too expensive.  The only
  calls to bundle2datalink() are made from command.c when
  determining context.
o Write to the correct modem in term mode, and check the
  return value, dropping back to command mode if the write
  fails.

Cosmetic:
  Make the PPP COMMAND LIST section of the man page
  prettier, better and more consistent.  Alphabeticalise
  all command lists and document missing commands.
1998-04-03 19:26:29 +00:00
Brian Somers
92f4ff1ccd Move authname and authkey into struct bundle and only allow
their alteration in PHASE_DEAD.
Remove redundant pppConfs array element.
1998-04-03 19:24:49 +00:00
Brian Somers
3b0f8d2ed6 o Move struct lcp and struct ccp into struct link.
o Remove bundle2lcp(), bundle2ccp() and bundle2link().
  They're too resource-hungry and we have `owner pointers'
  to do their job.
o Make our FSM understand LCPs that are always ST_OPENED
  (with a minimum code that != 1).
o Send FSM code rejects for invalid codes.
o Make our bundle fsm_parent deal with multiple links.
o Make timer diagnostics pretty and allow access via ~t
  in `term' mode (not just when logging debug) and
  `show timers'.  Only show timers every second in debug
  mode, otherwise we get too many diagnostics to be useful
  (we probably still do).  Also, don't restrict ~m in term
  mode to depend on debug logging.
o Rationalise our bundles' phases.
o Create struct mp (multilink protocol).  This is both an
  NCP and a type of struct link.  It feeds off other NCPs
  for output, passing fragmented packets into the queues
  of available datalinks.  It also gets PROTO_MP input,
  reassembles the fragments into ppp frames, and passes
  them back to the HDLC layer that the fragments were passed
  from.
  ** It's not yet possible to enter multilink mode :-( **
o Add `set weight' (requires context) for deciding on a links
  weighting in multilink mode.  Weighting is simplistic (and
  probably badly implemented) for now.
o Remove the function pointers in struct link.  They ended up
  only applying to physical links.
o Configure our tun device with an MTU equal to the MRU from
  struct mp's LCP and a speed equal to the sum of our link
  speeds.
o `show {lcp,ccp,proto}' and `set deflate' now have optional
  context and use ChooseLink() to decide on which `struct link'
  to use.  This allows behaviour as before when in non-multilink
  mode, and allows access to the MP logical link in multilink
  mode.
o Ignore reconnect and redial values when in -direct mode and
  when cleaning up.  Always redial when in -ddial or -dedicated
  mode (unless cleaning up).
o Tell our links to `staydown' when we close them due to a signal.
o Remove remaining `#ifdef SIGALRM's (ppp doesn't function without
  alarms).
o Don't bother strdup()ing our physical link name.
o Various other cosmetic changes.
1998-04-03 19:21:56 +00:00
Brian Somers
eaa4df37f4 Move VJ compression state and stats into struct ipcp. 1998-03-16 22:54:35 +00:00
Brian Somers
5ca5389af4 Move filter sets into struct bundle. 1998-03-16 22:52:54 +00:00
Brian Somers
5828db6d2d Move the IPCP into struct bundle. 1998-03-13 21:07:46 +00:00
Brian Somers
a611cad61d o Don't immediately reply to the first LQR thinking
it's a duplicate ('cos it compares with our initial
  values).
o Move the LCP into struct datalink.
1998-03-13 21:07:14 +00:00
Brian Somers
c4c4aaacea Add extraneous braces to stiffle warnings from gcc-2.8 1998-03-13 01:36:10 +00:00
Brian Somers
879ed6fa82 De-staticise LQR information
Increment OutPackets for any packet - not just LQRs

MFC:
  o Fix a few comment typos.
  o Fix ``set timeout'' usage message and documentation.
  o Change ifOutPackets, ifOutOctets and ifOutLQRs to `u_int32_t's
    so that they wrap correctly.
  o Put the LQR in network byte order using the correct struct size
    (sizeof u_int32_t, not sizeof u_long).
  o Wrap LQR ECHO counters correctly.
  o Don't increment OutLQR count if the last LQR hasn't been replied
    to.
  o Initialise last received LQR in StartLqm.
  o Don't start the LQR timer if we're `disabled' and `accepted'.
  o Generate LQR responses when both sides are using a timer and
    we're not going to send our next LQR before the peers max timeout.
1998-03-13 00:44:26 +00:00
Brian Somers
fc1141b27b Move `Utmp' into struct physical. We can be logged in
once for every -direct physical connection.
1998-03-10 03:06:07 +00:00
Brian Somers
3bf710a4ba o Move all device names into struct physical.
o Use the correct device name in -direct mode.
o Use a default list of "cuaa1, cuaa0" rather than
  just cuaa1 and allow embedded spaces as separators.
1998-03-06 00:34:47 +00:00
Brian Somers
e2ebb036fd Do authentication at the datalink level, not the bundle level.
The bundle doesn't get a LayerUp 'till we're authenticated.

Introduce DATALINK_LCP and DATALINK_AUTH phases.
1998-03-01 01:07:49 +00:00
Brian Somers
45ad566f11 MFMP: Allow 8 character login names.
Do the login()/logwtmp()/logout() as id 0.
1998-02-19 02:10:13 +00:00
Brian Somers
f1316a8643 Allow 8 character login names.
Pointed out by: Forgotten

Do the login()/logwtmp()/logout() as id 0.
1998-02-19 02:08:53 +00:00
Brian Somers
3006ec67fe Create struct datalink.
This is a type of physical link that can chat and talk
LCP & CCP.  A bundle contains a list of these (only one
in the list for the moment).

The datalink is a type of descriptor, and dials, enters
LCP (& does CCP), kicks the bundle when its FSMs do
something interesting and does the hangup chat script
on the way down.  It also handles redials and reconnects.

There are lots of loose ends, and probably lots of bugs,
but the data structures are getting there !
1998-02-16 00:01:12 +00:00
Brian Somers
42d4d39668 o Introduce struct descriptor.
This will ultimately be a member of a list of descriptors and
  their handler functions on which we need to select() in the
  main loop.
o Make struct physical into a `sort' of struct descriptor.
1998-02-09 19:21:11 +00:00
Brian Somers
455aabc3f8 o Hook the FSMs into our bundle.
o The FSM layering is now more sane.
o Move a lot of the NCP stuff into our ipcpstate rather than having it
  in the bundle, including control of the configured IP addresses.  We
  don't need hacks like the global `linkup' variable any more as the
  FSM decides when our ppp.link* files get run.  This is going to eventually
  be configurable based on FSM events anyway.
o Fix a few inconsistencies when both sides require authentication.
o We now have "Ppp..." and "PPp" prompts, reflecting authentication
  and network phase.  We don't print loads of spurious prompts as we
  change phases any more.
o Our phase is part of the bundle now.
o Fix a bug where the FSM wasn't calling LayerFinish.
o Close the FSM down correctly with a signal rather than slamming it
  down as if the line was dropped (the undocumented ``down'' command
  is still available though).
o Remove the forgotten `tunno' variable and fix references to it.
1998-02-07 20:50:08 +00:00
Brian Somers
6140ba1177 Create struct async' and make it part of struct physical'.
This structure contains the asynchronous state of the physical
link.
Unfortunately, just about every .h file is included in every .c
file now.  Fixing this can be one of the last jobs.
1998-02-02 19:33:40 +00:00