Commit Graph

1653 Commits

Author SHA1 Message Date
Brian Somers
e5bec77751 Remove leading zeros
Suggested by:	mdoc police (ru)
2006-09-06 15:58:59 +00:00
Brian Somers
d398d50285 Remove __DATE__ so that compiling the same source produces the same binary
(for non-static binaries at least).
2006-09-06 06:33:39 +00:00
Brian Somers
3026fd06ca If the peer REJects our MRU request and that request is for a value
less than the current MTU, set our mtu to the value requested.
2006-09-06 06:23:55 +00:00
Ruslan Ermilov
e1fe3dba5c Reimplementation of world/kernel build options. For details, see:
http://lists.freebsd.org/pipermail/freebsd-current/2006-March/061725.html

The src.conf(5) manpage is to follow in a few days.

Brought to you by:	imp, jhb, kris, phk, ru (all bugs are mine)
2006-03-17 18:54:44 +00:00
Brian Somers
add176cd53 Fix a typo
Obtained from:	OpenBSD
2005-09-22 11:18:30 +00:00
Brian Somers
343427d174 Remove this file as it's mostly out of date. Up-to-date info such as
the program's origin is already in the man page.

Update requested by:	Xavier Venient & Jason McIntyre
2005-09-12 11:20:07 +00:00
Hajimu UMEMOTO
4f10131848 NI_WITHSCOPEID cleanup. Neither RFC 2553 nor RFC 3493 defines
NI_WITHSCOPEID, and our getaddrinfo(3) does nothing special
for it, now.
2005-05-13 16:31:11 +00:00
Brian Somers
fc1e80d469 The kernel doesn't need to include a tun device - the module will be loaded
on demand if required.
2005-05-06 16:13:32 +00:00
Jesus R. Camou
cebee7e48e Update the manual page for ppp(8).
PR:		docs/78605
Submitted by:	John E. Hein <jhein@timing.com>
Approved by:	trhodes (mentor)
MFC after:	1 day
2005-04-28 22:31:37 +00:00
Brian Somers
8ff1207b33 Be concerned about huge callback numbers by truncating them rather than
scribbling past the end of our buffer.

Problem spotted by:	Damien COUDERC couderc at openbsd dot org
2005-02-15 10:59:54 +00:00
Ruslan Ermilov
36a142c455 Expand contractions. 2005-02-13 23:45:54 +00:00
Ruslan Ermilov
0227791b40 Expand *n't contractions. 2005-02-13 22:25:33 +00:00
Brian Somers
23417e56ea Use the correct length when copying trailing data!!
PR:		77104
Submitted by:	Martin Birgmeier martin at email dot aon dot at
MFC after:	3 days
2005-02-08 10:38:24 +00:00
Brian Somers
880447787d Add a radius_Flush() function that waits for the response (or timeout) to
any pending RADIUS transaction.  Use this before sending RAD_STOP RADIUS
messages so that we definitely ``stop'' the session.

It was discovered that sometimes when the link timed out, we got lucky
enough to have an un-ACK'd RADIUS accounting transaction in progress,
resulting in the RAD_STOP message failing to send.

Original report found on:	A russion news group
Text translated by:		glebius
Tested by:			Alexey Popov llp at iteranet dot com
MFC after:			7 days
2005-01-27 14:09:33 +00:00
Ruslan Ermilov
3ac17feb8a Fixed xref. 2005-01-21 10:48:35 +00:00
Ruslan Ermilov
1a74e6a157 Scheduled mdoc(7) sweep. 2005-01-11 11:47:22 +00:00
Brian Somers
ec91ed9155 Use the standard BSD copyright as per OpenBSD and /sys/net/slcompress* 2005-01-10 11:47:17 +00:00
Brian Somers
00d9db0314 Cast unsigned variables to int 2005-01-10 11:12:36 +00:00
Brian Somers
50be714be3 ifr_flagshigh is FreeBSD specific 2005-01-10 11:12:10 +00:00
Brian Somers
eb1ecbb230 Integrate some OpenBSD alignment fixes. This hopefully also fixes PR 38058...
Obtained from:	Brad <brad@comstyle.com>
2005-01-10 09:48:51 +00:00
Ruslan Ermilov
b5b0bba4df NOPAM -> NO_PAM 2004-12-21 12:49:24 +00:00
Ruslan Ermilov
dd991de030 Overhaul ppp(8) build options so they are safe to use in
/etc/make.conf:

NOALIAS -> retired (support provided by PPP_NO_NAT)
NOATM -> PPP_NO_ATM (also subject to NO_ATM global)
NODES -> PPP_NO_DES (support was broken, now recovered)
NOI4B -> PPP_NO_I4B (also subject to NO_I4B global)
NOKLDLOAD -> PPP_NO_KLDLOAD
NONAT -> PPP_NO_NAT
NONETGRAPH -> PPP_NO_NETGRAPH
NOPAM -> PPP_NO_PAM (will be subject to NO_PAM global)
NORADIUS -> PPP_NO_RADIUS
NOSUID -> retired (support provided by PPP_NO_SUID)
PPP_NOSUID -> PPP_NO_SUID
2004-12-21 12:01:15 +00:00
Ruslan Ermilov
564299ef5f The C define is NONAT. 2004-12-21 11:12:05 +00:00
Ruslan Ermilov
731db6a428 NOINET6 -> NO_INET6 2004-12-21 10:49:29 +00:00
Ruslan Ermilov
a216173556 NOCRYPT -> NO_CRYPT 2004-12-21 10:16:04 +00:00
Ruslan Ermilov
07736e20e9 NOATM -> NO_ATM 2004-12-21 09:08:06 +00:00
Peter Pentchev
3f8718c17d Describe the special meaning of the $ and ~ characters, and the fact
that you can get around it by double-quoting them.

PR:		42762
Submitted by:	AIDA Shinra <aida-s@jcom.home.ne.jp>
Discussed with:	brian
2004-12-16 16:59:19 +00:00
Brian Somers
125eb366ea Implement an ``enable/disable echo'' option, defaults to off.
This allows LCP ECHOs to be enabled independently of LQR reports.

Note: This introduces a change in the default behaviour (search for lqr and
echo in the man page).  I'll update UPDATING to reflect this.

PR:		74821
2004-12-13 12:51:19 +00:00
Brian Somers
0508c09a41 Send NAS-IP-Address as well as NAS-Identifier
Add ``disable NAS-IP-Address'' and ``disable NAS-Identifier'' options to
support pre-rfc2865 RADIUS servers.
This pushes our enable/disable items over the 32 bit limit, so reoganise
things to allow a bunch more options.
Go to version 3.4.1 so that any compatability problems can be identified.
2004-11-29 17:11:15 +00:00
David E. O'Brien
37c510c7c0 Catch up with PHK's sio(4) cuaa->cuad rework [sys/dev/sio/sio.c rev. 1.456].
PR:		73879
Submitted by:	Steve Kargl <sgk@troutmask.apl.washington.edu>
2004-11-19 03:56:47 +00:00
Ruslan Ermilov
a35d88931c For variables that are only checked with defined(), don't provide
any fake value.
2004-10-24 15:33:08 +00:00
Brian Somers
2167678b9c Handle a malloc() failure when allocating urgent ports
PR:		59995
2004-10-11 10:21:53 +00:00
Brian Somers
5d604c1161 Add a bunch of malloc() return checks
PR:		71592
Submitted by:	Dan Lukes <dan@obluda.cz> with further changes
2004-10-11 09:45:58 +00:00
Ruslan Ermilov
1ffcdfc986 Fixed the NONETGRAPH build.
Reported by:	wsk@gddsn.org.cn
2004-09-13 19:04:03 +00:00
Poul-Henning Kamp
eae11b7e7d Mark bundle as unused in case we're compiled with NORADIUS. 2004-09-07 15:48:27 +00:00
Marcel Moolenaar
3b39173d4b Fix the NOSUID build: make sure we have the kldload(2) prototype. 2004-09-07 06:28:00 +00:00
Brian Somers
f2f076a92a Build with -DNOINET6... 2004-09-06 23:54:54 +00:00
Marcel Moolenaar
7a31cc1039 Reduce WARNS level to 3. Casting causes alignment warnings on platforms
with strong alignment (All 64-bit platforms, except amd64).
2004-09-06 05:57:42 +00:00
Marcel Moolenaar
1814213e06 Fix the build on 64-bit platforms. 2004-09-06 00:07:58 +00:00
Brian Somers
48f98fe46a Fix a warning
Submitted by: Stefan Farfeleder <stefanf at FreeBSD dot org>
2004-09-05 12:32:20 +00:00
Brian Somers
057f1760a8 Make ppp WARNS=5 clean 2004-09-05 01:46:52 +00:00
Colin Percival
d37df47d31 Join the 21st century: Cryptography is no longer an optional component
of releases.  The -DNOCRYPT build option still exists for anyone who
really wants to build non-cryptographic binaries, but the "crypto"
release distribution is now part of "base", and anyone installing from a
release will get cryptographic binaries.

Approved by:	re (scottl), markm
Discussed on:	freebsd-current, in late April 2004
2004-08-06 07:27:08 +00:00
Gleb Smirnoff
b5bc6d4db0 Add configuration option "set pppoe [standard|3Com]" which allows
to configure mode for ng_pppoe(4) node under control.

Reviewed by:	brian
Approved by:	julian (mentor)
2004-07-29 05:59:43 +00:00
Alexander Kabaev
1bb0b6dee7 Avoid casts as lvalues. 2004-07-28 07:20:04 +00:00
Brian Somers
b00fb49742 Report the number of bytes not written when complaining about failed writes 2004-07-20 01:42:30 +00:00
Brian Somers
e715b13bca Support a ``set rad_alive N'' command to enable periodic RADIUS accounting
information being sent to the RADIUS server.

Logging of RADIUS accounting information moves to a ``set log [+-]radius''
level, along with the RADIUS alive info, and the version number is bumped
to 3.2 to reflect this.

Mostly submitted by:	alx@sm.ukrtel.net (back in January)
MFC after:		3 weeks
2004-07-17 01:07:53 +00:00
Brian Somers
6489fd2148 Fix ``set ifaddr''. The code was actually using an uninitialised variable,
but conveniently, because ncpaddr.ncpaddr_family != AF_INET, the call to
ncpaddr_getip4addr() became a no-op leaving the local address as it was
(defaulting to whatever my hostname resolves to).

PR:		62050
Submitted by:	Peter Jeremy <peter.jeremy@alcatel.com.au>
MFC after:	3 days
2004-07-15 09:42:16 +00:00
Brian Somers
7cbe26069c Remove a stray backslash 2004-07-14 13:31:17 +00:00
Ruslan Ermilov
07bfccd71e Mechanically kill hard sentence breaks. 2004-07-02 23:13:00 +00:00
Brian Somers
a57095e7f7 Re-implement LQM, this time according to the rfc.
PR:		11293
MFC after:	4 weeks
2004-06-30 12:24:56 +00:00
Brian Somers
5634e50d5e Mention that ``set mtu max'' is necessary for PPPoE.
PR:		32040
MFC after:	2 weeks
2004-06-29 07:48:43 +00:00
Brian Somers
d593906199 Reduce MAXMSS limit by 12 bytes to allow for rfc 1323.
PR:		32717
Submitted by:	MORI Kouji <moriko@hh.iij4u.or.jp>
MFC after:	2 weeks
2004-06-29 07:40:38 +00:00
Brian Somers
5de776b9ac If HISMACADDR is set in the environment (by pppoed), pass the value to
the RADIUS server as RAD_CALLING_STATION_ID.

PR:		44310
Submitted by:	Gleb Smirnoff <glebius@cell.sick.ru>
MFC after:	2 weeks
2004-06-26 01:02:31 +00:00
Diomidis Spinellis
dfb3194a21 Send RADIUS gigaword data when OctetsIn or OctetsOut go over UINT32_MAX.
PR:		bin/61294
Submitted by:	Boris Kovalenko
MFC after:	3 weeks
2004-05-19 21:00:42 +00:00
Diomidis Spinellis
e2ccf799f2 Make getprotobynumber() calls in FilterCheck conditional on the log
levels by which they are used.  On a typical production setting (no
debug or filter logging) this will save an open/read/close system
call sequence per packet, approximately halving the system overhead
and reducing the overall overhead by 38%.

dd bs=1k count=512 if=/usr/share/dict/web2 |
ssh ppp-linked-host dd of=/dev/null

# time original-ppp -nat -foreground connection
Working in foreground mode
Using interface: tun0
2.822u 2.404s 2:00.31 4.3%    392+496k 8+18io 3pf+0w

# time new-ppp  -nat -foreground connection
Working in foreground mode
Using interface: tun0
2.082u 1.173s 1:26.06 3.7%    379+450k 0+18io 0pf+0w

MFC after:	3 weeks
2004-05-13 09:03:00 +00:00
Brian Somers
76a194bf74 Add a missing memcpy (*blush*!)
Suggested by: James P Scully <scully@CS.Arizona.EDU>, Perianayagam Somasundaram <somu@CS.Arizona.EDU>
MFC after:	10 days
2004-04-17 00:29:17 +00:00
Philippe Charnier
fdf1bad4e0 2 small typos. 2004-04-04 19:30:07 +00:00
Brooks Davis
772670ea02 Use the length of the interface name, not the length of its address when
printing the name.

Approved by:	brian
2004-01-21 22:00:50 +00:00
Tom Rhodes
dd58592ca1 Xref the proper manual pages.
PR:		60999
Submitted by:	Marc Silver <marcs@draenor.org>
2004-01-12 16:10:38 +00:00
Hartmut Brandt
89624a3490 Replace all uses of the old netgraph constants NG_*LEN by the new
constants NG_*SIZ that include the trailing NUL byte. This change
is mostly mechanical except for the replacement of a couple of snprintf()
and sprintf() calls with strlcpy.
2003-11-15 15:26:35 +00:00
Brian Somers
fb5a1d9297 Ignore case when comparing CHAP/CHAP81 responses
PR:		31771
2003-11-10 21:56:02 +00:00
Ruslan Ermilov
96fd764f25 Basic PAM authentication support. 2003-10-29 20:32:19 +00:00
Joe Marcus Clarke
b07fbc17e9 Add Cisco Skinny Station protocol support to libalias, natd, and ppp.
Skinny is the protocol used by Cisco IP phones to talk to Cisco Call
Managers.  With this code, one can use a Cisco IP phone behind a FreeBSD
NAT gateway.

Currently, having the Call Manager behind the NAT gateway is not supported.
More information on enabling Skinny support in libalias, natd, and ppp
can be found in those applications' manpages.

PR:		55843
Reviewed by:	ru
Approved by:	ru
MFC after:	30 days
2003-09-23 07:41:55 +00:00
Mark Murray
0ff67a254e Hide more crypto from being crunched at release time. 2003-07-24 20:20:16 +00:00
Mark Murray
ebb9f0efa8 Don't check for the existance of src/crypto/ for building items that
may contain crypto. The days of ITAR paranoia are over, and the simple
macro tests that remain are sufficient.
2003-07-24 18:30:25 +00:00
Hajimu UMEMOTO
2cc2a59d85 name union. 2003-06-28 15:37:04 +00:00
Robert Watson
4d8cde2b41 Remove world read bit from the ppp binary; we don't do world-execute,
so it was inconsistent (although probably not harmful) to have
world-read.

Submitted by:	Socketd <db@traceroute.dk>
2003-06-23 15:37:08 +00:00
Hajimu UMEMOTO
392460d7c9 Though manpage says that 0.0.0.0 can be used as HISADDR for gw
in Framed-Route, it didn't work.  Since ncprange_aton() treats
0.0.0.0 and :: as prefixlen=0, we need to care the case.

MFC after:	1 week
2003-06-21 10:14:52 +00:00
Hajimu UMEMOTO
0d3e393ec5 Mention the use of Framed-IPv6-Prefix.
MFC after:	1 week
2003-06-20 18:14:57 +00:00
Hajimu UMEMOTO
ec3e98b8de IPV6PREFIX is set when Framed-IPv6-Prefix is defined, You may
want to pass the value to upper layer protocol such as DHCPv6
for prefix delegation.

MFC after:	1 week
2003-06-20 16:15:59 +00:00
Hajimu UMEMOTO
d13b5b3cdf Mention the use of Framed-IPv6-Route.
MFC after:	1 week
2003-06-20 15:44:52 +00:00
Hajimu UMEMOTO
cf7c10d0b4 Do RADIUS accounting on IPV6CP.
MFC after:	1 week
2003-06-19 18:55:49 +00:00
Hajimu UMEMOTO
8bfaa57b68 Oops, I put unused variable in my previous commit.
MFC after:	1 week
2003-06-19 18:28:37 +00:00
Hajimu UMEMOTO
0fe74aa4e3 Install routes specified by Framed-IPv6-Route. Since the format
of Framed-IPv6-Route is user defined, it follows Framed-IP-route.

MFC after:	1 week
2003-06-19 18:19:31 +00:00
Hajimu UMEMOTO
1f8db65a89 MYADDR6 in ppp.link{up,down} should match even when IPCP is enabled.
MFC after:	1 week
2003-06-16 15:19:25 +00:00
Kris Kennaway
5ba934c38d Add missing header for system_Select() prototype 2003-06-12 07:48:45 +00:00
Peter Wemm
7dd6838582 Add a pretty cheesy hack to avoid a gcc-3.2.2 ICE (internal compiler
error) on amd64 when doing pointer subtraction.  This bug is already
fixed in gcc-3.3 (waiting for after the branch), and the hack will be
backed out at the first opportunity.  This is in the ipv6 code path.

Approved by:  re (scottl)
2003-05-25 07:39:06 +00:00
Ruslan Ermilov
db1e3a4f98 Erase whitespace at EOL.
Approved by:	re (blanket)
2003-05-22 11:56:41 +00:00
Ruslan Ermilov
f490cb986f Previous revision broke release building, unbreak it.
Prodded by:	scottl
2003-05-20 07:07:48 +00:00
Dag-Erling Smørgrav
7691f66abf Retire the useless NOSECURE knob.
Approved by:	re (scottl)
2003-05-19 15:52:01 +00:00
Hajimu UMEMOTO
b706c03da0 When session is over, IPv6 default route to tun should be
removed, too.

MFC after:	1 week
2003-04-05 10:10:33 +00:00
Hajimu UMEMOTO
977e6c08fe Set link-local address of tun interface with prefixlen = 64
instead of 128.  It makes RA happy.

Reported by:	rafa@dif.um.es,
		SHIRASAKI Yasuhiro <yasuhiro@nttv6.jp>
Reviewed by:	SHIRASAKI Yasuhiro <yasuhiro@nttv6.jp>
MFC after:	1 week
2003-04-04 11:09:08 +00:00
Hajimu UMEMOTO
bbdd270714 If IPCP is disabled, susccess of IPV6CP negotiation is sufficient
to communicate by IPv6.  So, the prompt should be `PPP' rather
than `PPp'.
2003-03-28 18:23:43 +00:00
Hajimu UMEMOTO
34894c56bc Don't install wrong IPv6 route by add command. 2003-03-26 06:30:11 +00:00
Brian Somers
92941b9076 Passing a u_char to ntohs() is guaranteed to give the wrong answer !
Submitted by:	Francis Dupont <Francis.Dupont@enst-bretagne.fr>
2003-03-26 02:27:32 +00:00
Brian Somers
9603d5b40d Add a ``force-scripts'' option for using chat scripts with -direct and
-dedicated links.

Submitted by:	Maksim Yevmenkin <myevmenk@exodus.net>
2003-03-26 02:03:08 +00:00
Hajimu UMEMOTO
3efad8b488 Once ppp session is over, the route to ff02::tun0/32 was
deleted, and never came back.  Now, the route to
ff02::tun0/32 is installed at the end of IPV6CP negitiaton.
2003-03-25 17:01:39 +00:00
Hajimu UMEMOTO
93193fc76c We need filling scopeid to install routes for link-local
scope addresses.
2003-03-25 16:49:08 +00:00
Hajimu UMEMOTO
11f9e243a2 Since ppp.link{up,down} is invoked at the end of IPCP negotiation, if
we need ppp.link{up,down}, we couldn't disable IPCP.  Now, if IPCP is
disabled, ppp.link{up,down} is invoked at the end of IPV6CP
negotiation.
2003-03-25 15:59:27 +00:00
Jens Schweikhardt
9d5abbddbf Correct typos, mostly s/ a / an / where appropriate. Some whitespace cleanup,
especially in troff files.
2003-01-01 18:49:04 +00:00
Peter Wemm
6ceeb6902a utmp.ut_time and lastlog.ll_time are explicitly int32_t rather than
time_t.  Deal with the possibility that time_t != int32_t.  This boils
down to this sort of thing:
 -   time(&ut.ut_time);
 +   ut.ut_time = time(NULL);
and similar for ctime(3) etc.  I've kept it minimal for the stuff
that may need to be portable (or 3rd party code), but used Matt's time32
stuff for cases where that isn't as much of a concern.

Approved by: re (jhb)
2002-11-15 22:42:00 +00:00
Brian Somers
3c34956a21 If the peer gives us 0.0.0.0 as his IP number, NAK it rather than accepting
it as being in range.

  set ifaddr 1.2.3.4/0 5.6.7.8/0

no longer allows 0.0.0.0 as a valid IP.

Reported/tested by:	Bohdan Horst <nexus@hoth.amu.edu.pl>
MFC after:		3 days
2002-09-23 22:40:43 +00:00
Brian Somers
31c759c0ef Unbreak -DNOINET6
Submitted by:	Andre Albsmeier <andre.albsmeier@mchp.siemens.de>
MFC after:	1 day
2002-09-02 13:34:27 +00:00
Maxim Sobolev
88202a1f33 Correctly handle ifr.ifr_flags/ifr.ifr_flagshigh like ifconfig(8) does.
MFC after:	1 day
2002-08-29 12:52:28 +00:00
Brian Somers
a3c48b40e9 - made ppp compliant to RFC 2472 (based on a patch from another
contributor)
- support ipv6cpretry and ipv6cpretries, which are IPv6 versions
  of ipcpretry and ipcpretries.
- improve handling of IPv6 link-local addresses

Submitted by: JINMEI Tatuya <jinmei@isl.rdc.toshiba.co.jp>
2002-08-29 02:44:58 +00:00
Brian Somers
6eafd35305 Include the correct file (stdarg.h) and use va_list rather than _BSD_VA_LIST_
Suggested by: mike
2002-08-27 20:11:58 +00:00
Brian Somers
90f28f9c3b Use _BSD_VA_LIST_ rather than __va_list if it's defined 2002-08-27 04:37:04 +00:00
Brian Somers
abc1373d37 Correct the FAQ url
Submitted by: Olivier Tharan <olive@oban.frmug.org>
2002-08-26 20:48:07 +00:00
Philippe Charnier
f0067240a1 Replace various spelling with FALLTHROUGH which is lint()able 2002-08-25 13:30:43 +00:00
Mike Barcroft
abbd890233 o Merge <machine/ansi.h> and <machine/types.h> into a new header
called <machine/_types.h>.
o <machine/ansi.h> will continue to live so it can define MD clock
  macros, which are only MD because of gratuitous differences between
  architectures.
o Change all headers to make use of this.  This mainly involves
  changing:
    #ifdef _BSD_FOO_T_
    typedef	_BSD_FOO_T_	foo_t;
    #undef _BSD_FOO_T_
    #endif
  to:
    #ifndef _FOO_T_DECLARED
    typedef	__foo_t	foo_t;
    #define	_FOO_T_DECLARED
    #endif

Concept by:	bde
Reviewed by:	jake, obrien
2002-08-21 16:20:02 +00:00
Ruslan Ermilov
a654c53e16 mdoc(7) police: Removed redundant .Ns calls. 2002-08-13 16:07:28 +00:00
Marc Fonvieille
9a091256a9 Correct URL to the FAQ
MFC after:	1 week
2002-07-31 10:05:00 +00:00
Marc Fonvieille
1061be04b3 Correct links to Handbook's pages, old URLs does not work anymore.
MFC after:	1 week
2002-07-30 21:04:26 +00:00
Brian Somers
541e4966fc Do a case insensitive comparison when comparing the ms-chap response
string.
2002-07-30 08:09:26 +00:00
Brian Somers
f4359ccbbc Remove unused calls to inet_addr() 2002-07-18 18:50:05 +00:00
Brian Somers
4dc4e1ee89 Back out the previous revision
Objected to by: Andre Oppermann <oppermann@pipeline.ch>

After Andre's objection, I've re-examined rfc 2759 and noted that it
says that the domain name shouldn't be used when generating the
NT-Response field.  So it looks like the bug is in freeradius rather
than in ppp.
2002-07-04 23:33:35 +00:00
Brian Somers
27dc75f10c If we've given a domain name prefix as the authentication name, strip
it off before passing it on to the RADIUS server for authentication.
2002-07-03 20:51:13 +00:00
Brian Somers
3285bb3c97 Don't trust the MPPE key lengths passed back from the RADIUS server.
Instead, use the correct values based on the number of bits actually
negotiated.

Spotted by: Sergey Korolew <ds@rt.balakovo.ru>
2002-07-02 00:47:24 +00:00
Brian Somers
e0efa79664 Remove some misleading/wrong diagnostics 2002-07-02 00:12:24 +00:00
Brian Somers
dfc1b4ac01 Show the port number (tty slot, pppoe session id etc) under
``show physical''.
2002-06-30 01:46:22 +00:00
Brian Somers
6ca7707b44 When a netgraph message is read, look for another before returning.
This removes a bad latency problem during initial setup where we
end up waiting for too long before reading the connected message
and time the connection out.

Problem figured out by:	Andre Albsmeier <andre@albsmeier.net>
2002-06-29 18:49:08 +00:00
Brian Somers
23ddebe20f Don't use SignalBundle if it's not set
Submitted by: Federico G. Schwindt <fgsch@olimpo.com.br>
2002-06-28 09:33:25 +00:00
Brian Somers
579abfd895 Complain about (and fix) misformatted RADIUS attributes rather than silently
fixing them.
2002-06-28 09:18:15 +00:00
Brian Somers
2f11f09fee When a RADIUS server is being used, don't use MPPE unless the RADIUS
server says it's ok.
2002-06-28 08:46:21 +00:00
Brian Somers
99cfc2e2b2 Add a hack to handle RADIUS responses from peers that forget that
there's an ``Ident'' field in the MS-CHAP2-Response and
MS-CHAP-Error attributes.

The RADIATOR server seems to be guilty of this.
2002-06-23 23:38:06 +00:00
Brian Somers
dbc46ca401 Don't expect NUL terminated data in all netgraph messages received.
Only display message hook values we understand.
2002-06-22 21:01:47 +00:00
Brian Somers
250be50b72 Compensate for dodgy Win98/WinME MSCHAPv2 responses later in the code
path... after we've talked to any RADIUS servers involved, so that we
haven't touched the data before it gets to the server.

Make it clearer in the code that this compensation is done by setting
a flag to a value of zero, a flag which rfc2759 says *MUST* be zero.

While we're here, don't bother passing the peer challenge into
radius_Authenticate().  It's already part of the key we're passing in
(this becomes obvious now that I've structured that data...).

This ``fix'' doesn't help to authenticate Win98/WinME users in my test
environment as ports/net/freeradius seems to ignore the flag
completely anyway, but it may help with other RADIUS servers.
2002-06-17 01:12:38 +00:00
Brian Somers
3627fe880c A better prinflike fix... 2002-06-15 08:03:59 +00:00
Brian Somers
10be78d3ae Remove whitespace at the end of lines. 2002-06-15 08:03:30 +00:00
Brian Somers
3db951841c Fix a printflike format error 2002-06-15 01:36:36 +00:00
Brian Somers
61fe3f63bc Remove a forgotten diagnostic 2002-06-15 01:35:03 +00:00
Brian Somers
635ad5f021 If a RAD_FILTER_ID is supplied by the RADIUS server, treat it as an
additional label from ppp.linkup & ppp.linkdown to load.

Suggested and mostly submitted by: andrew pavlov <and@kremenchug.net>
2002-06-12 23:45:15 +00:00
Brian Somers
aea6acb6da Bump the version number to reflect the recent RADIUS commits 2002-06-12 23:00:12 +00:00
Brian Somers
a95b23a6b2 Don't forget to process the Ident field on the front of
RAD_MICROSOFT_MS_CHAP_ERROR and RAD_MICROSOFT_MS_CHAP2_SUCCESS
messages, and remove the hack in chap.c to ignore that ident field
on the client side.

This anomoly was hacked around during development, and I forgot to
go back and fix it properly.

Spotted by: Sergey Korolew <ds@rt.balakovo.ru>
2002-06-12 21:36:07 +00:00
Brian Somers
8fb5ef5ae2 Understand the following Microsoft Vendor Specific RADIUS attributes:
RAD_MICROSOFT_MS_MPPE_ENCRYPTION_POLICY
  RAD_MICROSOFT_MS_MPPE_ENCRYPTION_TYPES
  RAD_MICROSOFT_MS_MPPE_RECV_KEY
  RAD_MICROSOFT_MS_MPPE_SEND_KEY

These attributes may be supplied by a RADIUS server when MSCHAPv2 is
used to authenticate.

It *should* now be possible to build ppp with -DNODES and still support
CHAP/MSCHAP/MSCHAPv2/MPPE via a RADIUS server, but the code isn't yet
smart enough to do that (building with -DNODES just looses these
facilities).

Sponsored by: Monzoon
2002-06-12 00:33:17 +00:00
Brian Somers
12b5aaba39 Cast pid_t to long for printf()ing
Obtained from:	OpenBSD
2002-06-06 01:39:46 +00:00
Brian Somers
7b5e6f62fb Add a missing ``a''. 2002-06-03 21:36:20 +00:00
Brian Somers
aadbb4eab1 Don't send a RAD_NAS_IP_ADDRESS attribute as RAD_NAS_IDENTIFIER is
sufficient.

In fact, using both breaks the radiator RADIUS daemon when used with
a db as it maps both attributes to the same field value and then
fails the insert.

I decided to remove RAD_NAS_IP_ADDRESS on the basis that rfc2138 says:

      An Access-Request MUST contain a User-Name attribute.  It SHOULD
      contain either a NAS-IP-Address attribute or NAS-Identifier
      attribute (or both, although that is not recommended).  It MUST

despite the fact that this not recommended bit was removed from the
updated rfc.
2002-06-02 14:27:02 +00:00
Brian Somers
42df3c252e Coerce pid_t to long rather than int for better portability.
Suggested by: Theo de Raadt <deraadt@openbsd.org>
2002-05-27 23:19:53 +00:00
Brian Somers
d4ff125fc1 Increase the maximum FSM option length to 50 2002-05-22 21:17:13 +00:00
Brian Somers
b08bf2de64 Add some missing #includes that weren't required due to namespace polution
in our headers.

Submitted by: bde
2002-05-22 21:08:58 +00:00
Brian Somers
3eaa768da0 Mention our support of the authentication side of rfc2548 2002-05-21 10:54:07 +00:00
Brian Somers
d5caaf02c1 Document RAD_MICROSOFT_MS_CHAP2_SUCCESS. 2002-05-18 23:58:15 +00:00
Brian Somers
5bc74cd68f Put back <string.h> 2002-05-17 00:44:54 +00:00
Brian Somers
52c555907f Add some OpenBSD includes 2002-05-16 14:47:19 +00:00
Brian Somers
6573c25286 Fix a mis-placed #else/#endif 2002-05-16 14:28:32 +00:00
Brian Somers
a16061b236 Handle MS-CHAPv2 authentication correctly via the RADIUS server (if it's
configured).
Handle internal failures in radius_Authenticate() correctly.
Bump the ppp version number.

This doesn't yet work with MPPE.  More will follow.

Sponsored by: Mozoon
2002-05-16 13:34:20 +00:00
Brian Somers
6f4cd65600 Fix an include for NetBSD 2002-05-14 17:50:25 +00:00
Brian Somers
d76a00091c Avoid a rather bizarre warning from gcc 3.1:
/usr/src/usr.sbin/ppp/cbcp.c:566:61: warning: trigraph ??! ignored
2002-05-14 13:32:30 +00:00
Brian Somers
de59e178aa o Clean up some #includes
o Bump version number to 3.0.4
o When talking to a RADIUS server, provide a NAS-Port-Type.

  When the NAS-Port-Type is Ethernet, provide a NAS-Port value equal
  to the SESSIONID from the environment in direct mode or the
  NGM_PPPOE_SESSIONID message in other modes.  If no SESSIONID is found,
  default to the interface index in client mode or zero in server mode.

  When the NAS-Port-Type is ISDN, set the NAS-Port to the minor number
  of the physical device (ie, the N in /dev/i4brbchN).

  This makes it easier for the RADIUS server to identify the client
  WRT accounting data etc.

Prompted by:	lsz8425 <lsz8425@mail.cd.hn.cn>
2002-05-14 12:55:39 +00:00
Brian Somers
a43e859d63 Calculate the number of open links properly when deciding on whether to
just send PROTO_IP packets when we've got only one link up in multi-link
mode.

Problem noted by:	Adrian Close <adrian@fernhilltec.com.au>
MFC after:		1 week
2002-05-14 00:59:28 +00:00
Brian Somers
e0ae8e1950 Fix a syntax error 2002-05-13 20:25:47 +00:00
Brian Somers
413205628d We don't need to include arpa/inet.h here. In fact, only FreeBSD needs
netinet/in.h.
2002-05-11 17:04:01 +00:00
Brian Somers
b50574e8bc #include netinet/in.h when !__FreeBSD__ to silence some warnings from
the inclusion of arpa/inet.h
2002-05-11 10:54:45 +00:00
Brian Somers
35bed99ba9 NetBSD keeps des.h in /usr/include/openssl these days 2002-05-11 03:47:15 +00:00
Brian Somers
ff8e577bc6 Add support for MS-CHAP authentication via a RADIUS server.
Add support for Reply-Message and MS-CHAP-Error.

Sponsored by:	Monzoon
2002-05-10 03:11:35 +00:00
Brian Somers
299920e5ed Don't corrupt MP fragments when they're put back on the front of our
inbound queue.

Submitted by:	"Amit K. Rao" <arao@niksun.com>
PR:		37813
MFC after:	1 week

Also fix a typo while I'm here.
2002-05-07 12:48:45 +00:00
Brian Somers
bf1eaec5e8 Understand the Session-Timeout RADIUS attribute
Store the Filter-Id attribute (we don't do anything with it yet)

Submitted mostly by: andrew pavlov <and@kremenchug.net>
2002-05-07 10:06:54 +00:00
Brian Somers
c1d57c383a Tweak a data type from char * to u_char * 2002-05-04 21:47:43 +00:00
Brian Somers
e1e3d2ca69 Make ``set mru'' require a context. In multi-link mode, there's no
point in being allowed to ``set mru'' for the MP lcp layer.

Spotted by:	Richard Browne <richb@timestone.com.au>
MFC after:	1 month
2002-05-04 19:38:43 +00:00