o Allow a forth argument in ppp.secret, specifying a new
label. This gives control over which section of
ppp.link{up,down} is used based on the authenticated user.
o Support random address ranges in ppp.secret (not just in ppp.conf).
o Add a AUTHENTICATING INCOMING CONNECTIONS section to the man page.
o Add a bit more about DEFLATE in the man page.
o Fix the incorrect "you must specify a password in interactive
mode" bit of the manual.
o Space things in the man page consistently.
o Be more precice about where you can use MYADDR, HISADDR and INTERFACE
in the "add" command documentation.
not in -auto mode isn't a good idea, and that the
add should be done in ppp.linkup instead.
Change "add 0 0 HISADDR" to "add default HISADDR". It's
more intuitive.
interactive mode.
Use `netfd' in fcntl() and tc[gs]etattr() calls rather than
the hard coded descriptor 0.
Use _FILENO constants from unistd.h
This un-breaks things after my recent `close(0)' in interactive
mode.
Close STDIN_FILENO, and open _PATH_TTY O_RDONLY as `netfd'. This
has the effect of allowing `show route' to output more than about
a page of data (on FreeBSD, not OpenBSD....). I have no idea why,
except that it was a direct consequence of the tcsetattr() in
TtyCommandMode(). My previous fix (closing descriptor 0) `fixed'
this because all calls to tcsetattr() failed :-(
RTM_CHANGE if the RTM_ADD fails with an EEXIST.
Allow "delete! dst" (note the ``!'') to silently
fail if the RTM_DELETE fails with an ESRCH.
Also, make the ESRCH and EEXIST error conditions
more understandable to the casual observer.
interrupted with a SIGALRM. In fact, select() sets the
passed time to zero, making the previous implementation
terminate always after 1/10th of a second !
Also, deal with someone changing the clock while we're
sleeping (and restart the whole sleep).
Dangers pointed out by: Theo de Raadt <deraadt@cvs.openbsd.org>
When CCP is originally negotiated, the only thing we can be
sure about is that we've started adding data to the inflate
dictionary either before or at the same time as the peer. This
is ok, 'cos DEFLATE is a `sliding window' compressor.
Show the IP range (if specified) in "show ipcp".
Close unused descriptors 0 and 2 in interactive mode.
Pass (size_t *) rather than (int *) to sysctl().
strcpy(a, b); /* a and b are the same size */
with
strncpy(a, b, sizeof(a));
a[sizeof(a)-1] = '\0';
Making the code `correct at a glance'.
Suggested by: Theo de Raadt <deraadt@cvs.openbsd.org>
Disallow connections from port numbers <1024 as low port numbers
can only really mean trouble (ftp bounces etc.).
Discussed at length with: Theo de Raadt <deraadt@cvs.openbsd.org>
fd_set, make sure that all descriptors >2 are closed
when we start - otherwise we're asking for a dump in
FD_SET().
Problem pointed out by: Theo de Raadt <deraadt@cvs.openbsd.org>
when command logging is switched on.
o Display ******** for the authkey for "show auth"
o Document how \P should be used, and document the other chat escapes
while I'm there.
o Make sure the full command is displayed when a compound command
fails - ie, "set novar rubbish" should say "set novar: Invalid command"
rather than "novar: Invalid command"
Problem pointed out by: Theo de Raadt <deraadt@cvs.openbsd.org> (among others)
line is > LINE_LEN (512 bytes), we scribble (*blush*).
Hinted at by: Theo de Raadt <deraadt@cvs.openbsd.org>
Change sprintf(buf, "fixedstring") to strcpy(buf, "fixedstring").
all RTF_WASCLONED routes, and the second removes the
others. This avoids the situation where we've added an
RTF_CLONING route (such as ``default''), created some
clones, then deleted the CLONING route before the
WASCLONED route(s). Without the two passes, we get
errno (not rtm_errno) set to ESRCH when deleting the
WASCLONED route, despite the deletion succeeding !
Also:
Enhance the route operation failure diagnostics.
Make portability #ifdefs a bit more generic.
Validate the peers suggested IP by attempting to make a routing table
entry.
Give up IPCP negotiation if the peer NAKs us with an unusable IP.
Always SIOCDIFADDR then SIOCAIFADDR when configuring the tun device.
Using SIOCSIFDSTADDR allows duplicate dst addresses (which we don't
want)!!!
Allow up to 200 interface names (was 50) (now that ppp can play server
properly).
Up the version number (1.5 -> 1.6).
Cosmetic:
Log unexpected CCP packets in the CCP log rather than the ERROR log.
Log unexpected Config Reqs in the appropriate LCP/IPCP/CCP log rather
than the ERROR log.
Log failed route additions and deletions with WARN, not TCPIP.
Log the option id and length for unrecognised IPCP options.
Change some .Sq to .Ar in the man page.
We must call inflate again in case there's any pending output
despite our input buffer being empty. If the output buffer
is in fact already flushed, inflate() returns Z_BUF_ERROR.
There isn't really an error !
I did the deflate re-org).
Make PAP & CHAP negotiation prettier in the log file.
If both PAP & CHAP are `enabled' and the peer NAKs CHAP
suggesting PAP, be friendly and REQ PAP the next time.
This is in line with the rfc.
