Commit Graph

50 Commits

Author SHA1 Message Date
brian
8d3683f53b Don't allowt '#' as a comment when it's embedded in quotes:
set something "xxx yyy # zzz" aaa

shouldn't be interpreted as

  set something "xxx yyy" aaa
1999-12-27 11:43:31 +00:00
brian
baf28880b3 Don't munge ``set dial|login|logout|hangup'' arguments before
ExpandString() has a chance to do its own substitutions.
1999-12-22 21:48:12 +00:00
brian
4145fb0c1b Notice and warn about unterminated quoted strings in commands.
The entire command is ignored if the syntax is invalid...
1999-12-20 20:30:02 +00:00
brian
86f30d4f38 Cosmetic: Make struct mbuf more like kernel mbufs. 1999-12-20 20:29:47 +00:00
peter
efabb9ccb1 $Id$ -> $FreeBSD$ 1999-08-28 01:35:59 +00:00
brian
9ba53ba0dd Don't drop the last character from lines in ppp.secret unless it's '\n'. 1999-06-08 20:11:53 +00:00
brian
ab7d88ae2d o Redesign the layering mechanism and make the aliasing code part of
the layering.

  We now ``stack'' layers as soon as we open the device (when we figure
  out what we're dealing with).  A static set of `dispatch' routines are
  also declared for dealing with incoming packets after they've been
  `pulled' up through the stacked layers.

  Physical devices are now assigned handlers based on the device type
  when they're opened.  For the moment there are three device types;
  ttys, execs and tcps.

o Increment version number to 2.2
o Make an entry in [uw]tmp for non-tty -direct invocations (after
  pap/chap authentication).
o Make throughput counters quad_t's
o Account for the absolute number of mbuf malloc()s and free()s in
  ``show mem''.
o ``show modem'' becomes ``show physical''.
1999-05-08 11:07:56 +00:00
brian
368d30c3ca Avoid a few warnings on the alpha 1999-03-31 14:21:46 +00:00
brian
ee13d15d8f Allow control over the number of ConfigREQ & TermREQ attempts
that are made in each of the FSMs (LCP, CCP & IPCP) and the
number of REQs/Challenges for PAP/CHAP by accepting more arguments
in the ``set {c,ip,l}cpretry'' and ``set {ch,p}apretry'' commands.

Change the non-convergence thresholds to 3 times the number of configured
REQ tries (rather than the previous fixed ``10'').  We now notice
repeated NAKs and REJs rather than just REQs.

Don't suggest that CHAP 0x05 isn't supported when it's not configured.

Fix some bugs that expose themselves with smaller numbers of retries:
o Handle instantaneous disconnects (set device /dev/null) correctly
  by stopping all fsm timers in fsm2initial.
o Don't forget to uu_unlock() devices that are files but are not
  ttys (set device /dev/zero).

Fix a *HORRENDOUS* bug in RFC1661 (already fixed for an Open event in state
``Closed''):
  According to the state transition table, a RCR+ or RCR- received in
  the ``Stopped'' state are supposed to InitRestartCounter, SendConfigReq
  and SendConfig{Ack,Nak}.  However, in ``Stopped'', we haven't yet
  done a TLS (or the last thing we did is a TLF).  We must therefore
  do the TLS at this point !

  This was never noticed before because LCP and CCP used not use
  LayerStart() for anything interesting, and IPCP tends to go into
  Stopped then get a Down because of an LCP RTR rather than getting a
  RCR again.
1999-02-26 21:28:14 +00:00
brian
2967147dea Handle empty PAP & CHAP packets (containing only an FSM header).
Some CHAP implementations send no welcome message with their
SUCCESS/FAILURE packets.  This was being mis-identified as
a truncated packet by the new authentication code :-(
1999-02-20 01:12:45 +00:00
brian
eb7abf9254 Be a little more verbose about dodgy looking authentication
packets before dropping them in the bit-bucket.
1999-02-19 10:48:42 +00:00
brian
3d69dc5834 Fully support both NT and LANMan CHAP type 0x80 as both
authenticator and authenticatee.
1999-02-18 00:52:15 +00:00
brian
4435d086fa Decouple pap & chap output routines from the corresponding
input routines and take advantage of the new init/continue
interface in libradius.  This allows a timely response on
other links in an MP setup while RADIUS requests are in
progress as well as the ability to handle other data from
the peer in parallel.  It should also make the future addition
of PAM support trivial.

While I'm in there, validate pap & chap header IDs if
``idcheck'' is enabled (the default) for other FSM packet
types.

NOTE: This involved integrating the generation of chap
      challenges and the validation of chap responses
      (and commenting what's going on in those routines).
      I currently have no way of testing ppps ability
      to respond to M$Chap CHALLENGEs correctly, so if
      someone could do the honours, it'd be much
      appreciated (it *looks* ok!).

Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-02-06 02:54:47 +00:00
brian
61788f8e53 Reimplement the previous fix (no response to PAP requests)
at the authentication layer rather than at the PAP layer
so that it also applies to CHAP (no response to CHAP
challenges).
1999-02-02 09:35:17 +00:00
brian
a66fe159a8 If we receive no answer from the server when sending PAP
requests, give up (don't sit there indefinitely).
1999-02-01 13:42:25 +00:00
brian
c970e06ccf Initial RADIUS support (using libradius). See the man page for
details.  Compiling with -DNORADIUS (the default for `release')
removes support.

TODO: The functionality in libradius::rad_send_request() needs
      to be supplied as a set of routines so that ppp doesn't
      have to wait indefinitely for the radius server(s).  Instead,
      we need to get a descriptor back, select() on the descriptor,
      and ask libradius to service it when necessary.
      For now, ppp blocks SIGALRM while in rad_send_request(), so
      it misses PAP/CHAP retries & timeouts if they occur.

      Only PAP is functional.  When CHAP is attempted, libradius
      complains that no User-Password has been specified... rfc2138
      says that it *mustn't* be used for CHAP :-(

Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-01-28 01:56:34 +00:00
brian
cffecce33c Don't return stack-based data. This may have caused
server-side CHAP authentication problems in the past :-/
1998-12-17 00:28:12 +00:00
brian
f0dee2c38c Put the IP buffer queues into struct ipcp.
Forgotten by: me
1998-08-26 17:39:37 +00:00
brian
f9ee8808e7 o Support callback types NONE, E.164, AUTH and CBCP.
(see the new ``set callback'' and ``set cbcp'' commands)
o Add a ``cbcp'' log level and mbuf type.
o Don't dump core when \T is given in ``set login'' or
  ``set hangup''.
o Allow ``*'' and blanks as placeholders in ppp.secret and
  allow a fifth field for specifying auth/cbcp dialback
  parameters.
o Remove a few extraneous #includes
o Define the default number of REQs (restart counter) in defs.h
  rather than hardcoding ``5'' all over the place.
o Fix a few man page inconsistencies.
1998-08-07 18:42:51 +00:00
brian
0997d0dc6a Add missing braces - without them, the IP & label were mis-selected
from ppp.secret.
Problem reported by: Dom Mitchell <dom@phmit.demon.co.uk>
1998-07-19 21:07:24 +00:00
brian
67efb0addd o De-staticise things that don't need to be static.
o Bring the static ``ttystate'' into struct prompt so that
  the tilde context is per prompt and not global.
o Comment the remaining static variables so that it's
  clear why they're static.
o Add some XXX comments suggesting that our interface list
  and our hostname should be re-generated after a signal
  (say SIGUSR1) so that a machine with PCCARDs has a chance.
1998-06-15 19:06:58 +00:00
brian
56df88b778 MFMP: Make ppp multilink capable.
See the file README.changes, and re-read the man page.
1998-05-21 21:49:08 +00:00
brian
95c31de535 Add extraneous braces to stiffle warnings from gcc-2.8 1998-03-13 01:36:10 +00:00
brian
8a229af566 Remove unused #includes.
Make various bits static.
Remove unused variables.
Submitted by: eivind
1998-01-21 02:15:33 +00:00
brian
6fd0acab5e o Allow the use of HISADDR as the first arg to "add".
o Allow a forth argument in ppp.secret, specifying a new
  label.  This gives control over which section of
  ppp.link{up,down} is used based on the authenticated user.
o Support random address ranges in ppp.secret (not just in ppp.conf).
o Add a AUTHENTICATING INCOMING CONNECTIONS section to the man page.
o Add a bit more about DEFLATE in the man page.
o Fix the incorrect "you must specify a password in interactive
  mode" bit of the manual.
o Space things in the man page consistently.
o Be more precice about where you can use MYADDR, HISADDR and INTERFACE
  in the "add" command documentation.
1998-01-05 01:35:20 +00:00
brian
14d342e696 Cosmetic (style):
sizeof(var) -> sizeof var
  sizeof type -> sizeof(type)

Suggested by: J Wunsch <j@uriah.heep.sax.de>
1997-12-24 09:29:17 +00:00
brian
a7f001c816 Fix prototypes.
Remove extraneous decls.
Add ``const'' to several places.
Allow ``make NOALIAS=1'' to remove IP aliasing.
Merge with OpenBSD - only the Makefiles vary.

We can now survive a compile with
  -Wall -Wbad-function-cast -Wcast-align -Wcast-qual
  -Winline -Wmissing-declarations -Wmissing-prototypes
  -Wnested-externs -Wpointer-arith -Wredundant-decls
  -Wshadow -Wstrict-prototypes -Wwrite-strings -Wchar-subscripts
(although the Makefile just contains -Wall).
1997-11-22 03:37:54 +00:00
brian
674fc92d54 Add id strings to tun.[ch].
Don't try to open ppp.secret if we're never going to use it.
1997-11-17 00:42:41 +00:00
brian
0c64913a0f Finish the security improvements:
o Add "allow" command:
      "allow users a b c" gives access to users a, b and c.
      "allow modes auto"  gives those users access to auto mode only.
      "allow users *" and  "allow modes *" are accepted.
      No users and all modes are allowed by default.
    UID 0 can do anything.
  o Set the current label with the "load" and "dial" commands
    so that the call to ppp.linkdown makes sense.
  o Up the verison number.
  o Don't OR MODE_AUTO for -background and -ddial.
  o Don't OR MODE_INTER when we get a diagnostic connection.
  o Allow up to 40 args per line (was 20).
  o "set ifaddr" only changes the interface in AUTO mode (with other
    modes, it happens after IPCP negotiation).
  o Sort command descriptions in the man page.
  o Support -dedicated mode where we just talk ppp forever (no login etc).
1997-11-11 22:58:14 +00:00
brian
2b9bf8e847 Don't create a diagnostic socket by default.
Allow a password spec on the "set server" command line.
Use SIGUSR2 to close the diagnostic socket.
Some man page corrections.
1997-11-09 22:07:29 +00:00
brian
1fb3509770 Don't ask for a password if it's specified as empty. 1997-11-09 18:51:23 +00:00
brian
164425f5ce Increase chat script sizes to 512
Requested by: Michael Reifenberger <root@totum.plaut.de>
1997-11-09 14:18:55 +00:00
brian
486b8925ec Cosmetic (no functional changes):
o   Add missing $Id$s
o   Move extern decls from .c -> .h files
o   Staticize
o   Remove #includes from .h files
o   style(9)ify includes
o   bcopy -> memcpy
    bzero -> memset
    bcmp -> memcmp
    index -> strchr
    rindex -> strrchr
o   Move timeout.h -> timer.h (making it consistent w/ timer.c)
o   Add -Wmissing-prototypes
1997-10-26 01:04:02 +00:00
brian
0791c3c050 Correct ppp authentication defaults in interactive
mode.  We don't want to be forced to type a password
here :-(
Pointed out by: mouth@ibm.net (John Kelly)

While I'm there, don't allow a "set server" in
interactive mode.
1997-09-09 21:51:39 +00:00
brian
01052674bd Install as group ``network''
Insist that uid == 0 for client ppp
Disallow client sockets if no password is specified
Don't exit on failure to open client socket for listening
Allow specification of null local password
Use reasonable size (smaller) ``vector''s in auth.c
Fix "passwd ..." usage message
Insist on "all" as arg to "quit" (if any)
Drop client socket connection before Cleanup() when "quit all"
1997-09-04 00:38:22 +00:00
brian
1a67d25725 Make the code format more in line with style(9).
Update loadalias to use the new libalias api.
Update to version 1.1.
1997-08-25 00:29:32 +00:00
brian
94d661ac8c Overhaul ppp:
o Use syslog
  o Remove references to stdout/stderr (incl perror())
  o Introduce VarTerm - the interactive terminal or zero
  o Allow "set timeout" to affect current session
  o Change "set debug" to "set log"
  o Allow "set log [+|-]flag"
  o Make MSEXT and PASSWDAUTH stuff the default
  o Move all #ifdef DEBUG stuff into the code - this
    shouldn't be too much overhead.  It's now controlled
    with "set log +debug"
  o Add "set log command, debug, tun, warn, error, alert"
  o Remove cdefs.h, and assume an ansi compiler.
  o Improve all diagnostic output
  o Don't trap SIGSEGV
  o SIGHUP now terminates again (log files are controlled
    by syslog)
  o Call CloseModem() when changing devices
  o Fix parsing of third arg of "delete"

I think this fixes the "magic is same" problems that some
people have been experiencing.
The man page is being rewritten.  It'll follow soon.
1997-06-09 03:27:43 +00:00
brian
12b254e316 De-couple ppp from libalias. If libalias isn't there, the
alias commands simply won't work.  Only root may specify the
location of the alias lib (otherwise, it's hard-coded).

Make logprintf silently fail if LogOpen hasn't been called.

Suggested by:	eivind
1997-05-26 00:44:10 +00:00
brian
82bac13560 Tidy up the code - bounds checking, return
value checking etc.

Submitted by:	eivind
1997-05-10 01:22:19 +00:00
brian
c0df205f61 Allow up to 40 args in the chat script (was 20).
Ignore subsequent args rather than scribbling.

PR:		1952
Submitted by:	Mikael Hybsch <micke@free.dynas.se>
1997-05-07 23:01:25 +00:00
peter
b782f4df30 Revert $FreeBSD$ to $Id$ 1997-02-22 16:15:28 +00:00
jkh
808a36ef65 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
imp
bf83493bdc Fix many buffer overruns in the code. Specifically, disallow ExpandString
to be used to expand things beyond the size of the buffer passed in.  Also
do a general cleanup of sprintf -> snprintf as well as strcpy and strncat
safety.  Also expand some buffers to allow for the largest possible data
that might be used.

This is a 2.2 candidate.  However, it needs to be vetted on -current
since little testing has been done on this due to my lack of PPP on
this machine.

Reviewed by:	Jordan Hubbard, Peter Wemm, Guido van Rooij
1997-01-10 07:53:28 +00:00
phk
324cb686d3 Here is a diff of /usr/src/usr.sbin/ppp against current. The diffs
add some logging functionality which I find very useful.
'set debug link' will record just link up/down and address assignments.
'set debug connect' will record the entire chat dialog
'set debug carrier' will record just chat lines including 'CARRIER'
(so that I can be sure I'm getting a 28.8 line).

There was a global change required to permit LogPrintf to take a bit
mask instead of a bit position value (to permit logging some events
on either of two flags, so that no change in 'set debug lcp' would
result from the code supporting 'link'.  Thus the diffs are rather
long for such a small change.  The man page is also touched.

Oh, and there was a slight syntax problem in route.c

Reviewed by:	phk
Submitted by:	Tony Kimball <alk@Think.COM>
1996-05-11 20:48:42 +00:00
phk
2056705218 Final cleanup for now. -Wall is now silent. A couple of bogons found. 1996-01-11 17:48:59 +00:00
amurai
9a28cf053e 1. Do not log the password itself to ppp.log ( Mr. Rich Murphey )
2. Add ability to execute shell commands and suspend back into
   invoking shell (Mr. J Wunsch)

Reviewed by:	amurai@spec.co.jp
Submitted by:	joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch)
		Rich Murphey <rich@lamprey.utmb.edu>
1995-09-02 17:20:54 +00:00
rgrimes
4f960dd75f Remove trailing whitespace. 1995-05-30 03:57:47 +00:00
amurai
f599fa5e62 Fixing minor bug and allow help(Not for all command) and quit
but not close line connection by "quit all" command if not
authorized.

Reviewed by:	amurai@spec.co.jp
Submitted by:	tony-o@iij.ad.jp amurai@spec.co.jp
1995-02-27 10:57:54 +00:00
amurai
eeb422fed8 New user Process PPP based on iij-ppp0.94beta2.
o Supporting SYNC SIO device (But need a device driver)
     - add "set speed sync"
   o Fixing bug for Predictor-1 function.
   o Add new parameter that re-sent interval for set timeout commands.
   o Improving RTT (Round Trip Time) and reducing processor time.
     - Previous Timer service was using polling, and now using
       SIGALRM ;-)
     - A 0.94beta2 will not work correctly....

   -- Follows are additinal feature not including 0.94beta2
   o Support Proxy ARP
     - add "enable/disable proxy" commands
   o Marging common routine in CHAP/PAP.
   o Enhancing LCP/IPCP log information.
   o Support local Authfication connection on port 300x and tty.
     - You can set up pair of your "hostname -s" and
       password in ppp.secret. if either ppp.secret file nor
       your hostname line don't exist, It will notify a message
       and working as same as previous version.(Backword compatibility)
     - If you did set up them, It's allow connection but nothing to do
       except help and passwd command.
     - add "passwd yourpasswd" commands
   o Support afilter - keep Alive filter that a packet can send/receiving
     according to ifilter/ofilter but doesn't count it as preventing idle
     timer expires.
     - Same syntax of other filters.
   o Fixing bugs reported by current user for previous one. Thanks !!

Reviewed by: Atsushi Murai (amurai@spec.co.jp)
1995-02-26 12:18:08 +00:00
amurai
21ef2761fd 1995-01-31 06:29:58 +00:00