Commit Graph

21 Commits

Author SHA1 Message Date
brian
50179a5819 Compensate for dodgy Win98/WinME MSCHAPv2 responses later in the code
path... after we've talked to any RADIUS servers involved, so that we
haven't touched the data before it gets to the server.

Make it clearer in the code that this compensation is done by setting
a flag to a value of zero, a flag which rfc2759 says *MUST* be zero.

While we're here, don't bother passing the peer challenge into
radius_Authenticate().  It's already part of the key we're passing in
(this becomes obvious now that I've structured that data...).

This ``fix'' doesn't help to authenticate Win98/WinME users in my test
environment as ports/net/freeradius seems to ignore the flag
completely anyway, but it may help with other RADIUS servers.
2002-06-17 01:12:38 +00:00
brian
ee9763124d Merge the NETGRAPH branch into HEAD. tty devices now use netgraph's line
discipline to do the async escaping, but no other benefits are available yet.

Change ``ifdef HAVE_DES'' to ``ifndef NODES'' for consistency.

Make the Makefile a little more sane WRT RELEASE_CRUNCH.
2002-03-30 12:30:09 +00:00
brian
52cb477a72 Convert IIJ copyrights to BSD copyrights.
Approved by: Toshiharu OHNO <tohno@sirius.ocn.ne.jp>
2001-06-13 21:52:19 +00:00
brian
06792c58d5 Add MPPE and MSChap v2 support (denied and disabled by default)
Submitted by: Ustimenko Semen <semen@iclub.nsu.ru>
2000-10-30 00:15:04 +00:00
brian
9c5b52bb1f To avoid namespace polution in NetBSD:
``struct descriptor'' -> ``struct fdescriptor''
2000-03-14 01:46:09 +00:00
peter
efabb9ccb1 $Id$ -> $FreeBSD$ 1999-08-28 01:35:59 +00:00
brian
ab7d88ae2d o Redesign the layering mechanism and make the aliasing code part of
the layering.

  We now ``stack'' layers as soon as we open the device (when we figure
  out what we're dealing with).  A static set of `dispatch' routines are
  also declared for dealing with incoming packets after they've been
  `pulled' up through the stacked layers.

  Physical devices are now assigned handlers based on the device type
  when they're opened.  For the moment there are three device types;
  ttys, execs and tcps.

o Increment version number to 2.2
o Make an entry in [uw]tmp for non-tty -direct invocations (after
  pap/chap authentication).
o Make throughput counters quad_t's
o Account for the absolute number of mbuf malloc()s and free()s in
  ``show mem''.
o ``show modem'' becomes ``show physical''.
1999-05-08 11:07:56 +00:00
brian
2f7b052d07 Split the recorded chap challenge into two - one for the
receiver and one for the sender.  This allows two simultaneous
chap conversations - something that I *thought* I was already
doing on a daily basis myself until the existence of the
problem was
Beaten into me by: sos
1999-04-21 08:03:51 +00:00
brian
de2b444b61 Build correctly when -DNOCRYPT is used. 1999-02-18 19:45:06 +00:00
brian
3d69dc5834 Fully support both NT and LANMan CHAP type 0x80 as both
authenticator and authenticatee.
1999-02-18 00:52:15 +00:00
brian
5dc50d8ed5 When resending chap challenges, resend the same challenge
each time rather than making up a new one.

Increase the authname/authkey max sizes to 100 characters.

Allow ``authkey'' specifications beginning with ``!''.
When a challenge is received, the text following the
``!'' is executed as a program (expanding stuff in the same
way that ``sh'' and ``!bg'' do).  The program is passed the
peer name, peer challenge and local ``authname'' on standard
input and is expected to output the name/key combination that
should be used to build the CHAP response.

This provides support for Secure ID cards (guess what I was
given at work recently!) using CHAP.

Examples will follow.
1999-02-11 10:14:08 +00:00
brian
4435d086fa Decouple pap & chap output routines from the corresponding
input routines and take advantage of the new init/continue
interface in libradius.  This allows a timely response on
other links in an MP setup while RADIUS requests are in
progress as well as the ability to handle other data from
the peer in parallel.  It should also make the future addition
of PAM support trivial.

While I'm in there, validate pap & chap header IDs if
``idcheck'' is enabled (the default) for other FSM packet
types.

NOTE: This involved integrating the generation of chap
      challenges and the validation of chap responses
      (and commenting what's going on in those routines).
      I currently have no way of testing ppps ability
      to respond to M$Chap CHALLENGEs correctly, so if
      someone could do the honours, it'd be much
      appreciated (it *looks* ok!).

Sponsored by: Internet Business Solutions Ltd., Switzerland
1999-02-06 02:54:47 +00:00
brian
56df88b778 MFMP: Make ppp multilink capable.
See the file README.changes, and re-read the man page.
1998-05-21 21:49:08 +00:00
brian
730654969b Cosmetic:
Move prototypes into the correct headers.
1997-10-26 12:42:13 +00:00
brian
486b8925ec Cosmetic (no functional changes):
o   Add missing $Id$s
o   Move extern decls from .c -> .h files
o   Staticize
o   Remove #includes from .h files
o   style(9)ify includes
o   bcopy -> memcpy
    bzero -> memset
    bcmp -> memcmp
    index -> strchr
    rindex -> strrchr
o   Move timeout.h -> timer.h (making it consistent w/ timer.c)
o   Add -Wmissing-prototypes
1997-10-26 01:04:02 +00:00
brian
af684d2595 Support CHAP using MD4
Suggested by: jordan
1997-09-17 23:17:57 +00:00
brian
94d661ac8c Overhaul ppp:
o Use syslog
  o Remove references to stdout/stderr (incl perror())
  o Introduce VarTerm - the interactive terminal or zero
  o Allow "set timeout" to affect current session
  o Change "set debug" to "set log"
  o Allow "set log [+|-]flag"
  o Make MSEXT and PASSWDAUTH stuff the default
  o Move all #ifdef DEBUG stuff into the code - this
    shouldn't be too much overhead.  It's now controlled
    with "set log +debug"
  o Add "set log command, debug, tun, warn, error, alert"
  o Remove cdefs.h, and assume an ansi compiler.
  o Improve all diagnostic output
  o Don't trap SIGSEGV
  o SIGHUP now terminates again (log files are controlled
    by syslog)
  o Call CloseModem() when changing devices
  o Fix parsing of third arg of "delete"

I think this fixes the "magic is same" problems that some
people have been experiencing.
The man page is being rewritten.  It'll follow soon.
1997-06-09 03:27:43 +00:00
peter
b782f4df30 Revert $FreeBSD$ to $Id$ 1997-02-22 16:15:28 +00:00
jkh
808a36ef65 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
phk
62d807ed9d Use libmd's MD5.
inline hdlc checksum calculation.
make big tables const.
1996-01-30 20:04:34 +00:00
amurai
21ef2761fd 1995-01-31 06:29:58 +00:00